221 lines
8.1 KiB
C
221 lines
8.1 KiB
C
/* packet-dcom.h
|
|
* Routines for DCOM generics
|
|
*
|
|
* Wireshark - Network traffic analyzer
|
|
* By Gerald Combs <gerald@wireshark.org>
|
|
* Copyright 1998 Gerald Combs
|
|
*
|
|
* SPDX-License-Identifier: GPL-2.0-or-later
|
|
*/
|
|
|
|
#ifndef __PACKET_DCOM_H
|
|
#define __PACKET_DCOM_H
|
|
|
|
#include "ws_symbol_export.h"
|
|
|
|
WS_DLL_PUBLIC const value_string dcom_hresult_vals[];
|
|
WS_DLL_PUBLIC const value_string dcom_variant_type_vals[];
|
|
extern const value_string dcom_protseq_vals[];
|
|
|
|
extern int hf_dcom_iid;
|
|
extern int hf_dcom_clsid;
|
|
extern int hf_dcom_oxid;
|
|
extern int hf_dcom_oid;
|
|
extern int hf_dcom_ipid;
|
|
|
|
extern GHashTable *dcom_uuids;
|
|
|
|
/* preferences */
|
|
WS_DLL_PUBLIC gboolean dcom_prefs_display_unmarshalling_details;
|
|
|
|
|
|
typedef struct dcom_machine_s {
|
|
GList *objects;
|
|
gint first_packet;
|
|
|
|
address ip;
|
|
} dcom_machine_t;
|
|
|
|
typedef struct dcom_object_s {
|
|
dcom_machine_t *parent;
|
|
GList *interfaces;
|
|
void *private_data;
|
|
gint first_packet;
|
|
|
|
guint64 oid;
|
|
guint64 oxid;
|
|
} dcom_object_t;
|
|
|
|
typedef struct dcom_interface_s {
|
|
dcom_object_t *parent;
|
|
void *private_data;
|
|
gint first_packet;
|
|
|
|
e_guid_t iid;
|
|
e_guid_t ipid; /* the DCE/RPC Object UUID */
|
|
} dcom_interface_t;
|
|
|
|
typedef int (*dcom_dissect_fn_t) (tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
|
proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size);
|
|
|
|
typedef struct dcom_marshaler_s {
|
|
dcom_object_t *parent;
|
|
void *private_data;
|
|
|
|
e_guid_t uuid;
|
|
dcom_dissect_fn_t routine;
|
|
} dcom_marshaler_t;
|
|
|
|
WS_DLL_PUBLIC dcom_interface_t *dcom_interface_new(packet_info *pinfo, const address *addr, e_guid_t *iid, guint64 oxid, guint64 oid, e_guid_t *ipid);
|
|
WS_DLL_PUBLIC dcom_interface_t *dcom_interface_find(packet_info *pinfo, const address *addr, e_guid_t *ipid);
|
|
#ifdef DEBUG
|
|
extern void dcom_interface_dump(void);
|
|
#endif
|
|
extern int dcom_register_routine(dcom_dissect_fn_t routine, e_guid_t* uuid);
|
|
extern void dcom_register_common_routines_(void);
|
|
|
|
extern dcom_dissect_fn_t dcom_get_routine_by_uuid(const e_guid_t* uuid);
|
|
|
|
/* the essential DCOM this and that, starting every call */
|
|
WS_DLL_PUBLIC int
|
|
dissect_dcom_this(tvbuff_t *tvb, int offset,
|
|
packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep);
|
|
WS_DLL_PUBLIC int
|
|
dissect_dcom_that(tvbuff_t *tvb, int offset,
|
|
packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep);
|
|
|
|
|
|
/* dissection of somewhat more simple data types */
|
|
#define dissect_dcom_BOOLEAN dissect_ndr_uint8
|
|
#define dissect_dcom_BYTE dissect_ndr_uint8
|
|
#define dissect_dcom_WORD dissect_ndr_uint16
|
|
#define dissect_dcom_DWORD dissect_ndr_uint32
|
|
#define dissect_dcom_I8 dissect_ndr_uint64
|
|
#define dissect_dcom_ID dissect_ndr_duint32
|
|
#define dissect_dcom_FILETIME dissect_ndr_duint32 /* ToBeDone */
|
|
#define dissect_dcom_VARIANT_BOOL dissect_ndr_uint16
|
|
#define dissect_dcom_FLOAT dissect_ndr_float
|
|
#define dissect_dcom_DOUBLE dissect_ndr_double
|
|
#define dissect_dcom_DATE dissect_ndr_double
|
|
|
|
WS_DLL_PUBLIC int
|
|
dissect_dcom_UUID(tvbuff_t *tvb, int offset,
|
|
packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep,
|
|
int hfindex, e_guid_t *uuid);
|
|
|
|
WS_DLL_PUBLIC int
|
|
dissect_dcom_append_UUID(tvbuff_t *tvb, int offset,
|
|
packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep,
|
|
int hfindex, int field_index, e_guid_t *uuid);
|
|
|
|
extern int
|
|
dissect_dcom_indexed_WORD(tvbuff_t *tvb, int offset, packet_info *pinfo,
|
|
proto_tree *tree, dcerpc_info *di, guint8 *drep,
|
|
int hfindex, guint16 * pu16WORD, int field_index);
|
|
|
|
WS_DLL_PUBLIC int
|
|
dissect_dcom_indexed_DWORD(tvbuff_t *tvb, int offset, packet_info *pinfo,
|
|
proto_tree *tree, dcerpc_info *di, guint8 *drep,
|
|
int hfindex, guint32 * pu32DWORD, int field_index);
|
|
|
|
WS_DLL_PUBLIC int
|
|
dissect_dcom_HRESULT(tvbuff_t *tvb, int offset,
|
|
packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, guint32 * pu32hresult);
|
|
|
|
WS_DLL_PUBLIC int
|
|
dissect_dcom_HRESULT_item(tvbuff_t *tvb, int offset, packet_info *pinfo,
|
|
proto_tree *tree, dcerpc_info *di, guint8 *drep,
|
|
guint32 * pu32HResult, int field_index, proto_item **item);
|
|
|
|
WS_DLL_PUBLIC int
|
|
dissect_dcom_indexed_HRESULT(tvbuff_t *tvb, int offset, packet_info *pinfo,
|
|
proto_tree *tree, dcerpc_info *di, guint8 *drep,
|
|
guint32 * pu32hresult, int field_index);
|
|
|
|
extern int
|
|
dissect_dcom_COMVERSION(tvbuff_t *tvb, int offset,
|
|
packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep,
|
|
guint16 * pu16version_major, guint16 * pu16version_minor);
|
|
|
|
typedef void (*sa_callback_t) (tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
|
proto_tree *tree, dcerpc_info *di, guint8 *drep,
|
|
guint32 u32VarType, guint32 u32ArraySize);
|
|
|
|
WS_DLL_PUBLIC int
|
|
dissect_dcom_SAFEARRAY(tvbuff_t *tvb, int offset, packet_info *pinfo,
|
|
proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex _U_, sa_callback_t sacb);
|
|
|
|
WS_DLL_PUBLIC int
|
|
dissect_dcom_LPWSTR(tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
|
proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex,
|
|
gchar *psz_buffer, guint32 u32max_buffer);
|
|
|
|
WS_DLL_PUBLIC int
|
|
dissect_dcom_indexed_LPWSTR(tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
|
proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex,
|
|
gchar *pszStr, guint32 u32MaxStr, int field_index);
|
|
|
|
WS_DLL_PUBLIC int
|
|
dissect_dcom_BSTR(tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
|
proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex,
|
|
gchar *psz_buffer, guint32 u32max_buffer);
|
|
|
|
extern int
|
|
dissect_dcom_DUALSTRINGARRAY(tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
|
proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex, gchar *ip);
|
|
|
|
extern int
|
|
dissect_dcom_STDOBJREF(tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
|
proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex,
|
|
guint64 *oxid, guint64 *oid, e_guid_t *ipid);
|
|
extern int
|
|
dissect_dcom_OBJREF(tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
|
proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex, dcom_interface_t **interf);
|
|
|
|
WS_DLL_PUBLIC int
|
|
dissect_dcom_MInterfacePointer(tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
|
proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex, dcom_interface_t **interf);
|
|
WS_DLL_PUBLIC int
|
|
dissect_dcom_PMInterfacePointer(tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
|
proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex, dcom_interface_t **interf);
|
|
|
|
WS_DLL_PUBLIC int
|
|
dissect_dcom_VARTYPE(tvbuff_t *tvb, int offset,
|
|
packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep,
|
|
guint16 *pu16Vartype);
|
|
|
|
WS_DLL_PUBLIC int
|
|
dissect_dcom_VARIANT(tvbuff_t *tvb, int offset, packet_info *pinfo,
|
|
proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex);
|
|
|
|
/* dcom "dcerpc internal" unmarshalling */
|
|
WS_DLL_PUBLIC int
|
|
dissect_dcom_dcerpc_array_size(tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
|
proto_tree *tree, dcerpc_info *di, guint8 *drep, guint32 *pu32array_size);
|
|
|
|
WS_DLL_PUBLIC int
|
|
dissect_dcom_dcerpc_pointer(tvbuff_t *tvb, gint offset, packet_info *pinfo,
|
|
proto_tree *tree, dcerpc_info *di, guint8 *drep, guint32 *pu32pointer);
|
|
|
|
/* mark things as "to be done" */
|
|
extern int
|
|
dissect_dcom_tobedone_data(tvbuff_t *tvb, int offset,
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep, int length);
|
|
|
|
/* mark things "no specification available" */
|
|
extern int
|
|
dissect_dcom_nospec_data(tvbuff_t *tvb, int offset,
|
|
packet_info *pinfo, proto_tree *tree, guint8 *drep, int length);
|
|
|
|
/* very simple parameter-profiles dissectors (for very simple requests ;-) */
|
|
/* request: no parameters */
|
|
WS_DLL_PUBLIC int
|
|
dissect_dcom_simple_rqst(tvbuff_t *tvb, int offset,
|
|
packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep);
|
|
/* response: only HRESULT */
|
|
WS_DLL_PUBLIC int
|
|
dissect_dcom_simple_resp(tvbuff_t *tvb, int offset,
|
|
packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep);
|
|
|
|
#endif /* packet-dcom.h */
|