예제 #1
0
        protected override void Decode(byte[] message)
        {
            base.Decode(message);
            if (BitConverterLE.ToUInt16(message, 56) != message.Length)
            {
                string text = Locale.GetText("Invalid Type3 message length.");
                throw new ArgumentException(text, "message");
            }
            _password = null;
            int count = BitConverterLE.ToUInt16(message, 28);
            int index = 64;

            _domain = Encoding.Unicode.GetString(message, index, count);
            int count2 = BitConverterLE.ToUInt16(message, 44);
            int index2 = BitConverterLE.ToUInt16(message, 48);

            _host = Encoding.Unicode.GetString(message, index2, count2);
            int count3 = BitConverterLE.ToUInt16(message, 36);
            int index3 = BitConverterLE.ToUInt16(message, 40);

            _username = Encoding.Unicode.GetString(message, index3, count3);
            _lm       = new byte[24];
            int srcOffset = BitConverterLE.ToUInt16(message, 16);

            Buffer.BlockCopy(message, srcOffset, _lm, 0, 24);
            _nt = new byte[24];
            int srcOffset2 = BitConverterLE.ToUInt16(message, 24);

            Buffer.BlockCopy(message, srcOffset2, _nt, 0, 24);
            if (message.Length >= 64)
            {
                base.Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 60);
            }
        }
예제 #2
0
        protected override void Decode(byte[] message)
        {
            base.Decode(message);
            if ((int)BitConverterLE.ToUInt16(message, 56) != message.Length)
            {
                throw new ArgumentException(Locale.GetText("Invalid Type3 message length."), nameof(message));
            }
            this._password = (string)null;
            int uint16_1 = (int)BitConverterLE.ToUInt16(message, 28);
            int index    = 64;

            this._domain = Encoding.Unicode.GetString(message, index, uint16_1);
            int uint16_2 = (int)BitConverterLE.ToUInt16(message, 44);
            int uint16_3 = (int)BitConverterLE.ToUInt16(message, 48);

            this._host = Encoding.Unicode.GetString(message, uint16_3, uint16_2);
            int uint16_4 = (int)BitConverterLE.ToUInt16(message, 36);
            int uint16_5 = (int)BitConverterLE.ToUInt16(message, 40);

            this._username = Encoding.Unicode.GetString(message, uint16_5, uint16_4);
            this._lm       = new byte[24];
            int uint16_6 = (int)BitConverterLE.ToUInt16(message, 16);

            Buffer.BlockCopy((Array)message, uint16_6, (Array)this._lm, 0, 24);
            this._nt = new byte[24];
            int uint16_7 = (int)BitConverterLE.ToUInt16(message, 24);

            Buffer.BlockCopy((Array)message, uint16_7, (Array)this._nt, 0, 24);
            if (message.Length < 64)
            {
                return;
            }
            this.Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 60);
        }
예제 #3
0
        // methods

        protected override void Decode(byte[] message)
        {
            base.Decode(message);

            Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 20);

            Buffer.BlockCopy(message, 24, _nonce, 0, 8);

            var tname_len = BitConverterLE.ToUInt16(message, 12);
            var tname_off = BitConverterLE.ToUInt16(message, 16);

            if (tname_len > 0)
            {
                if ((Flags & NtlmFlags.NegotiateOem) != 0)
                {
                    _targetName = Encoding.ASCII.GetString(message, tname_off, tname_len);
                }
                else
                {
                    _targetName = Encoding.Unicode.GetString(message, tname_off, tname_len);
                }
            }

            // The Target Info block is optional.
            if (message.Length >= 48)
            {
                var tinfo_len = BitConverterLE.ToUInt16(message, 40);
                var tinfo_off = BitConverterLE.ToUInt16(message, 44);
                if (tinfo_len > 0)
                {
                    _targetInfo = new byte [tinfo_len];
                    Buffer.BlockCopy(message, tinfo_off, _targetInfo, 0, tinfo_len);
                }
            }
        }
예제 #4
0
 internal int ProcessFirstBlock()
 {
     if (this.fs == null)
     {
         return(1);
     }
     this.fs.Position = 0L;
     this.blockLength = this.fs.Read(this.fileblock, 0, this.fileblock.Length);
     this.blockNo     = 1;
     if (this.blockLength < 0x40)
     {
         return(2);
     }
     if (BitConverterLE.ToUInt16(this.fileblock, 0) != 0x5a4d)
     {
         return(3);
     }
     this.peOffset = BitConverterLE.ToInt32(this.fileblock, 60);
     if (this.peOffset > this.fileblock.Length)
     {
         throw new NotSupportedException(string.Format(Locale.GetText("Header size too big (> {0} bytes)."), this.fileblock.Length));
     }
     if (this.peOffset > this.fs.Length)
     {
         return(4);
     }
     if (BitConverterLE.ToUInt32(this.fileblock, this.peOffset) != 0x4550)
     {
         return(5);
     }
     this.dirSecurityOffset     = BitConverterLE.ToInt32(this.fileblock, this.peOffset + 0x98);
     this.dirSecuritySize       = BitConverterLE.ToInt32(this.fileblock, this.peOffset + 0x9c);
     this.coffSymbolTableOffset = BitConverterLE.ToInt32(this.fileblock, this.peOffset + 12);
     return(0);
 }
예제 #5
0
        // methods

        protected override void Decode(byte[] message)
        {
            base.Decode(message);

            Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 12);
            if (Version == NtlmVersion.Version1)
            {
                return;
            }

            int dom_len = BitConverterLE.ToUInt16(message, 16);
            int dom_off = BitConverterLE.ToUInt16(message, 20);

            _domain = Encoding.ASCII.GetString(message, dom_off, dom_len);

            int host_len = BitConverterLE.ToUInt16(message, 24);
            int host_off = BitConverterLE.ToUInt16(message, 28);

            _host = Encoding.ASCII.GetString(message, host_off, host_len);

            if (Version != NtlmVersion.Version3)
            {
                return;
            }
            OSVersion = CreateSubArray(message, 32, 8);
        }
예제 #6
0
        internal int ProcessFirstBlock()
        {
            if (fs == null)
            {
                return(1);
            }

            fs.Position = 0;
            // read first block - it will include (100% sure)
            // the MZ header and (99.9% sure) the PE header
            blockLength = fs.Read(fileblock, 0, fileblock.Length);
            blockNo     = 1;
            if (blockLength < 64)
            {
                return(2);                      // invalid PE file
            }
            // 1. Validate the MZ header informations
            // 1.1. Check for magic MZ at start of header
            if (BitConverterLE.ToUInt16(fileblock, 0) != 0x5A4D)
            {
                return(3);
            }

            // 1.2. Find the offset of the PE header
            peOffset = BitConverterLE.ToInt32(fileblock, 60);
            if (peOffset > fileblock.Length)
            {
                // just in case (0.1%) this can actually happen
                string msg = String.Format(
                    "Размер заголовка слишком большой (> {0} байт).",
                    fileblock.Length);
                throw new NotSupportedException(msg);
            }
            if (peOffset > fs.Length)
            {
                return(4);
            }

            // 2. Read between DOS header and first part of PE header
            // 2.1. Check for magic PE at start of header
            //	PE - NT header ('P' 'E' 0x00 0x00)
            if (BitConverterLE.ToUInt32(fileblock, peOffset) != 0x4550)
            {
                return(5);
            }

            // 2.2. Locate IMAGE_DIRECTORY_ENTRY_SECURITY (offset and size)
            dirSecurityOffset = BitConverterLE.ToInt32(fileblock, peOffset + 152);
            dirSecuritySize   = BitConverterLE.ToInt32(fileblock, peOffset + 156);

            // COFF symbol tables are deprecated - we'll strip them if we see them!
            // (otherwise the signature won't work on MS and we don't want to support COFF for that)
            coffSymbolTableOffset = BitConverterLE.ToInt32(fileblock, peOffset + 12);

            return(0);
        }
예제 #7
0
        protected override void Decode(byte[] message)
        {
            base.Decode(message);
            this.Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 12);
            int uint16_1 = (int)BitConverterLE.ToUInt16(message, 16);
            int uint16_2 = (int)BitConverterLE.ToUInt16(message, 20);

            this._domain = Encoding.ASCII.GetString(message, uint16_2, uint16_1);
            int uint16_3 = (int)BitConverterLE.ToUInt16(message, 24);

            this._host = Encoding.ASCII.GetString(message, 32, uint16_3);
        }
예제 #8
0
        protected override void Decode(byte[] message)
        {
            base.Decode(message);
            base.Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 12);
            int count = BitConverterLE.ToUInt16(message, 16);
            int index = BitConverterLE.ToUInt16(message, 20);

            _domain = Encoding.ASCII.GetString(message, index, count);
            int count2 = BitConverterLE.ToUInt16(message, 24);

            _host = Encoding.ASCII.GetString(message, 32, count2);
        }
예제 #9
0
        // methods

        protected override void Decode(byte[] message)
        {
            base.Decode(message);

            if (BitConverterLE.ToUInt16(message, 56) != message.Length)
            {
                string msg = Locale.GetText("Invalid Type3 message length.");
                throw new ArgumentException(msg, "message");
            }

            _password = null;

            if (message.Length >= 64)
            {
                Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 60);
            }
            else
            {
                Flags = (NtlmFlags)0x8201;
            }

            int lm_len = BitConverterLE.ToUInt16(message, 12);
            int lm_off = BitConverterLE.ToUInt16(message, 16);

            _lm = new byte [lm_len];
            Buffer.BlockCopy(message, lm_off, _lm, 0, lm_len);

            int nt_len = BitConverterLE.ToUInt16(message, 20);
            int nt_off = BitConverterLE.ToUInt16(message, 24);

            _nt = new byte [nt_len];
            Buffer.BlockCopy(message, nt_off, _nt, 0, nt_len);

            int dom_len = BitConverterLE.ToUInt16(message, 28);
            int dom_off = BitConverterLE.ToUInt16(message, 32);

            _domain = DecodeString(message, dom_off, dom_len);

            int user_len = BitConverterLE.ToUInt16(message, 36);
            int user_off = BitConverterLE.ToUInt16(message, 40);

            _username = DecodeString(message, user_off, user_len);

            int host_len = BitConverterLE.ToUInt16(message, 44);
            int host_off = BitConverterLE.ToUInt16(message, 48);

            _host = DecodeString(message, host_off, host_len);

            // Session key.  We don't use it yet.
            // int skey_len = BitConverterLE.ToUInt16 (message, 52);
            // int skey_off = BitConverterLE.ToUInt16 (message, 56);
        }
예제 #10
0
        // methods

        protected override void Decode(byte[] message)
        {
            base.Decode(message);

            Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 12);

            int dom_len = BitConverterLE.ToUInt16(message, 16);
            int dom_off = BitConverterLE.ToUInt16(message, 20);

            _domain = Encoding.ASCII.GetString(message, dom_off, dom_len);

            int host_len = BitConverterLE.ToUInt16(message, 24);

            _host = Encoding.ASCII.GetString(message, 32, host_len);
        }
예제 #11
0
        // methods

        protected override void Decode(byte[] message)
        {
            base.Decode(message);

            _password = null;

            if (message.Length >= 64)
            {
                Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 60);
            }
            else
            {
                Flags = (NtlmFlags)0x8201;
            }

            int lm_len = BitConverterLE.ToUInt16(message, 12);
            int lm_off = BitConverterLE.ToUInt16(message, 16);

            _lm = new byte [lm_len];
            Buffer.BlockCopy(message, lm_off, _lm, 0, lm_len);

            int nt_len = BitConverterLE.ToUInt16(message, 20);
            int nt_off = BitConverterLE.ToUInt16(message, 24);

            _nt = new byte [nt_len];
            Buffer.BlockCopy(message, nt_off, _nt, 0, nt_len);

            int dom_len = BitConverterLE.ToUInt16(message, 28);
            int dom_off = BitConverterLE.ToUInt16(message, 32);

            _domain = DecodeString(message, dom_off, dom_len);

            int user_len = BitConverterLE.ToUInt16(message, 36);
            int user_off = BitConverterLE.ToUInt16(message, 40);

            _username = DecodeString(message, user_off, user_len);

            int host_len = BitConverterLE.ToUInt16(message, 44);
            int host_off = BitConverterLE.ToUInt16(message, 48);

            _host = DecodeString(message, host_off, host_len);

            // Session key.  We don't use it yet.
            // int skey_len = BitConverterLE.ToUInt16 (message, 52);
            // int skey_off = BitConverterLE.ToUInt16 (message, 56);
        }
예제 #12
0
        // methods

        protected override void Decode(byte[] message)
        {
            base.Decode(message);

            // FIXME: This Version condition is introduced to make
            // nunit tests pass, and hence not based on the NTLM
            // analysis docs. Find out the reason why it is needed.
            if (Version == NtlmVersion.Version1 &&
                BitConverterLE.ToUInt16(message, 56) != message.Length)
            {
                string msg = Locale.GetText("Invalid Type3 message length.");
                throw new ArgumentException(msg, "message");
            }

            _password = null;

            int dom_len = BitConverterLE.ToUInt16(message, 28);
            int dom_off = BitConverterLE.ToUInt16(message, 32);

            _domain = Encoding.Unicode.GetString(message, dom_off, dom_len);

            int host_len = BitConverterLE.ToUInt16(message, 44);
            int host_off = BitConverterLE.ToUInt16(message, 48);

            _host = Encoding.Unicode.GetString(message, host_off, host_len);

            int user_len = BitConverterLE.ToUInt16(message, 36);
            int user_off = BitConverterLE.ToUInt16(message, 40);

            _username = Encoding.Unicode.GetString(message, user_off, user_len);

            _lm = new byte [24];
            int lm_off = BitConverterLE.ToUInt16(message, 16);

            Buffer.BlockCopy(message, lm_off, _lm, 0, 24);

            _nt = new byte [24];
            int nt_off = BitConverterLE.ToUInt16(message, 24);

            Buffer.BlockCopy(message, nt_off, _nt, 0, 24);

            if (message.Length >= 64)
            {
                Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 60);
            }
        }
예제 #13
0
        // methods

        protected override void Decode(byte[] message)
        {
            base.Decode(message);

            if (BitConverterLE.ToUInt16(message, 56) != message.Length)
            {
                string msg = Locale.GetText("Invalid Type3 message length.");
                throw new ArgumentException(msg, "message");
            }

            _password = null;

            int dom_len = BitConverterLE.ToUInt16(message, 28);
            int dom_off = 64;

            _domain = Encoding.Unicode.GetString(message, dom_off, dom_len);

            int host_len = BitConverterLE.ToUInt16(message, 44);
            int host_off = BitConverterLE.ToUInt16(message, 48);

            _host = Encoding.Unicode.GetString(message, host_off, host_len);

            int user_len = BitConverterLE.ToUInt16(message, 36);
            int user_off = BitConverterLE.ToUInt16(message, 40);

            _username = Encoding.Unicode.GetString(message, user_off, user_len);

            _lm = new byte [24];
            int lm_off = BitConverterLE.ToUInt16(message, 16);

            Buffer.BlockCopy(message, lm_off, _lm, 0, 24);

            _nt = new byte [24];
            int nt_off = BitConverterLE.ToUInt16(message, 24);

            Buffer.BlockCopy(message, nt_off, _nt, 0, 24);

            if (message.Length >= 64)
            {
                Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 60);
            }
        }
예제 #14
0
        // methods

        protected override void Decode(byte[] message)
        {
            base.Decode(message);

            Flags = (NtlmFlags)BitConverterLE.ToUInt32(message, 12);

            int dom_len = BitConverterLE.ToUInt16(message, 16);
            int dom_off = BitConverterLE.ToUInt16(message, 20);

                        #if XAMARIN_WEBTESTS
            _domain = Encoding.UTF8.GetString(message, dom_off, dom_len);
                        #else
            _domain = Encoding.ASCII.GetString(message, dom_off, dom_len);
                        #endif

            int host_len = BitConverterLE.ToUInt16(message, 24);
                        #if XAMARIN_WEBTESTS
            _host = Encoding.UTF8.GetString(message, 32, host_len);
                        #else
            _host = Encoding.ASCII.GetString(message, 32, host_len);
                        #endif
        }
예제 #15
0
 internal bool ReadFirstBlock()
 {
     if (this.fs == null)
     {
         return(false);
     }
     this.fs.Position = 0L;
     this.blockLength = this.fs.Read(this.fileblock, 0, this.fileblock.Length);
     this.blockNo     = 1;
     if (this.blockLength < 64)
     {
         return(false);
     }
     if (BitConverterLE.ToUInt16(this.fileblock, 0) != 23117)
     {
         return(false);
     }
     this.peOffset = BitConverterLE.ToInt32(this.fileblock, 60);
     if (this.peOffset > this.fileblock.Length)
     {
         string message = string.Format(Locale.GetText("Header size too big (> {0} bytes)."), this.fileblock.Length);
         throw new NotSupportedException(message);
     }
     if ((long)this.peOffset > this.fs.Length)
     {
         return(false);
     }
     if (BitConverterLE.ToUInt32(this.fileblock, this.peOffset) != 17744u)
     {
         return(false);
     }
     this.dirSecurityOffset     = BitConverterLE.ToInt32(this.fileblock, this.peOffset + 152);
     this.dirSecuritySize       = BitConverterLE.ToInt32(this.fileblock, this.peOffset + 156);
     this.coffSymbolTableOffset = BitConverterLE.ToInt32(this.fileblock, this.peOffset + 12);
     return(true);
 }
예제 #16
0
 internal int ProcessFirstBlock()
 {
     if (fs == null)
     {
         return(1);
     }
     fs.Position = 0L;
     blockLength = fs.Read(fileblock, 0, fileblock.Length);
     blockNo     = 1;
     if (blockLength < 64)
     {
         return(2);
     }
     if (BitConverterLE.ToUInt16(fileblock, 0) != 23117)
     {
         return(3);
     }
     peOffset = BitConverterLE.ToInt32(fileblock, 60);
     if (peOffset > fileblock.Length)
     {
         string message = string.Format(Locale.GetText("Header size too big (> {0} bytes)."), fileblock.Length);
         throw new NotSupportedException(message);
     }
     if (peOffset > fs.Length)
     {
         return(4);
     }
     if (BitConverterLE.ToUInt32(fileblock, peOffset) != 17744)
     {
         return(5);
     }
     dirSecurityOffset     = BitConverterLE.ToInt32(fileblock, peOffset + 152);
     dirSecuritySize       = BitConverterLE.ToInt32(fileblock, peOffset + 156);
     coffSymbolTableOffset = BitConverterLE.ToInt32(fileblock, peOffset + 12);
     return(0);
 }
예제 #17
0
        internal int ProcessFirstBlock()
        {
            if (fs == null)
            {
                return(1);
            }

            fs.Position = 0;
            // read first block - it will include (100% sure)
            // the MZ header and (99.9% sure) the PE header
            blockLength = fs.Read(fileblock, 0, fileblock.Length);
            blockNo     = 1;
            if (blockLength < 64)
            {
                return(2);                      // invalid PE file
            }
            // 1. Validate the MZ header informations
            // 1.1. Check for magic MZ at start of header
            if (BitConverterLE.ToUInt16(fileblock, 0) != 0x5A4D)
            {
                return(3);
            }

            // 1.2. Find the offset of the PE header
            peOffset = BitConverterLE.ToInt32(fileblock, 60);
            if (peOffset > fileblock.Length)
            {
                // just in case (0.1%) this can actually happen
                // FIXME This does not mean the file is invalid,
                // just that this code cannot handle it.
                // FIXME Read the entire file into memory.
                // See earlier comments.
                string msg = String.Format(Locale.GetText(
                                               "Header size too big (> {0} bytes)."),
                                           fileblock.Length);
                throw new NotSupportedException(msg);
            }
            // FIXME This verifies that PE starts within the file,
            // but not that it fits.
            if (peOffset > fs.Length)
            {
                return(4);
            }

            // 2. Read between DOS header and first part of PE header
            // 2.1. Check for magic PE at start of header
            //	PE - NT header ('P' 'E' 0x00 0x00)
            if (BitConverterLE.ToUInt32(fileblock, peOffset) != 0x4550)
            {
                return(5);
            }

            // PE signature is followed by 20 byte file header, and
            // then 2 byte magic 0x10B for PE32 or 0x20B for PE32+,
            // or 0x107 for the obscure ROM case.
            // FIXME The code historically ignored this magic value
            // entirely, so we only treat 0x20B differently to maintain
            // this dubious behavior.
            // FIXME The code also lacks range checks in a number of places,
            // and will access arrays out of bounds for valid files.

            ushort    magic = BitConverterLE.ToUInt16(fileblock, peOffset + 24);
            const int IMAGE_NT_OPTIONAL_HDR64_MAGIC = 0x20B;

            pe64 = magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC;

            // FIXME This fails to validate NumberOfRvasAndSizes.
            // 2.2. Locate IMAGE_DIRECTORY_ENTRY_SECURITY (offset and size)
            // These offsets are from the documentation, but add 24 for
            // PE signature and file header.
            if (pe64)
            {
                dirSecurityOffset = BitConverterLE.ToInt32(fileblock, peOffset + 168);
                dirSecuritySize   = BitConverterLE.ToInt32(fileblock, peOffset + 168 + 4);
            }
            else
            {
                dirSecurityOffset = BitConverterLE.ToInt32(fileblock, peOffset + 152);
                dirSecuritySize   = BitConverterLE.ToInt32(fileblock, peOffset + 156);
            }

            // FIXME Remove this code and the dependency on it.
            coffSymbolTableOffset = BitConverterLE.ToInt32(fileblock, peOffset + 12);

            return(0);
        }