static int
dissect_remsysact_remotecreateinstance_rqst(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_dcom_this(tvb, offset, pinfo, tree, drep);
/* XXX - what is this? */
offset = dissect_dcom_nospec_data(tvb, offset, pinfo, tree, drep, 4);
offset = dissect_dcom_PMInterfacePointer(tvb, offset, pinfo, tree, drep,
hf_sysact_unknown, NULL /* XXX */);
return offset;
}
static int
dissect_remunk_remqueryinterface_rqst(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
e_uuid_t ipid;
guint32 u32Refs;
guint16 u16IIDs;
guint32 u32ArraySize;
guint32 u32ItemIdx;
e_uuid_t iid;
dcerpc_info *info = (dcerpc_info *) pinfo->private_data;
remunk_remqueryinterface_call_t *call;
offset = dissect_dcom_this(tvb, offset, pinfo, tree, drep);
offset = dissect_dcom_UUID(tvb, offset, pinfo, tree, drep,
hf_dcom_ipid, &ipid);
offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, drep,
hf_remunk_refs, &u32Refs);
offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, drep,
hf_remunk_iids, &u16IIDs);
offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, drep,
&u32ArraySize);
/* limit the allocation to a reasonable size */
if(u32ArraySize < 100) {
call = (remunk_remqueryinterface_call_t *)wmem_alloc(wmem_file_scope(), sizeof(remunk_remqueryinterface_call_t) + u32ArraySize * sizeof(e_uuid_t));
call->iid_count = u32ArraySize;
call->iids = (e_uuid_t *) (call+1);
info->call_data->private_data = call;
} else {
call = NULL;
}
for (u32ItemIdx = 0; u32ArraySize--; u32ItemIdx++) {
offset = dissect_dcom_append_UUID(tvb, offset, pinfo, tree, drep,
hf_dcom_iid, u32ItemIdx+1, &iid);
if(call != NULL) {
call->iids[u32ItemIdx] = iid;
}
}
return offset;
}
int
dissect_IDispatch_GetTypeInfo_rqst(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
guint32 u32TInfo;
guint32 u32Lcid;
offset = dissect_dcom_this(tvb, offset, pinfo, tree, drep);
offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, drep,
hf_dispatch_tinfo, &u32TInfo);
offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, drep,
hf_dispatch_lcid, &u32Lcid);
return offset;
}
int
dissect_IDispatch_GetIDsOfNames_rqst(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
e_uuid_t riid;
guint32 u32Lcid;
gchar szName[1000] = { 0 };
guint32 u32Names;
guint32 u32ArraySize;
guint32 u32Pointer;
guint32 u32Tmp;
guint32 u32VariableOffset;
offset = dissect_dcom_this(tvb, offset, pinfo, tree, drep);
offset = dissect_dcom_UUID(tvb, offset, pinfo, tree, drep,
hf_dispatch_riid, &riid);
offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, drep,
&u32ArraySize);
u32VariableOffset = offset + u32ArraySize * 4;
u32Tmp = u32ArraySize;
while(u32Tmp--) {
offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, drep,
&u32Pointer);
if (u32Pointer) {
u32VariableOffset = dissect_dcom_LPWSTR(tvb, u32VariableOffset, pinfo, tree, drep,
hf_dispatch_name, szName, sizeof(szName));
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO, " \"%s\"", szName);
}
}
}
offset = u32VariableOffset;
offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, drep,
hf_dispatch_names, &u32Names);
offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, drep,
hf_dispatch_lcid, &u32Lcid);
return offset;
}
static int
dissect_remact_remote_activation_rqst(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
{
guint32 u32ClientImpLevel;
guint32 u32Mode;
guint32 u32Interfaces;
guint32 u32Pointer;
guint32 u32ArraySize;
guint32 u32ItemIdx;
guint16 u16ProtSeqs;
e_guid_t clsid;
e_guid_t iid;
gchar szObjName[1000] = { 0 };
guint32 u32ObjNameLen = sizeof(szObjName);
offset = dissect_dcom_this(tvb, offset, pinfo, tree, di, drep);
offset = dissect_dcom_append_UUID(tvb, offset, pinfo, tree, di, drep,
hf_dcom_clsid, -1, &clsid);
offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, di, drep,
&u32Pointer);
if (u32Pointer) {
offset = dissect_dcom_BSTR(tvb, offset, pinfo, tree, di, drep,
hf_remact_object_name, szObjName, u32ObjNameLen);
}
offset = dissect_dcom_PMInterfacePointer(tvb, offset, pinfo, tree, di, drep,
hf_remact_object_storage, NULL /* XXX */);
offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, di, drep,
hf_remact_client_impl_level, &u32ClientImpLevel);
offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, di, drep,
hf_remact_mode, &u32Mode);
/* Interfaces */
offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, di, drep,
hf_remact_interfaces, &u32Interfaces);
offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, di, drep,
&u32Pointer);
if (u32Pointer) {
offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, di, drep,
&u32ArraySize);
u32ItemIdx = 1;
while (u32Interfaces--) {
offset = dissect_dcom_append_UUID(tvb, offset, pinfo, tree, di, drep,
hf_dcom_iid, u32ItemIdx, &iid);
u32ItemIdx++;
}
}
offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, di, drep,
hf_remact_requested_protseqs, &u16ProtSeqs);
offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, di, drep,
&u32ArraySize);
u32ItemIdx = 1;
while (u32ArraySize--) {
offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, di, drep,
hf_remact_protseqs, &u16ProtSeqs);
u32ItemIdx++;
}
return offset;
}
int
dissect_IDispatch_Invoke_rqst(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
guint32 u32DispIdMember;
e_uuid_t riid;
guint32 u32Lcid;
guint32 u32Flags;
guint32 u32Args;
guint32 u32NamedArgs;
guint32 u32Pointer;
guint32 u32Pointer2;
guint32 u32ArraySize;
guint32 u32VariableOffset;
guint32 u32VarRef;
guint32 u32VarRefIdx;
guint32 u32TmpOffset;
guint32 u32SubStart;
proto_item *feature_item;
proto_tree *feature_tree;
proto_item *dispparams_item;
proto_tree *dispparams_tree;
offset = dissect_dcom_this(tvb, offset, pinfo, tree, drep);
offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, drep,
hf_dispatch_id, &u32DispIdMember);
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO, " ID=0x%x", u32DispIdMember);
}
offset = dissect_dcom_UUID(tvb, offset, pinfo, tree, drep,
hf_dispatch_riid, &riid);
offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, drep,
hf_dispatch_lcid, &u32Lcid);
/* dispatch flags */
u32TmpOffset = dissect_dcom_DWORD(tvb, offset, pinfo, NULL, drep,
hf_dispatch_flags, &u32Flags);
feature_item = proto_tree_add_uint (tree, hf_dispatch_flags, tvb, offset, 4, u32Flags);
feature_tree = proto_item_add_subtree (feature_item, ett_dispatch_flags);
if (feature_tree) {
proto_tree_add_boolean (feature_tree, hf_dispatch_flags_propputref, tvb, offset, 4, u32Flags);
proto_tree_add_boolean (feature_tree, hf_dispatch_flags_propput, tvb, offset, 4, u32Flags);
proto_tree_add_boolean (feature_tree, hf_dispatch_flags_propget, tvb, offset, 4, u32Flags);
proto_tree_add_boolean (feature_tree, hf_dispatch_flags_method, tvb, offset, 4, u32Flags);
}
if (u32Flags & DISPATCH_FLAGS_METHOD) {
proto_item_append_text(feature_item, ", Method");
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_str(pinfo->cinfo, COL_INFO, " Method");
}
}
if (u32Flags & DISPATCH_FLAGS_PROPGET) {
proto_item_append_text(feature_item, ", PropertyGet");
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_str(pinfo->cinfo, COL_INFO, " PropertyGet");
}
}
if (u32Flags & DISPATCH_FLAGS_PROPPUT) {
proto_item_append_text(feature_item, ", PropertyPut");
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_str(pinfo->cinfo, COL_INFO, " PropertyPut");
}
}
if (u32Flags & DISPATCH_FLAGS_PROPPUTREF) {
proto_item_append_text(feature_item, ", PropertyPutRef");
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_str(pinfo->cinfo, COL_INFO, " PropertyPutRef");
}
}
offset = u32TmpOffset;
dispparams_item = proto_tree_add_item(tree, hf_dispatch_dispparams, tvb, offset, 0, FALSE);
dispparams_tree = proto_item_add_subtree (dispparams_item, ett_dispatch_params);
u32SubStart = offset;
/* DISPPARAMS */
/* VARIANT rgvarg[u32Args] */
offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, dispparams_tree, drep,
&u32Pointer);
/* DISPID rgdispidNamedArgs[u32NamedArgs] */
offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, dispparams_tree, drep,
&u32Pointer2);
offset = dissect_dcom_DWORD(tvb, offset, pinfo, dispparams_tree, drep,
hf_dispatch_args, &u32Args);
offset = dissect_dcom_DWORD(tvb, offset, pinfo, dispparams_tree, drep,
hf_dispatch_named_args, &u32NamedArgs);
if (u32Pointer) {
offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, dispparams_tree, drep,
&u32ArraySize);
u32VariableOffset = offset + u32ArraySize * 4;
while(u32ArraySize--) {
offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, dispparams_tree, drep,
&u32Pointer);
if (u32Pointer) {
u32VariableOffset = dissect_dcom_VARIANT(tvb, u32VariableOffset, pinfo, dispparams_tree, drep, hf_dispatch_arg);
}
}
offset = u32VariableOffset;
}
/* DISPID rgdispidNamedArgs[u32NamedArgs] */
if (u32Pointer2) {
offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, dispparams_tree, drep,
&u32ArraySize);
while(u32ArraySize--) {
offset = dissect_dcom_DWORD(tvb, offset, pinfo, dispparams_tree, drep,
hf_dispatch_id, &u32DispIdMember);
}
}
proto_item_append_text(dispparams_item, ", Args: %u NamedArgs: %u", u32Args, u32NamedArgs);
proto_item_set_len(dispparams_item, offset - u32SubStart);
/* end of DISPPARAMS */
/* u32VarRef */
offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, drep,
hf_dispatch_varref, &u32VarRef);
/* rgVarRefIdx: UINT[u32VarRef] */
offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, drep,
&u32ArraySize);
while(u32ArraySize--) {
offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, drep,
hf_dispatch_varrefidx, &u32VarRefIdx);
}
/* rgVarRef: VARIANT[u32VarRef] */
offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, drep,
&u32ArraySize);
u32VariableOffset = offset + u32ArraySize * 4;
while(u32ArraySize--) {
offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, drep,
&u32Pointer);
if (u32Pointer) {
u32VariableOffset = dissect_dcom_VARIANT(tvb, u32VariableOffset, pinfo, tree, drep, hf_dispatch_varrefarg);
}
}
if (check_col(pinfo->cinfo, COL_INFO)) {
col_append_fstr(pinfo->cinfo, COL_INFO,
" Args=%u NamedArgs=%u VarRef=%u", u32Args, u32NamedArgs, u32VarRef);
}
return u32VariableOffset;
}
static int
dissect_remunk_remrelease_rqst(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
guint32 u32Pointer;
guint32 u32IntRefs;
guint32 u32ItemIdx;
e_uuid_t ipid;
guint32 u32PublicRefs;
guint32 u32PrivateRefs;
const gchar *pszFormat;
proto_item *sub_item;
proto_tree *sub_tree;
guint32 u32SubStart;
offset = dissect_dcom_this(tvb, offset, pinfo, tree, drep);
offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, drep,
&u32Pointer);
offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, drep,
hf_remunk_interface_refs, &u32IntRefs);
/* update column info now */
if (u32IntRefs) {
col_append_fstr(pinfo->cinfo, COL_INFO, " Cnt=%u Refs=", u32IntRefs);
} else {
col_append_str(pinfo->cinfo, COL_INFO, " Cnt=0");
}
u32ItemIdx = 1;
while (u32IntRefs--) {
/* add subtree */
sub_item = proto_tree_add_item(tree, hf_remunk_reminterfaceref, tvb, offset, 0, ENC_NA);
sub_tree = proto_item_add_subtree(sub_item, ett_remunk_reminterfaceref);
u32SubStart = offset;
offset = dissect_dcom_UUID(tvb, offset, pinfo, sub_tree, drep,
hf_dcom_ipid, &ipid);
offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, drep,
hf_remunk_public_refs, &u32PublicRefs);
offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, drep,
hf_remunk_private_refs, &u32PrivateRefs);
/* update subtree */
proto_item_append_text(sub_item, "[%u]: IPID=%s, PublicRefs=%u, PrivateRefs=%u",
u32ItemIdx,
guids_resolve_uuid_to_str(&ipid),
u32PublicRefs, u32PrivateRefs);
proto_item_set_len(sub_item, offset - u32SubStart);
/* update column info now */
pszFormat = "";
if (u32ItemIdx == 1) {
pszFormat = "%u-%u";
} else if (u32ItemIdx < 10) {
pszFormat = ",%u-%u";
} else if (u32ItemIdx == 10) {
pszFormat = ",...";
}
col_append_fstr(pinfo->cinfo, COL_INFO, pszFormat, u32PublicRefs, u32PrivateRefs);
u32ItemIdx++;
}
return offset;
}
