diff options
-rw-r--r-- | epan/Makefile.common | 3 | ||||
-rw-r--r-- | epan/dissectors/packet-dcerpc-epm.c | 59 | ||||
-rw-r--r-- | epan/dissectors/packet-dcerpc.c | 157 | ||||
-rw-r--r-- | epan/dissectors/packet-dcom-cba.c | 21 | ||||
-rw-r--r-- | epan/dissectors/packet-dcom-remact.c | 4 | ||||
-rw-r--r-- | epan/dissectors/packet-dcom-remunkn.c | 2 | ||||
-rw-r--r-- | epan/dissectors/packet-dcom.c | 224 | ||||
-rw-r--r-- | epan/dissectors/packet-dcom.h | 14 | ||||
-rw-r--r-- | epan/guid-utils.c | 88 | ||||
-rw-r--r-- | epan/guid-utils.h | 19 |
10 files changed, 408 insertions, 183 deletions
diff --git a/epan/Makefile.common b/epan/Makefile.common index 92b254d641..42540cba49 100644 --- a/epan/Makefile.common +++ b/epan/Makefile.common @@ -55,6 +55,7 @@ LIBWIRESHARK_SRC = \ follow.c \ frame_data.c \ funnel.c \ + guid-utils.c \ h225-persistentdata.c \ in_cksum.c \ ipproto.c \ @@ -135,6 +136,7 @@ LIBWIRESHARK_INCLUDES = \ funnel.h \ gnuc_format_check.h \ greproto.h \ + guid-utils.h \ h225-persistentdata.h \ iax2_codec_type.h \ in_cksum.h \ @@ -142,7 +144,6 @@ LIBWIRESHARK_INCLUDES = \ ipproto.h \ ipv4.h \ ipv6-utils.h \ - guid-utils.h \ lapd_sapi.h \ llcsaps.h \ next_tvb.h \ diff --git a/epan/dissectors/packet-dcerpc-epm.c b/epan/dissectors/packet-dcerpc-epm.c index a749b6ca33..b6e46b6f98 100644 --- a/epan/dissectors/packet-dcerpc-epm.c +++ b/epan/dissectors/packet-dcerpc-epm.c @@ -32,6 +32,7 @@ #include <glib.h> #include <epan/packet.h> +#include <epan/expert.h> #include "packet-dcerpc.h" #include "packet-dcerpc-nt.h" @@ -79,6 +80,11 @@ static e_uuid_t uuid_epm = { 0xe1af8308, 0x5d1f, 0x11c9, { 0x91, 0xa4, 0x08, 0x0 static guint16 ver_epm3 = 3; static guint16 ver_epm4 = 4; + +GHashTable *uuids=NULL; +static e_uuid_t uuid_data_repr_proto = { 0x8a885d04, 0x1ceb, 0x11c9, { 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60 } }; + + static const value_string ep_service[] = { { 0, "rpc_c_ep_all_elts" }, { 1, "rpc_c_ep_match_by_if" }, @@ -324,6 +330,7 @@ epm_dissect_tower_data (tvbuff_t *tvb, int offset, { guint16 num_floors, i; dcerpc_info *di; + const char *uuid_name; di=pinfo->private_data; if(di->conformant_run){ @@ -341,6 +348,7 @@ epm_dissect_tower_data (tvbuff_t *tvb, int offset, guint16 len; guint8 proto_id; e_uuid_t uuid; + proto_item *pi; it = proto_tree_add_text(tree, tvb, offset, 0, "Floor %d ", i); tr = proto_item_add_subtree(it, ett_epm_tower_floor); @@ -356,20 +364,33 @@ epm_dissect_tower_data (tvbuff_t *tvb, int offset, case PROTO_ID_UUID: dcerpc_tvb_get_uuid (tvb, offset+1, drep, &uuid); - proto_tree_add_string_format (tr, hf_epm_uuid, tvb, offset+1, 16, "", - "UUID: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", - uuid.Data1, uuid.Data2, uuid.Data3, - uuid.Data4[0], uuid.Data4[1], - uuid.Data4[2], uuid.Data4[3], - uuid.Data4[4], uuid.Data4[5], - uuid.Data4[6], uuid.Data4[7]); + uuid_name = guids_get_guid_name(uuids, (e_guid_t *) &uuid); + + if(uuid_name != NULL) { + proto_tree_add_guid_format (tr, hf_epm_uuid, tvb, offset+1, 16, (e_guid_t *) &uuid, + "UUID: %s (%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x)", + uuid_name, + uuid.Data1, uuid.Data2, uuid.Data3, + uuid.Data4[0], uuid.Data4[1], + uuid.Data4[2], uuid.Data4[3], + uuid.Data4[4], uuid.Data4[5], + uuid.Data4[6], uuid.Data4[7]); + } else { + proto_tree_add_guid_format (tr, hf_epm_uuid, tvb, offset+1, 16, (e_guid_t *) &uuid, + "UUID: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", + uuid.Data1, uuid.Data2, uuid.Data3, + uuid.Data4[0], uuid.Data4[1], + uuid.Data4[2], uuid.Data4[3], + uuid.Data4[4], uuid.Data4[5], + uuid.Data4[6], uuid.Data4[7]); + } proto_tree_add_text(tr, tvb, offset+17, 2, "Version %d.%d", tvb_get_guint8(tvb, offset+17), tvb_get_guint8(tvb, offset+18)); { guint16 version = tvb_get_ntohs(tvb, offset+17); const char *service = dcerpc_get_proto_name(&uuid, version); - if (service) - proto_item_append_text(tr, "UUID: %s", service); + if (service || uuid_name) + proto_item_append_text(tr, "UUID: %s", service ? service : uuid_name); else proto_item_append_text(tr, "UUID: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x Version %d.%d", uuid.Data1, uuid.Data2, uuid.Data3, uuid.Data4[0], uuid.Data4[1], @@ -384,7 +405,7 @@ epm_dissect_tower_data (tvbuff_t *tvb, int offset, offset += len; len = tvb_get_letohs(tvb, offset); - proto_tree_add_uint(tr, hf_epm_tower_rhs_len, tvb, offset, 2, len); + pi = proto_tree_add_uint(tr, hf_epm_tower_rhs_len, tvb, offset, 2, len); offset += 2; switch(proto_id){ @@ -408,6 +429,11 @@ epm_dissect_tower_data (tvbuff_t *tvb, int offset, proto_item_append_text(tr, "RPC connection-oriented protocol"); break; + case PROTO_ID_RPC_CL: + proto_item_append_text(tr, "RPC connectionless protocol"); + /* XXX - two (zero) bytes still undecoded, don't know what it is */ + break; + case PROTO_ID_NAMED_PIPES: /* \\PIPE\xxx named pipe */ tvb_ensure_bytes_exist(tvb, offset, len); proto_tree_add_item(tr, hf_epm_proto_named_pipes, tvb, offset, len, TRUE); @@ -432,8 +458,10 @@ epm_dissect_tower_data (tvbuff_t *tvb, int offset, default: if(len){ + expert_add_info_format(pinfo, pi, PI_UNDECODED, PI_WARN, "RightHandSide not decoded yet for proto_id 0x%x", + proto_id); tvb_ensure_bytes_exist(tvb, offset, len); - proto_tree_add_text(tr, tvb, offset, len, "not decoded yet"); + proto_tree_add_text(tr, tvb, offset, len, "RightHandSide not decoded yet for proto_id 0x%x", proto_id); } } offset += len; @@ -677,9 +705,9 @@ proto_register_epm (void) { &hf_epm_inquiry_type, { "Inquiry type", "epm.inq_type", FT_UINT32, BASE_DEC, VALS(ep_service), 0x0, "", HFILL }}, { &hf_epm_object, - { "Object", "epm.object", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }}, + { "Object", "epm.object", FT_GUID, BASE_NONE, NULL, 0x0, "", HFILL }}, { &hf_epm_if_id, - { "Interface", "epm.if_id", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }}, + { "Interface", "epm.if_id", FT_GUID, BASE_NONE, NULL, 0x0, "", HFILL }}, { &hf_epm_ver_maj, { "Version Major", "epm.ver_maj", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }}, { &hf_epm_ver_min, @@ -693,7 +721,7 @@ proto_register_epm (void) { &hf_epm_num_ents, { "Num entries", "epm.num_ents", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }}, { &hf_epm_uuid, - { "UUID", "epm.uuid", FT_STRING, BASE_NONE, NULL, 0x0, "UUID", HFILL }}, + { "UUID", "epm.uuid", FT_GUID, BASE_NONE, NULL, 0x0, "UUID", HFILL }}, { &hf_epm_annotation, { "Annotation", "epm.annotation", FT_STRING, BASE_NONE, NULL, 0x0, "Annotation", HFILL }}, { &hf_epm_proto_named_pipes, @@ -739,6 +767,9 @@ proto_register_epm (void) &ett_epm_entry }; + uuids = guids_new(); + guids_add_guid(uuids, (e_guid_t *) &uuid_data_repr_proto, "Version 1.1 network data representation protocol", NULL); + /* interface version 3 */ proto_epm3 = proto_register_protocol ("DCE/RPC Endpoint Mapper", "EPM", "epm"); proto_register_field_array (proto_epm3, hf, array_length (hf)); diff --git a/epan/dissectors/packet-dcerpc.c b/epan/dissectors/packet-dcerpc.c index 27c8ee7f09..dc59b83343 100644 --- a/epan/dissectors/packet-dcerpc.c +++ b/epan/dissectors/packet-dcerpc.c @@ -369,11 +369,14 @@ static int hf_dcerpc_cn_max_xmit = -1; static int hf_dcerpc_cn_max_recv = -1; static int hf_dcerpc_cn_assoc_group = -1; static int hf_dcerpc_cn_num_ctx_items = -1; +static int hf_dcerpc_cn_ctx_item = -1; static int hf_dcerpc_cn_ctx_id = -1; static int hf_dcerpc_cn_num_trans_items = -1; +static int hf_dcerpc_cn_bind_abstract_syntax = -1; static int hf_dcerpc_cn_bind_if_id = -1; static int hf_dcerpc_cn_bind_if_ver = -1; static int hf_dcerpc_cn_bind_if_ver_minor = -1; +static int hf_dcerpc_cn_bind_trans_syntax = -1; static int hf_dcerpc_cn_bind_trans_id = -1; static int hf_dcerpc_cn_bind_trans_ver = -1; static int hf_dcerpc_cn_alloc_hint = -1; @@ -462,6 +465,7 @@ static gint ett_dcerpc = -1; static gint ett_dcerpc_cn_flags = -1; static gint ett_dcerpc_cn_ctx = -1; static gint ett_dcerpc_cn_iface = -1; +static gint ett_dcerpc_cn_trans_syntax = -1; static gint ett_dcerpc_drep = -1; static gint ett_dcerpc_dg_flags1 = -1; static gint ett_dcerpc_dg_flags2 = -1; @@ -1143,18 +1147,18 @@ dissect_dcerpc_uuid_t (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_, int hfindex, e_uuid_t *pdata) { e_uuid_t uuid; - header_field_info* hfi; #if 0 + header_field_info* hfi; gchar *uuid_name; #endif dcerpc_tvb_get_uuid (tvb, offset, drep, &uuid); if (tree) { +#if 0 /* get name of protocol field to prepend it later */ hfi = proto_registrar_get_nth(hfindex); -#if 0 /* XXX - get the name won't work correct, as we don't know the version of this uuid (if it has one) */ /* look for a registered uuid name */ uuid_name = dcerpc_get_uuid_name(&uuid, 0); @@ -1172,21 +1176,9 @@ dissect_dcerpc_uuid_t (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_, } else { #endif /* GUID have changed from FT_STRING to FT_GUID - but we havent changed all dissectors yet. + (XXX - have we changed all dissectors?). */ - if(hfi->type==FT_GUID){ - proto_tree_add_item(tree, hfindex, tvb, offset, 16, (drep[0] & 0x10)); - } else { - /* we don't know the name of this uuid */ - proto_tree_add_string_format (tree, hfindex, tvb, offset, 16, "", - "%s: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", - hfi->name, - uuid.Data1, uuid.Data2, uuid.Data3, - uuid.Data4[0], uuid.Data4[1], - uuid.Data4[2], uuid.Data4[3], - uuid.Data4[4], uuid.Data4[5], - uuid.Data4[6], uuid.Data4[7]); - } + proto_tree_add_guid(tree, hfindex, tvb, offset, 16, (e_guid_t *) &uuid); #if 0 } #endif @@ -2622,9 +2614,11 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo, char uuid_str[DCERPC_UUID_STR_LEN]; int uuid_str_len; dcerpc_auth_info auth_info; + char *uuid_name = NULL; #ifdef _WIN32 - char uuid_name[MAX_PATH]; + char uuid_name2[MAX_PATH]; #endif + proto_item *iface_item; offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, hf_dcerpc_cn_max_xmit, NULL); @@ -2642,9 +2636,11 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo, offset += 3; for (i = 0; i < num_ctx_items; i++) { + proto_item *ctx_item; proto_tree *ctx_tree = NULL, *iface_tree = NULL; + gint ctx_offset = offset; - offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, NULL, hdr->drep, + dissect_dcerpc_uint16 (tvb, offset, pinfo, NULL, hdr->drep, hf_dcerpc_cn_ctx_id, &ctx_id); if (check_col (pinfo->cinfo, COL_DCE_CTX)) { @@ -2663,25 +2659,29 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo, pinfo->dcectxid = ctx_id; if (dcerpc_tree) { - proto_item *ctx_item; - - ctx_item = proto_tree_add_item(dcerpc_tree, hf_dcerpc_cn_ctx_id, - tvb, offset - 2, 2, + ctx_item = proto_tree_add_item(dcerpc_tree, hf_dcerpc_cn_ctx_item, + tvb, offset, 0, hdr->drep[0] & 0x10); - ctx_tree = proto_item_add_subtree(ctx_item, ett_dcerpc_cn_ctx); } + offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, ctx_tree, hdr->drep, + hf_dcerpc_cn_ctx_id, &ctx_id); offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, ctx_tree, hdr->drep, hf_dcerpc_cn_num_trans_items, &num_trans_items); + if(dcerpc_tree) { + proto_item_append_text(ctx_item, "[%u]: ID:%u", i+1, ctx_id); + } + /* padding */ offset += 1; - /* XXX - use "dissect_ndr_uuid_t()"? */ dcerpc_tvb_get_uuid (tvb, offset, hdr->drep, &if_id); if (ctx_tree) { - proto_item *iface_item; + + iface_item = proto_tree_add_item(ctx_tree, hf_dcerpc_cn_bind_abstract_syntax, tvb, offset, 0, FALSE); + iface_tree = proto_item_add_subtree(iface_item, ett_dcerpc_cn_iface); uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", @@ -2693,15 +2693,21 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo, if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN) memset(uuid_str, 0, DCERPC_UUID_STR_LEN); + #ifdef _WIN32 - if(ResolveWin32UUID(if_id, uuid_name, MAX_PATH)) - iface_item = proto_tree_add_string_format (ctx_tree, hf_dcerpc_cn_bind_if_id, tvb, - offset, 16, uuid_str, "Interface: %s\tUUID: %s", uuid_name, uuid_str); - else + if(ResolveWin32UUID(if_id, uuid_name2, MAX_PATH)) { + uuid_name = uuid_name2; + } + if(uuid_name) { + proto_tree_add_guid_format (iface_tree, hf_dcerpc_cn_bind_if_id, tvb, + offset, 16, (e_guid_t *) &if_id, "Interface: %s UUID: %s", uuid_name, uuid_str); + proto_item_append_text(iface_item, "%s", uuid_name); + } else { #endif - iface_item = proto_tree_add_string_format (ctx_tree, hf_dcerpc_cn_bind_if_id, tvb, - offset, 16, uuid_str, "Interface UUID: %s", uuid_str); - iface_tree = proto_item_add_subtree(iface_item, ett_dcerpc_cn_iface); + proto_tree_add_guid_format (iface_tree, hf_dcerpc_cn_bind_if_id, tvb, + offset, 16, (e_guid_t *) &if_id, "Interface UUID: %s", uuid_str); + proto_item_append_text(iface_item, "%s", uuid_str); + } } offset += 16; @@ -2717,6 +2723,11 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo, hf_dcerpc_cn_bind_if_ver, &if_ver); } + if (ctx_tree) { + proto_item_append_text(iface_item, " V%u.%u", if_ver, if_ver_minor); + proto_item_set_len(iface_item, 20); + } + if (!saw_ctx_item) { conv = find_conversation (pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype, pinfo->srcport, pinfo->destport, 0); @@ -2767,9 +2778,9 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo, col_append_fstr(pinfo->cinfo, COL_INFO, " UUID: %s", value->name); else #ifdef _WIN32 - if(ResolveWin32UUID(if_id, uuid_name, MAX_PATH)) + if(ResolveWin32UUID(if_id, uuid_name2, MAX_PATH)) col_append_fstr(pinfo->cinfo, COL_INFO, " [%s] UUID: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x ver %u.%u", - uuid_name, if_id.Data1, if_id.Data2, if_id.Data3, + uuid_name2, if_id.Data1, if_id.Data2, if_id.Data3, if_id.Data4[0], if_id.Data4[1], if_id.Data4[2], if_id.Data4[3], if_id.Data4[4], if_id.Data4[5], @@ -2789,9 +2800,15 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo, } for (j = 0; j < num_trans_items; j++) { - /* XXX - use "dissect_ndr_uuid_t()"? */ + proto_tree *trans_tree = NULL; + proto_item *trans_item = NULL; + dcerpc_tvb_get_uuid (tvb, offset, hdr->drep, &trans_id); - if (iface_tree) { + if (ctx_tree) { + + trans_item = proto_tree_add_item(ctx_tree, hf_dcerpc_cn_bind_trans_syntax, tvb, offset, 0, FALSE); + trans_tree = proto_item_add_subtree(trans_item, ett_dcerpc_cn_trans_syntax); + uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", trans_id.Data1, trans_id.Data2, trans_id.Data3, @@ -2801,13 +2818,22 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo, trans_id.Data4[6], trans_id.Data4[7]); if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN) memset(uuid_str, 0, DCERPC_UUID_STR_LEN); - proto_tree_add_string_format (iface_tree, hf_dcerpc_cn_bind_trans_id, tvb, - offset, 16, uuid_str, "Transfer Syntax: %s", uuid_str); + proto_tree_add_guid_format (trans_tree, hf_dcerpc_cn_bind_trans_id, tvb, + offset, 16, (e_guid_t *) &trans_id, "Transfer Syntax: %s", uuid_str); + proto_item_append_text(trans_item, "[%u]: %s", j+1, uuid_str); } offset += 16; - offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, iface_tree, hdr->drep, + offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, trans_tree, hdr->drep, hf_dcerpc_cn_bind_trans_ver, &trans_ver); + if (ctx_tree) { + proto_item_set_len(trans_item, 20); + proto_item_append_text(trans_item, " V%u", trans_ver); + } + } + + if(ctx_tree) { + proto_item_set_len(ctx_item, offset - ctx_offset); } } @@ -2868,7 +2894,7 @@ dissect_dcerpc_cn_bind_ack (tvbuff_t *tvb, gint offset, packet_info *pinfo, if(dcerpc_tree){ proto_item *ctx_item; - ctx_item = proto_tree_add_text(dcerpc_tree, tvb, offset, 24, "Context ID: %d", i); + ctx_item = proto_tree_add_text(dcerpc_tree, tvb, offset, 24, "Context ID[%u]", i+1); ctx_tree = proto_item_add_subtree(ctx_item, ett_dcerpc_cn_ctx); } @@ -2887,7 +2913,6 @@ dissect_dcerpc_cn_bind_ack (tvbuff_t *tvb, gint offset, packet_info *pinfo, offset += 2; } - /* XXX - use "dissect_ndr_uuid_t()"? */ dcerpc_tvb_get_uuid (tvb, offset, hdr->drep, &trans_id); if (ctx_tree) { uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN, @@ -2899,8 +2924,8 @@ dissect_dcerpc_cn_bind_ack (tvbuff_t *tvb, gint offset, packet_info *pinfo, trans_id.Data4[6], trans_id.Data4[7]); if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN) memset(uuid_str, 0, DCERPC_UUID_STR_LEN); - proto_tree_add_string_format (ctx_tree, hf_dcerpc_cn_ack_trans_id, tvb, - offset, 16, uuid_str, "Transfer Syntax: %s", uuid_str); + proto_tree_add_guid_format (ctx_tree, hf_dcerpc_cn_ack_trans_id, tvb, + offset, 16, (e_guid_t *) &trans_id, "Transfer Syntax: %s", uuid_str); } offset += 16; @@ -3344,7 +3369,6 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo, } if (hdr->flags & PFC_OBJECT_UUID) { - /* XXX - use "dissect_ndr_uuid_t()"? */ dcerpc_tvb_get_uuid (tvb, offset, hdr->drep, &obj_id); if (dcerpc_tree) { uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN, @@ -3360,8 +3384,8 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo, obj_id.Data4[7]); if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN) memset(uuid_str, 0, DCERPC_UUID_STR_LEN); - proto_tree_add_string_format (dcerpc_tree, hf_dcerpc_obj_id, tvb, - offset, 16, uuid_str, "Object UUID: %s", uuid_str); + proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_obj_id, tvb, + offset, 16, (e_guid_t *) &obj_id, "Object UUID: %s", uuid_str); } offset += 16; } @@ -3599,7 +3623,6 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, gint offset, packet_info *pinfo, /* (optional) "Object UUID" from request */ if (value && dcerpc_tree && memcmp(&value->object_uuid, &obj_id_null, sizeof(obj_id_null)) != 0) { - /* XXX - use "dissect_ndr_uuid_t()"? */ uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", value->object_uuid.Data1, value->object_uuid.Data2, value->object_uuid.Data3, @@ -3613,8 +3636,8 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, gint offset, packet_info *pinfo, value->object_uuid.Data4[7]); if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN) memset(uuid_str, 0, DCERPC_UUID_STR_LEN); - pi = proto_tree_add_string_format (dcerpc_tree, hf_dcerpc_obj_id, tvb, - offset, 0, uuid_str, "Object UUID: %s", uuid_str); + pi = proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_obj_id, tvb, + offset, 0, (e_guid_t *) &value->object_uuid, "Object UUID: %s", uuid_str); PROTO_ITEM_SET_GENERATED(pi); } @@ -4980,7 +5003,6 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) offset++; if (tree) { - /* XXX - use "dissect_ndr_uuid_t()"? */ uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", hdr.obj_id.Data1, hdr.obj_id.Data2, hdr.obj_id.Data3, @@ -4994,13 +5016,12 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) hdr.obj_id.Data4[7]); if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN) memset(uuid_str, 0, DCERPC_UUID_STR_LEN); - proto_tree_add_string_format (dcerpc_tree, hf_dcerpc_obj_id, tvb, - offset, 16, uuid_str, "Object UUID: %s", uuid_str); + proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_obj_id, tvb, + offset, 16, (e_guid_t *) &hdr.obj_id, "Object UUID: %s", uuid_str); } offset += 16; if (tree) { - /* XXX - use "dissect_ndr_uuid_t()"? */ uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", hdr.if_id.Data1, hdr.if_id.Data2, hdr.if_id.Data3, @@ -5014,13 +5035,12 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) hdr.if_id.Data4[7]); if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN) memset(uuid_str, 0, DCERPC_UUID_STR_LEN); - proto_tree_add_string_format (dcerpc_tree, hf_dcerpc_dg_if_id, tvb, - offset, 16, uuid_str, "Interface: %s", uuid_str); + proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_dg_if_id, tvb, + offset, 16, (e_guid_t *) &hdr.if_id, "Interface: %s", uuid_str); } offset += 16; if (tree) { - /* XXX - use "dissect_ndr_uuid_t()"? */ uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", hdr.act_id.Data1, hdr.act_id.Data2, hdr.act_id.Data3, @@ -5034,8 +5054,8 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) hdr.act_id.Data4[7]); if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN) memset(uuid_str, 0, DCERPC_UUID_STR_LEN); - proto_tree_add_string_format (dcerpc_tree, hf_dcerpc_dg_act_id, tvb, - offset, 16, uuid_str, "Activity: %s", uuid_str); + proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_dg_act_id, tvb, + offset, 16, (e_guid_t *) &hdr.act_id, "Activity: %s", uuid_str); } offset += 16; @@ -5291,20 +5311,26 @@ proto_register_dcerpc (void) { "Assoc Group", "dcerpc.cn_assoc_group", FT_UINT32, BASE_HEX, NULL, 0x0, "", HFILL }}, { &hf_dcerpc_cn_num_ctx_items, { "Num Ctx Items", "dcerpc.cn_num_ctx_items", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }}, + { &hf_dcerpc_cn_ctx_item, + { "Ctx Item", "dcerpc.cn_ctx_item", FT_NONE, BASE_NONE, NULL, 0x0, "", HFILL }}, { &hf_dcerpc_cn_ctx_id, { "Context ID", "dcerpc.cn_ctx_id", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }}, { &hf_dcerpc_cn_num_trans_items, { "Num Trans Items", "dcerpc.cn_num_trans_items", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }}, + { &hf_dcerpc_cn_bind_abstract_syntax, + { "Abstract Syntax", "dcerpc.cn_bind_abstract_syntax", FT_NONE, BASE_NONE, NULL, 0x0, "", HFILL }}, { &hf_dcerpc_cn_bind_if_id, - { "Interface UUID", "dcerpc.cn_bind_to_uuid", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }}, + { "Interface UUID", "dcerpc.cn_bind_to_uuid", FT_GUID, BASE_NONE, NULL, 0x0, "", HFILL }}, { &hf_dcerpc_cn_bind_if_ver, { "Interface Ver", "dcerpc.cn_bind_if_ver", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }}, { &hf_dcerpc_cn_bind_if_ver_minor, { "Interface Ver Minor", "dcerpc.cn_bind_if_ver_minor", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }}, + { &hf_dcerpc_cn_bind_trans_syntax, + { "Transfer Syntax", "dcerpc.cn_bind_trans", FT_NONE, BASE_NONE, NULL, 0x0, "", HFILL }}, { &hf_dcerpc_cn_bind_trans_id, - { "Transfer Syntax", "dcerpc.cn_bind_trans_id", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }}, + { "ID", "dcerpc.cn_bind_trans_id", FT_GUID, BASE_NONE, NULL, 0x0, "", HFILL }}, { &hf_dcerpc_cn_bind_trans_ver, - { "Syntax ver", "dcerpc.cn_bind_trans_ver", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }}, + { "ver", "dcerpc.cn_bind_trans_ver", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }}, { &hf_dcerpc_cn_alloc_hint, { "Alloc hint", "dcerpc.cn_alloc_hint", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }}, { &hf_dcerpc_cn_sec_addr_len, @@ -5318,7 +5344,7 @@ proto_register_dcerpc (void) { &hf_dcerpc_cn_ack_reason, { "Ack reason", "dcerpc.cn_ack_reason", FT_UINT16, BASE_DEC, VALS(p_provider_reason_vals), 0x0, "", HFILL }}, { &hf_dcerpc_cn_ack_trans_id, - { "Transfer Syntax", "dcerpc.cn_ack_trans_id", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }}, + { "Transfer Syntax", "dcerpc.cn_ack_trans_id", FT_GUID, BASE_NONE, NULL, 0x0, "", HFILL }}, { &hf_dcerpc_cn_ack_trans_ver, { "Syntax ver", "dcerpc.cn_ack_trans_ver", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }}, { &hf_dcerpc_cn_reject_reason, @@ -5408,11 +5434,11 @@ proto_register_dcerpc (void) { &hf_dcerpc_krb5_av_key_auth_verifier, { "Authentication Verifier", "dcerpc.krb5_av.auth_verifier", FT_BYTES, BASE_NONE, NULL, 0x0, "", HFILL }}, { &hf_dcerpc_obj_id, - { "Object", "dcerpc.obj_id", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }}, + { "Object", "dcerpc.obj_id", FT_GUID, BASE_NONE, NULL, 0x0, "", HFILL }}, { &hf_dcerpc_dg_if_id, - { "Interface", "dcerpc.dg_if_id", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }}, + { "Interface", "dcerpc.dg_if_id", FT_GUID, BASE_NONE, NULL, 0x0, "", HFILL }}, { &hf_dcerpc_dg_act_id, - { "Activity", "dcerpc.dg_act_id", FT_STRING, BASE_NONE, NULL, 0x0, "", HFILL }}, + { "Activity", "dcerpc.dg_act_id", FT_GUID, BASE_NONE, NULL, 0x0, "", HFILL }}, { &hf_dcerpc_opnum, { "Opnum", "dcerpc.opnum", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }}, @@ -5508,6 +5534,7 @@ proto_register_dcerpc (void) &ett_dcerpc_cn_flags, &ett_dcerpc_cn_ctx, &ett_dcerpc_cn_iface, + &ett_dcerpc_cn_trans_syntax, &ett_dcerpc_drep, &ett_dcerpc_dg_flags1, &ett_dcerpc_dg_flags2, diff --git a/epan/dissectors/packet-dcom-cba.c b/epan/dissectors/packet-dcom-cba.c index d273d29d6e..d27ba4591d 100644 --- a/epan/dissectors/packet-dcom-cba.c +++ b/epan/dissectors/packet-dcom-cba.c @@ -84,11 +84,7 @@ static int hf_cba_save_ldev_name = -1; static int hf_cba_save_result = -1; -/* fake protocols (these are simply classes) */ -static int proto_coclass_CBAPhysicalDevice = -1; -static gint ett_coclass_CBAPhysicalDevice = -1; static e_uuid_t uuid_coclass_CBAPhysicalDevice = { 0xcba00000, 0x6c97, 0x11d1, { 0x82, 0x71, 0x00, 0xa0, 0x24, 0x42, 0xdf, 0x7d } }; -static guint16 ver_coclass_CBAPhysicalDevice = 0; /* CBA interfaces */ @@ -1122,12 +1118,6 @@ dissect_ICBAGroupError_GroupError_resp(tvbuff_t *tvb, int offset, } -/* sub dissector table of ICBAPhysicalDevice class (fake only) */ -static dcerpc_sub_dissector coclass_ICBAPhysicalDevice_dissectors[] = { - { 0, NULL, NULL, NULL }, -}; - - /* sub dissector table of ICBAPhysicalDevice / ICBAPhysicalDevice2 interface */ static dcerpc_sub_dissector ICBAPhysicalDevice_dissectors[] = { { 0, "QueryInterface", NULL, NULL }, @@ -1457,11 +1447,6 @@ proto_register_dcom_cba (void) { "OldGroupError", "cba.grouperror_old", FT_UINT16, BASE_HEX, VALS(cba_grouperror_vals), 0x0, "", HFILL }}, }; - - ett[0] = &ett_coclass_CBAPhysicalDevice; - proto_coclass_CBAPhysicalDevice = proto_register_protocol ("CBAPhysicalDevice", "CBAPDev", "cba_pdev_class"); - proto_register_subtree_array (ett, array_length (ett)); - ett[0] = &ett_ICBAPhysicalDevice; proto_ICBAPhysicalDevice = proto_register_protocol ("ICBAPhysicalDevice", "ICBAPDev", "cba_pdev"); proto_register_field_array(proto_ICBAPhysicalDevice, hf_cba_pdev_array, array_length(hf_cba_pdev_array)); @@ -1540,10 +1525,8 @@ proto_register_dcom_cba (void) void proto_reg_handoff_dcom_cba (void) { - /* Register the DCOM coclass */ - dcom_register_server_coclass(proto_coclass_CBAPhysicalDevice, ett_coclass_CBAPhysicalDevice, - &uuid_coclass_CBAPhysicalDevice, ver_coclass_CBAPhysicalDevice, - coclass_ICBAPhysicalDevice_dissectors, hf_cba_opnum); + /* Register the CBA class ID */ + guids_add_guid(dcom_uuids, (e_guid_t *) &uuid_coclass_CBAPhysicalDevice, "CBA", NULL); /* Register the interfaces */ dcerpc_init_uuid(proto_ICBAPhysicalDevice, ett_ICBAPhysicalDevice, diff --git a/epan/dissectors/packet-dcom-remact.c b/epan/dissectors/packet-dcom-remact.c index a471c582d4..29f2373ecb 100644 --- a/epan/dissectors/packet-dcom-remact.c +++ b/epan/dissectors/packet-dcom-remact.c @@ -78,7 +78,7 @@ dissect_remact_remote_activation_rqst(tvbuff_t *tvb, int offset, offset = dissect_dcom_this(tvb, offset, pinfo, tree, drep); offset = dissect_dcom_append_UUID(tvb, offset, pinfo, tree, drep, - hf_dcom_clsid, "CLSID", -1, &clsid); + hf_dcom_clsid, -1, &clsid); offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, drep, &u32Pointer); @@ -106,7 +106,7 @@ dissect_remact_remote_activation_rqst(tvbuff_t *tvb, int offset, u32ItemIdx = 1; while (u32Interfaces--) { offset = dissect_dcom_append_UUID(tvb, offset, pinfo, tree, drep, - hf_dcom_iid, "IID", u32ArraySize, &iid); + hf_dcom_iid, u32ItemIdx, &iid); u32ItemIdx++; } diff --git a/epan/dissectors/packet-dcom-remunkn.c b/epan/dissectors/packet-dcom-remunkn.c index 48525402da..9fe8bde111 100644 --- a/epan/dissectors/packet-dcom-remunkn.c +++ b/epan/dissectors/packet-dcom-remunkn.c @@ -120,7 +120,7 @@ dissect_remunk_remqueryinterface_rqst(tvbuff_t *tvb, int offset, for (u32ItemIdx = 0; u32ArraySize--; u32ItemIdx++) { offset = dissect_dcom_append_UUID(tvb, offset, pinfo, tree, drep, - hf_dcom_iid, "IID", u32ItemIdx+1, &iid); + hf_dcom_iid, u32ItemIdx+1, &iid); if(call != NULL) { call->iids[u32ItemIdx] = iid; } diff --git a/epan/dissectors/packet-dcom.c b/epan/dissectors/packet-dcom.c index e38728f339..f399057ae1 100644 --- a/epan/dissectors/packet-dcom.c +++ b/epan/dissectors/packet-dcom.c @@ -215,8 +215,13 @@ static int hf_dcom_vt_bstr = -1; static int hf_dcom_vt_byref = -1; static int hf_dcom_vt_dispatch = -1; -static e_uuid_t uuid_debug_ext = { 0xf1f19680, 0x4d2a, 0x11ce, { 0xa6, 0x6a, 0x00, 0x20, 0xaf, 0x6e, 0x72, 0xf4} }; -static e_uuid_t uuid_ext_error_ext = { 0xf1f19681, 0x4d2a, 0x11ce, { 0xa6, 0x6a, 0x00, 0x20, 0xaf, 0x6e, 0x72, 0xf4} }; +static e_uuid_t uuid_debug_ext = { 0xf1f19680, 0x4d2a, 0x11ce, { 0xa6, 0x6a, 0x00, 0x20, 0xaf, 0x6e, 0x72, 0xf4} }; +static e_uuid_t uuid_ext_error_ext ={ 0xf1f19681, 0x4d2a, 0x11ce, { 0xa6, 0x6a, 0x00, 0x20, 0xaf, 0x6e, 0x72, 0xf4} }; + +static e_uuid_t ipid_rem_unknown = { 0x00000131, 0x1234, 0x5678, { 0xCA, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} }; +static e_uuid_t iid_unknown = { 0x00000000, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} }; +static e_uuid_t uuid_null = { 0x00000000, 0x0000, 0x0000, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} }; +static e_uuid_t iid_class_factory = { 0x00000001, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} }; GList *dcom_machines; GList *dcom_interfaces; @@ -227,66 +232,7 @@ static const value_string dcom_thisthat_flag_vals[] = { }; -typedef struct _guid_key { - e_guid_t guid; -} guid_key; - -typedef struct _guid_value { - const gchar *name; - void *private_data; -} guid_value; - - -GHashTable *guids=NULL; - -static gint -guid_equal (gconstpointer k1, gconstpointer k2) -{ - const guid_key *key1 = (const guid_key *)k1; - const guid_key *key2 = (const guid_key *)k2; - return ((memcmp (&key1->guid, &key2->guid, sizeof (e_guid_t)) == 0)); -} - -static guint -guid_hash (gconstpointer k) -{ - const guid_key *key = (const guid_key *)k; - /* This isn't perfect, but the Data1 part of these is almost always - unique. */ - return key->guid.data1; -} - - -void guid_add_name(e_guid_t *guid, gchar *name, void *private_data) -{ - guid_key *key = g_malloc (sizeof (*key)); - guid_value *value = g_malloc (sizeof (*value)); - - key->guid = *guid; - - value->name = name; - value->private_data = private_data; - - g_hash_table_insert (guids, key, value); -} - - -/* try to get registered name for this guid */ -const gchar *guid_get_name(e_guid_t *guid) -{ - guid_key key; - guid_value *value; - - - /* try to get registered guid "name" of if_id */ - key.guid = *guid; - - if ((value = g_hash_table_lookup (guids, &key)) != NULL) { - return value->name; - } - - return NULL; -} +GHashTable *dcom_uuids=NULL; void dcom_interface_dump(void) { @@ -781,7 +727,7 @@ dissect_dcom_extent(tvbuff_t *tvb, int offset, hf_dcom_extent_id, &uuidExtend); /* look for a registered uuid name */ - if((uuid_name = guid_get_name( (e_guid_t *) &uuidExtend)) != NULL) { + if((uuid_name = guids_get_guid_name(dcom_uuids, (e_guid_t *) &uuidExtend)) != NULL) { proto_tree_add_guid_format_value(sub_tree, hf_dcom_extent_id, tvb, offset, sizeof(e_uuid_t), (e_guid_t *) &uuidExtend, "%s (%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x)", uuid_name, @@ -1481,29 +1427,145 @@ dissect_dcom_VARIANT(tvbuff_t *tvb, int offset, packet_info *pinfo, int +dissect_dcom_UUID(tvbuff_t *tvb, int offset, + packet_info *pinfo, proto_tree *tree, guint8 *drep, + int hfindex, e_uuid_t *pdata) +{ + const gchar *uuid_name; + proto_item *pi; + header_field_info *hfi; + e_uuid_t uuid; +#ifdef _WIN32 + char uuid_name2[MAX_PATH]; +#endif + + /* XXX - this is far from being performance optimized! */ + + /* get the UUID, but don't put it into the tree */ + offset = dissect_ndr_uuid_t(tvb, offset, pinfo, NULL, drep, + hfindex, &uuid); + + /* look for a registered uuid name */ + uuid_name = dcerpc_get_uuid_name(&uuid, 0); + if(uuid_name == NULL) { + uuid_name = guids_get_guid_name(dcom_uuids, (e_guid_t *) &uuid); + } + +#ifdef _WIN32 + if(uuid_name == NULL && ResolveWin32UUID(uuid, uuid_name2, MAX_PATH)) { + uuid_name = uuid_name2; + } +#endif + + /* add to the tree */ + hfi = proto_registrar_get_nth(hfindex); + pi = proto_tree_add_guid_format(tree, hfindex, tvb, offset-16, 16, (e_guid_t *) &uuid, "%s: ", hfi->name); + + /* give an expert info, if UUID is not known and not of a "temporary" kind */ + if( uuid_name == NULL && + strcmp(hfi->name, "Causality ID") != 0 && + strcmp(hfi->name, "IPID") != 0) + { + expert_add_info_format(pinfo, pi, PI_UNDECODED, PI_NOTE, "unknown %s: %s", + hfi->name, guid_to_str( (e_guid_t *) &uuid)); + } + + if(uuid_name) { + proto_item_append_text(pi, "%s (", uuid_name); + } + + proto_item_append_text(pi, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", + uuid.Data1, uuid.Data2, uuid.Data3, + uuid.Data4[0], uuid.Data4[1], + uuid.Data4[2], uuid.Data4[3], + uuid.Data4[4], uuid.Data4[5], + uuid.Data4[6], uuid.Data4[7]); + + if(uuid_name) { + proto_item_append_text(pi, ")", uuid_name); + } + + if(pdata != NULL) { + *pdata = uuid; + } + + return offset; +} + + +int dissect_dcom_append_UUID(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, - int hfindex, const gchar *field_name, int field_index, e_uuid_t *uuid) + int hfindex, int field_index, e_uuid_t *uuid) { const gchar *uuid_name; + proto_item *pi; + header_field_info *hfi; +#ifdef _WIN32 + char uuid_name2[MAX_PATH]; +#endif + + /* XXX - this is far from being performance optimized! */ - offset = dissect_dcom_UUID(tvb, offset, pinfo, tree, drep, + /* get the UUID, but don't put it into the tree */ + offset = dissect_ndr_uuid_t(tvb, offset, pinfo, NULL, drep, hfindex, uuid); - /* update column info now */ - if (check_col(pinfo->cinfo, COL_INFO)) { - /* XXX: improve it: getting the hash value is done the second time here */ + /* look for a registered uuid name */ + uuid_name = dcerpc_get_uuid_name(uuid, 0); + if(uuid_name == NULL) { + uuid_name = guids_get_guid_name(dcom_uuids, (e_guid_t *) uuid); + } + +#ifdef _WIN32 + if(uuid_name == NULL && ResolveWin32UUID(uuid, uuid_name2, MAX_PATH)) { + uuid_name = uuid_name2; + } +#endif + + /* add to the tree */ + hfi = proto_registrar_get_nth(hfindex); + pi = proto_tree_add_guid_format(tree, hfindex, tvb, offset-16, 16, (e_guid_t *) uuid, "%s", hfi->name); - /* look for a registered uuid name */ - uuid_name = dcerpc_get_uuid_name(uuid, 0); + /* give an expert info, if UUID is not known and not of a "temporary" kind */ + if( uuid_name == NULL && + strcmp(hfi->name, "Causality ID") != 0 && + strcmp(hfi->name, "IPID") != 0) + { + expert_add_info_format(pinfo, pi, PI_UNDECODED, PI_NOTE, "unknown %s: %s", + hfi->name, guid_to_str( (e_guid_t *) uuid)); + } + + if (field_index != -1) { + proto_item_append_text(pi, "[%u]: ", field_index); + } else { + proto_item_append_text(pi, ": ", field_index); + } + if(uuid_name) { + proto_item_append_text(pi, "%s (", uuid_name); + } + + proto_item_append_text(pi, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", + uuid->Data1, uuid->Data2, uuid->Data3, + uuid->Data4[0], uuid->Data4[1], + uuid->Data4[2], uuid->Data4[3], + uuid->Data4[4], uuid->Data4[5], + uuid->Data4[6], uuid->Data4[7]); + + if(uuid_name) { + proto_item_append_text(pi, ")", uuid_name); + } + + /* update column info now */ + if (check_col(pinfo->cinfo, COL_INFO)) { if (field_index != -1) { col_append_fstr(pinfo->cinfo, COL_INFO, " %s[%u]=%s", - field_name, field_index, (uuid_name) ? uuid_name : "???"); + hfi->name, field_index, (uuid_name) ? uuid_name : "???"); } else { col_append_fstr(pinfo->cinfo, COL_INFO, " %s=%s", - field_name, (uuid_name) ? uuid_name : "???"); + hfi->name, (uuid_name) ? uuid_name : "???"); } } @@ -1724,6 +1786,7 @@ dissect_dcom_DUALSTRINGARRAY(tvbuff_t *tvb, gint offset, packet_info *pinfo, guint32 first_ip = 0; guint32 curr_ip = 0; struct in_addr ipaddr; + proto_item *pi; /* add subtree header */ @@ -1750,7 +1813,7 @@ dissect_dcom_DUALSTRINGARRAY(tvbuff_t *tvb, gint offset, packet_info *pinfo, u32Start = offset; /* we don't know the (zero terminated) input length, use the buffer length instead */ offset = dcom_tvb_get_nwstringz0(tvb, offset, u32MaxStr, szStr, u32MaxStr, &isPrintable); - proto_tree_add_string(subsub_tree, hf_dcom_dualstringarray_string_network_addr, + pi = proto_tree_add_string(subsub_tree, hf_dcom_dualstringarray_string_network_addr, tvb, u32Start, offset - u32Start, szStr); /* convert ip address (if it is dotted decimal) */ @@ -1769,7 +1832,7 @@ dissect_dcom_DUALSTRINGARRAY(tvbuff_t *tvb, gint offset, packet_info *pinfo, first_ip = curr_ip; } else { if(first_ip != curr_ip) { - expert_add_info_format(pinfo, NULL, PI_UNDECODED, PI_NOTE, + expert_add_info_format(pinfo, pi, PI_UNDECODED, PI_NOTE, "DUALSTRINGARRAY: multiple IP's %s %s", ip_to_str( (char *) &first_ip), ip_to_str( (char *) &curr_ip)); } @@ -2262,10 +2325,15 @@ proto_register_dcom (void) proto_register_field_array(proto_dcom, hf_dcom_sa_array, array_length(hf_dcom_sa_array)); proto_register_subtree_array (ett_dcom, array_length (ett_dcom)); - guids = g_hash_table_new (guid_hash, guid_equal); - guid_add_name( (e_guid_t *) &uuid_debug_ext, "Debug Information Body Extension", NULL); - guid_add_name( (e_guid_t *) &uuid_ext_error_ext, "Extended Error Info Body Extension", NULL); - + /* register some "well known" UUID's */ + dcom_uuids = guids_new(); + guids_add_guid(dcom_uuids, (e_guid_t *) &uuid_debug_ext, "Debug Information Body Extension", NULL); + guids_add_guid(dcom_uuids, (e_guid_t *) &uuid_ext_error_ext, "Extended Error Info Body Extension", NULL); + guids_add_guid(dcom_uuids, (e_guid_t *) &ipid_rem_unknown, "IRemUnknown", NULL); + guids_add_guid(dcom_uuids, (e_guid_t *) &iid_unknown, "IUnknown", NULL); + guids_add_guid(dcom_uuids, (e_guid_t *) &uuid_null, "NULL", NULL); + guids_add_guid(dcom_uuids, (e_guid_t *) &iid_class_factory, "IClassFactory", NULL); + /* preferences */ dcom_module = prefs_register_protocol(proto_dcom, proto_reg_handoff_dcom); diff --git a/epan/dissectors/packet-dcom.h b/epan/dissectors/packet-dcom.h index 0f3914064b..a1163fc79e 100644 --- a/epan/dissectors/packet-dcom.h +++ b/epan/dissectors/packet-dcom.h @@ -36,6 +36,8 @@ extern int hf_dcom_oxid; extern int hf_dcom_oid; extern int hf_dcom_ipid; +extern GHashTable *dcom_uuids; + /* preferences */ extern int dcom_prefs_display_unmarshalling_details; @@ -88,7 +90,6 @@ dissect_dcom_that(tvbuff_t *tvb, int offset, #define dissect_dcom_DWORD dissect_ndr_uint32 #define dissect_dcom_I8 dissect_ndr_uint64 #define dissect_dcom_ID dissect_ndr_duint32 -#define dissect_dcom_UUID dissect_ndr_uuid_t #define dissect_dcom_FILETIME dissect_ndr_duint32 /* ToBeDone */ #define dissect_dcom_VARIANT_BOOL dissect_ndr_uint16 #define dissect_dcom_FLOAT dissect_ndr_float @@ -96,10 +97,17 @@ dissect_dcom_that(tvbuff_t *tvb, int offset, #define dissect_dcom_DATE dissect_ndr_double extern int +dissect_dcom_UUID(tvbuff_t *tvb, int offset, + packet_info *pinfo, proto_tree *tree, guint8 *drep, + int hfindex, e_uuid_t *uuid); + +extern int dissect_dcom_append_UUID(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, - int hfindex, const gchar *field_name, int field_index, e_uuid_t *uuid); -extern const gchar* dcom_uuid_to_str(e_uuid_t *uuid); + int hfindex, int field_index, e_uuid_t *uuid); + +extern const gchar* +dcom_uuid_to_str(e_uuid_t *uuid); extern int dissect_dcom_indexed_WORD(tvbuff_t *tvb, int offset, packet_info *pinfo, diff --git a/epan/guid-utils.c b/epan/guid-utils.c new file mode 100644 index 0000000000..6c88aafe9f --- /dev/null +++ b/epan/guid-utils.c @@ -0,0 +1,88 @@ +/* guid-utils.c + * GUID handling + * + * $Id$ + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * + * Copyright 1998 Gerald Combs + * + * MobileIPv6 support added by Tomislav Borosa <tomislav.borosa@siemens.hr> + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include <string.h> + +#include <glib.h> +#include "guid-utils.h" + +static gint +guid_equal (gconstpointer k1, gconstpointer k2) +{ + const guid_key *key1 = (const guid_key *)k1; + const guid_key *key2 = (const guid_key *)k2; + return ((memcmp (&key1->guid, &key2->guid, sizeof (e_guid_t)) == 0)); +} + +static guint +guid_hash (gconstpointer k) +{ + const guid_key *key = (const guid_key *)k; + /* This isn't perfect, but the Data1 part of these is almost always + unique. */ + return key->guid.data1; +} + + +GHashTable *guids_new(void) +{ + return g_hash_table_new (guid_hash, guid_equal); +} + +void guids_add_guid(GHashTable *guids, e_guid_t *guid, gchar *name, void *private_data) +{ + guid_key *key = g_malloc (sizeof (*key)); + guid_value *value = g_malloc (sizeof (*value)); + + key->guid = *guid; + + value->name = name; + + g_hash_table_insert (guids, key, value); +} + + +/* try to get registered name for this guid */ +const gchar *guids_get_guid_name(GHashTable *guids, e_guid_t *guid) +{ + guid_key key; + guid_value *value; + + + /* try to get registered guid "name" of if_id */ + key.guid = *guid; + + if ((value = g_hash_table_lookup (guids, &key)) != NULL) { + return value->name; + } + + return NULL; +} diff --git a/epan/guid-utils.h b/epan/guid-utils.h index 8161e2b5cd..75e1cb463e 100644 --- a/epan/guid-utils.h +++ b/epan/guid-utils.h @@ -39,4 +39,23 @@ typedef struct _e_guid_t { guint8 data4[8]; } e_guid_t; + +/* GUID "registry" */ +typedef struct _guid_key { + e_guid_t guid; +} guid_key; + +typedef struct _guid_value { + const gchar *name; +} guid_value; + + +extern GHashTable *guids_new(void); + +/* add a GUID (don't forget to init the GHashTable) */ +extern void guids_add_guid(GHashTable *guids, e_guid_t *guid, gchar *name, void *private_data); + +/* try to get registered name for this guid */ +extern const gchar *guids_get_guid_name(GHashTable *guids, e_guid_t *guid); + #endif /* __GUID_UTILS_H__ */ |