1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
NOEMIT CommPktChunkCtr
NOEMIT CommPktChangeOrderCommand.file_name
ETT_FIELD ett_ChunkCtr
HF_FIELD hf_frsrpc_CommPktChangeOrderCommand_file_name "File Name" "frsrpc.CommPktChangeOrderCommand.file_name" FT_STRING BASE_NONE NULL 0 "" "" ""
HF_FIELD hf_CommPktChunk "Chunk" "frsrpc.chunk.ctr.chunk" FT_NONE BASE_NONE NULL 0 "" "" ""
MANUAL frsrpc_dissect_struct_frsrpc_CommPktChunkCtr
MANUAL frsrpc_dissect_element_CommPktChangeOrderCommand_file_name
MANUAL frsrpc_dissect_enum_CommPktCommand
MANUAL frsrpc_dissect_struct_CommPktChunk
CODE START
static int
frsrpc_dissect_element_CommPktChangeOrderCommand_file_name(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di, uint8_t *drep _U_)
{
int conformant = di->conformant_run;
if (!conformant) {
uint32_t soffset = dissect_null_term_wstring(tvb, offset, pinfo, tree, drep, hf_frsrpc_CommPktChangeOrderCommand_file_name, 0);
/* The difference has to be 4 due to the uint16 of the length + null terminator utf16*/
DISSECTOR_ASSERT(soffset - offset < 261);
offset += 261;
}
return offset;
}
int
frsrpc_dissect_struct_CommPktChunk(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di, uint8_t *drep _U_, int hf_index _U_, uint32_t param _U_)
{
uint1632_t type = 0;
int i = 0;
const char *s = NULL;
proto_item *item = NULL;
proto_tree *tree = NULL;
int old_offset;
old_offset = offset;
if (parent_tree) {
item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
tree = proto_item_add_subtree(item, ett_frsrpc_frsrpc_CommPktChunk);
}
offset = frsrpc_dissect_element_CommPktChunk_type(tvb, offset, pinfo, tree, di, drep, &type);
offset = frsrpc_dissect_element_CommPktChunk_data(tvb, offset, pinfo, tree, di, drep, &type);
for (i=0; frsrpc_frsrpc_CommPktChunkType_vals[i].strptr; i++) {
if (frsrpc_frsrpc_CommPktChunkType_vals[i].value == type) {
s = frsrpc_frsrpc_CommPktChunkType_vals[i].strptr;
}
}
if (s != NULL) {
proto_item_append_text(item, ", type = %s", s);
}
proto_item_set_len(item, offset-old_offset);
if (di->call_data->flags & DCERPC_IS_NDR64) {
ALIGN_TO_3_BYTES;
}
return offset;
}
int
frsrpc_dissect_enum_CommPktCommand(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di, uint8_t *drep _U_, int hf_index _U_, uint32_t *param _U_)
{
uint32_t parameter=0;
int i = 0;
const char *s = NULL;
if(param){
parameter=(uint32_t)*param;
}
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_index, ¶meter);
for (i=0; frsrpc_frsrpc_CommPktCommand_vals[i].strptr != NULL; i++) {
if (frsrpc_frsrpc_CommPktCommand_vals[i].value == parameter) {
s = frsrpc_frsrpc_CommPktCommand_vals[i].strptr;
}
}
if (s!= NULL)
col_append_fstr(pinfo->cinfo, COL_INFO, ",command = %s",
s);
if(param){
*param=(uint32_t)parameter;
}
return offset;
}
static int
frsrpc_dissect_struct_frsrpc_CommPktChunkCtr(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, uint8_t *drep _U_, int hf_index, uint32_t param _U_)
{
uint32_t remaining = tvb_reported_length_remaining(tvb, offset);
int align_status = di->no_align;
if (remaining > 0) {
proto_item *item = proto_tree_add_item(tree, hf_index, tvb, offset, -1, ENC_NA);
proto_tree *subtree = proto_item_add_subtree(item, ett_ChunkCtr);
di->no_align = 1;
while (remaining > 0) {
offset = frsrpc_dissect_struct_CommPktChunk(tvb, offset, pinfo, subtree, di, drep, hf_CommPktChunk, param);
remaining = tvb_reported_length_remaining(tvb, offset);
}
di->no_align = align_status;
}
return offset;
}
CODE END
|