Coverage for /private/tmp/im/impacket/impacket/dcerpc/v5/even.py : 57%

Hot-keys on this page
r m x p toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved. # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # Author: Alberto Solino (@agsolino) # Itamar Mizrahi (@MrAnde7son) # # Description: # [MS-EVEN] Interface implementation # # Best way to learn how to use these calls is to grab the protocol standard # so you understand what the call does, and then read the test case located # at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC # # Some calls have helper functions, which makes it even easier to use. # They are located at the end of this file. # Helper functions start with "h"<name of the call>. # There are test cases for them too. #
DCERPCException.__init__(self, error_string, error_code, packet)
key = self.error_code if key in nt_errors.ERROR_MESSAGES: error_msg_short = nt_errors.ERROR_MESSAGES[key][0] error_msg_verbose = nt_errors.ERROR_MESSAGES[key][1] return 'EVEN SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose) else: return 'EVEN SessionError: unknown error code: 0x%x' % self.error_code
################################################################################ # CONSTANTS ################################################################################ # 2.2.2 EventType
# 2.2.7 EVENTLOG_HANDLE_A and EVENTLOG_HANDLE_W #EVENTLOG_HANDLE_A
# 2.2.9 Constants Used in Method Definitions
# 3.1.4.7 ElfrReadELW (Opnum 10)
################################################################################ # STRUCTURES ################################################################################
('Data','20s=""'), ) return 1
# 2.2.3 EVENTLOGRECORD ('Length','<L=0'), ('Reserved','<L=0'), ('RecordNumber','<L=0'), ('TimeGenerated','<L=0'), ('TimeWritten','<L=0'), ('EventID','<L=0'), ('EventType','<H=0'), ('NumStrings','<H=0'), ('EventCategory','<H=0'), ('ReservedFlags','<H=0'), ('ClosingRecordNumber','<L=0'), ('StringOffset','<L=0'), ('UserSidLength','<L=0'), ('UserSidOffset','<L=0'), ('DataLength','<L=0'), ('DataOffset','<L=0'), ('SourceName','z'), ('Computername','z'), ('UserSidPadding',':'), ('_UserSid','_-UserSid', 'self["UserSidLength"]'), ('UserSid',':'), ('Strings',':'), ('_Data','_-Data', 'self["DataLength"]'), ('Data',':'), ('Padding',':'), ('Length2','<L=0'), )
# 2.2.4 EVENTLOG_FULL_INFORMATION ('dwFull', ULONG), )
# 2.2.8 RPC_CLIENT_ID ('UniqueProcess', ULONG), ('UniqueThread', ULONG), )
# 2.2.12 RPC_STRING ('Length','<H=0'), ('MaximumLength','<H=0'), ('Data',LPSTR), )
if key == 'Data' and isinstance(value, NDR) is False: self['Length'] = len(value) self['MaximumLength'] = len(value) return NDRSTRUCT.__setitem__(self, key, value)
if msg is None: msg = self.__class__.__name__ if msg != '': print("%s" % msg, end=' ')
if isinstance(self.fields['Data'] , NDRPOINTERNULL): print(" NULL", end=' ') elif self.fields['Data']['ReferentID'] == 0: print(" NULL", end=' ') else: return self.fields['Data'].dump('',indent)
################################################################################ # RPC CALLS ################################################################################ # 3.1.4.9 ElfrClearELFW (Opnum 0) ('LogHandle', IELF_HANDLE), ('BackupFileName', PRPC_UNICODE_STRING), )
('ErrorCode', NTSTATUS), )
# 3.1.4.11 ElfrBackupELFW (Opnum 1) ('LogHandle', IELF_HANDLE), ('BackupFileName', RPC_UNICODE_STRING), )
('ErrorCode', NTSTATUS), )
# 3.1.4.21 ElfrCloseEL (Opnum 2) ('LogHandle', IELF_HANDLE), )
('LogHandle', IELF_HANDLE), ('ErrorCode', NTSTATUS), )
# 3.1.4.18 ElfrNumberOfRecords (Opnum 4) ('LogHandle', IELF_HANDLE), )
('NumberOfRecords', ULONG), ('ErrorCode', NTSTATUS), )
# 3.1.4.3 ElfrOpenELW (Opnum 7) ('UNCServerName', EVENTLOG_HANDLE_W), ('ModuleName', RPC_UNICODE_STRING), ('RegModuleName', RPC_UNICODE_STRING), ('MajorVersion', ULONG), ('MinorVersion', ULONG), )
('LogHandle', IELF_HANDLE), ('ErrorCode', NTSTATUS), )
# 3.1.4.5 ElfrRegisterEventSourceW (Opnum 8) ('UNCServerName', EVENTLOG_HANDLE_W), ('ModuleName', RPC_UNICODE_STRING), ('RegModuleName', RPC_UNICODE_STRING), ('MajorVersion', ULONG), ('MinorVersion', ULONG), )
('LogHandle', IELF_HANDLE), ('ErrorCode', NTSTATUS), )
# 3.1.4.1 ElfrOpenBELW (Opnum 9) ('UNCServerName', EVENTLOG_HANDLE_W), ('BackupFileName', RPC_UNICODE_STRING), ('MajorVersion', ULONG), ('MinorVersion', ULONG), )
('LogHandle', IELF_HANDLE), ('ErrorCode', NTSTATUS), )
# 3.1.4.7 ElfrReadELW (Opnum 10) ('LogHandle', IELF_HANDLE), ('ReadFlags', ULONG), ('RecordOffset', ULONG), ('NumberOfBytesToRead', ULONG), )
('Buffer', NDRUniConformantArray), ('NumberOfBytesRead', ULONG), ('MinNumberOfBytesNeeded', ULONG), ('ErrorCode', NTSTATUS), )
# 3.1.4.13 ElfrReportEventW (Opnum 11) ('LogHandle', IELF_HANDLE), ('Time', ULONG), ('EventType', USHORT), ('EventCategory', USHORT), ('EventID', ULONG), ('NumStrings', USHORT), ('DataSize', ULONG), ('ComputerName', RPC_UNICODE_STRING), ('UserSID', PRPC_SID), ('Strings', PRPC_UNICODE_STRING_ARRAY), ('Data', LPBYTE), ('Flags', USHORT), ('RecordNumber', PULONG), ('TimeWritten', PULONG), )
('RecordNumber', PULONG), ('TimeWritten', PULONG), ('ErrorCode', NTSTATUS), )
################################################################################ # OPNUMs and their corresponding structures ################################################################################ 0 : (ElfrClearELFW, ElfrClearELFWResponse), 1 : (ElfrBackupELFW, ElfrBackupELFWResponse), 2 : (ElfrCloseEL, ElfrCloseELResponse), 4 : (ElfrNumberOfRecords, ElfrNumberOfRecordsResponse), 7 : (ElfrOpenELW, ElfrOpenELWResponse), 8 : (ElfrRegisterEventSourceW, ElfrRegisterEventSourceWResponse), 9 : (ElfrOpenBELW, ElfrOpenBELWResponse), 10 : (ElfrReadELW, ElfrReadELWResponse), 11 : (ElfrReportEventW, ElfrReportEventWResponse), }
################################################################################ # HELPER FUNCTIONS ################################################################################ request = ElfrOpenBELW() request['UNCServerName'] = NULL request['BackupFileName'] = backupFileName request['MajorVersion'] = 1 request['MinorVersion'] = 1 return dce.request(request)
request = ElfrOpenELW() request['UNCServerName'] = NULL request['ModuleName'] = moduleName request['RegModuleName'] = regModuleName request['MajorVersion'] = 1 request['MinorVersion'] = 1 return dce.request(request)
request = ElfrCloseEL()
request['LogHandle'] = logHandle resp = dce.request(request) return resp
request = ElfrRegisterEventSourceW() request['UNCServerName'] = NULL request['ModuleName'] = moduleName request['RegModuleName'] = regModuleName request['MajorVersion'] = 1 request['MinorVersion'] = 1 return dce.request(request)
recordOffset = 0, numberOfBytesToRead = MAX_BATCH_BUFF): request = ElfrReadELW() request['LogHandle'] = logHandle request['ReadFlags'] = readFlags request['RecordOffset'] = recordOffset request['NumberOfBytesToRead'] = numberOfBytesToRead return dce.request(request)
request = ElfrClearELFW() request['LogHandle'] = logHandle request['BackupFileName'] = backupFileName return dce.request(request)
request = ElfrBackupELFW() request['LogHandle'] = logHandle request['BackupFileName'] = backupFileName return dce.request(request)
request = ElfrNumberOfRecords()
request['LogHandle'] = logHandle resp = dce.request(request) return resp |