static void CheckRpcBindRequest(const RPC_BIND_REQUEST *const Request, const unsigned int len) { uint_fast8_t i, HasTransferSyntaxNDR32 = FALSE; char guidBuffer1[GUID_STRING_LENGTH + 1], guidBuffer2[GUID_STRING_LENGTH + 1]; uint32_t CapCtxItems = (len - sizeof(*Request) + sizeof(Request->CtxItems)) / sizeof(Request->CtxItems); DWORD NumCtxItems = LE32(Request->NumCtxItems); if (NumCtxItems < CapCtxItems) // Can't be too small because already handled by RpcBindSize logger("Warning: Excess bytes in RPC bind request.\n"); for (i = 0; i < NumCtxItems; i++) { struct CtxItem const* ctxItem = Request->CtxItems + i; if (!IsEqualGUID(&ctxItem->InterfaceUUID, InterfaceUuid)) { uuid2StringLE(&ctxItem->InterfaceUUID, guidBuffer1); uuid2StringLE((GUID*)InterfaceUuid, guidBuffer2); logger("Fatal: Interface UUID is %s but should be %s in Ctx item %u.\n", guidBuffer1, guidBuffer2, (unsigned int)i); } if (ctxItem->NumTransItems != LE16(1)) logger("Fatal: %u NDR32 transfer items detected in Ctx item %u, but only one is supported.\n", (unsigned int)LE16(ctxItem->NumTransItems), (unsigned int)i ); if (ctxItem->InterfaceVerMajor != LE16(1) || ctxItem->InterfaceVerMinor != 0) logger("Warning: Interface version is %u.%u but should be 1.0.\n", (unsigned int)LE16(ctxItem->InterfaceVerMajor), (unsigned int)LE16(ctxItem->InterfaceVerMinor) ); if (ctxItem->ContextId != LE16((WORD)i)) logger("Warning: context id of Ctx item %u is %u.\n", (unsigned int)i, (unsigned int)ctxItem->ContextId); if (IsEqualGUID((GUID*)TransferSyntaxNDR32, &ctxItem->TransferSyntax)) { HasTransferSyntaxNDR32 = TRUE; if (ctxItem->SyntaxVersion != LE32(2)) logger("NDR32 transfer syntax version is %u but should be 2.\n", LE32(ctxItem->SyntaxVersion)); } else if (IsEqualGUID((GUID*)TransferSyntaxNDR64, &ctxItem->TransferSyntax)) { if (ctxItem->SyntaxVersion != LE32(1)) logger("NDR64 transfer syntax version is %u but should be 1.\n", LE32(ctxItem->SyntaxVersion)); } else if (!memcmp(BindTimeFeatureNegotiation, (BYTE*)(&ctxItem->TransferSyntax), 8)) { if (ctxItem->SyntaxVersion != LE32(1)) logger("BTFN syntax version is %u but should be 1.\n", LE32(ctxItem->SyntaxVersion)); } } if (!HasTransferSyntaxNDR32) logger("Warning: RPC bind request has no NDR32 CtxItem.\n"); }
void logRequestVerbose(const REQUEST *const Request, const PRINTFUNC p) { char guidBuffer[GUID_STRING_LENGTH + 1]; char WorkstationBuffer[3 * WORKSTATION_NAME_BUFFER]; const char *productName; ProdListIndex_t index; p("Protocol version : %u.%u\n", LE16(Request->MajorVer), LE16(Request->MinorVer)); p("Client is a virtual machine : %s\n", LE32(Request->VMInfo) ? "Yes" : "No"); p("Licensing status : %u (%s)\n", (uint32_t)LE32(Request->LicenseStatus), LE32(Request->LicenseStatus) < _countof(LicenseStatusText) ? LicenseStatusText[LE32(Request->LicenseStatus)] : "Unknown"); p("Remaining time (0 = forever) : %i minutes\n", (uint32_t)LE32(Request->BindingExpiration)); uuid2StringLE(&Request->AppID, guidBuffer); productName = getProductNameLE(&Request->AppID, AppList, getAppListSize(), &index); p("Application ID : %s (%s)\n", guidBuffer, productName); uuid2StringLE(&Request->ActID, guidBuffer); # ifndef NO_EXTENDED_PRODUCT_LIST productName = getProductNameLE(&Request->ActID, ExtendedProductList, getExtendedProductListSize(), &index); # else productName = "Unknown"; # endif p("SKU ID (aka Activation ID) : %s (%s)\n", guidBuffer, productName); uuid2StringLE(&Request->KMSID, guidBuffer); productName = getProductNameLE(&Request->KMSID, ProductList, getProductListSize(), &index); p("KMS ID (aka KMS counted ID) : %s (%s)\n", guidBuffer, productName); uuid2StringLE(&Request->CMID, guidBuffer); p("Client machine ID : %s\n", guidBuffer); uuid2StringLE(&Request->CMID_prev, guidBuffer); p("Previous client machine ID : %s\n", guidBuffer); char mbstr[64]; time_t st; st = fileTimeToUnixTime(&Request->ClientTime); strftime(mbstr, sizeof(mbstr), "%Y-%m-%d %X", gmtime(&st)); p("Client request timestamp (UTC) : %s\n", mbstr); ucs2_to_utf8(Request->WorkstationName, WorkstationBuffer, WORKSTATION_NAME_BUFFER, sizeof(WorkstationBuffer)); p("Workstation name : %s\n", WorkstationBuffer); p("N count policy (minimum clients): %u\n", (uint32_t)LE32(Request->N_Policy)); }
void logResponseVerbose(const char *const ePID, const BYTE *const hwid, const RESPONSE *const response, const PRINTFUNC p) { char guidBuffer[GUID_STRING_LENGTH + 1]; //SYSTEMTIME st; p("Protocol version : %u.%u\n", (uint32_t)LE16(response->MajorVer), (uint32_t)LE16(response->MinorVer)); p("KMS host extended PID : %s\n", ePID); if (LE16(response->MajorVer) > 5) # ifndef _WIN32 p("KMS host Hardware ID : %016llX\n", (unsigned long long)BE64(*(uint64_t*)hwid)); # else // _WIN32 p("KMS host Hardware ID : %016I64X\n", (unsigned long long)BE64(*(uint64_t*)hwid)); # endif // WIN32 uuid2StringLE(&response->CMID, guidBuffer); p("Client machine ID : %s\n", guidBuffer); char mbstr[64]; time_t st; st = fileTimeToUnixTime(&response->ClientTime); strftime(mbstr, sizeof(mbstr), "%Y-%m-%d %X", gmtime(&st)); p("Client request timestamp (UTC) : %s\n", mbstr); p("KMS host current active clients : %u\n", (uint32_t)LE32(response->Count)); p("Renewal interval policy : %u\n", (uint32_t)LE32(response->VLRenewalInterval)); p("Activation interval policy : %u\n", (uint32_t)LE32(response->VLActivationInterval)); }