some further work on the GUID/UUID resolvings
most of the relevant code moved to guid_utils lot of corresponding code cleanup in packet-dcerpc.c still using GHashTable still not using a manuf like file svn path=/trunk/; revision=18939
This commit is contained in:
parent
162d87a516
commit
7d04019388
|
@ -81,7 +81,6 @@ static guint16 ver_epm3 = 3;
|
|||
static guint16 ver_epm4 = 4;
|
||||
|
||||
|
||||
GHashTable *uuids=NULL;
|
||||
static e_uuid_t uuid_data_repr_proto = { 0x8a885d04, 0x1ceb, 0x11c9, { 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60 } };
|
||||
|
||||
|
||||
|
@ -364,7 +363,7 @@ epm_dissect_tower_data (tvbuff_t *tvb, int offset,
|
|||
case PROTO_ID_UUID:
|
||||
dcerpc_tvb_get_uuid (tvb, offset+1, drep, &uuid);
|
||||
|
||||
uuid_name = guids_get_guid_name(uuids, (e_guid_t *) &uuid);
|
||||
uuid_name = guids_get_uuid_name(&uuid);
|
||||
|
||||
if(uuid_name != NULL) {
|
||||
proto_tree_add_guid_format (tr, hf_epm_uuid, tvb, offset+1, 16, (e_guid_t *) &uuid,
|
||||
|
@ -767,9 +766,6 @@ proto_register_epm (void)
|
|||
&ett_epm_entry
|
||||
};
|
||||
|
||||
uuids = guids_new();
|
||||
guids_add_guid(uuids, (e_guid_t *) &uuid_data_repr_proto, "Version 1.1 network data representation protocol", NULL);
|
||||
|
||||
/* interface version 3 */
|
||||
proto_epm3 = proto_register_protocol ("DCE/RPC Endpoint Mapper", "EPM", "epm");
|
||||
proto_register_field_array (proto_epm3, hf, array_length (hf));
|
||||
|
@ -782,6 +778,9 @@ proto_register_epm (void)
|
|||
void
|
||||
proto_reg_handoff_epm (void)
|
||||
{
|
||||
/* Register the UUIDs */
|
||||
guids_add_uuid(&uuid_data_repr_proto, "Version 1.1 network data representation protocol");
|
||||
|
||||
/* Register the protocol as dcerpc */
|
||||
dcerpc_init_uuid (proto_epm3, ett_epm, &uuid_epm, ver_epm3, epm_dissectors, hf_epm_opnum);
|
||||
dcerpc_init_uuid (proto_epm4, ett_epm, &uuid_epm, ver_epm4, epm_dissectors, hf_epm_opnum);
|
||||
|
|
|
@ -48,10 +48,6 @@
|
|||
#include <epan/expert.h>
|
||||
#include <epan/strutil.h>
|
||||
|
||||
#ifdef _WIN32
|
||||
#include <tchar.h>
|
||||
#endif
|
||||
|
||||
static int dcerpc_tap = -1;
|
||||
|
||||
|
||||
|
@ -494,38 +490,6 @@ static const fragment_items dcerpc_frag_items = {
|
|||
/* list of hooks to be called when init_protocols is done */
|
||||
GHookList dcerpc_hooks_init_protos;
|
||||
|
||||
#ifdef _WIN32
|
||||
int ResolveWin32UUID(e_uuid_t if_id, char *uuid_name, int uuid_name_max_len)
|
||||
{
|
||||
TCHAR reg_uuid_name[MAX_PATH];
|
||||
HKEY hKey = NULL;
|
||||
DWORD uuid_max_size = MAX_PATH;
|
||||
TCHAR reg_uuid_str[MAX_PATH];
|
||||
|
||||
if(uuid_name_max_len < 2)
|
||||
return 0;
|
||||
reg_uuid_name[0] = '\0';
|
||||
_snwprintf(reg_uuid_str, MAX_PATH, _T("SOFTWARE\\Classes\\Interface\\{%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}"),
|
||||
if_id.Data1, if_id.Data2, if_id.Data3,
|
||||
if_id.Data4[0], if_id.Data4[1],
|
||||
if_id.Data4[2], if_id.Data4[3],
|
||||
if_id.Data4[4], if_id.Data4[5],
|
||||
if_id.Data4[6], if_id.Data4[7]);
|
||||
if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, reg_uuid_str, 0, KEY_QUERY_VALUE, &hKey) == ERROR_SUCCESS)
|
||||
{
|
||||
if (RegQueryValueEx(hKey, NULL, NULL, NULL, (LPBYTE)reg_uuid_name, &uuid_max_size) == ERROR_SUCCESS && uuid_max_size <= MAX_PATH)
|
||||
{
|
||||
g_snprintf(uuid_name, uuid_name_max_len, "%s", utf_16to8(reg_uuid_name));
|
||||
RegCloseKey(hKey);
|
||||
return strlen(uuid_name);
|
||||
}
|
||||
RegCloseKey(hKey);
|
||||
}
|
||||
return 0; /* we didn't find anything anyhow. Please don't use the string! */
|
||||
|
||||
}
|
||||
#endif
|
||||
|
||||
static dcerpc_info *
|
||||
get_next_di(void)
|
||||
{
|
||||
|
@ -730,30 +694,11 @@ dcerpc_init_uuid (int proto, int ett, e_uuid_t *uuid, guint16 ver,
|
|||
|
||||
hf_info = proto_registrar_get_nth(opnum_hf);
|
||||
hf_info->strings = value_string_from_subdissectors(procs);
|
||||
|
||||
/* add this GUID to the global name resolving */
|
||||
guids_add_uuid(uuid, proto_get_protocol_short_name (value->proto));
|
||||
}
|
||||
|
||||
|
||||
/* try to get registered name for this uuid */
|
||||
const gchar *dcerpc_get_uuid_name(e_uuid_t *uuid, guint16 ver)
|
||||
{
|
||||
dcerpc_uuid_key key;
|
||||
dcerpc_uuid_value *sub_proto;
|
||||
|
||||
|
||||
/* try to get registered uuid "name" of if_id */
|
||||
key.uuid = *uuid;
|
||||
key.ver = ver;
|
||||
|
||||
if ((sub_proto = g_hash_table_lookup (dcerpc_uuids, &key)) != NULL
|
||||
&& proto_is_protocol_enabled(sub_proto->proto)) {
|
||||
|
||||
return sub_proto->name;
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
/* Function to find the name of a registered protocol
|
||||
* or NULL if the protocol/version is not known to wireshark.
|
||||
*/
|
||||
|
@ -1147,41 +1092,15 @@ dissect_dcerpc_uuid_t (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
|
|||
int hfindex, e_uuid_t *pdata)
|
||||
{
|
||||
e_uuid_t uuid;
|
||||
#if 0
|
||||
header_field_info* hfi;
|
||||
gchar *uuid_name;
|
||||
#endif
|
||||
|
||||
|
||||
dcerpc_tvb_get_uuid (tvb, offset, drep, &uuid);
|
||||
if (drep[0] & 0x10) {
|
||||
tvb_get_letohguid (tvb, offset, (e_guid_t *) &uuid);
|
||||
} else {
|
||||
tvb_get_ntohguid (tvb, offset, (e_guid_t *) &uuid);
|
||||
}
|
||||
if (tree) {
|
||||
#if 0
|
||||
/* get name of protocol field to prepend it later */
|
||||
hfi = proto_registrar_get_nth(hfindex);
|
||||
|
||||
/* XXX - get the name won't work correct, as we don't know the version of this uuid (if it has one) */
|
||||
/* look for a registered uuid name */
|
||||
uuid_name = dcerpc_get_uuid_name(&uuid, 0);
|
||||
|
||||
if (uuid_name) {
|
||||
/* we know the name of this uuid */
|
||||
proto_tree_add_string_format (tree, hfindex, tvb, offset, 16, "",
|
||||
"%s: %s (%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x)",
|
||||
hfi->name, uuid_name,
|
||||
uuid.Data1, uuid.Data2, uuid.Data3,
|
||||
uuid.Data4[0], uuid.Data4[1],
|
||||
uuid.Data4[2], uuid.Data4[3],
|
||||
uuid.Data4[4], uuid.Data4[5],
|
||||
uuid.Data4[6], uuid.Data4[7]);
|
||||
} else {
|
||||
#endif
|
||||
/* GUID have changed from FT_STRING to FT_GUID
|
||||
(XXX - have we changed all dissectors?).
|
||||
*/
|
||||
proto_tree_add_guid(tree, hfindex, tvb, offset, 16, (e_guid_t *) &uuid);
|
||||
#if 0
|
||||
}
|
||||
#endif
|
||||
proto_tree_add_guid(tree, hfindex, tvb, offset, 16, (e_guid_t *) &uuid);
|
||||
}
|
||||
if (pdata) {
|
||||
*pdata = uuid;
|
||||
|
@ -1224,7 +1143,6 @@ dcerpc_tvb_get_uuid (tvbuff_t *tvb, gint offset, guint8 *drep, e_uuid_t *uuid)
|
|||
}
|
||||
|
||||
|
||||
|
||||
/* NDR arrays */
|
||||
/* function to dissect a unidimensional conformant array */
|
||||
int
|
||||
|
@ -2210,9 +2128,6 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree,
|
|||
tvbuff_t *volatile stub_tvb;
|
||||
volatile guint auth_pad_len;
|
||||
volatile int auth_pad_offset;
|
||||
#ifdef _WIN32
|
||||
char uuid_name[MAX_PATH];
|
||||
#endif
|
||||
proto_item *sub_item=NULL;
|
||||
proto_item *pi;
|
||||
|
||||
|
@ -2230,20 +2145,8 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree,
|
|||
proto_tree_add_boolean_hidden(dcerpc_tree, hf_dcerpc_unknown_if_id,
|
||||
tvb, offset, 0, TRUE);
|
||||
if (check_col (pinfo->cinfo, COL_INFO)) {
|
||||
#ifdef _WIN32
|
||||
if(ResolveWin32UUID(info->call_data->uuid, uuid_name, MAX_PATH))
|
||||
col_append_fstr (pinfo->cinfo, COL_INFO, " [%s] UUID: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x rpcver: %u",
|
||||
uuid_name, info->call_data->uuid.Data1, info->call_data->uuid.Data2, info->call_data->uuid.Data3, info->call_data->uuid.Data4[0],
|
||||
info->call_data->uuid.Data4[1], info->call_data->uuid.Data4[2], info->call_data->uuid.Data4[3],
|
||||
info->call_data->uuid.Data4[4], info->call_data->uuid.Data4[5], info->call_data->uuid.Data4[6],
|
||||
info->call_data->uuid.Data4[7], info->call_data->ver);
|
||||
else
|
||||
#endif
|
||||
col_append_fstr (pinfo->cinfo, COL_INFO, " UNKUUID: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x rpcver: %u",
|
||||
info->call_data->uuid.Data1, info->call_data->uuid.Data2, info->call_data->uuid.Data3, info->call_data->uuid.Data4[0],
|
||||
info->call_data->uuid.Data4[1], info->call_data->uuid.Data4[2], info->call_data->uuid.Data4[3],
|
||||
info->call_data->uuid.Data4[4], info->call_data->uuid.Data4[5], info->call_data->uuid.Data4[6],
|
||||
info->call_data->uuid.Data4[7], info->call_data->ver);
|
||||
col_append_fstr (pinfo->cinfo, COL_INFO, " %s V%u",
|
||||
guids_resolve_uuid_to_str(&info->call_data->uuid), info->call_data->ver);
|
||||
}
|
||||
|
||||
if (decrypted_tvb != NULL) {
|
||||
|
@ -2611,13 +2514,9 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
|||
e_uuid_t trans_id;
|
||||
guint32 trans_ver;
|
||||
guint16 if_ver, if_ver_minor;
|
||||
char uuid_str[DCERPC_UUID_STR_LEN];
|
||||
int uuid_str_len;
|
||||
dcerpc_auth_info auth_info;
|
||||
char *uuid_name = NULL;
|
||||
#ifdef _WIN32
|
||||
char uuid_name2[MAX_PATH];
|
||||
#endif
|
||||
char *uuid_str;
|
||||
const char *uuid_name = NULL;
|
||||
proto_item *iface_item;
|
||||
|
||||
offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
|
||||
|
@ -2683,33 +2582,17 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
|||
iface_item = proto_tree_add_item(ctx_tree, hf_dcerpc_cn_bind_abstract_syntax, tvb, offset, 0, FALSE);
|
||||
iface_tree = proto_item_add_subtree(iface_item, ett_dcerpc_cn_iface);
|
||||
|
||||
uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
|
||||
"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
|
||||
if_id.Data1, if_id.Data2, if_id.Data3,
|
||||
if_id.Data4[0], if_id.Data4[1],
|
||||
if_id.Data4[2], if_id.Data4[3],
|
||||
if_id.Data4[4], if_id.Data4[5],
|
||||
if_id.Data4[6], if_id.Data4[7]);
|
||||
|
||||
if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
|
||||
memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
|
||||
|
||||
#ifdef _WIN32
|
||||
if(ResolveWin32UUID(if_id, uuid_name2, MAX_PATH)) {
|
||||
uuid_name = uuid_name2;
|
||||
}
|
||||
uuid_str = guid_to_str((e_guid_t*)&if_id);
|
||||
uuid_name = guids_get_uuid_name(&if_id);
|
||||
if(uuid_name) {
|
||||
proto_tree_add_guid_format (iface_tree, hf_dcerpc_cn_bind_if_id, tvb,
|
||||
offset, 16, (e_guid_t *) &if_id, "Interface: %s UUID: %s", uuid_name, uuid_str);
|
||||
proto_item_append_text(iface_item, "%s", uuid_name);
|
||||
} else {
|
||||
#endif
|
||||
proto_tree_add_guid_format (iface_tree, hf_dcerpc_cn_bind_if_id, tvb,
|
||||
offset, 16, (e_guid_t *) &if_id, "Interface UUID: %s", uuid_str);
|
||||
proto_item_append_text(iface_item, "%s", uuid_str);
|
||||
#ifdef _WIN32
|
||||
}
|
||||
#endif
|
||||
}
|
||||
offset += 16;
|
||||
|
||||
|
@ -2767,36 +2650,11 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
|||
}
|
||||
|
||||
if (check_col (pinfo->cinfo, COL_INFO)) {
|
||||
dcerpc_uuid_key key;
|
||||
dcerpc_uuid_value *value;
|
||||
|
||||
key.uuid = if_id;
|
||||
key.ver = if_ver;
|
||||
|
||||
if (num_ctx_items > 1)
|
||||
col_append_fstr(pinfo->cinfo, COL_INFO, ", %u context items, 1st", num_ctx_items);
|
||||
|
||||
if ((value = g_hash_table_lookup(dcerpc_uuids, &key)))
|
||||
col_append_fstr(pinfo->cinfo, COL_INFO, " UUID: %s", value->name);
|
||||
else
|
||||
#ifdef _WIN32
|
||||
if(ResolveWin32UUID(if_id, uuid_name2, MAX_PATH))
|
||||
col_append_fstr(pinfo->cinfo, COL_INFO, " [%s] UUID: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x ver %u.%u",
|
||||
uuid_name2, if_id.Data1, if_id.Data2, if_id.Data3,
|
||||
if_id.Data4[0], if_id.Data4[1],
|
||||
if_id.Data4[2], if_id.Data4[3],
|
||||
if_id.Data4[4], if_id.Data4[5],
|
||||
if_id.Data4[6], if_id.Data4[7],
|
||||
if_ver, if_ver_minor);
|
||||
else
|
||||
#endif
|
||||
col_append_fstr(pinfo->cinfo, COL_INFO, " UUID: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x ver %u.%u",
|
||||
if_id.Data1, if_id.Data2, if_id.Data3,
|
||||
if_id.Data4[0], if_id.Data4[1],
|
||||
if_id.Data4[2], if_id.Data4[3],
|
||||
if_id.Data4[4], if_id.Data4[5],
|
||||
if_id.Data4[6], if_id.Data4[7],
|
||||
if_ver, if_ver_minor);
|
||||
col_append_fstr(pinfo->cinfo, COL_INFO, " %s V%u.%u",
|
||||
guids_resolve_uuid_to_str(&if_id), if_ver, if_ver_minor);
|
||||
}
|
||||
saw_ctx_item = TRUE;
|
||||
}
|
||||
|
@ -2811,15 +2669,7 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
|||
trans_item = proto_tree_add_item(ctx_tree, hf_dcerpc_cn_bind_trans_syntax, tvb, offset, 0, FALSE);
|
||||
trans_tree = proto_item_add_subtree(trans_item, ett_dcerpc_cn_trans_syntax);
|
||||
|
||||
uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
|
||||
"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
|
||||
trans_id.Data1, trans_id.Data2, trans_id.Data3,
|
||||
trans_id.Data4[0], trans_id.Data4[1],
|
||||
trans_id.Data4[2], trans_id.Data4[3],
|
||||
trans_id.Data4[4], trans_id.Data4[5],
|
||||
trans_id.Data4[6], trans_id.Data4[7]);
|
||||
if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
|
||||
memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
|
||||
uuid_str = guid_to_str((e_guid_t *) &trans_id);
|
||||
proto_tree_add_guid_format (trans_tree, hf_dcerpc_cn_bind_trans_id, tvb,
|
||||
offset, 16, (e_guid_t *) &trans_id, "Transfer Syntax: %s", uuid_str);
|
||||
proto_item_append_text(trans_item, "[%u]: %s", j+1, uuid_str);
|
||||
|
@ -2859,8 +2709,6 @@ dissect_dcerpc_cn_bind_ack (tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
|||
guint16 reason;
|
||||
e_uuid_t trans_id;
|
||||
guint32 trans_ver;
|
||||
char uuid_str[DCERPC_UUID_STR_LEN];
|
||||
int uuid_str_len;
|
||||
dcerpc_auth_info auth_info;
|
||||
|
||||
offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
|
||||
|
@ -2917,17 +2765,9 @@ dissect_dcerpc_cn_bind_ack (tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
|||
|
||||
dcerpc_tvb_get_uuid (tvb, offset, hdr->drep, &trans_id);
|
||||
if (ctx_tree) {
|
||||
uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
|
||||
"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
|
||||
trans_id.Data1, trans_id.Data2, trans_id.Data3,
|
||||
trans_id.Data4[0], trans_id.Data4[1],
|
||||
trans_id.Data4[2], trans_id.Data4[3],
|
||||
trans_id.Data4[4], trans_id.Data4[5],
|
||||
trans_id.Data4[6], trans_id.Data4[7]);
|
||||
if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
|
||||
memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
|
||||
proto_tree_add_guid_format (ctx_tree, hf_dcerpc_cn_ack_trans_id, tvb,
|
||||
offset, 16, (e_guid_t *) &trans_id, "Transfer Syntax: %s", uuid_str);
|
||||
offset, 16, (e_guid_t *) &trans_id, "Transfer Syntax: %s",
|
||||
guid_to_str((e_guid_t *) &trans_id));
|
||||
}
|
||||
offset += 16;
|
||||
|
||||
|
@ -3334,8 +3174,6 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
|||
e_uuid_t obj_id = DCERPC_UUID_NULL;
|
||||
dcerpc_auth_info auth_info;
|
||||
guint32 alloc_hint;
|
||||
char uuid_str[DCERPC_UUID_STR_LEN];
|
||||
int uuid_str_len;
|
||||
proto_item *pi;
|
||||
proto_item *parent_pi;
|
||||
|
||||
|
@ -3373,21 +3211,9 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
|||
if (hdr->flags & PFC_OBJECT_UUID) {
|
||||
dcerpc_tvb_get_uuid (tvb, offset, hdr->drep, &obj_id);
|
||||
if (dcerpc_tree) {
|
||||
uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
|
||||
"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
|
||||
obj_id.Data1, obj_id.Data2, obj_id.Data3,
|
||||
obj_id.Data4[0],
|
||||
obj_id.Data4[1],
|
||||
obj_id.Data4[2],
|
||||
obj_id.Data4[3],
|
||||
obj_id.Data4[4],
|
||||
obj_id.Data4[5],
|
||||
obj_id.Data4[6],
|
||||
obj_id.Data4[7]);
|
||||
if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
|
||||
memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
|
||||
proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_obj_id, tvb,
|
||||
offset, 16, (e_guid_t *) &obj_id, "Object UUID: %s", uuid_str);
|
||||
offset, 16, (e_guid_t *) &obj_id, "Object UUID: %s",
|
||||
guid_to_str((e_guid_t *) &obj_id));
|
||||
}
|
||||
offset += 16;
|
||||
}
|
||||
|
@ -3527,8 +3353,6 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
|||
guint32 alloc_hint;
|
||||
proto_item *pi;
|
||||
proto_item *parent_pi;
|
||||
char uuid_str[DCERPC_UUID_STR_LEN];
|
||||
int uuid_str_len;
|
||||
e_uuid_t obj_id_null = DCERPC_UUID_NULL;
|
||||
|
||||
offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
|
||||
|
@ -3625,21 +3449,9 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
|||
|
||||
/* (optional) "Object UUID" from request */
|
||||
if (value && dcerpc_tree && memcmp(&value->object_uuid, &obj_id_null, sizeof(obj_id_null)) != 0) {
|
||||
uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
|
||||
"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
|
||||
value->object_uuid.Data1, value->object_uuid.Data2, value->object_uuid.Data3,
|
||||
value->object_uuid.Data4[0],
|
||||
value->object_uuid.Data4[1],
|
||||
value->object_uuid.Data4[2],
|
||||
value->object_uuid.Data4[3],
|
||||
value->object_uuid.Data4[4],
|
||||
value->object_uuid.Data4[5],
|
||||
value->object_uuid.Data4[6],
|
||||
value->object_uuid.Data4[7]);
|
||||
if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
|
||||
memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
|
||||
pi = proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_obj_id, tvb,
|
||||
offset, 0, (e_guid_t *) &value->object_uuid, "Object UUID: %s", uuid_str);
|
||||
offset, 0, (e_guid_t *) &value->object_uuid, "Object UUID: %s",
|
||||
guid_to_str((e_guid_t *) &value->object_uuid));
|
||||
PROTO_ITEM_SET_GENERATED(pi);
|
||||
}
|
||||
|
||||
|
@ -4850,8 +4662,6 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|||
int offset = 0;
|
||||
conversation_t *conv;
|
||||
int auth_level;
|
||||
char uuid_str[DCERPC_UUID_STR_LEN];
|
||||
int uuid_str_len;
|
||||
|
||||
/*
|
||||
* Check if this looks like a CL DCERPC call. All dg packets
|
||||
|
@ -5005,59 +4815,23 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|||
offset++;
|
||||
|
||||
if (tree) {
|
||||
uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
|
||||
"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
|
||||
hdr.obj_id.Data1, hdr.obj_id.Data2, hdr.obj_id.Data3,
|
||||
hdr.obj_id.Data4[0],
|
||||
hdr.obj_id.Data4[1],
|
||||
hdr.obj_id.Data4[2],
|
||||
hdr.obj_id.Data4[3],
|
||||
hdr.obj_id.Data4[4],
|
||||
hdr.obj_id.Data4[5],
|
||||
hdr.obj_id.Data4[6],
|
||||
hdr.obj_id.Data4[7]);
|
||||
if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
|
||||
memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
|
||||
proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_obj_id, tvb,
|
||||
offset, 16, (e_guid_t *) &hdr.obj_id, "Object UUID: %s", uuid_str);
|
||||
offset, 16, (e_guid_t *) &hdr.obj_id, "Object UUID: %s",
|
||||
guid_to_str((e_guid_t *) &hdr.obj_id));
|
||||
}
|
||||
offset += 16;
|
||||
|
||||
if (tree) {
|
||||
uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
|
||||
"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
|
||||
hdr.if_id.Data1, hdr.if_id.Data2, hdr.if_id.Data3,
|
||||
hdr.if_id.Data4[0],
|
||||
hdr.if_id.Data4[1],
|
||||
hdr.if_id.Data4[2],
|
||||
hdr.if_id.Data4[3],
|
||||
hdr.if_id.Data4[4],
|
||||
hdr.if_id.Data4[5],
|
||||
hdr.if_id.Data4[6],
|
||||
hdr.if_id.Data4[7]);
|
||||
if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
|
||||
memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
|
||||
proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_dg_if_id, tvb,
|
||||
offset, 16, (e_guid_t *) &hdr.if_id, "Interface: %s", uuid_str);
|
||||
offset, 16, (e_guid_t *) &hdr.if_id, "Interface: %s",
|
||||
guid_to_str((e_guid_t *) &hdr.if_id));
|
||||
}
|
||||
offset += 16;
|
||||
|
||||
if (tree) {
|
||||
uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
|
||||
"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
|
||||
hdr.act_id.Data1, hdr.act_id.Data2, hdr.act_id.Data3,
|
||||
hdr.act_id.Data4[0],
|
||||
hdr.act_id.Data4[1],
|
||||
hdr.act_id.Data4[2],
|
||||
hdr.act_id.Data4[3],
|
||||
hdr.act_id.Data4[4],
|
||||
hdr.act_id.Data4[5],
|
||||
hdr.act_id.Data4[6],
|
||||
hdr.act_id.Data4[7]);
|
||||
if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
|
||||
memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
|
||||
proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_dg_act_id, tvb,
|
||||
offset, 16, (e_guid_t *) &hdr.act_id, "Activity: %s", uuid_str);
|
||||
offset, 16, (e_guid_t *) &hdr.act_id, "Activity: %s",
|
||||
guid_to_str((e_guid_t *) &hdr.act_id));
|
||||
}
|
||||
offset += 16;
|
||||
|
||||
|
@ -5569,6 +5343,9 @@ proto_register_dcerpc (void)
|
|||
dcerpc_tap=register_tap("dcerpc");
|
||||
|
||||
g_hook_list_init(&dcerpc_hooks_init_protos, sizeof(GHook));
|
||||
|
||||
/* XXX - might better be located in a more general place than this */
|
||||
guids_init();
|
||||
}
|
||||
|
||||
void
|
||||
|
|
|
@ -255,9 +255,6 @@ dcerpc_sub_dissector *dcerpc_get_proto_sub_dissector(e_uuid_t *uuid, guint16 ver
|
|||
|
||||
value_string *value_string_from_subdissectors(dcerpc_sub_dissector *sd);
|
||||
|
||||
/* try to get protocol name registered for this uuid */
|
||||
const gchar *dcerpc_get_uuid_name(e_uuid_t *uuid, guint16 ver);
|
||||
|
||||
/* Private data passed to subdissectors from the main DCERPC dissector. */
|
||||
typedef struct _dcerpc_call_value {
|
||||
e_uuid_t uuid; /* interface UUID */
|
||||
|
|
|
@ -419,11 +419,11 @@ cba_pdev_find(packet_info *pinfo, const char *ip, e_uuid_t *ipid)
|
|||
pdev = interf->parent->private_data;
|
||||
if(pdev == NULL) {
|
||||
expert_add_info_format(pinfo, NULL, PI_UNDECODED, PI_NOTE, "pdev_find: no pdev for IP:%s IPID:%s",
|
||||
ip_to_str(ip), dcom_uuid_to_str(ipid));
|
||||
ip_to_str(ip), guids_resolve_uuid_to_str(ipid));
|
||||
}
|
||||
} else {
|
||||
expert_add_info_format(pinfo, NULL, PI_UNDECODED, PI_NOTE, "pdev_find: unknown interface of IP:%s IPID:%s",
|
||||
ip_to_str(ip), dcom_uuid_to_str(ipid));
|
||||
ip_to_str(ip), guids_resolve_uuid_to_str(ipid));
|
||||
pdev = NULL;
|
||||
}
|
||||
|
||||
|
@ -547,11 +547,11 @@ cba_ldev_find(packet_info *pinfo, const gchar *ip, e_uuid_t *ipid) {
|
|||
}
|
||||
if(ldev == NULL) {
|
||||
expert_add_info_format(pinfo, NULL, PI_UNDECODED, PI_NOTE, "ldev_find: no ldev for IP:%s IPID:%s",
|
||||
ip_to_str(ip), dcom_uuid_to_str(&info->call_data->object_uuid));
|
||||
ip_to_str(ip), guids_resolve_uuid_to_str(&info->call_data->object_uuid));
|
||||
}
|
||||
} else {
|
||||
expert_add_info_format(pinfo, NULL, PI_UNDECODED, PI_NOTE, "ldev_find: unknown interface of IP:%s IPID:%s",
|
||||
ip_to_str(ip), dcom_uuid_to_str(&info->call_data->object_uuid));
|
||||
ip_to_str(ip), guids_resolve_uuid_to_str(&info->call_data->object_uuid));
|
||||
ldev = NULL;
|
||||
}
|
||||
|
||||
|
|
|
@ -1526,7 +1526,7 @@ void
|
|||
proto_reg_handoff_dcom_cba (void)
|
||||
{
|
||||
/* Register the CBA class ID */
|
||||
guids_add_guid(dcom_uuids, (e_guid_t *) &uuid_coclass_CBAPhysicalDevice, "CBA", NULL);
|
||||
guids_add_uuid(&uuid_coclass_CBAPhysicalDevice, "CBA");
|
||||
|
||||
/* Register the interfaces */
|
||||
dcerpc_init_uuid(proto_ICBAPhysicalDevice, ett_ICBAPhysicalDevice,
|
||||
|
|
|
@ -36,6 +36,7 @@
|
|||
#include <epan/emem.h>
|
||||
#include "packet-dcerpc.h"
|
||||
#include "packet-dcom.h"
|
||||
#include "guid-utils.h"
|
||||
|
||||
|
||||
static int hf_remunk_opnum = -1;
|
||||
|
@ -62,6 +63,8 @@ static e_uuid_t uuid_remunk = { 0x00000131, 0x0000, 0x0000, { 0xc0, 0x00, 0x00,
|
|||
static guint16 ver_remunk = 0;
|
||||
static int proto_remunk = -1;
|
||||
|
||||
static e_uuid_t ipid_remunk = { 0x00000131, 0x1234, 0x5678, { 0xCA, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46 } };
|
||||
|
||||
/* There is a little bit confusion about the IRemUnknown2 interface UUIDs */
|
||||
/* DCOM documentation tells us: 0x00000142 (7 methods) */
|
||||
/* win2000 registry tells us: 0x00000142 IRemoteQI (4 methods) */
|
||||
|
@ -273,7 +276,7 @@ dissect_remunk_remrelease_rqst(tvbuff_t *tvb, int offset,
|
|||
/* update subtree */
|
||||
proto_item_append_text(sub_item, "[%u]: IPID=%s, PublicRefs=%u, PrivateRefs=%u",
|
||||
u32ItemIdx,
|
||||
dcom_uuid_to_str(&ipid),
|
||||
guids_resolve_uuid_to_str(&ipid),
|
||||
u32PublicRefs, u32PrivateRefs);
|
||||
proto_item_set_len(sub_item, offset - u32SubStart);
|
||||
|
||||
|
@ -368,6 +371,10 @@ proto_register_remunk (void)
|
|||
void
|
||||
proto_reg_handoff_remunk (void)
|
||||
{
|
||||
|
||||
/* Register the IPID */
|
||||
guids_add_uuid(&ipid_remunk, "IPID-IRemUnknown");
|
||||
|
||||
/* Register the interfaces */
|
||||
dcerpc_init_uuid(proto_remunk, ett_remunk,
|
||||
&uuid_remunk, ver_remunk,
|
||||
|
|
|
@ -215,9 +215,11 @@ static int hf_dcom_vt_bstr = -1;
|
|||
static int hf_dcom_vt_byref = -1;
|
||||
static int hf_dcom_vt_dispatch = -1;
|
||||
|
||||
/* this/that extension UUIDs */
|
||||
static e_uuid_t uuid_debug_ext = { 0xf1f19680, 0x4d2a, 0x11ce, { 0xa6, 0x6a, 0x00, 0x20, 0xaf, 0x6e, 0x72, 0xf4} };
|
||||
static e_uuid_t uuid_ext_error_ext ={ 0xf1f19681, 0x4d2a, 0x11ce, { 0xa6, 0x6a, 0x00, 0x20, 0xaf, 0x6e, 0x72, 0xf4} };
|
||||
|
||||
/* general DCOM UUIDs */
|
||||
static e_uuid_t ipid_rem_unknown = { 0x00000131, 0x1234, 0x5678, { 0xCA, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
|
||||
static e_uuid_t iid_unknown = { 0x00000000, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
|
||||
static e_uuid_t uuid_null = { 0x00000000, 0x0000, 0x0000, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} };
|
||||
|
@ -232,8 +234,6 @@ static const value_string dcom_thisthat_flag_vals[] = {
|
|||
};
|
||||
|
||||
|
||||
GHashTable *dcom_uuids=NULL;
|
||||
|
||||
|
||||
void dcom_interface_dump(void) {
|
||||
dcom_machine_t *machine;
|
||||
|
@ -255,8 +255,8 @@ void dcom_interface_dump(void) {
|
|||
for(interfaces = object->interfaces; interfaces != NULL; interfaces = g_list_next(interfaces)) {
|
||||
interf = interfaces->data;
|
||||
g_warning(" Interface(#%4u): iid:%s",
|
||||
interf->first_packet, dcom_uuid_to_str(&interf->iid));
|
||||
g_warning(" ipid:%s", dcom_uuid_to_str(&interf->ipid));
|
||||
interf->first_packet, guids_resolve_uuid_to_str(&interf->iid));
|
||||
g_warning(" ipid:%s", guids_resolve_uuid_to_str(&interf->ipid));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -727,7 +727,7 @@ dissect_dcom_extent(tvbuff_t *tvb, int offset,
|
|||
hf_dcom_extent_id, &uuidExtend);
|
||||
|
||||
/* look for a registered uuid name */
|
||||
if((uuid_name = guids_get_guid_name(dcom_uuids, (e_guid_t *) &uuidExtend)) != NULL) {
|
||||
if((uuid_name = guids_get_uuid_name(&uuidExtend)) != NULL) {
|
||||
proto_tree_add_guid_format_value(sub_tree, hf_dcom_extent_id, tvb,
|
||||
offset, sizeof(e_uuid_t), (e_guid_t *) &uuidExtend, "%s (%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x)",
|
||||
uuid_name,
|
||||
|
@ -807,11 +807,13 @@ dissect_dcom_this(tvbuff_t *tvb, int offset,
|
|||
|
||||
/* update subtree header */
|
||||
proto_item_append_text(sub_item, ", V%u.%u, Causality ID: %s",
|
||||
u16VersionMajor, u16VersionMinor, dcom_uuid_to_str(&uuidCausality));
|
||||
u16VersionMajor, u16VersionMinor, guids_resolve_uuid_to_str(&uuidCausality));
|
||||
proto_item_set_len(sub_item, offset - u32SubStart);
|
||||
|
||||
if(memcmp(&info->call_data->object_uuid, &uuid_null, sizeof(uuid_null)) != 0) {
|
||||
pi = proto_tree_add_guid(tree, hf_dcom_ipid, tvb, offset, GUID_LEN, (e_guid_t *) &info->call_data->object_uuid);
|
||||
pi = proto_tree_add_guid_format(tree, hf_dcom_ipid, tvb, offset, 0,
|
||||
(e_guid_t *) &info->call_data->object_uuid,
|
||||
"Object UUID/IPID: %s", guids_resolve_uuid_to_str(&info->call_data->object_uuid));
|
||||
PROTO_ITEM_SET_GENERATED(pi);
|
||||
}
|
||||
|
||||
|
@ -846,7 +848,9 @@ dissect_dcom_that(tvbuff_t *tvb, int offset,
|
|||
proto_item_set_len(sub_item, offset - u32SubStart);
|
||||
|
||||
if(memcmp(&info->call_data->object_uuid, &uuid_null, sizeof(uuid_null)) != 0) {
|
||||
pi = proto_tree_add_guid(tree, hf_dcom_ipid, tvb, offset, GUID_LEN, (e_guid_t *) &info->call_data->object_uuid);
|
||||
pi = proto_tree_add_guid_format(tree, hf_dcom_ipid, tvb, offset, 0,
|
||||
(e_guid_t *) &info->call_data->object_uuid,
|
||||
"Object UUID/IPID: %s", guids_resolve_uuid_to_str(&info->call_data->object_uuid));
|
||||
PROTO_ITEM_SET_GENERATED(pi);
|
||||
}
|
||||
|
||||
|
@ -888,37 +892,6 @@ dissect_dcom_simple_resp(tvbuff_t *tvb, int offset,
|
|||
}
|
||||
|
||||
|
||||
/* Tries to match uuid against its name.
|
||||
Returns the associated string ptr on a match.
|
||||
Formats uuid number and returns the resulting string, on failure.
|
||||
(copied from val_to_str) */
|
||||
const gchar* dcom_uuid_to_str(e_uuid_t *uuid) {
|
||||
const gchar *ret;
|
||||
static gchar str[3][64];
|
||||
static gchar *cur;
|
||||
|
||||
|
||||
/* all DCOM interfaces are registered with version 0 */
|
||||
ret = dcerpc_get_uuid_name(uuid, 0);
|
||||
if (ret != NULL)
|
||||
return ret;
|
||||
if (cur == &str[0][0]) {
|
||||
cur = &str[1][0];
|
||||
} else if (cur == &str[1][0]) {
|
||||
cur = &str[2][0];
|
||||
} else {
|
||||
cur = &str[0][0];
|
||||
}
|
||||
g_snprintf(cur, 64, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
|
||||
uuid->Data1, uuid->Data2, uuid->Data3,
|
||||
uuid->Data4[0], uuid->Data4[1],
|
||||
uuid->Data4[2], uuid->Data4[3],
|
||||
uuid->Data4[4], uuid->Data4[5],
|
||||
uuid->Data4[6], uuid->Data4[7]);
|
||||
return cur;
|
||||
}
|
||||
|
||||
|
||||
/* dissect a dcerpc array size */
|
||||
int
|
||||
dissect_dcom_dcerpc_array_size(tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
||||
|
@ -1432,57 +1405,35 @@ dissect_dcom_UUID(tvbuff_t *tvb, int offset,
|
|||
int hfindex, e_uuid_t *pdata)
|
||||
{
|
||||
const gchar *uuid_name;
|
||||
proto_item *pi;
|
||||
header_field_info *hfi;
|
||||
e_uuid_t uuid;
|
||||
#ifdef _WIN32
|
||||
char uuid_name2[MAX_PATH];
|
||||
#endif
|
||||
|
||||
/* XXX - this is far from being performance optimized! */
|
||||
|
||||
/* get the UUID, but don't put it into the tree */
|
||||
offset = dissect_ndr_uuid_t(tvb, offset, pinfo, NULL, drep,
|
||||
hfindex, &uuid);
|
||||
|
||||
/* look for a registered uuid name */
|
||||
uuid_name = dcerpc_get_uuid_name(&uuid, 0);
|
||||
if(uuid_name == NULL) {
|
||||
uuid_name = guids_get_guid_name(dcom_uuids, (e_guid_t *) &uuid);
|
||||
}
|
||||
|
||||
#ifdef _WIN32
|
||||
if(uuid_name == NULL && ResolveWin32UUID(uuid, uuid_name2, MAX_PATH)) {
|
||||
uuid_name = uuid_name2;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* add to the tree */
|
||||
hfi = proto_registrar_get_nth(hfindex);
|
||||
pi = proto_tree_add_guid_format(tree, hfindex, tvb, offset-16, 16, (e_guid_t *) &uuid, "%s: ", hfi->name);
|
||||
|
||||
/* give an expert info, if UUID is not known and not of a "temporary" kind */
|
||||
if( uuid_name == NULL &&
|
||||
strcmp(hfi->name, "Causality ID") != 0 &&
|
||||
strcmp(hfi->name, "IPID") != 0)
|
||||
{
|
||||
expert_add_info_format(pinfo, pi, PI_UNDECODED, PI_NOTE, "unknown %s: %s",
|
||||
hfi->name, guid_to_str( (e_guid_t *) &uuid));
|
||||
}
|
||||
|
||||
uuid_name = guids_get_uuid_name(&uuid);
|
||||
if(uuid_name) {
|
||||
proto_item_append_text(pi, "%s (", uuid_name);
|
||||
}
|
||||
|
||||
proto_item_append_text(pi, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
|
||||
proto_tree_add_guid_format(tree, hfindex, tvb, offset-16, 16, (e_guid_t *) &uuid,
|
||||
"%s: %s (%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x)",
|
||||
hfi->name, uuid_name,
|
||||
uuid.Data1, uuid.Data2, uuid.Data3,
|
||||
uuid.Data4[0], uuid.Data4[1],
|
||||
uuid.Data4[2], uuid.Data4[3],
|
||||
uuid.Data4[4], uuid.Data4[5],
|
||||
uuid.Data4[6], uuid.Data4[7]);
|
||||
} else {
|
||||
proto_tree_add_guid_format(tree, hfindex, tvb, offset-16, 16, (e_guid_t *) &uuid,
|
||||
"%s: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
|
||||
hfi->name,
|
||||
uuid.Data1, uuid.Data2, uuid.Data3,
|
||||
uuid.Data4[0], uuid.Data4[1],
|
||||
uuid.Data4[2], uuid.Data4[3],
|
||||
uuid.Data4[4], uuid.Data4[5],
|
||||
uuid.Data4[6], uuid.Data4[7]);
|
||||
|
||||
if(uuid_name) {
|
||||
proto_item_append_text(pi, ")", uuid_name);
|
||||
}
|
||||
|
||||
if(pdata != NULL) {
|
||||
|
@ -1501,9 +1452,6 @@ dissect_dcom_append_UUID(tvbuff_t *tvb, int offset,
|
|||
const gchar *uuid_name;
|
||||
proto_item *pi;
|
||||
header_field_info *hfi;
|
||||
#ifdef _WIN32
|
||||
char uuid_name2[MAX_PATH];
|
||||
#endif
|
||||
|
||||
|
||||
/* XXX - this is far from being performance optimized! */
|
||||
|
@ -1513,30 +1461,12 @@ dissect_dcom_append_UUID(tvbuff_t *tvb, int offset,
|
|||
hfindex, uuid);
|
||||
|
||||
/* look for a registered uuid name */
|
||||
uuid_name = dcerpc_get_uuid_name(uuid, 0);
|
||||
if(uuid_name == NULL) {
|
||||
uuid_name = guids_get_guid_name(dcom_uuids, (e_guid_t *) uuid);
|
||||
}
|
||||
|
||||
#ifdef _WIN32
|
||||
if(uuid_name == NULL && ResolveWin32UUID(uuid, uuid_name2, MAX_PATH)) {
|
||||
uuid_name = uuid_name2;
|
||||
}
|
||||
#endif
|
||||
uuid_name = guids_get_uuid_name(uuid);
|
||||
|
||||
/* add to the tree */
|
||||
hfi = proto_registrar_get_nth(hfindex);
|
||||
pi = proto_tree_add_guid_format(tree, hfindex, tvb, offset-16, 16, (e_guid_t *) uuid, "%s", hfi->name);
|
||||
|
||||
/* give an expert info, if UUID is not known and not of a "temporary" kind */
|
||||
if( uuid_name == NULL &&
|
||||
strcmp(hfi->name, "Causality ID") != 0 &&
|
||||
strcmp(hfi->name, "IPID") != 0)
|
||||
{
|
||||
expert_add_info_format(pinfo, pi, PI_UNDECODED, PI_NOTE, "unknown %s: %s",
|
||||
hfi->name, guid_to_str( (e_guid_t *) uuid));
|
||||
}
|
||||
|
||||
if (field_index != -1) {
|
||||
proto_item_append_text(pi, "[%u]: ", field_index);
|
||||
} else {
|
||||
|
@ -1916,7 +1846,7 @@ dissect_dcom_STDOBJREF(tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
|||
|
||||
/* append info to subtree header */
|
||||
proto_item_append_text(sub_item, ": PublicRefs=%u IPID=%s",
|
||||
u32PublicRefs, dcom_uuid_to_str(ipid));
|
||||
u32PublicRefs, guids_resolve_uuid_to_str(ipid));
|
||||
proto_item_set_len(sub_item, offset - u32SubStart);
|
||||
|
||||
return offset;
|
||||
|
@ -2062,17 +1992,6 @@ dissect_dcom_PMInterfacePointer(tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
|||
}
|
||||
|
||||
|
||||
|
||||
void dcom_register_server_coclass(int proto _U_, int ett _U_, e_uuid_t *uuid _U_, guint16 ver _U_,
|
||||
dcerpc_sub_dissector *sub_dissectors _U_, int opnum_hf _U_) {
|
||||
|
||||
/* XXX: this must be simply the name registration of the UUID,
|
||||
* not a whole sub_dissector registration */
|
||||
/* but this is currently not possible :-( */
|
||||
/* dcerpc_init_uuid (proto, ett, uuid, ver, sub_dissectors, opnum_hf);*/
|
||||
}
|
||||
|
||||
|
||||
static void dcom_reinit( void) {
|
||||
dcom_machines = NULL;
|
||||
dcom_interfaces = NULL;
|
||||
|
@ -2325,15 +2244,6 @@ proto_register_dcom (void)
|
|||
proto_register_field_array(proto_dcom, hf_dcom_sa_array, array_length(hf_dcom_sa_array));
|
||||
proto_register_subtree_array (ett_dcom, array_length (ett_dcom));
|
||||
|
||||
/* register some "well known" UUID's */
|
||||
dcom_uuids = guids_new();
|
||||
guids_add_guid(dcom_uuids, (e_guid_t *) &uuid_debug_ext, "Debug Information Body Extension", NULL);
|
||||
guids_add_guid(dcom_uuids, (e_guid_t *) &uuid_ext_error_ext, "Extended Error Info Body Extension", NULL);
|
||||
guids_add_guid(dcom_uuids, (e_guid_t *) &ipid_rem_unknown, "IRemUnknown", NULL);
|
||||
guids_add_guid(dcom_uuids, (e_guid_t *) &iid_unknown, "IUnknown", NULL);
|
||||
guids_add_guid(dcom_uuids, (e_guid_t *) &uuid_null, "NULL", NULL);
|
||||
guids_add_guid(dcom_uuids, (e_guid_t *) &iid_class_factory, "IClassFactory", NULL);
|
||||
|
||||
/* preferences */
|
||||
dcom_module = prefs_register_protocol(proto_dcom, proto_reg_handoff_dcom);
|
||||
|
||||
|
@ -2351,6 +2261,14 @@ void
|
|||
proto_reg_handoff_dcom (void)
|
||||
{
|
||||
|
||||
/* register some "well known" UUID's */
|
||||
guids_add_uuid(&uuid_debug_ext, "Debug Information Body Extension");
|
||||
guids_add_uuid(&uuid_ext_error_ext, "Extended Error Info Body Extension");
|
||||
guids_add_uuid(&ipid_rem_unknown, "IRemUnknown");
|
||||
guids_add_uuid(&iid_unknown, "IUnknown");
|
||||
guids_add_uuid(&uuid_null, "NULL");
|
||||
guids_add_uuid(&iid_class_factory, "IClassFactory");
|
||||
|
||||
/* Currently, we have nothing to register for DCOM */
|
||||
}
|
||||
|
||||
|
|
|
@ -106,9 +106,6 @@ dissect_dcom_append_UUID(tvbuff_t *tvb, int offset,
|
|||
packet_info *pinfo, proto_tree *tree, guint8 *drep,
|
||||
int hfindex, int field_index, e_uuid_t *uuid);
|
||||
|
||||
extern const gchar*
|
||||
dcom_uuid_to_str(e_uuid_t *uuid);
|
||||
|
||||
extern int
|
||||
dissect_dcom_indexed_WORD(tvbuff_t *tvb, int offset, packet_info *pinfo,
|
||||
proto_tree *tree, guint8 *drep,
|
||||
|
@ -200,8 +197,4 @@ extern int
|
|||
dissect_dcom_simple_resp(tvbuff_t *tvb, int offset,
|
||||
packet_info *pinfo, proto_tree *tree, guint8 *drep);
|
||||
|
||||
void dcom_register_server_coclass(int proto, int ett,
|
||||
e_uuid_t *uuid, guint16 ver,
|
||||
dcerpc_sub_dissector *sub_dissectors, int opnum_hf);
|
||||
|
||||
#endif /* packet-dcerpc-dcom.h */
|
||||
|
|
|
@ -8,8 +8,6 @@
|
|||
*
|
||||
* Copyright 1998 Gerald Combs
|
||||
*
|
||||
* MobileIPv6 support added by Tomislav Borosa <tomislav.borosa@siemens.hr>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
|
@ -32,8 +30,95 @@
|
|||
#include <string.h>
|
||||
|
||||
#include <glib.h>
|
||||
#include <epan/epan.h>
|
||||
#include <epan/strutil.h>
|
||||
#include "guid-utils.h"
|
||||
|
||||
#ifdef _WIN32
|
||||
#include <tchar.h>
|
||||
#include <windows.h>
|
||||
#endif
|
||||
|
||||
|
||||
/* GUID "registry" */
|
||||
typedef struct _guid_key {
|
||||
e_guid_t guid;
|
||||
} guid_key;
|
||||
|
||||
typedef struct _guid_value {
|
||||
const gchar *name;
|
||||
} guid_value;
|
||||
|
||||
|
||||
/* global guid to name collection */
|
||||
GHashTable *guids = NULL;
|
||||
|
||||
|
||||
#ifdef _WIN32
|
||||
/* try to resolve an DCE/RPC interface name to it's name using the Windows registry entries */
|
||||
/* XXX - might be better to fill all interfaces into our database at startup instead of searching each time */
|
||||
int ResolveWin32UUID(e_guid_t if_id, char *uuid_name, int uuid_name_max_len)
|
||||
{
|
||||
TCHAR reg_uuid_name[MAX_PATH];
|
||||
HKEY hKey = NULL;
|
||||
DWORD uuid_max_size = MAX_PATH;
|
||||
TCHAR reg_uuid_str[MAX_PATH];
|
||||
|
||||
if(uuid_name_max_len < 2)
|
||||
return 0;
|
||||
reg_uuid_name[0] = '\0';
|
||||
_snwprintf(reg_uuid_str, MAX_PATH, _T("SOFTWARE\\Classes\\Interface\\{%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}"),
|
||||
if_id.data1, if_id.data2, if_id.data3,
|
||||
if_id.data4[0], if_id.data4[1],
|
||||
if_id.data4[2], if_id.data4[3],
|
||||
if_id.data4[4], if_id.data4[5],
|
||||
if_id.data4[6], if_id.data4[7]);
|
||||
if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, reg_uuid_str, 0, KEY_QUERY_VALUE, &hKey) == ERROR_SUCCESS)
|
||||
{
|
||||
if (RegQueryValueEx(hKey, NULL, NULL, NULL, (LPBYTE)reg_uuid_name, &uuid_max_size) == ERROR_SUCCESS && uuid_max_size <= MAX_PATH)
|
||||
{
|
||||
g_snprintf(uuid_name, uuid_name_max_len, "%s", utf_16to8(reg_uuid_name));
|
||||
RegCloseKey(hKey);
|
||||
return strlen(uuid_name);
|
||||
}
|
||||
RegCloseKey(hKey);
|
||||
}
|
||||
return 0; /* we didn't find anything anyhow. Please don't use the string! */
|
||||
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
/* Tries to match a guid against its name.
|
||||
Returns the associated string ptr on a match.
|
||||
Formats uuid number and returns the resulting string, if name is unknown.
|
||||
(derived from val_to_str) */
|
||||
const gchar* guids_resolve_guid_to_str(e_guid_t *guid) {
|
||||
const gchar *ret;
|
||||
static gchar str[3][64];
|
||||
static gchar *cur;
|
||||
|
||||
|
||||
ret = guids_get_guid_name(guid);
|
||||
if (ret != NULL)
|
||||
return ret;
|
||||
if (cur == &str[0][0]) {
|
||||
cur = &str[1][0];
|
||||
} else if (cur == &str[1][0]) {
|
||||
cur = &str[2][0];
|
||||
} else {
|
||||
cur = &str[0][0];
|
||||
}
|
||||
g_snprintf(cur, 64, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
|
||||
guid->data1, guid->data2, guid->data3,
|
||||
guid->data4[0], guid->data4[1],
|
||||
guid->data4[2], guid->data4[3],
|
||||
guid->data4[4], guid->data4[5],
|
||||
guid->data4[6], guid->data4[7]);
|
||||
return cur;
|
||||
}
|
||||
|
||||
|
||||
static gint
|
||||
guid_equal (gconstpointer k1, gconstpointer k2)
|
||||
{
|
||||
|
@ -51,38 +136,52 @@ guid_hash (gconstpointer k)
|
|||
return key->guid.data1;
|
||||
}
|
||||
|
||||
|
||||
GHashTable *guids_new(void)
|
||||
void guids_init(void)
|
||||
{
|
||||
return g_hash_table_new (guid_hash, guid_equal);
|
||||
g_assert(guids == NULL);
|
||||
|
||||
guids = g_hash_table_new (guid_hash, guid_equal);
|
||||
}
|
||||
|
||||
void guids_add_guid(GHashTable *guids, e_guid_t *guid, gchar *name, void *private_data)
|
||||
void guids_add_guid(e_guid_t *guid, const gchar *name)
|
||||
{
|
||||
guid_key *key = g_malloc (sizeof (*key));
|
||||
guid_value *value = g_malloc (sizeof (*value));
|
||||
|
||||
key->guid = *guid;
|
||||
|
||||
/* XXX - do we need to copy the name? */
|
||||
value->name = name;
|
||||
|
||||
g_hash_table_insert (guids, key, value);
|
||||
}
|
||||
|
||||
|
||||
/* try to get registered name for this guid */
|
||||
const gchar *guids_get_guid_name(GHashTable *guids, e_guid_t *guid)
|
||||
/* try to get registered name for this GUID */
|
||||
const gchar *guids_get_guid_name(e_guid_t *guid)
|
||||
{
|
||||
guid_key key;
|
||||
guid_value *value;
|
||||
#ifdef _WIN32
|
||||
/* XXX - we need three time circulating buffer here */
|
||||
/* XXX - is there a maximum length of the name? */
|
||||
static char uuid_name[128];
|
||||
#endif
|
||||
|
||||
|
||||
/* try to get registered guid "name" of if_id */
|
||||
/* try to get registered guid "name" of guid */
|
||||
key.guid = *guid;
|
||||
|
||||
if ((value = g_hash_table_lookup (guids, &key)) != NULL) {
|
||||
return value->name;
|
||||
}
|
||||
|
||||
#ifdef _WIN32
|
||||
/* try to resolve the mapping from the Windows registry */
|
||||
/* XXX - prefill the resolving database with all the Windows registry entries once at init only (instead of searching each time)? */
|
||||
if(ResolveWin32UUID(*guid, uuid_name, 128)) {
|
||||
return uuid_name;
|
||||
}
|
||||
#endif
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
|
|
@ -8,8 +8,6 @@
|
|||
*
|
||||
* Copyright 1998 Gerald Combs
|
||||
*
|
||||
* MobileIPv6 support added by Tomislav Borosa <tomislav.borosa@siemens.hr>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
|
@ -40,22 +38,26 @@ typedef struct _e_guid_t {
|
|||
} e_guid_t;
|
||||
|
||||
|
||||
/* GUID "registry" */
|
||||
typedef struct _guid_key {
|
||||
e_guid_t guid;
|
||||
} guid_key;
|
||||
extern void guids_init(void);
|
||||
|
||||
typedef struct _guid_value {
|
||||
const gchar *name;
|
||||
} guid_value;
|
||||
/* add a GUID */
|
||||
extern void guids_add_guid(e_guid_t *guid, const gchar *name);
|
||||
|
||||
/* try to get registered name for this GUID */
|
||||
extern const gchar *guids_get_guid_name(e_guid_t *guid);
|
||||
|
||||
extern GHashTable *guids_new(void);
|
||||
/* resolve GUID to name (or if unknown to hex string) */
|
||||
/* (if you need hex string only, use guid_to_str instead) */
|
||||
extern const gchar* guids_resolve_guid_to_str(e_guid_t *guid);
|
||||
|
||||
/* add a GUID (don't forget to init the GHashTable) */
|
||||
extern void guids_add_guid(GHashTable *guids, e_guid_t *guid, gchar *name, void *private_data);
|
||||
/* add a UUID (dcerpc_init_uuid() will call this too) */
|
||||
#define guids_add_uuid(uuid, name) guids_add_guid((e_guid_t *) (uuid), (name))
|
||||
|
||||
/* try to get registered name for this guid */
|
||||
extern const gchar *guids_get_guid_name(GHashTable *guids, e_guid_t *guid);
|
||||
/* try to get registered name for this UUID */
|
||||
#define guids_get_uuid_name(uuid) guids_get_guid_name((e_guid_t *) (uuid))
|
||||
|
||||
/* resolve UUID to name (or if unknown to hex string) */
|
||||
/* (if you need hex string only, use guid_to_str instead) */
|
||||
#define guids_resolve_uuid_to_str(uuid) guids_resolve_guid_to_str((e_guid_t *) (uuid))
|
||||
|
||||
#endif /* __GUID_UTILS_H__ */
|
||||
|
|
Loading…
Reference in New Issue