Class: RubySMB::Dcerpc::Winreg::QueryValueResponse

Inherits:

BinData::Record

• Object
• BinData::Record
• RubySMB::Dcerpc::Winreg::QueryValueResponse

Defined in:

lib/ruby_smb/dcerpc/winreg/query_value_response.rb

Overview

This class represents a BaseRegQueryValue Response Packet as defined in 3.1.5.17 BaseRegQueryValue (Opnum 17)

Instance Attribute Summary

• #opnum ⇒ Object readonly

  Returns the value of attribute opnum.

Instance Method Summary

• #data ⇒ Object

  Returns the data portion of the registry value formatted according to its type: 3.1.1.5 Values.

• #initialize_instance ⇒ Object
• #pad_length(prev_element) ⇒ Object

  Determines the correct length for the padding, so that the next field is 4-byte aligned.

Instance Attribute Details

#opnum ⇒ Object (readonly)

Returns the value of attribute opnum.

# File 'lib/ruby_smb/dcerpc/winreg/query_value_response.rb', line 8

def opnum
  @opnum
end

Instance Method Details

#data ⇒ Object

Returns the data portion of the registry value formatted according to its type: 3.1.1.5 Values

# File 'lib/ruby_smb/dcerpc/winreg/query_value_response.rb', line 33

def data
  bytes = lp_data.bytes.to_a.pack('C*')
  case lp_type
  when 1,2
    bytes.force_encoding('utf-16le').strip
  when 3
    bytes
  when 4
    bytes.unpack('V').first
  when 5
    bytes.unpack('N').first
  when 7
    str = bytes.force_encoding('utf-16le')
    str.split("\0".encode('utf-16le'))
  when 11
    bytes.unpack('Q<').first
  else
    ""
  end
end

#initialize_instance ⇒ Object

# File 'lib/ruby_smb/dcerpc/winreg/query_value_response.rb', line 19

def initialize_instance
  super
  @opnum = REG_QUERY_VALUE
end

#pad_length(prev_element) ⇒ Object

Determines the correct length for the padding, so that the next field is 4-byte aligned.

# File 'lib/ruby_smb/dcerpc/winreg/query_value_response.rb', line 26

def pad_length(prev_element)
  offset = (prev_element.abs_offset + prev_element.to_binary_s.length) % 4
  (4 - offset) % 4
end