s32 IOCtlSrc::GetLayerBreakAddress() { DWORD size; if (GetMediaType() < 0) return -1; if (layerBreakCached) return layerBreak; dvdrs.BlockByteOffset.QuadPart = 0; dvdrs.Format = DvdPhysicalDescriptor; dvdrs.SessionId = sessID; dvdrs.LayerNumber = 0; if (DeviceIoControl(device, IOCTL_DVD_READ_STRUCTURE, &dvdrs, sizeof(dvdrs), &dld, sizeof(dld), &size, nullptr)) { if (dld.ld.NumberOfLayers == 0) { // Single layer layerBreak = 0; } else if (dld.ld.TrackPath == 0) { // PTP layerBreak = _byteswap_ulong(dld.ld.EndDataSector) - _byteswap_ulong(dld.ld.StartingDataSector); } else { // OTP layerBreak = _byteswap_ulong(dld.ld.EndLayerZeroSector) - _byteswap_ulong(dld.ld.StartingDataSector); } layerBreakCached = true; return layerBreak; } //if not a cd, and fails, assume single layer return 0; }
bool IOCtlSrc::ReadDVDInfo() { DWORD unused; DVD_SESSION_ID session_id; BOOL ret = DeviceIoControl(m_device, IOCTL_DVD_START_SESSION, nullptr, 0, &session_id, sizeof(session_id), &unused, nullptr); if (!ret) return false; // 4 bytes header + 18 bytes layer descriptor - Technically you only need // to read 17 bytes of the layer descriptor since bytes 17-2047 is for // media specific information. However, Windows requires you to read at // least 18 bytes of the layer descriptor or else the ioctl will fail. The // media specific information seems to be empty, so there's no point reading // any more than that. std::array<u8, 22> buffer; DVD_READ_STRUCTURE dvdrs{{0}, DvdPhysicalDescriptor, session_id, 0}; ret = DeviceIoControl(m_device, IOCTL_DVD_READ_STRUCTURE, &dvdrs, sizeof(dvdrs), buffer.data(), buffer.size(), &unused, nullptr); if (ret) { auto &layer = *reinterpret_cast<DVD_LAYER_DESCRIPTOR *>( reinterpret_cast<DVD_DESCRIPTOR_HEADER *>(buffer.data())->Data); u32 start_sector = _byteswap_ulong(layer.StartingDataSector); u32 end_sector = _byteswap_ulong(layer.EndDataSector); if (layer.NumberOfLayers == 0) { // Single layer m_media_type = 0; m_layer_break = 0; m_sectors = end_sector - start_sector + 1; } else if (layer.TrackPath == 0) { // Dual layer, Parallel Track Path dvdrs.LayerNumber = 1; ret = DeviceIoControl(m_device, IOCTL_DVD_READ_STRUCTURE, &dvdrs, sizeof(dvdrs), buffer.data(), buffer.size(), &unused, nullptr); if (ret) { u32 layer1_start_sector = _byteswap_ulong(layer.StartingDataSector); u32 layer1_end_sector = _byteswap_ulong(layer.EndDataSector); m_media_type = 1; m_layer_break = end_sector - start_sector; m_sectors = end_sector - start_sector + 1 + layer1_end_sector - layer1_start_sector + 1; } } else { // Dual layer, Opposite Track Path u32 end_sector_layer0 = _byteswap_ulong(layer.EndLayerZeroSector); m_media_type = 2; m_layer_break = end_sector_layer0 - start_sector; m_sectors = end_sector_layer0 - start_sector + 1 + end_sector - (~end_sector_layer0 & 0xFFFFFFU) + 1; } } DeviceIoControl(m_device, IOCTL_DVD_END_SESSION, &session_id, sizeof(session_id), nullptr, 0, &unused, nullptr); return !!ret; }
HRESULT WaveFile::GetPacketCumulativeBytes(DWORD* pdwData) { assert( m_DpdsChunk.IsValid() ); assert( pdwData != NULL ); HRESULT hr = S_OK; if (!m_DpdsChunk.IsValid()) return E_HANDLE; DWORD dwPacketCount; DWORD dwBufferSize; hr = GetPacketCumulativeBytesSize(&dwPacketCount, &dwBufferSize); if( FAILED( hr ) ) return hr; hr = m_DpdsChunk.ReadData( 0, pdwData, dwBufferSize, NULL ); if( FAILED( hr ) ) return hr; // Endianness conversion #if defined(_XBOX) for (DWORD dw=0; dw<dwPacketCount; dw++) { pdwData[dw] = _byteswap_ulong(pdwData[dw]); } #endif return S_OK; }
bool CVobFile::GetTitleInfo(LPCTSTR fn, ULONG nTitleNum, ULONG& VTSN, ULONG& TTN) { CFile ifoFile; if (!ifoFile.Open(fn, CFile::modeRead | CFile::typeBinary | CFile::shareDenyNone)) { return false; } char hdr[IFO_HEADER_SIZE + 1]; ifoFile.Read(hdr, IFO_HEADER_SIZE); hdr[IFO_HEADER_SIZE] = '\0'; if (strcmp(hdr, VIDEO_TS_HEADER)) { return false; } ifoFile.Seek(0xC4, CFile::begin); DWORD TT_SRPTPosition; // Read a 32-bit unsigned big-endian integer ifoFile.Read(&TT_SRPTPosition, sizeof(TT_SRPTPosition)); TT_SRPTPosition = _byteswap_ulong(TT_SRPTPosition); TT_SRPTPosition *= 2048; ifoFile.Seek(TT_SRPTPosition + 8 + (nTitleNum - 1) * 12 + 6, CFile::begin); BYTE tmp; ifoFile.Read(&tmp, sizeof(tmp)); VTSN = tmp; ifoFile.Read(&tmp, sizeof(tmp)); TTN = tmp; ifoFile.Close(); return true; }
void BigEndian() { dwFlagsAndDuration = _byteswap_ulong( dwFlagsAndDuration ); Format.BigEndian(); PlayRegion.BigEndian(); LoopRegion.BigEndian(); }
inline uint32 b2i(const byte *b) // Big endian bytes to integer. { #if defined(_MSC_VER)/* && defined(LITTLE_ENDIAN)*/ return _byteswap_ulong(*(uint32 *)b); #else return uint32(b[0]<<24) | uint32(b[1]<<16) | uint32(b[2]<<8) | b[3]; #endif }
static NetworkAddress FromInAddr(unsigned long address, uint16_t port) { NetworkAddress result; result.Address.IPv4 = _byteswap_ulong(address); result.Port = port; result.AddressSize = 4; return result; }
bool File::Read32BE(long long offset, uint32_t* dst) { if (!Read(offset, dst, 4)) { return false; } *dst = _byteswap_ulong(*dst); return true; }
void kuhl_m_kerberos_ccache_skip_struct_with_buffer(PBYTE *data) { DWORD i, numBuff = _byteswap_ulong(*(PDWORD) *data); *data += sizeof(DWORD); for (i = 0; i < numBuff; i++) { *data += sizeof(USHORT); kuhl_m_kerberos_ccache_skip_buffer(data); } }
BOOL kull_m_crypto_pkcs5_pbkdf2_hmac(DWORD calgid, LPCVOID password, DWORD passwordLen, LPCVOID salt, DWORD saltLen, DWORD iterations, BYTE *key, DWORD keyLen) { BOOL status = FALSE; HCRYPTPROV hProv; HCRYPTHASH hHash; DWORD sizeHmac, count, i, j, r; PBYTE asalt, obuf, d1, d2; if(CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT)) { if(CryptCreateHash(hProv, calgid, 0, 0, &hHash)) { if(CryptGetHashParam(hHash, HP_HASHVAL, NULL, &sizeHmac, 0)) { if(asalt = (PBYTE) LocalAlloc(LPTR, saltLen + 4)) { if(obuf = (PBYTE) LocalAlloc(LPTR, sizeHmac)) { if(d1 = (PBYTE) LocalAlloc(LPTR, sizeHmac)) { if(d2 = (PBYTE) LocalAlloc(LPTR, sizeHmac)) { status = TRUE; RtlCopyMemory(asalt, salt, saltLen); for (count = 1; keyLen > 0; count++) { *(PDWORD) (asalt + saltLen) = _byteswap_ulong(count); kull_m_crypto_hmac(calgid, password, passwordLen, asalt, saltLen + 4, d1, sizeHmac); RtlCopyMemory(obuf, d1, sizeHmac); for (i = 1; i < iterations; i++) { kull_m_crypto_hmac(calgid, password, passwordLen, d1, sizeHmac, d2, sizeHmac); RtlCopyMemory(d1, d2, sizeHmac); for (j = 0; j < sizeHmac; j++) obuf[j] ^= d1[j]; } r = KIWI_MINIMUM(keyLen, sizeHmac); RtlCopyMemory(key, obuf, r); key += r; keyLen -= r; } LocalFree(d2); } LocalFree(d1); } LocalFree(obuf); } LocalFree(asalt); } } CryptDestroyHash(hHash); } CryptReleaseContext(hProv, 0); } return status; }
inline uint32_t LoadBigEndian32(uint32_t v) { #if defined(__GNUC__) return __builtin_bswap32(v); #elif defined(_MSC_VER) return _byteswap_ulong(v); #else #error unsupported compiler #endif }
static intptr_t ReadBE32(intptr_t base, size_t* length, uint32_t* value) { if((!length) | (!value)) throw Exception(E_POINTER); if(*length < sizeof(uint32_t)) throw Exception(E_DECOMPRESS_TRUNCATED, COMPRESSION_METHOD); *value = _byteswap_ulong(*reinterpret_cast<uint32_t*>(base)); *length -= sizeof(uint32_t); return base + sizeof(uint32_t); }
static uint32_t swap32(uint32_t n) { #ifdef __GNUC__ return __builtin_bswap32(n); #elif defined _MSC_VER >= 1300 return _byteswap_ulong(n); #else return ((n<<24)|((n<<8)&0x00FF0000)|((n>>8)&0x0000FF00)|(n>>24)); #endif // __GNUC__ }
BOOL kuhl_m_kerberos_ccache_externalname(PBYTE *data, PKERB_EXTERNAL_NAME * name, PUNICODE_STRING realm) { BOOL status = FALSE; DWORD i, count = _byteswap_ulong(*(PDWORD) (*data + sizeof(DWORD))); *name = NULL; if(count) { if(*name = (PKERB_EXTERNAL_NAME) LocalAlloc(LPTR, sizeof(KERB_EXTERNAL_NAME) + ((count - 1) * sizeof(UNICODE_STRING)))) { (*name)->NameCount = (USHORT) count; (*name)->NameType = (USHORT) _byteswap_ulong(*(PDWORD) *data); *data += 2 * sizeof(DWORD); status = kuhl_m_kerberos_ccache_unicode_string(data, realm); for(i = 0; i < count; i++) status &= kuhl_m_kerberos_ccache_unicode_string(data, &(*name)->Names[i]); } } return status; }
static void WriteEmbeddedFileToDisk(int nodeIndex, int nodeOffsetFromStartOfFile, IndexGroup *pSubFileData, FRESHeader *pHeader, char *pFileName) { // Figure out the data offset location. int dataOffsetFromBoF = nodeOffsetFromStartOfFile + 0xC + pSubFileData->GetNode(nodeIndex)->GetDataOffset(); int dataOffset = _byteswap_ulong(*(int *)((char *)pHeader + dataOffsetFromBoF)); int dataLength = _byteswap_ulong(*(int *)((char *)pHeader + dataOffsetFromBoF + 0x4)); std::cout << "\t\tEmbedded Data Offset: " << dataOffset << " Length: " << dataLength << std::endl; std::string outputDir = CurrentWorkingDir + GetFolderNameForGroupIndex(11); outputDir.append("\\"); CreateDirectoryAbsolute(outputDir); outputDir.append(pFileName); std::filebuf fb; fb.open(outputDir, std::ios::out | std::ios::ate | std::ios::binary); std::ostream outFile(&fb); outFile.write((char *)pHeader + sizeof(FRESHeader) + dataOffset + (nodeIndex * 0x8), dataLength); fb.close(); }
uint32_t MidiParser::_parseHeader(FILE* fp) { // Get ticksPerQuarterNote from Midi Header uint16_t ticksPerQuarterNote; fseek(fp, 12, SEEK_CUR); fread_s(&ticksPerQuarterNote, 2, 2, 1, fp); ticksPerQuarterNote = _byteswap_ushort(ticksPerQuarterNote); // Get length of header track uint32_t trackLen; fseek(fp, 4, SEEK_CUR); fread_s(&trackLen, 4, 4, 1, fp); trackLen = _byteswap_ulong(trackLen); // Parse header track to get tempo uint32_t microsPerQuarterNote; long endPos = ftell(fp) + trackLen; while (ftell(fp) < endPos) { // Skip "00 FF" fseek(fp, 2, SEEK_CUR); // Get header command byte uint8_t cmd; fread_s(&cmd, 1, 1, 1, fp); uint32_t len = _readVariableLen(fp); if (cmd == 0x51) { // Tempo uint8_t tmp[4] = { 0, 0, 0, 0 }; fread_s(&tmp[1], 3, 3, 1, fp); microsPerQuarterNote = _byteswap_ulong(*(uint32_t *)tmp); } else // Skip any other commands fseek(fp, len, SEEK_CUR); } return microsPerQuarterNote / ticksPerQuarterNote; }
unsigned find2dlg(unsigned start) { static unsigned code = 0xF3, mask = 0xFF; char ln[64]; filledframe(10,10,16,5); tprint(10,10," find data ", FRM_HEADER); sprintf(ln, "code: %08X", _byteswap_ulong(code)); tprint(11,12,ln, FFRAME_INSIDE); sprintf(ln, "mask: %08X", _byteswap_ulong(mask)); tprint(11,13,ln, FFRAME_INSIDE); sprintf(str, "%08X", _byteswap_ulong(code)); if (!inputhex(17,12,8,true)) return -1; sscanf(str, "%x", &code); code = _byteswap_ulong(code); tprint(17,12,str, FFRAME_INSIDE); sprintf(str, "%08X", _byteswap_ulong(mask)); if (!inputhex(17,13,8,true)) return -1; sscanf(str, "%x", &mask); mask = _byteswap_ulong(mask); unsigned i; //Alone Coder 0.36.7 for (unsigned ptr = memadr(start+1); ptr != start; ptr = memadr(ptr+1)) { unsigned char *cd = (unsigned char*)&code, *ms = (unsigned char*)&mask; for (/*unsigned*/ i = 0; i < 4; i++) if ((editrm(memadr(ptr+i)) & ms[i]) != (cd[i] & ms[i])) break; if (i == 4) return ptr; } tprint(11,12," not found ", FFRAME_ERROR); tprint(11,13," ", FFRAME_ERROR); debugflip(); while (!process_msgs()); return -1; }
void BigEndian() { dwFlags = _byteswap_ulong( dwFlags ); dwEntryCount = _byteswap_ulong( dwEntryCount ); dwEntryMetaDataElementSize = _byteswap_ulong( dwEntryMetaDataElementSize ); dwEntryNameElementSize = _byteswap_ulong( dwEntryNameElementSize ); dwAlignment = _byteswap_ulong( dwAlignment ); CompactFormat.BigEndian(); BuildTime.dwLowDateTime = _byteswap_ulong( BuildTime.dwLowDateTime ); BuildTime.dwHighDateTime = _byteswap_ulong( BuildTime.dwHighDateTime ); }
BOOL kuhl_m_kerberos_ccache_unicode_string(PBYTE *data, PUNICODE_STRING ustring) { BOOL status = FALSE; STRING sName; sName.Length = sName.MaximumLength = (USHORT) _byteswap_ulong(*(PDWORD) *data); *data += sizeof(DWORD); sName.Buffer = (PCHAR) *data; *data += sName.Length; ustring->Length = sName.Length * sizeof(wchar_t); ustring->MaximumLength = ustring->Length + sizeof(wchar_t); if(ustring->Buffer = (PWSTR) LocalAlloc(LPTR, ustring->MaximumLength)) { if(!(status = NT_SUCCESS(RtlAnsiStringToUnicodeString(ustring, &sName, FALSE)))) LocalFree(ustring->Buffer); } return status; }
void uploadVertexData(const VertexBufferFormat &vbf, const RSXVertexData *vertexData, size_t baseOffset, void* bufferMap) { for (int vertex = 0; vertex < vbf.elementCount; vertex++) { for (size_t attributeId : vbf.attributeId) { if (!vertexData[attributeId].addr) { memcpy(bufferMap, vertexData[attributeId].data.data(), vertexData[attributeId].data.size()); continue; } size_t offset = (size_t)vertexData[attributeId].addr + baseOffset - vbf.range.first; size_t tsize = vertexData[attributeId].GetTypeSize(); size_t size = vertexData[attributeId].size; auto src = vm::get_ptr<const u8>(vertexData[attributeId].addr + (u32)baseOffset + (u32)vbf.stride * vertex); char* dst = (char*)bufferMap + offset + vbf.stride * vertex; switch (tsize) { case 1: { memcpy(dst, src, size); break; } case 2: { const u16* c_src = (const u16*)src; u16* c_dst = (u16*)dst; for (u32 j = 0; j < size; ++j) *c_dst++ = _byteswap_ushort(*c_src++); break; } case 4: { const u32* c_src = (const u32*)src; u32* c_dst = (u32*)dst; for (u32 j = 0; j < size; ++j) *c_dst++ = _byteswap_ulong(*c_src++); break; } } } } }
void _stdcall sha512_pkcs5_2(int i_count, const void *pwd, size_t pwd_len, const char *salt, size_t salt_len, char *dk, size_t dklen) { unsigned char buff[128]; unsigned char blk[SHA512_DIGEST_SIZE]; unsigned char hmac[SHA512_DIGEST_SIZE]; unsigned long block = 1; size_t c_len; int j, i; while (dklen != 0) { // first interation memcpy(buff, salt, salt_len); ((unsigned long*)(buff + salt_len))[0] = _byteswap_ulong(block); sha512_hmac(pwd, pwd_len, buff, salt_len + 4, (char*)hmac); memcpy(blk, hmac, SHA512_DIGEST_SIZE); // next interations for (i = 1; i < i_count; i++) { sha512_hmac(pwd, pwd_len, hmac, SHA512_DIGEST_SIZE, (char*)hmac); for (j = 0; j < (SHA512_DIGEST_SIZE / 4); j++) { ((unsigned long*)blk)[j] ^= ((unsigned long*)hmac)[j]; } } memcpy(dk, blk, (c_len = dklen < SHA512_DIGEST_SIZE ? dklen : SHA512_DIGEST_SIZE)); dk += c_len; dklen -= c_len; block++; } // test buffers size alignment at compile-time static_assert( !(sizeof(buff) % sizeof(unsigned long)), "sizeof must be 4 byte aligned"); static_assert( !(sizeof(blk) % sizeof(unsigned long)), "sizeof must be 4 byte aligned"); static_assert( !(sizeof(hmac) % sizeof(unsigned long)), "sizeof must be 4 byte aligned"); // prevent leaks __stosd((unsigned long*)&buff, 0, (sizeof(buff) / sizeof(unsigned long))); __stosd((unsigned long*)&blk, 0, (sizeof(blk) / sizeof(unsigned long))); __stosd((unsigned long*)&hmac, 0, (sizeof(hmac) / sizeof(unsigned long))); }
std::vector<mtt::FileTransfer::ActivePeerInfo> mtt::FileTransfer::getPeersInfo() { std::vector<mtt::FileTransfer::ActivePeerInfo> out; std::lock_guard<std::mutex> guard(peersMutex); out.resize(activePeers.size()); uint32_t i = 0; for (auto& peer : activePeers) { out[i].address = peer.comm->getAddress(); out[i].percentage = peer.comm->info.pieces.getPercentage(); out[i].downloadSpeed = peer.downloadSpeed; out[i].uploadSpeed = peer.uploadSpeed; out[i].client = peer.comm->ext.state.client; out[i].country = out[i].address.ipv6 ? "" : ipToCountry.GetCountry(_byteswap_ulong(*reinterpret_cast<uint32_t*>(out[i].address.addrBytes))); i++; } return out; }
HRESULT CVCAConfigure::LoadZones(DWORD dwEngId, VCA5_APP_ZONES *pZones) { HRESULT hr = E_FAIL; USES_CONVERSION; //--------------------------------------------------------------- // Zones VCA_ZONES_T tZones; if( LIBVCA_ERROR != libvca_retrieve_ZONEinfo( &tZones, dwEngId ) ) { pZones->ulTotalZones = tZones.uiTotalZones; int idx = 0; for( unsigned int i = 0; i < MAX_NUM_ZONES; i++ ) { if( IsZoneUsed( &tZones.pZones[i] ) ) { VCA5_APP_ZONE *pZone = &(pZones->pZones[idx++]); pZone->usZoneId = tZones.pZones[i].usZoneId; pZone->usZoneType = tZones.pZones[i].usZoneType; pZone->usZoneStyle = tZones.pZones[i].usZoneStyle; pZone->uiColor = _byteswap_ulong( tZones.pZones[i].uiColor << 8 ); // RGB -> BGR strcpy( pZone->szZoneName, tZones.pZones[i].strZoneName ); pZone->ulTotalPoints = tZones.pZones[i].uiTotalPoints; for( unsigned int j = 0; j < tZones.pZones[i].uiTotalPoints; j++ ) { pZone->pPoints[j].x = tZones.pZones[i].pPoints[j].x; pZone->pPoints[j].y = tZones.pZones[i].pPoints[j].y; } } } hr = S_OK; } return hr; }
static void _writeRegister(struct GDBStub* stub, const char* message) { struct ARMCore* cpu = stub->d.core->cpu; const char* readAddress = message; unsigned i = 0; uint32_t reg = _readHex(readAddress, &i); readAddress += i + 1; uint32_t value = _readHex(readAddress, &i); #ifdef _MSC_VER value = _byteswap_ulong(value); #else value = __builtin_bswap32(value); #endif if (reg <= ARM_PC) { cpu->gprs[reg] = value; if (reg == ARM_PC) { int32_t currentCycles = 0; if (cpu->executionMode == MODE_ARM) { ARM_WRITE_PC; } else { THUMB_WRITE_PC; } } } else if (reg == 0x19) { cpu->cpsr.packed = value; } else { stub->outgoing[0] = '\0'; _sendMessage(stub); return; } strncpy(stub->outgoing, "OK", GDB_STUB_MAX_LINE - 4); _sendMessage(stub); }
PPH_STRING PhpGetGdiHandleInformation( _In_ ULONG Handle ) { HGDIOBJ handle; handle = (HGDIOBJ)UlongToPtr(Handle); switch (GDI_CLIENT_TYPE_FROM_HANDLE(Handle)) { case GDI_CLIENT_BITMAP_TYPE: case GDI_CLIENT_DIBSECTION_TYPE: { BITMAP bitmap; if (GetObject(handle, sizeof(BITMAP), &bitmap)) { return PhFormatString( L"Width: %u, Height: %u, Depth: %u", bitmap.bmWidth, bitmap.bmHeight, bitmap.bmBitsPixel ); } } break; case GDI_CLIENT_BRUSH_TYPE: { LOGBRUSH brush; if (GetObject(handle, sizeof(LOGBRUSH), &brush)) { return PhFormatString( L"Style: %u, Color: 0x%08x, Hatch: 0x%Ix", brush.lbStyle, _byteswap_ulong(brush.lbColor), brush.lbHatch ); } } break; case GDI_CLIENT_EXTPEN_TYPE: { EXTLOGPEN pen; if (GetObject(handle, sizeof(EXTLOGPEN), &pen)) { return PhFormatString( L"Style: 0x%x, Width: %u, Color: 0x%08x", pen.elpPenStyle, pen.elpWidth, _byteswap_ulong(pen.elpColor) ); } } break; case GDI_CLIENT_FONT_TYPE: { LOGFONT font; if (GetObject(handle, sizeof(LOGFONT), &font)) { return PhFormatString( L"Face: %s, Height: %d", font.lfFaceName, font.lfHeight ); } } break; case GDI_CLIENT_PALETTE_TYPE: { USHORT count; if (GetObject(handle, sizeof(USHORT), &count)) { return PhFormatString( L"Entries: %u", (ULONG)count ); } } break; case GDI_CLIENT_PEN_TYPE: { LOGPEN pen; if (GetObject(handle, sizeof(LOGPEN), &pen)) { return PhFormatString( L"Style: %u, Width: %u, Color: 0x%08x", pen.lopnStyle, pen.lopnWidth.x, _byteswap_ulong(pen.lopnColor) ); } } break; } return NULL; }
unsigned long ToInAddr() const { return _byteswap_ulong(Address.IPv4); }
NTSTATUS kuhl_m_kerberos_ccache_enum(int argc, wchar_t * argv[], BOOL isInject, BOOL isSave) { PBYTE file, data; DWORD length, i; USHORT version; PKERB_EXTERNAL_NAME principalName; UNICODE_STRING principalRealm; PKIWI_KERBEROS_TICKET ticket; PDIRTY_ASN1_SEQUENCE_EASY App_KrbCred; DWORD App_KrbCred_Size; wchar_t * saveFilename; if(argc) { if(kull_m_file_readData(argv[0], &file, &length)) { data = file; version = _byteswap_ushort(*(PUSHORT) data); data += sizeof(USHORT); if(version == 0x0504) { data += sizeof(USHORT) + _byteswap_ushort(*(PUSHORT) data); kuhl_m_kerberos_ccache_externalname(&data, &principalName, &principalRealm); if(principalName) { kuhl_m_kerberos_ticket_displayExternalName(L"\nPrincipal : ", principalName, &principalRealm); for(i = 0; data < (file + length); i++) { kprintf(L"\n\nData %u", i); if(ticket = (PKIWI_KERBEROS_TICKET) LocalAlloc(LPTR, sizeof(KIWI_KERBEROS_TICKET))) { kuhl_m_kerberos_ccache_externalname(&data, &ticket->ClientName, &ticket->AltTargetDomainName); kuhl_m_kerberos_ccache_externalname(&data, &ticket->ServiceName, &ticket->DomainName); ticket->TargetName = kuhl_m_kerberos_ticket_copyExternalName(ticket->ServiceName); kull_m_string_copyUnicodeStringBuffer(&ticket->DomainName, &ticket->TargetDomainName); ticket->KeyType = _byteswap_ushort(*(PUSHORT) data); data += sizeof(USHORT); ticket->TicketEncType = _byteswap_ushort(*(PUSHORT) data); data += sizeof(USHORT); ticket->Key.Length = _byteswap_ushort(*(PUSHORT) data); data += sizeof(USHORT); if(ticket->Key.Length) if(ticket->Key.Value = (PUCHAR) LocalAlloc(LPTR, ticket->Key.Length)) RtlCopyMemory(ticket->Key.Value, data, ticket->Key.Length); data += ticket->Key.Length + sizeof(DWORD); // authtime; kuhl_m_kerberos_ccache_UnixTimeToFileTime(_byteswap_ulong(*(PDWORD) data), &ticket->StartTime); data += sizeof(DWORD); // local ? kuhl_m_kerberos_ccache_UnixTimeToFileTime(_byteswap_ulong(*(PDWORD) data), &ticket->EndTime); data += sizeof(DWORD); kuhl_m_kerberos_ccache_UnixTimeToFileTime(_byteswap_ulong(*(PDWORD) data), &ticket->RenewUntil); data += sizeof(DWORD) + sizeof(UCHAR); // skey ticket->TicketFlags = _byteswap_ulong(*(PDWORD) data); data += sizeof(DWORD); kuhl_m_kerberos_ccache_skip_struct_with_buffer(&data); // address kuhl_m_kerberos_ccache_skip_struct_with_buffer(&data); // authdata ticket->Ticket.Length = _byteswap_ulong(*(PDWORD) data); data += sizeof(DWORD); ticket->TicketKvno = 2; if(ticket->Ticket.Length) if(ticket->Ticket.Value = (PUCHAR) LocalAlloc(LPTR, ticket->Ticket.Length)) RtlCopyMemory(ticket->Ticket.Value, data, ticket->Ticket.Length); data += ticket->Ticket.Length; kuhl_m_kerberos_ccache_skip_buffer(&data); if(!RtlEqualUnicodeString(&usXCACHECONF, &ticket->TargetDomainName, TRUE)) { kuhl_m_kerberos_ticket_display(ticket, FALSE); if(isSave || isInject) { if(App_KrbCred = kuhl_m_kerberos_ticket_createAppKrbCred(ticket, TRUE)) { App_KrbCred_Size = kull_m_asn1_getSize(App_KrbCred); if(isInject) { kprintf(L"\n\t * Injecting ticket : "); if(NT_SUCCESS(kuhl_m_kerberos_ptt_data(App_KrbCred, App_KrbCred_Size))) kprintf(L"OK\n"); } else { if(saveFilename = kuhl_m_kerberos_ccache_generateFileName(i, ticket, MIMIKATZ_KERBEROS_EXT)) { if(kull_m_file_writeData(saveFilename, App_KrbCred, App_KrbCred_Size)) kprintf(L"\n\t * Saved to file %s !", saveFilename); else PRINT_ERROR_AUTO(L"kull_m_file_writeData"); LocalFree(saveFilename); } } LocalFree(App_KrbCred); } } } else kprintf(L"\n\t* %wZ entry? *", &usXCACHECONF); kuhl_m_kerberos_ticket_freeTicket(ticket); } } kuhl_m_kerberos_ticket_freeExternalName(principalName); } } else PRINT_ERROR(L"ccache version != 0x0504\n"); LocalFree(file); } else PRINT_ERROR_AUTO(L"kull_m_file_readData"); } else PRINT_ERROR(L"At least one filename is needed\n"); return STATUS_SUCCESS; }
void kuhl_m_kerberos_ccache_skip_buffer(PBYTE *data) { *data += sizeof(DWORD) + _byteswap_ulong(*(PDWORD) *data); }
/// Microsoft helper function for getting the contents of a registry key void queryKey(const std::string& hive, const std::string& key, QueryData& results) { if (kRegistryHives.count(hive) != 1) { return; } HKEY hRegistryHandle; auto ret = RegOpenKeyEx(kRegistryHives.at(hive), TEXT(key.c_str()), 0, KEY_READ, &hRegistryHandle); if (ret != ERROR_SUCCESS) { return; } const DWORD maxKeyLength = 255; const DWORD maxValueName = 16383; TCHAR achClass[MAX_PATH] = TEXT(""); DWORD cchClassName = MAX_PATH; DWORD cSubKeys = 0; DWORD cbMaxSubKey; DWORD cchMaxClass; DWORD cValues; DWORD cchMaxValueName; DWORD cbMaxValueData; DWORD cbSecurityDescriptor; DWORD retCode; FILETIME ftLastWriteTime; retCode = RegQueryInfoKey(hRegistryHandle, achClass, &cchClassName, nullptr, &cSubKeys, &cbMaxSubKey, &cchMaxClass, &cValues, &cchMaxValueName, &cbMaxValueData, &cbSecurityDescriptor, &ftLastWriteTime); TCHAR achKey[maxKeyLength]; DWORD cbName; // Process registry subkeys if (cSubKeys > 0) { for (DWORD i = 0; i < cSubKeys; i++) { cbName = maxKeyLength; retCode = RegEnumKeyEx(hRegistryHandle, i, achKey, &cbName, nullptr, nullptr, nullptr, &ftLastWriteTime); if (retCode != ERROR_SUCCESS) { continue; } Row r; fs::path keyPath(key); r["hive"] = hive; r["key"] = keyPath.string(); r["subkey"] = (keyPath / achKey).string(); r["name"] = "(Default)"; r["type"] = "REG_SZ"; r["data"] = "(value not set)"; r["mtime"] = std::to_string(filetimeToUnixtime(ftLastWriteTime)); results.push_back(r); } } if (cValues <= 0) { return; } BYTE* bpDataBuff = new BYTE[cbMaxValueData]; DWORD cchValue = maxKeyLength; TCHAR achValue[maxValueName]; // Process registry values for (size_t i = 0, retCode = ERROR_SUCCESS; i < cValues; i++) { size_t cnt = 0; ZeroMemory(bpDataBuff, cbMaxValueData); cchValue = maxValueName; achValue[0] = '\0'; retCode = RegEnumValue(hRegistryHandle, static_cast<DWORD>(i), achValue, &cchValue, nullptr, nullptr, nullptr, nullptr); if (retCode != ERROR_SUCCESS) { continue; } DWORD lpData = cbMaxValueData; DWORD lpType; retCode = RegQueryValueEx( hRegistryHandle, achValue, 0, &lpType, bpDataBuff, &lpData); if (retCode != ERROR_SUCCESS) { continue; } Row r; fs::path keyPath(key); r["hive"] = hive; r["key"] = keyPath.string(); r["subkey"] = keyPath.string(); r["name"] = achValue; if (kRegistryTypes.count(lpType) > 0) { r["type"] = kRegistryTypes.at(lpType); } else { r["type"] = "UNKNOWN"; } r["mtime"] = std::to_string(filetimeToUnixtime(ftLastWriteTime)); bpDataBuff[cbMaxValueData - 1] = 0x00; /// REG_LINK is a Unicode string, which in Windows is wchar_t char* regLinkStr = nullptr; if (lpType == REG_LINK) { regLinkStr = new char[cbMaxValueData]; const size_t newSize = cbMaxValueData; size_t convertedChars = 0; wcstombs_s(&convertedChars, regLinkStr, newSize, (wchar_t*)bpDataBuff, _TRUNCATE); } BYTE* bpDataBuffTmp = bpDataBuff; std::vector<std::string> multiSzStrs; std::vector<char> regBinary; std::string data; switch (lpType) { case REG_FULL_RESOURCE_DESCRIPTOR: case REG_RESOURCE_LIST: case REG_BINARY: for (unsigned int i = 0; i < cbMaxValueData; i++) { regBinary.push_back((char)bpDataBuff[i]); } boost::algorithm::hex( regBinary.begin(), regBinary.end(), std::back_inserter(data)); r["data"] = data; break; case REG_DWORD: r["data"] = std::to_string(*((int*)bpDataBuff)); break; case REG_DWORD_BIG_ENDIAN: r["data"] = std::to_string(_byteswap_ulong(*((int*)bpDataBuff))); break; case REG_EXPAND_SZ: r["data"] = std::string((char*)bpDataBuff); break; case REG_LINK: r["data"] = std::string(regLinkStr); break; case REG_MULTI_SZ: while (*bpDataBuffTmp != 0x00) { std::string s((char*)bpDataBuffTmp); bpDataBuffTmp += s.size() + 1; multiSzStrs.push_back(s); } r["data"] = boost::algorithm::join(multiSzStrs, ","); break; case REG_NONE: r["data"] = std::string((char*)bpDataBuff); break; case REG_QWORD: r["data"] = std::to_string(*((unsigned long long*)bpDataBuff)); break; case REG_SZ: r["data"] = std::string((char*)bpDataBuff); break; default: r["data"] = ""; break; } results.push_back(r); if (regLinkStr != nullptr) { delete (regLinkStr); } } delete (bpDataBuff); RegCloseKey(hRegistryHandle); };
void BigEndian() { *reinterpret_cast<uint32_t*>( this ) = _byteswap_ulong( *reinterpret_cast<uint32_t*>( this ) ); }