private void ReadCommonHeader(NdrBinaryStream pacStream) { Version = pacStream.Read(1)[0]; if (Version != NdrConstants.PROTOCOL_VERSION) { throw new InvalidDataException($"Unknown Protocol version {Version}"); } var headerBits = pacStream.Read(1)[0]; var endian = headerBits >> 4 & 0x0F; if (endian != 0 && endian != 1) { throw new InvalidDataException($"Unknown endianness {endian}"); } Endian = Convert.ToBoolean(endian); Encoding = (byte)(headerBits & 0x0F); if (Encoding != 0 && Encoding != 1) { throw new InvalidDataException($"Unknown encoding {Encoding}"); } Length = pacStream.ReadShort(); if (Length != NdrConstants.COMMON_HEADER_BYTES) { throw new InvalidDataException($"Unknown common header length {Length}"); } }
public RpcHeader(NdrBinaryStream pacStream) { ReadCommonHeader(pacStream); pacStream.Read(4); pacStream.Read(8); pacStream.Read(4); }
public override void ReadBody(NdrBinaryStream stream) { Type = (ChecksumType)stream.ReadUnsignedInt(); SignaturePosition = (int)stream.Position; Signature = SetSignatureValue(Type, size => stream.Read(size)); Validator = CryptoService.CreateChecksumValidator(Type, Signature, signatureData); if (stream.Position < stream.Length) { RODCIdentifier = stream.ReadShort(); } }
public override void ReadBody(NdrBinaryStream stream) { Count = stream.ReadInt(); stream.Seek(4); ReservedType = stream.ReadShort(); ReservedFieldSize = stream.ReadInt(); ReservedField = stream.Read(ReservedFieldSize); stream.Align(8); ClaimsArray = ReadClaimsArray(stream); }
public override void ReadBody(NdrBinaryStream stream) { LogonTime = stream.ReadFiletime(); LogoffTime = stream.ReadFiletime(); KickOffTime = stream.ReadFiletime(); PwdLastChangeTime = stream.ReadFiletime(); PwdCanChangeTime = stream.ReadFiletime(); PwdMustChangeTime = stream.ReadFiletime(); var userName = stream.ReadRPCUnicodeString(); var userDisplayName = stream.ReadRPCUnicodeString(); var logonScript = stream.ReadRPCUnicodeString(); var profilePath = stream.ReadRPCUnicodeString(); var homeDirectory = stream.ReadRPCUnicodeString(); var homeDrive = stream.ReadRPCUnicodeString(); LogonCount = stream.ReadShort(); BadPasswordCount = stream.ReadShort(); var userSid = stream.ReadRid(); var groupSid = stream.ReadRid(); // Groups information var groupCount = stream.ReadInt(); var groupPointer = stream.ReadInt(); UserFlags = (UserFlags)stream.ReadInt(); // sessionKey stream.Read(new byte[16]); var serverNameString = stream.ReadRPCUnicodeString(); var domainNameString = stream.ReadRPCUnicodeString(); var domainIdPointer = stream.ReadInt(); // reserved1 stream.Read(new byte[8]); UserAccountControl = (UserAccountControlFlags)stream.ReadInt(); SubAuthStatus = stream.ReadInt(); LastSuccessfulILogon = stream.ReadFiletime(); LastFailedILogon = stream.ReadFiletime(); FailedILogonCount = stream.ReadInt(); // reserved3 stream.ReadInt(); // Extra SIDs information var extraSidCount = stream.ReadInt(); var extraSidPointer = stream.ReadInt(); var resourceDomainIdPointer = stream.ReadInt(); var resourceGroupCount = stream.ReadInt(); var resourceGroupPointer = stream.ReadInt(); UserName = userName.ReadString(stream); UserDisplayName = userDisplayName.ReadString(stream); LogonScript = logonScript.ReadString(stream); ProfilePath = profilePath.ReadString(stream); HomeDirectory = homeDirectory.ReadString(stream); HomeDrive = homeDrive.ReadString(stream); // Groups data var groupSids = ParseAttributes(stream, groupCount, groupPointer); // Server related strings ServerName = serverNameString.ReadString(stream); DomainName = domainNameString.ReadString(stream); if (domainIdPointer != 0) { DomainSid = stream.ReadSid(); } UserSid = userSid.AppendTo(DomainSid); GroupSid = groupSid.AppendTo(DomainSid); GroupSids = groupSids.Select(g => g.AppendTo(DomainSid)).ToList(); if (UserFlags.HasFlag(UserFlags.LOGON_EXTRA_SIDS)) { ExtraSids = ParseExtraSids(stream, extraSidCount, extraSidPointer).ToList(); } if (resourceDomainIdPointer != 0) { ResourceDomainSid = stream.ReadSid(); } if (UserFlags.HasFlag(UserFlags.LOGON_RESOURCE_GROUPS)) { ResourceGroups = ParseAttributes( stream, resourceGroupCount, resourceGroupPointer ).Select(g => g.AppendTo(ResourceDomainSid)).ToList(); } }