diff options
author | Michael Mann <mmann78@netscape.net> | 2014-04-04 18:13:05 -0400 |
---|---|---|
committer | Michael Mann <mmann78@netscape.net> | 2014-04-04 23:04:47 +0000 |
commit | 9fa48e379651c21cf0e14cc2a88a73005710430c (patch) | |
tree | b9aeb9b3887e8ee570b754d8cf3b0d82f79c04e4 /epan | |
parent | b6a5f8939a220710c94c0fdc616ae7a740e851e6 (diff) |
New DCE/RPC MDSSVC dissector. Bug 9950
Change-Id: I8832c139938e767de71b2cc74ca41208f509e478
Reviewed-on: https://code.wireshark.org/review/959
Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'epan')
-rw-r--r-- | epan/CMakeLists.txt | 1 | ||||
-rw-r--r-- | epan/dissectors/Makefile.common | 2 | ||||
-rw-r--r-- | epan/dissectors/packet-dcerpc-mdssvc.c | 852 | ||||
-rw-r--r-- | epan/dissectors/packet-dcerpc-mdssvc.h | 19 | ||||
-rw-r--r-- | epan/dissectors/pidl/mdssvc.cnf | 23 | ||||
-rw-r--r-- | epan/dissectors/pidl/mdssvc.idl | 60 |
6 files changed, 957 insertions, 0 deletions
diff --git a/epan/CMakeLists.txt b/epan/CMakeLists.txt index 9188d01576..2ab7caa890 100644 --- a/epan/CMakeLists.txt +++ b/epan/CMakeLists.txt @@ -185,6 +185,7 @@ set(DIRTY_PIDL_DISSECTOR_SRC dissectors/packet-dcerpc-eventlog.c dissectors/packet-dcerpc-lsa.c dissectors/packet-dcerpc-mapi.c + dissectors/packet-dcerpc-mdssvc.c dissectors/packet-dcerpc-misc.c dissectors/packet-dcerpc-winreg.c ) diff --git a/epan/dissectors/Makefile.common b/epan/dissectors/Makefile.common index e585337978..cbd2ad30e8 100644 --- a/epan/dissectors/Makefile.common +++ b/epan/dissectors/Makefile.common @@ -68,6 +68,7 @@ DIRTY_PIDL_DISSECTOR_SRC = \ packet-dcerpc-eventlog.c \ packet-dcerpc-lsa.c \ packet-dcerpc-mapi.c \ + packet-dcerpc-mdssvc.c \ packet-dcerpc-misc.c \ packet-dcerpc-winreg.c @@ -83,6 +84,7 @@ PIDL_DISSECTOR_INCLUDES = \ packet-dcerpc-initshutdown.h \ packet-dcerpc-lsa.h \ packet-dcerpc-mapi.h \ + packet-dcerpc-mdssvc.h \ packet-dcerpc-misc.h \ packet-dcerpc-nspi.h \ packet-dcerpc-rfr.h \ diff --git a/epan/dissectors/packet-dcerpc-mdssvc.c b/epan/dissectors/packet-dcerpc-mdssvc.c new file mode 100644 index 0000000000..1fe8d630ef --- /dev/null +++ b/epan/dissectors/packet-dcerpc-mdssvc.c @@ -0,0 +1,852 @@ +/* DO NOT EDIT + This file was automatically generated by Pidl + from mdssvc.idl and mdssvc.cnf. + + Pidl is a perl based IDL compiler for DCE/RPC idl files. + It is maintained by the Samba team, not the Wireshark team. + Instructions on how to download and install Pidl can be + found at http://wiki.wireshark.org/Pidl + + $Id$ +*/ + + +#include "config.h" +#ifdef _MSC_VER +#pragma warning(disable:4005) +#pragma warning(disable:4013) +#pragma warning(disable:4018) +#pragma warning(disable:4101) +#endif + +#include <glib.h> +#include <string.h> +#include <epan/packet.h> + +#include "packet-dcerpc.h" +#include "packet-dcerpc-nt.h" +#include "packet-windows-common.h" +#include "packet-dcerpc-mdssvc.h" + +/* Ett declarations */ +static gint ett_dcerpc_mdssvc = -1; +static gint ett_mdssvc_mdssvc_blob = -1; + + +/* Header field declarations */ +static gint hf_mdssvc_mdssvc_blob_length = -1; +static gint hf_mdssvc_mdssvc_open_unkn2 = -1; +static gint hf_mdssvc_mdssvc_cmd_max_fragment_size1 = -1; +static gint hf_mdssvc_mdssvc_open_share_path = -1; +static gint hf_mdssvc_mdssvc_open_unkn3 = -1; +static gint hf_mdssvc_mdssvc_cmd_response_blob = -1; +static gint hf_mdssvc_mdssvc_unknown1_unkn3 = -1; +static gint hf_mdssvc_mdssvc_cmd_unkn1 = -1; +static gint hf_mdssvc_mdssvc_cmd_unkn4 = -1; +static gint hf_mdssvc_mdssvc_unknown1_unkn7 = -1; +static gint hf_mdssvc_mdssvc_open_share_name = -1; +static gint hf_mdssvc_mdssvc_cmd_unkn7 = -1; +static gint hf_mdssvc_mdssvc_cmd_share_handle = -1; +static gint hf_mdssvc_mdssvc_unknown1_unkn1 = -1; +static gint hf_mdssvc_mdssvc_cmd_unkn8 = -1; +static gint hf_mdssvc_mdssvc_unknown1_device_id = -1; +static gint hf_mdssvc_mdssvc_cmd_device_id = -1; +static gint hf_mdssvc_mdssvc_open_device_id = -1; +static gint hf_mdssvc_mdssvc_cmd_status = -1; +static gint hf_mdssvc_mdssvc_unknown1_status = -1; +static gint hf_mdssvc_mdssvc_unknown1_unkn5 = -1; +static gint hf_mdssvc_mdssvc_open_share_mount_path = -1; +static gint hf_mdssvc_mdssvc_unknown1_flags = -1; +static gint hf_mdssvc_opnum = -1; +static gint hf_mdssvc_mdssvc_cmd_max_fragment_size2 = -1; +static gint hf_mdssvc_mdssvc_cmd_request_blob = -1; +static gint hf_mdssvc_mdssvc_blob_size = -1; +static gint hf_mdssvc_mdssvc_unknown1_unkn4 = -1; +static gint hf_mdssvc_mdssvc_cmd_flags = -1; +static gint hf_mdssvc_mdssvc_unknown1_unkn6 = -1; +static gint hf_mdssvc_mdssvc_cmd_unkn9 = -1; +static gint hf_mdssvc_mdssvc_open_share_handle = -1; +static gint hf_mdssvc_mdssvc_cmd_unkn5 = -1; +static gint hf_mdssvc_mdssvc_cmd_unkn6 = -1; +static gint hf_mdssvc_mdssvc_unknown1_share_handle = -1; +static gint hf_mdssvc_mdssvc_cmd_unkn3 = -1; +static gint hf_mdssvc_mdssvc_blob_spotlight_blob = -1; + +static gint proto_dcerpc_mdssvc = -1; +/* Version information */ + + +static e_uuid_t uuid_dcerpc_mdssvc = { + 0x885d85fb, 0xc754, 0x4062, + { 0xa0, 0xe7, 0x68, 0x72, 0xce, 0x00, 0x64, 0xf4 } +}; +static guint16 ver_dcerpc_mdssvc = 2; + +static int mdssvc_dissect_element_blob_length(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_blob_size(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_blob_spotlight_blob(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_blob_spotlight_blob_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_blob_spotlight_blob__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_open_device_id(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_open_device_id_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_open_unkn2(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_open_unkn2_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_open_unkn3(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_open_unkn3_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_open_share_mount_path(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_open_share_name(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_open_share_path(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_open_share_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_open_share_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_unknown1_share_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_unknown1_unkn1(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_unknown1_device_id(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_unknown1_unkn3(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_unknown1_unkn4(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_unknown1_unkn5(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_unknown1_unkn6(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_unknown1_status(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_unknown1_status_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_unknown1_flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_unknown1_flags_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_unknown1_unkn7(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_unknown1_unkn7_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_cmd_share_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_cmd_unkn1(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_cmd_device_id(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_cmd_unkn3(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_cmd_unkn4(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_cmd_flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_cmd_request_blob(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_cmd_unkn5(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_cmd_max_fragment_size1(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_cmd_unkn6(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_cmd_max_fragment_size2(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_cmd_unkn7(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_cmd_unkn8(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_cmd_status(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_cmd_status_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_cmd_response_blob(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_cmd_response_blob_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_cmd_unkn9(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +static int mdssvc_dissect_element_cmd_unkn9_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_); +extern gint dissect_spotlight(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gint offset); +static int +mdssvc_dissect_element_blob_spotlight_blob(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, guint8 *drep _U_) +{ + tvbuff_t *spotlight_tvb; + dissector_handle_t spotlight_handle; + + if (di->conformant_run) { + return offset; + } + + spotlight_handle = find_dissector("afp_spotlight"); + if (spotlight_handle) + { + spotlight_tvb = tvb_new_subset_remaining(tvb, offset + 16); + return call_dissector(spotlight_handle, spotlight_tvb, pinfo, tree); + } + + return offset; +} + + +/* IDL: struct { */ +/* IDL: uint32 length; */ +/* IDL: uint32 size; */ +/* IDL: [unique(1)] [size_is(size)] [length_is(length)] uint8 *spotlight_blob; */ +/* IDL: } */ + +static int +mdssvc_dissect_element_blob_length(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_blob_length, 0); + + return offset; +} + +static int +mdssvc_dissect_element_blob_size(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_blob_size, 0); + + return offset; +} + +static int +mdssvc_dissect_element_blob_spotlight_blob_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, di, drep, mdssvc_dissect_element_blob_spotlight_blob__); + + return offset; +} + +static int +mdssvc_dissect_element_blob_spotlight_blob__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint8(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_blob_spotlight_blob, 0); + + return offset; +} + +int +mdssvc_dissect_struct_blob(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_) +{ + proto_item *item = NULL; + proto_tree *tree = NULL; + int old_offset; + + ALIGN_TO_5_BYTES; + + old_offset = offset; + + if (parent_tree) { + item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA); + tree = proto_item_add_subtree(item, ett_mdssvc_mdssvc_blob); + } + + offset = mdssvc_dissect_element_blob_length(tvb, offset, pinfo, tree, di, drep); + + offset = mdssvc_dissect_element_blob_size(tvb, offset, pinfo, tree, di, drep); + + offset = mdssvc_dissect_element_blob_spotlight_blob(tvb, offset, pinfo, tree, di, drep); + + + proto_item_set_len(item, offset-old_offset); + + + if (di->call_data->flags & DCERPC_IS_NDR64) { + ALIGN_TO_5_BYTES; + } + + return offset; +} + +static int +mdssvc_dissect_element_open_device_id(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, mdssvc_dissect_element_open_device_id_, NDR_POINTER_REF, "Pointer to Device Id (uint32)",hf_mdssvc_mdssvc_open_device_id); + + return offset; +} + +static int +mdssvc_dissect_element_open_device_id_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_open_device_id, 0); + + return offset; +} + +static int +mdssvc_dissect_element_open_unkn2(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, mdssvc_dissect_element_open_unkn2_, NDR_POINTER_REF, "Pointer to Unkn2 (uint32)",hf_mdssvc_mdssvc_open_unkn2); + + return offset; +} + +static int +mdssvc_dissect_element_open_unkn2_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_open_unkn2, 0); + + return offset; +} + +static int +mdssvc_dissect_element_open_unkn3(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, mdssvc_dissect_element_open_unkn3_, NDR_POINTER_REF, "Pointer to Unkn3 (uint32)",hf_mdssvc_mdssvc_open_unkn3); + + return offset; +} + +static int +mdssvc_dissect_element_open_unkn3_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_open_unkn3, 0); + + return offset; +} + +static int +mdssvc_dissect_element_open_share_mount_path(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + char *data; + + offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep, sizeof(guint8), hf_mdssvc_mdssvc_open_share_mount_path, FALSE, &data); + proto_item_append_text(tree, ": %s", data); + + return offset; +} + +static int +mdssvc_dissect_element_open_share_name(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + char *data; + + offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep, sizeof(guint8), hf_mdssvc_mdssvc_open_share_name, FALSE, &data); + proto_item_append_text(tree, ": %s", data); + + return offset; +} + +static int +mdssvc_dissect_element_open_share_path(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + char *data; + + offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep, sizeof(guint8), hf_mdssvc_mdssvc_open_share_path, FALSE, &data); + proto_item_append_text(tree, ": %s", data); + + return offset; +} + +static int +mdssvc_dissect_element_open_share_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, mdssvc_dissect_element_open_share_handle_, NDR_POINTER_REF, "Pointer to Share Handle (policy_handle)",hf_mdssvc_mdssvc_open_share_handle); + + return offset; +} + +static int +mdssvc_dissect_element_open_share_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_open_share_handle, 0); + + return offset; +} + +/* IDL: void mdssvc_open( */ +/* IDL: [out] [ref] [in] uint32 *device_id, */ +/* IDL: [out] [in] [ref] uint32 *unkn2, */ +/* IDL: [out] [in] [ref] uint32 *unkn3, */ +/* IDL: [charset(UTF8)] [in] uint8 share_mount_path[*], */ +/* IDL: [in] [charset(UTF8)] uint8 share_name[*], */ +/* IDL: [charset(UTF8)] [size_is(1025)] [out] uint8 share_path[*], */ +/* IDL: [out] [ref] policy_handle *share_handle */ +/* IDL: ); */ + +static int +mdssvc_dissect_open_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + di->dcerpc_procedure_name="open"; + offset = mdssvc_dissect_element_open_device_id(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + + offset = mdssvc_dissect_element_open_unkn2(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + + offset = mdssvc_dissect_element_open_unkn3(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + + offset = mdssvc_dissect_element_open_share_path(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + + offset = mdssvc_dissect_element_open_share_handle(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + + return offset; +} + +static int +mdssvc_dissect_open_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + di->dcerpc_procedure_name="open"; + offset = mdssvc_dissect_element_open_device_id(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + offset = mdssvc_dissect_element_open_unkn2(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + offset = mdssvc_dissect_element_open_unkn3(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + offset = mdssvc_dissect_element_open_share_mount_path(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + offset = mdssvc_dissect_element_open_share_name(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + return offset; +} + +static int +mdssvc_dissect_element_unknown1_share_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_unknown1_share_handle, 0); + + return offset; +} + +static int +mdssvc_dissect_element_unknown1_unkn1(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_unknown1_unkn1, 0); + + return offset; +} + +static int +mdssvc_dissect_element_unknown1_device_id(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_unknown1_device_id, 0); + + return offset; +} + +static int +mdssvc_dissect_element_unknown1_unkn3(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_unknown1_unkn3, 0); + + return offset; +} + +static int +mdssvc_dissect_element_unknown1_unkn4(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_unknown1_unkn4, 0); + + return offset; +} + +static int +mdssvc_dissect_element_unknown1_unkn5(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_unknown1_unkn5, 0); + + return offset; +} + +static int +mdssvc_dissect_element_unknown1_unkn6(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_unknown1_unkn6, 0); + + return offset; +} + +static int +mdssvc_dissect_element_unknown1_status(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, mdssvc_dissect_element_unknown1_status_, NDR_POINTER_REF, "Pointer to Status (uint32)",hf_mdssvc_mdssvc_unknown1_status); + + return offset; +} + +static int +mdssvc_dissect_element_unknown1_status_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_unknown1_status, 0); + + return offset; +} + +static int +mdssvc_dissect_element_unknown1_flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, mdssvc_dissect_element_unknown1_flags_, NDR_POINTER_REF, "Pointer to Flags (uint32)",hf_mdssvc_mdssvc_unknown1_flags); + + return offset; +} + +static int +mdssvc_dissect_element_unknown1_flags_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_unknown1_flags, 0); + + return offset; +} + +static int +mdssvc_dissect_element_unknown1_unkn7(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, mdssvc_dissect_element_unknown1_unkn7_, NDR_POINTER_REF, "Pointer to Unkn7 (uint32)",hf_mdssvc_mdssvc_unknown1_unkn7); + + return offset; +} + +static int +mdssvc_dissect_element_unknown1_unkn7_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_unknown1_unkn7, 0); + + return offset; +} + +/* IDL: void mdssvc_unknown1( */ +/* IDL: [in] policy_handle share_handle, */ +/* IDL: [in] uint32 unkn1, */ +/* IDL: [in] uint32 device_id, */ +/* IDL: [in] uint32 unkn3, */ +/* IDL: [in] uint32 unkn4, */ +/* IDL: [in] uint32 unkn5, */ +/* IDL: [in] uint32 unkn6, */ +/* IDL: [out] [ref] uint32 *status, */ +/* IDL: [out] [ref] uint32 *flags, */ +/* IDL: [out] [ref] uint32 *unkn7 */ +/* IDL: ); */ + +static int +mdssvc_dissect_unknown1_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + di->dcerpc_procedure_name="unknown1"; + offset = mdssvc_dissect_element_unknown1_status(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + + offset = mdssvc_dissect_element_unknown1_flags(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + + offset = mdssvc_dissect_element_unknown1_unkn7(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + + return offset; +} + +static int +mdssvc_dissect_unknown1_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + di->dcerpc_procedure_name="unknown1"; + offset = mdssvc_dissect_element_unknown1_share_handle(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + offset = mdssvc_dissect_element_unknown1_unkn1(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + offset = mdssvc_dissect_element_unknown1_device_id(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + offset = mdssvc_dissect_element_unknown1_unkn3(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + offset = mdssvc_dissect_element_unknown1_unkn4(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + offset = mdssvc_dissect_element_unknown1_unkn5(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + offset = mdssvc_dissect_element_unknown1_unkn6(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + return offset; +} + +static int +mdssvc_dissect_element_cmd_share_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_cmd_share_handle, 0); + + return offset; +} + +static int +mdssvc_dissect_element_cmd_unkn1(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_cmd_unkn1, 0); + + return offset; +} + +static int +mdssvc_dissect_element_cmd_device_id(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_cmd_device_id, 0); + + return offset; +} + +static int +mdssvc_dissect_element_cmd_unkn3(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_cmd_unkn3, 0); + + return offset; +} + +static int +mdssvc_dissect_element_cmd_unkn4(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_cmd_unkn4, 0); + + return offset; +} + +static int +mdssvc_dissect_element_cmd_flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_cmd_flags, 0); + + return offset; +} + +static int +mdssvc_dissect_element_cmd_request_blob(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = mdssvc_dissect_struct_blob(tvb,offset,pinfo,tree,di,drep,hf_mdssvc_mdssvc_cmd_request_blob,0); + + return offset; +} + +static int +mdssvc_dissect_element_cmd_unkn5(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_cmd_unkn5, 0); + + return offset; +} + +static int +mdssvc_dissect_element_cmd_max_fragment_size1(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_cmd_max_fragment_size1, 0); + + return offset; +} + +static int +mdssvc_dissect_element_cmd_unkn6(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_cmd_unkn6, 0); + + return offset; +} + +static int +mdssvc_dissect_element_cmd_max_fragment_size2(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_cmd_max_fragment_size2, 0); + + return offset; +} + +static int +mdssvc_dissect_element_cmd_unkn7(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_cmd_unkn7, 0); + + return offset; +} + +static int +mdssvc_dissect_element_cmd_unkn8(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_cmd_unkn8, 0); + + return offset; +} + +static int +mdssvc_dissect_element_cmd_status(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, mdssvc_dissect_element_cmd_status_, NDR_POINTER_REF, "Pointer to Status (uint32)",hf_mdssvc_mdssvc_cmd_status); + + return offset; +} + +static int +mdssvc_dissect_element_cmd_status_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_cmd_status, 0); + + return offset; +} + +static int +mdssvc_dissect_element_cmd_response_blob(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, mdssvc_dissect_element_cmd_response_blob_, NDR_POINTER_REF, "Pointer to Response Blob (mdssvc_blob)",hf_mdssvc_mdssvc_cmd_response_blob); + + return offset; +} + +static int +mdssvc_dissect_element_cmd_response_blob_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = mdssvc_dissect_struct_blob(tvb,offset,pinfo,tree,di,drep,hf_mdssvc_mdssvc_cmd_response_blob,0); + + return offset; +} + +static int +mdssvc_dissect_element_cmd_unkn9(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, mdssvc_dissect_element_cmd_unkn9_, NDR_POINTER_REF, "Pointer to Unkn9 (uint32)",hf_mdssvc_mdssvc_cmd_unkn9); + + return offset; +} + +static int +mdssvc_dissect_element_cmd_unkn9_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_mdssvc_mdssvc_cmd_unkn9, 0); + + return offset; +} + +/* IDL: void mdssvc_cmd( */ +/* IDL: [in] policy_handle share_handle, */ +/* IDL: [in] uint32 unkn1, */ +/* IDL: [in] uint32 device_id, */ +/* IDL: [in] uint32 unkn3, */ +/* IDL: [in] uint32 unkn4, */ +/* IDL: [in] uint32 flags, */ +/* IDL: [in] mdssvc_blob request_blob, */ +/* IDL: [in] uint32 unkn5, */ +/* IDL: [in] uint32 max_fragment_size1, */ +/* IDL: [in] uint32 unkn6, */ +/* IDL: [in] uint32 max_fragment_size2, */ +/* IDL: [in] uint32 unkn7, */ +/* IDL: [in] uint32 unkn8, */ +/* IDL: [out] [ref] uint32 *status, */ +/* IDL: [ref] [out] mdssvc_blob *response_blob, */ +/* IDL: [out] [ref] uint32 *unkn9 */ +/* IDL: ); */ + +static int +mdssvc_dissect_cmd_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + di->dcerpc_procedure_name="cmd"; + offset = mdssvc_dissect_element_cmd_status(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + + offset = mdssvc_dissect_element_cmd_response_blob(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + + offset = mdssvc_dissect_element_cmd_unkn9(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + + return offset; +} + +static int +mdssvc_dissect_cmd_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_) +{ + di->dcerpc_procedure_name="cmd"; + offset = mdssvc_dissect_element_cmd_share_handle(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + offset = mdssvc_dissect_element_cmd_unkn1(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + offset = mdssvc_dissect_element_cmd_device_id(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + offset = mdssvc_dissect_element_cmd_unkn3(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + offset = mdssvc_dissect_element_cmd_unkn4(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + offset = mdssvc_dissect_element_cmd_flags(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + offset = mdssvc_dissect_element_cmd_request_blob(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + offset = mdssvc_dissect_element_cmd_unkn5(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + offset = mdssvc_dissect_element_cmd_max_fragment_size1(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + offset = mdssvc_dissect_element_cmd_unkn6(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + offset = mdssvc_dissect_element_cmd_max_fragment_size2(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + offset = mdssvc_dissect_element_cmd_unkn7(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + offset = mdssvc_dissect_element_cmd_unkn8(tvb, offset, pinfo, tree, di, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep); + return offset; +} + + +static dcerpc_sub_dissector mdssvc_dissectors[] = { + { 0, "open", + mdssvc_dissect_open_request, mdssvc_dissect_open_response}, + { 1, "unknown1", + mdssvc_dissect_unknown1_request, mdssvc_dissect_unknown1_response}, + { 2, "cmd", + mdssvc_dissect_cmd_request, mdssvc_dissect_cmd_response}, + { 0, NULL, NULL, NULL } +}; + +void proto_register_dcerpc_mdssvc(void) +{ + static hf_register_info hf[] = { + { &hf_mdssvc_mdssvc_blob_length, + { "Length", "mdssvc.mdssvc_blob.length", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_open_unkn2, + { "Unkn2", "mdssvc.mdssvc_open.unkn2", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_cmd_max_fragment_size1, + { "Max Fragment Size1", "mdssvc.mdssvc_cmd.max_fragment_size1", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_open_share_path, + { "Share Path", "mdssvc.mdssvc_open.share_path", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_open_unkn3, + { "Unkn3", "mdssvc.mdssvc_open.unkn3", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_cmd_response_blob, + { "Response Blob", "mdssvc.mdssvc_cmd.response_blob", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_unknown1_unkn3, + { "Unkn3", "mdssvc.mdssvc_unknown1.unkn3", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_cmd_unkn1, + { "Unkn1", "mdssvc.mdssvc_cmd.unkn1", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_cmd_unkn4, + { "Unkn4", "mdssvc.mdssvc_cmd.unkn4", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_unknown1_unkn7, + { "Unkn7", "mdssvc.mdssvc_unknown1.unkn7", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_open_share_name, + { "Share Name", "mdssvc.mdssvc_open.share_name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_cmd_unkn7, + { "Unkn7", "mdssvc.mdssvc_cmd.unkn7", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_cmd_share_handle, + { "Share Handle", "mdssvc.mdssvc_cmd.share_handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_unknown1_unkn1, + { "Unkn1", "mdssvc.mdssvc_unknown1.unkn1", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_cmd_unkn8, + { "Unkn8", "mdssvc.mdssvc_cmd.unkn8", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_unknown1_device_id, + { "Device Id", "mdssvc.mdssvc_unknown1.device_id", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_cmd_device_id, + { "Device Id", "mdssvc.mdssvc_cmd.device_id", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_open_device_id, + { "Device Id", "mdssvc.mdssvc_open.device_id", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_cmd_status, + { "Status", "mdssvc.mdssvc_cmd.status", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_unknown1_status, + { "Status", "mdssvc.mdssvc_unknown1.status", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_unknown1_unkn5, + { "Unkn5", "mdssvc.mdssvc_unknown1.unkn5", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_open_share_mount_path, + { "Share Mount Path", "mdssvc.mdssvc_open.share_mount_path", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_unknown1_flags, + { "Flags", "mdssvc.mdssvc_unknown1.flags", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_opnum, + { "Operation", "mdssvc.opnum", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_cmd_max_fragment_size2, + { "Max Fragment Size2", "mdssvc.mdssvc_cmd.max_fragment_size2", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_cmd_request_blob, + { "Request Blob", "mdssvc.mdssvc_cmd.request_blob", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_blob_size, + { "Size", "mdssvc.mdssvc_blob.size", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_unknown1_unkn4, + { "Unkn4", "mdssvc.mdssvc_unknown1.unkn4", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_cmd_flags, + { "Flags", "mdssvc.mdssvc_cmd.flags", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_unknown1_unkn6, + { "Unkn6", "mdssvc.mdssvc_unknown1.unkn6", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_cmd_unkn9, + { "Unkn9", "mdssvc.mdssvc_cmd.unkn9", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_open_share_handle, + { "Share Handle", "mdssvc.mdssvc_open.share_handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_cmd_unkn5, + { "Unkn5", "mdssvc.mdssvc_cmd.unkn5", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_cmd_unkn6, + { "Unkn6", "mdssvc.mdssvc_cmd.unkn6", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_unknown1_share_handle, + { "Share Handle", "mdssvc.mdssvc_unknown1.share_handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_cmd_unkn3, + { "Unkn3", "mdssvc.mdssvc_cmd.unkn3", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }}, + { &hf_mdssvc_mdssvc_blob_spotlight_blob, + { "Spotlight Blob", "mdssvc.mdssvc_blob.spotlight_blob", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL }}, + }; + + + static gint *ett[] = { + &ett_dcerpc_mdssvc, + &ett_mdssvc_mdssvc_blob, + }; + + proto_dcerpc_mdssvc = proto_register_protocol("Spotlight metadata search service", "MDSSVC", "mdssvc"); + proto_register_field_array(proto_dcerpc_mdssvc, hf, array_length (hf)); + proto_register_subtree_array(ett, array_length(ett)); +} + +void proto_reg_handoff_dcerpc_mdssvc(void) +{ + dcerpc_init_uuid(proto_dcerpc_mdssvc, ett_dcerpc_mdssvc, + &uuid_dcerpc_mdssvc, ver_dcerpc_mdssvc, + mdssvc_dissectors, hf_mdssvc_opnum); +} diff --git a/epan/dissectors/packet-dcerpc-mdssvc.h b/epan/dissectors/packet-dcerpc-mdssvc.h new file mode 100644 index 0000000000..dd59f4392b --- /dev/null +++ b/epan/dissectors/packet-dcerpc-mdssvc.h @@ -0,0 +1,19 @@ +/* DO NOT EDIT + This file was automatically generated by Pidl + from mdssvc.idl and mdssvc.cnf. + + Pidl is a perl based IDL compiler for DCE/RPC idl files. + It is maintained by the Samba team, not the Wireshark team. + Instructions on how to download and install Pidl can be + found at http://wiki.wireshark.org/Pidl + + $Id$ +*/ + +#include "packet-dcerpc-misc.h" + +#ifndef __PACKET_DCERPC_MDSSVC_H +#define __PACKET_DCERPC_MDSSVC_H + +int mdssvc_dissect_struct_blob(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_); +#endif /* __PACKET_DCERPC_MDSSVC_H */ diff --git a/epan/dissectors/pidl/mdssvc.cnf b/epan/dissectors/pidl/mdssvc.cnf new file mode 100644 index 0000000000..030cb7f265 --- /dev/null +++ b/epan/dissectors/pidl/mdssvc.cnf @@ -0,0 +1,23 @@ +MANUAL mdssvc_dissect_element_blob_spotlight_blob + +CODE START +static int +mdssvc_dissect_element_blob_spotlight_blob(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, guint8 *drep _U_) +{ + tvbuff_t *spotlight_tvb; + dissector_handle_t spotlight_handle; + + if (di->conformant_run) { + return offset; + } + + spotlight_handle = find_dissector("afp_spotlight"); + if (spotlight_handle) + { + spotlight_tvb = tvb_new_subset_remaining(tvb, offset + 16); + return call_dissector(spotlight_handle, spotlight_tvb, pinfo, tree); + } + + return offset; +} +CODE END diff --git a/epan/dissectors/pidl/mdssvc.idl b/epan/dissectors/pidl/mdssvc.idl new file mode 100644 index 0000000000..ffbe25b4a8 --- /dev/null +++ b/epan/dissectors/pidl/mdssvc.idl @@ -0,0 +1,60 @@ +import "misc.idl"; +[ + uuid("885d85fb-c754-4062-a0e7-6872ce0064f4"), + endpoint("ncacn_np:[\\pipe\\mdssvc]", "ncacn_ip_tcp:", "ncalrpc:"), + version(2.0), + helpstring("Spotlight metadata search service") +] +interface mdssvc +{ + void mdssvc_open( + [in,out,ref] uint32 *device_id, + [in,out,ref] uint32 *unkn2, /* always 0x17 ? */ + [in,out,ref] uint32 *unkn3, /* always 0 ? */ + [in][string,charset(UTF8)] uint8 share_mount_path[], + [in][string,charset(UTF8)] uint8 share_name[], + [out,string,charset(UTF8),size_is(1025)] uint8 share_path[], + [out,ref] policy_handle *share_handle + ); + + void mdssvc_unknown1( + [in] policy_handle share_handle, + [in] uint32 unkn1, /* always 0, some status ? */ + [in] uint32 device_id, + [in] uint32 unkn3, /* = mdssvc_open.unkn2 ? */ + [in] uint32 unkn4, /* always 0, some status ? */ + [in] uint32 unkn5, /* 0x01f5*/ + [in] uint32 unkn6, /* 0x14 */ + [out,ref] uint32 *status, + [out,ref] uint32 *flags, /* always 0x6b000001 ? */ + [out,ref] uint32 *unkn7 /* always 0 ? */ + ); + + typedef [public] struct { + uint32 length; + uint32 size; + [size_is(size),length_is(length)] uint8 *spotlight_blob; + } mdssvc_blob; + + void mdssvc_cmd( + [in] policy_handle share_handle, + [in] uint32 unkn1, /* always 0, status ? */ + [in] uint32 device_id, + [in] uint32 unkn3, /* = mdssvc_open.unkn2 ? */ + [in] uint32 unkn4, /* always 0 ? */ + [in] uint32 flags, /* always 0x6b000001 ? */ + [in] mdssvc_blob request_blob, + + [in] uint32 unkn5, /* always 0 ? */ + [in] uint32 max_fragment_size1, + [in] uint32 unkn6, /* always 1 ? */ + [in] uint32 max_fragment_size2, /* always max_fragment_size1 = max_fragment_size2 ? */ + [in] uint32 unkn7, /* always 0 ? */ + [in] uint32 unkn8, /* always 0 ? */ + + + [out,ref] uint32 *status, + [out,ref] mdssvc_blob *response_blob, + [out,ref] uint32 *unkn9 /* always 0 ? */ + ); +} |