aboutsummaryrefslogtreecommitdiffstats
path: root/epan
diff options
context:
space:
mode:
authorsahlberg <sahlberg@f5534014-38df-0310-8fa8-9805f1628bb7>2009-10-03 00:03:48 +0000
committersahlberg <sahlberg@f5534014-38df-0310-8fa8-9805f1628bb7>2009-10-03 00:03:48 +0000
commit540d66d8d0e1d7869f3786236b1dd59b1cf6a076 (patch)
treee2419a1f2c911b7ebfe0539704d65c884adb4600 /epan
parent177926996c4e2096e12636fb95e471271849969f (diff)
teach the dce/rpc pointer dissector about ndr64 and make it dissect
pointers as 8 byte entities when ndr64 is negotiated git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@30253 f5534014-38df-0310-8fa8-9805f1628bb7
Diffstat (limited to 'epan')
-rw-r--r--epan/dissectors/packet-dcerpc-ndr.c22
-rw-r--r--epan/dissectors/packet-dcerpc.c84
-rw-r--r--epan/dissectors/packet-dcerpc.h7
3 files changed, 79 insertions, 34 deletions
diff --git a/epan/dissectors/packet-dcerpc-ndr.c b/epan/dissectors/packet-dcerpc-ndr.c
index 16eced4df9..a6e760bde1 100644
--- a/epan/dissectors/packet-dcerpc-ndr.c
+++ b/epan/dissectors/packet-dcerpc-ndr.c
@@ -214,6 +214,28 @@ dissect_ndr_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
tree, drep, hfindex, pdata);
}
+/* This is used to dissect the new datatypes, such as pointers and conformance
+ data, which is 4 bytes in size in NDR but 8 bytes in NDR64.
+*/
+int
+dissect_ndr_4or8 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
+ proto_tree *tree, guint8 *drep,
+ int hfindex, guint64 *pdata)
+{
+ dcerpc_info *di;
+
+ di=pinfo->private_data;
+
+ if (di->call_data->flags & DCERPC_IS_NDR64) {
+ return dissect_ndr_uint64(tvb, offset, pinfo, tree, drep, hfindex, pdata);
+ } else {
+ guint32 val;
+ offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hfindex, &val);
+ *pdata = val;
+ return offset;
+ }
+}
+
int
PIDL_dissect_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep,
diff --git a/epan/dissectors/packet-dcerpc.c b/epan/dissectors/packet-dcerpc.c
index 1f4be1468a..7bedda10f1 100644
--- a/epan/dissectors/packet-dcerpc.c
+++ b/epan/dissectors/packet-dcerpc.c
@@ -1888,6 +1888,7 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
dcerpc_info *di;
proto_tree *tr = NULL;
gint start_offset = offset;
+ int pointer_size = 4;
di=pinfo->private_data;
if(di->conformant_run){
@@ -1897,6 +1898,10 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
*/
return offset;
}
+ if (di->call_data->flags & DCERPC_IS_NDR64) {
+ pointer_size = 8;
+ }
+
/*TOP LEVEL REFERENCE POINTER*/
if( pointers_are_top_level
@@ -1917,16 +1922,17 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
if( pointers_are_top_level
&& (type==NDR_POINTER_PTR) ){
int idx;
- guint32 id;
+ guint64 id;
proto_item *item;
/* get the referent id */
- offset = dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep, -1, &id);
+ offset = dissect_ndr_4or8(tvb, offset, pinfo, NULL, drep, -1, &id);
- tvb_ensure_bytes_exist(tvb, offset-4, 4);
+ tvb_ensure_bytes_exist(tvb, offset-pointer_size, pointer_size);
/* we got a NULL pointer */
if(id==0){
- proto_tree_add_text(tree, tvb, offset-4, 4,
+ proto_tree_add_text(tree, tvb, offset-pointer_size,
+ pointer_size,
"(NULL pointer) %s",text);
goto after_ref_id;
}
@@ -1936,16 +1942,19 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
/* we have seen this pointer before */
if(idx>=0){
- proto_tree_add_text(tree, tvb, offset-4, 4,
+ proto_tree_add_text(tree, tvb, offset-pointer_size,
+ pointer_size,
"(duplicate PTR) %s",text);
goto after_ref_id;
}
/* new pointer */
- item=proto_tree_add_text(tree, tvb, offset-4, 4,
+ item=proto_tree_add_text(tree, tvb, offset-pointer_size,
+ pointer_size,
"%s", text);
tr=proto_item_add_subtree(item,ett_dcerpc_pointer_data);
- proto_tree_add_uint(tr, hf_dcerpc_referent_id, tvb, offset-4, 4, id);
+ proto_tree_add_uint(tr, hf_dcerpc_referent_id, tvb,
+ offset-pointer_size, pointer_size, id);
add_pointer_to_list(pinfo, tr, item, fnct, id, hf_index,
callback, callback_args);
goto after_ref_id;
@@ -1953,25 +1962,28 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
/*TOP LEVEL UNIQUE POINTER*/
if( pointers_are_top_level
&& (type==NDR_POINTER_UNIQUE) ){
- guint32 id;
+ guint64 id;
proto_item *item;
/* get the referent id */
- offset = dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep, -1, &id);
+ offset = dissect_ndr_4or8(tvb, offset, pinfo, NULL, drep, -1, &id);
- tvb_ensure_bytes_exist(tvb, offset-4, 4);
+ tvb_ensure_bytes_exist(tvb, offset-pointer_size, pointer_size);
/* we got a NULL pointer */
if(id==0){
- proto_tree_add_text(tree, tvb, offset-4, 4,
+ proto_tree_add_text(tree, tvb, offset-pointer_size,
+ pointer_size,
"(NULL pointer) %s",text);
goto after_ref_id;
}
/* new pointer */
- item=proto_tree_add_text(tree, tvb, offset-4, 4,
+ item=proto_tree_add_text(tree, tvb, offset-pointer_size,
+ pointer_size,
"%s", text);
tr=proto_item_add_subtree(item,ett_dcerpc_pointer_data);
- proto_tree_add_uint(tr, hf_dcerpc_referent_id, tvb, offset-4, 4, id);
+ proto_tree_add_uint(tr, hf_dcerpc_referent_id, tvb,
+ offset-pointer_size, pointer_size, id);
add_pointer_to_list(pinfo, tr, item, fnct, 0xffffffff,
hf_index, callback, callback_args);
goto after_ref_id;
@@ -1980,18 +1992,20 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
/*EMBEDDED REFERENCE POINTER*/
if( (!pointers_are_top_level)
&& (type==NDR_POINTER_REF) ){
- guint32 id;
+ guint64 id;
proto_item *item;
/* get the referent id */
- offset = dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep, -1, &id);
+ offset = dissect_ndr_4or8(tvb, offset, pinfo, NULL, drep, -1, &id);
- tvb_ensure_bytes_exist(tvb, offset-4, 4);
+ tvb_ensure_bytes_exist(tvb, offset-pointer_size, pointer_size);
/* new pointer */
- item=proto_tree_add_text(tree, tvb, offset-4, 4,
+ item=proto_tree_add_text(tree, tvb, offset-pointer_size,
+ pointer_size,
"%s",text);
tr=proto_item_add_subtree(item,ett_dcerpc_pointer_data);
- proto_tree_add_uint(tr, hf_dcerpc_referent_id, tvb, offset-4, 4, id);
+ proto_tree_add_uint(tr, hf_dcerpc_referent_id, tvb,
+ offset-pointer_size, pointer_size, id);
add_pointer_to_list(pinfo, tr, item, fnct, 0xffffffff,
hf_index, callback, callback_args);
goto after_ref_id;
@@ -2000,25 +2014,28 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
/*EMBEDDED UNIQUE POINTER*/
if( (!pointers_are_top_level)
&& (type==NDR_POINTER_UNIQUE) ){
- guint32 id;
+ guint64 id;
proto_item *item;
/* get the referent id */
- offset = dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep, -1, &id);
+ offset = dissect_ndr_4or8(tvb, offset, pinfo, NULL, drep, -1, &id);
- tvb_ensure_bytes_exist(tvb, offset-4, 4);
+ tvb_ensure_bytes_exist(tvb, offset-pointer_size, pointer_size);
/* we got a NULL pointer */
if(id==0){
- proto_tree_add_text(tree, tvb, offset-4, 4,
+ proto_tree_add_text(tree, tvb, offset-pointer_size,
+ pointer_size,
"(NULL pointer) %s", text);
goto after_ref_id;
}
/* new pointer */
- item=proto_tree_add_text(tree, tvb, offset-4, 4,
+ item=proto_tree_add_text(tree, tvb, offset-pointer_size,
+ pointer_size,
"%s",text);
tr=proto_item_add_subtree(item,ett_dcerpc_pointer_data);
- proto_tree_add_uint(tr, hf_dcerpc_referent_id, tvb, offset-4, 4, id);
+ proto_tree_add_uint(tr, hf_dcerpc_referent_id, tvb,
+ offset-pointer_size, pointer_size, id);
add_pointer_to_list(pinfo, tr, item, fnct, 0xffffffff,
hf_index, callback, callback_args);
goto after_ref_id;
@@ -2028,16 +2045,17 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
if( (!pointers_are_top_level)
&& (type==NDR_POINTER_PTR) ){
int idx;
- guint32 id;
+ guint64 id;
proto_item *item;
/* get the referent id */
- offset = dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep, -1, &id);
+ offset = dissect_ndr_4or8(tvb, offset, pinfo, NULL, drep, -1, &id);
- tvb_ensure_bytes_exist(tvb, offset-4, 4);
+ tvb_ensure_bytes_exist(tvb, offset-pointer_size, pointer_size);
/* we got a NULL pointer */
if(id==0){
- proto_tree_add_text(tree, tvb, offset-4, 4,
+ proto_tree_add_text(tree, tvb, offset-pointer_size,
+ pointer_size,
"(NULL pointer) %s",text);
goto after_ref_id;
}
@@ -2047,16 +2065,19 @@ dissect_ndr_pointer_cb(tvbuff_t *tvb, gint offset, packet_info *pinfo,
/* we have seen this pointer before */
if(idx>=0){
- proto_tree_add_text(tree, tvb, offset-4, 4,
+ proto_tree_add_text(tree, tvb, offset-pointer_size,
+ pointer_size,
"(duplicate PTR) %s",text);
goto after_ref_id;
}
/* new pointer */
- item=proto_tree_add_text(tree, tvb, offset-4, 4,
+ item=proto_tree_add_text(tree, tvb, offset-pointer_size,
+ pointer_size,
"%s", text);
tr=proto_item_add_subtree(item,ett_dcerpc_pointer_data);
- proto_tree_add_uint(tr, hf_dcerpc_referent_id, tvb, offset-4, 4, id);
+ proto_tree_add_uint(tr, hf_dcerpc_referent_id, tvb,
+ offset-pointer_size, pointer_size, id);
add_pointer_to_list(pinfo, tr, item, fnct, id, hf_index,
callback, callback_args);
goto after_ref_id;
@@ -2200,7 +2221,6 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree,
key.uuid = info->call_data->uuid;
key.ver = info->call_data->ver;
-
if ((sub_proto = g_hash_table_lookup (dcerpc_uuids, &key)) == NULL
|| !proto_is_protocol_enabled(sub_proto->proto)) {
/*
diff --git a/epan/dissectors/packet-dcerpc.h b/epan/dissectors/packet-dcerpc.h
index 9731b53001..d03b039afd 100644
--- a/epan/dissectors/packet-dcerpc.h
+++ b/epan/dissectors/packet-dcerpc.h
@@ -183,8 +183,11 @@ int dissect_ndr_uuid_t (tvbuff_t *tvb, gint offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep,
int hfindex, e_uuid_t *pdata);
int dissect_ndr_ctx_hnd (tvbuff_t *tvb, gint offset, packet_info *pinfo,
- proto_tree *tree, guint8 *drep,
- int hfindex, e_ctx_hnd *pdata);
+ proto_tree *tree, guint8 *drep,
+ int hfindex, e_ctx_hnd *pdata);
+int dissect_ndr_4or8 (tvbuff_t *tvb, gint offset, packet_info *pinfo,
+ proto_tree *tree, guint8 *drep,
+ int hfindex, guint64 *pdata);
typedef int (dcerpc_dissect_fnct_t)(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-14 02:19:24 +0000