forked from AdiKo/RPCSniffer
/
rpc_structs.py
91 lines (70 loc) · 2.39 KB
/
rpc_structs.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
import struct
from ctypes import *
from utils import get_guid
from params import *
class TransferMem(Structure):
pass
class DispatchTableMem(Structure):
pass
class InterfaceInfoMem(Structure):
pass
class RPCMem(Structure):
_fields_ = [ ("Handle", c_void_p),
("DataRepresentation", c_void_p),
("Buffer", c_void_p),
("BufferLength", c_uint32),
("ProcNum", c_uint32),
("TransferSyntax", POINTER(TransferMem)),
("RpcInterfaceInformation", c_void_p),
("ReservedForRuntime", c_void_p),
("ManagerEpv", c_void_p),
("ImportContext", c_void_p),
("RpcFlags", c_uint32) ]
def serialize(self, inf_serialized, transfer_serialized, raw_data):
msg = struct.pack(">I", self.ProcNum)
msg += transfer_serialized
msg += inf_serialized
msg += struct.pack(">I", self.RpcFlags)
msg += struct.pack(">I", self.BufferLength)
msg += raw_data
return msg
class TransferMem(Structure):
_fields_ = [("guid", c_uint8 * GUID_SIZE),
("major_ver", c_uint16),
("minor_ver", c_uint16)]
def serialize(self):
msg = struct.pack("%(GUID_STR_LEN)ss" % globals(), get_guid(self.guid))
msg += struct.pack(">H", self.major_ver)
msg += struct.pack(">H", self.minor_ver)
return msg
class MidlInfoMem(Structure):
_fields_ = [ ("pStubDesc", c_void_p),
("DispatchTable", c_void_p)]
def serialize(self, procnum, ptr_size):
msg = struct.pack(">Q", self.DispatchTable)
server_func = self.DispatchTable + ptr_size * procnum
msg += struct.pack(">Q", server_func)
return msg
class InterfaceInfoMem(Structure):
_fields_ = [ ("Length", c_uint32),
("InterfaceIdGuid", c_uint8 * GUID_SIZE),
("InterfaceIdVersion", c_uint32),
("TransferGuid", c_uint8 * GUID_SIZE),
("TransferVersion", c_uint32),
("DispatchTable", POINTER(DispatchTableMem)),
("RpcProtseqEndpointCount", c_uint16),
("RpcProtseqEndpoint", c_void_p),
("DefaultManagerEpv", c_uint16),
("InterpreterInfo", POINTER(MidlInfoMem))]
def serialize(self):
msg = struct.pack("%(GUID_STR_LEN)ss" % globals(), get_guid(self.InterfaceIdGuid))
return msg
class DispatchTableMem(Structure):
_fields_ = [ ("DispatchTableCount", c_uint64),
("DispatchTable", c_void_p)]
def serialize(self, procnum, ptr_size):
msg = struct.pack(">Q", self.DispatchTable)
msg += struct.pack(">I", self.DispatchTableCount)
func_addr = self.DispatchTable + ptr_size * procnum
msg += struct.pack(">Q", func_addr)
return msg