summaryrefslogtreecommitdiffstats
path: root/epan/dissectors/pidl/mapi/mapi.cnf
diff options
context:
space:
mode:
Diffstat (limited to 'epan/dissectors/pidl/mapi/mapi.cnf')
-rw-r--r--epan/dissectors/pidl/mapi/mapi.cnf1351
1 files changed, 1351 insertions, 0 deletions
diff --git a/epan/dissectors/pidl/mapi/mapi.cnf b/epan/dissectors/pidl/mapi/mapi.cnf
new file mode 100644
index 00000000..c817bbca
--- /dev/null
+++ b/epan/dissectors/pidl/mapi/mapi.cnf
@@ -0,0 +1,1351 @@
+# Conformance file for mapi
+
+HF_FIELD hf_mapi_decrypted_data "Decrypted data" "mapi.decrypted.data" FT_BYTES BASE_NONE NULL 0 NULL HFILL
+HF_FIELD hf_mapi_LogonId "LogonId" "mapi.rop.LogonId" FT_UINT8 BASE_DEC NULL 0 NULL HFILL
+HF_FIELD hf_mapi_ResponseHandleIndex "ResponseHandleIndex" "mapi.rop.ResponseHandleIndex" FT_UINT8 BASE_DEC NULL 0 NULL HFILL
+HF_FIELD hf_mapi_InputHandleIndex "InputHandleIndex" "mapi.rop.InputHandleIndex" FT_UINT8 BASE_DEC NULL 0 NULL HFILL
+HF_FIELD hf_mapi_OutputHandleIndex "OutputHandleIndex" "mapi.rop.OutputHandleIndex" FT_UINT8 BASE_DEC NULL 0 NULL HFILL
+HF_FIELD hf_mapi_RgbInSize "RgbInSize" "mapi.RgbIn.RgbInSize" FT_UINT32 BASE_DEC NULL 0 NULL HFILL
+HF_FIELD hf_mapi_RgbOutSize "RgbOutSize" "mapi.RgbOut.RgbOutSize" FT_UINT32 BASE_DEC NULL 0 NULL HFILL
+HF_FIELD hf_mapi_AUX_PERF_CLIENTINFO_ClientIPV4 "ClientIP" "mapi.AUX_PERF_CLIENTINFO.ClientIP" FT_IPv4 BASE_NONE NULL 0 NULL HFILL
+HF_FIELD hf_mapi_AUX_PERF_CLIENTINFO_ClientIPV6 "ClientIPV6" "mapi.AUX_PERF_CLIENTINFO.ClientIPV6" FT_IPv6 BASE_NONE NULL 0 NULL HFILL
+HF_FIELD hf_mapi_AUX_PERF_CLIENTINFO_MacAddressEther "MacAddress" "mapi.AUX_PERF_CLIENTINFO.MacAddress" FT_ETHER BASE_NONE NULL 0 NULL HFILL
+
+HF_RENAME hf_mapi_AUX_PERF_CLIENTINFO_MacAddress hf_mapi_AUX_PERF_CLIENTINFO_MacAddressEther
+HF_RENAME hf_mapi_AUX_PERF_CLIENTINFO_ClientIP hf_mapi_AUX_PERF_CLIENTINFO_ClientIPV4
+HF_RENAME hf_mapi_AbortSubmit_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_Abort_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_AddressTypes_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_CloneStream_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_CollapseRow_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_CommitStream_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_CopyFolder_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_CopyProperties_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_CopyToStream_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_CopyTo_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_CreateAttach_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_CreateBookmark_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_CreateFolder_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_CreateMessage_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_DeleteAttach_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_DeleteFolder_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_DeleteMessages_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_DeletePropertiesNoReplicate_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_DeleteProps_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_EmptyFolder_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_ExpandRow_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_FastTransferSourceGetBuffer_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_FindRow_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_FreeBookmark_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_GetAttachmentTable_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_GetCollapseState_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_GetContentsTable_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_GetHierarchyTable_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_GetIDsFromNames_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_GetLocalReplicaIds_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_GetMessageStatus_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_GetNamesFromIDs_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_GetOwningServers_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_GetPerUserGuid_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_GetPerUserLongTermIds_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_GetPermissionsTable_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_GetPropList_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_GetPropsAll_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_GetProps_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_GetReceiveFolderTable_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_GetReceiveFolder_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_GetRulesTable_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_GetSearchCriteria_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_GetStatus_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_GetStoreState_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_GetStreamSize_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_GetTransportFolder_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_GetValidAttachments_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_HardDeleteMessagesAndSubfolders_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_HardDeleteMessages_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_IdFromLongTermId_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_LockRegionStream_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_Logon_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_LongTermIdFromId_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_ModifyPermissions_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_ModifyRecipients_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_ModifyRules_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_MoveCopyMessages_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_MoveFolder_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_OpenAttach_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_OpenEmbeddedMessage_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_OpenFolder_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_OpenMessage_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_OpenStream_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_OptionsData_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_Progress_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_PublicFolderIsGhosted_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_QueryColumnsAll_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_QueryNamedProperties_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_QueryPosition_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_QueryRows_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_ReadPerUserInformation_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_ReadRecipients_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_ReadStream_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_RegisterNotification_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_Release_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_RemoveAllRecipients_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_ResetTable_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_SaveChangesAttachment_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_SaveChangesMessage_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_SeekRowApprox_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_SeekRowBookmark_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_SeekRow_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_SeekStream_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_SetCollapseState_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_SetColumns_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_SetMessageReadFlag_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_SetMessageStatus_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_SetPropertiesNoReplicate_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_SetProps_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_SetReadFlags_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_SetReceiveFolder_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_SetSearchCriteria_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_SetSpooler_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_SetStreamSize_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_SortTable_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_SpoolerLockMessage_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_SubmitMessage_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_SyncConfigure_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_SyncGetTransferState_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_SyncImportDeletes_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_SyncImportHierarchyChange_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_SyncImportMessageChange_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_SyncImportMessageMove_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_SyncImportReadStateChanges_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_SyncOpenCollector_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_SyncUploadStateStreamBegin_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_SyncUploadStateStreamContinue_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_SyncUploadStateStreamEnd_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_TransportNewMail_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_TransportSend_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_UnlockRegionStream_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_UpdateDeferredActionMessages_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_WriteAndCommitStream_req_LogonId hf_mapi_LogonId
+HF_RENAME hf_mapi_WriteStream_req_LogonId hf_mapi_LogonId
+
+
+HF_RENAME hf_mapi_AbortSubmit_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_Abort_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_AddressTypes_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_CloneStream_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_CollapseRow_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_CommitStream_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_CreateAttach_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_CreateBookmark_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_CreateFolder_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_CreateMessage_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_DeleteAttach_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_DeleteFolder_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_DeleteMessages_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_DeletePropertiesNoReplicate_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_DeleteProps_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_EmptyFolder_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_ExpandRow_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_FastTransferSourceGetBuffer_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_FindRow_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_FreeBookmark_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_GetAttachmentTable_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_GetCollapseState_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_GetContentsTable_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_GetHierarchyTable_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_GetIDsFromNames_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_GetLocalReplicaIds_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_GetMessageStatus_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_GetNamesFromIDs_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_GetOwningServers_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_GetPerUserGuid_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_GetPerUserLongTermIds_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_GetPermissionsTable_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_GetPropList_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_GetPropsAll_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_GetProps_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_GetReceiveFolderTable_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_GetReceiveFolder_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_GetRulesTable_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_GetSearchCriteria_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_GetStatus_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_GetStoreState_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_GetStreamSize_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_GetTransportFolder_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_GetValidAttachments_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_HardDeleteMessagesAndSubfolders_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_HardDeleteMessages_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_IdFromLongTermId_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_LockRegionStream_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_LongTermIdFromId_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_ModifyPermissions_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_ModifyRecipients_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_ModifyRules_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_OpenAttach_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_OpenEmbeddedMessage_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_OpenFolder_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_OpenMessage_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_OpenStream_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_OptionsData_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_Progress_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_PublicFolderIsGhosted_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_QueryColumnsAll_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_QueryNamedProperties_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_QueryPosition_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_QueryRows_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_ReadPerUserInformation_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_ReadRecipients_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_ReadStream_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_RegisterNotification_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_Release_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_RemoveAllRecipients_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_ResetTable_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_SaveChangesAttachment_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_SaveChangesMessage_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_SeekRowApprox_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_SeekRowBookmark_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_SeekRow_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_SeekStream_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_SetCollapseState_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_SetColumns_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_SetMessageReadFlag_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_SetMessageStatus_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_SetPropertiesNoReplicate_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_SetProps_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_SetReadFlags_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_SetReceiveFolder_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_SetSearchCriteria_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_SetSpooler_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_SetStreamSize_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_SortTable_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_SpoolerLockMessage_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_SubmitMessage_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_SyncConfigure_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_SyncGetTransferState_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_SyncImportDeletes_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_SyncImportHierarchyChange_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_SyncImportMessageChange_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_SyncImportMessageMove_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_SyncImportReadStateChanges_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_SyncOpenCollector_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_SyncUploadStateStreamBegin_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_SyncUploadStateStreamContinue_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_SyncUploadStateStreamEnd_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_TransportNewMail_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_TransportSend_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_UnlockRegionStream_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_UpdateDeferredActionMessages_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_WriteAndCommitStream_req_InputHandleIndex hf_mapi_InputHandleIndex
+HF_RENAME hf_mapi_WriteStream_req_InputHandleIndex hf_mapi_InputHandleIndex
+
+HF_RENAME hf_mapi_CloneStream_req_OutputHandleIndex hf_mapi_OutputHandleIndex
+HF_RENAME hf_mapi_CreateAttach_req_OutputHandleIndex hf_mapi_OutputHandleIndex
+HF_RENAME hf_mapi_CreateFolder_req_OutputHandleIndex hf_mapi_OutputHandleIndex
+HF_RENAME hf_mapi_CreateMessage_req_OutputHandleIndex hf_mapi_OutputHandleIndex
+HF_RENAME hf_mapi_GetAttachmentTable_req_OutputHandleIndex hf_mapi_OutputHandleIndex
+HF_RENAME hf_mapi_GetContentsTable_req_OutputHandleIndex hf_mapi_OutputHandleIndex
+HF_RENAME hf_mapi_GetHierarchyTable_req_OutputHandleIndex hf_mapi_OutputHandleIndex
+HF_RENAME hf_mapi_GetPermissionsTable_req_OutputHandleIndex hf_mapi_OutputHandleIndex
+HF_RENAME hf_mapi_GetRulesTable_req_OutputHandleIndex hf_mapi_OutputHandleIndex
+HF_RENAME hf_mapi_Logon_req_OutputHandleIndex hf_mapi_OutputHandleIndex
+HF_RENAME hf_mapi_OpenAttach_req_OutputHandleIndex hf_mapi_OutputHandleIndex
+HF_RENAME hf_mapi_OpenEmbeddedMessage_req_OutputHandleIndex hf_mapi_OutputHandleIndex
+HF_RENAME hf_mapi_OpenFolder_req_OutputHandleIndex hf_mapi_OutputHandleIndex
+HF_RENAME hf_mapi_OpenMessage_req_OutputHandleIndex hf_mapi_OutputHandleIndex
+HF_RENAME hf_mapi_OpenStream_req_OutputHandleIndex hf_mapi_OutputHandleIndex
+HF_RENAME hf_mapi_RegisterNotification_req_OutputHandleIndex hf_mapi_OutputHandleIndex
+HF_RENAME hf_mapi_SyncConfigure_req_OutputHandleIndex hf_mapi_OutputHandleIndex
+HF_RENAME hf_mapi_SyncGetTransferState_req_OutputHandleIndex hf_mapi_OutputHandleIndex
+HF_RENAME hf_mapi_SyncImportMessageChange_req_OutputHandleIndex hf_mapi_OutputHandleIndex
+HF_RENAME hf_mapi_SyncOpenCollector_req_OutputHandleIndex hf_mapi_OutputHandleIndex
+
+HF_RENAME hf_mapi_SaveChangesAttachment_req_ResponseHandleIndex hf_mapi_ResponseHandleIndex
+HF_RENAME hf_mapi_SaveChangesMessage_req_ResponseHandleIndex hf_mapi_ResponseHandleIndex
+HF_RENAME hf_mapi_SetMessageReadFlag_req_ResponseHandleIndex hf_mapi_ResponseHandleIndex
+
+HF_FIELD hf_mapi_SyncUploadStateStreamContinue_req_StreamDataValue "StreamData" "mapi.SyncUploadStateStreamContinue_req.StreamData" FT_BYTES BASE_NONE NULL 0 NULL HFILL
+HF_RENAME hf_mapi_SyncUploadStateStreamContinue_req_StreamData hf_mapi_SyncUploadStateStreamContinue_req_StreamDataValue
+
+HF_FIELD hf_mapi_SyncImportMessageMove_req_SourceFolderIdValue "SourceFolderId" "mapi.SyncImportMessageMove_req.SourceFolderId" FT_BYTES BASE_NONE NULL 0 NULL HFILL
+HF_RENAME hf_mapi_SyncImportMessageMove_req_SourceFolderId hf_mapi_SyncImportMessageMove_req_SourceFolderIdValue
+
+HF_FIELD hf_mapi_SyncImportMessageMove_req_SourceMessageIdValue "SourceMessageId" "mapi.SyncImportMessageMove_req.SourceMessageId" FT_BYTES BASE_NONE NULL 0 NULL HFILL
+HF_RENAME hf_mapi_SyncImportMessageMove_req_SourceMessageId hf_mapi_SyncImportMessageMove_req_SourceMessageIdValue
+
+HF_FIELD hf_mapi_SyncImportMessageMove_req_PredecessorChangeListValue "PredecessorChangeList" "mapi.SyncImportMessageMove_req.PredecessorChangeList" FT_BYTES BASE_NONE NULL 0 NULL HFILL
+HF_RENAME hf_mapi_SyncImportMessageMove_req_PredecessorChangeList hf_mapi_SyncImportMessageMove_req_PredecessorChangeListValue
+
+HF_FIELD hf_mapi_SyncImportMessageMove_req_DestinationMessageIdValue "DestinationMessageId" "mapi.SyncImportMessageMove_req.DestinationMessageId" FT_BYTES BASE_NONE NULL 0 NULL HFILL
+HF_RENAME hf_mapi_SyncImportMessageMove_req_DestinationMessageId hf_mapi_SyncImportMessageMove_req_DestinationMessageIdValue
+
+HF_FIELD hf_mapi_SyncImportMessageMove_req_ChangeNumberValue "ChangeNumber" "mapi.SyncImportMessageMove_req.ChangeNumber" FT_BYTES BASE_NONE NULL 0 NULL HFILL
+HF_RENAME hf_mapi_SyncImportMessageMove_req_ChangeNumber hf_mapi_SyncImportMessageMove_req_ChangeNumberValue
+
+ETT_FIELD ett_mapi_connect_request
+ETT_FIELD ett_ServerObjectHandleTable
+
+MANUAL mapi_dissect_struct_request
+MANUAL mapi_dissect_struct_EcDoRpcMapiRequest
+MANUAL mapi_dissect_struct_AuxInfo
+MANUAL mapi_dissect_struct_AUX_HEADER
+MANUAL mapi_dissect_AUX_HEADER_TYPE_ENUM
+MANUAL mapi_dissect_AUX_DATA
+MANUAL mapi_dissect_struct_EcDoRpcMapiResponse
+MANUAL mapi_dissect_struct_response
+MANUAL mapi_dissect_element_EcDoRpc_response
+MANUAL mapi_dissect_struct_AUX_PERF_CLIENTINFO
+MANUAL mapi_dissect_element_AuxInfo_auxHeader
+MANUAL mapi_dissect_element_EcDoConnect_szUserDN
+MANUAL mapi_dissect_element_EcDoConnectEx_szUserDN
+MANUAL mapi_dissect_element_EcDoConnectEx_rgbAuxOut_
+MANUAL mapi_dissect_element_EcDoRpcExt2_rgbAuxOut_
+MANUAL mapi_dissect_element_EcDoConnect_rgwClientVersion
+MANUAL mapi_dissect_element_EcDoConnect_rgwServerVersion
+MANUAL mapi_dissect_element_EcDoConnect_rgwBestVersion
+MANUAL mapi_dissect_element_EcDoConnectEx_rgwClientVersion
+MANUAL mapi_dissect_element_EcDoConnectEx_rgwServerVersion
+MANUAL mapi_dissect_element_EcDoConnectEx_rgwBestVersion
+MANUAL mapi_dissect_struct_SyncUploadStateStreamContinue_req
+MANUAL mapi_dissect_struct_SyncImportMessageMove_req
+MANUAL mapi_dissect_bitmap_OpenFlags
+MANUAL mapi_dissect_bitmap_StoreState
+MANUAL mapi_dissect_struct_Logon_repl
+MANUAL mapi_dissect_struct_RgbIn
+MANUAL mapi_dissect_struct_RgbOut
+MANUAL mapi_dissect_element_EcDoRpcExt2_rgbOut_
+MANUAL mapi_dissect_element_EcDoRpcExt_rgbOut_
+
+
+NOEMIT mapi_dissect_element_EcDoRpc_request
+NOEMIT mapi_dissect_element_request_len
+NOEMIT mapi_dissect_element_request_length
+NOEMIT mapi_dissect_element_EcDoRpcMapiRequest_opnum
+NOEMIT mapi_dissect_element_request_handles
+NOEMIT mapi_dissect_element_EcDoRpc_MAPI_REPL_opnum
+NOEMIT mapi_dissect_element_EcDoRpcMapiResponse_opnum
+NOEMIT mapi_dissect_element_response_len
+NOEMIT mapi_dissect_element_response_length
+NOEMIT mapi_dissect_element_response_handles
+NOEMIT mapi_dissect_element_EcDoRpc_response_
+NOEMIT mapi_dissect_element_AuxInfo_auxInSize
+NOEMIT mapi_dissect_element_AuxInfo_auxIn
+NOEMIT mapi_dissect_element_AuxInfo_RpcHeaderExtension
+NOEMIT mapi_dissect_element_AuxInfo_AUX_HEADER
+NOEMIT mapi_dissect_element_AUX_HEADER_hdrType
+NOEMIT mapi_dissect_element_AUX_HEADER_TYPE_ENUM_Type
+NOEMIT mapi_dissect_element_AUX_HEADER_TYPE_ENUM_Type_2
+NOEMIT mapi_dissect_element_AUX_HEADER_AuxData
+NOEMIT mapi_dissect_element_AUX_DATA_Version1
+NOEMIT mapi_dissect_element_AUX_DATA_Version2
+NOEMIT mapi_dissect_element_AUX_PERF_CLIENTINFO_MachineNameOffset
+NOEMIT mapi_dissect_element_AUX_PERF_CLIENTINFO_UserNameOffset
+NOEMIT mapi_dissect_element_AUX_PERF_CLIENTINFO_ClientIPSize
+NOEMIT mapi_dissect_element_AUX_PERF_CLIENTINFO_ClientIPOffset
+NOEMIT mapi_dissect_element_AUX_PERF_CLIENTINFO_ClientIPMaskSize
+NOEMIT mapi_dissect_element_AUX_PERF_CLIENTINFO_ClientIPMaskOffset
+NOEMIT mapi_dissect_element_AUX_PERF_CLIENTINFO_AdapterNameOffset
+NOEMIT mapi_dissect_element_AUX_PERF_CLIENTINFO_MacAddressSize
+NOEMIT mapi_dissect_element_AUX_PERF_CLIENTINFO_MacAddressOffset
+NOEMIT mapi_dissect_element_AUX_PERF_CLIENTINFO_MachineName
+NOEMIT mapi_dissect_element_AUX_PERF_CLIENTINFO_UserName
+NOEMIT mapi_dissect_element_AUX_PERF_CLIENTINFO_ClientIP
+NOEMIT mapi_dissect_element_AUX_PERF_CLIENTINFO_ClientIPMask
+NOEMIT mapi_dissect_element_AUX_PERF_CLIENTINFO_AdapterName
+NOEMIT mapi_dissect_element_AUX_PERF_CLIENTINFO_MacAddress
+NOEMIT mapi_dissect_element_AUX_HEADER_Size
+NOEMIT mapi_dissect_element_EcDoConnectEx_rgbAuxOut__
+NOEMIT mapi_dissect_element_EcDoRpcExt2_rgbAuxOut__
+NOEMIT mapi_dissect_element_AuxInfo_auxHeader_
+NOEMIT mapi_dissect_element_EcDoConnect_rgwClientVersion_
+NOEMIT mapi_dissect_element_ROPRequest_RopId
+NOEMIT mapi_dissect_element_SyncUploadStateStreamContinue_req_StreamDataSize
+NOEMIT mapi_dissect_element_SyncUploadStateStreamContinue_req_StreamData
+NOEMIT mapi_dissect_element_SyncImportMessageMove_req_SourceFolderIdSize
+NOEMIT mapi_dissect_element_SyncImportMessageMove_req_SourceFolderId
+NOEMIT mapi_dissect_element_SyncImportMessageMove_req_SourceMessageIdSize
+NOEMIT mapi_dissect_element_SyncImportMessageMove_req_SourceMessageId
+NOEMIT mapi_dissect_element_SyncImportMessageMove_req_PredecessorChangeListSize
+NOEMIT mapi_dissect_element_SyncImportMessageMove_req_PredecessorChangeList
+NOEMIT mapi_dissect_element_SyncImportMessageMove_req_DestinationMessageIdSize
+NOEMIT mapi_dissect_element_SyncImportMessageMove_req_DestinationMessageId
+NOEMIT mapi_dissect_element_SyncImportMessageMove_req_ChangeNumberSize
+NOEMIT mapi_dissect_element_SyncImportMessageMove_req_ChangeNumber
+NOEMIT mapi_dissect_element_Logon_repl_ReturnValue
+NOEMIT mapi_dissect_element_Logon_repl_LogonFlags
+NOEMIT mapi_dissect_element_RgbIn_RpcHeaderExtension
+NOEMIT mapi_dissect_element_RgbIn_ropIn
+NOEMIT mapi_dissect_element_RgbOut_RpcHeaderExtension
+NOEMIT mapi_dissect_element_RgbOut_ropOut
+NOEMIT mapi_dissect_element_EcDoRpcExt2_rgbOut__
+NOEMIT mapi_dissect_element_EcDoRpcExt_rgbOut__
+
+CODE START
+
+tvbuff_t *
+mapi_deobfuscate(tvbuff_t *tvb, int offset, packet_info *pinfo, guint32 size)
+{
+ tvbuff_t *deob_tvb = NULL;
+ guint8 *decrypted_data;
+ const guint8 *ptr;
+ gint reported_len;
+
+ reported_len = tvb_reported_length_remaining(tvb, offset);
+
+ if ((guint32) reported_len > size) {
+ reported_len = size;
+ }
+
+ if (size > (guint32) reported_len) {
+ size = reported_len;
+ }
+
+ ptr = tvb_get_ptr(tvb, offset, size);
+
+ decrypted_data = (guint8 *)wmem_alloc0(pinfo->pool, size);
+ for (guint32 i = 0; i < size; i++) {
+ decrypted_data[i] = ptr[i] ^ 0xA5;
+ }
+
+ deob_tvb = tvb_new_child_real_data(tvb, decrypted_data, size, reported_len);
+
+ return deob_tvb;
+}
+
+/* [MS-OXCRPC] 3.1.4.1.3.1 Version Number Comparison
+*/
+static int
+normalize_version(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *tree, int hf_index, const gchar * str)
+{
+ guint16 version_0, build_major, product_major, product_minor;
+ gchar *value;
+
+ version_0= tvb_get_letohs(tvb, offset);
+ build_major= tvb_get_letohs(tvb, offset + 2);
+
+ if(build_major & 0x8000){
+ product_major = (version_0 & 0xFF00) >> 8;
+ product_minor = (version_0 & 0xFF);
+ build_major = (build_major & 0x7FFF);
+ } else {
+ product_major = version_0;
+ product_minor = 0;
+ }
+
+ value = wmem_strdup_printf( pinfo->pool
+ , "%d.%d.%d.%d"
+ , product_major
+ , product_minor
+ , build_major
+ , tvb_get_letohs(tvb, offset + 4));
+
+ proto_tree_add_string_format( tree
+ , hf_index
+ , tvb
+ , offset
+ , 6
+ , value
+ , "%s: %s"
+ , str
+ , value
+ );
+ return offset + 6;
+}
+
+static int
+mapi_dissect_element_EcDoConnect_rgwClientVersion(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+ return normalize_version(tvb, pinfo, offset, tree, hf_mapi_mapi_EcDoConnect_rgwClientVersion, "rgwClientVersion");
+}
+
+static int
+mapi_dissect_element_EcDoConnect_rgwServerVersion(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+ return normalize_version(tvb, pinfo, offset, tree, hf_mapi_mapi_EcDoConnect_rgwServerVersion, "rgwServerVersion");
+}
+
+static int
+mapi_dissect_element_EcDoConnect_rgwBestVersion(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+ return normalize_version(tvb, pinfo, offset, tree, hf_mapi_mapi_EcDoConnect_rgwBestVersion, "rgwBestVersion");
+}
+
+static int
+mapi_dissect_element_EcDoConnectEx_rgwClientVersion(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+ return normalize_version(tvb, pinfo, offset, tree, hf_mapi_mapi_EcDoConnectEx_rgwClientVersion, "rgwClientVersion");
+}
+
+static int
+mapi_dissect_element_EcDoConnectEx_rgwServerVersion(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+ return normalize_version(tvb, pinfo, offset, tree, hf_mapi_mapi_EcDoConnectEx_rgwServerVersion, "rgwServerVersion");
+}
+
+static int
+mapi_dissect_element_EcDoConnectEx_rgwBestVersion(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+ return normalize_version(tvb, pinfo, offset, tree, hf_mapi_mapi_EcDoConnectEx_rgwBestVersion, "rgwBestVersion");
+}
+
+
+static int
+mapi_dissect_element_EcDoRpc_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+ return mapi_dissect_struct_request(tvb, offset, pinfo, tree, di, drep, hf_mapi_mapi_EcDoRpc_mapi_request, 0);
+}
+
+static int
+mapi_dissect_element_EcDoRpc_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+ return mapi_dissect_struct_response(tvb, offset, pinfo, tree, di, drep, hf_mapi_mapi_EcDoRpc_mapi_response, 0);
+}
+
+/**
+ * Analyze mapi_request MAPI Handles
+ */
+static int
+mapi_dissect_element_handles_cnf(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, int hf_index _U_, guint8 *drep _U_)
+{
+ gint reported_len;
+ gint handles_cnt = 0;
+ guint32 value;
+ proto_tree *tr = NULL;
+
+ reported_len = tvb_reported_length_remaining(tvb, offset);
+
+ handles_cnt = reported_len / 4;
+
+ tr = proto_tree_add_subtree_format(tree, tvb, offset, reported_len, ett_mapi_mapi_request, NULL, "MAPI Handles: %d", handles_cnt);
+
+ for (gint i = 0; i < handles_cnt; i++) {
+ value = tvb_get_letohl(tvb, offset);
+ proto_tree_add_uint_format(tr, hf_index, tvb, offset, 4, value, "[%.2d] MAPI handle: 0x%.8x", i, value);
+ offset += 4;
+ }
+
+ return offset;
+}
+
+int
+mapi_dissect_struct_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
+{
+ proto_item *item = NULL;
+ proto_tree *tree = NULL;
+ int start_offset = offset;
+ tvbuff_t *decrypted_tvb;
+ guint32 size;
+ guint16 pdu_len;
+
+ ALIGN_TO_5_BYTES;
+
+ if (parent_tree) {
+ item = proto_tree_add_item(parent_tree, hf_index, tvb, start_offset, -1, ENC_NA);
+ tree = proto_item_add_subtree(item, ett_mapi_mapi_response);
+ }
+
+ offset = dissect_ndr_uint32(tvb, start_offset, pinfo, tree, di, drep, hf_mapi_mapi_response_mapi_len, &size);
+
+ decrypted_tvb = mapi_deobfuscate(tvb, offset, pinfo, size);
+ if (!decrypted_tvb || tvb_reported_length(decrypted_tvb) != size) {
+ return offset;
+ }
+
+ offset += size;
+ proto_item_set_len(item, offset - start_offset);
+
+ {
+ add_new_data_source(pinfo, decrypted_tvb, "Decrypted MAPI Response");
+
+ tree = proto_tree_add_subtree(tree, decrypted_tvb, 0, size, ett_mapi_mapi_response, NULL, "Decrypted MAPI Response PDU");
+
+ pdu_len = tvb_get_letohs(decrypted_tvb, 0);
+ proto_tree_add_uint(tree, hf_mapi_mapi_response_length, decrypted_tvb, 0, sizeof(guint16), pdu_len);
+ proto_tree_add_item(tree, hf_mapi_decrypted_data, decrypted_tvb, sizeof(guint16), pdu_len - sizeof(guint16), ENC_NA);
+
+ /* analyze contents */
+ mapi_dissect_element_response_rpcResponse(decrypted_tvb, sizeof(guint16), pinfo, tree, di, drep);
+ mapi_dissect_element_handles_cnf(decrypted_tvb, pdu_len, pinfo, tree, di, hf_mapi_mapi_response_handles, drep);
+ }
+
+ if (di->call_data->flags & DCERPC_IS_NDR64) {
+ ALIGN_TO_5_BYTES;
+ }
+
+ return offset;
+}
+
+static int
+mapi_dissect_element_AuxInfo_auxHeader(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+ guint total_length = tvb_reported_length(tvb);
+
+ if(di->conformant_run){
+ return offset;
+ }
+
+ while(offset >= 0 && (guint)offset < total_length){
+ offset = mapi_dissect_struct_AUX_HEADER(tvb,offset,pinfo,tree,di,drep,di->ptype == PDU_REQ ? hf_mapi_AuxInfo_auxHeader : hf_mapi_AuxInfoOut_auxHeader ,0);
+ }
+
+ return offset;
+}
+
+int
+dissect_EcDoConnectEx_AuxInfoOut(tvbuff_t *tvb _U_, int offset _U_, int length _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+ if (length == 0){
+ return offset;
+ }
+ return mapi_dissect_struct_AuxInfo(tvb, offset, pinfo, parent_tree, di, drep, hf_mapi_mapi_EcDoConnectEx_rgbAuxOut, 0);
+}
+
+static int
+mapi_dissect_element_EcDoConnectEx_rgbAuxOut_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+ return dissect_ndr_ucvarray_block(tvb, offset, pinfo, tree, di, drep, &dissect_EcDoConnectEx_AuxInfoOut);
+}
+
+int
+dissect_EcDoRpcExt2_AuxInfoOut(tvbuff_t *tvb _U_, int offset _U_, int length _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+ if (length == 0){
+ return offset;
+ }
+ return mapi_dissect_struct_AuxInfo(tvb, offset, pinfo, parent_tree, di, drep, hf_mapi_mapi_EcDoRpcExt2_rgbAuxOut, 0);
+}
+
+static int
+mapi_dissect_element_EcDoRpcExt2_rgbAuxOut_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+ return dissect_ndr_ucvarray_block(tvb, offset, pinfo, tree, di, drep, &dissect_EcDoRpcExt2_AuxInfoOut);
+}
+
+int
+mapi_dissect_struct_AUX_PERF_CLIENTINFO(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
+{
+ proto_item *item = NULL;
+ proto_tree *tree = NULL;
+ gboolean oldalign = di->no_align;
+ int old_offset, cur_end_offset;
+ guint16 MachineNameOffset;
+ guint16 UserNameOffset;
+ guint16 ClientIPSize;
+ guint16 ClientIPOffset;
+ guint16 ClientIPMaskSize;
+ guint16 ClientIPMaskOffset;
+ guint16 AdapterNameOffset;
+ guint16 MacAddressSize;
+ guint16 MacAddressOffset;
+
+ di->no_align = TRUE;
+
+ old_offset = offset;
+
+ if (parent_tree) {
+ item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
+ tree = proto_item_add_subtree(item, ett_mapi_AUX_PERF_CLIENTINFO);
+ }
+
+ offset = mapi_dissect_element_AUX_PERF_CLIENTINFO_AdapterSpeed(tvb, offset, pinfo, tree, di, drep);
+
+ offset = mapi_dissect_element_AUX_PERF_CLIENTINFO_ClientID(tvb, offset, pinfo, tree, di, drep);
+
+ offset = PIDL_dissect_uint16_val(tvb, offset, pinfo, tree, di, drep, hf_mapi_AUX_PERF_CLIENTINFO_MachineNameOffset, 0, &MachineNameOffset);
+
+ offset = PIDL_dissect_uint16_val(tvb, offset, pinfo, tree, di, drep, hf_mapi_AUX_PERF_CLIENTINFO_UserNameOffset, 0, &UserNameOffset);
+
+ offset = PIDL_dissect_uint16_val(tvb, offset, pinfo, tree, di, drep, hf_mapi_AUX_PERF_CLIENTINFO_ClientIPSize, 0, &ClientIPSize);
+
+ offset = PIDL_dissect_uint16_val(tvb, offset, pinfo, tree, di, drep, hf_mapi_AUX_PERF_CLIENTINFO_ClientIPOffset, 0, &ClientIPOffset);
+
+ offset = PIDL_dissect_uint16_val(tvb, offset, pinfo, tree, di, drep, hf_mapi_AUX_PERF_CLIENTINFO_ClientIPMaskSize, 0, &ClientIPMaskSize);
+
+ offset = PIDL_dissect_uint16_val(tvb, offset, pinfo, tree, di, drep, hf_mapi_AUX_PERF_CLIENTINFO_ClientIPMaskOffset, 0, &ClientIPMaskOffset);
+
+ offset = PIDL_dissect_uint16_val(tvb, offset, pinfo, tree, di, drep, hf_mapi_AUX_PERF_CLIENTINFO_AdapterNameOffset, 0, &AdapterNameOffset);
+
+ offset = PIDL_dissect_uint16_val(tvb, offset, pinfo, tree, di, drep, hf_mapi_AUX_PERF_CLIENTINFO_MacAddressSize, 0, &MacAddressSize);
+
+ offset = PIDL_dissect_uint16_val(tvb, offset, pinfo, tree, di, drep, hf_mapi_AUX_PERF_CLIENTINFO_MacAddressOffset, 0, &MacAddressOffset);
+
+ offset = mapi_dissect_element_AUX_PERF_CLIENTINFO_ClientMode(tvb, offset, pinfo, tree, di, drep);
+
+ offset = mapi_dissect_element_AUX_PERF_CLIENTINFO_Reserved(tvb, offset, pinfo, tree, di, drep);
+
+ if (MachineNameOffset > 0){
+ cur_end_offset = dissect_null_term_wstring(tvb, MachineNameOffset, pinfo, tree, drep, hf_mapi_AUX_PERF_CLIENTINFO_MachineName , 0);
+ if (cur_end_offset > offset)
+ offset = cur_end_offset;
+ }
+
+ if (UserNameOffset > 0){
+ cur_end_offset = dissect_null_term_wstring(tvb, UserNameOffset, pinfo, tree, drep, hf_mapi_AUX_PERF_CLIENTINFO_UserName , 0);
+ if (cur_end_offset > offset)
+ offset = cur_end_offset;
+ }
+
+ if (ClientIPOffset > 0 && ClientIPSize > 0){
+ if(ClientIPSize == 4){
+ proto_tree_add_item(tree, hf_mapi_AUX_PERF_CLIENTINFO_ClientIPV4, tvb, ClientIPOffset, 4, ENC_NA);
+ } else if(ClientIPSize == 16){
+ proto_tree_add_item(tree, hf_mapi_AUX_PERF_CLIENTINFO_ClientIPV6, tvb, ClientIPOffset, 16, ENC_NA);
+ }
+
+ cur_end_offset = ClientIPOffset + ClientIPSize;
+
+ if (cur_end_offset > offset)
+ offset = cur_end_offset;
+ }
+
+ if (ClientIPMaskOffset > 0 && ClientIPMaskSize > 0){
+ for (int i = 0; i < ClientIPMaskSize; i++)
+ cur_end_offset = PIDL_dissect_uint8(tvb, ClientIPMaskOffset+i, pinfo, tree, di, drep, hf_mapi_AUX_PERF_CLIENTINFO_ClientIPMask, 0);
+
+ if (cur_end_offset > offset)
+ offset = cur_end_offset;
+ }
+
+ if (AdapterNameOffset > 0){
+ cur_end_offset = dissect_null_term_wstring(tvb, AdapterNameOffset, pinfo, tree, drep, hf_mapi_AUX_PERF_CLIENTINFO_AdapterName , 0);
+
+ if (cur_end_offset > offset)
+ offset = cur_end_offset;
+ }
+
+ if (MacAddressOffset > 0 && MacAddressSize > 0){
+ if(MacAddressSize == 6){
+ proto_tree_add_item(tree, hf_mapi_AUX_PERF_CLIENTINFO_MacAddressEther, tvb, MacAddressOffset, 6, ENC_NA);
+ }
+
+ cur_end_offset = MacAddressOffset + MacAddressSize;
+
+ if (cur_end_offset > offset)
+ offset = cur_end_offset;
+ }
+
+ proto_item_set_len(item, offset-old_offset);
+
+ di->no_align = oldalign;
+
+ return offset;
+}
+
+static int
+mapi_dissect_AuxDataVersion1(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_);
+
+static int
+mapi_dissect_AuxDataVersion2(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_);
+
+static int
+mapi_dissect_AUX_DATA(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint8 Version, int hf_index _U_, guint8 hdrType)
+{
+ switch(Version) {
+ case AUX_VERSION_1:
+ return mapi_dissect_AuxDataVersion1(tvb, offset, pinfo, parent_tree, di, drep, hf_mapi_AUX_DATA_Version1, hdrType);
+ case AUX_VERSION_2:
+ return mapi_dissect_AuxDataVersion2(tvb, offset, pinfo, parent_tree, di, drep, hf_mapi_AUX_DATA_Version2, hdrType);
+ default:
+ return offset;
+ }
+}
+
+int
+mapi_dissect_AUX_HEADER_TYPE_ENUM(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, guint8 Version, int hf_index _U_, guint8 *hdrType)
+{
+ switch(Version) {
+ case AUX_VERSION_1:
+ return PIDL_dissect_uint8_val(tvb, offset, pinfo, parent_tree, di, drep, hf_mapi_AUX_HEADER_TYPE_ENUM_Type, 0, hdrType);
+ case AUX_VERSION_2:
+ return PIDL_dissect_uint8_val(tvb, offset, pinfo, parent_tree, di, drep, hf_mapi_AUX_HEADER_TYPE_ENUM_Type_2, 0, hdrType);
+ default:
+ return offset;
+ }
+}
+
+int
+mapi_dissect_struct_AUX_HEADER(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
+{
+ guint16 auxSize = 0;
+ guint8 Version = 0;
+ guint8 hdrType = 0;
+ proto_item *item = NULL;
+ proto_tree *tree = NULL;
+ gboolean oldalign = di->no_align;
+
+ di->no_align = TRUE;
+
+ if (parent_tree) {
+ item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
+ tree = proto_item_add_subtree(item, ett_mapi_AUX_HEADER);
+ }
+
+ offset = PIDL_dissect_uint16_val(tvb, offset, pinfo, tree, di, drep, hf_mapi_AUX_HEADER_Size, 0, &auxSize);
+ offset = mapi_dissect_element_AUX_HEADER_Version(tvb, offset, pinfo, tree, di, drep, &Version);
+ offset = mapi_dissect_AUX_HEADER_TYPE_ENUM(tvb, offset, pinfo, tree, di, drep, Version, hf_mapi_AUX_HEADER_hdrType, &hdrType);
+ offset = mapi_dissect_AUX_DATA(tvb, offset, pinfo, tree, di, drep, Version, hf_mapi_AUX_HEADER_AuxData, hdrType);
+
+ proto_item_set_len(item, auxSize);
+
+ di->no_align = oldalign;
+
+ return offset;
+}
+
+int
+mapi_dissect_struct_EcDoRpcMapiRequest(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
+{
+ guint8 opnum = 0;
+ proto_item *item = NULL;
+ proto_tree *tree = NULL;
+ gboolean oldalign = di->no_align;
+ int old_offset;
+
+ di->no_align = TRUE;
+
+ old_offset = offset;
+
+ if (parent_tree) {
+ item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
+ tree = proto_item_add_subtree(item, ett_mapi_EcDoRpcMapiRequest);
+ }
+
+ offset = PIDL_dissect_uint8_val(tvb, offset, pinfo, tree, di, drep, hf_mapi_EcDoRpcMapiRequest_opnum, param, &opnum);
+
+ col_append_fstr(pinfo->cinfo, COL_INFO, " + %s", val_to_str(opnum, mapi_ROP_OPNUM_vals, "Unknown MAPI operation"));
+
+ offset = mapi_dissect_element_EcDoRpcMapiRequest_u(tvb, offset, pinfo, tree, di, drep, &opnum);
+
+ proto_item_set_len(item, offset-old_offset);
+
+ di->no_align = oldalign;
+
+ return offset;
+}
+
+int
+mapi_dissect_struct_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
+{
+ proto_item *item = NULL;
+ proto_tree *tree = NULL;
+ int start_offset = offset;;
+ tvbuff_t *decrypted_tvb = NULL;
+ guint16 pdu_len;
+ guint32 size;
+
+ ALIGN_TO_5_BYTES;
+
+ if (parent_tree) {
+ item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
+ tree = proto_item_add_subtree(item, ett_mapi_mapi_request);
+ }
+
+ offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_mapi_mapi_request_mapi_len, &size);
+
+ decrypted_tvb = mapi_deobfuscate(tvb, offset, pinfo, size);
+ if (!decrypted_tvb || tvb_reported_length(decrypted_tvb) != size) {
+ return offset;
+ }
+
+ offset += size;
+ proto_item_set_len(item, offset - start_offset);
+
+ {
+ add_new_data_source(pinfo, decrypted_tvb, "Decrypted MAPI Request");
+
+ tree = proto_tree_add_subtree(tree, decrypted_tvb, 0, size, ett_mapi_mapi_request, NULL, "Decrypted MAPI Request PDU");
+
+ pdu_len = tvb_get_letohs(decrypted_tvb, 0);
+ proto_tree_add_uint(tree, hf_mapi_mapi_request_length, decrypted_tvb, 0, 2, pdu_len);
+ proto_tree_add_item(tree, hf_mapi_decrypted_data, decrypted_tvb, 2, pdu_len - 2, ENC_NA);
+
+ /* analyze contents */
+ mapi_dissect_element_request_rpcRequest(decrypted_tvb, 2, pinfo, tree, di, drep);
+
+ mapi_dissect_element_handles_cnf(decrypted_tvb, pdu_len, pinfo, tree, di, hf_mapi_mapi_request_handles, drep);
+ }
+
+ if (di->call_data->flags & DCERPC_IS_NDR64) {
+ ALIGN_TO_5_BYTES;
+ }
+
+ return offset;
+}
+
+static int
+mapi_dissect_element_EcDoConnect_szUserDN(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+ char *data= NULL;
+
+ offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep, sizeof(guint8), hf_mapi_mapi_EcDoConnect_szUserDN, FALSE, &data);
+ proto_item_append_text(tree, ": %s", data);
+ col_append_fstr(pinfo->cinfo, COL_INFO, " DN: %s", data);
+
+ return offset;
+}
+
+static int
+mapi_dissect_element_EcDoConnectEx_szUserDN(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+ char *data= NULL;
+
+ offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep, sizeof(guint8), hf_mapi_mapi_EcDoConnectEx_szUserDN, FALSE, &data);
+ proto_item_append_text(tree, ": %s", data);
+
+ col_append_fstr(pinfo->cinfo, COL_INFO, " DN: %s", data);
+
+ return offset;
+}
+
+int
+mapi_dissect_struct_EcDoRpcMapiResponse(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
+{
+ guint8 opnum = 0;
+ proto_item *item = NULL;
+ proto_tree *tree = NULL;
+ gboolean oldalign = di->no_align;
+ int old_offset= offset;
+
+ di->no_align = TRUE;
+
+ if (parent_tree) {
+ item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
+ tree = proto_item_add_subtree(item, ett_mapi_EcDoRpcMapiResponse);
+ }
+
+ offset = PIDL_dissect_uint8_val(tvb, offset, pinfo, tree, di, drep, hf_mapi_EcDoRpcMapiResponse_opnum, param, &opnum);
+ col_append_fstr(pinfo->cinfo, COL_INFO, " + %s", val_to_str(opnum, mapi_ROP_OPNUM_vals, "Unknown MAPI operation"));
+
+ offset = mapi_dissect_element_EcDoRpcMapiResponse_u(tvb, offset, pinfo, tree, di, drep, &opnum);
+
+ proto_item_set_len(item, offset-old_offset);
+
+ di->no_align = oldalign;
+
+ return offset;
+}
+
+int
+uint32_size_uint8_buffer(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, dcerpc_info* di, guint8 *drep, int hf_size_index, int hf_buffer_index, guint32 param)
+{
+ guint32 size= 0;
+
+ offset = PIDL_dissect_uint32_val(tvb, offset, pinfo, parent_tree, di, drep, hf_size_index, param, &size);
+
+ proto_tree_add_item(parent_tree, hf_buffer_index, tvb, offset, size, ENC_NA);
+
+ return offset+size;
+}
+
+int
+mapi_dissect_struct_SyncUploadStateStreamContinue_req(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
+{
+ proto_item *item = NULL;
+ proto_tree *tree = NULL;
+ gboolean oldalign = di->no_align;
+ int old_offset= offset;
+
+ di->no_align = TRUE;
+
+ if (parent_tree) {
+ item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
+ tree = proto_item_add_subtree(item, ett_mapi_SyncUploadStateStreamContinue_req);
+ }
+
+ offset = mapi_dissect_element_SyncUploadStateStreamContinue_req_LogonId(tvb, offset, pinfo, tree, di, drep);
+
+ offset = mapi_dissect_element_SyncUploadStateStreamContinue_req_InputHandleIndex(tvb, offset, pinfo, tree, di, drep);
+
+ offset = uint32_size_uint8_buffer(tvb, offset, pinfo, tree, di, drep, hf_mapi_SyncUploadStateStreamContinue_req_StreamDataSize, hf_mapi_SyncUploadStateStreamContinue_req_StreamDataValue, 0);
+
+ proto_item_set_len(item, offset-old_offset);
+
+ di->no_align = oldalign;
+
+ return offset;
+}
+
+int
+mapi_dissect_struct_SyncImportMessageMove_req(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
+{
+ proto_item *item = NULL;
+ proto_tree *tree = NULL;
+ gboolean oldalign = di->no_align;
+ int old_offset = offset;
+
+ di->no_align = TRUE;
+
+ if (parent_tree) {
+ item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
+ tree = proto_item_add_subtree(item, ett_mapi_SyncImportMessageMove_req);
+ }
+
+ offset = mapi_dissect_element_SyncImportMessageMove_req_LogonId(tvb, offset, pinfo, tree, di, drep);
+ offset = mapi_dissect_element_SyncImportMessageMove_req_InputHandleIndex(tvb, offset, pinfo, tree, di, drep);
+ offset = uint32_size_uint8_buffer(tvb, offset, pinfo, tree, di, drep, hf_mapi_SyncImportMessageMove_req_SourceFolderIdSize, hf_mapi_SyncImportMessageMove_req_SourceFolderIdValue, 0);
+ offset = uint32_size_uint8_buffer(tvb, offset, pinfo, tree, di, drep, hf_mapi_SyncImportMessageMove_req_SourceMessageIdSize, hf_mapi_SyncImportMessageMove_req_SourceMessageIdValue, 0);
+ offset = uint32_size_uint8_buffer(tvb, offset, pinfo, tree, di, drep, hf_mapi_SyncImportMessageMove_req_PredecessorChangeListSize, hf_mapi_SyncImportMessageMove_req_PredecessorChangeListValue, 0);
+ offset = uint32_size_uint8_buffer(tvb, offset, pinfo, tree, di, drep, hf_mapi_SyncImportMessageMove_req_DestinationMessageIdSize, hf_mapi_SyncImportMessageMove_req_DestinationMessageIdValue, 0);
+ offset = uint32_size_uint8_buffer(tvb, offset, pinfo, tree, di, drep, hf_mapi_SyncImportMessageMove_req_ChangeNumberSize, hf_mapi_SyncImportMessageMove_req_ChangeNumberValue, 0);
+
+ proto_item_set_len(item, offset-old_offset);
+
+ di->no_align = oldalign;
+
+ return offset;
+}
+
+/* IDL: bitmap { */
+/* IDL: PUBLIC = 0x2 , */
+/* IDL: HOME_LOGON = 0x4 , */
+/* IDL: TAKE_OWNERSHIP = 0x8 , */
+/* IDL: ALTERNATE_SERVER = 0x100 , */
+/* IDL: IGNORE_HOME_MDB = 0x200 , */
+/* IDL: NO_MAIL = 0x400 , */
+/* IDL: USE_PER_MDB_REPLID_MAPPING = 0x010000000 , */
+/* IDL: } */
+
+int
+mapi_dissect_bitmap_OpenFlags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
+{
+ proto_item *item= NULL;
+ static int * const mapi_OpenFlags_fields[] = {
+ &hf_mapi_OpenFlags_PUBLIC,
+ &hf_mapi_OpenFlags_HOME_LOGON,
+ &hf_mapi_OpenFlags_TAKE_OWNERSHIP,
+ &hf_mapi_OpenFlags_ALTERNATE_SERVER,
+ &hf_mapi_OpenFlags_IGNORE_HOME_MDB,
+ &hf_mapi_OpenFlags_NO_MAIL,
+ &hf_mapi_OpenFlags_USE_PER_MDB_REPLID_MAPPING,
+ NULL
+ };
+ guint32 flags;
+
+ item = proto_tree_add_bitmask_with_flags(parent_tree, tvb, offset, hf_index,
+ ett_mapi_OpenFlags, mapi_OpenFlags_fields, DREP_ENC_INTEGER(drep), BMT_NO_FALSE);
+
+ offset = dissect_ndr_uint32(tvb, offset, pinfo, parent_tree, di, drep, -1, &flags);
+
+ if (!flags)
+ proto_item_append_text(item, ": (No values set)");
+
+ if (flags & (~0x1000070e)) {
+ flags &= (~0x1000070e);
+ proto_item_append_text(item, "Unknown bitmap value 0x%x", flags);
+ }
+
+ return offset;
+}
+
+int
+mapi_dissect_bitmap_StoreState(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
+{
+ proto_item *item;
+ static int * const mapi_StoreState_fields[] = {
+ &hf_mapi_StoreState_STORE_HAS_SEARCHES,
+ NULL
+ };
+ guint32 flags;
+
+ item = proto_tree_add_bitmask_with_flags(parent_tree, tvb, offset, hf_index,
+ ett_mapi_StoreState, mapi_StoreState_fields, DREP_ENC_INTEGER(drep), BMT_NO_FALSE);
+
+ offset = dissect_ndr_uint32(tvb, offset, pinfo, parent_tree, di, drep, -1, &flags);
+
+ if (!flags)
+ proto_item_append_text(item, ": (No values set)");
+
+ if (flags & (~0x10000000)) {
+ flags &= (~0x10000000);
+ proto_item_append_text(item, "Unknown bitmap value 0x%x", flags);
+ }
+
+ return offset;
+}
+
+int
+mapi_dissect_struct_Logon_repl(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
+{
+ proto_item *item = NULL;
+ proto_tree *tree = NULL;
+ gboolean oldalign = di->no_align;
+ int old_offset= offset;
+ guint32 returnValue;
+
+ di->no_align = TRUE;
+
+ if (parent_tree) {
+ item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
+ tree = proto_item_add_subtree(item, ett_mapi_Logon_repl);
+ }
+
+ offset = mapi_dissect_element_Logon_repl_OutputHandleIndex(tvb, offset, pinfo, tree, di, drep);
+
+ offset = PIDL_dissect_uint32_val(tvb, offset, pinfo, tree, di, drep, hf_mapi_Logon_repl_ReturnValue, 0, &returnValue);
+
+ if (returnValue == 0x0){
+ // 2.2.3.1.2 RopLogon ROP Success Response Buffer
+ guint8 LogonFlags= 0;
+
+ offset = mapi_dissect_enum_LogonFlags(tvb, offset, pinfo, tree, di, drep, hf_mapi_Logon_repl_LogonFlags, &LogonFlags);
+
+ if (LogonFlags == 0x1){
+ // Private
+ offset = mapi_dissect_element_Logon_repl_FolderIds(tvb, offset, pinfo, tree, di, drep);
+ offset = mapi_dissect_element_Logon_repl_ResponseFlags(tvb, offset, pinfo, tree, di, drep);
+ offset = mapi_dissect_element_Logon_repl_MailboxGuid(tvb, offset, pinfo, tree, di, drep);
+ offset = mapi_dissect_element_Logon_repl_ReplId(tvb, offset, pinfo, tree, di, drep);
+ offset = mapi_dissect_element_Logon_repl_ReplGuid(tvb, offset, pinfo, tree, di, drep);
+ offset = mapi_dissect_element_Logon_repl_LogonTime(tvb, offset, pinfo, tree, di, drep);
+ offset = mapi_dissect_element_Logon_repl_GwartTime(tvb, offset, pinfo, tree, di, drep);
+ offset = mapi_dissect_element_Logon_repl_StoreState(tvb, offset, pinfo, tree, di, drep);
+ } else {
+ // Public
+ offset = mapi_dissect_element_Logon_repl_FolderIds(tvb, offset, pinfo, tree, di, drep);
+ offset = mapi_dissect_element_Logon_repl_ReplId(tvb, offset, pinfo, tree, di, drep);
+ offset = mapi_dissect_element_Logon_repl_ReplGuid(tvb, offset, pinfo, tree, di, drep);
+ offset = mapi_dissect_element_Logon_repl_PerUserGuid(tvb, offset, pinfo, tree, di, drep);
+ }
+ } else if (returnValue == 0x00000478){
+ // 2.2.1.1.2 RopLogon ROP Redirect Response Buffer
+ offset = mapi_dissect_enum_LogonFlags(tvb, offset, pinfo, tree, di, drep, hf_mapi_Logon_repl_LogonFlags, 0);
+ offset = mapi_dissect_element_Logon_repl_ServerNameSize(tvb, offset, pinfo, tree, di, drep);
+ offset = mapi_dissect_element_Logon_repl_ServerName(tvb, offset, pinfo, tree, di, drep);
+ }
+
+ proto_item_set_len(item, offset-old_offset);
+
+ di->no_align = oldalign;
+
+ return offset;
+}
+
+ #define RHEF_Compressed 0x0001
+ #define RHEF_XorMagic 0x0002
+ #define RHEF_Last 0x0004
+
+int dissect_RPC_HEADER_EXT(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, dcerpc_info* di, guint8 *drep, int hf_index, tvbuff_t **ppUncomp_tvb)
+{
+ proto_tree *hTree = NULL;
+ proto_item *rpcItem = NULL;
+ guint16 flags;
+ guint16 compressedSize= 0, uncompressedSize= 0;
+ int old_offset= offset;
+
+ ALIGN_TO_2_BYTES;
+
+ if (parent_tree) {
+ rpcItem = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
+ hTree = proto_item_add_subtree(rpcItem, ett_mapi_RPC_HEADER_EXT);
+ }
+
+ offset = mapi_dissect_element_RPC_HEADER_EXT_Version(tvb, offset, pinfo, hTree, di, drep);
+
+ proto_item *flagItem;
+ static int * const mapi_RPC_HEADER_EXT_Flags_fields[] = {
+ &hf_mapi_RPC_HEADER_EXT_Flags_RHEF_Compressed,
+ &hf_mapi_RPC_HEADER_EXT_Flags_RHEF_XorMagic,
+ &hf_mapi_RPC_HEADER_EXT_Flags_RHEF_Last,
+ NULL
+ };
+
+ ALIGN_TO_2_BYTES;
+
+ flagItem = proto_tree_add_bitmask_with_flags(hTree, tvb, offset, hf_mapi_RPC_HEADER_EXT_Flags,
+ ett_mapi_RPC_HEADER_EXT_Flags, mapi_RPC_HEADER_EXT_Flags_fields, DREP_ENC_INTEGER(drep), BMT_NO_FALSE);
+
+ offset = dissect_ndr_uint16(tvb, offset, pinfo, hTree, di, drep, -1, &flags);
+
+ if (!flags)
+ proto_item_append_text(flagItem, ": (No values set)");
+
+ if (flags & (~0x00000007)) {
+ flags &= (~0x00000007);
+ proto_item_append_text(flagItem, "Unknown bitmap value 0x%x", flags);
+ }
+
+ offset = PIDL_dissect_uint16_val(tvb, offset, pinfo, hTree, di, drep, hf_mapi_RPC_HEADER_EXT_Size, 0, &compressedSize);
+ offset = PIDL_dissect_uint16_val(tvb, offset, pinfo, hTree, di, drep, hf_mapi_RPC_HEADER_EXT_SizeActual, 0, &uncompressedSize);
+
+ proto_item_set_len(flagItem, 2);
+
+ if (di->call_data->flags & DCERPC_IS_NDR64) {
+ ALIGN_TO_2_BYTES;
+ }
+
+ bool last = RHEF_Last == (flags & RHEF_Last);
+ bool compressed = RHEF_Compressed == (flags & RHEF_Compressed);
+ bool xored = RHEF_XorMagic == (flags & RHEF_XorMagic);
+
+ if (!last){
+ // TODO: Currently we don't support multiple buffers of RPC_HEADER_EXT.
+ return offset;
+ }
+
+ if (compressed && xored){
+ // TODO: Currently we don't support both compressed and Xored
+ return offset;
+ }
+
+ if (compressed){
+ *ppUncomp_tvb= tvb_child_uncompress_lz77(tvb, tvb, offset, compressedSize);
+ } else if (xored){
+ *ppUncomp_tvb= mapi_deobfuscate(tvb, offset, pinfo, uncompressedSize);
+ } else if (!compressed && !xored) {
+ *ppUncomp_tvb = tvb_new_subset_length(tvb, offset, uncompressedSize);
+ } else {
+ return offset;
+ }
+
+ if (!(*ppUncomp_tvb) || tvb_reported_length(*ppUncomp_tvb) != uncompressedSize) {
+ *ppUncomp_tvb= NULL;
+ return offset;
+ }
+
+ offset += compressedSize;
+
+ proto_item_set_len(rpcItem, offset-old_offset);
+
+ return offset;
+}
+
+int
+mapi_dissect_struct_AuxInfo(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
+{
+ proto_item *item = NULL;
+ proto_tree *tree = NULL;
+ int old_offset= offset;
+ tvbuff_t *uncomp_tvb = NULL;
+
+ ALIGN_TO_4_BYTES;
+
+ if(di->conformant_run){
+ return offset;
+ }
+
+ if (parent_tree) {
+ item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
+ tree = proto_item_add_subtree(item, ett_mapi_AuxInfo);
+ }
+
+ if (di->ptype == PDU_REQ){
+ offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_mapi_AuxInfo_auxInSize, NULL);
+ }
+
+ offset = dissect_RPC_HEADER_EXT(tvb, offset, pinfo, tree, di, drep, di->ptype == PDU_REQ ? hf_mapi_AuxInfo_RpcHeaderExtension : hf_mapi_AuxInfoOut_RpcHeaderExtension, &uncomp_tvb);
+
+ if (!uncomp_tvb) {
+ return offset;
+ }
+
+ proto_item_set_len(item, offset-old_offset);
+
+ add_new_data_source(pinfo, uncomp_tvb, "Decrypted MAPI AuxInfo");
+
+ {
+ tree = proto_tree_add_subtree(tree, uncomp_tvb, 0, tvb_reported_length(uncomp_tvb), ett_mapi_connect_request, NULL, "Decrypted MAPI AuxInfo");
+
+ mapi_dissect_element_AuxInfo_auxHeader(uncomp_tvb, 0, pinfo, tree, di, drep);
+ }
+
+ if (di->call_data->flags & DCERPC_IS_NDR64) {
+ ALIGN_TO_4_BYTES;
+ }
+
+ return offset;
+}
+
+int
+mapi_dissect_RgbInOut(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, dcerpc_info* di, guint8 *drep, int hf_index)
+{
+ proto_item *item = NULL;
+ proto_tree *tree = NULL;
+ int old_offset= offset;
+ tvbuff_t *uncomp_tvb = NULL;
+
+ if (parent_tree) {
+ item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
+ tree = proto_item_add_subtree(item, di->ptype == PDU_REQ ? ett_mapi_RgbIn : ett_mapi_RgbOut);
+ }
+
+ if (di->ptype == PDU_REQ){
+ offset = dissect_ndr_uint3264(tvb, offset, pinfo, tree, di, drep, di->ptype == PDU_REQ ? hf_mapi_RgbInSize : hf_mapi_RgbOutSize, NULL);
+ }
+
+ offset = dissect_RPC_HEADER_EXT(tvb, offset, pinfo, tree, di, drep, di->ptype == PDU_REQ ? hf_mapi_RgbIn_RpcHeaderExtension : hf_mapi_RgbOut_RpcHeaderExtension, &uncomp_tvb);
+
+ if (!uncomp_tvb) {
+ return offset;
+ }
+
+ proto_item_set_len(item, offset-old_offset);
+
+ add_new_data_source(pinfo, uncomp_tvb, di->ptype == PDU_REQ ? "Decrypted MAPI ROPIn PDU" : "Decrypted MAPI ROPOut PDU");
+
+ {
+ int uncompressed_offset= 0;
+ guint16 total_length;
+
+ item = proto_tree_add_item(tree, di->ptype == PDU_REQ ? hf_mapi_RgbIn_ropIn : hf_mapi_RgbOut_ropOut, uncomp_tvb, 0, tvb_reported_length(uncomp_tvb), ENC_NA);
+ tree = proto_item_add_subtree(item, di->ptype == PDU_REQ ? ett_mapi_RgbIn : ett_mapi_RgbOut);
+
+ uncompressed_offset = PIDL_dissect_uint16_val(uncomp_tvb, uncompressed_offset, pinfo, tree, di, drep, di->ptype == PDU_REQ ? hf_mapi_ROPInputBuffer_ropSize : hf_mapi_ROPOutputBuffer_ropSize, 0, &total_length);
+
+ while((guint)(uncompressed_offset) < total_length){
+ if (di->ptype == PDU_REQ){
+ uncompressed_offset = mapi_dissect_struct_RopInput(uncomp_tvb, uncompressed_offset,pinfo,tree,di,drep,hf_mapi_ROPInputBuffer_rop,0);
+ } else {
+ uncompressed_offset = mapi_dissect_struct_RopOutput(uncomp_tvb, uncompressed_offset,pinfo,tree,di,drep,hf_mapi_ROPOutputBuffer_rop,0);
+ }
+ }
+ }
+
+ ALIGN_TO_5_BYTES
+
+ return offset;
+}
+
+
+int
+mapi_dissect_struct_RgbIn(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, dcerpc_info* di, guint8 *drep, int hf_index, guint32 param _U_)
+{
+ return mapi_dissect_RgbInOut(tvb, offset, pinfo, parent_tree, di, drep, hf_index);
+}
+
+int
+dissect_EcDoRpcExt2_RgbOut(tvbuff_t *tvb _U_, int offset _U_, int length _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+ if (length == 0){
+ return offset;
+ }
+ return mapi_dissect_struct_RgbOut(tvb, offset, pinfo, parent_tree, di, drep, hf_mapi_mapi_EcDoRpcExt2_rgbOut, 0);
+}
+
+static int
+mapi_dissect_element_EcDoRpcExt2_rgbOut_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+ return dissect_ndr_ucvarray_block(tvb, offset, pinfo, tree, di, drep, &dissect_EcDoRpcExt2_RgbOut);
+}
+
+int
+dissect_EcDoRpcExt_RgbOut(tvbuff_t *tvb _U_, int offset _U_, int length _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+ if (length == 0){
+ return offset;
+ }
+ return mapi_dissect_struct_RgbOut(tvb, offset, pinfo, parent_tree, di, drep, hf_mapi_mapi_EcDoRpcExt_rgbOut, 0);
+}
+
+static int
+mapi_dissect_element_EcDoRpcExt_rgbOut_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
+{
+ return dissect_ndr_ucvarray_block(tvb, offset, pinfo, tree, di, drep, &dissect_EcDoRpcExt_RgbOut);
+}
+
+int
+mapi_dissect_struct_RgbOut(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
+{
+ return mapi_dissect_RgbInOut(tvb, offset, pinfo, parent_tree, di, drep, hf_index);
+}
+
+CODE END \ No newline at end of file
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-29 19:33:37 +0000