# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved. # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # Author: Alberto Solino (@agsolino) # # Description: # [MS-WMI]/[MS-WMIO] : Windows Management Instrumentation Remote Protocol. Partial implementation # # Best way to learn how to use these calls is to grab the protocol standard # so you understand what the call does, and then read the test case located # at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC # # Since DCOM is like an OO RPC, instead of helper functions you will see the # classes described in the standards developed. # There are test cases for them too. # from __future__ import division from __future__ import print_function from struct import unpack, calcsize, pack from functools import partial import collections import logging from impacket.dcerpc.v5.ndr import NDRSTRUCT, NDRUniConformantArray, NDRPOINTER, NDRUniConformantVaryingArray, NDRUNION, \ NDRENUM from impacket.dcerpc.v5.dcomrt import DCOMCALL, DCOMANSWER, IRemUnknown, PMInterfacePointer, INTERFACE, \ PMInterfacePointer_ARRAY, BYTE_ARRAY, PPMInterfacePointer, OBJREF_CUSTOM from impacket.dcerpc.v5.dcom.oaut import BSTR from impacket.dcerpc.v5.dtypes import ULONG, DWORD, NULL, LPWSTR, LONG, HRESULT, PGUID, LPCSTR, GUID from impacket.dcerpc.v5.enum import Enum from impacket.dcerpc.v5.rpcrt import DCERPCException from impacket import hresult_errors, LOG from impacket.uuid import string_to_bin, uuidtup_to_bin from impacket.structure import Structure, hexdump def format_structure(d, level=0): x = "" if isinstance(d, collections.Mapping): lenk = max([len(str(x)) for x in list(d.keys())]) for k, v in list(d.items()): key_text = "\n" + " "*level + " "*(lenk - len(str(k))) + str(k) x += key_text + ": " + format_structure(v, level=level+lenk) elif isinstance(d, collections.Iterable) and not isinstance(d, str): for e in d: x += "\n" + " "*level + "- " + format_structure(e, level=level+4) else: x = str(d) return x try: from collections import OrderedDict except: try: from ordereddict.ordereddict import OrderedDict except: from ordereddict import OrderedDict class DCERPCSessionError(DCERPCException): def __init__(self, error_string=None, error_code=None, packet=None): DCERPCException.__init__(self, error_string, error_code, packet) def __str__( self ): if self.error_code in hresult_errors.ERROR_MESSAGES: error_msg_short = hresult_errors.ERROR_MESSAGES[self.error_code][0] error_msg_verbose = hresult_errors.ERROR_MESSAGES[self.error_code][1] return 'WMI SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose) else: # Let's see if we have it as WBEMSTATUS try: return 'WMI Session Error: code: 0x%x - %s' % (self.error_code, WBEMSTATUS.enumItems(self.error_code).name) except: return 'WMI SessionError: unknown error code: 0x%x' % self.error_code ################################################################################ # WMIO Structures and Constants ################################################################################ WBEM_FLAVOR_FLAG_PROPAGATE_O_INSTANCE = 0x01 WBEM_FLAVOR_FLAG_PROPAGATE_O_DERIVED_CLASS = 0x02 WBEM_FLAVOR_NOT_OVERRIDABLE = 0x10 WBEM_FLAVOR_ORIGIN_PROPAGATED = 0x20 WBEM_FLAVOR_ORIGIN_SYSTEM = 0x40 WBEM_FLAVOR_AMENDED = 0x80 # 2.2.6 ObjectFlags OBJECT_FLAGS = 'B=0' #2.2.77 Signature SIGNATURE = ' 1: if self['Encoded_String_Flag'] == 0: self.structure += self.tascii # Let's search for the end of the string index = data[1:].find(b'\x00') data = data[:index+1+1] else: self.structure = self.tunicode self.isUnicode = True self.fromString(data) else: self.structure = self.tascii self.data = None def __getitem__(self, key): if key == 'Character' and self.isUnicode: return self.fields['Character'].decode('utf-16le') return Structure.__getitem__(self, key) # 2.2.8 DecServerName DEC_SERVER_NAME = ENCODED_STRING # 2.2.9 DecNamespaceName DEC_NAMESPACE_NAME = ENCODED_STRING # 2.2.7 Decoration class DECORATION(Structure): structure = ( ('DecServerName', ':', DEC_SERVER_NAME), ('DecNamespaceName', ':', DEC_NAMESPACE_NAME), ) # 2.2.69 HeapRef HEAPREF = ' 0: itemn = QUALIFIER(data) if itemn['QualifierName'] == 0xffffffff: qName = b'' elif itemn['QualifierName'] & 0x80000000: qName = DICTIONARY_REFERENCE[itemn['QualifierName'] & 0x7fffffff] else: qName = ENCODED_STRING(heap[itemn['QualifierName']:])['Character'] value = ENCODED_VALUE.getValue(itemn['QualifierType'], itemn['QualifierValue'], heap) qualifiers[qName] = value data = data[len(itemn):] return qualifiers # 2.2.20 ClassQualifierSet CLASS_QUALIFIER_SET = QUALIFIER_SET # 2.2.22 PropertyCount PROPERTY_COUNT = ' 0: record = QUALIFIER(qualifiersBuf) if record['QualifierName'] & 0x80000000: qualifierName = DICTIONARY_REFERENCE[record['QualifierName'] & 0x7fffffff] else: qualifierName = ENCODED_STRING(heap[record['QualifierName']:])['Character'] qualifierValue = ENCODED_VALUE.getValue(record['QualifierType'], record['QualifierValue'], heap) qualifiersBuf = qualifiersBuf[len(record):] qualifiers[qualifierName] = qualifierValue propItemDict['qualifiers'] = qualifiers properties[propName] = propItemDict propTable = propTable[self.PropertyLookupSize:] return OrderedDict(sorted(list(properties.items()), key=lambda x:x[1]['order'])) #return properties # 2.2.66 Heap HEAP_LENGTH = ' 0: value = ENCODED_VALUE.getValue(properties[key]['type'], itemValue, heap) properties[key]['value'] = "%s" % value valueTable = valueTable[dataSize:] return properties # 2.2.39 MethodCount METHOD_COUNT = ' 0: methodDict['InParams'] = inputSignature['ObjectBlock']['ClassType']['CurrentClass'].getProperties() methodDict['InParamsRaw'] = inputSignature['ObjectBlock'] #print methodDict['InParams'] else: methodDict['InParams'] = None if itemn['OutputSignature'] != 0xffffffff: outputSignature = METHOD_SIGNATURE_BLOCK(heap[itemn['OutputSignature']:]) if outputSignature['EncodingLength'] > 0: methodDict['OutParams'] = outputSignature['ObjectBlock']['ClassType']['CurrentClass'].getProperties() methodDict['OutParamsRaw'] = outputSignature['ObjectBlock'] else: methodDict['OutParams'] = None data = data[len(itemn):] methods[methodDict['name']] = methodDict return methods # 2.2.14 ClassAndMethodsPart class CLASS_AND_METHODS_PART(Structure): structure = ( ('ClassPart', ':', CLASS_PART), ('MethodsPart', ':', METHODS_PART), ) def getClassName(self): pClassName = self['ClassPart']['ClassHeader']['ClassNameRef'] cHeap = self['ClassPart']['ClassHeap']['HeapItem'] if pClassName == 0xffffffff: return 'None' else: className = ENCODED_STRING(cHeap[pClassName:])['Character'] derivationList = self['ClassPart']['DerivationList']['ClassNameEncoding'] while len(derivationList) > 0: superClass = ENCODED_STRING(derivationList)['Character'] className += ' : %s ' % superClass derivationList = derivationList[len(ENCODED_STRING(derivationList))+4:] return className def getQualifiers(self): return self["ClassPart"].getQualifiers() def getProperties(self): #print format_structure(self["ClassPart"].getProperties()) return self["ClassPart"].getProperties() def getMethods(self): return self["MethodsPart"].getMethods() # 2.2.13 CurrentClass CURRENT_CLASS = CLASS_AND_METHODS_PART # 2.2.54 InstanceFlags INSTANCE_FLAGS = 'B=0' # 2.2.55 InstanceClassName INSTANCE_CLASS_NAME = HEAP_STRING_REF # 2.2.27 NullAndDefaultFlag NULL_AND_DEFAULT_FLAG = 'B=0' # 2.2.26 NdTable NDTABLE = NULL_AND_DEFAULT_FLAG # 2.2.56 InstanceData #InstanceData = ValueTable class CURRENT_CLASS_NO_METHODS(CLASS_AND_METHODS_PART): structure = ( ('ClassPart', ':', CLASS_PART), ) def getMethods(self): return () # 2.2.65 InstancePropQualifierSet INST_PROP_QUAL_SET_FLAG = 'B=0' class INSTANCE_PROP_QUALIFIER_SET(Structure): commonHdr = ( ('InstPropQualSetFlag', INST_PROP_QUAL_SET_FLAG), ) tail = ( # ToDo: this is wrong.. this should be an array of QualifierSet, see documentation #('QualifierSet', ':', QualifierSet), ('QualifierSet', ':', QUALIFIER_SET), ) def __init__(self, data = None, alignment = 0): Structure.__init__(self, data, alignment) self.structure = () if data is not None: # Let's first check the commonHdr self.fromString(data) if self['InstPropQualSetFlag'] == 2: # We don't support this yet! raise Exception("self['InstPropQualSetFlag'] == 2") self.fromString(data) else: self.data = None # 2.2.57 InstanceQualifierSet class INSTANCE_QUALIFIER_SET(Structure): structure = ( ('QualifierSet', ':', QUALIFIER_SET), ('InstancePropQualifierSet', ':', INSTANCE_PROP_QUALIFIER_SET), ) # 2.2.58 InstanceHeap INSTANCE_HEAP = HEAP # 2.2.53 InstanceType class INSTANCE_TYPE(Structure): commonHdr = ( ('CurrentClass', ':', CURRENT_CLASS_NO_METHODS), ('EncodingLength', ENCODING_LENGTH), ('InstanceFlags', INSTANCE_FLAGS), ('InstanceClassName', INSTANCE_CLASS_NAME), ('_NdTable_ValueTable', '_-NdTable_ValueTable', 'self["CurrentClass"]["ClassPart"]["ClassHeader"]["NdTableValueTableLength"]'), ('NdTable_ValueTable',':'), ('InstanceQualifierSet', ':', INSTANCE_QUALIFIER_SET), ('InstanceHeap', ':', INSTANCE_HEAP), ) def __init__(self, data = None, alignment = 0): Structure.__init__(self, data, alignment) self.structure = () if data is not None: # Let's first check the commonHdr self.fromString(data) #hexdump(data[len(self.getData()):]) self.NdTableSize = (self['CurrentClass']['ClassPart']['PropertyLookupTable']['PropertyCount'] - 1) //4 + 1 #self.InstanceDataSize = self['CurrentClass']['ClassPart']['PropertyLookupTable']['PropertyCount'] * len(InstanceData()) self.fromString(data) else: self.data = None def getValues(self, properties): heap = self["InstanceHeap"]["HeapItem"] valueTableOff = (len(properties) - 1) // 4 + 1 valueTable = self['NdTable_ValueTable'][valueTableOff:] sorted_props = sorted(list(properties.keys()), key=lambda k: properties[k]['order']) for key in sorted_props: pType = properties[key]['type'] & (~(CIM_ARRAY_FLAG|Inherited)) if properties[key]['type'] & CIM_ARRAY_FLAG: unpackStr = HEAPREF[:-2] else: unpackStr = CIM_TYPES_REF[pType][:-2] dataSize = calcsize(unpackStr) try: itemValue = unpack(unpackStr, valueTable[:dataSize])[0] except: LOG.error("getValues: Error Unpacking!") itemValue = 0xffffffff # if itemValue == 0, default value remains if itemValue != 0: value = ENCODED_VALUE.getValue( properties[key]['type'], itemValue, heap) properties[key]['value'] = value # is the value set valid or should we clear it? ( if not inherited ) elif properties[key]['inherited'] == 0: properties[key]['value'] = None valueTable = valueTable[dataSize:] return properties # 2.2.12 ParentClass PARENT_CLASS = CLASS_AND_METHODS_PART # 2.2.13 CurrentClass CURRENT_CLASS = CLASS_AND_METHODS_PART class CLASS_TYPE(Structure): structure = ( ('ParentClass', ':', PARENT_CLASS), ('CurrentClass', ':', CURRENT_CLASS), ) # 2.2.5 ObjectBlock class OBJECT_BLOCK(Structure): commonHdr = ( ('ObjectFlags', OBJECT_FLAGS), ) decoration = ( ('Decoration', ':', DECORATION), ) instanceType = ( ('InstanceType', ':', INSTANCE_TYPE), ) classType = ( ('ClassType', ':', CLASS_TYPE), ) def __init__(self, data = None, alignment = 0): Structure.__init__(self, data, alignment) self.ctParent = None self.ctCurrent = None if data is not None: self.structure = () if ord(data[0:1]) & 0x4: # WMIO - 2.2.6 - 0x04 If this flag is set, the object has a Decoration block. self.structure += self.decoration if ord(data[0:1]) & 0x01: # The object is a CIM class. self.structure += self.classType else: self.structure += self.instanceType self.fromString(data) else: self.data = None def isInstance(self): if self['ObjectFlags'] & 0x01: return False return True def printClass(self, pClass, cInstance = None): qualifiers = pClass.getQualifiers() for qualifier in qualifiers: print("[%s]" % qualifier) className = pClass.getClassName() print("class %s \n{" % className) properties = pClass.getProperties() if cInstance is not None: properties = cInstance.getValues(properties) for pName in properties: #if property['inherited'] == 0: qualifiers = properties[pName]['qualifiers'] for qName in qualifiers: if qName != 'CIMTYPE': print('\t[%s(%s)]' % (qName, qualifiers[qName])) print("\t%s %s" % (properties[pName]['stype'], properties[pName]['name']), end=' ') if properties[pName]['value'] is not None: if properties[pName]['type'] == CIM_TYPE_ENUM.CIM_TYPE_OBJECT.value: print('= IWbemClassObject\n') elif properties[pName]['type'] == CIM_TYPE_ENUM.CIM_ARRAY_OBJECT.value: if properties[pName]['value'] == 0: print('= %s\n' % properties[pName]['value']) else: print('= %s\n' % list('IWbemClassObject' for _ in range(len(properties[pName]['value'])))) else: print('= %s\n' % properties[pName]['value']) else: print('\n') print() methods = pClass.getMethods() for methodName in methods: for qualifier in methods[methodName]['qualifiers']: print('\t[%s]' % qualifier) if methods[methodName]['InParams'] is None and methods[methodName]['OutParams'] is None: print('\t%s %s();\n' % ('void', methodName)) if methods[methodName]['InParams'] is None and len(methods[methodName]['OutParams']) == 1: print('\t%s %s();\n' % (methods[methodName]['OutParams']['ReturnValue']['stype'], methodName)) else: returnValue = b'' if methods[methodName]['OutParams'] is not None: # Search the Return Value #returnValue = (item for item in method['OutParams'] if item["name"] == "ReturnValue").next() if 'ReturnValue' in methods[methodName]['OutParams']: returnValue = methods[methodName]['OutParams']['ReturnValue']['stype'] print('\t%s %s(\n' % (returnValue, methodName), end=' ') if methods[methodName]['InParams'] is not None: for pName in methods[methodName]['InParams']: print('\t\t[in] %s %s,' % (methods[methodName]['InParams'][pName]['stype'], pName)) if methods[methodName]['OutParams'] is not None: for pName in methods[methodName]['OutParams']: if pName != 'ReturnValue': print('\t\t[out] %s %s,' % (methods[methodName]['OutParams'][pName]['stype'], pName)) print('\t);\n') print("}") def parseClass(self, pClass, cInstance = None): classDict = OrderedDict() classDict['name'] = pClass.getClassName() classDict['qualifiers'] = pClass.getQualifiers() classDict['properties'] = pClass.getProperties() classDict['methods'] = pClass.getMethods() if cInstance is not None: classDict['values'] = cInstance.getValues(classDict['properties']) else: classDict['values'] = None return classDict def parseObject(self): if (self['ObjectFlags'] & 0x01) == 0: # instance ctCurrent = self['InstanceType']['CurrentClass'] currentName = ctCurrent.getClassName() if currentName is not None: self.ctCurrent = self.parseClass(ctCurrent, self['InstanceType']) return else: ctParent = self['ClassType']['ParentClass'] ctCurrent = self['ClassType']['CurrentClass'] parentName = ctParent.getClassName() if parentName is not None: self.ctParent = self.parseClass(ctParent) currentName = ctCurrent.getClassName() if currentName is not None: self.ctCurrent = self.parseClass(ctCurrent) def printInformation(self): # First off, do we have a class? if (self['ObjectFlags'] & 0x01) == 0: # instance ctCurrent = self['InstanceType']['CurrentClass'] currentName = ctCurrent.getClassName() if currentName is not None: self.printClass(ctCurrent, self['InstanceType']) return else: ctParent = self['ClassType']['ParentClass'] ctCurrent = self['ClassType']['CurrentClass'] parentName = ctParent.getClassName() if parentName is not None: self.printClass(ctParent) currentName = ctCurrent.getClassName() if currentName is not None: self.printClass(ctCurrent) # 2.2.70 MethodSignatureBlock class METHOD_SIGNATURE_BLOCK(Structure): commonHdr = ( ('EncodingLength', ENCODING_LENGTH), ) tail = ( ('_ObjectBlock', '_-ObjectBlock', 'self["EncodingLength"]'), ('ObjectBlock', ':', OBJECT_BLOCK), ) def __init__(self, data = None, alignment = 0): Structure.__init__(self, data, alignment) if data is not None: self.fromString(data) if self['EncodingLength'] > 0: self.structure = () self.structure += self.tail self.fromString(data) else: self.data = None # 2.2.1 EncodingUnit class ENCODING_UNIT(Structure): structure = ( ('Signature', SIGNATURE), ('ObjectEncodingLength', OBJECT_ENCODING_LENGTH), ('_ObjectBlock', '_-ObjectBlock', 'self["ObjectEncodingLength"]'), ('ObjectBlock', ':', OBJECT_BLOCK), ) ################################################################################ # CONSTANTS ################################################################################ # 1.9 Standards Assignments CLSID_WbemLevel1Login = string_to_bin('8BC3F05E-D86B-11D0-A075-00C04FB68820') CLSID_WbemBackupRestore = string_to_bin('C49E32C6-BC8B-11D2-85D4-00105A1F8304') CLSID_WbemClassObject = string_to_bin('4590F812-1D3A-11D0-891F-00AA004B2E24') IID_IWbemLevel1Login = uuidtup_to_bin(('F309AD18-D86A-11d0-A075-00C04FB68820', '0.0')) IID_IWbemLoginClientID = uuidtup_to_bin(('d4781cd6-e5d3-44df-ad94-930efe48a887', '0.0')) IID_IWbemLoginHelper = uuidtup_to_bin(('541679AB-2E5F-11d3-B34E-00104BCC4B4A', '0.0')) IID_IWbemServices = uuidtup_to_bin(('9556DC99-828C-11CF-A37E-00AA003240C7', '0.0')) IID_IWbemBackupRestore = uuidtup_to_bin(('C49E32C7-BC8B-11d2-85D4-00105A1F8304', '0.0')) IID_IWbemBackupRestoreEx = uuidtup_to_bin(('A359DEC5-E813-4834-8A2A-BA7F1D777D76', '0.0')) IID_IWbemClassObject = uuidtup_to_bin(('DC12A681-737F-11CF-884D-00AA004B2E24', '0.0')) IID_IWbemContext = uuidtup_to_bin(('44aca674-e8fc-11d0-a07c-00c04fb68820', '0.0')) IID_IEnumWbemClassObject = uuidtup_to_bin(('027947e1-d731-11ce-a357-000000000001', '0.0')) IID_IWbemCallResult = uuidtup_to_bin(('44aca675-e8fc-11d0-a07c-00c04fb68820', '0.0')) IID_IWbemFetchSmartEnum = uuidtup_to_bin(('1C1C45EE-4395-11d2-B60B-00104B703EFD', '0.0')) IID_IWbemWCOSmartEnum = uuidtup_to_bin(('423EC01E-2E35-11d2-B604-00104B703EFD', '0.0')) error_status_t = ULONG # lFlags WBEM_FLAG_RETURN_WBEM_COMPLETE = 0x00000000 WBEM_FLAG_UPDATE_ONLY = 0x00000001 WBEM_FLAG_CREATE_ONLY = 0x00000002 WBEM_FLAG_RETURN_IMMEDIATELY = 0x00000010 WBEM_FLAG_UPDATE_SAFE_MODE = 0x00000020 WBEM_FLAG_FORWARD_ONLY = 0x00000020 WBEM_FLAG_NO_ERROR_OBJECT = 0x00000040 WBEM_FLAG_UPDATE_FORCE_MODE = 0x00000040 WBEM_FLAG_SEND_STATUS = 0x00000080 WBEM_FLAG_ENSURE_LOCATABLE = 0x00000100 WBEM_FLAG_DIRECT_READ = 0x00000200 WBEM_MASK_RESERVED_FLAGS = 0x0001F000 WBEM_FLAG_USE_AMENDED_QUALIFIERS = 0x00020000 WBEM_FLAG_STRONG_VALIDATION = 0x00100000 WBEM_FLAG_BACKUP_RESTORE_FORCE_SHUTDOWN = 0x00000001 WBEM_INFINITE = 0xffffffff ################################################################################ # STRUCTURES ################################################################################ class UCHAR_ARRAY_CV(NDRUniConformantVaryingArray): item = 'c' class PUCHAR_ARRAY_CV(NDRPOINTER): referent = ( ('Data', UCHAR_ARRAY_CV), ) class PMInterfacePointer_ARRAY_CV(NDRUniConformantVaryingArray): item = PMInterfacePointer REFGUID = PGUID class ULONG_ARRAY(NDRUniConformantArray): item = ULONG class PULONG_ARRAY(NDRPOINTER): referent = ( ('Data', ULONG_ARRAY), ) # 2.2.5 WBEM_CHANGE_FLAG_TYPE Enumeration class WBEM_CHANGE_FLAG_TYPE(NDRENUM): # [v1_enum] type structure = ( ('Data', '>= 8 # Now let's update the structure objRef = self.get_objRef() objRef = OBJREF_CUSTOM(objRef) encodingUnit = ENCODING_UNIT(objRef['pObjectData']) currentClass = encodingUnit['ObjectBlock']['InstanceType']['CurrentClass'] encodingUnit['ObjectBlock']['InstanceType']['CurrentClass'] = b'' encodingUnit['ObjectBlock']['InstanceType']['NdTable_ValueTable'] = packedNdTable + valueTable encodingUnit['ObjectBlock']['InstanceType']['InstanceHeap']['HeapLength'] = len(instanceHeap) | 0x80000000 encodingUnit['ObjectBlock']['InstanceType']['InstanceHeap']['HeapItem'] = instanceHeap encodingUnit['ObjectBlock']['InstanceType']['EncodingLength'] = len(encodingUnit['ObjectBlock']['InstanceType']) encodingUnit['ObjectBlock']['InstanceType']['CurrentClass'] = currentClass encodingUnit['ObjectEncodingLength'] = len(encodingUnit['ObjectBlock']) #encodingUnit.dump() #ENCODING_UNIT(str(encodingUnit)).dump() objRef['pObjectData'] = encodingUnit return objRef def SpawnInstance(self): # Doing something similar to: # https://docs.microsoft.com/windows/desktop/api/wbemcli/nf-wbemcli-iwbemclassobject-spawninstance # if self.encodingUnit['ObjectBlock'].isInstance() is False: # We need to convert some things to transform a class into an instance encodingUnit = ENCODING_UNIT() instanceData = OBJECT_BLOCK() instanceData.structure += OBJECT_BLOCK.decoration instanceData.structure += OBJECT_BLOCK.instanceType instanceData['ObjectFlags'] = 6 instanceData['Decoration'] = self.encodingUnit['ObjectBlock']['Decoration'].getData() instanceType = INSTANCE_TYPE() instanceType['CurrentClass'] = b'' # Let's create the heap for the parameters instanceHeap = b'' valueTable = b'' parametersClass = ENCODED_STRING() parametersClass['Character'] = self.getClassName() instanceHeap += parametersClass.getData() curHeapPtr = len(instanceHeap) ndTable = 0 properties = self.getProperties() # Let's initialize the values for i, propName in enumerate(properties): propRecord = properties[propName] pType = propRecord['type'] & (~(CIM_ARRAY_FLAG|Inherited)) if propRecord['type'] & CIM_ARRAY_FLAG: # Not yet ready #print paramDefinition #raise packStr = HEAPREF[:-2] else: packStr = CIM_TYPES_REF[pType][:-2] if propRecord['type'] & CIM_ARRAY_FLAG: valueTable += pack(packStr, 0) elif pType not in (CIM_TYPE_ENUM.CIM_TYPE_STRING.value, CIM_TYPE_ENUM.CIM_TYPE_DATETIME.value, CIM_TYPE_ENUM.CIM_TYPE_REFERENCE.value, CIM_TYPE_ENUM.CIM_TYPE_OBJECT.value): valueTable += pack(packStr, 0) elif pType == CIM_TYPE_ENUM.CIM_TYPE_OBJECT.value: # For now we just pack None valueTable += b'\x00'*4 # The default property value is NULL, and it is # inherited from a parent class. ndTable |= 3 << (2*i) else: strIn = ENCODED_STRING() strIn['Character'] = '' valueTable += pack('>= 8 instanceType['NdTable_ValueTable'] = packedNdTable + valueTable instanceType['InstanceQualifierSet'] = b'\x04\x00\x00\x00\x01' instanceType['InstanceHeap'] = HEAP() instanceType['InstanceHeap']['HeapItem'] = instanceHeap instanceType['InstanceHeap']['HeapLength'] = len(instanceHeap) | 0x80000000 instanceType['EncodingLength'] = len(instanceType) instanceType['CurrentClass'] = self.encodingUnit['ObjectBlock']['ClassType']['CurrentClass']['ClassPart'] instanceData['InstanceType'] = instanceType.getData() encodingUnit['ObjectBlock'] = instanceData encodingUnit['ObjectEncodingLength'] = len(instanceData) #ENCODING_UNIT(str(encodingUnit)).dump() objRefCustomIn = OBJREF_CUSTOM() objRefCustomIn['iid'] = self._iid objRefCustomIn['clsid'] = CLSID_WbemClassObject objRefCustomIn['cbExtension'] = 0 objRefCustomIn['ObjectReferenceSize'] = len(encodingUnit) objRefCustomIn['pObjectData'] = encodingUnit # There's gotta be a better way to do this # I will reimplement this stuff once I know it works import copy newObj = copy.deepcopy(self) newObj.set_objRef(objRefCustomIn.getData()) newObj.process_interface(objRefCustomIn.getData()) newObj.encodingUnit = ENCODING_UNIT(encodingUnit.getData()) newObj.parseObject() if newObj.encodingUnit['ObjectBlock'].isInstance() is False: newObj.createMethods(newObj.getClassName(), newObj.getMethods()) else: newObj.createProperties(newObj.getProperties()) return newObj else: return self def createProperties(self, properties): for property in properties: # Do we have an object property? if properties[property]['type'] == CIM_TYPE_ENUM.CIM_TYPE_OBJECT.value: # Yes.. let's create an Object for it too objRef = OBJREF_CUSTOM() objRef['iid'] = self._iid objRef['clsid'] = CLSID_WbemClassObject objRef['cbExtension'] = 0 objRef['ObjectReferenceSize'] = len(properties[property]['value'].getData()) objRef['pObjectData'] = properties[property]['value'] value = IWbemClassObject( INTERFACE(self.get_cinstance(), objRef.getData(), self.get_ipidRemUnknown(), oxid=self.get_oxid(), target=self.get_target())) elif properties[property]['type'] == CIM_TYPE_ENUM.CIM_ARRAY_OBJECT.value: if isinstance(properties[property]['value'], list): value = list() for item in properties[property]['value']: # Yes.. let's create an Object for it too objRef = OBJREF_CUSTOM() objRef['iid'] = self._iid objRef['clsid'] = CLSID_WbemClassObject objRef['cbExtension'] = 0 objRef['ObjectReferenceSize'] = len(item.getData()) objRef['pObjectData'] = item wbemClass = IWbemClassObject( INTERFACE(self.get_cinstance(), objRef.getData(), self.get_ipidRemUnknown(), oxid=self.get_oxid(), target=self.get_target())) value.append(wbemClass) else: value = properties[property]['value'] else: value = properties[property]['value'] setattr(self, property, value) def createMethods(self, classOrInstance, methods): class FunctionPool: def __init__(self,function): self.function = function def __getitem__(self,item): return partial(self.function,item) @FunctionPool def innerMethod(staticArgs, *args): classOrInstance = staticArgs[0] methodDefinition = staticArgs[1] if methodDefinition['InParams'] is not None: if len(args) != len(methodDefinition['InParams']): LOG.error("Function called with %d parameters instead of %d!" % (len(args), len(methodDefinition['InParams']))) return None # In Params encodingUnit = ENCODING_UNIT() inParams = OBJECT_BLOCK() inParams.structure += OBJECT_BLOCK.instanceType inParams['ObjectFlags'] = 2 inParams['Decoration'] = b'' instanceType = INSTANCE_TYPE() instanceType['CurrentClass'] = b'' instanceType['InstanceQualifierSet'] = b'\x04\x00\x00\x00\x01' # Let's create the heap for the parameters instanceHeap = b'' valueTable = b'' parametersClass = ENCODED_STRING() parametersClass['Character'] = '__PARAMETERS' instanceHeap += parametersClass.getData() curHeapPtr = len(instanceHeap) ndTable = 0 for i in range(len(args)): paramDefinition = list(methodDefinition['InParams'].values())[i] inArg = args[i] pType = paramDefinition['type'] & (~(CIM_ARRAY_FLAG|Inherited)) if paramDefinition['type'] & CIM_ARRAY_FLAG: # Not yet ready #print paramDefinition #raise packStr = HEAPREF[:-2] else: packStr = CIM_TYPES_REF[pType][:-2] if paramDefinition['type'] & CIM_ARRAY_FLAG: if inArg is None: valueTable += pack(packStr, 0) elif pType in (CIM_TYPE_ENUM.CIM_TYPE_STRING.value, CIM_TYPE_ENUM.CIM_TYPE_DATETIME.value, CIM_TYPE_ENUM.CIM_TYPE_REFERENCE.value, CIM_TYPE_ENUM.CIM_TYPE_OBJECT.value): arraySize = pack(HEAPREF[:-2], len(inArg)) arrayItems = [] for j in range(len(inArg)): curVal = inArg[j] if pType == CIM_TYPE_ENUM.CIM_TYPE_OBJECT.value: curObject = b'' marshaledObject = curVal.marshalMe() curObject += pack('>= 8 instanceType['NdTable_ValueTable'] = packedNdTable + valueTable heapRecord = HEAP() heapRecord['HeapLength'] = len(instanceHeap) | 0x80000000 heapRecord['HeapItem'] = instanceHeap instanceType['InstanceHeap'] = heapRecord instanceType['EncodingLength'] = len(instanceType) inMethods = methodDefinition['InParamsRaw']['ClassType']['CurrentClass']['ClassPart'] inMethods['ClassHeader']['EncodingLength'] = len( methodDefinition['InParamsRaw']['ClassType']['CurrentClass']['ClassPart'].getData()) instanceType['CurrentClass'] = inMethods inParams['InstanceType'] = instanceType.getData() encodingUnit['ObjectBlock'] = inParams encodingUnit['ObjectEncodingLength'] = len(inParams) objRefCustomIn = OBJREF_CUSTOM() objRefCustomIn['iid'] = self._iid objRefCustomIn['clsid'] = CLSID_WbemClassObject objRefCustomIn['cbExtension'] = 0 objRefCustomIn['ObjectReferenceSize'] = len(encodingUnit) objRefCustomIn['pObjectData'] = encodingUnit else: objRefCustomIn = NULL ### OutParams encodingUnit = ENCODING_UNIT() outParams = OBJECT_BLOCK() outParams.structure += OBJECT_BLOCK.instanceType outParams['ObjectFlags'] = 2 outParams['Decoration'] = b'' instanceType = INSTANCE_TYPE() instanceType['CurrentClass'] = b'' instanceType['NdTable_ValueTable'] = b'' instanceType['InstanceQualifierSet'] = b'' instanceType['InstanceHeap'] = b'' instanceType['EncodingLength'] = len(instanceType) instanceType['CurrentClass'] = methodDefinition['OutParamsRaw']['ClassType']['CurrentClass']['ClassPart'].getData() outParams['InstanceType'] = instanceType.getData() encodingUnit['ObjectBlock'] = outParams encodingUnit['ObjectEncodingLength'] = len(outParams) objRefCustom = OBJREF_CUSTOM() objRefCustom['iid'] = self._iid objRefCustom['clsid'] = CLSID_WbemClassObject objRefCustom['cbExtension'] = 0 objRefCustom['ObjectReferenceSize'] = len(encodingUnit) objRefCustom['pObjectData'] = encodingUnit try: return self.__iWbemServices.ExecMethod(classOrInstance, methodDefinition['name'], pInParams = objRefCustomIn ) #return self.__iWbemServices.ExecMethod('Win32_Process.Handle="436"', methodDefinition['name'], # pInParams=objRefCustomIn).getObject().ctCurrent['properties'] except Exception as e: if LOG.level == logging.DEBUG: import traceback traceback.print_exc() LOG.error(str(e)) for methodName in methods: innerMethod.__name__ = methodName setattr(self,innerMethod.__name__,innerMethod[classOrInstance,methods[methodName]]) #methods = self.encodingUnit['ObjectBlock'] class IWbemLoginClientID(IRemUnknown): def __init__(self, interface): IRemUnknown.__init__(self,interface) self._iid = IID_IWbemLoginClientID def SetClientInfo(self, wszClientMachine, lClientProcId = 1234): request = IWbemLoginClientID_SetClientInfo() request['wszClientMachine'] = checkNullString(wszClientMachine) request['lClientProcId'] = lClientProcId request['lReserved'] = 0 resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) return resp class IWbemLoginHelper(IRemUnknown): def __init__(self, interface): IRemUnknown.__init__(self,interface) self._iid = IID_IWbemLoginHelper def SetEvent(self, sEventToSet): request = IWbemLoginHelper_SetEvent() request['sEventToSet'] = sEventToSet resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) resp.dump() return resp class IWbemWCOSmartEnum(IRemUnknown): def __init__(self, interface): IRemUnknown.__init__(self,interface) self._iid = IID_IWbemWCOSmartEnum def Next(self, proxyGUID, lTimeout, uCount): request = IWbemWCOSmartEnum_Next() request['proxyGUID'] = proxyGUID request['lTimeout'] = lTimeout request['uCount'] = uCount resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) resp.dump() return resp class IWbemFetchSmartEnum(IRemUnknown): def __init__(self, interface): IRemUnknown.__init__(self,interface) self._iid = IID_IWbemFetchSmartEnum def GetSmartEnum(self, lTimeout): request = IWbemFetchSmartEnum_GetSmartEnum() resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) resp.dump() return resp class IWbemCallResult(IRemUnknown): def __init__(self, interface): IRemUnknown.__init__(self,interface) self._iid = IID_IWbemCallResult def GetResultObject(self, lTimeout): request = IWbemCallResult_GetResultObject() request['lTimeout'] = lTimeout resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) resp.dump() return resp def GetResultString(self, lTimeout): request = IWbemCallResult_GetResultString() request['lTimeout'] = lTimeout resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) resp.dump() return resp def GetResultServices(self, lTimeout): request = IWbemCallResult_GetResultServices() request['lTimeout'] = lTimeout resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) resp.dump() return resp def GetCallStatus(self, lTimeout): request = IWbemCallResult_GetCallStatus() request['lTimeout'] = lTimeout resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) return resp['plStatus'] class IEnumWbemClassObject(IRemUnknown): def __init__(self, interface, iWbemServices = None): IRemUnknown.__init__(self,interface) self._iid = IID_IEnumWbemClassObject self.__iWbemServices = iWbemServices def Reset(self): request = IEnumWbemClassObject_Reset() resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) resp.dump() return resp def Next(self, lTimeout, uCount): request = IEnumWbemClassObject_Next() request['lTimeout'] = lTimeout request['uCount'] = uCount resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) interfaces = list() for interface in resp['apObjects']: interfaces.append(IWbemClassObject( INTERFACE(self.get_cinstance(), b''.join(interface['abData']), self.get_ipidRemUnknown(), oxid=self.get_oxid(), target=self.get_target()), self.__iWbemServices)) return interfaces def NextAsync(self, lTimeout, pSink): request = IEnumWbemClassObject_NextAsync() request['lTimeout'] = lTimeout request['pSink'] = pSink resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) resp.dump() return resp def Clone(self): request = IEnumWbemClassObject_Clone() resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) resp.dump() return resp def Skip(self, lTimeout, uCount): request = IEnumWbemClassObject_Skip() request['lTimeout'] = lTimeout request['uCount'] = uCount resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) resp.dump() return resp class IWbemServices(IRemUnknown): def __init__(self, interface): IRemUnknown.__init__(self,interface) self._iid = IID_IWbemServices def OpenNamespace(self, strNamespace, lFlags=0, pCtx = NULL): request = IWbemServices_OpenNamespace() request['strNamespace']['asData'] = strNamespace request['lFlags'] = lFlags request['pCtx'] = pCtx resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) resp.dump() return resp def CancelAsyncCall(self,IWbemObjectSink ): request = IWbemServices_CancelAsyncCall() request['IWbemObjectSink'] = IWbemObjectSink resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) return resp['ErrorCode'] def QueryObjectSink(self): request = IWbemServices_QueryObjectSink() request['lFlags'] = 0 resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) return INTERFACE(self.get_cinstance(), b''.join(resp['ppResponseHandler']['abData']), self.get_ipidRemUnknown(), target=self.get_target()) def GetObject(self, strObjectPath, lFlags=0, pCtx=NULL): request = IWbemServices_GetObject() request['strObjectPath']['asData'] = strObjectPath request['lFlags'] = lFlags request['pCtx'] = pCtx resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) ppObject = IWbemClassObject( INTERFACE(self.get_cinstance(), b''.join(resp['ppObject']['abData']), self.get_ipidRemUnknown(), oxid=self.get_oxid(), target=self.get_target()), self) if resp['ppCallResult'] != NULL: ppcallResult = IWbemCallResult( INTERFACE(self.get_cinstance(), b''.join(resp['ppObject']['abData']), self.get_ipidRemUnknown(), target=self.get_target())) else: ppcallResult = NULL return ppObject, ppcallResult def GetObjectAsync(self, strNamespace, lFlags=0, pCtx = NULL): request = IWbemServices_GetObjectAsync() request['strObjectPath']['asData'] = checkNullString(strNamespace) request['lFlags'] = lFlags request['pCtx'] = pCtx resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) resp.dump() return resp def PutClass(self, pObject, lFlags=0, pCtx=NULL): request = IWbemServices_PutClass() request['pObject'] = pObject request['lFlags'] = lFlags request['pCtx'] = pCtx resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) resp.dump() return resp def PutClassAsync(self, pObject, lFlags=0, pCtx=NULL): request = IWbemServices_PutClassAsync() request['pObject'] = pObject request['lFlags'] = lFlags request['pCtx'] = pCtx resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) resp.dump() return resp def DeleteClass(self, strClass, lFlags=0, pCtx=NULL): request = IWbemServices_DeleteClass() request['strClass']['asData'] = checkNullString(strClass) request['lFlags'] = lFlags request['pCtx'] = pCtx resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) resp.dump() return resp def DeleteClassAsync(self, strClass, lFlags=0, pCtx=NULL): request = IWbemServices_DeleteClassAsync() request['strClass']['asData'] = checkNullString(strClass) request['lFlags'] = lFlags request['pCtx'] = pCtx resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) resp.dump() return resp def CreateClassEnum(self, strSuperClass, lFlags=0, pCtx=NULL): request = IWbemServices_CreateClassEnum() request['strSuperClass']['asData'] = checkNullString(strSuperClass) request['lFlags'] = lFlags request['pCtx'] = pCtx resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) resp.dump() return resp def CreateClassEnumAsync(self, strSuperClass, lFlags=0, pCtx=NULL): request = IWbemServices_CreateClassEnumAsync() request['strSuperClass']['asData'] = checkNullString(strSuperClass) request['lFlags'] = lFlags request['pCtx'] = pCtx resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) resp.dump() return resp def PutInstance(self, pInst, lFlags=0, pCtx=NULL): request = IWbemServices_PutInstance() if pInst is NULL: request['pInst'] = pInst else: request['pInst']['ulCntData'] = len(pInst) request['pInst']['abData'] = list(pInst.getData()) request['lFlags'] = lFlags request['pCtx'] = pCtx resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) return IWbemCallResult( INTERFACE(self.get_cinstance(), b''.join(resp['ppCallResult']['abData']), self.get_ipidRemUnknown(), target=self.get_target())) def PutInstanceAsync(self, pInst, lFlags=0, pCtx=NULL): request = IWbemServices_PutInstanceAsync() request['pInst'] = pInst request['lFlags'] = lFlags request['pCtx'] = pCtx resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) resp.dump() return resp def DeleteInstance(self, strObjectPath, lFlags=0, pCtx=NULL): request = IWbemServices_DeleteInstance() request['strObjectPath']['asData'] = checkNullString(strObjectPath) request['lFlags'] = lFlags request['pCtx'] = pCtx resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) return IWbemCallResult( INTERFACE(self.get_cinstance(), b''.join(resp['ppCallResult']['abData']), self.get_ipidRemUnknown(), target=self.get_target())) def DeleteInstanceAsync(self, strObjectPath, lFlags=0, pCtx=NULL): request = IWbemServices_DeleteInstanceAsync() request['strObjectPath']['asData'] = checkNullString(strObjectPath) request['lFlags'] = lFlags request['pCtx'] = pCtx resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) resp.dump() return resp def CreateInstanceEnum(self, strSuperClass, lFlags=0, pCtx=NULL): request = IWbemServices_CreateInstanceEnum() request['strSuperClass']['asData'] = strSuperClass request['lFlags'] = lFlags request['pCtx'] = pCtx resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) resp.dump() return IEnumWbemClassObject( INTERFACE(self.get_cinstance(), b''.join(resp['ppEnum']['abData']), self.get_ipidRemUnknown(), target=self.get_target())) def CreateInstanceEnumAsync(self, strSuperClass, lFlags=0, pCtx=NULL): request = IWbemServices_CreateInstanceEnumAsync() request['strSuperClass']['asData'] = checkNullString(strSuperClass) request['lFlags'] = lFlags request['pCtx'] = pCtx resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) resp.dump() return resp #def ExecQuery(self, strQuery, lFlags=WBEM_QUERY_FLAG_TYPE.WBEM_FLAG_PROTOTYPE, pCtx=NULL): def ExecQuery(self, strQuery, lFlags=0, pCtx=NULL): request = IWbemServices_ExecQuery() request['strQueryLanguage']['asData'] = checkNullString('WQL') request['strQuery']['asData'] = checkNullString(strQuery) request['lFlags'] = lFlags request['pCtx'] = pCtx resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) return IEnumWbemClassObject( INTERFACE(self.get_cinstance(), b''.join(resp['ppEnum']['abData']), self.get_ipidRemUnknown(), target=self.get_target()), self) def ExecQueryAsync(self, strQuery, lFlags=0, pCtx=NULL): request = IWbemServices_ExecQueryAsync() request['strQueryLanguage']['asData'] = checkNullString('WQL') request['strQuery']['asData'] = checkNullString(strQuery) request['lFlags'] = lFlags request['pCtx'] = pCtx resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) resp.dump() return resp def ExecNotificationQuery(self, strQuery, lFlags=0, pCtx=NULL): request = IWbemServices_ExecNotificationQuery() request['strQueryLanguage']['asData'] = checkNullString('WQL') request['strQuery']['asData'] = checkNullString(strQuery) request['lFlags'] = lFlags request['pCtx'] = pCtx resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) return IEnumWbemClassObject( INTERFACE(self.get_cinstance(), b''.join(resp['ppEnum']['abData']), self.get_ipidRemUnknown(), target=self.get_target()), self) def ExecNotificationQueryAsync(self, strQuery, lFlags=0, pCtx=NULL): request = IWbemServices_ExecNotificationQueryAsync() request['strQueryLanguage']['asData'] = checkNullString('WQL') request['strQuery']['asData'] = checkNullString(strQuery) request['lFlags'] = lFlags request['pCtx'] = pCtx resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) resp.dump() return resp def ExecMethod(self, strObjectPath, strMethodName, lFlags=0, pCtx=NULL, pInParams=NULL, ppOutParams = NULL): request = IWbemServices_ExecMethod() request['strObjectPath']['asData'] = checkNullString(strObjectPath) request['strMethodName']['asData'] = checkNullString(strMethodName) request['lFlags'] = lFlags request['pCtx'] = pCtx if pInParams is NULL: request['pInParams'] = pInParams else: request['pInParams']['ulCntData'] = len(pInParams) request['pInParams']['abData'] = list(pInParams.getData()) request.fields['ppCallResult'] = NULL if ppOutParams is NULL: request.fields['ppOutParams'].fields['Data'] = NULL else: request['ppOutParams']['ulCntData'] = len(ppOutParams.getData()) request['ppOutParams']['abData'] = list(ppOutParams.getData()) resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) return IWbemClassObject( INTERFACE(self.get_cinstance(), b''.join(resp['ppOutParams']['abData']), self.get_ipidRemUnknown(), oxid=self.get_oxid(), target=self.get_target())) def ExecMethodAsync(self, strObjectPath, strMethodName, lFlags=0, pCtx=NULL, pInParams=NULL): request = IWbemServices_ExecMethodAsync() request['strObjectPath']['asData'] = checkNullString(strObjectPath) request['strMethodName']['asData'] = checkNullString(strMethodName) request['lFlags'] = lFlags request['pCtx'] = pCtx request['pInParams'] = pInParams resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) resp.dump() return resp class IWbemLevel1Login(IRemUnknown): def __init__(self, interface): IRemUnknown.__init__(self,interface) self._iid = IID_IWbemLevel1Login def EstablishPosition(self): request = IWbemLevel1Login_EstablishPosition() request['reserved1'] = NULL request['reserved2'] = 0 resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) return resp['LocaleVersion'] def RequestChallenge(self): request = IWbemLevel1Login_RequestChallenge() request['reserved1'] = NULL request['reserved2'] = NULL resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) return resp['reserved3'] def WBEMLogin(self): request = IWbemLevel1Login_WBEMLogin() request['reserved1'] = NULL request['reserved2'] = NULL request['reserved3'] = 0 request['reserved4'] = NULL resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) return resp['reserved5'] def NTLMLogin(self, wszNetworkResource, wszPreferredLocale, pCtx): request = IWbemLevel1Login_NTLMLogin() request['wszNetworkResource'] = checkNullString(wszNetworkResource) request['wszPreferredLocale'] = checkNullString(wszPreferredLocale) request['lFlags'] = 0 request['pCtx'] = pCtx resp = self.request(request, iid = self._iid, uuid = self.get_iPid()) return IWbemServices( INTERFACE(self.get_cinstance(), b''.join(resp['ppNamespace']['abData']), self.get_ipidRemUnknown(), target=self.get_target())) if __name__ == '__main__': # Example 1 baseClass = b'xV4\x12\xd0\x00\x00\x00\x05\x00DPRAVAT-DEV\x00\x00ROOT\x00\x1d\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80f\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\n\x00\x00\x00\x05\xff\xff\xff\xff<\x00\x00\x80\x00Base\x00\x00Id\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x00\x00\x00\n\x00\x00\x80\x03\x08\x00\x00\x004\x00\x00\x00\x01\x00\x00\x80\x13\x0b\x00\x00\x00\xff\xff\x00sint32\x00\x0c\x00\x00\x00\x00\x004\x00\x00\x00\x00\x80\x00\x80\x13\x0b\x00\x00\x00\xff\xff\x00sint32\x00' #encodingUnit = ENCODING_UNIT(baseClass) #encodingUnit.dump() #encodingUnit['ObjectBlock'].printInformation() #print "LEN ", len(baseClass), len(encodingUnit) #myClass = b"xV4\x12.\x02\x00\x00\x05\x00DPRAVAT-DEV\x00\x00ROOT\x00f\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\n\x00\x00\x00\x05\xff\xff\xff\xff<\x00\x00\x80\x00Base\x00\x00Id\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x00\x00\x00\n\x00\x00\x80\x03\x08\x00\x00\x004\x00\x00\x00\x01\x00\x00\x80\x13\x0b\x00\x00\x00\xff\xff\x00sint32\x00\x0c\x00\x00\x00\x00\x004\x00\x00\x00\x00\x80v\x01\x00\x00\x00\x00\x00\x00\x00\x11\x00\x00\x00\x0e\x00\x00\x00\x00Base\x00\x06\x00\x00\x00\x11\x00\x00\x00\t\x00\x00\x00\x00\x08\x00\x00\x00\x16\x00\x00\x00\x04\x00\x00\x00'\x00\x00\x00.\x00\x00\x00U\x00\x00\x00\\\x00\x00\x00\x99\x00\x00\x00\xa0\x00\x00\x00\xc7\x00\x00\x00\xcb\x00\x00\x00G\xff\xff\xff\xff\xff\xff\xff\xff\xfd\x00\x00\x00\xff\xff\xff\xff\x11\x01\x00\x80\x00MyClass\x00\x00Description\x00\x00MyClass Example\x00\x00Array\x00\x13 \x00\x00\x03\x00\x0c\x00\x00\x00\x01\x00\x00\x00\x11\x00\x00\x00\n\x00\x00\x80\x03\x08\x00\x00\x00M\x00\x00\x00\x00uint32\x00\x00Data1\x00\x08\x00\x00\x00\x01\x00\x04\x00\x00\x00\x01\x00\x00\x00'\x00\x00\x00\n\x00\x00\x80\x03\x08\x00\x00\x00\x91\x00\x00\x00\x03\x00\x00\x80\x00\x0b\x00\x00\x00\xff\xff\x04\x00\x00\x80\x00\x0b\x00\x00\x00\xff\xff\x00string\x00\x00Data2\x00\x08\x00\x00\x00\x02\x00\x08\x00\x00\x00\x01\x00\x00\x00\x11\x00\x00\x00\n\x00\x00\x80\x03\x08\x00\x00\x00\xbf\x00\x00\x00\x00string\x00\x00Id\x00\x03@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x00\x00\x00\n\x00\x00\x80#\x08\x00\x00\x00\xf5\x00\x00\x00\x01\x00\x00\x803\x0b\x00\x00\x00\xff\xff\x00sint32\x00\x00defaultValue\x00\x00\x00\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00s\x00\x00\x00\x802\x00\x00defaultValue\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00" #hexdump(myClass) #encodingUnit = ENCODING_UNIT(myClass) #print "LEN ", len(myClass), len(encodingUnit) #encodingUnit.dump() #encodingUnit['ObjectBlock'].printInformation() #instanceMyClass = b"xV4\x12\xd3\x01\x00\x00\x06\x00DPRAVAT-DEV\x00\x00ROOT\x00v\x01\x00\x00\x00\x00\x00\x00\x00\x11\x00\x00\x00\x0e\x00\x00\x00\x00Base\x00\x06\x00\x00\x00\x11\x00\x00\x00\t\x00\x00\x00\x00\x08\x00\x00\x00\x16\x00\x00\x00\x04\x00\x00\x00'\x00\x00\x00.\x00\x00\x00U\x00\x00\x00\\\x00\x00\x00\x99\x00\x00\x00\xa0\x00\x00\x00\xc7\x00\x00\x00\xcb\x00\x00\x00G\xff\xff\xff\xff\xff\xff\xff\xff\xfd\x00\x00\x00\xff\xff\xff\xff\x11\x01\x00\x80\x00MyClass\x00\x00Description\x00\x00MyClass Example\x00\x00Array\x00\x13 \x00\x00\x03\x00\x0c\x00\x00\x00\x01\x00\x00\x00\x11\x00\x00\x00\n\x00\x00\x80\x03\x08\x00\x00\x00M\x00\x00\x00\x00uint32\x00\x00Data1\x00\x08\x00\x00\x00\x01\x00\x04\x00\x00\x00\x01\x00\x00\x00'\x00\x00\x00\n\x00\x00\x80\x03\x08\x00\x00\x00\x91\x00\x00\x00\x03\x00\x00\x80\x00\x0b\x00\x00\x00\xff\xff\x04\x00\x00\x80\x00\x0b\x00\x00\x00\xff\xff\x00string\x00\x00Data2\x00\x08\x00\x00\x00\x02\x00\x08\x00\x00\x00\x01\x00\x00\x00\x11\x00\x00\x00\n\x00\x00\x80\x03\x08\x00\x00\x00\xbf\x00\x00\x00\x00string\x00\x00Id\x00\x03@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x00\x00\x00\n\x00\x00\x80#\x08\x00\x00\x00\xf5\x00\x00\x00\x01\x00\x00\x803\x0b\x00\x00\x00\xff\xff\x00sint32\x00\x00defaultValue\x00\x00\x00\x00\x00\x00\x00I\x00\x00\x00\x00\x00\x00\x00\x00 {\x00\x00\x00\x19\x00\x00\x00\x00\x00\x00\x00\t\x00\x00\x00\x04\x00\x00\x00\x01&\x00\x00\x80\x00MyClass\x00\x03\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\x03\x00\x00\x00\x00StringField\x00" #encodingUnit = ENCODING_UNIT(instanceMyClass) #encodingUnit.dump() #encodingUnit['ObjectBlock'].printInformation()