DCOM - add support for RemoteGetClassObject parsing within ISystemActivator

Change-Id: I5b6eb8758818c9e5e581a6d8af7fe54ee1d9a1ea
Reviewed-on: https://code.wireshark.org/review/32012
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

epan/dissectors/packet-dcom-sysact.c

@@ -1147,12 +1147,41 @@ dissect_remsysact_remotecreateinstance_resp(tvbuff_t *tvb, int offset,
     return offset;
 }
 
+static int
+dissect_remsysact_remotegetclassobject_rqst(tvbuff_t *tvb, int offset,
+    packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
+{
+    sysact_register_routines();
+
+    offset = dissect_dcom_this(tvb, offset, pinfo, tree, di, drep);
+    offset = dissect_dcom_PMInterfacePointer(tvb, offset, pinfo, tree, di, drep,
+                        hf_sysact_actproperties, NULL);
+
+    return offset;
+}
+
+static int
+dissect_remsysact_remotegetclassobject_resp(tvbuff_t *tvb, int offset,
+    packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
+{
+    sysact_register_routines();
+
+    offset = dissect_dcom_that(tvb, offset, pinfo, tree, di, drep);
+
+    offset = dissect_dcom_PMInterfacePointer(tvb, offset, pinfo, tree, di, drep,
+                        hf_sysact_actproperties, NULL);
+
+    offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, di, drep,
+                     NULL /* pu32HResult */);
+
+    return offset;
+}
 
 static dcerpc_sub_dissector ISystemActivator_dissectors[] = {
     { 0, "QueryInterfaceIRemoteSCMActivator", NULL, NULL },
     { 1, "AddRefIRemoteISCMActivator", NULL, NULL },
     { 2, "ReleaseIRemoteISCMActivator", NULL, NULL },
-    { 3, "RemoteGetClassObject", NULL, NULL },
+    { 3, "RemoteGetClassObject", dissect_remsysact_remotegetclassobject_rqst, dissect_remsysact_remotegetclassobject_resp },
     { 4, "RemoteCreateInstance", dissect_remsysact_remotecreateinstance_rqst, dissect_remsysact_remotecreateinstance_resp },
     { 0, NULL, NULL, NULL },
 };