1# Copyright (c) 2017, The MITRE Corporation. All rights reserved.
2# See LICENSE.txt for complete terms.
3
4from mixbox import entities
5from mixbox import fields
6
7import cybox.bindings.win_driver_object as win_driver_binding
8from cybox.objects.win_executable_file_object import WinExecutableFile
9from cybox.common import String, HexBinary, UnsignedLong
10
11
12class DeviceObjectStruct(entities.Entity):
13    _binding = win_driver_binding
14    _binding_class = win_driver_binding.DeviceObjectStructType
15    _namespace = "http://cybox.mitre.org/objects#WinDriverObject-3"
16    _XSI_NS = "WinDriverObj"
17    _XSI_TYPE = "DeviceObjectStructType"
18
19    attached_device_name = fields.TypedField("Attached_Device_Name", String)
20    attached_device_object = fields.TypedField("Attached_Device_Object", UnsignedLong)
21    attached_to_device_name = fields.TypedField("Attached_To_Device_Name", String)
22    attached_to_device_object = fields.TypedField("Attached_To_Device_Object", UnsignedLong)
23    attached_to_driver_name = fields.TypedField("Attached_To_Driver_Name", String)
24    attached_to_driver_object = fields.TypedField("Attached_To_Driver_Object", UnsignedLong)
25    device_name = fields.TypedField("Device_Name", String)
26    device_object = fields.TypedField("Device_Object", UnsignedLong)
27
28
29class DeviceObjectList(entities.EntityList):
30    _binding = win_driver_binding
31    _binding_class = win_driver_binding.DeviceObjectListType
32    _namespace = "http://cybox.mitre.org/objects#WinDriverObject-3"
33    _XSI_NS = "WinDriverObj"
34    _XSI_TYPE = "DeviceObjectListType"
35
36    device_object_struct = fields.TypedField("Device_Object_Struct", DeviceObjectStruct, multiple=True)
37
38
39class WinDriver(WinExecutableFile):
40    _binding = win_driver_binding
41    _binding_class = win_driver_binding.WindowsDriverObjectType
42    _namespace = "http://cybox.mitre.org/objects#WinDriverObject-3"
43    _XSI_NS = "WinDriverObj"
44    _XSI_TYPE = "WindowsDriverObjectType"
45
46    driver_init = fields.TypedField("Driver_Init", UnsignedLong)
47    driver_name = fields.TypedField("Driver_Name", String)
48    driver_object_address = fields.TypedField("Driver_Object_Address", HexBinary)
49    driver_start_io = fields.TypedField("Driver_Start_IO", HexBinary)
50    driver_unload = fields.TypedField("Driver_Unload", HexBinary)
51    device_object_list = fields.TypedField("Device_Object_List", DeviceObjectList)
52
53    image_base = fields.TypedField("Image_Base", HexBinary)
54    image_size = fields.TypedField("Image_Size", HexBinary)
55
56    irp_mj_cleanup = fields.TypedField("IRP_MJ_CLEANUP", UnsignedLong)
57    irp_mj_close = fields.TypedField("IRP_MJ_CLOSE", UnsignedLong)
58    irp_mj_create = fields.TypedField("IRP_MJ_CREATE", UnsignedLong)
59    irp_mj_create_mailslot = fields.TypedField("IRP_MJ_CREATE_MAILSLOT", UnsignedLong)
60    irp_mj_create_named_pipe = fields.TypedField("IRP_MJ_CREATE_NAMED_PIPE", UnsignedLong)
61    irp_mj_device_change = fields.TypedField("IRP_MJ_DEVICE_CHANGE", UnsignedLong)
62    irp_mj_device_control = fields.TypedField("IRP_MJ_DEVICE_CONTROL", UnsignedLong)
63    irp_mj_directory_control = fields.TypedField("IRP_MJ_DIRECTORY_CONTROL", UnsignedLong)
64    irp_mj_file_system_control = fields.TypedField("IRP_MJ_FILE_SYSTEM_CONTROL", UnsignedLong)
65    irp_mj_flush_buffers = fields.TypedField("IRP_MJ_FLUSH_BUFFERS", UnsignedLong)
66    irp_mj_internal_device_control = fields.TypedField("IRP_MJ_INTERNAL_DEVICE_CONTROL", UnsignedLong)
67    irp_mj_lock_control = fields.TypedField("IRP_MJ_LOCK_CONTROL", UnsignedLong)
68    irp_mj_pnp = fields.TypedField("IRP_MJ_PNP", UnsignedLong)
69    irp_mj_power = fields.TypedField("IRP_MJ_POWER", UnsignedLong)
70    irp_mj_query_ea = fields.TypedField("IRP_MJ_QUERY_EA", UnsignedLong)
71    irp_mj_query_information = fields.TypedField("IRP_MJ_QUERY_INFORMATION", UnsignedLong)
72    irp_mj_query_quota = fields.TypedField("IRP_MJ_QUERY_QUOTA", UnsignedLong)
73    irp_mj_query_security = fields.TypedField("IRP_MJ_QUERY_SECURITY", UnsignedLong)
74    irp_mj_query_volume_information = fields.TypedField("IRP_MJ_QUERY_VOLUME_INFORMATION", UnsignedLong)
75    irp_mj_read = fields.TypedField("IRP_MJ_READ", UnsignedLong)
76    irp_mj_set_ea = fields.TypedField("IRP_MJ_SET_EA", UnsignedLong)
77    irp_mj_set_information = fields.TypedField("IRP_MJ_SET_INFORMATION", UnsignedLong)
78    irp_mj_set_quota = fields.TypedField("IRP_MJ_SET_QUOTA", UnsignedLong)
79    irp_mj_set_security = fields.TypedField("IRP_MJ_SET_SECURITY", UnsignedLong)
80    irp_mj_set_volume_information = fields.TypedField("IRP_MJ_SET_VOLUME_INFORMATION", UnsignedLong)
81    irp_mj_shutdown = fields.TypedField("IRP_MJ_SHUTDOWN", UnsignedLong)
82    irp_mj_system_control = fields.TypedField("IRP_MJ_SYSTEM_CONTROL", UnsignedLong)
83    irp_mj_write = fields.TypedField("IRP_MJ_WRITE", UnsignedLong)
84