protected override void Decode(byte[] message)
{
base.Decode(message);
if (BitConverterLE.ToUInt16(message, 56) != message.Length)
{
string text = Locale.GetText("Invalid Type3 message length.");
throw new ArgumentException(text, "message");
}
_password = null;
int count = BitConverterLE.ToUInt16(message, 28);
int index = 64;
_domain = Encoding.Unicode.GetString(message, index, count);
int count2 = BitConverterLE.ToUInt16(message, 44);
int index2 = BitConverterLE.ToUInt16(message, 48);
_host = Encoding.Unicode.GetString(message, index2, count2);
int count3 = BitConverterLE.ToUInt16(message, 36);
int index3 = BitConverterLE.ToUInt16(message, 40);
_username = Encoding.Unicode.GetString(message, index3, count3);
_lm = new byte[24];
int srcOffset = BitConverterLE.ToUInt16(message, 16);
Buffer.BlockCopy(message, srcOffset, _lm, 0, 24);
_nt = new byte[24];
int srcOffset2 = BitConverterLE.ToUInt16(message, 24);
Buffer.BlockCopy(message, srcOffset2, _nt, 0, 24);
if (message.Length >= 64)
{
base.Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 60);
}
}
protected override void Decode(byte[] message)
{
base.Decode(message);
if ((int)BitConverterLE.ToUInt16(message, 56) != message.Length)
{
throw new ArgumentException(Locale.GetText("Invalid Type3 message length."), nameof(message));
}
this._password = (string)null;
int uint16_1 = (int)BitConverterLE.ToUInt16(message, 28);
int index = 64;
this._domain = Encoding.Unicode.GetString(message, index, uint16_1);
int uint16_2 = (int)BitConverterLE.ToUInt16(message, 44);
int uint16_3 = (int)BitConverterLE.ToUInt16(message, 48);
this._host = Encoding.Unicode.GetString(message, uint16_3, uint16_2);
int uint16_4 = (int)BitConverterLE.ToUInt16(message, 36);
int uint16_5 = (int)BitConverterLE.ToUInt16(message, 40);
this._username = Encoding.Unicode.GetString(message, uint16_5, uint16_4);
this._lm = new byte[24];
int uint16_6 = (int)BitConverterLE.ToUInt16(message, 16);
Buffer.BlockCopy((Array)message, uint16_6, (Array)this._lm, 0, 24);
this._nt = new byte[24];
int uint16_7 = (int)BitConverterLE.ToUInt16(message, 24);
Buffer.BlockCopy((Array)message, uint16_7, (Array)this._nt, 0, 24);
if (message.Length < 64)
{
return;
}
this.Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 60);
}
// methods
protected override void Decode(byte[] message)
{
base.Decode(message);
Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 20);
Buffer.BlockCopy(message, 24, _nonce, 0, 8);
var tname_len = BitConverterLE.ToUInt16(message, 12);
var tname_off = BitConverterLE.ToUInt16(message, 16);
if (tname_len > 0)
{
if ((Flags & NtlmFlags.NegotiateOem) != 0)
{
_targetName = Encoding.ASCII.GetString(message, tname_off, tname_len);
}
else
{
_targetName = Encoding.Unicode.GetString(message, tname_off, tname_len);
}
}
// The Target Info block is optional.
if (message.Length >= 48)
{
var tinfo_len = BitConverterLE.ToUInt16(message, 40);
var tinfo_off = BitConverterLE.ToUInt16(message, 44);
if (tinfo_len > 0)
{
_targetInfo = new byte [tinfo_len];
Buffer.BlockCopy(message, tinfo_off, _targetInfo, 0, tinfo_len);
}
}
}
internal int ProcessFirstBlock()
{
if (this.fs == null)
{
return(1);
}
this.fs.Position = 0L;
this.blockLength = this.fs.Read(this.fileblock, 0, this.fileblock.Length);
this.blockNo = 1;
if (this.blockLength < 0x40)
{
return(2);
}
if (BitConverterLE.ToUInt16(this.fileblock, 0) != 0x5a4d)
{
return(3);
}
this.peOffset = BitConverterLE.ToInt32(this.fileblock, 60);
if (this.peOffset > this.fileblock.Length)
{
throw new NotSupportedException(string.Format(Locale.GetText("Header size too big (> {0} bytes)."), this.fileblock.Length));
}
if (this.peOffset > this.fs.Length)
{
return(4);
}
if (BitConverterLE.ToUInt32(this.fileblock, this.peOffset) != 0x4550)
{
return(5);
}
this.dirSecurityOffset = BitConverterLE.ToInt32(this.fileblock, this.peOffset + 0x98);
this.dirSecuritySize = BitConverterLE.ToInt32(this.fileblock, this.peOffset + 0x9c);
this.coffSymbolTableOffset = BitConverterLE.ToInt32(this.fileblock, this.peOffset + 12);
return(0);
}
// methods
protected override void Decode(byte[] message)
{
base.Decode(message);
Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 12);
if (Version == NtlmVersion.Version1)
{
return;
}
int dom_len = BitConverterLE.ToUInt16(message, 16);
int dom_off = BitConverterLE.ToUInt16(message, 20);
_domain = Encoding.ASCII.GetString(message, dom_off, dom_len);
int host_len = BitConverterLE.ToUInt16(message, 24);
int host_off = BitConverterLE.ToUInt16(message, 28);
_host = Encoding.ASCII.GetString(message, host_off, host_len);
if (Version != NtlmVersion.Version3)
{
return;
}
OSVersion = CreateSubArray(message, 32, 8);
}
internal int ProcessFirstBlock()
{
if (fs == null)
{
return(1);
}
fs.Position = 0;
// read first block - it will include (100% sure)
// the MZ header and (99.9% sure) the PE header
blockLength = fs.Read(fileblock, 0, fileblock.Length);
blockNo = 1;
if (blockLength < 64)
{
return(2); // invalid PE file
}
// 1. Validate the MZ header informations
// 1.1. Check for magic MZ at start of header
if (BitConverterLE.ToUInt16(fileblock, 0) != 0x5A4D)
{
return(3);
}
// 1.2. Find the offset of the PE header
peOffset = BitConverterLE.ToInt32(fileblock, 60);
if (peOffset > fileblock.Length)
{
// just in case (0.1%) this can actually happen
string msg = String.Format(
"Размер заголовка слишком большой (> {0} байт).",
fileblock.Length);
throw new NotSupportedException(msg);
}
if (peOffset > fs.Length)
{
return(4);
}
// 2. Read between DOS header and first part of PE header
// 2.1. Check for magic PE at start of header
// PE - NT header ('P' 'E' 0x00 0x00)
if (BitConverterLE.ToUInt32(fileblock, peOffset) != 0x4550)
{
return(5);
}
// 2.2. Locate IMAGE_DIRECTORY_ENTRY_SECURITY (offset and size)
dirSecurityOffset = BitConverterLE.ToInt32(fileblock, peOffset + 152);
dirSecuritySize = BitConverterLE.ToInt32(fileblock, peOffset + 156);
// COFF symbol tables are deprecated - we'll strip them if we see them!
// (otherwise the signature won't work on MS and we don't want to support COFF for that)
coffSymbolTableOffset = BitConverterLE.ToInt32(fileblock, peOffset + 12);
return(0);
}
protected override void Decode(byte[] message)
{
base.Decode(message);
this.Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 12);
int uint16_1 = (int)BitConverterLE.ToUInt16(message, 16);
int uint16_2 = (int)BitConverterLE.ToUInt16(message, 20);
this._domain = Encoding.ASCII.GetString(message, uint16_2, uint16_1);
int uint16_3 = (int)BitConverterLE.ToUInt16(message, 24);
this._host = Encoding.ASCII.GetString(message, 32, uint16_3);
}
protected override void Decode(byte[] message)
{
base.Decode(message);
base.Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 12);
int count = BitConverterLE.ToUInt16(message, 16);
int index = BitConverterLE.ToUInt16(message, 20);
_domain = Encoding.ASCII.GetString(message, index, count);
int count2 = BitConverterLE.ToUInt16(message, 24);
_host = Encoding.ASCII.GetString(message, 32, count2);
}
// methods
protected override void Decode(byte[] message)
{
base.Decode(message);
if (BitConverterLE.ToUInt16(message, 56) != message.Length)
{
string msg = Locale.GetText("Invalid Type3 message length.");
throw new ArgumentException(msg, "message");
}
_password = null;
if (message.Length >= 64)
{
Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 60);
}
else
{
Flags = (NtlmFlags)0x8201;
}
int lm_len = BitConverterLE.ToUInt16(message, 12);
int lm_off = BitConverterLE.ToUInt16(message, 16);
_lm = new byte [lm_len];
Buffer.BlockCopy(message, lm_off, _lm, 0, lm_len);
int nt_len = BitConverterLE.ToUInt16(message, 20);
int nt_off = BitConverterLE.ToUInt16(message, 24);
_nt = new byte [nt_len];
Buffer.BlockCopy(message, nt_off, _nt, 0, nt_len);
int dom_len = BitConverterLE.ToUInt16(message, 28);
int dom_off = BitConverterLE.ToUInt16(message, 32);
_domain = DecodeString(message, dom_off, dom_len);
int user_len = BitConverterLE.ToUInt16(message, 36);
int user_off = BitConverterLE.ToUInt16(message, 40);
_username = DecodeString(message, user_off, user_len);
int host_len = BitConverterLE.ToUInt16(message, 44);
int host_off = BitConverterLE.ToUInt16(message, 48);
_host = DecodeString(message, host_off, host_len);
// Session key. We don't use it yet.
// int skey_len = BitConverterLE.ToUInt16 (message, 52);
// int skey_off = BitConverterLE.ToUInt16 (message, 56);
}
// methods
protected override void Decode(byte[] message)
{
base.Decode(message);
Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 12);
int dom_len = BitConverterLE.ToUInt16(message, 16);
int dom_off = BitConverterLE.ToUInt16(message, 20);
_domain = Encoding.ASCII.GetString(message, dom_off, dom_len);
int host_len = BitConverterLE.ToUInt16(message, 24);
_host = Encoding.ASCII.GetString(message, 32, host_len);
}
// methods
protected override void Decode(byte[] message)
{
base.Decode(message);
_password = null;
if (message.Length >= 64)
{
Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 60);
}
else
{
Flags = (NtlmFlags)0x8201;
}
int lm_len = BitConverterLE.ToUInt16(message, 12);
int lm_off = BitConverterLE.ToUInt16(message, 16);
_lm = new byte [lm_len];
Buffer.BlockCopy(message, lm_off, _lm, 0, lm_len);
int nt_len = BitConverterLE.ToUInt16(message, 20);
int nt_off = BitConverterLE.ToUInt16(message, 24);
_nt = new byte [nt_len];
Buffer.BlockCopy(message, nt_off, _nt, 0, nt_len);
int dom_len = BitConverterLE.ToUInt16(message, 28);
int dom_off = BitConverterLE.ToUInt16(message, 32);
_domain = DecodeString(message, dom_off, dom_len);
int user_len = BitConverterLE.ToUInt16(message, 36);
int user_off = BitConverterLE.ToUInt16(message, 40);
_username = DecodeString(message, user_off, user_len);
int host_len = BitConverterLE.ToUInt16(message, 44);
int host_off = BitConverterLE.ToUInt16(message, 48);
_host = DecodeString(message, host_off, host_len);
// Session key. We don't use it yet.
// int skey_len = BitConverterLE.ToUInt16 (message, 52);
// int skey_off = BitConverterLE.ToUInt16 (message, 56);
}
// methods
protected override void Decode(byte[] message)
{
base.Decode(message);
// FIXME: This Version condition is introduced to make
// nunit tests pass, and hence not based on the NTLM
// analysis docs. Find out the reason why it is needed.
if (Version == NtlmVersion.Version1 &&
BitConverterLE.ToUInt16(message, 56) != message.Length)
{
string msg = Locale.GetText("Invalid Type3 message length.");
throw new ArgumentException(msg, "message");
}
_password = null;
int dom_len = BitConverterLE.ToUInt16(message, 28);
int dom_off = BitConverterLE.ToUInt16(message, 32);
_domain = Encoding.Unicode.GetString(message, dom_off, dom_len);
int host_len = BitConverterLE.ToUInt16(message, 44);
int host_off = BitConverterLE.ToUInt16(message, 48);
_host = Encoding.Unicode.GetString(message, host_off, host_len);
int user_len = BitConverterLE.ToUInt16(message, 36);
int user_off = BitConverterLE.ToUInt16(message, 40);
_username = Encoding.Unicode.GetString(message, user_off, user_len);
_lm = new byte [24];
int lm_off = BitConverterLE.ToUInt16(message, 16);
Buffer.BlockCopy(message, lm_off, _lm, 0, 24);
_nt = new byte [24];
int nt_off = BitConverterLE.ToUInt16(message, 24);
Buffer.BlockCopy(message, nt_off, _nt, 0, 24);
if (message.Length >= 64)
{
Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 60);
}
}
// methods
protected override void Decode(byte[] message)
{
base.Decode(message);
if (BitConverterLE.ToUInt16(message, 56) != message.Length)
{
string msg = Locale.GetText("Invalid Type3 message length.");
throw new ArgumentException(msg, "message");
}
_password = null;
int dom_len = BitConverterLE.ToUInt16(message, 28);
int dom_off = 64;
_domain = Encoding.Unicode.GetString(message, dom_off, dom_len);
int host_len = BitConverterLE.ToUInt16(message, 44);
int host_off = BitConverterLE.ToUInt16(message, 48);
_host = Encoding.Unicode.GetString(message, host_off, host_len);
int user_len = BitConverterLE.ToUInt16(message, 36);
int user_off = BitConverterLE.ToUInt16(message, 40);
_username = Encoding.Unicode.GetString(message, user_off, user_len);
_lm = new byte [24];
int lm_off = BitConverterLE.ToUInt16(message, 16);
Buffer.BlockCopy(message, lm_off, _lm, 0, 24);
_nt = new byte [24];
int nt_off = BitConverterLE.ToUInt16(message, 24);
Buffer.BlockCopy(message, nt_off, _nt, 0, 24);
if (message.Length >= 64)
{
Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 60);
}
}
// methods
protected override void Decode(byte[] message)
{
base.Decode(message);
Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 12);
int dom_len = BitConverterLE.ToUInt16(message, 16);
int dom_off = BitConverterLE.ToUInt16(message, 20);
#if XAMARIN_WEBTESTS
_domain = Encoding.UTF8.GetString(message, dom_off, dom_len);
#else
_domain = Encoding.ASCII.GetString(message, dom_off, dom_len);
#endif
int host_len = BitConverterLE.ToUInt16(message, 24);
#if XAMARIN_WEBTESTS
_host = Encoding.UTF8.GetString(message, 32, host_len);
#else
_host = Encoding.ASCII.GetString(message, 32, host_len);
#endif
}
internal bool ReadFirstBlock()
{
if (this.fs == null)
{
return(false);
}
this.fs.Position = 0L;
this.blockLength = this.fs.Read(this.fileblock, 0, this.fileblock.Length);
this.blockNo = 1;
if (this.blockLength < 64)
{
return(false);
}
if (BitConverterLE.ToUInt16(this.fileblock, 0) != 23117)
{
return(false);
}
this.peOffset = BitConverterLE.ToInt32(this.fileblock, 60);
if (this.peOffset > this.fileblock.Length)
{
string message = string.Format(Locale.GetText("Header size too big (> {0} bytes)."), this.fileblock.Length);
throw new NotSupportedException(message);
}
if ((long)this.peOffset > this.fs.Length)
{
return(false);
}
if (BitConverterLE.ToUInt32(this.fileblock, this.peOffset) != 17744u)
{
return(false);
}
this.dirSecurityOffset = BitConverterLE.ToInt32(this.fileblock, this.peOffset + 152);
this.dirSecuritySize = BitConverterLE.ToInt32(this.fileblock, this.peOffset + 156);
this.coffSymbolTableOffset = BitConverterLE.ToInt32(this.fileblock, this.peOffset + 12);
return(true);
}
internal int ProcessFirstBlock()
{
if (fs == null)
{
return(1);
}
fs.Position = 0L;
blockLength = fs.Read(fileblock, 0, fileblock.Length);
blockNo = 1;
if (blockLength < 64)
{
return(2);
}
if (BitConverterLE.ToUInt16(fileblock, 0) != 23117)
{
return(3);
}
peOffset = BitConverterLE.ToInt32(fileblock, 60);
if (peOffset > fileblock.Length)
{
string message = string.Format(Locale.GetText("Header size too big (> {0} bytes)."), fileblock.Length);
throw new NotSupportedException(message);
}
if (peOffset > fs.Length)
{
return(4);
}
if (BitConverterLE.ToUInt32(fileblock, peOffset) != 17744)
{
return(5);
}
dirSecurityOffset = BitConverterLE.ToInt32(fileblock, peOffset + 152);
dirSecuritySize = BitConverterLE.ToInt32(fileblock, peOffset + 156);
coffSymbolTableOffset = BitConverterLE.ToInt32(fileblock, peOffset + 12);
return(0);
}
internal int ProcessFirstBlock()
{
if (fs == null)
{
return(1);
}
fs.Position = 0;
// read first block - it will include (100% sure)
// the MZ header and (99.9% sure) the PE header
blockLength = fs.Read(fileblock, 0, fileblock.Length);
blockNo = 1;
if (blockLength < 64)
{
return(2); // invalid PE file
}
// 1. Validate the MZ header informations
// 1.1. Check for magic MZ at start of header
if (BitConverterLE.ToUInt16(fileblock, 0) != 0x5A4D)
{
return(3);
}
// 1.2. Find the offset of the PE header
peOffset = BitConverterLE.ToInt32(fileblock, 60);
if (peOffset > fileblock.Length)
{
// just in case (0.1%) this can actually happen
// FIXME This does not mean the file is invalid,
// just that this code cannot handle it.
// FIXME Read the entire file into memory.
// See earlier comments.
string msg = String.Format(Locale.GetText(
"Header size too big (> {0} bytes)."),
fileblock.Length);
throw new NotSupportedException(msg);
}
// FIXME This verifies that PE starts within the file,
// but not that it fits.
if (peOffset > fs.Length)
{
return(4);
}
// 2. Read between DOS header and first part of PE header
// 2.1. Check for magic PE at start of header
// PE - NT header ('P' 'E' 0x00 0x00)
if (BitConverterLE.ToUInt32(fileblock, peOffset) != 0x4550)
{
return(5);
}
// PE signature is followed by 20 byte file header, and
// then 2 byte magic 0x10B for PE32 or 0x20B for PE32+,
// or 0x107 for the obscure ROM case.
// FIXME The code historically ignored this magic value
// entirely, so we only treat 0x20B differently to maintain
// this dubious behavior.
// FIXME The code also lacks range checks in a number of places,
// and will access arrays out of bounds for valid files.
ushort magic = BitConverterLE.ToUInt16(fileblock, peOffset + 24);
const int IMAGE_NT_OPTIONAL_HDR64_MAGIC = 0x20B;
pe64 = magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC;
// FIXME This fails to validate NumberOfRvasAndSizes.
// 2.2. Locate IMAGE_DIRECTORY_ENTRY_SECURITY (offset and size)
// These offsets are from the documentation, but add 24 for
// PE signature and file header.
if (pe64)
{
dirSecurityOffset = BitConverterLE.ToInt32(fileblock, peOffset + 168);
dirSecuritySize = BitConverterLE.ToInt32(fileblock, peOffset + 168 + 4);
}
else
{
dirSecurityOffset = BitConverterLE.ToInt32(fileblock, peOffset + 152);
dirSecuritySize = BitConverterLE.ToInt32(fileblock, peOffset + 156);
}
// FIXME Remove this code and the dependency on it.
coffSymbolTableOffset = BitConverterLE.ToInt32(fileblock, peOffset + 12);
return(0);
}
