| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
A much better place to do this is after the subdissector function has
been called in dcercp_try_handoff().
svn path=/trunk/; revision=7895
|
|
the same value, as an open might return handle XXX, handle XXX might
then be closed, and a subsequent handle might return handle XXX, and we
want to keep the two handles distinct to avoid, for example, displaying
handles closed before they're opened.
In policy handle open replies, store the handle name only if the
operation succeeded. We can now do that without parsing the packet
twice.
Have "dissect_nt_policy_hnd()" optionally return, through a pointer, the
protocol tree item for the handle, so that its caller can decorate the
item with the name of the handle - that's done on opens, where we do
that only if the operation succeeds.
svn path=/trunk/; revision=7787
|
|
declare it in "packet-dcerpc-nt.h", as it's used both by the srvsvc and
wkssvc dissectors.
svn path=/trunk/; revision=7672
|
|
to call when dissecting the array data.
svn path=/trunk/; revision=7656
|
|
to avoid problems with non-printable characters.
svn path=/trunk/; revision=7585
|
|
Rename cb_str_postprocess which handles unicode strings to cb_wstr_postprocess.
Add cb_str_postprocess which handles ASCII strings
svn path=/trunk/; revision=7572
|
|
svn path=/trunk/; revision=7570
|
|
svn path=/trunk/; revision=7194
|
|
give it a byte-order argument, and move it to "epan/tvbuff.c".
Use it to handle UCS-2 strings in version 1 of the Service Location
Protocol. In SRVLOC V1, use registered fields that are already there
for SRVLOC V2, and add some as needed. Fix some field names.
svn path=/trunk/; revision=7186
|
|
adds 2 levels to the tree. Fix calls to it not to add 1 for that level.
The NT and LM challenges in a NETWORK_INFO structure are opaque arrays
of bytes, not Unicode strings; dissect them as such, adding a new
routine "dissect_ndr_counted_byte_array()" for that purpose.
Get rid of some extra colons in names - the colon is put there if a
string is appended, so putting a colon in there explicitly gives double
colons.
Decorate some higher-level tree nodes with strings.
svn path=/trunk/; revision=7107
|
|
"dissect_ndr_char_cvstring()" and "dissect_ndr_wchar_cvstring()", to
indicate that they're for conformant varying strings.
Rename "dissect_ndr_character_array()" to "dissect_ndr_cvstring()", to
indicate that it's for conformant varying strings.
svn path=/trunk/; revision=7096
|
|
"dissect_ndr_char_string" and "dissect_ndr_wchar_string", to make it
clearer what it does.
svn path=/trunk/; revision=7095
|
|
Rename "dissect_ndr_element_array()" to "dissect_ndr_character_array()",
move it out of "packet-dcerpc-nt.c" to "packet-dcerpc.c", and have it
use the standard DCE RPC array max count/offset/count fields rather than
their own private versions of those fields. Give it an option to create
a subtree, and an argument to specify the field to use for the actual
data buffer, and export it.
Move the routines for handling arrays of "char" and "wchar" as strings
out of "packet-dcerpc-nt.c" to "packet-dcerpc.c".
Add a routine to handle an array of "char" as an opaque blob of bytes.
Use "dissect_ndr_character_array()" to dissect character strings in MAPI
(the strings in question are ASCII, not Unicode), and use the routine to
handle an array of "char" as an opaque blob of bytes to dissect
encrypted data (again, it's bytes, not 16-bit quantities). Show them as
encrypted data, not unknown data.
Use "dissect_ndr_character_array()" to dissect a form name in
"dissect_form_name()" in the SPOOLSS dissector.
svn path=/trunk/; revision=7091
|
|
Give dissect_nt_sec_desc() and dissect_nt_access_mask() a specific rights
function parameter for dissecting specific access rights.
Fix callers in packet-smb.c to use the new interface.
svn path=/trunk/; revision=7086
|
|
functions with something a little less confusing.
We now have two sets of functions to dissect strings:
- dissect_ndr_wchar_array() which dissects NDR arrays of wide characters
(uint32, uint32, uint32, buffer)
- dissect_ndr_counted_string() which dissects a "counted string"
(uint16, uint16, pointer to array of wchar)
There are three contexts for dissecting counted strings:
1. "in-line" using dissect_ndr_counted_string()
2. as a callback to dissect_ndr_pointer()
3. as a callback to dissect_ndr_pointer_cb()
Context 2 is used when you have a pointer to a counted string.
Context 3 is when you wish to perform some special processing with the
returned string.
svn path=/trunk/; revision=7068
|
|
rather than a character string, don't decorate anything above that item
in the tree with the "string".
svn path=/trunk/; revision=7058
|
|
svn path=/trunk/; revision=7050
|
|
items N levels up from the item being processed, and use that to
decorate the tree as it was decorated before.
svn path=/trunk/; revision=7043
|
|
svn path=/trunk/; revision=7041
|
|
svn path=/trunk/; revision=7029
|
|
be used to help out in most DCERPC strings. The cb_str_postprocess()
function reads the callback_args and either appends the value of the
string to the COL_INFO field, appends it to the NDR pointer item, or
saves the string to dcv->private_data. Calling cb_str_postprocess()
with CB_STR_ITEM is the same as calling dissect_ndr_pointer() with
levels = 0.
Renamed some of the pointer dissection functions with a suffix of _cb
and created helpers of the original which call the _cb function with
NULL args. This should help minimise the amount of code changes in
the bulk of the DCERPC dissectors.
svn path=/trunk/; revision=7016
|
|
of the DCERPC dissector instead of creating a dummy protocol to hang
the ett and hf values off.
Make the open and close frame values in NT policy handles FT_FRAMENUM's
so the "Go to Corresponding Frame" menu item can be used on them.
svn path=/trunk/; revision=6995
|
|
Undo change to dissect_doserror() and dissect_ntstatus() made in
revision 1.42 as it breaks the display of rpc errors in COL_INFO.
svn path=/trunk/; revision=6934
|
|
tree item, not with hf_nt_str. Get rid of hf_nt_str, as it's no longer
used.
Put ASCII strings into the protocol tree only once.
svn path=/trunk/; revision=6910
|
|
string; set it to the result of the "fake_unicode()" call, not to the
raw Unicode string. (Yes, we should have support for strings that don't
have 8-bit characters - and somehow handle strings in packets in
multiple character sets, e.g. ISO 8859/x and other EUC codes, the
Macintosh extended character set, various DOS/Windows code pages, and
Unicode - but we don't have it now.)
svn path=/trunk/; revision=6909
|
|
svn path=/trunk/; revision=6900
|
|
have taken their places.
svn path=/trunk/; revision=6723
|
|
svn path=/trunk/; revision=6717
|
|
"dissect_ndr_uint16s()"; "dissect_ndr_uint16s()" is always passed a null
pointer, "dissect_dcerpc_uint16s()" is only called by
"dissect_ndr_uint16s()", and the pointer returned through "pdata" is
*NOT* guaranteed to be aligned on a 16-bit boundary so we don't want to
tempt people to blithely dereference that pointer.
svn path=/trunk/; revision=6699
|
|
pointers.
The first argument to "sscanf()" is a "const char *"; don't cast const
pointers to "char *" when passing them to "sscanf()".
Assign the result of "tvb_get_ptr()" to const pointers, not non-const
pointers.
Make the "pdata" argument to various DCE routines a const pointer.
svn path=/trunk/; revision=6688
|
|
winapi_cleanup tool written by Patrik Stridvall for the wine
project.
svn path=/trunk/; revision=6117
|
|
"proto_tree_add_uint()" and the hfindex passed to us, rather than as a
text item. That means it has the name our caller gave to it, and that
it's a filterable field.
svn path=/trunk/; revision=6062
|
|
- combine proto_tree_add_text() and proto_tree_append_text() calls in the
access mask dissector
- make the specific access bits dissector functions return void instead of
an offset
I think Samba has the create user reply wrong. There is perhaps a uint32
marked as unknown that shouldn't be there. Removing this parses all the
captures I have.
svn path=/trunk/; revision=6057
|
|
generic, standard and specific mode bits. A protocol dissector can pass in
it's own function for dissecting the specific mode bits, if known.
svn path=/trunk/; revision=6053
|
|
COL_INFO field if the proto_tree parameter is NULL. This prevents
duplicate error messages when we just want to peek at the value of the
error.
svn path=/trunk/; revision=5963
|
|
svn path=/trunk/; revision=5775
|
|
into two - one that stores request/reply frame numbers and another
that associates a text name with a policy handle.
Removed all calls to prs_policy_hnd() and converted to calls to
dissect_nt_policy_hnd().
svn path=/trunk/; revision=5772
|
|
svn path=/trunk/; revision=5762
|
|
svn path=/trunk/; revision=5761
|
|
of uint16 values.
svn path=/trunk/; revision=5624
|
|
The function request/call are dissected but the main body of the function
in/out parameters consists of a unidimensional conformant and varying array of bytes which content is encrypted/obfuscated.
Whoever can tell me how to decrypt/unobfuscate these bytes will get
a case of VB next time in Sydney.
svn path=/trunk/; revision=5532
|
|
undissected part of a long frame.
svn path=/trunk/; revision=5470
|
|
svn path=/trunk/; revision=5450
|
|
add arguments to specify whether the policy handle is being
opened or closed, and don't set the "open frame" for the handle
unless it's being opened and don't set the "close frame" for the
handle unless it's being closed;
store the policy handle before fetching it, so that an open or
close is marked appropriately in the protocol tree on the first
pass;
if the policy handle has a name associated with it, put that
name into the top-level item for the policy handle.
In "packet-dcerpc-spoolss.c":
get rid of aun unused variable;
make "setjob_commands[]" static, as it's not used outside
"packet-dcerpc-spoolss.c";
put a "VALS()" call around the reference to "setjob_commands",
to squelch compiler warnings;
give the SPOOLSS return code field the appropriate
"value_string" array.
svn path=/trunk/; revision=5448
|
|
(also registry and srvsvc?) pipe dissectors.
Also added some helper routines for decoding a range of uint8s. These map
nicely to the dissect_{dcerpc,ndr}_foo() format with the addition of a
length parameter, but aren't really part of the NDR specification and are
probably only going to be used in the NT dcerpc dissectors.
svn path=/trunk/; revision=5421
|
|
svn path=/trunk/; revision=5410
|
|
svn path=/trunk/; revision=5380
|
|
Remove the declaration of "dissect_nt_sid()" from
"packet-dcerpc-samr.c"; get it by including "packet-smb-common.h",
instead.
svn path=/trunk/; revision=5313
|
|
frame number arguments, and elements in data structures, unsigned,
display them with "%u" rather than "%d", and use 0, rather than -1, as
"not known".
svn path=/trunk/; revision=5223
|
|
"packet-dcerpc-nt.c", and registers "dcerpc_smb_init()" as an
initialization routine. Take the ett_ registration out of the latter
routine, and also take out the "do this only once" stuff.
Get rid of the initialization routines for netlogon, samr, and spoolss;
they just call "dcerpc_smb_init()", which is now an initialization
routine of its own.
The policy hash initialization should be done before every capture, so
it should be done in an initialization routine, and should not do any
"do this only once" stuff. It should also be called only once before
every capture, rather than 3 times.
The ett_ initialization should, however, be done at the same time all
other ett_ initialization is done - at protocol registration time - so
it should be done in a "proto_register_" routine.
This fixes a bug I saw wherein
1) the tree for Unicode strings was open by default
and
2) if you closed one and then exited, Ethereal would crash.
The problem is that "proto_register_subtree_array()" doesn't expand the
array, it just bumps the number of registered ett_ values; the array is
allocated in "proto_init()". As such, if you register ett_ values with
"proto_register_subtree_array()" *after* "proto_init()" is called - and,
even for the first capture, initialization routines are called after
"proto_init()" is called - you will get ett_ numbers that go past the
number of elements in the array.
Move the declaration of "ett_nt_unicode_string" to "packet-dcerpc-nt.h",
as it's exported from "packet-dcerpc-nt.c".
Get rid of the declaration of "dcerpc_smb_init()" in
"packet-dcerpc-nt.h", and make it static, as it's no longer called from
outside "packet-dcerpc-nt.c".
svn path=/trunk/; revision=5196
|
