DCE/RPC: Add DCOM support #4815
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR adds comprehensive DCOM (Distributed Component Object Model) support to Scapy's DCE/RPC implementation. The main purpose is to enable Scapy to handle COM object instantiation, interface management, and remote method calls over DCE/RPC.
Key changes include:
- Implementation of a new
DCOM_Clientclass with full object lifecycle management capabilities - Enhanced DCE/RPC client with improved binding contexts, error handling, and security verification
- Extension of NDR field types and recursive field handling for complex DCOM structures
Reviewed Changes
Copilot reviewed 15 out of 15 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| scapy/packet.py | Error message fix for field building operation |
| scapy/layers/smb2.py | Addition of new SMB2 status codes for DCOM compatibility |
| scapy/layers/ntlm.py | Removal of duplicate error handling code |
| scapy/layers/msrpce/rpcserver.py | Import reorganization and typing improvements |
| scapy/layers/msrpce/rpcclient.py | Major enhancements to DCE/RPC client with security verification |
| scapy/layers/msrpce/raw/ms_dcom.py | Complete DCOM interface definitions and packet structures |
| scapy/layers/msrpce/mseerr.py | Error handling fix for extended error information |
| scapy/layers/msrpce/msdcom.py | New comprehensive DCOM client implementation |
| scapy/layers/msrpce/ept.py | Protocol identifier enum consolidation |
| scapy/layers/dcerpc.py | Core DCE/RPC improvements including COM interface support |
| scapy/fields.py | UTF-16 string length calculation fix |
| scapy/config.py | Addition of NDR64 configuration option |
| doc/scapy/layers/dcom.rst | New documentation for DCOM functionality |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## master #4815 +/- ##
==========================================
- Coverage 80.99% 80.21% -0.78%
==========================================
Files 365 348 -17
Lines 89112 89348 +236
==========================================
- Hits 72173 71672 -501
- Misses 16939 17676 +737
🚀 New features to boost your workflow:
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
DCOM_Clientclass that can instanciate classes, request interfaces, release them, call methods, etc.DCE/RPCclient, most notably improvements to the the handling of bindings contexts and better handling of errors in requestsDCERPC_Client