1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
|
/* packet-dcom.h
* Routines for DCOM generics
*
* $Id$
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef __PACKET_DCERPC_DCOM_H
#define __PACKET_DCERPC_DCOM_H
WS_VAR_IMPORT const value_string dcom_hresult_vals[];
WS_VAR_IMPORT const value_string dcom_variant_type_vals[];
extern const value_string dcom_protseq_vals[];
extern int hf_dcom_iid;
extern int hf_dcom_clsid;
extern int hf_dcom_oxid;
extern int hf_dcom_oid;
extern int hf_dcom_ipid;
extern GHashTable *dcom_uuids;
/* preferences */
extern gboolean dcom_prefs_display_unmarshalling_details;
typedef struct dcom_machine_s {
GList *objects;
gint first_packet;
guint8 ip[4];
} dcom_machine_t;
typedef struct dcom_object_s {
dcom_machine_t *parent;
GList *interfaces;
void *private_data;
gint first_packet;
guint64 oid;
guint64 oxid;
} dcom_object_t;
typedef struct dcom_interface_s {
dcom_object_t *parent;
void *private_data;
gint first_packet;
e_uuid_t iid;
e_uuid_t ipid; /* the DCE/RPC Object UUID */
} dcom_interface_t;
extern dcom_interface_t *dcom_interface_new(packet_info *pinfo, const guint8 *ip, e_uuid_t *iid, guint64 oxid, guint64 oid, e_uuid_t *ipid);
extern dcom_interface_t *dcom_interface_find(packet_info *pinfo, const guint8 *ip, e_uuid_t *ipid);
extern void dcom_interface_dump(void);
/* the essential DCOM this and that, starting every call */
extern int
dissect_dcom_this(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep);
extern int
dissect_dcom_that(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep);
/* dissection of somewhat more simple data types */
#define dissect_dcom_BOOLEAN dissect_ndr_uint8
#define dissect_dcom_BYTE dissect_ndr_uint8
#define dissect_dcom_WORD dissect_ndr_uint16
#define dissect_dcom_DWORD dissect_ndr_uint32
#define dissect_dcom_I8 dissect_ndr_uint64
#define dissect_dcom_ID dissect_ndr_duint32
#define dissect_dcom_FILETIME dissect_ndr_duint32 /* ToBeDone */
#define dissect_dcom_VARIANT_BOOL dissect_ndr_uint16
#define dissect_dcom_FLOAT dissect_ndr_float
#define dissect_dcom_DOUBLE dissect_ndr_double
#define dissect_dcom_DATE dissect_ndr_double
extern int
dissect_dcom_UUID(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep,
int hfindex, e_uuid_t *uuid);
extern int
dissect_dcom_append_UUID(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep,
int hfindex, int field_index, e_uuid_t *uuid);
extern int
dissect_dcom_indexed_WORD(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep,
int hfindex, guint16 * pu16WORD, int field_index);
extern int
dissect_dcom_indexed_DWORD(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep,
int hfindex, guint32 * pu32DWORD, int field_index);
extern int
dissect_dcom_HRESULT(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep, guint32 * pu32hresult);
extern int
dissect_dcom_HRESULT_item(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep,
guint32 * pu32HResult, int field_index, proto_item **item);
extern int
dissect_dcom_indexed_HRESULT(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep,
guint32 * pu32hresult, int field_index);
extern int
dissect_dcom_COMVERSION(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep,
guint16 * pu16version_major, guint16 * pu16version_minor);
typedef void (*sa_callback_t) (tvbuff_t *tvb, gint offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep,
guint32 u32VarType, guint32 u32ArraySize);
extern int
dissect_dcom_SAFEARRAY(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep, int hfindex _U_, sa_callback_t sacb);
extern int
dissect_dcom_LPWSTR(tvbuff_t *tvb, gint offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep, int hfindex,
gchar *psz_buffer, guint32 u32max_buffer);
extern int
dissect_dcom_indexed_LPWSTR(tvbuff_t *tvb, gint offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep, int hfindex,
gchar *pszStr, guint32 u32MaxStr, int field_index);
extern int
dissect_dcom_BSTR(tvbuff_t *tvb, gint offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep, int hfindex,
gchar *psz_buffer, guint32 u32max_buffer);
extern int
dissect_dcom_DUALSTRINGARRAY(tvbuff_t *tvb, gint offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep, int hfindex, gchar *ip);
extern int
dissect_dcom_STDOBJREF(tvbuff_t *tvb, gint offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep, int hfindex,
guint64 *oxid, guint64 *oid, e_uuid_t *ipid);
extern int
dissect_dcom_OBJREF(tvbuff_t *tvb, gint offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep, int hfindex, dcom_interface_t **interf);
extern int
dissect_dcom_MInterfacePointer(tvbuff_t *tvb, gint offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep, int hfindex, dcom_interface_t **interf);
extern int
dissect_dcom_PMInterfacePointer(tvbuff_t *tvb, gint offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep, int hfindex, dcom_interface_t **interf);
extern int
dissect_dcom_VARTYPE(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep,
guint16 *pu16Vartype);
extern int
dissect_dcom_VARIANT(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep, int hfindex);
/* dcom "dcerpc internal" unmarshalling */
extern int
dissect_dcom_dcerpc_array_size(tvbuff_t *tvb, gint offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep, guint32 *pu32array_size);
extern int
dissect_dcom_dcerpc_pointer(tvbuff_t *tvb, gint offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep, guint32 *pu32pointer);
/* mark things as "to be done" */
extern int
dissect_dcom_tobedone_data(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep, int length);
/* mark things "no specification available" */
extern int
dissect_dcom_nospec_data(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep, int length);
/* very simple parameter-profiles dissectors (for very simple requests ;-) */
/* request: no parameters */
extern int
dissect_dcom_simple_rqst(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep);
/* response: only HRESULT */
extern int
dissect_dcom_simple_resp(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep);
#endif /* packet-dcerpc-dcom.h */
|
