ETH_HF
ETH_ETT
static int
ucarray_drsuapi_dissect_DsReplicaSyncRequest1Info_nc_dn(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
{
static guint32 len;
int old_offset;
if(di->conformant_run) {
/*just a run to handle conformant arrays, nothing to dissect
but we need to remember how long this array was.
see packet-dcerpc.c for examples of conformant_run
and what it is.
*/
old_offset=offset;
offset=dissect_dcerpc_uint32(tvb, offset, pinfo, NULL, drep, -1, &len);
di->array_max_count_offset=offset-4;
di->conformant_run=1;
di->conformant_eaten=offset-old_offset;
return offset;
}
ALIGN_TO_2_BYTES;
if (tree && len) {
proto_tree_add_item(tree, hf_drsuapi_DsReplicaSyncRequest1Info_nc_dn, tvb, offset,
len*2, ENC_UTF_16|ENC_LITTLE_ENDIAN);
}
offset+=2*len;
return offset;
}
int
PIDL_dissect_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep,
int hfindex, guint32 param)
{
dcerpc_info *di;
guint32 val;
di=pinfo->private_data;
if(di->conformant_run){
/* just a run to handle conformant arrays, no scalars to dissect */
return offset;
}
if (offset % 4) {
offset += 4 - (offset % 4);
}
offset=dissect_dcerpc_uint32 (tvb, offset, pinfo,
tree, drep, hfindex, &val);
if(param&PIDL_SET_COL_INFO){
header_field_info *hf_info;
char *valstr;
hf_info=proto_registrar_get_nth(hfindex);
valstr=ep_alloc(64);
valstr[0]=0;
switch(hf_info->display){
case BASE_DEC:
if(hf_info->strings){
g_snprintf(valstr, 64, "%s(%d)",val_to_str(val, hf_info->strings, "Unknown:%u"), val);
} else {
g_snprintf(valstr, 64, "%d", val);
}
break;
case BASE_HEX:
if(hf_info->strings){
g_snprintf(valstr, 64, "%s(0x%08x)",val_to_str(val, hf_info->strings, "Unknown:%u"), val);
} else {
g_snprintf(valstr, 64, "0x%08x", val);
}
break;
default:
REPORT_DISSECTOR_BUG("Invalid hf->display value");
}
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO," %s:%s", hf_info->name, valstr);
}
}
return offset;
}
int
PIDL_dissect_uint32_val(tvbuff_t *tvb, gint offset, packet_info *pinfo,
proto_tree *tree, dcerpc_info *di, guint8 *drep,
int hfindex, guint32 param, guint32 *rval)
{
guint32 val;
if (di->conformant_run) {
/* just a run to handle conformant arrays, no scalars to dissect */
return offset;
}
if (!di->no_align && (offset % 4)) {
offset += 4 - (offset % 4);
}
offset = dissect_dcerpc_uint32(tvb, offset, pinfo,
tree, drep, hfindex, &val);
if (param&PIDL_SET_COL_INFO) {
header_field_info *hf_info;
char *valstr;
hf_info = proto_registrar_get_nth(hfindex);
valstr = (char *)wmem_alloc(wmem_packet_scope(), 64);
valstr[0]=0;
switch (hf_info->display) {
case BASE_DEC:
if (hf_info->strings) {
g_snprintf(valstr, 64, "%s(%d)",val_to_str(val, (const value_string *)hf_info->strings, "Unknown:%u"), val);
} else {
g_snprintf(valstr, 64, "%d", val);
}
break;
case BASE_HEX:
if (hf_info->strings) {
g_snprintf(valstr, 64, "%s(0x%08x)",val_to_str(val, (const value_string *)hf_info->strings, "Unknown:%u"), val);
} else {
g_snprintf(valstr, 64, "0x%08x", val);
}
break;
default:
REPORT_DISSECTOR_BUG("Invalid hf->display value");
}
col_append_fstr(pinfo->cinfo, COL_INFO," %s:%s", hf_info->name, valstr);
}
if (rval != NULL) {
*rval = val;
}
return offset;
}
static int
svcctl_dissect_dwServiceType_flags(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *parent_tree,
guint8 *drep, int opnum)
{
guint32 value, len=4;
proto_item *item = NULL;
proto_tree *tree = NULL;
(void) dissect_dcerpc_uint32 (tvb, offset, pinfo, NULL, drep, 0, &value);
if(parent_tree) {
item = proto_tree_add_uint(parent_tree, hf_svcctl_service_type, tvb, offset, len, value);
tree = proto_item_add_subtree(item, ett_dcerpc_svcctl_service_type_bits);
}
switch(opnum) {
case SVC_CREATE_SERVICE_W:
proto_tree_add_boolean(tree, hf_svcctl_service_type_interactive_process,
tvb, offset, len, value & SVCCTL_SERVICE_TYPE_INTERACTIVE_PROCESS);
proto_tree_add_boolean(tree, hf_svcctl_service_type_win32_share_process,
tvb, offset, len, value & SVCCTL_SERVICE_TYPE_WIN32_SHARE_PROCESS);
proto_tree_add_boolean(tree, hf_svcctl_service_type_win32_own_process,
tvb, offset, len, value & SVCCTL_SERVICE_TYPE_WIN32_OWN_PROCESS);
proto_tree_add_boolean(tree, hf_svcctl_service_type_fs_driver,
tvb, offset, len, value & SVCCTL_SERVICE_TYPE_FILE_SYSTEM_DRIVER);
proto_tree_add_boolean(tree, hf_svcctl_service_type_kernel_driver,
tvb, offset, len, value & SVCCTL_SERVICE_TYPE_KERNEL_DRIVER);
break;
case SVC_ENUM_SERVICES_STATUS_W:
proto_tree_add_boolean(tree, hf_svcctl_service_type_win32_share_process,
tvb, offset, len, value & SVCCTL_SERVICE_TYPE_WIN32_SHARE_PROCESS);
proto_tree_add_boolean(tree, hf_svcctl_service_type_win32_own_process,
tvb, offset, len, value & SVCCTL_SERVICE_TYPE_WIN32_OWN_PROCESS);
proto_tree_add_boolean(tree, hf_svcctl_service_type_fs_driver,
tvb, offset, len, value & SVCCTL_SERVICE_TYPE_FILE_SYSTEM_DRIVER);
proto_tree_add_boolean(tree, hf_svcctl_service_type_kernel_driver,
tvb, offset, len, value & SVCCTL_SERVICE_TYPE_KERNEL_DRIVER);
break;
case SVC_QUERY_SERVICE_CONFIG_W:
proto_tree_add_boolean(tree, hf_svcctl_service_type_win32_share_process,
tvb, offset, len, value & SVCCTL_SERVICE_TYPE_WIN32_SHARE_PROCESS);
proto_tree_add_boolean(tree, hf_svcctl_service_type_win32_own_process,
tvb, offset, len, value & SVCCTL_SERVICE_TYPE_WIN32_OWN_PROCESS);
proto_tree_add_boolean(tree, hf_svcctl_service_type_fs_driver,
tvb, offset, len, value & SVCCTL_SERVICE_TYPE_FILE_SYSTEM_DRIVER);
proto_tree_add_boolean(tree, hf_svcctl_service_type_kernel_driver,
tvb, offset, len, value & SVCCTL_SERVICE_TYPE_KERNEL_DRIVER);
break;
}
offset += len;
return offset;
}
int
dissect_ndr_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep,
int hfindex, guint32 *pdata)
{
dcerpc_info *di;
di=pinfo->private_data;
if(di->conformant_run){
/* just a run to handle conformant arrays, no scalars to dissect */
return offset;
}
if (offset % 4) {
offset += 4 - (offset % 4);
}
return dissect_dcerpc_uint32 (tvb, offset, pinfo,
tree, drep, hfindex, pdata);
}
int
dissect_ndr_uint32(tvbuff_t *tvb, gint offset, packet_info *pinfo,
proto_tree *tree, dcerpc_info *di, guint8 *drep,
int hfindex, guint32 *pdata)
{
/* Some callers expect us to initialize pdata, even in error conditions, so
* do it right away in case we forget later */
if (pdata)
*pdata = 0;
if ((di != NULL) && (di->conformant_run)) {
/* just a run to handle conformant arrays, no scalars to dissect */
return offset;
}
if ((di != NULL) && (!di->no_align) && (offset % 4)) {
offset += 4 - (offset % 4);
}
return dissect_dcerpc_uint32(tvb, offset, pinfo,
tree, drep, hfindex, pdata);
}
