NDRParser.cs 4.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139
  1. /* Copyright (C) 2014 Tal Aloni <tal.aloni.il@gmail.com>. All rights reserved.
  2. *
  3. * You can redistribute this program and/or modify it under the terms of
  4. * the GNU Lesser Public License as published by the Free Software Foundation,
  5. * either version 3 of the License, or (at your option) any later version.
  6. */
  7. using System;
  8. using System.Collections.Generic;
  9. using System.IO;
  10. using System.Text;
  11. using Utilities;
  12. namespace SMBLibrary.RPC
  13. {
  14. /// <summary>
  15. /// NDR - Native Data Representation
  16. /// See DCE 1.1: Remote Procedure Call, Chapter 14 - Transfer Syntax NDR
  17. /// </summary>
  18. public class NDRParser
  19. {
  20. private byte[] m_buffer;
  21. private int m_offset;
  22. private int m_depth;
  23. private List<INDRStructure> m_deferredStructures = new List<INDRStructure>();
  24. private Dictionary<uint, INDRStructure> m_referentToInstance = new Dictionary<uint, INDRStructure>();
  25. public NDRParser(byte[] buffer)
  26. {
  27. m_buffer = buffer;
  28. m_offset = 0;
  29. m_depth = 0;
  30. }
  31. public void BeginStructure()
  32. {
  33. m_depth++;
  34. }
  35. /// <summary>
  36. /// Add embedded pointer deferred structure (referent) parser
  37. /// </summary>
  38. private void AddDeferredStructure(INDRStructure structure)
  39. {
  40. m_deferredStructures.Add(structure);
  41. }
  42. public void EndStructure()
  43. {
  44. m_depth--;
  45. // 14.3.12.3 - Algorithm for Deferral of Referents
  46. // Representations of (embedded) pointer referents are ordered according to a left-to-right, depth-first traversal of the embedding construction.
  47. // referent representations for the embedded construction are further deferred to a position in the octet stream that
  48. // follows the representation of the embedding construction. The set of referent representations for the embedded construction
  49. // is inserted among the referent representations for any pointers in the embedding construction, according to the order of elements or
  50. // members in the embedding construction
  51. if (m_depth == 0)
  52. {
  53. // Make a copy of all the deferred structures, additional deferred structures will be inserted to m_deferredStructures
  54. // as we process the existing list
  55. List<INDRStructure> deferredStructures = new List<INDRStructure>(m_deferredStructures);
  56. m_deferredStructures.Clear();
  57. // Read all deferred types:
  58. foreach (INDRStructure deferredStructure in deferredStructures)
  59. {
  60. deferredStructure.Read(this);
  61. }
  62. }
  63. }
  64. public string ReadUnicodeString()
  65. {
  66. NDRUnicodeString unicodeString = new NDRUnicodeString(this);
  67. return unicodeString.Value;
  68. }
  69. public void ReadStructure(INDRStructure structure)
  70. {
  71. structure.Read(this);
  72. }
  73. // 14.3.11.1 - Top-level Full Pointers
  74. public string ReadTopLevelUnicodeStringPointer()
  75. {
  76. uint referentID = ReadUInt32();
  77. if (referentID == 0)
  78. {
  79. return null;
  80. }
  81. if (m_referentToInstance.ContainsKey(referentID))
  82. {
  83. NDRUnicodeString unicodeString = (NDRUnicodeString)m_referentToInstance[referentID];
  84. return unicodeString.Value;
  85. }
  86. else
  87. {
  88. NDRUnicodeString unicodeString = new NDRUnicodeString(this);
  89. m_referentToInstance.Add(referentID, unicodeString);
  90. return unicodeString.Value;
  91. }
  92. }
  93. public void ReadEmbeddedStructureFullPointer(ref NDRUnicodeString structure)
  94. {
  95. ReadEmbeddedStructureFullPointer<NDRUnicodeString>(ref structure);
  96. }
  97. public void ReadEmbeddedStructureFullPointer<T>(ref T structure) where T : INDRStructure, new ()
  98. {
  99. uint referentID = ReadUInt32();
  100. if (referentID != 0) // not null
  101. {
  102. if (structure == null)
  103. {
  104. structure = new T();
  105. }
  106. AddDeferredStructure(structure);
  107. }
  108. else
  109. {
  110. structure = default(T);
  111. }
  112. }
  113. // 14.2.2 - Alignment of Primitive Types
  114. public uint ReadUInt16()
  115. {
  116. m_offset += (2 - (m_offset % 2)) % 2;
  117. return LittleEndianReader.ReadUInt16(m_buffer, ref m_offset);
  118. }
  119. // 14.2.2 - Alignment of Primitive Types
  120. public uint ReadUInt32()
  121. {
  122. m_offset += (4 - (m_offset % 4)) % 4;
  123. return LittleEndianReader.ReadUInt32(m_buffer, ref m_offset);
  124. }
  125. }
  126. }