Add the BinaryArray record definition

zeroSteiner · Sep 25, 2024 · e54aa90 · e54aa90
1 parent 4a2a90a
commit e54aa90
Show file tree

Hide file tree

Showing 3 changed files with 77 additions and 22 deletions.
diff --git a/lib/msf/util/dot_net_deserialization/enums.rb b/lib/msf/util/dot_net_deserialization/enums.rb
@@ -6,6 +6,16 @@ module Enums
 #
 # .NET Serialization Enumerations
 #
+BinaryArrayTypeEnum = {
+  # see: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrbf/4dbbf3a8-6bc4-4dfc-aa7e-36a35be6ff58
+  Single: 0,
+  Jagged: 0,
+  Rectangular: 2,
+  SingleOffset: 3,
+  JaggedOffset: 4,
+  RectangularOffset: 5
+}
+
 BinaryTypeEnum = {
   # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrbf/054e5c58-be21-4c86-b1c3-f6d3ce17ec72
   Primitive: 0,

diff --git a/lib/msf/util/dot_net_deserialization/types.rb b/lib/msf/util/dot_net_deserialization/types.rb
@@ -25,7 +25,7 @@ class Record < BinData::Record
       system_class_with_members_and_types     Enums::RecordTypeEnum[:SystemClassWithMembersAndTypes]
       class_with_members_and_types            Enums::RecordTypeEnum[:ClassWithMembersAndTypes]
       binary_object_string                    Enums::RecordTypeEnum[:BinaryObjectString]
-      #binary_array                            Enums::RecordTypeEnum[:BinaryArray]
+      binary_array                            Enums::RecordTypeEnum[:BinaryArray]
       #member_primitive_typed                  Enums::RecordTypeEnum[:MemberPrimitiveTyped]
       member_reference                        Enums::RecordTypeEnum[:MemberReference]
       object_null                             Enums::RecordTypeEnum[:ObjectNull]
@@ -34,7 +34,7 @@ class Record < BinData::Record
       #object_null_multiple_256                Enums::RecordTypeEnum[:ObjectNullMultiple256]
       #object_null_multiple                    Enums::RecordTypeEnum[:ObjectNullMultiple]
       array_single_primitive                  Enums::RecordTypeEnum[:ArraySinglePrimitive]
-      #array_single_object                     Enums::RecordTypeEnum[:ArraySingleObject]
+      array_single_object                     Enums::RecordTypeEnum[:ArraySingleObject]
       array_single_string                     Enums::RecordTypeEnum[:ArraySingleString]
       binary_method_call                      Enums::RecordTypeEnum[:MethodCall]
       binary_method_return                    Enums::RecordTypeEnum[:MethodReturn]

diff --git a/lib/msf/util/dot_net_deserialization/types/record_values.rb b/lib/msf/util/dot_net_deserialization/types/record_values.rb
@@ -30,6 +30,13 @@ class ArraySinglePrimitive < BinData::Record
     end
   end
 
+  class ArraySingleObject < BinData::Record
+    # see: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrbf/982b2f50-6367-402a-aaf2-44ee96e2a5e0
+    RECORD_TYPE =          Enums::RecordTypeEnum[:ArraySingleObject]
+    endian                 :little
+    array_info             :array_info
+  end
+
   class ArraySingleString < BinData::Record
     # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrbf/3d98fd60-d2b4-448a-ac0b-3cd8dea41f9d
     RECORD_TYPE =          Enums::RecordTypeEnum[:ArraySingleString]
@@ -38,6 +45,43 @@ class ArraySingleString < BinData::Record
     array                  :members, type: :record, initial_length: -> { array_info.member_count }
   end
 
+  class BinaryArray < BinData::Record
+    # see: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrbf/9c62c928-db4e-43ca-aeba-146256ef67c2
+    RECORD_TYPE =          Enums::RecordTypeEnum[:BinaryArray]
+    endian                 :little
+    obj_id                 :obj_id
+    uint8                  :binary_array_type_enum
+    int32                  :rank
+    array                  :lengths, type: :int32, initial_length: :rank
+    array                  :lower_bounds, type: :int32, initial_length: :rank, onlyif: :has_lower_bounds?
+    uint8                  :type_enum
+    choice                 :additional_type_info, selection: :type_enum, onlyif: :has_additional_type_info? do
+      uint8                   Enums::BinaryTypeEnum[:Primitive]
+      length_prefixed_string  Enums::BinaryTypeEnum[:SystemClass]
+      class_type_info         Enums::BinaryTypeEnum[:Class]
+      uint8                   Enums::BinaryTypeEnum[:PrimitiveArray]
+    end
+
+    private
+
+    def has_additional_type_info?
+      [
+        Enums::BinaryTypeEnum[:Primitive],
+        Enums::BinaryTypeEnum[:SystemClass],
+        Enums::BinaryTypeEnum[:Class],
+        Enums::BinaryTypeEnum[:PrimitiveArray],
+      ].include? type_enum
+    end
+
+    def has_lower_bounds?
+      [
+        Enums::BinaryArrayTypeEnum[:SingleOffset],
+        Enums::BinaryArrayTypeEnum[:JaggedOffset],
+        Enums::BinaryArrayTypeEnum[:RectangleOffset]
+      ].include? binary_array_type_enum
+    end
+  end
+
   class BinaryLibrary < BinData::Record
     # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrbf/7fcf30e1-4ad4-4410-8f1a-901a4a1ea832
     RECORD_TYPE =          Enums::RecordTypeEnum[:BinaryLibrary]
@@ -46,6 +90,27 @@ class BinaryLibrary < BinData::Record
     length_prefixed_string :library_name
   end
 
+  class BinaryMethodCall < BinData::Record
+    # see: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrbf/ddb4da3d-8cd7-414f-b984-1a509d985bd2
+    RECORD_TYPE =            Enums::RecordTypeEnum[:MethodCall]
+    endian                   :little
+    message_flags            :message_enum
+    string_value_with_code   :method_name
+    string_value_with_code   :type_name
+    string_value_with_code   :call_context, onlyif: -> { message_enum.context_inline != 0 }
+    array_of_value_with_code :args, onlyif: -> { message_enum.args_inline != 0 }
+  end
+
+  class BinaryMethodReturn < BinData::Record
+    # see: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrbf/1b34e743-38ac-47bd-8c8d-2fca1cd417b7
+    RECORD_TYPE =            Enums::RecordTypeEnum[:MethodReturn]
+    endian                   :little
+    message_flags            :message_enum
+    value_with_code          :return_value, onlyif: -> { message_enum.return_value_inline != 0 }
+    string_value_with_code   :call_context, onlyif: -> { message_enum.context_inline != 0 }
+    array_of_value_with_code :args, onlyif: -> { message_enum.args_inline != 0 }
+  end
+
   class BinaryObjectString < BinData::Record
     # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrbf/eb503ca5-e1f6-4271-a7ee-c4ca38d07996
     RECORD_TYPE =          Enums::RecordTypeEnum[:BinaryObjectString]
@@ -138,26 +203,6 @@ class SystemClassWithMembersAndTypes < BinData::Record
     extend Primitives::MemberValues::Factory
   end
 
-  class BinaryMethodCall < BinData::Record
-    # see: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrbf/ddb4da3d-8cd7-414f-b984-1a509d985bd2
-    RECORD_TYPE =          Enums::RecordTypeEnum[:MethodCall]
-    endian                   :little
-    message_flags            :message_enum
-    string_value_with_code   :method_name
-    string_value_with_code   :type_name
-    string_value_with_code   :call_context, onlyif: -> { message_enum.context_inline != 0 }
-    array_of_value_with_code :args, onlyif: -> {message_enum.args_inline != 0 }
-  end
-
-  class BinaryMethodReturn < BinData::Record
-    # see: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrbf/1b34e743-38ac-47bd-8c8d-2fca1cd417b7
-    RECORD_TYPE =          Enums::RecordTypeEnum[:MethodReturn]
-    endian                 :little
-    message_flags          :message_enum
-    value_with_code        :return_value, onlyif: -> { message_enum.return_value_inline != 0 }
-    string_value_with_code :call_context, onlyif: -> { message_enum.context_inline != 0 }
-    array_of_value_with_code :args, onlyif: -> {message_enum.args_inline != 0 }
-  end
 end
 end
 end