int
dissect_IDispatch_GetIDsOfNames_resp(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
guint32 u32DispId;
guint32 u32ArraySize;
guint32 u32Tmp;
guint32 u32HResult;
offset = dissect_dcom_that(tvb, offset, pinfo, tree, drep);
offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, drep,
&u32ArraySize);
u32Tmp = u32ArraySize;
while (u32Tmp--) {
offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, drep,
hf_dispatch_id, &u32DispId);
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO, " ID=0x%x", u32DispId);
}
}
/* HRESULT of call */
offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, drep,
&u32HResult);
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO, " -> %s",
val_to_str(u32HResult, dcom_hresult_vals, "Unknown (0x%08x)") );
}
return offset;
}
int
dissect_IDispatch_GetTypeInfo_resp(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
guint32 u32HResult;
guint32 u32Pointer;
offset = dissect_dcom_that(tvb, offset, pinfo, tree, drep);
offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, drep,
&u32Pointer);
if (u32Pointer) {
offset = dissect_dcom_MInterfacePointer(tvb, offset, pinfo, tree, drep, hf_dispatch_itinfo, NULL /* XXX */);
}
/* HRESULT of call */
offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, drep,
&u32HResult);
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO, " -> %s",
val_to_str(u32HResult, dcom_hresult_vals, "Unknown (0x%08x)") );
}
return offset;
}
static int
dissect_remsysact_remotecreateinstance_resp(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_dcom_that(tvb, offset, pinfo, tree, drep);
offset = dissect_dcom_PMInterfacePointer(tvb, offset, pinfo, tree, drep,
hf_sysact_unknown, NULL /* XXX */);
offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, drep,
NULL /* pu32HResult */);
return offset;
}
int
dissect_IDispatch_GetTypeInfoCount_resp(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
guint32 u32TInfo;
guint32 u32HResult;
offset = dissect_dcom_that(tvb, offset, pinfo, tree, drep);
offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, drep,
hf_dispatch_tinfo, &u32TInfo);
/* HRESULT of call */
offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, drep,
&u32HResult);
col_append_fstr(pinfo->cinfo, COL_INFO, " -> %s",
val_to_str(u32HResult, dcom_hresult_vals, "Unknown (0x%08x)") );
return offset;
}
static int
dissect_remact_remote_activation_resp(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
{
guint32 u32Pointer;
e_guid_t ipid;
guint32 u32AuthnHint;
guint16 u16VersionMajor;
guint16 u16VersionMinor;
guint32 u32HResult;
guint32 u32ArraySize;
guint32 u32Idx;
guint32 u32VariableOffset;
offset = dissect_dcom_that(tvb, offset, pinfo, tree, di, drep);
offset = dissect_dcom_ID(tvb, offset, pinfo, tree, di, drep,
hf_dcom_oxid, NULL);
offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, di, drep,
&u32Pointer);
if (u32Pointer) {
offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, di, drep,
&u32ArraySize);
offset = dissect_dcom_DUALSTRINGARRAY(tvb, offset, pinfo, tree, di, drep,
hf_remact_oxid_bindings, NULL);
}
offset = dissect_dcom_UUID(tvb, offset, pinfo, tree, di, drep,
hf_dcom_ipid, &ipid);
offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, di, drep,
hf_remact_authn_hint, &u32AuthnHint);
offset = dissect_dcom_COMVERSION(tvb, offset, pinfo, tree, di, drep,
&u16VersionMajor, &u16VersionMinor);
offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, di, drep,
&u32HResult);
offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, di, drep,
&u32ArraySize);
u32VariableOffset = offset + u32ArraySize * 4;
while (u32ArraySize--) {
offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, di, drep,
&u32Pointer);
if (u32Pointer) {
u32VariableOffset = dissect_dcom_MInterfacePointer(tvb, u32VariableOffset, pinfo, tree, di, drep,
hf_remact_interface_data, NULL /* XXX */);
}
}
offset = u32VariableOffset;
offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, di, drep,
&u32ArraySize);
u32Idx = 1;
while (u32ArraySize--) {
offset = dissect_dcom_indexed_HRESULT(tvb, offset, pinfo, tree, di, drep,
&u32HResult, u32Idx);
/* update column info now */
col_append_fstr(pinfo->cinfo, COL_INFO, " %s[%u]",
val_to_str(u32HResult, dcom_hresult_vals, "Unknown (0x%08x)"),
u32Idx);
u32Idx++;
}
offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, di, drep,
&u32HResult);
/* update column info now */
col_append_fstr(pinfo->cinfo, COL_INFO, " -> %s",
val_to_str(u32HResult, dcom_hresult_vals, "Unknown (0x%08x)"));
return offset;
}
int
dissect_IDispatch_Invoke_resp(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
guint32 u32Pointer;
guint32 u32Pointer2;
guint32 u32Pointer3;
guint32 u32VariableOffset;
guint32 u32ArraySize;
guint32 u32SubStart;
guint16 u16Code;
guint16 u16Reserved;
guint32 u32HelpContext;
guint32 u32Reserved;
guint32 u32DeferredFillIn;
guint32 u32ArgErr;
guint32 u32HResult;
guint32 u32SCode;
guint32 u32VarRef;
gchar szName[1000] = { 0 };
proto_item *excepinfo_item;
proto_tree *excepinfo_tree;
offset = dissect_dcom_that(tvb, offset, pinfo, tree, drep);
offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, drep,
&u32Pointer);
if (u32Pointer) {
offset = dissect_dcom_VARIANT(tvb, offset, pinfo, tree, drep, hf_dispatch_varresult);
}
/* ExcepInfo */
excepinfo_item = proto_tree_add_item(tree, hf_dispatch_excepinfo, tvb, offset, 0, FALSE);
excepinfo_tree = proto_item_add_subtree (excepinfo_item, ett_dispatch_excepinfo);
u32SubStart = offset;
offset = dissect_dcom_WORD(tvb, offset, pinfo, excepinfo_tree, drep,
hf_dispatch_code, &u16Code);
offset = dissect_dcom_WORD(tvb, offset, pinfo, excepinfo_tree, drep,
hf_dispatch_reserved16, &u16Reserved);
offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, excepinfo_tree, drep,
&u32Pointer);
offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, excepinfo_tree, drep,
&u32Pointer2);
offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, excepinfo_tree, drep,
&u32Pointer3);
offset = dissect_dcom_DWORD(tvb, offset, pinfo, excepinfo_tree, drep,
hf_dispatch_help_context, &u32HelpContext);
offset = dissect_dcom_DWORD(tvb, offset, pinfo, excepinfo_tree, drep,
hf_dispatch_reserved32, &u32Reserved);
offset = dissect_dcom_DWORD(tvb, offset, pinfo, excepinfo_tree, drep,
hf_dispatch_deferred_fill_in, &u32DeferredFillIn);
offset = dissect_dcom_DWORD(tvb, offset, pinfo, excepinfo_tree, drep,
hf_dispatch_scode, &u32SCode);
if (u32Pointer) {
offset = dissect_dcom_BSTR(tvb, offset, pinfo, excepinfo_tree, drep,
hf_dispatch_source, szName, sizeof(szName));
}
if (u32Pointer2) {
offset = dissect_dcom_BSTR(tvb, offset, pinfo, excepinfo_tree, drep,
hf_dispatch_description, szName, sizeof(szName));
}
if (u32Pointer3) {
offset = dissect_dcom_BSTR(tvb, offset, pinfo, excepinfo_tree, drep,
hf_dispatch_help_file, szName, sizeof(szName));
}
proto_item_append_text(excepinfo_item, ", SCode: %s",
val_to_str(u32SCode, dcom_hresult_vals, "Unknown (0x%08x)"));
proto_item_set_len(excepinfo_item, offset - u32SubStart);
/* end of ExcepInfo */
offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, drep,
hf_dispatch_arg_err, &u32ArgErr);
/* rgVarRef: VARIANT[u32VarRef] */
offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, drep,
&u32ArraySize);
u32VarRef = u32ArraySize;
u32VariableOffset = offset + u32ArraySize * 4;
while(u32ArraySize--) {
offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, drep,
&u32Pointer);
if (u32Pointer) {
u32VariableOffset = dissect_dcom_VARIANT(tvb, u32VariableOffset, pinfo, tree, drep, hf_dispatch_varrefarg);
}
}
offset = u32VariableOffset;
/* HRESULT of call */
offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, drep,
&u32HResult);
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO, " SCode=%s VarRef=%u -> %s",
val_to_str(u32SCode, dcom_hresult_vals, "Unknown (0x%08x)"),
u32VarRef,
val_to_str(u32HResult, dcom_hresult_vals, "Unknown (0x%08x)") );
}
return offset;
}
static int
dissect_remunk_remqueryinterface_resp(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
guint32 u32Pointer;
guint32 u32ArraySize;
guint32 u32ItemIdx;
proto_item *sub_item;
proto_tree *sub_tree;
guint32 u32HResult;
guint32 u32SubStart;
e_uuid_t iid;
e_uuid_t iid_null = DCERPC_UUID_NULL;
dcerpc_info *info = (dcerpc_info *) pinfo->private_data;
remunk_remqueryinterface_call_t *call = (remunk_remqueryinterface_call_t *)info->call_data->private_data;
guint64 oxid;
guint64 oid;
e_uuid_t ipid;
offset = dissect_dcom_that(tvb, offset, pinfo, tree, drep);
offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, drep,
&u32Pointer);
offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, drep,
&u32ArraySize);
u32ItemIdx = 1;
while (u32ArraySize--) {
/* add subtree */
sub_item = proto_tree_add_item(tree, hf_remunk_qiresult, tvb, offset, 0, ENC_NA);
sub_tree = proto_item_add_subtree(sub_item, ett_remunk_rqi_result);
/* REMQIRESULT */
offset = dissect_dcom_HRESULT(tvb, offset, pinfo, sub_tree, drep,
&u32HResult);
u32SubStart = offset - 4;
offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, sub_tree, drep,
&u32Pointer);
/* try to read the iid from the request */
if(call != NULL && u32ItemIdx <= call->iid_count) {
iid = call->iids[u32ItemIdx-1];
} else {
iid = iid_null;
}
/* XXX - this doesn't seem to be dependent on the pointer above?!? */
/*if (u32Pointer) {*/
offset = dissect_dcom_STDOBJREF(tvb, offset, pinfo, sub_tree, drep, 0 /* hfindex */,
&oxid, &oid, &ipid);
/*}*/
/* add interface instance to database (we currently only handle IPv4) */
if(pinfo->net_src.type == AT_IPv4) {
dcom_interface_new(pinfo,
(guint8 *)pinfo->net_src.data,
&iid, oxid, oid, &ipid);
}
/* update subtree */
proto_item_append_text(sub_item, "[%u]: %s",
u32ItemIdx,
val_to_str(u32HResult, dcom_hresult_vals, "Unknown (0x%08x)") );
proto_item_set_len(sub_item, offset - u32SubStart);
/* update column info now */
col_append_fstr(pinfo->cinfo, COL_INFO, " %s[%u]",
val_to_str(u32HResult, dcom_hresult_vals, "Unknown (0x%08x)"),
u32ItemIdx);
u32ItemIdx++;
}
/* HRESULT of call */
offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, drep,
&u32HResult);
/* update column info now */
col_append_fstr(pinfo->cinfo, COL_INFO, " -> %s",
val_to_str(u32HResult, dcom_hresult_vals, "Unknown (0x%08x)"));
return offset;
}
