SMB::Parser - Convenient data parser for network protocols like SMB
use SMB::Parser; # Parse an imaginative packet of the following structure: # protocol signature (2 bytes in big-endian), header (48), # secret key (8), flags (1), mode (2 in little-endian), # payload offset (4) and length (4), # filename prefixed with length (2 + length), # payload # SMB::Packer documentation shows how it could be packed. my $parser = SMB::Parser->new($packet_data_buffer); die if $parser->uint16_be != 0xFACE; # check signature $parser->skip(48); # skip header (48 bytes) my $body_start = $parser->offset; # store offset (50 here) my $secret = $parser->bytes(8); my $flags = $parser->uint8; my $mode = $parser->uint16; my $payload_offset = $parser->uint32; my $payload_length = $parser->uint32; my $text_length = $parser->uint16; my $filename = $parser->utf16($text_length); $parser->reset($body_start + $payload_offset); my $payload = $parser->bytes($payload_length);
This class allows to parse a binary data, like a network packet data.
It supports extracting blobs, unsigned integers of different lengths, text in arbitrary encoding (SMB uses UTF-16LE) and more.
The current data pointer is usually between 0 and the data size. The managed data once set is never changed, so the data pointer may go over the data size if the caller is not cautious. This is different from SMB::Packer where the data is automatically extended in this case.
This class inherits from SMB, so msg, err, mem, dump, auto-created field accessor and other methods are available as well.
- new DATA
Class constructor. Returns an SMB::Parser instance and initializes its data with DATA and its pointer with 0 using set.
- reset [OFFSET=0]
Resets the current data pointer.
Specifying OFFSET over the managed data size does not produce an error, but may likely cause all consequent parsing calls to return empty/null values with possible warnings, although the pointer consistently continues to advance.
- set DATA [OFFSET=0]
Sets the object DATA (binary scalar) to be parsed and resets the pointer using reset.
Returns the managed data (binary scalar).
Returns the managed data size.
Returns the current data pointer (starts from 0).
- skip N_BYTES
Advances the pointer in N_BYTES (non-negative integer).
Returns the object, to allow chaining a consequent parsing method.
- bytes N_BYTES
Normally returns the binary scalar of length N_BYTES starting from the current data pointer and advances the pointer.
On data overflow, less bytes than N_BYTES returned (and on consequent calls, 0 bytes returns). The data pointer is guaranteed to be advanced in N_BYTES, even on/after the overflow.
The following parsing methods use this method internally, so they share the same logic about reaching the end-of-data and advancing the pointer.
- str N_BYTES [ENCODING='UTF-16LE']
Decodes N_BYTES (non-negative integer) as the text in the requested encoding starting from the current data pointer.
The returned string has the utf8 flag set if it is non-ASCII.
- utf16 N_BYTES
The same as str with encoding 'UTF-16LE'.
- utf16_be N_BYTES
The same as str with encoding 'UTF-16BE'.
Unpacks an unsigned integer of the specified length in bits (i.e. 1, 2, 4, 8 bytes).
By default, the byte order is little-endian (since it is used in SMB). The method suffix "_be" denotes the big-endian byte order for parsing.
Parses a file id used in SMB 1.
Returns an unsigned integer of 2 bytes.
Parses a file id used in SMB 2.
Returns an array ref of two unsigned integers of 8 bytes each.
Mikhael Goikhman <email@example.com>