|
|
//+-----------------------------------------------------------------------
//
// Microsoft Windows
//
// Copyright (c) Microsoft Corporation 1991 - 1992
//
// File:
//
// Contents:
//
//
// History:
//
//------------------------------------------------------------------------
extern "C"{#include <nt.h>
#include <ntrtl.h>
#include <nturtl.h>
#include <windows.h>
}#include <stdio.h>
#include <wincred.h>
#include <ntsdexts.h>
#include <dsysdbg.h>
#define SECURITY_PACKAGE
#define SECURITY_WIN32
#include <security.h>
#include <secint.h>
#include <cryptdll.h>
#include <kerberos.h>
#include <..\client2\kerb.hxx>
#include <..\client2\kerbp.h>
typedef struct _KDC_DOMAIN_INFO { LIST_ENTRY Next; UNICODE_STRING DnsName; UNICODE_STRING NetbiosName; struct _KDC_DOMAIN_INFO * ClosestRoute; // Points to referral target
ULONG Flags; ULONG Attributes; ULONG Type; LONG References;
//
// Types used during building the tree
//
struct _KDC_DOMAIN_INFO * Parent; ULONG Touched;} KDC_DOMAIN_INFO, *PKDC_DOMAIN_INFO;
#define AllocHeap(x) RtlAllocateHeap(RtlProcessHeap(), HEAP_ZERO_MEMORY, x)
#define FreeHeap(x) RtlFreeHeap(RtlProcessHeap(), 0, x)
PNTSD_EXTENSION_APIS pExtApis;HANDLE hDbgThread;HANDLE hDbgProcess;
#define DebuggerOut (pExtApis->lpOutputRoutine)
#define GetExpr (PVOID) (pExtApis->lpGetExpressionRoutine)
#define InitDebugHelp(hProc,hThd,pApis) {hDbgProcess = hProc; hDbgThread = hThd; pExtApis = pApis;}
char * ContextState[] = { "IdleState", "TgtRequestSentState", "TgtReplySentState", "ApRequestSentState", "ApReplySentState", "AuthenticatedState", "ErrorMessageSentState", "InvalidState"};
void PrintContextAttributes( ULONG Attributes){ DebuggerOut(" ContextAttributes\t0x%lx:", Attributes); if (Attributes & KERB_CONTEXT_MAPPED) { DebuggerOut(" KERB_CONTEXT_MAPPED"); } if (Attributes & KERB_CONTEXT_OUTBOUND) { DebuggerOut(" KERB_CONTEXT_OUTBOUND"); } if (Attributes & KERB_CONTEXT_INBOUND) { DebuggerOut(" KERB_CONTEXT_INBOUND"); } if (Attributes & KERB_CONTEXT_USED_SUPPLIED_CREDS) { DebuggerOut(" KERB_CONTEXT_USED_SUPPLIED_CREDS"); } if (Attributes & KERB_CONTEXT_USER_TO_USER) { DebuggerOut(" KERB_CONTEXT_USER_TO_USER"); } if (Attributes & KERB_CONTEXT_REQ_SERVER_NAME) { DebuggerOut(" KERB_CONTEXT_REQ_SERVER_NAME"); } if (Attributes & KERB_CONTEXT_REQ_SERVER_REALM) { DebuggerOut(" KERB_CONTEXT_REQ_SERVER_REALM"); } if (Attributes & KERB_CONTEXT_IMPORTED) { DebuggerOut(" KERB_CONTEXT_IMPORTED"); } if (Attributes & KERB_CONTEXT_EXPORTED) { DebuggerOut(" KERB_CONTEXT_EXPORTED"); } DebuggerOut("\n");}void PrintContextFlags ( ULONG Flags){ DebuggerOut(" ContextFlags for 0x%lx are:\n", Flags); if (Flags & 0x00000001) { DebuggerOut("\tISC(ASC)_REQ(RET)_DELEGATE\n"); } if (Flags & 0x00000002) { DebuggerOut("\tISC(ASC)_REQ(RET)_MUTUAL_AUTH\n"); } if (Flags & 0x00000004) { DebuggerOut("\tISC(ASC)_REQ(RET)_REPLAY_DETECT\n"); } if (Flags & 0x00000008) { DebuggerOut("\tISC(ASC)_REQ(RET)_SEQUENCE_DETECT\n"); } if (Flags & 0x00000010) { DebuggerOut("\tISC(ASC)_REQ(RET)_CONFIDENTIALITY\n"); } if (Flags & 0x00000020) { DebuggerOut("\tISC(ASC)_REQ(RET)_USE_SESSION_KEY\n"); } if (Flags & 0x00000040) { DebuggerOut("\tISC_REQ_PROMPT_FOR_CREDS or ISC_RET_USED_COLLECTED_CREDS\n"); } if (Flags & 0x00000080) { DebuggerOut("\tISC_REQ_USE_SUPPLIED_CREDS or ISC_RET_USED_SUPPLIED_CREDS\n"); } if (Flags & 0x00000100) { DebuggerOut("\tISC(ASC)_REQ_ALLOCATE_MEMORY or ISC(ASC)_RET_ALLOCATED_MEMORY\n"); } if (Flags & 0x00000200) { DebuggerOut("\tISC(ASC)_REQ_USE_DCE_STYLE or ISC(ASC)_RET_USED_DCE_STYLE\n"); } if (Flags & 0x00000400) { DebuggerOut("\tISC(ASC)_REQ(RET)_DATAGRAM\n"); } if (Flags & 0x00000800) { DebuggerOut("\tISC(ASC)_REQ(RET)_CONNECTION\n"); } if (Flags & 0x00001000) { DebuggerOut("\tISC(ASC)_REQ_CALL_LEVEL or ISC_RET_INTERMEDIATE_RETURN\n"); } if (Flags & 0x00002000) { DebuggerOut("\tISC(ASC)_RET_CALL_LEVEL\n"); } if (Flags & 0x00004000) { DebuggerOut("\tISC_REQ(RET)_EXTENDED_ERROR or ASC_RET_THIRD_LEG_FAILED\n"); } if (Flags & 0x00008000) { DebuggerOut("\tISC_REQ(RET)_STREAM or ASC_REQ(RET)_EXTENDED_ERROR\n"); } if (Flags & 0x00010000) { DebuggerOut("\tISC_REQ(RET)_INTEGRITY or ASC_REQ(RET)_STREAM\n"); } if (Flags & 0x00020000) { DebuggerOut("\tISC_REQ(RET)_IDENTIFY or ASC_REQ(RET)_INTEGRITY\n"); } if (Flags & 0x00040000) { DebuggerOut("\tISC_REQ(RET)_NULL_SESSION or ASC_REQ(RET)_LICENSING\n"); } if (Flags & 0x00080000) { DebuggerOut("\tISC_REQ(RET)_MANUAL_CRED_VALIDATION or ASC_REQ(RET)_IDENTIFY\n"); } if (Flags & 0x00100000) { DebuggerOut("\tISC_REQ(RET)_DELEGATE_IF_SAFE or ASC_REQ_ALLOW_NULL_SESSION or ASC_RET_NULL_SESSION\n"); } if (Flags & 0x00200000) { DebuggerOut("\tASC_REQ(RET)_ALLOW_NON_USER_LOGONS\n"); } if (Flags & 0x00400000) { DebuggerOut("\tASC_REQ(RET)_ALLOW_CONTEXT_REPLAY\n"); }}SECURITY_STATUSReadMemory( PVOID pvAddress, ULONG cbMemory, PVOID pvLocalMemory){ SIZE_T cbActual = cbMemory;
if (ReadProcessMemory(hDbgProcess, pvAddress, pvLocalMemory, cbMemory, &cbActual)) { if (cbActual != cbMemory) { DebuggerOut(" counts don't match\n"); return(-1); } return(0); } DebuggerOut(" GetLastError from readMemory is %d\n", GetLastError()); return(GetLastError());
}
SECURITY_STATUSWriteMemory(PVOID pvLocalMemory, ULONG cbMemory, PVOID pvAddress){ SIZE_T cbActual = cbMemory;
if (WriteProcessMemory(hDbgProcess, pvAddress, pvLocalMemory, cbMemory, &cbActual)) { if (cbActual != cbMemory) { return(-1); } return(0); } return(GetLastError());}
DWORDGetDword(PVOID pvMemory){ DWORD dwVal; SIZE_T cbActual = sizeof(DWORD);
if (ReadProcessMemory(hDbgProcess, pvMemory, &dwVal, sizeof(DWORD), &cbActual)) { if (cbActual != sizeof(DWORD)) { return((DWORD) -1); } return(dwVal); } return((DWORD) -1);}
#define TIMEBUF_SZ 64
char *Months[] = { "", "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };void CTimeStamp(PTimeStamp ptsTime, LPSTR pszTimeBuf){ SYSTEMTIME stTime; FILETIME tLocal; SYSTEMTIME stLocal;
if (ptsTime->HighPart == 0) { strcpy(pszTimeBuf, "<Zero>"); } else if (ptsTime->HighPart >= 0x7FFFFFFF) { strcpy(pszTimeBuf, "<Never>"); } FileTimeToLocalFileTime((LPFILETIME) ptsTime, &tLocal); FileTimeToSystemTime((LPFILETIME) ptsTime, &stTime); FileTimeToSystemTime(&tLocal, &stLocal); sprintf(pszTimeBuf, "%02d:%02d:%02d.%03d, %s %02d, %d UTC (%02d:%02d:%02d.%03d, %s %02d, %d Local)", stTime.wHour, stTime.wMinute, stTime.wSecond, stTime.wMilliseconds, Months[stTime.wMonth], stTime.wDay, stTime.wYear, stLocal.wHour, stLocal.wMinute, stLocal.wSecond, stLocal.wMilliseconds, Months[stLocal.wMonth], stLocal.wDay, stLocal.wYear);}
void ContextTimeStamp(PTimeStamp ptsTime, LPSTR pszTimeBuf){ // We set local times in sspi
SYSTEMTIME stTime; FILETIME tutc; SYSTEMTIME stLocal; TimeStamp Time;
if (ReadMemory( ptsTime, sizeof( TimeStamp), &Time)) { DebuggerOut(" Could not read context\n"); return; } if (Time.HighPart == 0) { strcpy(pszTimeBuf, "<Zero>"); } else if (Time.HighPart >= 0x7FFFFFFF) { strcpy(pszTimeBuf, "<Never>"); } FileTimeToSystemTime((LPFILETIME) &Time, &stLocal); LocalFileTimeToFileTime((LPFILETIME) &Time, &tutc); FileTimeToSystemTime(&tutc, &stTime); sprintf(pszTimeBuf, "%02d:%02d:%02d.%03d, %s %02d, %d UTC (%02d:%02d:%02d.%03d, %s %02d, %d Local)", stTime.wHour, stTime.wMinute, stTime.wSecond, stTime.wMilliseconds, Months[stTime.wMonth], stTime.wDay, stTime.wYear, stLocal.wHour, stLocal.wMinute, stLocal.wSecond, stLocal.wMilliseconds, Months[stLocal.wMonth], stLocal.wDay, stLocal.wYear);}
voidMapString(PSECURITY_STRING pClientString, PSECURITY_STRING pLocalString){ if (!pLocalString->Buffer) { pLocalString->Buffer = (PWSTR) AllocHeap(pClientString->Length + 2); if (pLocalString->Buffer == NULL) { return; } pLocalString->MaximumLength = pClientString->Length + 2; }
RtlZeroMemory(pLocalString->Buffer, pLocalString->MaximumLength);
if (!ReadMemory(pClientString->Buffer, pClientString->Length, pLocalString->Buffer)) { pLocalString->Length = pClientString->Length; } else { DebuggerOut("\nWarning: could not read string @%x\n", pClientString->Buffer); }
}
void PrintSid(PVOID pvSid){ SID Sid; PSID pSid; UNICODE_STRING ucsSid = {0};
DebuggerOut(" UserSid \t0x%lx ", pvSid); if (pvSid) { if (ReadMemory(pvSid, sizeof(SID), &Sid)) { DebuggerOut("Could not read from %x\n", pvSid); }
pSid = AllocHeap(RtlLengthRequiredSid(Sid.SubAuthorityCount)); if (pSid == NULL) { return; } if (ReadMemory(pvSid, RtlLengthRequiredSid(Sid.SubAuthorityCount), pSid)) { DebuggerOut("Could not read from %x\n", pvSid); }
RtlConvertSidToUnicodeString(&ucsSid, pSid, TRUE); if ( ucsSid.Buffer ) { DebuggerOut(" %wZ", &ucsSid); RtlFreeUnicodeString(&ucsSid); } FreeHeap(pSid); } DebuggerOut("\n");}
VOIDPrintEType( ULONG EType){ switch(EType) { case KERB_ETYPE_NULL: DebuggerOut("KERB_ETYPE_NULL\n"); break; case KERB_ETYPE_DES_CBC_CRC: DebuggerOut("KERB_ETYPE_DES_CBC_CRC\n"); break; case KERB_ETYPE_DES_CBC_MD4: DebuggerOut("KERB_ETYPE_DES_CBC_MD4\n"); break; case KERB_ETYPE_DES_CBC_MD5: DebuggerOut("KERB_ETYPE_DES_CBC_MD5\n"); break; case KERB_ETYPE_OLD_RC4_MD4: DebuggerOut("KERB_ETYPE_OLD_RC4_MD4\n"); break; case KERB_ETYPE_OLD_RC4_PLAIN: DebuggerOut("KERB_ETYPE_OLD_RC4_PLAIN\n"); break; case KERB_ETYPE_OLD_RC4_LM: DebuggerOut("KERB_ETYPE_OLD_RC4_LM\n"); break; case KERB_ETYPE_OLD_RC4_SHA: DebuggerOut("KERB_ETYPE_OLD_RC4_SHA\n"); break; case KERB_ETYPE_OLD_DES_PLAIN: DebuggerOut("KERB_ETYPE_OLD_DES_PLAIN\n"); break; case KERB_ETYPE_RC4_MD4: DebuggerOut("KERB_ETYPE_RC4_MD4\n"); break; case KERB_ETYPE_RC4_PLAIN2: DebuggerOut("KERB_ETYPE_RC4_PLAIN2\n"); break; case KERB_ETYPE_RC4_LM: DebuggerOut("KERB_ETYPE_RC4_LM\n"); break; case KERB_ETYPE_RC4_SHA: DebuggerOut("KERB_ETYPE_RC4_SHA\n"); break; case KERB_ETYPE_DES_PLAIN: DebuggerOut("KERB_ETYPE_DES_PLAIN\n"); break; case KERB_ETYPE_RC4_PLAIN: DebuggerOut("KERB_ETYPE_RC4_PLAIN\n"); break; case KERB_ETYPE_RC4_HMAC_OLD: DebuggerOut("KERB_ETYPE_RC4_HMAC_OLD\n"); break; case KERB_ETYPE_RC4_HMAC_OLD_EXP: DebuggerOut("KERB_ETYPE_RC4_HMAC_OLD_EXP\n"); break; case KERB_ETYPE_RC4_PLAIN_EXP: DebuggerOut("KERB_ETYPE_RC4_PLAIN_EXP\n"); break; case KERB_ETYPE_DSA_SIGN: DebuggerOut("KERB_ETYPE_DSA_SIGN\n"); break; case KERB_ETYPE_RSA_PRIV: DebuggerOut("KERB_ETYPE_RSA_PRIV\n"); break; case KERB_ETYPE_RSA_PUB: DebuggerOut("KERB_ETYPE_RSA_PUB\n"); break; case KERB_ETYPE_RSA_PUB_MD5: DebuggerOut("KERB_ETYPE_RSA_PUB_MD5\n"); break; case KERB_ETYPE_RSA_PUB_SHA1: DebuggerOut("KERB_ETYPE_RSA_PUB_SHA1\n"); break; case KERB_ETYPE_PKCS7_PUB: DebuggerOut("KERB_ETYPE_PKCS7_PUB\n"); break; case KERB_ETYPE_DES_CBC_MD5_NT: DebuggerOut("KERB_ETYPE_DES_CBC_MD5_NT\n"); break;default: DebuggerOut("Unknown EType: 0x%lx\n", EType); break; }}VOIDShowKerbContext( IN PVOID pContext ){ KERB_CONTEXT Context; CHAR TimeBuf[80]; SECURITY_STRING sLocal; sLocal.Buffer = NULL;
if (ReadMemory( pContext, sizeof( KERB_CONTEXT), &Context )) { DebuggerOut(" Could not read context\n"); return; }
CTimeStamp( &Context.Lifetime, TimeBuf ); DebuggerOut(" Lifetime \t%s\n", TimeBuf );
CTimeStamp( &Context.RenewTime, TimeBuf ); DebuggerOut(" RenewTime \t%s\n", TimeBuf );
MapString( &Context.ClientName, &sLocal); DebuggerOut(" ClientName \t%ws\n", sLocal.Buffer); FreeHeap(sLocal.Buffer); sLocal.Buffer = NULL;
MapString( &Context.ClientRealm, &sLocal); DebuggerOut(" ClientRealm \t%ws\n", sLocal.Buffer); FreeHeap(sLocal.Buffer); sLocal.Buffer = NULL;
DebuggerOut(" Process ID \t0x%lx\n", Context.ClientProcess); DebuggerOut(" LogonId \t0x%lx : 0x%lx\n", Context.LogonId.LowPart, Context.LogonId.HighPart ); DebuggerOut(" TokenHandle \t0x%lx\n", Context.TokenHandle ); DebuggerOut(" CredentialHandle\t0x%lx\n", Context.CredentialHandle); DebuggerOut(" SessionKey type \t"); PrintEType(Context.SessionKey.keytype); DebuggerOut(" SessionKey length \t0x%lx\n", Context.SessionKey.keyvalue.length); DebuggerOut(" Nonce \t0x%lx\n", Context.Nonce); DebuggerOut(" ReceiveNonce \t0x%lx\n", Context.ReceiveNonce); DebuggerOut(" ContextFlags \t0x%lx\n", Context.ContextFlags); PrintContextAttributes(Context.ContextAttributes); DebuggerOut(" EncryptionType \t"); PrintEType(Context.EncryptionType); PrintSid(Context.UserSid); DebuggerOut(" ContextState \t%s\n", ContextState[Context.ContextState]); DebuggerOut(" Retries \t0x%lx\n", Context.Retries ); DebuggerOut(" TicketKey type \t"); PrintEType(Context.TicketKey.keytype); DebuggerOut(" TicketKey length\t0x%lx\n", Context.TicketKey.keyvalue.length); DebuggerOut(" TicketCacheEntry\t0x%lx\n", Context.TicketCacheEntry);}
VOIDDumpContext( HANDLE hProcess, HANDLE hThread, DWORD dwCurrentPc, PNTSD_EXTENSION_APIS lpExt, LPSTR pszCommand){ PVOID pContext;
InitDebugHelp( hProcess, hThread, lpExt);
pContext = GetExpr( pszCommand );
if ( pContext == NULL ) {
return; }
ShowKerbContext( pContext );
}
void PrintLogonType(SECURITY_LOGON_TYPE LogonType){ switch(LogonType) { case Interactive: DebuggerOut("Interactive\n"); break; case Network: DebuggerOut("Network\n"); break; case Batch: DebuggerOut("Batch\n"); break; case Service: DebuggerOut("Service\n"); break; case Proxy: DebuggerOut("Proxy\n"); break; case Unlock: DebuggerOut("Unlock\n"); break; default: DebuggerOut("Unknown Logon Type: 0x%lx\n", LogonType); break; }}
VOIDShowKerbTCacheEntry(PVOID pCache){/*
typedef struct _KERB_TICKET_CACHE_ENTRY { KERBEROS_LIST_ENTRY ListEntry; PKERB_INTERNAL_NAME ServiceName; PKERB_INTERNAL_NAME TargetName; UNICODE_STRING DomainName; UNICODE_STRING TargetDomainName; UNICODE_STRING AltTargetDomainName; PKERB_INTERNAL_NAME ClientName; ULONG TicketFlags; ULONG CacheFlags; KERB_ENCRYPTION_KEY SessionKey; TimeStamp KeyExpirationTime; TimeStamp StartTime; TimeStamp EndTime; TimeStamp RenewUntil; KERB_TICKET Ticket; TimeStamp TimeSkew;} KERB_TICKET_CACHE_ENTRY, *PKERB_TICKET_CACHE_ENTRY;*/ KERB_TICKET_CACHE_ENTRY Cache; CHAR TimeBuf[64]; SECURITY_STRING sLocal; ULONG Temp; sLocal.Buffer = NULL;
if (ReadMemory( pCache, sizeof( KERB_TICKET_CACHE_ENTRY), &Cache)) { DebuggerOut(" Could not read ticket cache entry\n"); return; } DebuggerOut(" ServiceName \t0x%lx\n", Cache.ServiceName); DebuggerOut(" TargetName \t0x%lx\n", Cache.TargetName);
MapString( &Cache.DomainName, &sLocal); DebuggerOut(" DomainName \t%ws\n", sLocal.Buffer); FreeHeap(sLocal.Buffer); sLocal.Buffer = NULL;
MapString( &Cache.TargetDomainName, &sLocal); DebuggerOut(" TargetDomainName \t%ws\n", sLocal.Buffer); FreeHeap(sLocal.Buffer); sLocal.Buffer = NULL;
MapString( &Cache.AltTargetDomainName, &sLocal); DebuggerOut(" AltTargetDomainName \t%ws\n", sLocal.Buffer); FreeHeap(sLocal.Buffer); sLocal.Buffer = NULL;
DebuggerOut(" ClientName \t0x%lx\n", Cache.ClientName); DebuggerOut(" TicketFlags \t0x%lx\n", Cache.TicketFlags); DebuggerOut(" CacheFlags \t0x%lx\n", Cache.CacheFlags); DebuggerOut(" EncryptionType \t"); PrintEType(Cache.SessionKey.keytype); CTimeStamp( &Cache.StartTime, TimeBuf ); DebuggerOut(" StartTime \t%s\n", TimeBuf ); CTimeStamp( &Cache.EndTime, TimeBuf ); DebuggerOut(" Endtime \t%s\n", TimeBuf ); CTimeStamp( &Cache.RenewUntil, TimeBuf ); DebuggerOut(" RenewUntil \t%s\n", TimeBuf );}
VOIDShowKerbLSession( IN PVOID pSession ){ KERB_LOGON_SESSION Session; CHAR TimeBuf[64]; SECURITY_STRING sLocal; ULONG_PTR Temp; sLocal.Buffer = NULL;
if (ReadMemory( pSession, sizeof( KERB_LOGON_SESSION), &Session)) { DebuggerOut(" Could not read logon session\n"); return; } //DebuggerOut(" Credential \t0x%lx\n", Session.SspCredentials);
DebuggerOut(" LogonId \t0x%lx : 0x%lx\n", Session.LogonId.LowPart, Session.LogonId.HighPart ); CTimeStamp( &Session.Lifetime, TimeBuf ); DebuggerOut(" Lifetime \t%s\n", TimeBuf ); //PrintPCred(Session.PrimaryCredentials);
MapString( &Session.PrimaryCredentials.UserName, &sLocal); DebuggerOut(" UserName \t%ws\n", sLocal.Buffer); FreeHeap(sLocal.Buffer); sLocal.Buffer = NULL;
MapString( &Session.PrimaryCredentials.DomainName, &sLocal); DebuggerOut(" DomainName \t%ws\n", sLocal.Buffer); FreeHeap(sLocal.Buffer); sLocal.Buffer = NULL;
DebuggerOut(" Passwords \t0x%lx\n", Session.PrimaryCredentials.Passwords); DebuggerOut(" OldPasswords \t0x%lx\n", Session.PrimaryCredentials.OldPasswords); DebuggerOut(" PublicKeyCreds \t0x%lx\n", Session.PrimaryCredentials.PublicKeyCreds); DebuggerOut(" LogonSessionFlags\t0x%lx\n", Session.LogonSessionFlags);
// ServerTicketCache
Temp = (ULONG_PTR)pSession+ FIELD_OFFSET(KERB_LOGON_SESSION, PrimaryCredentials) + FIELD_OFFSET(KERB_PRIMARY_CREDENTIAL, ServerTicketCache);
DebuggerOut(" ServerTicketCache \t0x%p\n", Temp);
// AuthenticationTicketCache
Temp = (ULONG_PTR)pSession+ FIELD_OFFSET(KERB_LOGON_SESSION, PrimaryCredentials) + FIELD_OFFSET(KERB_PRIMARY_CREDENTIAL, AuthenticationTicketCache);
DebuggerOut(" AuthenticationTicketCache \t0x%p\n", Temp );
}
VOIDDumpLSession( HANDLE hProcess, HANDLE hThread, DWORD dwCurrentPc, PNTSD_EXTENSION_APIS lpExt, LPSTR pszCommand){ PVOID pSession;
InitDebugHelp( hProcess, hThread, lpExt);
pSession = GetExpr( pszCommand );
if ( pSession == NULL ) {
return; }
ShowKerbLSession( pSession);
}
VOIDDumpTCacheEntry( HANDLE hProcess, HANDLE hThread, DWORD dwCurrentPc, PNTSD_EXTENSION_APIS lpExt, LPSTR pszCommand){ PVOID pCache;
InitDebugHelp( hProcess, hThread, lpExt);
pCache = GetExpr( pszCommand );
if ( pCache == NULL ) {
return; }
ShowKerbTCacheEntry( pCache);}
/*
VOIDShowDomainList(PVOID pDomain){ PLIST_ENTRY DomainList = (PLIST_ENTRY) pDomain; SECURITY_STRING sLocal; PLIST_ENTRY ListEntry; PKDC_DOMAIN_INFO Domain;
for (ListEntry = DomainList->Flink; ListEntry != DomainList ; ListEntry = ListEntry->Flink ) { Domain = (PKDC_DOMAIN_INFO) CONTAINING_RECORD(ListEntry, KDC_DOMAIN_INFO, Next);
MapString( &Domain->DnsName, &sLocal); DebuggerOut(" DomainName \t%ws\n", sLocal.Buffer); FreeHeap(sLocal.Buffer); sLocal.Buffer = NULL;
if (Domain->ClosestRoute == NULL) { DebuggerOut(" No closest route\n"); } else { MapString( Domain->ClosestRoute, &sLocal); DebuggerOut(" Closest Route \t%ws\n", sLocal.Buffer); FreeHeap(sLocal.Buffer); sLocal.Buffer = NULL; }
if (Domain->Parent == NULL) { DebuggerOut(" No parent\n"); } else { MapString( &Domain->Parent->DnsName, &sLocal); DebuggerOut(" Parent \t%ws\n", sLocal.Buffer); FreeHeap(sLocal.Buffer); sLocal.Buffer = NULL; } }}
VOIDDumpReferralTree( HANDLE hProcess, HANDLE hThread, DWORD dwCurrentPc, PNTSD_EXTENSION_APIS lpExt, LPSTR pszCommand){ PVOID pDomain;
InitDebugHelp( hProcess, hThread, lpExt);
pDomain = GetExpr( pszCommand );
if ( pDomain == NULL ) {
return; } ShowDomainList(pDomain);}*/
VOIDDumpContextFlags( HANDLE hProcess, HANDLE hThread, DWORD dwCurrentPc, PNTSD_EXTENSION_APIS lpExt, LPSTR pszCommand){ PVOID pContext;
InitDebugHelp( hProcess, hThread, lpExt);
pContext = GetExpr( pszCommand );
if ( pContext == NULL ) {
return; }
PrintContextFlags( (ULONG)((ULONG_PTR)pContext) );
}
VOIDDumpCTimeStamp( HANDLE hProcess, HANDLE hThread, DWORD dwCurrentPc, PNTSD_EXTENSION_APIS lpExt, LPSTR pszCommand){ PVOID pContext; CHAR TimeBuf[100];
InitDebugHelp( hProcess, hThread, lpExt);
pContext = GetExpr( pszCommand );
if ( pContext == NULL ) {
return; }
ContextTimeStamp( (PTimeStamp) pContext, TimeBuf ); DebuggerOut(" TimeStamp \t%s\n", TimeBuf );
}
voidHelp( HANDLE hProcess, HANDLE hThread, DWORD dwCurrentPc, PNTSD_EXTENSION_APIS lpExt, LPSTR pszCommand){
InitDebugHelp(hProcess, hThread, lpExt);
DebuggerOut("Kerberos Exts Debug Help\n"); DebuggerOut(" DumpContext <addr> \tDumps a Kerberos context\n"); DebuggerOut(" DumpLSession <addr> \tDumps a Kerberos logon session\n"); DebuggerOut(" DumpTCacheEntry <addr> \tDumps a Kerberos ticket cache entry\n"); DebuggerOut(" DumpContextFlags <hex ulong>\tDumps an SSPI context flags\n"); DebuggerOut(" DumpCTimeStamp <hex ulong>\tDumps a Context Expiry Time\n");
}
|
