Commit d8f99d73 authored by ussrhero's avatar ussrhero
Browse files

Merge branch 'patch-2' into '0.3.2'

Update nbl.py - fixed typos

See merge request !9
parents af9127d5 33787db5
# #
# #
# #
from optparse import OptionParser from optparse import OptionParser
from pykd import * from pykd import *
IPv4 = 0x0008 IPv4 = 0x0008
ARP = 0x0608 ARP = 0x0608
IPv6 = 0xdd86 IPv6 = 0xdd86
ICMP_PROTO = 0x01 ICMP_PROTO = 0x01
UDP_PROTO = 0x11 UDP_PROTO = 0x11
TCP_PROTO = 0x06 TCP_PROTO = 0x06
NET_BUFFER_LIST = None NET_BUFFER_LIST = None
MDL = None MDL = None
NET_BUFFER = None NET_BUFFER = None
def getNdisTypesInfo(): def getNdisTypesInfo():
ndis = module("ndis") ndis = module("ndis")
global NET_BUFFER_LIST global NET_BUFFER_LIST
global MDL global MDL
global NET_BUFFER global NET_BUFFER
try: try:
NET_BUFFER_LIST = ndis.type("_NET_BUFFER_LIST") NET_BUFFER_LIST = ndis.type("_NET_BUFFER_LIST")
MDL = ndis.type("_MDL") MDL = ndis.type("_MDL")
NET_BUFFER = ndis.type("_NET_BUFFER") NET_BUFFER = ndis.type("_NET_BUFFER")
except SymbolException: except SymbolException:
NET_BUFFER_LIST =typeInfo("_NET_BUFFER_LIST") NET_BUFFER_LIST =typeInfo("_NET_BUFFER_LIST")
MDL = typeInfo("_MDL") MDL = typeInfo("_MDL")
NET_BUFFER = typeInfo("_NET_BUFFER") NET_BUFFER = typeInfo("_NET_BUFFER")
def getHostWord( dataPos ): def getHostWord( dataPos ):
return ( dataPos.next() << 8 ) + dataPos.next() return ( dataPos.next() << 8 ) + dataPos.next()
def getNetWord( dataPos ): def getNetWord( dataPos ):
return dataPos.next() + ( dataPos.next() << 8 ) return dataPos.next() + ( dataPos.next() << 8 )
def getHostDWord( dataPos ): def getHostDWord( dataPos ):
return ( dataPos.next() << 24 ) + ( dataPos.next() << 16 ) + ( dataPos.next() << 8 ) + dataPos.next() return ( dataPos.next() << 24 ) + ( dataPos.next() << 16 ) + ( dataPos.next() << 8 ) + dataPos.next()
def getNetDWord( dataPos ): def getNetDWord( dataPos ):
return dataPos.next() + ( dataPos.next() << 8 ) + ( dataPos.next() << 16 ) + ( dataPos.next() << 24 ) return dataPos.next() + ( dataPos.next() << 8 ) + ( dataPos.next() << 16 ) + ( dataPos.next() << 24 )
class UdpPacket: class UdpPacket:
def __init__( self, dataPos ): def __init__( self, dataPos ):
self.parsed = False self.parsed = False
try: try:
self.sourcePort = getHostWord( dataPos ) self.sourcePort = getHostWord( dataPos )
self.destPort = getHostWord( dataPos ) self.destPort = getHostWord( dataPos )
self.length = getHostWord( dataPos ) self.length = getHostWord( dataPos )
self.checksum = getHostWord( dataPos ) self.checksum = getHostWord( dataPos )
self.parsed = True self.parsed = True
except StopIteration: except StopIteration:
pass pass
def __str__( self ): def __str__( self ):
s = "UDP header: " s = "UDP header: "
if self.parsed: if self.parsed:
s += "OK\n" s += "OK\n"
s += "\tSrc port: %d\n" % self.sourcePort s += "\tSrc port: %d\n" % self.sourcePort
s += "\tDest port: %d\n" % self.destPort s += "\tDest port: %d\n" % self.destPort
s += "\tLength: %d\n" % self.length s += "\tLength: %d\n" % self.length
s += "\tChecksum: %#x\n" % self.checksum s += "\tChecksum: %#x\n" % self.checksum
s += "\n" s += "\n"
else: else:
s += "MALFORMED\n" s += "MALFORMED\n"
return s return s
class TcpPacket: class TcpPacket:
def __init__( self, dataPos ): def __init__( self, dataPos ):
self.parsed = False self.parsed = False
try: try:
self.parsed = True self.parsed = True
self.sourcePort = getHostWord( dataPos ) self.sourcePort = getHostWord( dataPos )
self.destPort = getHostWord( dataPos ) self.destPort = getHostWord( dataPos )
self.SeqNumber = getHostDWord( dataPos ) self.SeqNumber = getHostDWord( dataPos )
self.AckNumber = getHostDWord( dataPos ) self.AckNumber = getHostDWord( dataPos )
self.dataOffset = ( dataPos.next() >> 4 ) self.dataOffset = ( dataPos.next() >> 4 )
self.flags = dataPos.next() & 0x3F self.flags = dataPos.next() & 0x3F
self.window = getHostWord( dataPos ) self.window = getHostWord( dataPos )
self.checksum = getHostWord( dataPos ) self.checksum = getHostWord( dataPos )
self.urgentPointer = getHostWord( dataPos ) self.urgentPointer = getHostWord( dataPos )
except StopIteration: except StopIteration:
pass pass
def __str__( self ): def __str__( self ):
s = "TCP header: " s = "TCP header: "
fl = [ "FIN", "SYN","RST", "PSH", "ACK", "URG" ] fl = [ "FIN", "SYN","RST", "PSH", "ACK", "URG" ]
if self.parsed: if self.parsed:
s += "OK\n" s += "OK\n"
s += "\tSrc port: %d\n" % self.sourcePort s += "\tSrc port: %d\n" % self.sourcePort
s += "\tDest port: %d\n" % self.destPort s += "\tDest port: %d\n" % self.destPort
s += "\tSEQ: %x\n" % self.SeqNumber s += "\tSEQ: %x\n" % self.SeqNumber
s += "\tACK: %x\n" % self.AckNumber s += "\tACK: %x\n" % self.AckNumber
s += "\tFlags: %x ( %s )\n" % ( self.flags, " ".join( [ fl[i] for i in xrange( len(fl) ) if ( self.flags & ( 1 << i ) ) != 0 ] ) ) s += "\tFlags: %x ( %s )\n" % ( self.flags, " ".join( [ fl[i] for i in xrange( len(fl) ) if ( self.flags & ( 1 << i ) ) != 0 ] ) )
s += "\tWindows: %x\n" % self.window s += "\tWindows: %x\n" % self.window
s += "\tChecksum: %x\n" % self.checksum s += "\tChecksum: %x\n" % self.checksum
else: else:
s += "MALFORMED\n" s += "MALFORMED\n"
return s return s
class ArpPacket: class ArpPacket:
def __init__( self, dataPos ): def __init__( self, dataPos ):
pass pass
def __str__( self ): def __str__( self ):
return "" return ""
class IpAddress: class IpAddress:
def __init__( self, dataPos ): def __init__( self, dataPos ):
self.addr = [ dataPos.next() for i in xrange(4) ] self.addr = [ dataPos.next() for i in xrange(4) ]
def __str__( self ): def __str__( self ):
return "%d.%d.%d.%d" % tuple( self.addr[0:4] ) return "%d.%d.%d.%d" % tuple( self.addr[0:4] )
class Ip6Address: class Ip6Address:
def __init__( self, dataPos ): def __init__( self, dataPos ):
self.addr = [ getHostWord( dataPos ) for i in xrange(8) ] self.addr = [ getHostWord( dataPos ) for i in xrange(8) ]
def __str__( self ): def __str__( self ):
return "%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x" % tuple( self.addr ) return "%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x" % tuple( self.addr )
class IpProtocol: class IpProtocol:
def __init__( self, dataPos ): def __init__( self, dataPos ):
self.typeVal = dataPos.next() self.typeVal = dataPos.next()
def isICMP( self ): def isICMP( self ):
return self.typeVal==ICMP_PROTO return self.typeVal==ICMP_PROTO
def isUDP( self ): def isUDP( self ):
return self.typeVal==UDP_PROTO return self.typeVal==UDP_PROTO
def isTCP( self ): def isTCP( self ):
return self.typeVal==TCP_PROTO return self.typeVal==TCP_PROTO
def __str__( self ): def __str__( self ):
return { ICMP_PROTO: "ICMP", UDP_PROTO: "UDP", TCP_PROTO: "TCP" }.get( self.typeVal, hex(self.typeVal) ) return { ICMP_PROTO: "ICMP", UDP_PROTO: "UDP", TCP_PROTO: "TCP" }.get( self.typeVal, hex(self.typeVal) )
def getNextLayerPacket( self, dataPos ): def getNextLayerPacket( self, dataPos ):
return { return {
ICMP_PROTO : lambda x : "", ICMP_PROTO : lambda x : "",
UDP_PROTO : lambda x : UdpPacket(x), UDP_PROTO : lambda x : UdpPacket(x),
TCP_PROTO : lambda x : TcpPacket(x) TCP_PROTO : lambda x : TcpPacket(x)
}.get( self.typeVal, lambda x : "Unknown protocol" )(dataPos) }.get( self.typeVal, lambda x : "Unknown protocol" )(dataPos)
class IpPacket: class IpPacket:
def __init__( self, dataPos ): def __init__( self, dataPos ):
self.parsed = False self.parsed = False
try: try:
version = dataPos.next() version = dataPos.next()
self.ihl = version & 0xF self.ihl = version & 0xF
self.version = version >> 4 self.version = version >> 4
self.tos = dataPos.next() self.tos = dataPos.next()
self.TotalLength = getHostWord( dataPos ) self.TotalLength = getHostWord( dataPos )
self.ident = getHostWord( dataPos ) self.ident = getHostWord( dataPos )
frag = getHostWord( dataPos ) frag = getHostWord( dataPos )
self.offset = frag & 0x1FFF self.offset = frag & 0x1FFF
self.flags = frag >> 13 self.flags = frag >> 13
self.ttl = dataPos.next() self.ttl = dataPos.next()
self.protocol = IpProtocol( dataPos ) self.protocol = IpProtocol( dataPos )
self.checlsum = getNetWord( dataPos ) self.checlsum = getNetWord( dataPos )
self.srcAddr = IpAddress( dataPos ) self.srcAddr = IpAddress( dataPos )
self.destAddr = IpAddress( dataPos ) self.destAddr = IpAddress( dataPos )
if self.offset == 0: if self.offset == 0:
self.nextLayerPckt = self.protocol.getNextLayerPacket( dataPos ) self.nextLayerPckt = self.protocol.getNextLayerPacket( dataPos )
else: else:
self.nextLayerPckt = "" self.nextLayerPckt = ""
self.parsed = True self.parsed = True
except StopIteration: except StopIteration:
pass pass
def __str__( self ): def __str__( self ):
s = "IPv4 header: " s = "IPv4 header: "
if self.parsed: if self.parsed:
s += "OK\n" s += "OK\n"
s += "\tversion: %x\n" % self.version s += "\tversion: %x\n" % self.version
s += "\theader length: %d bytes\n" % ( self.ihl * 4 ) s += "\theader length: %d bytes\n" % ( self.ihl * 4 )
s += "\ttotal length: %d bytes\n" % self.TotalLength s += "\ttotal length: %d bytes\n" % self.TotalLength
s += "\tID: %x\n" % self.ident s += "\tID: %x\n" % self.ident
s += "\tflags: %x\n" % self.flags s += "\tflags: %x\n" % self.flags
s += "\toffset: %x" % ( self.offset * 8) s += "\toffset: %x" % ( self.offset * 8)
if ( self.offset == 0 ) and ( self.flags & 0x4 == 0 ): if ( self.offset == 0 ) and ( self.flags & 0x4 == 0 ):
s += " (not fargmented)\n" s += " (not fragmented)\n"
elif self.offset == 0 : elif self.offset == 0 :
s += " (first fragment)\n" s += " (first fragment)\n"
elif not ( self.flags & 0x4 == 0 ): elif not ( self.flags & 0x4 == 0 ):
s += " (fragmented)\n" s += " (fragmented)\n"
else: else:
s += " (last fragment)\n" s += " (last fragment)\n"
s += "\tprotocol: " + str( self.protocol ) + "\n" s += "\tprotocol: " + str( self.protocol ) + "\n"
s += "\tTTL: %d\n" % self.ttl s += "\tTTL: %d\n" % self.ttl
s += "\tSrc addr: " + str(self.srcAddr) + "\n" s += "\tSrc addr: " + str(self.srcAddr) + "\n"
s += "\tDest addr: " + str(self.destAddr) + "\n" s += "\tDest addr: " + str(self.destAddr) + "\n"
s += str( self.nextLayerPckt ) s += str( self.nextLayerPckt )
else: else:
s += "MALFORMED\n" s += "MALFORMED\n"
return s return s
class Ip6Packet(): class Ip6Packet():
def __init__( self, dataPos ): def __init__( self, dataPos ):
self.parsed = False self.parsed = False
try: try:
t = getHostDWord( dataPos ) t = getHostDWord( dataPos )
self.version = ( t >> 28 ) & 0xF self.version = ( t >> 28 ) & 0xF
self.trafficClass = ( t >> 20 ) & 0xFF self.trafficClass = ( t >> 20 ) & 0xFF
self.flowLabel = t & 0xFFF self.flowLabel = t & 0xFFF
self.payloadLength = getNetWord( dataPos ) self.payloadLength = getNetWord( dataPos )
self.nextHeader = IpProtocol( dataPos ) self.nextHeader = IpProtocol( dataPos )
self.hopLimit = dataPos.next() self.hopLimit = dataPos.next()
self.srcAddr = Ip6Address( dataPos ) self.srcAddr = Ip6Address( dataPos )
self.destAddr = Ip6Address( dataPos ) self.destAddr = Ip6Address( dataPos )
self.nextLayerPckt = self.nextHeader.getNextLayerPacket( dataPos ) self.nextLayerPckt = self.nextHeader.getNextLayerPacket( dataPos )
self.parsed = True self.parsed = True
except StopIteration: except StopIteration:
pass pass
def __str__( self ): def __str__( self ):
s = "IPv6 header: " s = "IPv6 header: "
if self.parsed: if self.parsed:
s += "OK\n" s += "OK\n"
s += "\tversion: %x\n" % self.version s += "\tversion: %x\n" % self.version
s += "\ttraffic class %x\n" % self.trafficClass s += "\ttraffic class %x\n" % self.trafficClass
s += "\tflowLabel: %x\n" % self.flowLabel s += "\tflowLabel: %x\n" % self.flowLabel
s += "\tpayloadLength: %x\n" % self.payloadLength s += "\tpayloadLength: %x\n" % self.payloadLength
s += "\tnextHeader: " + str( self.nextHeader ) + "\n" s += "\tnextHeader: " + str( self.nextHeader ) + "\n"
s += "\thopLimit: %d\n" % self.hopLimit s += "\thopLimit: %d\n" % self.hopLimit
s += "\tsrcAddr: " + str(self.srcAddr) + "\n" s += "\tsrcAddr: " + str(self.srcAddr) + "\n"
s += "\tdestAddr: " + str(self.destAddr) + "\n" s += "\tdestAddr: " + str(self.destAddr) + "\n"
s += str( self.nextLayerPckt ) s += str( self.nextLayerPckt )
else: else:
s += "MALFORMED\n" s += "MALFORMED\n"
return s return s
class ARPPacket(): class ARPPacket():
def __init__( self, dataPos ): def __init__( self, dataPos ):
self.parsed = False self.parsed = False
try: try:
self.HWType = getNetWord( dataPos ) self.HWType = getNetWord( dataPos )
self.PType = getNetWord( dataPos ) self.PType = getNetWord( dataPos )
self.HLen = dataPos.next() self.HLen = dataPos.next()
self.PLen = dataPos.next() self.PLen = dataPos.next()
self.oper = getNetWord( dataPos ) self.oper = getNetWord( dataPos )
self.senderHWAddr = EthernetAddress( dataPos ) self.senderHWAddr = EthernetAddress( dataPos )
self.senderPAddr = IpAddress( dataPos ) self.senderPAddr = IpAddress( dataPos )
self.targetHWAddr = EthernetAddress( dataPos ) self.targetHWAddr = EthernetAddress( dataPos )
self.targetPAddr = IpAddress( dataPos ) self.targetPAddr = IpAddress( dataPos )
self.parsed = True self.parsed = True
except StopIteration: except StopIteration:
pass pass
def __str__( self ): def __str__( self ):
s = "ARP Packet: " s = "ARP Packet: "
if self.parsed: if self.parsed:
s += "OK\n" s += "OK\n"
s += { 0x100: "REQUEST", 0x200: "REPLAY" }.get(self.oper, hex(self.oper) ) + "\n" s += { 0x100: "REQUEST", 0x200: "REPLAY" }.get(self.oper, hex(self.oper) ) + "\n"
s += "HTYPE: " + { 0x100: "Ethernet", }.get( self.HWType, hex( self.HWType) ) + " " s += "HTYPE: " + { 0x100: "Ethernet", }.get( self.HWType, hex( self.HWType) ) + " "
s += "PTYPE: " + { IPv4: "IPv4", }.get( self.PType, hex( self.PType) ) + " " s += "PTYPE: " + { IPv4: "IPv4", }.get( self.PType, hex( self.PType) ) + " "
s += "HLEN: %x " % self.HLen s += "HLEN: %x " % self.HLen
s += "PLEN: %x " % self.PLen s += "PLEN: %x " % self.PLen
s += "\nSender: " + str(self.senderHWAddr) + " " + str( self.senderPAddr ) s += "\nSender: " + str(self.senderHWAddr) + " " + str( self.senderPAddr )
s += "\nTarget: " + str(self.targetHWAddr) + " " + str( self.targetPAddr ) + "\n" s += "\nTarget: " + str(self.targetHWAddr) + " " + str( self.targetPAddr ) + "\n"
else: else:
s += "MALFORMED\n" s += "MALFORMED\n"
return s return s