archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/ds/netapi/svcimgs/ntrepl/test/attackfrs/frscomm.c

268 lines
8.9 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. #include <ntreppch.h>
  2. #include <frs.h>
  4. #include "attack.h"
  8. ULONG NtFrsMajor = NTFRS_MAJOR;
  10. ULONG NtFrsCommMinor = NTFRS_COMM_MINOR_7;
  11. //
  12. // Note: When using COMM_DECODE_VAR_LEN_BLOB you must also use COMM_SZ_NULL
  13. // in the table below so that no length check is made when the field is decoded.
  14. // This allows the field size to grow. Down level members must be able to
  15. // handle this by ignoring var len field components they do not understand.
  16. //
  18. //
  19. // The Communication packet element table below is used to construct and
  20. // decode comm packet data sent between members.
  21. // *** WARNING *** - the order of the rows in the table must match the
  22. // the order of the elements in the COMM_TYPE enum. See comments for COMM_TYPE
  23. // enum for restrictions on adding new elements to the table.
  24. //
  25. // Data Element Type DisplayText Size Decode Type Offset to Native Cmd Packet
  26. //
  27. COMM_PACKET_ELEMENT CommPacketTable[COMM_MAX] = {
  28. {COMM_NONE, "NONE" , COMM_SZ_NULL, COMM_DECODE_NONE, 0 },
  30. {COMM_BOP, "BOP" , COMM_SZ_UL, COMM_DECODE_ULONG, RsOffsetSkip },
  31. {COMM_COMMAND, "COMMAND" , COMM_SZ_UL, COMM_DECODE_ULONG_TO_USHORT, OFFSET(COMMAND_PACKET, Command)},
  32. {COMM_TO, "TO" , COMM_SZ_NULL, COMM_DECODE_GNAME, RsOffset(To) },
  33. {COMM_FROM, "FROM" , COMM_SZ_NULL, COMM_DECODE_GNAME, RsOffset(From) },
  34. {COMM_REPLICA, "REPLICA" , COMM_SZ_NULL, COMM_DECODE_GNAME, RsOffset(ReplicaName) },
  35. {COMM_JOIN_GUID, "JOIN_GUID" , COMM_SZ_GUL, COMM_DECODE_BLOB, RsOffset(JoinGuid) },
  36. {COMM_VVECTOR, "VVECTOR" , COMM_SZ_GVSN, COMM_DECODE_VVECTOR, RsOffset(VVector) },
  37. {COMM_CXTION, "CXTION" , COMM_SZ_NULL, COMM_DECODE_GNAME, RsOffset(Cxtion) },
  39. {COMM_BLOCK, "BLOCK" , COMM_SZ_NULL, COMM_DECODE_BLOB, RsOffset(Block) },
  40. {COMM_BLOCK_SIZE, "BLOCK_SIZE" , COMM_SZ_ULL, COMM_DECODE_ULONGLONG, RsOffset(BlockSize) },
  41. {COMM_FILE_SIZE, "FILE_SIZE" , COMM_SZ_ULL, COMM_DECODE_ULONGLONG, RsOffset(FileSize) },
  42. {COMM_FILE_OFFSET, "FILE_OFFSET" , COMM_SZ_ULL, COMM_DECODE_ULONGLONG, RsOffset(FileOffset) },
  44. {COMM_REMOTE_CO, "REMOTE_CO" , COMM_SZ_COC, COMM_DECODE_REMOTE_CO, RsOffset(PartnerChangeOrderCommand)},
  45. {COMM_GVSN, "GVSN" , COMM_SZ_GVSN, COMM_DECODE_BLOB, RsOffset(GVsn) },
  47. {COMM_CO_GUID, "CO_GUID" , COMM_SZ_GUL, COMM_DECODE_BLOB, RsOffset(ChangeOrderGuid) },
  48. {COMM_CO_SEQUENCE_NUMBER, "CO_SEQUENCE_NUMBER" , COMM_SZ_UL, COMM_DECODE_ULONG, RsOffset(ChangeOrderSequenceNumber)},
  49. {COMM_JOIN_TIME, "JOIN_TIME" , COMM_SZ_JTIME, COMM_DECODE_BLOB, RsOffset(JoinTime) },
  50. {COMM_LAST_JOIN_TIME, "LAST_JOIN_TIME" , COMM_SZ_ULL, COMM_DECODE_ULONGLONG, RsOffset(LastJoinTime) },
  51. {COMM_EOP, "EOP" , COMM_SZ_UL, COMM_DECODE_ULONG, RsOffsetSkip },
  52. {COMM_REPLICA_VERSION_GUID, "REPLICA_VERSION_GUID", COMM_SZ_GUL, COMM_DECODE_BLOB, RsOffset(ReplicaVersionGuid)},
  53. {COMM_MD5_DIGEST, "MD5_DIGEST" , COMM_SZ_MD5, COMM_DECODE_BLOB, RsOffset(Md5Digest) },
  54. {COMM_CO_EXT_WIN2K, "CO_EXT_WIN2K" , COMM_SZ_COEXT_W2K,COMM_DECODE_BLOB, RsOffset(PartnerChangeOrderCommandExt)},
  55. {COMM_CO_EXTENSION_2, "CO_EXTENSION_2" , COMM_SZ_NULL, COMM_DECODE_VAR_LEN_BLOB, RsOffset(PartnerChangeOrderCommandExt)},
  57. {COMM_COMPRESSION_GUID, "COMPRESSION_GUID" , COMM_SZ_GUID, COMM_DECODE_GUID, RsOffset(CompressionTable)}
  59. };
  63. VOID
  64. CommCopyMemory(
  65. IN PCOMM_PACKET CommPkt,
  66. IN PUCHAR Src,
  67. IN ULONG Len
  68. )
  69. /*++
  70. Routine Description:
  71. Copy memory into a comm packet, extending as necessary
  73. Arguments:
  74. CommPkt
  75. Src
  76. Len
  78. Return Value:
  79. None.
  80. --*/
  81. {
  82. #undef DEBSUB
  83. #define DEBSUB "CommCopyMemory:"
  84. ULONG MemLeft;
  85. PUCHAR NewPkt;
  87. //
  88. // Adjust size of comm packet if necessary
  89. //
  90. // PERF: How many allocs get done to send a CO??? This looks expensive.
  92. MemLeft = CommPkt->MemLen - CommPkt->PktLen;
  93. if (Len > MemLeft) {
  94. //
  95. // Just filling memory; extend memory, tacking on a little extra
  96. //
  97. CommPkt->MemLen = (((CommPkt->MemLen + Len) + (COMM_MEM_SIZE - 1))
  98. / COMM_MEM_SIZE)
  99. * COMM_MEM_SIZE;
  100. NewPkt = MALLOC(CommPkt->MemLen);
  101. CopyMemory(NewPkt, CommPkt->Pkt, CommPkt->PktLen);
  102. FREE(CommPkt->Pkt);
  103. CommPkt->Pkt = NewPkt;
  104. }
  106. //
  107. // Copy into the packet
  108. //
  109. if (Src != NULL) {
  110. CopyMemory(CommPkt->Pkt + CommPkt->PktLen, Src, Len);
  111. } else {
  112. ZeroMemory(CommPkt->Pkt + CommPkt->PktLen, Len);
  113. }
  114. CommPkt->PktLen += Len;
  115. }
  118. VOID
  119. CommPackULong(
  120. IN PCOMM_PACKET CommPkt,
  121. IN COMM_TYPE Type,
  122. IN ULONG Data
  123. )
  124. /*++
  125. Routine Description:
  126. Copy a header and a ulong into the comm packet.
  128. Arguments:
  129. CommPkt
  130. Type
  131. Data
  133. Return Value:
  134. None.
  135. --*/
  136. {
  137. #undef DEBSUB
  138. #define DEBSUB "CommPackULong:"
  139. ULONG Len = sizeof(ULONG);
  140. USHORT CommType = (USHORT)Type;
  142. CommCopyMemory(CommPkt, (PUCHAR)&CommType, sizeof(USHORT));
  143. printf("Packed CommType.\n");
  144. CommCopyMemory(CommPkt, (PUCHAR)&Len, sizeof(ULONG));
  145. printf("Packed Len.\n");
  146. CommCopyMemory(CommPkt, (PUCHAR)&Data, sizeof(ULONG));
  147. printf("Packed Data.\n");
  148. }
  151. PCOMM_PACKET
  152. CommStartCommPkt(
  153. IN PWCHAR Name
  154. )
  155. /*++
  156. Routine Description:
  157. Allocate a comm packet.
  159. Arguments:
  160. Name
  162. Return Value:
  163. Address of a comm packet.
  164. --*/
  165. {
  166. #undef DEBSUB
  167. #define DEBSUB "CommStartCommPkt:"
  168. ULONG Size;
  169. PCOMM_PACKET CommPkt;
  171. //
  172. // We can create a comm packet in a file or in memory
  173. //
  174. CommPkt = MALLOC(sizeof(COMM_PACKET));
  175. Size = COMM_MEM_SIZE;
  176. CommPkt->Pkt = MALLOC(Size);
  177. CommPkt->MemLen = Size;
  178. CommPkt->Major = NtFrsMajor;
  179. CommPkt->Minor = NtFrsCommMinor;
  181. printf("CommPkt initialized. Getting ready to add BOP\n");
  182. //
  183. // Pack the beginning-of-packet
  184. //
  185. CommPackULong(CommPkt, COMM_BOP, 0);
  186. return CommPkt;
  187. }
  189. PCOMM_PACKET
  190. BuildCommPktFromDescriptorList(
  191. IN PCOMM_PKT_DESCRIPTOR pListHead,
  192. IN ULONG ActualPktSize,
  193. IN OPTIONAL ULONG *Major,
  194. IN OPTIONAL ULONG *Minor,
  195. IN OPTIONAL ULONG *CsId,
  196. IN OPTIONAL ULONG *MemLen,
  197. IN OPTIONAL ULONG *PktLen,
  198. IN OPTIONAL ULONG *UpkLen
  199. )
  200. /*++
  201. Routine Description:
  202. Allocate a comm packet and fill it acording to the parameters specified..
  205. Arguments:
  206. pListHead - Address of the pListEntry of a COMM_PKT_DESCRIPTOR. We walk
  207. the list of descriptors to build the Pkt.
  209. ActualPktSize - Amount of memory to allocate for the Pkt.
  211. Major
  212. Minor
  213. CsId
  214. MemLen
  215. PktLen
  216. UpkLen - These parameters correspond to the fields in a COMM_PACKET. If
  217. they are NULL, the default value is used.
  220. Return Value:
  221. Address of a comm packet.
  222. --*/
  223. {
  224. PCOMM_PKT_DESCRIPTOR pDescriptor = pListHead;
  225. PCOMM_PACKET CommPkt = NULL;
  227. //
  228. // Allocate the CommPkt struct
  229. //
  230. CommPkt = MALLOC(sizeof(COMM_PACKET));
  232. //
  233. // Allocate the Pkt
  234. //
  235. CommPkt->Pkt = MALLOC(ActualPktSize);
  237. //
  238. // Set struct values. Use defaults if parameters are not specified.
  239. //
  240. CommPkt->MemLen = (MemLen?*MemLen:COMM_MEM_SIZE);
  241. CommPkt->Major = (Major?*Major:NtFrsMajor);
  242. CommPkt->Minor = (Minor?*Minor:NtFrsCommMinor);
  243. CommPkt->CsId = (CsId?*CsId:CS_RS);
  244. CommPkt->UpkLen = (UpkLen?*UpkLen:0);
  246. //
  247. // PktLen must be 0 for now so that CommCopyMemory will work correctly.
  248. // We'll set it to the provided value later.
  249. //
  250. CommPkt->PktLen = 0;
  253. while(pDescriptor != NULL) {
  254. CommCopyMemory(CommPkt, (PUCHAR)&(pDescriptor->CommType), sizeof(USHORT));
  255. CommCopyMemory(CommPkt, (PUCHAR)&(pDescriptor->CommDataLength), sizeof(ULONG));
  256. CommCopyMemory(CommPkt, (PUCHAR)(pDescriptor->Data), pDescriptor->ActualDataLength );
  257. pDescriptor = pDescriptor->Next;
  258. };
  261. //
  262. // We're done building the packet.
  263. // Now we can set PktLen tot he supplied value.
  264. //
  265. CommPkt->PktLen = (PktLen?*PktLen:CommPkt->PktLen);
  267. return CommPkt;
  268. }