RubygemsResearch

Sha256: b5f19a4bacdf3e2820fbe92c216d96c3d77d898ca42bc87be5439ca14eeb7588

Contents?: true

Size: 1.74 KB

Versions: 10

Compression:

Stored size: 1.74 KB

module RubySMB
  module Dcerpc
    module Winreg

      # This class represents a BaseRegQueryValue Response Packet as defined in
      # [3.1.5.17 BaseRegQueryValue (Opnum 17)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/8bc10aa3-2f91-44e8-aa33-b3263c49ab9d)
      class QueryValueResponse < BinData::Record
        attr_reader :opnum

        endian :little

        ndr_lp_dword      :lp_type
        ndr_lp_byte_array :lp_data
        string            :pad, length: -> { pad_length(self.lp_data) }
        ndr_lp_dword      :lpcb_data
        ndr_lp_dword      :lpcb_len
        uint32            :error_status

        def initialize_instance
          super
          @opnum = REG_QUERY_VALUE
        end

        # Determines the correct length for the padding, so that the next
        # field is 4-byte aligned.
        def pad_length(prev_element)
          offset = (prev_element.abs_offset + prev_element.to_binary_s.length) % 4
          (4 - offset) % 4
        end

        # Returns the data portion of the registry value formatted according to its type:
        # [3.1.1.5 Values](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/3d64dbea-f016-4373-8cac-e43bf343837d)
        def data
          bytes = lp_data.bytes.to_a.pack('C*')
          case lp_type
          when 1,2
            bytes.force_encoding('utf-16le').strip
          when 3
            bytes
          when 4
            bytes.unpack('V').first
          when 5
            bytes.unpack('N').first
          when 7
            str = bytes.force_encoding('utf-16le')
            str.split("\0".encode('utf-16le'))
          when 11
            bytes.unpack('Q<').first
          else
            ""
          end
        end

      end
    end
  end
end

Version data entries

10 entries across 10 versions & 1 rubygems

Version	Path
ruby_smb-2.0.12	lib/ruby_smb/dcerpc/winreg/query_value_response.rb
ruby_smb-2.0.11	lib/ruby_smb/dcerpc/winreg/query_value_response.rb
ruby_smb-2.0.10	lib/ruby_smb/dcerpc/winreg/query_value_response.rb
ruby_smb-2.0.9	lib/ruby_smb/dcerpc/winreg/query_value_response.rb
ruby_smb-2.0.8	lib/ruby_smb/dcerpc/winreg/query_value_response.rb
ruby_smb-2.0.7	lib/ruby_smb/dcerpc/winreg/query_value_response.rb
ruby_smb-2.0.6	lib/ruby_smb/dcerpc/winreg/query_value_response.rb
ruby_smb-2.0.5	lib/ruby_smb/dcerpc/winreg/query_value_response.rb
ruby_smb-2.0.4	lib/ruby_smb/dcerpc/winreg/query_value_response.rb
ruby_smb-2.0.3	lib/ruby_smb/dcerpc/winreg/query_value_response.rb