RubyGems - ruby_smb - Versions diffs - 2.0.2 → 2.0.3 - Mend

ruby_smb 2.0.2 → 2.0.3

Files changed (110) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/examples/anonymous_auth.rb +3 -3
data/examples/append_file.rb +10 -8
data/examples/authenticate.rb +9 -5
data/examples/delete_file.rb +8 -6
data/examples/enum_registry_key.rb +5 -4
data/examples/enum_registry_values.rb +5 -4
data/examples/list_directory.rb +8 -6
data/examples/negotiate_with_netbios_service.rb +9 -5
data/examples/net_share_enum_all.rb +6 -4
data/examples/pipes.rb +11 -12
data/examples/query_service_status.rb +64 -0
data/examples/read_file.rb +8 -6
data/examples/read_registry_key_value.rb +6 -5
data/examples/rename_file.rb +9 -7
data/examples/tree_connect.rb +7 -5
data/examples/write_file.rb +9 -7
data/lib/ruby_smb/client.rb +72 -43
data/lib/ruby_smb/client/negotiation.rb +1 -0
data/lib/ruby_smb/dcerpc.rb +2 -0
data/lib/ruby_smb/dcerpc/error.rb +3 -0
data/lib/ruby_smb/dcerpc/ndr.rb +209 -44
data/lib/ruby_smb/dcerpc/request.rb +13 -0
data/lib/ruby_smb/dcerpc/rpc_security_attributes.rb +34 -0
data/lib/ruby_smb/dcerpc/rrp_unicode_string.rb +9 -6
data/lib/ruby_smb/dcerpc/svcctl.rb +479 -0
data/lib/ruby_smb/dcerpc/svcctl/change_service_config_w_request.rb +48 -0
data/lib/ruby_smb/dcerpc/svcctl/change_service_config_w_response.rb +26 -0
data/lib/ruby_smb/dcerpc/svcctl/close_service_handle_request.rb +25 -0
data/lib/ruby_smb/dcerpc/svcctl/close_service_handle_response.rb +26 -0
data/lib/ruby_smb/dcerpc/svcctl/control_service_request.rb +26 -0
data/lib/ruby_smb/dcerpc/svcctl/control_service_response.rb +26 -0
data/lib/ruby_smb/dcerpc/svcctl/open_sc_manager_w_request.rb +35 -0
data/lib/ruby_smb/dcerpc/svcctl/open_sc_manager_w_response.rb +23 -0
data/lib/ruby_smb/dcerpc/svcctl/open_service_w_request.rb +31 -0
data/lib/ruby_smb/dcerpc/svcctl/open_service_w_response.rb +23 -0
data/lib/ruby_smb/dcerpc/svcctl/query_service_config_w_request.rb +25 -0
data/lib/ruby_smb/dcerpc/svcctl/query_service_config_w_response.rb +44 -0
data/lib/ruby_smb/dcerpc/svcctl/query_service_status_request.rb +23 -0
data/lib/ruby_smb/dcerpc/svcctl/query_service_status_response.rb +27 -0
data/lib/ruby_smb/dcerpc/svcctl/service_status.rb +25 -0
data/lib/ruby_smb/dcerpc/svcctl/start_service_w_request.rb +27 -0
data/lib/ruby_smb/dcerpc/svcctl/start_service_w_response.rb +25 -0
data/lib/ruby_smb/dcerpc/winreg.rb +98 -17
data/lib/ruby_smb/dcerpc/winreg/create_key_request.rb +73 -0
data/lib/ruby_smb/dcerpc/winreg/create_key_response.rb +36 -0
data/lib/ruby_smb/dcerpc/winreg/enum_key_request.rb +1 -1
data/lib/ruby_smb/dcerpc/winreg/enum_value_request.rb +1 -1
data/lib/ruby_smb/dcerpc/winreg/enum_value_response.rb +1 -1
data/lib/ruby_smb/dcerpc/winreg/open_root_key_request.rb +4 -4
data/lib/ruby_smb/dcerpc/winreg/query_info_key_request.rb +1 -1
data/lib/ruby_smb/dcerpc/winreg/query_value_request.rb +7 -6
data/lib/ruby_smb/dcerpc/winreg/query_value_response.rb +10 -10
data/lib/ruby_smb/dcerpc/winreg/save_key_request.rb +37 -0
data/lib/ruby_smb/dcerpc/winreg/save_key_response.rb +23 -0
data/lib/ruby_smb/dispatcher/base.rb +1 -1
data/lib/ruby_smb/dispatcher/socket.rb +1 -1
data/lib/ruby_smb/field/stringz16.rb +17 -1
data/lib/ruby_smb/nbss/session_header.rb +4 -4
data/lib/ruby_smb/smb1/file.rb +2 -10
data/lib/ruby_smb/smb1/pipe.rb +2 -0
data/lib/ruby_smb/smb2/file.rb +25 -17
data/lib/ruby_smb/smb2/pipe.rb +3 -0
data/lib/ruby_smb/smb2/tree.rb +9 -3
data/lib/ruby_smb/version.rb +1 -1
data/spec/lib/ruby_smb/client_spec.rb +161 -60
data/spec/lib/ruby_smb/dcerpc/ndr_spec.rb +1396 -77
data/spec/lib/ruby_smb/dcerpc/rpc_security_attributes_spec.rb +161 -0
data/spec/lib/ruby_smb/dcerpc/rrp_unicode_string_spec.rb +49 -12
data/spec/lib/ruby_smb/dcerpc/svcctl/change_service_config_w_request_spec.rb +191 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/change_service_config_w_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/close_service_handle_request_spec.rb +30 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/close_service_handle_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/control_service_request_spec.rb +39 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/control_service_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/open_sc_manager_w_request_spec.rb +78 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/open_sc_manager_w_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/open_service_w_request_spec.rb +59 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/open_service_w_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/query_service_config_w_request_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/query_service_config_w_response_spec.rb +152 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/query_service_status_request_spec.rb +30 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/query_service_status_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/service_status_spec.rb +72 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/start_service_w_request_spec.rb +46 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/start_service_w_response_spec.rb +30 -0
data/spec/lib/ruby_smb/dcerpc/svcctl_spec.rb +512 -0
data/spec/lib/ruby_smb/dcerpc/winreg/create_key_request_spec.rb +110 -0
data/spec/lib/ruby_smb/dcerpc/winreg/create_key_response_spec.rb +44 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_request_spec.rb +0 -4
data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_request_spec.rb +2 -2
data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_response_spec.rb +2 -2
data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_request_spec.rb +9 -4
data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_request_spec.rb +0 -4
data/spec/lib/ruby_smb/dcerpc/winreg/query_value_request_spec.rb +17 -17
data/spec/lib/ruby_smb/dcerpc/winreg/query_value_response_spec.rb +11 -23
data/spec/lib/ruby_smb/dcerpc/winreg/save_key_request_spec.rb +57 -0
data/spec/lib/ruby_smb/dcerpc/winreg/save_key_response_spec.rb +22 -0
data/spec/lib/ruby_smb/dcerpc/winreg_spec.rb +215 -41
data/spec/lib/ruby_smb/dispatcher/socket_spec.rb +10 -10
data/spec/lib/ruby_smb/field/stringz16_spec.rb +12 -0
data/spec/lib/ruby_smb/nbss/session_header_spec.rb +4 -11
data/spec/lib/ruby_smb/smb1/pipe_spec.rb +7 -0
data/spec/lib/ruby_smb/smb2/file_spec.rb +60 -6
data/spec/lib/ruby_smb/smb2/pipe_spec.rb +7 -0
data/spec/lib/ruby_smb/smb2/tree_spec.rb +35 -1
metadata +72 -2
metadata.gz.sig +0 -0

data/spec/lib/ruby_smb/dcerpc/winreg/create_key_request_spec.rb ADDED

@@ -0,0 +1,110 @@
+RSpec.describe RubySMB::Dcerpc::Winreg::RpcHkey do
+  subject(:packet) { described_class.new }
+  it 'is NdrContextHandle subclass' do
+    expect(described_class).to be < RubySMB::Dcerpc::Ndr::NdrContextHandle
+  end
+end
+RSpec.describe RubySMB::Dcerpc::Winreg::CreateKeyRequest do
+  subject(:packet) { described_class.new }
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  it { is_expected.to respond_to :hkey }
+  it { is_expected.to respond_to :lp_sub_key }
+  it { is_expected.to respond_to :pad1 }
+  it { is_expected.to respond_to :lp_class }
+  it { is_expected.to respond_to :pad2 }
+  it { is_expected.to respond_to :dw_options }
+  it { is_expected.to respond_to :sam_desired }
+  it { is_expected.to respond_to :lp_security_attributes }
+  it { is_expected.to respond_to :pad3 }
+  it { is_expected.to respond_to :lpdw_disposition }
+  describe '#hkey' do
+    it 'is a RpcHkey structure' do
+      expect(packet.hkey).to be_a RubySMB::Dcerpc::Winreg::RpcHkey
+    end
+  end
+  describe '#lp_sub_key' do
+    it 'is a RrpUnicodeString structure' do
+      expect(packet.lp_sub_key).to be_a RubySMB::Dcerpc::RrpUnicodeString
+    end
+  end
+  describe '#pad1' do
+    it 'is a string' do
+      expect(packet.pad1).to be_a BinData::String
+    end
+    it 'should keep #lp_class 4-byte aligned' do
+      packet.lp_sub_key = "test"
+      expect(packet.lp_class.abs_offset % 4).to eq 0
+    end
+  end
+  describe '#lp_class' do
+    it 'is a RrpUnicodeString structure' do
+      expect(packet.lp_class).to be_a RubySMB::Dcerpc::RrpUnicodeString
+    end
+  end
+  describe '#pad2' do
+    it 'is a string' do
+      expect(packet.pad1).to be_a BinData::String
+    end
+    it 'should keep #dw_options 4-byte aligned' do
+      packet.lp_class = "test"
+      expect(packet.dw_options.abs_offset % 4).to eq 0
+    end
+  end
+  describe '#dw_options' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.dw_options).to be_a BinData::Uint32le
+    end
+  end
+  describe '#sam_desired' do
+    it 'is a Regsam structure' do
+      expect(packet.sam_desired).to be_a RubySMB::Dcerpc::Winreg::Regsam
+    end
+  end
+  describe '#lp_security_attributes' do
+    it 'is a PrpcSecurityAttributes structure' do
+      expect(packet.lp_security_attributes).to be_a RubySMB::Dcerpc::PrpcSecurityAttributes
+    end
+  end
+  describe '#pad3' do
+    it 'is a string' do
+      expect(packet.pad1).to be_a BinData::String
+    end
+    it 'should keep #lpdw_disposition 4-byte aligned' do
+      sc = RubySMB::Dcerpc::RpcSecurityDescriptor.new(lp_security_descriptor: [1,2,3,4])
+      packet.lp_security_attributes = RubySMB::Dcerpc::RpcSecurityAttributes.new(rpc_security_descriptor: sc)
+      expect(packet.lpdw_disposition.abs_offset % 4).to eq 0
+    end
+  end
+  describe '#lpdw_disposition' do
+    it 'is a NdrLpDword structure' do
+      expect(packet.lpdw_disposition).to be_a RubySMB::Dcerpc::Ndr::NdrLpDword
+    end
+  end
+  describe '#initialize_instance' do
+   it 'sets #opnum to REG_CREATE_KEY constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Winreg::REG_CREATE_KEY)
+    end
+  end
+end

data/spec/lib/ruby_smb/dcerpc/winreg/create_key_response_spec.rb ADDED

@@ -0,0 +1,44 @@
+RSpec.describe RubySMB::Dcerpc::Winreg::PrpcHkey do
+  subject(:packet) { described_class.new }
+  it 'is NdrContextHandle subclass' do
+    expect(described_class).to be < RubySMB::Dcerpc::Ndr::NdrContextHandle
+  end
+end
+RSpec.describe RubySMB::Dcerpc::Winreg::CreateKeyResponse do
+  subject(:packet) { described_class.new }
+  it { is_expected.to respond_to :hkey }
+  it { is_expected.to respond_to :lpdw_disposition }
+  it { is_expected.to respond_to :error_status }
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  describe '#hkey' do
+    it 'is a PrpcHkey structure' do
+      expect(packet.hkey).to be_a RubySMB::Dcerpc::Winreg::PrpcHkey
+    end
+  end
+  describe '#lpdw_disposition' do
+    it 'is a NdrLpDword structure' do
+      expect(packet.lpdw_disposition).to be_a RubySMB::Dcerpc::Ndr::NdrLpDword
+    end
+  end
+  describe '#error_status' do
+    it 'is a 32-bit unsigned integer' do
+      expect(packet.error_status).to be_a BinData::Uint32le
+    end
+  end
+  describe '#initialize_instance' do
+    it 'sets #opnum to REG_CREATE_KEY constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Winreg::REG_CREATE_KEY)
+    end
+  end
+end

data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_request_spec.rb CHANGED

@@ -53,10 +53,6 @@ RSpec.describe RubySMB::Dcerpc::Winreg::EnumKeyRequest do
     it 'is a PrrpUnicodeString structure' do
       expect(packet.lp_class).to be_a RubySMB::Dcerpc::PrrpUnicodeString
     end
-    it 'has a initial value of 0' do
-      expect(packet.lp_class).to eq(0)
-    end
   end
   describe '#pad2' do

data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_request_spec.rb CHANGED

@@ -57,8 +57,8 @@ RSpec.describe RubySMB::Dcerpc::Winreg::EnumValueRequest do
   end
   describe '#lp_data' do
-    it 'is a NdrLpByte structure' do
-      expect(packet.lp_data).to be_a RubySMB::Dcerpc::Ndr::NdrLpByte
+    it 'is a NdrLpByteArray structure' do
+      expect(packet.lp_data).to be_a RubySMB::Dcerpc::Ndr::NdrLpByteArray
     end
   end

data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_response_spec.rb CHANGED

@@ -38,8 +38,8 @@ RSpec.describe RubySMB::Dcerpc::Winreg::EnumValueResponse do
   end
   describe '#lp_data' do
-    it 'is a NdrLpByte structure' do
-      expect(packet.lp_data).to be_a RubySMB::Dcerpc::Ndr::NdrLpByte
+    it 'is a NdrLpByteArray structure' do
+      expect(packet.lp_data).to be_a RubySMB::Dcerpc::Ndr::NdrLpByteArray
     end
   end

data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_request_spec.rb CHANGED

@@ -1,6 +1,6 @@
 RSpec.describe RubySMB::Dcerpc::Winreg::PRegistryServerName do
-  it 'is NdrTopLevelFullPointer subclass' do
-    expect(described_class).to be < RubySMB::Dcerpc::Ndr::NdrTopLevelFullPointer
+  it 'is NdrPointer subclass' do
+    expect(described_class).to be < RubySMB::Dcerpc::Ndr::NdrPointer
   end
   subject(:packet) { described_class.new }
@@ -16,6 +16,11 @@ RSpec.describe RubySMB::Dcerpc::Winreg::PRegistryServerName do
       expect(packet.referent).to be_a RubySMB::Field::String16
     end
+    it 'only exists if #referent_id is not 0' do
+      packet.referent_id = 0
+      expect(packet.referent?).to be false
+    end
     it 'reads 4-bytes' do
       str = 'spec_test'.encode('utf-16le')
       packet.referent.read(str)
@@ -55,8 +60,8 @@ RSpec.describe RubySMB::Dcerpc::Winreg::OpenRootKeyRequest do
       end
     end
-    it 'sets #p_registry_server_name.referent to NULL unicode value' do
-      expect(packet.p_registry_server_name.referent).to eq("\0\0".encode('utf-16le'))
+    it 'sets #p_registry_server_name.referent to :null' do
+      expect(packet.p_registry_server_name).to eq(:null)
     end
     context 'when #opnum is not OPEN_HKPD, OPEN_HKPT or OPEN_HKPN' do

data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_request_spec.rb CHANGED

@@ -25,10 +25,6 @@ RSpec.describe RubySMB::Dcerpc::Winreg::QueryInfoKeyRequest do
     it 'is a RrpUnicodeString structure' do
       expect(packet.lp_class).to be_a RubySMB::Dcerpc::RrpUnicodeString
     end
-    it 'has an initial value of 0' do
-      expect(packet.lp_class).to eq(0)
-    end
   end
   describe '#initialize_instance' do

data/spec/lib/ruby_smb/dcerpc/winreg/query_value_request_spec.rb CHANGED

@@ -9,9 +9,10 @@ RSpec.describe RubySMB::Dcerpc::Winreg::QueryValueRequest do
   it { is_expected.to respond_to :hkey }
   it { is_expected.to respond_to :lp_value_name }
-  it { is_expected.to respond_to :pad }
+  it { is_expected.to respond_to :pad1 }
   it { is_expected.to respond_to :lp_type }
   it { is_expected.to respond_to :lp_data }
+  it { is_expected.to respond_to :pad2 }
   it { is_expected.to respond_to :lpcb_data }
   it { is_expected.to respond_to :lpcb_len }
   it { is_expected.to respond_to :opnum }
@@ -32,9 +33,9 @@ RSpec.describe RubySMB::Dcerpc::Winreg::QueryValueRequest do
     end
   end
-  describe '#pad' do
+  describe '#pad1' do
     it 'is a string' do
-      expect(packet.pad).to be_a BinData::String
+      expect(packet.pad1).to be_a BinData::String
     end
     it 'should keep #lp_type 4-byte aligned' do
@@ -50,8 +51,8 @@ RSpec.describe RubySMB::Dcerpc::Winreg::QueryValueRequest do
   end
   describe '#lp_data' do
-    it 'is a NdrLpByte structure' do
-      expect(packet.lp_data).to be_a RubySMB::Dcerpc::Ndr::NdrLpByte
+    it 'is a NdrLpByteArray structure' do
+      expect(packet.lp_data).to be_a RubySMB::Dcerpc::Ndr::NdrLpByteArray
     end
   end
@@ -61,6 +62,17 @@ RSpec.describe RubySMB::Dcerpc::Winreg::QueryValueRequest do
     end
   end
+  describe '#pad2' do
+    it 'is a string' do
+      expect(packet.pad2).to be_a BinData::String
+    end
+    it 'should keep #lpcb_data 4-byte aligned' do
+      packet.lp_data = [1, 2]
+      expect(packet.lpcb_data.abs_offset % 4).to eq 0
+    end
+  end
   describe '#lpcb_len' do
     it 'is a NdrLpDword structure' do
       expect(packet.lpcb_len).to be_a RubySMB::Dcerpc::Ndr::NdrLpDword
@@ -72,17 +84,5 @@ RSpec.describe RubySMB::Dcerpc::Winreg::QueryValueRequest do
       expect(packet.opnum).to eq(RubySMB::Dcerpc::Winreg::REG_QUERY_VALUE)
     end
   end
-  describe '#pad_length' do
-    it 'returns 0 when #lp_type is already 4-byte aligned' do
-      packet.lp_value_name = 'align'
-      expect(packet.pad_length).to eq 0
-    end
-    it 'returns 2 when #lp_type is only 2-byte aligned' do
-      packet.lp_value_name = 'align' + 'A'
-      expect(packet.pad_length).to eq 2
-    end
-  end
 end

data/spec/lib/ruby_smb/dcerpc/winreg/query_value_response_spec.rb CHANGED

@@ -20,8 +20,8 @@ RSpec.describe RubySMB::Dcerpc::Winreg::QueryValueResponse do
   end
   describe '#lp_data' do
-    it 'is a NdrLpByte structure' do
-      expect(packet.lp_data).to be_a RubySMB::Dcerpc::Ndr::NdrLpByte
+    it 'is a NdrLpByteArray structure' do
+      expect(packet.lp_data).to be_a RubySMB::Dcerpc::Ndr::NdrLpByteArray
     end
   end
@@ -31,7 +31,7 @@ RSpec.describe RubySMB::Dcerpc::Winreg::QueryValueResponse do
     end
     it 'should keep #lpcb_data 4-byte aligned' do
-      packet.lp_data.bytes = 'spec_test'.bytes
+      packet.lp_data = 'spec_test'.bytes
       expect(packet.lpcb_data.abs_offset % 4).to eq 0
     end
   end
@@ -60,24 +60,12 @@ RSpec.describe RubySMB::Dcerpc::Winreg::QueryValueResponse do
     end
   end
-  describe '#pad_length' do
-    it 'returns 0 when #lpcb_data is already 4-byte aligned' do
-      packet.lp_data.bytes = 'aligned.'.bytes
-      expect(packet.pad_length).to eq 0
-    end
-    it 'returns 2 when #lpcb_data is only 2-byte aligned' do
-      packet.lp_data.bytes = 'not aligned'.bytes
-      expect(packet.pad_length).to eq 1
-    end
-  end
   describe '#data' do
     context 'when #lp_type is 1 (unicode null-terminated string)' do
       it 'returns the expected value' do
         str = 'spec test string'.encode('utf-16le')
         packet.lp_type = 1
-        packet.lp_data.bytes = str.bytes
+        packet.lp_data = str.bytes
         expect(packet.data).to eq(str)
       end
     end
@@ -86,7 +74,7 @@ RSpec.describe RubySMB::Dcerpc::Winreg::QueryValueResponse do
       it 'returns the expected value' do
         str = '/%PATH%/foo'.encode('utf-16le')
         packet.lp_type = 2
-        packet.lp_data.bytes = str.bytes
+        packet.lp_data = str.bytes
         expect(packet.data).to eq(str)
       end
     end
@@ -95,7 +83,7 @@ RSpec.describe RubySMB::Dcerpc::Winreg::QueryValueResponse do
       it 'returns the expected value' do
         bytes = [0xFF, 0xEE, 0xDD, 0xCC].pack('C*')
         packet.lp_type = 3
-        packet.lp_data.bytes = bytes.bytes
+        packet.lp_data = bytes.bytes
         expect(packet.data).to eq(bytes)
       end
     end
@@ -104,7 +92,7 @@ RSpec.describe RubySMB::Dcerpc::Winreg::QueryValueResponse do
       it 'returns the expected value' do
         number = 12345
         packet.lp_type = 4
-        packet.lp_data.bytes = [number].pack('V').bytes
+        packet.lp_data = [number].pack('V').bytes
         expect(packet.data).to eq(number)
       end
     end
@@ -113,7 +101,7 @@ RSpec.describe RubySMB::Dcerpc::Winreg::QueryValueResponse do
       it 'returns the expected value' do
         number = 12345
         packet.lp_type = 5
-        packet.lp_data.bytes = [number].pack('N').bytes
+        packet.lp_data = [number].pack('N').bytes
         expect(packet.data).to eq(number)
       end
     end
@@ -124,7 +112,7 @@ RSpec.describe RubySMB::Dcerpc::Winreg::QueryValueResponse do
         null_byte = "\0".encode('utf-16le')
         str = (str_array + [null_byte]).join(null_byte)
         packet.lp_type = 7
-        packet.lp_data.bytes = str.bytes
+        packet.lp_data = str.bytes
         expect(packet.data).to eq(str_array)
       end
     end
@@ -133,7 +121,7 @@ RSpec.describe RubySMB::Dcerpc::Winreg::QueryValueResponse do
       it 'returns the expected value' do
         number = 0x1234567812345678
         packet.lp_type = 11
-        packet.lp_data.bytes = [number].pack('Q<').bytes
+        packet.lp_data = [number].pack('Q<').bytes
         expect(packet.data).to eq(number)
       end
     end
@@ -142,7 +130,7 @@ RSpec.describe RubySMB::Dcerpc::Winreg::QueryValueResponse do
       it 'returns an empty string' do
         str = 'test'
         packet.lp_type = 6
-        packet.lp_data.bytes = str.bytes
+        packet.lp_data = str.bytes
         expect(packet.data).to eq('')
       end
     end

data/spec/lib/ruby_smb/dcerpc/winreg/save_key_request_spec.rb ADDED

@@ -0,0 +1,57 @@
+RSpec.describe RubySMB::Dcerpc::Winreg::RpcHkey do
+  subject(:packet) { described_class.new }
+  it 'is NdrContextHandle subclass' do
+    expect(described_class).to be < RubySMB::Dcerpc::Ndr::NdrContextHandle
+  end
+end
+RSpec.describe RubySMB::Dcerpc::Winreg::SaveKeyRequest do
+  subject(:packet) { described_class.new }
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  it { is_expected.to respond_to :hkey }
+  it { is_expected.to respond_to :lp_file }
+  it { is_expected.to respond_to :pad }
+  it { is_expected.to respond_to :lp_security_attributes }
+  describe '#hkey' do
+    it 'is a RpcHkey structure' do
+      expect(packet.hkey).to be_a RubySMB::Dcerpc::Winreg::RpcHkey
+    end
+  end
+  describe '#lp_file' do
+    it 'is a RrpUnicodeString structure' do
+      expect(packet.lp_file).to be_a RubySMB::Dcerpc::RrpUnicodeString
+    end
+  end
+  describe '#pad' do
+    it 'is a string' do
+      expect(packet.pad).to be_a BinData::String
+    end
+    it 'should keep #lp_security_attributes 4-byte aligned' do
+      packet.lp_file = "test"
+      expect(packet.lp_security_attributes.abs_offset % 4).to eq 0
+    end
+  end
+  describe '#lp_security_attributes' do
+    it 'is a PrpcSecurityAttributes structure' do
+      expect(packet.lp_security_attributes).to be_a RubySMB::Dcerpc::PrpcSecurityAttributes
+    end
+  end
+  describe '#initialize_instance' do
+    it 'sets #opnum to REG_SAVE_KEY constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Winreg::REG_SAVE_KEY)
+    end
+  end
+end