static int dissect_remunk_remqueryinterface_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) { e_uuid_t ipid; guint32 u32Refs; guint16 u16IIDs; guint32 u32ArraySize; guint32 u32ItemIdx; e_uuid_t iid; dcerpc_info *info = (dcerpc_info *) pinfo->private_data; remunk_remqueryinterface_call_t *call; offset = dissect_dcom_this(tvb, offset, pinfo, tree, drep); offset = dissect_dcom_UUID(tvb, offset, pinfo, tree, drep, hf_dcom_ipid, &ipid); offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, drep, hf_remunk_refs, &u32Refs); offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, drep, hf_remunk_iids, &u16IIDs); offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, drep, &u32ArraySize); /* limit the allocation to a reasonable size */ if(u32ArraySize < 100) { call = (remunk_remqueryinterface_call_t *)wmem_alloc(wmem_file_scope(), sizeof(remunk_remqueryinterface_call_t) + u32ArraySize * sizeof(e_uuid_t)); call->iid_count = u32ArraySize; call->iids = (e_uuid_t *) (call+1); info->call_data->private_data = call; } else { call = NULL; } for (u32ItemIdx = 0; u32ArraySize--; u32ItemIdx++) { offset = dissect_dcom_append_UUID(tvb, offset, pinfo, tree, drep, hf_dcom_iid, u32ItemIdx+1, &iid); if(call != NULL) { call->iids[u32ItemIdx] = iid; } } return offset; }
static int dissect_remact_remote_activation_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep) { guint32 u32ClientImpLevel; guint32 u32Mode; guint32 u32Interfaces; guint32 u32Pointer; guint32 u32ArraySize; guint32 u32ItemIdx; guint16 u16ProtSeqs; e_guid_t clsid; e_guid_t iid; gchar szObjName[1000] = { 0 }; guint32 u32ObjNameLen = sizeof(szObjName); offset = dissect_dcom_this(tvb, offset, pinfo, tree, di, drep); offset = dissect_dcom_append_UUID(tvb, offset, pinfo, tree, di, drep, hf_dcom_clsid, -1, &clsid); offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, di, drep, &u32Pointer); if (u32Pointer) { offset = dissect_dcom_BSTR(tvb, offset, pinfo, tree, di, drep, hf_remact_object_name, szObjName, u32ObjNameLen); } offset = dissect_dcom_PMInterfacePointer(tvb, offset, pinfo, tree, di, drep, hf_remact_object_storage, NULL /* XXX */); offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, di, drep, hf_remact_client_impl_level, &u32ClientImpLevel); offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, di, drep, hf_remact_mode, &u32Mode); /* Interfaces */ offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, di, drep, hf_remact_interfaces, &u32Interfaces); offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, di, drep, &u32Pointer); if (u32Pointer) { offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, di, drep, &u32ArraySize); u32ItemIdx = 1; while (u32Interfaces--) { offset = dissect_dcom_append_UUID(tvb, offset, pinfo, tree, di, drep, hf_dcom_iid, u32ItemIdx, &iid); u32ItemIdx++; } } offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, di, drep, hf_remact_requested_protseqs, &u16ProtSeqs); offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, di, drep, &u32ArraySize); u32ItemIdx = 1; while (u32ArraySize--) { offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, di, drep, hf_remact_protseqs, &u16ProtSeqs); u32ItemIdx++; } return offset; }