Nmap Development mailing list archives
Status Report #9 of 15
From: Dražen Popović <drazen.popovic () fer hr>
Date: Tue, 29 Jun 2010 05:49:20 +0200
Hi everyone. This week passed quickly and I can say that the "ndr.lua" library is progressing very well...So: Accomplishments: * "ndr.lua" now packs every kind of NDR arrays with arbitrary dimensions. * Began fighting NDR structure packing. I have encountered a few issues that drained the life out of me, but in the end it all worked out pretty well. For example, while trying to pack NDR arrays I turned to PIDL(version 0.02) to see its --ndr-parser output which produces the NDR parser which SAMBA uses. Then I noticed that their array packing is also incorrect. What next? Oh yes...So far Windows NDR implementation was acting very well, specification compliant. But it seems that even they didn't follow the whole NDR specification. To be more precise [1] Chapter: "14.3.2 Alignment of Constructed Types", which deals with structure packing and array packing which are contained within the structure itself. The following is the specification which MSF ndr engine [2] doesn't seem to implement: " The fields within the structure are aligned according to the following rules: ... Array alignment is the largest alignment of the array element type and the size information type, if any. " MSF ndr engine simply takes the element alignment as the array alignment. Thanks to Wireshark for existing because otherwise this would be hell. * Figured out the layered design concept which will hide the internal workings of "ndr.lua" from the programmer. "ndr.lua" consists of two base classes "NDR" and "NDR_Type". The "NDR_Type" class was introduced to emulate the data types that Lua lacks (such as pointers). With just a few rules when programming with NSE MSRPC it's possible to hide these classes from the programmer. Priorities: * Finish packing arrays within structures. * Pack pointers and pointers within structures (embedded). * When done, clean the code a little bit and start with unpacking. * When done =),then it's time to put "ndr.lua" to real life testing. The first integration iteration will consist of editing "msrpc.lua" RPC stubs needed for "smb-enum-processes.nse", of course by using "ndr.lua". Notes: This irregularity I've mentioned concerning MSFs NDR engine needs to be tested some more with some additional RPC stubs (test cases). Also I'm curious of how are DRAZEN_SVC and "cli-drazen-svc.nse" acting on newer Win distros (Vista,7,2008), so if someone is willing to give it a whirl. There "really" shouldn't be any difference. References: [1] http://www.opengroup.org/onlinepubs/9629399/toc.htm [2] http://msdn.microsoft.com/en-us/library/ms764233%28v=VS.85%29.aspx Cheers, Dražen. -- Laboratory for Systems and Signals Department of Electronic Systems and Information Processing Faculty of Electrical Engineering and Computing University of Zagreb _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- status report #9 of 15 kirubakaran S (Jun 28)
- Re: status report #9 of 15 David Fifield (Jun 28)
- <Possible follow-ups>
- Status report #9 of 15 ithilgore (Jun 28)
- Status Report #9 of 15 Dražen Popović (Jun 28)
- Status Report #9 of 15 alexandru (Jun 28)
- Status Report #9 of 15 Djalal Harouni (Jun 29)
- Status Report #9 of 15 Luis MartinGarcia. (Jun 29)