hsH dZddlZddlZddlmZmZmZmZmZddlm Z ddl m Z ddl m Z ddlmZddlmZmZmZmZmZmZd ZdZejZejjZejjZejjZejjZej Z!ejj"Z"ejj#Z#ejj$Z$ej%Z&ej'Z(ejj)Z)ej*Z+ej,Z-ej.Z/ej0Z1ej2Z3ej4xZ5Z6ej7Z8ej9Z:d Z;d Zj?Z@ee@_Ae$ge@_Bdvd ZCe"ZDGd deZEej=jFjGZGeDeG_AeDe$egeG_Bej=jFjHZHeeH_AeDgeH_Bej=jFjIZIeDeI_Ae$e$egeI_Bej=jFjJZJeeJ_AeDeeEgeJ_BdZKej=jLZLGddeZMGddeZNGddeZOGddeZPGddejQZRdZSdZTdZUdZVe&ZWe&ZXe&ZYe)ZZe1Z[e/Z\e3dzZ]e]Z^e)Z_e)Z`GddejZaGd d!eZbGd"d#eZceecZde r&d$efd%efd&edfd'eafd(e(fd)e(fd*e(fd+efd,efd-efg ec_en(d$efd%efd&edfd'eafd(e(fd)e(fd*e(fd+efd,efd-efd.e6fg ec_eGd/d0eZfeefZgd$efd%efd&egfd'eafgef_eGd1d2eZheehZid$efd%efd&eifd'eafgeh_eGd3d4eZjeejZkd$efd%efd&ekfd'eafgej_eGd5d6eZlejelZmd7e!fd&emfd'eafd8efgel_eGd9d:eZneenZoe r^d$efd;efd&eofdegfd?eifd@ekfdAejqfdBejqfdCejqfdDe3eSzfdEefd%efdFefdGefdHeZfdIefdJedzfdKemfgen_engd$efd;efd&eofdegfd?eifd@ekfdAejqfdBejqfdCejqfdDe3eSzfdEefd%efdFefdGefdHeZfdIefdJedzfdKemfdLe!fdMe!fdNeWfdOeXfdPefdQefdRe[fdSeafdTe\fdUe^fdVe_fdWe`fdXeafdYe3eTzfdZefd[efd\eYfen_eeeeeee&eoeed]eLfZre jsfd^ZtGd_d`eZuGdadbeZveevZweeeweeedceLfZxddZyeZze(Z{e(Z|GdedfeZ}GdgdheZ~GdidjeZGdkdleZeeZe s8eee:eedmeLfZededneLfZe jsfdoZGdpdqeZeeZdreeeffdsZdtedreefduZdS)wz C API calls to Windows DLLs N)POINTER Structure WINFUNCTYPEbyrefcreate_string_buffer) AddressFamily)conf) WINDOWS_XP)MTU)AnyDictIOListOptionalTupleic|}g}|rUt|drE|t|j|jj}|rt|dE|S)Ncontents)hasattrappend_struct_to_dictrnext)list_objcurrent_lists a/mounts/lovelace/software/anaconda3/lib/python3.11/site-packages/scapy/arch/windows/structures.py _resolve_listrBsoG E (ggz22( _W%566777"' (ggz22( LcNi}|jjD]\}}t||}|dkrt|tt jfrt|||<P|r>t|dr.t|j drt|||<|||<|||<|S)Nrr) __class___fields_getattr issubclassrctypesUnionrrrr) struct_objresultsfnamectypevals rrrLsG",5!! uj%(( F??  ei6 7 7 !,S11GENN  !WS*-- !s|V,, %!.s!3!3!$ GENN Nrc~tjr0t|pdtjdSdS)zZ Updates the terminal title with the default one or with `title` if provided. z Scapy v{}N)r interactive_winapi_SetConsoleTitleformatversion)titles r_windows_titler0hsE  K I););DL)I)IJJJJJKKrc@eZdZdZdefdefdefdefdefdefdefgZd S) SERVICE_STATUSzUhttps://docs.microsoft.com/en-us/windows/desktop/api/winsvc/ns-winsvc-_service_status dwServiceTypedwCurrentStatedwControlsAccepteddwWin32ExitCodedwServiceSpecificExitCode dwCheckPoint dwWaitHintN)__name__ __module__ __qualname____doc__DWORDr rrr2r2tsS__ %(!5)%u-"E*,e4'u% 'HHHrr2cd}tdd|}t|||}t}t||t |}t |t ||S)z3Returns content of QueryServiceStatus for a serviceN)OpenSCManagerW OpenServiceWr2QueryServiceStatusrCloseServiceHandle)serviceSERVICE_QUERY_STATUS schSCManagerstatusresults rget_service_statusrKs"!  L G   FV $ $Fw|$$$ MrceZdZdedzfgZdS)in_addrbyterANr:r;r<UBYTEr r?rrrMrMs#$HHHrrMceZdZdedzfgZdS)in6_addrrNNrOr?rrrRrRs$%HHHrrRc0eZdZdefdefdefddezfgZdS) sockaddr_in sin_familysin_portsin_addrsin_zeroN)r:r;r<SHORTUSHORTrMCHARr r?rrrUrUs9u%V$W%QX&(HHHrrUc0eZdZdefdefdefdefdefgZdS) sockaddr_in6 sin6_family sin6_port sin6_flowinfo sin6_addr sin6_scope_idN)r:r;r<r[r\ULONGrRr r?rrr_r_s=&f% %(h' %( *HHHrr_c$eZdZdefdefdefgZdS) SOCKADDR_INETIpv4Ipv6 si_familyN)r:r;r<rUr_r\r r?rrrgrgs-%&f%'HHHrrgrZrSc0eZdZdeefdefgZdS)SOCKET_ADDRESSaddresslengthN)r:r;r<rrgINTr r?rrrnrns.GGM2233!HHHrrnceZdZdefdefgZdS)_IP_ADAPTER_ADDRESSES_METRICrpinterface_indexN)r:r;r<rer>r r?rrrsrss%5!"E*,HHHrrsceZdZdS)IP_ADAPTER_UNICAST_ADDRESSNr:r;r<r?rrrvrvDrrvrpflagsrro prefix_origin suffix_origin dad_statevalid_lifetimepreferred_lifetimelease_lifetimeon_link_prefix_lengthceZdZdS)IP_ADAPTER_ANYCAST_ADDRESSNrwr?rrrrrxrrceZdZdS)IP_ADAPTER_MULTICAST_ADDRESSNrwr?rrrr(rxrrceZdZdS)IP_ADAPTER_DNS_SERVER_ADDRESSNrwr?rrrr5rxrrceZdZdS)IP_ADAPTER_PREFIXNrwr?rrrrBrxrr alignment prefix_lengthceZdZdS)IP_ADAPTER_ADDRESSESNrwr?rrrrOrxrrrt adapter_namefirst_unicast_addressfirst_anycast_addressfirst_multicast_addressfirst_dns_server_address dns_suffix description friendly_namephysical_addressphysical_address_lengthmtuinterface_type oper_statusipv6_interface_index zone_indices first_prefixtransmit_link_speedreceive_link_speedfirst_wins_server_addressfirst_gateway_address ipv4_metric ipv6_metricluid dhcpv4_servercompartment_id network_guidconnection_type tunnel_type dhcpv6_serverdhcpv6_client_duiddhcpv6_client_duid_length dhcpv6_iaidfirst_dns_suffixGetAdaptersAddressesc t}tttz}t||ddt |}|dkrt d|zt t}t|j }tj ||}t||d|t |}|tkrt d|zt|}~|S)z3Return all Windows Adapters addresses from iphlpapiNo#Error getting structure length (%d)Error retrieving table (%d))reGAA_FLAG_INCLUDE_PREFIXGAA_FLAG_INCLUDE_ALL_INTERFACES_GetAdaptersAddressesr RuntimeErrorrrrvaluer#castNO_ERRORr)AFsizeryres pointer_typebufferAdapterAddressesr&s rrrs 77D ),KK L LE E $d %d  - -C d{{@3FGGG/00L !$* - -F{6<88 E $&6 %d  - -C h83>???,--G NrcfeZdZdefdefdefdefdefdefdefdefd efd efd efd efd efdefgZdS)MIB_IPFORWARDROW ForwardDest ForwardMask ForwardPolicyForwardNextHopForwardIfIndex ForwardType ForwardProto ForwardAgeForwardNextHopASForwardMetric1ForwardMetric2ForwardMetric3ForwardMetric4ForwardMetric5N)r:r;r<r>r r?rrrrs&& %(!5)!5)&'u%#U+!5)!5)!5)!5)!5) +HHHrrc$eZdZdefdeezfgZdS)MIB_IPFORWARDTABLE NumEntriesTableN)r:r;r<r>rANY_SIZEr r?rrrrs+u%*X568HHHrrGetIpForwardTablect}tdt|d}|dkrtd|zt}t |j}tj||}t|t|d}|tkrtd|zg}t|j j D]4}| t|j j|5~|S)z3Return all Windows routes (IPv4 only) from iphlpapiNFzrTr)re_GetIpForwardTablerrPMIB_IPFORWARDTABLErrr#rrrangerrrrr)rrrrpIpForwardTabler&is rrrs 77D T5;; 6 6C d{{@3FGGG&L !$* - -Fk&,77O _eDkk4 @ @C h83>???G ?+6 7 7KK'?'Ea'HIIJJJJ NrceZdZdefgZdS)NET_LUIDValueN)r:r;r< ULONGLONGr r?rrrrs)$%HHHrrceZdZdefdefgZdS)IP_ADDRESS_PREFIXPrefix PrefixLengthN)r:r;r<rgUINT8r r?rrrrs%=)')HHHrrcleZdZdefdefdefdefdefdefdefdefd e fd e fd e fd e fd e fdefde fgZ dS)MIB_IPFORWARD_ROW2 InterfaceLuidInterfaceIndexDestinationPrefixNextHopSitePrefixLength ValidLifetimePreferredLifetimeMetricProtocolLoopbackAutoconfigureAddressPublishImmortalAgeOriginN) r:r;r<r NET_IFINDEXrrgUCHARreNL_ROUTE_PROTOCOLBOOLEANNL_ROUTE_ORIGINr r?rrrrs (+!;/$&78M*#U+ %($e,5!./W%'1G$W%?+-HHHrrc$eZdZdefdeezfgZdS)MIB_IPFORWARD_TABLE2rrN)r:r;r<rerrr r?rrrrs+u%,x78:HHHrrGetIpForwardTable2 FreeMibTablectrtdt}t|t |}|t krt d|zg}t|jj D]4}| t|jj |5t||S)z3Return all Windows routes (IPv4/IPv6) from iphlpapizNot available on Windows XP !r)r OSErrorPMIB_IPFORWARD_TABLE2_GetIpForwardTable2rrrrrrrrr _FreeMibTable)rtablerr&rs rrr*s75666 ! # #E b%,, / /C h83>???G 5>, - -AAu~';A'>??@@@@% Nrc$eZdZdefdefdefgZdS)_SECURITY_ATTRIBUTESnLengthlpSecurityDescriptorbInheritHandleN)r:r;r<r>LPVOIDBOOLr r?rrrr>s-E"'0!4(*HHHrrreturnc ddlm}dt|dz}tt jt }t j|t}t jt |j _ tj j t|dddddd|}|d kr tt j||fS) zCCreate a windows fifo and returns the (client file, server fd) r) RandStringz\\.\pipe\scapy%si@ii,)scapy.volatilerstrrr#sizeofrrLPSECURITY_ATTRIBUTESrrwindllkernel32CreateNamedPipeAencoder FormatError)rfrsecrs r _get_win_fiforGs*)))))c**Q--000A !&-0D"E"E F FF +f3 4 4C!=)=>>CL - 1 1QXXZZ((  5%    C byyf(**+++ c6MrfdctjjdGfddtt }|S)z4Connect NamedPipe and return a fake open() file Nc4eZdZefdedeffd Zdfd ZdS)_win_fifo_open.._openedxr ctj|}tjj||dd}|dkr t tj|jS)Nr)r#rrrReadFilerrraw)selfr#bufrrs rreadz$_win_fifo_open.._opened.readbse-a00C-(11 Caxxf0223337NrNcPtjjdSN)r#rr CloseHandle)r'rs rclosez%_win_fifo_open.._opened.closens" M " . .r 2 2 2 2 2r)r N)r:r;r<r intbytesr)r-)rsr_openedr"asg #  #        3 3 3 3 3 3 3 3rr0)r#rrConnectNamedPiperr/)rr0s` r_win_fifo_openr2\sf M++B5553333333"U)333 799rr+)r=r#ctypes.wintypesrrrrrsocketr scapy.configr scapy.constsr scapy.datar typingr r rrrrrrc_charr]wintypesr>r rre c_ulonglongrHANDLEr LPWSTRc_void_pVOIDc_intrqUINTc_uint8rc_uint16UINT16c_uint32UINT32c_uint64UINT64c_byteBYTEc_ubyterrPc_shortr[c_ushortr\rrrrSetConsoleTitleWr,restypeargtypesr0 SC_HANDLEr2Advapi32rCrErBrDrKiphlpapirMrRrUr_r$rgMAX_ADAPTER_ADDRESS_LENGTHMAX_DHCPV6_DUID_LENGTHrr"PIP_ADAPTER_WINS_SERVER_ADDRESS_LHPIP_ADAPTER_GATEWAY_ADDRESS_LHPIP_ADAPTER_DNS_SUFFIXIF_OPER_STATUSIF_LUIDNET_IF_COMPARTMENT_IDGUIDNET_IF_NETWORK_GUIDNET_IF_CONNECTION_TYPE TUNNEL_TYPErnrsrvPIP_ADAPTER_UNICAST_ADDRESSr rPIP_ADAPTER_ANYCAST_ADDRESSrPIP_ADAPTER_MULTICAST_ADDRESSrPIP_ADAPTER_DNS_SERVER_ADDRESSrPIP_ADAPTER_PREFIXrLP_IP_ADAPTER_ADDRESSESc_char_p c_wchar_pr AF_UNSPECrrrrrrrrrrrrrrrrrrrrrr/r2r?rrris  ! ######   }  / !          l     }  0!-0A"&$*8 KKKK  '''''Y'''}%2  "FE2 ]+>!(k'6"!651]+>!(''.*A*AB< = !%%%%%i%%%&&&&&y&&&((((()(((*****9***'''''FL'''  "(%)"!%  by !!!!!V%!!! ,,,,,9,,,         &g&@AA  5 % ,- N# # # c 5! u% 5! +'' 5 % ,- N# # # c 5! u% 5! %( +'        &g&@AA u e () '#     9   !((D E E u e *+ )%     I   "))F!G!G u e +, *&        $V^$566)  e      9   "'"677 =6 5 E" () ) "=> "=> "$AB #%CD v'( () &*+ T$>>? "E* %  5! ' ' $ +,)%!!.%%6 5%%6 E"%%6 ()%%6 ) %%6 !"=> %%6 !"=> %%6 #$AB%%6 $%CD%%6 v'(%%6 ()%%6 &*+%%6 T$>>?%%6 #E*%%6 %%%6 %%6 5!!%%6" '#%%6$ '%%%6& $'%%6( +,)%%6*  *+%%6, y)-%%6. %&HI/%%60 !"@A1%%62 3%%64 5%%66 7%%68 .)9%%6: 01;%%6< ,-=%%6> 23?%%6@  $A%%6B .)C%%6D t&<<=E%%6F %e,G%%6H I%%6J 34K%%6!R4 E5%$+GDMM$;$+GENN44*@(J LL*3@+++++y+++"88888888 g011L[[!4ggenndLL&98%DFF 2 &&&&&y&&&))))) ))) --------$:::::9:::   455 (++ v%&&(("8 , =KK&;<< "M (1    (*****9***   455uS#X*sr%yr