RubyGems - ruby_smb - Versions diffs - 2.0.2 → 2.0.3 - Mend

ruby_smb 2.0.2 → 2.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (110) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/examples/anonymous_auth.rb +3 -3
data/examples/append_file.rb +10 -8
data/examples/authenticate.rb +9 -5
data/examples/delete_file.rb +8 -6
data/examples/enum_registry_key.rb +5 -4
data/examples/enum_registry_values.rb +5 -4
data/examples/list_directory.rb +8 -6
data/examples/negotiate_with_netbios_service.rb +9 -5
data/examples/net_share_enum_all.rb +6 -4
data/examples/pipes.rb +11 -12
data/examples/query_service_status.rb +64 -0
data/examples/read_file.rb +8 -6
data/examples/read_registry_key_value.rb +6 -5
data/examples/rename_file.rb +9 -7
data/examples/tree_connect.rb +7 -5
data/examples/write_file.rb +9 -7
data/lib/ruby_smb/client.rb +72 -43
data/lib/ruby_smb/client/negotiation.rb +1 -0
data/lib/ruby_smb/dcerpc.rb +2 -0
data/lib/ruby_smb/dcerpc/error.rb +3 -0
data/lib/ruby_smb/dcerpc/ndr.rb +209 -44
data/lib/ruby_smb/dcerpc/request.rb +13 -0
data/lib/ruby_smb/dcerpc/rpc_security_attributes.rb +34 -0
data/lib/ruby_smb/dcerpc/rrp_unicode_string.rb +9 -6
data/lib/ruby_smb/dcerpc/svcctl.rb +479 -0
data/lib/ruby_smb/dcerpc/svcctl/change_service_config_w_request.rb +48 -0
data/lib/ruby_smb/dcerpc/svcctl/change_service_config_w_response.rb +26 -0
data/lib/ruby_smb/dcerpc/svcctl/close_service_handle_request.rb +25 -0
data/lib/ruby_smb/dcerpc/svcctl/close_service_handle_response.rb +26 -0
data/lib/ruby_smb/dcerpc/svcctl/control_service_request.rb +26 -0
data/lib/ruby_smb/dcerpc/svcctl/control_service_response.rb +26 -0
data/lib/ruby_smb/dcerpc/svcctl/open_sc_manager_w_request.rb +35 -0
data/lib/ruby_smb/dcerpc/svcctl/open_sc_manager_w_response.rb +23 -0
data/lib/ruby_smb/dcerpc/svcctl/open_service_w_request.rb +31 -0
data/lib/ruby_smb/dcerpc/svcctl/open_service_w_response.rb +23 -0
data/lib/ruby_smb/dcerpc/svcctl/query_service_config_w_request.rb +25 -0
data/lib/ruby_smb/dcerpc/svcctl/query_service_config_w_response.rb +44 -0
data/lib/ruby_smb/dcerpc/svcctl/query_service_status_request.rb +23 -0
data/lib/ruby_smb/dcerpc/svcctl/query_service_status_response.rb +27 -0
data/lib/ruby_smb/dcerpc/svcctl/service_status.rb +25 -0
data/lib/ruby_smb/dcerpc/svcctl/start_service_w_request.rb +27 -0
data/lib/ruby_smb/dcerpc/svcctl/start_service_w_response.rb +25 -0
data/lib/ruby_smb/dcerpc/winreg.rb +98 -17
data/lib/ruby_smb/dcerpc/winreg/create_key_request.rb +73 -0
data/lib/ruby_smb/dcerpc/winreg/create_key_response.rb +36 -0
data/lib/ruby_smb/dcerpc/winreg/enum_key_request.rb +1 -1
data/lib/ruby_smb/dcerpc/winreg/enum_value_request.rb +1 -1
data/lib/ruby_smb/dcerpc/winreg/enum_value_response.rb +1 -1
data/lib/ruby_smb/dcerpc/winreg/open_root_key_request.rb +4 -4
data/lib/ruby_smb/dcerpc/winreg/query_info_key_request.rb +1 -1
data/lib/ruby_smb/dcerpc/winreg/query_value_request.rb +7 -6
data/lib/ruby_smb/dcerpc/winreg/query_value_response.rb +10 -10
data/lib/ruby_smb/dcerpc/winreg/save_key_request.rb +37 -0
data/lib/ruby_smb/dcerpc/winreg/save_key_response.rb +23 -0
data/lib/ruby_smb/dispatcher/base.rb +1 -1
data/lib/ruby_smb/dispatcher/socket.rb +1 -1
data/lib/ruby_smb/field/stringz16.rb +17 -1
data/lib/ruby_smb/nbss/session_header.rb +4 -4
data/lib/ruby_smb/smb1/file.rb +2 -10
data/lib/ruby_smb/smb1/pipe.rb +2 -0
data/lib/ruby_smb/smb2/file.rb +25 -17
data/lib/ruby_smb/smb2/pipe.rb +3 -0
data/lib/ruby_smb/smb2/tree.rb +9 -3
data/lib/ruby_smb/version.rb +1 -1
data/spec/lib/ruby_smb/client_spec.rb +161 -60
data/spec/lib/ruby_smb/dcerpc/ndr_spec.rb +1396 -77
data/spec/lib/ruby_smb/dcerpc/rpc_security_attributes_spec.rb +161 -0
data/spec/lib/ruby_smb/dcerpc/rrp_unicode_string_spec.rb +49 -12
data/spec/lib/ruby_smb/dcerpc/svcctl/change_service_config_w_request_spec.rb +191 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/change_service_config_w_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/close_service_handle_request_spec.rb +30 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/close_service_handle_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/control_service_request_spec.rb +39 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/control_service_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/open_sc_manager_w_request_spec.rb +78 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/open_sc_manager_w_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/open_service_w_request_spec.rb +59 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/open_service_w_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/query_service_config_w_request_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/query_service_config_w_response_spec.rb +152 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/query_service_status_request_spec.rb +30 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/query_service_status_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/service_status_spec.rb +72 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/start_service_w_request_spec.rb +46 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/start_service_w_response_spec.rb +30 -0
data/spec/lib/ruby_smb/dcerpc/svcctl_spec.rb +512 -0
data/spec/lib/ruby_smb/dcerpc/winreg/create_key_request_spec.rb +110 -0
data/spec/lib/ruby_smb/dcerpc/winreg/create_key_response_spec.rb +44 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_request_spec.rb +0 -4
data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_request_spec.rb +2 -2
data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_response_spec.rb +2 -2
data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_request_spec.rb +9 -4
data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_request_spec.rb +0 -4
data/spec/lib/ruby_smb/dcerpc/winreg/query_value_request_spec.rb +17 -17
data/spec/lib/ruby_smb/dcerpc/winreg/query_value_response_spec.rb +11 -23
data/spec/lib/ruby_smb/dcerpc/winreg/save_key_request_spec.rb +57 -0
data/spec/lib/ruby_smb/dcerpc/winreg/save_key_response_spec.rb +22 -0
data/spec/lib/ruby_smb/dcerpc/winreg_spec.rb +215 -41
data/spec/lib/ruby_smb/dispatcher/socket_spec.rb +10 -10
data/spec/lib/ruby_smb/field/stringz16_spec.rb +12 -0
data/spec/lib/ruby_smb/nbss/session_header_spec.rb +4 -11
data/spec/lib/ruby_smb/smb1/pipe_spec.rb +7 -0
data/spec/lib/ruby_smb/smb2/file_spec.rb +60 -6
data/spec/lib/ruby_smb/smb2/pipe_spec.rb +7 -0
data/spec/lib/ruby_smb/smb2/tree_spec.rb +35 -1
metadata +72 -2
metadata.gz.sig +0 -0

data/lib/ruby_smb/dcerpc/svcctl/start_service_w_request.rb ADDED

@@ -0,0 +1,27 @@
+require 'ruby_smb/dcerpc/ndr'
+module RubySMB
+  module Dcerpc
+    module Svcctl
+      # [3.1.4.19 RStartServiceW (Opnum 19)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-scmr/d9be95a2-cf01-4bdc-b30f-6fe4b37ada16)
+      class StartServiceWRequest < BinData::Record
+        attr_reader :opnum
+        endian :little
+        sc_rpc_handle       :h_service
+        uint32              :argc
+        ndr_lp_string_ptrsw :argv
+        def initialize_instance
+          super
+          @opnum = START_SERVICE_W
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/svcctl/start_service_w_response.rb ADDED

@@ -0,0 +1,25 @@
+require 'ruby_smb/dcerpc/ndr'
+module RubySMB
+  module Dcerpc
+    module Svcctl
+      # [3.1.4.19 RStartServiceW (Opnum 19)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-scmr/d9be95a2-cf01-4bdc-b30f-6fe4b37ada16)
+      class StartServiceWResponse < BinData::Record
+        attr_reader :opnum
+        endian :little
+        uint32 :error_status
+        def initialize_instance
+          super
+          @opnum = START_SERVICE_W
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/winreg.rb CHANGED

@@ -13,11 +13,13 @@ module RubySMB
       OPEN_HKPD             = 0x03
       OPEN_HKU              = 0x04
       REG_CLOSE_KEY         = 0x05
+      REG_CREATE_KEY        = 0x06
       REG_ENUM_KEY          = 0x09
       REG_ENUM_VALUE        = 0x0a
       REG_OPEN_KEY          = 0x0f
       REG_QUERY_INFO_KEY    = 0x10
       REG_QUERY_VALUE       = 0x11
+      REG_SAVE_KEY          = 0x14
       OPEN_HKCC             = 0x1b
       OPEN_HKPT             = 0x20
       OPEN_HKPN             = 0x21
@@ -37,6 +39,10 @@ module RubySMB
       require 'ruby_smb/dcerpc/winreg/query_info_key_response'
       require 'ruby_smb/dcerpc/winreg/query_value_request'
       require 'ruby_smb/dcerpc/winreg/query_value_response'
+      require 'ruby_smb/dcerpc/winreg/create_key_request'
+      require 'ruby_smb/dcerpc/winreg/create_key_response'
+      require 'ruby_smb/dcerpc/winreg/save_key_request'
+      require 'ruby_smb/dcerpc/winreg/save_key_response'
       ROOT_KEY_MAP = {
         "HKEY_CLASSES_ROOT"         => OPEN_HKCR,
@@ -125,7 +131,9 @@ module RubySMB
       # @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
       def query_value(handle, value_name)
         query_value_request_packet = RubySMB::Dcerpc::Winreg::QueryValueRequest.new(hkey: handle, lp_value_name: value_name)
-        query_value_request_packet.lp_data.referent_identifier = 0
+        query_value_request_packet.lp_type = 0
+        query_value_request_packet.lpcb_data = 0
+        query_value_request_packet.lpcb_len = 0
         response = dcerpc_request(query_value_request_packet)
         begin
           query_value_response = RubySMB::Dcerpc::Winreg::QueryValueResponse.read(response)
@@ -137,9 +145,9 @@ module RubySMB
             "#{WindowsError::Win32.find_by_retval(query_value_response.error_status.value).join(',')}"
         end
-        query_value_request_packet = RubySMB::Dcerpc::Winreg::QueryValueRequest.new(hkey: handle, lp_value_name: value_name)
         query_value_request_packet.lpcb_data = query_value_response.lpcb_data
-        query_value_request_packet.lp_data.max_count = query_value_response.lpcb_data.referent
+        query_value_request_packet.lp_data = []
+        query_value_request_packet.lp_data.referent.max_count = query_value_response.lpcb_data.referent
         response = dcerpc_request(query_value_request_packet)
         begin
           query_value_response = RubySMB::Dcerpc::Winreg::QueryValueResponse.read(response)
@@ -185,6 +193,10 @@ module RubySMB
       # @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
       def query_info_key(handle)
         query_info_key_request_packet = RubySMB::Dcerpc::Winreg::QueryInfoKeyRequest.new(hkey: handle)
+        query_info_key_request_packet.lp_class = ''
+        query_info_key_request_packet.lp_class.referent.actual_count = 0
+        query_info_key_request_packet.lp_class.maximum_length = 1024
+        query_info_key_request_packet.lp_class.buffer.referent.max_count = 1024 / 2
         response = dcerpc_request(query_info_key_request_packet)
         begin
           query_info_key_response = RubySMB::Dcerpc::Winreg::QueryInfoKeyResponse.read(response)
@@ -209,7 +221,9 @@ module RubySMB
       def enum_key(handle, index)
         enum_key_request_packet = RubySMB::Dcerpc::Winreg::EnumKeyRequest.new(hkey: handle, dw_index: index)
         enum_key_request_packet.lpft_last_write_time = 0
-        enum_key_request_packet.lp_class.referent.buffer = 0
+        enum_key_request_packet.lp_class = ''
+        enum_key_request_packet.lp_class.referent.buffer = :null
+        enum_key_request_packet.lp_name.buffer = ''
         enum_key_request_packet.lp_name.buffer.referent.max_count = 256
         response = dcerpc_request(enum_key_request_packet)
         begin
@@ -234,7 +248,7 @@ module RubySMB
       # @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
       def enum_value(handle, index)
         enum_value_request_packet = RubySMB::Dcerpc::Winreg::EnumValueRequest.new(hkey: handle, dw_index: index)
-        enum_value_request_packet.lp_data.referent_identifier = 0
+        enum_value_request_packet.lp_value_name.buffer = ''
         enum_value_request_packet.lp_value_name.buffer.referent.max_count = 256
         response = dcerpc_request(enum_value_request_packet)
         begin
@@ -250,13 +264,72 @@ module RubySMB
         enum_value_response.lp_value_name.to_s
       end
+      # Creates the specified registry key and returns a handle to the newly created key
+      #
+      # @param handle [Ndr::NdrContextHandle] the handle for the key
+      # @param sub_key [String] the name of the key
+      # @param opts [Hash] options for the CreateKeyRequest
+      # @return [RubySMB::Dcerpc::Winreg::PrpcHkey] the handle to the opened or created key
+      # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a CreateKeyResponse packet
+      # @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
+      def create_key(handle, sub_key, opts = {})
+        opts = {
+          hkey:                   handle,
+          lp_sub_key:             sub_key,
+          lp_class:               opts[:lp_class] || :null,
+          dw_options:             opts[:dw_options] || RubySMB::Dcerpc::Winreg::CreateKeyRequest::REG_KEY_TYPE_VOLATILE,
+          sam_desired:            opts[:sam_desired] || RubySMB::Dcerpc::Winreg::Regsam.new(maximum: 1),
+          lp_security_attributes: opts[:lp_security_attributes] || RubySMB::Dcerpc::RpcSecurityAttributes.new,
+          lpdw_disposition:       opts[:lpdw_disposition] || RubySMB::Dcerpc::Winreg::CreateKeyRequest::REG_CREATED_NEW_KEY,
+        }
+        create_key_request_packet = RubySMB::Dcerpc::Winreg::CreateKeyRequest.new(opts)
+        response = dcerpc_request(create_key_request_packet)
+        begin
+          create_key_response = RubySMB::Dcerpc::Winreg::CreateKeyResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the CreateKey response"
+        end
+        unless create_key_response.error_status == WindowsError::Win32::ERROR_SUCCESS
+          raise RubySMB::Dcerpc::Error::WinregError, "Error returned when creating key #{sub_key}: "\
+            "#{WindowsError::Win32.find_by_retval(create_key_response.error_status.value).join(',')}"
+        end
+        create_key_response.hkey
+      end
+      # Saves the specified key, subkeys, and values to a new file
+      #
+      # @param handle [Ndr::NdrContextHandle] the handle for the key
+      # @param file_name [String] the name of the registry file in which the specified key and subkeys are to be saved
+      # @param opts [Hash] options for the SaveKeyRequest
+      # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a SaveKeyResponse packet
+      # @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
+      def save_key(handle, file_name, opts = {})
+        opts = {
+          hkey:                   handle,
+          lp_file:                file_name,
+          lp_security_attributes: opts[:lp_security_attributes] || :null,
+        }
+        save_key_request_packet = RubySMB::Dcerpc::Winreg::SaveKeyRequest.new(opts)
+        response = dcerpc_request(save_key_request_packet)
+        begin
+          save_key_response = RubySMB::Dcerpc::Winreg::SaveKeyResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the SaveKeyResponse response"
+        end
+        unless save_key_response.error_status == WindowsError::Win32::ERROR_SUCCESS
+          raise RubySMB::Dcerpc::Error::WinregError, "Error returned when saving key to #{file_name}: "\
+            "#{WindowsError::Win32.find_by_retval(save_key_response.error_status.value).join(',')}"
+        end
+      end
       # Checks if the specified registry key exists. It returns true if it
       # exists, false otherwise.
       #
       # @param key [String] the registry key to check
       # @return [Boolean]
-      def has_registry_key?(key)
-        bind(endpoint: RubySMB::Dcerpc::Winreg)
+      def has_registry_key?(key, bind: true)
+        bind(endpoint: RubySMB::Dcerpc::Winreg) if bind
         root_key, sub_key = key.gsub(/\//, '\\').split('\\', 2)
         begin
@@ -265,8 +338,10 @@ module RubySMB
         rescue RubySMB::Dcerpc::Error::WinregError
           return false
         end
-        close_key(subkey_handle)
         return true
+      ensure
+        close_key(subkey_handle) if subkey_handle
+        close_key(root_key_handle) if root_key_handle
       end
       # Retrieve the data associated with the named value of a specified
@@ -275,15 +350,17 @@ module RubySMB
       # @param key [String] the registry key
       # @param value_name [String] the name of the value to read
       # @return [String] the data of the value entry
-      def read_registry_key_value(key, value_name)
-        bind(endpoint: RubySMB::Dcerpc::Winreg)
+      def read_registry_key_value(key, value_name, bind: true)
+        bind(endpoint: RubySMB::Dcerpc::Winreg) if bind
         root_key, sub_key = key.gsub(/\//, '\\').split('\\', 2)
         root_key_handle = open_root_key(root_key)
         subkey_handle = open_key(root_key_handle, sub_key)
         value = query_value(subkey_handle, value_name)
-        close_key(subkey_handle)
         value
+      ensure
+        close_key(subkey_handle) if subkey_handle
+        close_key(root_key_handle) if root_key_handle
       end
       # Enumerate the subkeys of a specified registry key. If only a root key
@@ -291,8 +368,8 @@ module RubySMB
       #
       # @param key [String] the registry key
       # @return [Array<String>] the subkeys
-      def enum_registry_key(key)
-        bind(endpoint: RubySMB::Dcerpc::Winreg)
+      def enum_registry_key(key, bind: true)
+        bind(endpoint: RubySMB::Dcerpc::Winreg) if bind
         root_key, sub_key = key.gsub(/\//, '\\').split('\\', 2)
         root_key_handle = open_root_key(root_key)
@@ -307,16 +384,18 @@ module RubySMB
         key_count.times do |i|
           enum_result << enum_key(subkey_handle, i)
         end
-        close_key(subkey_handle)
         enum_result
+      ensure
+        close_key(subkey_handle) if subkey_handle
+        close_key(root_key_handle) if root_key_handle
       end
       # Enumerate the values for the specified registry key.
       #
       # @param key [String] the registry key
       # @return [Array<String>] the values
-      def enum_registry_values(key)
-        bind(endpoint: RubySMB::Dcerpc::Winreg)
+      def enum_registry_values(key, bind: true)
+        bind(endpoint: RubySMB::Dcerpc::Winreg) if bind
         root_key, sub_key = key.gsub(/\//, '\\').split('\\', 2)
         root_key_handle = open_root_key(root_key)
@@ -331,8 +410,10 @@ module RubySMB
         value_count.times do |i|
           enum_result << enum_value(subkey_handle, i)
         end
-        close_key(subkey_handle)
         enum_result
+      ensure
+        close_key(subkey_handle) if subkey_handle
+        close_key(root_key_handle) if root_key_handle
       end
     end

data/lib/ruby_smb/dcerpc/winreg/create_key_request.rb ADDED

@@ -0,0 +1,73 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      class RpcHkey < Ndr::NdrContextHandle; end
+      # This class represents a BaseRegCreateKey Request Packet as defined in
+      # [3.1.5.7 BaseRegCreateKey (Opnum 6)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/c7186ae2-1c82-45e9-933b-97d9873657e8)
+      class CreateKeyRequest < BinData::Record
+        # Options:
+        # bitwise OR of one of the key types (REG_KEY_TYPE_*), and any or none
+        # of the other options:
+        #
+        # This key is not volatile. The key and all its values MUST be
+        # persisted to the backing store and is preserved when the registry
+        # server loses context due to a computer restart, reboot, or shut down
+        # process.
+        REG_KEY_TYPE_NON_VOLATILE  = 0x00000000
+        # This key is volatile. The key with all its subkeys and values MUST
+        # NOT be preserved when the registry server loses context due to a
+        # computer restart, reboot, or shut down process.
+        REG_KEY_TYPE_VOLATILE      = 0x00000001
+        # This key is a symbolic link to another key.
+        REG_KEY_TYPE_SYMLINK       = 0x00000002
+        # Indicates that the caller wishes to assert its backup and/or restore
+        # privileges.
+        REG_OPTION_BACKUP_RESTORE  = 0x00000004
+        # Indicates that the caller wishes to open the targeted symlink source
+        # rather than the symlink target.
+        REG_OPTION_OPEN_LINK       = 0x00000008
+        # Indicates that the caller wishes to disable limited user access
+        # virtualization for this operation.
+        REG_OPTION_DONT_VIRTUALIZE = 0x00000010
+        # Create disposition:
+        # The key did not exist and was created.
+        REG_CREATED_NEW_KEY     = 0x00000001
+        # The key already existed and was opened without being changed.
+        REG_OPENED_EXISTING_KEY = 0x00000002
+        attr_reader :opnum
+        endian :little
+        rpc_hkey                 :hkey
+        rrp_unicode_string       :lp_sub_key
+        string                   :pad1, length: -> { pad_length(self.lp_sub_key) }
+        rrp_unicode_string       :lp_class
+        string                   :pad2, length: -> { pad_length(self.lp_class) }
+        uint32                   :dw_options
+        regsam                   :sam_desired
+        prpc_security_attributes :lp_security_attributes
+        string                   :pad3, length: -> { pad_length(self.lp_security_attributes) }
+        ndr_lp_dword             :lpdw_disposition
+        def initialize_instance
+          super
+          @opnum = REG_CREATE_KEY
+        end
+        # Determines the correct length for the padding, so that the next
+        # field is 4-byte aligned.
+        def pad_length(prev_element)
+          offset = (prev_element.abs_offset + prev_element.to_binary_s.length) % 4
+          (4 - offset) % 4
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/winreg/create_key_response.rb ADDED

@@ -0,0 +1,36 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      class PrpcHkey < Ndr::NdrContextHandle; end
+      # This class represents a BaseRegCreateKey Response Packet as defined in
+      # [3.1.5.7 BaseRegCreateKey (Opnum 6)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/c7186ae2-1c82-45e9-933b-97d9873657e8)
+      class CreateKeyResponse < BinData::Record
+        # Create disposition
+        # The key did not exist and was created.
+        REG_CREATED_NEW_KEY     = 0x00000001
+        # The key already existed and was opened without being changed.
+        REG_OPENED_EXISTING_KEY = 0x00000002
+        attr_reader :opnum
+        endian :little
+        prpc_hkey    :hkey
+        ndr_lp_dword :lpdw_disposition
+        uint32       :error_status
+        def initialize_instance
+          super
+          @opnum = REG_CREATE_KEY
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/winreg/enum_key_request.rb CHANGED

@@ -13,7 +13,7 @@ module RubySMB
         rpc_hkey            :hkey
         uint32              :dw_index
-        rrp_unicode_string  :lp_name
+        rrp_unicode_string :lp_name
         string              :pad1,     length: -> { pad_length1 }
         prrp_unicode_string :lp_class
         string              :pad2,     length: -> { pad_length2 }

data/lib/ruby_smb/dcerpc/winreg/enum_value_request.rb CHANGED

@@ -16,7 +16,7 @@ module RubySMB
         rrp_unicode_string :lp_value_name
         string             :pad, length: -> { pad_length }
         ndr_lp_dword       :lp_type
-        ndr_lp_byte        :lp_data
+        ndr_lp_byte_array  :lp_data
         ndr_lp_dword       :lpcb_data
         ndr_lp_dword       :lpcb_len

data/lib/ruby_smb/dcerpc/winreg/enum_value_response.rb CHANGED

@@ -12,7 +12,7 @@ module RubySMB
         rrp_unicode_string :lp_value_name
         string             :pad, length: -> { pad_length }
         ndr_lp_dword       :lp_type
-        ndr_lp_byte        :lp_data
+        ndr_lp_byte_array  :lp_data
         ndr_lp_dword       :lpcb_data
         ndr_lp_dword       :lpcb_len
         uint32             :error_status

data/lib/ruby_smb/dcerpc/winreg/open_root_key_request.rb CHANGED

@@ -4,10 +4,10 @@ module RubySMB
       # This class represents a PREGISTRY_SERVER_NAME structure as defined in
       # [2.2.2 PREGISTRY_SERVER_NAME](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/8bcd15fd-1aa5-44e2-8662-112ec3e9817b)
-      class PRegistryServerName < Ndr::NdrTopLevelFullPointer
+      class PRegistryServerName < Ndr::NdrPointer
         endian :little
-        string16 :referent, read_length: -> { 4 }
+        string16 :referent, onlyif: -> { self.referent_id != 0 }, read_length: -> { 4 }
       end
       # This class is a generic class that represents OpenXXX Request packet,
@@ -33,8 +33,8 @@ module RubySMB
         def initialize_instance
           super
           @opnum = get_parameter(:opnum) if has_parameter?(:opnum)
-          p_registry_server_name.referent = "\0\0"
-          sam_desired.maximum = 1 unless [OPEN_HKPD, OPEN_HKPT, OPEN_HKPN].include?(@opnum)
+          self.p_registry_server_name = :null
+          self.sam_desired.maximum = 1 unless [OPEN_HKPD, OPEN_HKPT, OPEN_HKPN].include?(@opnum)
         end
       end

data/lib/ruby_smb/dcerpc/winreg/query_info_key_request.rb CHANGED

@@ -12,7 +12,7 @@ module RubySMB
         endian :little
         rpc_hkey           :hkey
-        rrp_unicode_string :lp_class, initial_value: 0
+        rrp_unicode_string :lp_class
         def initialize_instance
           super