osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

some further work on the GUID/UUID resolvings 

most of the relevant code moved to guid_utils
lot of corresponding code cleanup in packet-dcerpc.c
still using GHashTable
still not using a manuf like file

svn path=/trunk/; revision=18939
This commit is contained in:
Ulf Lamping 2006-08-17 19:09:41 +00:00
parent 162d87a516
commit 7d04019388
10 changed files with 210 additions and 418 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
epan/dissectors/packet-dcerpc-epm.c
View File

@ -81,7 +81,6 @@ static guint16 ver_epm3 = 3;
static guint16 ver_epm4 = 4;
GHashTable *uuids=NULL;
static e_uuid_t uuid_data_repr_proto = { 0x8a885d04, 0x1ceb, 0x11c9, { 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60 } };
@ -364,7 +363,7 @@ epm_dissect_tower_data (tvbuff_t *tvb, int offset,
case PROTO_ID_UUID:
dcerpc_tvb_get_uuid (tvb, offset+1, drep, &uuid);
uuid_name = guids_get_guid_name(uuids, (e_guid_t *) &uuid);
uuid_name = guids_get_uuid_name(&uuid);
if(uuid_name != NULL) {
proto_tree_add_guid_format (tr, hf_epm_uuid, tvb, offset+1, 16, (e_guid_t *) &uuid,
@ -767,9 +766,6 @@ proto_register_epm (void)
&ett_epm_entry
};
uuids = guids_new();
guids_add_guid(uuids, (e_guid_t *) &uuid_data_repr_proto, "Version 1.1 network data representation protocol", NULL);
/* interface version 3 */
proto_epm3 = proto_register_protocol ("DCE/RPC Endpoint Mapper", "EPM", "epm");
proto_register_field_array (proto_epm3, hf, array_length (hf));
@ -782,6 +778,9 @@ proto_register_epm (void)
void
proto_reg_handoff_epm (void)
{
/* Register the UUIDs */
guids_add_uuid(&uuid_data_repr_proto, "Version 1.1 network data representation protocol");
/* Register the protocol as dcerpc */
dcerpc_init_uuid (proto_epm3, ett_epm, &uuid_epm, ver_epm3, epm_dissectors, hf_epm_opnum);
dcerpc_init_uuid (proto_epm4, ett_epm, &uuid_epm, ver_epm4, epm_dissectors, hf_epm_opnum);

289
epan/dissectors/packet-dcerpc.c
View File

@ -48,10 +48,6 @@
#include <epan/expert.h>
#include <epan/strutil.h>
#ifdef _WIN32
#include <tchar.h>
#endif
static int dcerpc_tap = -1;
@ -494,38 +490,6 @@ static const fragment_items dcerpc_frag_items = {
/* list of hooks to be called when init_protocols is done */
GHookList dcerpc_hooks_init_protos;
#ifdef _WIN32
int ResolveWin32UUID(e_uuid_t if_id, char *uuid_name, int uuid_name_max_len)
{
TCHAR reg_uuid_name[MAX_PATH];
HKEY hKey = NULL;
DWORD uuid_max_size = MAX_PATH;
TCHAR reg_uuid_str[MAX_PATH];
if(uuid_name_max_len < 2)
return 0;
reg_uuid_name[0] = '\0';
_snwprintf(reg_uuid_str, MAX_PATH, _T("SOFTWARE\\Classes\\Interface\\{%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}"),
if_id.Data1, if_id.Data2, if_id.Data3,
if_id.Data4[0], if_id.Data4[1],
if_id.Data4[2], if_id.Data4[3],
if_id.Data4[4], if_id.Data4[5],
if_id.Data4[6], if_id.Data4[7]);
if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, reg_uuid_str, 0, KEY_QUERY_VALUE, &hKey) == ERROR_SUCCESS)
{
if (RegQueryValueEx(hKey, NULL, NULL, NULL, (LPBYTE)reg_uuid_name, &uuid_max_size) == ERROR_SUCCESS && uuid_max_size <= MAX_PATH)
{
g_snprintf(uuid_name, uuid_name_max_len, "%s", utf_16to8(reg_uuid_name));
RegCloseKey(hKey);
return strlen(uuid_name);
}
RegCloseKey(hKey);
}
return 0; /* we didn't find anything anyhow. Please don't use the string! */
}
#endif
static dcerpc_info *
get_next_di(void)
{
@ -730,30 +694,11 @@ dcerpc_init_uuid (int proto, int ett, e_uuid_t *uuid, guint16 ver,
hf_info = proto_registrar_get_nth(opnum_hf);
hf_info->strings = value_string_from_subdissectors(procs);
/* add this GUID to the global name resolving */
guids_add_uuid(uuid, proto_get_protocol_short_name (value->proto));
}
/* try to get registered name for this uuid */
const gchar *dcerpc_get_uuid_name(e_uuid_t *uuid, guint16 ver)
{
dcerpc_uuid_key key;
dcerpc_uuid_value *sub_proto;
/* try to get registered uuid "name" of if_id */
key.uuid = *uuid;
key.ver = ver;
if ((sub_proto = g_hash_table_lookup (dcerpc_uuids, &key)) != NULL
&& proto_is_protocol_enabled(sub_proto->proto)) {
return sub_proto->name;
}
return NULL;
}
/* Function to find the name of a registered protocol
* or NULL if the protocol/version is not known to wireshark.
*/
@ -1147,41 +1092,15 @@ dissect_dcerpc_uuid_t (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
int hfindex, e_uuid_t *pdata)
{
e_uuid_t uuid;
#if 0
header_field_info* hfi;
gchar *uuid_name;
#endif
dcerpc_tvb_get_uuid (tvb, offset, drep, &uuid);
if (drep[0] & 0x10) {
tvb_get_letohguid (tvb, offset, (e_guid_t *) &uuid);
} else {
tvb_get_ntohguid (tvb, offset, (e_guid_t *) &uuid);
}
if (tree) {
#if 0
/* get name of protocol field to prepend it later */
hfi = proto_registrar_get_nth(hfindex);
/* XXX - get the name won't work correct, as we don't know the version of this uuid (if it has one) */
/* look for a registered uuid name */
uuid_name = dcerpc_get_uuid_name(&uuid, 0);
if (uuid_name) {
/* we know the name of this uuid */
proto_tree_add_string_format (tree, hfindex, tvb, offset, 16, "",
"%s: %s (%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x)",
hfi->name, uuid_name,
uuid.Data1, uuid.Data2, uuid.Data3,
uuid.Data4[0], uuid.Data4[1],
uuid.Data4[2], uuid.Data4[3],
uuid.Data4[4], uuid.Data4[5],
uuid.Data4[6], uuid.Data4[7]);
} else {
#endif
/* GUID have changed from FT_STRING to FT_GUID
(XXX - have we changed all dissectors?).
*/
proto_tree_add_guid(tree, hfindex, tvb, offset, 16, (e_guid_t *) &uuid);
#if 0
}
#endif
proto_tree_add_guid(tree, hfindex, tvb, offset, 16, (e_guid_t *) &uuid);
}
if (pdata) {
*pdata = uuid;
@ -1224,7 +1143,6 @@ dcerpc_tvb_get_uuid (tvbuff_t *tvb, gint offset, guint8 *drep, e_uuid_t *uuid)
}
/* NDR arrays */
/* function to dissect a unidimensional conformant array */
int
@ -2210,9 +2128,6 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree,
tvbuff_t *volatile stub_tvb;
volatile guint auth_pad_len;
volatile int auth_pad_offset;
#ifdef _WIN32
char uuid_name[MAX_PATH];
#endif
proto_item *sub_item=NULL;
proto_item *pi;
@ -2230,20 +2145,8 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree,
proto_tree_add_boolean_hidden(dcerpc_tree, hf_dcerpc_unknown_if_id,
tvb, offset, 0, TRUE);
if (check_col (pinfo->cinfo, COL_INFO)) {
#ifdef _WIN32
if(ResolveWin32UUID(info->call_data->uuid, uuid_name, MAX_PATH))
col_append_fstr (pinfo->cinfo, COL_INFO, " [%s] UUID: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x rpcver: %u",
uuid_name, info->call_data->uuid.Data1, info->call_data->uuid.Data2, info->call_data->uuid.Data3, info->call_data->uuid.Data4[0],
info->call_data->uuid.Data4[1], info->call_data->uuid.Data4[2], info->call_data->uuid.Data4[3],
info->call_data->uuid.Data4[4], info->call_data->uuid.Data4[5], info->call_data->uuid.Data4[6],
info->call_data->uuid.Data4[7], info->call_data->ver);
else
#endif
col_append_fstr (pinfo->cinfo, COL_INFO, " UNKUUID: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x rpcver: %u",
info->call_data->uuid.Data1, info->call_data->uuid.Data2, info->call_data->uuid.Data3, info->call_data->uuid.Data4[0],
info->call_data->uuid.Data4[1], info->call_data->uuid.Data4[2], info->call_data->uuid.Data4[3],
info->call_data->uuid.Data4[4], info->call_data->uuid.Data4[5], info->call_data->uuid.Data4[6],
info->call_data->uuid.Data4[7], info->call_data->ver);
col_append_fstr (pinfo->cinfo, COL_INFO, " %s V%u",
guids_resolve_uuid_to_str(&info->call_data->uuid), info->call_data->ver);
}
if (decrypted_tvb != NULL) {
@ -2611,13 +2514,9 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
e_uuid_t trans_id;
guint32 trans_ver;
guint16 if_ver, if_ver_minor;
char uuid_str[DCERPC_UUID_STR_LEN];
int uuid_str_len;
dcerpc_auth_info auth_info;
char *uuid_name = NULL;
#ifdef _WIN32
char uuid_name2[MAX_PATH];
#endif
char *uuid_str;
const char *uuid_name = NULL;
proto_item *iface_item;
offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
@ -2683,33 +2582,17 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
iface_item = proto_tree_add_item(ctx_tree, hf_dcerpc_cn_bind_abstract_syntax, tvb, offset, 0, FALSE);
iface_tree = proto_item_add_subtree(iface_item, ett_dcerpc_cn_iface);
uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
if_id.Data1, if_id.Data2, if_id.Data3,
if_id.Data4[0], if_id.Data4[1],
if_id.Data4[2], if_id.Data4[3],
if_id.Data4[4], if_id.Data4[5],
if_id.Data4[6], if_id.Data4[7]);
if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
#ifdef _WIN32
if(ResolveWin32UUID(if_id, uuid_name2, MAX_PATH)) {
uuid_name = uuid_name2;
}
uuid_str = guid_to_str((e_guid_t*)&if_id);
uuid_name = guids_get_uuid_name(&if_id);
if(uuid_name) {
proto_tree_add_guid_format (iface_tree, hf_dcerpc_cn_bind_if_id, tvb,
offset, 16, (e_guid_t *) &if_id, "Interface: %s UUID: %s", uuid_name, uuid_str);
proto_item_append_text(iface_item, "%s", uuid_name);
} else {
#endif
proto_tree_add_guid_format (iface_tree, hf_dcerpc_cn_bind_if_id, tvb,
offset, 16, (e_guid_t *) &if_id, "Interface UUID: %s", uuid_str);
proto_item_append_text(iface_item, "%s", uuid_str);
#ifdef _WIN32
}
#endif
}
offset += 16;
@ -2767,36 +2650,11 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
}
if (check_col (pinfo->cinfo, COL_INFO)) {
dcerpc_uuid_key key;
dcerpc_uuid_value *value;
key.uuid = if_id;
key.ver = if_ver;
if (num_ctx_items > 1)
col_append_fstr(pinfo->cinfo, COL_INFO, ", %u context items, 1st", num_ctx_items);
if ((value = g_hash_table_lookup(dcerpc_uuids, &key)))
col_append_fstr(pinfo->cinfo, COL_INFO, " UUID: %s", value->name);
else
#ifdef _WIN32
if(ResolveWin32UUID(if_id, uuid_name2, MAX_PATH))
col_append_fstr(pinfo->cinfo, COL_INFO, " [%s] UUID: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x ver %u.%u",
uuid_name2, if_id.Data1, if_id.Data2, if_id.Data3,
if_id.Data4[0], if_id.Data4[1],
if_id.Data4[2], if_id.Data4[3],
if_id.Data4[4], if_id.Data4[5],
if_id.Data4[6], if_id.Data4[7],
if_ver, if_ver_minor);
else
#endif
col_append_fstr(pinfo->cinfo, COL_INFO, " UUID: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x ver %u.%u",
if_id.Data1, if_id.Data2, if_id.Data3,
if_id.Data4[0], if_id.Data4[1],
if_id.Data4[2], if_id.Data4[3],
if_id.Data4[4], if_id.Data4[5],
if_id.Data4[6], if_id.Data4[7],
if_ver, if_ver_minor);
col_append_fstr(pinfo->cinfo, COL_INFO, " %s V%u.%u",
guids_resolve_uuid_to_str(&if_id), if_ver, if_ver_minor);
}
saw_ctx_item = TRUE;
}
@ -2811,15 +2669,7 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
trans_item = proto_tree_add_item(ctx_tree, hf_dcerpc_cn_bind_trans_syntax, tvb, offset, 0, FALSE);
trans_tree = proto_item_add_subtree(trans_item, ett_dcerpc_cn_trans_syntax);
uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
trans_id.Data1, trans_id.Data2, trans_id.Data3,
trans_id.Data4[0], trans_id.Data4[1],
trans_id.Data4[2], trans_id.Data4[3],
trans_id.Data4[4], trans_id.Data4[5],
trans_id.Data4[6], trans_id.Data4[7]);
if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
uuid_str = guid_to_str((e_guid_t *) &trans_id);
proto_tree_add_guid_format (trans_tree, hf_dcerpc_cn_bind_trans_id, tvb,
offset, 16, (e_guid_t *) &trans_id, "Transfer Syntax: %s", uuid_str);
proto_item_append_text(trans_item, "[%u]: %s", j+1, uuid_str);
@ -2859,8 +2709,6 @@ dissect_dcerpc_cn_bind_ack (tvbuff_t *tvb, gint offset, packet_info *pinfo,
guint16 reason;
e_uuid_t trans_id;
guint32 trans_ver;
char uuid_str[DCERPC_UUID_STR_LEN];
int uuid_str_len;
dcerpc_auth_info auth_info;
offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
@ -2917,17 +2765,9 @@ dissect_dcerpc_cn_bind_ack (tvbuff_t *tvb, gint offset, packet_info *pinfo,
dcerpc_tvb_get_uuid (tvb, offset, hdr->drep, &trans_id);
if (ctx_tree) {
uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
trans_id.Data1, trans_id.Data2, trans_id.Data3,
trans_id.Data4[0], trans_id.Data4[1],
trans_id.Data4[2], trans_id.Data4[3],
trans_id.Data4[4], trans_id.Data4[5],
trans_id.Data4[6], trans_id.Data4[7]);
if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
proto_tree_add_guid_format (ctx_tree, hf_dcerpc_cn_ack_trans_id, tvb,
offset, 16, (e_guid_t *) &trans_id, "Transfer Syntax: %s", uuid_str);
offset, 16, (e_guid_t *) &trans_id, "Transfer Syntax: %s",
guid_to_str((e_guid_t *) &trans_id));
}
offset += 16;
@ -3334,8 +3174,6 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo,
e_uuid_t obj_id = DCERPC_UUID_NULL;
dcerpc_auth_info auth_info;
guint32 alloc_hint;
char uuid_str[DCERPC_UUID_STR_LEN];
int uuid_str_len;
proto_item *pi;
proto_item *parent_pi;
@ -3373,21 +3211,9 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo,
if (hdr->flags & PFC_OBJECT_UUID) {
dcerpc_tvb_get_uuid (tvb, offset, hdr->drep, &obj_id);
if (dcerpc_tree) {
uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
obj_id.Data1, obj_id.Data2, obj_id.Data3,
obj_id.Data4[0],
obj_id.Data4[1],
obj_id.Data4[2],
obj_id.Data4[3],
obj_id.Data4[4],
obj_id.Data4[5],
obj_id.Data4[6],
obj_id.Data4[7]);
if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_obj_id, tvb,
offset, 16, (e_guid_t *) &obj_id, "Object UUID: %s", uuid_str);
offset, 16, (e_guid_t *) &obj_id, "Object UUID: %s",
guid_to_str((e_guid_t *) &obj_id));
}
offset += 16;
}
@ -3527,8 +3353,6 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, gint offset, packet_info *pinfo,
guint32 alloc_hint;
proto_item *pi;
proto_item *parent_pi;
char uuid_str[DCERPC_UUID_STR_LEN];
int uuid_str_len;
e_uuid_t obj_id_null = DCERPC_UUID_NULL;
offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
@ -3625,21 +3449,9 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, gint offset, packet_info *pinfo,
/* (optional) "Object UUID" from request */
if (value && dcerpc_tree && memcmp(&value->object_uuid, &obj_id_null, sizeof(obj_id_null)) != 0) {
uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
value->object_uuid.Data1, value->object_uuid.Data2, value->object_uuid.Data3,
value->object_uuid.Data4[0],
value->object_uuid.Data4[1],
value->object_uuid.Data4[2],
value->object_uuid.Data4[3],
value->object_uuid.Data4[4],
value->object_uuid.Data4[5],
value->object_uuid.Data4[6],
value->object_uuid.Data4[7]);
if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
pi = proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_obj_id, tvb,
offset, 0, (e_guid_t *) &value->object_uuid, "Object UUID: %s", uuid_str);
offset, 0, (e_guid_t *) &value->object_uuid, "Object UUID: %s",
guid_to_str((e_guid_t *) &value->object_uuid));
PROTO_ITEM_SET_GENERATED(pi);
}
@ -4850,8 +4662,6 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
int offset = 0;
conversation_t *conv;
int auth_level;
char uuid_str[DCERPC_UUID_STR_LEN];
int uuid_str_len;
/*
* Check if this looks like a CL DCERPC call. All dg packets
@ -5005,59 +4815,23 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
offset++;
if (tree) {
uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
hdr.obj_id.Data1, hdr.obj_id.Data2, hdr.obj_id.Data3,
hdr.obj_id.Data4[0],
hdr.obj_id.Data4[1],
hdr.obj_id.Data4[2],
hdr.obj_id.Data4[3],
hdr.obj_id.Data4[4],
hdr.obj_id.Data4[5],
hdr.obj_id.Data4[6],
hdr.obj_id.Data4[7]);
if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_obj_id, tvb,
offset, 16, (e_guid_t *) &hdr.obj_id, "Object UUID: %s", uuid_str);
offset, 16, (e_guid_t *) &hdr.obj_id, "Object UUID: %s",
guid_to_str((e_guid_t *) &hdr.obj_id));
}
offset += 16;
if (tree) {
uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
hdr.if_id.Data1, hdr.if_id.Data2, hdr.if_id.Data3,
hdr.if_id.Data4[0],
hdr.if_id.Data4[1],
hdr.if_id.Data4[2],
hdr.if_id.Data4[3],
hdr.if_id.Data4[4],
hdr.if_id.Data4[5],
hdr.if_id.Data4[6],
hdr.if_id.Data4[7]);
if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_dg_if_id, tvb,
offset, 16, (e_guid_t *) &hdr.if_id, "Interface: %s", uuid_str);
offset, 16, (e_guid_t *) &hdr.if_id, "Interface: %s",
guid_to_str((e_guid_t *) &hdr.if_id));
}
offset += 16;
if (tree) {
uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
hdr.act_id.Data1, hdr.act_id.Data2, hdr.act_id.Data3,
hdr.act_id.Data4[0],
hdr.act_id.Data4[1],
hdr.act_id.Data4[2],
hdr.act_id.Data4[3],
hdr.act_id.Data4[4],
hdr.act_id.Data4[5],
hdr.act_id.Data4[6],
hdr.act_id.Data4[7]);
if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_dg_act_id, tvb,
offset, 16, (e_guid_t *) &hdr.act_id, "Activity: %s", uuid_str);
offset, 16, (e_guid_t *) &hdr.act_id, "Activity: %s",
guid_to_str((e_guid_t *) &hdr.act_id));
}
offset += 16;
@ -5569,6 +5343,9 @@ proto_register_dcerpc (void)
dcerpc_tap=register_tap("dcerpc");
g_hook_list_init(&dcerpc_hooks_init_protos, sizeof(GHook));
/* XXX - might better be located in a more general place than this */
guids_init();
}
void

3
epan/dissectors/packet-dcerpc.h
View File

@ -255,9 +255,6 @@ dcerpc_sub_dissector *dcerpc_get_proto_sub_dissector(e_uuid_t *uuid, guint16 ver
value_string *value_string_from_subdissectors(dcerpc_sub_dissector *sd);
/* try to get protocol name registered for this uuid */
const gchar *dcerpc_get_uuid_name(e_uuid_t *uuid, guint16 ver);
/* Private data passed to subdissectors from the main DCERPC dissector. */
typedef struct _dcerpc_call_value {
e_uuid_t uuid; /* interface UUID */

8
epan/dissectors/packet-dcom-cba-acco.c
View File

@ -419,11 +419,11 @@ cba_pdev_find(packet_info *pinfo, const char *ip, e_uuid_t *ipid)
pdev = interf->parent->private_data;
if(pdev == NULL) {
expert_add_info_format(pinfo, NULL, PI_UNDECODED, PI_NOTE, "pdev_find: no pdev for IP:%s IPID:%s",
ip_to_str(ip), dcom_uuid_to_str(ipid));
ip_to_str(ip), guids_resolve_uuid_to_str(ipid));
}
} else {
expert_add_info_format(pinfo, NULL, PI_UNDECODED, PI_NOTE, "pdev_find: unknown interface of IP:%s IPID:%s",
ip_to_str(ip), dcom_uuid_to_str(ipid));
ip_to_str(ip), guids_resolve_uuid_to_str(ipid));
pdev = NULL;
}
@ -547,11 +547,11 @@ cba_ldev_find(packet_info *pinfo, const gchar *ip, e_uuid_t *ipid) {
}
if(ldev == NULL) {
expert_add_info_format(pinfo, NULL, PI_UNDECODED, PI_NOTE, "ldev_find: no ldev for IP:%s IPID:%s",
ip_to_str(ip), dcom_uuid_to_str(&info->call_data->object_uuid));
ip_to_str(ip), guids_resolve_uuid_to_str(&info->call_data->object_uuid));
}
} else {
expert_add_info_format(pinfo, NULL, PI_UNDECODED, PI_NOTE, "ldev_find: unknown interface of IP:%s IPID:%s",
ip_to_str(ip), dcom_uuid_to_str(&info->call_data->object_uuid));
ip_to_str(ip), guids_resolve_uuid_to_str(&info->call_data->object_uuid));
ldev = NULL;
}

2
epan/dissectors/packet-dcom-cba.c
View File

@ -1526,7 +1526,7 @@ void
proto_reg_handoff_dcom_cba (void)
{
/* Register the CBA class ID */
guids_add_guid(dcom_uuids, (e_guid_t *) &uuid_coclass_CBAPhysicalDevice, "CBA", NULL);
guids_add_uuid(&uuid_coclass_CBAPhysicalDevice, "CBA");
/* Register the interfaces */
dcerpc_init_uuid(proto_ICBAPhysicalDevice, ett_ICBAPhysicalDevice,

9
epan/dissectors/packet-dcom-remunkn.c
View File

@ -36,6 +36,7 @@
#include <epan/emem.h>
#include "packet-dcerpc.h"
#include "packet-dcom.h"
#include "guid-utils.h"
static int hf_remunk_opnum = -1;
@ -62,6 +63,8 @@ static e_uuid_t uuid_remunk = { 0x00000131, 0x0000, 0x0000, { 0xc0, 0x00, 0x00,
static guint16 ver_remunk = 0;
static int proto_remunk = -1;
static e_uuid_t ipid_remunk = { 0x00000131, 0x1234, 0x5678, { 0xCA, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46 } };
/* There is a little bit confusion about the IRemUnknown2 interface UUIDs */
/* DCOM documentation tells us: 0x00000142 (7 methods) */
/* win2000 registry tells us: 0x00000142 IRemoteQI (4 methods) */
@ -273,7 +276,7 @@ dissect_remunk_remrelease_rqst(tvbuff_t *tvb, int offset,
/* update subtree */
proto_item_append_text(sub_item, "[%u]: IPID=%s, PublicRefs=%u, PrivateRefs=%u",
u32ItemIdx,
dcom_uuid_to_str(&ipid),
guids_resolve_uuid_to_str(&ipid),
u32PublicRefs, u32PrivateRefs);
proto_item_set_len(sub_item, offset - u32SubStart);
@ -368,6 +371,10 @@ proto_register_remunk (void)
void
proto_reg_handoff_remunk (void)
{
/* Register the IPID */
guids_add_uuid(&ipid_remunk, "IPID-IRemUnknown");
/* Register the interfaces */
dcerpc_init_uuid(proto_remunk, ett_remunk,
&uuid_remunk, ver_remunk,

152
epan/dissectors/packet-dcom.c
View File

@ -215,9 +215,11 @@ static int hf_dcom_vt_bstr = -1;
static int hf_dcom_vt_byref = -1;
static int hf_dcom_vt_dispatch = -1;
/* this/that extension UUIDs */
static e_uuid_t uuid_debug_ext = { 0xf1f19680, 0x4d2a, 0x11ce, { 0xa6, 0x6a, 0x00, 0x20, 0xaf, 0x6e, 0x72, 0xf4} };
static e_uuid_t uuid_ext_error_ext ={ 0xf1f19681, 0x4d2a, 0x11ce, { 0xa6, 0x6a, 0x00, 0x20, 0xaf, 0x6e, 0x72, 0xf4} };
/* general DCOM UUIDs */
static e_uuid_t ipid_rem_unknown = { 0x00000131, 0x1234, 0x5678, { 0xCA, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
static e_uuid_t iid_unknown = { 0x00000000, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
static e_uuid_t uuid_null = { 0x00000000, 0x0000, 0x0000, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} };
@ -232,8 +234,6 @@ static const value_string dcom_thisthat_flag_vals[] = {
};
GHashTable *dcom_uuids=NULL;
void dcom_interface_dump(void) {
dcom_machine_t *machine;
@ -255,8 +255,8 @@ void dcom_interface_dump(void) {
for(interfaces = object->interfaces; interfaces != NULL; interfaces = g_list_next(interfaces)) {
interf = interfaces->data;
g_warning(" Interface(#%4u): iid:%s",
interf->first_packet, dcom_uuid_to_str(&interf->iid));
g_warning(" ipid:%s", dcom_uuid_to_str(&interf->ipid));
interf->first_packet, guids_resolve_uuid_to_str(&interf->iid));
g_warning(" ipid:%s", guids_resolve_uuid_to_str(&interf->ipid));
}
}
}
@ -727,7 +727,7 @@ dissect_dcom_extent(tvbuff_t *tvb, int offset,
hf_dcom_extent_id, &uuidExtend);
/* look for a registered uuid name */
if((uuid_name = guids_get_guid_name(dcom_uuids, (e_guid_t *) &uuidExtend)) != NULL) {
if((uuid_name = guids_get_uuid_name(&uuidExtend)) != NULL) {
proto_tree_add_guid_format_value(sub_tree, hf_dcom_extent_id, tvb,
offset, sizeof(e_uuid_t), (e_guid_t *) &uuidExtend, "%s (%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x)",
uuid_name,
@ -807,11 +807,13 @@ dissect_dcom_this(tvbuff_t *tvb, int offset,
/* update subtree header */
proto_item_append_text(sub_item, ", V%u.%u, Causality ID: %s",
u16VersionMajor, u16VersionMinor, dcom_uuid_to_str(&uuidCausality));
u16VersionMajor, u16VersionMinor, guids_resolve_uuid_to_str(&uuidCausality));
proto_item_set_len(sub_item, offset - u32SubStart);
if(memcmp(&info->call_data->object_uuid, &uuid_null, sizeof(uuid_null)) != 0) {
pi = proto_tree_add_guid(tree, hf_dcom_ipid, tvb, offset, GUID_LEN, (e_guid_t *) &info->call_data->object_uuid);
pi = proto_tree_add_guid_format(tree, hf_dcom_ipid, tvb, offset, 0,
(e_guid_t *) &info->call_data->object_uuid,
"Object UUID/IPID: %s", guids_resolve_uuid_to_str(&info->call_data->object_uuid));
PROTO_ITEM_SET_GENERATED(pi);
}
@ -846,7 +848,9 @@ dissect_dcom_that(tvbuff_t *tvb, int offset,
proto_item_set_len(sub_item, offset - u32SubStart);
if(memcmp(&info->call_data->object_uuid, &uuid_null, sizeof(uuid_null)) != 0) {
pi = proto_tree_add_guid(tree, hf_dcom_ipid, tvb, offset, GUID_LEN, (e_guid_t *) &info->call_data->object_uuid);
pi = proto_tree_add_guid_format(tree, hf_dcom_ipid, tvb, offset, 0,
(e_guid_t *) &info->call_data->object_uuid,
"Object UUID/IPID: %s", guids_resolve_uuid_to_str(&info->call_data->object_uuid));
PROTO_ITEM_SET_GENERATED(pi);
}
@ -888,37 +892,6 @@ dissect_dcom_simple_resp(tvbuff_t *tvb, int offset,
}
/* Tries to match uuid against its name.
Returns the associated string ptr on a match.
Formats uuid number and returns the resulting string, on failure.
(copied from val_to_str) */
const gchar* dcom_uuid_to_str(e_uuid_t *uuid) {
const gchar *ret;
static gchar str[3][64];
static gchar *cur;
/* all DCOM interfaces are registered with version 0 */
ret = dcerpc_get_uuid_name(uuid, 0);
if (ret != NULL)
return ret;
if (cur == &str[0][0]) {
cur = &str[1][0];
} else if (cur == &str[1][0]) {
cur = &str[2][0];
} else {
cur = &str[0][0];
}
g_snprintf(cur, 64, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
uuid->Data1, uuid->Data2, uuid->Data3,
uuid->Data4[0], uuid->Data4[1],
uuid->Data4[2], uuid->Data4[3],
uuid->Data4[4], uuid->Data4[5],
uuid->Data4[6], uuid->Data4[7]);
return cur;
}
/* dissect a dcerpc array size */
int
dissect_dcom_dcerpc_array_size(tvbuff_t *tvb, gint offset, packet_info *pinfo,
@ -1432,57 +1405,35 @@ dissect_dcom_UUID(tvbuff_t *tvb, int offset,
int hfindex, e_uuid_t *pdata)
{
const gchar *uuid_name;
proto_item *pi;
header_field_info *hfi;
e_uuid_t uuid;
#ifdef _WIN32
char uuid_name2[MAX_PATH];
#endif
/* XXX - this is far from being performance optimized! */
/* get the UUID, but don't put it into the tree */
offset = dissect_ndr_uuid_t(tvb, offset, pinfo, NULL, drep,
hfindex, &uuid);
/* look for a registered uuid name */
uuid_name = dcerpc_get_uuid_name(&uuid, 0);
if(uuid_name == NULL) {
uuid_name = guids_get_guid_name(dcom_uuids, (e_guid_t *) &uuid);
}
#ifdef _WIN32
if(uuid_name == NULL && ResolveWin32UUID(uuid, uuid_name2, MAX_PATH)) {
uuid_name = uuid_name2;
}
#endif
/* add to the tree */
hfi = proto_registrar_get_nth(hfindex);
pi = proto_tree_add_guid_format(tree, hfindex, tvb, offset-16, 16, (e_guid_t *) &uuid, "%s: ", hfi->name);
/* give an expert info, if UUID is not known and not of a "temporary" kind */
if( uuid_name == NULL &&
strcmp(hfi->name, "Causality ID") != 0 &&
strcmp(hfi->name, "IPID") != 0)
{
expert_add_info_format(pinfo, pi, PI_UNDECODED, PI_NOTE, "unknown %s: %s",
hfi->name, guid_to_str( (e_guid_t *) &uuid));
}
uuid_name = guids_get_uuid_name(&uuid);
if(uuid_name) {
proto_item_append_text(pi, "%s (", uuid_name);
}
proto_item_append_text(pi, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
proto_tree_add_guid_format(tree, hfindex, tvb, offset-16, 16, (e_guid_t *) &uuid,
"%s: %s (%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x)",
hfi->name, uuid_name,
uuid.Data1, uuid.Data2, uuid.Data3,
uuid.Data4[0], uuid.Data4[1],
uuid.Data4[2], uuid.Data4[3],
uuid.Data4[4], uuid.Data4[5],
uuid.Data4[6], uuid.Data4[7]);
} else {
proto_tree_add_guid_format(tree, hfindex, tvb, offset-16, 16, (e_guid_t *) &uuid,
"%s: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
hfi->name,
uuid.Data1, uuid.Data2, uuid.Data3,
uuid.Data4[0], uuid.Data4[1],
uuid.Data4[2], uuid.Data4[3],
uuid.Data4[4], uuid.Data4[5],
uuid.Data4[6], uuid.Data4[7]);
if(uuid_name) {
proto_item_append_text(pi, ")", uuid_name);
}
if(pdata != NULL) {
@ -1501,9 +1452,6 @@ dissect_dcom_append_UUID(tvbuff_t *tvb, int offset,
const gchar *uuid_name;
proto_item *pi;
header_field_info *hfi;
#ifdef _WIN32
char uuid_name2[MAX_PATH];
#endif
/* XXX - this is far from being performance optimized! */
@ -1513,30 +1461,12 @@ dissect_dcom_append_UUID(tvbuff_t *tvb, int offset,
hfindex, uuid);
/* look for a registered uuid name */
uuid_name = dcerpc_get_uuid_name(uuid, 0);
if(uuid_name == NULL) {
uuid_name = guids_get_guid_name(dcom_uuids, (e_guid_t *) uuid);
}
#ifdef _WIN32
if(uuid_name == NULL && ResolveWin32UUID(uuid, uuid_name2, MAX_PATH)) {
uuid_name = uuid_name2;
}
#endif
uuid_name = guids_get_uuid_name(uuid);
/* add to the tree */
hfi = proto_registrar_get_nth(hfindex);
pi = proto_tree_add_guid_format(tree, hfindex, tvb, offset-16, 16, (e_guid_t *) uuid, "%s", hfi->name);
/* give an expert info, if UUID is not known and not of a "temporary" kind */
if( uuid_name == NULL &&
strcmp(hfi->name, "Causality ID") != 0 &&
strcmp(hfi->name, "IPID") != 0)
{
expert_add_info_format(pinfo, pi, PI_UNDECODED, PI_NOTE, "unknown %s: %s",
hfi->name, guid_to_str( (e_guid_t *) uuid));
}
if (field_index != -1) {
proto_item_append_text(pi, "[%u]: ", field_index);
} else {
@ -1916,7 +1846,7 @@ dissect_dcom_STDOBJREF(tvbuff_t *tvb, gint offset, packet_info *pinfo,
/* append info to subtree header */
proto_item_append_text(sub_item, ": PublicRefs=%u IPID=%s",
u32PublicRefs, dcom_uuid_to_str(ipid));
u32PublicRefs, guids_resolve_uuid_to_str(ipid));
proto_item_set_len(sub_item, offset - u32SubStart);
return offset;
@ -2062,17 +1992,6 @@ dissect_dcom_PMInterfacePointer(tvbuff_t *tvb, gint offset, packet_info *pinfo,
}
void dcom_register_server_coclass(int proto _U_, int ett _U_, e_uuid_t *uuid _U_, guint16 ver _U_,
dcerpc_sub_dissector *sub_dissectors _U_, int opnum_hf _U_) {
/* XXX: this must be simply the name registration of the UUID,
* not a whole sub_dissector registration */
/* but this is currently not possible :-( */
/* dcerpc_init_uuid (proto, ett, uuid, ver, sub_dissectors, opnum_hf);*/
}
static void dcom_reinit( void) {
dcom_machines = NULL;
dcom_interfaces = NULL;
@ -2325,15 +2244,6 @@ proto_register_dcom (void)
proto_register_field_array(proto_dcom, hf_dcom_sa_array, array_length(hf_dcom_sa_array));
proto_register_subtree_array (ett_dcom, array_length (ett_dcom));
/* register some "well known" UUID's */
dcom_uuids = guids_new();
guids_add_guid(dcom_uuids, (e_guid_t *) &uuid_debug_ext, "Debug Information Body Extension", NULL);
guids_add_guid(dcom_uuids, (e_guid_t *) &uuid_ext_error_ext, "Extended Error Info Body Extension", NULL);
guids_add_guid(dcom_uuids, (e_guid_t *) &ipid_rem_unknown, "IRemUnknown", NULL);
guids_add_guid(dcom_uuids, (e_guid_t *) &iid_unknown, "IUnknown", NULL);
guids_add_guid(dcom_uuids, (e_guid_t *) &uuid_null, "NULL", NULL);
guids_add_guid(dcom_uuids, (e_guid_t *) &iid_class_factory, "IClassFactory", NULL);
/* preferences */
dcom_module = prefs_register_protocol(proto_dcom, proto_reg_handoff_dcom);
@ -2351,6 +2261,14 @@ void
proto_reg_handoff_dcom (void)
{
/* register some "well known" UUID's */
guids_add_uuid(&uuid_debug_ext, "Debug Information Body Extension");
guids_add_uuid(&uuid_ext_error_ext, "Extended Error Info Body Extension");
guids_add_uuid(&ipid_rem_unknown, "IRemUnknown");
guids_add_uuid(&iid_unknown, "IUnknown");
guids_add_uuid(&uuid_null, "NULL");
guids_add_uuid(&iid_class_factory, "IClassFactory");
/* Currently, we have nothing to register for DCOM */
}

7
epan/dissectors/packet-dcom.h
View File

@ -106,9 +106,6 @@ dissect_dcom_append_UUID(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep,
int hfindex, int field_index, e_uuid_t *uuid);
extern const gchar*
dcom_uuid_to_str(e_uuid_t *uuid);
extern int
dissect_dcom_indexed_WORD(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep,
@ -200,8 +197,4 @@ extern int
dissect_dcom_simple_resp(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep);
void dcom_register_server_coclass(int proto, int ett,
e_uuid_t *uuid, guint16 ver,
dcerpc_sub_dissector *sub_dissectors, int opnum_hf);
#endif /* packet-dcerpc-dcom.h */

119
epan/guid-utils.c
View File

@ -8,8 +8,6 @@
*
* Copyright 1998 Gerald Combs
*
* MobileIPv6 support added by Tomislav Borosa <tomislav.borosa@siemens.hr>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
@ -32,8 +30,95 @@
#include <string.h>
#include <glib.h>
#include <epan/epan.h>
#include <epan/strutil.h>
#include "guid-utils.h"
#ifdef _WIN32
#include <tchar.h>
#include <windows.h>
#endif
/* GUID "registry" */
typedef struct _guid_key {
e_guid_t guid;
} guid_key;
typedef struct _guid_value {
const gchar *name;
} guid_value;
/* global guid to name collection */
GHashTable *guids = NULL;
#ifdef _WIN32
/* try to resolve an DCE/RPC interface name to it's name using the Windows registry entries */
/* XXX - might be better to fill all interfaces into our database at startup instead of searching each time */
int ResolveWin32UUID(e_guid_t if_id, char *uuid_name, int uuid_name_max_len)
{
TCHAR reg_uuid_name[MAX_PATH];
HKEY hKey = NULL;
DWORD uuid_max_size = MAX_PATH;
TCHAR reg_uuid_str[MAX_PATH];
if(uuid_name_max_len < 2)
return 0;
reg_uuid_name[0] = '\0';
_snwprintf(reg_uuid_str, MAX_PATH, _T("SOFTWARE\\Classes\\Interface\\{%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}"),
if_id.data1, if_id.data2, if_id.data3,
if_id.data4[0], if_id.data4[1],
if_id.data4[2], if_id.data4[3],
if_id.data4[4], if_id.data4[5],
if_id.data4[6], if_id.data4[7]);
if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, reg_uuid_str, 0, KEY_QUERY_VALUE, &hKey) == ERROR_SUCCESS)
{
if (RegQueryValueEx(hKey, NULL, NULL, NULL, (LPBYTE)reg_uuid_name, &uuid_max_size) == ERROR_SUCCESS && uuid_max_size <= MAX_PATH)
{
g_snprintf(uuid_name, uuid_name_max_len, "%s", utf_16to8(reg_uuid_name));
RegCloseKey(hKey);
return strlen(uuid_name);
}
RegCloseKey(hKey);
}
return 0; /* we didn't find anything anyhow. Please don't use the string! */
}
#endif
/* Tries to match a guid against its name.
Returns the associated string ptr on a match.
Formats uuid number and returns the resulting string, if name is unknown.
(derived from val_to_str) */
const gchar* guids_resolve_guid_to_str(e_guid_t *guid) {
const gchar *ret;
static gchar str[3][64];
static gchar *cur;
ret = guids_get_guid_name(guid);
if (ret != NULL)
return ret;
if (cur == &str[0][0]) {
cur = &str[1][0];
} else if (cur == &str[1][0]) {
cur = &str[2][0];
} else {
cur = &str[0][0];
}
g_snprintf(cur, 64, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
guid->data1, guid->data2, guid->data3,
guid->data4[0], guid->data4[1],
guid->data4[2], guid->data4[3],
guid->data4[4], guid->data4[5],
guid->data4[6], guid->data4[7]);
return cur;
}
static gint
guid_equal (gconstpointer k1, gconstpointer k2)
{
@ -51,38 +136,52 @@ guid_hash (gconstpointer k)
return key->guid.data1;
}
GHashTable *guids_new(void)
void guids_init(void)
{
return g_hash_table_new (guid_hash, guid_equal);
g_assert(guids == NULL);
guids = g_hash_table_new (guid_hash, guid_equal);
}
void guids_add_guid(GHashTable *guids, e_guid_t *guid, gchar *name, void *private_data)
void guids_add_guid(e_guid_t *guid, const gchar *name)
{
guid_key *key = g_malloc (sizeof (*key));
guid_value *value = g_malloc (sizeof (*value));
key->guid = *guid;
/* XXX - do we need to copy the name? */
value->name = name;
g_hash_table_insert (guids, key, value);
}
/* try to get registered name for this guid */
const gchar *guids_get_guid_name(GHashTable *guids, e_guid_t *guid)
/* try to get registered name for this GUID */
const gchar *guids_get_guid_name(e_guid_t *guid)
{
guid_key key;
guid_value *value;
#ifdef _WIN32
/* XXX - we need three time circulating buffer here */
/* XXX - is there a maximum length of the name? */
static char uuid_name[128];
#endif
/* try to get registered guid "name" of if_id */
/* try to get registered guid "name" of guid */
key.guid = *guid;
if ((value = g_hash_table_lookup (guids, &key)) != NULL) {
return value->name;
}
#ifdef _WIN32
/* try to resolve the mapping from the Windows registry */
/* XXX - prefill the resolving database with all the Windows registry entries once at init only (instead of searching each time)? */
if(ResolveWin32UUID(*guid, uuid_name, 128)) {
return uuid_name;
}
#endif
return NULL;
}

30
epan/guid-utils.h
View File

@ -8,8 +8,6 @@
*
* Copyright 1998 Gerald Combs
*
* MobileIPv6 support added by Tomislav Borosa <tomislav.borosa@siemens.hr>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
@ -40,22 +38,26 @@ typedef struct _e_guid_t {
} e_guid_t;
/* GUID "registry" */
typedef struct _guid_key {
e_guid_t guid;
} guid_key;
extern void guids_init(void);
typedef struct _guid_value {
const gchar *name;
} guid_value;
/* add a GUID */
extern void guids_add_guid(e_guid_t *guid, const gchar *name);
/* try to get registered name for this GUID */
extern const gchar *guids_get_guid_name(e_guid_t *guid);
extern GHashTable *guids_new(void);
/* resolve GUID to name (or if unknown to hex string) */
/* (if you need hex string only, use guid_to_str instead) */
extern const gchar* guids_resolve_guid_to_str(e_guid_t *guid);
/* add a GUID (don't forget to init the GHashTable) */
extern void guids_add_guid(GHashTable *guids, e_guid_t *guid, gchar *name, void *private_data);
/* add a UUID (dcerpc_init_uuid() will call this too) */
#define guids_add_uuid(uuid, name) guids_add_guid((e_guid_t *) (uuid), (name))
/* try to get registered name for this guid */
extern const gchar *guids_get_guid_name(GHashTable *guids, e_guid_t *guid);
/* try to get registered name for this UUID */
#define guids_get_uuid_name(uuid) guids_get_guid_name((e_guid_t *) (uuid))
/* resolve UUID to name (or if unknown to hex string) */
/* (if you need hex string only, use guid_to_str instead) */
#define guids_resolve_uuid_to_str(uuid) guids_resolve_guid_to_str((e_guid_t *) (uuid))
#endif /* __GUID_UTILS_H__ */