osmocom
/
wireshark
14
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

various minor DCOM dissection enhancements: 

- add a generic guid register to dissect UUID's (move this to a seperate file?)
- this enables us to set some known names for special UUID's
- use standard DCOM fields for IID and alike in remunk.c
- cleanup dcom_protseq_vals handling
- some FT_STRING to FT_GUID changes

svn path=/trunk/; revision=18904
This commit is contained in:
Ulf Lamping 2006-08-14 23:39:48 +00:00
parent f6802d35c8
commit b2751079ac
5 changed files with 115 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
epan/dissectors/packet-dcom-oxid.c
View File

@ -321,7 +321,7 @@ proto_register_oxid (void)
{ &hf_oxid_requested_protseqs,
{ "RequestedProtSeq", "oxid_requested_protseqs", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
{ &hf_oxid_protseqs,
{ "ProtSeq", "oxid_protseqs", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
{ "ProtSeq", "oxid_protseqs", FT_UINT16, BASE_DEC, VALS(dcom_protseq_vals), 0x0, "", HFILL }},
{ &hf_oxid_bindings,
{ "OxidBindings", "oxid_bindings", FT_NONE, BASE_DEC, NULL, 0x0, "", HFILL }},

13
epan/dissectors/packet-dcom-remact.c
View File

@ -51,19 +51,6 @@ static int hf_remact_interface_data = -1;
static int hf_remact_oxid_bindings = -1;
static int hf_remact_authn_hint = -1;
static const value_string dcom_protseq_vals[] = {
{ 0x04, "NCACN_DNET_NSP" },
{ 0x07, "NCACN_IP_TCP" },
{ 0x08, "NCADG_IP_UDP" },
{ 0x09, "NCACN_IP" },
{ 0x0C, "NCACN_SPX" },
{ 0x0D, "NCACN_NB_IPX" },
{ 0x0E, "NCADG_IPX" },
{ 0x12, "NCACN_NB_NB" },
{ 0x1F, "NCACN_HTTP" },
{ 0, NULL }
};
static int proto_remact = -1;
static gint ett_remact = -1;

19
epan/dissectors/packet-dcom-remunkn.c
View File

@ -40,14 +40,11 @@
static int hf_remunk_opnum = -1;
static int hf_remunk_ipid = -1;
static int hf_remunk_refs = -1;
static int hf_remunk_iids = -1;
static int hf_remunk_iid = -1;
static int hf_remunk_flags = -1;
static int hf_remunk_oxid = -1;
static int hf_remunk_oid = -1;
static int hf_remunk_qiresult = -1;
static gint ett_remunk_reminterfaceref = -1;
@ -100,7 +97,7 @@ dissect_remunk_remqueryinterface_rqst(tvbuff_t *tvb, int offset,
offset = dissect_dcom_this(tvb, offset, pinfo, tree, drep);
offset = dissect_dcom_UUID(tvb, offset, pinfo, tree, drep,
hf_remunk_ipid, &ipid);
hf_dcom_ipid, &ipid);
offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, drep,
hf_remunk_refs, &u32Refs);
@ -123,7 +120,7 @@ dissect_remunk_remqueryinterface_rqst(tvbuff_t *tvb, int offset,
for (u32ItemIdx = 0; u32ArraySize--; u32ItemIdx++) {
offset = dissect_dcom_append_UUID(tvb, offset, pinfo, tree, drep,
hf_remunk_iid, "IID", u32ItemIdx+1, &iid);
hf_dcom_iid, "IID", u32ItemIdx+1, &iid);
if(call != NULL) {
call->iids[u32ItemIdx] = iid;
}
@ -265,7 +262,7 @@ dissect_remunk_remrelease_rqst(tvbuff_t *tvb, int offset,
u32SubStart = offset;
offset = dissect_dcom_UUID(tvb, offset, pinfo, sub_tree, drep,
hf_remunk_ipid, &ipid);
hf_dcom_ipid, &ipid);
offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, drep,
hf_remunk_public_refs, &u32PublicRefs);
@ -335,24 +332,16 @@ proto_register_remunk (void)
{ &hf_remunk_opnum,
{ "Operation", "remunk_opnum", FT_UINT16, BASE_DEC, NULL, 0x0, "Operation", HFILL }},
{ &hf_remunk_ipid,
{ "IPID", "remunk_ipid", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }},
{ &hf_remunk_refs,
{ "Refs", "remunk_refs", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }},
{ &hf_remunk_iids,
{ "IIDs", "remunk_iids", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
{ &hf_remunk_iid,
{ "IID", "remunk_iid", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }},
{ &hf_remunk_qiresult,
{ "QIResult", "remunk_qiresult", FT_NONE, BASE_DEC, NULL, 0x0, "", HFILL }},
{ &hf_remunk_flags,
{ "Flags", "remunk_flags", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }},
{ &hf_remunk_public_refs,
{ "PublicRefs", "remunk_public_refs", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }},
{ &hf_remunk_oxid,
{ "OXID", "remunk_oxid", FT_UINT64, BASE_HEX, NULL, 0x0, "", HFILL }},
{ &hf_remunk_oid,
{ "OID", "remunk_oid", FT_UINT64, BASE_HEX, NULL, 0x0, "", HFILL }},
{ &hf_remunk_reminterfaceref,
{ "RemInterfaceRef", "remunk_reminterfaceref", FT_NONE, BASE_NONE, NULL, 0x0, "", HFILL }},
{ &hf_remunk_interface_refs,

121
epan/dissectors/packet-dcom.c
View File

@ -215,10 +215,80 @@ static int hf_dcom_vt_bstr = -1;
static int hf_dcom_vt_byref = -1;
static int hf_dcom_vt_dispatch = -1;
static e_uuid_t uuid_debug_ext = { 0xf1f19680, 0x4d2a, 0x11ce, { 0xa6, 0x6a, 0x00, 0x20, 0xaf, 0x6e, 0x72, 0xf4} };
static e_uuid_t uuid_ext_error_ext = { 0xf1f19681, 0x4d2a, 0x11ce, { 0xa6, 0x6a, 0x00, 0x20, 0xaf, 0x6e, 0x72, 0xf4} };
GList *dcom_machines;
GList *dcom_interfaces;
static const value_string dcom_thisthat_flag_vals[] = {
{ 0, "INFO_NULL" },
{ 0, NULL }
};
typedef struct _guid_key {
e_guid_t guid;
} guid_key;
typedef struct _guid_value {
const gchar *name;
void *private_data;
} guid_value;
GHashTable *guids=NULL;
static gint
guid_equal (gconstpointer k1, gconstpointer k2)
{
const guid_key *key1 = (const guid_key *)k1;
const guid_key *key2 = (const guid_key *)k2;
return ((memcmp (&key1->guid, &key2->guid, sizeof (e_guid_t)) == 0));
}
static guint
guid_hash (gconstpointer k)
{
const guid_key *key = (const guid_key *)k;
/* This isn't perfect, but the Data1 part of these is almost always
unique. */
return key->guid.data1;
}
void guid_add_name(e_guid_t *guid, gchar *name, void *private_data)
{
guid_key *key = g_malloc (sizeof (*key));
guid_value *value = g_malloc (sizeof (*value));
key->guid = *guid;
value->name = name;
value->private_data = private_data;
g_hash_table_insert (guids, key, value);
}
/* try to get registered name for this guid */
const gchar *guid_get_name(e_guid_t *guid)
{
guid_key key;
guid_value *value;
/* try to get registered guid "name" of if_id */
key.guid = *guid;
if ((value = g_hash_table_lookup (guids, &key)) != NULL) {
return value->name;
}
return NULL;
}
void dcom_interface_dump(void) {
dcom_machine_t *machine;
dcom_object_t *object;
@ -630,7 +700,7 @@ static const value_string dcom_dualstringarray_authn[] = {
{ 0, NULL}
};
static const value_string dcom_dualstringarray_tower_id_vals[] = {
const value_string dcom_protseq_vals[] = {
{ 0x04, "NCACN_DNET_NSP" },
{ 0x07, "NCACN_IP_TCP" },
{ 0x08, "NCADG_IP_UDP" },
@ -670,6 +740,7 @@ dissect_dcom_extent(tvbuff_t *tvb, int offset,
guint32 u32ExtentSize;
e_uuid_t uuidExtend;
const char *uuid_name;
offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, drep, &u32Pointer);
@ -705,16 +776,39 @@ dissect_dcom_extent(tvbuff_t *tvb, int offset,
if(u32Pointer != 0) {
u32VariableOffset = dissect_dcom_DWORD(tvb, u32VariableOffset, pinfo, sub_tree, drep,
hf_dcom_extent_size, &u32ExtentSize);
u32VariableOffset = dissect_dcom_UUID(tvb, u32VariableOffset, pinfo, sub_tree, drep,
dissect_dcom_UUID(tvb, u32VariableOffset, pinfo, NULL, drep,
hf_dcom_extent_id, &uuidExtend);
/* look for a registered uuid name */
if((uuid_name = guid_get_name( (e_guid_t *) &uuidExtend)) != NULL) {
proto_tree_add_guid_format_value(sub_tree, hf_dcom_extent_id, tvb,
offset, sizeof(e_uuid_t), (e_guid_t *) &uuidExtend, "%s (%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x)",
uuid_name,
uuidExtend.Data1, uuidExtend.Data2, uuidExtend.Data3,
uuidExtend.Data4[0], uuidExtend.Data4[1],
uuidExtend.Data4[2], uuidExtend.Data4[3],
uuidExtend.Data4[4], uuidExtend.Data4[5],
uuidExtend.Data4[6], uuidExtend.Data4[7]);
u32VariableOffset += 16;
} else {
u32VariableOffset = dissect_dcom_UUID(tvb, u32VariableOffset, pinfo, sub_tree, drep,
hf_dcom_extent_id, &uuidExtend);
}
u32VariableOffset = dissect_dcom_dcerpc_array_size(tvb, u32VariableOffset, pinfo, sub_tree, drep,
&u32ArraySize2);
u32VariableOffset = dissect_dcom_tobedone_data(tvb, u32VariableOffset, pinfo, sub_tree, drep, u32ArraySize2);
/* update subtree header */
proto_item_append_text(sub_item, "[%u]: Bytes=%u",
u32Idx, u32ArraySize2);
if(uuid_name != NULL) {
proto_item_append_text(sub_item, "[%u]: %s, Bytes=%u",
u32Idx, uuid_name, u32ArraySize2);
} else {
proto_item_append_text(sub_item, "[%u]: Bytes=%u",
u32Idx, u32ArraySize2);
}
proto_item_set_len(sub_item, offset - u32SubStart);
} else {
/* update subtree header */
@ -1685,7 +1779,7 @@ dissect_dcom_DUALSTRINGARRAY(tvbuff_t *tvb, gint offset, packet_info *pinfo,
proto_item_append_text(subsub_item, "[%u]: TowerId=%s, NetworkAddr=\"%s\"",
u32StringBindings,
val_to_str(u16TowerId, dcom_dualstringarray_tower_id_vals, "Unknown (0x%04x"),
val_to_str(u16TowerId, dcom_protseq_vals, "Unknown (0x%04x"),
szStr);
proto_item_set_len(subsub_item, offset - u32SubSubStart);
}
@ -1932,7 +2026,7 @@ proto_register_dcom (void)
{ &hf_dcom_this_version_minor,
{ "VersionMinor", "dcom.this.version_minor", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }},
{ &hf_dcom_this_flags,
{ "Flags", "dcom.this.flags", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }},
{ "Flags", "dcom.this.flags", FT_UINT32, BASE_HEX, VALS(dcom_thisthat_flag_vals), 0x0, "", HFILL }},
{ &hf_dcom_this_res,
{ "Reserved", "dcom.this.res", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }},
{ &hf_dcom_this_cid,
@ -1941,7 +2035,7 @@ proto_register_dcom (void)
static hf_register_info hf_dcom_that_array[] = {
{ &hf_dcom_that_flags,
{ "Flags", "dcom.that.flags", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }}
{ "Flags", "dcom.that.flags", FT_UINT32, BASE_HEX, VALS(dcom_thisthat_flag_vals), 0x0, "", HFILL }}
};
static hf_register_info hf_dcom_extent_array[] = {
@ -1954,7 +2048,7 @@ proto_register_dcom (void)
{ &hf_dcom_extent_size,
{ "Extension Size", "dcom.extent.size", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }},
{ &hf_dcom_extent_id,
{ "Extension Id", "dcom.extent.id", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }}
{ "Extension Id", "dcom.extent.id", FT_GUID, BASE_NONE, NULL, 0x0, "", HFILL }}
};
static hf_register_info hf_dcom_array[] = {
@ -2009,9 +2103,9 @@ proto_register_dcom (void)
{ &hf_dcom_objref_flags,
{ "Flags", "dcom.objref.flags", FT_UINT32, BASE_HEX, VALS(dcom_objref_flag_vals), 0x0, "", HFILL }},
{ &hf_dcom_iid,
{ "IID", "dcom.iid", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }},
{ "IID", "dcom.iid", FT_GUID, BASE_NONE, NULL, 0x0, "", HFILL }},
{ &hf_dcom_clsid,
{ "CLSID", "dcom.clsid", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }},
{ "CLSID", "dcom.clsid", FT_GUID, BASE_NONE, NULL, 0x0, "", HFILL }},
{ &hf_dcom_objref_resolver_address,
{ "ResolverAddress", "dcom.objref.resolver_address", FT_NONE, BASE_NONE, NULL, 0x0, "", HFILL }},
{ &hf_dcom_objref_cbextension,
@ -2043,7 +2137,7 @@ proto_register_dcom (void)
{ &hf_dcom_dualstringarray_string,
{ "StringBinding", "dcom.dualstringarray.string", FT_NONE, BASE_NONE, NULL, 0x0, "", HFILL }},
{ &hf_dcom_dualstringarray_string_tower_id,
{ "TowerId", "dcom.dualstringarray.tower_id", FT_UINT16, BASE_HEX, VALS(dcom_dualstringarray_tower_id_vals), 0x0, "", HFILL }},
{ "TowerId", "dcom.dualstringarray.tower_id", FT_UINT16, BASE_HEX, VALS(dcom_protseq_vals), 0x0, "", HFILL }},
{ &hf_dcom_dualstringarray_string_network_addr,
{ "NetworkAddr", "dcom.dualstringarray.network_addr", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }},
{ &hf_dcom_dualstringarray_security,
@ -2168,7 +2262,10 @@ proto_register_dcom (void)
proto_register_field_array(proto_dcom, hf_dcom_sa_array, array_length(hf_dcom_sa_array));
proto_register_subtree_array (ett_dcom, array_length (ett_dcom));
guids = g_hash_table_new (guid_hash, guid_equal);
guid_add_name( (e_guid_t *) &uuid_debug_ext, "Debug Information Body Extension", NULL);
guid_add_name( (e_guid_t *) &uuid_ext_error_ext, "Extended Error Info Body Extension", NULL);
/* preferences */
dcom_module = prefs_register_protocol(proto_dcom, proto_reg_handoff_dcom);

1
epan/dissectors/packet-dcom.h
View File

@ -28,6 +28,7 @@
extern const value_string dcom_hresult_vals[];
extern const value_string dcom_variant_type_vals[];
extern const value_string dcom_protseq_vals[];
extern int hf_dcom_iid;
extern int hf_dcom_clsid;