コード例 #1
0
ファイル: regfi.c プロジェクト: coriolis/vminspection
static bool prs_regf_block(const char *desc, prs_struct *ps, 
			   int depth, REGF_FILE *file)
{
  depth++;
	
  if(!prs_uint8s("header", ps, depth, file->header, sizeof(file->header)))
    return false;
	
  /* yes, these values are always identical so store them only once */
	
  if ( !prs_uint32( "unknown1", ps, depth, &file->unknown1 ))
    return false;
  if ( !prs_uint32( "unknown1 (again)", ps, depth, &file->unknown1 ))
    return false;

  /* get the modtime */
	
  if ( !prs_set_offset( ps, 0x0c ) )
    return false;
  if ( !smb_io_time( "modtime", &file->mtime, ps, depth ) )
    return false;

  /* constants */
	
  if ( !prs_uint32( "unknown2", ps, depth, &file->unknown2 ))
    return false;
  if ( !prs_uint32( "unknown3", ps, depth, &file->unknown3 ))
    return false;
  if ( !prs_uint32( "unknown4", ps, depth, &file->unknown4 ))
    return false;
  if ( !prs_uint32( "unknown5", ps, depth, &file->unknown5 ))
    return false;

  /* get file offsets */
	
  if ( !prs_set_offset( ps, 0x24 ) )
    return false;
  if ( !prs_uint32( "data_offset", ps, depth, &file->data_offset ))
    return false;
  if ( !prs_uint32( "last_block", ps, depth, &file->last_block ))
    return false;
		
  /* one more constant */
	
  if ( !prs_uint32( "unknown6", ps, depth, &file->unknown6 ))
    return false;
		
  /* get the checksum */
	
  if ( !prs_set_offset( ps, 0x01fc ) )
    return false;
  if ( !prs_uint32( "checksum", ps, depth, &file->checksum ))
    return false;
	
  return true;
}
コード例 #2
0
/*******************************************************************
reads or writes a structure.
********************************************************************/
char* samr_io_r_unknown_24(BOOL io, SAMR_R_UNKNOWN_24 *r_u, char *q, char *base, int align, int depth)
{
	if (r_u == NULL) return NULL;

	DEBUG(5,("%s%04x samr_io_r_unknown_24\n", tab_depth(depth), PTR_DIFF(q, base)));
	depth++;

	q = align_offset(q, base, align);

	DBG_RW_IVAL("ptr         ", depth, base, io, q, r_u->ptr         ); q += 4;
	DBG_RW_SVAL("unknown_0   ", depth, base, io, q, r_u->unknown_0   ); q += 2;
	DBG_RW_SVAL("unknown_1   ", depth, base, io, q, r_u->unknown_1   ); q += 2;
	DBG_RW_PCVAL(False, "padding_0   ", depth, base, io, q, r_u->padding_0   , sizeof(r_u->padding_0)); q += sizeof(r_u->padding_0);

	q = smb_io_time(io, &(r_u->expiry), q, base, align, depth); 
	DBG_RW_PCVAL(False, "padding_1   ", depth, base, io, q, r_u->padding_1   , sizeof(r_u->padding_1)); q += sizeof(r_u->padding_1);

	q = smb_io_unihdr (io, &(r_u->hdr_mach_acct), q, base, align, depth); 
	DBG_RW_IVAL("padding_2   ", depth, base, io, q, r_u->padding_2   ); q += 4;

	DBG_RW_IVAL("ptr_1       ", depth, base, io, q, r_u->ptr_1       ); q += 4;
	DBG_RW_PCVAL(False, "padding_3   ", depth, base, io, q, r_u->padding_3   , sizeof(r_u->padding_3)); q += sizeof(r_u->padding_3);
	DBG_RW_IVAL("padding_4   ", depth, base, io, q, r_u->padding_4   ); q += 4;

	DBG_RW_IVAL("ptr_2       ", depth, base, io, q, r_u->ptr_2       ); q += 4;
	DBG_RW_IVAL("padding_5   ", depth, base, io, q, r_u->padding_5   ); q += 4;

	DBG_RW_IVAL("ptr_3       ", depth, base, io, q, r_u->ptr_3       ); q += 4;
	DBG_RW_PCVAL(False, "padding_6   ", depth, base, io, q, r_u->padding_6   , sizeof(r_u->padding_6)); q += sizeof(r_u->padding_6);

	DBG_RW_IVAL("unknown_id_0", depth, base, io, q, r_u->unknown_id_0); q += 4;
	DBG_RW_SVAL("unknown_2   ", depth, base, io, q, r_u->unknown_2   ); q += 2;
	DBG_RW_IVAL("unknown_3   ", depth, base, io, q, r_u->unknown_3   ); q += 4;
	DBG_RW_SVAL("unknown_4   ", depth, base, io, q, r_u->unknown_4   ); q += 2;
	DBG_RW_SVAL("unknown_5   ", depth, base, io, q, r_u->unknown_5   ); q += 2;

	DBG_RW_PCVAL(False, "padding_7   ", depth, base, io, q, r_u->padding_7   , sizeof(r_u->padding_7)); q += sizeof(r_u->padding_7);
	DBG_RW_IVAL("padding_8   ", depth, base, io, q, r_u->padding_8   ); q += 4;
	
	q = smb_io_unistr2(io, &(r_u->uni_mach_acct), q, base, align, depth); 
	q = align_offset(q, base, align);

	DBG_RW_PCVAL(False, "padding_9   ", depth, base, io, q, r_u->padding_9   , sizeof(r_u->padding_9)); q += sizeof(r_u->padding_9);

	DBG_RW_IVAL("status", depth, base, io, q, r_u->status); q += 4;

	return q;
}
コード例 #3
0
ファイル: regfi.c プロジェクト: coriolis/vminspection
static bool prs_nk_rec( const char *desc, prs_struct *ps, 
			int depth, REGF_NK_REC *nk )
{
  uint16 class_length, name_length;
  uint32 start;
  uint32 data_size, start_off, end_off;
  uint32 unknown_off = REGF_OFFSET_NONE;

  nk->hbin_off = ps->data_offset;
  start = nk->hbin_off;
	
  depth++;
	
  /* back up and get the data_size */	
  if ( !prs_set_offset( ps, ps->data_offset-sizeof(uint32)) )
    return false;
  start_off = ps->data_offset;
  if ( !prs_uint32( "rec_size", ps, depth, &nk->rec_size ))
    return false;
	
  if (!prs_uint8s("header", ps, depth, nk->header, sizeof(nk->header)))
    return false;
		
  if ( !prs_uint16( "key_type", ps, depth, &nk->key_type ))
    return false;
  if ( !smb_io_time( "mtime", &nk->mtime, ps, depth ))
    return false;
		
  if ( !prs_set_offset( ps, start+0x0010 ) )
    return false;
  if ( !prs_uint32( "parent_off", ps, depth, &nk->parent_off ))
    return false;
  if ( !prs_uint32( "num_subkeys", ps, depth, &nk->num_subkeys ))
    return false;
		
  if ( !prs_set_offset( ps, start+0x001c ) )
    return false;
  if ( !prs_uint32( "subkeys_off", ps, depth, &nk->subkeys_off ))
    return false;
  if ( !prs_uint32( "unknown_off", ps, depth, &unknown_off) )
    return false;
		
  if ( !prs_set_offset( ps, start+0x0024 ) )
    return false;
  if ( !prs_uint32( "num_values", ps, depth, &nk->num_values ))
    return false;
  if ( !prs_uint32( "values_off", ps, depth, &nk->values_off ))
    return false;
  if ( !prs_uint32( "sk_off", ps, depth, &nk->sk_off ))
    return false;
  if ( !prs_uint32( "classname_off", ps, depth, &nk->classname_off ))
    return false;

  if (!prs_uint32("max_bytes_subkeyname", ps, depth, &nk->max_bytes_subkeyname))
    return false;
  if ( !prs_uint32( "max_bytes_subkeyclassname", ps, 
		    depth, &nk->max_bytes_subkeyclassname))
  { return false; }
  if ( !prs_uint32( "max_bytes_valuename", ps, depth, &nk->max_bytes_valuename))
    return false;
  if ( !prs_uint32( "max_bytes_value", ps, depth, &nk->max_bytes_value))
    return false;
  if ( !prs_uint32( "unknown index", ps, depth, &nk->unk_index))
    return false;

  name_length = nk->keyname ? strlen(nk->keyname) : 0 ;
  class_length = nk->classname ? strlen(nk->classname) : 0 ;
  if ( !prs_uint16( "name_length", ps, depth, &name_length ))
    return false;
  if ( !prs_uint16( "class_length", ps, depth, &class_length ))
    return false;	
		
  if ( class_length ) 
  {
    /* XXX: why isn't this parsed? */
    ;;
  }
	
  if ( name_length ) 
  {
    if(ps->io && !(nk->keyname = (char*)zcalloc(sizeof(char), name_length+1)))
	return false;

    if(!prs_uint8s("name", ps, depth, (uint8*)nk->keyname, name_length))
      return false;

    if(ps->io)
      nk->keyname[name_length] = '\0';
  }

  end_off = ps->data_offset;

  /* data_size must be divisible by 8 and large enough to hold 
     the original record */

  data_size = ((start_off - end_off) & 0xfffffff8 );
  /*if ( data_size > nk->rec_size )
      DEBUG(10,("Encountered reused record (0x%x < 0x%x)\n", data_size, nk->rec_size));*/

  if ( !ps->io )
    nk->hbin->dirty = true;
  
  return true;
}
コード例 #4
0
ファイル: parse_misc.c プロジェクト: DeezNuts12/freestyledash
BOOL smb_io_nttime(const char *desc, prs_struct *ps, int depth, NTTIME *nttime)
{
	return smb_io_time( desc, nttime, ps, depth );
}
コード例 #5
0
ファイル: parse_net.c プロジェクト: AllardJ/Tomato
static BOOL net_io_user_info3(char *desc, NET_USER_INFO_3 *usr, prs_struct *ps, int depth)
{
	int i;

	if (usr == NULL)
		return False;

	prs_debug(ps, depth, desc, "lsa_io_lsa_user_info");
	depth++;

	if(!prs_align(ps))
		return False;
	
	if(!prs_uint32("ptr_user_info ", ps, depth, &usr->ptr_user_info))
		return False;

	if (usr->ptr_user_info == 0)
		return True;

	if(!smb_io_time("time", &usr->logon_time, ps, depth)) /* logon time */
		return False;
	if(!smb_io_time("time", &usr->logoff_time, ps, depth)) /* logoff time */
		return False;
	if(!smb_io_time("time", &usr->kickoff_time, ps, depth)) /* kickoff time */
		return False;
	if(!smb_io_time("time", &usr->pass_last_set_time, ps, depth)) /* password last set time */
		return False;
	if(!smb_io_time("time", &usr->pass_can_change_time , ps, depth)) /* password can change time */
		return False;
	if(!smb_io_time("time", &usr->pass_must_change_time, ps, depth)) /* password must change time */
		return False;

	if(!smb_io_unihdr("unihdr", &usr->hdr_user_name, ps, depth)) /* username unicode string header */
		return False;
	if(!smb_io_unihdr("unihdr", &usr->hdr_full_name, ps, depth)) /* user's full name unicode string header */
		return False;
	if(!smb_io_unihdr("unihdr", &usr->hdr_logon_script, ps, depth)) /* logon script unicode string header */
		return False;
	if(!smb_io_unihdr("unihdr", &usr->hdr_profile_path, ps, depth)) /* profile path unicode string header */
		return False;
	if(!smb_io_unihdr("unihdr", &usr->hdr_home_dir, ps, depth)) /* home directory unicode string header */
		return False;
	if(!smb_io_unihdr("unihdr", &usr->hdr_dir_drive, ps, depth)) /* home directory drive unicode string header */
		return False;

	if(!prs_uint16("logon_count   ", ps, depth, &usr->logon_count))  /* logon count */
		return False;
	if(!prs_uint16("bad_pw_count  ", ps, depth, &usr->bad_pw_count)) /* bad password count */
		return False;

	if(!prs_uint32("user_id       ", ps, depth, &usr->user_id))       /* User ID */
		return False;
	if(!prs_uint32("group_id      ", ps, depth, &usr->group_id))      /* Group ID */
		return False;
	if(!prs_uint32("num_groups    ", ps, depth, &usr->num_groups))    /* num groups */
		return False;
	if(!prs_uint32("buffer_groups ", ps, depth, &usr->buffer_groups)) /* undocumented buffer pointer to groups. */
		return False;
	if(!prs_uint32("user_flgs     ", ps, depth, &usr->user_flgs))     /* user flags */
		return False;

	if(!prs_uint8s(False, "user_sess_key", ps, depth, usr->user_sess_key, 16)) /* unused user session key */
		return False;

	if(!smb_io_unihdr("unihdr", &usr->hdr_logon_srv, ps, depth)) /* logon server unicode string header */
		return False;
	if(!smb_io_unihdr("unihdr", &usr->hdr_logon_dom, ps, depth)) /* logon domain unicode string header */
		return False;

	if(!prs_uint32("buffer_dom_id ", ps, depth, &usr->buffer_dom_id)) /* undocumented logon domain id pointer */
		return False;
	if(!prs_uint8s (False, "padding       ", ps, depth, usr->padding, 40)) /* unused padding bytes? */
		return False;

	if(!prs_uint32("num_other_sids", ps, depth, &usr->num_other_sids)) /* 0 - num_sids */
		return False;
	if(!prs_uint32("buffer_other_sids", ps, depth, &usr->buffer_other_sids)) /* NULL - undocumented pointer to SIDs. */
		return False;
		
	if(!smb_io_unistr2("unistr2", &usr->uni_user_name, usr->hdr_user_name.buffer, ps, depth)) /* username unicode string */
		return False;
	if(!smb_io_unistr2("unistr2", &usr->uni_full_name, usr->hdr_full_name.buffer, ps, depth)) /* user's full name unicode string */
		return False;
	if(!smb_io_unistr2("unistr2", &usr->uni_logon_script, usr->hdr_logon_script.buffer, ps, depth)) /* logon script unicode string */
		return False;
	if(!smb_io_unistr2("unistr2", &usr->uni_profile_path, usr->hdr_profile_path.buffer, ps, depth)) /* profile path unicode string */
		return False;
	if(!smb_io_unistr2("unistr2", &usr->uni_home_dir, usr->hdr_home_dir.buffer, ps, depth)) /* home directory unicode string */
		return False;
	if(!smb_io_unistr2("unistr2", &usr->uni_dir_drive, usr->hdr_dir_drive.buffer, ps, depth)) /* home directory drive unicode string */
		return False;

	if(!prs_align(ps))
		return False;
	if(!prs_uint32("num_groups2   ", ps, depth, &usr->num_groups2))        /* num groups */
		return False;
	SMB_ASSERT_ARRAY(usr->gids, usr->num_groups2);
	for (i = 0; i < usr->num_groups2; i++) {
		if(!smb_io_gid("", &usr->gids[i], ps, depth)) /* group info */
			return False;
	}

	if(!smb_io_unistr2("unistr2", &usr->uni_logon_srv, usr->hdr_logon_srv.buffer, ps, depth)) /* logon server unicode string */
		return False;
	if(!smb_io_unistr2("unistr2", &usr->uni_logon_dom, usr->hdr_logon_srv.buffer, ps, depth)) /* logon domain unicode string */
		return False;

	if(!smb_io_dom_sid2("", &usr->dom_sid, ps, depth))           /* domain SID */
		return False;

	SMB_ASSERT_ARRAY(usr->other_sids, usr->num_other_sids);

	for (i = 0; i < usr->num_other_sids; i++) {
		if(!smb_io_dom_sid2("", &usr->other_sids[i], ps, depth)) /* other domain SIDs */
			return False;
	}

	return True;
}