Add autogenerated dissector for DCE/RPC MAPI and also the (non-NDR)

protocol that is transported within 


svn path=/trunk/; revision=25096

epan/dissectors/pidl/mapi/Makefile

@@ -0,0 +1,16 @@
+all: packet-dcerpc-mapi.c packet-dcerpc-mapi.h
+
+packet-dcerpc-mapi.c packet-dcerpc-mapi.h: 	mapi.idl 		\
+						mapi.cnf 		\
+						request.cnf.c		\
+						response.cnf.c		\
+						mapicodes_enum.h  	\
+						mapitags_enum.h 	\
+						../idl_types.h
+	pidl  --verbose --includedir=.. --ws-parser -- mapi.idl
+
+clean:
+	rm -f packet-dcerpc-mapi.c packet-dcerpc-mapi.h idl_types.h
+
+install: packet-dcerpc-mapi.c packet-dcerpc-mapi.h
+	cp packet-dcerpc-mapi.c packet-dcerpc-mapi.h ../../

epan/dissectors/pidl/mapi/mapi.cnf

@@ -0,0 +1,119 @@
+# handle
+HF_FIELD hf_mapi_handle "Handle" "mapi.handle" FT_BYTES BASE_NONE NULL 0 "" "" ""
+HF_RENAME hf_mapi_EcDoConnect_handle hf_mapi_handle
+HF_RENAME hf_mapi_EcDoDisconnect_handle hf_mapi_handle
+HF_RENAME hf_mapi_EcDoRpc_handle hf_mapi_handle
+HF_RENAME hf_mapi_EcRRegisterPushNotification_handle hf_mapi_handle
+HF_RENAME hf_mapi_EcRUnregisterPushNotification_handle hf_mapi_handle
+
+#
+# policyhandle tracking
+# This block is to specify where a policyhandle is opened and where it is
+# closed so that policyhandles when dissected contain nice info such as
+# [opened in xxx] [closed in yyy]
+#
+# Policyhandles are opened in these functions (open == 0x0001)
+PARAM_VALUE mapi_dissect_element_EcDoConnect_handle_ 0x0001
+# Policyhandles are closed in these functions (close == 0x0002)
+PARAM_VALUE mapi_dissect_element_EcDoDisconnect_handle_ 0x0002
+
+HF_FIELD hf_mapi_property_types "Value" "mapi.SPropValue.value" FT_UINT32 BASE_HEX VALS(mapi_property_types_vals) 0 "" ""
+HF_RENAME hf_mapi_SPropValue_value hf_mapi_property_types
+
+HF_FIELD hf_mapi_recipient_type "Recipient Type" "mapi.recipients_headers.type" FT_UINT16 BASE_HEX VALS(mapi_OM_recipient_type_vals) 0 "" ""
+HF_RENAME hf_mapi_recipients_headers_type hf_mapi_recipient_type
+
+HF_FIELD hf_mapi_MAPI_OPNUM "Opnum" "mapi.EcDoRpc_MAPI_REQ.opnum" FT_UINT8 BASE_HEX VALS(mapi_MAPI_OPNUM_vals) 0 "" ""
+HF_RENAME hf_mapi_EcDoRpc_MAPI_REQ_opnum hf_mapi_MAPI_OPNUM
+
+HF_FIELD hf_mapi_pdu_len "Length" "mapi.pdu.len" FT_UINT16 BASE_HEX NULL 0x0 "Size of the command PDU" HFILL
+HF_FIELD hf_mapi_decrypted_data "Decrypted data" "mapi.decrypted.data" FT_BYTES BASE_HEX NULL 0x0 "Decrypted data" HFILL
+
+NOEMIT SBinary_short
+NOEMIT MV_LONG_STRUCT
+NOEMIT SLPSTRArray
+NOEMIT SBinaryArray
+NOEMIT SGuidArray
+NOEMIT SPropValue_array
+NOEMIT SPropTagArray
+NOEMIT SRowList
+
+NOEMIT OpenMessage_repl
+NOEMIT GetPropList_repl
+NOEMIT DeleteProps_req
+NOEMIT ModifyRecipients_req
+NOEMIT SetColumns_req
+
+NOEMIT SSortOrderSet
+NOEMIT SAndRestriction
+NOEMIT SOrRestriction
+NOEMIT SNotRestriction
+NOEMIT SSubRestriction
+NOEMIT SCommentRestriction
+
+NOEMIT DeleteMessages_req
+NOEMIT SetSearchCriteria_req
+NOEMIT GetSearchCriteria_repl
+NOEMIT CopyMessages_req
+NOEMIT QueryColumns_repl
+NOEMIT AddressTypes_repl
+NOEMIT GetNamesFromIDs_repl
+NOEMIT GetIDsFromNames_req
+NOEMIT GetIDsFromNames_repl
+NOEMIT QueryNamesFromIDs_repl
+NOEMIT GetReceiveFolderTable_repl
+
+NOEMIT NOTIFKEY
+
+TYPE hyper "offset=cnf_dissect_hyper(tvb, offset, pinfo, tree, drep, @PARAM@, @HF@);" FT_UINT64 BASE_DEC 0 NULL 8
+
+
+CODE START
+
+static int
+cnf_dissect_hyper(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, guint32 param _U_, int hfindex)
+{
+	offset = dissect_ndr_uint64(tvb, offset, pinfo, tree, drep, hfindex, NULL);
+
+	return offset;
+}
+
+
+/**
+ * Analyze mapi_request MAPI Handles
+ */
+static int mapi_dissect_element_request_handles(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
+{
+	gint		reported_len;
+	gint		i;
+	gint		handles_cnt = 0;
+	int		old_offset;
+	guint32		value;
+	proto_item	*it = NULL;
+	proto_tree	*tr = NULL;
+
+	reported_len = tvb_reported_length_remaining(tvb, offset);
+
+	handles_cnt = reported_len / 4;
+
+	it = proto_tree_add_text(tree, tvb, offset, reported_len, "MAPI Handles: %d", handles_cnt);
+	tr = proto_item_add_subtree(it, ett_mapi_mapi_request);
+
+	for (i = 0; i < handles_cnt; i++) {
+	    old_offset = offset;
+	    value = tvb_get_letohl(tvb, offset);
+	    offset += 4;
+	    proto_tree_add_text(tr, tvb, old_offset, offset - old_offset, "[%.2d] MAPI handle: 0x%.8x", i, value);
+	}
+
+	return offset;
+}
+
+CODE END
+
+#
+# MAPI Request and Response
+#
+INCLUDE request.cnf.c
+INCLUDE response.cnf.c
+

epan/dissectors/pidl/mapi/mapicodes_enum.h

@@ -0,0 +1,100 @@
+/*
+   MAPI Implementation
+
+   OpenChange Project
+
+   Copyright (C) Julien Kerihuel 2006
+
+   $Id$
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+/* parser auto-generated by mparse */
+
+typedef [public, v1_enum, flag(NDR_PAHEX)] enum {
+	MAPI_E_SUCCESS                                      = 0x00000000,
+	MAPI_E_NO_SUPPORT                                   = 0x80040102,
+	MAPI_E_BAD_CHARWIDTH                                = 0x80040103,
+	MAPI_E_STRING_TOO_LONG                              = 0x80040105,
+	MAPI_E_UNKNOWN_FLAGS                                = 0x80040106,
+	MAPI_E_INVALID_ENTRYID                              = 0x80040107,
+	MAPI_E_INVALID_OBJECT                               = 0x80040108,
+	MAPI_E_OBJECT_CHANGED                               = 0x80040109,
+	MAPI_E_OBJECT_DELETED                               = 0x8004010A,
+	MAPI_E_BUSY                                         = 0x8004010B,
+	MAPI_E_NOT_ENOUGH_DISK                              = 0x8004010D,
+	MAPI_E_NOT_ENOUGH_RESOURCES                         = 0x8004010E,
+	MAPI_E_NOT_FOUND                                    = 0x8004010F,
+	MAPI_E_VERSION                                      = 0x80040110,
+	MAPI_E_LOGON_FAILED                                 = 0x80040111,
+	MAPI_E_SESSION_LIMIT                                = 0x80040112,
+	MAPI_E_USER_CANCEL                                  = 0x80040113,
+	MAPI_E_UNABLE_TO_ABORT                              = 0x80040114,
+	MAPI_E_NETWORK_ERROR                                = 0x80040115,
+	MAPI_E_DISK_ERROR                                   = 0x80040116,
+	MAPI_E_TOO_COMPLEX                                  = 0x80040117,
+	MAPI_E_BAD_COLUMN                                   = 0x80040118,
+	MAPI_E_EXTENDED_ERROR                               = 0x80040119,
+	MAPI_E_COMPUTED                                     = 0x8004011A,
+	MAPI_E_CORRUPT_DATA                                 = 0x8004011B,
+	MAPI_E_UNCONFIGURED                                 = 0x8004011C,
+	MAPI_E_FAILONEPROVIDER                              = 0x8004011D,
+	MAPI_E_UNKNOWN_CPID                                 = 0x8004011E,
+	MAPI_E_UNKNOWN_LCID                                 = 0x8004011F,
+	MAPI_E_PASSWORD_CHANGE_REQUIRED                     = 0x80040120,
+	MAPI_E_PASSWORD_EXPIRED                             = 0x80040121,
+	MAPI_E_INVALID_WORKSTATION_ACCOUNT                  = 0x80040122,
+	MAPI_E_INVALID_ACCESS_TIME                          = 0x80040123,
+	MAPI_E_ACCOUNT_DISABLED                             = 0x80040124,
+	MAPI_E_END_OF_SESSION                               = 0x80040200,
+	MAPI_E_UNKNOWN_ENTRYID                              = 0x80040201,
+	MAPI_E_MISSING_REQUIRED_COLUMN                      = 0x80040202,
+	MAPI_W_NO_SERVICE                                   = 0x80040203,
+	MAPI_E_BAD_VALUE                                    = 0x80040301,
+	MAPI_E_INVALID_TYPE                                 = 0x80040302,
+	MAPI_E_TYPE_NO_SUPPORT                              = 0x80040303,
+	MAPI_E_UNEXPECTED_TYPE                              = 0x80040304,
+	MAPI_E_TOO_BIG                                      = 0x80040305,
+	MAPI_E_DECLINE_COPY                                 = 0x80040306,
+	MAPI_E_UNEXPECTED_ID                                = 0x80040307,
+	MAPI_W_ERRORS_RETURNED                              = 0x80040380,
+	MAPI_E_UNABLE_TO_COMPLETE                           = 0x80040400,
+	MAPI_E_TIMEOUT                                      = 0x80040401,
+	MAPI_E_TABLE_EMPTY                                  = 0x80040402,
+	MAPI_E_TABLE_TOO_BIG                                = 0x80040403,
+	MAPI_E_INVALID_BOOKMARK                             = 0x80040405,
+	MAPI_W_POSITION_CHANGED                             = 0x80040481,
+	MAPI_W_APPROX_COUNT                                 = 0x80040482,
+	MAPI_E_WAIT                                         = 0x80040500,
+	MAPI_E_CANCEL                                       = 0x80040501,
+	MAPI_E_NOT_ME                                       = 0x80040502,
+	MAPI_W_CANCEL_MESSAGE                               = 0x80040580,
+	MAPI_E_CORRUPT_STORE                                = 0x80040600,
+	MAPI_E_NOT_IN_QUEUE                                 = 0x80040601,
+	MAPI_E_NO_SUPPRESS                                  = 0x80040602,
+	MAPI_E_COLLISION                                    = 0x80040604,
+	MAPI_E_NOT_INITIALIZED                              = 0x80040605,
+	MAPI_E_NON_STANDARD                                 = 0x80040606,
+	MAPI_E_NO_RECIPIENTS                                = 0x80040607,
+	MAPI_E_SUBMITTED                                    = 0x80040608,
+	MAPI_E_HAS_FOLDERS                                  = 0x80040609,
+	MAPI_E_HAS_MESAGES                                  = 0x8004060A,
+	MAPI_E_FOLDER_CYCLE                                 = 0x8004060B,
+	MAPI_W_PARTIAL_COMPLETION                           = 0x80040680,
+	MAPI_E_AMBIGUOUS_RECIP                              = 0x80040700,
+	MAPI_E_RESERVED                                     = 0xFFFFFFFF
+} MAPISTATUS;
+

epan/dissectors/pidl/mapi/request.cnf.c

@@ -0,0 +1,340 @@
+MANUAL mapi_dissect_element_EcDoRpc_request
+MANUAL mapi_dissect_element_EcDoRpc_request_
+MANUAL mapi_dissect_element_EcDoRpc_request__
+
+#
+# EcDoRpc request (mapi_request)
+#
+NOEMIT request
+ETT_FIELD ett_mapi_mapi_request
+MANUAL mapi_dissect_struct_request
+HF_FIELD hf_mapi_mapi_request_mapi_req "Mapi Req" "mapi.mapi_request.mapi_req" FT_NONE BASE_HEX NULL 0 "" HFILL
+
+#
+# EcDoRpc_MAPI_REQ
+#
+NOEMIT EcDoRpc_MAPI_REQ
+ETT_FIELD ett_mapi_EcDoRpc_MAPI_REQ
+MANUAL mapi_dissect_struct_EcDoRpc_MAPI_REQ
+MANUAL mapi_dissect_EcDoRpc_MAPI_REQ_UNION
+
+# EcDoRpc 0x2 - OpenFolder request
+NOEMIT OpenFolder_req
+ETT_FIELD ett_mapi_OpenFolder_req
+MANUAL mapi_dissect_element_EcDoRpc_MAPI_REQ_UNION_OpenFolder
+
+# EcDoRpc 0x7 - GetProps request
+NOEMIT GetProps_req
+ETT_FIELD ett_mapi_GetProps_req
+MANUAL mapi_dissect_element_EcDoRpc_MAPI_REQ_UNION_GetProps
+
+# EcDoRpc 0xFE - OpenMsgStore request
+NOEMIT OpenMsgStore_req
+ETT_FIELD ett_mapi_OpenMsgStore_req
+MANUAL mapi_dissect_element_EcDoRpc_MAPI_REQ_UNION_OpenMsgStore
+
+CODE START
+
+int
+mapi_dissect_struct_EcDoRpc_MAPI_REQ(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
+{
+	proto_item	*item = NULL;
+	proto_tree	*tree = NULL;
+	int		old_offset;
+	int		cur_offset;
+	guint8		opnum;
+	guint8		mapi_flags;
+	guint8		handle_idx;
+	
+	old_offset = offset;
+
+	if (parent_tree) {
+		item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE);
+		tree = proto_item_add_subtree(item, ett_mapi_EcDoRpc_MAPI_REQ);
+	}
+
+	cur_offset = offset;
+	opnum = tvb_get_guint8(tvb, offset);
+	offset += 1;
+	proto_tree_add_text(tree, tvb, cur_offset, offset - cur_offset, "opnum: %s", val_to_str(opnum, mapi_MAPI_OPNUM_vals, "Unknown MAPI operation"));
+
+	if (check_col(pinfo->cinfo, COL_INFO)) {
+	   	 col_append_fstr(pinfo->cinfo, COL_INFO, " + %s", val_to_str(opnum, mapi_MAPI_OPNUM_vals, "Unknown MAPI operation"));
+        }
+
+	cur_offset = offset;
+	mapi_flags = tvb_get_guint8(tvb, offset);
+	offset += 1;
+	proto_tree_add_text(tree, tvb, cur_offset, offset - cur_offset, "mapi_flags: 0x%x", mapi_flags);
+
+	cur_offset = offset;
+	handle_idx = tvb_get_guint8(tvb, offset);
+	offset += 1;
+	proto_tree_add_text(tree, tvb, cur_offset, offset - cur_offset, "handle index: %d", handle_idx);
+
+	switch(opnum) {
+		case op_MAPI_Release:
+     			offset = mapi_dissect_element_EcDoRpc_MAPI_REQ_UNION_Release(tvb, offset, pinfo, tree, drep);
+			break;
+		case op_MAPI_OpenFolder:
+			offset = mapi_dissect_element_EcDoRpc_MAPI_REQ_UNION_OpenFolder(tvb, offset, pinfo, tree, drep);
+			break;
+		case op_MAPI_GetProps:
+			offset = mapi_dissect_element_EcDoRpc_MAPI_REQ_UNION_GetProps(tvb, offset, pinfo, tree, drep);
+			break;
+		case op_MAPI_OpenMsgStore:
+			offset = mapi_dissect_element_EcDoRpc_MAPI_REQ_UNION_OpenMsgStore(tvb, offset, pinfo, tree, drep);
+			break;
+		default:
+			offset += param - 3;
+	}
+
+	proto_item_set_len(item, offset-old_offset);
+
+	return offset;
+}
+
+static int
+mapi_dissect_element_EcDoRpc_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
+{
+	offset = mapi_dissect_element_EcDoRpc_request_(tvb, offset, pinfo, tree, drep);
+
+	return offset;
+}
+
+
+static int 
+mapi_dissect_element_EcDoRpc_request_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
+{
+	guint32		size;
+	int		start_offset = offset;
+	guint8		*decrypted_data;
+	tvbuff_t	*decrypted_tvb;
+	const guint8	*ptr;
+	gint		reported_len;
+	guint16		pdu_len;
+	guint32		i;
+	proto_item	*it = NULL;
+	proto_tree	*tr = NULL;
+
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_mapi_EcDoRpc_mapi_request, &size);
+	proto_tree_add_text(tree, tvb, start_offset, offset - start_offset + size, "Subcontext size: 0x%x", size);
+
+	reported_len = tvb_reported_length_remaining(tvb, offset);
+
+	if ((guint32) reported_len > size) {
+		reported_len = size;
+	}
+	if (size > (guint32) reported_len) {
+		size = reported_len;
+	}
+
+	ptr = tvb_get_ptr(tvb, offset, size);
+
+	decrypted_data = g_malloc(size);
+	for (i = 0; i < size; i++) {
+		decrypted_data[i] = ptr[i] ^ 0xA5;
+	}
+
+	decrypted_tvb = tvb_new_real_data(decrypted_data, size, reported_len);
+	tvb_set_free_cb(decrypted_tvb, g_free);
+	
+	tvb_set_child_real_data_tvbuff(tvb, decrypted_tvb);
+	add_new_data_source(pinfo, decrypted_tvb, "Decrypted MAPI");
+
+	it = proto_tree_add_text(tree, decrypted_tvb, 0, size, "Decrypted MAPI PDU");
+	tr = proto_item_add_subtree(it, ett_mapi_mapi_request);
+
+	pdu_len = tvb_get_letohs(decrypted_tvb, 0);
+	proto_tree_add_uint(tr, hf_mapi_pdu_len, decrypted_tvb, 0, 2, pdu_len);
+	proto_tree_add_item(tr, hf_mapi_decrypted_data, decrypted_tvb, 2, pdu_len - 2, FALSE);
+
+	/* analyze contents */
+	offset = mapi_dissect_element_EcDoRpc_request__(decrypted_tvb, 0, pinfo, tr, drep);
+
+	/* analyze mapi handles */
+	offset = mapi_dissect_element_request_handles(decrypted_tvb, offset, pinfo, tr, drep);
+
+	/* append ptr size (4) */
+	return start_offset + offset + 4;
+}
+
+
+/* 
+ * Analyze mapi_request real contents
+ */
+static int mapi_dissect_element_EcDoRpc_request__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
+{
+	guint16	length;
+
+	length = tvb_get_letohs(tvb, offset);
+	offset += 2;
+
+	while (offset < length) {
+	      	offset = mapi_dissect_struct_EcDoRpc_MAPI_REQ(tvb, offset, pinfo, tree, drep, hf_mapi_mapi_request_mapi_req, length - offset);
+	}
+
+	return offset;
+}
+
+
+int
+mapi_dissect_struct_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
+{
+	proto_item	*item = NULL;
+	proto_tree	*tree = NULL;
+	int		old_offset;
+
+	old_offset = offset;
+
+	if (parent_tree) {
+		item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE);
+		tree = proto_item_add_subtree(item, ett_mapi_mapi_request);
+	}
+
+	offset = mapi_dissect_struct_EcDoRpc_MAPI_REQ(tvb, offset, pinfo, tree, drep, hf_mapi_mapi_request_mapi_req, 0);
+
+	return offset;
+}
+
+
+/*************************/
+/* EcDoRpc Function 0x2  */
+static int
+mapi_dissect_element_EcDoRpc_MAPI_REQ_UNION_OpenFolder(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, guint8 *drep _U_)
+{
+	proto_item	*item = NULL;
+	proto_tree	*tree = NULL;
+	int		old_offset;
+	int		origin_offset;
+	/**** Function parameters ****/
+	guint8		handle_idx;
+	guint64		folder_id;
+	guint8		unknown;
+
+	origin_offset = offset;
+
+	if (parent_tree) {
+		item = proto_tree_add_item(parent_tree, hf_mapi_EcDoRpc_MAPI_REQ_UNION_mapi_OpenFolder, tvb, offset, -1, TRUE);
+		tree = proto_item_add_subtree(item, ett_mapi_OpenFolder_req);
+	}
+
+	old_offset = offset;
+	handle_idx = tvb_get_guint8(tvb, offset);
+	offset += 1;
+	proto_tree_add_text(tree, tvb, old_offset, offset - old_offset, "handle index: %d", handle_idx);
+
+	old_offset = offset;
+	folder_id = tvb_get_letoh64(tvb, offset);
+	offset += 8;
+	proto_tree_add_text(tree, tvb, old_offset, offset - old_offset, "folder ID: 0x%llx", folder_id);
+
+	old_offset = offset;
+	unknown = tvb_get_guint8(tvb, offset);
+	offset += 1;
+	proto_tree_add_text(tree, tvb, old_offset, offset - old_offset, "unknown: %d", unknown);
+	
+	proto_item_set_len(item, offset - origin_offset);
+	
+	return offset;
+}
+
+/*************************/
+/* EcDoRpc Function 0x7  */
+static int
+mapi_dissect_element_EcDoRpc_MAPI_REQ_UNION_GetProps(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, guint8 *drep _U_)
+{
+	proto_item	*item = NULL;
+	proto_tree	*tree = NULL;
+	int		old_offset;
+	int		origin_offset;
+	guint16		i;
+	/**** Function parameters ****/
+	guint32		unknown;
+	guint16		prop_count;
+	guint32		mapitag;
+
+	origin_offset = offset;
+
+	if (parent_tree) {
+		item = proto_tree_add_item(parent_tree, hf_mapi_EcDoRpc_MAPI_REQ_UNION_mapi_GetProps, tvb, offset, -1, TRUE);
+		tree = proto_item_add_subtree(item, ett_mapi_GetProps_req);
+	}
+
+	old_offset = offset;
+	unknown = tvb_get_letohl(tvb, offset);
+	offset += 4;
+	proto_tree_add_text(tree, tvb, old_offset, offset - old_offset, "unknown: 0x%x", unknown);
+
+	old_offset = offset;
+	prop_count = tvb_get_letohs(tvb, offset);
+	offset += 2;
+	proto_tree_add_text(tree, tvb, old_offset, offset - old_offset, "prop_count: %d", prop_count);
+
+	for (i = 0; i < prop_count; i++) {
+	    old_offset = offset;
+	    mapitag = tvb_get_letohl(tvb, offset);
+	    offset += 4;
+	    proto_tree_add_text(tree, tvb, old_offset, offset - old_offset, "[%.2d] %s", i, val_to_str(mapitag, mapi_MAPITAGS_vals, "Unknown MAPITAGS"));
+	}
+
+	proto_item_set_len(item, offset - origin_offset);
+
+	return offset;
+}
+
+
+/*************************/
+/* EcDoRpc Function 0xFE */
+static int
+mapi_dissect_element_EcDoRpc_MAPI_REQ_UNION_OpenMsgStore(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, guint8 *drep _U_)
+{
+	proto_item	*item = NULL;
+	proto_tree	*tree = NULL;
+	int		old_offset;
+	int		origin_offset;
+	/**** Function parameters ****/
+	guint32		codepage;
+	guint32		padding;
+	guint8		row;
+	guint16		strlen;
+	gchar		*mailbox;
+
+	origin_offset = offset;
+	old_offset = offset;
+
+	if (parent_tree) {
+		item = proto_tree_add_item(parent_tree, hf_mapi_EcDoRpc_MAPI_REQ_UNION_mapi_OpenMsgStore, tvb, offset, -1, TRUE);
+		tree = proto_item_add_subtree(item, ett_mapi_OpenMsgStore_req);
+	}
+
+	codepage = tvb_get_letohl(tvb, offset);
+	offset += 4;
+	proto_tree_add_text(tree, tvb, old_offset, offset - old_offset, "codepage: 0x%x", codepage);
+
+	old_offset = offset;
+	padding = tvb_get_letohl(tvb, offset);
+	offset += 4;
+	proto_tree_add_text(tree, tvb, old_offset, offset - old_offset, "padding: 0x%x", padding);
+
+	old_offset = offset;
+	row = tvb_get_guint8(tvb, offset);
+	offset += 1;
+	proto_tree_add_text(tree, tvb, old_offset, offset - old_offset, "row: 0x%x", row);
+
+	old_offset = offset;
+	strlen = tvb_get_letohs(tvb, offset);
+	offset += 2;
+	proto_tree_add_text(tree, tvb, old_offset, offset - old_offset, "str length: 0x%x", strlen);
+
+	old_offset = offset;
+	mailbox = tvb_format_text(tvb, offset, strlen - 1);
+	offset += strlen;
+	proto_tree_add_text(tree, tvb, old_offset, offset - old_offset, "mailbox: %s", mailbox);
+
+	proto_item_set_len(item, offset - origin_offset);
+
+	return offset;
+}
+
+CODE END

epan/dissectors/pidl/mapi/response.cnf.c

@@ -0,0 +1,277 @@
+MANUAL mapi_dissect_element_EcDoRpc_response
+MANUAL mapi_dissect_element_EcDoRpc_response_
+MANUAL mapi_dissect_element_EcDoRpc_response__
+
+#
+# EcDoRpc response (mapi_response)
+#
+NOEMIT response
+ETT_FIELD ett_mapi_mapi_response
+MANUAL mapi_dissect_struct_response
+HF_FIELD hf_mapi_mapi_response_mapi_repl "Mapi Repl" "mapi.mapi_response.mapi_repl" FT_NONE BASE_HEX NULL 0 "" HFILL
+
+#
+# EcDoRpc_MAPI_REPL
+#
+NOEMIT EcDoRpc_MAPI_REPL
+ETT_FIELD ett_mapi_EcDoRpc_MAPI_REPL
+MANUAL mapi_dissect_struct_EcDoRpc_MAPI_REPL
+MANUAL mapi_dissect_EcDoRpc_MAPI_REPL_UNION
+
+# EcDoRpc 0x2 - OpenFolder response
+NOEMIT OpenFolder_repl
+ETT_FIELD ett_mapi_OpenFolder_repl
+MANUAL mapi_dissect_element_EcDoRpc_MAPI_REPL_UNION_OpenFolder
+
+# EcDoRpc 0x7 - GetProps response
+NOEMIT GetProps_repl
+ETT_FIELD ett_mapi_GetProps_repl
+MANUAL mapi_dissect_element_EcDoRpc_MAPI_REPL_UNION_GetProps
+
+# EcDoRpc 0xFE - OpenMsgStore response
+#NOEMIT OpenMsgStore_repl
+#ETT_FIELD ett_mapi_OpenMsgStore_repl
+#MANUAL mapi_dissect_element_EcDoRpc_MAPI_REPL_UNION_OpenMsgStore
+
+
+
+CODE START
+
+static int
+mapi_dissect_struct_EcDoRpc_MAPI_REPL(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
+{
+	proto_item	*item = NULL;
+	proto_tree	*tree = NULL;
+	int		old_offset;
+	int		cur_offset;
+	guint8		opnum;
+	guint8		handle_idx;
+	guint32		retval;
+
+	old_offset = offset;
+
+	if (parent_tree) {
+		item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE);
+		tree = proto_item_add_subtree(item, ett_mapi_EcDoRpc_MAPI_REPL);
+	}
+
+	cur_offset = offset;
+	opnum = tvb_get_guint8(tvb, offset);
+	offset += 1;
+	proto_tree_add_text(tree, tvb, cur_offset, offset - cur_offset, "opnum: %s", val_to_str(opnum, mapi_MAPI_OPNUM_vals, "Unknown MAPI operation: 0x%02x"));
+
+	if (check_col(pinfo->cinfo, COL_INFO)) {
+		col_append_fstr(pinfo->cinfo, COL_INFO, " + %s", val_to_str(opnum, mapi_MAPI_OPNUM_vals, "Unknown MAPI operation: 0x%02x"));
+	}
+
+	if (opnum != op_MAPI_Notify) {
+		cur_offset = offset;
+		handle_idx = tvb_get_guint8(tvb, offset);
+		offset += 1;
+		proto_tree_add_text(tree, tvb, cur_offset, offset - cur_offset, "handle index: %d", handle_idx);
+
+		cur_offset = offset;
+		retval = tvb_get_letohl(tvb, offset);
+		offset += 4;
+		proto_tree_add_text(tree, tvb, cur_offset, offset - cur_offset, "MAPISTATUS: %s", val_to_str(retval, mapi_MAPISTATUS_vals, "Unknown MAPISTATUS error 0x%08x"));
+
+		if (retval == MAPI_E_SUCCESS) {
+			switch(opnum) {
+				case op_MAPI_Release:
+					offset = mapi_dissect_element_EcDoRpc_MAPI_REPL_UNION_Release(tvb, offset, pinfo, tree, drep);
+					break;
+				case op_MAPI_OpenFolder:
+					offset = mapi_dissect_element_EcDoRpc_MAPI_REPL_UNION_OpenFolder(tvb, offset, pinfo, tree, drep);
+					break;
+				case op_MAPI_GetProps:
+					offset = mapi_dissect_element_EcDoRpc_MAPI_REPL_UNION_GetProps(tvb, offset, pinfo, tree, drep);
+					break;
+/* 				case op_MAPI_OpenMsgStore: */
+/* 					offset = mapi_dissect_element_EcDoRpc_MAPI_REPL_UNION_OpenMsgStore(tvb, offset, pinfo, tree, drep); */
+/* 					break; */
+				default:
+					offset += param - 6;
+			}
+		}
+	} else {
+	       /* we don't decode notifications within the dissector yet */
+	       offset += param - 1;
+	}
+
+	proto_item_set_len(item, offset - old_offset);
+
+	return offset;
+}
+
+static int
+mapi_dissect_element_EcDoRpc_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
+{
+	offset = mapi_dissect_element_EcDoRpc_response_(tvb, offset, pinfo, tree, drep);
+
+	return offset;
+}
+
+
+static int
+mapi_dissect_element_EcDoRpc_response_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
+{
+	guint32		size;
+	int		start_offset = offset;
+	guint8		*decrypted_data;
+	tvbuff_t	*decrypted_tvb;
+	const guint8	*ptr;
+	gint		reported_len;
+	guint16		pdu_len;
+	guint32		i;
+	proto_item	*it = NULL;
+	proto_tree	*tr = NULL;
+
+	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_mapi_EcDoRpc_mapi_response, &size);
+	proto_tree_add_text(tree, tvb, start_offset, offset - start_offset + size, "Subcontext size: 0x%x", size);
+
+	reported_len = tvb_reported_length_remaining(tvb, offset);
+
+	if ((guint32) reported_len > size) {
+		reported_len = size;
+	}
+
+	if (size > (guint32) reported_len) {
+		size = reported_len;
+	}
+
+	ptr = tvb_get_ptr(tvb, offset, size);
+
+	decrypted_data = g_malloc(size);
+	for (i = 0; i < size; i++) {
+		decrypted_data[i] = ptr[i] ^ 0xA5;
+	}
+
+	decrypted_tvb = tvb_new_real_data(decrypted_data, size, reported_len);
+	tvb_set_free_cb(decrypted_tvb, g_free);
+
+	tvb_set_child_real_data_tvbuff(tvb, decrypted_tvb);
+	add_new_data_source(pinfo, decrypted_tvb, "Decrypted MAPI");
+
+	it = proto_tree_add_text(tree, decrypted_tvb, 0, size, "Decrypted MAPI PDU");
+	tr = proto_item_add_subtree(it, ett_mapi_mapi_response);
+
+	pdu_len = tvb_get_letohs(decrypted_tvb, 0);
+	proto_tree_add_uint(tr, hf_mapi_pdu_len, decrypted_tvb, 0, 2, pdu_len);
+	proto_tree_add_item(tr, hf_mapi_decrypted_data, decrypted_tvb, 2, pdu_len - 2, FALSE);
+
+	/* Analyze contents */
+	offset = mapi_dissect_element_EcDoRpc_response__(decrypted_tvb, 0, pinfo, tr, drep);
+	/* Analyze mapi handles */
+	offset = mapi_dissect_element_request_handles(decrypted_tvb, offset, pinfo, tr, drep);
+
+	return start_offset + offset + 4;
+}
+
+
+static int
+mapi_dissect_element_EcDoRpc_response__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
+{
+	guint16		length;
+	tvbuff_t	*subtvb;
+
+	length = tvb_get_letohs(tvb, offset);
+	subtvb = tvb_new_subset(tvb, offset, length, length);
+	offset += 2;
+
+	while (offset < length) {
+	      	offset = mapi_dissect_struct_EcDoRpc_MAPI_REPL(subtvb, offset, pinfo, tree, drep, hf_mapi_mapi_response_mapi_repl, length - offset);
+	}
+
+	return offset;
+}
+
+/*************************/
+/* EcDoRpc Function 0x2  */
+static int
+mapi_dissect_element_EcDoRpc_MAPI_REPL_UNION_OpenFolder(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, guint8 *drep _U_)
+{
+	proto_item	*item = NULL;
+	proto_tree	*tree = NULL;
+	int		old_offset;
+	int		origin_offset;
+	/**** Function parameters ****/
+	guint16		unknown;
+
+	origin_offset = offset;
+
+	if (parent_tree) {
+		item = proto_tree_add_item(parent_tree, hf_mapi_EcDoRpc_MAPI_REPL_UNION_mapi_OpenFolder, tvb, offset, -1, TRUE);
+		tree = proto_item_add_subtree(item, ett_mapi_OpenFolder_repl);
+	}
+
+	old_offset = offset;
+	unknown = tvb_get_letohs(tvb, offset);
+	offset += 2;
+	proto_tree_add_text(tree, tvb, old_offset, offset - old_offset, "unknown: 0x%04x", unknown);
+
+	proto_item_set_len(item, offset - origin_offset);
+
+	return offset;
+}
+
+/*************************/
+/* EcDoRpc Function 0x7  */
+static int
+mapi_dissect_element_EcDoRpc_MAPI_REPL_UNION_GetProps(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, guint8 *drep _U_)
+{
+	proto_item	*item = NULL;
+	proto_tree	*tree = NULL;
+	int		old_offset;
+	int		origin_offset;
+	/**** Function parameters ****/
+	guint8		layout;
+	guint16		length;
+
+	origin_offset = offset;
+
+	if (parent_tree) {
+		item = proto_tree_add_item(parent_tree, hf_mapi_EcDoRpc_MAPI_REPL_UNION_mapi_GetProps, tvb, offset, -1, TRUE);
+		tree = proto_item_add_subtree(item, ett_mapi_GetProps_repl);
+	}
+
+	old_offset = offset;
+	layout = tvb_get_guint8(tvb, offset);
+	offset += 1;
+	proto_tree_add_text(tree, tvb, old_offset, offset - old_offset, "layout: %d", layout);
+
+	old_offset = offset;
+	length = tvb_reported_length_remaining(tvb, offset);
+	offset += length;
+	proto_tree_add_text(tree, tvb, old_offset, offset - old_offset, "prop_count: 0x%x", length);
+
+	proto_item_set_len(item, offset - origin_offset);
+
+	return offset;
+}
+
+/*************************/
+/* EcDoRpc Function 0xFE */
+/* static int
+mapi_dissect_element_EcDoRpc_MAPI_REPL_UNION_OpenMsgStore(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *parent_tree _U_, guint8 *drep _U_)
+{
+	proto_item	*item = NULL;
+	proto_tree	*tree = NULL;
+	int		old_offset;
+	int		origin_offset;
+
+	origin_offset = offset;
+	old_offset = offset;
+
+	if (parent_tree) {
+		item = proto_tree_add_item(parent_tree, hf_mapi_EcDoRpc_MAPI_REPL_UNION_mapi_OpenMsgStore, tvb, offset, -1, TRUE);
+		tree = proto_item_add_subtree(item, ett_mapi_OpenMsgStore_repl);
+	}
+
+	offset = mapi_dissect_element_OpenMsgStore_repl_PR_OBJECT_TYPE(tvb, offset, pinfo, tree, drep);
+
+	proto_item_set_len(item, offset - origin_offset);
+
+	return offset;
+	}*/
+
+CODE END