scapy.layers.dcerpc

DCE/RPC Distributed Computing Environment / Remote Procedure Calls

Based on [C706] - aka DCE/RPC 1.1 https://pubs.opengroup.org/onlinepubs/9629399/toc.pdf

And on [MS-RPCE] https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rpce/290c38b1-92fe-4229-91e6-4fc376610c15

Note

Please read the documentation over DCE/RPC

class scapy.layers.dcerpc.ComInterface(name, uuid, opnums)[source]

Bases: object

if_version = 0

class scapy.layers.dcerpc.CommonAuthVerifier(_pkt, /, *, auth_type=0, auth_level=0, auth_pad_length=None, auth_reserved=0, auth_context_id=0, auth_value=None)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.dcerpc.CommonAuthVerifier'>, <class 'scapy.packet.Packet'>]

default_payload_class(pkt)[source]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteEnumField (CommonAuthVerifier).auth_type>, <ByteEnumField (CommonAuthVerifier).auth_level>, <ByteField (CommonAuthVerifier).auth_pad_length>, <ByteField (CommonAuthVerifier).auth_reserved>, <XLEIntField (CommonAuthVerifier).auth_context_id>, <scapy.fields.MultipleTypeField object>]

is_protected()[source]

is_ssp()[source]

class scapy.layers.dcerpc.DCERPC_Transport(*values)[source]

Bases: IntEnum

Protocols identifiers currently supported by Scapy

NCACN_IP_TCP = 7

NCACN_NP = 15

scapy.layers.dcerpc.DCE_C_AUTHN_LEVEL[source]: alias of RPC_C_AUTHN_LEVEL

class scapy.layers.dcerpc.DceRpc(_pkt, /)[source]

Bases: Packet

DCE/RPC packet

aliastypes = [<class 'scapy.layers.dcerpc.DceRpc'>, <class 'scapy.packet.Packet'>]

classmethod dispatch_hook(_pkt=None, *args, **kargs)[source]

classmethod tcp_reassemble(data, metadata, session)[source]

class scapy.layers.dcerpc.DceRpc4(_pkt, /, *, rpc_vers=4, ptype=0, flags1=<Flag 0 ()>, flags2=<Flag 0 ()>, endian=1, encoding=0, float=0, reserved1=0, serial_hi=0, object=None, if_id=None, act_id=None, server_boot=0, if_vers=1, seqnum=0, opnum=0, ihint=65535, ahint=65535, len=None, fragnum=0, auth_proto=0, serial_lo=0)[source]

Bases: DceRpc

DCE/RPC v4 ‘connection-less’ packet

aliastypes = [<class 'scapy.layers.dcerpc.DceRpc4'>, <class 'scapy.layers.dcerpc.DceRpc'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteEnumField (DceRpc4).rpc_vers>, <ByteEnumField (DceRpc4).ptype>, <FlagsField (DceRpc4).flags1>, <FlagsField (DceRpc4).flags2>, <BitEnumField (DceRpc4,DceRpc5).endian>, <BitEnumField (DceRpc4,DceRpc5).encoding>, <ByteEnumField (DceRpc4,DceRpc5).float>, <ByteField (DceRpc4,DceRpc5).reserved1>, <XByteField (DceRpc4).serial_hi>, <scapy.layers.dcerpc._EField object>, <scapy.layers.dcerpc._EField object>, <scapy.layers.dcerpc._EField object>, <scapy.layers.dcerpc._EField object>, <scapy.layers.dcerpc._EField object>, <scapy.layers.dcerpc._EField object>, <scapy.layers.dcerpc._EField object>, <scapy.layers.dcerpc._EField object>, <scapy.layers.dcerpc._EField object>, <scapy.layers.dcerpc._EField object>, <scapy.layers.dcerpc._EField object>, <ByteEnumField (DceRpc4).auth_proto>, <XByteField (DceRpc4).serial_lo>]

payload_guess: List[Tuple[Dict[str, Any], Type[Packet]]] = [({}, <class 'scapy.layers.dcerpc.DceRpc4Payload'>)]

class scapy.layers.dcerpc.DceRpc4Payload(_pkt, /)[source]

Bases: Packet

Dummy class which use the dispatch_hook to find the payload class

aliastypes = [<class 'scapy.layers.dcerpc.DceRpc4Payload'>, <class 'scapy.packet.Packet'>]

classmethod dispatch_hook(_pkt, _underlayer=None, *args, **kargs)[source]: dispatch_hook to choose among different registered payloads

classmethod register_possible_payload(pay)[source]: Method to call from possible DCE/RPC endpoint to register it as possible payload

class scapy.layers.dcerpc.DceRpc5(_pkt, /, *, rpc_vers=5, rpc_vers_minor=0, ptype=0, pfc_flags=None, endian=1, encoding=0, float=0, reserved1=0, reserved2=0, frag_len=None, auth_len=None, call_id=None, auth_verifier=None, auth_padding=None, vt_trailer=None)[source]

Bases: DceRpc

DCE/RPC v5 ‘connection-oriented’ packet

aliastypes = [<class 'scapy.layers.dcerpc.DceRpc5'>, <class 'scapy.layers.dcerpc.DceRpc'>, <class 'scapy.packet.Packet'>]

answers(pkt)[source]

do_dissect(s)[source]

extract_padding(s)[source]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteEnumField (DceRpc5).rpc_vers>, <ByteField (DceRpc5).rpc_vers_minor>, <ByteEnumField (DceRpc5).ptype>, <scapy.fields.MultipleTypeField object>, <BitEnumField (DceRpc4,DceRpc5).endian>, <BitEnumField (DceRpc4,DceRpc5).encoding>, <ByteEnumField (DceRpc4,DceRpc5).float>, <ByteField (DceRpc4,DceRpc5).reserved1>, <ByteField (DceRpc5).reserved2>, <scapy.layers.dcerpc._EField object>, <scapy.layers.dcerpc._EField object>, <scapy.layers.dcerpc._EField object>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <scapy.fields.TrailerField object>]

payload_guess: List[Tuple[Dict[str, Any], Type[Packet]]] = [({'ptype': 11}, <class 'scapy.layers.dcerpc.DceRpc5Bind'>), ({'ptype': 12}, <class 'scapy.layers.dcerpc.DceRpc5BindAck'>), ({'ptype': 13}, <class 'scapy.layers.dcerpc.DceRpc5BindNak'>), ({'ptype': 14}, <class 'scapy.layers.dcerpc.DceRpc5AlterContext'>), ({'ptype': 15}, <class 'scapy.layers.dcerpc.DceRpc5AlterContextResp'>), ({'ptype': 16}, <class 'scapy.layers.dcerpc.DceRpc5Auth3'>), ({'ptype': 3}, <class 'scapy.layers.dcerpc.DceRpc5Fault'>), ({'ptype': 0}, <class 'scapy.layers.dcerpc.DceRpc5Request'>), ({'ptype': 2}, <class 'scapy.layers.dcerpc.DceRpc5Response'>)]

post_build(pkt, pay)[source]

classmethod tcp_reassemble(data, _, session)[source]

class scapy.layers.dcerpc.DceRpc5AbstractSyntax(_pkt, /, *, if_uuid=None, if_version=3)[source]

Bases: EPacket

aliastypes = [<class 'scapy.layers.dcerpc.DceRpc5AbstractSyntax'>, <class 'scapy.contrib.rtps.common_types.EPacket'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<scapy.layers.dcerpc._EField object>, <scapy.layers.dcerpc._EField object>]

class scapy.layers.dcerpc.DceRpc5AlterContext(_pkt, /, *, max_xmit_frag=5840, max_recv_frag=8192, assoc_group_id=0, n_context_elem=None, reserved=0, context_elem=[])[source]

Bases: _DceRpcPayload

aliastypes = [<class 'scapy.layers.dcerpc.DceRpc5AlterContext'>, <class 'scapy.layers.dcerpc._DceRpcPayload'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<scapy.layers.dcerpc._EField object>, <scapy.layers.dcerpc._EField object>, <scapy.layers.dcerpc._EField object>, <scapy.layers.dcerpc._EField object>, <StrFixedLenField (DceRpc5Bind,DceRpc5AlterContext).reserved>, <EPacketListField (DceRpc5Bind,DceRpc5AlterContext).context_elem>]

class scapy.layers.dcerpc.DceRpc5AlterContextResp(_pkt, /, *, max_xmit_frag=5840, max_recv_frag=8192, assoc_group_id=0, sec_addr=None, n_results=None, reserved=0, results=[])[source]

Bases: _DceRpcPayload

aliastypes = [<class 'scapy.layers.dcerpc.DceRpc5AlterContextResp'>, <class 'scapy.layers.dcerpc._DceRpcPayload'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<scapy.layers.dcerpc._EField object>, <scapy.layers.dcerpc._EField object>, <scapy.layers.dcerpc._EField object>, <scapy.fields.PadField object>, <scapy.layers.dcerpc._EField object>, <StrFixedLenField (DceRpc5BindAck,DceRpc5AlterContextResp).reserved>, <EPacketListField (DceRpc5BindAck,DceRpc5AlterContextResp).results>]

class scapy.layers.dcerpc.DceRpc5Auth3(_pkt, /, *, pad=b'')[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.dcerpc.DceRpc5Auth3'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<StrFixedLenField (DceRpc5Auth3).pad>]

class scapy.layers.dcerpc.DceRpc5Bind(_pkt, /, *, max_xmit_frag=5840, max_recv_frag=8192, assoc_group_id=0, n_context_elem=None, reserved=0, context_elem=[])[source]

Bases: _DceRpcPayload

aliastypes = [<class 'scapy.layers.dcerpc.DceRpc5Bind'>, <class 'scapy.layers.dcerpc._DceRpcPayload'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<scapy.layers.dcerpc._EField object>, <scapy.layers.dcerpc._EField object>, <scapy.layers.dcerpc._EField object>, <scapy.layers.dcerpc._EField object>, <StrFixedLenField (DceRpc5Bind,DceRpc5AlterContext).reserved>, <EPacketListField (DceRpc5Bind,DceRpc5AlterContext).context_elem>]

class scapy.layers.dcerpc.DceRpc5BindAck(_pkt, /, *, max_xmit_frag=5840, max_recv_frag=8192, assoc_group_id=0, sec_addr=None, n_results=None, reserved=0, results=[])[source]

Bases: _DceRpcPayload

aliastypes = [<class 'scapy.layers.dcerpc.DceRpc5BindAck'>, <class 'scapy.layers.dcerpc._DceRpcPayload'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<scapy.layers.dcerpc._EField object>, <scapy.layers.dcerpc._EField object>, <scapy.layers.dcerpc._EField object>, <scapy.fields.PadField object>, <scapy.layers.dcerpc._EField object>, <StrFixedLenField (DceRpc5BindAck,DceRpc5AlterContextResp).reserved>, <EPacketListField (DceRpc5BindAck,DceRpc5AlterContextResp).results>]

class scapy.layers.dcerpc.DceRpc5BindNak(_pkt, /, *, provider_reject_reason=0, n_protocols=None, protocols=[], signature=None)[source]

Bases: _DceRpcPayload

aliastypes = [<class 'scapy.layers.dcerpc.DceRpc5BindNak'>, <class 'scapy.layers.dcerpc._DceRpcPayload'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<scapy.layers.dcerpc._EField object>, <scapy.layers.dcerpc._EField object>, <EPacketListField (DceRpc5BindNak).protocols>, <scapy.fields.ConditionalField object>]

class scapy.layers.dcerpc.DceRpc5Context(_pkt, /, *, cont_id=0, n_transfer_syn=None, reserved=0, abstract_syntax=None, transfer_syntaxes=[])[source]

Bases: EPacket

aliastypes = [<class 'scapy.layers.dcerpc.DceRpc5Context'>, <class 'scapy.contrib.rtps.common_types.EPacket'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<scapy.layers.dcerpc._EField object>, <FieldLenField (DceRpc5Context).n_transfer_syn>, <ByteField (DceRpc5Context).reserved>, <EPacketField (DceRpc5Context).abstract_syntax>, <EPacketListField (DceRpc5Context).transfer_syntaxes>]

class scapy.layers.dcerpc.DceRpc5Fault(_pkt, /, *, alloc_hint=0, cont_id=0, cancel_count=0, reserved=<Flag 0 ()>, status=0, reserved2=0)[source]

Bases: _DceRpcPayload

aliastypes = [<class 'scapy.layers.dcerpc.DceRpc5Fault'>, <class 'scapy.layers.dcerpc._DceRpcPayload'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<scapy.layers.dcerpc._EField object>, <scapy.layers.dcerpc._EField object>, <ByteField (DceRpc5Fault).cancel_count>, <FlagsField (DceRpc5Fault).reserved>, <scapy.layers.dcerpc._EField object>, <IntField (DceRpc5Fault).reserved2>]

class scapy.layers.dcerpc.DceRpc5PortAny(_pkt, /, *, length=None, port_spec=b'')[source]

Bases: EPacket

aliastypes = [<class 'scapy.layers.dcerpc.DceRpc5PortAny'>, <class 'scapy.contrib.rtps.common_types.EPacket'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<scapy.layers.dcerpc._EField object>, <scapy.layers.dcerpc._EField object>]

class scapy.layers.dcerpc.DceRpc5Request(_pkt, /, *, alloc_hint=0, cont_id=0, opnum=0, object=None)[source]

Bases: _DceRpcPayload

aliastypes = [<class 'scapy.layers.dcerpc.DceRpc5Request'>, <class 'scapy.layers.dcerpc._DceRpcPayload'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<scapy.layers.dcerpc._EField object>, <scapy.layers.dcerpc._EField object>, <scapy.layers.dcerpc._EField object>, <scapy.fields.ConditionalField object>]

class scapy.layers.dcerpc.DceRpc5Response(_pkt, /, *, alloc_hint=0, cont_id=0, cancel_count=0, reserved=0)[source]

Bases: _DceRpcPayload

aliastypes = [<class 'scapy.layers.dcerpc.DceRpc5Response'>, <class 'scapy.layers.dcerpc._DceRpcPayload'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<scapy.layers.dcerpc._EField object>, <scapy.layers.dcerpc._EField object>, <ByteField (DceRpc5Response).cancel_count>, <ByteField (DceRpc5Response).reserved>]

class scapy.layers.dcerpc.DceRpc5Result(_pkt, /, *, result=0, reason=0, transfer_syntax=None)[source]

Bases: EPacket

aliastypes = [<class 'scapy.layers.dcerpc.DceRpc5Result'>, <class 'scapy.contrib.rtps.common_types.EPacket'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<scapy.layers.dcerpc._EField object>, <scapy.layers.dcerpc._EField object>, <EPacketField (DceRpc5Result).transfer_syntax>]

class scapy.layers.dcerpc.DceRpc5TransferSyntax(_pkt, /, *, if_uuid=None, if_version=3)[source]

Bases: EPacket

aliastypes = [<class 'scapy.layers.dcerpc.DceRpc5TransferSyntax'>, <class 'scapy.contrib.rtps.common_types.EPacket'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<scapy.layers.dcerpc._EField object>, <scapy.layers.dcerpc._EField object>]

class scapy.layers.dcerpc.DceRpc5Version(_pkt, /, *, major=0, minor=0)[source]

Bases: EPacket

aliastypes = [<class 'scapy.layers.dcerpc.DceRpc5Version'>, <class 'scapy.contrib.rtps.common_types.EPacket'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteField (DceRpc5Version).major>, <ByteField (DceRpc5Version).minor>]

class scapy.layers.dcerpc.DceRpcInterface(name, uuid, version_tuple, if_version, opnums)[source]: Bases: object

class scapy.layers.dcerpc.DceRpcOp(request, response)[source]

Bases: tuple

request: Alias for field number 0

response: Alias for field number 1

class scapy.layers.dcerpc.DceRpcSecVT(_pkt, /, *, rpc_sec_verification_trailer=b'\x8a\xe3\x13q\x02\xf46q', commands=[])[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.dcerpc.DceRpcSecVT'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<XStrFixedLenField (DceRpcSecVT).rpc_sec_verification_trailer>, <PacketListField (DceRpcSecVT).commands>]

class scapy.layers.dcerpc.DceRpcSecVTBitmask(_pkt, /, *, bits=1)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.dcerpc.DceRpcSecVTBitmask'>, <class 'scapy.packet.Packet'>]

default_payload_class(pkt)[source]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<LEIntField (DceRpcSecVTBitmask).bits>]

class scapy.layers.dcerpc.DceRpcSecVTCommand(_pkt, /, *, SEC_VT_MUST_PROCESS_COMMAND=0, SEC_VT_COMMAND_END=0, Command=0, Length=None)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.dcerpc.DceRpcSecVTCommand'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<BitField (DceRpcSecVTCommand).SEC_VT_MUST_PROCESS_COMMAND>, <BitField (DceRpcSecVTCommand).SEC_VT_COMMAND_END>, <BitEnumField (DceRpcSecVTCommand).Command>, <LenField (DceRpcSecVTCommand).Length>]

payload_guess: List[Tuple[Dict[str, Any], Type[Packet]]] = [({'Command': 1}, <class 'scapy.layers.dcerpc.DceRpcSecVTBitmask'>), ({'Command': 2}, <class 'scapy.layers.dcerpc.DceRpcSecVTPcontext'>), ({'Command': 3}, <class 'scapy.layers.dcerpc.DceRpcSecVTHeader2'>)]

class scapy.layers.dcerpc.DceRpcSecVTHeader2(_pkt, /, *, PTYPE=0, Reserved1=0, Reserved2=0, drep=0, call_id=0, p_cont_id=0, opnum=0)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.dcerpc.DceRpcSecVTHeader2'>, <class 'scapy.packet.Packet'>]

default_payload_class(pkt)[source]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteField (DceRpcSecVTHeader2).PTYPE>, <ByteField (DceRpcSecVTHeader2).Reserved1>, <LEShortField (DceRpcSecVTHeader2).Reserved2>, <LEIntField (DceRpcSecVTHeader2).drep>, <LEIntField (DceRpcSecVTHeader2).call_id>, <LEShortField (DceRpcSecVTHeader2).p_cont_id>, <LEShortField (DceRpcSecVTHeader2).opnum>]

class scapy.layers.dcerpc.DceRpcSecVTPcontext(_pkt, /, *, InterfaceId=None, Version=0, TransferSyntax=None, TransferVersion=0)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.dcerpc.DceRpcSecVTPcontext'>, <class 'scapy.packet.Packet'>]

default_payload_class(pkt)[source]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<UUIDEnumField (DceRpcSecVTPcontext).InterfaceId>, <LEIntField (DceRpcSecVTPcontext).Version>, <UUIDEnumField (DceRpcSecVTPcontext).TransferSyntax>, <LEIntField (DceRpcSecVTPcontext).TransferVersion>]

class scapy.layers.dcerpc.DceRpcSession(*args, **kwargs)[source]

Bases: DefaultSession

A DCE/RPC session within a TCP socket.

MAX_PDU_BODY_SIZE = 4176

in_pkt(pkt)[source]

out_pkt(pkt)[source]

process(pkt: Packet) → Packet | None[source]: Used when DceRpcSession is used for passive sniffing.

rpc_bind_interface: DceRpcInterface | ComInterface

rpc_bind_is_com: bool

class scapy.layers.dcerpc.DceRpcSocket(*args, **kwargs)[source]

Bases: StreamSocket

A Wrapper around StreamSocket that uses a DceRpcSession

recv(x=None)[source]

send(x, is_sr1=False, **kwargs)[source]

sr1(*args, **kwargs)[source]

class scapy.layers.dcerpc.NDRAlign(fld, align, padwith=None)[source]

Bases: _NDRAlign, ReversePadField

ReversePadField modified to fit NDR.

If no align size is specified, use the one from the inner field
Size is calculated from the beginning of the NDR stream

fld

class scapy.layers.dcerpc.NDRByteField(*args, **kwargs)[source]: Bases: _NDRLenField, ByteField

class scapy.layers.dcerpc.NDRConfFieldListField(*args, **kwargs)[source]

Bases: _NDRConfField, NDRFieldListField

NDR Conformant FieldListField

COUNT_FROM = True

class scapy.layers.dcerpc.NDRConfPacketListField(*args, **kwargs)[source]

Bases: _NDRConfField, _NDRPacketListField

NDR Conformant PacketListField

COUNT_FROM = True

class scapy.layers.dcerpc.NDRConfStrLenField(*args, **kwargs)[source]

Bases: _NDRConfField, _NDRValueOf, StrLenField

NDR Conformant StrLenField.

This is not a “string” per NDR, but an a conformant byte array (e.g. tower_octet_string). For ease of use, we implicitly convert it in specific cases.

CONFORMANT_STRING = True

LENGTH_FROM = True

class scapy.layers.dcerpc.NDRConfStrLenFieldUtf16(*args, **kwargs)[source]

Bases: _NDRConfField, _NDRValueOf, StrLenFieldUtf16, _NDRUtf16

NDR Conformant StrLenFieldUtf16.

See NDRConfStrLenField for comment.

CONFORMANT_STRING = True

LENGTH_FROM = True

ON_WIRE_SIZE_UTF16 = False

class scapy.layers.dcerpc.NDRConfVarFieldListField(*args, **kwargs)[source]

Bases: _NDRConfField, _NDRVarField, NDRFieldListField

NDR Conformant Varying FieldListField

COUNT_FROM = True

class scapy.layers.dcerpc.NDRConfVarPacketListField(*args, **kwargs)[source]

Bases: _NDRConfField, _NDRVarField, _NDRPacketListField

NDR Conformant Varying PacketListField

COUNT_FROM = True

class scapy.layers.dcerpc.NDRConfVarStrLenField(*args, **kwargs)[source]

Bases: _NDRConfField, _NDRVarField, _NDRValueOf, StrLenField

NDR Conformant Varying StrLenField

LENGTH_FROM = True

class scapy.layers.dcerpc.NDRConfVarStrLenFieldUtf16(*args, **kwargs)[source]

Bases: _NDRConfField, _NDRVarField, _NDRValueOf, StrLenFieldUtf16, _NDRUtf16

NDR Conformant Varying StrLenFieldUtf16

LENGTH_FROM = True

ON_WIRE_SIZE_UTF16 = False

class scapy.layers.dcerpc.NDRConfVarStrNullField(*args, **kwargs)[source]

Bases: _NDRConfField, _NDRVarField, _NDRValueOf, StrNullField

NDR Conformant Varying StrNullField

NULLFIELD = True

class scapy.layers.dcerpc.NDRConfVarStrNullFieldUtf16(*args, **kwargs)[source]

Bases: _NDRConfField, _NDRVarField, _NDRValueOf, StrNullFieldUtf16, _NDRUtf16

NDR Conformant Varying StrNullFieldUtf16

NULLFIELD = True

ON_WIRE_SIZE_UTF16 = False

class scapy.layers.dcerpc.NDRConformantArray(_pkt, /, *, max_count=None, value=None)[source]

Bases: _NDRPacket

aliastypes = [<class 'scapy.layers.dcerpc.NDRConformantArray'>, <class 'scapy.layers.dcerpc._NDRPacket'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<scapy.fields.MultipleTypeField object>, <scapy.fields.MultipleTypeField object>]

class scapy.layers.dcerpc.NDRConformantString(_pkt, /, *, max_count=None, value=b'')[source]

Bases: _NDRPacket

aliastypes = [<class 'scapy.layers.dcerpc.NDRConformantString'>, <class 'scapy.layers.dcerpc._NDRPacket'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<scapy.fields.MultipleTypeField object>, <StrField (NDRConformantString).value>]

class scapy.layers.dcerpc.NDRConstructedType(fields)[source]

Bases: object

add_deferred_pointers(pkt, s)[source]

addfield(pkt, s, val)[source]

getfield(pkt, s)[source]

read_deferred_pointers(pkt, s)[source]

rec_check_deferral()[source]

class scapy.layers.dcerpc.NDRContextHandle(_pkt, /, *, attributes=0, uuid=b'')[source]

Bases: NDRPacket

ALIGNMENT = (4, 4)

aliastypes = [<class 'scapy.layers.dcerpc.NDRContextHandle'>, <class 'scapy.layers.dcerpc.NDRPacket'>, <class 'scapy.layers.dcerpc._NDRPacket'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<LEIntField (NDRContextHandle).attributes>, <StrFixedLenField (NDRContextHandle).uuid>]

guess_payload_class(payload)[source]

class scapy.layers.dcerpc.NDRFieldListField(*args, **kwargs)[source]

Bases: NDRConstructedType, FieldListField

A FieldListField for NDR

i2len(pkt, x)[source]

islist = 1

valueof(pkt, x)[source]

class scapy.layers.dcerpc.NDRFullEmbPointerField(fld, ref=False, fmt='I')[source]

Bases: NDRFullPointerField

A NDR Embedded Full pointer.

Same as NDRFullPointerField with EMBEDDED = True.

EMBEDDED = True

fld

class scapy.layers.dcerpc.NDRFullPointerField(fld, ref=False, fmt='I')[source]

Bases: _FieldContainer

A NDR Full/Unique pointer field encapsulation.

Parameters:: EMBEDDED – This pointer is embedded. This means that it’s representation will not appear after the pointer (pointer deferral applies). See [C706] 14.3.12.3 - Algorithm for Deferral of Referents

EMBEDDED = False

EMBEDDED_REF = False

addfield(pkt, s, val)[source]

any2i(pkt, x)[source]

fld

getfield(pkt, s)[source]

h2i(pkt, x)[source]

i2h(pkt, x)[source]

i2len(pkt, x)[source]

i2repr(pkt, val)[source]

valueof(pkt, x)[source]

class scapy.layers.dcerpc.NDRIEEEDoubleField(*args, **kwargs)[source]

Bases: _NDRField

ALIGN = (8, 8)

FMT = 'd'

class scapy.layers.dcerpc.NDRIEEEFloatField(*args, **kwargs)[source]

Bases: _NDRField

ALIGN = (4, 4)

FMT = 'f'

class scapy.layers.dcerpc.NDRInt3264EnumField(*args, **kwargs)[source]

Bases: NDRAlign

fld

class scapy.layers.dcerpc.NDRInt3264Field(*args, **kwargs)[source]

Bases: _NDRLenField

FMTS = ['I', 'Q']

addfield(pkt, s, val)[source]

getfield(pkt, s)[source]

class scapy.layers.dcerpc.NDRIntEnumField(*args, **kwargs)[source]

Bases: _NDRValueOf, NDRAlign

fld

class scapy.layers.dcerpc.NDRIntField(*args, **kwargs)[source]

Bases: _NDRField

ALIGN = (4, 4)

FMT = 'I'

class scapy.layers.dcerpc.NDRLongField(*args, **kwargs)[source]

Bases: _NDRField

ALIGN = (8, 8)

FMT = 'Q'

class scapy.layers.dcerpc.NDRNone(_pkt, /, *, ptr=0)[source]

Bases: NDRPacket

ALIGNMENT = (4, 8)

aliastypes = [<class 'scapy.layers.dcerpc.NDRNone'>, <class 'scapy.layers.dcerpc.NDRPacket'>, <class 'scapy.layers.dcerpc._NDRPacket'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<NDRInt3264Field (NDRNone).ptr>]

class scapy.layers.dcerpc.NDRPacket(_pkt, /)[source]

Bases: _NDRPacket

A NDR Packet. Handles pointer size & endianness

ALIGNMENT = (1, 1)

DEPORTED_CONFORMANTS = []

aliastypes = [<class 'scapy.layers.dcerpc.NDRPacket'>, <class 'scapy.layers.dcerpc._NDRPacket'>, <class 'scapy.packet.Packet'>]

class scapy.layers.dcerpc.NDRPacketField(name, default, pkt_cls, **kwargs)[source]

Bases: NDRConstructedType, NDRAlign

addfield(pkt, s, x)[source]

fld

getfield(pkt, x)[source]

class scapy.layers.dcerpc.NDRPointer(_pkt, /, *, referent_id=None, value=None)[source]

Bases: _NDRPacket

aliastypes = [<class 'scapy.layers.dcerpc.NDRPointer'>, <class 'scapy.layers.dcerpc._NDRPacket'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<scapy.fields.MultipleTypeField object>, <PacketField (NDRPointer).value>]

scapy.layers.dcerpc.NDRRecursiveClass(clsname)[source]: Return a special class that is used for pointer recursion

class scapy.layers.dcerpc.NDRRefEmbPointerField(fld, ref=False, fmt='I')[source]

Bases: NDRFullPointerField

A NDR Embedded Reference pointer.

Same as NDRFullPointerField with EMBEDDED = True and EMBEDDED_REF = True.

EMBEDDED = True

EMBEDDED_REF = True

fld

class scapy.layers.dcerpc.NDRSerialization1Header(_pkt, /, *, Version=1, Endianness=16, CommonHeaderLength=8, Filler=3435973836)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.dcerpc.NDRSerialization1Header'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteField (NDRSerialization1Header).Version>, <ByteEnumField (NDRSerialization1Header).Endianness>, <LEShortField (NDRSerialization1Header).CommonHeaderLength>, <XLEIntField (NDRSerialization1Header).Filler>]

getfield_and_val(attr)[source]

valueof(name)[source]

class scapy.layers.dcerpc.NDRSerialization1PrivateHeader(_pkt, /, *, ObjectBufferLength=0, Filler=0)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.dcerpc.NDRSerialization1PrivateHeader'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<scapy.contrib.rtps.common_types.EField object>, <XLEIntField (NDRSerialization1PrivateHeader).Filler>]

class scapy.layers.dcerpc.NDRSerializeType1PacketField(*args, **kwargs)[source]

Bases: _NDRSerializeType1, PacketField

ptr_pack

class scapy.layers.dcerpc.NDRSerializeType1PacketLenField(*args, **kwargs)[source]

Bases: _NDRSerializeType1, PacketLenField

ptr_pack

class scapy.layers.dcerpc.NDRSerializeType1PacketListField(*args, **kwargs)[source]

Bases: _NDRSerializeType1, PacketListField

i2len(pkt, val)[source]

ptr_pack

class scapy.layers.dcerpc.NDRShortField(*args, **kwargs)[source]

Bases: _NDRField

ALIGN = (2, 2)

FMT = 'H'

class scapy.layers.dcerpc.NDRSignedByteField(*args, **kwargs)[source]: Bases: _NDRLenField, SignedByteField

class scapy.layers.dcerpc.NDRSignedInt3264Field(*args, **kwargs)[source]

Bases: NDRInt3264Field

FMTS = ['i', 'q']

class scapy.layers.dcerpc.NDRSignedIntField(*args, **kwargs)[source]

Bases: _NDRField

ALIGN = (4, 4)

FMT = 'i'

class scapy.layers.dcerpc.NDRSignedLongField(*args, **kwargs)[source]

Bases: _NDRField

ALIGN = (8, 8)

FMT = 'q'

class scapy.layers.dcerpc.NDRSignedShortField(*args, **kwargs)[source]

Bases: _NDRField

ALIGN = (2, 2)

FMT = 'h'

class scapy.layers.dcerpc.NDRUnion(_pkt, /, *, tag=0, value=None)[source]

Bases: _NDRPacket

aliastypes = [<class 'scapy.layers.dcerpc.NDRUnion'>, <class 'scapy.layers.dcerpc._NDRPacket'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<IntField (NDRUnion).tag>, <PacketField (NDRUnion).value>]

class scapy.layers.dcerpc.NDRUnionField(flds, dflt, align, switch_fmt)[source]

Bases: NDRConstructedType, _NDRUnionField

align

any2i(pkt, x)[source]

switch_fmt

class scapy.layers.dcerpc.NDRVarPacketListField(*args, **kwargs)[source]

Bases: _NDRVarField, _NDRPacketListField

NDR Varying PacketListField. Unused

COUNT_FROM = True

class scapy.layers.dcerpc.NDRVarStrLenField(*args, **kwargs)[source]

Bases: _NDRVarField, StrLenField

NDR Varying StrLenField

LENGTH_FROM = True

class scapy.layers.dcerpc.NDRVarStrLenFieldUtf16(*args, **kwargs)[source]

Bases: _NDRVarField, _NDRValueOf, StrLenFieldUtf16, _NDRUtf16

NDR Varying StrLenFieldUtf16

LENGTH_FROM = True

ON_WIRE_SIZE_UTF16 = False

class scapy.layers.dcerpc.NDRVarStrNullField(*args, **kwargs)[source]

Bases: _NDRVarField, _NDRValueOf, StrNullField

NDR Varying StrNullField

NULLFIELD = True

class scapy.layers.dcerpc.NDRVarStrNullFieldUtf16(*args, **kwargs)[source]

Bases: _NDRVarField, _NDRValueOf, StrNullFieldUtf16, _NDRUtf16

NDR Varying StrNullFieldUtf16

NULLFIELD = True

class scapy.layers.dcerpc.NDRVaryingArray(_pkt, /, *, offset=None, actual_count=None, value=None)[source]

Bases: _NDRPacket

aliastypes = [<class 'scapy.layers.dcerpc.NDRVaryingArray'>, <class 'scapy.layers.dcerpc._NDRPacket'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<scapy.fields.MultipleTypeField object>, <scapy.fields.MultipleTypeField object>, <PacketField (NDRVaryingArray).value>]

class scapy.layers.dcerpc.NL_AUTH_MESSAGE(_pkt, /, *, MessageType=0, Flags=<Flag 0 ()>, NetbiosDomainName=b'', NetbiosComputerName=b'', DnsDomainName=b'.', DnsHostName=b'.', NetbiosComputerNameUtf8=b'.')[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.dcerpc.NL_AUTH_MESSAGE'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<LEIntEnumField (NL_AUTH_MESSAGE).MessageType>, <FlagsField (NL_AUTH_MESSAGE).Flags>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>]

class scapy.layers.dcerpc.NL_AUTH_SIGNATURE(_pkt, /, *, SignatureAlgorithm=119, SealAlgorithm=65535, Pad=65535, Flags=0, SequenceNumber=b'', Checksum=b'', Confounder=b'', Reserved2=None)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.dcerpc.NL_AUTH_SIGNATURE'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<LEShortEnumField (NL_AUTH_SIGNATURE).SignatureAlgorithm>, <LEShortEnumField (NL_AUTH_SIGNATURE).SealAlgorithm>, <XLEShortField (NL_AUTH_SIGNATURE).Pad>, <ShortField (NL_AUTH_SIGNATURE).Flags>, <XStrFixedLenField (NL_AUTH_SIGNATURE).SequenceNumber>, <XStrFixedLenField (NL_AUTH_SIGNATURE).Checksum>, <scapy.fields.ConditionalField object>, <scapy.fields.MultipleTypeField object>]

class scapy.layers.dcerpc.RPC_C_AUTHN(*values)[source]

Bases: IntEnum

CLOUD_AP = 36

DCE_PRIVATE = 1

DCE_PUBLIC = 2

DEC_PUBLIC = 4

DEFAULT = 4294967295

DIGEST = 21

DPA = 17

GSS_KERBEROS = 16

GSS_NEGOTIATE = 9

GSS_SCHANNEL = 14

KERNEL = 20

LIVEXP_SSP = 35

LIVE_SSP = 32

MQ = 100

MSN = 18

MSONLINE = 82

NEGO_EXTENDED = 30

NETLOGON = 68

NONE = 0

PKU2U = 31

WINNT = 10

class scapy.layers.dcerpc.RPC_C_AUTHN_LEVEL(*values)[source]

Bases: IntEnum

CALL = 3

CONNECT = 2

DEFAULT = 0

NONE = 1

PKT = 4

PKT_INTEGRITY = 5

PKT_PRIVACY = 6

class scapy.layers.dcerpc.RPC_C_IMP_LEVEL(*values)[source]

Bases: IntEnum

ANONYMOUS = 1

DEFAULT = 0

DELEGATE = 4

IDENTIFY = 2

IMPERSONATE = 3

scapy.layers.dcerpc.find_com_interface(name) → ComInterface[source]: Find an interface object through the name in the IDL

scapy.layers.dcerpc.find_dcerpc_interface(name) → DceRpcInterface[source]: Find an interface object through the name in the IDL

scapy.layers.dcerpc.ndr_deserialize1(b, cls, ptr_pack=False)[source]

Deserialize Type Serialization Version 1 [MS-RPCE] sect 2.2.6

Parameters:: ptr_pack – pack in a pointer to the structure.

scapy.layers.dcerpc.ndr_serialize1(pkt, ptr_pack=False)[source]

Serialize Type Serialization Version 1 [MS-RPCE] sect 2.2.6

Parameters:: ptr_pack – pack in a pointer to the structure.

scapy.layers.dcerpc.register_com_interface(name, uuid, opnums)[source]: Register a COM interface

scapy.layers.dcerpc.register_dcerpc_interface(name, uuid, version, opnums)[source]: Register a DCE/RPC interface