📄 smb_file.inc
字号:
local_var num, i, section; num = max_index (sections); for (i=0; i<num; i++) { section = sections[i]; if ((voffset >= section[3]) && (voffset <= (section[3] + section[1]))) return section[2] + (voffset - section[3]); } # should not reach this code return 0;}function check_version (size, offset, sections, handle){ local_var i, sig, ret, id, info_offset, res_dir, NumberOfNamedEntries, NumberOfIdEntries, entry, version_info, len, pos, num, res_dir_entry, section_found, code; # IMAGE_RESOURCE_DIRECTORY structure res_dir = ReadFile (handle:handle, offset:offset, length:16); if (!res_dir || strlen(res_dir) != 16) return NULL; NumberOfNamedEntries = get_word (blob:res_dir, pos:12); NumberOfIdEntries = get_word (blob:res_dir, pos:14); info_offset = 0; for (i = 0; i < NumberOfNamedEntries + NumberOfIdEntries; i++) { entry = ReadFile (handle:handle, offset:offset+16+i*8, length:8); if (!entry || strlen(entry) != 8) return NULL; id = get_dword (blob:entry, pos:0); if (id == 0x10) # VERSION_INFO structure { info_offset = get_dword (blob:entry, pos:4) - 0x80000000; break; } } if (info_offset == 0) return NULL; # VERSION : IMAGE_RESOURCE_DIRECTORY 1 res_dir = ReadFile (handle:handle, offset:offset+info_offset, length:24); if (!res_dir || strlen(res_dir) != 24) return NULL; info_offset = get_dword (blob:res_dir, pos:20) - 0x80000000; # VERSION : IMAGE_RESOURCE_DIRECTORY 2 res_dir = ReadFile (handle:handle, offset:offset+info_offset, length:16); if (!res_dir || strlen(res_dir) != 16) return NULL; num = get_word(blob:res_dir, pos:14); section_found = FALSE; for (i=0; i<num; i++) { res_dir_entry = ReadFile (handle:handle, offset:offset+info_offset+16+i*8, length:8); if (!res_dir || strlen(res_dir_entry) != 8) return NULL; code = get_dword(blob:res_dir_entry, pos:0); if ((code == 0x409) || (code == 0) || (num == 1)) { section_found = TRUE; break; } } if (!section_found) return NULL; info_offset = get_dword (blob:res_dir_entry, pos:4); # VERSION : offset + size res_dir = ReadFile (handle:handle, offset:offset+info_offset, length:8); if (!res_dir || strlen(res_dir) != 8) return NULL; info_offset = get_dword (blob:res_dir, pos:0); # Convert Vitual address to offset offset = voffset_to_offset (voffset:info_offset, sections:sections); # VS_VERSION_INFO version_info = ReadFile (handle:handle, offset:offset, length:2); if (!version_info || strlen(version_info) != 2) return NULL; len = get_word (blob:version_info, pos:0); if (len < 58) return NULL; # VS_VERSION_INFO version_info = ReadFile (handle:handle, offset:offset, length:len); if (!version_info || strlen(version_info) != len) return NULL; ret = NULL; ret['wLength'] = get_word (blob:version_info, pos:0); ret['wValueLength'] = get_word (blob:version_info, pos:2); ret['wType'] = get_word (blob:version_info, pos:4); ret['szKey'] = get_string (blob:version_info, pos:6, _type:1); pos = 6 + strlen (ret['szKey']) * 2 + 2; # word of padding padding if (strlen(ret['szKey']) % 2) { ret['Padding1'] = 0; pos += 2; } sig = get_dword (blob:version_info, pos:pos); if (sig != 0xfeef04bd) return NULL; ret['dwSignature'] = get_dword (blob:version_info, pos:pos); ret['dwStrucVersion'] = get_dword (blob:version_info, pos:pos+4); ret['dwFileVersionMS'] = get_dword (blob:version_info, pos:pos+8); ret['dwFileVersionLS'] = get_dword (blob:version_info, pos:pos+12); ret['dwProductVersionMS'] = get_dword (blob:version_info, pos:pos+16); ret['dwProductVersionLS'] = get_dword (blob:version_info, pos:pos+20); ret['dwFileFlagsMask'] = get_dword (blob:version_info, pos:pos+24); ret['dwFileFlags'] = get_dword (blob:version_info, pos:pos+28); ret['dwFileOS'] = get_dword (blob:version_info, pos:pos+32); ret['dwFileType'] = get_dword (blob:version_info, pos:pos+36); ret['dwFileSubtype'] = get_dword (blob:version_info, pos:pos+40); ret['dwFileDateMS'] = get_dword (blob:version_info, pos:pos+44); ret['dwFileDateLS'] = get_dword (blob:version_info, pos:pos+48); if ( NASL_LEVEL < 2204 ) return ret; pos += 52; ret['Children'] = extract_structures (data:substr(version_info, pos, strlen(version_info)-1)); return ret;}function extract_structures (data){ local_var opos, pos, len, size, type, max_len, ret, name; ret = NULL; pos = 0; max_len = strlen(data); while (pos < max_len) { opos = pos; len = get_word (blob:data, pos:pos); size = get_word (blob:data, pos:pos+2); type = get_word (blob:data, pos:pos+4); name = get_string (blob:data, pos:pos+6, _type:1); pos = pos+6 + strlen (name) * 2 + 2; # word of padding if (strlen(name) % 2) pos += 2; if (size == 0) ret[name] = extract_structures (data:substr(data,pos,opos+len-1)); else { # WCHAR if (type == 1) ret[name] = get_string (blob:data, pos:pos, _type:1); # Binary data else ret[name] = substr (data, pos, pos+size-1); } pos = opos + len; if (len % 4) pos += 2; } return ret;}#---------------------------------------------------------## Function : GetFileVersionEx ## Description : return file version (exe,dll,...) ## Return : VS_VERSION_INFO structure : ## ## VS_VERSION_INFO : ## ret['wLength']; ## ret['wValueLength]; ## ret['wType']; ## ret['szKey']; ## [ret['Padding1']]; ## #VS_FIXEDFILEINFO Value; ## ret['dwSignature']; ## ret['dwStrucVersion']; ## ret['dwFileVersionMS']; ## ret['dwFileVersionLS']; ## ret['dwProductVersionMS']; ## ret['dwProductVersionLS']; ## ret['dwFileFlagMask']; ## ret['dwFileFlags']; ## ret['dwFileOS']; ## ret['dwFileType']; ## ret['dwFileSubtype']; ## ret['dwFileDateMS']; ## ret['dwFileDateLS']; ## ret['Children']; ## --> ['StringFileInfo'] ## --> ['040904B0'] ## --> ['CompanyName'] = "Tenable Network Sec."## --> ['FileVersion'] = "6.0.45.366" ## --> ... ## --> ['VarFileInfo'] ## --> ['Translation'] = raw_string ("0904B004") ## # # ##---------------------------------------------------------#function GetFileVersionEx (handle){ local_var dos_header, sig, e_lfanew, nt_header, number_of_sections, size_optional_header, i; local_var offset, size, sections, pos, idx, tmp, pattern, rsrc, r_pattern, ret, name, voffset; local_var __sections, section; # We first parse IMAGE_DOS_HEADER dos_header = ReadFile (handle:handle, offset:0, length:64); if (!dos_header || (strlen(dos_header) != 64)) return NULL; sig = substr(dos_header, 0, 1); if ("MZ" >!< sig) return NULL; e_lfanew = get_dword (blob:dos_header, pos:60); # We now parse Signature + IMAGE_FILE_HEADER nt_header = ReadFile (handle:handle, offset:e_lfanew, length:24); if (!nt_header || (strlen(nt_header) != 24)) return NULL; sig = substr(nt_header, 0, 1); if ("PE" >!< sig) return NULL; number_of_sections = get_word (blob:nt_header, pos:6); size_optional_header = get_word (blob:nt_header, pos:20); # We now parse sections offset = e_lfanew + 24 + size_optional_header; size = number_of_sections * 40; sections = ReadFile (handle:handle, offset:offset, length:size); if (!sections || (strlen(sections) != size)) return NULL; pos = rsrc = 0; r_pattern = ".rsrc" + raw_string (0,0,0); __sections = NULL; for (i=0; i<number_of_sections; i++) { section = make_list ( substr(sections, pos, pos+7), # name get_dword (blob:sections, pos:pos+16), # size get_dword (blob:sections, pos:pos+20), # offset get_dword (blob:sections, pos:pos+12) # voffset ); if (r_pattern >< section[0]) { rsrc = 1; offset = section[2]; size = section[1]; } __sections[i] = section; pos += 40; } # if no rsrc section left if (rsrc == 0) return NULL; return check_version (size:size, offset:offset, sections:__sections, handle:handle); }#---------------------------------------------------------## Function : GetFileVersion ## Description : return file version (exe,dll,...) ## Return : ret[0] = version 0 ## ret[1] = version 1 ## ret[2] = version 2 ## ret[3] = version 3 ##---------------------------------------------------------#function GetFileVersion (handle){ local_var ret, tmp; ret = GetFileVersionEx (handle:handle); if (isnull(ret)) return NULL; tmp = NULL; tmp[0] = ret['dwFileVersionMS'] >>> 16; tmp[1] = ret['dwFileVersionMS'] & 0xFFFF; tmp[2] = ret['dwFileVersionLS'] >>> 16; tmp[3] = ret['dwFileVersionLS'] & 0xFFFF; return tmp;}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -