Exemplo n.º 1
0
static int
dissect_oxid_complex_ping_rqst(tvbuff_t *tvb, int offset,
	packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
	guint16	u16SeqNum;
	guint16	u16AddToSet;
	guint16	u16DelFromSet;
	guint32	u32Pointer;
	guint32	u32ArraySize;

	offset = dissect_dcom_ID(tvb, offset, pinfo, tree, drep, 
						hf_oxid_setid, NULL);

	offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, drep, 
						hf_oxid_seqnum, &u16SeqNum);
	offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, drep, 
						hf_oxid_addtoset, &u16AddToSet);
	offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, drep, 
						hf_oxid_delfromset, &u16DelFromSet);

	if (check_col(pinfo->cinfo, COL_INFO)) {
		col_append_fstr(pinfo->cinfo, COL_INFO, " AddToSet=%u DelFromSet=%u", 
			u16AddToSet, u16DelFromSet);
	}

	offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, drep,
						&u32Pointer);
	if (u32Pointer) {
		offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, drep, 
							&u32ArraySize);

		while (u16AddToSet--) {
			offset = dissect_dcom_ID(tvb, offset, pinfo, tree, drep, 
							hf_oxid_oid, NULL);
		}
	}

	offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, drep,
						&u32Pointer);
    if (u32Pointer) {
		offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, drep, 
							&u32ArraySize);

		while (u16DelFromSet--) {
			offset = dissect_dcom_ID(tvb, offset, pinfo, tree, drep, 
							hf_oxid_oid, NULL);
		}
	}

	return offset;
}
Exemplo n.º 2
0
static int
dissect_oxid_resolve_oxid2_rqst(tvbuff_t *tvb, int offset,
	packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
	guint16	u16ProtSeqs;
	guint32	u32ArraySize;
	guint32	u32ItemIdx;


	offset = dissect_dcom_ID(tvb, offset, pinfo, tree, drep, 
						hf_oxid_oxid, NULL);

	offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, drep, 
                        hf_oxid_requested_protseqs, &u16ProtSeqs);

	offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, drep, 
						&u32ArraySize);

	u32ItemIdx = 1;
	while (u32ArraySize--) {
		offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, drep, 
							hf_oxid_protseqs, &u16ProtSeqs);
		u32ItemIdx++;
	}

	return offset;
}
Exemplo n.º 3
0
static int
dissect_oxid_simple_ping_rqst(tvbuff_t *tvb, int offset,
	packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
	offset = dissect_dcom_ID(tvb, offset, pinfo, tree, drep, 
						hf_oxid_setid, NULL);

	return offset;
}
Exemplo n.º 4
0
static int
dissect_oxid_complex_ping_resp(tvbuff_t *tvb, int offset,
    packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
{
    guint16 u16PingBackoffFactor;
    guint32 u32HResult;


    offset = dissect_dcom_ID(tvb, offset, pinfo, tree, di, drep,
                        hf_oxid_setid, NULL);
    offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, di, drep,
                        hf_oxid_ping_backoff_factor, &u16PingBackoffFactor);

    offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, di, drep,
                        &u32HResult);

    col_append_fstr(pinfo->cinfo, COL_INFO, " -> %s",
      val_to_str(u32HResult, dcom_hresult_vals, "Unknown (0x%08x)") );

    return offset;
}
Exemplo n.º 5
0
static int
dissect_remact_remote_activation_resp(tvbuff_t *tvb, int offset,
				      packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
{
	guint32	u32Pointer;
	e_guid_t ipid;
	guint32	u32AuthnHint;
	guint16	u16VersionMajor;
	guint16	u16VersionMinor;
	guint32	u32HResult;
	guint32 u32ArraySize;
	guint32 u32Idx;
	guint32	u32VariableOffset;


	offset = dissect_dcom_that(tvb, offset, pinfo, tree, di, drep);

	offset = dissect_dcom_ID(tvb, offset, pinfo, tree, di, drep,
				 hf_dcom_oxid, NULL);
	offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, di, drep,
					     &u32Pointer);
	if (u32Pointer) {
		offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, di, drep,
							&u32ArraySize);
		offset = dissect_dcom_DUALSTRINGARRAY(tvb, offset, pinfo, tree, di, drep,
						      hf_remact_oxid_bindings, NULL);
	}

	offset = dissect_dcom_UUID(tvb, offset, pinfo, tree, di, drep,
				   hf_dcom_ipid, &ipid);
	offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, di, drep,
				    hf_remact_authn_hint, &u32AuthnHint);
	offset = dissect_dcom_COMVERSION(tvb, offset, pinfo, tree, di, drep,
					 &u16VersionMajor, &u16VersionMinor);

	offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, di, drep,
				      &u32HResult);

	offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, di, drep,
						&u32ArraySize);
	u32VariableOffset = offset + u32ArraySize * 4;
	while (u32ArraySize--) {
		offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, di, drep,
						     &u32Pointer);
		if (u32Pointer) {
			u32VariableOffset = dissect_dcom_MInterfacePointer(tvb, u32VariableOffset, pinfo, tree, di, drep,
									   hf_remact_interface_data, NULL /* XXX */);
		}
	}
	offset = u32VariableOffset;

	offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, di, drep,
						&u32ArraySize);
	u32Idx = 1;
	while (u32ArraySize--) {
		offset = dissect_dcom_indexed_HRESULT(tvb, offset, pinfo, tree, di, drep,
						      &u32HResult, u32Idx);
		/* update column info now */
		col_append_fstr(pinfo->cinfo, COL_INFO, " %s[%u]",
				val_to_str(u32HResult, dcom_hresult_vals, "Unknown (0x%08x)"),
				u32Idx);
		u32Idx++;
	}

	offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, di, drep,
				      &u32HResult);

	/* update column info now */
	col_append_fstr(pinfo->cinfo, COL_INFO, " -> %s",
			val_to_str(u32HResult, dcom_hresult_vals, "Unknown (0x%08x)"));

	return offset;
}