Age | Commit message (Collapse) | Author | Files | Lines |
|
winapi_cleanup tool written by Patrik Stridvall for the wine
project.
svn path=/trunk/; revision=6117
|
|
"proto_tree_add_uint()" and the hfindex passed to us, rather than as a
text item. That means it has the name our caller gave to it, and that
it's a filterable field.
svn path=/trunk/; revision=6062
|
|
- combine proto_tree_add_text() and proto_tree_append_text() calls in the
access mask dissector
- make the specific access bits dissector functions return void instead of
an offset
I think Samba has the create user reply wrong. There is perhaps a uint32
marked as unknown that shouldn't be there. Removing this parses all the
captures I have.
svn path=/trunk/; revision=6057
|
|
generic, standard and specific mode bits. A protocol dissector can pass in
it's own function for dissecting the specific mode bits, if known.
svn path=/trunk/; revision=6053
|
|
COL_INFO field if the proto_tree parameter is NULL. This prevents
duplicate error messages when we just want to peek at the value of the
error.
svn path=/trunk/; revision=5963
|
|
svn path=/trunk/; revision=5775
|
|
into two - one that stores request/reply frame numbers and another
that associates a text name with a policy handle.
Removed all calls to prs_policy_hnd() and converted to calls to
dissect_nt_policy_hnd().
svn path=/trunk/; revision=5772
|
|
svn path=/trunk/; revision=5762
|
|
svn path=/trunk/; revision=5761
|
|
of uint16 values.
svn path=/trunk/; revision=5624
|
|
The function request/call are dissected but the main body of the function
in/out parameters consists of a unidimensional conformant and varying array of bytes which content is encrypted/obfuscated.
Whoever can tell me how to decrypt/unobfuscate these bytes will get
a case of VB next time in Sydney.
svn path=/trunk/; revision=5532
|
|
undissected part of a long frame.
svn path=/trunk/; revision=5470
|
|
svn path=/trunk/; revision=5450
|
|
add arguments to specify whether the policy handle is being
opened or closed, and don't set the "open frame" for the handle
unless it's being opened and don't set the "close frame" for the
handle unless it's being closed;
store the policy handle before fetching it, so that an open or
close is marked appropriately in the protocol tree on the first
pass;
if the policy handle has a name associated with it, put that
name into the top-level item for the policy handle.
In "packet-dcerpc-spoolss.c":
get rid of aun unused variable;
make "setjob_commands[]" static, as it's not used outside
"packet-dcerpc-spoolss.c";
put a "VALS()" call around the reference to "setjob_commands",
to squelch compiler warnings;
give the SPOOLSS return code field the appropriate
"value_string" array.
svn path=/trunk/; revision=5448
|
|
(also registry and srvsvc?) pipe dissectors.
Also added some helper routines for decoding a range of uint8s. These map
nicely to the dissect_{dcerpc,ndr}_foo() format with the addition of a
length parameter, but aren't really part of the NDR specification and are
probably only going to be used in the NT dcerpc dissectors.
svn path=/trunk/; revision=5421
|
|
svn path=/trunk/; revision=5410
|
|
svn path=/trunk/; revision=5380
|
|
Remove the declaration of "dissect_nt_sid()" from
"packet-dcerpc-samr.c"; get it by including "packet-smb-common.h",
instead.
svn path=/trunk/; revision=5313
|
|
frame number arguments, and elements in data structures, unsigned,
display them with "%u" rather than "%d", and use 0, rather than -1, as
"not known".
svn path=/trunk/; revision=5223
|
|
"packet-dcerpc-nt.c", and registers "dcerpc_smb_init()" as an
initialization routine. Take the ett_ registration out of the latter
routine, and also take out the "do this only once" stuff.
Get rid of the initialization routines for netlogon, samr, and spoolss;
they just call "dcerpc_smb_init()", which is now an initialization
routine of its own.
The policy hash initialization should be done before every capture, so
it should be done in an initialization routine, and should not do any
"do this only once" stuff. It should also be called only once before
every capture, rather than 3 times.
The ett_ initialization should, however, be done at the same time all
other ett_ initialization is done - at protocol registration time - so
it should be done in a "proto_register_" routine.
This fixes a bug I saw wherein
1) the tree for Unicode strings was open by default
and
2) if you closed one and then exited, Ethereal would crash.
The problem is that "proto_register_subtree_array()" doesn't expand the
array, it just bumps the number of registered ett_ values; the array is
allocated in "proto_init()". As such, if you register ett_ values with
"proto_register_subtree_array()" *after* "proto_init()" is called - and,
even for the first capture, initialization routines are called after
"proto_init()" is called - you will get ett_ numbers that go past the
number of elements in the array.
Move the declaration of "ett_nt_unicode_string" to "packet-dcerpc-nt.h",
as it's exported from "packet-dcerpc-nt.c".
Get rid of the declaration of "dcerpc_smb_init()" in
"packet-dcerpc-nt.h", and make it static, as it's no longer called from
outside "packet-dcerpc-nt.c".
svn path=/trunk/; revision=5196
|
|
Start to move some common stuff into packet-dcerpc-nt.[ch]
svn path=/trunk/; revision=5176
|
|
svn path=/trunk/; revision=5170
|
|
svn path=/trunk/; revision=5043
|
|
and storage of private data.
Fix memory leaks in form dissectors.
svn path=/trunk/; revision=5020
|
|
- rewrote request/response hashing code and moved it into
packet-dcerpc-nt.c for use by other dcerpc/smb dissectors
- rewrote policy handle hashing code as above, with nifty improvements
- moved check for unparsed data and end of frame into a function
- fixed matching of printername to handle in addprinterex
svn path=/trunk/; revision=5014
|
|
is decremented after every level is appended to, so that it correctly
specifies the number of levels up the tree to which to append stuff.
Fix some arguments to various printing routines to specify the correct
level. This includes making "dissect_ndr_nt_UNICODE_STRING()" add 1 to
the level argument it's passed before passing it on to
"dissect_ndr_pointer()".
Add a "netlogon_dissect_UNICODE_STRING()" routine to put the fields of a
bunch of NDR_POINTER_REF UNICODE_STRING values into subtrees.
Fix the labels passed as arguments in a bunch of "dissect_ndr_pointer()"
calls.
svn path=/trunk/; revision=5011
|
|
string available in the tvbuff before we allocate the buffer; this means
that
1) we don't have to register a cleanup function to free the
buffer if we throw an exception trying to fetch some of the
data, because we won't even try to allocate the buffer if we
don't have all the data
and
2) we won't try to allocate a buffer with a bogus too-large
length, as if the length is too large, we'll throw an
exception in the check.
svn path=/trunk/; revision=4990
|
|
neatly aligned on a 2-byte or a 4-byte boundary, and there is no
guarantee that a misaligned pointer can be dereferenced without getting
a fault.
Furthermore, there is no guarantee that, even if you *can* dereference a
pointer to a 2-byte or 4-byte quantity in a packet, the resulting number
you get back is in the right byte order; the data in the packet might
have a different byte order from the machine on which you're running.
Therefore, we change "prs_uint8s()", "prs_uint16s()", and
"prs_uint32s()" to return the starting offset, in the tvbuff, of the
collection of 8-bit, 16-bit, or 32-bit integral values, rather than a
pointer to the raw packet data, and change their callers to fetch the
data using "tvb_get_guint8()", "tvb_get_letohs()", and
"tvb_get_letohl()" (the stuff in all the NT protocols is presumed to be
little-endian here). We also change "fake_unicode()" to take a tvbuff
and an offset, rather than a data pointer, as arguments, and to use
"tvb_get_letohs()" to fetch the Unicode characters (again, we assume
little-endian Unicode).
This requires "fake_unicode()" to establish a cleanup handler, so we
don't leak memory if it throws an exception.
We also make "fake_unicode()" use "g_malloc()" to allocate its buffer
(we weren't checking for allocation failures in any case; with
"g_malloc()", we'll abort on an allocation failure - if we can come up
with a cleverer way of handling them, fine), and the matching frees to
use "g_free()". (We also insert some missing frees....)
Fix some formats to print unsigned quantities with "%u", not "%d".
Don't append text to items in the tree for non-string values in
"dissect_ndr_nt_STRING_string()".
svn path=/trunk/; revision=4986
|
|
svn path=/trunk/; revision=4949
|
|
packet-smb.c so that packet-smb-pipe.c can reference this struct as well.
svn path=/trunk/; revision=4947
|
|
at www.unicode.org and made samr and netlogon use it.
svn path=/trunk/; revision=4943
|
|
display the data as a hexadecimal string.
Update netlogon so that nt and lm challenge response bytes are displayed
in hexadecimal form and not pseudo-ascii
svn path=/trunk/; revision=4934
|
|
so that NETLOGON will not dump core (since netlogon has these structs as top
level reference pointers)
Addition of full netlogon dissection. Full in the sense as it assumes the idl
is correct and complete.
Many calls and fields are unknown so they get dissected with "unknown long,
contact ethereal-dev@... if you know what it is".
svn path=/trunk/; revision=4929
|
|
to make it more similar to the UNICODE_STRING dissector.
svn path=/trunk/; revision=4920
|
|
since this function will be used by other NT services as well such as NETLOGON.
svn path=/trunk/; revision=4918
|
|
"proto_tree_add_string()" will suffice.
svn path=/trunk/; revision=4913
|
|
"dissect_ndr_nt_UNICODE_STRING_string()", in
"samr_dissect_connect2_server()"; that eliminates an unnecessary extra
level of protocol tree.
That removes the last call to "dissect_ndr_nt_UNICODE_STRING_string()";
eliminate that routine.
In "dissect_ndr_nt_UNICODE_STRING()", initially create the subtree with
the name of the field as a string, so that if an exception is thrown
before the name is set, the subtree won't show up as blank when
displayed or printed. Also pass in the name to "dissect_ndr_pointer()",
so the same happens for subtrees below it. Append only the string data,
not its name, to items up the tree, as the name was put in when the item
was created. Also, when adding a colon before the string, put a space
after the colon, as is done elsewhere in Ethereal.
When appending additional strings, put the blank before the new string,
not after it.
In "dissect_ndr_nt_STRING()", put the subtree into the string with the
name of the field, rather than just "String". Pass in that name to
"dissect_ndr_pointer()", so subtrees below it get a name when they're
initially created.
Get rid of colons in the name string passed to "dissect_ndr_pointer()"
in some calls. Supply a non-null name string in more calls to
"dissect_ndr_pointer()", and fix some calls to pass in the name of the
field being handed to "dissect_ndr_pointer()".
There's no need to fetch the entire "header_field_info" structure for a
protocol field in order to get the field's name - just use
"proto_registrar_get_name()" to get the name.
Use a length of -1, not 0, when creating a subtree whose length will be
set when the dissection of the items under the subtree is complete; that
way, if an exception is thrown while dissecting the items - which means
the item goes past the end of the tvbuff - the item will refer to all
data to the end of the tvbuff, rather than referring to nothing.
Fix a typo in the name of the "hf_samr_unknown_string" field.
svn path=/trunk/; revision=4912
|
|
subtree under it, so that if an exception is thrown while we're
dissecting the items in the subtree, it runs to the end of the tvbuff
(as, if an exception is thrown, it means the item should cover the stuff
in the tvbuff *and* stuff beyond it).
svn path=/trunk/; revision=4903
|
|
bitmap and make the function not static.
This bitmap is present in other RPC protocols for NT services as well
besides SAMR.
svn path=/trunk/; revision=4889
|
|
packet-dcerpc-nt.c since this is a structure that is common to all NT services and not only SAMR.
svn path=/trunk/; revision=4888
|
|
svn path=/trunk/; revision=4618
|
|
NDR pointer handling in DCE RPC
SAMR updates
svn path=/trunk/; revision=4608
|
|
"epan/..." pathnames, so as to avoid collisions with header files in any
of the directories in which we look (e.g., "proto.h", as some other
package has its own "proto.h" file which it installs in the top-level
include directory).
Don't add "-I" flags to search "epan", as that's no longer necessary
(and we want includes of "epan" headers to fail if the "epan/" is left
out, so that we don't re-introduce includes lacking "epan/").
svn path=/trunk/; revision=4586
|
|
svn path=/trunk/; revision=4493
|
|
DOS error codes to the table of them, and exporting that table to other
dissectors for protocols using DOS error codes.
svn path=/trunk/; revision=4470
|
|
svn path=/trunk/; revision=4407
|