mirror of
https://github.com/zeek/zeek.git
synced 2025-10-11 19:18:19 +00:00

# Conflicts: # scripts/base/protocols/dce-rpc/main.bro # scripts/base/protocols/ntlm/main.bro # scripts/policy/protocols/smb/smb1-main.bro # src/analyzer/protocol/smb/smb-common.pac # src/analyzer/protocol/smb/smb-strings.pac # src/analyzer/protocol/smb/smb1-com-locking-andx.pac # src/analyzer/protocol/smb/smb1-com-logoff-andx.pac # src/analyzer/protocol/smb/smb1-com-nt-create-andx.pac # src/analyzer/protocol/smb/smb1-com-open-andx.pac # src/analyzer/protocol/smb/smb1-com-read-andx.pac # src/analyzer/protocol/smb/smb1-com-session-setup-andx.pac # src/analyzer/protocol/smb/smb1-com-transaction-secondary.pac # src/analyzer/protocol/smb/smb1-com-transaction.pac # src/analyzer/protocol/smb/smb1-com-tree-connect-andx.pac # src/analyzer/protocol/smb/smb1-com-write-andx.pac # src/analyzer/protocol/smb/smb1-protocol.pac
77 lines
2.5 KiB
Text
77 lines
2.5 KiB
Text
refine connection SMB_Conn += {
|
|
|
|
function proc_smb1_open_andx_request(h: SMB_Header, val: SMB1_open_andx_request): bool
|
|
%{
|
|
if ( smb1_open_andx_request )
|
|
BifEvent::generate_smb1_open_andx_request(bro_analyzer(),
|
|
bro_analyzer()->Conn(),
|
|
BuildHeaderVal(h),
|
|
${val.flags},
|
|
${val.access_mode},
|
|
${val.search_attrs},
|
|
${val.file_attrs},
|
|
${val.creation_time},
|
|
${val.open_mode},
|
|
${val.allocation_size},
|
|
${val.timeout},
|
|
smb_string2stringval(${val.filename}));
|
|
|
|
return true;
|
|
%}
|
|
|
|
function proc_smb1_open_andx_response(h: SMB_Header, val: SMB1_open_andx_response): bool
|
|
%{
|
|
if ( smb1_open_andx_response )
|
|
BifEvent::generate_smb1_open_andx_response(bro_analyzer(),
|
|
bro_analyzer()->Conn(),
|
|
BuildHeaderVal(h),
|
|
${val.fid},
|
|
${val.file_attrs},
|
|
${val.last_write_time},
|
|
${val.file_data_size},
|
|
${val.access_rights},
|
|
${val.resource_type},
|
|
${val.nm_pipe_status},
|
|
${val.open_results});
|
|
|
|
return true;
|
|
%}
|
|
|
|
};
|
|
|
|
|
|
|
|
type SMB1_open_andx_request(header: SMB_Header) = record {
|
|
word_count : uint8;
|
|
andx : SMB_andx;
|
|
flags : uint16;
|
|
access_mode : uint16;
|
|
search_attrs : uint16;
|
|
file_attrs : uint16;
|
|
creation_time : uint32;
|
|
open_mode : uint16;
|
|
allocation_size : uint32;
|
|
timeout : uint32;
|
|
reserved : padding[2];
|
|
byte_count : uint16;
|
|
filename : SMB_string(header.unicode, offsetof(filename);
|
|
} &let {
|
|
proc : bool = $context.connection.proc_smb1_open_andx_request(header, this);
|
|
} &byteorder=littleendian;
|
|
|
|
type SMB1_open_andx_response(header: SMB_Header) = record {
|
|
word_count : uint8;
|
|
andx : SMB_andx;
|
|
fid : uint16;
|
|
file_attrs : uint16;
|
|
last_write_time : uint32;
|
|
file_data_size : uint32;
|
|
access_rights : uint16;
|
|
resource_type : uint16;
|
|
nm_pipe_status : uint16;
|
|
open_results : uint16;
|
|
reserved : padding[3];
|
|
byte_count : uint16;
|
|
} &let {
|
|
proc : bool = $context.connection.proc_smb1_open_andx_response(header, this);
|
|
} &byteorder=littleendian;
|