├── .gitignore ├── LICENSE ├── MonkeyWorks ├── Combine.cs ├── SMB │ ├── DCERPC │ │ ├── DCERPCAUTH3.cs │ │ ├── DCERPCAlterContext.cs │ │ ├── DCERPCBind.cs │ │ └── DCERPCRequest.cs │ ├── DCOM │ │ ├── DCOMRemQueryInterface.cs │ │ ├── DCOMRemRelease.cs │ │ ├── DCOMRemoteCreateInstance.cs │ │ └── NTLMSSPVerifier.cs │ ├── NetBIOS │ │ └── NetBIOSSessionService.cs │ ├── SMB1 │ │ ├── SMBCloseRequest.cs │ │ ├── SMBHeader.cs │ │ ├── SMBLogoffAndXRequest.cs │ │ ├── SMBNTCreateAndXRequest.cs │ │ ├── SMBNegotiateProtocolRequest.cs │ │ ├── SMBReadAndXRequest.cs │ │ ├── SMBSessionSetupAndXRequest.cs │ │ ├── SMBTreeConnectAndXRequest.cs │ │ ├── SMBTreeDisconnectRequest.cs │ │ └── SMBWriteAndXRequest.cs │ ├── SMB2 │ │ ├── SMB2CloseRequest.cs │ │ ├── SMB2CreateRequest.cs │ │ ├── SMB2FindFileRequestFile.cs │ │ ├── SMB2GetInfo.cs │ │ ├── SMB2Header.cs │ │ ├── SMB2IoctlRequest.cs │ │ ├── SMB2NTLMSSPAuth.cs │ │ ├── SMB2NTLMSSPNegotiate.cs │ │ ├── SMB2NegotiateProtocolRequest.cs │ │ ├── SMB2ReadRequest.cs │ │ ├── SMB2SessionLogoffRequest.cs │ │ ├── SMB2SessionSetupRequest.cs │ │ ├── SMB2SetInfo.cs │ │ ├── SMB2TreeConnectRequest.cs │ │ ├── SMB2TreeDisconnectRequest.cs │ │ └── SMB2WriteRequest.cs │ └── SVCCTL │ │ ├── SVCCTLSCMCloseServiceHandle.cs │ │ ├── SVCCTLSCMCreateServiceW.cs │ │ ├── SVCCTLSCMDeleteServiceW.cs │ │ ├── SVCCTLSCMOpenSCManagerW.cs │ │ └── SVCCTLSCMStartServiceW.cs └── Unmanaged │ ├── Headers │ ├── FltUserStructures.cs │ ├── MinWinBase.cs │ ├── Minidumpapiset.cs │ ├── Ntifs.cs │ ├── Ntpsapi.cs │ ├── Ntsecapi.cs │ ├── ProcessThreadsApi.cs │ ├── Rpcdce.cs │ ├── Subauth.cs │ ├── TlHelp32.cs │ ├── WinCred.cs │ ├── Winbase.cs │ ├── Wincon.cs │ ├── Wincrypt.cs │ ├── Windef.cs │ ├── Winnt.cs │ ├── Winsvc.cs │ ├── Winternl.cs │ ├── Winuser.cs │ └── wudfwdm.cs │ └── Libraries │ ├── advapi32.cs │ ├── crypt32.cs │ ├── dbghelp.cs │ ├── fltlib.cs │ ├── kernel32.cs │ ├── ntdll.cs │ ├── secur32.cs │ ├── user32.cs │ ├── vaultcli.cs │ ├── wlanapi.cs │ └── wtsapi32.cs └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | ## Ignore Visual Studio temporary files, build results, and 2 | ## files generated by popular Visual Studio add-ons. 3 | ## 4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore 5 | 6 | # User-specific files 7 | *.suo 8 | *.user 9 | *.userosscache 10 | *.sln.docstates 11 | 12 | # User-specific files (MonoDevelop/Xamarin Studio) 13 | *.userprefs 14 | 15 | # Build results 16 | [Dd]ebug/ 17 | [Dd]ebugPublic/ 18 | [Rr]elease/ 19 | [Rr]eleases/ 20 | x64/ 21 | x86/ 22 | bld/ 23 | [Bb]in/ 24 | [Oo]bj/ 25 | [Ll]og/ 26 | 27 | # Visual Studio 2015/2017 cache/options directory 28 | .vs/ 29 | # Uncomment if you have tasks that create the project's static files in wwwroot 30 | #wwwroot/ 31 | 32 | # Visual Studio 2017 auto generated files 33 | Generated\ Files/ 34 | 35 | # MSTest test Results 36 | [Tt]est[Rr]esult*/ 37 | [Bb]uild[Ll]og.* 38 | 39 | # NUNIT 40 | *.VisualState.xml 41 | TestResult.xml 42 | 43 | # Build Results of an ATL Project 44 | [Dd]ebugPS/ 45 | [Rr]eleasePS/ 46 | dlldata.c 47 | 48 | # Benchmark Results 49 | BenchmarkDotNet.Artifacts/ 50 | 51 | # .NET Core 52 | project.lock.json 53 | project.fragment.lock.json 54 | artifacts/ 55 | **/Properties/launchSettings.json 56 | 57 | # StyleCop 58 | StyleCopReport.xml 59 | 60 | # Files built by Visual Studio 61 | *_i.c 62 | *_p.c 63 | *_i.h 64 | *.ilk 65 | *.meta 66 | *.obj 67 | *.iobj 68 | *.pch 69 | *.pdb 70 | *.ipdb 71 | *.pgc 72 | *.pgd 73 | *.rsp 74 | *.sbr 75 | *.tlb 76 | *.tli 77 | *.tlh 78 | *.tmp 79 | *.tmp_proj 80 | *.log 81 | *.vspscc 82 | *.vssscc 83 | .builds 84 | *.pidb 85 | *.svclog 86 | *.scc 87 | 88 | # Chutzpah Test files 89 | _Chutzpah* 90 | 91 | # Visual C++ cache files 92 | ipch/ 93 | *.aps 94 | *.ncb 95 | *.opendb 96 | *.opensdf 97 | *.sdf 98 | *.cachefile 99 | *.VC.db 100 | *.VC.VC.opendb 101 | 102 | # Visual Studio profiler 103 | *.psess 104 | *.vsp 105 | *.vspx 106 | *.sap 107 | 108 | # Visual Studio Trace Files 109 | *.e2e 110 | 111 | # TFS 2012 Local Workspace 112 | $tf/ 113 | 114 | # Guidance Automation Toolkit 115 | *.gpState 116 | 117 | # ReSharper is a .NET coding add-in 118 | _ReSharper*/ 119 | *.[Rr]e[Ss]harper 120 | *.DotSettings.user 121 | 122 | # JustCode is a .NET coding add-in 123 | .JustCode 124 | 125 | # TeamCity is a build add-in 126 | _TeamCity* 127 | 128 | # DotCover is a Code Coverage Tool 129 | *.dotCover 130 | 131 | # AxoCover is a Code Coverage Tool 132 | .axoCover/* 133 | !.axoCover/settings.json 134 | 135 | # Visual Studio code coverage results 136 | *.coverage 137 | *.coveragexml 138 | 139 | # NCrunch 140 | _NCrunch_* 141 | .*crunch*.local.xml 142 | nCrunchTemp_* 143 | 144 | # MightyMoose 145 | *.mm.* 146 | AutoTest.Net/ 147 | 148 | # Web workbench (sass) 149 | .sass-cache/ 150 | 151 | # Installshield output folder 152 | [Ee]xpress/ 153 | 154 | # DocProject is a documentation generator add-in 155 | DocProject/buildhelp/ 156 | DocProject/Help/*.HxT 157 | DocProject/Help/*.HxC 158 | DocProject/Help/*.hhc 159 | DocProject/Help/*.hhk 160 | DocProject/Help/*.hhp 161 | DocProject/Help/Html2 162 | DocProject/Help/html 163 | 164 | # Click-Once directory 165 | publish/ 166 | 167 | # Publish Web Output 168 | *.[Pp]ublish.xml 169 | *.azurePubxml 170 | # Note: Comment the next line if you want to checkin your web deploy settings, 171 | # but database connection strings (with potential passwords) will be unencrypted 172 | *.pubxml 173 | *.publishproj 174 | 175 | # Microsoft Azure Web App publish settings. Comment the next line if you want to 176 | # checkin your Azure Web App publish settings, but sensitive information contained 177 | # in these scripts will be unencrypted 178 | PublishScripts/ 179 | 180 | # NuGet Packages 181 | *.nupkg 182 | # The packages folder can be ignored because of Package Restore 183 | **/[Pp]ackages/* 184 | # except build/, which is used as an MSBuild target. 185 | !**/[Pp]ackages/build/ 186 | # Uncomment if necessary however generally it will be regenerated when needed 187 | #!**/[Pp]ackages/repositories.config 188 | # NuGet v3's project.json files produces more ignorable files 189 | *.nuget.props 190 | *.nuget.targets 191 | 192 | # Microsoft Azure Build Output 193 | csx/ 194 | *.build.csdef 195 | 196 | # Microsoft Azure Emulator 197 | ecf/ 198 | rcf/ 199 | 200 | # Windows Store app package directories and files 201 | AppPackages/ 202 | BundleArtifacts/ 203 | Package.StoreAssociation.xml 204 | _pkginfo.txt 205 | *.appx 206 | 207 | # Visual Studio cache files 208 | # files ending in .cache can be ignored 209 | *.[Cc]ache 210 | # but keep track of directories ending in .cache 211 | !*.[Cc]ache/ 212 | 213 | # Others 214 | ClientBin/ 215 | ~$* 216 | *~ 217 | *.dbmdl 218 | *.dbproj.schemaview 219 | *.jfm 220 | *.pfx 221 | *.publishsettings 222 | orleans.codegen.cs 223 | 224 | # Including strong name files can present a security risk 225 | # (https://github.com/github/gitignore/pull/2483#issue-259490424) 226 | #*.snk 227 | 228 | # Since there are multiple workflows, uncomment next line to ignore bower_components 229 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) 230 | #bower_components/ 231 | 232 | # RIA/Silverlight projects 233 | Generated_Code/ 234 | 235 | # Backup & report files from converting an old project file 236 | # to a newer Visual Studio version. Backup files are not needed, 237 | # because we have git ;-) 238 | _UpgradeReport_Files/ 239 | Backup*/ 240 | UpgradeLog*.XML 241 | UpgradeLog*.htm 242 | ServiceFabricBackup/ 243 | *.rptproj.bak 244 | 245 | # SQL Server files 246 | *.mdf 247 | *.ldf 248 | *.ndf 249 | 250 | # Business Intelligence projects 251 | *.rdl.data 252 | *.bim.layout 253 | *.bim_*.settings 254 | *.rptproj.rsuser 255 | 256 | # Microsoft Fakes 257 | FakesAssemblies/ 258 | 259 | # GhostDoc plugin setting file 260 | *.GhostDoc.xml 261 | 262 | # Node.js Tools for Visual Studio 263 | .ntvs_analysis.dat 264 | node_modules/ 265 | 266 | # Visual Studio 6 build log 267 | *.plg 268 | 269 | # Visual Studio 6 workspace options file 270 | *.opt 271 | 272 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.) 273 | *.vbw 274 | 275 | # Visual Studio LightSwitch build output 276 | **/*.HTMLClient/GeneratedArtifacts 277 | **/*.DesktopClient/GeneratedArtifacts 278 | **/*.DesktopClient/ModelManifest.xml 279 | **/*.Server/GeneratedArtifacts 280 | **/*.Server/ModelManifest.xml 281 | _Pvt_Extensions 282 | 283 | # Paket dependency manager 284 | .paket/paket.exe 285 | paket-files/ 286 | 287 | # FAKE - F# Make 288 | .fake/ 289 | 290 | # JetBrains Rider 291 | .idea/ 292 | *.sln.iml 293 | 294 | # CodeRush 295 | .cr/ 296 | 297 | # Python Tools for Visual Studio (PTVS) 298 | __pycache__/ 299 | *.pyc 300 | 301 | # Cake - Uncomment if you are using it 302 | # tools/** 303 | # !tools/packages.config 304 | 305 | # Tabs Studio 306 | *.tss 307 | 308 | # Telerik's JustMock configuration file 309 | *.jmconfig 310 | 311 | # BizTalk build output 312 | *.btp.cs 313 | *.btm.cs 314 | *.odx.cs 315 | *.xsd.cs 316 | 317 | # OpenCover UI analysis results 318 | OpenCover/ 319 | 320 | # Azure Stream Analytics local run output 321 | ASALocalRun/ 322 | 323 | # MSBuild Binary and Structured Log 324 | *.binlog 325 | 326 | # NVidia Nsight GPU debugger configuration file 327 | *.nvuser 328 | 329 | # MFractors (Xamarin productivity tool) working folder 330 | .mfractor/ 331 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | BSD 3-Clause License 2 | 3 | Copyright (c) 2018, NetSPI 4 | All rights reserved. 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, are permitted provided that the following conditions are met: 8 | 9 | * Redistributions of source code must retain the above copyright notice, this 10 | list of conditions and the following disclaimer. 11 | 12 | * Redistributions in binary form must reproduce the above copyright notice, 13 | this list of conditions and the following disclaimer in the documentation 14 | and/or other materials provided with the distribution. 15 | 16 | * Neither the name of the copyright holder nor the names of its 17 | contributors may be used to endorse or promote products derived from 18 | this software without specific prior written permission. 19 | 20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 21 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 23 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 24 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 26 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 27 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 28 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 | -------------------------------------------------------------------------------- /MonkeyWorks/Combine.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.IO; 3 | 4 | namespace MonkeyWorks 5 | { 6 | sealed class Combine 7 | { 8 | private Byte[] combined = new Byte[0]; 9 | 10 | //////////////////////////////////////////////////////////////////////////////// 11 | // 12 | //////////////////////////////////////////////////////////////////////////////// 13 | public Combine() 14 | { 15 | 16 | } 17 | 18 | //////////////////////////////////////////////////////////////////////////////// 19 | // 20 | //////////////////////////////////////////////////////////////////////////////// 21 | internal static Byte[] combine(Byte[] byte1, Byte[] byte2) 22 | { 23 | Int32 dwSize = byte1.Length + byte2.Length; 24 | Byte[] combinedBytes = new Byte[0]; 25 | using (MemoryStream memoryStream = new MemoryStream(new Byte[dwSize], 0, dwSize, true, true)) 26 | { 27 | memoryStream.Write(byte1, 0, byte1.Length); 28 | memoryStream.Write(byte2, 0, byte2.Length); 29 | combinedBytes = memoryStream.GetBuffer(); 30 | } 31 | return combinedBytes; 32 | } 33 | 34 | //////////////////////////////////////////////////////////////////////////////// 35 | // 36 | //////////////////////////////////////////////////////////////////////////////// 37 | public void Extend(Byte[] nextPart) 38 | { 39 | Int32 dwSize = combined.Length + nextPart.Length; 40 | using (MemoryStream memoryStream = new MemoryStream(new Byte[dwSize], 0, dwSize, true, true)) 41 | { 42 | memoryStream.Write(combined, 0, combined.Length); 43 | memoryStream.Write(nextPart, 0, nextPart.Length); 44 | combined = memoryStream.GetBuffer(); 45 | } 46 | } 47 | 48 | //////////////////////////////////////////////////////////////////////////////// 49 | // 50 | //////////////////////////////////////////////////////////////////////////////// 51 | public Byte[] Retrieve() 52 | { 53 | return combined; 54 | } 55 | } 56 | } 57 | -------------------------------------------------------------------------------- /MonkeyWorks/SMB/DCERPC/DCERPCAUTH3.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Linq; 3 | 4 | namespace MonkeyWorks.SMB.DCERPC 5 | { 6 | class DCERPCAUTH3 7 | { 8 | private readonly Byte[] Version = { 0x05 }; 9 | private readonly Byte[] VersionMinor = { 0x00 }; 10 | private readonly Byte[] PacketType = { 0x10 }; 11 | private readonly Byte[] PacketFlags = { 0x03 }; 12 | private readonly Byte[] DataRepresentation = { 0x10, 0x00, 0x00, 0x00 }; 13 | private Byte[] FragLength = new Byte[2]; 14 | private Byte[] AuthLength = new Byte[2]; 15 | private Byte[] CallID = { 0x03, 0x00, 0x00, 0x00 }; 16 | private readonly Byte[] MaxXmitFrag = { 0xd0, 0x16 }; 17 | private readonly Byte[] MaxRecvFrag = { 0xd0, 0x16 }; 18 | private readonly Byte[] AuthType = { 0x0a }; 19 | private Byte[] AuthLevel = { 0x02 }; 20 | private readonly Byte[] AuthPadLength = { 0x00 }; 21 | private readonly Byte[] AuthReserved = { 0x00 }; 22 | private readonly Byte[] ContextID = { 0x00, 0x00, 0x00, 0x00 }; 23 | private Byte[] NTLMSSP; 24 | 25 | internal DCERPCAUTH3() 26 | { 27 | 28 | } 29 | 30 | internal void SetCallID(Byte[] CallID) 31 | { 32 | if (this.CallID.Length == CallID.Length) 33 | { 34 | this.CallID = CallID; 35 | return; 36 | } 37 | throw new IndexOutOfRangeException(); 38 | } 39 | 40 | internal void SetAuthLevel(Byte[] AuthLevel) 41 | { 42 | if (this.AuthLevel.Length == AuthLevel.Length) 43 | { 44 | this.AuthLevel = AuthLevel; 45 | return; 46 | } 47 | throw new IndexOutOfRangeException(); 48 | } 49 | 50 | internal void SetNTLMSSP(Byte[] NTLMSSP) 51 | { 52 | FragLength = BitConverter.GetBytes(NTLMSSP.Length + 28).Take(2).ToArray(); 53 | AuthLength = BitConverter.GetBytes(NTLMSSP.Length).Take(2).ToArray(); 54 | this.NTLMSSP = NTLMSSP; 55 | } 56 | 57 | internal Byte[] GetRequest() 58 | { 59 | Combine combine = new Combine(); 60 | combine.Extend(Version); 61 | combine.Extend(VersionMinor); 62 | combine.Extend(PacketType); 63 | combine.Extend(PacketFlags); 64 | combine.Extend(DataRepresentation); 65 | combine.Extend(FragLength); 66 | combine.Extend(AuthLength); 67 | combine.Extend(CallID); 68 | combine.Extend(MaxXmitFrag); 69 | combine.Extend(MaxRecvFrag); 70 | combine.Extend(AuthType); 71 | combine.Extend(AuthLevel); 72 | combine.Extend(AuthPadLength); 73 | combine.Extend(AuthReserved); 74 | combine.Extend(ContextID); 75 | combine.Extend(NTLMSSP); 76 | return combine.Retrieve(); 77 | } 78 | } 79 | } 80 | -------------------------------------------------------------------------------- /MonkeyWorks/SMB/DCERPC/DCERPCAlterContext.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace MonkeyWorks.SMB.DCERPC 4 | { 5 | class DCERPCAlterContext 6 | { 7 | private readonly Byte[] Version = { 0x05 }; 8 | private readonly Byte[] VersionMinor = { 0x00 }; 9 | private readonly Byte[] PacketType = { 0x0e }; 10 | private readonly Byte[] PacketFlags = { 0x03 }; 11 | private readonly Byte[] DataRepresentation = { 0x10, 0x00, 0x00, 0x00 }; 12 | private readonly Byte[] FragLength = { 0x48, 0x00 }; 13 | private readonly Byte[] AuthLength = { 0x00, 0x00 }; 14 | private Byte[] CallID; 15 | private readonly Byte[] MaxXmitFrag = { 0xd0, 0x16 }; 16 | private readonly Byte[] MaxRecvFrag = { 0xd0, 0x16 }; 17 | private Byte[] AssocGroup; 18 | private readonly Byte[] NumCtxItems = { 0x01 }; 19 | private readonly Byte[] Unknown = { 0x00, 0x00, 0x00 }; 20 | private Byte[] ContextID; 21 | private readonly Byte[] NumTransItems = { 0x01 }; 22 | private readonly Byte[] Unknown2 = { 0x00 }; 23 | private Byte[] Interface; 24 | private readonly Byte[] InterfaceVer = { 0x00, 0x00 }; 25 | private readonly Byte[] InterfaceVerMinor = { 0x00, 0x00 }; 26 | private readonly Byte[] TransferSyntax = { 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60 }; 27 | private readonly Byte[] TransferSyntaxVer = { 0x02, 0x00, 0x00, 0x00 }; 28 | 29 | internal DCERPCAlterContext() 30 | { 31 | 32 | } 33 | 34 | internal void SetCallID(Byte[] CallID) 35 | { 36 | this.CallID = CallID; 37 | } 38 | 39 | internal void SetAssocGroup(Byte[] AssocGroup) 40 | { 41 | this.AssocGroup = AssocGroup; 42 | } 43 | 44 | internal void SetContextID(Byte[] ContextID) 45 | { 46 | this.ContextID = ContextID; 47 | } 48 | internal void SetInterface(Byte[] Interface) 49 | { 50 | this.Interface = Interface; 51 | } 52 | 53 | internal Byte[] GetRequest() 54 | { 55 | Combine combine = new Combine(); 56 | combine.Extend(Version); 57 | combine.Extend(VersionMinor); 58 | combine.Extend(PacketType); 59 | combine.Extend(PacketFlags); 60 | combine.Extend(DataRepresentation); 61 | combine.Extend(FragLength); 62 | combine.Extend(AuthLength); 63 | combine.Extend(CallID); 64 | combine.Extend(MaxXmitFrag); 65 | combine.Extend(MaxRecvFrag); 66 | combine.Extend(AssocGroup); 67 | combine.Extend(NumCtxItems); 68 | combine.Extend(Unknown); 69 | combine.Extend(ContextID); 70 | combine.Extend(NumTransItems); 71 | combine.Extend(Unknown2); 72 | combine.Extend(Interface); 73 | combine.Extend(InterfaceVer); 74 | combine.Extend(InterfaceVerMinor); 75 | combine.Extend(TransferSyntax); 76 | combine.Extend(TransferSyntaxVer); 77 | return combine.Retrieve(); 78 | } 79 | } 80 | } 81 | -------------------------------------------------------------------------------- /MonkeyWorks/SMB/DCERPC/DCERPCBind.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace MonkeyWorks.SMB.DCERPC 4 | { 5 | class DCERPCBind 6 | { 7 | private readonly Byte[] Version = { 0x05 }; 8 | private readonly Byte[] VersionMinor = { 0x00 }; 9 | private readonly Byte[] PacketType = { 0x0b }; 10 | private readonly Byte[] PacketFlags = { 0x03 }; 11 | private readonly Byte[] DataRepresentation = { 0x10, 0x00, 0x00, 0x00 }; 12 | private Byte[] FragLength = new Byte[2]; 13 | private Byte[] AuthLength = { 0x00, 0x00 }; 14 | private Byte[] CallID = new Byte[2]; 15 | private readonly Byte[] MaxXmitFrag = { 0xb8, 0x10 }; 16 | private readonly Byte[] MaxRecvFrag = { 0xb8, 0x10 }; 17 | private readonly Byte[] AssocGroup = { 0x00, 0x00, 0x00, 0x00 }; 18 | private Byte[] NumCtxItems = new Byte[1]; 19 | private readonly Byte[] Unknown = { 0x00, 0x00, 0x00 }; 20 | private Byte[] ContextID = new Byte[2]; 21 | private readonly Byte[] NumTransItems = { 0x01 }; 22 | private readonly Byte[] Unknown2 = { 0x00 }; 23 | private Byte[] Interface = new Byte[16]; 24 | private Byte[] InterfaceVer = new Byte[2]; 25 | private readonly Byte[] InterfaceVerMinor = { 0x00, 0x00 }; 26 | private readonly Byte[] TransferSyntax = { 0x04, 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60 }; 27 | private readonly Byte[] TransferSyntaxVer = { 0x02, 0x00, 0x00, 0x00 }; 28 | private Byte[] ExtraData = new Byte[0]; 29 | 30 | internal DCERPCBind() 31 | { 32 | 33 | } 34 | 35 | internal void SetFragLength(Byte[] FragLength) 36 | { 37 | if (this.FragLength.Length == FragLength.Length) 38 | { 39 | this.FragLength = FragLength; 40 | return; 41 | } 42 | throw new IndexOutOfRangeException(); 43 | } 44 | 45 | internal void SetAuthLength(Byte[] AuthLength) 46 | { 47 | if (this.AuthLength.Length == AuthLength.Length) 48 | { 49 | this.AuthLength = AuthLength; 50 | return; 51 | } 52 | throw new IndexOutOfRangeException(); 53 | } 54 | 55 | internal void SetCallID(Int32 dwCallID) 56 | { 57 | SetCallID(dwCallID, new Byte[] { 0x97, 0x82, 0x08, 0xe2 }); 58 | } 59 | 60 | internal void SetCallID(Int32 dwCallID, Byte[] NegotiateFlags) 61 | { 62 | SetCallID(dwCallID, new Byte[] { 0x02 }, NegotiateFlags); 63 | } 64 | 65 | internal void SetCallID(Int32 dwCallID, Byte[] AuthLevel, Byte[] NegotiateFlags) 66 | { 67 | CallID = BitConverter.GetBytes(dwCallID); 68 | 69 | if (3 == dwCallID) 70 | { 71 | Byte[] AuthType = { 0x0a }; 72 | //Byte[] AuthLevel = { }; 73 | Byte[] AuthPadLength = { 0x00 }; 74 | Byte[] AuthReserved = { 0x00 }; 75 | Byte[] ContextID3 = { 0x00, 0x00, 0x00, 0x00}; 76 | Byte[] Identifier = { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00 }; 77 | Byte[] MessageType = { 0x01, 0x00, 0x00, 0x00 }; 78 | //Byte[] NegotiateFlags = { 0x97, 0x82, 0x08, 0xe2 }; 79 | Byte[] CallingWorkstationDomain = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 80 | Byte[] CallingWorkstationName = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 81 | Byte[] OSVersion = { 0x06, 0x01, 0xb1, 0x1d, 0x00, 0x00, 0x00, 0x0f }; 82 | 83 | Combine combine = new Combine(); 84 | combine.Extend(AuthType); 85 | combine.Extend(AuthLevel); 86 | combine.Extend(AuthPadLength); 87 | combine.Extend(AuthReserved); 88 | combine.Extend(ContextID3); 89 | combine.Extend(Identifier); 90 | combine.Extend(MessageType); 91 | combine.Extend(NegotiateFlags); 92 | combine.Extend(CallingWorkstationDomain); 93 | combine.Extend(CallingWorkstationName); 94 | combine.Extend(OSVersion); 95 | ExtraData = Combine.combine(ExtraData, combine.Retrieve()); 96 | } 97 | } 98 | 99 | internal void SetNumCtxItems(Byte[] NumCtxItems) 100 | { 101 | SetNumCtxItems(NumCtxItems, new Byte[] { 0x97, 0x82, 0x08, 0xe2 }); 102 | } 103 | 104 | internal void SetNumCtxItems(Byte[] NumCtxItems, Byte[] NegotiateFlags) 105 | { 106 | if (this.NumCtxItems.Length == NumCtxItems.Length) 107 | { 108 | this.NumCtxItems = NumCtxItems; 109 | } 110 | 111 | if (2 == NumCtxItems[0]) 112 | { 113 | Byte[] ContextID2 = { 0x01, 0x00 }; 114 | Byte[] NumTransItems2 = { 0x01 }; 115 | Byte[] Unknown3 = { 0x00 }; 116 | Byte[] Interface2 = { 0xc4, 0xfe, 0xfc, 0x99, 0x60, 0x52, 0x1b, 0x10, 0xbb, 0xcb, 0x00, 0xaa, 0x00, 0x21, 0x34, 0x7a }; 117 | Byte[] InterfaceVer2 = { 0x00, 0x00 }; 118 | Byte[] InterfaceVerMinor2 = { 0x00, 0x00 }; 119 | Byte[] TransferSyntax2 = { 0x2c, 0x1c, 0xb7, 0x6c, 0x12, 0x98, 0x40, 0x45, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 120 | Byte[] TransferSyntaxVer2 = { 0x01, 0x00, 0x00, 0x00 }; 121 | 122 | Combine combine = new Combine(); 123 | combine.Extend(ContextID2); 124 | combine.Extend(NumTransItems2); 125 | combine.Extend(Unknown3); 126 | combine.Extend(Interface2); 127 | combine.Extend(InterfaceVer2); 128 | combine.Extend(InterfaceVerMinor2); 129 | combine.Extend(TransferSyntax2); 130 | combine.Extend(TransferSyntaxVer2); 131 | ExtraData = Combine.combine(ExtraData, combine.Retrieve()); 132 | } 133 | else if(3 == NumCtxItems[0]) 134 | { 135 | Byte[] ContextID2 = { 0x01, 0x00 }; 136 | Byte[] NumTransItems2 = { 0x01 }; 137 | Byte[] Unknown3 = { 0x00 }; 138 | Byte[] Interface2 = { 0x43, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46 }; 139 | Byte[] InterfaceVer2 = { 0x00, 0x00 }; 140 | Byte[] InterfaceVerMinor2 = { 0x00, 0x00 }; 141 | Byte[] TransferSyntax2 = { 0x33, 0x05, 0x71, 0x71, 0xba, 0xbe, 0x37, 0x49, 0x83, 0x19, 0xb5, 0xdb, 0xef, 0x9c, 0xcc, 0x36 }; 142 | Byte[] TransferSyntaxVer2 = { 0x01, 0x00, 0x00, 0x00 }; 143 | 144 | Byte[] ContextID3 = { 0x02, 0x00 }; 145 | Byte[] NumTransItems3 = { 0x01 }; 146 | Byte[] Unknown4 = { 0x00 }; 147 | Byte[] Interface3 = { 0x43, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46 }; 148 | Byte[] InterfaceVer3 = { 0x00, 0x00 }; 149 | Byte[] InterfaceVerMinor3 = { 0x00, 0x00 }; 150 | Byte[] TransferSyntax3 = { 0x2c, 0x1c, 0xb7, 0x6c, 0x12, 0x98, 0x40, 0x45, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 151 | Byte[] TransferSyntaxVer3 = { 0x01, 0x00, 0x00, 0x00 }; 152 | 153 | Byte[] AuthType = { 0x0a }; 154 | Byte[] AuthLevel = { 0x04 }; 155 | Byte[] AuthPadLength = { 0x00 }; 156 | Byte[] AuthReserved = { 0x00 }; 157 | Byte[] ContextID4 = { 0x00, 0x00, 0x00, 0x00 }; 158 | Byte[] Identifier = { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00 }; 159 | Byte[] MessageType = { 0x01, 0x00, 0x00, 0x00 }; 160 | //Byte[] NegotiateFlags = { 0x97, 0x82, 0x08, 0xe2 }; 161 | Byte[] CallingWorkstationDomain = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 162 | Byte[] CallingWorkstationName = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 163 | Byte[] OSVersion = { 0x06, 0x01, 0xb1, 0x1d, 0x00, 0x00, 0x00, 0x0f }; 164 | 165 | Combine combine = new Combine(); 166 | combine.Extend(ContextID2); 167 | combine.Extend(NumTransItems2); 168 | combine.Extend(Unknown3); 169 | combine.Extend(Interface2); 170 | combine.Extend(InterfaceVer2); 171 | combine.Extend(InterfaceVerMinor2); 172 | combine.Extend(TransferSyntax2); 173 | combine.Extend(TransferSyntaxVer2); 174 | 175 | combine.Extend(ContextID3); 176 | combine.Extend(NumTransItems3); 177 | combine.Extend(Unknown4); 178 | combine.Extend(Interface3); 179 | combine.Extend(InterfaceVer3); 180 | combine.Extend(InterfaceVerMinor3); 181 | combine.Extend(TransferSyntax3); 182 | combine.Extend(TransferSyntaxVer3); 183 | 184 | combine.Extend(AuthType); 185 | combine.Extend(AuthLevel); 186 | combine.Extend(AuthPadLength); 187 | combine.Extend(AuthReserved); 188 | combine.Extend(ContextID4); 189 | combine.Extend(Identifier); 190 | combine.Extend(MessageType); 191 | combine.Extend(NegotiateFlags); 192 | combine.Extend(CallingWorkstationDomain); 193 | combine.Extend(CallingWorkstationName); 194 | combine.Extend(OSVersion); 195 | ExtraData = Combine.combine(ExtraData, combine.Retrieve()); 196 | } 197 | 198 | } 199 | 200 | internal void SetContextID(Byte[] ContextID) 201 | { 202 | if (this.ContextID.Length == ContextID.Length) 203 | { 204 | this.ContextID = ContextID; 205 | return; 206 | } 207 | throw new IndexOutOfRangeException(); 208 | } 209 | 210 | internal void SetInterface(Byte[] Interface) 211 | { 212 | if (this.Interface.Length == Interface.Length) 213 | { 214 | this.Interface = Interface; 215 | return; 216 | } 217 | throw new IndexOutOfRangeException(); 218 | } 219 | 220 | internal void SetInterfaceVer(Byte[] InterfaceVer) 221 | { 222 | if (this.InterfaceVer.Length == InterfaceVer.Length) 223 | { 224 | this.InterfaceVer = InterfaceVer; 225 | return; 226 | } 227 | throw new IndexOutOfRangeException(); 228 | } 229 | 230 | internal Byte[] GetRequest() 231 | { 232 | Combine combine = new Combine(); 233 | combine.Extend(Version); 234 | combine.Extend(VersionMinor); 235 | combine.Extend(PacketType); 236 | combine.Extend(PacketFlags); 237 | combine.Extend(DataRepresentation); 238 | combine.Extend(FragLength); 239 | combine.Extend(AuthLength); 240 | combine.Extend(CallID); 241 | combine.Extend(MaxXmitFrag); 242 | combine.Extend(MaxRecvFrag); 243 | combine.Extend(AssocGroup); 244 | combine.Extend(NumCtxItems); 245 | combine.Extend(Unknown); 246 | combine.Extend(ContextID); 247 | combine.Extend(NumTransItems); 248 | combine.Extend(Unknown2); 249 | combine.Extend(Interface); 250 | combine.Extend(InterfaceVer); 251 | combine.Extend(InterfaceVerMinor); 252 | combine.Extend(TransferSyntax); 253 | combine.Extend(TransferSyntaxVer); 254 | combine.Extend(ExtraData); 255 | return combine.Retrieve(); 256 | } 257 | } 258 | } 259 | -------------------------------------------------------------------------------- /MonkeyWorks/SMB/DCERPC/DCERPCRequest.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Linq; 3 | 4 | namespace MonkeyWorks.SMB.DCERPC 5 | { 6 | class DCERPCRequest 7 | { 8 | private readonly Byte[] Version = { 0x05 }; 9 | private readonly Byte[] VersionMinor = { 0x00 }; 10 | private readonly Byte[] PacketType = { 0x00 }; 11 | private Byte[] PacketFlags = new Byte[1]; 12 | private readonly Byte[] DataRepresentation = { 0x10, 0x00, 0x00, 0x00 }; 13 | private Byte[] FragLength; 14 | private Byte[] AuthLength; 15 | private Byte[] CallID; 16 | private Byte[] AllocHint; 17 | private Byte[] ContextID; 18 | private Byte[] Opnum; 19 | private Byte[] Data = new Byte[0]; 20 | 21 | internal DCERPCRequest() 22 | { 23 | 24 | } 25 | 26 | internal void SetPacketFlags(Byte[] PacketFlags) 27 | { 28 | if (this.PacketFlags.Length == PacketFlags.Length) 29 | { 30 | this.PacketFlags = PacketFlags; 31 | return; 32 | } 33 | throw new IndexOutOfRangeException(); 34 | } 35 | 36 | internal void SetFragLength(Int32 dwFragLength, Int32 dwAuthLength, Int32 dwAuthPadding) 37 | { 38 | Int32 dwFullAuthLength = 0; 39 | if (dwAuthLength > 0) 40 | { 41 | dwFullAuthLength = dwAuthLength + dwAuthPadding + 8; 42 | } 43 | FragLength = BitConverter.GetBytes(dwFragLength + 24 + dwFullAuthLength + Data.Length).Take(2).ToArray(); 44 | AuthLength = BitConverter.GetBytes(dwAuthLength).Take(2).ToArray(); 45 | AllocHint = BitConverter.GetBytes(dwFragLength + Data.Length); 46 | } 47 | 48 | internal void SetCallID(Byte[] CallID) 49 | { 50 | this.CallID = CallID; 51 | } 52 | 53 | internal void SetAllocHint(Byte[] AllocHint) 54 | { 55 | this.AllocHint = AllocHint; 56 | } 57 | 58 | internal void SetContextID(Byte[] ContextID) 59 | { 60 | this.ContextID = ContextID; 61 | } 62 | 63 | internal void SetOpnum(Byte[] Opnum) 64 | { 65 | this.Opnum = Opnum; 66 | } 67 | 68 | internal void SetData(Byte[] Data) 69 | { 70 | this.Data = Data; 71 | } 72 | 73 | internal Byte[] GetRequest() 74 | { 75 | Combine combine = new Combine(); 76 | combine.Extend(Version); 77 | combine.Extend(VersionMinor); 78 | combine.Extend(PacketType); 79 | combine.Extend(PacketFlags); 80 | combine.Extend(DataRepresentation); 81 | combine.Extend(FragLength); 82 | combine.Extend(AuthLength); 83 | combine.Extend(CallID); 84 | combine.Extend(AllocHint); 85 | combine.Extend(ContextID); 86 | combine.Extend(Opnum); 87 | combine.Extend(Data); 88 | return combine.Retrieve(); 89 | } 90 | } 91 | } 92 | -------------------------------------------------------------------------------- /MonkeyWorks/SMB/DCOM/DCOMRemQueryInterface.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace MonkeyWorks.SMB.DCOM 4 | { 5 | class DCOMRemQueryInterface 6 | { 7 | private readonly Byte[] VersionMajor = { 0x05, 0x00 }; 8 | private readonly Byte[] VersionMinor = { 0x07, 0x00 }; 9 | private readonly Byte[] Flags = { 0x00, 0x00, 0x00, 0x00 }; 10 | private readonly Byte[] Reserved = { 0x00, 0x00, 0x00, 0x00 }; 11 | private Byte[] CausalityID; 12 | private readonly Byte[] Reserved2 = { 0x00, 0x00, 0x00, 0x00 }; 13 | private Byte[] IPID; 14 | private readonly Byte[] Refs = { 0x05, 0x00, 0x00, 0x00 }; 15 | private readonly Byte[] IIDs = { 0x01, 0x00 }; 16 | private readonly Byte[] Unknown = { 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 }; 17 | private Byte[] IID; 18 | 19 | internal DCOMRemQueryInterface() 20 | { 21 | 22 | } 23 | 24 | internal void SetCausalityID(Byte[] CausalityID) 25 | { 26 | this.CausalityID = CausalityID; 27 | } 28 | 29 | internal void SetIPID(Byte[] IPID) 30 | { 31 | this.IPID = IPID; 32 | } 33 | 34 | internal void SetIID(Byte[] IID) 35 | { 36 | this.IID = IID; 37 | } 38 | 39 | internal Byte[] GetRequest() 40 | { 41 | Combine combine = new Combine(); 42 | combine.Extend(VersionMajor); 43 | combine.Extend(VersionMinor); 44 | combine.Extend(Flags); 45 | combine.Extend(Reserved); 46 | combine.Extend(CausalityID); 47 | combine.Extend(Reserved2); 48 | combine.Extend(IPID); 49 | combine.Extend(Refs); 50 | combine.Extend(IIDs); 51 | combine.Extend(Unknown); 52 | combine.Extend(IID); 53 | return combine.Retrieve(); 54 | } 55 | } 56 | } 57 | -------------------------------------------------------------------------------- /MonkeyWorks/SMB/DCOM/DCOMRemRelease.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace MonkeyWorks.SMB.DCOM 4 | { 5 | class DCOMRemRelease 6 | { 7 | private readonly Byte[] VersionMajor = { 0x05, 0x00 }; 8 | private readonly Byte[] VersionMinor = { 0x07, 0x00 }; 9 | private readonly Byte[] Flags = { 0x00, 0x00, 0x00, 0x00 }; 10 | private readonly Byte[] Reserved = { 0x00, 0x00, 0x00, 0x00 }; 11 | private Byte[] CausalityID; 12 | private readonly Byte[] Reserved2 = { 0x00, 0x00, 0x00, 0x00 }; 13 | private readonly Byte[] Unknown = { 0x02, 0x00, 0x00, 0x00 }; 14 | private readonly Byte[] InterfaceRefs = { 0x02, 0x00, 0x00, 0x00 }; 15 | private Byte[] IPID; 16 | private readonly Byte[] PublicRefs = { 0x05, 0x00, 0x00, 0x00 }; 17 | private readonly Byte[] PrivateRefs = { 0x00, 0x00, 0x00, 0x00 }; 18 | private Byte[] IPID2; 19 | private readonly Byte[] PublicRefs2 = { 0x05, 0x00, 0x00, 0x00 }; 20 | private readonly Byte[] PrivateRefs2 = { 0x00, 0x00, 0x00, 0x00 }; 21 | 22 | internal DCOMRemRelease() 23 | { 24 | 25 | } 26 | 27 | internal void SetCausalityID(Byte[] CausalityID) 28 | { 29 | this.CausalityID = CausalityID; 30 | } 31 | 32 | internal void SetIPID(Byte[] IPID) 33 | { 34 | this.IPID = IPID; 35 | } 36 | 37 | internal void SetIPID2(Byte[] IPID2) 38 | { 39 | this.IPID2 = IPID2; 40 | } 41 | 42 | internal Byte[] GetRequest() 43 | { 44 | Combine combine = new Combine(); 45 | combine.Extend(VersionMajor); 46 | combine.Extend(VersionMinor); 47 | combine.Extend(Flags); 48 | combine.Extend(Reserved); 49 | combine.Extend(CausalityID); 50 | combine.Extend(Reserved2); 51 | combine.Extend(Unknown); 52 | combine.Extend(InterfaceRefs); 53 | combine.Extend(IPID); 54 | combine.Extend(PublicRefs); 55 | combine.Extend(PrivateRefs); 56 | combine.Extend(IPID2); 57 | combine.Extend(PublicRefs2); 58 | combine.Extend(PrivateRefs2); 59 | return combine.Retrieve(); 60 | } 61 | } 62 | } 63 | -------------------------------------------------------------------------------- /MonkeyWorks/SMB/DCOM/NTLMSSPVerifier.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace MonkeyWorks.SMB.DCOM 4 | { 5 | class NTLMSSPVerifier 6 | { 7 | private Byte[] AuthPadding = new Byte[0]; 8 | private readonly Byte[] AuthType = { 0x0a }; 9 | private Byte[] AuthLevel; 10 | private Byte[] AuthPadLen; 11 | private readonly Byte[] AuthReserved = { 0x00 }; 12 | private readonly Byte[] AuthContextID = { 0x00, 0x00, 0x00, 0x00 }; 13 | private readonly Byte[] NTLMSSPVerifierVersionNumber = { 0x01, 0x00, 0x00, 0x00 }; 14 | private Byte[] NTLMSSPVerifierChecksum = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 15 | private Byte[] NTLMSSPVerifierSequenceNumber; 16 | 17 | internal NTLMSSPVerifier() 18 | { 19 | 20 | } 21 | 22 | internal void SetAuthLevel(Byte[] AuthLevel) 23 | { 24 | this.AuthLevel = AuthLevel; 25 | } 26 | 27 | internal void SetAuthPadLen(Int32 dwAuthPadLen) 28 | { 29 | switch (dwAuthPadLen) 30 | { 31 | case 0: 32 | AuthPadLen = new Byte[] { 0x00 }; 33 | return; 34 | case 4: 35 | AuthPadding = new Byte[] { 0x00, 0x00, 0x00, 0x00 }; 36 | AuthPadLen = new Byte[] { 0x04 }; 37 | return; 38 | case 8: 39 | AuthPadding = new Byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 40 | AuthPadLen = new Byte[] { 0x08 }; 41 | return; 42 | case 12: 43 | AuthPadding = new Byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 44 | AuthPadLen = new Byte[] { 0x0c }; 45 | return; 46 | default: 47 | Console.WriteLine("Invalid AuthPadLen"); 48 | return; 49 | } 50 | } 51 | 52 | internal void SetNTLMSSPVerifierChecksum(Byte[] NTLMSSPVerifierChecksum) 53 | { 54 | this.NTLMSSPVerifierChecksum = NTLMSSPVerifierChecksum; 55 | } 56 | 57 | internal void SetNTLMSSPVerifierSequenceNumber(Byte[] NTLMSSPVerifierSequenceNumber) 58 | { 59 | this.NTLMSSPVerifierSequenceNumber = NTLMSSPVerifierSequenceNumber; 60 | } 61 | 62 | internal Byte[] GetRequest() 63 | { 64 | Combine combine = new Combine(); 65 | combine.Extend(AuthPadding); 66 | combine.Extend(AuthType); 67 | combine.Extend(AuthLevel); 68 | combine.Extend(AuthPadLen); 69 | combine.Extend(AuthReserved); 70 | combine.Extend(AuthContextID); 71 | combine.Extend(NTLMSSPVerifierVersionNumber); 72 | combine.Extend(NTLMSSPVerifierChecksum); 73 | combine.Extend(NTLMSSPVerifierSequenceNumber); 74 | return combine.Retrieve(); 75 | } 76 | } 77 | } 78 | -------------------------------------------------------------------------------- /MonkeyWorks/SMB/NetBIOS/NetBIOSSessionService.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Linq; 3 | 4 | namespace MonkeyWorks.SMB.NetBIOS 5 | { 6 | class NetBIOSSessionService 7 | { 8 | private readonly Byte[] MessageType = { 0x00 }; 9 | private Byte[] Length = new Byte[3]; 10 | private Int32 headerLength; 11 | private Int32 dataLength; 12 | 13 | internal NetBIOSSessionService() 14 | { 15 | } 16 | 17 | internal void SetHeaderLength(Int32 headerLength) 18 | { 19 | this.headerLength = headerLength; 20 | } 21 | 22 | internal void SetDataLength(Int32 dataLength) 23 | { 24 | this.dataLength = dataLength; 25 | } 26 | 27 | internal Byte[] GetNetBIOSSessionService() 28 | { 29 | Length = BitConverter.GetBytes(this.headerLength + this.dataLength).Take(3).ToArray(); 30 | Array.Reverse(Length); 31 | return Combine.combine(MessageType, Length); 32 | } 33 | } 34 | } -------------------------------------------------------------------------------- /MonkeyWorks/SMB/SMB1/SMBCloseRequest.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace MonkeyWorks.SMB.SMB1 4 | { 5 | class SMBCloseRequest 6 | { 7 | private readonly Byte[] WordCount = { 0x03 }; 8 | private Byte[] FID; 9 | private readonly Byte[] LastWrite = { 0xff, 0xff, 0xff, 0xff }; 10 | private readonly Byte[] ByteCount = { 0x00, 0x00 }; 11 | 12 | internal SMBCloseRequest() 13 | { 14 | 15 | } 16 | 17 | internal void SetFID(Byte[] FID) 18 | { 19 | this.FID = FID; 20 | } 21 | 22 | internal Byte[] GetRequest() 23 | { 24 | Byte[] request = Combine.combine(WordCount, FID); 25 | request = Combine.combine(request, LastWrite); 26 | return Combine.combine(request, ByteCount); 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /MonkeyWorks/SMB/SMB1/SMBHeader.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace MonkeyWorks.SMB.SMB1 4 | { 5 | class SMBHeader 6 | { 7 | private readonly Byte[] ServerComponent = { 0xff, 0x53, 0x4d, 0x42 }; 8 | private Byte[] Command = new Byte[1]; 9 | private readonly Byte[] NtStatus = { 0x00, 0x00, 0x00, 0x00 }; 10 | private Byte[] Flags = new Byte[1]; 11 | private Byte[] Flags2 = new Byte[2]; 12 | private readonly Byte[] ProcessIDHigh = { 0x00, 0x00 }; 13 | private readonly Byte[] Signature = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 14 | private readonly Byte[] Reserved2 = { 0x00, 0x00 }; 15 | private Byte[] TreeID = new Byte[2]; 16 | private Byte[] ProcessID = new Byte[2]; 17 | private Byte[] UserID = new Byte[2]; 18 | private readonly Byte[] MultiplexID = { 0x00, 0x00 }; 19 | 20 | internal SMBHeader() 21 | { 22 | } 23 | 24 | internal void SetCommand(Byte[] command) 25 | { 26 | if (command.Length == this.Command.Length) 27 | { 28 | this.Command = command; 29 | return; 30 | } 31 | throw new IndexOutOfRangeException(); 32 | } 33 | 34 | internal void SetFlags(Byte[] flags) 35 | { 36 | if (flags.Length == this.Flags.Length) 37 | { 38 | this.Flags = flags; 39 | return; 40 | } 41 | throw new IndexOutOfRangeException(); 42 | } 43 | 44 | internal void SetFlags2(Byte[] flags2) 45 | { 46 | if (flags2.Length == this.Flags2.Length) 47 | { 48 | this.Flags2 = flags2; 49 | return; 50 | } 51 | throw new IndexOutOfRangeException(); 52 | } 53 | 54 | internal void SetTreeID(Byte[] treeId) 55 | { 56 | if (treeId.Length == this.TreeID.Length) 57 | { 58 | this.TreeID = treeId; 59 | return; 60 | } 61 | throw new IndexOutOfRangeException(); 62 | } 63 | 64 | internal void SetProcessID(Byte[] processId) 65 | { 66 | if (processId.Length == this.ProcessID.Length) 67 | { 68 | this.ProcessID = processId; 69 | return; 70 | } 71 | throw new IndexOutOfRangeException(); 72 | } 73 | 74 | internal void SetTreeId(Byte[] treeId) 75 | { 76 | if (treeId.Length == this.TreeID.Length) 77 | { 78 | this.TreeID = treeId; 79 | return; 80 | } 81 | throw new IndexOutOfRangeException(); 82 | } 83 | 84 | internal void SetUserID(Byte[] userId) 85 | { 86 | if (userId.Length == this.UserID.Length) 87 | { 88 | this.UserID = userId; 89 | return; 90 | } 91 | throw new IndexOutOfRangeException(); 92 | } 93 | 94 | internal Byte[] GetHeader() 95 | { 96 | Byte[] header = Combine.combine(ServerComponent, Command); 97 | header = Combine.combine(header, NtStatus); 98 | header = Combine.combine(header, Flags); 99 | header = Combine.combine(header, Flags2); 100 | header = Combine.combine(header, ProcessIDHigh); 101 | header = Combine.combine(header, Signature); 102 | header = Combine.combine(header, Reserved2); 103 | header = Combine.combine(header, TreeID); 104 | header = Combine.combine(header, ProcessID); 105 | header = Combine.combine(header, UserID); 106 | header = Combine.combine(header, MultiplexID); 107 | return header; 108 | } 109 | } 110 | } -------------------------------------------------------------------------------- /MonkeyWorks/SMB/SMB1/SMBLogoffAndXRequest.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace MonkeyWorks.SMB.SMB1 4 | { 5 | class SMBLogoffAndXRequest 6 | { 7 | private readonly Byte[] WordCount = { 0x02 }; 8 | private readonly Byte[] AndXCommand = { 0xff }; 9 | private readonly Byte[] Reserved = { 0x00 }; 10 | private readonly Byte[] AndXOffset = { 0x00, 0x00 }; 11 | private readonly Byte[] ByteCount = { 0x00, 0x00 }; 12 | 13 | internal SMBLogoffAndXRequest() 14 | { 15 | 16 | } 17 | 18 | internal Byte[] GetRequest() 19 | { 20 | Byte[] request = Combine.combine(WordCount, AndXCommand); 21 | request = Combine.combine(request, Reserved); 22 | request = Combine.combine(request, AndXOffset); 23 | return Combine.combine(request, ByteCount); 24 | } 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /MonkeyWorks/SMB/SMB1/SMBNTCreateAndXRequest.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Linq; 3 | 4 | namespace MonkeyWorks.SMB.SMB1 5 | { 6 | class SMBNTCreateAndXRequest 7 | { 8 | private readonly Byte[] WordCount = { 0x18 }; 9 | private readonly Byte[] AndXCommand = { 0xff }; 10 | private readonly Byte[] Reserved = { 0x00 }; 11 | private readonly Byte[] AndXOffset = { 0x00, 0x00 }; 12 | private readonly Byte[] Reserved2 = { 0x00 }; 13 | private Byte[] FileNameLen; 14 | private readonly Byte[] CreateFlags = { 0x16, 0x00, 0x00, 0x00 }; 15 | private readonly Byte[] RootFID = { 0x00, 0x00, 0x00, 0x00 }; 16 | private readonly Byte[] AccessMask = { 0x00, 0x00, 0x00, 0x02 }; 17 | private readonly Byte[] AllocationSize = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 18 | private readonly Byte[] FileAttributes = { 0x00, 0x00, 0x00, 0x00 }; 19 | private readonly Byte[] ShareAccess = { 0x07, 0x00, 0x00, 0x00 }; 20 | private readonly Byte[] Disposition = { 0x01, 0x00, 0x00, 0x00 }; 21 | private readonly Byte[] CreateOptions = { 0x00, 0x00, 0x00, 0x00 }; 22 | private readonly Byte[] Impersonation = { 0x02, 0x00, 0x00, 0x00 }; 23 | private readonly Byte[] SecurityFlags = { 0x00 }; 24 | private Byte[] ByteCount; 25 | private Byte[] Filename; 26 | 27 | internal SMBNTCreateAndXRequest() 28 | { 29 | 30 | } 31 | 32 | internal void SetFileName(Byte[] Filename) 33 | { 34 | this.Filename = Filename; 35 | FileNameLen = BitConverter.GetBytes(Filename.Length - 1).Take(2).ToArray(); 36 | ByteCount = BitConverter.GetBytes(Filename.Length).Take(2).ToArray(); 37 | } 38 | 39 | internal Byte[] GetRequest() 40 | { 41 | Byte[] request = Combine.combine(WordCount, AndXCommand); 42 | request = Combine.combine(request, Reserved); 43 | request = Combine.combine(request, AndXOffset); 44 | request = Combine.combine(request, Reserved2); 45 | request = Combine.combine(request, FileNameLen); 46 | request = Combine.combine(request, CreateFlags); 47 | request = Combine.combine(request, RootFID); 48 | request = Combine.combine(request, AccessMask); 49 | request = Combine.combine(request, AllocationSize); 50 | request = Combine.combine(request, FileAttributes); 51 | request = Combine.combine(request, ShareAccess); 52 | request = Combine.combine(request, Disposition); 53 | request = Combine.combine(request, CreateOptions); 54 | request = Combine.combine(request, Impersonation); 55 | request = Combine.combine(request, SecurityFlags); 56 | request = Combine.combine(request, ByteCount); 57 | return Combine.combine(request, Filename); 58 | } 59 | } 60 | } 61 | -------------------------------------------------------------------------------- /MonkeyWorks/SMB/SMB1/SMBNegotiateProtocolRequest.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace MonkeyWorks.SMB.SMB1 4 | { 5 | class SMBNegotiateProtocolRequest 6 | { 7 | private readonly Byte[] lmDialectBytes = { 0x4e, 0x54, 0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, 0x32, 0x00 }; 8 | private readonly Byte[] twoDialectBytes = { 0x53, 0x4d, 0x42, 0x20, 0x32, 0x2e, 0x30, 0x30, 0x32, 0x00 }; 9 | private readonly Byte[] threeDialectBytes = { 0x53, 0x4d, 0x42, 0x20, 0x32, 0x2e, 0x3f, 0x3f, 0x3f, 0x00 }; 10 | 11 | private readonly Byte[] WordCount = { 0x00 }; 12 | private Byte[] ByteCount; 13 | private readonly Byte[] BufferFormatLM = { 0x02 }; 14 | private Byte[] Name; 15 | private readonly Byte[] BufferFormat2= { 0x02 }; 16 | private Byte[] Name2; 17 | private readonly Byte[] BufferFormat3 = { 0x02 }; 18 | private Byte[] Name3; 19 | 20 | internal SMBNegotiateProtocolRequest() 21 | { 22 | ByteCount = BitConverter.GetBytes((Int16)(lmDialectBytes.Length + twoDialectBytes.Length + threeDialectBytes.Length + 3)); 23 | Name = lmDialectBytes; 24 | Name2 = twoDialectBytes; 25 | Name3 = threeDialectBytes; 26 | } 27 | 28 | internal Byte[] GetProtocols() 29 | { 30 | Byte[] protocols = Combine.combine(WordCount, ByteCount); 31 | protocols = Combine.combine(protocols, BufferFormatLM); 32 | protocols = Combine.combine(protocols, Name); 33 | protocols = Combine.combine(protocols, BufferFormat2); 34 | protocols = Combine.combine(protocols, Name2); 35 | protocols = Combine.combine(protocols, BufferFormat3); 36 | protocols = Combine.combine(protocols, Name3); 37 | return protocols; 38 | } 39 | } 40 | } -------------------------------------------------------------------------------- /MonkeyWorks/SMB/SMB1/SMBReadAndXRequest.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace MonkeyWorks.SMB.SMB1 4 | { 5 | class SMBReadAndXRequest 6 | { 7 | private readonly Byte[] WordCount = { 0x0a }; 8 | private readonly Byte[] AndXCommand = { 0xff }; 9 | private readonly Byte[] Reserved = { 0x00 }; 10 | private readonly Byte[] AndXOffset = { 0x00, 0x00 }; 11 | private readonly Byte[] FID = { 0x00, 0x40 }; 12 | private readonly Byte[] Offset = { 0x00, 0x00, 0x00, 0x00 }; 13 | private readonly Byte[] MaxCountLow = { 0x58, 0x02 }; 14 | private readonly Byte[] MinCount = { 0x58, 0x02 }; 15 | private readonly Byte[] Unknown = { 0xff, 0xff, 0xff, 0xff }; 16 | private readonly Byte[] Remaining = { 0x00, 0x00 }; 17 | private readonly Byte[] ByteCount = { 0x00, 0x00 }; 18 | 19 | internal SMBReadAndXRequest() 20 | { 21 | 22 | } 23 | 24 | internal Byte[] GetRequest() 25 | { 26 | Byte[] request = Combine.combine(WordCount, AndXCommand); 27 | request = Combine.combine(request, Reserved); 28 | request = Combine.combine(request, AndXOffset); 29 | request = Combine.combine(request, FID); 30 | request = Combine.combine(request, Offset); 31 | request = Combine.combine(request, MaxCountLow); 32 | request = Combine.combine(request, MinCount); 33 | request = Combine.combine(request, Unknown); 34 | request = Combine.combine(request, Remaining); 35 | return Combine.combine(request, ByteCount); 36 | } 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /MonkeyWorks/SMB/SMB1/SMBSessionSetupAndXRequest.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Linq; 3 | 4 | namespace MonkeyWorks.SMB.SMB1 5 | { 6 | class SMBSessionSetupAndXRequest 7 | { 8 | private readonly Byte[] WordCount = { 0x0c }; 9 | private readonly Byte[] AndXCommand = { 0xff }; 10 | private readonly Byte[] Reserved = { 0x00 }; 11 | private readonly Byte[] AndXOffset = { 0x00, 0x00 }; 12 | private readonly Byte[] MaxBuffer = { 0xff, 0xff }; 13 | private readonly Byte[] MaxMpxCount = { 0x02, 0x00 }; 14 | private readonly Byte[] VCNumber = { 0x01, 0x00 }; 15 | private readonly Byte[] SessionKey = { 0x00, 0x00, 0x00, 0x00 }; 16 | private Byte[] SecurityBlobLength; 17 | private readonly Byte[] Reserved2 = { 0x00, 0x00, 0x00, 0x00 }; 18 | private readonly Byte[] Capabilities = { 0x44, 0x00, 0x00, 0x80 }; 19 | private Byte[] ByteCount; 20 | private Byte[] SecurityBlob; 21 | private readonly Byte[] NativeOS = { 0x00, 0x00, 0x00 }; 22 | private readonly Byte[] NativeLANManage = { 0x00, 0x00 }; 23 | 24 | internal SMBSessionSetupAndXRequest() 25 | { 26 | 27 | } 28 | 29 | internal void SetSecurityBlog(Byte[] SecurityBlob) 30 | { 31 | this.SecurityBlob = SecurityBlob; 32 | ByteCount = BitConverter.GetBytes(SecurityBlob.Length).Take(2).ToArray(); 33 | SecurityBlobLength = BitConverter.GetBytes(SecurityBlob.Length).Take(2).ToArray(); 34 | } 35 | 36 | internal Byte[] GetRequest() 37 | { 38 | Byte[] request = Combine.combine(WordCount, AndXCommand); 39 | request = Combine.combine(request, Reserved); 40 | request = Combine.combine(request, AndXOffset); 41 | request = Combine.combine(request, MaxBuffer); 42 | request = Combine.combine(request, MaxMpxCount); 43 | request = Combine.combine(request, VCNumber); 44 | request = Combine.combine(request, SessionKey); 45 | request = Combine.combine(request, SecurityBlobLength); 46 | request = Combine.combine(request, Reserved2); 47 | request = Combine.combine(request, Capabilities); 48 | request = Combine.combine(request, ByteCount); 49 | request = Combine.combine(request, SecurityBlob); 50 | request = Combine.combine(request, NativeOS); 51 | return Combine.combine(request, NativeLANManage); 52 | } 53 | } 54 | } 55 | -------------------------------------------------------------------------------- /MonkeyWorks/SMB/SMB1/SMBTreeConnectAndXRequest.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Linq; 3 | 4 | namespace MonkeyWorks.SMB.SMB1 5 | { 6 | class SMBTreeConnectAndXRequest 7 | { 8 | private readonly Byte[] WordCount = { 0x04 }; 9 | private readonly Byte[] AndXCommand = { 0xff }; 10 | private readonly Byte[] Reserved = { 0x00 }; 11 | private readonly Byte[] AndXOffset = { 0x00, 0x00 }; 12 | private readonly Byte[] Flags = { 0x00, 0x00 }; 13 | private readonly Byte[] PasswordLength = { 0x01, 0x00 }; 14 | private Byte[] ByteCount; 15 | private readonly Byte[] Password = { 0x00 }; 16 | private Byte[] Tree; 17 | private readonly Byte[] Service = { 0x3f, 0x3f, 0x3f, 0x3f, 0x3f, 0x00 }; 18 | 19 | internal SMBTreeConnectAndXRequest() 20 | { 21 | 22 | } 23 | 24 | internal void SetTree(Byte[] Tree) 25 | { 26 | this.Tree = Tree; 27 | ByteCount = BitConverter.GetBytes(Tree.Length + 7).Take(2).ToArray(); 28 | } 29 | 30 | internal Byte[] GetRequest() 31 | { 32 | Byte[] request = Combine.combine(WordCount, AndXCommand); 33 | request = Combine.combine(request, Reserved); 34 | request = Combine.combine(request, AndXOffset); 35 | request = Combine.combine(request, Flags); 36 | request = Combine.combine(request, PasswordLength); 37 | request = Combine.combine(request, ByteCount); 38 | request = Combine.combine(request, Password); 39 | request = Combine.combine(request, Tree); 40 | return Combine.combine(request, Service); 41 | } 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /MonkeyWorks/SMB/SMB1/SMBTreeDisconnectRequest.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace MonkeyWorks.SMB.SMB1 4 | { 5 | class SMBTreeDisconnectRequest 6 | { 7 | private readonly Byte[] WordCount = { 0x00 }; 8 | private readonly Byte[] ByteCount = { 0x00, 0x00 }; 9 | 10 | internal SMBTreeDisconnectRequest() 11 | { 12 | 13 | } 14 | 15 | internal Byte[] GetRequest() 16 | { 17 | return Combine.combine(WordCount, ByteCount); 18 | } 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /MonkeyWorks/SMB/SMB1/SMBWriteAndXRequest.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Linq; 3 | 4 | namespace MonkeyWorks.SMB.SMB1 5 | { 6 | class SMBWriteAndXRequest 7 | { 8 | private readonly Byte[] WordCount = { 0x0e }; 9 | private readonly Byte[] AndXCommand = { 0xff }; 10 | private readonly Byte[] Reserved = { 0x00 }; 11 | private readonly Byte[] AndXOffset = { 0x00, 0x00 }; 12 | private Byte[] FID; 13 | private readonly Byte[] Offset = { 0xea, 0x03, 0x00, 0x00 }; 14 | private readonly Byte[] Reserved2 = { 0xff, 0xff, 0xff, 0xff }; 15 | private readonly Byte[] WriteMode = { 0x08, 0x00 }; 16 | private Byte[] Remaining; 17 | private readonly Byte[] DataLengthHigh = { 0x00, 0x00 }; 18 | private Byte[] DataLengthLow; 19 | private readonly Byte[] DataOffset = { 0x3f, 0x00 }; 20 | private readonly Byte[] HighOffset = { 0x00, 0x00, 0x00, 0x00 }; 21 | private Byte[] ByteCount; 22 | 23 | internal SMBWriteAndXRequest() 24 | { 25 | 26 | } 27 | 28 | internal void SetFID(Byte[] FID) 29 | { 30 | this.FID = FID; 31 | } 32 | 33 | internal void SetLength(Int32 dwLength) 34 | { 35 | Byte[] bLength = BitConverter.GetBytes(dwLength).Take(2).ToArray(); 36 | Remaining = bLength; 37 | DataLengthLow = bLength; 38 | ByteCount = bLength; 39 | } 40 | 41 | internal Byte[] GetRequest() 42 | { 43 | Byte[] request = Combine.combine(WordCount, AndXCommand); 44 | request = Combine.combine(request, Reserved); 45 | request = Combine.combine(request, AndXOffset); 46 | request = Combine.combine(request, FID); 47 | request = Combine.combine(request, Offset); 48 | request = Combine.combine(request, Reserved2); 49 | request = Combine.combine(request, WriteMode); 50 | request = Combine.combine(request, Remaining); 51 | request = Combine.combine(request, DataLengthHigh); 52 | request = Combine.combine(request, DataLengthLow); 53 | request = Combine.combine(request, DataOffset); 54 | request = Combine.combine(request, HighOffset); 55 | return Combine.combine(request, ByteCount); 56 | } 57 | } 58 | } 59 | -------------------------------------------------------------------------------- /MonkeyWorks/SMB/SMB2/SMB2CloseRequest.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace MonkeyWorks.SMB.SMB2 4 | { 5 | sealed class SMB2CloseRequest 6 | { 7 | private readonly Byte[] StructureSize = { 0x18, 0x00 }; 8 | private readonly Byte[] Flags = { 0x00, 0x00 }; 9 | private readonly Byte[] Reserved = { 0x00, 0x00, 0x00, 0x00 }; 10 | private Byte[] FileID = new Byte[16]; 11 | 12 | internal SMB2CloseRequest() 13 | { 14 | 15 | } 16 | 17 | internal void SetFileID(Byte[] FileID) 18 | { 19 | if (FileID.Length == this.FileID.Length) 20 | { 21 | this.FileID = FileID; 22 | } 23 | } 24 | 25 | internal Byte[] GetRequest() 26 | { 27 | Byte[] request = Combine.combine(StructureSize, Flags); 28 | request = Combine.combine(request, Reserved); 29 | return Combine.combine(request, FileID); 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /MonkeyWorks/SMB/SMB2/SMB2CreateRequest.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Linq; 3 | 4 | namespace MonkeyWorks.SMB.SMB2 5 | { 6 | sealed class SMB2CreateRequest 7 | { 8 | private Byte[] bAllocationSize; 9 | 10 | private readonly Byte[] StructureSize = { 0x39, 0x00 }; 11 | private readonly Byte[] Flags = { 0x00 }; 12 | private Byte[] RequestedOplockLevel = { 0x00 }; 13 | private readonly Byte[] Impersonation = { 0x02, 0x00, 0x00, 0x00 }; 14 | private readonly Byte[] CreateFlags = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 15 | private readonly Byte[] Reserved = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 16 | private Byte[] AccessMask = { 0x03, 0x00, 0x00, 0x00 }; 17 | private Byte[] FileAttributes = { 0x80, 0x00, 0x00, 0x00 }; 18 | private Byte[] ShareAccess = { 0x01, 0x00, 0x00, 0x00 }; 19 | private Byte[] Disposition = { 0x01, 0x00, 0x00, 0x00 }; 20 | private Byte[] CreateOptions = { 0x40, 0x00, 0x00, 0x00 }; 21 | private readonly Byte[] FileNameBlobOffset = { 0x78, 0x00 }; 22 | private Byte[] FileNameBlobLength = { 0x00, 0x00 }; 23 | private Byte[] BlobOffset = { 0x00, 0x00, 0x00, 0x00 }; 24 | private Byte[] BlobLength = { 0x00, 0x00, 0x00, 0x00 }; 25 | private Byte[] Buffer = { 0x00, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x64, 0x00 };//{ 0x00, 0x00, 0x72, 0x00, 0x6f, 0x00, 0x28, 0x00 };// 26 | private Byte[] ExtraInfo = new Byte[0]; 27 | 28 | internal SMB2CreateRequest() 29 | { 30 | 31 | } 32 | 33 | internal void SetRequestedOplockLevel(Byte[] RequestedOplockLevel) 34 | { 35 | if (this.RequestedOplockLevel.Length == RequestedOplockLevel.Length) 36 | { 37 | this.RequestedOplockLevel = RequestedOplockLevel; 38 | } 39 | } 40 | 41 | internal void SetFileAttributes(Byte[] FileAttributes) 42 | { 43 | if (this.FileAttributes.Length == FileAttributes.Length) 44 | { 45 | this.FileAttributes = FileAttributes; 46 | } 47 | } 48 | 49 | internal void SetDisposition(Byte[] Disposition) 50 | { 51 | if (this.Disposition.Length == Disposition.Length) 52 | { 53 | this.Disposition = Disposition; 54 | } 55 | } 56 | 57 | internal void SetFileName(String filename) 58 | { 59 | Buffer = System.Text.Encoding.Unicode.GetBytes(filename); 60 | FileNameBlobLength = BitConverter.GetBytes(System.Text.Encoding.Unicode.GetByteCount(filename)).Take(2).ToArray(); 61 | 62 | Double paddingCheck = (Buffer.Length) / 8.0; 63 | if ((paddingCheck + 0.25) == Math.Ceiling(paddingCheck)) 64 | { 65 | Buffer = Combine.combine(Buffer, new Byte[] { 0x04, 0x00 }); 66 | } 67 | else if ((paddingCheck + 0.50) == Math.Ceiling(paddingCheck)) 68 | { 69 | Buffer = Combine.combine(Buffer, new Byte[] { 0x00, 0x00, 0x00, 0x00 }); 70 | } 71 | else if ((paddingCheck + 0.75) == Math.Ceiling(paddingCheck)) 72 | { 73 | Buffer = Combine.combine(Buffer, new Byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }); 74 | } 75 | else 76 | { 77 | //Console.WriteLine("Padding: " + paddingCheck); 78 | } 79 | } 80 | 81 | internal void SetExtraInfo(Int32 extraInfo, Int64 allocationSize) 82 | { 83 | AccessMask = new Byte[] { 0x80, 0x00, 0x10, 0x00 }; 84 | FileAttributes = new Byte[] { 0x00, 0x00, 0x00, 0x00 }; 85 | ShareAccess = new Byte[] { 0x00, 0x00, 0x00, 0x00 }; 86 | CreateOptions = new Byte[] { 0x21, 0x00, 0x00, 0x00 }; 87 | BlobOffset = BitConverter.GetBytes(FileNameBlobLength.Length); 88 | 89 | switch (extraInfo) 90 | { 91 | case 1: 92 | BlobLength = new Byte[] { 0x58, 0x00, 0x00, 0x00 }; 93 | break; 94 | case 2: 95 | BlobLength = new Byte[] { 0x90, 0x00, 0x00, 0x00 }; 96 | break; 97 | default: 98 | BlobLength = new Byte[] { 0xb0, 0x00, 0x00, 0x00 }; 99 | bAllocationSize = BitConverter.GetBytes(allocationSize); 100 | break; 101 | } 102 | BlobOffset = BitConverter.GetBytes(Buffer.Length + 120); 103 | 104 | Byte[] ExtraInfoDHnQ_ChainOffset = { 0x28, 0x00, 0x00, 0x00 }; 105 | Byte[] ExtraInfoDHnQ_TagOffset = { 0x10, 0x00 }; 106 | Byte[] ExtraInfoDHnQ_TagLength = { 0x04, 0x00, 0x00, 0x00 }; 107 | Byte[] ExtraInfoDHnQ_DataOffset = { 0x18, 0x00}; 108 | Byte[] ExtraInfoDHnQ_DataLength = { 0x10, 0x00, 0x00, 0x00 }; 109 | Byte[] ExtraInfoDHnQ_Tag = { 0x44, 0x48, 0x6e, 0x51 }; 110 | Byte[] ExtraInfoDHnQ_Unknown = { 0x00, 0x00, 0x00, 0x00 }; 111 | Byte[] ExtraInfoDHnQ_DataGUIDHandle = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; 112 | 113 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoDHnQ_ChainOffset); 114 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoDHnQ_TagOffset); 115 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoDHnQ_TagLength); 116 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoDHnQ_DataOffset); 117 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoDHnQ_DataLength); 118 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoDHnQ_Tag); 119 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoDHnQ_Unknown); 120 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoDHnQ_DataGUIDHandle); 121 | 122 | if(extraInfo == 3) 123 | { 124 | Byte[] ExtraInfoAlSi_ChainOffset = { 0x20, 0x00, 0x00, 0x00 }; 125 | Byte[] ExtraInfoAlSi_Tag_Offset = { 0x10, 0x00 }; 126 | Byte[] ExtraInfoAlSi_Tag_Length = { 0x04, 0x00, 0x00, 0x00 }; 127 | Byte[] ExtraInfoAlSi_Data_Offset = { 0x18, 0x00 }; 128 | Byte[] ExtraInfoAlSi_Data_Length = { 0x08, 0x00, 0x00, 0x00 }; 129 | Byte[] ExtraInfoAlSi_Tag = { 0x41, 0x6c, 0x53, 0x69 }; 130 | Byte[] ExtraInfoAlSi_Unknown = { 0x00, 0x00, 0x00, 0x00 }; 131 | Byte[] ExtraInfoAlSi_AllocationSize = bAllocationSize; 132 | 133 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoAlSi_ChainOffset); 134 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoAlSi_Tag_Offset); 135 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoAlSi_Tag_Length); 136 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoAlSi_Data_Offset); 137 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoAlSi_Data_Length); 138 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoAlSi_Tag); 139 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoAlSi_Unknown); 140 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoAlSi_AllocationSize); 141 | } 142 | 143 | Byte[] ExtraInfoMxAc_ChainOffset = { 0x18, 0x00, 0x00, 0x00}; 144 | Byte[] ExtraInfoMxAc_Tag_Offset = { 0x10, 0x00}; 145 | Byte[] ExtraInfoMxAc_Tag_Length = { 0x04, 0x00, 0x00, 0x00}; 146 | Byte[] ExtraInfoMxAc_Data_Offset = { 0x18, 0x00}; 147 | Byte[] ExtraInfoMxAc_Data_Length = { 0x00, 0x00, 0x00, 0x00}; 148 | Byte[] ExtraInfoMxAc_Tag = { 0x4d, 0x78, 0x41, 0x63}; 149 | Byte[] ExtraInfoMxAc_Unknown = { 0x00, 0x00, 0x00, 0x00}; 150 | 151 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoMxAc_ChainOffset); 152 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoMxAc_Tag_Offset); 153 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoMxAc_Tag_Length); 154 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoMxAc_Data_Offset); 155 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoMxAc_Data_Length); 156 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoMxAc_Tag); 157 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoMxAc_Unknown); 158 | 159 | Byte[] ExtraInfoQFid_ChainOffset; 160 | if (extraInfo > 1) 161 | { 162 | ExtraInfoQFid_ChainOffset = new Byte[] { 0x18, 0x00, 0x00, 0x00 }; 163 | } 164 | else 165 | { 166 | ExtraInfoQFid_ChainOffset = new Byte[] { 0x00, 0x00, 0x00, 0x00 }; 167 | } 168 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoQFid_ChainOffset); 169 | 170 | Byte[] ExtraInfoQFid_Tag_Offset = { 0x10, 0x00 }; 171 | Byte[] ExtraInfoQFid_Tag_Length = { 0x04, 0x00, 0x00, 0x00 }; 172 | Byte[] ExtraInfoQFid_Data_Offset = { 0x18, 0x00 }; 173 | Byte[] ExtraInfoQFid_Data_Length = { 0x00, 0x00, 0x00, 0x00 }; 174 | Byte[] ExtraInfoQFid_Tag = { 0x51, 0x46, 0x69, 0x64}; 175 | Byte[] ExtraInfoQFid_Unknown = { 0x00, 0x00, 0x00, 0x00 }; 176 | 177 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoQFid_Tag_Offset); 178 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoQFid_Tag_Length); 179 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoQFid_Data_Offset); 180 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoQFid_Data_Length); 181 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoQFid_Tag); 182 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoQFid_Unknown); 183 | 184 | if(extraInfo > 1) 185 | { 186 | Byte[] ExtraInfoRqLs_ChainOffset = { 0x00, 0x00, 0x00, 0x00 }; 187 | Byte[] ExtraInfoRqLs_Tag_Offset = { 0x10, 0x00 }; 188 | Byte[] ExtraInfoRqLs_Tag_Length = { 0x04, 0x00, 0x00, 0x00 }; 189 | Byte[] ExtraInfoRqLs_Data_Offset = { 0x18, 0x00 }; 190 | Byte[] ExtraInfoRqLs_Data_Length = { 0x20, 0x00, 0x00, 0x00 }; 191 | Byte[] ExtraInfoRqLs_Tag = { 0x52, 0x71, 0x4c, 0x73}; 192 | Byte[] ExtraInfoRqLs_Unknown = { 0x00, 0x00, 0x00, 0x00 }; 193 | 194 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoRqLs_ChainOffset); 195 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoRqLs_Tag_Offset); 196 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoRqLs_Tag_Length); 197 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoRqLs_Data_Offset); 198 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoRqLs_Data_Length); 199 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoRqLs_Tag); 200 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoRqLs_Unknown); 201 | 202 | Byte[] ExtraInfoRqLs_DataLeaseKey; 203 | if(extraInfo == 2) 204 | { 205 | ExtraInfoRqLs_DataLeaseKey = new Byte[] { 0x10, 0xb0, 0x1d, 0x02, 0xa0, 0xf8, 0xff, 0xff, 0x47, 0x78, 0x67, 0x02, 0x00, 0x00, 0x00, 0x00 }; 206 | } 207 | else 208 | { 209 | ExtraInfoRqLs_DataLeaseKey = new Byte[] { 0x10, 0x90, 0x64, 0x01, 0xa0, 0xf8, 0xff, 0xff, 0x47, 0x78, 0x67, 0x02, 0x00, 0x00, 0x00, 0x00 }; 210 | } 211 | 212 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoRqLs_DataLeaseKey); 213 | 214 | Byte[] ExtraInfoRqLs_Data_Lease_State = { 0x07, 0x00, 0x00, 0x00 }; 215 | Byte[] ExtraInfoRqLs_Data_Lease_Flags = { 0x00, 0x00, 0x00, 0x00 }; 216 | Byte[] ExtraInfoRqLs_Data_Lease_Duration = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 217 | 218 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoRqLs_Data_Lease_State); 219 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoRqLs_Data_Lease_Flags); 220 | ExtraInfo = Combine.combine(ExtraInfo, ExtraInfoRqLs_Data_Lease_Duration); 221 | } 222 | } 223 | 224 | internal void SetAccessMask(Byte[] AccessMask) 225 | { 226 | if (AccessMask.Length == this.AccessMask.Length) 227 | { 228 | this.AccessMask = AccessMask; 229 | } 230 | } 231 | 232 | internal void SetShareAccess(Byte[] ShareAccess) 233 | { 234 | if (ShareAccess.Length == this.ShareAccess.Length) 235 | { 236 | this.ShareAccess = ShareAccess; 237 | } 238 | } 239 | 240 | internal void SetCreateOptions(Byte[] CreateOptions) 241 | { 242 | if (CreateOptions.Length == this.CreateOptions.Length) 243 | { 244 | this.CreateOptions = CreateOptions; 245 | } 246 | } 247 | 248 | internal void SetBlobOffSet(String filename) 249 | { 250 | BlobOffset = BitConverter.GetBytes(filename.Length + 120); 251 | BlobLength = new Byte[] { 0x40, 0x00, 0x00, 0x00 }; 252 | } 253 | 254 | internal Byte[] GetRequest() 255 | { 256 | Byte[] request = Combine.combine(StructureSize, Flags); 257 | request = Combine.combine(request, RequestedOplockLevel); 258 | request = Combine.combine(request, Impersonation); 259 | request = Combine.combine(request, CreateFlags); 260 | request = Combine.combine(request, Reserved); 261 | request = Combine.combine(request, AccessMask); 262 | request = Combine.combine(request, FileAttributes); 263 | request = Combine.combine(request, ShareAccess); 264 | request = Combine.combine(request, Disposition); 265 | request = Combine.combine(request, CreateOptions); 266 | request = Combine.combine(request, FileNameBlobOffset); 267 | request = Combine.combine(request, FileNameBlobLength); 268 | request = Combine.combine(request, BlobOffset); 269 | request = Combine.combine(request, BlobLength); 270 | request = Combine.combine(request, Buffer); 271 | request = Combine.combine(request, ExtraInfo); 272 | return request; 273 | } 274 | } 275 | } -------------------------------------------------------------------------------- /MonkeyWorks/SMB/SMB2/SMB2FindFileRequestFile.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace MonkeyWorks.SMB.SMB2 4 | { 5 | sealed class SMB2FindFileRequestFile 6 | { 7 | private readonly Byte[] StructureSize = { 0x21, 0x00 }; 8 | private Byte[] InfoLevel = { 0x25 }; 9 | private readonly Byte[] Flags = { 0x00 }; 10 | private readonly Byte[] FileIndex = { 0x00, 0x00, 0x00, 0x00 }; 11 | private Byte[] FileID = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 12 | private readonly Byte[] SearchPattern_Offset = { 0x60, 0x00 }; 13 | private readonly Byte[] SearchPattern_Length = { 0x02, 0x00 }; 14 | private Byte[] OutputBufferLength = { 0x00, 0x00, 0x01, 0x00 }; 15 | private readonly Byte[] SearchPattern = { 0x2a, 0x00 }; 16 | private Byte[] Padding = new Byte[0]; 17 | 18 | internal SMB2FindFileRequestFile() 19 | { 20 | } 21 | 22 | internal void SetInfoLevel(Byte[] InfoLevel) 23 | { 24 | if (InfoLevel.Length == this.InfoLevel.Length) 25 | { 26 | this.InfoLevel = InfoLevel; 27 | } 28 | } 29 | 30 | internal void SetFileID(Byte[] FileID) 31 | { 32 | if (FileID.Length == this.FileID.Length) 33 | { 34 | this.FileID = FileID; 35 | } 36 | } 37 | 38 | internal void SetOutputBufferLength(Byte[] OutputBufferLength) 39 | { 40 | if (OutputBufferLength.Length == this.OutputBufferLength.Length) 41 | { 42 | this.OutputBufferLength = OutputBufferLength; 43 | } 44 | } 45 | 46 | internal void SetPadding(Byte[] Padding) 47 | { 48 | this.Padding = Padding; 49 | } 50 | 51 | internal Byte[] GetRequest() 52 | { 53 | Byte[] request = Combine.combine(StructureSize, InfoLevel); 54 | request = Combine.combine(request, Flags); 55 | request = Combine.combine(request, FileIndex); 56 | request = Combine.combine(request, FileID); 57 | request = Combine.combine(request, SearchPattern_Offset); 58 | request = Combine.combine(request, SearchPattern_Length); 59 | request = Combine.combine(request, OutputBufferLength); 60 | request = Combine.combine(request, SearchPattern); 61 | request = Combine.combine(request, Padding); 62 | return request; 63 | } 64 | } 65 | } 66 | -------------------------------------------------------------------------------- /MonkeyWorks/SMB/SMB2/SMB2GetInfo.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace MonkeyWorks.SMB.SMB2 4 | { 5 | sealed class SMB2GetInfo 6 | { 7 | private readonly Byte[] StructureSize = { 0x29, 0x00 }; 8 | private Byte[] Class = new Byte[1]; 9 | private Byte[] InfoLevel = new Byte[1]; 10 | private Byte[] MaxResponseSize = new Byte[4]; 11 | private Byte[] GetInfoInputOffset = new Byte[2]; 12 | private readonly Byte[] Reserved = { 0x00, 0x00 }; 13 | private readonly Byte[] GetInfoInputSize = { 0x00, 0x00, 0x00, 0x00 }; 14 | private readonly Byte[] AdditionalInformation = { 0x00, 0x00, 0x00, 0x00 }; 15 | private readonly Byte[] Flags = { 0x00, 0x00, 0x00, 0x00 }; 16 | private Byte[] GUIDHandleFile; 17 | private Byte[] Buffer = new Byte[0]; 18 | 19 | 20 | internal SMB2GetInfo() 21 | { 22 | } 23 | 24 | internal void SetClass(Byte[] Class) 25 | { 26 | this.Class = Class; 27 | } 28 | 29 | internal void SetInfoLevel(Byte[] infoLevel) 30 | { 31 | this.InfoLevel = infoLevel; 32 | } 33 | 34 | internal void SetMaxResponseSize(Byte[] maxResponseSize) 35 | { 36 | this.MaxResponseSize = maxResponseSize; 37 | } 38 | 39 | internal void SetGetInfoInputOffset(Byte[] getInfoInputOffset) 40 | { 41 | this.GetInfoInputOffset = getInfoInputOffset; 42 | } 43 | 44 | internal void SetGUIDHandleFile(Byte[] guidHandleFile) 45 | { 46 | this.GUIDHandleFile = guidHandleFile; 47 | } 48 | 49 | internal void SetBuffer(Int32 bufferSize) 50 | { 51 | Buffer = new Byte[bufferSize]; 52 | } 53 | 54 | internal Byte[] GetRequest() 55 | { 56 | Byte[] request = Combine.combine(StructureSize, Class); 57 | request = Combine.combine(request, InfoLevel); 58 | request = Combine.combine(request, MaxResponseSize); 59 | request = Combine.combine(request, GetInfoInputOffset); 60 | request = Combine.combine(request, Reserved); 61 | request = Combine.combine(request, GetInfoInputSize); 62 | request = Combine.combine(request, AdditionalInformation); 63 | request = Combine.combine(request, Flags); 64 | request = Combine.combine(request, GUIDHandleFile); 65 | request = Combine.combine(request, Buffer); 66 | return request; 67 | } 68 | 69 | } 70 | } -------------------------------------------------------------------------------- /MonkeyWorks/SMB/SMB2/SMB2Header.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Linq; 3 | using System.Security.Cryptography; 4 | 5 | namespace MonkeyWorks.SMB.SMB2 6 | { 7 | sealed class SMB2Header 8 | { 9 | private readonly Byte[] ServerComponent = { 0xfe, 0x53, 0x4d, 0x42 }; 10 | private readonly Byte[] HeaderLength = { 0x40, 0x00 }; 11 | private readonly Byte[] CreditCharge = { 0x01, 0x00 }; 12 | private Byte[] ChannelSequence = new Byte[2]; 13 | private readonly Byte[] Reserved = { 0x00, 0x00 }; 14 | private Byte[] Command = new Byte[2]; 15 | private Byte[] CreditsRequested = new Byte[2]; 16 | private Byte[] Flags = new Byte[4]; 17 | private Byte[] ChainOffset = new Byte[4]; 18 | private Byte[] MessageID = new Byte[8]; 19 | private Byte[] ProcessId = new Byte[4]; 20 | private Byte[] TreeId = new Byte[4]; 21 | private Byte[] SessionId = new Byte[8]; 22 | private Byte[] Signature = new Byte[16]; 23 | 24 | internal SMB2Header() 25 | { 26 | ChannelSequence = new Byte[] { 0x00, 0x00 }; 27 | Flags = new Byte[] { 0x00, 0x00, 0x00, 0x00 }; 28 | ChainOffset = new Byte[] { 0x00, 0x00, 0x00, 0x00 }; 29 | } 30 | 31 | internal void SetCommand(Byte[] Command) 32 | { 33 | if (Command.Length == this.Command.Length) 34 | { 35 | this.Command = Command; 36 | return; 37 | } 38 | throw new IndexOutOfRangeException(); 39 | } 40 | 41 | internal void SetCreditsRequested(Byte[] creditsRequested) 42 | { 43 | if (creditsRequested.Length == this.CreditsRequested.Length) 44 | { 45 | this.CreditsRequested = creditsRequested; 46 | return; 47 | } 48 | throw new IndexOutOfRangeException(); 49 | } 50 | 51 | internal void SetFlags(Byte[] Flags) 52 | { 53 | if (Flags.Length == this.Flags.Length) 54 | { 55 | this.Flags = Flags; 56 | return; 57 | } 58 | throw new IndexOutOfRangeException(); 59 | } 60 | 61 | internal void SetChainOffset(Int32 dataLength) 62 | { 63 | ChainOffset = BitConverter.GetBytes(GetHeader().Length + dataLength); 64 | } 65 | 66 | internal void SetChainOffset(Byte[] ChainOffset) 67 | { 68 | if (ChainOffset.Length == this.ChainOffset.Length) 69 | { 70 | this.ChainOffset = ChainOffset; 71 | return; 72 | } 73 | throw new IndexOutOfRangeException(); 74 | } 75 | 76 | internal void SetMessageID(UInt32 MessageID) 77 | { 78 | this.MessageID = Combine.combine(BitConverter.GetBytes(MessageID), new Byte[] { 0x00, 0x00, 0x00, 0x00 }); 79 | } 80 | 81 | internal void SetProcessID(Byte[] ProcessId) 82 | { 83 | if (ProcessId.Length == this.ProcessId.Length) 84 | { 85 | this.ProcessId = ProcessId; 86 | return; 87 | } 88 | throw new IndexOutOfRangeException(); 89 | } 90 | 91 | internal void SetTreeId(Byte[] TreeId) 92 | { 93 | if (TreeId.Length == this.TreeId.Length) 94 | { 95 | this.TreeId = TreeId; 96 | return; 97 | } 98 | throw new IndexOutOfRangeException(); 99 | } 100 | 101 | internal void SetSessionID(Byte[] SessionId) 102 | { 103 | if (SessionId.Length == this.SessionId.Length) 104 | { 105 | this.SessionId = SessionId; 106 | return; 107 | } 108 | throw new IndexOutOfRangeException(); 109 | } 110 | 111 | internal void SetSignature(Byte[] sessionKey, ref Byte[] data) 112 | { 113 | using (HMACSHA256 sha256 = new HMACSHA256()) 114 | { 115 | sha256.Key = sessionKey; 116 | this.Signature = sha256.ComputeHash(Combine.combine(GetHeader(), data)).Take(16).ToArray(); 117 | } 118 | } 119 | 120 | internal Byte[] GetHeader() 121 | { 122 | Combine combine = new Combine(); 123 | combine.Extend(ServerComponent); 124 | combine.Extend(HeaderLength); 125 | combine.Extend(CreditCharge); 126 | combine.Extend(ChannelSequence); 127 | combine.Extend(Reserved); 128 | combine.Extend(Command); 129 | combine.Extend(CreditsRequested); 130 | combine.Extend(Flags); 131 | combine.Extend(ChainOffset); 132 | combine.Extend(MessageID); 133 | combine.Extend(ProcessId); 134 | combine.Extend(TreeId); 135 | combine.Extend(SessionId); 136 | combine.Extend(Signature); 137 | return combine.Retrieve(); 138 | } 139 | } 140 | } -------------------------------------------------------------------------------- /MonkeyWorks/SMB/SMB2/SMB2IoctlRequest.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace MonkeyWorks.SMB.SMB2 4 | { 5 | sealed class SMB2IoctlRequest 6 | { 7 | private readonly Byte[] StructureSize = { 0x39, 0x00 }; 8 | private readonly Byte[] Reserved = { 0x00, 0x00 }; 9 | private readonly Byte[] Function = { 0x94, 0x01, 0x06, 0x00 }; 10 | private readonly Byte[] GUIDHandle = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 11 | private readonly Byte[] InDataBlobOffset = { 0x78, 0x00, 0x00, 0x00 }; 12 | private Byte[] InDataBlobLength; 13 | private readonly Byte[] MaxIoctlInSize = { 0x00, 0x00, 0x00, 0x00 }; 14 | private readonly Byte[] OutDataBlobOffset = { 0x78, 0x00, 0x00, 0x00 }; 15 | private readonly Byte[] OutDataBlobLength = { 0x00, 0x00, 0x00, 0x00 }; 16 | private readonly Byte[] MaxIoctlOutSize = { 0x00, 0x10, 0x00, 0x00 }; 17 | private readonly Byte[] Flags = { 0x01, 0x00, 0x00, 0x00 }; 18 | private readonly Byte[] Reserved2 = { 0x00, 0x00, 0x00, 0x00 }; 19 | private readonly Byte[] InDataMaxReferralLevel = { 0x04, 0x00 }; 20 | private Byte[] InDataFileName; 21 | 22 | 23 | internal void SetFileName(String fileName) 24 | { 25 | this.InDataFileName = System.Text.Encoding.Unicode.GetBytes(fileName); 26 | this.InDataBlobLength = BitConverter.GetBytes(InDataFileName.Length + 2); 27 | } 28 | 29 | internal Byte[] GetRequest() 30 | { 31 | Byte[] request = Combine.combine(StructureSize, Reserved); 32 | request = Combine.combine(request, Function); 33 | request = Combine.combine(request, GUIDHandle); 34 | request = Combine.combine(request, InDataBlobOffset); 35 | request = Combine.combine(request, InDataBlobLength); 36 | request = Combine.combine(request, MaxIoctlInSize); 37 | request = Combine.combine(request, OutDataBlobOffset); 38 | request = Combine.combine(request, OutDataBlobLength); 39 | request = Combine.combine(request, MaxIoctlOutSize); 40 | request = Combine.combine(request, Flags); 41 | request = Combine.combine(request, Reserved2); 42 | request = Combine.combine(request, InDataMaxReferralLevel); 43 | request = Combine.combine(request, InDataFileName); 44 | return request; 45 | } 46 | } 47 | } -------------------------------------------------------------------------------- /MonkeyWorks/SMB/SMB2/SMB2NTLMSSPAuth.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Linq; 3 | 4 | namespace MonkeyWorks.SMB.SMB2 5 | { 6 | sealed class NTLMSSPAuth 7 | { 8 | private readonly Byte[]ASNID = { 0xa1, 0x82 }; 9 | private Byte[]ASNLength; 10 | private readonly Byte[]ASNID2 = { 0x30, 0x82 }; 11 | private Byte[]ASNLength2; 12 | private readonly Byte[]ASNID3 = { 0xa2, 0x82 }; 13 | private Byte[]ASNLength3; 14 | private readonly Byte[]NTLMSSPID = { 0x04, 0x82}; 15 | private Byte[]NTLMSSPLength; 16 | private Byte[]NTLMResponse; 17 | 18 | internal NTLMSSPAuth() 19 | { 20 | } 21 | 22 | internal void SetNetNTLMResponse(Byte[] netNTLMResponse) 23 | { 24 | this.NTLMResponse = netNTLMResponse; 25 | NTLMSSPLength = BitConverter.GetBytes(netNTLMResponse.Length).Take(2).ToArray(); 26 | Array.Reverse(NTLMSSPLength); 27 | 28 | ASNLength = BitConverter.GetBytes(netNTLMResponse.Length + 12).Take(2).ToArray(); 29 | Array.Reverse(ASNLength); 30 | 31 | ASNLength2 = BitConverter.GetBytes(netNTLMResponse.Length + 8).Take(2).ToArray(); 32 | Array.Reverse(ASNLength2); 33 | 34 | ASNLength3 = BitConverter.GetBytes(netNTLMResponse.Length + 4).Take(2).ToArray(); 35 | Array.Reverse(ASNLength3); 36 | } 37 | 38 | internal Byte[] GetNTLMSSPAuth() 39 | { 40 | Byte[] request = Combine.combine(ASNID, ASNLength); 41 | request = Combine.combine(request, ASNID2); 42 | request = Combine.combine(request, ASNLength2); 43 | request = Combine.combine(request, ASNID3); 44 | request = Combine.combine(request, ASNLength3); 45 | request = Combine.combine(request, NTLMSSPID); 46 | request = Combine.combine(request, NTLMSSPLength); 47 | request = Combine.combine(request, NTLMResponse); 48 | return request; 49 | } 50 | } 51 | } -------------------------------------------------------------------------------- /MonkeyWorks/SMB/SMB2/SMB2NTLMSSPNegotiate.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace MonkeyWorks.SMB.SMB2 4 | { 5 | sealed class SMB2NTLMSSPNegotiate 6 | { 7 | private String version = String.Empty; 8 | 9 | private readonly Byte[] InitialContextTokenID = { 0x60 }; 10 | private Byte[] InitialcontextTokenLength; 11 | private readonly Byte[] ThisMechID = { 0x06 }; 12 | private readonly Byte[] ThisMechLength = { 0x06 }; 13 | private readonly Byte[] OID = { 0x2b, 0x06, 0x01, 0x05, 0x05, 0x02 }; 14 | private readonly Byte[] InnerContextTokenID = { 0xa0 }; 15 | private Byte[] InnerContextTokenLength; 16 | private readonly Byte[] InnerContextTokenID2 = { 0x30 }; 17 | private Byte[] InnerContextTokenLength2; 18 | private readonly Byte[] MechTypesID = { 0xa0 }; 19 | private readonly Byte[] MechTypesLength = { 0x0e }; 20 | private readonly Byte[] MechTypesID2 = { 0x30 }; 21 | private readonly Byte[] MechTypesLength2 = { 0x0c }; 22 | private readonly Byte[] MechTypesID3 = { 0x06 }; 23 | private readonly Byte[] MechTypesLength3 = { 0x0a }; 24 | private readonly Byte[] MechType = { 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x02, 0x0a }; 25 | private readonly Byte[] MechTokenID = { 0xa2 }; 26 | private Byte[] MechTokenLength; 27 | private readonly Byte[] NTLMSSPID = { 0x04 }; 28 | private Byte[] NTLMSSPLength; 29 | private readonly Byte[] Identifier = { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00 }; 30 | private readonly Byte[] MessageType = { 0x01, 0x00, 0x00, 0x00 }; 31 | private Byte[] NegotiateFlags; 32 | private readonly Byte[] CallingWorkstationDomain = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 33 | private readonly Byte[] CallingWorkstationName = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 34 | 35 | internal SMB2NTLMSSPNegotiate(String version) 36 | { 37 | this.version = version; 38 | } 39 | 40 | internal void SetFlags(Byte[] flags) 41 | { 42 | this.NegotiateFlags = flags; 43 | } 44 | 45 | internal Byte[] GetSMB2NTLMSSPNegotiate() 46 | { 47 | Byte[] NTLMSSPLength = BitConverter.GetBytes(32 + version.Length); 48 | NTLMSSPLength = new Byte[] { NTLMSSPLength[0] }; 49 | 50 | InitialcontextTokenLength = new Byte[] { (Byte)(Convert.ToInt16(NTLMSSPLength[0]) + 32) }; 51 | InnerContextTokenLength = new Byte[] { (Byte)(Convert.ToInt16(NTLMSSPLength[0]) + 22) }; 52 | InnerContextTokenLength2 = new Byte[] { (Byte)(Convert.ToInt16(NTLMSSPLength[0]) + 20) }; 53 | MechTokenLength = new Byte[] { (Byte)(Convert.ToInt16(NTLMSSPLength[0]) + 2) }; 54 | 55 | Byte[] negotiate = Combine.combine(InitialContextTokenID, InitialcontextTokenLength); 56 | negotiate = Combine.combine(negotiate, ThisMechID); 57 | negotiate = Combine.combine(negotiate, ThisMechLength); 58 | negotiate = Combine.combine(negotiate, OID); 59 | negotiate = Combine.combine(negotiate, InnerContextTokenID); 60 | negotiate = Combine.combine(negotiate, InnerContextTokenLength); 61 | negotiate = Combine.combine(negotiate, InnerContextTokenID2); 62 | negotiate = Combine.combine(negotiate, InnerContextTokenLength2); 63 | negotiate = Combine.combine(negotiate, MechTypesID); 64 | negotiate = Combine.combine(negotiate, MechTypesLength); 65 | negotiate = Combine.combine(negotiate, MechTypesID2); 66 | negotiate = Combine.combine(negotiate, MechTypesLength2); 67 | negotiate = Combine.combine(negotiate, MechTypesID3); 68 | negotiate = Combine.combine(negotiate, MechTypesLength3); 69 | negotiate = Combine.combine(negotiate, MechType); 70 | negotiate = Combine.combine(negotiate, MechTokenID); 71 | negotiate = Combine.combine(negotiate, MechTokenLength); 72 | negotiate = Combine.combine(negotiate, NTLMSSPID); 73 | negotiate = Combine.combine(negotiate, NTLMSSPLength); 74 | negotiate = Combine.combine(negotiate, Identifier); 75 | negotiate = Combine.combine(negotiate, MessageType); 76 | negotiate = Combine.combine(negotiate, NegotiateFlags); 77 | negotiate = Combine.combine(negotiate, CallingWorkstationDomain); 78 | negotiate = Combine.combine(negotiate, CallingWorkstationName); 79 | 80 | if (version.Length > 0) 81 | { 82 | negotiate = Combine.combine(negotiate, System.Text.Encoding.ASCII.GetBytes(version)); 83 | } 84 | 85 | return negotiate; 86 | } 87 | } 88 | } -------------------------------------------------------------------------------- /MonkeyWorks/SMB/SMB2/SMB2NegotiateProtocolRequest.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace MonkeyWorks.SMB.SMB2 4 | { 5 | sealed class SMB2NegotiateProtocolRequest 6 | { 7 | private readonly Byte[] StructureSize = { 0x24, 0x00 }; 8 | private readonly Byte[] DialectCount = { 0x02, 0x00 }; 9 | private readonly Byte[] SecurityMode = { 0x01, 0x00 }; 10 | private readonly Byte[] Reserved = { 0x00, 0x00 }; 11 | private readonly Byte[] Capabilities = { 0x40, 0x00, 0x00, 0x00 }; 12 | private readonly Byte[] ClientGUID = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 13 | private readonly Byte[] NegotiateContextOffset = { 0x00, 0x00, 0x00, 0x00 }; 14 | private readonly Byte[] NegotiateContextCount = { 0x00, 0x00 }; 15 | private readonly Byte[] Reserved2 = { 0x00, 0x00 }; 16 | private readonly Byte[] Dialect = { 0x02, 0x02 }; 17 | private readonly Byte[] Dialect2 = { 0x10, 0x02 }; 18 | 19 | internal Byte[] GetProtocols() 20 | { 21 | Byte[] protocols = Combine.combine(StructureSize, DialectCount); 22 | protocols = Combine.combine(protocols, SecurityMode); 23 | protocols = Combine.combine(protocols, Reserved); 24 | protocols = Combine.combine(protocols, Capabilities); 25 | protocols = Combine.combine(protocols, ClientGUID); 26 | protocols = Combine.combine(protocols, NegotiateContextOffset); 27 | protocols = Combine.combine(protocols, NegotiateContextCount); 28 | protocols = Combine.combine(protocols, Reserved2); 29 | protocols = Combine.combine(protocols, Dialect); 30 | protocols = Combine.combine(protocols, Dialect2); 31 | return protocols; 32 | } 33 | } 34 | } -------------------------------------------------------------------------------- /MonkeyWorks/SMB/SMB2/SMB2ReadRequest.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace MonkeyWorks.SMB.SMB2 4 | { 5 | sealed class SMB2ReadRequest 6 | { 7 | private readonly Byte[] StructureSize = { 0x31, 0x00 }; 8 | private readonly Byte[] Padding = { 0x50 }; 9 | private readonly Byte[] Flags = { 0x00 }; 10 | private Byte[] Length = { 0x00, 0x10, 0x00, 0x00 }; 11 | private Byte[] Offset = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 12 | private Byte[] GuidHandleFile; 13 | private readonly Byte[] MinimumCount = { 0x00, 0x00, 0x00, 0x00 }; 14 | private readonly Byte[] Channel = { 0x00, 0x00, 0x00, 0x00 }; 15 | private readonly Byte[] RemainingBytes = { 0x00, 0x00, 0x00, 0x00 }; 16 | private readonly Byte[] ReadChannelInfoOffset = { 0x00, 0x00 }; 17 | private readonly Byte[] ReadChannelInfoLength = { 0x00, 0x00 }; 18 | private readonly Byte[] Buffer = { 0x30 }; 19 | 20 | internal SMB2ReadRequest() 21 | { 22 | 23 | } 24 | 25 | internal void SetLength(Byte[] Length) 26 | { 27 | if (this.Length.Length == Length.Length) 28 | { 29 | this.Length = Length; 30 | return; 31 | } 32 | throw new IndexOutOfRangeException(); 33 | } 34 | 35 | internal void SetOffset(Byte[] Offset) 36 | { 37 | if (this.Offset.Length == Offset.Length) 38 | { 39 | this.Offset = Offset; 40 | return; 41 | } 42 | throw new IndexOutOfRangeException(); 43 | } 44 | 45 | internal void SetGuidHandleFile(Byte[] GuidHandleFile) 46 | { 47 | this.GuidHandleFile = GuidHandleFile; 48 | } 49 | 50 | internal Byte[] GetRequest() 51 | { 52 | Byte[] request = Combine.combine(StructureSize, Padding); 53 | request = Combine.combine(request, Flags); 54 | request = Combine.combine(request, Length); 55 | request = Combine.combine(request, Offset); 56 | request = Combine.combine(request, GuidHandleFile); 57 | request = Combine.combine(request, MinimumCount); 58 | request = Combine.combine(request, Channel); 59 | request = Combine.combine(request, RemainingBytes); 60 | request = Combine.combine(request, ReadChannelInfoOffset); 61 | request = Combine.combine(request, ReadChannelInfoLength); 62 | return Combine.combine(request, Buffer); 63 | } 64 | } 65 | } 66 | -------------------------------------------------------------------------------- /MonkeyWorks/SMB/SMB2/SMB2SessionLogoffRequest.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace MonkeyWorks.SMB.SMB2 4 | { 5 | sealed class SMB2SessionLogoffRequest 6 | { 7 | private readonly Byte[] StructureSize = { 0x04, 0x00 }; 8 | private readonly Byte[] Reserved = { 0x00, 0x00 }; 9 | 10 | internal SMB2SessionLogoffRequest() 11 | { 12 | 13 | } 14 | 15 | internal Byte[] GetRequest() 16 | { 17 | return Combine.combine(StructureSize, Reserved); 18 | } 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /MonkeyWorks/SMB/SMB2/SMB2SessionSetupRequest.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Linq; 3 | 4 | namespace MonkeyWorks.SMB.SMB2 5 | { 6 | sealed class SMB2SessionSetupRequest 7 | { 8 | private readonly Byte[] StructureSize = { 0x19, 0x00 }; 9 | private readonly Byte[] Flags = { 0x00 }; 10 | private readonly Byte[] SecurityMode = { 0x01 }; 11 | private readonly Byte[] Capabilities = { 0x00, 0x00, 0x00, 0x00 }; 12 | private readonly Byte[] Channel = { 0x00, 0x00, 0x00, 0x00 }; 13 | private readonly Byte[] BlobOffset = { 0x58, 0x00 }; 14 | private Byte[] BlobLength = new Byte[2]; 15 | private readonly Byte[] PreviousSessionID = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 16 | private Byte[] SecurityBlob; 17 | 18 | internal SMB2SessionSetupRequest() 19 | { 20 | } 21 | 22 | internal void SetSecurityBlob(Byte[] securityBlob) 23 | { 24 | BlobLength = BitConverter.GetBytes(securityBlob.Length).Take(2).ToArray(); 25 | this.SecurityBlob = securityBlob; 26 | } 27 | 28 | internal Byte[] GetSMB2SessionSetupRequest() 29 | { 30 | Byte[] request = Combine.combine(StructureSize, Flags); 31 | request = Combine.combine(request, SecurityMode); 32 | request = Combine.combine(request, Capabilities); 33 | request = Combine.combine(request, Channel); 34 | request = Combine.combine(request, BlobOffset); 35 | request = Combine.combine(request, BlobLength); 36 | request = Combine.combine(request, PreviousSessionID); 37 | request = Combine.combine(request, SecurityBlob); 38 | return request; 39 | } 40 | } 41 | } -------------------------------------------------------------------------------- /MonkeyWorks/SMB/SMB2/SMB2SetInfo.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace MonkeyWorks.SMB.SMB2 4 | { 5 | sealed class SMB2SetInfo 6 | { 7 | private readonly Byte[] StructureSize = new Byte[] { 0x21, 0x00 }; 8 | private Byte[] Class; 9 | private Byte[] InfoLevel; 10 | private Byte[] BufferLength; 11 | private readonly Byte[] BufferOffset = new Byte[] { 0x60, 0x00 }; 12 | private readonly Byte[] Reserved = new Byte[] { 0x00, 0x00 }; 13 | private readonly Byte[] AdditionalInformation = new Byte[] { 0x00, 0x00, 0x00, 0x00 }; 14 | private Byte[] GUIDHandleFile; 15 | private Byte[] Buffer; 16 | 17 | internal SMB2SetInfo() 18 | { 19 | 20 | } 21 | 22 | internal void SetClass(Byte[] Class) 23 | { 24 | this.Class = Class; 25 | } 26 | 27 | internal void SetInfoLevel(Byte[] InfoLevel) 28 | { 29 | this.InfoLevel = InfoLevel; 30 | } 31 | 32 | internal void SetGUIDHandleFile(Byte[] GUIDHandleFile) 33 | { 34 | this.GUIDHandleFile = GUIDHandleFile; 35 | } 36 | 37 | internal void SetBuffer(Byte[] Buffer) 38 | { 39 | this.Buffer = Buffer; 40 | BufferLength = BitConverter.GetBytes(Buffer.Length); 41 | } 42 | 43 | internal Byte[] GetRequest() 44 | { 45 | Combine combine = new Combine(); 46 | combine.Extend(StructureSize); 47 | combine.Extend(Class); 48 | combine.Extend(InfoLevel); 49 | combine.Extend(BufferLength); 50 | combine.Extend(BufferOffset); 51 | combine.Extend(Reserved); 52 | combine.Extend(AdditionalInformation); 53 | combine.Extend(GUIDHandleFile); 54 | combine.Extend(Buffer); 55 | return combine.Retrieve(); 56 | } 57 | } 58 | } -------------------------------------------------------------------------------- /MonkeyWorks/SMB/SMB2/SMB2TreeConnectRequest.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Linq; 3 | 4 | namespace MonkeyWorks.SMB.SMB2 5 | { 6 | sealed class SMB2TreeConnectRequest 7 | { 8 | private readonly Byte[] StructureSize = { 0x09, 0x00 }; 9 | private readonly Byte[] Reserved = { 0x00, 0x00 }; 10 | private readonly Byte[] PathOffset = { 0x48, 0x00 }; 11 | private Byte[] PathLength; 12 | private Byte[] Buffer; 13 | 14 | internal void SetPath(String share) 15 | { 16 | this.Buffer = System.Text.Encoding.Unicode.GetBytes(share); 17 | this.PathLength = BitConverter.GetBytes(Buffer.Length).Take(2).ToArray(); 18 | } 19 | 20 | internal Byte[] GetRequest() 21 | { 22 | Byte[] request = Combine.combine(StructureSize, Reserved); 23 | request = Combine.combine(request, PathOffset); 24 | request = Combine.combine(request, PathLength); 25 | request = Combine.combine(request, Buffer); 26 | return request; 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /MonkeyWorks/SMB/SMB2/SMB2TreeDisconnectRequest.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace MonkeyWorks.SMB.SMB2 4 | { 5 | sealed class SMB2TreeDisconnectRequest 6 | { 7 | private readonly Byte[] StructureSize = { 0x04, 0x00 }; 8 | private readonly Byte[] Reserved = { 0x00, 0x00 }; 9 | 10 | internal SMB2TreeDisconnectRequest() 11 | { 12 | 13 | } 14 | 15 | internal Byte[] GetRequest() 16 | { 17 | return Combine.combine(StructureSize, Reserved); 18 | } 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /MonkeyWorks/SMB/SMB2/SMB2WriteRequest.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace MonkeyWorks.SMB.SMB2 4 | { 5 | sealed class SMB2WriteRequest 6 | { 7 | private readonly Byte[] StructureSize = { 0x31, 0x00 }; 8 | private readonly Byte[] DataOffset = { 0x70, 0x00 }; 9 | private Byte[] BufferLength; 10 | private Byte[] Offset = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 11 | private Byte[] FileID; 12 | private readonly Byte[] Channel = { 0x00, 0x00, 0x00, 0x00 }; 13 | private readonly Byte[] RemainingBytes = { 0x00, 0x00, 0x00, 0x00 }; 14 | private readonly Byte[] WriteChannelInfoOffset = { 0x00, 0x00 }; 15 | private readonly Byte[] WriteChannelInfoLength = { 0x00, 0x00 }; 16 | private readonly Byte[] Flags = { 0x00, 0x00, 0x00, 0x00 }; 17 | private Byte[] Buffer = new Byte[0]; 18 | 19 | internal SMB2WriteRequest() 20 | { 21 | 22 | } 23 | 24 | internal void SetLength(Int32 BufferLength) 25 | { 26 | this.BufferLength = BitConverter.GetBytes(BufferLength); 27 | } 28 | 29 | internal void SetOffset(Int64 Offset) 30 | { 31 | this.Offset = BitConverter.GetBytes(Offset); 32 | } 33 | 34 | internal void SetGuidHandleFile(Byte[] FileID) 35 | { 36 | this.FileID = FileID; 37 | } 38 | 39 | internal void SetBuffer(Byte[] Buffer) 40 | { 41 | this.Buffer = Buffer; 42 | BufferLength = BitConverter.GetBytes(Buffer.Length); 43 | } 44 | 45 | internal Byte[] GetRequest() 46 | { 47 | Combine combine = new Combine(); 48 | combine.Extend(StructureSize); 49 | combine.Extend(DataOffset); 50 | combine.Extend(BufferLength); 51 | combine.Extend(Offset); 52 | combine.Extend(FileID); 53 | combine.Extend(Channel); 54 | combine.Extend(RemainingBytes); 55 | combine.Extend(WriteChannelInfoOffset); 56 | combine.Extend(WriteChannelInfoLength); 57 | combine.Extend(Flags); 58 | combine.Extend(Buffer); 59 | return combine.Retrieve(); 60 | } 61 | } 62 | } 63 | -------------------------------------------------------------------------------- /MonkeyWorks/SMB/SVCCTL/SVCCTLSCMCloseServiceHandle.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace MonkeyWorks.SMB.SVCCTL 4 | { 5 | sealed class SVCCTLSCMCloseServiceHandle 6 | { 7 | private Byte[] ContextHandle; 8 | 9 | internal SVCCTLSCMCloseServiceHandle() 10 | { 11 | 12 | } 13 | 14 | internal void SetContextHandle(Byte[] ContextHandle) 15 | { 16 | this.ContextHandle = ContextHandle; 17 | } 18 | 19 | internal Byte[] GetRequest() 20 | { 21 | return ContextHandle; 22 | } 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /MonkeyWorks/SMB/SVCCTL/SVCCTLSCMCreateServiceW.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Linq; 3 | using System.Text; 4 | 5 | namespace MonkeyWorks.SMB.SVCCTL 6 | { 7 | sealed class SVCCTLSCMCreateServiceW 8 | { 9 | private Byte[] ContextHandle; 10 | private Byte[] ServiceName_MaxCount; 11 | private Byte[] ServiceName_Offset = { 0x00, 0x00, 0x00, 0x00 }; 12 | private Byte[] ServiceName_ActualCount; 13 | private Byte[] ServiceName; 14 | private Byte[] DisplayName_ReferentID; 15 | private Byte[] DisplayName_MaxCount; 16 | private readonly Byte[] DisplayName_Offset = { 0x00, 0x00, 0x00, 0x00 }; 17 | private Byte[] DisplayName_ActualCount; 18 | private Byte[] DisplayName; 19 | private readonly Byte[] AccessMask = { 0xff, 0x01, 0x0f, 0x00 }; 20 | private readonly Byte[] ServiceType = { 0x10, 0x00, 0x00, 0x00 }; 21 | private readonly Byte[] ServiceStartType = { 0x03, 0x00, 0x00, 0x00 }; 22 | private readonly Byte[] ServiceErrorControl = { 0x00, 0x00, 0x00, 0x00 }; 23 | private Byte[] BinaryPathName_MaxCount; 24 | private readonly Byte[] BinaryPathName_Offset = { 0x00, 0x00, 0x00, 0x00 }; 25 | private Byte[] BinaryPathName_ActualCount; 26 | private Byte[] BinaryPathName; 27 | private readonly Byte[] LoadOrderGroup = { 0x00, 0x00, 0x00, 0x00 }; 28 | private readonly Byte[] TagID = { 0x00, 0x00, 0x00, 0x00 }; 29 | private readonly Byte[] Dependencies = { 0x00, 0x00, 0x00, 0x00 }; 30 | private readonly Byte[] DependSize = { 0x00, 0x00, 0x00, 0x00 }; 31 | private readonly Byte[] ServiceStartName = { 0x00, 0x00, 0x00, 0x00 }; 32 | private readonly Byte[] Password = { 0x00, 0x00, 0x00, 0x00 }; 33 | private readonly Byte[] PasswordSize = { 0x00, 0x00, 0x00, 0x00 }; 34 | 35 | private String strServiceName; 36 | 37 | internal SVCCTLSCMCreateServiceW() 38 | { 39 | DisplayName_ReferentID = Combine.combine(BitConverter.GetBytes(GenerateUuidNumeric(2)).Take(2).ToArray(), new Byte[] { 0x00, 0x00 }); 40 | } 41 | 42 | internal void SetContextHandle(Byte[] ContextHandle) 43 | { 44 | this.ContextHandle = ContextHandle; 45 | } 46 | 47 | internal void SetServiceName() 48 | { 49 | strServiceName = GenerateUuidAlpha(20); 50 | Byte[] tmp = Combine.combine(Encoding.Unicode.GetBytes(strServiceName), new Byte[] { 0x00, 0x00, 0x00, 0x00 }); 51 | ServiceName = DisplayName = tmp; 52 | ServiceName_MaxCount = ServiceName_ActualCount = DisplayName_MaxCount = DisplayName_ActualCount = BitConverter.GetBytes(strServiceName.Length + 1); 53 | } 54 | 55 | internal String GetServiceName() 56 | { 57 | return strServiceName; 58 | } 59 | 60 | internal void SetServiceName(String strServiceName) 61 | { 62 | this.strServiceName = strServiceName; 63 | Byte[] tmp = Combine.combine(Encoding.Unicode.GetBytes(strServiceName), new Byte[] { 0x00, 0x00 }); 64 | if (0 != strServiceName.Length % 2) 65 | { 66 | tmp = Combine.combine(tmp, new Byte[] { 0x00, 0x00 }); 67 | } 68 | ServiceName = DisplayName = tmp; 69 | ServiceName_MaxCount = ServiceName_ActualCount = DisplayName_MaxCount = DisplayName_ActualCount = BitConverter.GetBytes(strServiceName.Length + 1); 70 | } 71 | 72 | internal void SetCommand(String command) 73 | { 74 | BinaryPathName = Combine.combine(Encoding.Unicode.GetBytes(command), new Byte[] { 0x00, 0x00 }); 75 | if (0 != command.Length % 2) 76 | { 77 | //BinaryPathName = Combine.combine(BinaryPathName, new Byte[] { 0x00, 0x00 }); 78 | } 79 | BinaryPathName_MaxCount = BinaryPathName_ActualCount = BitConverter.GetBytes(command.Length + 1); 80 | } 81 | 82 | internal Byte[] GetRequest() 83 | { 84 | Combine combine = new Combine(); 85 | combine.Extend(ContextHandle); 86 | combine.Extend(ServiceName_MaxCount); 87 | combine.Extend(ServiceName_Offset); 88 | combine.Extend(ServiceName_ActualCount); 89 | combine.Extend(ServiceName); 90 | combine.Extend(DisplayName_ReferentID); 91 | combine.Extend(DisplayName_MaxCount); 92 | combine.Extend(DisplayName_Offset); 93 | combine.Extend(DisplayName_ActualCount); 94 | combine.Extend(DisplayName); 95 | combine.Extend(AccessMask); 96 | combine.Extend(ServiceType); 97 | combine.Extend(ServiceStartType); 98 | combine.Extend(ServiceErrorControl); 99 | combine.Extend(BinaryPathName_MaxCount); 100 | combine.Extend(BinaryPathName_Offset); 101 | combine.Extend(BinaryPathName_ActualCount); 102 | combine.Extend(BinaryPathName); 103 | combine.Extend(LoadOrderGroup); 104 | combine.Extend(TagID); 105 | combine.Extend(Dependencies); 106 | combine.Extend(DependSize); 107 | combine.Extend(ServiceStartName); 108 | combine.Extend(Password); 109 | combine.Extend(PasswordSize); 110 | return combine.Retrieve(); 111 | } 112 | 113 | //////////////////////////////////////////////////////////////////////////////// 114 | // 115 | //////////////////////////////////////////////////////////////////////////////// 116 | internal static String GenerateUuidAlpha(int length) 117 | { 118 | Random random = new Random(); 119 | const String chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; 120 | return new String(Enumerable.Repeat(chars, length).Select(s => s[random.Next(s.Length)]).ToArray()); 121 | } 122 | 123 | //////////////////////////////////////////////////////////////////////////////// 124 | // 125 | //////////////////////////////////////////////////////////////////////////////// 126 | internal static Int32 GenerateUuidNumeric(int length) 127 | { 128 | Random random = new Random(); 129 | const String chars = "0123456789"; 130 | String strUUID = new String(Enumerable.Repeat(chars, length).Select(s => s[random.Next(s.Length)]).ToArray()); 131 | if (Int32.TryParse(strUUID, out Int32 uuid)) 132 | { 133 | return uuid; 134 | } 135 | return 0; 136 | } 137 | } 138 | } 139 | -------------------------------------------------------------------------------- /MonkeyWorks/SMB/SVCCTL/SVCCTLSCMDeleteServiceW.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace MonkeyWorks.SMB.SVCCTL 4 | { 5 | sealed class SVCCTLSCMDeleteServiceW 6 | { 7 | private Byte[] ContextHandle; 8 | 9 | internal SVCCTLSCMDeleteServiceW() 10 | { 11 | 12 | } 13 | 14 | internal void SetContextHandle(Byte[] ContextHandle) 15 | { 16 | this.ContextHandle = ContextHandle; 17 | } 18 | 19 | internal Byte[] GetRequest() 20 | { 21 | return ContextHandle; 22 | } 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /MonkeyWorks/SMB/SVCCTL/SVCCTLSCMOpenSCManagerW.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Text; 3 | 4 | namespace MonkeyWorks.SMB.SVCCTL 5 | { 6 | sealed class SVCCTLSCMOpenSCManagerW 7 | { 8 | private Byte[] MachineName_ReferentID; 9 | private Byte[] MachineName_MaxCount; 10 | private readonly Byte[] MachineName_Offset = { 0x00, 0x00, 0x00, 0x00 }; 11 | private Byte[] MachineName_ActualCount; 12 | private Byte[] MachineName; 13 | private Byte[] Database_ReferentID; 14 | private readonly Byte[] Database_NameMaxCount = { 0x0f, 0x00, 0x00, 0x00 }; 15 | private readonly Byte[] Database_NameOffset = { 0x00, 0x00, 0x00, 0x00 }; 16 | private readonly Byte[] Database_NameActualCount = { 0x0f, 0x00, 0x00, 0x00 }; 17 | private readonly Byte[] Database = { 0x53, 0x00, 0x65, 0x00, 0x72, 0x00, 0x76, 0x00, 0x69, 0x00, 0x63, 0x00, 0x65, 0x00, 0x73, 0x00, 0x41, 0x00, 0x63, 0x00, 0x74, 0x00, 0x69, 0x00, 0x76, 0x00, 0x65, 0x00, 0x00, 0x00 }; 18 | private readonly Byte[] Unknown = { 0xbf, 0xbf }; 19 | private readonly Byte[] AccessMask = { 0x3f, 0x00, 0x00, 0x00 }; 20 | 21 | internal SVCCTLSCMOpenSCManagerW() 22 | { 23 | String strMachineName = SVCCTLSCMCreateServiceW.GenerateUuidAlpha(20); 24 | MachineName = Encoding.Unicode.GetBytes(strMachineName); 25 | /* 26 | if (0 == MachineName.Length % 2) 27 | MachineName = Combine.combine(MachineName, new Byte[] { 0x00, 0x00 }); 28 | else 29 | MachineName = Combine.combine(MachineName, new Byte[] { 0x00, 0x00, 0x00, 0x00 }); 30 | */ 31 | MachineName = Combine.combine(MachineName, new Byte[] { 0x00, 0x00, 0x00, 0x00 }); 32 | MachineName_ActualCount = MachineName_MaxCount = BitConverter.GetBytes(strMachineName.Length + 1); 33 | 34 | MachineName_ReferentID = Combine.combine(BitConverter.GetBytes((short)SVCCTLSCMCreateServiceW.GenerateUuidNumeric(2)), new Byte[] { 0x00, 0x00 }); 35 | Database_ReferentID = Combine.combine(BitConverter.GetBytes((short)SVCCTLSCMCreateServiceW.GenerateUuidNumeric(2)), new Byte[] { 0x00, 0x00 }); 36 | } 37 | 38 | internal Byte[] GetRequest() 39 | { 40 | Byte[] request = Combine.combine(MachineName_ReferentID, MachineName_MaxCount); 41 | request = Combine.combine(request, MachineName_Offset); 42 | request = Combine.combine(request, MachineName_ActualCount); 43 | request = Combine.combine(request, MachineName); 44 | request = Combine.combine(request, Database_ReferentID); 45 | request = Combine.combine(request, Database_NameMaxCount); 46 | request = Combine.combine(request, Database_NameOffset); 47 | request = Combine.combine(request, Database_NameActualCount); 48 | request = Combine.combine(request, Database); 49 | request = Combine.combine(request, Unknown); 50 | return Combine.combine(request, AccessMask); 51 | } 52 | } 53 | } 54 | -------------------------------------------------------------------------------- /MonkeyWorks/SMB/SVCCTL/SVCCTLSCMStartServiceW.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace MonkeyWorks.SMB.SVCCTL 4 | { 5 | sealed class SVCCTLSCMStartServiceW 6 | { 7 | private Byte[] ContextHandle; 8 | private readonly Byte[] Unknown = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 9 | 10 | internal SVCCTLSCMStartServiceW() 11 | { 12 | 13 | } 14 | 15 | internal void SetContextHandle(Byte[] ContextHandle) 16 | { 17 | this.ContextHandle = ContextHandle; 18 | } 19 | 20 | internal Byte[] GetRequest() 21 | { 22 | return Combine.combine(ContextHandle, Unknown); 23 | } 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /MonkeyWorks/Unmanaged/Headers/FltUserStructures.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Runtime.InteropServices; 3 | 4 | using WORD = System.UInt16; 5 | using DWORD = System.UInt32; 6 | using QWORD = System.UInt64; 7 | 8 | using USHORT = System.UInt16; 9 | using ULONG = System.UInt32; 10 | 11 | using LPCTSTR = System.String; 12 | using LPWSTR = System.Text.StringBuilder; 13 | 14 | using PVOID = System.IntPtr; 15 | using LPVOID = System.IntPtr; 16 | using DWORD_PTR = System.IntPtr; 17 | 18 | using WCHAR = System.Char; 19 | 20 | namespace MonkeyWorks.Unmanaged.Headers 21 | { 22 | public class FltUserStructures 23 | { 24 | public enum _FILTER_INFORMATION_CLASS 25 | { 26 | FilterFullInformation, 27 | FilterAggregateBasicInformation, 28 | FilterAggregateStandardInformation 29 | } 30 | //FILTER_INFORMATION_CLASS, *PFILTER_INFORMATION_CLASS; 31 | 32 | [StructLayout(LayoutKind.Sequential)] 33 | public struct _FILTER_AGGREGATE_BASIC_INFORMATION 34 | { 35 | public ULONG NextEntryOffset; 36 | public ULONG Flags; 37 | public ULONG FrameID; 38 | public ULONG NumberOfInstances; 39 | public USHORT FilterNameLength; 40 | public USHORT FilterNameBufferOffset; 41 | public USHORT FilterAltitudeLength; 42 | public USHORT FilterAltitudeBufferOffset; 43 | } 44 | //FILTER_AGGREGATE_BASIC_INFORMATION, *PFILTER_AGGREGATE_BASIC_INFORMATION; 45 | 46 | [StructLayout(LayoutKind.Sequential)] 47 | public struct _FILTER_AGGREGATE_STANDARD_INFORMATION 48 | { 49 | public ULONG NextEntryOffset; 50 | public ULONG Flags; 51 | public ULONG FrameID; 52 | public ULONG NumberOfInstances; 53 | public USHORT FilterNameLength; 54 | public USHORT FilterNameBufferOffset; 55 | public USHORT FilterAltitudeLength; 56 | public USHORT FilterAltitudeBufferOffset; 57 | } 58 | // FILTER_AGGREGATE_STANDARD_INFORMATION, * PFILTER_AGGREGATE_STANDARD_INFORMATION; 59 | 60 | [StructLayout(LayoutKind.Sequential)] 61 | public struct _FILTER_FULL_INFORMATION 62 | { 63 | public ULONG NextEntryOffset; 64 | public ULONG FrameID; 65 | public ULONG NumberOfInstances; 66 | public USHORT FilterNameLength; 67 | public WCHAR[] FilterNameBuffer; 68 | } 69 | //FILTER_FULL_INFORMATION, *PFILTER_FULL_INFORMATION; 70 | 71 | [Flags] 72 | public enum _FLT_FILESYSTEM_TYPE 73 | { 74 | FLT_FSTYPE_UNKNOWN, 75 | FLT_FSTYPE_RAW, 76 | FLT_FSTYPE_NTFS, 77 | FLT_FSTYPE_FAT, 78 | FLT_FSTYPE_CDFS, 79 | FLT_FSTYPE_UDFS, 80 | FLT_FSTYPE_LANMAN, 81 | FLT_FSTYPE_WEBDAV, 82 | FLT_FSTYPE_RDPDR, 83 | FLT_FSTYPE_NFS, 84 | FLT_FSTYPE_MS_NETWARE, 85 | FLT_FSTYPE_NETWARE, 86 | FLT_FSTYPE_BSUDF, 87 | FLT_FSTYPE_MUP, 88 | FLT_FSTYPE_RSFX, 89 | FLT_FSTYPE_ROXIO_UDF1, 90 | FLT_FSTYPE_ROXIO_UDF2, 91 | FLT_FSTYPE_ROXIO_UDF3, 92 | FLT_FSTYPE_TACIT, 93 | FLT_FSTYPE_FS_REC, 94 | FLT_FSTYPE_INCD, 95 | FLT_FSTYPE_INCD_FAT, 96 | FLT_FSTYPE_EXFAT, 97 | FLT_FSTYPE_PSFS, 98 | FLT_FSTYPE_GPFS, 99 | FLT_FSTYPE_NPFS, 100 | FLT_FSTYPE_MSFS, 101 | FLT_FSTYPE_CSVFS, 102 | FLT_FSTYPE_REFS, 103 | FLT_FSTYPE_OPENAFS 104 | } 105 | //FLT_FILESYSTEM_TYPE, *PFLT_FILESYSTEM_TYPE; 106 | 107 | [StructLayout(LayoutKind.Sequential)] 108 | public struct _INSTANCE_AGGREGATE_STANDARD_INFORMATION 109 | { 110 | public ULONG NextEntryOffset; 111 | public ULONG Flags; 112 | public ULONG FrameID; 113 | public _FLT_FILESYSTEM_TYPE VolumeFileSystemType; 114 | public USHORT InstanceNameLength; 115 | public USHORT InstanceNameBufferOffset; 116 | public USHORT AltitudeLength; 117 | public USHORT AltitudeBufferOffset; 118 | public USHORT VolumeNameLength; 119 | public USHORT VolumeNameBufferOffset; 120 | public USHORT FilterNameLength; 121 | public USHORT FilterNameBufferOffset; 122 | public ULONG SupportedFeatures; 123 | } 124 | //INSTANCE_AGGREGATE_STANDARD_INFORMATION, * PINSTANCE_AGGREGATE_STANDARD_INFORMATION; 125 | 126 | [StructLayout(LayoutKind.Sequential)] 127 | public struct _INSTANCE_BASIC_INFORMATION 128 | { 129 | public ULONG NextEntryOffset; 130 | public USHORT InstanceNameLength; 131 | public USHORT InstanceNameBufferOffset; 132 | } 133 | //INSTANCE_BASIC_INFORMATION, PINSTANCE_BASIC_INFORMATION; 134 | 135 | [Flags] 136 | public enum _INSTANCE_INFORMATION_CLASS 137 | { 138 | 139 | InstanceBasicInformation, 140 | InstancePartialInformation, 141 | InstanceFullInformation, 142 | InstanceAggregateStandardInformation 143 | 144 | } 145 | //INSTANCE_INFORMATION_CLASS, *PINSTANCE_INFORMATION_CLASS; 146 | 147 | [StructLayout(LayoutKind.Sequential)] 148 | public struct _INSTANCE_FULL_INFORMATION 149 | { 150 | public ULONG NextEntryOffset; 151 | public USHORT InstanceNameLength; 152 | public USHORT InstanceNameBufferOffset; 153 | public USHORT AltitudeLength; 154 | public USHORT AltitudeBufferOffset; 155 | public USHORT VolumeNameLength; 156 | public USHORT VolumeNameBufferOffset; 157 | public USHORT FilterNameLength; 158 | public USHORT FilterNameBufferOffset; 159 | } 160 | //INSTANCE_FULL_INFORMATION, PINSTANCE_FULL_INFORMATION; 161 | 162 | [StructLayout(LayoutKind.Sequential)] 163 | public struct _INSTANCE_PARTIAL_INFORMATION 164 | { 165 | public ULONG NextEntryOffset; 166 | public USHORT InstanceNameLength; 167 | public USHORT InstanceNameBufferOffset; 168 | public USHORT AltitudeLength; 169 | public USHORT AltitudeBufferOffset; 170 | } 171 | //INSTANCE_PARTIAL_INFORMATION, PINSTANCE_PARTIAL_INFORMATION; 172 | } 173 | } 174 | -------------------------------------------------------------------------------- /MonkeyWorks/Unmanaged/Headers/MinWinBase.cs: -------------------------------------------------------------------------------- 1 | using System.Runtime.InteropServices; 2 | 3 | using DWORD = System.UInt32; 4 | 5 | using PVOID = System.IntPtr; 6 | using HANDLE = System.IntPtr; 7 | using ULONG_PTR = System.UIntPtr; 8 | 9 | namespace MonkeyWorks.Unmanaged.Headers 10 | { 11 | class MinWinBase 12 | { 13 | [StructLayout(LayoutKind.Sequential)] 14 | public struct _OVERLAPPED 15 | { 16 | public ULONG_PTR Internal; 17 | public ULONG_PTR InternalHigh; 18 | public DWORD Offset; 19 | public DWORD OffsetHigh; 20 | public PVOID Pointer; 21 | public HANDLE hEvent; 22 | } 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /MonkeyWorks/Unmanaged/Headers/Minidumpapiset.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Runtime.InteropServices; 3 | 4 | using WORD = System.UInt16; 5 | using DWORD = System.UInt32; 6 | using QWORD = System.UInt64; 7 | 8 | using PVOID = System.IntPtr; 9 | using LPVOID = System.IntPtr; 10 | using DWORD_PTR = System.IntPtr; 11 | 12 | using ULONG = System.UInt32; 13 | using ULONG32 = System.UInt32; 14 | using ULONG64 = System.UInt64; 15 | 16 | using BOOL = System.Boolean; 17 | 18 | namespace MonkeyWorks.Unmanaged.Headers 19 | { 20 | sealed class Minidumpapiset 21 | { 22 | [Flags] 23 | public enum _MINIDUMP_TYPE 24 | { 25 | MiniDumpNormal = 0x00000000, 26 | MiniDumpWithDataSegs = 0x00000001, 27 | MiniDumpWithFullMemory = 0x00000002, 28 | MiniDumpWithHandleData = 0x00000004, 29 | MiniDumpFilterMemory = 0x00000008, 30 | MiniDumpScanMemory = 0x00000010, 31 | MiniDumpWithUnloadedModules = 0x00000020, 32 | MiniDumpWithIndirectlyReferencedMemory = 0x00000040, 33 | MiniDumpFilterModulePaths = 0x00000080, 34 | MiniDumpWithProcessThreadData = 0x00000100, 35 | MiniDumpWithPrivateReadWriteMemory = 0x00000200, 36 | MiniDumpWithoutOptionalData = 0x00000400, 37 | MiniDumpWithFullMemoryInfo = 0x00000800, 38 | MiniDumpWithThreadInfo = 0x00001000, 39 | MiniDumpWithCodeSegs = 0x00002000, 40 | MiniDumpWithoutAuxiliaryState = 0x00004000, 41 | MiniDumpWithFullAuxiliaryState = 0x00008000, 42 | MiniDumpWithPrivateWriteCopyMemory = 0x00010000, 43 | MiniDumpIgnoreInaccessibleMemory = 0x00020000, 44 | MiniDumpWithTokenInformation = 0x00040000, 45 | MiniDumpWithModuleHeaders = 0x00080000, 46 | MiniDumpFilterTriage = 0x00100000, 47 | MiniDumpValidTypeFlags = 0x001fffff 48 | } 49 | 50 | [StructLayout(LayoutKind.Sequential)] 51 | public struct _MINIDUMP_CALLBACK_INFORMATION 52 | { 53 | public bool CallbackRoutine; 54 | public PVOID CallbackParam; 55 | } 56 | 57 | [StructLayout(LayoutKind.Sequential)] 58 | public struct _MINIDUMP_EXCEPTION_INFORMATION 59 | { 60 | public DWORD ThreadId; 61 | public System.IntPtr ExceptionPointers; 62 | public BOOL ClientPointers; 63 | } 64 | 65 | [StructLayout(LayoutKind.Sequential)] 66 | public struct _MINIDUMP_USER_STREAM 67 | { 68 | public ULONG32 Type; 69 | public ULONG BufferSize; 70 | public PVOID Buffer; 71 | } 72 | 73 | [StructLayout(LayoutKind.Sequential)] 74 | public struct _MINIDUMP_USER_STREAM_INFORMATION 75 | { 76 | public ULONG UserStreamCount; 77 | public _MINIDUMP_USER_STREAM UserStreamArray; 78 | } 79 | } 80 | } -------------------------------------------------------------------------------- /MonkeyWorks/Unmanaged/Headers/Ntifs.cs: -------------------------------------------------------------------------------- 1 | using System.Runtime.InteropServices; 2 | 3 | using PSID = System.IntPtr; 4 | 5 | using UCHAR = System.Byte; 6 | using ULONG = System.Int32; 7 | 8 | //https://blogs.technet.microsoft.com/fabricem_blogs/2009/07/21/active-directory-maximum-limits-scalability/ 9 | 10 | namespace MonkeyWorks.Unmanaged.Headers 11 | { 12 | class Ntifs 13 | { 14 | [StructLayout(LayoutKind.Sequential)] 15 | public struct _SID 16 | { 17 | public UCHAR Revision; 18 | public UCHAR SubAuthorityCount; 19 | public Winnt._SID_IDENTIFIER_AUTHORITY IdentifierAuthority; 20 | [MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)] 21 | public ULONG[] SubAuthority; 22 | } 23 | //SID, *PISID 24 | 25 | 26 | [StructLayout(LayoutKind.Sequential)] 27 | public struct _TOKEN_GROUPS 28 | { 29 | public ULONG GroupCount; 30 | [MarshalAs(UnmanagedType.ByValArray, SizeConst = 230)] 31 | public Winnt._SID_AND_ATTRIBUTES[] Groups; 32 | } 33 | //TOKEN_GROUPS, *PTOKEN_GROUPS 34 | 35 | 36 | [StructLayout(LayoutKind.Sequential)] 37 | public struct _TOKEN_OWNER 38 | { 39 | public PSID Owner; 40 | } 41 | //TOKEN_OWNER, *PTOKEN_OWNER 42 | 43 | 44 | [StructLayout(LayoutKind.Sequential)] 45 | public struct _TOKEN_USER 46 | { 47 | [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] 48 | public Winnt._SID_AND_ATTRIBUTES[] User; 49 | } 50 | //TOKEN_USER, *PTOKEN_USER 51 | } 52 | } -------------------------------------------------------------------------------- /MonkeyWorks/Unmanaged/Headers/Ntpsapi.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Runtime.InteropServices; 3 | 4 | using USHORT = System.UInt16; 5 | using WORD = System.UInt16; 6 | 7 | using DWORD = System.UInt32; 8 | using ULONG = System.UInt32; 9 | 10 | using QWORD = System.UInt64; 11 | using ULONGLONG = System.UInt64; 12 | using LARGE_INTEGER = System.UInt64; 13 | 14 | using PVOID = System.IntPtr; 15 | using LPVOID = System.IntPtr; 16 | using DWORD_PTR = System.IntPtr; 17 | using SIZE_T = System.IntPtr; 18 | using PWSTR = System.IntPtr; 19 | 20 | namespace MonkeyWorks.Unmanaged.Headers 21 | { 22 | class ntpsapi 23 | { 24 | //Process Security and Access Rights 25 | //https://msdn.microsoft.com/en-us/library/windows/desktop/ms684880%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396 26 | internal const DWORD PROCESS_ALL_ACCESS = 0; 27 | internal const DWORD PROCESS_CREATE_PROCESS = 0x0080; 28 | internal const DWORD PROCESS_CREATE_THREAD = 0x0002; 29 | internal const DWORD PROCESS_DUP_HANDLE = 0x0040; 30 | internal const DWORD PROCESS_QUERY_INFORMATION = 0x0400; 31 | internal const DWORD PROCESS_QUERY_LIMITED_INFORMATION = 0x1000; 32 | internal const DWORD PROCESS_SET_INFORMATION = 0x0200; 33 | internal const DWORD PROCESS_SET_QUOTA = 0x0100; 34 | internal const DWORD PROCESS_SUSPEND_RESUME = 0x0800; 35 | internal const DWORD PROCESS_TERMINATE = 0x0001; 36 | internal const DWORD PROCESS_VM_OPERATION = 0x0008; 37 | internal const DWORD PROCESS_VM_READ = 0x0010; 38 | internal const DWORD PROCESS_VM_WRITE = 0x0020; 39 | internal const DWORD SYNCHRONIZE = 0x00100000; 40 | } 41 | } -------------------------------------------------------------------------------- /MonkeyWorks/Unmanaged/Headers/Ntsecapi.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Runtime.InteropServices; 3 | 4 | using USHORT = System.UInt16; 5 | using WORD = System.UInt16; 6 | 7 | using DWORD = System.UInt32; 8 | using ULONG = System.UInt32; 9 | 10 | using QWORD = System.UInt64; 11 | using ULONGLONG = System.UInt64; 12 | using LARGE_INTEGER = System.UInt64; 13 | 14 | using PVOID = System.IntPtr; 15 | using LPVOID = System.IntPtr; 16 | using DWORD_PTR = System.IntPtr; 17 | using SIZE_T = System.IntPtr; 18 | using PWSTR = System.IntPtr; 19 | 20 | namespace MonkeyWorks.Unmanaged.Headers 21 | { 22 | class ntsecapi 23 | { 24 | [StructLayout(LayoutKind.Sequential)] 25 | public struct _LSA_UNICODE_STRING 26 | { 27 | public USHORT Length; 28 | public USHORT MaximumLength; 29 | public PWSTR Buffer; 30 | } 31 | 32 | [StructLayout(LayoutKind.Sequential)] 33 | public struct _LSA_LAST_INTER_LOGON_INFO 34 | { 35 | public LARGE_INTEGER LastSuccessfulLogon; 36 | public LARGE_INTEGER LastFailedLogon; 37 | public ULONG FailedAttemptCountSinceLastSuccessfulLogon; 38 | } 39 | 40 | [StructLayout(LayoutKind.Sequential)] 41 | public struct _SECURITY_LOGON_SESSION_DATA 42 | { 43 | public ULONG Size; 44 | public Winnt._LUID LogonId; 45 | public _LSA_UNICODE_STRING UserName; 46 | public _LSA_UNICODE_STRING LogonDomain; 47 | public _LSA_UNICODE_STRING AuthenticationPackage; 48 | public ULONG LogonType; 49 | public ULONG Session; 50 | public IntPtr Sid; 51 | public LARGE_INTEGER LogonTime; 52 | public _LSA_UNICODE_STRING LogonServer; 53 | public _LSA_UNICODE_STRING DnsDomainName; 54 | public _LSA_UNICODE_STRING Upn; 55 | /* 56 | public ULONG UserFlags; 57 | public _LSA_LAST_INTER_LOGON_INFO LastLogonInfo; 58 | public _LSA_UNICODE_STRING LogonScript; 59 | public _LSA_UNICODE_STRING ProfilePath; 60 | public _LSA_UNICODE_STRING HomeDirectory; 61 | public _LSA_UNICODE_STRING HomeDirectoryDrive; 62 | public LARGE_INTEGER LogoffTime; 63 | public LARGE_INTEGER KickOffTime; 64 | public LARGE_INTEGER PasswordLastSet; 65 | public LARGE_INTEGER PasswordCanChange; 66 | public LARGE_INTEGER PasswordMustChange; 67 | */ 68 | } 69 | } 70 | } -------------------------------------------------------------------------------- /MonkeyWorks/Unmanaged/Headers/ProcessThreadsApi.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace MonkeyWorks.Unmanaged.Headers 4 | { 5 | class ProcessThreadsApi 6 | { 7 | [Flags] 8 | public enum ThreadSecurityRights : long 9 | { 10 | THREAD_TERMINATE = 0x0001, 11 | THREAD_SUSPEND_RESUME = 0x0002, 12 | THREAD_GET_CONTEXT = 0x0008, 13 | THREAD_SET_CONTEXT = 0x0010, 14 | THREAD_SET_INFORMATION = 0x0020, 15 | THREAD_QUERY_INFORMATION = 0x0040, 16 | THREAD_SET_THREAD_TOKEN = 0x0080, 17 | THREAD_IMPERSONATE = 0x0100, 18 | THREAD_DIRECT_IMPERSONATION = 0x0200, 19 | THREAD_SET_LIMITED_INFORMATION = 0x0400, 20 | THREAD_QUERY_LIMITED_INFORMATION = 0x0800, 21 | THREAD_ALL_ACCESS = 0x1FFFFF, 22 | 23 | DELETE = 0x00010000L, 24 | READ_CONTROL = 0x00020000L, 25 | WRITE_DAC = 0x00040000L, 26 | WRITE_OWNER = 0x00080000L, 27 | SYNCHRONIZE = 0x00100000L 28 | } 29 | 30 | [Flags] 31 | public enum ProcessSecurityRights : long 32 | { 33 | PROCESS_TERMINATE = 0x0001, 34 | PROCESS_CREATE_THREAD = 0x0002, 35 | PROCESS_VM_OPERATION = 0x0008, 36 | PROCESS_VM_READ = 0x0010, 37 | PROCESS_VM_WRITE = 0x0020, 38 | PROCESS_DUP_HANDLE = 0x0040, 39 | PROCESS_CREATE_PROCESS = 0x0080, 40 | PROCESS_SET_QUOTA = 0x0100, 41 | PROCESS_SET_INFORMATION = 0x0200, 42 | PROCESS_QUERY_INFORMATION = 0x0400, 43 | PROCESS_SUSPEND_RESUME = 0x0800, 44 | PROCESS_QUERY_LIMITED_INFORMATION = 0x1000, 45 | PROCESS_ALL_ACCESS = 0x1FFFFF, 46 | 47 | DELETE = 0x00010000L, 48 | READ_CONTROL = 0x00020000L, 49 | WRITE_DAC = 0x00040000L, 50 | WRITE_OWNER = 0x00080000L, 51 | SYNCHRONIZE = 0x00100000L 52 | } 53 | } 54 | } -------------------------------------------------------------------------------- /MonkeyWorks/Unmanaged/Headers/Rpcdce.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Runtime.InteropServices; 3 | 4 | namespace MonkeyWorks.Unmanaged.Headers 5 | { 6 | class Rpcdce 7 | { 8 | [StructLayout(LayoutKind.Sequential, Pack = 1)] 9 | internal struct _GUID 10 | { 11 | internal Int32 Data1; 12 | internal Int16 Data2; 13 | internal Int16 Data3; 14 | [MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)] 15 | internal Byte[] Data4; 16 | } 17 | } 18 | } -------------------------------------------------------------------------------- /MonkeyWorks/Unmanaged/Headers/Subauth.cs: -------------------------------------------------------------------------------- 1 | using System.Runtime.InteropServices; 2 | 3 | using USHORT = System.UInt16; 4 | 5 | using PWSTR = System.IntPtr; 6 | 7 | namespace MonkeyWorks.Unmanaged.Headers 8 | { 9 | sealed class Subauth 10 | { 11 | [StructLayout(LayoutKind.Sequential)] 12 | public struct _LSA_UNICODE_STRING 13 | { 14 | public USHORT Length; 15 | public USHORT MaximumLength; 16 | public PWSTR Buffer; 17 | } 18 | } 19 | } -------------------------------------------------------------------------------- /MonkeyWorks/Unmanaged/Headers/TlHelp32.cs: -------------------------------------------------------------------------------- 1 | using System.Runtime.InteropServices; 2 | 3 | using HMODULE = System.IntPtr; 4 | using ULONG_PTR = System.IntPtr; 5 | using LONG = System.Int32; 6 | using DWORD = System.UInt32; 7 | using TCHAR = System.Text.StringBuilder; 8 | 9 | namespace MonkeyWorks.Unmanaged.Headers 10 | { 11 | sealed class TiHelp32 12 | { 13 | public const DWORD TH32CS_INHERIT = 0x80000000; 14 | public const DWORD TH32CS_SNAPHEAPLIST = 0x00000001; 15 | public const DWORD TH32CS_SNAPMODULE = 0x00000008; 16 | public const DWORD TH32CS_SNAPMODULE32 = 0x00000010; 17 | public const DWORD TH32CS_SNAPPROCESS = 0x00000002; 18 | public const DWORD TH32CS_SNAPTHREAD = 0x00000004; 19 | public const DWORD TH32CS_SNAPALL = TH32CS_SNAPHEAPLIST | TH32CS_SNAPMODULE | TH32CS_SNAPPROCESS | TH32CS_SNAPTHREAD; 20 | 21 | [StructLayout(LayoutKind.Sequential)] 22 | public struct tagMODULEENTRY32 23 | { 24 | public DWORD dwSize; 25 | public DWORD th32ModuleID; 26 | public DWORD th32ProcessID; 27 | public DWORD GlblcntUsage; 28 | public DWORD ProccntUsage; 29 | public System.IntPtr modBaseAddr; 30 | public DWORD modBaseSize; 31 | public HMODULE hModule; 32 | [MarshalAs(UnmanagedType.ByValTStr, SizeConst = 256)] 33 | public string szModule; 34 | [MarshalAs(UnmanagedType.ByValTStr, SizeConst = 260)] 35 | public string szExePath; 36 | } 37 | 38 | [StructLayout(LayoutKind.Sequential)] 39 | public struct tagPROCESSENTRY32 40 | { 41 | public DWORD dwSize; 42 | public DWORD cntUsage; 43 | public DWORD th32ProcessID; 44 | public ULONG_PTR th32DefaultHeapID; 45 | public DWORD th32ModuleID; 46 | public DWORD cntThreads; 47 | public DWORD th32ParentProcessID; 48 | public LONG pcPriClassBase; 49 | public DWORD dwFlags; 50 | //[MarshalAs(UnmanagedType.ByValTStr, SizeConst = 260)] 51 | public TCHAR szExeFile; 52 | } 53 | 54 | [StructLayout(LayoutKind.Sequential)] 55 | public struct tagTHREADENTRY32 56 | { 57 | public DWORD dwSize; 58 | public DWORD cntUsage; 59 | public DWORD th32ThreadID; 60 | public DWORD th32OwnerProcessID; 61 | public LONG tpBasePri; 62 | public LONG tpDeltaPri; 63 | public DWORD dwFlags; 64 | } 65 | //THREADENTRY32 66 | } 67 | } -------------------------------------------------------------------------------- /MonkeyWorks/Unmanaged/Headers/WinCred.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Runtime.InteropServices; 3 | 4 | namespace MonkeyWorks.Unmanaged.Headers 5 | { 6 | sealed class WinCred 7 | { 8 | [StructLayout(LayoutKind.Sequential)] 9 | public struct _CREDENTIAL_ATTRIBUTE 10 | { 11 | String Keyword; 12 | Int32 Flags; 13 | Int32 ValueSize; 14 | IntPtr Value; 15 | } 16 | 17 | [Flags] 18 | public enum CRED_FLAGS : uint 19 | { 20 | NONE = 0x0, 21 | PROMPT_NOW = 0x2, 22 | USERNAME_TARGET = 0x4 23 | } 24 | 25 | [Flags] 26 | public enum CRED_TYPE : uint 27 | { 28 | Generic = 1, 29 | DomainPassword, 30 | DomainCertificate, 31 | DomainVisiblePassword, 32 | GenericCertificate, 33 | DomainExtended, 34 | Maximum, 35 | MaximumEx = Maximum + 1000, 36 | } 37 | 38 | [Flags] 39 | public enum CRED_PERSIST : uint 40 | { 41 | Session = 1, 42 | LocalMachine, 43 | Enterprise 44 | } 45 | 46 | /* 47 | [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] 48 | public struct _CREDENTIAL 49 | { 50 | public CRED_FLAGS Flags; 51 | public CRED_TYPE Type; 52 | public IntPtr TargetName; 53 | public IntPtr Comment; 54 | public FILETIME LastWritten; 55 | public UInt32 CredentialBlobSize; 56 | public IntPtr CredentialBlob; 57 | public CRED_PERSIST Persist; 58 | public UInt32 AttributeCount; 59 | public IntPtr Attributes; 60 | public IntPtr TargetAlias; 61 | public IntPtr UserName; 62 | } 63 | */ 64 | 65 | [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] 66 | public struct _CREDENTIAL 67 | { 68 | public CRED_FLAGS Flags; 69 | public CRED_TYPE Type; 70 | public IntPtr TargetName; 71 | public IntPtr Comment; 72 | public System.Runtime.InteropServices.ComTypes.FILETIME LastWritten; 73 | public UInt32 CredentialBlobSize; 74 | public IntPtr CredentialBlob; 75 | public CRED_PERSIST Persist; 76 | public UInt32 AttributeCount; 77 | public IntPtr Attributes; 78 | public IntPtr TargetAlias; 79 | public IntPtr UserName; 80 | } 81 | } 82 | } -------------------------------------------------------------------------------- /MonkeyWorks/Unmanaged/Headers/Winbase.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Runtime.InteropServices; 3 | 4 | using BOOL = System.Boolean; 5 | 6 | using WORD = System.UInt16; 7 | using DWORD = System.UInt32; 8 | using QWORD = System.UInt64; 9 | 10 | using LPVOID = System.IntPtr; 11 | using DWORD_PTR = System.IntPtr; 12 | 13 | namespace MonkeyWorks.Unmanaged.Headers 14 | { 15 | sealed class Winbase 16 | { 17 | //https://msdn.microsoft.com/en-us/library/windows/desktop/ms682434(v=vs.85).aspx 18 | [Flags] 19 | public enum CREATION_FLAGS : uint 20 | { 21 | NONE = 0x0, 22 | CREATE_DEFAULT_ERROR_MODE = 0x04000000, 23 | CREATE_NEW_CONSOLE = 0x00000010, 24 | CREATE_NEW_PROCESS_GROUP = 0x00000200, 25 | CREATE_SEPARATE_WOW_VDM = 0x00000800, 26 | CREATE_SUSPENDED = 0x00000004, 27 | CREATE_UNICODE_ENVIRONMENT = 0x00000400, 28 | EXTENDED_STARTUPINFO_PRESENT = 0x00080000 29 | } 30 | 31 | [Flags] 32 | public enum INFO_PROCESSOR_ARCHITECTURE : ushort 33 | { 34 | PROCESSOR_ARCHITECTURE_INTEL = 0, 35 | PROCESSOR_ARCHITECTURE_ARM = 5, 36 | PROCESSOR_ARCHITECTURE_IA64 = 6, 37 | PROCESSOR_ARCHITECTURE_AMD64 = 9, 38 | PROCESSOR_ARCHITECTURE_ARM64 = 12, 39 | PROCESSOR_ARCHITECTURE_UNKNOWN = 0xffff 40 | } 41 | 42 | [Flags] 43 | public enum OPEN_MODE : uint 44 | { 45 | PIPE_ACCESS_INBOUND = 0x00000001, 46 | PIPE_ACCESS_OUTBOUND = 0x00000002, 47 | PIPE_ACCESS_DUPLEX = 0x00000003, 48 | WRITE_DAC = 0x00040000, 49 | WRITE_OWNER = 0x00080000, 50 | FILE_FLAG_FIRST_PIPE_INSTANCE = 0x00080000, 51 | ACCESS_SYSTEM_SECURITY = 0x01000000, 52 | FILE_FLAG_OVERLAPPED = 0x40000000, 53 | FILE_FLAG_WRITE_THROUGH = 0x80000000 54 | } 55 | 56 | [Flags] 57 | public enum PIPE_MODE : uint 58 | { 59 | PIPE_TYPE_BYTE = 0x00000000, 60 | PIPE_TYPE_MESSAGE = 0x00000004, 61 | PIPE_READMODE_BYTE = 0x00000000, 62 | PIPE_READMODE_MESSAGE = 0x00000002, 63 | PIPE_WAIT = 0x00000000, 64 | PIPE_NOWAIT = 0x00000001, 65 | PIPE_ACCEPT_REMOTE_CLIENTS = 0x00000000, 66 | PIPE_REJECT_REMOTE_CLIENTS = 0x00000008 67 | } 68 | 69 | [Flags] 70 | public enum LOGON_FLAGS 71 | { 72 | LOGON_WITH_PROFILE = 0x00000001, 73 | LOGON_NETCREDENTIALS_ONLY = 0x00000002 74 | } 75 | 76 | //https://msdn.microsoft.com/en-us/library/windows/desktop/ms684873(v=vs.85).aspx 77 | [StructLayout(LayoutKind.Sequential)] 78 | public struct _PROCESS_INFORMATION 79 | { 80 | public IntPtr hProcess; 81 | public IntPtr hThread; 82 | public UInt32 dwProcessId; 83 | public UInt32 dwThreadId; 84 | }; 85 | 86 | [StructLayout(LayoutKind.Sequential)] 87 | public struct _SECURITY_ATTRIBUTES 88 | { 89 | public DWORD nLength; 90 | public LPVOID lpSecurityDescriptor; 91 | public BOOL bInheritHandle; 92 | } 93 | 94 | [StructLayout(LayoutKind.Sequential)] 95 | public struct _STARTUPINFO 96 | { 97 | public UInt32 cb; 98 | public String lpReserved; 99 | public String lpDesktop; 100 | public String lpTitle; 101 | public UInt32 dwX; 102 | public UInt32 dwY; 103 | public UInt32 dwXSize; 104 | public UInt32 dwYSize; 105 | public UInt32 dwXCountChars; 106 | public UInt32 dwYCountChars; 107 | public UInt32 dwFillAttribute; 108 | public UInt32 dwFlags; 109 | public UInt16 wShowWindow; 110 | public UInt16 cbReserved2; 111 | public IntPtr lpReserved2; 112 | public IntPtr hStdInput; 113 | public IntPtr hStdOutput; 114 | public IntPtr hStdError; 115 | }; 116 | 117 | //https://msdn.microsoft.com/en-us/library/windows/desktop/ms686331(v=vs.85).aspx 118 | [StructLayout(LayoutKind.Sequential)] 119 | public struct _STARTUPINFOEX 120 | { 121 | _STARTUPINFO StartupInfo; 122 | // PPROC_THREAD_ATTRIBUTE_LIST lpAttributeList; 123 | }; 124 | 125 | [StructLayout(LayoutKind.Sequential)] 126 | public struct _SYSTEM_INFO 127 | { 128 | public INFO_PROCESSOR_ARCHITECTURE wProcessorArchitecture; 129 | public WORD wReserved; 130 | public DWORD dwPageSize; 131 | public LPVOID lpMinimumApplicationAddress; 132 | public LPVOID lpMaximumApplicationAddress; 133 | public DWORD_PTR dwActiveProcessorMask; 134 | public DWORD dwNumberOfProcessors; 135 | public DWORD dwProcessorType; 136 | public DWORD dwAllocationGranularity; 137 | public WORD wProcessorLevel; 138 | public WORD wProcessorRevision; 139 | } 140 | } 141 | } -------------------------------------------------------------------------------- /MonkeyWorks/Unmanaged/Headers/Wincon.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace MonkeyWorks.Unmanaged.Headers 4 | { 5 | class Wincon 6 | { 7 | [Flags] 8 | public enum CtrlType : uint 9 | { 10 | CTRL_C_EVENT = 0, 11 | CTRL_BREAK_EVENT = 1, 12 | CTRL_CLOSE_EVENT = 2, 13 | CTRL_LOGOFF_EVENT = 5, 14 | CTRL_SHUTDOWN_EVENT = 6 15 | } 16 | } 17 | } -------------------------------------------------------------------------------- /MonkeyWorks/Unmanaged/Headers/Wincrypt.cs: -------------------------------------------------------------------------------- 1 | using System.Runtime.InteropServices; 2 | 3 | using WORD = System.UInt16; 4 | using DWORD = System.UInt32; 5 | using QWORD = System.UInt64; 6 | using ULONGLONG = System.UInt64; 7 | 8 | using LPCWSTR = System.String; 9 | 10 | using HWND = System.IntPtr; 11 | using BYTE = System.IntPtr; 12 | using PVOID = System.IntPtr; 13 | using LPVOID = System.IntPtr; 14 | using DWORD_PTR = System.IntPtr; 15 | using SIZE_T = System.IntPtr; 16 | 17 | namespace MonkeyWorks.Unmanaged.Headers 18 | { 19 | sealed class Wincrypt 20 | { 21 | [StructLayout(LayoutKind.Sequential)] 22 | public struct _CRYPTOAPI_BLOB 23 | { 24 | public DWORD cbData; 25 | public BYTE pbData; 26 | } 27 | 28 | [StructLayout(LayoutKind.Sequential)] 29 | public struct _CRYPTPROTECT_PROMPTSTRUCT 30 | { 31 | public DWORD cbSize; 32 | public DWORD dwPromptFlags; 33 | public HWND hwndApp; 34 | public LPCWSTR szPrompt; 35 | } 36 | } 37 | } -------------------------------------------------------------------------------- /MonkeyWorks/Unmanaged/Headers/Windef.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Runtime.InteropServices; 3 | 4 | using LONG = System.Int32; 5 | 6 | namespace MonkeyWorks.Unmanaged.Headers 7 | { 8 | sealed class Windef 9 | { 10 | [StructLayout(LayoutKind.Sequential)] 11 | public struct tagPOINT 12 | { 13 | public LONG x; 14 | public LONG y; 15 | } 16 | } 17 | } -------------------------------------------------------------------------------- /MonkeyWorks/Unmanaged/Headers/Winsvc.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Runtime.InteropServices; 3 | 4 | using WORD = System.UInt16; 5 | using DWORD = System.UInt32; 6 | using QWORD = System.UInt64; 7 | 8 | using LPVOID = System.IntPtr; 9 | using DWORD_PTR = System.IntPtr; 10 | 11 | namespace MonkeyWorks.Unmanaged.Headers 12 | { 13 | sealed class Winsvc 14 | { 15 | [Flags] 16 | public enum dwControl : uint 17 | { 18 | SERVICE_CONTROL_STOP = 0x00000001, 19 | SERVICE_CONTROL_PAUSE = 0x00000002, 20 | SERVICE_CONTROL_CONTINUE = 0x00000003, 21 | SERVICE_CONTROL_INTERROGATE = 0x00000004, 22 | SERVICE_CONTROL_PARAMCHANGE = 0x00000006, 23 | SERVICE_CONTROL_NETBINDADD = 0x00000007, 24 | SERVICE_CONTROL_NETBINDREMOVE = 0x00000008, 25 | SERVICE_CONTROL_NETBINDENABLE = 0x00000009, 26 | SERVICE_CONTROL_NETBINDDISABLE = 0x0000000A 27 | } 28 | 29 | [Flags] 30 | public enum dwControlsAccepted : uint 31 | { 32 | SERVICE_ACCEPT_STOP = 0x00000001, 33 | SERVICE_ACCEPT_PAUSE_CONTINUE = 0x00000002, 34 | SERVICE_ACCEPT_SHUTDOWN = 0x00000004, 35 | SERVICE_ACCEPT_PARAMCHANGE = 0x00000008, 36 | SERVICE_ACCEPT_NETBINDCHANGE = 0x00000010, 37 | SERVICE_ACCEPT_PRESHUTDOWN = 0x00000100, 38 | 39 | SERVICE_ACCEPT_HARDWAREPROFILECHANGE = 0x00000020, 40 | SERVICE_ACCEPT_POWEREVENT = 0x00000040, 41 | SERVICE_ACCEPT_SESSIONCHANGE = 0x00000080, 42 | SERVICE_ACCEPT_TIMECHANGE = 0x00000200, 43 | SERVICE_ACCEPT_TRIGGEREVENT = 0x00000400, 44 | SERVICE_ACCEPT_USERMODEREBOOT = 0x00000800 45 | } 46 | 47 | [Flags] 48 | public enum dwCurrentState : uint 49 | { 50 | SERVICE_STOPPED = 0x00000001, 51 | SERVICE_START_PENDING = 0x00000002, 52 | SERVICE_STOP_PENDING = 0x00000003, 53 | SERVICE_RUNNING = 0x00000004, 54 | SERVICE_CONTINUE_PENDING = 0x00000005, 55 | SERVICE_PAUSE_PENDING = 0x00000006, 56 | SERVICE_PAUSED = 0x00000007 57 | } 58 | 59 | [Flags] 60 | public enum dwDesiredAccess : uint 61 | { 62 | SERVICE_QUERY_CONFIG = 0x0001, 63 | SERVICE_CHANGE_CONFIG = 0x0002, 64 | SERVICE_QUERY_STATUS = 0x0004, 65 | SERVICE_ENUMERATE_DEPENDENTS = 0x0008, 66 | SERVICE_START = 0x0010, 67 | SERVICE_STOP = 0x0020, 68 | SERVICE_PAUSE_CONTINUE = 0x0040, 69 | SERVICE_INTERROGATE = 0x0080, 70 | SERVICE_USER_DEFINED_CONTROL = 0x0100, 71 | SERVICE_ALL_ACCESS = 0xF01FF 72 | } 73 | 74 | [Flags] 75 | public enum dwErrorControl : uint 76 | { 77 | SERVICE_ERROR_IGNORE = 0x00000000, 78 | SERVICE_ERROR_NORMAL = 0x00000001, 79 | SERVICE_ERROR_SEVERE = 0x00000002, 80 | SERVICE_ERROR_CRITICAL = 0x00000003 81 | } 82 | 83 | [Flags] 84 | public enum dwSCManagerDesiredAccess : uint 85 | { 86 | SC_MANAGER_ALL_ACCESS = 0xF003F, 87 | SC_MANAGER_CREATE_SERVICE = 0x0002, 88 | SC_MANAGER_CONNECT = 0x0001, 89 | SC_MANAGER_ENUMERATE_SERVICE = 0x0004, 90 | SC_MANAGER_LOCK = 0x0008, 91 | SC_MANAGER_MODIFY_BOOT_CONFIG = 0x0020, 92 | SC_MANAGER_QUERY_LOCK_STATUS = 0x0010 93 | } 94 | 95 | [Flags] 96 | public enum dwServiceType : uint 97 | { 98 | SERVICE_KERNEL_DRIVER = 0x00000001, 99 | SERVICE_FILE_SYSTEM_DRIVER = 0x00000002, 100 | SERVICE_ADAPTER = 0x00000004, 101 | SERVICE_RECOGNIZER_DRIVER = 0x00000008, 102 | SERVICE_WIN32_OWN_PROCESS = 0x00000010, 103 | SERVICE_WIN32_SHARE_PROCESS = 0x00000020, 104 | SERVICE_USER_OWN_PROCESS = 0x00000050, 105 | SERVICE_USER_SHARE_PROCESS = 0x00000060, 106 | SERVICE_INTERACTIVE_PROCESS = 0x00000100 107 | } 108 | 109 | [Flags] 110 | public enum dwStartType : uint 111 | { 112 | SERVICE_BOOT_START = 0x00000000, 113 | SERVICE_SYSTEM_START = 0x00000001, 114 | SERVICE_AUTO_START = 0x00000002, 115 | SERVICE_DEMAND_START = 0x00000003, 116 | SERVICE_DISABLED = 0x00000004 117 | } 118 | 119 | [StructLayout(LayoutKind.Sequential)] 120 | public struct _SERVICE_STATUS 121 | { 122 | public dwServiceType dwServiceType; 123 | public dwCurrentState dwCurrentState; 124 | public dwControlsAccepted dwControlsAccepted; 125 | public DWORD dwWin32ExitCode; 126 | public DWORD dwServiceSpecificExitCode; 127 | public DWORD dwCheckPoint; 128 | public DWORD dwWaitHint; 129 | } 130 | } 131 | } -------------------------------------------------------------------------------- /MonkeyWorks/Unmanaged/Headers/Winternl.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Runtime.InteropServices; 3 | 4 | using BYTE = System.Byte; 5 | using BOOL = System.Boolean; 6 | 7 | using WORD = System.UInt16; 8 | using DWORD = System.UInt32; 9 | using QWORD = System.UInt64; 10 | 11 | using ULONG = System.UInt32; 12 | 13 | using PVOID = System.IntPtr; 14 | using LPVOID = System.IntPtr; 15 | using DWORD_PTR = System.IntPtr; 16 | 17 | namespace MonkeyWorks.Unmanaged.Headers 18 | { 19 | sealed class Winternl 20 | { 21 | [StructLayout(LayoutKind.Explicit, Size = 8)] 22 | public struct LARGE_INTEGER 23 | { 24 | [FieldOffset(0)] 25 | public Int64 QuadPart; 26 | [FieldOffset(0)] 27 | public UInt32 LowPart; 28 | [FieldOffset(4)] 29 | public Int32 HighPart; 30 | } 31 | 32 | [StructLayout(LayoutKind.Sequential, Pack=1)] 33 | public struct _LDR_DATA_TABLE_ENTRY 34 | { 35 | [MarshalAs(UnmanagedType.ByValArray, SizeConst = 2)] 36 | PVOID Reserved1; 37 | _LIST_ENTRY InMemoryOrderLinks; 38 | [MarshalAs(UnmanagedType.ByValArray, SizeConst = 2)] 39 | PVOID Reserved2; 40 | PVOID DllBase; 41 | PVOID EntryPoint; 42 | PVOID Reserved3; 43 | Subauth._LSA_UNICODE_STRING FullDllName; 44 | [MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)] 45 | BYTE Reserved4; 46 | [MarshalAs(UnmanagedType.ByValArray, SizeConst = 3)] 47 | PVOID Reserved5; 48 | ULONG CheckSum; 49 | PVOID Reserved6; 50 | ULONG TimeDateStamp; 51 | } 52 | 53 | [StructLayout(LayoutKind.Sequential, Pack = 1)] 54 | public struct _LIST_ENTRY 55 | { 56 | IntPtr Flink; 57 | IntPtr Blink; 58 | } 59 | 60 | [StructLayout(LayoutKind.Sequential, Pack = 1)] 61 | public struct _PEB32 62 | { 63 | [MarshalAs(UnmanagedType.ByValArray, SizeConst = 2)] 64 | public Byte Reserved1; 65 | public Byte BeingDebugged; 66 | [MarshalAs(UnmanagedType.LPArray, SizeConst = 1)] 67 | public Byte Reserved2; 68 | [MarshalAs(UnmanagedType.LPArray, SizeConst = 2)] 69 | public IntPtr Reserved3; 70 | public IntPtr Ldr; /*_PEB_LDR_DATA*/ 71 | public IntPtr ProcessParameters; /*_RTL_USER_PROCESS_PARAMETERS*/ 72 | [MarshalAs(UnmanagedType.LPArray, SizeConst = 104)] 73 | public Byte Reserved4; 74 | [MarshalAs(UnmanagedType.LPArray, SizeConst = 52)] 75 | public IntPtr Reserved5; 76 | public IntPtr PostProcessInitRoutine; /*_PS_POST_PROCESS_INIT_ROUTINE*/ 77 | [MarshalAs(UnmanagedType.LPArray, SizeConst = 128)] 78 | public Byte Reserved6; 79 | [MarshalAs(UnmanagedType.LPArray, SizeConst = 1)] 80 | public IntPtr Reserved7; 81 | public UInt32 SessionId; 82 | } 83 | 84 | //http://bytepointer.com/resources/peb64.htm 85 | [StructLayout(LayoutKind.Sequential, Pack = 1)] 86 | public struct _PEB64 87 | { 88 | public BYTE InheritedAddressSpace; 89 | public BYTE ReadImageFileExecOptions; 90 | public BYTE BeingDebugged; 91 | public BYTE BitField; 92 | 93 | public UInt32 Reserved3; 94 | public IntPtr Mutant; 95 | public IntPtr ImageBaseAddress; 96 | public IntPtr Ldr; 97 | public IntPtr ProcessParameters; 98 | public IntPtr SubSystemData; 99 | public IntPtr ProcessHeap; 100 | public IntPtr FastPebLock; 101 | 102 | public IntPtr AtlThunkSListPtr; 103 | public IntPtr IFEOKey; 104 | public UInt64 CrossProcessFlags; 105 | public IntPtr KernelCallbackTable; 106 | 107 | //public QWORD UserSharedInfoPtr; 108 | public UInt32 SystemReserved; 109 | public UInt32 AtlThunkSListPtr32; 110 | public IntPtr ApiSetMap; 111 | public UInt32 TlsExpansionCounter; 112 | public IntPtr TlsBitmap; 113 | [MarshalAs(UnmanagedType.U4, SizeConst = 2)] 114 | public UInt32 TlsBitmapBits; 115 | public IntPtr ReadOnlySharedMemoryBase; 116 | public IntPtr HotpatchInformation; 117 | public IntPtr ReadOnlyStaticServerData; 118 | public IntPtr AnsiCodePageData; 119 | public IntPtr OemCodePageData; 120 | public IntPtr UnicodeCaseTableData; 121 | public UInt32 NumberOfProcessors; 122 | public UInt32 NtGlobalFlag; 123 | //public DWORD dummy02; 124 | public Int64 /*LARGE_INTEGER*/ CriticalSectionTimeout; 125 | public QWORD HeapSegmentReserve; 126 | public QWORD HeapSegmentCommit; 127 | public QWORD HeapDeCommitTotalFreeThreshold; 128 | public QWORD HeapDeCommitFreeBlockThreshold; 129 | public DWORD NumberOfHeaps; 130 | public DWORD MaximumNumberOfHeaps; 131 | public QWORD ProcessHeaps; 132 | public QWORD GdiSharedHandleTable; 133 | public QWORD ProcessStarterHelper; 134 | public QWORD GdiDCAttributeList; 135 | public QWORD LoaderLock; 136 | public DWORD OSMajorVersion; 137 | public DWORD OSMinorVersion; 138 | public WORD OSBuildNumber; 139 | public WORD OSCSDVersion; 140 | public DWORD OSPlatformId; 141 | public DWORD ImageSubsystem; 142 | public DWORD ImageSubsystemMajorVersion; 143 | public QWORD ImageSubsystemMinorVersion; 144 | public QWORD ImageProcessAffinityMask; 145 | public QWORD ActiveProcessAffinityMask; 146 | [MarshalAs(UnmanagedType.U8, SizeConst = 30)] 147 | public QWORD GdiHandleBuffer; 148 | public QWORD PostProcessInitRoutine; 149 | public QWORD TlsExpansionBitmap; 150 | [MarshalAs(UnmanagedType.U4, SizeConst = 32)] 151 | public DWORD TlsExpansionBitmapBits; 152 | public QWORD SessionId; 153 | public UInt64 /*ULARGE_INTEGER*/ AppCompatFlags; 154 | public UInt64 /*ULARGE_INTEGER*/ AppCompatFlagsUser; 155 | public QWORD pShimData; 156 | public QWORD AppCompatInfo; 157 | public Subauth._LSA_UNICODE_STRING CSDVersion; 158 | public QWORD ActivationContextData; 159 | public QWORD ProcessAssemblyStorageMap; 160 | public QWORD SystemDefaultActivationContextData; 161 | public QWORD SystemAssemblyStorageMap; 162 | public QWORD MinimumStackCommit; 163 | } 164 | 165 | [StructLayout(LayoutKind.Sequential, Pack = 1)] 166 | public struct _PEB_LDR_DATA 167 | { 168 | [MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)] 169 | Byte Reserved1; 170 | [MarshalAs(UnmanagedType.ByValArray, SizeConst = 3)] 171 | IntPtr Reserved2; 172 | _LIST_ENTRY InMemoryOrderModuleList; 173 | } 174 | 175 | [StructLayout(LayoutKind.Sequential, Pack=1)] 176 | public struct _RTL_USER_PROCESS_PARAMETERS 177 | { 178 | [MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)] 179 | BYTE Reserved1; 180 | [MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)] 181 | PVOID Reserved2; 182 | Subauth._LSA_UNICODE_STRING ImagePathName; 183 | Subauth._LSA_UNICODE_STRING CommandLine; 184 | } 185 | } 186 | } -------------------------------------------------------------------------------- /MonkeyWorks/Unmanaged/Headers/Winuser.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Runtime.InteropServices; 3 | 4 | using UINT = System.UInt32; 5 | using DWORD = System.UInt32; 6 | 7 | using HWND = System.IntPtr; 8 | using WPARAM = System.IntPtr; 9 | using LPARAM = System.IntPtr; 10 | 11 | namespace MonkeyWorks.Unmanaged.Headers 12 | { 13 | sealed class Winuser 14 | { 15 | public static IntPtr HWND_MESSAGE = new IntPtr(-3); 16 | 17 | public static UInt32 WM_QUIT = 0x0012; 18 | 19 | public const UInt32 WM_ASKCBFORMATNAME = 0x030C; 20 | public const UInt32 WM_CHANGECBCHAIN = 0x030D; 21 | public const UInt32 WM_CLIPBOARDUPDATE = 0x031D; 22 | public const UInt32 WM_DESTROYCLIPBOARD = 0x0307; 23 | public const UInt32 WM_DRAWCLIPBOARD = 0x0308; 24 | public const UInt32 WM_HSCROLLCLIPBOARD = 0x030E; 25 | public const UInt32 WM_PAINTCLIPBOARD = 0x0309; 26 | public const UInt32 WM_RENDERALLFORMATS = 0x0306; 27 | public const UInt32 WM_RENDERFORMAT = 0x0305; 28 | public const UInt32 WM_SIZECLIPBOARD = 0x030B; 29 | public const UInt32 WM_VSCROLLCLIPBOARD = 0x030A; 30 | 31 | [Flags] 32 | public enum ClipboardFormats : uint 33 | { 34 | CF_TEXT = 1, 35 | CF_BITMAP = 2, 36 | CF_METAFILEPICT = 3, 37 | CF_SYLK = 4, 38 | CF_DIF = 5, 39 | CF_TIFF = 6, 40 | CF_OEMTEXT = 7, 41 | CF_DIB = 8, 42 | CF_PALETTE = 9, 43 | CF_PENDATA = 10, 44 | CF_RIFF = 11, 45 | CF_WAVE = 12, 46 | CF_UNICODETEXT = 13, 47 | CF_ENHMETAFILE = 14, 48 | CF_HDROP = 15, 49 | CF_LOCALE = 16, 50 | CF_DIBV5 = 17, 51 | CF_OWNERDISPLAY = 0x0080, 52 | CF_DSPTEXT = 0x0081, 53 | CF_DSPBITMAP = 0x0082, 54 | CF_DSPMETAFILEPICT = 0x0083, 55 | CF_DSPENHMETAFILE = 0x008E, 56 | CF_PRIVATEFIRST = 0x0200, 57 | CF_PRIVATELAST = 0x02FF, 58 | CF_GDIOBJFIRST = 0x0300, 59 | CF_GDIOBJLAST = 0x03FF 60 | } 61 | 62 | [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)] 63 | public struct tagMSG 64 | { 65 | public HWND hwnd; 66 | public UINT message; 67 | public WPARAM wParam; 68 | public LPARAM lParam; 69 | public DWORD time; 70 | public Windef.tagPOINT pt; 71 | } 72 | 73 | [Flags] 74 | public enum WindowStyles : long 75 | { 76 | WS_BORDER = 0x00800000L, 77 | WS_CAPTION = 0x00C00000L, 78 | WS_CHILDWINDOW = 0x40000000L, 79 | WS_CLIPCHILDREN = 0x02000000L, 80 | WS_CLIPSIBLINGS = 0x04000000L, 81 | WS_DISABLED = 0x08000000L, 82 | WS_DLGFRAME = 0x00400000L, 83 | WS_GROUP = 0x00020000L, 84 | WS_HSCROLL = 0x00100000L, 85 | WS_ICONIC = 0x20000000L, 86 | WS_MAXIMIZE = 0x01000000L, 87 | WS_MAXIMIZEBOX = 0x00010000L, 88 | WS_MINIMIZE = 0x20000000L, 89 | WS_MINIMIZEBOX = 0x00020000L, 90 | WS_OVERLAPPED = 0x00000000L, 91 | WS_OVERLAPPEDWINDOW = (WS_OVERLAPPED | WS_CAPTION | WS_SYSMENU | WS_THICKFRAME | WS_MINIMIZEBOX | WS_MAXIMIZEBOX), 92 | WS_POPUP = 0x80000000L, 93 | WS_POPUPWINDOW = (WS_POPUP | WS_BORDER | WS_SYSMENU), 94 | WS_SIZEBOX = 0x00040000L, 95 | WS_SYSMENU = 0x00080000L, 96 | WS_TABSTOP = 0x00010000L, 97 | WS_THICKFRAME = 0x00040000L, 98 | WS_TILED = 0x00000000L, 99 | WS_TILEDWINDOW = (WS_OVERLAPPED | WS_CAPTION | WS_SYSMENU | WS_THICKFRAME | WS_MINIMIZEBOX | WS_MAXIMIZEBOX), 100 | WS_VISIBLE = 0x10000000L, 101 | WS_VSCROLL = 0x00200000L 102 | } 103 | 104 | [Flags] 105 | public enum WindowStylesEx : long 106 | { 107 | WS_EX_ACCEPTFILES = 0x00000010L, 108 | WS_EX_APPWINDOW = 0x00040000L, 109 | WS_EX_CLIENTEDGE = 0x00000200L, 110 | WS_EX_COMPOSITED = 0x02000000L, 111 | WS_EX_CONTEXTHELP = 0x00000400L, 112 | WS_EX_CONTROLPARENT = 0x00010000L, 113 | WS_EX_DLGMODALFRAME = 0x00000001L, 114 | WS_EX_LAYERED = 0x00080000, 115 | WS_EX_LAYOUTRTL = 0x00400000L, 116 | WS_EX_LEFT = 0x00000000L, 117 | WS_EX_LEFTSCROLLBAR = 0x00004000L, 118 | WS_EX_LTRREADING = 0x00000000L, 119 | WS_EX_MDICHILD = 0x00000040L, 120 | WS_EX_NOACTIVATE = 0x08000000L, 121 | WS_EX_NOINHERITLAYOUT = 0x00100000L, 122 | WS_EX_NOPARENTNOTIFY = 0x00000004L, 123 | WS_EX_NOREDIRECTIONBITMAP = 0x00200000L, 124 | WS_EX_OVERLAPPEDWINDOW = (WS_EX_WINDOWEDGE | WS_EX_CLIENTEDGE), 125 | WS_EX_PALETTEWINDOW = (WS_EX_WINDOWEDGE | WS_EX_TOOLWINDOW | WS_EX_TOPMOST), 126 | WS_EX_RIGHT = 0x00001000L, 127 | WS_EX_RIGHTSCROLLBAR = 0x00000000L, 128 | WS_EX_RTLREADING = 0x00002000L, 129 | WS_EX_STATICEDGE = 0x00020000L, 130 | WS_EX_TOOLWINDOW = 0x00000080L, 131 | WS_EX_TOPMOST = 0x00000008L, 132 | WS_EX_TRANSPARENT = 0x00000020L, 133 | WS_EX_WINDOWEDGE = 0x00000100L 134 | } 135 | 136 | [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)] 137 | public struct WNDCLASSEX 138 | { 139 | [MarshalAs(UnmanagedType.U4)] 140 | public UInt32 cbSize; 141 | [MarshalAs(UnmanagedType.U4)] 142 | public UInt32 style; 143 | public Delegate lpfnWndProc; // not WndProc 144 | public Int32 cbClsExtra; 145 | public Int32 cbWndExtra; 146 | public IntPtr hInstance; 147 | public IntPtr hIcon; 148 | public IntPtr hCursor; 149 | public IntPtr hbrBackground; 150 | public String lpszMenuName; 151 | public String lpszClassName; 152 | public IntPtr hIconSm; 153 | 154 | public static WNDCLASSEX Build() 155 | { 156 | var nw = new WNDCLASSEX(); 157 | nw.cbSize = (UInt32)Marshal.SizeOf(typeof(WNDCLASSEX)); 158 | return nw; 159 | } 160 | } 161 | } 162 | } -------------------------------------------------------------------------------- /MonkeyWorks/Unmanaged/Headers/wudfwdm.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | using USHORT = System.UInt16; 4 | 5 | using ULONG = System.UInt32; 6 | 7 | using HANDLE = System.IntPtr; 8 | using PVOID = System.IntPtr; 9 | 10 | namespace MonkeyWorks.Unmanaged.Headers 11 | { 12 | class wudfwdm 13 | { 14 | public struct _UNICODE_STRING 15 | { 16 | public USHORT Length; 17 | public USHORT MaximumLength; 18 | public Char[] Buffer; 19 | } 20 | 21 | public struct _OBJECT_ATTRIBUTES 22 | { 23 | public ULONG Length; 24 | public HANDLE RootDirectory; 25 | public IntPtr ObjectName; 26 | public ULONG Attributes; 27 | public PVOID SecurityDescriptor; 28 | public PVOID SecurityQualityOfService; 29 | } 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /MonkeyWorks/Unmanaged/Libraries/advapi32.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Runtime.InteropServices; 3 | using System.Text; 4 | using Microsoft.Win32; 5 | 6 | using MonkeyWorks.Unmanaged.Headers; 7 | 8 | namespace MonkeyWorks.Unmanaged.Libraries 9 | { 10 | sealed class advapi32 11 | { 12 | [DllImport("advapi32.dll", SetLastError = true)] 13 | public static extern Boolean AdjustTokenGroups( 14 | IntPtr TokenHandle, 15 | Boolean ResetToDefault, 16 | ref Ntifs._TOKEN_GROUPS NewState, 17 | UInt32 BufferLength, 18 | ref Ntifs._TOKEN_GROUPS PreviousState, 19 | out UInt32 ReturnLengthInBytes 20 | ); 21 | 22 | [DllImport("advapi32.dll", SetLastError = true)] 23 | public static extern Boolean AdjustTokenPrivileges( 24 | IntPtr TokenHandle, 25 | Boolean DisableAllPrivileges, 26 | ref Winnt._TOKEN_PRIVILEGES NewState, 27 | UInt32 BufferLengthInBytes, 28 | ref Winnt._TOKEN_PRIVILEGES PreviousState, 29 | out UInt32 ReturnLengthInBytes 30 | ); 31 | 32 | [DllImport("advapi32.dll", SetLastError = true)] 33 | public static extern Boolean AllocateAndInitializeSid( 34 | ref Winnt._SID_IDENTIFIER_AUTHORITY pIdentifierAuthority, 35 | byte nSubAuthorityCount, 36 | Int32 dwSubAuthority0, 37 | Int32 dwSubAuthority1, 38 | Int32 dwSubAuthority2, 39 | Int32 dwSubAuthority3, 40 | Int32 dwSubAuthority4, 41 | Int32 dwSubAuthority5, 42 | Int32 dwSubAuthority6, 43 | Int32 dwSubAuthority7, 44 | out IntPtr pSid 45 | ); 46 | 47 | [DllImport("advapi32.dll", SetLastError = true)] 48 | public static extern Boolean CloseServiceHandle(IntPtr hSCObject); 49 | 50 | [DllImport("advapi32.dll", SetLastError = true)] 51 | public static extern IntPtr ControlService(IntPtr hService, Winsvc.dwControl dwControl, out Winsvc._SERVICE_STATUS lpServiceStatus); 52 | 53 | [DllImport("advapi32.dll", SetLastError = true)] 54 | public static extern IntPtr ControlServiceEx(IntPtr hService, Winsvc.dwControl dwControl, Int32 dwInfoLevel, out Winsvc._SERVICE_STATUS lpServiceStatus); 55 | 56 | [DllImport("advapi32", CharSet = CharSet.Auto, SetLastError = true)] 57 | public static extern bool ConvertSidToStringSid(IntPtr Sid, ref IntPtr StringSid); 58 | 59 | [DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)] 60 | public static extern Boolean CreateProcessWithLogonW( 61 | String lpUsername, 62 | String lpDomain, 63 | String lpPassword, 64 | Winbase.LOGON_FLAGS dwLogonFlags, 65 | String lpApplicationName, 66 | String lpCommandLine, 67 | Winbase.CREATION_FLAGS dwCreationFlags, 68 | IntPtr lpEnvironment, 69 | String lpCurrentDirectory, 70 | ref Winbase._STARTUPINFO lpStartupInfo, 71 | out Winbase._PROCESS_INFORMATION lpProcessInformation 72 | ); 73 | 74 | [DllImport("advapi32.dll", SetLastError = true)] 75 | public static extern Boolean CreateProcessAsUser(IntPtr hToken, IntPtr lpApplicationName, IntPtr lpCommandLine, ref Winbase._SECURITY_ATTRIBUTES lpProcessAttributes, ref Winbase._SECURITY_ATTRIBUTES lpThreadAttributes, Boolean bInheritHandles, Winbase.CREATION_FLAGS dwCreationFlags, IntPtr lpEnvironment, IntPtr lpCurrentDirectory, ref Winbase._STARTUPINFO lpStartupInfo, out Winbase._PROCESS_INFORMATION lpProcessInfo); 76 | 77 | [DllImport("advapi32.dll", SetLastError = true)] 78 | public static extern Boolean CreateProcessAsUserW(IntPtr hToken, IntPtr lpApplicationName, IntPtr lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, Boolean bInheritHandles, Winbase.CREATION_FLAGS dwCreationFlags, IntPtr lpEnvironment, IntPtr lpCurrentDirectory, ref Winbase._STARTUPINFO lpStartupInfo, out Winbase._PROCESS_INFORMATION lpProcessInfo); 79 | 80 | [DllImport("advapi32.dll", SetLastError = true)] 81 | public static extern Boolean CreateProcessWithTokenW(IntPtr hToken, LOGON_FLAGS dwLogonFlags, IntPtr lpApplicationName, IntPtr lpCommandLine, Winbase.CREATION_FLAGS dwCreationFlags, IntPtr lpEnvironment, IntPtr lpCurrentDirectory, ref Winbase._STARTUPINFO lpStartupInfo, out Winbase._PROCESS_INFORMATION lpProcessInfo); 82 | 83 | [DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)] 84 | public static extern Boolean CreateProcessWithTokenW( 85 | IntPtr hToken, 86 | Winbase.LOGON_FLAGS dwLogonFlags, 87 | String lpApplicationName, 88 | String lpCommandLine, 89 | Winbase.CREATION_FLAGS dwCreationFlags, 90 | IntPtr lpEnvironment, 91 | String lpCurrentDirectory, 92 | ref Winbase._STARTUPINFO lpStartupInfo, 93 | out Winbase._PROCESS_INFORMATION lpProcessInfo 94 | ); 95 | 96 | 97 | 98 | [DllImport("advapi32.dll", SetLastError = true)] 99 | public static extern IntPtr CreateService( 100 | IntPtr hSCManager, 101 | String lpServiceName, 102 | String lpDisplayName, 103 | Winsvc.dwDesiredAccess dwDesiredAccess, 104 | Winsvc.dwServiceType dwServiceType, 105 | Winsvc.dwStartType dwStartType, 106 | Winsvc.dwErrorControl dwErrorControl, 107 | String lpBinaryPathName, 108 | String lpLoadOrderGroup, 109 | String lpdwTagId, 110 | String lpDependencies, 111 | String lpServiceStartName, 112 | String lpPassword 113 | ); 114 | 115 | [Flags] 116 | public enum CRED_TYPE : uint 117 | { 118 | Generic = 1, 119 | DomainPassword, 120 | DomainCertificate, 121 | DomainVisiblePassword, 122 | GenericCertificate, 123 | DomainExtended, 124 | Maximum, 125 | MaximumEx = Maximum + 1000, 126 | } 127 | 128 | [DllImport("advapi32.dll", SetLastError = true)] 129 | public static extern Boolean CredEnumerateW(String Filter, Int32 Flags, out Int32 Count, out IntPtr Credentials); 130 | 131 | [DllImport("advapi32.dll", SetLastError = true)] 132 | public static extern Boolean CredFree(IntPtr Buffer); 133 | 134 | [DllImport("advapi32.dll", SetLastError = true)] 135 | public static extern Boolean CredReadW(String target, CRED_TYPE type, Int32 reservedFlag, out IntPtr credentialPtr); 136 | 137 | [DllImport("advapi32.dll", SetLastError = true)] 138 | public static extern Boolean CredWriteW(ref WinCred._CREDENTIAL userCredential, UInt32 flags); 139 | 140 | [DllImport("advapi32.dll", SetLastError = true)] 141 | public static extern Boolean DeleteService(IntPtr hService); 142 | 143 | [DllImport("advapi32.dll", SetLastError = true)] 144 | public static extern Boolean DuplicateTokenEx(IntPtr hExistingToken, UInt32 dwDesiredAccess, IntPtr lpTokenAttributes, Winnt._SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, Winnt._TOKEN_TYPE TokenType, out IntPtr phNewToken); 145 | 146 | [DllImport("advapi32.dll", SetLastError = true)] 147 | public static extern Boolean DuplicateTokenEx(IntPtr hExistingToken, UInt32 dwDesiredAccess, ref Winbase._SECURITY_ATTRIBUTES lpTokenAttributes, Winnt._SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, Winnt._TOKEN_TYPE TokenType, out IntPtr phNewToken); 148 | 149 | [DllImport("advapi32.dll", SetLastError = true)] 150 | public static extern Boolean ImpersonateLoggedOnUser(IntPtr hToken); 151 | 152 | [DllImport("advapi32.dll", SetLastError = true)] 153 | public static extern Boolean ImpersonateNamedPipeClient(IntPtr hNamedPipe); 154 | 155 | [DllImport("advapi32.dll", SetLastError = true)] 156 | public static extern Boolean ImpersonateSelf(Winnt._SECURITY_IMPERSONATION_LEVEL ImpersonationLevel); 157 | 158 | [DllImport("advapi32.dll", SetLastError = true)] 159 | public static extern IntPtr FreeSid(IntPtr pSid); 160 | 161 | [DllImport("advapi32.dll", SetLastError = true)] 162 | public static extern Boolean GetTokenInformation(IntPtr TokenHandle, Winnt._TOKEN_INFORMATION_CLASS TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); 163 | 164 | [DllImport("advapi32.dll", SetLastError = true)] 165 | public static extern Boolean GetTokenInformation(IntPtr TokenHandle, Winnt._TOKEN_INFORMATION_CLASS TokenInformationClass, ref Winnt._TOKEN_STATISTICS TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); 166 | 167 | [Flags] 168 | public enum LOGON_FLAGS 169 | { 170 | WithProfile = 1, 171 | NetCredentialsOnly 172 | } 173 | 174 | [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Auto)] 175 | public static extern bool LookupAccountSid( 176 | String lpSystemName, 177 | IntPtr Sid, 178 | StringBuilder lpName, 179 | ref UInt32 cchName, 180 | StringBuilder ReferencedDomainName, 181 | ref UInt32 cchReferencedDomainName, 182 | out Winnt._SID_NAME_USE peUse 183 | ); 184 | 185 | [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Auto)] 186 | public static extern bool LookupAccountSid( 187 | String lpSystemName, 188 | IntPtr Sid, 189 | IntPtr lpName, 190 | ref UInt32 cchName, 191 | IntPtr ReferencedDomainName, 192 | ref UInt32 cchReferencedDomainName, 193 | out Winnt._SID_NAME_USE peUse 194 | ); 195 | 196 | [DllImport("advapi32.dll", SetLastError = true)] 197 | public static extern Boolean LookupPrivilegeName(String lpSystemName, IntPtr lpLuid, StringBuilder lpName, ref Int32 cchName); 198 | 199 | [DllImport("advapi32.dll", SetLastError = true)] 200 | public static extern Boolean LookupPrivilegeValue(String lpSystemName, String lpName, ref Winnt._LUID luid); 201 | 202 | [DllImport("advapi32.dll", SetLastError = true)] 203 | public static extern IntPtr OpenSCManager(String lpMachineName, String lpDatabaseName, Winsvc.dwSCManagerDesiredAccess dwDesiredAccess); 204 | 205 | [DllImport("advapi32.dll", SetLastError = true)] 206 | public static extern IntPtr OpenService(IntPtr hSCManager, String lpServiceName, Winsvc.dwDesiredAccess dwDesiredAccess); 207 | 208 | [DllImport("advapi32.dll", SetLastError = true)] 209 | public static extern Boolean PrivilegeCheck(IntPtr ClientToken, Winnt._PRIVILEGE_SET RequiredPrivileges, IntPtr pfResult); 210 | 211 | [DllImport("advapi32.dll", SetLastError = true)] 212 | public static extern Boolean PrivilegeCheck(IntPtr ClientToken, ref Winnt._PRIVILEGE_SET RequiredPrivileges, out Int32 pfResult); 213 | 214 | [DllImport("advapi32.dll", SetLastError = true)] 215 | public static extern Boolean StartService(IntPtr hService, Int32 dwNumServiceArgs, String[] lpServiceArgVectors); 216 | 217 | [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Auto)] 218 | public static extern int RegOpenKeyEx(UIntPtr hKey, String subKey, Int32 ulOptions, Int32 samDesired, out UIntPtr hkResult); 219 | 220 | [DllImport("advapi32.dll", SetLastError = true)] 221 | public static extern uint RegQueryValueEx(UIntPtr hKey, String lpValueName, Int32 lpReserved, ref RegistryValueKind lpType, IntPtr lpData, ref Int32 lpcbData); 222 | 223 | [DllImport("advapi32.dll", SetLastError = true)] 224 | public static extern UInt32 RegQueryValueEx( 225 | UIntPtr hKey, 226 | string lpValueName, 227 | int lpReserved, 228 | ref Int32 lpType, 229 | IntPtr lpData, 230 | ref int lpcbData 231 | ); 232 | 233 | [DllImport("advapi32.dll", SetLastError = true)] 234 | public static extern Int32 RegQueryInfoKey( 235 | UIntPtr hKey, 236 | StringBuilder lpClass, 237 | ref UInt32 lpcchClass, 238 | IntPtr lpReserved, 239 | out UInt32 lpcSubkey, 240 | out UInt32 lpcchMaxSubkeyLen, 241 | out UInt32 lpcchMaxClassLen, 242 | out UInt32 lpcValues, 243 | out UInt32 lpcchMaxValueNameLen, 244 | out UInt32 lpcbMaxValueLen, 245 | IntPtr lpSecurityDescriptor, 246 | IntPtr lpftLastWriteTime 247 | ); 248 | 249 | [DllImport("advapi32.dll", SetLastError = true)] 250 | public static extern Boolean RevertToSelf(); 251 | } 252 | } -------------------------------------------------------------------------------- /MonkeyWorks/Unmanaged/Libraries/crypt32.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Runtime.InteropServices; 3 | 4 | using WORD = System.UInt16; 5 | using DWORD = System.UInt32; 6 | using QWORD = System.UInt64; 7 | 8 | using LPCTSTR = System.String; 9 | using LPWSTR = System.Text.StringBuilder; 10 | 11 | using PVOID = System.IntPtr; 12 | using LPVOID = System.IntPtr; 13 | using DWORD_PTR = System.IntPtr; 14 | 15 | using MonkeyWorks.Unmanaged.Headers; 16 | 17 | namespace MonkeyWorks.Unmanaged.Libraries 18 | { 19 | sealed class crypt32 20 | { 21 | public const UInt32 CRYPTPROTECT_UI_FORBIDDEN = 0x1; 22 | public const UInt32 CRYPTPROTECT_LOCAL_MACHINE = 0x4; 23 | 24 | [DllImport("crypt32.dll", SetLastError = true)] 25 | public static extern bool CryptStringToBinary( 26 | LPCTSTR pszString, 27 | DWORD cchString, 28 | DWORD dwFlags, 29 | out IntPtr pbBinary, 30 | ref DWORD pcbBinary, 31 | out DWORD pdwSkip, 32 | out DWORD pdwFlags 33 | ); 34 | 35 | [DllImport("crypt32.dll", SetLastError = true)] 36 | public static extern bool CryptUnprotectData( 37 | ref Wincrypt._CRYPTOAPI_BLOB pDataIn, 38 | LPWSTR ppszDataDescr, 39 | ref Wincrypt._CRYPTOAPI_BLOB pOptionalEntropy, 40 | PVOID pvReserved, 41 | ref Wincrypt._CRYPTPROTECT_PROMPTSTRUCT pPromptStruct, 42 | DWORD dwFlag, 43 | ref Wincrypt._CRYPTOAPI_BLOB pDataOut 44 | ); 45 | 46 | [DllImport("crypt32.dll", SetLastError = true)] 47 | public static extern bool CryptUnprotectData( 48 | ref Wincrypt._CRYPTOAPI_BLOB pDataIn, 49 | LPWSTR ppszDataDescr, 50 | IntPtr pOptionalEntropy, 51 | PVOID pvReserved, 52 | IntPtr pPromptStruct, 53 | DWORD dwFlag, 54 | ref Wincrypt._CRYPTOAPI_BLOB pDataOut 55 | ); 56 | } 57 | } -------------------------------------------------------------------------------- /MonkeyWorks/Unmanaged/Libraries/dbghelp.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Runtime.InteropServices; 3 | 4 | using BOOLEAN = System.Boolean; 5 | 6 | using WORD = System.UInt16; 7 | using DWORD = System.UInt32; 8 | using QWORD = System.UInt64; 9 | 10 | using HANDLE = System.IntPtr; 11 | using PVOID = System.IntPtr; 12 | using LPVOID = System.IntPtr; 13 | using DWORD_PTR = System.IntPtr; 14 | 15 | using ULONG = System.UInt32; 16 | using ULONG32 = System.UInt32; 17 | using ULONG64 = System.UInt64; 18 | 19 | using BOOL = System.Boolean; 20 | 21 | using MonkeyWorks.Unmanaged.Headers; 22 | 23 | namespace MonkeyWorks.Unmanaged.Libraries 24 | { 25 | sealed class dbghelp 26 | { 27 | [StructLayout(LayoutKind.Sequential, Pack = 1)] 28 | public struct _LOADED_IMAGE { 29 | public string ModuleName; 30 | public HANDLE hFile; 31 | public IntPtr MappedAddress; 32 | public Winnt._IMAGE_NT_HEADERS FileHeader; 33 | public Winnt._IMAGE_SECTION_HEADER LastRvaSection; 34 | public ULONG NumberOfSections; 35 | public Winnt._IMAGE_SECTION_HEADER Sections; 36 | public ULONG Characteristics; 37 | public BOOLEAN fSystemImage; 38 | public BOOLEAN fDOSImage; 39 | public BOOLEAN fReadOnly; 40 | public IntPtr Version; 41 | public Winternl._LIST_ENTRY Links; 42 | public ULONG SizeOfImage; 43 | } 44 | 45 | [DllImport("dbghelp.dll", SetLastError = true)] 46 | public static extern Boolean MiniDumpCallback( 47 | PVOID CallbackParam, 48 | IntPtr CallbackInput, 49 | IntPtr CallbackOutput 50 | ); 51 | 52 | [DllImport("dbghelp.dll", SetLastError = true)] 53 | public static extern Boolean MiniDumpWriteDump( 54 | HANDLE hProcess, 55 | DWORD ProcessId, 56 | HANDLE hFile, 57 | Minidumpapiset._MINIDUMP_TYPE DumpType, 58 | IntPtr ExceptionParam, 59 | IntPtr UserStreamParam, 60 | IntPtr CallbackParam 61 | ); 62 | } 63 | } -------------------------------------------------------------------------------- /MonkeyWorks/Unmanaged/Libraries/fltlib.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Runtime.InteropServices; 5 | using System.Text; 6 | 7 | using MonkeyWorks.Unmanaged.Headers; 8 | 9 | namespace MonkeyWorks.Unmanaged.Libraries 10 | { 11 | class fltlib 12 | { 13 | [DllImport("FltLib.dll", CharSet = CharSet.Unicode, SetLastError = true)] 14 | public static extern UInt32 FilterDetach(String lpFilterName, String lpVolumeName, String lpInstanceName); 15 | 16 | [DllImport("FltLib.dll", SetLastError = true)] 17 | public static extern UInt32 FilterInstanceFindClose(IntPtr hFilterInstanceFind); 18 | 19 | [DllImport("FltLib.dll", CharSet = CharSet.Unicode, SetLastError = true)] 20 | public static extern UInt32 FilterInstanceFindFirst( 21 | String lpFilterName, 22 | FltUserStructures._INSTANCE_INFORMATION_CLASS dwInformationClass, 23 | IntPtr lpBuffer, 24 | UInt32 dwBufferSize, 25 | ref UInt32 lpBytesReturned, 26 | ref IntPtr lpFilterInstanceFind 27 | ); 28 | 29 | [DllImport("FltLib.dll", SetLastError = true)] 30 | public static extern UInt32 FilterInstanceFindNext( 31 | IntPtr hFilterInstanceFind, 32 | FltUserStructures._INSTANCE_INFORMATION_CLASS dwInformationClass, 33 | IntPtr lpBuffer, 34 | UInt32 dwBufferSize, 35 | ref UInt32 lpBytesReturned 36 | ); 37 | 38 | [DllImport("FltLib.dll", SetLastError = true)] 39 | public static extern UInt32 FilterFindClose(IntPtr hFilterFind); 40 | 41 | [DllImport("FltLib.dll", SetLastError = true)] 42 | public static extern UInt32 FilterFindFirst( 43 | FltUserStructures._FILTER_INFORMATION_CLASS dwInformationClass, 44 | IntPtr lpBuffer, 45 | UInt32 dwBufferSize, 46 | ref UInt32 lpBytesReturned, 47 | ref IntPtr lpFilterFind 48 | ); 49 | 50 | [DllImport("FltLib.dll", SetLastError = true)] 51 | public static extern UInt32 FilterFindNext( 52 | IntPtr hFilterFind, 53 | FltUserStructures._FILTER_INFORMATION_CLASS dwInformationClass, 54 | IntPtr lpBuffer, 55 | UInt32 dwBufferSize, 56 | out UInt32 lpBytesReturned 57 | ); 58 | 59 | [DllImport("FltLib.dll", CharSet = CharSet.Unicode, SetLastError = true)] 60 | public static extern UInt32 FilterUnload(String lpFilterName); 61 | } 62 | } 63 | -------------------------------------------------------------------------------- /MonkeyWorks/Unmanaged/Libraries/kernel32.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Runtime.InteropServices; 3 | using System.Text; 4 | 5 | using MonkeyWorks.Unmanaged.Headers; 6 | 7 | namespace MonkeyWorks.Unmanaged.Libraries 8 | { 9 | sealed class kernel32 10 | { 11 | public const UInt32 PROCESS_CREATE_THREAD = 0x0002; 12 | public const UInt32 PROCESS_QUERY_INFORMATION = 0x0400; 13 | public const UInt32 PROCESS_VM_OPERATION = 0x0008; 14 | public const UInt32 PROCESS_VM_WRITE = 0x0020; 15 | public const UInt32 PROCESS_VM_READ = 0x0010; 16 | public const UInt32 PROCESS_ALL_ACCESS = 0x1F0FFF; 17 | 18 | public const UInt32 MEM_COMMIT = 0x00001000; 19 | public const UInt32 MEM_RESERVE = 0x00002000; 20 | 21 | //////////////////////////////////////////////////////////////////////////////// 22 | [DllImport("kernel32.dll", SetLastError = true)] 23 | public static extern Boolean CloseHandle(IntPtr hProcess); 24 | 25 | [DllImport("kernel32.dll", SetLastError = true)] 26 | public static extern Boolean ConnectNamedPipe( 27 | IntPtr hNamedPipe, 28 | MinWinBase._OVERLAPPED lpOverlapped 29 | ); 30 | 31 | [DllImport("kernel32.dll", SetLastError = true)] 32 | public static extern Boolean ConnectNamedPipe( 33 | IntPtr hNamedPipe, 34 | IntPtr lpOverlapped 35 | ); 36 | 37 | [DllImport("kernel32.dll", SetLastError = true)] 38 | public static extern Boolean CreateProcess( 39 | String lpApplicationName, 40 | String lpCommandLine, 41 | ref Winbase._SECURITY_ATTRIBUTES lpProcessAttributes, 42 | ref Winbase._SECURITY_ATTRIBUTES lpThreadAttributes, 43 | Boolean bInheritHandles, 44 | Winbase.CREATION_FLAGS dwCreationFlags, 45 | IntPtr lpEnvironment, 46 | String lpCurrentDirectory, 47 | ref Winbase._STARTUPINFO lpStartupInfo, 48 | out Winbase._PROCESS_INFORMATION lpProcessInformation 49 | ); 50 | 51 | [DllImport("kernel32.dll", SetLastError = true)] 52 | public static extern IntPtr CreateNamedPipeA( 53 | String lpName, 54 | Winbase.OPEN_MODE dwOpenMode, 55 | Winbase.PIPE_MODE dwPipeMode, 56 | UInt32 nMaxInstances, 57 | UInt32 nOutBufferSize, 58 | UInt32 nInBufferSize, 59 | UInt32 nDefaultTimeOut, 60 | Winbase._SECURITY_ATTRIBUTES lpSecurityAttributes 61 | ); 62 | 63 | [DllImport("kernel32.dll", SetLastError = true)] 64 | public static extern IntPtr CreateNamedPipeA( 65 | String lpName, 66 | Winbase.OPEN_MODE dwOpenMode, 67 | Winbase.PIPE_MODE dwPipeMode, 68 | UInt32 nMaxInstances, 69 | UInt32 nOutBufferSize, 70 | UInt32 nInBufferSize, 71 | UInt32 nDefaultTimeOut, 72 | IntPtr lpSecurityAttributes 73 | ); 74 | 75 | [DllImport("kernel32.dll", SetLastError = true)] 76 | public static extern IntPtr CreateRemoteThread(IntPtr hHandle, IntPtr lpThreadAttributes, UInt32 dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, UInt32 dwCreationFlags, ref UInt32 lpThreadId); 77 | 78 | [DllImport("kernel32.dll", SetLastError = true)] 79 | public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, UInt32 dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, UInt32 dwCreationFlags, ref UInt32 lpThreadId); 80 | 81 | [DllImport("kernel32.dll", SetLastError = true)] 82 | public static extern IntPtr CreateToolhelp32Snapshot(UInt32 dwFlags, UInt32 th32ProcessID); 83 | 84 | [DllImport("kernel32.dll", SetLastError = true)] 85 | public static extern Boolean DisconnectNamedPipe(IntPtr hNamedPipe); 86 | 87 | [DllImport("kernel32.dll", SetLastError = true)] 88 | public static extern IntPtr GetCurrentThread(); 89 | 90 | [DllImport("kernel32.dll", SetLastError = true)] 91 | public static extern IntPtr GetCurrentProcess(); 92 | 93 | [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] 94 | public static extern IntPtr GetModuleHandle(string lpModuleName); 95 | 96 | [DllImport("kernel32.dll", SetLastError = true)] 97 | public static extern void GetNativeSystemInfo(out Winbase._SYSTEM_INFO lpSystemInfo); 98 | 99 | [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] 100 | public static extern Int32 GetPrivateProfileString(String lpAppName, String lpKeyName, String lpDefault, StringBuilder lpReturnedString, UInt32 nSize, String lpFileName); 101 | 102 | [DllImport("kernel32.dll", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)] 103 | public static extern IntPtr GetProcAddress(IntPtr hModule, string procName); 104 | 105 | [DllImport("kernel32.dll", SetLastError = true)] 106 | public static extern void GetSystemInfo(out Winbase._SYSTEM_INFO lpSystemInfo); 107 | 108 | [DllImport("kernel32.dll", SetLastError = true)] 109 | public static extern Boolean GetThreadContext(IntPtr hThread, IntPtr lpContext); 110 | 111 | [DllImport("kernel32.dll", SetLastError = true)] 112 | public static extern Boolean GetThreadContext(IntPtr hThread, ref Winnt.CONTEXT lpContext); 113 | 114 | [DllImport("kernel32.dll", SetLastError = true)] 115 | public static extern Boolean GetThreadContext(IntPtr hThread, ref Winnt.CONTEXT64 lpContext); 116 | 117 | [DllImport("kernel32.dll", SetLastError = true)] 118 | public static extern UInt32 GlobalSize(IntPtr hMem); 119 | 120 | [DllImport("kernel32.dll", SetLastError = true)] 121 | public static extern Boolean IsWow64Process(IntPtr hProcess, out Boolean Wow64Process); 122 | 123 | [DllImport("kernel32.dll", SetLastError = true)] 124 | public static extern Boolean Module32First(IntPtr hSnapshot, ref TiHelp32.tagMODULEENTRY32 lpme); 125 | 126 | [DllImport("kernel32.dll", SetLastError = true)] 127 | public static extern Boolean Module32Next(IntPtr hSnapshot, ref TiHelp32.tagMODULEENTRY32 lpme); 128 | 129 | [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] 130 | public static extern IntPtr LoadLibrary(string lpFileName); 131 | 132 | [DllImport("kernel32.dll", SetLastError = true)] 133 | public static extern IntPtr LocalFree(IntPtr hMem); 134 | 135 | [DllImport("kernel32.dll", SetLastError = true)] 136 | public static extern Boolean Process32First(IntPtr hSnapshot, ref TiHelp32.tagPROCESSENTRY32 lppe); 137 | 138 | [DllImport("kernel32.dll", SetLastError = true)] 139 | public static extern Boolean Process32Next(IntPtr hSnapshot, ref TiHelp32.tagPROCESSENTRY32 lppe); 140 | 141 | [DllImport("kernel32.dll", SetLastError = true)] 142 | public static extern IntPtr OpenProcess(UInt32 dwDesiredAccess, Boolean bInheritHandle, UInt32 dwProcessId); 143 | 144 | [DllImport("kernel32.dll", SetLastError = true)] 145 | public static extern IntPtr OpenProcess(ProcessThreadsApi.ProcessSecurityRights dwDesiredAccess, Boolean bInheritHandle, UInt32 dwProcessId); 146 | 147 | [DllImport("kernel32.dll", SetLastError = true)] 148 | public static extern Boolean OpenProcessToken(IntPtr hProcess, UInt32 dwDesiredAccess, out IntPtr hToken); 149 | 150 | [DllImport("kernel32.dll", SetLastError = true)] 151 | public static extern IntPtr OpenThread(ProcessThreadsApi.ThreadSecurityRights dwDesiredAccess, Boolean bInheritHandle, uint dwThreadId); 152 | 153 | [DllImport("kernel32.dll", SetLastError = true)] 154 | public static extern Boolean OpenThreadToken(IntPtr ThreadHandle, UInt32 DesiredAccess, Boolean OpenAsSelf, ref IntPtr TokenHandle); 155 | 156 | [DllImport("kernel32.dll", SetLastError = true)] 157 | public static extern Boolean ReadFile( 158 | IntPtr hFile, 159 | Byte[] lpBuffer, 160 | UInt32 nNumberOfBytesToRead, 161 | ref UInt32 lpNumberOfBytesRead, 162 | IntPtr lpOverlapped 163 | ); 164 | 165 | [DllImport("kernel32.dll", SetLastError = true)] 166 | public static extern Boolean ReadFile( 167 | IntPtr hFile, 168 | Byte[] lpBuffer, 169 | UInt32 nNumberOfBytesToRead, 170 | ref UInt32 lpNumberOfBytesRead, 171 | ref MinWinBase._OVERLAPPED lpOverlapped 172 | ); 173 | 174 | [DllImport("kernel32.dll", SetLastError = true)] 175 | public static extern Boolean ReadFile( 176 | IntPtr hFile, 177 | Byte[] lpBuffer, 178 | UInt32 nNumberOfBytesToRead, 179 | ref UInt32 lpNumberOfBytesRead, 180 | ref System.Threading.NativeOverlapped lpOverlapped 181 | ); 182 | 183 | [DllImport("kernel32.dll", SetLastError = true)] 184 | public static extern Boolean ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, IntPtr lpBuffer, UInt32 nSize, ref UInt32 lpNumberOfBytesRead); 185 | 186 | [DllImport("kernel32.dll", SetLastError = true, EntryPoint = "ReadProcessMemory")] 187 | public static extern Boolean ReadProcessMemory64(IntPtr hProcess, UInt64 lpBaseAddress, IntPtr lpBuffer, UInt64 nSize, ref UInt32 lpNumberOfBytesRead); 188 | 189 | [DllImport("kernel32.dll", SetLastError = true)] 190 | public static extern UInt32 ResumeThread(IntPtr hThread); 191 | 192 | [DllImport("kernel32.dll", SetLastError = true)] 193 | internal static extern UInt32 SearchPath(String lpPath, String lpFileName, String lpExtension, UInt32 nBufferLength, StringBuilder lpBuffer, ref IntPtr lpFilePart); 194 | 195 | public delegate Boolean HandlerRoutine(Wincon.CtrlType CtrlType); 196 | 197 | [DllImport("kernel32.dll", SetLastError = true)] 198 | public static extern Boolean SetConsoleCtrlHandler(HandlerRoutine HandlerRoutine, Boolean Add); 199 | 200 | [DllImport("kernel32.dll", SetLastError = true)] 201 | public static extern Boolean SetThreadContext(IntPtr hThread, IntPtr lpContext); 202 | 203 | [DllImport("kernel32.dll", SetLastError = true)] 204 | public static extern Boolean SetThreadContext(IntPtr hThread, ref Winnt.CONTEXT lpContext); 205 | 206 | [DllImport("kernel32.dll", SetLastError = true)] 207 | public static extern Boolean SetThreadContext(IntPtr hThread, ref Winnt.CONTEXT64 lpContext); 208 | 209 | [DllImport("kernel32.dll", SetLastError = true)] 210 | public static extern Int32 SuspendThread(IntPtr hThread); 211 | 212 | [DllImport("kernel32.dll", SetLastError = true)] 213 | public static extern Boolean TerminateProcess(IntPtr hProcess, UInt32 uExitCode); 214 | 215 | [DllImport("kernel32.dll", SetLastError = true)] 216 | public static extern Boolean Thread32First(IntPtr hSnapshot, ref TiHelp32.tagTHREADENTRY32 lpte); 217 | 218 | [DllImport("kernel32.dll", SetLastError = true)] 219 | public static extern Boolean Thread32Next(IntPtr hSnapshot, ref TiHelp32.tagTHREADENTRY32 lpte); 220 | 221 | [DllImport("kernel32.dll", SetLastError = true)] 222 | public static extern IntPtr VirtualAlloc(IntPtr lpAddress, UInt32 dwSize, UInt32 flAllocationType, Winnt.MEMORY_PROTECTION_CONSTANTS flProtect); 223 | 224 | [DllImport("kernel32.dll", SetLastError = true)] 225 | public static extern IntPtr VirtualAllocEx(IntPtr hHandle, IntPtr lpAddress, UInt32 dwSize, UInt32 flAllocationType, Winnt.MEMORY_PROTECTION_CONSTANTS flProtect); 226 | 227 | [DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)] 228 | public static extern Boolean VirtualProtect(IntPtr lpAddress, UInt32 dwSize, Winnt.MEMORY_PROTECTION_CONSTANTS flNewProtect, ref Winnt.MEMORY_PROTECTION_CONSTANTS lpflOldProtect); 229 | 230 | [DllImport("kernel32.dll", SetLastError = true)] 231 | public static extern Boolean VirtualProtectEx(IntPtr hHandle, IntPtr lpAddress, UInt32 dwSize, Winnt.MEMORY_PROTECTION_CONSTANTS flNewProtect, ref Winnt.MEMORY_PROTECTION_CONSTANTS lpflOldProtect); 232 | 233 | [DllImport("kernel32.dll", SetLastError = true, EntryPoint="VirtualQueryEx")] 234 | public static extern Int32 VirtualQueryEx(IntPtr hProcess, IntPtr lpAddress, out Winnt._MEMORY_BASIC_INFORMATION lpBuffer, UInt32 dwLength); 235 | 236 | [DllImport("kernel32.dll", SetLastError = true, EntryPoint="VirtualQueryEx")] 237 | public static extern Int32 VirtualQueryEx64(IntPtr hProcess, IntPtr lpAddress, out Winnt._MEMORY_BASIC_INFORMATION64 lpBuffer, UInt32 dwLength); 238 | 239 | [DllImport("kernel32.dll", SetLastError = true)] 240 | public static extern Boolean WaitForSingleObject(IntPtr hProcess, UInt32 nSize); 241 | 242 | [DllImport("kernel32.dll", SetLastError = true)] 243 | public static extern UInt32 WaitForSingleObjectEx(IntPtr hProcess, IntPtr hHandle, UInt32 dwMilliseconds); 244 | 245 | [DllImport("kernel32.dll", SetLastError = true)] 246 | public static extern Boolean Wow64GetThreadContext(IntPtr hThread, IntPtr lpContext); 247 | 248 | [DllImport("kernel32.dll", SetLastError = true)] 249 | public static extern Boolean Wow64GetThreadContext(IntPtr hThread, ref Winnt.CONTEXT lpContext); 250 | 251 | [DllImport("kernel32.dll", SetLastError = true)] 252 | public static extern Boolean Wow64SetThreadContext(IntPtr hThread, IntPtr lpContext); 253 | 254 | [DllImport("kernel32.dll", SetLastError = true)] 255 | public static extern Boolean Wow64SetThreadContext(IntPtr hThread, ref Winnt.CONTEXT lpContext); 256 | 257 | [DllImport("kernel32.dll", SetLastError = true)] 258 | public static extern Boolean WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, IntPtr lpBuffer, UInt32 nSize, ref UInt32 lpNumberOfBytesWritten); 259 | 260 | [DllImport("kernel32.dll", SetLastError = true)] 261 | public static extern Boolean WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, Byte[] lpBuffer, UInt32 nSize, ref UInt32 lpNumberOfBytesWritten); 262 | 263 | [DllImport("kernel32.dll", SetLastError = true)] 264 | public static extern Boolean WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, ref UInt32 lpBuffer, UInt32 nSize, ref UInt32 lpNumberOfBytesWritten); 265 | 266 | [DllImport("kernel32.dll", SetLastError = true)] 267 | public static extern Boolean WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, ref UInt64 lpBuffer, UInt32 nSize, ref UInt32 lpNumberOfBytesWritten); 268 | } 269 | } -------------------------------------------------------------------------------- /MonkeyWorks/Unmanaged/Libraries/ntdll.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Runtime.InteropServices; 3 | 4 | using MonkeyWorks.Unmanaged.Headers; 5 | 6 | namespace MonkeyWorks.Unmanaged.Libraries 7 | { 8 | sealed class ntdll 9 | { 10 | [DllImport("ntdll.dll", SetLastError = true)] 11 | public static extern UInt32 NtCreateProcessEx( 12 | ref IntPtr ProcessHandle, 13 | UInt32 DesiredAccess, 14 | IntPtr ObjectAttributes, 15 | IntPtr hInheritFromProcess, 16 | UInt32 Flags, 17 | IntPtr SectionHandle, 18 | IntPtr DebugPort, 19 | IntPtr ExceptionPort, 20 | Byte InJob 21 | ); 22 | 23 | [DllImport("ntdll.dll", SetLastError = true)] 24 | public static extern UInt32 NtCreateThreadEx( 25 | ref IntPtr hThread, 26 | UInt32 DesiredAccess, 27 | IntPtr ObjectAttributes, 28 | IntPtr ProcessHandle, 29 | IntPtr lpStartAddress, 30 | IntPtr lpParameter, 31 | Boolean CreateSuspended, 32 | UInt32 StackZeroBits, 33 | UInt32 SizeOfStackCommit, 34 | UInt32 SizeOfStackReserve, 35 | IntPtr lpBytesBuffer 36 | ); 37 | 38 | [DllImport("ntdll.dll", SetLastError = true)] 39 | public static extern UInt32 NtDuplicateToken( 40 | IntPtr ExistingTokenHandle, 41 | Winnt.ACCESS_MASK DesiredAccess, 42 | wudfwdm._OBJECT_ATTRIBUTES ObjectAttributes, 43 | Boolean EffectiveOnly, 44 | Winnt._TOKEN_TYPE TokenType, 45 | ref IntPtr NewTokenHandle 46 | ); 47 | 48 | [DllImport("ntdll.dll", SetLastError = true)] 49 | public static extern UInt32 NtDuplicateToken( 50 | IntPtr ExistingTokenHandle, 51 | UInt32 DesiredAccess, 52 | IntPtr ObjectAttributes, 53 | Boolean EffectiveOnly, 54 | Winnt._TOKEN_TYPE TokenType, 55 | ref IntPtr NewTokenHandle 56 | ); 57 | 58 | [DllImport("ntdll.dll", SetLastError = true)] 59 | public static extern UInt32 NtFilterToken( 60 | IntPtr TokenHandle, 61 | UInt32 Flags, 62 | IntPtr SidsToDisable, 63 | IntPtr PrivilegesToDelete, 64 | IntPtr RestrictedSids, 65 | ref IntPtr hToken 66 | ); 67 | 68 | [DllImport("ntdll.dll", SetLastError = true)] 69 | public static extern UInt32 NtGetContextThread( 70 | IntPtr ProcessHandle, 71 | IntPtr lpContext 72 | ); 73 | 74 | [DllImport("ntdll.dll", SetLastError = true)] 75 | public static extern UInt32 NtQueryInformationProcess( 76 | IntPtr ProcessHandle, 77 | PROCESSINFOCLASS ProcessInformationClass, 78 | IntPtr ProcessInformation, 79 | UInt32 ProcessInformationLength, 80 | ref UInt32 ReturnLength 81 | ); 82 | 83 | [DllImport("ntdll.dll", SetLastError = true)] 84 | public static extern UInt32 NtSetInformationToken( 85 | IntPtr TokenHandle, 86 | Int32 TokenInformationClass, 87 | ref Winnt._TOKEN_MANDATORY_LABEL TokenInformation, 88 | Int32 TokenInformationLength 89 | ); 90 | 91 | [DllImport("ntdll.dll", SetLastError = true)] 92 | public static extern UInt32 NtUnmapViewOfSection( 93 | IntPtr hProcess, 94 | IntPtr baseAddress 95 | ); 96 | 97 | [DllImport("ntdll.dll", SetLastError = true)] 98 | public static extern UInt32 RtlNtStatusToDosError( 99 | UInt32 Status 100 | ); 101 | 102 | [Flags] 103 | public enum PROCESSINFOCLASS 104 | { 105 | ProcessBasicInformation = 0, 106 | ProcessDebugPort = 7, 107 | ProcessWow64Information = 26, 108 | ProcessImageFileName = 27, 109 | ProcessBreakOnTermination = 29, 110 | ProcessSubsystemInformation = 75 111 | } 112 | 113 | [StructLayout(LayoutKind.Sequential, Pack = 1)] 114 | public struct _PROCESS_BASIC_INFORMATION 115 | { 116 | public IntPtr Reserved1; 117 | public IntPtr PebBaseAddress; 118 | public IntPtr AffinityMask; 119 | public IntPtr BasePriority; 120 | public UIntPtr UniqueProcessId; 121 | public IntPtr Reserved3; 122 | } 123 | 124 | } 125 | } -------------------------------------------------------------------------------- /MonkeyWorks/Unmanaged/Libraries/secur32.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Runtime.InteropServices; 3 | 4 | namespace MonkeyWorks.Unmanaged.Libraries 5 | { 6 | class secur32 7 | { 8 | [DllImport("secur32.dll")] 9 | public static extern UInt32 LsaGetLogonSessionData( 10 | IntPtr LogonId, 11 | out IntPtr ppLogonSessionData 12 | ); 13 | } 14 | } -------------------------------------------------------------------------------- /MonkeyWorks/Unmanaged/Libraries/user32.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Runtime.InteropServices; 3 | 4 | using MonkeyWorks.Unmanaged.Headers; 5 | 6 | namespace MonkeyWorks.Unmanaged.Libraries 7 | { 8 | sealed class user32 9 | { 10 | [DllImport("user32.dll", SetLastError = true)] 11 | public static extern Boolean AddClipboardFormatListener(IntPtr hwnd); 12 | 13 | [DllImport("user32.dll")] 14 | public static extern Boolean ChangeClipboardChain(IntPtr hWndRemove, IntPtr hWndNewNext); 15 | 16 | [DllImport("user32.dll")] 17 | public static extern Boolean CloseClipboard(); 18 | 19 | [DllImport("user32.dll", SetLastError = true)] 20 | public static extern IntPtr CreateWindowEx( 21 | Winuser.WindowStylesEx dwExStyle, 22 | [MarshalAs(UnmanagedType.LPStr)] 23 | String lpClassName, 24 | [MarshalAs(UnmanagedType.LPStr)] String lpWindowName, 25 | Winuser.WindowStyles dwStyle, Int32 x, Int32 y, Int32 nWidth, Int32 nHeight, IntPtr hWndParent, IntPtr hMenu, IntPtr hInstance, IntPtr lpParam); 26 | 27 | [DllImport("user32.dll", SetLastError = true)] 28 | public static extern IntPtr CreateWindowEx( 29 | Winuser.WindowStylesEx dwExStyle, 30 | IntPtr lpClassName, 31 | [MarshalAs(UnmanagedType.LPStr)] String lpWindowName, 32 | Winuser.WindowStyles dwStyle, Int32 x, Int32 y, Int32 nWidth, Int32 nHeight, IntPtr hWndParent, IntPtr hMenu, IntPtr hInstance, IntPtr lpParam); 33 | 34 | [DllImport("user32.dll", SetLastError = true)] 35 | public static extern IntPtr DefWindowProcW(IntPtr hWnd, UInt32 Msg, IntPtr wParam, [MarshalAs(UnmanagedType.LPWStr)] String lParam); 36 | 37 | [DllImport("user32.dll", SetLastError = true)] 38 | public static extern Boolean DestroyWindow(IntPtr hwnd); 39 | 40 | [DllImport("user32.dll", SetLastError = true)] 41 | public static extern IntPtr DispatchMessage(ref Winuser.tagMSG lpMsg); 42 | 43 | [DllImport("user32.dll", SetLastError = true)] 44 | public static extern UInt32 EnumClipboardFormats(UInt32 format); 45 | 46 | [DllImport("user32.dll", SetLastError = true)] 47 | public static extern UInt16 GetAsyncKeyState(UInt32 vKey); 48 | 49 | [DllImport("user32.dll", SetLastError = true)] 50 | public static extern UInt16 GetAsyncKeyState(System.Windows.Forms.Keys vKey); 51 | 52 | [DllImport("user32.dll", SetLastError = true)] 53 | public static extern IntPtr GetClipboardData(UInt32 uFormat); 54 | 55 | [DllImport("user32.dll", SetLastError = true)] 56 | public static extern IntPtr GetForegroundWindow(); 57 | 58 | [DllImport("user32.dll", SetLastError = true)] 59 | public static extern Boolean GetMessage(ref Winuser.tagMSG lpMsg, IntPtr hWnd, UInt32 wMsgFilterMin, UInt32 wMsgFilterMax); 60 | 61 | [DllImport("user32.dll", SetLastError = true)] 62 | public static extern UInt32 GetClipboardSequenceNumber(); 63 | 64 | [DllImport("user32.dll", SetLastError = true)] 65 | public static extern UInt32 GetWindowText(IntPtr hWnd, System.Text.StringBuilder lpString, UInt32 nMaxCount); 66 | 67 | [DllImport("user32.dll", SetLastError = true)] 68 | public static extern UInt32 GetWindowTextLength(IntPtr hWnd); 69 | 70 | [DllImport("user32.dll", SetLastError = true)] 71 | public static extern Boolean IsWindow(IntPtr hWnd); 72 | 73 | [DllImport("user32.dll", SetLastError = true)] 74 | public static extern Boolean OpenClipboard(IntPtr hWndNewOwner); 75 | 76 | [DllImport("user32.dll", SetLastError = true)] 77 | public static extern Boolean PostMessage(IntPtr hWnd, UInt32 Msg, UInt32 wParam, UInt32 lParam); 78 | 79 | [DllImport("user32.dll", SetLastError = true)] 80 | public static extern UInt16 RegisterClassEx(ref Winuser.WNDCLASSEX lpwcx); 81 | 82 | [DllImport("user32.dll", SetLastError = true)] 83 | public static extern Boolean RemoveClipboardFormatListener(IntPtr hwnd); 84 | 85 | [DllImport("user32.dll", SetLastError = true)] 86 | public static extern IntPtr SendMessage(IntPtr hWnd, UInt32 Msg, IntPtr wParam, [MarshalAs(UnmanagedType.LPWStr)] String lParam); 87 | 88 | [DllImport("user32.dll", SetLastError = true)] 89 | public static extern IntPtr SetClipboardViewer(IntPtr hWndNewViewer); 90 | 91 | [DllImport("user32.dll", SetLastError = true)] 92 | public static extern Boolean TranslateMessage(ref Winuser.tagMSG lpMsg); 93 | 94 | [DllImport("user32.dll", SetLastError = true)] 95 | public static extern Boolean UnregisterClass(String lpClassName, IntPtr hInstance); 96 | } 97 | } -------------------------------------------------------------------------------- /MonkeyWorks/Unmanaged/Libraries/vaultcli.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Runtime.InteropServices; 3 | 4 | namespace MonkeyWorks.Unmanaged.Libraries 5 | { 6 | sealed class vaultcli 7 | { 8 | [DllImport("vaultcli.dll", SetLastError = true, CharSet = CharSet.Auto)] 9 | public static extern Boolean VaultEnumerateItems( 10 | IntPtr hVault, 11 | Int32 unknown, 12 | out Int32 dwItems, 13 | out IntPtr ppVaultGuids 14 | ); 15 | 16 | [DllImport("vaultcli.dll", SetLastError = true, CharSet = CharSet.Auto)] 17 | public static extern Boolean VaultEnumerateVaults( 18 | Int32 unknown, 19 | out Int32 dwVaults, 20 | out IntPtr ppVaultGuids 21 | ); 22 | 23 | [DllImport("vaultcli.dll", SetLastError = true, CharSet = CharSet.Auto, EntryPoint = "VaultGetItem")] 24 | public static extern Boolean VaultGetItem7( 25 | IntPtr hVault, 26 | ref Guid guid, 27 | IntPtr SchemaId, 28 | IntPtr Resource, 29 | IntPtr Identity, 30 | //IntPtr unknownPtr, 31 | Int32 unknown, 32 | out IntPtr hitem 33 | ); 34 | 35 | [DllImport("vaultcli.dll", SetLastError = true, CharSet = CharSet.Auto, EntryPoint = "VaultGetItem")] 36 | public static extern Boolean VaultGetItem8( 37 | IntPtr hVault, 38 | ref Guid guid, 39 | IntPtr SchemaId, 40 | IntPtr Resource, 41 | IntPtr Identity, 42 | IntPtr PackageSid, 43 | //IntPtr unknownPtr, 44 | Int32 unknown, 45 | out IntPtr hitem 46 | ); 47 | 48 | [DllImport("vaultcli.dll", SetLastError = true, CharSet = CharSet.Auto)] 49 | public static extern Boolean VaultOpenVault( 50 | ref Guid guid, 51 | Int32 dwVaults, 52 | out IntPtr hItems 53 | ); 54 | } 55 | } -------------------------------------------------------------------------------- /MonkeyWorks/Unmanaged/Libraries/wlanapi.cs: -------------------------------------------------------------------------------- 1 | using System.Runtime.InteropServices; 2 | 3 | namespace MonkeyWorks.Unmanaged.Libraries 4 | { 5 | sealed class wlanapi 6 | { 7 | 8 | } 9 | } -------------------------------------------------------------------------------- /MonkeyWorks/Unmanaged/Libraries/wtsapi32.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Runtime.InteropServices; 3 | 4 | namespace MonkeyWorks.Unmanaged.Libraries 5 | { 6 | class wtsapi32 7 | { 8 | [Flags] 9 | public enum _WTS_INFO_CLASS : int 10 | { 11 | WTSInitialProgram = 0, 12 | WTSApplicationName = 1, 13 | WTSWorkingDirectory = 2, 14 | WTSOEMId = 3, 15 | WTSSessionId = 4, 16 | WTSUserName = 5, 17 | WTSWinStationName = 6, 18 | WTSDomainName = 7, 19 | WTSConnectState = 8, 20 | WTSClientBuildNumber = 9, 21 | WTSClientName = 10, 22 | WTSClientDirectory = 11, 23 | WTSClientProductId = 12, 24 | WTSClientHardwareId = 13, 25 | WTSClientAddress = 14, 26 | WTSClientDisplay = 15, 27 | WTSClientProtocolType = 16, 28 | WTSIdleTime = 17, 29 | WTSLogonTime = 18, 30 | WTSIncomingBytes = 19, 31 | WTSOutgoingBytes = 20, 32 | WTSIncomingFrames = 21, 33 | WTSOutgoingFrames = 22, 34 | WTSClientInfo = 23, 35 | WTSSessionInfo = 24, 36 | WTSSessionInfoEx = 25, 37 | WTSConfigInfo = 26, 38 | WTSValidationInfo = 27, 39 | WTSSessionAddressV4 = 28, 40 | WTSIsRemoteSession = 29 41 | } 42 | 43 | [Flags] 44 | public enum _WTS_CONNECTSTATE_CLASS : int 45 | { 46 | WTSActive, 47 | WTSConnected, 48 | WTSConnectQuery, 49 | WTSShadow, 50 | WTSDisconnected, 51 | WTSIdle, 52 | WTSListen, 53 | WTSReset, 54 | WTSDown, 55 | WTSInit 56 | } 57 | 58 | [StructLayout(LayoutKind.Sequential)] 59 | public struct _WTS_SESSION_INFO 60 | { 61 | public Int32 SessionId; 62 | public String pWinStationName; 63 | public _WTS_CONNECTSTATE_CLASS State; 64 | } 65 | 66 | //https://social.msdn.microsoft.com/Forums/vstudio/en-US/aeff7e41-a4ba-4bf0-8677-81162040984d/retrieving-username-of-a-running-process?forum=netfxbcl 67 | [DllImport("wtsapi32.dll", SetLastError=true)] 68 | public static extern bool WTSQuerySessionInformationW( 69 | IntPtr hServer, 70 | Int32 SessionId, 71 | _WTS_INFO_CLASS WTSInfoClass, 72 | out IntPtr ppBuffer, 73 | out IntPtr pBytesReturned); 74 | 75 | [DllImport("wtsapi32.dll", SetLastError = true)] 76 | public static extern int WTSEnumerateSessions( 77 | IntPtr hServer, 78 | Int32 Reserved, 79 | Int32 Version, 80 | ref IntPtr ppSessionInfo, 81 | ref Int32 pCount); 82 | } 83 | } -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # MonkeyWorks 2 | 3 | A C# library to facilitate the development of offensive tools against Windows systems. 4 | 5 | The Library is split into Sections: 6 | 7 | * Platform Invocation Services (P/Invoke)
8 | * SMB Packet Creation 9 | --------------------------------------------------------------------------------