1 /* packet-dcom-sysact.c
2 * Routines for the ISystemActivator interface
3 * Copyright 2004, Jelmer Vernooij <jelmer@samba.org>
4 * Copyright 2012, Litao Gao <ltgao@juniper.net>
5 *
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
9 *
10 * SPDX-License-Identifier: GPL-2.0-or-later
11 */
12
13 #include "config.h"
14
15 #include <epan/packet.h>
16 #include "packet-dcerpc.h"
17 #include "packet-dcom.h"
18
19 void proto_register_ISystemActivator(void);
20 void proto_reg_handoff_ISystemActivator(void);
21
22 static int proto_ISystemActivator = -1;
23
24 static gint ett_isystemactivator = -1;
25 static int hf_opnum = -1;
26 static int hf_sysact_actproperties = -1;
27 /* static int hf_sysact_unknown = -1; */
28
29 static gint ett_actproperties = -1;
30 static int hf_sysact_totalsize = -1;
31 static int hf_sysact_res = -1;
32
33 static gint ett_commonheader = -1;
34 static gint ett_propguids = -1;
35 static gint ett_properties = -1;
36 static int hf_sysact_customhdrsize = -1;
37 static int hf_sysact_dstctx = -1;
38 static int hf_sysact_actpropnumber = -1;
39 static int hf_sysact_actpropclsinfoid = -1;
40 /* static int hf_sysact_actpropclsids = -1; */
41 static int hf_sysact_actpropclsid = -1;
42 /* static int hf_sysact_actpropsizes = -1; */
43 static int hf_sysact_actpropsize = -1;
44
45
46 static gint ett_dcom_spclsysprop = -1;
47 static gint ett_dcom_reserved = -1;
48 static int hf_sysact_spsysprop_sid = -1;
49 static int hf_sysact_spsysprop_remotethissid = -1;
50 static int hf_sysact_spsysprop_cltimpersonating = -1;
51 static int hf_sysact_spsysprop_partitionid = -1;
52 static int hf_sysact_spsysprop_defauthlvl = -1;
53 static int hf_sysact_spsysprop_partition = -1;
54 static int hf_sysact_spsysprop_procrqstflgs = -1;
55 static int hf_sysact_spsysprop_origclsctx = -1;
56 static int hf_sysact_spsysprop_flags = -1;
57 /* static int hf_sysact_spsysprop_procid = -1; */
58 /* static int hf_sysact_spsysprop_hwnd = -1; */
59
60 static gint ett_dcom_instantianinfo = -1;
61 static int hf_sysact_instninfo_clsid = -1;
62 static int hf_sysact_instninfo_clsctx = -1;
63 static int hf_sysact_instninfo_actflags = -1;
64 static int hf_sysact_instninfo_issurrogate = -1;
65 static int hf_sysact_instninfo_iidcount = -1;
66 static int hf_sysact_instninfo_instflags = -1;
67 static int hf_sysact_instninfo_entiresize = -1;
68 static int hf_sysact_instninfo_iid = -1;
69
70 static gint ett_dcom_actctxinfo = -1;
71 static int hf_sysact_actctxinfo_cltok = -1;
72 static int hf_sysact_context = -1;
73
74 static gint ett_dcom_context = -1;
75 static int hf_sysact_ctx_id = -1;
76 static int hf_sysact_ctx_flags = -1;
77 static int hf_sysact_ctx_res = -1;
78 static int hf_sysact_ctx_numextents = -1;
79 static int hf_sysact_ctx_extentscnt = -1;
80 static int hf_sysact_ctx_mashflags = -1;
81 static int hf_sysact_ctx_count = -1;
82 static int hf_sysact_ctx_frozen = -1;
83
84 static gint ett_dcom_securityinfo = -1;
85 static int hf_sysact_si_authflalgs = -1;
86 static int hf_sysact_si_ci_res = -1;
87 static int hf_sysact_si_ci_string = -1;
88 static int hf_sysact_si_serverinfo = -1;
89
90 static gint ett_dcom_locationinfo = -1;
91 static int hf_sysact_li_string = -1;
92 static int hf_sysact_li_procid = -1;
93 static int hf_sysact_li_apartid = -1;
94 static int hf_sysact_li_ctxid = -1;
95
96 static gint ett_dcom_scmrqstinfo = -1;
97 static gint ett_dcom_rmtrqst = -1;
98
99 static int hf_sysact_sri_cltimplvl = -1;
100 static int hf_sysact_sri_protseqnum = -1;
101 static int hf_sysact_sri_protseq = -1;
102
103 static gint ett_dcom_propsoutput = -1;
104 static int hf_sysact_pi_ifnum = -1;
105 static int hf_sysact_pi_retval = -1;
106 static int hf_sysact_pi_interf = -1;
107 static int hf_sysact_pi_iid = -1;
108
109 static gint ett_dcom_scmrespinfo = -1;
110 static gint ett_dcom_rmtresp = -1;
111 static gint ett_dcom_oxidbinding = -1;
112 static int hf_sysact_scmri_rmtunknid = -1;
113 static int hf_sysact_scmri_authhint = -1;
114 static int hf_sysact_scmri_binding = -1;
115 static int hf_sysact_scmri_oxid = -1;
116 static int hf_sysact_unused_buffer = -1;
117
118 static gint ett_typeszcommhdr = -1;
119 static gint ett_typeszprivhdr = -1;
120 static int hf_typeszch = -1;
121 static int hf_typeszph = -1;
122 static int hf_typesz_ver = -1;
123 static int hf_typesz_endianness = -1;
124 static int hf_typesz_commhdrlen = -1;
125 static int hf_typesz_filler = -1;
126 static int hf_typesz_buflen = -1;
127
128 static e_guid_t uuid_ISystemActivator = { 0x000001a0, 0x0000, 0x0000, { 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46 } };
129 static guint16 ver_ISystemActivator = 0;
130
131 /*static e_guid_t clsid_ActivationPropertiesIn = { 0x00000338, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };*/
132 /*static e_guid_t clsid_ActivationPropertiesOut = { 0x00000339, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };*/
133 static e_guid_t iid_ActivationPropertiesIn = { 0x000001a2, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
134 static e_guid_t iid_ActivationPropertiesOut = { 0x000001a3, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
135
136 static e_guid_t clsid_SpecialSystemProperties = { 0x000001b9, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
137 static e_guid_t clsid_InstantiationInfo = { 0x000001ab, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
138 static e_guid_t clsid_ActivationContextInfo = { 0x000001a5, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
139 static e_guid_t clsid_ContextMarshaler = { 0x0000033b, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
140 static e_guid_t clsid_SecurityInfo = { 0x000001a6, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
141 static e_guid_t clsid_ServerLocationInfo = { 0x000001a4, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
142 static e_guid_t clsid_ScmRequestInfo = { 0x000001aa, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
143 static e_guid_t clsid_PropsOutInfo = { 0x00000339, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
144 static e_guid_t clsid_ScmReplyInfo = { 0x000001b6, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
145 /*static e_guid_t clsid_InstanceInfo = { 0x000001ad, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };*/
146
147
148 static const value_string instninfo_actflags[] = {
149 { 0x00000002, "ACTVFLAGS_DISABLE_AAA" },
150 { 0x00000004, "ACTVFLAGS_ACTIVATE_32_BIT_SERVER" },
151 { 0x00000008, "ACTVFLAGS_ACTIVATE_64_BIT_SERVER" },
152 { 0x00000020, "ACTVFLAGS_NO_FAILURE_LOG" },
153 { 0, NULL }
154 };
155
156 static const value_string boolean_flag_vals[] = {
157 { 0x00000001, "TRUE" },
158 { 0x00000000, "FALSE" },
159 { 0, NULL }
160 };
161
162 static const value_string dcom_context_flag_vals[] = {
163 { 0x00000002, "MarshalByValue" },
164 { 0, NULL }
165 };
166
167 static const value_string ts_endian_vals[] = {
168 { 0x10, "Little-endian" },
169 { 0x00, "Big-endian" },
170 { 0, NULL }
171 };
172
173 /* MS-DCOM 2.2.28.1 */
174 #define MIN_ACTPROP_LIMIT 1
175 #define MAX_ACTPROP_LIMIT 10
176
177 typedef struct property_guids {
178 e_guid_t guid[MAX_ACTPROP_LIMIT];
179 guint32 size[MAX_ACTPROP_LIMIT];
180 guint32 id_idx;
181 guint32 size_idx;
182 } property_guids_t;
183
184 /* Type Serialization Version 1 */
185 static int
dissect_TypeSzCommPrivHdr(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)186 dissect_TypeSzCommPrivHdr(tvbuff_t *tvb, gint offset, packet_info *pinfo,
187 proto_tree *tree, dcerpc_info *di, guint8 *drep)
188 {
189 proto_item *sub_item;
190 proto_tree *sub_tree;
191 guint8 drep_tmp;
192 guint8 endian = 0x10;
193 gint old_offset;
194
195 /* Common Header use little endian */
196 sub_item = proto_tree_add_item(tree, hf_typeszch, tvb, offset, 0, ENC_NA);
197 sub_tree = proto_item_add_subtree(sub_item, ett_typeszcommhdr);
198
199 old_offset = offset;
200 offset = dissect_dcom_BYTE(tvb, offset, pinfo, sub_tree, di, drep,
201 hf_typesz_ver, NULL);
202
203 offset = dissect_dcom_BYTE(tvb, offset, pinfo, sub_tree, di, drep,
204 hf_typesz_endianness, &endian);
205 if (endian == 0x10)
206 *drep = DREP_LITTLE_ENDIAN;
207 else
208 *drep &= ~DREP_LITTLE_ENDIAN;
209
210 drep_tmp = DREP_LITTLE_ENDIAN;
211 offset = dissect_dcom_WORD(tvb, offset, pinfo, sub_tree, di, &drep_tmp,
212 hf_typesz_commhdrlen, NULL);
213 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, &drep_tmp,
214 hf_typesz_filler, NULL);
215 proto_item_set_len(sub_item, offset - old_offset);
216
217 /* Private Header */
218 old_offset = offset;
219 sub_item = proto_tree_add_item(tree, hf_typeszph, tvb, offset, 0, ENC_NA);
220 sub_tree = proto_item_add_subtree(sub_item, ett_typeszprivhdr);
221 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
222 hf_typesz_buflen, NULL);
223 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
224 hf_typesz_filler, NULL);
225 proto_item_set_len(sub_item, offset - old_offset);
226
227 return offset;
228 }
229
230
231
232 static int
dissect_dcom_Property_Guid(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)233 dissect_dcom_Property_Guid(tvbuff_t *tvb, gint offset, packet_info *pinfo,
234 proto_tree *tree, dcerpc_info *di, guint8 *drep)
235 {
236 property_guids_t *pg;
237
238 pg = (property_guids_t*)di->private_data;
239
240 if (pg->id_idx < MAX_ACTPROP_LIMIT) {
241 offset = dissect_dcom_UUID(tvb, offset, pinfo, tree, di, drep,
242 hf_sysact_actpropclsid, &pg->guid[pg->id_idx++]);
243 }
244 else {
245 /* TODO: expert info */
246 tvb_ensure_bytes_exist(tvb, offset, 16);
247 offset += 16;
248 }
249
250 return offset;
251 }
252
253 static int
dissect_dcom_ActivationPropertiesCustomerHdr_PropertyGuids(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)254 dissect_dcom_ActivationPropertiesCustomerHdr_PropertyGuids(tvbuff_t *tvb, gint offset,
255 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
256 {
257 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep, dissect_dcom_Property_Guid);
258 return offset;
259 }
260
261 static int
dissect_dcom_Property_Size(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)262 dissect_dcom_Property_Size(tvbuff_t *tvb, gint offset, packet_info *pinfo,
263 proto_tree *tree, dcerpc_info *di, guint8 *drep)
264 {
265 property_guids_t *pg;
266
267 pg = (property_guids_t*)di->private_data;
268
269 if (pg->size_idx < MAX_ACTPROP_LIMIT) {
270 offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, di, drep,
271 hf_sysact_actpropsize, &pg->size[pg->size_idx++]);
272 }
273 else {
274 /* TODO: expert info */
275 tvb_ensure_bytes_exist(tvb, offset, 4);
276 offset += 4;
277 }
278
279 return offset;
280 }
281
282 static int
dissect_dcom_ActivationPropertiesCustomerHdr_PropertySizes(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)283 dissect_dcom_ActivationPropertiesCustomerHdr_PropertySizes(tvbuff_t *tvb, gint offset,
284 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
285 {
286 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep, dissect_dcom_Property_Size);
287 return offset;
288 }
289
290 static int
dissect_dcom_ActivationPropertiesCustomerHdr(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)291 dissect_dcom_ActivationPropertiesCustomerHdr(tvbuff_t *tvb, gint offset, packet_info *pinfo,
292 proto_tree *tree, dcerpc_info *di, guint8 *drep)
293 {
294 guint32 u32TotalSize;
295 guint32 u32CustomHdrSize;
296 guint32 u32ActPropNumber;
297 gint old_offset;
298
299 proto_item *sub_item;
300 proto_tree *sub_tree;
301
302 sub_tree = proto_tree_add_subtree(tree, tvb, offset, 0, ett_commonheader, &sub_item, "CustomHeader");
303
304 old_offset = offset;
305 offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di, drep);
306
307 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
308 hf_sysact_totalsize, &u32TotalSize);
309 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
310 hf_sysact_customhdrsize, &u32CustomHdrSize);
311 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
312 hf_sysact_res, NULL);
313 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
314 hf_sysact_dstctx, NULL);
315 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
316 hf_sysact_actpropnumber, &u32ActPropNumber);
317 offset = dissect_dcom_UUID(tvb, offset, pinfo, sub_tree, di, drep,
318 hf_sysact_actpropclsinfoid, NULL);
319
320 /* ClsIdPtr, SizesPtr */
321 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
322 dissect_dcom_ActivationPropertiesCustomerHdr_PropertyGuids, NDR_POINTER_UNIQUE,
323 "ClsIdPtr",hf_sysact_actpropclsid);
324 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
325 dissect_dcom_ActivationPropertiesCustomerHdr_PropertySizes, NDR_POINTER_UNIQUE,
326 "ClsSizesPtr",hf_sysact_actpropclsid);
327 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
328 NULL, NDR_POINTER_UNIQUE, "OpaqueDataPtr: Pointer To NULL", 0);
329
330 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
331 proto_item_set_len(sub_item, offset - old_offset);
332
333 return offset;
334 }
335
336
337 static int
dissect_dcom_ActivationProperty(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep,e_guid_t * clsid,gint size)338 dissect_dcom_ActivationProperty(tvbuff_t *tvb, gint offset, packet_info *pinfo,
339 proto_tree *tree, dcerpc_info *di, guint8 *drep, e_guid_t *clsid, gint size)
340 {
341 dcom_dissect_fn_t routine = NULL;
342
343 /* the following data depends on the clsid, get the routine by clsid */
344 routine = dcom_get_routine_by_uuid(clsid);
345 if (routine){
346 offset = routine(tvb, offset, pinfo, tree, di, drep, size);
347 }
348
349 return offset;
350 }
351
352
353
354 static int
dissect_dcom_ActivationPropertiesBody(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)355 dissect_dcom_ActivationPropertiesBody(tvbuff_t *tvb, gint offset, packet_info *pinfo,
356 proto_tree *tree, dcerpc_info *di, guint8 *drep)
357 {
358 gint old_offset;
359
360 proto_item *sub_item;
361 proto_tree *sub_tree;
362 property_guids_t *pg;
363 guint32 i;
364 guint32 min_idx;
365
366 pg = (property_guids_t*)di->private_data;
367
368 if (pg->id_idx == pg->size_idx) {
369 min_idx = pg->id_idx;
370 }
371 else {
372 /* TODO: expert info */
373 min_idx = MIN(pg->id_idx, pg->size_idx);
374 }
375
376 sub_tree = proto_tree_add_subtree(tree, tvb, offset, 0, ett_properties, &sub_item, "Properties");
377
378 old_offset = offset;
379 for (i = 0; i < min_idx; i++) {
380 offset = dissect_dcom_ActivationProperty(tvb, offset, pinfo, sub_tree, di, drep,
381 &pg->guid[i], pg->size[i]);
382 }
383 proto_item_set_len(sub_item, offset - old_offset);
384
385 return offset;
386 }
387
388 static int
dissect_dcom_ActivationProperties(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep,gint size _U_)389 dissect_dcom_ActivationProperties(tvbuff_t *tvb, gint offset, packet_info *pinfo,
390 proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size _U_)
391 {
392 proto_item *sub_item;
393 proto_tree *sub_tree;
394 property_guids_t *old_pg = NULL;
395
396 guint32 u32TotalSize;
397 guint32 u32Res;
398
399 sub_item = proto_tree_add_item(tree, hf_sysact_actproperties, tvb, offset, 0, ENC_NA);
400 sub_tree = proto_item_add_subtree(sub_item, ett_actproperties);
401
402 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
403 hf_sysact_totalsize, &u32TotalSize);
404 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
405 hf_sysact_res, &u32Res);
406
407 old_pg = (property_guids_t*)di->private_data;
408 di->private_data = wmem_new0(pinfo->pool, property_guids_t);
409
410 offset = dissect_dcom_ActivationPropertiesCustomerHdr(tvb, offset, pinfo, sub_tree, di, drep);
411 offset = dissect_dcom_ActivationPropertiesBody(tvb, offset, pinfo, sub_tree, di, drep);
412
413 di->private_data = old_pg;
414
415 return offset;
416 }
417
418 static int
dissect_dcom_ContextMarshaler(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep,gint size _U_)419 dissect_dcom_ContextMarshaler(tvbuff_t *tvb, gint offset, packet_info *pinfo,
420 proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size _U_)
421 {
422 proto_item *sub_item;
423 proto_tree *sub_tree;
424 gint old_offset;
425
426 guint32 u32Count;
427
428 old_offset = offset;
429 sub_tree = proto_tree_add_subtree(tree, tvb, offset, 0, ett_dcom_context, &sub_item, "Context");
430
431 offset = dissect_dcom_COMVERSION(tvb, offset, pinfo, sub_tree, di, drep,
432 NULL, NULL);
433 offset = dissect_dcom_UUID(tvb, offset, pinfo, sub_tree, di, drep,
434 hf_sysact_ctx_id, NULL);
435 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
436 hf_sysact_ctx_flags, NULL);
437 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
438 hf_sysact_ctx_res, NULL);
439 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
440 hf_sysact_ctx_numextents, NULL);
441 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
442 hf_sysact_ctx_extentscnt, NULL);
443 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
444 hf_sysact_ctx_mashflags, NULL);
445 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
446 hf_sysact_ctx_count, &u32Count);
447 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
448 hf_sysact_ctx_frozen, NULL);
449
450 if (u32Count) {
451 /*PropMarshalHeader array*/
452 /*TBD*/
453 }
454
455 proto_item_set_len(sub_item, offset - old_offset);
456
457 return offset;
458 }
459
460 static int
dissect_dcom_SpecialSystemProperties(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep,gint size)461 dissect_dcom_SpecialSystemProperties(tvbuff_t *tvb, gint offset, packet_info *pinfo,
462 proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size)
463 {
464 proto_tree *sub_tree, *tr;
465 gint old_offset, len, i;
466
467 old_offset = offset;
468
469 if (size <= 0) {
470 /* TODO: expert info */
471 size = -1;
472 }
473
474 sub_tree = proto_tree_add_subtree(tree, tvb, offset, size, ett_dcom_spclsysprop, NULL, "SpecialSystemProperties");
475
476 offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di, drep);
477
478 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
479 hf_sysact_spsysprop_sid, NULL);
480 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
481 hf_sysact_spsysprop_remotethissid, NULL);
482 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
483 hf_sysact_spsysprop_cltimpersonating, NULL);
484 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
485 hf_sysact_spsysprop_partitionid, NULL);
486 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
487 hf_sysact_spsysprop_defauthlvl, NULL);
488 offset = dissect_dcom_UUID(tvb, offset, pinfo, sub_tree, di, drep,
489 hf_sysact_spsysprop_partition, NULL);
490 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
491 hf_sysact_spsysprop_procrqstflgs, NULL);
492 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
493 hf_sysact_spsysprop_origclsctx, NULL);
494 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
495 hf_sysact_spsysprop_flags, NULL);
496 /*
497 *
498 * offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
499 * hf_sysact_spsysprop_procid, NULL);
500 * offset = dissect_dcom_I8(tvb, offset, pinfo, sub_tree, drep,
501 * hf_sysact_spsysprop_hwnd, NULL);
502 *
503 */
504 tr = proto_tree_add_subtree(sub_tree, tvb, offset, sizeof(guint32)*8,
505 ett_dcom_reserved, NULL, "Reserved: 8 DWORDs");
506 for (i = 0; i < 8; i++) {
507 offset = dissect_dcom_DWORD(tvb, offset, pinfo, tr, di, drep,
508 hf_sysact_res, NULL);
509 }
510
511 len = offset - old_offset;
512 if (size < len) {
513 /* TODO expert info */
514 size = len;
515 }
516 else if (size > len) {
517 proto_tree_add_item(sub_tree, hf_sysact_unused_buffer, tvb, offset, size - len, ENC_NA);
518 }
519
520 offset = old_offset + size;
521 return offset;
522 }
523
524 static int
dissect_dcom_InterfaceId(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)525 dissect_dcom_InterfaceId(tvbuff_t *tvb, gint offset, packet_info *pinfo,
526 proto_tree *tree, dcerpc_info *di, guint8 *drep)
527 {
528 offset = dissect_dcom_UUID(tvb, offset, pinfo, tree, di, drep,
529 hf_sysact_instninfo_iid, NULL);
530 return offset;
531 }
532
533 static int
dissect_InstantiationInfoIids(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)534 dissect_InstantiationInfoIids(tvbuff_t *tvb, gint offset,
535 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
536 {
537 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep,
538 dissect_dcom_InterfaceId);
539
540 return offset;
541 }
542
543 static int
dissect_dcom_InstantiationInfo(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep,gint size)544 dissect_dcom_InstantiationInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
545 proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size)
546 {
547 proto_tree *sub_tree;
548 gint old_offset, len;
549
550 old_offset = offset;
551
552 if (size <= 0) {
553 /* TODO: expert info */
554 size = -1;
555 }
556
557 sub_tree = proto_tree_add_subtree(tree, tvb, offset, size, ett_dcom_instantianinfo, NULL, "InstantiationInfo");
558
559 offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di, drep);
560
561 offset = dissect_dcom_UUID(tvb, offset, pinfo, sub_tree, di, drep,
562 hf_sysact_instninfo_clsid, NULL);
563 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
564 hf_sysact_instninfo_clsctx, NULL);
565 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
566 hf_sysact_instninfo_actflags, NULL);
567 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
568 hf_sysact_instninfo_issurrogate, NULL);
569 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
570 hf_sysact_instninfo_iidcount, NULL);
571 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
572 hf_sysact_instninfo_instflags, NULL);
573
574 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
575 dissect_InstantiationInfoIids, NDR_POINTER_UNIQUE,
576 "InterfaceIdsPtr", -1);
577
578 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
579 hf_sysact_instninfo_entiresize, NULL);
580 offset = dissect_dcom_COMVERSION(tvb, offset, pinfo, sub_tree, di, drep,
581 NULL, NULL);
582
583 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
584
585 len = offset - old_offset;
586 if (size < len) {
587 /* TODO expert info */
588 size = len;
589 }
590 else if (size > len) {
591 proto_tree_add_item(sub_tree, hf_sysact_unused_buffer, tvb, offset, size - len, ENC_NA);
592 }
593
594 offset = old_offset + size;
595 return offset;
596 }
597
598 static int
dissect_ActCtxInfo_PropCtx(tvbuff_t * tvb _U_,gint offset,packet_info * pinfo _U_,proto_tree * tree _U_,dcerpc_info * di _U_,guint8 * drep _U_)599 dissect_ActCtxInfo_PropCtx(tvbuff_t *tvb _U_, gint offset,
600 packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info *di _U_, guint8 *drep _U_)
601 {
602 /*TBD*/
603 return offset;
604 }
605
606
607 static int
dissect_ActCtxInfo_CltCtx(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)608 dissect_ActCtxInfo_CltCtx(tvbuff_t *tvb, gint offset,
609 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
610 {
611 if (di->conformant_run) {
612 return offset;
613 }
614
615 offset = dissect_dcom_MInterfacePointer(tvb, offset, pinfo, tree, di, drep,
616 hf_sysact_context, NULL);
617 return offset;
618 }
619
620 static int
dissect_dcom_ActivationContextInfo(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep,gint size)621 dissect_dcom_ActivationContextInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
622 proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size)
623 {
624 proto_tree *sub_tree;
625 gint old_offset, len;
626
627 old_offset = offset;
628
629 if (size <= 0) {
630 /* TODO: expert info */
631 size = -1;
632 }
633
634 sub_tree = proto_tree_add_subtree(tree, tvb, offset, size, ett_dcom_actctxinfo, NULL, "ActivationContextInfo");
635
636 offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di, drep);
637
638 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
639 hf_sysact_actctxinfo_cltok, NULL);
640 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
641 hf_sysact_res, NULL);
642 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
643 hf_sysact_res, NULL);
644 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
645 hf_sysact_res, NULL);
646
647 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
648 dissect_ActCtxInfo_CltCtx, NDR_POINTER_UNIQUE,
649 "ClientPtr", -1);
650 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
651 dissect_ActCtxInfo_PropCtx, NDR_POINTER_UNIQUE,
652 "PrototypePtr", -1);
653 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
654
655 len = offset - old_offset;
656 if (size < len) {
657 /* TODO expert info */
658 size = len;
659 }
660 else if (size > len) {
661 proto_tree_add_item(sub_tree, hf_sysact_unused_buffer, tvb, offset, size - len, ENC_NA);
662 }
663
664 offset = old_offset + size;
665 return offset;
666 }
667
668
669 static int
dissect_dcom_COSERVERINFO(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep,int hfindex)670 dissect_dcom_COSERVERINFO(tvbuff_t *tvb, gint offset,
671 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex)
672 {
673 proto_item *sub_item;
674 proto_tree *sub_tree;
675 gint old_offset;
676
677 if (di->conformant_run) {
678 return offset;
679 }
680
681 sub_item = proto_tree_add_item(tree, hfindex, tvb, offset, 0, ENC_NA);
682 sub_tree = proto_item_add_subtree(sub_item, ett_dcom_securityinfo);
683
684 old_offset = offset;
685 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
686 hf_sysact_si_ci_res, NULL);
687 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
688 dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE, "Name(wstring)",
689 hf_sysact_si_ci_string);
690 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
691 NULL, NDR_POINTER_UNIQUE, "AuthInfoPtr", -1);
692 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
693 hf_sysact_si_ci_res, NULL);
694
695 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
696
697 proto_item_set_len(sub_item, offset - old_offset);
698
699 return offset;
700 }
701
702 static int
dissect_dcom_SI_ServerInfo(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)703 dissect_dcom_SI_ServerInfo(tvbuff_t *tvb, gint offset,
704 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
705 {
706 offset = dissect_dcom_COSERVERINFO(tvb, offset, pinfo, tree, di, drep,
707 hf_sysact_si_serverinfo);
708 return offset;
709 }
710
711 static int
dissect_dcom_SecurtiyInfo(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep,gint size)712 dissect_dcom_SecurtiyInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
713 proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size)
714 {
715 proto_tree *sub_tree;
716 gint old_offset, len;
717
718 old_offset = offset;
719
720 if (size <= 0) {
721 /* TODO: expert info */
722 size = -1;
723 }
724
725 sub_tree = proto_tree_add_subtree(tree, tvb, offset, size, ett_dcom_securityinfo, NULL, "SecurityInfo");
726
727 offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di ,drep);
728
729 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
730 hf_sysact_si_authflalgs, NULL);
731 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
732 dissect_dcom_SI_ServerInfo, NDR_POINTER_UNIQUE, "ServerInfoPtr", -1);
733 /*This SHOULD be NULL and MUST be ignored on receipt*/
734 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
735 NULL, NDR_POINTER_UNIQUE, "ReservedPtr", -1);
736 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
737
738 len = offset - old_offset;
739 if (size < len) {
740 /* TODO expert info */
741 size = len;
742 }
743 else if (size > len) {
744 proto_tree_add_item(sub_tree, hf_sysact_unused_buffer, tvb, offset, size - len, ENC_NA);
745 }
746
747 offset = old_offset + size;
748 return offset;
749 }
750
751 static int
dissect_dcom_LocationInfo(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep,gint size)752 dissect_dcom_LocationInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
753 proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size)
754 {
755 proto_tree *sub_tree;
756 gint old_offset, len;
757
758 old_offset = offset;
759
760 if (size <= 0) {
761 /* TODO: expert info */
762 size = -1;
763 }
764
765 sub_tree = proto_tree_add_subtree(tree, tvb, offset, size, ett_dcom_locationinfo, NULL, "LocationInfo");
766
767 offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di, drep);
768
769 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
770 dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE, "MachineNamePtr",
771 hf_sysact_li_string);
772
773 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
774 hf_sysact_li_procid, NULL);
775 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
776 hf_sysact_li_apartid, NULL);
777 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
778 hf_sysact_li_ctxid, NULL);
779
780 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
781
782 len = offset - old_offset;
783 if (size < len) {
784 /* TODO expert info */
785 size = len;
786 }
787 else if (size > len) {
788 proto_tree_add_item(sub_tree, hf_sysact_unused_buffer, tvb, offset, size - len, ENC_NA);
789 }
790
791 offset = old_offset + size;
792
793 return offset;
794 }
795
796 static int
dissect_dcom_ProtoSeq(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)797 dissect_dcom_ProtoSeq(tvbuff_t *tvb, gint offset, packet_info *pinfo,
798 proto_tree *tree, dcerpc_info *di, guint8 *drep)
799 {
800 offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, di, drep,
801 hf_sysact_sri_protseq, NULL);
802
803 return offset;
804 }
805
806 static int
dissect_dcom_ProtoSeqArray(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)807 dissect_dcom_ProtoSeqArray(tvbuff_t *tvb, gint offset,
808 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
809 {
810 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep,
811 dissect_dcom_ProtoSeq);
812 return offset;
813 }
814
815 static int
dissect_dcom_customREMOTE_REQUEST_SCM_INFO(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)816 dissect_dcom_customREMOTE_REQUEST_SCM_INFO(tvbuff_t *tvb, gint offset,
817 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
818 {
819 proto_item *sub_item;
820 proto_tree *sub_tree;
821 gint old_offset;
822
823 if (di->conformant_run) {
824 return offset;
825 }
826
827 sub_tree = proto_tree_add_subtree(tree, tvb, offset, 0, ett_dcom_rmtrqst, &sub_item, "RemoteRequest");
828
829 old_offset = offset;
830 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
831 hf_sysact_sri_cltimplvl, NULL);
832 offset = dissect_dcom_WORD(tvb, offset, pinfo, sub_tree, di, drep,
833 hf_sysact_sri_protseqnum, NULL);
834 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
835 dissect_dcom_ProtoSeqArray, NDR_POINTER_UNIQUE, "ProtocolSeqsArrayPtr", -1);
836 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
837
838 proto_item_set_len(sub_item, offset - old_offset);
839
840 return offset;
841 }
842
843 static int
dissect_dcom_ScmRqstInfo(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep,gint size)844 dissect_dcom_ScmRqstInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
845 proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size)
846 {
847 proto_tree *sub_tree;
848 gint old_offset, len;
849
850 old_offset = offset;
851
852 if (size <= 0) {
853 /* TODO: expert info */
854 size = -1;
855 }
856
857 sub_tree = proto_tree_add_subtree(tree, tvb, offset, size, ett_dcom_scmrqstinfo, NULL, "ScmRequestInfo");
858
859 offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di, drep);
860
861 /*This MUST be set to NULL and MUST be ignored on receipt*/
862 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
863 NULL, NDR_POINTER_UNIQUE, "Ptr", -1);
864 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
865 dissect_dcom_customREMOTE_REQUEST_SCM_INFO, NDR_POINTER_UNIQUE,
866 "RemoteRequestPtr", -1);
867 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
868
869 len = offset - old_offset;
870 if (size < len) {
871 /* TODO expert info */
872 size = len;
873 }
874 else if (size > len) {
875 proto_tree_add_item(sub_tree, hf_sysact_unused_buffer, tvb, offset, size - len, ENC_NA);
876 }
877
878 offset = old_offset + size;
879
880 return offset;
881 }
882
883 static int
dissect_dcom_IfId(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)884 dissect_dcom_IfId(tvbuff_t *tvb, gint offset, packet_info *pinfo,
885 proto_tree *tree, dcerpc_info *di, guint8 *drep)
886 {
887 offset = dissect_dcom_UUID(tvb, offset, pinfo, tree, di, drep,
888 hf_sysact_pi_iid, NULL);
889 return offset;
890 }
891
892 static int
dissect_dcom_IfIds(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)893 dissect_dcom_IfIds(tvbuff_t *tvb, gint offset,
894 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
895 {
896 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep,
897 dissect_dcom_IfId);
898 return offset;
899 }
900
901 static int
dissect_dcom_ReturnVal(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)902 dissect_dcom_ReturnVal(tvbuff_t *tvb, gint offset, packet_info *pinfo,
903 proto_tree *tree, dcerpc_info *di, guint8 *drep)
904 {
905 offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, di, drep,
906 hf_sysact_pi_retval, NULL);
907 return offset;
908 }
909
910 static int
dissect_dcom_ReturnVals(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)911 dissect_dcom_ReturnVals(tvbuff_t *tvb, gint offset,
912 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
913 {
914 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep,
915 dissect_dcom_ReturnVal);
916 return offset;
917 }
918
919 static int
dissect_OneInterfData(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)920 dissect_OneInterfData(tvbuff_t *tvb, gint offset,
921 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
922 {
923 offset = dissect_dcom_MInterfacePointer(tvb, offset, pinfo, tree, di, drep,
924 hf_sysact_pi_interf, NULL);
925 return offset;
926 }
927
928 static int
dissect_dcom_OneInterfDataPtr(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)929 dissect_dcom_OneInterfDataPtr(tvbuff_t *tvb, gint offset, packet_info *pinfo,
930 proto_tree *tree, dcerpc_info *di, guint8 *drep)
931 {
932 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, di, drep,
933 dissect_OneInterfData, NDR_POINTER_UNIQUE, "InterfacePtr", -1);
934 return offset;
935 }
936
937 /*
938 * This MUST be an array of MInterfacePointer pointers containing the OBJREFs for
939 * the interfaces returned by the server.
940 */
941 static int
dissect_dcom_InterfData(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)942 dissect_dcom_InterfData(tvbuff_t *tvb, gint offset,
943 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
944 {
945 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep,
946 dissect_dcom_OneInterfDataPtr);
947 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
948 return offset;
949 }
950
951 static int
dissect_dcom_PropsOutInfo(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep,gint size)952 dissect_dcom_PropsOutInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
953 proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size)
954 {
955 proto_tree *sub_tree;
956 gint old_offset, len;
957
958 old_offset = offset;
959
960 if (size <= 0) {
961 /* TODO: expert info */
962 size = -1;
963 }
964
965 sub_tree = proto_tree_add_subtree(tree, tvb, offset, size, ett_dcom_propsoutput, NULL, "PropertiesOutput");
966
967 offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di, drep);
968
969 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
970 hf_sysact_pi_ifnum, NULL);
971
972 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
973 dissect_dcom_IfIds, NDR_POINTER_UNIQUE, "InterfaceIdsPtr", -1);
974 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
975 dissect_dcom_ReturnVals, NDR_POINTER_UNIQUE, "ReturnValuesPtr", -1);
976 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
977 dissect_dcom_InterfData, NDR_POINTER_UNIQUE, "InterfacePtrsPtr", -1);
978 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
979
980 len = offset - old_offset;
981 if (size < len) {
982 /* TODO expert info */
983 size = len;
984 }
985 else if (size > len) {
986 proto_tree_add_item(sub_tree, hf_sysact_unused_buffer, tvb, offset, size - len, ENC_NA);
987 }
988
989 offset = old_offset + size;
990
991 return offset;
992 }
993
994
995 /*
996 *typedef struct tagDUALSTRINGARRAY {
997 * unsigned short wNumEntries;
998 * unsigned short wSecurityOffset;
999 * [size_is(wNumEntries)] unsigned short aStringArray[];
1000 *} DUALSTRINGARRAY;
1001 */
1002 static int
dissect_dcom_OxidBindings(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)1003 dissect_dcom_OxidBindings(tvbuff_t *tvb, gint offset,
1004 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
1005 {
1006 proto_item *sub_item;
1007 proto_tree *sub_tree;
1008 gint old_offset;
1009
1010 if (di->conformant_run) {
1011 return offset;
1012 }
1013
1014 old_offset = offset;
1015 sub_tree = proto_tree_add_subtree(tree, tvb, offset, 0, ett_dcom_oxidbinding, &sub_item, "OxidBindings");
1016
1017 offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, sub_tree, di, drep, NULL);
1018 offset = dissect_dcom_DUALSTRINGARRAY(tvb, offset, pinfo, sub_tree, di, drep,
1019 hf_sysact_scmri_binding, NULL);
1020
1021 proto_item_set_len(sub_item, offset - old_offset);
1022 return offset;
1023 }
1024
1025
1026 static int
dissect_dcom_customREMOTE_REPLY_SCM_INFO(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)1027 dissect_dcom_customREMOTE_REPLY_SCM_INFO(tvbuff_t *tvb, gint offset,
1028 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
1029 {
1030 proto_item *sub_item;
1031 proto_tree *sub_tree;
1032 gint old_offset;
1033
1034 if (di->conformant_run) {
1035 return offset;
1036 }
1037
1038 sub_tree = proto_tree_add_subtree(tree, tvb, offset, 0, ett_dcom_rmtresp, &sub_item, "RemoteReply");
1039
1040 old_offset = offset;
1041 offset = dissect_dcom_ID(tvb, offset, pinfo, sub_tree, di, drep,
1042 hf_sysact_scmri_oxid, NULL);
1043 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
1044 dissect_dcom_OxidBindings, NDR_POINTER_UNIQUE, "OxidBindingsPtr", -1);
1045 offset = dissect_dcom_UUID(tvb, offset, pinfo, sub_tree, di, drep,
1046 hf_sysact_scmri_rmtunknid, NULL);
1047 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
1048 hf_sysact_scmri_authhint, NULL);
1049 offset = dissect_dcom_COMVERSION(tvb, offset, pinfo, sub_tree, di, drep,
1050 NULL, NULL);
1051 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1052
1053 proto_item_set_len(sub_item, offset - old_offset);
1054
1055 return offset;
1056 }
1057
1058
1059 static int
dissect_dcom_ScmReplyInfo(tvbuff_t * tvb,gint offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep,gint size)1060 dissect_dcom_ScmReplyInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
1061 proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size)
1062 {
1063 proto_tree *sub_tree;
1064 gint old_offset, len;
1065
1066 old_offset = offset;
1067
1068 if (size <= 0) {
1069 /* TODO: expert info */
1070 size = -1;
1071 }
1072
1073 sub_tree = proto_tree_add_subtree(tree, tvb, offset, size, ett_dcom_scmrespinfo, NULL, "ScmReplyInfo");
1074
1075 offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di, drep);
1076
1077 /*This MUST be set to NULL and MUST be ignored on receipt*/
1078 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
1079 NULL, NDR_POINTER_UNIQUE, "Ptr", -1);
1080 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
1081 dissect_dcom_customREMOTE_REPLY_SCM_INFO, NDR_POINTER_UNIQUE,
1082 "RemoteRequestPtr", -1);
1083 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1084
1085 len = offset - old_offset;
1086 if (size < len) {
1087 /* TODO expert info */
1088 size = len;
1089 }
1090 else if (size > len) {
1091 proto_tree_add_item(sub_tree, hf_sysact_unused_buffer, tvb, offset, size - len, ENC_NA);
1092 }
1093
1094 offset = old_offset + size;
1095
1096 return offset;
1097 }
1098
1099 static void
sysact_register_routines(void)1100 sysact_register_routines(void)
1101 {
1102 dcom_register_routine(dissect_dcom_ActivationProperties, &iid_ActivationPropertiesIn);
1103 dcom_register_routine(dissect_dcom_ActivationProperties, &iid_ActivationPropertiesOut);
1104 dcom_register_routine(dissect_dcom_SpecialSystemProperties, &clsid_SpecialSystemProperties);
1105 dcom_register_routine(dissect_dcom_InstantiationInfo, &clsid_InstantiationInfo);
1106 dcom_register_routine(dissect_dcom_ActivationContextInfo, &clsid_ActivationContextInfo);
1107 dcom_register_routine(dissect_dcom_ContextMarshaler, &clsid_ContextMarshaler);
1108 dcom_register_routine(dissect_dcom_SecurtiyInfo, &clsid_SecurityInfo);
1109 dcom_register_routine(dissect_dcom_LocationInfo, &clsid_ServerLocationInfo);
1110 dcom_register_routine(dissect_dcom_ScmRqstInfo, &clsid_ScmRequestInfo);
1111 dcom_register_routine(dissect_dcom_PropsOutInfo, &clsid_PropsOutInfo);
1112 dcom_register_routine(dissect_dcom_ScmReplyInfo, &clsid_ScmReplyInfo);
1113
1114 return;
1115 }
1116
1117 static int
dissect_remsysact_remotecreateinstance_rqst(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)1118 dissect_remsysact_remotecreateinstance_rqst(tvbuff_t *tvb, int offset,
1119 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
1120 {
1121
1122 sysact_register_routines();
1123
1124 offset = dissect_dcom_this(tvb, offset, pinfo, tree, di, drep);
1125
1126 /* XXX - what is this? */
1127 offset = dissect_dcom_nospec_data(tvb, offset, pinfo, tree, drep, 4);
1128 offset = dissect_dcom_PMInterfacePointer(tvb, offset, pinfo, tree, di, drep,
1129 hf_sysact_actproperties, NULL /* XXX */);
1130 return offset;
1131 }
1132
1133 static int
dissect_remsysact_remotecreateinstance_resp(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)1134 dissect_remsysact_remotecreateinstance_resp(tvbuff_t *tvb, int offset,
1135 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
1136 {
1137 sysact_register_routines();
1138
1139 offset = dissect_dcom_that(tvb, offset, pinfo, tree, di, drep);
1140
1141 offset = dissect_dcom_PMInterfacePointer(tvb, offset, pinfo, tree, di, drep,
1142 hf_sysact_actproperties, NULL /* XXX */);
1143
1144 offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, di, drep,
1145 NULL /* pu32HResult */);
1146
1147 return offset;
1148 }
1149
1150 static int
dissect_remsysact_remotegetclassobject_rqst(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)1151 dissect_remsysact_remotegetclassobject_rqst(tvbuff_t *tvb, int offset,
1152 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
1153 {
1154 sysact_register_routines();
1155
1156 offset = dissect_dcom_this(tvb, offset, pinfo, tree, di, drep);
1157 offset = dissect_dcom_PMInterfacePointer(tvb, offset, pinfo, tree, di, drep,
1158 hf_sysact_actproperties, NULL);
1159
1160 return offset;
1161 }
1162
1163 static int
dissect_remsysact_remotegetclassobject_resp(tvbuff_t * tvb,int offset,packet_info * pinfo,proto_tree * tree,dcerpc_info * di,guint8 * drep)1164 dissect_remsysact_remotegetclassobject_resp(tvbuff_t *tvb, int offset,
1165 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
1166 {
1167 sysact_register_routines();
1168
1169 offset = dissect_dcom_that(tvb, offset, pinfo, tree, di, drep);
1170
1171 offset = dissect_dcom_PMInterfacePointer(tvb, offset, pinfo, tree, di, drep,
1172 hf_sysact_actproperties, NULL);
1173
1174 offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, di, drep,
1175 NULL /* pu32HResult */);
1176
1177 return offset;
1178 }
1179
1180 static dcerpc_sub_dissector ISystemActivator_dissectors[] = {
1181 { 0, "QueryInterfaceIRemoteSCMActivator", NULL, NULL },
1182 { 1, "AddRefIRemoteISCMActivator", NULL, NULL },
1183 { 2, "ReleaseIRemoteISCMActivator", NULL, NULL },
1184 { 3, "RemoteGetClassObject", dissect_remsysact_remotegetclassobject_rqst, dissect_remsysact_remotegetclassobject_resp },
1185 { 4, "RemoteCreateInstance", dissect_remsysact_remotecreateinstance_rqst, dissect_remsysact_remotecreateinstance_resp },
1186 { 0, NULL, NULL, NULL },
1187 };
1188
1189 void
proto_register_ISystemActivator(void)1190 proto_register_ISystemActivator (void)
1191 {
1192 /* fields */
1193 static hf_register_info hf[] = {
1194 { &hf_opnum,
1195 { "Operation", "isystemactivator.opnum", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1196 { &hf_sysact_actproperties,
1197 { "IActProperties", "isystemactivator.actproperties", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1198 #if 0
1199 { &hf_sysact_unknown,
1200 { "IUnknown", "isystemactivator.unknown", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1201 #endif
1202 };
1203
1204 static hf_register_info hf_actproperties[] = {
1205 { &hf_sysact_totalsize,
1206 { "Totalsize", "isystemactivator.actproperties.size", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1207 { &hf_sysact_res,
1208 { "Reserved", "isystemactivator.actproperties.resv", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1209
1210 { &hf_sysact_customhdrsize,
1211 { "CustomHeaderSize", "isystemactivator.customhdr.size", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1212 { &hf_sysact_dstctx,
1213 { "DestinationContext", "isystemactivator.customhdr.dc", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1214 { &hf_sysact_actpropnumber,
1215 { "NumActivationPropertyStructs", "isystemactivator.customhdr.actpropnumber", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1216 { &hf_sysact_actpropclsinfoid,
1217 { "ClassInfoClsid", "isystemactivator.customhdr.clsinfoid", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1218 #if 0
1219 { &hf_sysact_actpropclsids,
1220 { "PropertyGuids", "isystemactivator.customhdr.clsids", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1221 #endif
1222 { &hf_sysact_actpropclsid,
1223 { "PropertyStructGuid", "isystemactivator.customhdr.clsid", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1224 #if 0
1225 { &hf_sysact_actpropsizes,
1226 { "PropertyDataSizes", "isystemactivator.customhdr.datasizes", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1227 #endif
1228 { &hf_sysact_actpropsize,
1229 { "PropertyDataSize", "isystemactivator.customhdr.datasize", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1230
1231 /*SpecialSystemProperties*/
1232 { &hf_sysact_spsysprop_sid,
1233 { "SessionID", "isystemactivator.properties.spcl.sid", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, "A value that uniquely identifies a logon session on the server", HFILL }},
1234 { &hf_sysact_spsysprop_remotethissid,
1235 { "RemoteThisSessionID", "isystemactivator.properties.spcl.remotesid", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1236 { &hf_sysact_spsysprop_cltimpersonating,
1237 { "ClientImpersonating", "isystemactivator.properties.spcl.cltimp", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1238 { &hf_sysact_spsysprop_partitionid,
1239 { "PartitionIDPresent", "isystemactivator.properties.spcl.partitionid", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1240 { &hf_sysact_spsysprop_defauthlvl,
1241 { "DefaultAuthnLevel", "isystemactivator.properties.spcl.defauthlvl", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1242 { &hf_sysact_spsysprop_partition,
1243 { "PartitionGuid", "isystemactivator.properties.spcl.partition", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1244 { &hf_sysact_spsysprop_procrqstflgs,
1245 { "ProcessRequestFlags", "isystemactivator.properties.spcl.procreqstflgs", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1246 { &hf_sysact_spsysprop_origclsctx,
1247 { "OriginalClassContext", "isystemactivator.properties.spcl.origclsctx", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1248 { &hf_sysact_spsysprop_flags,
1249 { "Flags", "isystemactivator.properties.spcl.flags", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1250 #if 0
1251 { &hf_sysact_spsysprop_procid,
1252 { "ProcessID", "isystemactivator.properties.spcl.procid", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1253 #endif
1254 #if 0
1255 { &hf_sysact_spsysprop_hwnd,
1256 { "hWnd", "isystemactivator.properties.spcl.hwnd", FT_UINT64, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1257 #endif
1258
1259 /*InstantiationInfo*/
1260 { &hf_sysact_instninfo_clsid,
1261 { "InstantiatedObjectClsId", "isystemactivator.properties.instninfo.clsid", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1262 { &hf_sysact_instninfo_clsctx,
1263 { "ClassContext", "isystemactivator.properties.instninfo.clsctx", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1264 { &hf_sysact_instninfo_actflags,
1265 { "ActivationFlags", "isystemactivator.properties.instninfo.actflags", FT_UINT32, BASE_DEC_HEX, VALS(instninfo_actflags), 0x0, NULL, HFILL }},
1266 { &hf_sysact_instninfo_issurrogate,
1267 { "FlagsSurrogate", "isystemactivator.properties.instninfo.issurogate", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1268 { &hf_sysact_instninfo_iidcount,
1269 { "InterfaceIdCount", "isystemactivator.properties.instninfo.iidcount", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1270 { &hf_sysact_instninfo_instflags,
1271 { "InstantiationFlag", "isystemactivator.properties.instninfo.instflags", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1272 { &hf_sysact_instninfo_entiresize,
1273 { "EntirePropertySize", "isystemactivator.properties.instninfo.entiresize", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1274 { &hf_sysact_instninfo_iid,
1275 { "InterfaceIds", "isystemactivator.properties.instninfo.iid", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1276
1277 /*ActivationContextInfo*/
1278 { &hf_sysact_actctxinfo_cltok,
1279 { "ClientOk", "isystemactivator.properties.actctxinfo.cltok", FT_INT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1280 { &hf_sysact_context,
1281 { "ClientContext", "isystemactivator.properties.context", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1282
1283 /*dcom Context*/
1284 { &hf_sysact_ctx_id,
1285 { "ContextID", "isystemactivator.properties.context.id", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1286 { &hf_sysact_ctx_flags,
1287 { "Flags", "isystemactivator.properties.context.flags", FT_UINT32, BASE_HEX, VALS(dcom_context_flag_vals), 0x0, NULL, HFILL }},
1288 { &hf_sysact_ctx_res,
1289 { "Reserved", "isystemactivator.properties.context.res", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL }},
1290 { &hf_sysact_ctx_numextents,
1291 { "NumExtents", "isystemactivator.properties.context.numext", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1292 { &hf_sysact_ctx_extentscnt,
1293 { "ExtentCount", "isystemactivator.properties.context.extcnt", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1294 { &hf_sysact_ctx_mashflags,
1295 { "MarshalFlags", "isystemactivator.properties.context.mashflags", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1296 { &hf_sysact_ctx_count,
1297 { "ContextPropertyCount", "isystemactivator.properties.context.cnt", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1298 { &hf_sysact_ctx_frozen,
1299 { "Frozen", "isystemactivator.properties.context.frz", FT_UINT32, BASE_HEX, VALS(boolean_flag_vals), 0x0, NULL, HFILL }},
1300
1301 /*Security Info*/
1302 { &hf_sysact_si_authflalgs,
1303 { "AuthenticationFlags", "isystemactivator.properties.si.authflags", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL }},
1304 { &hf_sysact_si_serverinfo,
1305 { "ServerInfo", "isystemactivator.properties.si.ci", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
1306 { &hf_sysact_si_ci_res,
1307 { "Reserved", "isystemactivator.properties.si.ci.res", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL }},
1308 { &hf_sysact_si_ci_string,
1309 { "String", "isystemactivator.properties.si.ci.name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
1310
1311 /*Location info*/
1312 { &hf_sysact_li_string,
1313 { "String", "isystemactivator.properties.li.name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
1314 { &hf_sysact_li_procid,
1315 { "ProcessId", "isystemactivator.properties.li.procid", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1316 { &hf_sysact_li_apartid,
1317 { "ApartmentId", "isystemactivator.properties.li.apartid", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1318 { &hf_sysact_li_ctxid,
1319 { "ContextId", "isystemactivator.properties.li.ctxid", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1320
1321 /*ScmRequst info*/
1322 { &hf_sysact_sri_cltimplvl,
1323 { "ClientImpersonationLevel", "isystemactivator.properties.sri.cltimplvl", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1324 { &hf_sysact_sri_protseqnum,
1325 { "NumProtocolSequences", "isystemactivator.properties.sri.protseqnum", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1326 { &hf_sysact_sri_protseq,
1327 { "ProtocolSeq", "isystemactivator.properties.sri.protseq", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1328
1329 /*PropsOutInfo*/
1330 { &hf_sysact_pi_ifnum,
1331 { "NumInterfaces", "isystemactivator.properties.pi.ifnum", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1332 { &hf_sysact_pi_retval,
1333 { "ReturnValue", "isystemactivator.properties.retval", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1334 { &hf_sysact_pi_interf,
1335 { "Interface", "isystemactivator.properties.interf", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1336 { &hf_sysact_pi_iid,
1337 { "IID", "isystemactivator.properties.iid", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1338
1339 /*ScmReply info*/
1340 { &hf_sysact_scmri_rmtunknid,
1341 { "IRemUnknownInterfacePointerId", "isystemactivator.properties.scmresp.rmtunknid", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1342 { &hf_sysact_scmri_authhint,
1343 { "AuthenticationHint", "isystemactivator.properties.scmresp.authhint", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1344 { &hf_sysact_scmri_binding,
1345 { "Bindings", "isystemactivator.properties.scmresp.binding", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1346 { &hf_sysact_scmri_oxid,
1347 { "OXID", "isystemactivator.properties.scmresp.oxid", FT_UINT64, BASE_HEX, NULL, 0x0, NULL, HFILL }},
1348 { &hf_sysact_unused_buffer,
1349 { "Unused buffer", "isystemactivator.unused_buffer", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1350 };
1351
1352 static hf_register_info hf_tshdr[] = {
1353 { &hf_typeszch,
1354 { "CommonHeader", "isystemactivator.actproperties.ts.hdr", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1355 { &hf_typeszph,
1356 { "PrivateHeader", "isystemactivator.actproperties.ts.hdr", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1357 { &hf_typesz_ver,
1358 { "Version", "isystemactivator.actproperties.ts.ver", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }},
1359 { &hf_typesz_endianness,
1360 { "Endianness", "isystemactivator.actproperties.ts.end", FT_UINT8, BASE_HEX, VALS(ts_endian_vals), 0x0, NULL, HFILL }},
1361 { &hf_typesz_commhdrlen,
1362 { "CommonHeaderLength", "isystemactivator.actproperties.ts.chl", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1363 { &hf_typesz_filler,
1364 { "Filler", "isystemactivator.actproperties.ts.fil", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL }},
1365 { &hf_typesz_buflen,
1366 { "ObjectBufferLength", "isystemactivator.actproperties.ts.buflen", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1367 };
1368
1369
1370 /* Tree */
1371 static gint *ett[] = {
1372 &ett_isystemactivator,
1373 &ett_actproperties,
1374 &ett_properties,
1375 &ett_commonheader,
1376 &ett_propguids,
1377 &ett_typeszcommhdr,
1378 &ett_typeszprivhdr,
1379 &ett_dcom_spclsysprop,
1380 &ett_dcom_reserved,
1381 &ett_dcom_instantianinfo,
1382 &ett_dcom_actctxinfo,
1383 &ett_dcom_context,
1384 &ett_dcom_securityinfo,
1385 &ett_dcom_locationinfo,
1386 &ett_dcom_scmrqstinfo,
1387 &ett_dcom_rmtrqst,
1388
1389 &ett_dcom_propsoutput,
1390 &ett_dcom_scmrespinfo,
1391 &ett_dcom_rmtresp,
1392 &ett_dcom_oxidbinding,
1393
1394 };
1395
1396 proto_ISystemActivator = proto_register_protocol ("ISystemActivator ISystemActivator Resolver", "ISystemActivator", "isystemactivator");
1397 proto_register_field_array (proto_ISystemActivator, hf, array_length (hf));
1398 proto_register_field_array (proto_ISystemActivator, hf_actproperties, array_length (hf_actproperties));
1399 proto_register_field_array(proto_ISystemActivator, hf_tshdr, array_length(hf_tshdr));
1400 proto_register_subtree_array (ett, array_length (ett));
1401 }
1402
1403 void
proto_reg_handoff_ISystemActivator(void)1404 proto_reg_handoff_ISystemActivator (void)
1405 {
1406 /* Register the protocol as dcerpc */
1407 dcerpc_init_uuid (proto_ISystemActivator, ett_isystemactivator, &uuid_ISystemActivator,
1408 ver_ISystemActivator, ISystemActivator_dissectors, hf_opnum);
1409 }
1410
1411 /*
1412 * Editor modelines - https://www.wireshark.org/tools/modelines.html
1413 *
1414 * Local variables:
1415 * c-basic-offset: 4
1416 * tab-width: 8
1417 * indent-tabs-mode: nil
1418 * End:
1419 *
1420 * vi: set shiftwidth=4 tabstop=8 expandtab:
1421 * :indentSize=4:tabSize=8:noTabs=true:
1422 */
1423