Smb2Packet, PacketParser.Packets C# (CSharp) Code-Beispiele

Beispiel #1

0

Datei anzeigen

 internal Smb2CreateRequest(Smb2Packet smb2Packet, int packetStartIndex, int packetEndIndex)
     : base(smb2Packet, packetStartIndex, packetEndIndex, "SMB2 Create")
 {
     this.nameOffset = Utils.ByteConverter.ToUInt16(this.ParentFrame.Data, packetStartIndex + 44, true);
     this.nameLength = Utils.ByteConverter.ToUInt16(this.ParentFrame.Data, packetStartIndex + 46, true);
     this.fileName   = Utils.ByteConverter.ReadString(this.ParentFrame.Data, smb2Packet.PacketStartIndex + this.nameOffset, this.nameLength, true, true);
 }

Beispiel #2

0

Datei anzeigen

            internal Smb2FindResponse(Smb2Packet smb2Packet, int packetStartIndex, int packetEndIndex)
                : base(smb2Packet, packetStartIndex, packetEndIndex, "SMB2 Find Response")
            {
                ushort responseOffset = BitConverter.ToUInt16(this.ParentFrame.Data, PacketStartIndex + 2);
                int    responseSize   = BitConverter.ToInt32(this.ParentFrame.Data, PacketStartIndex + 4);


                this.fileInfoList = new List <Smb2FileInfo>();
                int index            = packetStartIndex + 8;
                int responseEndIndex = index + responseSize;

                while (index < packetEndIndex)
                {
                    Smb2FileInfo fileInfo = new Smb2FileInfo(this.ParentFrame.Data, index, responseEndIndex);
                    fileInfoList.Add(fileInfo);
                    if (fileInfo.NextOffset > 0)
                    {
                        index += fileInfo.NextOffset;
                    }
                    else
                    {
                        break;
                    }
                }
            }

Beispiel #3

0

Datei anzeigen

 internal Smb2ReadRequest(Smb2Packet smb2Packet, int packetStartIndex, int packetEndIndex)
     : base(smb2Packet, packetStartIndex, packetEndIndex, "SMB2 Read")
 {
     this.readLength = BitConverter.ToUInt32(this.ParentFrame.Data, PacketStartIndex + 4);
     this.fileOffset = BitConverter.ToInt64(this.ParentFrame.Data, PacketStartIndex + 8);
     this.fileId     = ReadSmb2FileId(this.ParentFrame.Data, packetStartIndex + 16);
 }

Beispiel #4

0

Datei anzeigen

Datei: Smb2Packet.cs Projekt: mammo0/networkminer-cli

 internal Smb2CreateRequest(Smb2Packet smb2Packet, int packetStartIndex, int packetEndIndex)
     : base(smb2Packet, packetStartIndex, packetEndIndex, "SMB2 Create")
 {
     this.CreateDisposition = Enum.GetName(typeof(CREATE_DISPOSITION), Utils.ByteConverter.ToUInt32(this.ParentFrame.Data, packetStartIndex + 36, 4, true));
     this.nameOffset        = Utils.ByteConverter.ToUInt16(this.ParentFrame.Data, packetStartIndex + 44, true);
     this.nameLength        = Utils.ByteConverter.ToUInt16(this.ParentFrame.Data, packetStartIndex + 46, true);
     this.FileName          = Utils.ByteConverter.ReadString(this.ParentFrame.Data, smb2Packet.PacketStartIndex + this.nameOffset, this.nameLength, true, true);
 }

Beispiel #5

0

Datei anzeigen

 internal class Smb2TreeConnectResponse : Smb2Command { //0x03
     internal Smb2TreeConnectResponse(Smb2Packet smb2Packet, int packetStartIndex, int packetEndIndex)
         : base(smb2Packet, packetStartIndex, packetEndIndex, "SMB2 Tree Connect Response")
     {
         if (base.Smb2Packet.ntStatus == NT_STATUS_SUCCESS)
         {
             //success
         }
     }

Beispiel #6

0

Datei anzeigen

            internal Smb2ReadResponse(Smb2Packet smb2Packet, int packetStartIndex, int packetEndIndex)
                : base(smb2Packet, packetStartIndex, packetEndIndex, "SMB2 Read Response")
            {
                this.dataOffset    = BitConverter.ToUInt16(this.ParentFrame.Data, PacketStartIndex + 2);
                this.dataLength    = BitConverter.ToUInt32(this.ParentFrame.Data, PacketStartIndex + 4);
                this.readRemaining = BitConverter.ToUInt32(this.ParentFrame.Data, PacketStartIndex + 8);

                this.fileData = new byte[this.dataLength];
                Array.Copy(this.ParentFrame.Data, smb2Packet.PacketStartIndex + this.dataOffset, this.fileData, 0, this.dataLength);
            }

Beispiel #7

0

Datei anzeigen

            }                                                       //in lack of a better name I'm using wireshark's "InfoLevel" name. This one specifies the format of the respones

            internal Smb2FindRequest(Smb2Packet smb2Packet, int packetStartIndex, int packetEndIndex)
                : base(smb2Packet, packetStartIndex, packetEndIndex, "SMB2 Find Request")
            {
                this.infoLevel = this.ParentFrame.Data[PacketStartIndex + 2];

                ushort searchPatternOffset = BitConverter.ToUInt16(this.ParentFrame.Data, PacketStartIndex + 24);//offset from start of SMB2 packet
                ushort searchPatternLength = BitConverter.ToUInt16(this.ParentFrame.Data, PacketStartIndex + 26);

                this.searchPattern = Utils.ByteConverter.ReadString(this.ParentFrame.Data, base.Smb2Packet.PacketStartIndex + searchPatternOffset, searchPatternLength, true, true);
            }

Beispiel #8

0

Datei anzeigen

Datei: Smb2Packet.cs Projekt: mammo0/networkminer-cli

            internal Smb2SetInfoRequest(Smb2Packet smb2Packet, int packetStartIndex, int packetEndIndex)
                : base(smb2Packet, packetStartIndex, packetEndIndex, "SMB2 SetInfo")
            {
                //https://wiki.wireshark.org/SMB2/SetInfo
                uint   infoDataLength = Utils.ByteConverter.ToUInt32(this.ParentFrame.Data, packetStartIndex + 4, 4, true);
                ushort infoOffset     = Utils.ByteConverter.ToUInt16(this.ParentFrame.Data, packetStartIndex + 8, true);

                this.FileID = ReadSmb2FileId(this.ParentFrame.Data, packetStartIndex + 16);
                if (this.ParentFrame.Data[packetStartIndex + 3] == 0x14)  //0x14 = SMB2_FILE_ENDOFFILE_INFO
                {
                    this.EndOfFile = (long)Utils.ByteConverter.ToUInt64(ParentFrame.Data, smb2Packet.PacketStartIndex + infoOffset, true);
                }
            }

Beispiel #9

0

Datei anzeigen

 internal Smb2CreateResponse(Smb2Packet smb2Packet, int packetStartIndex, int packetEndIndex)
     : base(smb2Packet, packetStartIndex, packetEndIndex, "SMB2 Create Response")
 {
     this.structureSize = BitConverter.ToInt16(this.ParentFrame.Data, packetStartIndex);
     if (this.structureSize == VALID_STRUCTURE_SIZE)
     {
         this.creationTime   = ReadFileTime(this.ParentFrame.Data, packetStartIndex + 8);
         this.lastAccessTime = ReadFileTime(this.ParentFrame.Data, packetStartIndex + 16);
         this.lastWriteTime  = ReadFileTime(this.ParentFrame.Data, packetStartIndex + 24);
         this.changeTime     = ReadFileTime(this.ParentFrame.Data, packetStartIndex + 32);
         this.fileId         = ReadSmb2FileId(this.ParentFrame.Data, packetStartIndex + 64);
     }
 }

Beispiel #10

0

Datei anzeigen

            internal Smb2WriteRequest(Smb2Packet smb2Packet, int packetStartIndex, int packetEndIndex)
                : base(smb2Packet, packetStartIndex, packetEndIndex, "SMB2 Write")
            {
                this.dataOffset = Utils.ByteConverter.ToUInt16(this.ParentFrame.Data, packetStartIndex + 2, true);
                this.dataLength = Utils.ByteConverter.ToUInt32(this.ParentFrame.Data, packetStartIndex + 4, 4, true);
                this.fileOffset = BitConverter.ToInt64(this.ParentFrame.Data, PacketStartIndex + 8);
                //this.fileOffset = Utils.ByteConverter.ToUInt64(this.ParentFrame.Data, packetStartIndex + 8, true);

                this.fileId = ReadSmb2FileId(this.ParentFrame.Data, packetStartIndex + 16);

                this.fileData = new byte[this.dataLength];
                Array.Copy(this.ParentFrame.Data, smb2Packet.PacketStartIndex + this.dataOffset, this.fileData, 0, this.dataLength);
            }

Beispiel #11

0

Datei anzeigen

 internal Smb2CloseResponse(Smb2Packet smb2Packet, int packetStartIndex, int packetEndIndex)
     : base(smb2Packet, packetStartIndex, packetEndIndex, "SMB2 Close Response")
 {
     if (smb2Packet.ntStatus == NT_STATUS_SUCCESS)  //STATUS_SUCCESS
     {
         ushort structureSize = BitConverter.ToUInt16(this.ParentFrame.Data, packetStartIndex);
         if (structureSize == 0x3c)
         {
             //if status is success
             this.endOfFile = BitConverter.ToInt64(this.ParentFrame.Data, packetStartIndex + 48);
         }
     }
 }

Beispiel #12

0

Datei anzeigen

        public override IEnumerable <AbstractPacket> GetSubPackets(bool includeSelfReference)
        {
            if (includeSelfReference)
            {
                yield return(this);
            }

            if (this.messageType == 0x00 && PacketStartIndex + 4 < PacketEndIndex)
            {
                AbstractPacket packet;

                try {
                    if (ParentFrame.Data[PacketStartIndex + 4] == 0xff)
                    {
                        packet = new SmbPacket(ParentFrame, PacketStartIndex + 4, PacketEndIndex);
                    }
                    else if (ParentFrame.Data[PacketStartIndex + 4] == 0xfe)
                    {
                        packet = new Smb2Packet(ParentFrame, PacketStartIndex + 4, PacketEndIndex);
                    }
                    else
                    {
                        packet = new RawPacket(ParentFrame, PacketStartIndex + 4, PacketEndIndex);
                    }
                }
                catch (Exception e) {
                    SharedUtils.Logger.Log("Error parsing packet in NetBIOS SS payload in " + this.ParentFrame.ToString() + ". " + e.ToString(), SharedUtils.Logger.EventLogEntryType.Warning);
                    packet = new RawPacket(ParentFrame, PacketStartIndex + 4, PacketEndIndex);
                }

                yield return(packet);

                foreach (AbstractPacket subPacket in packet.GetSubPackets(false))
                {
                    yield return(subPacket);
                }
            }
        }

Beispiel #13

0

Datei anzeigen

Datei: NetBiosSessionService.cs Projekt: Masih-tech/NetworkMiner_2-5_source

        public override IEnumerable <AbstractPacket> GetSubPackets(bool includeSelfReference)
        {
            if (includeSelfReference)
            {
                yield return(this);
            }

            if (this.messageType == 0x00 && PacketStartIndex + 4 < PacketEndIndex)
            {
                AbstractPacket packet;

                try {
                    if (ParentFrame.Data[PacketStartIndex + 4] == 0xff)
                    {
                        packet = new SmbPacket(ParentFrame, PacketStartIndex + 4, PacketEndIndex);
                    }
                    else if (ParentFrame.Data[PacketStartIndex + 4] == 0xfe)
                    {
                        packet = new Smb2Packet(ParentFrame, PacketStartIndex + 4, PacketEndIndex);
                    }
                    else
                    {
                        packet = new RawPacket(ParentFrame, PacketStartIndex + 4, PacketEndIndex);
                    }
                }
                catch {
                    packet = new RawPacket(ParentFrame, PacketStartIndex + 4, PacketEndIndex);
                }

                yield return(packet);

                foreach (AbstractPacket subPacket in packet.GetSubPackets(false))
                {
                    yield return(subPacket);
                }
            }
        }

Beispiel #14

0

Datei anzeigen

Datei: NetBiosDatagramServicePacket.cs Projekt: mammo0/networkminer-cli

        public override IEnumerable <AbstractPacket> GetSubPackets(bool includeSelfReference)
        {
            if (includeSelfReference)
            {
                yield return(this);
            }
            //what to do here?? SMB packet???
            if (smbPacketIndex == null)
            {
                yield break;
            }
            else
            {
                AbstractPacket smb = null;
                if (ParentFrame.Data[this.smbPacketIndex.Value] == 0xff)//SMB
                {
                    smb = new SmbPacket(this.ParentFrame, this.smbPacketIndex.Value, this.PacketEndIndex);
                }
                else if (ParentFrame.Data[this.smbPacketIndex.Value] == 0xfe)//SMB2
                {
                    smb = new Smb2Packet(this.ParentFrame, this.smbPacketIndex.Value, this.PacketEndIndex);
                }
                else
                {
                    yield break;
                }

                if (smb != null)
                {
                    foreach (AbstractPacket p in smb.GetSubPackets(true))
                    {
                        yield return(p);
                    }
                }
            }
        }

Beispiel #15

0

Datei anzeigen

 internal Smb2CloseRequest(Smb2Packet smb2Packet, int packetStartIndex, int packetEndIndex)
     : base(smb2Packet, packetStartIndex, packetEndIndex, "SMB2 Close")
 {
     this.fileId = ReadSmb2FileId(this.ParentFrame.Data, packetStartIndex + 8);
 }

Beispiel #16

0

Datei anzeigen

        public override IEnumerable <AbstractPacket> GetSubPackets(bool includeSelfReference)
        {
            if (includeSelfReference)
            {
                yield return(this);
            }
            if (!this.IsResponse || this.ntStatus == NT_STATUS_SUCCESS || this.ntStatus == NT_STATUS_MORE_PROCESSING_REQUIRED)
            {
                if (!this.IsResponse && this.opCode == (ushort)OP_CODE.SessionSetup)  //0x01
                {
                    Smb2SessionSetupRequest p = new Smb2SessionSetupRequest(this, this.PacketStartIndex + this.headerLength, this.PacketEndIndex);
                    yield return(p);

                    foreach (AbstractPacket subPacket in p.GetSubPackets(false))
                    {
                        yield return(subPacket);
                    }
                }
                else if (this.IsResponse && this.opCode == (ushort)OP_CODE.SessionSetup)  //0x01
                {
                    Smb2SessionSetupResponse p = new Smb2SessionSetupResponse(this, this.PacketStartIndex + this.headerLength, this.PacketEndIndex);
                    yield return(p);

                    foreach (AbstractPacket subPacket in p.GetSubPackets(false))
                    {
                        yield return(subPacket);
                    }
                }
                else if (!this.IsResponse && this.opCode == (ushort)OP_CODE.TreeConnect)  //0x03
                {
                    yield return(new Smb2TreeConnectRequest(this, this.PacketStartIndex + this.headerLength, this.PacketEndIndex));
                }
                else if (this.IsResponse && this.opCode == (ushort)OP_CODE.TreeConnect)  //0x03
                {
                    yield return(new Smb2TreeConnectResponse(this, this.PacketStartIndex + this.headerLength, this.PacketEndIndex));
                }
                else if (!this.IsResponse && this.opCode == (ushort)OP_CODE.Create)  //0x05
                {
                    yield return(new Smb2CreateRequest(this, this.PacketStartIndex + this.headerLength, this.PacketEndIndex));
                }
                else if (this.IsResponse && this.opCode == (ushort)OP_CODE.Create)  //0x05
                {
                    yield return(new Smb2CreateResponse(this, this.PacketStartIndex + this.headerLength, this.PacketEndIndex));
                }
                else if (!this.IsResponse && this.opCode == (ushort)OP_CODE.Close)  //0x06
                {
                    yield return(new Smb2CloseRequest(this, this.PacketStartIndex + this.headerLength, this.PacketEndIndex));
                }
                else if (this.IsResponse && this.opCode == (ushort)OP_CODE.Close)  //0x06
                {
                    yield return(new Smb2CloseResponse(this, this.PacketStartIndex + this.headerLength, this.PacketEndIndex));
                }
                else if (!this.IsResponse && this.opCode == (short)OP_CODE.Read)   //0x08
                {
                    yield return(new Smb2ReadRequest(this, this.PacketStartIndex + this.headerLength, this.PacketEndIndex));
                }
                else if (this.IsResponse && this.opCode == (short)OP_CODE.Read)   //0x08
                {
                    yield return(new Smb2ReadResponse(this, this.PacketStartIndex + this.headerLength, this.PacketEndIndex));
                }
                else if (!this.IsResponse && this.opCode == (ushort)OP_CODE.Write)  //0x09
                {
                    yield return(new Smb2WriteRequest(this, this.PacketStartIndex + this.headerLength, this.PacketEndIndex));
                }
                else if (!this.IsResponse && this.opCode == (short)OP_CODE.Find)   //0x0e
                {
                    yield return(new Smb2FindRequest(this, this.PacketStartIndex + this.headerLength, this.PacketEndIndex));
                }
                else if (this.IsResponse && this.opCode == (short)OP_CODE.Find)   //0x0e
                {
                    yield return(new Smb2FindResponse(this, this.PacketStartIndex + this.headerLength, this.PacketEndIndex));
                }
            }

            if (this.chainOffset > 0)
            {
                Smb2Packet chainedPacket = new Smb2Packet(this.ParentFrame, this.PacketStartIndex + (int)this.chainOffset, this.PacketEndIndex);
                yield return(chainedPacket);

                foreach (AbstractPacket subPacket in chainedPacket.GetSubPackets(false))
                {
                    yield return(subPacket);
                }
            }
        }

Beispiel #17

0

Datei anzeigen

 internal Smb2Command(Smb2Packet smb2Packet, int packetStartIndex, int packetEndIndex, string commandName)
     : base(smb2Packet.ParentFrame, packetStartIndex, packetEndIndex, commandName)
 {
     this.smb2Packet = smb2Packet;
 }

Beispiel #18

0

Datei anzeigen

 internal Smb2SessionSetupResponse(Smb2Packet smb2Packet, int packetStartIndex, int packetEndIndex)
     : base(smb2Packet, packetStartIndex, packetEndIndex, "SMB2 Session Setup Response")
 {
     this.blobOffset = Utils.ByteConverter.ToUInt16(this.ParentFrame.Data, packetStartIndex + 4, true);
     this.blobLength = Utils.ByteConverter.ToUInt16(this.ParentFrame.Data, packetStartIndex + 6, true);
 }

C# (CSharp) PacketParser.Packets Smb2Packet Beispiele