2019-03-26 22:04:11 +00:00
/* packet-dcom-typeinfo.c
* Routines for DCOM ITypeInfo
* Copyright 2019 , Alex Sirr < alexsirruw @ gmail . com >
*
* Wireshark - Network traffic analyzer
* By Gerald Combs < gerald @ wireshark . org >
* Copyright 1998 Gerald Combs
*
* SPDX - License - Identifier : GPL - 2.0 - or - later
*/
/* see packet-dcom.c for details about DCOM */
# include "config.h"
# include <epan/packet.h>
# include "packet-dcerpc.h"
# include "packet-dcom.h"
# include "packet-dcerpc-nt.h"
void proto_register_dcom_typeinfo ( void ) ;
void proto_reg_handoff_dcom_typeinfo ( void ) ;
static gint ett_typeinfo_funcdesc = - 1 ;
static int hf_typeinfo_funcdesc = - 1 ;
static int hf_typeinfo_funcdesc_funcflags = - 1 ;
static gint ett_typeinfo_funcdesc_funcflags = - 1 ;
static int hf_typeinfo_funcdesc_funcflags_frestricted = - 1 ;
static int hf_typeinfo_funcdesc_funcflags_fsource = - 1 ;
static int hf_typeinfo_funcdesc_funcflags_fbindable = - 1 ;
static int hf_typeinfo_funcdesc_funcflags_frequestedit = - 1 ;
static int hf_typeinfo_funcdesc_funcflags_fdisplaybind = - 1 ;
static int hf_typeinfo_funcdesc_funcflags_fdefaultbind = - 1 ;
static int hf_typeinfo_funcdesc_funcflags_fhidden = - 1 ;
static int hf_typeinfo_funcdesc_funcflags_fusesgetlasterror = - 1 ;
static int hf_typeinfo_funcdesc_funcflags_fdefaultcollelem = - 1 ;
static int hf_typeinfo_funcdesc_funcflags_fuidefault = - 1 ;
static int hf_typeinfo_funcdesc_funcflags_fnowbrowsable = - 1 ;
static int hf_typeinfo_funcdesc_funcflags_freplaceable = - 1 ;
static int hf_typeinfo_funcdesc_funcflags_fimmediatebind = - 1 ;
# define FUNCFLAG_FRESTRICTED 0x1
# define FUNCFLAG_FSOURCE 0x2
# define FUNCFLAG_FBINDABLE 0x4
# define FUNCFLAG_FREQUESTEDIT 0x8
# define FUNCFLAG_FDISPLAYBIND 0x10
# define FUNCFLAG_FDEFAULTBIND 0x20
# define FUNCFLAG_FHIDDEN 0x40
# define FUNCFLAG_FUSESGETLASTERROR 0x80
# define FUNCFLAG_FDEFAULTCOLLELEM 0x100
# define FUNCFLAG_FUIDEFAULT 0x200
# define FUNCFLAG_FNONBROWSABLE 0x400
# define FUNCFLAG_FREPLACEABLE 0x800
# define FUNCFLAG_FIMMEDIATEBIND 0x1000
static int hf_typeinfo_funcdesc_funckind = - 1 ;
static int hf_typeinfo_funcdesc_invkind = - 1 ;
static int hf_typeinfo_funcdesc_callconv = - 1 ;
static int hf_typeinfo_funcdesc_params = - 1 ;
static int hf_typeinfo_funcdesc_paramsopt = - 1 ;
static int hf_typeinfo_funcdesc_memid = - 1 ;
static int hf_typeinfo_funcdesc_vft = - 1 ;
static int hf_typeinfo_funcdesc_resv16 = - 1 ;
static int hf_typeinfo_funcdesc_resv32 = - 1 ;
static gint ett_typeinfo_elemdesc = - 1 ;
static int hf_typeinfo_funcdesc_elemdesc = - 1 ;
static gint ett_typeinfo_typedesc = - 1 ;
static int hf_typeinfo_typedesc = - 1 ;
static gint ett_typeinfo_paramdesc = - 1 ;
static int hf_typeinfo_paramdesc = - 1 ;
static gint ett_typeinfo_paramdesc_paramflags = - 1 ;
static int hf_typeinfo_paramdesc_paramflags = - 1 ;
static int hf_typeinfo_paramdesc_paramflags_fin = - 1 ;
static int hf_typeinfo_paramdesc_paramflags_fout = - 1 ;
static int hf_typeinfo_paramdesc_paramflags_flcid = - 1 ;
static int hf_typeinfo_paramdesc_paramflags_fretval = - 1 ;
static int hf_typeinfo_paramdesc_paramflags_fopt = - 1 ;
static int hf_typeinfo_paramdesc_paramflags_fhasdefault = - 1 ;
static int hf_typeinfo_paramdesc_paramflags_fhascustdata = - 1 ;
# define PARAMFLAG_FIN 0x1
# define PARAMFLAG_FOUT 0x2
# define PARAMFLAG_FLCID 0x4
# define PARAMFLAG_FRETVAL 0x8
# define PARAMFLAG_FOPT 0x10
# define PARAMFLAG_FHASDEFAULT 0x20
# define PARAMFLAG_FHASCUSTDATA 0x40
static gint ett_typeinfo_paramdescex = - 1 ;
static int hf_typeinfo_paramdescex = - 1 ;
static int hf_typeinfo_paramdescex_cbytes = - 1 ;
static int hf_typeinfo_paramdescex_varDefaultValue = - 1 ;
static int hf_typeinfo_typedesc_vtret = - 1 ;
static int hf_typeinfo_typedesc_hreftype = - 1 ;
static int hf_typeinfo_opnum = - 1 ;
static int hf_typeinfo_index = - 1 ;
static int hf_typeinfo_memid = - 1 ;
static int hf_typeinfo_reserved32 = - 1 ;
static int hf_typeinfo_reserved16 = - 1 ;
static int hf_typeinfo_names = - 1 ;
static int hf_typeinfo_names_value = - 1 ;
static int hf_typeinfo_maxnames = - 1 ;
static int hf_typeinfo_docname = - 1 ;
static int hf_typeinfo_docstring = - 1 ;
static int hf_typeinfo_helpctx = - 1 ;
static int hf_typeinfo_helpfile = - 1 ;
static gint ett_typeinfo_docflags = - 1 ;
static int hf_typeinfo_docflags = - 1 ;
static int hf_typeinfo_docflags_name = - 1 ;
static int hf_typeinfo_docflags_docstring = - 1 ;
static int hf_typeinfo_docflags_helpctx = - 1 ;
static int hf_typeinfo_docflags_helpfile = - 1 ;
# define TYPEINFO_DOCFLAGS_NameArg 1
# define TYPEINFO_DOCFLAGS_DocStringArg 2
# define TYPEINFO_DOCFLAGS_HelpContextArg 4
# define TYPEINFO_DOCFLAGS_HelpFileArg 8
static gint ett_typeinfo_typeflags = - 1 ;
static int hf_typeinfo_typeflags = - 1 ;
static int hf_typeinfo_typeflags_fappobject = - 1 ;
static int hf_typeinfo_typeflags_fcancreate = - 1 ;
static int hf_typeinfo_typeflags_flicensed = - 1 ;
static int hf_typeinfo_typeflags_fpredeclid = - 1 ;
static int hf_typeinfo_typeflags_fhidden = - 1 ;
static int hf_typeinfo_typeflags_fcontrol = - 1 ;
static int hf_typeinfo_typeflags_fdual = - 1 ;
static int hf_typeinfo_typeflags_fnonextensible = - 1 ;
static int hf_typeinfo_typeflags_foleautomation = - 1 ;
static int hf_typeinfo_typeflags_frestricted = - 1 ;
static int hf_typeinfo_typeflags_faggregatable = - 1 ;
static int hf_typeinfo_typeflags_freplaceable = - 1 ;
static int hf_typeinfo_typeflags_fdispatchable = - 1 ;
static int hf_typeinfo_typeflags_fproxy = - 1 ;
# define TYPEINFO_TYPEFLAG_FAPPOBJECT 0x1
# define TYPEINFO_TYPEFLAG_FCANCREATE 0x2
# define TYPEINFO_TYPEFLAG_FLICENSED 0x4
# define TYPEINFO_TYPEFLAG_FPREDECLID 0x8
# define TYPEINFO_TYPEFLAG_FHIDDEN 0x10
# define TYPEINFO_TYPEFLAG_FCONTROL 0x20
# define TYPEINFO_TYPEFLAG_FDUAL 0x40
# define TYPEINFO_TYPEFLAG_FNONEXTENSIBLE 0x80
# define TYPEINFO_TYPEFLAG_FOLEAUTOMATION 0x100
# define TYPEINFO_TYPEFLAG_FRESTRICTED 0x200
# define TYPEINFO_TYPEFLAG_FAGGREGATABLE 0x400
# define TYPEINFO_TYPEFLAG_FREPLACEABLE 0x800
# define TYPEINFO_TYPEFLAG_FDISPATCHABLE 0x1000
# define TYPEINFO_TYPEFLAG_FPROXY 0x4000
static gint ett_typeinfo_typeattr = - 1 ;
static int hf_typeinfo_typeattr = - 1 ;
static int hf_typeinfo_guid = - 1 ;
static int hf_typeinfo_lcid = - 1 ;
static int hf_typeinfo_sizeInstance = - 1 ;
static int hf_typeinfo_typekind = - 1 ;
static int hf_typeinfo_cFuncs = - 1 ;
static int hf_typeinfo_cVars = - 1 ;
static int hf_typeinfo_cImplTypes = - 1 ;
static int hf_typeinfo_cbSizeVft = - 1 ;
static int hf_typeinfo_cbAlignment = - 1 ;
static int hf_typeinfo_wMajorVerNum = - 1 ;
static int hf_typeinfo_wMinorVerNum = - 1 ;
static gint ett_typeinfo_names = - 1 ;
static e_guid_t uuid_typeinfo = { 0x00020401 , 0x0000 , 0x0000 , { 0xc0 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x46 } } ;
static guint16 ver_typeinfo = 0 ;
static gint ett_typeinfo = - 1 ;
static int proto_typeinfo = - 1 ;
static const value_string dcom_lcid_vals [ ] = {
{ 0x0000 , " Language neutral " } ,
{ 0x0400 , " LOCALE_USER_DEFAULT " } ,
{ 0x0409 , " English (United States) " } ,
{ 0x0800 , " LOCALE_SYSTEM_DEFAULT " } ,
{ 0 , NULL } } ;
static const value_string typekind_vals [ ] = {
{ 0x0 , " TKIND_ENUM " } ,
{ 0x01 , " TKIND_RECORD " } ,
{ 0x02 , " TKIND_MODULE " } ,
{ 0x03 , " TKIND_INTERFACE " } ,
{ 0x04 , " TKIND_DISPATCH " } ,
{ 0x05 , " TKIND_COCLASS " } ,
{ 0x06 , " TKIND_ALIAS " } ,
{ 0x07 , " TKIND_UNION " } ,
{ 0 , NULL } } ;
static int dissect_typeinfo_PARAMDESCEX ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep , int hfindex ) ;
static int dissect_typeinfo_PARAMDESCEX_through_pointer ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep ) ;
static int dissect_typeinfo_PARAMDESC ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep , int hfindex ) ;
static int dissect_typeinfo_TYPEDESC_item ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep ) ;
static int dissect_typeinfo_TYPEDESC ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep , int hfindex ) ;
static int dissect_typeinfo_ELEMDESC ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep , int hfindex ) ;
static int dissect_typeinfo_ELEMDESC_through_pointer ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep ) ;
static int dissect_typeinfo_ELEMDESC_array ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep ) ;
static int dissect_typeinfo_FUNCDESC ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep , int hfindex ) ;
static int dissect_typeinfo_TYPEATTR ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep , int hfindex ) ;
static int dissect_typeinfo_TYPEATTR_through_pointer ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep ) ;
static int dissect_typeinfo_FUNCDESC_through_pointer ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep ) ;
static int dissect_ITypeInfo_GetFuncDesc_rqst ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep ) ;
static int dissect_ITypeInfo_GetFuncDesc_resp ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep ) ;
static int dissect_ITypeInfo_GetNames_rqst ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep ) ;
static int dissect_ITypeInfo_GetNames_resp ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep ) ;
static int dissect_ITypeInfo_GetDocumentation_rqst ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep ) ;
static int dissect_ITypeInfo_GetDocumentation_resp ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep ) ;
static int dissect_ITypeInfo_GetTypeAttr_rqst ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep ) ;
static int dissect_ITypeInfo_GetTypeAttr_resp ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep ) ;
int dissect_typeinfo_PARAMDESCEX ( tvbuff_t * tvb , int offset , packet_info * pinfo ,
proto_tree * tree , dcerpc_info * di , guint8 * drep , int hfindex )
{
guint32 u32Pointer ;
proto_item * sub_item ;
proto_tree * sub_tree ;
guint32 u32SubStart ;
/* alignment of 4 needed for a PARAMDESCEX */
ALIGN_TO_4_BYTES ;
sub_item = proto_tree_add_item ( tree , hfindex , tvb , offset , 0 , ENC_NA ) ;
sub_tree = proto_item_add_subtree ( sub_item , ett_typeinfo_paramdescex ) ;
u32SubStart = offset ;
offset = dissect_dcom_DWORD ( tvb , offset , pinfo , sub_tree , di , drep ,
hf_typeinfo_paramdescex_cbytes , NULL ) ;
offset = dissect_dcom_dcerpc_pointer ( tvb , offset , pinfo , sub_tree , di , drep , & u32Pointer ) ;
if ( u32Pointer )
{
offset = dissect_dcom_VARIANT ( tvb , offset , pinfo , sub_tree , di , drep ,
hf_typeinfo_paramdescex_varDefaultValue ) ;
}
proto_item_set_len ( sub_item , offset - u32SubStart ) ;
return offset ;
}
int dissect_typeinfo_PARAMDESCEX_through_pointer ( tvbuff_t * tvb , int offset , packet_info * pinfo ,
proto_tree * tree , dcerpc_info * di , guint8 * drep )
{
return dissect_typeinfo_PARAMDESCEX ( tvb , offset , pinfo , tree , di , drep , hf_typeinfo_paramdescex ) ;
}
int dissect_typeinfo_PARAMDESC ( tvbuff_t * tvb , int offset , packet_info * pinfo ,
proto_tree * tree , dcerpc_info * di , guint8 * drep , int hfindex )
{
guint16 u16wParamFlags ;
proto_item * sub_item ;
proto_tree * sub_tree ;
guint32 u32SubStart ;
static const int * flags [ ] = {
& hf_typeinfo_paramdesc_paramflags_fin ,
& hf_typeinfo_paramdesc_paramflags_fout ,
& hf_typeinfo_paramdesc_paramflags_flcid ,
& hf_typeinfo_paramdesc_paramflags_fretval ,
& hf_typeinfo_paramdesc_paramflags_fopt ,
& hf_typeinfo_paramdesc_paramflags_fhasdefault ,
& hf_typeinfo_paramdesc_paramflags_fhascustdata ,
NULL } ;
/* alignment of 4 needed for a PARAMDESC */
ALIGN_TO_4_BYTES ;
sub_item = proto_tree_add_item ( tree , hfindex , tvb , offset , 0 , ENC_NA ) ;
sub_tree = proto_item_add_subtree ( sub_item , ett_typeinfo_paramdesc ) ;
u32SubStart = offset ;
// pparamdescex
offset = dissect_ndr_embedded_pointer ( tvb , offset , pinfo , sub_tree , di , drep , dissect_typeinfo_PARAMDESCEX_through_pointer ,
NDR_POINTER_PTR , " Pointer to ParamDescEx " , hf_typeinfo_paramdescex ) ;
// wParamFlags
guint16 u16TmpOffset ;
u16TmpOffset = dissect_dcom_WORD ( tvb , offset , pinfo , NULL , di , drep , - 1 , & u16wParamFlags ) ;
proto_tree_add_bitmask_value ( sub_tree , tvb , offset , hf_typeinfo_paramdesc_paramflags ,
ett_typeinfo_paramdesc_paramflags , flags , u16wParamFlags ) ;
offset = u16TmpOffset ;
proto_item_set_len ( sub_item , offset - u32SubStart ) ;
return offset ;
}
int dissect_typeinfo_TYPEDESC_item ( tvbuff_t * tvb , int offset , packet_info * pinfo ,
proto_tree * tree , dcerpc_info * di , guint8 * drep )
{
return dissect_typeinfo_TYPEDESC ( tvb , offset , pinfo , tree , di , drep , hf_typeinfo_typedesc ) ;
}
int dissect_typeinfo_TYPEDESC ( tvbuff_t * tvb , int offset , packet_info * pinfo ,
proto_tree * tree , dcerpc_info * di , guint8 * drep , int hfindex )
{
guint16 u16vtrettag ;
proto_item * sub_item ;
proto_tree * sub_tree ;
guint32 u32SubStart ;
/* alignment of 4 needed for a TYPEDESC */
ALIGN_TO_4_BYTES ;
sub_item = proto_tree_add_item ( tree , hfindex , tvb , offset , 0 , ENC_NA ) ;
sub_tree = proto_item_add_subtree ( sub_item , ett_typeinfo_typedesc ) ;
u32SubStart = offset ;
// vt of ret (union tag)
offset = dissect_dcom_WORD ( tvb , offset , pinfo , sub_tree , di , drep ,
hf_typeinfo_typedesc_vtret , & u16vtrettag ) ;
if ( u16vtrettag = = 26 | | u16vtrettag = = 27 ) // WIRESHARK_VT_PTR || WIRESHARK_VT_SAFEARRAY
{
offset = dissect_ndr_embedded_pointer ( tvb , offset , pinfo , sub_tree , di , drep , dissect_typeinfo_TYPEDESC_item ,
NDR_POINTER_PTR , " TypeDesc " , hf_typeinfo_typedesc ) ;
}
else if ( u16vtrettag = = 28 ) //WIRESHARK_VT_CARRAY
{
// NOT IMPLEMENTED
}
else if ( u16vtrettag = = 29 ) //WIRESHARK_VT_USERDEFINED
{
// typedef DWORD HREFTYPE;
offset = dissect_dcom_DWORD ( tvb , offset , pinfo , sub_tree , di , drep ,
hf_typeinfo_typedesc_hreftype , NULL ) ;
}
// vt of ret
offset = dissect_dcom_WORD ( tvb , offset , pinfo , sub_tree , di , drep ,
hf_typeinfo_typedesc_vtret , NULL ) ;
proto_item_set_len ( sub_item , offset - u32SubStart ) ;
return offset ;
}
int dissect_typeinfo_ELEMDESC ( tvbuff_t * tvb , int offset , packet_info * pinfo ,
proto_tree * tree , dcerpc_info * di , guint8 * drep , int hfindex )
{
proto_item * sub_item ;
proto_tree * sub_tree ;
guint32 u32SubStart ;
/* alignment of 4 needed for a ELEMDESC */
ALIGN_TO_4_BYTES ;
sub_item = proto_tree_add_item ( tree , hfindex , tvb , offset , 0 , ENC_NA ) ;
sub_tree = proto_item_add_subtree ( sub_item , ett_typeinfo_elemdesc ) ;
u32SubStart = offset ;
offset = dissect_typeinfo_TYPEDESC ( tvb , offset , pinfo , sub_tree , di , drep , hf_typeinfo_typedesc ) ;
offset = dissect_typeinfo_PARAMDESC ( tvb , offset , pinfo , sub_tree , di , drep , hf_typeinfo_paramdesc ) ;
proto_item_set_len ( sub_item , offset - u32SubStart ) ;
return offset ;
}
int dissect_typeinfo_ELEMDESC_through_pointer ( tvbuff_t * tvb , int offset ,
packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep )
{
return dissect_typeinfo_ELEMDESC ( tvb , offset , pinfo , tree , di , drep , hf_typeinfo_funcdesc_elemdesc ) ;
}
int dissect_typeinfo_ELEMDESC_array ( tvbuff_t * tvb , int offset ,
packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep )
{
return dissect_ndr_ucarray ( tvb , offset , pinfo , tree , di , drep , dissect_typeinfo_ELEMDESC_through_pointer ) ;
}
int dissect_typeinfo_FUNCDESC ( tvbuff_t * tvb , int offset ,
packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep , int hfindex )
{
guint16 u16Funcflags ;
proto_item * sub_item ;
proto_tree * sub_tree ;
proto_item * func_elemdesc_sub_item ;
proto_tree * func_elemdesc_tree ;
guint32 u32SubStart ;
static const int * flags [ ] = {
& hf_typeinfo_funcdesc_funcflags_frestricted ,
& hf_typeinfo_funcdesc_funcflags_fsource ,
& hf_typeinfo_funcdesc_funcflags_fbindable ,
& hf_typeinfo_funcdesc_funcflags_frequestedit ,
& hf_typeinfo_funcdesc_funcflags_fdisplaybind ,
& hf_typeinfo_funcdesc_funcflags_fdefaultbind ,
& hf_typeinfo_funcdesc_funcflags_fhidden ,
& hf_typeinfo_funcdesc_funcflags_fusesgetlasterror ,
& hf_typeinfo_funcdesc_funcflags_fdefaultcollelem ,
& hf_typeinfo_funcdesc_funcflags_fuidefault ,
& hf_typeinfo_funcdesc_funcflags_fnowbrowsable ,
& hf_typeinfo_funcdesc_funcflags_freplaceable ,
& hf_typeinfo_funcdesc_funcflags_fimmediatebind ,
NULL } ;
sub_item = proto_tree_add_item ( tree , hfindex , tvb , offset , 0 , ENC_NA ) ;
sub_tree = proto_item_add_subtree ( sub_item , ett_typeinfo_funcdesc ) ;
u32SubStart = offset ;
// memid
offset = dissect_dcom_DWORD ( tvb , offset , pinfo , sub_tree , di , drep ,
hf_typeinfo_funcdesc_memid , NULL ) ;
// lReserved1
offset = dissect_dcom_DWORD ( tvb , offset , pinfo , sub_tree , di , drep ,
hf_typeinfo_funcdesc_resv32 , NULL ) ;
// lprgelemdescParam
offset = dissect_ndr_embedded_pointer ( tvb , offset , pinfo , sub_tree , di , drep ,
dissect_typeinfo_ELEMDESC_array , NDR_POINTER_PTR , " Parameter ElemDesc " , hf_typeinfo_funcdesc_elemdesc ) ;
// funckind
offset = dissect_dcom_DWORD ( tvb , offset , pinfo , sub_tree , di , drep ,
hf_typeinfo_funcdesc_funckind , NULL ) ;
// invkind
offset = dissect_dcom_DWORD ( tvb , offset , pinfo , sub_tree , di , drep ,
hf_typeinfo_funcdesc_invkind , NULL ) ;
// callconv
offset = dissect_dcom_DWORD ( tvb , offset , pinfo , sub_tree , di , drep ,
hf_typeinfo_funcdesc_callconv , NULL ) ;
// cParams
offset = dissect_dcom_WORD ( tvb , offset , pinfo , sub_tree , di , drep ,
hf_typeinfo_funcdesc_params , NULL ) ;
// cParamsOpt
offset = dissect_dcom_WORD ( tvb , offset , pinfo , sub_tree , di , drep ,
hf_typeinfo_funcdesc_paramsopt , NULL ) ;
// oVft
offset = dissect_dcom_WORD ( tvb , offset , pinfo , sub_tree , di , drep ,
hf_typeinfo_funcdesc_vft , NULL ) ;
// cReserved2
offset = dissect_dcom_WORD ( tvb , offset , pinfo , sub_tree , di , drep ,
hf_typeinfo_funcdesc_resv16 , NULL ) ;
// create tree for function element description
func_elemdesc_sub_item = proto_tree_add_item ( sub_tree , hfindex , tvb , offset , 0 , ENC_NA ) ;
func_elemdesc_tree = proto_tree_add_subtree ( sub_tree , tvb , offset , 0 ,
ett_typeinfo_elemdesc , & func_elemdesc_sub_item , " Function ElemDesc " ) ;
// elemdescFunc
offset = dissect_typeinfo_ELEMDESC ( tvb , offset , pinfo , func_elemdesc_tree , di , drep , hf_typeinfo_funcdesc_elemdesc ) ;
// func flags
guint16 u16TmpOffset ;
u16TmpOffset = dissect_dcom_WORD ( tvb , offset , pinfo , NULL , di , drep , - 1 , & u16Funcflags ) ;
proto_tree_add_bitmask_value ( sub_tree , tvb , offset , hf_typeinfo_funcdesc_funcflags ,
ett_typeinfo_funcdesc_funcflags , flags , u16Funcflags ) ;
offset = u16TmpOffset ;
proto_item_set_len ( sub_item , offset - u32SubStart ) ;
return offset ;
}
int dissect_typeinfo_FUNCDESC_through_pointer ( tvbuff_t * tvb , int offset , packet_info * pinfo ,
proto_tree * tree , dcerpc_info * di , guint8 * drep )
{
return dissect_typeinfo_FUNCDESC ( tvb , offset , pinfo , tree , di , drep , hf_typeinfo_funcdesc ) ;
}
int dissect_typeinfo_TYPEATTR ( tvbuff_t * tvb , int offset , packet_info * pinfo ,
proto_tree * tree , dcerpc_info * di , guint8 * drep , int hfindex )
{
guint16 u16wTypeFlags ;
proto_item * sub_item ;
proto_tree * sub_tree ;
guint32 u32SubStart ;
static const int * flags [ ] = {
& hf_typeinfo_typeflags_fappobject ,
& hf_typeinfo_typeflags_fcancreate ,
& hf_typeinfo_typeflags_flicensed ,
& hf_typeinfo_typeflags_fpredeclid ,
& hf_typeinfo_typeflags_fhidden ,
& hf_typeinfo_typeflags_fcontrol ,
& hf_typeinfo_typeflags_fdual ,
& hf_typeinfo_typeflags_fnonextensible ,
& hf_typeinfo_typeflags_foleautomation ,
& hf_typeinfo_typeflags_frestricted ,
& hf_typeinfo_typeflags_faggregatable ,
& hf_typeinfo_typeflags_freplaceable ,
& hf_typeinfo_typeflags_fdispatchable ,
& hf_typeinfo_typeflags_fproxy ,
NULL } ;
sub_item = proto_tree_add_item ( tree , hfindex , tvb , offset , 0 , ENC_NA ) ;
sub_tree = proto_item_add_subtree ( sub_item , ett_typeinfo_typeattr ) ;
u32SubStart = offset ;
// guid
offset = dissect_dcom_UUID ( tvb , offset , pinfo , sub_tree , di , drep ,
hf_typeinfo_guid , NULL ) ;
// lcid
offset = dissect_dcom_DWORD ( tvb , offset , pinfo , sub_tree , di , drep ,
hf_typeinfo_lcid , NULL ) ;
// dwReserved1
offset = dissect_dcom_DWORD ( tvb , offset , pinfo , sub_tree , di , drep ,
hf_typeinfo_reserved32 , NULL ) ;
// dwReserved2
offset = dissect_dcom_DWORD ( tvb , offset , pinfo , sub_tree , di , drep ,
hf_typeinfo_reserved32 , NULL ) ;
// dwReserved3
offset = dissect_dcom_DWORD ( tvb , offset , pinfo , sub_tree , di , drep ,
hf_typeinfo_reserved32 , NULL ) ;
// lpstrReserved4
offset = dissect_dcom_DWORD ( tvb , offset , pinfo , sub_tree , di , drep ,
hf_typeinfo_reserved32 , NULL ) ;
// cbSizeInstance
offset = dissect_dcom_DWORD ( tvb , offset , pinfo , sub_tree , di , drep ,
hf_typeinfo_sizeInstance , NULL ) ;
// typekind
offset = dissect_dcom_DWORD ( tvb , offset , pinfo , sub_tree , di , drep ,
hf_typeinfo_typekind , NULL ) ;
// cFuncs
offset = dissect_dcom_WORD ( tvb , offset , pinfo , sub_tree , di , drep ,
hf_typeinfo_cFuncs , NULL ) ;
// cVars
offset = dissect_dcom_WORD ( tvb , offset , pinfo , sub_tree , di , drep ,
hf_typeinfo_cVars , NULL ) ;
// cImplTypes
offset = dissect_dcom_WORD ( tvb , offset , pinfo , sub_tree , di , drep ,
hf_typeinfo_cImplTypes , NULL ) ;
// cbSizeVft
offset = dissect_dcom_WORD ( tvb , offset , pinfo , sub_tree , di , drep ,
hf_typeinfo_cbSizeVft , NULL ) ;
// cbAlignment
offset = dissect_dcom_WORD ( tvb , offset , pinfo , sub_tree , di , drep ,
hf_typeinfo_cbAlignment , NULL ) ;
// wTypeFlags
guint16 u16TmpOffset ;
u16TmpOffset = dissect_dcom_WORD ( tvb , offset , pinfo , NULL , di , drep , - 1 , & u16wTypeFlags ) ;
proto_tree_add_bitmask_value ( sub_tree , tvb , offset , hf_typeinfo_typeflags ,
ett_typeinfo_typeflags , flags , u16wTypeFlags ) ;
offset = u16TmpOffset ;
// wMajorVerNum
offset = dissect_dcom_WORD ( tvb , offset , pinfo , sub_tree , di , drep ,
hf_typeinfo_wMajorVerNum , NULL ) ;
// wMinorVerNum
offset = dissect_dcom_WORD ( tvb , offset , pinfo , sub_tree , di , drep ,
hf_typeinfo_wMinorVerNum , NULL ) ;
offset = dissect_typeinfo_TYPEDESC ( tvb , offset , pinfo , sub_tree , di , drep , hf_typeinfo_typedesc ) ;
// dwReserved5
offset = dissect_dcom_DWORD ( tvb , offset , pinfo , sub_tree , di , drep ,
hf_typeinfo_reserved32 , NULL ) ;
// wReserved6
offset = dissect_dcom_WORD ( tvb , offset , pinfo , sub_tree , di , drep ,
hf_typeinfo_reserved16 , NULL ) ;
proto_item_set_len ( sub_item , offset - u32SubStart ) ;
return offset ;
}
int dissect_typeinfo_TYPEATTR_through_pointer ( tvbuff_t * tvb , int offset , packet_info * pinfo ,
proto_tree * tree , dcerpc_info * di , guint8 * drep )
{
return offset = dissect_typeinfo_TYPEATTR ( tvb , offset , pinfo , tree , di , drep , hf_typeinfo_typeattr ) ;
}
static int
dissect_bstr_through_pointer ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep )
{
gchar szName [ 1000 ] = { 0 } ;
offset = dissect_dcom_BSTR ( tvb , offset , pinfo , tree , di , drep ,
di - > hf_index , szName , sizeof ( szName ) ) ;
return offset ;
}
static int
dissect_dword_through_pointer ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep )
{
offset = dissect_dcom_DWORD ( tvb , offset , pinfo , tree , di , drep ,
di - > hf_index , NULL ) ;
return offset ;
}
int dissect_ITypeInfo_GetFuncDesc_rqst ( tvbuff_t * tvb , int offset ,
packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep )
{
offset = dissect_dcom_this ( tvb , offset , pinfo , tree , di , drep ) ;
offset = dissect_dcom_DWORD ( tvb , offset , pinfo , tree , di , drep ,
hf_typeinfo_index , NULL ) ;
return offset ;
}
int dissect_ITypeInfo_GetFuncDesc_resp ( tvbuff_t * tvb , int offset ,
packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep )
{
offset = dissect_dcom_that ( tvb , offset , pinfo , tree , di , drep ) ;
// funcdesc
offset = dissect_ndr_toplevel_pointer ( tvb , offset , pinfo , tree , di , drep , dissect_typeinfo_FUNCDESC_through_pointer , NDR_POINTER_UNIQUE , " Pointer to FuncDesc " , hf_typeinfo_funcdesc ) ;
// reserved
offset = dissect_dcom_DWORD ( tvb , offset , pinfo , tree , di , drep ,
hf_typeinfo_reserved32 , NULL ) ;
/* HRESULT of call */
offset = dissect_dcom_HRESULT ( tvb , offset , pinfo , tree , di , drep ,
NULL ) ;
return offset ;
}
int dissect_ITypeInfo_GetNames_rqst ( tvbuff_t * tvb , int offset ,
packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep )
{
offset = dissect_dcom_this ( tvb , offset , pinfo , tree , di , drep ) ;
// memid
offset = dissect_dcom_DWORD ( tvb , offset , pinfo , tree , di , drep ,
hf_typeinfo_memid , NULL ) ;
// cMaxNames
offset = dissect_dcom_DWORD ( tvb , offset , pinfo , tree , di , drep ,
hf_typeinfo_maxnames , NULL ) ;
return offset ;
}
int dissect_ITypeInfo_GetNames_resp ( tvbuff_t * tvb , int offset ,
packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep )
{
guint32 u32ArrayLength ;
guint32 u32Pointer ;
guint32 u32VarOffset ;
guint32 u32Tmp ;
gchar szName [ 1000 ] = { 0 } ;
proto_item * sub_item ;
proto_tree * sub_tree ;
guint32 u32SubStart ;
offset = dissect_dcom_that ( tvb , offset , pinfo , tree , di , drep ) ;
sub_item = proto_tree_add_item ( tree , hf_typeinfo_names , tvb , offset , 0 , ENC_NA ) ;
sub_tree = proto_item_add_subtree ( sub_item , ett_typeinfo_names ) ;
u32SubStart = offset ;
offset = dissect_dcom_dcerpc_array_size ( tvb , offset , pinfo , sub_tree , di , drep , NULL ) ;
offset = dissect_dcom_dcerpc_pointer ( tvb , offset , pinfo , sub_tree , di , drep , NULL ) ;
offset = dissect_dcom_dcerpc_array_size ( tvb , offset , pinfo , sub_tree , di , drep ,
& u32ArrayLength ) ;
u32VarOffset = offset + u32ArrayLength * 4 ;
u32Tmp = u32ArrayLength ;
while ( u32Tmp - - )
{
offset = dissect_dcom_dcerpc_pointer ( tvb , offset , pinfo , sub_tree , di , drep ,
& u32Pointer ) ;
if ( u32Pointer )
{
u32VarOffset = dissect_dcom_BSTR ( tvb , u32VarOffset , pinfo , sub_tree , di , drep ,
hf_typeinfo_names_value , szName , sizeof ( szName ) ) ;
}
}
offset = u32VarOffset ;
col_append_fstr ( pinfo - > cinfo , COL_INFO ,
" %u Names " , u32ArrayLength ) ;
proto_item_set_len ( sub_item , offset - u32SubStart ) ;
// pcNames
offset = dissect_dcom_DWORD ( tvb , offset , pinfo , tree , di , drep ,
hf_typeinfo_maxnames , NULL ) ;
/* HRESULT of call */
offset = dissect_dcom_HRESULT ( tvb , offset , pinfo , tree , di , drep , NULL ) ;
return offset ;
}
int dissect_ITypeInfo_GetDocumentation_rqst ( tvbuff_t * tvb , int offset ,
packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep )
{
guint32 u32Flags ;
guint32 u32TmpOffset ;
static const int * flags [ ] = {
& hf_typeinfo_docflags_name ,
& hf_typeinfo_docflags_docstring ,
& hf_typeinfo_docflags_helpctx ,
& hf_typeinfo_docflags_helpfile ,
NULL } ;
offset = dissect_dcom_this ( tvb , offset , pinfo , tree , di , drep ) ;
// memid
offset = dissect_dcom_DWORD ( tvb , offset , pinfo , tree , di , drep ,
hf_typeinfo_memid , NULL ) ;
// refPtrFlags
u32TmpOffset = dissect_dcom_DWORD ( tvb , offset , pinfo , NULL , di , drep , - 1 , & u32Flags ) ;
proto_tree_add_bitmask_value ( tree , tvb , offset , hf_typeinfo_docflags ,
ett_typeinfo_docflags , flags , u32Flags ) ;
offset = u32TmpOffset ;
return offset ;
}
int dissect_ITypeInfo_GetDocumentation_resp ( tvbuff_t * tvb , int offset ,
packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep )
{
offset = dissect_dcom_that ( tvb , offset , pinfo , tree , di , drep ) ;
// pBstrDocName
offset = dissect_ndr_pointer ( tvb , offset , pinfo , tree , di , drep , dissect_bstr_through_pointer , NDR_POINTER_UNIQUE , " Pointer to Doc Name " , hf_typeinfo_docname ) ;
// pBstrDocString
offset = dissect_ndr_pointer ( tvb , offset , pinfo , tree , di , drep , dissect_bstr_through_pointer , NDR_POINTER_UNIQUE , " Pointer to Doc String " , hf_typeinfo_docstring ) ;
// pdwHelpContext
offset = dissect_ndr_pointer ( tvb , offset , pinfo , tree , di , drep , dissect_dword_through_pointer , NDR_POINTER_UNIQUE , " Pointer to Help Context " , hf_typeinfo_helpctx ) ;
// pBstrHelpFile
offset = dissect_ndr_pointer ( tvb , offset , pinfo , tree , di , drep , dissect_bstr_through_pointer , NDR_POINTER_UNIQUE , " Pointer to Help File " , hf_typeinfo_helpfile ) ;
/* HRESULT of call */
offset = dissect_dcom_HRESULT ( tvb , offset , pinfo , tree , di , drep , NULL ) ;
return offset ;
}
int dissect_ITypeInfo_GetTypeAttr_rqst ( tvbuff_t * tvb , int offset ,
packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep )
{
offset = dissect_dcom_this ( tvb , offset , pinfo , tree , di , drep ) ;
return offset ;
}
int dissect_ITypeInfo_GetTypeAttr_resp ( tvbuff_t * tvb , int offset ,
packet_info * pinfo , proto_tree * tree , dcerpc_info * di , guint8 * drep )
{
offset = dissect_dcom_that ( tvb , offset , pinfo , tree , di , drep ) ;
offset = dissect_ndr_toplevel_pointer ( tvb , offset , pinfo , tree , di , drep , dissect_typeinfo_TYPEATTR_through_pointer , NDR_POINTER_UNIQUE , " Pointer to TypeAttr " , hf_typeinfo_typeattr ) ;
// reserved
offset = dissect_dcom_DWORD ( tvb , offset , pinfo , tree , di , drep ,
hf_typeinfo_reserved32 , NULL ) ;
/* HRESULT of call */
offset = dissect_dcom_HRESULT ( tvb , offset , pinfo , tree , di , drep , NULL ) ;
return offset ;
}
/* sub dissector table of ITypeInfo interface */
static dcerpc_sub_dissector typeinfo_dissectors [ ] = {
{ 3 , " GetTypeAttr " , dissect_ITypeInfo_GetTypeAttr_rqst , dissect_ITypeInfo_GetTypeAttr_resp } ,
{ 4 , " GetTypeComp " , NULL , NULL } ,
{ 5 , " GetFuncDesc " , dissect_ITypeInfo_GetFuncDesc_rqst , dissect_ITypeInfo_GetFuncDesc_resp } ,
{ 6 , " GetVarDesc " , NULL , NULL } ,
{ 7 , " GetNames " , dissect_ITypeInfo_GetNames_rqst , dissect_ITypeInfo_GetNames_resp } ,
{ 8 , " GetRefTypeOfImplType " , NULL , NULL } ,
{ 9 , " GetImplTypeFlags " , NULL , NULL } ,
{ 12 , " GetDocumentation " , dissect_ITypeInfo_GetDocumentation_rqst , dissect_ITypeInfo_GetDocumentation_resp } ,
{ 13 , " GetDllEntry " , NULL , NULL } ,
{ 14 , " GetRefTypeInfo " , NULL , NULL } ,
{ 16 , " CreateInstance " , NULL , NULL } ,
{ 17 , " GetMops " , NULL , NULL } ,
{ 18 , " GetContainingTypeLib " , NULL , NULL } ,
{ 0 , NULL , NULL , NULL } ,
} ;
void proto_register_dcom_typeinfo ( void )
{
static hf_register_info hf_typeinfo_typedesc_array [ ] = {
{ & hf_typeinfo_typedesc ,
{ " TypeDesc " , " typeinfo.typedesc " , FT_NONE , BASE_NONE , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_typedesc_vtret ,
{ " VT Return Type " , " typeinfo.typedesc.vtret " , FT_UINT16 , BASE_HEX , VALS ( dcom_variant_type_vals ) , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_typedesc_hreftype ,
{ " Ref Type " , " typeinfo.typedesc.reftype " , FT_UINT32 , BASE_HEX , NULL , 0x0 , NULL , HFILL } } ,
} ;
static hf_register_info hf_typeinfo_paramdesc_array [ ] = {
{ & hf_typeinfo_paramdesc ,
{ " ParamDesc " , " typeinfo.paramdesc " , FT_NONE , BASE_NONE , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_paramdesc_paramflags ,
{ " Param Flags " , " typeinfo.paramdesc.paramflags " , FT_UINT16 , BASE_HEX , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_paramdesc_paramflags_fin ,
{ " FIN " , " typeinfo.paramdesc.paramflags_fin " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , PARAMFLAG_FIN , NULL , HFILL } } ,
{ & hf_typeinfo_paramdesc_paramflags_fout ,
{ " FOUT " , " typeinfo.paramdesc.paramflags_fout " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , PARAMFLAG_FOUT , NULL , HFILL } } ,
{ & hf_typeinfo_paramdesc_paramflags_flcid ,
{ " FLCID " , " typeinfo.paramdesc.paramflags_flcid " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , PARAMFLAG_FLCID , NULL , HFILL } } ,
{ & hf_typeinfo_paramdesc_paramflags_fretval ,
{ " FRETVAL " , " typeinfo.paramdesc.paramflags_fretval " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , PARAMFLAG_FRETVAL , NULL , HFILL } } ,
{ & hf_typeinfo_paramdesc_paramflags_fopt ,
{ " FOPT " , " typeinfo.paramdesc.paramflags_fopt " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , PARAMFLAG_FOPT , NULL , HFILL } } ,
{ & hf_typeinfo_paramdesc_paramflags_fhasdefault ,
{ " FHASDEFAULT " , " typeinfo.paramdesc.paramflags_fhasdefault " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , PARAMFLAG_FHASDEFAULT , NULL , HFILL } } ,
{ & hf_typeinfo_paramdesc_paramflags_fhascustdata ,
{ " FHASCUSTDATA " , " typeinfo.paramdesc.paramflags_fhascustdata " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , PARAMFLAG_FHASCUSTDATA , NULL , HFILL } } ,
} ;
static hf_register_info hf_typeinfo_paramdescex_array [ ] = {
{ & hf_typeinfo_paramdescex ,
{ " ParamDescEx " , " typeinfo.paramdescex " , FT_NONE , BASE_NONE , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_paramdescex_cbytes ,
{ " Length " , " typeinfo.paramdescex.len " , FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_paramdescex_varDefaultValue ,
{ " VT Default Value " , " typeinfo.paramdescex.vtdefaultval " , FT_NONE , BASE_NONE , NULL , 0x0 , NULL , HFILL } } ,
} ;
static hf_register_info hf_typeinfo_funcdesc_array [ ] = {
{ & hf_typeinfo_funcdesc ,
{ " FuncDesc " , " typeinfo.funcdesc " , FT_NONE , BASE_NONE , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_funcdesc_memid ,
{ " MemberID " , " typeinfo.funcdesc.memberid " , FT_UINT32 , BASE_HEX , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_funcdesc_funckind ,
{ " Function Kind " , " typeinfo.funcdesc.funckind " , FT_UINT32 , BASE_HEX , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_funcdesc_invkind ,
{ " Invoke Kind " , " typeinfo.funcdesc.invkind " , FT_UINT32 , BASE_HEX , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_funcdesc_callconv ,
{ " Call Conv " , " typeinfo.funcdesc.callconv " , FT_UINT32 , BASE_HEX , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_funcdesc_params ,
{ " Param Count " , " typeinfo.funcdesc.params " , FT_UINT16 , BASE_DEC , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_funcdesc_paramsopt ,
{ " Param Optional Count " , " typeinfo.funcdesc.paramsopt " , FT_UINT16 , BASE_DEC , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_funcdesc_vft ,
{ " VFT Offset " , " typeinfo.funcdesc.ovft " , FT_UINT16 , BASE_HEX , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_funcdesc_resv16 ,
{ " Reserved " , " typeinfo.funcdesc.resv " , FT_UINT16 , BASE_HEX , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_funcdesc_resv32 ,
{ " Reserved " , " typeinfo.funcdesc.resv " , FT_UINT32 , BASE_HEX , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_funcdesc_elemdesc ,
{ " ElemDesc " , " typeinfo.funcdesc.elemdesc " , FT_NONE , BASE_NONE , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_funcdesc_funcflags ,
{ " FuncFlags " , " typeinfo.funcdesc.funcflags " , FT_UINT16 , BASE_HEX , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_funcdesc_funcflags_frestricted ,
{ " FRESTRICTED " , " typeinfo.funcdesc.funcflags_frestricted " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , FUNCFLAG_FRESTRICTED , NULL , HFILL } } ,
{ & hf_typeinfo_funcdesc_funcflags_fsource ,
{ " FSOURCE " , " typeinfo.funcdesc.funcflags_fsource " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , FUNCFLAG_FSOURCE , NULL , HFILL } } ,
{ & hf_typeinfo_funcdesc_funcflags_fbindable ,
{ " FBINDABLE " , " typeinfo.funcdesc.funcflags_fbindable " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , FUNCFLAG_FBINDABLE , NULL , HFILL } } ,
{ & hf_typeinfo_funcdesc_funcflags_frequestedit ,
{ " FREQUESTEDIT " , " typeinfo.funcdesc.funcflags_frequestedit " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , FUNCFLAG_FREQUESTEDIT , NULL , HFILL } } ,
{ & hf_typeinfo_funcdesc_funcflags_fdisplaybind ,
{ " FDISPLAYBIND " , " typeinfo.funcdesc.funcflags_fdisplaybind " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , FUNCFLAG_FDISPLAYBIND , NULL , HFILL } } ,
{ & hf_typeinfo_funcdesc_funcflags_fdefaultbind ,
{ " FDEFAULTBIND " , " typeinfo.funcdesc.funcflags_fdefaultbind " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , FUNCFLAG_FDEFAULTBIND , NULL , HFILL } } ,
{ & hf_typeinfo_funcdesc_funcflags_fhidden ,
{ " FHIDDEN " , " typeinfo.funcdesc.funcflags_fhidden " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , FUNCFLAG_FHIDDEN , NULL , HFILL } } ,
{ & hf_typeinfo_funcdesc_funcflags_fusesgetlasterror ,
{ " FUSESGETLASTERROR " , " typeinfo.funcdesc.funcflags_fusesgetlasterror " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , FUNCFLAG_FUSESGETLASTERROR , NULL , HFILL } } ,
{ & hf_typeinfo_funcdesc_funcflags_fdefaultcollelem ,
{ " FDEFAULTCOLLELEM " , " typeinfo.funcdesc.funcflags_fdefaultcollelem " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , FUNCFLAG_FDEFAULTCOLLELEM , NULL , HFILL } } ,
{ & hf_typeinfo_funcdesc_funcflags_fuidefault ,
{ " FUIDEFAULT " , " typeinfo.funcdesc.funcflags_fuidefault " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , FUNCFLAG_FUIDEFAULT , NULL , HFILL } } ,
{ & hf_typeinfo_funcdesc_funcflags_fnowbrowsable ,
{ " FNONBROWSABLE " , " typeinfo.funcdesc.funcflags_fnowbrowsable " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , FUNCFLAG_FNONBROWSABLE , NULL , HFILL } } ,
{ & hf_typeinfo_funcdesc_funcflags_freplaceable ,
{ " FREPLACEABLE " , " typeinfo.funcdesc.funcflags_freplaceable " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , FUNCFLAG_FREPLACEABLE , NULL , HFILL } } ,
{ & hf_typeinfo_funcdesc_funcflags_fimmediatebind ,
{ " FIMMEDIATEBIND " , " typeinfo.funcdesc.funcflags_fimmediatebind " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , FUNCFLAG_FIMMEDIATEBIND , NULL , HFILL } } ,
} ;
static hf_register_info hf_typeinfo_array [ ] = {
{ & hf_typeinfo_opnum ,
{ " Operation " , " typeinfo.opnum " , FT_UINT16 , BASE_DEC , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_index ,
{ " Function Index " , " typeinfo.funcindex " , FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_reserved32 ,
{ " Reserved " , " typeinfo.resv " , FT_UINT32 , BASE_HEX , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_reserved16 ,
{ " Reserved " , " typeinfo.resv " , FT_UINT16 , BASE_HEX , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_memid ,
{ " MemberID " , " typeinfo.memberid " , FT_UINT32 , BASE_HEX , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_names ,
{ " Names " , " typeinfo.names " , FT_NONE , BASE_NONE , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_names_value ,
{ " Value " , " typeinfo.names.value " , FT_STRING , BASE_NONE , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_maxnames ,
{ " Max Names " , " typeinfo.maxnames " , FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_docflags ,
{ " Documentation Flags " , " typeinfo.docflags " , FT_UINT32 , BASE_HEX , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_docflags_name ,
{ " NameArg " , " typeinfo.docflags_namearg " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , TYPEINFO_DOCFLAGS_NameArg , NULL , HFILL } } ,
{ & hf_typeinfo_docflags_docstring ,
{ " DocStringArg " , " typeinfo.docflags_docstringarg " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , TYPEINFO_DOCFLAGS_DocStringArg , NULL , HFILL } } ,
{ & hf_typeinfo_docflags_helpctx ,
{ " HelpContextArg " , " typeinfo.docflags_helpctxarg " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , TYPEINFO_DOCFLAGS_HelpContextArg , NULL , HFILL } } ,
{ & hf_typeinfo_docflags_helpfile ,
{ " HelpFileArg " , " typeinfo.docflags_helpfilearg " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , TYPEINFO_DOCFLAGS_HelpFileArg , NULL , HFILL } } ,
{ & hf_typeinfo_docname ,
{ " Doc Name " , " typeinfo.docname " , FT_STRING , BASE_NONE , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_docstring ,
{ " Doc String " , " typeinfo.docstring " , FT_STRING , BASE_NONE , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_helpfile ,
{ " Help File " , " typeinfo.helpfile " , FT_STRING , BASE_NONE , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_helpctx ,
{ " Help Ctx " , " typeinfo.helpctx " , FT_UINT32 , BASE_HEX , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_typeattr ,
{ " TypeAttr " , " typeinfo.typeattr " , FT_NONE , BASE_NONE , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_guid ,
{ " GUID " , " typeinfo.guid " , FT_GUID , BASE_NONE , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_lcid ,
{ " LCID " , " typeinfo.lcid " , FT_UINT32 , BASE_HEX , VALS ( dcom_lcid_vals ) , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_sizeInstance ,
{ " Size Instance " , " typeinfo.sizeinstance " , FT_UINT32 , BASE_HEX , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_typekind ,
{ " Type Kind " , " typeinfo.typekind " , FT_UINT32 , BASE_HEX , VALS ( typekind_vals ) , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_cFuncs ,
{ " Func Count " , " typeinfo.funcs " , FT_UINT16 , BASE_DEC , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_cVars ,
{ " Variables Count " , " typeinfo.vars " , FT_UINT16 , BASE_DEC , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_cImplTypes ,
{ " Implemented Interface Count " , " typeinfo.impltypes " , FT_UINT16 , BASE_DEC , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_cbSizeVft ,
{ " Virtual Table Size " , " typeinfo.sizevft " , FT_UINT16 , BASE_HEX , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_cbAlignment ,
{ " Byte Alignment " , " typeinfo.balignment " , FT_UINT16 , BASE_HEX , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_wMajorVerNum ,
{ " MajorVerNum " , " typeinfo.majorvernum " , FT_UINT16 , BASE_HEX , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_wMinorVerNum ,
{ " MinorVerNum " , " typeinfo.minorvernum " , FT_UINT16 , BASE_HEX , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_typeflags ,
{ " Type Flags " , " typeinfo.typeflags " , FT_UINT32 , BASE_HEX , NULL , 0x0 , NULL , HFILL } } ,
{ & hf_typeinfo_typeflags_fappobject ,
{ " FAPPOBJECT " , " typeinfo.typeflags_fappobject " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , TYPEINFO_TYPEFLAG_FAPPOBJECT , NULL , HFILL } } ,
{ & hf_typeinfo_typeflags_fcancreate ,
{ " FCANCREATE " , " typeinfo.typeflags_fcancreate " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , TYPEINFO_TYPEFLAG_FCANCREATE , NULL , HFILL } } ,
{ & hf_typeinfo_typeflags_flicensed ,
{ " FLICENSED " , " typeinfo.typeflags_flicensed " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , TYPEINFO_TYPEFLAG_FLICENSED , NULL , HFILL } } ,
{ & hf_typeinfo_typeflags_fpredeclid ,
{ " FPREDECLID " , " typeinfo.typeflags_fpredeclid " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , TYPEINFO_TYPEFLAG_FPREDECLID , NULL , HFILL } } ,
{ & hf_typeinfo_typeflags_fhidden ,
{ " FHIDDEN " , " typeinfo.typeflags_fhidden " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , TYPEINFO_TYPEFLAG_FHIDDEN , NULL , HFILL } } ,
{ & hf_typeinfo_typeflags_fcontrol ,
{ " FCONTROL " , " typeinfo.typeflags_fcontrol " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , TYPEINFO_TYPEFLAG_FCONTROL , NULL , HFILL } } ,
{ & hf_typeinfo_typeflags_fdual ,
{ " FDUAL " , " typeinfo.typeflags_fdual " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , TYPEINFO_TYPEFLAG_FDUAL , NULL , HFILL } } ,
{ & hf_typeinfo_typeflags_fnonextensible ,
{ " FNONEXTENSIBLE " , " typeinfo.typeflags_fnonextensible " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , TYPEINFO_TYPEFLAG_FNONEXTENSIBLE , NULL , HFILL } } ,
{ & hf_typeinfo_typeflags_foleautomation ,
{ " FOLEAUTOMATION " , " typeinfo.typeflags_foleautomation " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , TYPEINFO_TYPEFLAG_FOLEAUTOMATION , NULL , HFILL } } ,
{ & hf_typeinfo_typeflags_frestricted ,
{ " FRESTRICTED " , " typeinfo.typeflags_frestricted " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , TYPEINFO_TYPEFLAG_FRESTRICTED , NULL , HFILL } } ,
{ & hf_typeinfo_typeflags_faggregatable ,
{ " FAGGREGATABLE " , " typeinfo.typeflags_faggregatable " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , TYPEINFO_TYPEFLAG_FAGGREGATABLE , NULL , HFILL } } ,
{ & hf_typeinfo_typeflags_freplaceable ,
{ " FREPLACEABLE " , " typeinfo.typeflags_freplaceable " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , TYPEINFO_TYPEFLAG_FREPLACEABLE , NULL , HFILL } } ,
{ & hf_typeinfo_typeflags_fdispatchable ,
{ " FDISPATCHABLE " , " typeinfo.typeflags_fdispatchable " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , TYPEINFO_TYPEFLAG_FDISPATCHABLE , NULL , HFILL } } ,
{ & hf_typeinfo_typeflags_fproxy ,
{ " FPROXY " , " typeinfo.typeflags_fproxy " , FT_BOOLEAN , 32 , TFS ( & tfs_set_notset ) , TYPEINFO_TYPEFLAG_FPROXY , NULL , HFILL } } ,
} ;
static gint * ett [ ] = {
& ett_typeinfo ,
& ett_typeinfo_docflags ,
& ett_typeinfo_typeflags ,
& ett_typeinfo_names ,
& ett_typeinfo_typeattr ,
& ett_typeinfo_elemdesc ,
& ett_typeinfo_typedesc ,
& ett_typeinfo_paramdesc ,
& ett_typeinfo_paramdesc_paramflags ,
& ett_typeinfo_paramdescex ,
& ett_typeinfo_funcdesc ,
& ett_typeinfo_funcdesc_funcflags ,
} ;
/* ITypeInfo currently only partially implemented */
proto_typeinfo = proto_register_protocol ( " DCOM ITypeInfo " , " ITypeInfo " , " typeinfo " ) ;
proto_register_field_array ( proto_typeinfo , hf_typeinfo_typedesc_array , array_length ( hf_typeinfo_typedesc_array ) ) ;
proto_register_field_array ( proto_typeinfo , hf_typeinfo_paramdesc_array , array_length ( hf_typeinfo_paramdesc_array ) ) ;
proto_register_field_array ( proto_typeinfo , hf_typeinfo_paramdescex_array , array_length ( hf_typeinfo_paramdescex_array ) ) ;
proto_register_field_array ( proto_typeinfo , hf_typeinfo_funcdesc_array , array_length ( hf_typeinfo_funcdesc_array ) ) ;
proto_register_field_array ( proto_typeinfo , hf_typeinfo_array , array_length ( hf_typeinfo_array ) ) ;
proto_register_subtree_array ( ett , array_length ( ett ) ) ;
}
void proto_reg_handoff_dcom_typeinfo ( void )
{
dcerpc_init_uuid ( proto_typeinfo , ett_typeinfo ,
& uuid_typeinfo , ver_typeinfo ,
typeinfo_dissectors , hf_typeinfo_opnum ) ;
}
/*
2019-07-26 18:43:17 +00:00
* Editor modelines - https : //www.wireshark.org/tools/modelines.html
2019-03-26 22:04:11 +00:00
*
* Local variables :
* c - basic - offset : 8
* tab - width : 8
* indent - tabs - mode : t
* End :
*
* vi : set shiftwidth = 8 tabstop = 8 noexpandtab :
* : indentSize = 8 : tabSize = 8 : noTabs = false :
*/