diff options
Diffstat (limited to 'packet-smb.c')
-rw-r--r-- | packet-smb.c | 1054 |
1 files changed, 1051 insertions, 3 deletions
diff --git a/packet-smb.c b/packet-smb.c index ed71a1c6b6..15130a4c84 100644 --- a/packet-smb.c +++ b/packet-smb.c @@ -2,7 +2,7 @@ * Routines for smb packet dissection * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com> * - * $Id: packet-smb.c,v 1.12 1999/06/01 20:39:20 guy Exp $ + * $Id: packet-smb.c,v 1.13 1999/06/28 10:57:57 sharpe Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@unicom.net> @@ -399,6 +399,781 @@ unicode_to_str(const guint8 *us, int *us_lenp) { */ void +dissect_treecon_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data, int dirn) + +{ + guint8 WordCount; + guint8 BufferFormat3; + guint8 BufferFormat2; + guint8 BufferFormat1; + guint16 TID; + guint16 MaxBufferSize; + guint16 ByteCount; + const char *SharePath; + const char *Service; + const char *Password; + + if (dirn == 1) { /* Request(s) dissect code */ + + /* Build display for: Word Count (WCT) */ + + WordCount = GBYTE(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount); + + } + + offset += 1; /* Skip Word Count (WCT) */ + + /* Build display for: Byte Count (BCC) */ + + ByteCount = GSHORT(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", ByteCount); + + } + + offset += 2; /* Skip Byte Count (BCC) */ + + /* Build display for: BufferFormat1 */ + + BufferFormat1 = GBYTE(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 1, "BufferFormat1: %u", BufferFormat1); + + } + + offset += 1; /* Skip BufferFormat1 */ + + /* Build display for: Share Path */ + + SharePath = pd + offset; + + if (tree) { + + proto_tree_add_item(tree, offset, strlen(SharePath) + 1, "Share Path: %s", SharePath); + + } + + offset += strlen(SharePath) + 1; /* Skip Share Path */ + + /* Build display for: BufferFormat2 */ + + BufferFormat2 = GBYTE(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 1, "BufferFormat2: %u", BufferFormat2); + + } + + offset += 1; /* Skip BufferFormat2 */ + + /* Build display for: Password */ + + Password = pd + offset; + + if (tree) { + + proto_tree_add_item(tree, offset, strlen(Password) + 1, "Password: %s", Password); + + } + + offset += strlen(Password) + 1; /* Skip Password */ + + /* Build display for: BufferFormat3 */ + + BufferFormat3 = GBYTE(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 1, "BufferFormat3: %u", BufferFormat3); + + } + + offset += 1; /* Skip BufferFormat3 */ + + /* Build display for: Service */ + + Service = pd + offset; + + if (tree) { + + proto_tree_add_item(tree, offset, strlen(Service) + 1, "Service: %s", Service); + + } + + offset += strlen(Service) + 1; /* Skip Service */ + + } + + if (dirn == 0) { /* Response(s) dissect code */ + + /* Build display for: Word Count (WCT) */ + + WordCount = GBYTE(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount); + + } + + offset += 1; /* Skip Word Count (WCT) */ + + /* Build display for: Max Buffer Size */ + + MaxBufferSize = GSHORT(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 2, "Max Buffer Size: %u", MaxBufferSize); + + } + + offset += 2; /* Skip Max Buffer Size */ + + /* Build display for: TID */ + + TID = GSHORT(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 2, "TID: %u", TID); + + } + + offset += 2; /* Skip TID */ + + /* Build display for: Byte Count (BCC) */ + + ByteCount = GSHORT(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", ByteCount); + + } + + offset += 2; /* Skip Byte Count (BCC) */ + + } + +} + +/* Generated by build-dissect.pl Vesion 0.6 27-Jun-1999, ACT */ +void +dissect_ssetup_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data, int dirn) + +{ + proto_tree *Capabilities_tree; + proto_item *ti; + guint8 WordCount; + guint8 AndXReserved; + guint8 AndXCommand; + guint32 SessionKey; + guint32 Reserved; + guint32 Capabilities; + guint16 VcNumber; + guint16 UNICODEAccountPasswordLength; + guint16 PasswordLen; + guint16 MaxMpxCount; + guint16 MaxBufferSize; + guint16 ByteCount; + guint16 AndXOffset; + guint16 Action; + guint16 ANSIAccountPasswordLength; + const char *UNICODEPassword; + const char *PrimaryDomain; + const char *NativeOS; + const char *NativeLanManType; + const char *NativeLanMan; + const char *AccountName; + const char *ANSIPassword; + + if (dirn == 1) { /* Request(s) dissect code */ + + WordCount = GBYTE(pd, offset); + + switch (WordCount) { + + case 10: + + /* Build display for: Word Count (WCT) */ + + WordCount = GBYTE(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount); + + } + + offset += 1; /* Skip Word Count (WCT) */ + + /* Build display for: AndXCommand */ + + AndXCommand = GBYTE(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 1, "AndXCommand: %u", AndXCommand); + + } + + offset += 1; /* Skip AndXCommand */ + + /* Build display for: AndXReserved */ + + AndXReserved = GBYTE(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 1, "AndXReserved: %u", AndXReserved); + + } + + offset += 1; /* Skip AndXReserved */ + + /* Build display for: AndXOffset */ + + AndXOffset = GSHORT(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 2, "AndXOffset: %u", AndXOffset); + + } + + offset += 2; /* Skip AndXOffset */ + + /* Build display for: MaxBufferSize */ + + MaxBufferSize = GSHORT(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 2, "MaxBufferSize: %u", MaxBufferSize); + + } + + offset += 2; /* Skip MaxBufferSize */ + + /* Build display for: MaxMpxCount */ + + MaxMpxCount = GSHORT(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 2, "MaxMpxCount: %u", MaxMpxCount); + + } + + offset += 2; /* Skip MaxMpxCount */ + + /* Build display for: VcNumber */ + + VcNumber = GSHORT(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 2, "VcNumber: %u", VcNumber); + + } + + offset += 2; /* Skip VcNumber */ + + /* Build display for: SessionKey */ + + SessionKey = GWORD(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 4, "SessionKey: %u", SessionKey); + + } + + offset += 4; /* Skip SessionKey */ + + /* Build display for: PasswordLen */ + + PasswordLen = GSHORT(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 2, "PasswordLen: %u", PasswordLen); + + } + + offset += 2; /* Skip PasswordLen */ + + /* Build display for: Reserved */ + + Reserved = GWORD(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 4, "Reserved: %u", Reserved); + + } + + offset += 4; /* Skip Reserved */ + + /* Build display for: Byte Count (BCC) */ + + ByteCount = GSHORT(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", ByteCount); + + } + + offset += 2; /* Skip Byte Count (BCC) */ + + /* Build display for: AccountName */ + + AccountName = pd + offset; + + if (tree) { + + proto_tree_add_item(tree, offset, strlen(AccountName) + 1, "AccountName: %s", AccountName); + + } + + offset += strlen(AccountName) + 1; /* Skip AccountName */ + + /* Build display for: PrimaryDomain */ + + PrimaryDomain = pd + offset; + + if (tree) { + + proto_tree_add_item(tree, offset, strlen(PrimaryDomain) + 1, "PrimaryDomain: %s", PrimaryDomain); + + } + + offset += strlen(PrimaryDomain) + 1; /* Skip PrimaryDomain */ + + /* Build display for: NativeOS */ + + NativeOS = pd + offset; + + if (tree) { + + proto_tree_add_item(tree, offset, strlen(NativeOS) + 1, "NativeOS: %s", NativeOS); + + } + + offset += strlen(NativeOS) + 1; /* Skip NativeOS */ + + break; + + case 13: + + /* Build display for: Word Count (WCT) */ + + WordCount = GBYTE(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount); + + } + + offset += 1; /* Skip Word Count (WCT) */ + + /* Build display for: AndXCommand */ + + AndXCommand = GBYTE(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 1, "AndXCommand: %u", AndXCommand); + + } + + offset += 1; /* Skip AndXCommand */ + + /* Build display for: AndXReserved */ + + AndXReserved = GBYTE(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 1, "AndXReserved: %u", AndXReserved); + + } + + offset += 1; /* Skip AndXReserved */ + + /* Build display for: AndXOffset */ + + AndXOffset = GSHORT(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 2, "AndXOffset: %u", AndXOffset); + + } + + offset += 2; /* Skip AndXOffset */ + + /* Build display for: MaxBufferSize */ + + MaxBufferSize = GSHORT(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 2, "MaxBufferSize: %u", MaxBufferSize); + + } + + offset += 2; /* Skip MaxBufferSize */ + + /* Build display for: MaxMpxCount */ + + MaxMpxCount = GSHORT(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 2, "MaxMpxCount: %u", MaxMpxCount); + + } + + offset += 2; /* Skip MaxMpxCount */ + + /* Build display for: VcNumber */ + + VcNumber = GSHORT(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 2, "VcNumber: %u", VcNumber); + + } + + offset += 2; /* Skip VcNumber */ + + /* Build display for: SessionKey */ + + SessionKey = GWORD(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 4, "SessionKey: %u", SessionKey); + + } + + offset += 4; /* Skip SessionKey */ + + /* Build display for: ANSI Account Password Length */ + + ANSIAccountPasswordLength = GSHORT(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 2, "ANSI Account Password Length: %u", ANSIAccountPasswordLength); + + } + + offset += 2; /* Skip ANSI Account Password Length */ + + /* Build display for: UNICODE Account Password Length */ + + UNICODEAccountPasswordLength = GSHORT(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 2, "UNICODE Account Password Length: %u", UNICODEAccountPasswordLength); + + } + + offset += 2; /* Skip UNICODE Account Password Length */ + + /* Build display for: Reserved */ + + Reserved = GWORD(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 4, "Reserved: %u", Reserved); + + } + + offset += 4; /* Skip Reserved */ + + /* Build display for: Capabilities */ + + Capabilities = GWORD(pd, offset); + + if (tree) { + + ti = proto_tree_add_item(tree, offset, 4, "Capabilities: 0x%04x", Capabilities); + Capabilities_tree = proto_tree_new(); + proto_item_add_subtree(ti, Capabilities_tree, ETT_SMB_CAPABILITIES); + proto_tree_add_item(Capabilities_tree, offset, 4, "%s", + decode_boolean_bitfield(Capabilities, 0x0001, 32, " Raw Mode supported", " Raw Mode not supported")); + proto_tree_add_item(Capabilities_tree, offset, 4, "%s", + decode_boolean_bitfield(Capabilities, 0x0002, 32, " Raw Mode supported", " MPX Mode not supported")); + proto_tree_add_item(Capabilities_tree, offset, 4, "%s", + decode_boolean_bitfield(Capabilities, 0x0004, 32," Unicode supported", " Unicode not supported")); + proto_tree_add_item(Capabilities_tree, offset, 4, "%s", + decode_boolean_bitfield(Capabilities, 0x0008, 32, " Large Files supported", " Large Files not supported")); + proto_tree_add_item(Capabilities_tree, offset, 4, "%s", + decode_boolean_bitfield(Capabilities, 0x0010, 32, " NT LM 0.12 SMBs supported", " NT LM 0.12 SMBs not supported")); + proto_tree_add_item(Capabilities_tree, offset, 4, "%s", + decode_boolean_bitfield(Capabilities, 0x0020, 32, " RPC Remote APIs supported", " RPC Remote APIs not supported")); + proto_tree_add_item(Capabilities_tree, offset, 4, "%s", + decode_boolean_bitfield(Capabilities, 0x0040, 32, " NT Status Codes supported", " NT Status Codes not supported")); + proto_tree_add_item(Capabilities_tree, offset, 4, "%s", + decode_boolean_bitfield(Capabilities, 0x0080, 32, " Level 2 OpLocks supported", " Level 2 OpLocks not supported")); + proto_tree_add_item(Capabilities_tree, offset, 4, "%s", + decode_boolean_bitfield(Capabilities, 0x0100, 32, " Lock&Read supported", " Lock&Read not supported")); + proto_tree_add_item(Capabilities_tree, offset, 4, "%s", + decode_boolean_bitfield(Capabilities, 0x0200, 32, " NT Find supported", " NT Find not supported")); + proto_tree_add_item(Capabilities_tree, offset, 4, "%s", + decode_boolean_bitfield(Capabilities, 0x1000, 32, " DFS supported", " DFS not supported")); + proto_tree_add_item(Capabilities_tree, offset, 4, "%s", + decode_boolean_bitfield(Capabilities, 0x4000, 32, " Large READX supported", " Large READX not supported")); + proto_tree_add_item(Capabilities_tree, offset, 4, "%s", + decode_boolean_bitfield(Capabilities, 0x8000, 32, " Large WRITEX supported", " Large WRITEX not supported")); + proto_tree_add_item(Capabilities_tree, offset, 4, "%s", + decode_boolean_bitfield(Capabilities, 0x80000000, 32, " Extended Security Exchanges supported", " Extended Security Exchanges not supported")); + +} + + offset += 4; /* Skip Capabilities */ + + /* Build display for: Byte Count */ + + ByteCount = GSHORT(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 2, "Byte Count: %u", ByteCount); + + } + + offset += 2; /* Skip Byte Count */ + + /* Build display for: ANSI Password */ + + ANSIPassword = pd + offset; + + if (tree) { + + proto_tree_add_item(tree, offset, strlen(ANSIPassword) + 1, "ANSI Password: %s", ANSIPassword); + + } + + offset += ANSIAccountPasswordLength; /* Skip ANSI Password */ + + /* Build display for: UNICODE Password */ + + UNICODEPassword = pd + offset; + + if (UNICODEAccountPasswordLength > 0) { + + if (tree) { + + proto_tree_add_item(tree, offset, strlen(UNICODEPassword) + 1, "UNICODE Password: %s", UNICODEPassword); + + } + + offset += strlen(UNICODEPassword) + 1; /* Skip UNICODE Password */ + + } + + /* Build display for: Account Name */ + + AccountName = pd + offset; + + if (tree) { + + proto_tree_add_item(tree, offset, strlen(AccountName) + 1, "Account Name: %s", AccountName); + + } + + offset += strlen(AccountName) + 1; /* Skip Account Name */ + + /* Build display for: Primary Domain */ + + PrimaryDomain = pd + offset; + + if (tree) { + + proto_tree_add_item(tree, offset, strlen(PrimaryDomain) + 1, "Primary Domain: %s", PrimaryDomain); + + } + + offset += strlen(PrimaryDomain) + 1; /* Skip Primary Domain */ + + /* Build display for: Native OS */ + + NativeOS = pd + offset; + + if (tree) { + + proto_tree_add_item(tree, offset, strlen(NativeOS) + 1, "Native OS: %s", NativeOS); + + } + + offset += strlen(NativeOS) + 1; /* Skip Native OS */ + + /* Build display for: Native LanMan Type */ + + NativeLanManType = pd + offset; + + if (tree) { + + proto_tree_add_item(tree, offset, strlen(NativeLanManType) + 1, "Native LanMan Type: %s", NativeLanManType); + + } + + offset += strlen(NativeLanManType) + 1; /* Skip Native LanMan Type */ + + break; + + } + + + if (AndXCommand != 0xFF) { + + (dissect[AndXCommand])(pd, offset, fd, tree, max_data, dirn); + + } + + } + + if (dirn == 0) { /* Response(s) dissect code */ + + /* Build display for: Word Count (WCT) */ + + WordCount = GBYTE(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount); + + } + + offset += 1; /* Skip Word Count (WCT) */ + + /* Build display for: AndXCommand */ + + AndXCommand = GBYTE(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 1, "AndXCommand: %u", AndXCommand); + + } + + offset += 1; /* Skip AndXCommand */ + + /* Build display for: AndXReserved */ + + AndXReserved = GBYTE(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 1, "AndXReserved: %u", AndXReserved); + + } + + offset += 1; /* Skip AndXReserved */ + + /* Build display for: AndXOffset */ + + AndXOffset = GSHORT(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 2, "AndXOffset: %u", AndXOffset); + + } + + offset += 2; /* Skip AndXOffset */ + + /* Build display for: Action */ + + Action = GSHORT(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 2, "Action: %u", Action); + + } + + offset += 2; /* Skip Action */ + + /* Build display for: Byte Count (BCC) */ + + ByteCount = GSHORT(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", ByteCount); + + } + + offset += 2; /* Skip Byte Count (BCC) */ + + /* Build display for: NativeOS */ + + NativeOS = pd + offset; + + if (tree) { + + proto_tree_add_item(tree, offset, strlen(NativeOS) + 1, "NativeOS: %s", NativeOS); + + } + + offset += strlen(NativeOS) + 1; /* Skip NativeOS */ + + /* Build display for: NativeLanMan */ + + NativeLanMan = pd + offset; + + if (tree) { + + proto_tree_add_item(tree, offset, strlen(NativeLanMan) + 1, "NativeLanMan: %s", NativeLanMan); + + } + + offset += strlen(NativeLanMan) + 1; /* Skip NativeLanMan */ + + /* Build display for: PrimaryDomain */ + + PrimaryDomain = pd + offset; + + if (tree) { + + proto_tree_add_item(tree, offset, strlen(PrimaryDomain) + 1, "PrimaryDomain: %s", PrimaryDomain); + + } + + offset += strlen(PrimaryDomain) + 1; /* Skip PrimaryDomain */ + + + if (AndXCommand != 0xFF) { + + (dissect[AndXCommand])(pd, offset, fd, tree, max_data, dirn); + + } + + } + +} + +void dissect_tcon_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data, int dirn) { @@ -1126,6 +1901,279 @@ dissect_negprot_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tr } +void +dissect_deletedir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data, int dirn) + +{ + guint8 WordCount; + guint8 BufferFormat; + guint16 ByteCount; + const char *DirectoryName; + + if (dirn == 1) { /* Request(s) dissect code */ + + /* Build display for: Word Count (WCT) */ + + WordCount = GBYTE(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount); + + } + + offset += 1; /* Skip Word Count (WCT) */ + + /* Build display for: Byte Count (BCC) */ + + ByteCount = GSHORT(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", ByteCount); + + } + + offset += 2; /* Skip Byte Count (BCC) */ + + /* Build display for: Buffer Format */ + + BufferFormat = GBYTE(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 1, "Buffer Format: %u", BufferFormat); + + } + + offset += 1; /* Skip Buffer Format */ + + /* Build display for: Directory Name */ + + DirectoryName = pd + offset; + + if (tree) { + + proto_tree_add_item(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName); + + } + + offset += strlen(DirectoryName) + 1; /* Skip Directory Name */ + + } + + if (dirn == 0) { /* Response(s) dissect code */ + + /* Build display for: Word Count (WCT) */ + + WordCount = GBYTE(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount); + + } + + offset += 1; /* Skip Word Count (WCT) */ + + /* Build display for: Byte Count (BCC) */ + + ByteCount = GSHORT(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", ByteCount); + + } + + offset += 2; /* Skip Byte Count (BCC) */ + + } + +} + +void +dissect_createdir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data, int dirn) + +{ + guint8 WordCount; + guint8 BufferFormat; + guint16 ByteCount; + const char *DirectoryName; + + if (dirn == 1) { /* Request(s) dissect code */ + + /* Build display for: Word Count (WCT) */ + + WordCount = GBYTE(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount); + + } + + offset += 1; /* Skip Word Count (WCT) */ + + /* Build display for: Byte Count (BCC) */ + + ByteCount = GSHORT(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", ByteCount); + + } + + offset += 2; /* Skip Byte Count (BCC) */ + + /* Build display for: Buffer Format */ + + BufferFormat = GBYTE(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 1, "Buffer Format: %u", BufferFormat); + + } + + offset += 1; /* Skip Buffer Format */ + + /* Build display for: Directory Name */ + + DirectoryName = pd + offset; + + if (tree) { + + proto_tree_add_item(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName); + + } + + offset += strlen(DirectoryName) + 1; /* Skip Directory Name */ + + } + + if (dirn == 0) { /* Response(s) dissect code */ + + /* Build display for: Word Count (WCT) */ + + WordCount = GBYTE(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount); + + } + + offset += 1; /* Skip Word Count (WCT) */ + + /* Build display for: Byte Count (BCC) */ + + ByteCount = GSHORT(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", ByteCount); + + } + + offset += 2; /* Skip Byte Count (BCC) */ + + } + +} + +void +dissect_checkdir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data, int dirn) + +{ + guint8 WordCount; + guint8 BufferFormat; + guint16 ByteCount; + const char *DirectoryName; + + if (dirn == 1) { /* Request(s) dissect code */ + + /* Build display for: Word Count (WCT) */ + + WordCount = GBYTE(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount); + + } + + offset += 1; /* Skip Word Count (WCT) */ + + /* Build display for: Byte Count (BCC) */ + + ByteCount = GSHORT(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", ByteCount); + + } + + offset += 2; /* Skip Byte Count (BCC) */ + + /* Build display for: Buffer Format */ + + BufferFormat = GBYTE(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 1, "Buffer Format: %u", BufferFormat); + + } + + offset += 1; /* Skip Buffer Format */ + + /* Build display for: Directory Name */ + + DirectoryName = pd + offset; + + if (tree) { + + proto_tree_add_item(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName); + + } + + offset += strlen(DirectoryName) + 1; /* Skip Directory Name */ + + } + + if (dirn == 0) { /* Response(s) dissect code */ + + /* Build display for: Word Count (WCT) */ + + WordCount = GBYTE(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 1, "Word Count (WCT): %u", WordCount); + + } + + offset += 1; /* Skip Word Count (WCT) */ + + /* Build display for: Byte Count (BCC) */ + + ByteCount = GSHORT(pd, offset); + + if (tree) { + + proto_tree_add_item(tree, offset, 2, "Byte Count (BCC): %u", ByteCount); + + } + + offset += 2; /* Skip Byte Count (BCC) */ + + } + +} + void (*dissect[256])(const u_char *, int, frame_data *, proto_tree *, int, int) = { dissect_unknown_smb, /* unknown SMB 0x00 */ @@ -1240,10 +2288,10 @@ void (*dissect[256])(const u_char *, int, frame_data *, proto_tree *, int, int) dissect_unknown_smb, /* unknown SMB 0x6d */ dissect_unknown_smb, /* unknown SMB 0x6e */ dissect_unknown_smb, /* unknown SMB 0x6f */ - dissect_unknown_smb, /* SMBtcon tree connect */ + dissect_treecon_smb, /* SMBtcon tree connect */ dissect_unknown_smb, /* SMBtdis tree disconnect */ dissect_negprot_smb, /* SMBnegprot negotiate a protocol */ - dissect_unknown_smb, /* SMBsesssetupX Session Set Up & X (including User Logon) */ + dissect_ssetup_andx_smb, /* SMBsesssetupX Session Set Up & X (including User Logon) */ dissect_unknown_smb, /* unknown SMB 0x74 */ dissect_tcon_andx_smb, /* SMBtconX tree connect and X */ dissect_unknown_smb, /* unknown SMB 0x76 */ |