static int
dissect_oxid_resolve_oxid2_rqst(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
guint16 u16ProtSeqs;
guint32 u32ArraySize;
guint32 u32ItemIdx;
offset = dissect_dcom_ID(tvb, offset, pinfo, tree, drep,
hf_oxid_oxid, NULL);
offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, drep,
hf_oxid_requested_protseqs, &u16ProtSeqs);
offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, drep,
&u32ArraySize);
u32ItemIdx = 1;
while (u32ArraySize--) {
offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, drep,
hf_oxid_protseqs, &u16ProtSeqs);
u32ItemIdx++;
}
return offset;
}
static int
dissect_oxid_complex_ping_rqst(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
guint16 u16SeqNum;
guint16 u16AddToSet;
guint16 u16DelFromSet;
guint32 u32Pointer;
guint32 u32ArraySize;
offset = dissect_dcom_ID(tvb, offset, pinfo, tree, drep,
hf_oxid_setid, NULL);
offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, drep,
hf_oxid_seqnum, &u16SeqNum);
offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, drep,
hf_oxid_addtoset, &u16AddToSet);
offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, drep,
hf_oxid_delfromset, &u16DelFromSet);
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO, " AddToSet=%u DelFromSet=%u",
u16AddToSet, u16DelFromSet);
}
offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, drep,
&u32Pointer);
if (u32Pointer) {
offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, drep,
&u32ArraySize);
while (u16AddToSet--) {
offset = dissect_dcom_ID(tvb, offset, pinfo, tree, drep,
hf_oxid_oid, NULL);
}
}
offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, drep,
&u32Pointer);
if (u32Pointer) {
offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, drep,
&u32ArraySize);
while (u16DelFromSet--) {
offset = dissect_dcom_ID(tvb, offset, pinfo, tree, drep,
hf_oxid_oid, NULL);
}
}
return offset;
}
static int
dissect_remunk_remqueryinterface_rqst(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
e_uuid_t ipid;
guint32 u32Refs;
guint16 u16IIDs;
guint32 u32ArraySize;
guint32 u32ItemIdx;
e_uuid_t iid;
dcerpc_info *info = (dcerpc_info *) pinfo->private_data;
remunk_remqueryinterface_call_t *call;
offset = dissect_dcom_this(tvb, offset, pinfo, tree, drep);
offset = dissect_dcom_UUID(tvb, offset, pinfo, tree, drep,
hf_dcom_ipid, &ipid);
offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, drep,
hf_remunk_refs, &u32Refs);
offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, drep,
hf_remunk_iids, &u16IIDs);
offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, drep,
&u32ArraySize);
/* limit the allocation to a reasonable size */
if(u32ArraySize < 100) {
call = (remunk_remqueryinterface_call_t *)wmem_alloc(wmem_file_scope(), sizeof(remunk_remqueryinterface_call_t) + u32ArraySize * sizeof(e_uuid_t));
call->iid_count = u32ArraySize;
call->iids = (e_uuid_t *) (call+1);
info->call_data->private_data = call;
} else {
call = NULL;
}
for (u32ItemIdx = 0; u32ArraySize--; u32ItemIdx++) {
offset = dissect_dcom_append_UUID(tvb, offset, pinfo, tree, drep,
hf_dcom_iid, u32ItemIdx+1, &iid);
if(call != NULL) {
call->iids[u32ItemIdx] = iid;
}
}
return offset;
}
static int
dissect_oxid_complex_ping_resp(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
{
guint16 u16PingBackoffFactor;
guint32 u32HResult;
offset = dissect_dcom_ID(tvb, offset, pinfo, tree, di, drep,
hf_oxid_setid, NULL);
offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, di, drep,
hf_oxid_ping_backoff_factor, &u16PingBackoffFactor);
offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, di, drep,
&u32HResult);
col_append_fstr(pinfo->cinfo, COL_INFO, " -> %s",
val_to_str(u32HResult, dcom_hresult_vals, "Unknown (0x%08x)") );
return offset;
}
static int
dissect_remact_remote_activation_rqst(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
{
guint32 u32ClientImpLevel;
guint32 u32Mode;
guint32 u32Interfaces;
guint32 u32Pointer;
guint32 u32ArraySize;
guint32 u32ItemIdx;
guint16 u16ProtSeqs;
e_guid_t clsid;
e_guid_t iid;
gchar szObjName[1000] = { 0 };
guint32 u32ObjNameLen = sizeof(szObjName);
offset = dissect_dcom_this(tvb, offset, pinfo, tree, di, drep);
offset = dissect_dcom_append_UUID(tvb, offset, pinfo, tree, di, drep,
hf_dcom_clsid, -1, &clsid);
offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, di, drep,
&u32Pointer);
if (u32Pointer) {
offset = dissect_dcom_BSTR(tvb, offset, pinfo, tree, di, drep,
hf_remact_object_name, szObjName, u32ObjNameLen);
}
offset = dissect_dcom_PMInterfacePointer(tvb, offset, pinfo, tree, di, drep,
hf_remact_object_storage, NULL /* XXX */);
offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, di, drep,
hf_remact_client_impl_level, &u32ClientImpLevel);
offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, di, drep,
hf_remact_mode, &u32Mode);
/* Interfaces */
offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, di, drep,
hf_remact_interfaces, &u32Interfaces);
offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, di, drep,
&u32Pointer);
if (u32Pointer) {
offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, di, drep,
&u32ArraySize);
u32ItemIdx = 1;
while (u32Interfaces--) {
offset = dissect_dcom_append_UUID(tvb, offset, pinfo, tree, di, drep,
hf_dcom_iid, u32ItemIdx, &iid);
u32ItemIdx++;
}
}
offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, di, drep,
hf_remact_requested_protseqs, &u16ProtSeqs);
offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, di, drep,
&u32ArraySize);
u32ItemIdx = 1;
while (u32ArraySize--) {
offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, di, drep,
hf_remact_protseqs, &u16ProtSeqs);
u32ItemIdx++;
}
return offset;
}
int
dissect_IDispatch_Invoke_resp(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
guint32 u32Pointer;
guint32 u32Pointer2;
guint32 u32Pointer3;
guint32 u32VariableOffset;
guint32 u32ArraySize;
guint32 u32SubStart;
guint16 u16Code;
guint16 u16Reserved;
guint32 u32HelpContext;
guint32 u32Reserved;
guint32 u32DeferredFillIn;
guint32 u32ArgErr;
guint32 u32HResult;
guint32 u32SCode;
guint32 u32VarRef;
gchar szName[1000] = { 0 };
proto_item *excepinfo_item;
proto_tree *excepinfo_tree;
offset = dissect_dcom_that(tvb, offset, pinfo, tree, drep);
offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, drep,
&u32Pointer);
if (u32Pointer) {
offset = dissect_dcom_VARIANT(tvb, offset, pinfo, tree, drep, hf_dispatch_varresult);
}
/* ExcepInfo */
excepinfo_item = proto_tree_add_item(tree, hf_dispatch_excepinfo, tvb, offset, 0, FALSE);
excepinfo_tree = proto_item_add_subtree (excepinfo_item, ett_dispatch_excepinfo);
u32SubStart = offset;
offset = dissect_dcom_WORD(tvb, offset, pinfo, excepinfo_tree, drep,
hf_dispatch_code, &u16Code);
offset = dissect_dcom_WORD(tvb, offset, pinfo, excepinfo_tree, drep,
hf_dispatch_reserved16, &u16Reserved);
offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, excepinfo_tree, drep,
&u32Pointer);
offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, excepinfo_tree, drep,
&u32Pointer2);
offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, excepinfo_tree, drep,
&u32Pointer3);
offset = dissect_dcom_DWORD(tvb, offset, pinfo, excepinfo_tree, drep,
hf_dispatch_help_context, &u32HelpContext);
offset = dissect_dcom_DWORD(tvb, offset, pinfo, excepinfo_tree, drep,
hf_dispatch_reserved32, &u32Reserved);
offset = dissect_dcom_DWORD(tvb, offset, pinfo, excepinfo_tree, drep,
hf_dispatch_deferred_fill_in, &u32DeferredFillIn);
offset = dissect_dcom_DWORD(tvb, offset, pinfo, excepinfo_tree, drep,
hf_dispatch_scode, &u32SCode);
if (u32Pointer) {
offset = dissect_dcom_BSTR(tvb, offset, pinfo, excepinfo_tree, drep,
hf_dispatch_source, szName, sizeof(szName));
}
if (u32Pointer2) {
offset = dissect_dcom_BSTR(tvb, offset, pinfo, excepinfo_tree, drep,
hf_dispatch_description, szName, sizeof(szName));
}
if (u32Pointer3) {
offset = dissect_dcom_BSTR(tvb, offset, pinfo, excepinfo_tree, drep,
hf_dispatch_help_file, szName, sizeof(szName));
}
proto_item_append_text(excepinfo_item, ", SCode: %s",
val_to_str(u32SCode, dcom_hresult_vals, "Unknown (0x%08x)"));
proto_item_set_len(excepinfo_item, offset - u32SubStart);
/* end of ExcepInfo */
offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, drep,
hf_dispatch_arg_err, &u32ArgErr);
/* rgVarRef: VARIANT[u32VarRef] */
offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, drep,
&u32ArraySize);
u32VarRef = u32ArraySize;
u32VariableOffset = offset + u32ArraySize * 4;
while(u32ArraySize--) {
offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, drep,
&u32Pointer);
if (u32Pointer) {
u32VariableOffset = dissect_dcom_VARIANT(tvb, u32VariableOffset, pinfo, tree, drep, hf_dispatch_varrefarg);
}
}
offset = u32VariableOffset;
/* HRESULT of call */
offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, drep,
&u32HResult);
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO, " SCode=%s VarRef=%u -> %s",
val_to_str(u32SCode, dcom_hresult_vals, "Unknown (0x%08x)"),
u32VarRef,
val_to_str(u32HResult, dcom_hresult_vals, "Unknown (0x%08x)") );
}
return offset;
}