ruby_smb 2.0.12 → 2.0.13

data/lib/ruby_smb/dcerpc/drsr/drs_crack_names_response.rb

@@ -0,0 +1,76 @@
+module RubySMB
+  module Dcerpc
+    module Drsr
+
+      # [4.1.4.1.4 DS_NAME_RESULT_ITEMW](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/e174fead-5a37-4a11-a0f6-69086e8dd4e9)
+      class DsNameResultItemw < Ndr::NdrStruct
+        default_parameter byte_align: 4
+        endian :little
+
+        ndr_uint32           :status
+        ndr_wide_stringz_ptr :p_domain
+        ndr_wide_stringz_ptr :p_name
+      end
+
+      class DsNameResultItemwArrayPtr < Ndr::NdrConfArray
+        default_parameters type: :ds_name_result_itemw
+        extend Ndr::PointerClassPlugin
+      end
+
+      # [4.1.4.1.5 DS_NAME_RESULTW](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/0076d241-3f79-4b0b-8e07-8ccfaff8bd4c)
+      class DsNameResultw < Ndr::NdrStruct
+        default_parameter byte_align: 4
+        endian :little
+
+        ndr_uint32                     :c_items
+        ds_name_result_itemw_array_ptr :r_items
+      end
+
+      class DsNameResultwPtr < DsNameResultw
+        default_parameters referent_byte_align: 4
+        extend Ndr::PointerClassPlugin
+      end
+
+      #[4.1.4.1.7 DRS_MSG_CRACKREPLY_V1](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/3419de89-0d54-462e-98ac-fb77292c91e7)
+      class DrsMsgCrackreplyV1 < Ndr::NdrStruct
+        default_parameter byte_align: 4
+        endian :little
+
+        ds_name_resultw_ptr :p_result
+      end
+
+      # [4.1.4.1.6 DRS_MSG_CRACKREPLY](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/1dc605fe-dd85-481d-84a4-f4c5da812d57)
+      class DrsMsgCrackreply < Ndr::NdrStruct
+        default_parameter byte_align: 4
+        endian :little
+
+        ndr_uint32 :switch_type
+        choice     :msg_crack, selection: :switch_type, byte_align: 4 do
+          drs_msg_crackreply_v1 1
+        end
+      end
+
+      # [4.1.4 IDL_DRSCrackNames (Opnum 12)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/9b4bfb44-6656-4404-bcc8-dc88111658b3)
+      class DrsCrackNamesResponse < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        ndr_uint32         :dw_out_version
+        drs_msg_crackreply :pmsg_out
+        ndr_uint32         :error_status
+
+        def initialize_instance
+          super
+          @opnum = DRS_CRACK_NAMES
+        end
+      end
+
+    end
+  end
+end
+
+
+
+
+

data/lib/ruby_smb/dcerpc/drsr/drs_domain_controller_info_request.rb

@@ -0,0 +1,46 @@
+module RubySMB
+  module Dcerpc
+    module Drsr
+
+      #[4.1.5.1.2 DRS_MSG_DCINFOREQ_V1](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/18b23122-a1c2-4367-a677-592e0d4eef18)
+      class DrsMsgDcinforeqV1 < Ndr::NdrStruct
+        default_parameter byte_align: 4
+        endian :little
+
+        ndr_wide_stringz_ptr :domain
+        ndr_uint32           :info_level
+      end
+
+      # [4.1.5.1.1 DRS_MSG_DCINFOREQ](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/6ac9ec30-5bfb-4970-860c-3971eb815930)
+      class DrsMsgDcinforeq < Ndr::NdrStruct
+        default_parameter byte_align: 4
+        endian :little
+
+        ndr_uint32 :switch_type, initial_value: 1
+        choice     :msg_dcinfo, selection: :switch_type, byte_align: 4 do
+          drs_msg_dcinforeq_v1 1
+        end
+      end
+
+      # [4.1.5 IDL_DRSDomainControllerInfo (Opnum 16)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/668abdc8-1db7-4104-9dea-feab05ff1736)
+      class DrsDomainControllerInfoRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        drs_handle        :h_drs
+        ndr_uint32        :dw_in_version, initial_value: 1
+        drs_msg_dcinforeq :pmsg_in
+
+        def initialize_instance
+          super
+          @opnum = DRS_DOMAIN_CONTROLLER_INFO
+        end
+      end
+
+    end
+  end
+end
+
+
+

data/lib/ruby_smb/dcerpc/drsr/drs_domain_controller_info_response.rb

@@ -0,0 +1,168 @@
+module RubySMB
+  module Dcerpc
+    module Drsr
+
+      # [4.1.5.1.8 DS_DOMAIN_CONTROLLER_INFO_1W](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/b30c5951-ccb1-4fb6-ba9a-5699d5d78759)
+      class DsDomainControllerInfo1w < Ndr::NdrStruct
+        default_parameter byte_align: 4
+        endian :little
+
+        ndr_wide_stringz_ptr :netbios_name
+        ndr_wide_stringz_ptr :dns_host_name
+        ndr_wide_stringz_ptr :site_name
+        ndr_wide_stringz_ptr :computer_object_name
+        ndr_wide_stringz_ptr :server_object_name
+        ndr_boolean          :f_is_pdc
+        ndr_boolean          :f_ds_enabled
+      end
+
+      class DsDomainControllerInfo1wPtr < Ndr::NdrConfVarArray
+        default_parameters type: :ds_domain_controller_info1w
+        extend Ndr::PointerClassPlugin
+      end
+
+      #[4.1.5.1.4 DRS_MSG_DCINFOREPLY_V1](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/f71a8f6c-5426-4628-aa91-aeabef2c086f)
+      class DrsMsgDcinforeplyV1 < Ndr::NdrStruct
+        default_parameter byte_align: 4
+        endian :little
+
+        ndr_uint32                      :c_items
+        ds_domain_controller_info1w_ptr :r_items
+      end
+
+      # [4.1.5.1.9 DS_DOMAIN_CONTROLLER_INFO_2W](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/a9c9fd50-24b5-4ff7-b336-8e23ac0622de)
+      class DsDomainControllerInfo2w < Ndr::NdrStruct
+        default_parameter byte_align: 4
+        endian :little
+
+        ndr_wide_stringz_ptr :netbios_name
+        ndr_wide_stringz_ptr :dns_host_name
+        ndr_wide_stringz_ptr :site_name
+        ndr_wide_stringz_ptr :site_object_name
+        ndr_wide_stringz_ptr :computer_object_name
+        ndr_wide_stringz_ptr :server_object_name
+        ndr_wide_stringz_ptr :ntds_dsa_object_name
+        ndr_boolean          :f_is_pdc
+        ndr_boolean          :f_ds_enabled
+        ndr_boolean          :f_is_gc
+        uuid                 :site_object_guid
+        uuid                 :computer_object_guid
+        uuid                 :server_object_guid
+        uuid                 :ntds_dsa_object_guid
+      end
+
+      class DsDomainControllerInfo2wPtr < Ndr::NdrConfArray
+        default_parameters type: :ds_domain_controller_info2w
+        extend Ndr::PointerClassPlugin
+      end
+
+      #[4.1.5.1.5 DRS_MSG_DCINFOREPLY_V2](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/f567e605-01fe-4228-960e-14647c29f668)
+      class DrsMsgDcinforeplyV2 < Ndr::NdrStruct
+        default_parameter byte_align: 4
+        endian :little
+
+        ndr_uint32                      :c_items
+        ds_domain_controller_info2w_ptr :r_items
+      end
+
+      # [4.1.5.1.10 DS_DOMAIN_CONTROLLER_INFO_3W](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/08f99ee7-8235-482b-bfe5-c6170f133cd4)
+      class DsDomainControllerInfo3w < Ndr::NdrStruct
+        default_parameter byte_align: 4
+        endian :little
+
+        ndr_wide_stringz_ptr :netbios_name
+        ndr_wide_stringz_ptr :dns_host_name
+        ndr_wide_stringz_ptr :site_name
+        ndr_wide_stringz_ptr :site_object_name
+        ndr_wide_stringz_ptr :computer_object_name
+        ndr_wide_stringz_ptr :server_object_name
+        ndr_wide_stringz_ptr :ntds_dsa_object_name
+        ndr_boolean          :f_is_pdc
+        ndr_boolean          :f_ds_enabled
+        ndr_boolean          :f_is_gc
+        ndr_boolean          :f_is_rodc
+        uuid                 :site_object_guid
+        uuid                 :computer_object_guid
+        uuid                 :server_object_guid
+        uuid                 :ntds_dsa_object_guid
+      end
+
+      class DsDomainControllerInfo3wPtr < Ndr::NdrConfVarArray
+        default_parameters type: :ds_domain_controller_info3w
+        extend Ndr::PointerClassPlugin
+      end
+
+      #[4.1.5.1.6 DRS_MSG_DCINFOREPLY_V3](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/cafc7232-c6da-4784-84d7-e5d8c804c2d9)
+      class DrsMsgDcinforeplyV3 < Ndr::NdrStruct
+        default_parameter byte_align: 4
+        endian :little
+
+        ndr_uint32                      :c_items
+        ds_domain_controller_info3w_ptr :r_items
+      end
+
+      # [4.1.5.1.11 DS_DOMAIN_CONTROLLER_INFO_FFFFFFFFW](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/38259d46-11e6-4e74-8e0c-0b0f9ce2dab4)
+      class DsDomainControllerInfoFfffffffw < Ndr::NdrStruct
+        default_parameter byte_align: 4
+        endian :little
+
+        ndr_uint32           :ip_address
+        ndr_uint32           :notification_count
+        ndr_uint32           :sec_time_connected
+        ndr_uint32           :flags
+        ndr_uint32           :total_requests
+        ndr_uint32           :reserved1
+        ndr_wide_stringz_ptr :user_name
+      end
+
+      class DsDomainControllerInfoFfffffffwPtr < Ndr::NdrConfVarArray
+        default_parameters type: :ds_domain_controller_info_ffffffffw
+        extend Ndr::PointerClassPlugin
+      end
+
+      #[4.1.5.1.7 DRS_MSG_DCINFOREPLY_VFFFFFFFF](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/625c5133-cb5b-440a-9f53-232ae1b2dc3f)
+      class DrsMsgDcinforeplyVffffffff < Ndr::NdrStruct
+        default_parameter byte_align: 4
+        endian :little
+
+        ndr_uint32                              :c_items
+        ds_domain_controller_info_ffffffffw_ptr :r_items
+      end
+
+      # [4.1.5.1.3 DRS_MSG_DCINFOREPLY](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/034282e5-7828-4353-ad6e-2688c65ab9fb)
+      class DrsMsgDcinforeply < Ndr::NdrStruct
+        default_parameter byte_align: 4
+        endian :little
+
+        ndr_uint32 :switch_type
+        choice     :msg_dcinfo, selection: :switch_type, byte_align: 4 do
+          drs_msg_dcinforeply_v1        1
+          drs_msg_dcinforeply_v2        2
+          drs_msg_dcinforeply_v3        3
+          drs_msg_dcinforeply_vffffffff 0xFFFFFFFF
+        end
+      end
+
+      # [4.1.5 IDL_DRSDomainControllerInfo (Opnum 16)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/668abdc8-1db7-4104-9dea-feab05ff1736)
+      class DrsDomainControllerInfoResponse < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        ndr_uint32          :dw_out_version
+        drs_msg_dcinforeply :pmsg_out
+        ndr_uint32          :error_status
+
+        def initialize_instance
+          super
+          @opnum = DRS_DOMAIN_CONTROLLER_INFO
+        end
+      end
+
+    end
+  end
+end
+
+
+
+

data/lib/ruby_smb/dcerpc/drsr/drs_extensions.rb

@@ -0,0 +1,56 @@
+module RubySMB
+  module Dcerpc
+    module Drsr
+
+      # [5.39 DRS_EXTENSIONS_INT](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/3ee529b1-23db-4996-948a-042f04998e91)
+      class DrsExtensionsInt < Ndr::NdrStruct
+        default_parameter byte_align: 4
+        endian :little
+
+        ndr_uint32 :cb, initial_value: -> { num_bytes - 4 }
+        ndr_uint32 :dw_flags
+        uuid       :site_obj_guid
+        int32      :pid, byte_align: 4
+        ndr_uint32 :dw_repl_epoch
+        ndr_uint32 :dw_flags_ext
+        uuid       :config_obj_guid
+        ndr_uint32 :dw_ext_caps
+      end
+
+      # [5.38 DRS_EXTENSIONS](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/ed0c5dc1-7566-48b3-be08-4c5e26ba60c4)
+      class DrsExtensions < Ndr::NdrStruct
+        default_parameter byte_align: 4
+        endian :little
+
+        ndr_uint32     :cb, initial_value: -> { self.rgb.size }
+        ndr_conf_array :rgb, type: :ndr_uint8
+
+        def assign(val)
+          case val
+          when String
+            self.rgb.assign(val.bytes)
+          when Array
+            self.rgb.assign(val.to_ary)
+          when DrsExtensionsInt
+            self.rgb.assign(val.to_binary_s[4..-1].bytes)
+          when Hash
+            if (field_names & val.keys).empty?
+              # Cannot assign this hash to the structrue, it is likely
+              # DrsExtensionsInt hash values we need to transform in byte array.
+              drs_ext = DrsExtensionsInt.new(val).to_binary_s
+              self.rgb.assign(drs_ext[4..-1].bytes)
+            end
+          else
+            super
+          end
+        end
+      end
+
+      class DrsExtensionsPtr < DrsExtensions
+        extend Ndr::PointerClassPlugin
+      end
+
+    end
+  end
+end
+

data/lib/ruby_smb/dcerpc/drsr/drs_get_nc_changes_request.rb

@@ -0,0 +1,121 @@
+require 'openssl'
+
+module RubySMB
+  module Dcerpc
+    module Drsr
+
+      #[4.1.10.2.2 DRS_MSG_GETCHGREQ_V3](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/6a2a056c-ac7f-47d0-9e6d-9023a4e5947c)
+      class DrsMsgGetchgreqV3 < Ndr::NdrStruct
+        include AttrtypRequestPlugin
+        default_parameter byte_align: 8
+
+        uuid                           :uuid_dsa_obj_dest
+        uuid                           :uuid_invoc_id_src
+        ds_name_ptr                    :p_nc
+        usn_vector                     :usnvec_from
+        uptodate_vector_v1_ext_ptr     :p_up_to_date_vec_dest_v1
+        partial_attr_vector_v1_ext_ptr :p_partial_attr_vec_dest_v1
+        schema_prefix_table            :prefix_table_dest
+        ndr_uint32                     :ul_flags
+        ndr_uint32                     :c_max_objects
+        ndr_uint32                     :c_max_bytes
+        ndr_uint32                     :ul_extended_op
+      end
+
+      # [4.1.10.2.3 DRS_MSG_GETCHGREQ_V4](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/9db4db21-8ccd-4c81-8662-6e2baff8426c)
+      class DrsMsgGetchgreqV4 < Ndr::NdrStruct
+        default_parameter byte_align: 8
+
+        uuid                 :uuid_transport_obj
+        mtx_addr_ptr         :pmtx_return_address
+        drs_msg_getchgreq_v3 :v3
+      end
+
+      #[4.1.10.2.4 DRS_MSG_GETCHGREQ_V5](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/fd24b73c-7b81-43af-8c77-65bc2e3181b7)
+      class DrsMsgGetchgreqV5 < Ndr::NdrStruct
+        default_parameter byte_align: 8
+
+        uuid                       :uuid_dsa_obj_dest
+        uuid                       :uuid_invoc_id_src
+        ds_name_ptr                :p_nc
+        usn_vector                 :usnvec_from
+        uptodate_vector_v1_ext_ptr :p_up_to_date_vec_dest_v1
+        ndr_uint32                 :ul_flags
+        ndr_uint32                 :c_max_objects
+        ndr_uint32                 :c_max_bytes
+        ndr_uint32                 :ul_extended_op
+        ndr_uint64                 :li_fsmo_info
+      end
+
+      #[4.1.10.2.5 DRS_MSG_GETCHGREQ_V7](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/5ef4f597-a397-4f6f-a98b-7a034247d886)
+      class DrsMsgGetchgreqV7 < DrsMsgGetchgreqV4
+        include AttrtypRequestPlugin
+        default_parameter byte_align: 8
+
+        partial_attr_vector_v1_ext_ptr :p_partial_attr_set
+        partial_attr_vector_v1_ext_ptr :p_partial_attr_set_ex
+        schema_prefix_table            :prefix_table_dest
+      end
+
+      #[4.1.10.2.6 DRS_MSG_GETCHGREQ_V8](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/4304bb4a-e9b5-4c8a-8731-df4d6f9ab567)
+      class DrsMsgGetchgreqV8 < DrsMsgGetchgreqV5
+        include AttrtypRequestPlugin
+        default_parameter byte_align: 8
+
+        partial_attr_vector_v1_ext_ptr :p_partial_attr_set
+        partial_attr_vector_v1_ext_ptr :p_partial_attr_set_ex
+        schema_prefix_table            :prefix_table_dest
+      end
+
+      #[4.1.10.2.7 DRS_MSG_GETCHGREQ_V10](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/92b1b77d-2058-46e0-9e8c-6664b96a0cf9)
+      class DrsMsgGetchgreqV10 < DrsMsgGetchgreqV8
+        default_parameter byte_align: 8
+
+        ndr_uint32                     :ul_more_flags
+      end
+
+      #[4.1.10.2.8 DRS_MSG_GETCHGREQ_V11](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/cb2bab15-950b-48f8-af00-118e186a1311)
+      class DrsMsgGetchgreqV11 < DrsMsgGetchgreqV10
+        default_parameter byte_align: 8
+
+        uuid                             :correlation_id
+        var_size_buffer_with_version_ptr :p_reserved_buffer
+      end
+
+      # [4.1.10.2.1 DRS_MSG_GETCHGREQ](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/6a2a056c-ac7f-47d0-9e6d-9023a4e5947c)
+      class DrsMsgGetchgreq < Ndr::NdrStruct
+        default_parameter byte_align: 8
+
+        ndr_uint32 :switch_type, initial_value: -> { @obj.parent.parent.dw_in_version.to_i }
+        choice     :msg_getchg, selection: :switch_type, byte_align: 8 do
+          drs_msg_getchgreq_v4  4
+          drs_msg_getchgreq_v5  5
+          drs_msg_getchgreq_v7  7
+          drs_msg_getchgreq_v8  8
+          drs_msg_getchgreq_v10 10
+          drs_msg_getchgreq_v11 11
+        end
+      end
+
+      # [4.1.10 IDL_DRSGetNCChanges (Opnum 3)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/b63730ac-614c-431c-9501-28d6aca91894)
+      class DrsGetNcChangesRequest < BinData::Record
+        attr_reader :opnum
+
+        drs_handle        :h_drs
+        ndr_uint32        :dw_in_version
+        drs_msg_getchgreq :pmsg_in
+
+        def initialize_instance
+          super
+          @opnum = DRS_GET_NC_CHANGES
+        end
+      end
+
+    end
+  end
+end
+
+
+
+
+

data/lib/ruby_smb/dcerpc/drsr/drs_get_nc_changes_response.rb

@@ -0,0 +1,118 @@
+module RubySMB
+  module Dcerpc
+    module Drsr
+
+      #[4.1.10.2.10 DRS_MSG_GETCHGREPLY_V1](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/bd70a9c3-c1d3-48cf-9c24-503a5567d09c)
+      class DrsMsgGetchgreplyV1 < Ndr::NdrStruct
+        include AttrtypResponsePlugin
+        default_parameter byte_align: 8
+
+        uuid                       :uuid_dsa_obj_src
+        uuid                       :uuid_invoc_id_src
+        ds_name_ptr                :p_nc
+        usn_vector                 :usnvec_from
+        usn_vector                 :usnvec_to
+        uptodate_vector_v1_ext_ptr :p_up_to_date_vec_src_v1
+        schema_prefix_table        :prefix_table_src
+        ndr_uint32                 :ul_extended_ret
+        ndr_uint32                 :c_num_objects
+        ndr_uint32                 :c_num_bytes
+        replentinflist_ptr         :p_objects
+        ndr_boolean                :f_more_data
+      end
+
+      # [4.1.10.2.11 DRS_MSG_GETCHGREPLY_V2](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/677d8fab-6aa1-4327-9b6f-62a6ad7fcfa3)
+      class DrsMsgGetchgreplyV2 < Ndr::NdrStruct
+        default_parameter byte_align: 4
+
+        drs_compressed_blob :compressed_v1
+      end
+
+      # [4.1.10.2.12 DRS_MSG_GETCHGREPLY_V6](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/1317a654-5dd6-45ff-af73-919cbc7fbb45)
+      class DrsMsgGetchgreplyV6 < Ndr::NdrStruct
+        include AttrtypResponsePlugin
+        default_parameter byte_align: 8
+
+        uuid                       :uuid_dsa_obj_src
+        uuid                       :uuid_invoc_id_src
+        ds_name_ptr                :p_nc
+        usn_vector                 :usnvec_from
+        usn_vector                 :usnvec_to
+        uptodate_vector_v2_ext_ptr :p_up_to_date_vec_src
+        schema_prefix_table        :prefix_table_src
+        ndr_uint32                 :ul_extended_ret
+        ndr_uint32                 :c_num_objects
+        ndr_uint32                 :c_num_bytes
+        replentinflist_ptr         :p_objects
+        ndr_boolean                :f_more_data
+        ndr_uint32                 :c_num_nc_size_objects
+        ndr_uint32                 :c_num_nc_size_values
+        ndr_uint32                 :c_num_values
+        replvalinf_v1_array_ptr    :rg_values
+        ndr_uint32                 :dw_drs_error
+      end
+
+      # [4.1.10.2.13 DRS_MSG_GETCHGREPLY_V7](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/26eaca61-0f19-47e7-b304-2580e9870aa8)
+      class DrsMsgGetchgreplyV7 < Ndr::NdrStruct
+        default_parameter byte_align: 4
+
+        ndr_uint32          :dw_compressed_version
+        drs_comp_alg_type   :compression_alg
+        drs_compressed_blob :compressed_any
+      end
+
+      # [4.1.10.2.14 DRS_MSG_GETCHGREPLY_V9](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/b9564a19-4500-444b-a99b-0da1b08cdb6f)
+      class DrsMsgGetchgreplyV9 < Ndr::NdrStruct
+        include AttrtypResponsePlugin
+        default_parameter byte_align: 8
+
+        uuid                       :uuid_dsa_obj_src
+        uuid                       :uuid_invoc_id_src
+        ds_name_ptr                :p_nc
+        usn_vector                 :usnvec_from
+        usn_vector                 :usnvec_to
+        uptodate_vector_v2_ext_ptr :p_up_to_date_vec_src
+        schema_prefix_table        :prefix_table_src
+        ndr_uint32                 :ul_extended_ret
+        ndr_uint32                 :c_num_objects
+        ndr_uint32                 :c_num_bytes
+        replentinflist_ptr         :p_objects
+        ndr_boolean                :f_more_data
+        ndr_uint32                 :c_num_nc_size_objects
+        ndr_uint32                 :c_num_nc_size_values
+        ndr_uint32                 :c_num_values
+        replvalinf_v3_array_ptr    :rg_values
+        ndr_uint32                 :dw_drs_error
+      end
+
+      # [4.1.10.2.9 DRS_MSG_GETCHGREPLY](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/65a5cb42-c25f-4378-b06e-f87341b21f93)
+      class DrsMsgGetchgreply < Ndr::NdrStruct
+        default_parameter byte_align: 4
+
+        ndr_uint32 :switch_type, initial_value: -> { @obj.parent.parent.pdw_out_version.to_i }
+        choice     :msg_getchg, selection: :switch_type, byte_align: 4 do
+          drs_msg_getchgreply_v1 1
+          drs_msg_getchgreply_v2 2
+          drs_msg_getchgreply_v6 6
+          drs_msg_getchgreply_v7 7
+          drs_msg_getchgreply_v9 9
+        end
+      end
+
+      # [4.1.10 IDL_DRSGetNCChanges (Opnum 3)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/b63730ac-614c-431c-9501-28d6aca91894)
+      class DrsGetNcChangesResponse < BinData::Record
+        attr_reader :opnum
+
+        ndr_uint32          :pdw_out_version
+        drs_msg_getchgreply :pmsg_out
+        ndr_uint32          :error_status
+
+        def initialize_instance
+          super
+          @opnum = DRS_GET_NC_CHANGES
+        end
+      end
+
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/drsr/drs_unbind_request.rb

@@ -0,0 +1,24 @@
+module RubySMB
+  module Dcerpc
+    module Drsr
+
+      # [4.1.25 IDL_DRSUnbind (Opnum 1)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/49eb17c9-b6a9-4cea-bef8-66abda8a7850)
+      class DrsUnbindRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        drs_handle :ph_drs
+
+        def initialize_instance
+          super
+          @opnum = DRS_UNBIND
+        end
+      end
+
+    end
+  end
+end
+
+
+

data/lib/ruby_smb/dcerpc/drsr/drs_unbind_response.rb

@@ -0,0 +1,26 @@
+module RubySMB
+  module Dcerpc
+    module Drsr
+
+      # [4.1.25 IDL_DRSUnbind (Opnum 1)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/49eb17c9-b6a9-4cea-bef8-66abda8a7850)
+      class DrsUnbindResponse < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        drs_handle :ph_drs
+        ndr_uint32 :error_status
+
+        def initialize_instance
+          super
+          @opnum = DRS_UNBIND
+        end
+      end
+
+    end
+  end
+end
+
+
+
+