void Decode(byte[] message, int startIndex, int length)
{
ValidateArguments(message, startIndex, length);
Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, startIndex + 20);
Buffer.BlockCopy(message, startIndex + 24, nonce, 0, 8);
var targetNameLength = BitConverterLE.ToUInt16(message, startIndex + 12);
var targetNameOffset = BitConverterLE.ToUInt16(message, startIndex + 16);
if (targetNameLength > 0)
{
var encoding = (Flags & NtlmFlags.NegotiateOem) != 0 ? Encoding.UTF8 : Encoding.Unicode;
TargetName = encoding.GetString(message, startIndex + targetNameOffset, targetNameLength);
}
// The Target Info block is optional.
if (message.Length >= 48 && targetNameOffset >= 48)
{
var targetInfoLength = BitConverterLE.ToUInt16(message, startIndex + 40);
var targetInfoOffset = BitConverterLE.ToUInt16(message, startIndex + 44);
if (targetInfoLength > 0 && targetInfoOffset < message.Length && targetInfoLength <= (message.Length - targetInfoOffset))
{
TargetInfo = new TargetInfo(message, targetInfoOffset, targetInfoLength, (Flags & NtlmFlags.NegotiateUnicode) != 0);
targetInfo = new byte[targetInfoLength];
Buffer.BlockCopy(message, startIndex + targetInfoOffset, targetInfo, 0, targetInfoLength);
}
}
}
static long DecodeTimestamp(byte[] buffer, ref int index)
{
short nbytes = BitConverterLE.ToInt16(buffer, index);
long lo, hi;
index += 2;
switch (nbytes)
{
case 8:
lo = BitConverterLE.ToUInt32(buffer, index);
index += 4;
hi = BitConverterLE.ToUInt32(buffer, index);
index += 4;
return((hi << 32) | lo);
case 4:
lo = BitConverterLE.ToUInt32(buffer, index);
index += 4;
return(lo);
case 2:
lo = BitConverterLE.ToUInt16(buffer, index);
index += 2;
return(lo);
default:
index += nbytes;
return(0);
}
}
void Decode(byte[] message, int startIndex, int length)
{
int offset, count;
ValidateArguments(message, startIndex, length);
Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, startIndex + 12);
// decode the domain
count = BitConverterLE.ToUInt16(message, startIndex + 16);
offset = BitConverterLE.ToUInt16(message, startIndex + 20);
domain = Encoding.UTF8.GetString(message, startIndex + offset, count);
// decode the workstation/host
count = BitConverterLE.ToUInt16(message, startIndex + 24);
offset = BitConverterLE.ToUInt16(message, startIndex + 28);
host = Encoding.UTF8.GetString(message, startIndex + offset, count);
if (offset == 40)
{
// decode the OS Version
int major = message[startIndex + 32];
int minor = message[startIndex + 33];
int build = BitConverterLE.ToUInt16(message, startIndex + 34);
OSVersion = new Version(major, minor, build);
}
}
void Decode(byte[] message, int startIndex, int length)
{
ValidateArguments(message, startIndex, length);
Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, startIndex + 12);
// decode the domain
var domainLength = BitConverterLE.ToUInt16(message, startIndex + 16);
var domainOffset = BitConverterLE.ToUInt16(message, startIndex + 20);
domain = Encoding.UTF8.GetString(message, startIndex + domainOffset, domainLength);
// decode the workstation/host
var workstationLength = BitConverterLE.ToUInt16(message, startIndex + 24);
var workstationOffset = BitConverterLE.ToUInt16(message, startIndex + 28);
host = Encoding.UTF8.GetString(message, startIndex + workstationOffset, workstationLength);
if ((Flags & NtlmFlags.NegotiateVersion) != 0 && length >= 40)
{
// decode the OS Version
int major = message[startIndex + 32];
int minor = message[startIndex + 33];
int build = BitConverterLE.ToUInt16(message, startIndex + 34);
OSVersion = new Version(major, minor, build);
}
}
static long DecodeTimestamp(byte[] buffer, ref int index, out short size)
{
size = BitConverterLE.ToInt16(buffer, index);
long value;
index += 2;
switch (size)
{
case 8:
long lo = BitConverterLE.ToUInt32(buffer, index);
long hi = BitConverterLE.ToUInt32(buffer, index + 4);
value = (hi << 32) | lo;
break;
case 4: value = BitConverterLE.ToUInt32(buffer, index); break;
case 2: value = BitConverterLE.ToUInt16(buffer, index); break;
default: value = 0; break;
}
index += size;
return(value);
}
void Decode(byte[] message, int startIndex, int length)
{
ValidateArguments(message, startIndex, length);
Password = null;
if (message.Length >= 64)
{
Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, startIndex + 60);
}
else
{
Flags = (NtlmFlags)0x8201;
}
int lmLength = BitConverterLE.ToUInt16(message, startIndex + 12);
int lmOffset = BitConverterLE.ToUInt16(message, startIndex + 16);
LM = new byte[lmLength];
Buffer.BlockCopy(message, startIndex + lmOffset, LM, 0, lmLength);
int ntLength = BitConverterLE.ToUInt16(message, startIndex + 20);
int ntOffset = BitConverterLE.ToUInt16(message, startIndex + 24);
NT = new byte[ntLength];
Buffer.BlockCopy(message, startIndex + ntOffset, NT, 0, ntLength);
int domainLength = BitConverterLE.ToUInt16(message, startIndex + 28);
int domainOffset = BitConverterLE.ToUInt16(message, startIndex + 32);
Domain = DecodeString(message, startIndex + domainOffset, domainLength);
int userLength = BitConverterLE.ToUInt16(message, startIndex + 36);
int userOffset = BitConverterLE.ToUInt16(message, startIndex + 40);
Username = DecodeString(message, startIndex + userOffset, userLength);
int hostLength = BitConverterLE.ToUInt16(message, startIndex + 44);
int hostOffset = BitConverterLE.ToUInt16(message, startIndex + 48);
Host = DecodeString(message, startIndex + hostOffset, hostLength);
// Session key. We don't use it yet.
//int skeyLength = BitConverterLE.ToUInt16 (message, startIndex + 52);
//int skeyOffset = BitConverterLE.ToUInt16 (message, startIndex + 56);
// OSVersion
if ((Flags & NtlmFlags.NegotiateVersion) != 0 && length >= 72)
{
// decode the OS Version
int major = message[startIndex + 64];
int minor = message[startIndex + 65];
int build = BitConverterLE.ToUInt16(message, startIndex + 66);
OSVersion = new Version(major, minor, build);
}
}
void Decode(byte[] message, int startIndex, int length)
{
ValidateArguments(message, startIndex, length);
Password = null;
if (message.Length >= 64)
{
Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, startIndex + 60);
}
else
{
Flags = (NtlmFlags)0x8201;
}
int lmLength = BitConverterLE.ToUInt16(message, startIndex + 12);
int lmOffset = BitConverterLE.ToUInt16(message, startIndex + 16);
LM = new byte[lmLength];
Buffer.BlockCopy(message, startIndex + lmOffset, LM, 0, lmLength);
int ntLength = BitConverterLE.ToUInt16(message, startIndex + 20);
int ntOffset = BitConverterLE.ToUInt16(message, startIndex + 24);
NT = new byte[ntLength];
Buffer.BlockCopy(message, startIndex + ntOffset, NT, 0, ntLength);
int domainLength = BitConverterLE.ToUInt16(message, startIndex + 28);
int domainOffset = BitConverterLE.ToUInt16(message, startIndex + 32);
domain = DecodeString(message, startIndex + domainOffset, domainLength);
int userLength = BitConverterLE.ToUInt16(message, startIndex + 36);
int userOffset = BitConverterLE.ToUInt16(message, startIndex + 40);
Username = DecodeString(message, startIndex + userOffset, userLength);
int hostLength = BitConverterLE.ToUInt16(message, startIndex + 44);
int hostOffset = BitConverterLE.ToUInt16(message, startIndex + 48);
host = DecodeString(message, startIndex + hostOffset, hostLength);
// Session key. We don't use it yet.
// int skeyLength = BitConverterLE.ToUInt16 (message, startIndex + 52);
// int skeyOffset = BitConverterLE.ToUInt16 (message, startIndex + 56);
}
void Decode(byte[] message, int startIndex, int length)
{
ValidateArguments(message, startIndex, length);
Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, startIndex + 20);
Buffer.BlockCopy(message, startIndex + 24, nonce, 0, 8);
var targetNameLength = BitConverterLE.ToUInt16(message, startIndex + 12);
var targetNameOffset = BitConverterLE.ToUInt16(message, startIndex + 16);
if (targetNameLength > 0)
{
var encoding = (Flags & NtlmFlags.NegotiateUnicode) != 0 ? Encoding.Unicode : Encoding.UTF8;
TargetName = encoding.GetString(message, startIndex + targetNameOffset, targetNameLength);
}
if ((Flags & NtlmFlags.NegotiateVersion) != 0 && length >= 56)
{
// decode the OS Version
int major = message[startIndex + 48];
int minor = message[startIndex + 49];
int build = BitConverterLE.ToUInt16(message, startIndex + 50);
OSVersion = new Version(major, minor, build);
}
// The Target Info block is optional.
if (length >= 48 && targetNameOffset >= 48)
{
var targetInfoLength = BitConverterLE.ToUInt16(message, startIndex + 40);
var targetInfoOffset = BitConverterLE.ToUInt16(message, startIndex + 44);
if (targetInfoLength > 0 && targetInfoOffset < length && targetInfoLength <= (length - targetInfoOffset))
{
TargetInfo = new TargetInfo(message, startIndex + targetInfoOffset, targetInfoLength, (Flags & NtlmFlags.NegotiateOem) == 0);
targetInfo = new byte[targetInfoLength];
Buffer.BlockCopy(message, startIndex + targetInfoOffset, targetInfo, 0, targetInfoLength);
}
}
}
void Decode(byte[] message, int startIndex, int length)
{
int payloadOffset = length;
int micOffset = 64;
ValidateArguments(message, startIndex, length);
if (message.Length >= 64)
{
Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, startIndex + 60);
}
else
{
Flags = (NtlmFlags)0x8201;
}
int lmLength = BitConverterLE.ToUInt16(message, startIndex + 12);
int lmOffset = BitConverterLE.ToUInt16(message, startIndex + 16);
LmChallengeResponse = new byte[lmLength];
Buffer.BlockCopy(message, startIndex + lmOffset, LmChallengeResponse, 0, lmLength);
payloadOffset = Math.Min(payloadOffset, lmOffset);
int ntLength = BitConverterLE.ToUInt16(message, startIndex + 20);
int ntOffset = BitConverterLE.ToUInt16(message, startIndex + 24);
NtChallengeResponse = new byte[ntLength];
Buffer.BlockCopy(message, startIndex + ntOffset, NtChallengeResponse, 0, ntLength);
payloadOffset = Math.Min(payloadOffset, ntOffset);
int domainLength = BitConverterLE.ToUInt16(message, startIndex + 28);
int domainOffset = BitConverterLE.ToUInt16(message, startIndex + 32);
Domain = DecodeString(message, startIndex + domainOffset, domainLength);
payloadOffset = Math.Min(payloadOffset, domainOffset);
int userLength = BitConverterLE.ToUInt16(message, startIndex + 36);
int userOffset = BitConverterLE.ToUInt16(message, startIndex + 40);
UserName = DecodeString(message, startIndex + userOffset, userLength);
payloadOffset = Math.Min(payloadOffset, userOffset);
int workstationLength = BitConverterLE.ToUInt16(message, startIndex + 44);
int workstationOffset = BitConverterLE.ToUInt16(message, startIndex + 48);
Workstation = DecodeString(message, startIndex + workstationOffset, workstationLength);
payloadOffset = Math.Min(payloadOffset, workstationOffset);
int skeyLength = BitConverterLE.ToUInt16(message, startIndex + 52);
int skeyOffset = BitConverterLE.ToUInt16(message, startIndex + 56);
EncryptedRandomSessionKey = new byte[skeyLength];
Buffer.BlockCopy(message, startIndex + skeyOffset, EncryptedRandomSessionKey, 0, skeyLength);
payloadOffset = Math.Min(payloadOffset, skeyOffset);
// OSVersion
if ((Flags & NtlmFlags.NegotiateVersion) != 0 && length >= 72)
{
// decode the OS Version
int major = message[startIndex + 64];
int minor = message[startIndex + 65];
int build = BitConverterLE.ToUInt16(message, startIndex + 66);
OSVersion = new Version(major, minor, build);
micOffset += 8;
}
// MIC
if (micOffset + 16 <= payloadOffset)
{
Mic = new byte[16];
Buffer.BlockCopy(message, startIndex + micOffset, Mic, 0, Mic.Length);
}
}