📄 smb_andx_decode.c
字号:
byteCount = extraBytes = smb_ntohs(sess_setupx_auth->byteCount); smb_data = data + sizeof(SMB_SESS_SETUPX_REQ_HDR) + sizeof(SMB_SESS_SETUPX_REQ_AUTH_OLD); } break; case 12: { /* Extended Security session setup andx */ SMB_SESS_SETUPX_REQ_AUTH_NTLM12 *sess_setupx_auth = (SMB_SESS_SETUPX_REQ_AUTH_NTLM12 *) (data + sizeof(SMB_SESS_SETUPX_REQ_HDR)); passwdLen = 0; /* Its a blob */ byteCount = extraBytes = smb_ntohs(sess_setupx_auth->byteCount); skipBytes = smb_ntohs(sess_setupx_auth->secBlobLength); smb_data = data + sizeof(SMB_SESS_SETUPX_REQ_HDR) + sizeof(SMB_SESS_SETUPX_REQ_AUTH_NTLM12); } break; case 13: { /* Non-Extended Security session setup andx */ SMB_SESS_SETUPX_REQ_AUTH_NTLM12_NOEXT *sess_setupx_auth = (SMB_SESS_SETUPX_REQ_AUTH_NTLM12_NOEXT *) (data + sizeof(SMB_SESS_SETUPX_REQ_HDR)); if (sess_setupx_auth->passwdLen) { passwdLen = smb_ntohs(sess_setupx_auth->passwdLen); unicodePasswd = 1; } else if (sess_setupx_auth->iPasswdLen) { passwdLen = smb_ntohs(sess_setupx_auth->iPasswdLen); } byteCount = extraBytes = smb_ntohs(sess_setupx_auth->byteCount); smb_data = data + sizeof(SMB_SESS_SETUPX_REQ_HDR) + sizeof(SMB_SESS_SETUPX_REQ_AUTH_NTLM12_NOEXT); } break; default: return -1; break; } size -= sizeof(SMB_SESS_SETUPX_REQ_HDR); /* Password data */ if (passwdLen) { int i=0; if ( unicodePasswd ) {#ifdef DEBUG_DCERPC_PRINT /* UNICODE Password */ wprintf(L"Case Sensitive Password: %.*s\n", passwdLen, smb_data);#endif /* Skip past the password -- no terminating NULL */ smb_data += passwdLen; extraBytes -= passwdLen; /* Jump past the pad that re-aligns the next fields */ if (HAS_UNICODE_STRINGS(smbHdr)) { smb_data += 1; extraBytes -= 1; } } else {#ifdef DEBUG_DCERPC_PRINT /* ASCII Password */ printf("Case Insensitive Password: %.*s\n", passwdLen, smb_data);#endif /* Skip past the password -- no terminating NULL */ smb_data += passwdLen; extraBytes -= passwdLen; /* Jump past the pad that re-aligns the next fields -- pad * is present when ascii password is an even # of bytes. */ if (HAS_UNICODE_STRINGS(smbHdr) && (passwdLen %2 == 0)) { smb_data += 1; extraBytes -= 1; } } for (i=0;i<2;i++) { skipBytes = 1; if (HAS_UNICODE_STRINGS(smbHdr)) { if (*smb_data != '\0') {#ifdef DEBUG_DCERPC_PRINT printf("%s: ", SESS_AUTH_FIELD(extraIndex)); wprintf(L"%s\n", smb_data);#endif skipBytes = SkipBytesWide(smb_data, size) + 2; } } else { if (*smb_data != '\0') {#ifdef DEBUG_DCERPC_PRINT printf("%s: %s\n", SESS_AUTH_FIELD(extraIndex), smb_data);#endif skipBytes = SkipBytes(smb_data, size) + 1; } } extraIndex++; smb_data += skipBytes; extraBytes -= skipBytes; } } else {#ifdef DEBUG_DCERPC_PRINT /* The security blob... */ int i; printf("Security blob... "); for (i=0;i<skipBytes;i++) { if ( isprint(smb_data[i]) ) printf("%c ", smb_data[i]); else printf("%.2x ", smb_data[i]); } printf("\n");#endif smb_data += skipBytes; extraBytes -= skipBytes; /* Jump past the NULL Pad (ie fields following are word aligned) */ if (skipBytes%2 == 0) { smb_data += 1; extraBytes -= 1; } } extraIndex = 0; /* Some extra data */ while (extraBytes > 0) { skipBytes = 1; if (HAS_UNICODE_STRINGS(smbHdr)) { if (*smb_data != '\0') {#ifdef DEBUG_DCERPC_PRINT printf("%s: ", SESS_NATIVE_FIELD(extraIndex)); wprintf(L"%s\n", smb_data);#endif skipBytes = wcslen(smb_data) + 1; } skipBytes *= 2; } else { if (*smb_data != '\0') {#ifdef DEBUG_DCERPC_PRINT printf("%s: %s\n", SESS_NATIVE_FIELD(extraIndex), smb_data);#endif skipBytes = strlen(smb_data) + 1; } } extraIndex++; smb_data += skipBytes; extraBytes -= skipBytes; } /* Handle next andX command in this packet */ if (sess_setupx_req_hdr->andXCommand != SMB_NONE) { u_int16_t data_size; u_int16_t andXOffset = smb_ntohs(sess_setupx_req_hdr->andXOffset); if ( andXOffset >= total_size ) return 0; /* Make sure we don't backtrack or look at the same data again */ if ( andXOffset <= (data - (u_int8_t *)smbHdr) ) return 0; /* Skip header, get size of remaining data */ data_size = total_size - andXOffset; /* Next block is at smbHdr + smb_ntohs(sess_setupx_req->andXOffset) */ return ProcessNextSMBCommand(sess_setupx_req_hdr->andXCommand, smbHdr, (u_int8_t *)smbHdr + smb_ntohs(sess_setupx_req_hdr->andXOffset), data_size, total_size); } return 0;}int ProcessSMBLogoffXReq(SMB_HDR *smbHdr, u_int8_t *data, u_int16_t size, u_int16_t total_size){ SMB_LOGOFFX_REQ *logoffX; int byteCount; if (byteCount > 0) { return -1; } if ( size < sizeof(SMB_LOGOFFX_REQ) ) { return 0; } logoffX = (SMB_LOGOFFX_REQ *)data; byteCount = smb_ntohs(logoffX->byteCount); /* Handle next andX command in this packet */ if (logoffX->andXCommand != SMB_NONE) { u_int16_t data_size; u_int16_t andXOffset = smb_ntohs(logoffX->andXOffset); if ( andXOffset >= total_size ) return 0; /* Make sure we don't backtrack or look at the same data again */ if ( andXOffset <= (data - (u_int8_t *)smbHdr) ) return 0; /* Skip header, get size of remaining data */ data_size = total_size - andXOffset; /* Next block is at smbHdr + smb_ntohs(sess_setupx_req->andXOffset) */ return ProcessNextSMBCommand(logoffX->andXCommand, smbHdr, (u_int8_t *)smbHdr + smb_ntohs(logoffX->andXOffset), data_size, total_size); } return 0;}int ProcessSMBLockingX(SMB_HDR *smbHdr, u_int8_t *data, u_int16_t size, u_int16_t total_size){ SMB_LOCKINGX_REQ *lockingX; unsigned char *smb_data; u_int16_t numUnlocks; u_int16_t numLocks; int lockRangeSize; if ( size < sizeof(SMB_LOCKINGX_REQ) ) { return 0; } lockingX = (SMB_LOCKINGX_REQ *)data; smb_data = data + sizeof(SMB_LOCKINGX_REQ); numUnlocks = smb_ntohs(lockingX->numUnlocks); numLocks = smb_ntohs(lockingX->numLocks); if (lockingX->lockType & LOCKINGX_LARGE_FILES) { lockRangeSize = sizeof(SMB_LARGEFILE_LOCKINGX_RANGE);#ifdef DEBUG_DCERPC_PRINT if (numUnlocks > 0) { int i; printf("Unlocking PIDs: "); for (i=0;i<numUnlocks;i++) { SMB_LARGEFILE_LOCKINGX_RANGE *lock = (SMB_LARGEFILE_LOCKINGX_RANGE *)(smb_data + lockRangeSize * i); printf("%d ", lock->pid); } printf("\n"); } if (numLocks > 0) { int i; printf("Locking PIDs: "); for (i=0;i<numLocks;i++) { SMB_LARGEFILE_LOCKINGX_RANGE *lock = (SMB_LARGEFILE_LOCKINGX_RANGE *)(smb_data + lockRangeSize * numUnlocks+ lockRangeSize * i); printf("%d ", lock->pid); } printf("\n"); }#endif } else { lockRangeSize = sizeof(SMB_LOCKINGX_RANGE);#ifdef DEBUG_DCERPC_PRINT if (numUnlocks > 0) { printf("Unlocking PIDs: "); for (i=0;i<numUnlocks;i++) { SMB_LOCKINGX_RANGE *lock = (SMB_LOCKINGX_RANGE *)(smb_data + lockRangeSize * i); printf("%d ", lock->pid); } printf("\n"); } if (numLocks > 0) { printf("Locking PIDs: "); for (i=0;i<numLocks;i++) { SMB_LOCKINGX_RANGE *lock = (SMB_LOCKINGX_RANGE *)(smb_data + lockRangeSize * numUnlocks+ lockRangeSize * i); printf("%d ", lock->pid); } printf("\n"); }#endif } /* Handle next andX command in this packet */ if (lockingX->andXCommand != SMB_NONE) { u_int16_t data_size; u_int16_t andXOffset = smb_ntohs(lockingX->andXOffset); if ( andXOffset >= total_size ) return 0; /* Make sure we don't backtrack or look at the same data again */ if ( andXOffset <= (data - (u_int8_t *)smbHdr) ) return 0; /* Skip header, get size of remaining data */ data_size = total_size - andXOffset; /* Next block is at smbHdr + smb_ntohs(sess_setupx_req->andXOffset) */ return ProcessNextSMBCommand(lockingX->andXCommand, smbHdr, (u_int8_t *)smbHdr + smb_ntohs(lockingX->andXOffset), data_size, total_size); } return 0;}#endif /* UNUSED_SMB_COMMAND */⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -