//Parse User name and domain name //check are they both 0 length? if yes, set a flag in conversation data that indicates null credentials public static bool AreTheCredentialsNull(FrameData fd) { if (fd.payload == null) { return(false); } // does not matter if the frame is fragmented. What we want - the length fields - are right near the beginning of the payload - just 36 bytes into it TDSReader ByteReader = new TDSReader(fd.payload, 0, -1, fd.payloadLength); ByteReader.ReadBytes(8); // TDS header ByteReader.ReadBytes(8); // Skip NTLMSSP string. ByteReader.ReadBytes(4); // Skip Message type ByteReader.ReadBytes(8); // Skip LmChallengeResponseFields - 8 bytes expected ByteReader.ReadBytes(8); // Skip NtChallengeResponseFields - 8 bytes expected short DomainNameLen = ByteReader.ReadInt16(); // Read DomainNameFields->Length - 2 bytes ByteReader.ReadBytes(2); // Skip DomainNameFields->MaximumLength - 2 bytes - to be ignored per the spec int DomainNameOffSet = ByteReader.ReadInt32(); // Read DomainNameFields->BufferOffset - 4 bytes short UserNameLen = ByteReader.ReadInt16(); // Read UserNameFields-Length ByteReader.ReadBytes(2); // Skip UserNameFields-MaximumLength - 2 bytes - to be ignored per the spec int UserNameOffSet = (int)ByteReader.ReadInt16(); // Read UserNameFields-BufferOffset if (UserNameLen > 0 && DomainNameLen > 0) { return(false); } return(true); // user name or domain name are null }
public void Read(TDSReader r) { Status = r.ReadInt32(); }