Age | Commit message (Collapse) | Author | Files | Lines |
|
The function request/call are dissected but the main body of the function
in/out parameters consists of a unidimensional conformant and varying array of bytes which content is encrypted/obfuscated.
Whoever can tell me how to decrypt/unobfuscate these bytes will get
a case of VB next time in Sydney.
svn path=/trunk/; revision=5532
|
|
level of private data turns out to be needed to pass something other than
an int to dcerpc_dissect_fnct_t functions passed to dissect_ndr_pointer.
A nicer way of doing this would be to convert the levels parameter to a
void *state type of variable but this turns out to be a lot more work as
opposed to a one line change here. (-:
svn path=/trunk/; revision=5434
|
|
When the representation for a pointer type gets dissected, the dissector
is actually called twice. Once with conformant_run==1 and once ==0.
The idea is that when conformant_run is ==1, the ONLY bytes that will be
dissected and would be the array structure preceeding the actual data.
And the normal data and content will be dissected when conformant_run ==0.
This is to handle the case properly when conformant arrays are embedded inside
aggregated types, in which case there will be other data inserted between
these array control data, and the array content.
The check that is added will assert that no other data is actually eaten
for conformant_run==1 than just this data.
This will help debugging dcerpc dissectors.
svn path=/trunk/; revision=5412
|
|
frame number arguments, and elements in data structures, unsigned,
display them with "%u" rather than "%d", and use 0, rather than -1, as
"not known".
svn path=/trunk/; revision=5223
|
|
SAMR updates;
a bugfix in dissect_ndr_pointer() (should not check referent id
for aliases for unique pointers);
enhancement to dissect_ndr_pointer() to make it possible to
hand a generic int value to the dissector for the pointer object
in a similar way as hf_index values are passed through the
pointer layer.
svn path=/trunk/; revision=4721
|
|
fix to LookupRids to match what the IDL file says;
fix to "dissect_ndr_uint64()" to specify the right length to
"proto_tree_add_item()";
give the protocol tree items for array header counts and offsets
the correct offsets in the packet.
svn path=/trunk/; revision=4719
|
|
svn path=/trunk/; revision=4618
|
|
NDR pointer handling in DCE RPC
SAMR updates
svn path=/trunk/; revision=4608
|
|
a request.
svn path=/trunk/; revision=4600
|
|
"epan/..." pathnames, so as to avoid collisions with header files in any
of the directories in which we look (e.g., "proto.h", as some other
package has its own "proto.h" file which it installs in the top-level
include directory).
Don't add "-I" flags to search "epan", as that's no longer necessary
(and we want includes of "epan" headers to fail if the "epan/" is left
out, so that we don't re-introduce includes lacking "epan/").
svn path=/trunk/; revision=4586
|
|
DOS error codes to the table of them, and exporting that table to other
dissectors for protocols using DOS error codes.
svn path=/trunk/; revision=4470
|
|
add "dissect_ndr_ctx_hnd()" for dissecting context handles, and
use it in various DCERPC dissectors;
beef up the MS Security Account Manager dissector.
Also, export "NT_errors[]" for use by that dissector.
svn path=/trunk/; revision=4350
|
|
o Modifies the dcerpc handoff to subdissectors slightly. It
also needs to pass the data representation to the
subdissector. Also, if no subdissector is found, it puts a
"Stub data" entry in the tree.
o Adds optional TCP desegmentation to the dcerpc layer. Note
that dcerpc has it's own ability to fragment PDUs. This isn't
for dealing with that, but with the case of a single PDU being
broken over more than one TCP segment.
o Adds a little bit of dissection to packet-dcerpc-epm.c.
Mainly just proof of concept for the dcerpc handoff stuff.
(Writing this is how I realized the need for the drep.)
o Adds packet-dcerpc-ndr.c, which will contain NDR dissection
routines for use by subdissectors.
Also, support added for multiple PDUs per segment for DCERPC-over-TCP
(and, potentially, other byte-stream transports).
svn path=/trunk/; revision=4285
|
|
conversation matching.
svn path=/trunk/; revision=4220
|
|
themselves with the DCE RPC dissector, and support for some of the
protocols atop DCE RPC that are part of DCE RPC, from Todd Sabin.
svn path=/trunk/; revision=3681
|
|
svn path=/trunk/; revision=3338
|