Support for DCE RPC atop SMB, and support for several Microsoft DCE RPC

services used with SMB, from Tim Potter.

svn path=/trunk/; revision=4194

22 files changed, 1294 insertions, 5 deletions

diff --git a/AUTHORS b/AUTHORS
index efa038466b..f1d9cc2e84 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -889,6 +889,11 @@ Kazushi Sugyo <k-sugyou[AT]nwsl.mesh.ad.jp> {
 	Fix to code to scan the SIOCGIFCONF list
 }
 
+Tim Potter <tpot[AT]samba.org> {
+	Support for DCE RPC atop SMB
+	Support for several Microsoft DCE RPC services used with SMB
+}
+
 Alain Magloire <alainm[AT]rcsm.ece.mcgill.ca> was kind enough to
 give his permission to use his version of snprintf.c.
 
diff --git a/Makefile.am b/Makefile.am
index a03a9720bd..8e3e9e32a1 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,7 +1,7 @@
 # Makefile.am
 # Automake file for Ethereal
 #
-# $Id: Makefile.am,v 1.378 2001/11/09 07:44:47 guy Exp $
+# $Id: Makefile.am,v 1.379 2001/11/12 08:58:43 guy Exp $
 #
 # Ethereal - Network traffic analyzer
 # By Gerald Combs <gerald@ethereal.com>
@@ -178,6 +178,14 @@ DISSECTOR_SRC = \
 	packet-msdp.c  \
 	packet-msnip.c \
 	packet-msproxy.c \
+	packet-msrpc-dfs.c \
+	packet-msrpc-lsa.c \
+	packet-msrpc-netlogon.c \
+	packet-msrpc-reg.c \
+	packet-msrpc-samr.c \
+	packet-msrpc-spoolss.c \
+	packet-msrpc-srvsvc.c \
+	packet-msrpc-wkssvc.c \
 	packet-mtp3.c \
 	packet-nbipx.c \
 	packet-nbns.c  \
diff --git a/Makefile.nmake b/Makefile.nmake
index 88690643e8..367d359a4e 100644
--- a/Makefile.nmake
+++ b/Makefile.nmake
@@ -1,7 +1,7 @@
 ## Makefile for building ethereal.exe with Microsoft C and nmake
 ## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake
 #
-# $Id: Makefile.nmake,v 1.140 2001/11/09 09:22:06 guy Exp $
+# $Id: Makefile.nmake,v 1.141 2001/11/12 08:58:43 guy Exp $
 
 include config.nmake
 include <win32.mak>
@@ -59,8 +59,8 @@ DISSECTOR_SRC = \
 	packet-dns.c   \
 	packet-dsi.c   \
 	packet-dvmrp.c \
-	packet-eapol.c \
 	packet-eap.c \
+	packet-eapol.c \
 	packet-eigrp.c \
 	packet-esis.c  \
 	packet-eth.c   \
@@ -129,6 +129,14 @@ DISSECTOR_SRC = \
 	packet-msdp.c  \
 	packet-msnip.c \
 	packet-msproxy.c \
+	packet-msrpc-dfs.c \
+	packet-msrpc-lsa.c \
+	packet-msrpc-netlogon.c \
+	packet-msrpc-reg.c \
+	packet-msrpc-samr.c \
+	packet-msrpc-spoolss.c \
+	packet-msrpc-srvsvc.c \
+	packet-msrpc-wkssvc.c \
 	packet-mtp3.c \
 	packet-nbipx.c \
 	packet-nbns.c  \
diff --git a/doc/ethereal.pod.template b/doc/ethereal.pod.template
index 31feee635d..7a0797cf9f 100644
--- a/doc/ethereal.pod.template
+++ b/doc/ethereal.pod.template
@@ -1215,6 +1215,7 @@ B<http://www.ethereal.com>.
   Pekka Nikander           <pekka.nikander[AT]nomadiclab.com>
   Hamish Moffatt           <hamish[AT]cloud.net.au>
   Kazushi Sugyo            <k-sugyou[AT]nwsl.mesh.ad.jp>
+  Tim Potter               <tpot[AT]samba.org>
 
 Alain Magloire <alainm[AT]rcsm.ece.mcgill.ca> was kind enough to give his
 permission to use his version of snprintf.c.
diff --git a/packet-dcerpc.c b/packet-dcerpc.c
index 73fe6d0c48..31f1f6c48e 100644
--- a/packet-dcerpc.c
+++ b/packet-dcerpc.c
@@ -2,7 +2,7 @@
  * Routines for DCERPC packet disassembly
  * Copyright 2001, Todd Sabin <tas@webspan.net>
  *
- * $Id: packet-dcerpc.c,v 1.12 2001/10/05 20:25:41 guy Exp $
+ * $Id: packet-dcerpc.c,v 1.13 2001/11/12 08:58:43 guy Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -1440,4 +1440,5 @@ proto_reg_handoff_dcerpc (void)
     heur_dissector_add ("tcp", dissect_dcerpc_cn, proto_dcerpc);
     heur_dissector_add ("netbios", dissect_dcerpc_cn, proto_dcerpc);
     heur_dissector_add ("udp", dissect_dcerpc_dg, proto_dcerpc);
+    heur_dissector_add ("msrpc", dissect_dcerpc_cn, proto_dcerpc);
 }
diff --git a/packet-msrpc-dfs.c b/packet-msrpc-dfs.c
new file mode 100644
index 0000000000..38112aedee
--- /dev/null
+++ b/packet-msrpc-dfs.c
@@ -0,0 +1,75 @@
+/* packet-msrpc-dfs.c
+ * Routines for SMB \\PIPE\\netdfs packet disassembly
+ * Copyright 2001, Tim Potter <tpot@samba.org>
+ *
+ * $Id: packet-msrpc-dfs.c,v 1.1 2001/11/12 08:58:43 guy Exp $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ * 
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <glib.h>
+#include "packet.h"
+#include "packet-dcerpc.h"
+#include "packet-msrpc-dfs.h"
+
+static int proto_msrpc_dfs = -1;
+static gint ett_msrpc_dfs = -1;
+
+static e_uuid_t uuid_msrpc_dfs = {
+        0x4fc742e0, 0x4a10, 0x11cf,
+        { 0x82, 0x73, 0x00, 0xaa, 0x00, 0x4a, 0xe6, 0x73 }
+};
+
+static guint16 ver_msrpc_dfs = 3;
+
+static dcerpc_sub_dissector msrpc_dfs_dissectors[] = {
+        { DFS_EXIST, "DFS_EXIST", NULL, NULL },
+        { DFS_ADD, "DFS_ADD", NULL, NULL },
+        { DFS_REMOVE, "DFS_REMOVE", NULL, NULL },
+        { DFS_GET_INFO, "DFS_GET_INFO", NULL, NULL },
+        { DFS_ENUM, "DFS_ENUM", NULL, NULL },
+
+        {0, NULL, NULL,  NULL },
+};
+
+void 
+proto_register_msrpc_dfs(void)
+{
+        static gint *ett[] = {
+                &ett_msrpc_dfs,
+        };
+
+        proto_msrpc_dfs = proto_register_protocol(
+                "Microsoft Distributed File System", "DFS", "dfs");
+
+        proto_register_subtree_array(ett, array_length(ett));
+}
+
+void
+proto_reg_handoff_msrpc_dfs(void)
+{
+        /* Register protocol as dcerpc */
+
+        dcerpc_init_uuid(proto_msrpc_dfs, ett_msrpc_dfs, &uuid_msrpc_dfs,
+                         ver_msrpc_dfs, msrpc_dfs_dissectors);
+}
diff --git a/packet-msrpc-dfs.h b/packet-msrpc-dfs.h
new file mode 100644
index 0000000000..5857480646
--- /dev/null
+++ b/packet-msrpc-dfs.h
@@ -0,0 +1,37 @@
+/* packet-msrpc-dfs.h
+ * Routines for SMB \\PIPE\\netdfs packet disassembly
+ * Copyright 2001, Tim Potter <tpot@samba.org>
+ *
+ * $Id: packet-msrpc-dfs.h,v 1.1 2001/11/12 08:58:43 guy Exp $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ * 
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifndef __PACKET_MSRPC_DFS_H
+#define __PACKET_MSRPC_DFS_H
+
+/* Functions available on the NETDFS pipe.  From Samba, include/rpc_dfs.h */
+
+#define DFS_EXIST                0x00
+#define DFS_ADD                  0x01
+#define DFS_REMOVE               0x02
+#define DFS_GET_INFO             0x04
+#define DFS_ENUM                 0x05
+
+#endif /* packet-msrpc-dfs.h */
diff --git a/packet-msrpc-lsa.c b/packet-msrpc-lsa.c
new file mode 100644
index 0000000000..a4d2f04fec
--- /dev/null
+++ b/packet-msrpc-lsa.c
@@ -0,0 +1,116 @@
+/* packet-msrpc-lsa.c
+ * Routines for SMB \\PIPE\\lsarpc packet disassembly
+ * Copyright 2001, Tim Potter <tpot@samba.org>
+ *
+ * $Id: packet-msrpc-lsa.c,v 1.1 2001/11/12 08:58:43 guy Exp $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ * 
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <glib.h>
+#include "packet.h"
+#include "packet-dcerpc.h"
+#include "packet-msrpc-lsa.h"
+
+static int proto_msrpc_lsa = -1;
+static gint ett_msrpc_lsa = -1;
+
+static e_uuid_t uuid_msrpc_lsa = {
+        0x12345778, 0x1234, 0xabcd, 
+        { 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab}
+};
+
+static guint16 ver_msrpc_lsa = 0;
+
+static dcerpc_sub_dissector msrpc_lsa_dissectors[] = {
+        { LSA_CLOSE, "LSA_CLOSE", NULL, NULL },
+        { LSA_DELETE, "LSA_DELETE", NULL, NULL },
+        { LSA_ENUM_PRIVS, "LSA_ENUM_PRIVS", NULL, NULL },
+        { LSA_QUERYSECOBJ, "LSA_QUERYSECOBJ", NULL, NULL },
+        { LSA_SETSECOBJ, "LSA_SETSECOBJ", NULL, NULL },
+        { LSA_CHANGEPASSWORD, "LSA_CHANGEPASSWORD", NULL, NULL },
+        { LSA_OPENPOLICY, "LSA_OPENPOLICY", NULL, NULL },
+        { LSA_QUERYINFOPOLICY, "LSA_QUERYINFOPOLICY", NULL, NULL },
+        { LSA_SETINFOPOLICY, "LSA_SETINFOPOLICY", NULL, NULL },
+        { LSA_CLEARAUDITLOG, "LSA_CLEARAUDITLOG", NULL, NULL },
+        { LSA_CREATEACCOUNT, "LSA_CREATEACCOUNT", NULL, NULL },
+        { LSA_ENUM_ACCOUNTS, "LSA_ENUM_ACCOUNTS", NULL, NULL },
+        { LSA_CREATETRUSTDOM, "LSA_CREATETRUSTDOM", NULL, NULL },
+        { LSA_ENUMTRUSTDOM, "LSA_ENUMTRUSTDOM", NULL, NULL },
+        { LSA_LOOKUPNAMES, "LSA_LOOKUPNAMES", NULL, NULL },
+        { LSA_LOOKUPSIDS, "LSA_LOOKUPSIDS", NULL, NULL },
+        { LSA_CREATESECRET, "LSA_CREATESECRET", NULL, NULL },
+        { LSA_OPENACCOUNT, "LSA_OPENACCOUNT", NULL, NULL },
+        { LSA_ENUMPRIVSACCOUNT, "LSA_ENUMPRIVSACCOUNT", NULL, NULL },
+        { LSA_ADDPRIVS, "LSA_ADDPRIVS", NULL, NULL },
+        { LSA_REMOVEPRIVS, "LSA_REMOVEPRIVS", NULL, NULL },
+        { LSA_GETQUOTAS, "LSA_GETQUOTAS", NULL, NULL },
+        { LSA_SETQUOTAS, "LSA_SETQUOTAS", NULL, NULL },
+        { LSA_GETSYSTEMACCOUNT, "LSA_GETSYSTEMACCOUNT", NULL, NULL },
+        { LSA_SETSYSTEMACCOUNT, "LSA_SETSYSTEMACCOUNT", NULL, NULL },
+        { LSA_OPENTRUSTDOM, "LSA_OPENTRUSTDOM", NULL, NULL },
+        { LSA_QUERYTRUSTDOM, "LSA_QUERYTRUSTDOM", NULL, NULL },
+        { LSA_SETINFOTRUSTDOM, "LSA_SETINFOTRUSTDOM", NULL, NULL },
+        { LSA_OPENSECRET, "LSA_OPENSECRET", NULL, NULL },
+        { LSA_SETSECRET, "LSA_SETSECRET", NULL, NULL },
+        { LSA_QUERYSECRET, "LSA_QUERYSECRET", NULL, NULL },
+        { LSA_LOOKUPPRIVVALUE, "LSA_LOOKUPPRIVVALUE", NULL, NULL },
+        { LSA_LOOKUPPRIVNAME, "LSA_LOOKUPPRIVNAME", NULL, NULL },
+        { LSA_PRIV_GET_DISPNAME, "LSA_PRIV_GET_DISPNAME", NULL, NULL },
+        { LSA_DELETEOBJECT, "LSA_DELETEOBJECT", NULL, NULL },
+        { LSA_ENUMACCTWITHRIGHT, "LSA_ENUMACCTWITHRIGHT", NULL, NULL },
+        { LSA_ENUMACCTRIGHTS, "LSA_ENUMACCTRIGHTS", NULL, NULL },
+        { LSA_ADDACCTRIGHTS, "LSA_ADDACCTRIGHTS", NULL, NULL },
+        { LSA_REMOVEACCTRIGHTS, "LSA_REMOVEACCTRIGHTS", NULL, NULL },
+        { LSA_QUERYTRUSTDOMINFO, "LSA_QUERYTRUSTDOMINFO", NULL, NULL },
+        { LSA_SETTRUSTDOMINFO, "LSA_SETTRUSTDOMINFO", NULL, NULL },
+        { LSA_DELETETRUSTDOM, "LSA_DELETETRUSTDOM", NULL, NULL },
+        { LSA_STOREPRIVDATA, "LSA_STOREPRIVDATA", NULL, NULL },
+        { LSA_RETRPRIVDATA, "LSA_RETRPRIVDATA", NULL, NULL },
+        { LSA_OPENPOLICY2, "LSA_OPENPOLICY2", NULL, NULL },
+        { LSA_UNK_GET_CONNUSER, "LSA_UNK_GET_CONNUSER", NULL, NULL },
+
+        {0, NULL, NULL,  NULL },
+};
+
+void 
+proto_register_msrpc_lsa(void)
+{
+        static gint *ett[] = {
+                &ett_msrpc_lsa,
+        };
+
+        proto_msrpc_lsa = proto_register_protocol(
+                "Microsoft Local Security Architecture", "LSA", "lsa");
+
+        proto_register_subtree_array(ett, array_length(ett));
+}
+
+void
+proto_reg_handoff_msrpc_lsa(void)
+{
+        /* Register protocol as dcerpc */
+
+        dcerpc_init_uuid(proto_msrpc_lsa, ett_msrpc_lsa, &uuid_msrpc_lsa,
+                         ver_msrpc_lsa, msrpc_lsa_dissectors);
+}
diff --git a/packet-msrpc-lsa.h b/packet-msrpc-lsa.h
new file mode 100644
index 0000000000..47da1d52cd
--- /dev/null
+++ b/packet-msrpc-lsa.h
@@ -0,0 +1,78 @@
+/* packet-msrpc-lsa.h
+ * Routines for SMB \\PIPE\\lsarpc packet disassembly
+ * Copyright 2001, Tim Potter <tpot@samba.org>
+ *
+ * $Id: packet-msrpc-lsa.h,v 1.1 2001/11/12 08:58:43 guy Exp $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ * 
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifndef __PACKET_MSRPC_LSA_H
+#define __PACKET_MSRPC_LSA_H
+
+/* Functions available on the LSA pipe.  From Samba, include/rpc_lsa.h */
+
+#define LSA_CLOSE              0x00
+#define LSA_DELETE             0x01
+#define LSA_ENUM_PRIVS         0x02
+#define LSA_QUERYSECOBJ        0x03
+#define LSA_SETSECOBJ          0x04
+#define LSA_CHANGEPASSWORD     0x05
+#define LSA_OPENPOLICY         0x06
+#define LSA_QUERYINFOPOLICY    0x07
+#define LSA_SETINFOPOLICY      0x08
+#define LSA_CLEARAUDITLOG      0x09
+#define LSA_CREATEACCOUNT      0x0a
+#define LSA_ENUM_ACCOUNTS      0x0b
+#define LSA_CREATETRUSTDOM     0x0c
+#define LSA_ENUMTRUSTDOM       0x0d
+#define LSA_LOOKUPNAMES        0x0e
+#define LSA_LOOKUPSIDS         0x0f
+#define LSA_CREATESECRET       0x10
+#define LSA_OPENACCOUNT	       0x11
+#define LSA_ENUMPRIVSACCOUNT   0x12
+#define LSA_ADDPRIVS           0x13
+#define LSA_REMOVEPRIVS        0x14
+#define LSA_GETQUOTAS          0x15
+#define LSA_SETQUOTAS          0x16
+#define LSA_GETSYSTEMACCOUNT   0x17
+#define LSA_SETSYSTEMACCOUNT   0x18
+#define LSA_OPENTRUSTDOM       0x19
+#define LSA_QUERYTRUSTDOM      0x1a
+#define LSA_SETINFOTRUSTDOM    0x1b
+#define LSA_OPENSECRET         0x1c
+#define LSA_SETSECRET          0x1d
+#define LSA_QUERYSECRET        0x1e
+#define LSA_LOOKUPPRIVVALUE    0x1f
+#define LSA_LOOKUPPRIVNAME     0x20
+#define LSA_PRIV_GET_DISPNAME  0x21
+#define LSA_DELETEOBJECT       0x22
+#define LSA_ENUMACCTWITHRIGHT  0x23
+#define LSA_ENUMACCTRIGHTS     0x24
+#define LSA_ADDACCTRIGHTS      0x25
+#define LSA_REMOVEACCTRIGHTS   0x26
+#define LSA_QUERYTRUSTDOMINFO  0x27
+#define LSA_SETTRUSTDOMINFO    0x28
+#define LSA_DELETETRUSTDOM     0x29
+#define LSA_STOREPRIVDATA      0x2a
+#define LSA_RETRPRIVDATA       0x2b
+#define LSA_OPENPOLICY2        0x2c
+#define LSA_UNK_GET_CONNUSER   0x2d
+
+#endif /* packet-msrpc-lsa.h */
diff --git a/packet-msrpc-netlogon.c b/packet-msrpc-netlogon.c
new file mode 100644
index 0000000000..acbbfc03b1
--- /dev/null
+++ b/packet-msrpc-netlogon.c
@@ -0,0 +1,82 @@
+/* packet-msrpc-netlogon.c
+ * Routines for SMB \\PIPE\\NETLOGON packet disassembly
+ * Copyright 2001, Tim Potter <tpot@samba.org>
+ *
+ * $Id: packet-msrpc-netlogon.c,v 1.1 2001/11/12 08:58:43 guy Exp $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ * 
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <glib.h>
+#include "packet.h"
+#include "packet-dcerpc.h"
+#include "packet-msrpc-netlogon.h"
+
+static int proto_msrpc_netlogon = -1;
+static gint ett_msrpc_netlogon = -1;
+
+static e_uuid_t uuid_msrpc_netlogon = {
+        0x12345678, 0x1234, 0xabcd,
+        { 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0xcf, 0xfb }
+};
+
+static guint16 ver_msrpc_netlogon = 1;
+
+static dcerpc_sub_dissector msrpc_netlogon_dissectors[] = {
+        { NET_SAMLOGON, "NET_SAMLOGON", NULL, NULL },
+        { NET_SAMLOGOFF, "NET_SAMLOGOFF", NULL, NULL },
+        { NET_REQCHAL, "NET_REQCHAL", NULL, NULL },
+        { NET_AUTH, "NET_AUTH", NULL, NULL },
+        { NET_SRVPWSET, "NET_SRVPWSET", NULL, NULL },
+        { NET_SAM_DELTAS, "NET_SAM_DELTAS", NULL, NULL },
+        { NET_LOGON_CTRL, "NET_LOGON_CTRL", NULL, NULL },
+        { NET_AUTH2, "NET_AUTH2", NULL, NULL },
+        { NET_LOGON_CTRL2, "NET_LOGON_CTRL2", NULL, NULL },
+        { NET_SAM_SYNC, "NET_SAM_SYNC", NULL, NULL },
+        { NET_TRUST_DOM_LIST, "NET_TRUST_DOM_LIST", NULL, NULL },
+
+        {0, NULL, NULL,  NULL },
+};
+
+void 
+proto_register_msrpc_netlogon(void)
+{
+        static gint *ett[] = {
+                &ett_msrpc_netlogon,
+        };
+
+        proto_msrpc_netlogon = proto_register_protocol(
+                "Microsoft Network Logon", "NETLOGON", "rpc_netlogon");
+
+        proto_register_subtree_array(ett, array_length(ett));
+}
+
+void
+proto_reg_handoff_msrpc_netlogon(void)
+{
+        /* Register protocol as dcerpc */
+
+        dcerpc_init_uuid(proto_msrpc_netlogon, ett_msrpc_netlogon, 
+                         &uuid_msrpc_netlogon, ver_msrpc_netlogon, 
+                         msrpc_netlogon_dissectors);
+}
diff --git a/packet-msrpc-netlogon.h b/packet-msrpc-netlogon.h
new file mode 100644
index 0000000000..23cca20630
--- /dev/null
+++ b/packet-msrpc-netlogon.h
@@ -0,0 +1,44 @@
+/* packet-msrpc-netlogon.h
+ * Routines for SMB \\PIPE\\NETLOGON packet disassembly
+ * Copyright 2001, Tim Potter <tpot@samba.org>
+ *
+ * $Id: packet-msrpc-netlogon.h,v 1.1 2001/11/12 08:58:43 guy Exp $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ * 
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifndef __PACKET_MSRPC_NETLOGON_H
+#define __PACKET_MSRPC_NETLOGON_H
+
+/* Functions available on the NETLOGON pipe.  From Samba, 
+   include/rpc_netlogon.h */
+
+#define NET_SAMLOGON           0x02
+#define NET_SAMLOGOFF          0x03
+#define NET_REQCHAL            0x04
+#define NET_AUTH               0x05
+#define NET_SRVPWSET           0x06
+#define NET_SAM_DELTAS         0x07
+#define NET_LOGON_CTRL         0x0c
+#define NET_AUTH2              0x0f
+#define NET_LOGON_CTRL2        0x0e
+#define NET_SAM_SYNC           0x10
+#define NET_TRUST_DOM_LIST     0x13
+
+#endif /* packet-msrpc-netlogon.h */
diff --git a/packet-msrpc-reg.c b/packet-msrpc-reg.c
new file mode 100644
index 0000000000..30e18157d7
--- /dev/null
+++ b/packet-msrpc-reg.c
@@ -0,0 +1,97 @@
+/* packet-msrpc-reg.c
+ * Routines for SMB \\PIPE\\winreg packet disassembly
+ * Copyright 2001, Tim Potter <tpot@samba.org>
+ *
+ * $Id: packet-msrpc-reg.c,v 1.1 2001/11/12 08:58:43 guy Exp $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ * 
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <glib.h>
+#include "packet.h"
+#include "packet-dcerpc.h"
+#include "packet-msrpc-reg.h"
+
+static int proto_msrpc_reg = -1;
+static gint ett_msrpc_reg = -1;
+
+static e_uuid_t uuid_msrpc_reg = {
+        0x338cd001, 0x2244, 0x31f1,
+        { 0xaa, 0xaa, 0x90, 0x00, 0x38, 0x00, 0x10, 0x03 }
+};
+
+static guint16 ver_msrpc_reg = 1;
+
+static dcerpc_sub_dissector msrpc_reg_dissectors[] = {
+        { REG_OPEN_HKCR, "REG_OPEN_HKCR", NULL, NULL },
+        { _REG_UNK_01, "_REG_UNK_01", NULL, NULL },
+        { REG_OPEN_HKLM, "REG_OPEN_HKLM", NULL, NULL },
+        { _REG_UNK_03, "_REG_UNK_03", NULL, NULL },
+        { REG_OPEN_HKU, "REG_OPEN_HKU", NULL, NULL },
+        { REG_CLOSE, "REG_CLOSE", NULL, NULL },
+        { REG_CREATE_KEY, "REG_CREATE_KEY", NULL, NULL },
+        { REG_DELETE_KEY, "REG_DELETE_KEY", NULL, NULL },
+        { REG_DELETE_VALUE, "REG_DELETE_VALUE", NULL, NULL },
+        { REG_ENUM_KEY, "REG_ENUM_KEY", NULL, NULL },
+        { REG_ENUM_VALUE, "REG_ENUM_VALUE", NULL, NULL },
+        { REG_FLUSH_KEY, "REG_FLUSH_KEY", NULL, NULL },
+        { REG_GET_KEY_SEC, "REG_GET_KEY_SEC", NULL, NULL },
+        { _REG_UNK_0D, "_REG_UNK_0D", NULL, NULL },
+        { _REG_UNK_0E, "_REG_UNK_0E", NULL, NULL },
+        { REG_OPEN_ENTRY, "REG_OPEN_ENTRY", NULL, NULL },
+        { REG_QUERY_KEY, "REG_QUERY_KEY", NULL, NULL },
+        { REG_INFO, "REG_INFO", NULL, NULL },
+        { _REG_UNK_12, "_REG_UNK_12", NULL, NULL },
+        { _REG_UNK_13, "_REG_UNK_13", NULL, NULL },
+        { _REG_UNK_14, "_REG_UNK_14", NULL, NULL },
+        { REG_SET_KEY_SEC, "REG_SET_KEY_SEC", NULL, NULL },
+        { REG_CREATE_VALUE, "REG_CREATE_VALUE", NULL, NULL },
+        { _REG_UNK_17, "_REG_UNK_17", NULL, NULL },
+        { REG_SHUTDOWN, "REG_SHUTDOWN", NULL, NULL },
+        { REG_ABORT_SHUTDOWN, "REG_ABORT_SHUTDOWN", NULL, NULL },
+        { REG_UNK_1A, "REG_UNK_1A", NULL, NULL },
+
+        {0, NULL, NULL,  NULL },
+};
+
+void 
+proto_register_msrpc_reg(void)
+{
+        static gint *ett[] = {
+                &ett_msrpc_reg,
+        };
+
+        proto_msrpc_reg = proto_register_protocol(
+                "Microsoft Registry", "REG", "reg");
+
+        proto_register_subtree_array(ett, array_length(ett));
+}
+
+void
+proto_reg_handoff_msrpc_reg(void)
+{
+        /* Register protocol as dcerpc */
+
+        dcerpc_init_uuid(proto_msrpc_reg, ett_msrpc_reg, &uuid_msrpc_reg,
+                         ver_msrpc_reg, msrpc_reg_dissectors);
+}
diff --git a/packet-msrpc-reg.h b/packet-msrpc-reg.h
new file mode 100644
index 0000000000..8bac50d976
--- /dev/null
+++ b/packet-msrpc-reg.h
@@ -0,0 +1,59 @@
+/* packet-msrpc-reg.h
+ * Routines for SMB \\PIPE\\winreg packet disassembly
+ * Copyright 2001, Tim Potter <tpot@samba.org>
+ *
+ * $Id: packet-msrpc-reg.h,v 1.1 2001/11/12 08:58:43 guy Exp $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ * 
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifndef __PACKET_MSRPC_REG_H
+#define __PACKET_MSRPC_REG_H
+
+/* Functions available on the WINREG pipe.  From Samba, include/rpc_reg.h */
+
+#define REG_OPEN_HKCR		0x00
+#define _REG_UNK_01		0x01
+#define REG_OPEN_HKLM		0x02
+#define _REG_UNK_03		0x03
+#define REG_OPEN_HKU		0x04
+#define REG_CLOSE		0x05
+#define REG_CREATE_KEY		0x06
+#define REG_DELETE_KEY		0x07
+#define REG_DELETE_VALUE	0x08
+#define REG_ENUM_KEY		0x09
+#define REG_ENUM_VALUE		0x0a
+#define REG_FLUSH_KEY		0x0b
+#define REG_GET_KEY_SEC		0x0c
+#define	_REG_UNK_0D		0x0d
+#define _REG_UNK_0E		0x0e
+#define REG_OPEN_ENTRY		0x0f
+#define REG_QUERY_KEY		0x10
+#define REG_INFO		0x11
+#define	_REG_UNK_12		0x12
+#define _REG_UNK_13		0x13
+#define	_REG_UNK_14		0x14
+#define REG_SET_KEY_SEC		0x15
+#define REG_CREATE_VALUE	0x16
+#define	_REG_UNK_17		0x17
+#define REG_SHUTDOWN		0x18
+#define REG_ABORT_SHUTDOWN	0x19
+#define REG_UNK_1A		0x1a
+
+#endif /* packet-msrpc-reg.h */
diff --git a/packet-msrpc-samr.c b/packet-msrpc-samr.c
new file mode 100644
index 0000000000..d2309c3291
--- /dev/null
+++ b/packet-msrpc-samr.c
@@ -0,0 +1,126 @@
+/* packet-msrpc-samr.c
+ * Routines for SMB \\PIPE\\samr packet disassembly
+ * Copyright 2001, Tim Potter <tpot@samba.org>
+ *
+ * $Id: packet-msrpc-samr.c,v 1.1 2001/11/12 08:58:43 guy Exp $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ * 
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <glib.h>
+#include "packet.h"
+#include "packet-dcerpc.h"
+#include "packet-msrpc-samr.h"
+
+static int proto_msrpc_samr = -1;
+static gint ett_msrpc_samr = -1;
+
+static e_uuid_t uuid_msrpc_samr = {
+        0x12345778, 0x1234, 0xabcd, 
+        { 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xac}
+};
+
+static guint16 ver_msrpc_samr = 1;
+
+static dcerpc_sub_dissector msrpc_samr_dissectors[] = {
+        { SAMR_CONNECT_ANON, "SAMR_CONNECT_ANON", NULL, NULL },
+        { SAMR_CLOSE_HND, "SAMR_CLOSE_HND", NULL, NULL },
+        { SAMR_UNKNOWN_2, "SAMR_UNKNOWN_2", NULL, NULL },
+        { SAMR_QUERY_SEC_OBJECT, "SAMR_QUERY_SEC_OBJECT", NULL, NULL },
+        { SAMR_UNKNOWN_4, "SAMR_UNKNOWN_4", NULL, NULL },
+        { SAMR_LOOKUP_DOMAIN, "SAMR_LOOKUP_DOMAIN", NULL, NULL },
+        { SAMR_ENUM_DOMAINS, "SAMR_ENUM_DOMAINS", NULL, NULL },
+        { SAMR_OPEN_DOMAIN, "SAMR_OPEN_DOMAIN", NULL, NULL },
+        { SAMR_QUERY_DOMAIN_INFO, "SAMR_QUERY_DOMAIN_INFO", NULL, NULL },
+        { SAMR_CREATE_DOM_GROUP, "SAMR_CREATE_DOM_GROUP", NULL, NULL },
+        { SAMR_ENUM_DOM_GROUPS, "SAMR_ENUM_DOM_GROUPS", NULL, NULL },
+        { SAMR_ENUM_DOM_USERS, "SAMR_ENUM_DOM_USERS", NULL, NULL },
+        { SAMR_CREATE_DOM_ALIAS, "SAMR_CREATE_DOM_ALIAS", NULL, NULL },
+        { SAMR_ENUM_DOM_ALIASES, "SAMR_ENUM_DOM_ALIASES", NULL, NULL },
+        { SAMR_QUERY_USERALIASES, "SAMR_QUERY_USERALIASES", NULL, NULL },
+        { SAMR_LOOKUP_NAMES, "SAMR_LOOKUP_NAMES", NULL, NULL },
+        { SAMR_LOOKUP_RIDS, "SAMR_LOOKUP_RIDS", NULL, NULL },
+        { SAMR_OPEN_GROUP, "SAMR_OPEN_GROUP", NULL, NULL },
+        { SAMR_QUERY_GROUPINFO, "SAMR_QUERY_GROUPINFO", NULL, NULL },
+        { SAMR_SET_GROUPINFO, "SAMR_SET_GROUPINFO", NULL, NULL },
+        { SAMR_ADD_GROUPMEM, "SAMR_ADD_GROUPMEM", NULL, NULL },
+        { SAMR_DELETE_DOM_GROUP, "SAMR_DELETE_DOM_GROUP", NULL, NULL },
+        { SAMR_DEL_GROUPMEM, "SAMR_DEL_GROUPMEM", NULL, NULL },
+        { SAMR_QUERY_GROUPMEM, "SAMR_QUERY_GROUPMEM", NULL, NULL },
+        { SAMR_UNKNOWN_1A, "SAMR_UNKNOWN_1A", NULL, NULL },
+        { SAMR_OPEN_ALIAS, "SAMR_OPEN_ALIAS", NULL, NULL },
+        { SAMR_QUERY_ALIASINFO, "SAMR_QUERY_ALIASINFO", NULL, NULL },
+        { SAMR_SET_ALIASINFO, "SAMR_SET_ALIASINFO", NULL, NULL },
+        { SAMR_DELETE_DOM_ALIAS, "SAMR_DELETE_DOM_ALIAS", NULL, NULL },
+        { SAMR_ADD_ALIASMEM, "SAMR_ADD_ALIASMEM", NULL, NULL },
+        { SAMR_DEL_ALIASMEM, "SAMR_DEL_ALIASMEM", NULL, NULL },
+        { SAMR_QUERY_ALIASMEM, "SAMR_QUERY_ALIASMEM", NULL, NULL },
+        { SAMR_OPEN_USER, "SAMR_OPEN_USER", NULL, NULL },
+        { SAMR_DELETE_DOM_USER, "SAMR_DELETE_DOM_USER", NULL, NULL },
+        { SAMR_QUERY_USERINFO, "SAMR_QUERY_USERINFO", NULL, NULL },
+        { SAMR_SET_USERINFO2, "SAMR_SET_USERINFO2", NULL, NULL },
+        { SAMR_QUERY_USERGROUPS, "SAMR_QUERY_USERGROUPS", NULL, NULL },
+        { SAMR_QUERY_DISPINFO, "SAMR_QUERY_DISPINFO", NULL, NULL },
+        { SAMR_UNKNOWN_29, "SAMR_UNKNOWN_29", NULL, NULL },
+        { SAMR_UNKNOWN_2a, "SAMR_UNKNOWN_2a", NULL, NULL },
+        { SAMR_UNKNOWN_2b, "SAMR_UNKNOWN_2b", NULL, NULL },
+        { SAMR_GET_USRDOM_PWINFO, "SAMR_GET_USRDOM_PWINFO", NULL, NULL },
+        { SAMR_UNKNOWN_2D, "SAMR_UNKNOWN_2D", NULL, NULL },
+        { SAMR_UNKNOWN_2e, "SAMR_UNKNOWN_2e", NULL, NULL },
+        { SAMR_UNKNOWN_2f, "SAMR_UNKNOWN_2f", NULL, NULL },
+        { SAMR_QUERY_DISPINFO3, "SAMR_QUERY_DISPINFO3", NULL, NULL },
+        { SAMR_UNKNOWN_31, "SAMR_UNKNOWN_31", NULL, NULL },
+        { SAMR_CREATE_USER, "SAMR_CREATE_USER", NULL, NULL },
+        { SAMR_QUERY_DISPINFO4, "SAMR_QUERY_DISPINFO4", NULL, NULL },
+        { SAMR_ADDMULTI_ALIASMEM, "SAMR_ADDMULTI_ALIASMEM", NULL, NULL },
+        { SAMR_UNKNOWN_35, "SAMR_UNKNOWN_35", NULL, NULL },
+        { SAMR_UNKNOWN_36, "SAMR_UNKNOWN_36", NULL, NULL },
+        { SAMR_CHGPASSWD_USER, "SAMR_CHGPASSWD_USER", NULL, NULL },
+        { SAMR_GET_DOM_PWINFO, "SAMR_GET_DOM_PWINFO", NULL, NULL },
+        { SAMR_CONNECT, "SAMR_CONNECT", NULL, NULL },
+        { SAMR_SET_USERINFO, "SAMR_SET_USERINFO", NULL, NULL },
+
+        {0, NULL, NULL,  NULL },
+};
+
+void 
+proto_register_msrpc_samr(void)
+{
+        static gint *ett[] = {
+                &ett_msrpc_samr,
+        };
+
+        proto_msrpc_samr = proto_register_protocol(
+                "Microsoft Security Account Manager", "SAMR", "samr");
+
+        proto_register_subtree_array(ett, array_length(ett));
+}
+
+void
+proto_reg_handoff_msrpc_samr(void)
+{
+        /* Register protocol as dcerpc */
+
+        dcerpc_init_uuid(proto_msrpc_samr, ett_msrpc_samr, &uuid_msrpc_samr,
+                         ver_msrpc_samr, msrpc_samr_dissectors);
+}
diff --git a/packet-msrpc-samr.h b/packet-msrpc-samr.h
new file mode 100644
index 0000000000..b2e5ec1eab
--- /dev/null
+++ b/packet-msrpc-samr.h
@@ -0,0 +1,88 @@
+/* packet-msrpc-samr.h
+ * Routines for SMB \\PIPE\\samr packet disassembly
+ * Copyright 2001, Tim Potter <tpot@samba.org>
+ *
+ * $Id: packet-msrpc-samr.h,v 1.1 2001/11/12 08:58:43 guy Exp $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ * 
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifndef __PACKET_MSRPC_SAMR_H
+#define __PACKET_MSRPC_SAMR_H
+
+/* Functions available on the SAMR pipe.  From Samba, include/rpc_samr.h */
+
+#define SAMR_CONNECT_ANON      0x00
+#define SAMR_CLOSE_HND         0x01
+#define SAMR_UNKNOWN_2         0x02
+#define SAMR_QUERY_SEC_OBJECT  0x03
+#define SAMR_UNKNOWN_4         0x04
+#define SAMR_LOOKUP_DOMAIN     0x05
+#define SAMR_ENUM_DOMAINS      0x06
+#define SAMR_OPEN_DOMAIN       0x07
+#define SAMR_QUERY_DOMAIN_INFO 0x08
+#define SAMR_CREATE_DOM_GROUP  0x0a
+#define SAMR_ENUM_DOM_GROUPS   0x0b
+#define SAMR_ENUM_DOM_USERS    0x0d
+#define SAMR_CREATE_DOM_ALIAS  0x0e
+#define SAMR_ENUM_DOM_ALIASES  0x0f
+#define SAMR_QUERY_USERALIASES 0x10
+#define SAMR_LOOKUP_NAMES      0x11
+#define SAMR_LOOKUP_RIDS       0x12
+#define SAMR_OPEN_GROUP        0x13
+#define SAMR_QUERY_GROUPINFO   0x14
+#define SAMR_SET_GROUPINFO     0x15
+#define SAMR_ADD_GROUPMEM      0x16
+#define SAMR_DELETE_DOM_GROUP  0x17
+#define SAMR_DEL_GROUPMEM      0x18
+#define SAMR_QUERY_GROUPMEM    0x19
+#define SAMR_UNKNOWN_1A        0x1a
+#define SAMR_OPEN_ALIAS        0x1b
+#define SAMR_QUERY_ALIASINFO   0x1c
+#define SAMR_SET_ALIASINFO     0x1d
+#define SAMR_DELETE_DOM_ALIAS  0x1e
+#define SAMR_ADD_ALIASMEM      0x1f
+#define SAMR_DEL_ALIASMEM      0x20
+#define SAMR_QUERY_ALIASMEM    0x21
+#define SAMR_OPEN_USER         0x22
+#define SAMR_DELETE_DOM_USER   0x23
+#define SAMR_QUERY_USERINFO    0x24
+#define SAMR_SET_USERINFO2     0x25
+#define SAMR_QUERY_USERGROUPS  0x27
+#define SAMR_QUERY_DISPINFO    0x28
+#define SAMR_UNKNOWN_29        0x29
+#define SAMR_UNKNOWN_2a        0x2a
+#define SAMR_UNKNOWN_2b        0x2b
+#define SAMR_GET_USRDOM_PWINFO 0x2c
+#define SAMR_UNKNOWN_2D        0x2d
+#define SAMR_UNKNOWN_2e        0x2e
+#define SAMR_UNKNOWN_2f        0x2f
+#define SAMR_QUERY_DISPINFO3   0x30
+#define SAMR_UNKNOWN_31        0x31
+#define SAMR_CREATE_USER       0x32
+#define SAMR_QUERY_DISPINFO4   0x33
+#define SAMR_ADDMULTI_ALIASMEM 0x34
+#define SAMR_UNKNOWN_35        0x35
+#define SAMR_UNKNOWN_36        0x36
+#define SAMR_CHGPASSWD_USER    0x37
+#define SAMR_GET_DOM_PWINFO    0x38
+#define SAMR_CONNECT           0x39
+#define SAMR_SET_USERINFO      0x3A
+
+#endif /* packet-msrpc-samr.h */
diff --git a/packet-msrpc-spoolss.c b/packet-msrpc-spoolss.c
new file mode 100644
index 0000000000..88926dcc4b
--- /dev/null
+++ b/packet-msrpc-spoolss.c
@@ -0,0 +1,117 @@
+/* packet-msrpc-spoolss.c
+ * Routines for SMB \\PIPE\\spoolss packet disassembly
+ * Copyright 2001, Tim Potter <tpot@samba.org>
+ *
+ * $Id: packet-msrpc-spoolss.c,v 1.1 2001/11/12 08:58:43 guy Exp $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ * 
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <glib.h>
+#include "packet.h"
+#include "packet-dcerpc.h"
+#include "packet-msrpc-spoolss.h"
+
+static int proto_msrpc_spoolss = -1;
+static gint ett_msrpc_spoolss = -1;
+
+static e_uuid_t uuid_msrpc_spoolss = {
+        0x12345678, 0x1234, 0xabcd,
+        { 0xef, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab }
+};
+
+static guint16 ver_msrpc_spoolss = 1;
+
+static dcerpc_sub_dissector msrpc_spoolss_dissectors[] = {
+        { SPOOLSS_ENUMPRINTERS, "SPOOLSS_ENUMPRINTERS", NULL, NULL },
+        { SPOOLSS_SETJOB, "SPOOLSS_SETJOB", NULL, NULL },
+        { SPOOLSS_GETJOB, "SPOOLSS_GETJOB", NULL, NULL },
+        { SPOOLSS_ENUMJOBS, "SPOOLSS_ENUMJOBS", NULL, NULL },
+        { SPOOLSS_ADDPRINTER, "SPOOLSS_ADDPRINTER", NULL, NULL },
+        { SPOOLSS_DELETEPRINTER, "SPOOLSS_DELETEPRINTER", NULL, NULL },
+        { SPOOLSS_SETPRINTER, "SPOOLSS_SETPRINTER", NULL, NULL },
+        { SPOOLSS_GETPRINTER, "SPOOLSS_GETPRINTER", NULL, NULL },
+        { SPOOLSS_ADDPRINTERDRIVER, "SPOOLSS_ADDPRINTERDRIVER", NULL, NULL },
+        { SPOOLSS_ENUMPRINTERDRIVERS, "SPOOLSS_ENUMPRINTERDRIVERS", NULL, NULL },
+        { SPOOLSS_GETPRINTERDRIVERDIRECTORY, "SPOOLSS_GETPRINTERDRIVERDIRECTORY", NULL, NULL },
+        { SPOOLSS_DELETEPRINTERDRIVER, "SPOOLSS_DELETEPRINTERDRIVER", NULL, NULL },
+        { SPOOLSS_ADDPRINTPROCESSOR, "SPOOLSS_ADDPRINTPROCESSOR", NULL, NULL },
+        { SPOOLSS_ENUMPRINTPROCESSORS, "SPOOLSS_ENUMPRINTPROCESSORS", NULL, NULL },
+        { SPOOLSS_STARTDOCPRINTER, "SPOOLSS_STARTDOCPRINTER", NULL, NULL },
+        { SPOOLSS_STARTPAGEPRINTER, "SPOOLSS_STARTPAGEPRINTER", NULL, NULL },
+        { SPOOLSS_WRITEPRINTER, "SPOOLSS_WRITEPRINTER", NULL, NULL },
+        { SPOOLSS_ENDPAGEPRINTER, "SPOOLSS_ENDPAGEPRINTER", NULL, NULL },
+        { SPOOLSS_ABORTPRINTER, "SPOOLSS_ABORTPRINTER", NULL, NULL },
+        { SPOOLSS_ENDDOCPRINTER, "SPOOLSS_ENDDOCPRINTER", NULL, NULL },
+        { SPOOLSS_ADDJOB, "SPOOLSS_ADDJOB", NULL, NULL },
+        { SPOOLSS_SCHEDULEJOB, "SPOOLSS_SCHEDULEJOB", NULL, NULL },
+        { SPOOLSS_GETPRINTERDATA, "SPOOLSS_GETPRINTERDATA", NULL, NULL },
+        { SPOOLSS_SETPRINTERDATA, "SPOOLSS_SETPRINTERDATA", NULL, NULL },
+        { SPOOLSS_CLOSEPRINTER, "SPOOLSS_CLOSEPRINTER", NULL, NULL },
+        { SPOOLSS_ADDFORM, "SPOOLSS_ADDFORM", NULL, NULL },
+        { SPOOLSS_DELETEFORM, "SPOOLSS_DELETEFORM", NULL, NULL },
+        { SPOOLSS_GETFORM, "SPOOLSS_GETFORM", NULL, NULL },
+        { SPOOLSS_SETFORM, "SPOOLSS_SETFORM", NULL, NULL },
+        { SPOOLSS_ENUMFORMS, "SPOOLSS_ENUMFORMS", NULL, NULL },
+        { SPOOLSS_ENUMPORTS, "SPOOLSS_ENUMPORTS", NULL, NULL },
+        { SPOOLSS_ENUMMONITORS, "SPOOLSS_ENUMMONITORS", NULL, NULL },
+        { SPOOLSS_ENUMPRINTPROCDATATYPES, "SPOOLSS_ENUMPRINTPROCDATATYPES", NULL, NULL },
+        { SPOOLSS_GETPRINTERDRIVER2, "SPOOLSS_GETPRINTERDRIVER2", NULL, NULL },
+        { SPOOLSS_FCPN, "SPOOLSS_FCPN", NULL, NULL },
+        { SPOOLSS_REPLYOPENPRINTER, "SPOOLSS_REPLYOPENPRINTER", NULL, NULL },
+        { SPOOLSS_REPLYCLOSEPRINTER, "SPOOLSS_REPLYCLOSEPRINTER", NULL, NULL },
+        { SPOOLSS_RFFPCNEX, "SPOOLSS_RFFPCNEX", NULL, NULL },
+        { SPOOLSS_RRPCN, "SPOOLSS_RRPCN", NULL, NULL },
+        { SPOOLSS_RFNPCNEX, "SPOOLSS_RFNPCNEX", NULL, NULL },
+        { SPOOLSS_OPENPRINTEREX, "SPOOLSS_OPENPRINTEREX", NULL, NULL },
+        { SPOOLSS_ADDPRINTEREX, "SPOOLSS_ADDPRINTEREX", NULL, NULL },
+        { SPOOLSS_ENUMPRINTERDATA, "SPOOLSS_ENUMPRINTERDATA", NULL, NULL },
+        { SPOOLSS_DELETEPRINTERDATA, "SPOOLSS_DELETEPRINTERDATA", NULL, NULL },
+        { SPOOLSS_GETPRINTERDATAEX, "SPOOLSS_GETPRINTERDATAEX", NULL, NULL },
+        { SPOOLSS_SETPRINTERDATAEX, "SPOOLSS_SETPRINTERDATAEX", NULL, NULL },
+
+        {0, NULL, NULL,  NULL },
+};
+
+void 
+proto_register_msrpc_spoolss(void)
+{
+        static gint *ett[] = {
+                &ett_msrpc_spoolss,
+        };
+
+        proto_msrpc_spoolss = proto_register_protocol(
+                "Microsoft Spool Subsystem", "SPOOLSS", "spoolss");
+
+        proto_register_subtree_array(ett, array_length(ett));
+}
+
+void
+proto_reg_handoff_msrpc_spoolss(void)
+{
+        /* Register protocol as dcerpc */
+
+        dcerpc_init_uuid(proto_msrpc_spoolss, ett_msrpc_spoolss, 
+                         &uuid_msrpc_spoolss, ver_msrpc_spoolss, 
+                         msrpc_spoolss_dissectors);
+}
diff --git a/packet-msrpc-spoolss.h b/packet-msrpc-spoolss.h
new file mode 100644
index 0000000000..07ea342627
--- /dev/null
+++ b/packet-msrpc-spoolss.h
@@ -0,0 +1,79 @@
+/* packet-msrpc-spoolss.h
+ * Routines for SMB \\PIPE\\spoolss packet disassembly
+ * Copyright 2001, Tim Potter <tpot@samba.org>
+ *
+ * $Id: packet-msrpc-spoolss.h,v 1.1 2001/11/12 08:58:43 guy Exp $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ * 
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifndef __PACKET_MSRPC_SPOOLSS_H
+#define __PACKET_MSRPC_SPOOLSS_H
+
+/* Functions available on the SPOOLSS pipe.  From Samba, 
+   include/rpc_spoolss.h */
+
+#define SPOOLSS_ENUMPRINTERS				0x00
+#define SPOOLSS_SETJOB					0x02
+#define SPOOLSS_GETJOB					0x03
+#define SPOOLSS_ENUMJOBS				0x04
+#define SPOOLSS_ADDPRINTER				0x05
+#define SPOOLSS_DELETEPRINTER				0x06
+#define SPOOLSS_SETPRINTER				0x07
+#define SPOOLSS_GETPRINTER				0x08
+#define SPOOLSS_ADDPRINTERDRIVER			0x09
+#define SPOOLSS_ENUMPRINTERDRIVERS			0x0a
+#define SPOOLSS_GETPRINTERDRIVERDIRECTORY		0x0c
+#define SPOOLSS_DELETEPRINTERDRIVER			0x0d
+#define SPOOLSS_ADDPRINTPROCESSOR			0x0e
+#define SPOOLSS_ENUMPRINTPROCESSORS			0x0f
+#define SPOOLSS_STARTDOCPRINTER				0x11
+#define SPOOLSS_STARTPAGEPRINTER			0x12
+#define SPOOLSS_WRITEPRINTER				0x13
+#define SPOOLSS_ENDPAGEPRINTER				0x14
+#define SPOOLSS_ABORTPRINTER				0x15
+#define SPOOLSS_ENDDOCPRINTER				0x17
+#define SPOOLSS_ADDJOB					0x18
+#define SPOOLSS_SCHEDULEJOB				0x19
+#define SPOOLSS_GETPRINTERDATA				0x1a
+#define SPOOLSS_SETPRINTERDATA				0x1b
+#define SPOOLSS_CLOSEPRINTER				0x1d
+#define SPOOLSS_ADDFORM					0x1e
+#define SPOOLSS_DELETEFORM				0x1f
+#define SPOOLSS_GETFORM					0x20
+#define SPOOLSS_SETFORM					0x21
+#define SPOOLSS_ENUMFORMS				0x22
+#define SPOOLSS_ENUMPORTS				0x23
+#define SPOOLSS_ENUMMONITORS				0x24
+#define SPOOLSS_ENUMPRINTPROCDATATYPES			0x33
+#define SPOOLSS_GETPRINTERDRIVER2			0x35
+#define SPOOLSS_FCPN					0x38
+#define SPOOLSS_REPLYOPENPRINTER			0x3a
+#define SPOOLSS_REPLYCLOSEPRINTER			0x3c
+#define SPOOLSS_RFFPCNEX				0x41
+#define SPOOLSS_RRPCN					0x42
+#define SPOOLSS_RFNPCNEX				0x43
+#define SPOOLSS_OPENPRINTEREX				0x45
+#define SPOOLSS_ADDPRINTEREX				0x46
+#define SPOOLSS_ENUMPRINTERDATA				0x48
+#define SPOOLSS_DELETEPRINTERDATA			0x49
+#define SPOOLSS_GETPRINTERDATAEX			0x4e
+#define SPOOLSS_SETPRINTERDATAEX			0x50
+
+#endif /* packet-msrpc-spoolss.h */
diff --git a/packet-msrpc-srvsvc.c b/packet-msrpc-srvsvc.c
new file mode 100644
index 0000000000..bc37991280
--- /dev/null
+++ b/packet-msrpc-srvsvc.c
@@ -0,0 +1,87 @@
+/* packet-msrpc-srvsvc.c
+ * Routines for SMB \\PIPE\\srvsvc packet disassembly
+ * Copyright 2001, Tim Potter <tpot@samba.org>
+ *
+ * $Id: packet-msrpc-srvsvc.c,v 1.1 2001/11/12 08:58:43 guy Exp $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ * 
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <glib.h>
+#include "packet.h"
+#include "packet-dcerpc.h"
+#include "packet-msrpc-srvsvc.h"
+
+static int proto_msrpc_srvsvc = -1;
+static gint ett_msrpc_srvsvc = -1;
+
+static e_uuid_t uuid_msrpc_srvsvc = {
+        0x4b324fc8, 0x1670, 0x01d3,
+        { 0x12, 0x78, 0x5a, 0x47, 0xbf, 0x6e, 0xe1, 0x88 }
+};
+
+static guint16 ver_msrpc_srvsvc = 3;
+
+static dcerpc_sub_dissector msrpc_srvsvc_dissectors[] = {
+        { SRV_NETCONNENUM, "SRV_NETCONNENUM", NULL, NULL },
+        { SRV_NETFILEENUM, "SRV_NETFILEENUM", NULL, NULL },
+        { SRV_NETSESSENUM, "SRV_NETSESSENUM", NULL, NULL },
+        { SRV_NET_SHARE_ADD, "SRV_NET_SHARE_ADD", NULL, NULL },
+        { SRV_NETSHAREENUM_ALL, "SRV_NETSHAREENUM_ALL", NULL, NULL },
+        { SRV_NET_SHARE_GET_INFO, "SRV_NET_SHARE_GET_INFO", NULL, NULL },
+        { SRV_NET_SHARE_SET_INFO, "SRV_NET_SHARE_SET_INFO", NULL, NULL },
+        { SRV_NET_SHARE_DEL, "SRV_NET_SHARE_DEL", NULL, NULL },
+        { SRV_NET_SRV_GET_INFO, "SRV_NET_SRV_GET_INFO", NULL, NULL },
+        { SRV_NET_SRV_SET_INFO, "SRV_NET_SRV_SET_INFO", NULL, NULL },
+        { SRV_NET_DISK_ENUM, "SRV_NET_DISK_ENUM", NULL, NULL },
+        { SRV_NET_REMOTE_TOD, "SRV_NET_REMOTE_TOD", NULL, NULL },
+        { SRV_NET_NAME_VALIDATE, "SRV_NET_NAME_VALIDATE", NULL, NULL },
+        { SRV_NETSHAREENUM, "SRV_NETSHAREENUM", NULL, NULL },
+        { SRV_NETFILEQUERYSECDESC, "SRV_NETFILEQUERYSECDESC", NULL, NULL },
+        { SRV_NETFILESETSECDESC, "SRV_NETFILESETSECDESC", NULL, NULL },
+
+        {0, NULL, NULL,  NULL },
+};
+
+void 
+proto_register_msrpc_srvsvc(void)
+{
+        static gint *ett[] = {
+                &ett_msrpc_srvsvc,
+        };
+
+        proto_msrpc_srvsvc = proto_register_protocol(
+                "Microsoft Server Service", "SRVSVC", "srvsvc");
+
+        proto_register_subtree_array(ett, array_length(ett));
+}
+
+void
+proto_reg_handoff_msrpc_srvsvc(void)
+{
+        /* Register protocol as dcerpc */
+
+        dcerpc_init_uuid(proto_msrpc_srvsvc, ett_msrpc_srvsvc, 
+                         &uuid_msrpc_srvsvc, ver_msrpc_srvsvc, 
+                         msrpc_srvsvc_dissectors);
+}
diff --git a/packet-msrpc-srvsvc.h b/packet-msrpc-srvsvc.h
new file mode 100644
index 0000000000..dfdf3e99bc
--- /dev/null
+++ b/packet-msrpc-srvsvc.h
@@ -0,0 +1,48 @@
+/* packet-msrpc-srvsvc.h
+ * Routines for SMB \\PIPE\\srvsvc packet disassembly
+ * Copyright 2001, Tim Potter <tpot@samba.org>
+ *
+ * $Id: packet-msrpc-srvsvc.h,v 1.1 2001/11/12 08:58:43 guy Exp $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ * 
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifndef __PACKET_MSRPC_SRVSVC_H
+#define __PACKET_MSRPC_SRVSVC_H
+
+/* Functions available on the SRVSVC pipe.  From Samba, include/rpc_srvsvc.h */
+
+#define SRV_NETCONNENUM        0x08
+#define SRV_NETFILEENUM        0x09
+#define SRV_NETSESSENUM        0x0c
+#define SRV_NET_SHARE_ADD      0x0e
+#define SRV_NETSHAREENUM_ALL   0x0f
+#define SRV_NET_SHARE_GET_INFO 0x10
+#define SRV_NET_SHARE_SET_INFO 0x11
+#define SRV_NET_SHARE_DEL      0x12
+#define SRV_NET_SRV_GET_INFO   0x15
+#define SRV_NET_SRV_SET_INFO   0x16
+#define SRV_NET_DISK_ENUM      0x17
+#define SRV_NET_REMOTE_TOD     0x1c
+#define SRV_NET_NAME_VALIDATE  0x21
+#define SRV_NETSHAREENUM       0x24
+#define SRV_NETFILEQUERYSECDESC 0x27
+#define SRV_NETFILESETSECDESC	0x28
+
+#endif /* packet-msrpc-srvsvc.h */
diff --git a/packet-msrpc-wkssvc.c b/packet-msrpc-wkssvc.c
new file mode 100644
index 0000000000..9569578b47
--- /dev/null
+++ b/packet-msrpc-wkssvc.c
@@ -0,0 +1,72 @@
+/* packet-msrpc-wkssvc.c
+ * Routines for SMB \\PIPE\\wkssvc packet disassembly
+ * Copyright 2001, Tim Potter <tpot@samba.org>
+ *
+ * $Id: packet-msrpc-wkssvc.c,v 1.1 2001/11/12 08:58:43 guy Exp $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ * 
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <glib.h>
+#include "packet.h"
+#include "packet-dcerpc.h"
+#include "packet-msrpc-wkssvc.h"
+
+static int proto_msrpc_wkssvc = -1;
+static gint ett_msrpc_wkssvc = -1;
+
+static e_uuid_t uuid_msrpc_wkssvc = {
+        0x6bffd098, 0xa112, 0x3610,
+        { 0x98, 0x33, 0x46, 0xc3, 0xf8, 0x7e, 0x34, 0x5a }
+};
+
+static guint16 ver_msrpc_wkssvc = 1;
+
+static dcerpc_sub_dissector msrpc_wkssvc_dissectors[] = {
+        { WKS_QUERY_INFO, "WKS_QUERY_INFO", NULL, NULL },
+
+        {0, NULL, NULL,  NULL },
+};
+
+void 
+proto_register_msrpc_wkssvc(void)
+{
+        static gint *ett[] = {
+                &ett_msrpc_wkssvc,
+        };
+
+        proto_msrpc_wkssvc = proto_register_protocol(
+                "Microsoft Workstation Service", "WKSSVC", "wkssvc");
+
+        proto_register_subtree_array(ett, array_length(ett));
+}
+
+void
+proto_reg_handoff_msrpc_wkssvc(void)
+{
+        /* Register protocol as dcerpc */
+
+        dcerpc_init_uuid(proto_msrpc_wkssvc, ett_msrpc_wkssvc, 
+                         &uuid_msrpc_wkssvc, ver_msrpc_wkssvc, 
+                         msrpc_wkssvc_dissectors);
+}
diff --git a/packet-msrpc-wkssvc.h b/packet-msrpc-wkssvc.h
new file mode 100644
index 0000000000..c9e0f06a2c
--- /dev/null
+++ b/packet-msrpc-wkssvc.h
@@ -0,0 +1,33 @@
+/* packet-msrpc-wkssvc.h
+ * Routines for SMB \\PIPE\\wkssvc packet disassembly
+ * Copyright 2001, Tim Potter <tpot@samba.org>
+ *
+ * $Id: packet-msrpc-wkssvc.h,v 1.1 2001/11/12 08:58:43 guy Exp $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ * 
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifndef __PACKET_MSRPC_WKSSVC_H
+#define __PACKET_MSRPC_WKSSVC_H
+
+/* Functions available on the WKSSVC pipe.  From Samba, include/rpc_wkssvc.h */
+
+#define WKS_QUERY_INFO    0x00
+
+#endif /* packet-msrpc-wkssvc.h */
diff --git a/packet-smb-pipe.c b/packet-smb-pipe.c
index 7ac1e310e7..ea80a60c53 100644
--- a/packet-smb-pipe.c
+++ b/packet-smb-pipe.c
@@ -8,7 +8,7 @@ XXX  Fixme : shouldnt show [malformed frame] for long packets
  * significant rewrite to tvbuffify the dissector, Ronnie Sahlberg and
  * Guy Harris 2001
  *
- * $Id: packet-smb-pipe.c,v 1.38 2001/11/03 00:58:49 guy Exp $
+ * $Id: packet-smb-pipe.c,v 1.39 2001/11/12 08:58:43 guy Exp $
  *
  * Ethereal - Network traffic analyzer
  * By Gerald Combs <gerald@ethereal.com>
@@ -2218,6 +2218,22 @@ dissect_pipe_lanman(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
 	return TRUE;
 }
 
+static heur_dissector_list_t msrpc_heur_subdissector_list;
+
+static gboolean
+dissect_pipe_msrpc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
+{
+        gboolean result;
+
+        result = dissector_try_heuristic(msrpc_heur_subdissector_list, tvb,
+                                         pinfo, parent_tree);
+
+        if (!result)
+                dissect_data(tvb, 0, pinfo, parent_tree);
+
+        return TRUE;
+}
+
 gboolean
 dissect_pipe_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 {
@@ -2233,6 +2249,16 @@ dissect_pipe_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 		return dissect_pipe_lanman(tvb, pinfo, tree);
 	}
 
+        /* MSRPC pipes are transacts on an unnamed pipe (i.e \PIPE\) which
+           is stripped off in the transact dissector */
+
+        if (smb_info->trans_cmd && strcmp(smb_info->trans_cmd, "") == 0) {
+                
+                /* Try to decode a msrpc pipe */
+
+                return dissect_pipe_msrpc(tvb, pinfo, tree);
+        }
+
 	return FALSE;
 }
 
@@ -2567,4 +2593,6 @@ register_proto_smb_pipe(void)
 		"Microsoft Windows Lanman Remote API Protocol", "LANMAN", "lanman");
 	proto_register_field_array(proto_smb_lanman, hf, array_length(hf));
 	proto_register_subtree_array(ett, array_length(ett));
+
+        register_heur_dissector_list("msrpc", &msrpc_heur_subdissector_list);
 }