Class: RubySMB::Dcerpc::Winreg::QueryValueResponse

Inherits:
BinData::Record
  • Object
show all
Defined in:
lib/ruby_smb/dcerpc/winreg/query_value_response.rb

Overview

This class represents a BaseRegQueryValue Response Packet as defined in 3.1.5.17 BaseRegQueryValue (Opnum 17)

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#opnumObject (readonly)

Returns the value of attribute opnum.



8
9
10
# File 'lib/ruby_smb/dcerpc/winreg/query_value_response.rb', line 8

def opnum
  @opnum
end

Instance Method Details

#dataObject

Returns the data portion of the registry value formatted according to its type: 3.1.1.5 Values



25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# File 'lib/ruby_smb/dcerpc/winreg/query_value_response.rb', line 25

def data
  bytes = lp_data.to_a.pack('C*')
  case lp_type
  when 0 # 0 is undefined type, let's consider an array of bytes
    bytes
  when 1,2
    bytes.force_encoding('utf-16le').strip
  when 3
    bytes
  when 4
    bytes.unpack('V').first
  when 5
    bytes.unpack('N').first
  when 7
    str = bytes.force_encoding('utf-16le')
    str.split("\0".encode('utf-16le'))
  when 11
    bytes.unpack('Q<').first
  else
    ''
  end
end

#initialize_instanceObject



18
19
20
21
# File 'lib/ruby_smb/dcerpc/winreg/query_value_response.rb', line 18

def initialize_instance
  super
  @opnum = REG_QUERY_VALUE
end