summaryrefslogtreecommitdiff
path: root/epan/dissectors
diff options
context:
space:
mode:
authorUlf Lamping <ulf.lamping@web.de>2006-08-17 19:09:41 +0000
committerUlf Lamping <ulf.lamping@web.de>2006-08-17 19:09:41 +0000
commit7d040193881dc431ec20e471189f99d16a4cbbf8 (patch)
tree511ad9a6b80a92c30e8d7a008e3d07fe306bbc6d /epan/dissectors
parent162d87a516782fb04df22471305df0a386a3d996 (diff)
downloadwireshark-7d040193881dc431ec20e471189f99d16a4cbbf8.tar.gz
some further work on the GUID/UUID resolvings
most of the relevant code moved to guid_utils lot of corresponding code cleanup in packet-dcerpc.c still using GHashTable still not using a manuf like file svn path=/trunk/; revision=18939
Diffstat (limited to 'epan/dissectors')
-rw-r--r--epan/dissectors/packet-dcerpc-epm.c9
-rw-r--r--epan/dissectors/packet-dcerpc.c287
-rw-r--r--epan/dissectors/packet-dcerpc.h3
-rw-r--r--epan/dissectors/packet-dcom-cba-acco.c8
-rw-r--r--epan/dissectors/packet-dcom-cba.c2
-rw-r--r--epan/dissectors/packet-dcom-remunkn.c9
-rw-r--r--epan/dissectors/packet-dcom.c152
-rw-r--r--epan/dissectors/packet-dcom.h7
8 files changed, 84 insertions, 393 deletions
diff --git a/epan/dissectors/packet-dcerpc-epm.c b/epan/dissectors/packet-dcerpc-epm.c
index b6e46b6f98..a0c4abb71e 100644
--- a/epan/dissectors/packet-dcerpc-epm.c
+++ b/epan/dissectors/packet-dcerpc-epm.c
@@ -81,7 +81,6 @@ static guint16 ver_epm3 = 3;
static guint16 ver_epm4 = 4;
-GHashTable *uuids=NULL;
static e_uuid_t uuid_data_repr_proto = { 0x8a885d04, 0x1ceb, 0x11c9, { 0x9f, 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60 } };
@@ -364,7 +363,7 @@ epm_dissect_tower_data (tvbuff_t *tvb, int offset,
case PROTO_ID_UUID:
dcerpc_tvb_get_uuid (tvb, offset+1, drep, &uuid);
- uuid_name = guids_get_guid_name(uuids, (e_guid_t *) &uuid);
+ uuid_name = guids_get_uuid_name(&uuid);
if(uuid_name != NULL) {
proto_tree_add_guid_format (tr, hf_epm_uuid, tvb, offset+1, 16, (e_guid_t *) &uuid,
@@ -767,9 +766,6 @@ proto_register_epm (void)
&ett_epm_entry
};
- uuids = guids_new();
- guids_add_guid(uuids, (e_guid_t *) &uuid_data_repr_proto, "Version 1.1 network data representation protocol", NULL);
-
/* interface version 3 */
proto_epm3 = proto_register_protocol ("DCE/RPC Endpoint Mapper", "EPM", "epm");
proto_register_field_array (proto_epm3, hf, array_length (hf));
@@ -782,6 +778,9 @@ proto_register_epm (void)
void
proto_reg_handoff_epm (void)
{
+ /* Register the UUIDs */
+ guids_add_uuid(&uuid_data_repr_proto, "Version 1.1 network data representation protocol");
+
/* Register the protocol as dcerpc */
dcerpc_init_uuid (proto_epm3, ett_epm, &uuid_epm, ver_epm3, epm_dissectors, hf_epm_opnum);
dcerpc_init_uuid (proto_epm4, ett_epm, &uuid_epm, ver_epm4, epm_dissectors, hf_epm_opnum);
diff --git a/epan/dissectors/packet-dcerpc.c b/epan/dissectors/packet-dcerpc.c
index 1eab86f40b..0fd7068351 100644
--- a/epan/dissectors/packet-dcerpc.c
+++ b/epan/dissectors/packet-dcerpc.c
@@ -48,10 +48,6 @@
#include <epan/expert.h>
#include <epan/strutil.h>
-#ifdef _WIN32
-#include <tchar.h>
-#endif
-
static int dcerpc_tap = -1;
@@ -494,38 +490,6 @@ static const fragment_items dcerpc_frag_items = {
/* list of hooks to be called when init_protocols is done */
GHookList dcerpc_hooks_init_protos;
-#ifdef _WIN32
-int ResolveWin32UUID(e_uuid_t if_id, char *uuid_name, int uuid_name_max_len)
-{
- TCHAR reg_uuid_name[MAX_PATH];
- HKEY hKey = NULL;
- DWORD uuid_max_size = MAX_PATH;
- TCHAR reg_uuid_str[MAX_PATH];
-
- if(uuid_name_max_len < 2)
- return 0;
- reg_uuid_name[0] = '\0';
- _snwprintf(reg_uuid_str, MAX_PATH, _T("SOFTWARE\\Classes\\Interface\\{%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}"),
- if_id.Data1, if_id.Data2, if_id.Data3,
- if_id.Data4[0], if_id.Data4[1],
- if_id.Data4[2], if_id.Data4[3],
- if_id.Data4[4], if_id.Data4[5],
- if_id.Data4[6], if_id.Data4[7]);
- if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, reg_uuid_str, 0, KEY_QUERY_VALUE, &hKey) == ERROR_SUCCESS)
- {
- if (RegQueryValueEx(hKey, NULL, NULL, NULL, (LPBYTE)reg_uuid_name, &uuid_max_size) == ERROR_SUCCESS && uuid_max_size <= MAX_PATH)
- {
- g_snprintf(uuid_name, uuid_name_max_len, "%s", utf_16to8(reg_uuid_name));
- RegCloseKey(hKey);
- return strlen(uuid_name);
- }
- RegCloseKey(hKey);
- }
- return 0; /* we didn't find anything anyhow. Please don't use the string! */
-
-}
-#endif
-
static dcerpc_info *
get_next_di(void)
{
@@ -730,30 +694,11 @@ dcerpc_init_uuid (int proto, int ett, e_uuid_t *uuid, guint16 ver,
hf_info = proto_registrar_get_nth(opnum_hf);
hf_info->strings = value_string_from_subdissectors(procs);
-}
-
-/* try to get registered name for this uuid */
-const gchar *dcerpc_get_uuid_name(e_uuid_t *uuid, guint16 ver)
-{
- dcerpc_uuid_key key;
- dcerpc_uuid_value *sub_proto;
-
-
- /* try to get registered uuid "name" of if_id */
- key.uuid = *uuid;
- key.ver = ver;
-
- if ((sub_proto = g_hash_table_lookup (dcerpc_uuids, &key)) != NULL
- && proto_is_protocol_enabled(sub_proto->proto)) {
-
- return sub_proto->name;
- }
-
- return NULL;
+ /* add this GUID to the global name resolving */
+ guids_add_uuid(uuid, proto_get_protocol_short_name (value->proto));
}
-
/* Function to find the name of a registered protocol
* or NULL if the protocol/version is not known to wireshark.
*/
@@ -1147,41 +1092,15 @@ dissect_dcerpc_uuid_t (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
int hfindex, e_uuid_t *pdata)
{
e_uuid_t uuid;
-#if 0
- header_field_info* hfi;
- gchar *uuid_name;
-#endif
- dcerpc_tvb_get_uuid (tvb, offset, drep, &uuid);
+ if (drep[0] & 0x10) {
+ tvb_get_letohguid (tvb, offset, (e_guid_t *) &uuid);
+ } else {
+ tvb_get_ntohguid (tvb, offset, (e_guid_t *) &uuid);
+ }
if (tree) {
-#if 0
- /* get name of protocol field to prepend it later */
- hfi = proto_registrar_get_nth(hfindex);
-
- /* XXX - get the name won't work correct, as we don't know the version of this uuid (if it has one) */
- /* look for a registered uuid name */
- uuid_name = dcerpc_get_uuid_name(&uuid, 0);
-
- if (uuid_name) {
- /* we know the name of this uuid */
- proto_tree_add_string_format (tree, hfindex, tvb, offset, 16, "",
- "%s: %s (%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x)",
- hfi->name, uuid_name,
- uuid.Data1, uuid.Data2, uuid.Data3,
- uuid.Data4[0], uuid.Data4[1],
- uuid.Data4[2], uuid.Data4[3],
- uuid.Data4[4], uuid.Data4[5],
- uuid.Data4[6], uuid.Data4[7]);
- } else {
-#endif
- /* GUID have changed from FT_STRING to FT_GUID
- (XXX - have we changed all dissectors?).
- */
- proto_tree_add_guid(tree, hfindex, tvb, offset, 16, (e_guid_t *) &uuid);
-#if 0
- }
-#endif
+ proto_tree_add_guid(tree, hfindex, tvb, offset, 16, (e_guid_t *) &uuid);
}
if (pdata) {
*pdata = uuid;
@@ -1224,7 +1143,6 @@ dcerpc_tvb_get_uuid (tvbuff_t *tvb, gint offset, guint8 *drep, e_uuid_t *uuid)
}
-
/* NDR arrays */
/* function to dissect a unidimensional conformant array */
int
@@ -2210,9 +2128,6 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree,
tvbuff_t *volatile stub_tvb;
volatile guint auth_pad_len;
volatile int auth_pad_offset;
-#ifdef _WIN32
- char uuid_name[MAX_PATH];
-#endif
proto_item *sub_item=NULL;
proto_item *pi;
@@ -2230,20 +2145,8 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree,
proto_tree_add_boolean_hidden(dcerpc_tree, hf_dcerpc_unknown_if_id,
tvb, offset, 0, TRUE);
if (check_col (pinfo->cinfo, COL_INFO)) {
-#ifdef _WIN32
- if(ResolveWin32UUID(info->call_data->uuid, uuid_name, MAX_PATH))
- col_append_fstr (pinfo->cinfo, COL_INFO, " [%s] UUID: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x rpcver: %u",
- uuid_name, info->call_data->uuid.Data1, info->call_data->uuid.Data2, info->call_data->uuid.Data3, info->call_data->uuid.Data4[0],
- info->call_data->uuid.Data4[1], info->call_data->uuid.Data4[2], info->call_data->uuid.Data4[3],
- info->call_data->uuid.Data4[4], info->call_data->uuid.Data4[5], info->call_data->uuid.Data4[6],
- info->call_data->uuid.Data4[7], info->call_data->ver);
-else
-#endif
- col_append_fstr (pinfo->cinfo, COL_INFO, " UNKUUID: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x rpcver: %u",
- info->call_data->uuid.Data1, info->call_data->uuid.Data2, info->call_data->uuid.Data3, info->call_data->uuid.Data4[0],
- info->call_data->uuid.Data4[1], info->call_data->uuid.Data4[2], info->call_data->uuid.Data4[3],
- info->call_data->uuid.Data4[4], info->call_data->uuid.Data4[5], info->call_data->uuid.Data4[6],
- info->call_data->uuid.Data4[7], info->call_data->ver);
+ col_append_fstr (pinfo->cinfo, COL_INFO, " %s V%u",
+ guids_resolve_uuid_to_str(&info->call_data->uuid), info->call_data->ver);
}
if (decrypted_tvb != NULL) {
@@ -2611,13 +2514,9 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
e_uuid_t trans_id;
guint32 trans_ver;
guint16 if_ver, if_ver_minor;
- char uuid_str[DCERPC_UUID_STR_LEN];
- int uuid_str_len;
dcerpc_auth_info auth_info;
- char *uuid_name = NULL;
-#ifdef _WIN32
- char uuid_name2[MAX_PATH];
-#endif
+ char *uuid_str;
+ const char *uuid_name = NULL;
proto_item *iface_item;
offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
@@ -2683,33 +2582,17 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
iface_item = proto_tree_add_item(ctx_tree, hf_dcerpc_cn_bind_abstract_syntax, tvb, offset, 0, FALSE);
iface_tree = proto_item_add_subtree(iface_item, ett_dcerpc_cn_iface);
- uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
- "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
- if_id.Data1, if_id.Data2, if_id.Data3,
- if_id.Data4[0], if_id.Data4[1],
- if_id.Data4[2], if_id.Data4[3],
- if_id.Data4[4], if_id.Data4[5],
- if_id.Data4[6], if_id.Data4[7]);
-
- if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
- memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
-
-#ifdef _WIN32
- if(ResolveWin32UUID(if_id, uuid_name2, MAX_PATH)) {
- uuid_name = uuid_name2;
- }
+ uuid_str = guid_to_str((e_guid_t*)&if_id);
+ uuid_name = guids_get_uuid_name(&if_id);
if(uuid_name) {
proto_tree_add_guid_format (iface_tree, hf_dcerpc_cn_bind_if_id, tvb,
offset, 16, (e_guid_t *) &if_id, "Interface: %s UUID: %s", uuid_name, uuid_str);
proto_item_append_text(iface_item, "%s", uuid_name);
} else {
-#endif
proto_tree_add_guid_format (iface_tree, hf_dcerpc_cn_bind_if_id, tvb,
offset, 16, (e_guid_t *) &if_id, "Interface UUID: %s", uuid_str);
proto_item_append_text(iface_item, "%s", uuid_str);
-#ifdef _WIN32
}
-#endif
}
offset += 16;
@@ -2767,36 +2650,11 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
}
if (check_col (pinfo->cinfo, COL_INFO)) {
- dcerpc_uuid_key key;
- dcerpc_uuid_value *value;
-
- key.uuid = if_id;
- key.ver = if_ver;
-
if (num_ctx_items > 1)
col_append_fstr(pinfo->cinfo, COL_INFO, ", %u context items, 1st", num_ctx_items);
- if ((value = g_hash_table_lookup(dcerpc_uuids, &key)))
- col_append_fstr(pinfo->cinfo, COL_INFO, " UUID: %s", value->name);
- else
-#ifdef _WIN32
- if(ResolveWin32UUID(if_id, uuid_name2, MAX_PATH))
- col_append_fstr(pinfo->cinfo, COL_INFO, " [%s] UUID: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x ver %u.%u",
- uuid_name2, if_id.Data1, if_id.Data2, if_id.Data3,
- if_id.Data4[0], if_id.Data4[1],
- if_id.Data4[2], if_id.Data4[3],
- if_id.Data4[4], if_id.Data4[5],
- if_id.Data4[6], if_id.Data4[7],
- if_ver, if_ver_minor);
- else
-#endif
- col_append_fstr(pinfo->cinfo, COL_INFO, " UUID: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x ver %u.%u",
- if_id.Data1, if_id.Data2, if_id.Data3,
- if_id.Data4[0], if_id.Data4[1],
- if_id.Data4[2], if_id.Data4[3],
- if_id.Data4[4], if_id.Data4[5],
- if_id.Data4[6], if_id.Data4[7],
- if_ver, if_ver_minor);
+ col_append_fstr(pinfo->cinfo, COL_INFO, " %s V%u.%u",
+ guids_resolve_uuid_to_str(&if_id), if_ver, if_ver_minor);
}
saw_ctx_item = TRUE;
}
@@ -2811,15 +2669,7 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
trans_item = proto_tree_add_item(ctx_tree, hf_dcerpc_cn_bind_trans_syntax, tvb, offset, 0, FALSE);
trans_tree = proto_item_add_subtree(trans_item, ett_dcerpc_cn_trans_syntax);
- uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
- "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
- trans_id.Data1, trans_id.Data2, trans_id.Data3,
- trans_id.Data4[0], trans_id.Data4[1],
- trans_id.Data4[2], trans_id.Data4[3],
- trans_id.Data4[4], trans_id.Data4[5],
- trans_id.Data4[6], trans_id.Data4[7]);
- if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
- memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
+ uuid_str = guid_to_str((e_guid_t *) &trans_id);
proto_tree_add_guid_format (trans_tree, hf_dcerpc_cn_bind_trans_id, tvb,
offset, 16, (e_guid_t *) &trans_id, "Transfer Syntax: %s", uuid_str);
proto_item_append_text(trans_item, "[%u]: %s", j+1, uuid_str);
@@ -2859,8 +2709,6 @@ dissect_dcerpc_cn_bind_ack (tvbuff_t *tvb, gint offset, packet_info *pinfo,
guint16 reason;
e_uuid_t trans_id;
guint32 trans_ver;
- char uuid_str[DCERPC_UUID_STR_LEN];
- int uuid_str_len;
dcerpc_auth_info auth_info;
offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
@@ -2917,17 +2765,9 @@ dissect_dcerpc_cn_bind_ack (tvbuff_t *tvb, gint offset, packet_info *pinfo,
dcerpc_tvb_get_uuid (tvb, offset, hdr->drep, &trans_id);
if (ctx_tree) {
- uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
- "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
- trans_id.Data1, trans_id.Data2, trans_id.Data3,
- trans_id.Data4[0], trans_id.Data4[1],
- trans_id.Data4[2], trans_id.Data4[3],
- trans_id.Data4[4], trans_id.Data4[5],
- trans_id.Data4[6], trans_id.Data4[7]);
- if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
- memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
proto_tree_add_guid_format (ctx_tree, hf_dcerpc_cn_ack_trans_id, tvb,
- offset, 16, (e_guid_t *) &trans_id, "Transfer Syntax: %s", uuid_str);
+ offset, 16, (e_guid_t *) &trans_id, "Transfer Syntax: %s",
+ guid_to_str((e_guid_t *) &trans_id));
}
offset += 16;
@@ -3334,8 +3174,6 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo,
e_uuid_t obj_id = DCERPC_UUID_NULL;
dcerpc_auth_info auth_info;
guint32 alloc_hint;
- char uuid_str[DCERPC_UUID_STR_LEN];
- int uuid_str_len;
proto_item *pi;
proto_item *parent_pi;
@@ -3373,21 +3211,9 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo,
if (hdr->flags & PFC_OBJECT_UUID) {
dcerpc_tvb_get_uuid (tvb, offset, hdr->drep, &obj_id);
if (dcerpc_tree) {
- uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
- "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
- obj_id.Data1, obj_id.Data2, obj_id.Data3,
- obj_id.Data4[0],
- obj_id.Data4[1],
- obj_id.Data4[2],
- obj_id.Data4[3],
- obj_id.Data4[4],
- obj_id.Data4[5],
- obj_id.Data4[6],
- obj_id.Data4[7]);
- if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
- memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_obj_id, tvb,
- offset, 16, (e_guid_t *) &obj_id, "Object UUID: %s", uuid_str);
+ offset, 16, (e_guid_t *) &obj_id, "Object UUID: %s",
+ guid_to_str((e_guid_t *) &obj_id));
}
offset += 16;
}
@@ -3527,8 +3353,6 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, gint offset, packet_info *pinfo,
guint32 alloc_hint;
proto_item *pi;
proto_item *parent_pi;
- char uuid_str[DCERPC_UUID_STR_LEN];
- int uuid_str_len;
e_uuid_t obj_id_null = DCERPC_UUID_NULL;
offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
@@ -3625,21 +3449,9 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, gint offset, packet_info *pinfo,
/* (optional) "Object UUID" from request */
if (value && dcerpc_tree && memcmp(&value->object_uuid, &obj_id_null, sizeof(obj_id_null)) != 0) {
- uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
- "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
- value->object_uuid.Data1, value->object_uuid.Data2, value->object_uuid.Data3,
- value->object_uuid.Data4[0],
- value->object_uuid.Data4[1],
- value->object_uuid.Data4[2],
- value->object_uuid.Data4[3],
- value->object_uuid.Data4[4],
- value->object_uuid.Data4[5],
- value->object_uuid.Data4[6],
- value->object_uuid.Data4[7]);
- if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
- memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
pi = proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_obj_id, tvb,
- offset, 0, (e_guid_t *) &value->object_uuid, "Object UUID: %s", uuid_str);
+ offset, 0, (e_guid_t *) &value->object_uuid, "Object UUID: %s",
+ guid_to_str((e_guid_t *) &value->object_uuid));
PROTO_ITEM_SET_GENERATED(pi);
}
@@ -4850,8 +4662,6 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
int offset = 0;
conversation_t *conv;
int auth_level;
- char uuid_str[DCERPC_UUID_STR_LEN];
- int uuid_str_len;
/*
* Check if this looks like a CL DCERPC call. All dg packets
@@ -5005,59 +4815,23 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
offset++;
if (tree) {
- uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
- "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
- hdr.obj_id.Data1, hdr.obj_id.Data2, hdr.obj_id.Data3,
- hdr.obj_id.Data4[0],
- hdr.obj_id.Data4[1],
- hdr.obj_id.Data4[2],
- hdr.obj_id.Data4[3],
- hdr.obj_id.Data4[4],
- hdr.obj_id.Data4[5],
- hdr.obj_id.Data4[6],
- hdr.obj_id.Data4[7]);
- if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
- memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_obj_id, tvb,
- offset, 16, (e_guid_t *) &hdr.obj_id, "Object UUID: %s", uuid_str);
+ offset, 16, (e_guid_t *) &hdr.obj_id, "Object UUID: %s",
+ guid_to_str((e_guid_t *) &hdr.obj_id));
}
offset += 16;
if (tree) {
- uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
- "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
- hdr.if_id.Data1, hdr.if_id.Data2, hdr.if_id.Data3,
- hdr.if_id.Data4[0],
- hdr.if_id.Data4[1],
- hdr.if_id.Data4[2],
- hdr.if_id.Data4[3],
- hdr.if_id.Data4[4],
- hdr.if_id.Data4[5],
- hdr.if_id.Data4[6],
- hdr.if_id.Data4[7]);
- if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
- memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_dg_if_id, tvb,
- offset, 16, (e_guid_t *) &hdr.if_id, "Interface: %s", uuid_str);
+ offset, 16, (e_guid_t *) &hdr.if_id, "Interface: %s",
+ guid_to_str((e_guid_t *) &hdr.if_id));
}
offset += 16;
if (tree) {
- uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
- "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
- hdr.act_id.Data1, hdr.act_id.Data2, hdr.act_id.Data3,
- hdr.act_id.Data4[0],
- hdr.act_id.Data4[1],
- hdr.act_id.Data4[2],
- hdr.act_id.Data4[3],
- hdr.act_id.Data4[4],
- hdr.act_id.Data4[5],
- hdr.act_id.Data4[6],
- hdr.act_id.Data4[7]);
- if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
- memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_dg_act_id, tvb,
- offset, 16, (e_guid_t *) &hdr.act_id, "Activity: %s", uuid_str);
+ offset, 16, (e_guid_t *) &hdr.act_id, "Activity: %s",
+ guid_to_str((e_guid_t *) &hdr.act_id));
}
offset += 16;
@@ -5569,6 +5343,9 @@ proto_register_dcerpc (void)
dcerpc_tap=register_tap("dcerpc");
g_hook_list_init(&dcerpc_hooks_init_protos, sizeof(GHook));
+
+ /* XXX - might better be located in a more general place than this */
+ guids_init();
}
void
diff --git a/epan/dissectors/packet-dcerpc.h b/epan/dissectors/packet-dcerpc.h
index fcdf4e397c..ff61a038a9 100644
--- a/epan/dissectors/packet-dcerpc.h
+++ b/epan/dissectors/packet-dcerpc.h
@@ -255,9 +255,6 @@ dcerpc_sub_dissector *dcerpc_get_proto_sub_dissector(e_uuid_t *uuid, guint16 ver
value_string *value_string_from_subdissectors(dcerpc_sub_dissector *sd);
-/* try to get protocol name registered for this uuid */
-const gchar *dcerpc_get_uuid_name(e_uuid_t *uuid, guint16 ver);
-
/* Private data passed to subdissectors from the main DCERPC dissector. */
typedef struct _dcerpc_call_value {
e_uuid_t uuid; /* interface UUID */
diff --git a/epan/dissectors/packet-dcom-cba-acco.c b/epan/dissectors/packet-dcom-cba-acco.c
index 8fdc30286f..1e8a392afe 100644
--- a/epan/dissectors/packet-dcom-cba-acco.c
+++ b/epan/dissectors/packet-dcom-cba-acco.c
@@ -419,11 +419,11 @@ cba_pdev_find(packet_info *pinfo, const char *ip, e_uuid_t *ipid)
pdev = interf->parent->private_data;
if(pdev == NULL) {
expert_add_info_format(pinfo, NULL, PI_UNDECODED, PI_NOTE, "pdev_find: no pdev for IP:%s IPID:%s",
- ip_to_str(ip), dcom_uuid_to_str(ipid));
+ ip_to_str(ip), guids_resolve_uuid_to_str(ipid));
}
} else {
expert_add_info_format(pinfo, NULL, PI_UNDECODED, PI_NOTE, "pdev_find: unknown interface of IP:%s IPID:%s",
- ip_to_str(ip), dcom_uuid_to_str(ipid));
+ ip_to_str(ip), guids_resolve_uuid_to_str(ipid));
pdev = NULL;
}
@@ -547,11 +547,11 @@ cba_ldev_find(packet_info *pinfo, const gchar *ip, e_uuid_t *ipid) {
}
if(ldev == NULL) {
expert_add_info_format(pinfo, NULL, PI_UNDECODED, PI_NOTE, "ldev_find: no ldev for IP:%s IPID:%s",
- ip_to_str(ip), dcom_uuid_to_str(&info->call_data->object_uuid));
+ ip_to_str(ip), guids_resolve_uuid_to_str(&info->call_data->object_uuid));
}
} else {
expert_add_info_format(pinfo, NULL, PI_UNDECODED, PI_NOTE, "ldev_find: unknown interface of IP:%s IPID:%s",
- ip_to_str(ip), dcom_uuid_to_str(&info->call_data->object_uuid));
+ ip_to_str(ip), guids_resolve_uuid_to_str(&info->call_data->object_uuid));
ldev = NULL;
}
diff --git a/epan/dissectors/packet-dcom-cba.c b/epan/dissectors/packet-dcom-cba.c
index d27ba4591d..90fbdefe9c 100644
--- a/epan/dissectors/packet-dcom-cba.c
+++ b/epan/dissectors/packet-dcom-cba.c
@@ -1526,7 +1526,7 @@ void
proto_reg_handoff_dcom_cba (void)
{
/* Register the CBA class ID */
- guids_add_guid(dcom_uuids, (e_guid_t *) &uuid_coclass_CBAPhysicalDevice, "CBA", NULL);
+ guids_add_uuid(&uuid_coclass_CBAPhysicalDevice, "CBA");
/* Register the interfaces */
dcerpc_init_uuid(proto_ICBAPhysicalDevice, ett_ICBAPhysicalDevice,
diff --git a/epan/dissectors/packet-dcom-remunkn.c b/epan/dissectors/packet-dcom-remunkn.c
index 9fe8bde111..a636abe17b 100644
--- a/epan/dissectors/packet-dcom-remunkn.c
+++ b/epan/dissectors/packet-dcom-remunkn.c
@@ -36,6 +36,7 @@
#include <epan/emem.h>
#include "packet-dcerpc.h"
#include "packet-dcom.h"
+#include "guid-utils.h"
static int hf_remunk_opnum = -1;
@@ -62,6 +63,8 @@ static e_uuid_t uuid_remunk = { 0x00000131, 0x0000, 0x0000, { 0xc0, 0x00, 0x00,
static guint16 ver_remunk = 0;
static int proto_remunk = -1;
+static e_uuid_t ipid_remunk = { 0x00000131, 0x1234, 0x5678, { 0xCA, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46 } };
+
/* There is a little bit confusion about the IRemUnknown2 interface UUIDs */
/* DCOM documentation tells us: 0x00000142 (7 methods) */
/* win2000 registry tells us: 0x00000142 IRemoteQI (4 methods) */
@@ -273,7 +276,7 @@ dissect_remunk_remrelease_rqst(tvbuff_t *tvb, int offset,
/* update subtree */
proto_item_append_text(sub_item, "[%u]: IPID=%s, PublicRefs=%u, PrivateRefs=%u",
u32ItemIdx,
- dcom_uuid_to_str(&ipid),
+ guids_resolve_uuid_to_str(&ipid),
u32PublicRefs, u32PrivateRefs);
proto_item_set_len(sub_item, offset - u32SubStart);
@@ -368,6 +371,10 @@ proto_register_remunk (void)
void
proto_reg_handoff_remunk (void)
{
+
+ /* Register the IPID */
+ guids_add_uuid(&ipid_remunk, "IPID-IRemUnknown");
+
/* Register the interfaces */
dcerpc_init_uuid(proto_remunk, ett_remunk,
&uuid_remunk, ver_remunk,
diff --git a/epan/dissectors/packet-dcom.c b/epan/dissectors/packet-dcom.c
index f399057ae1..4e1d88dd31 100644
--- a/epan/dissectors/packet-dcom.c
+++ b/epan/dissectors/packet-dcom.c
@@ -215,9 +215,11 @@ static int hf_dcom_vt_bstr = -1;
static int hf_dcom_vt_byref = -1;
static int hf_dcom_vt_dispatch = -1;
+/* this/that extension UUIDs */
static e_uuid_t uuid_debug_ext = { 0xf1f19680, 0x4d2a, 0x11ce, { 0xa6, 0x6a, 0x00, 0x20, 0xaf, 0x6e, 0x72, 0xf4} };
static e_uuid_t uuid_ext_error_ext ={ 0xf1f19681, 0x4d2a, 0x11ce, { 0xa6, 0x6a, 0x00, 0x20, 0xaf, 0x6e, 0x72, 0xf4} };
+/* general DCOM UUIDs */
static e_uuid_t ipid_rem_unknown = { 0x00000131, 0x1234, 0x5678, { 0xCA, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
static e_uuid_t iid_unknown = { 0x00000000, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
static e_uuid_t uuid_null = { 0x00000000, 0x0000, 0x0000, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} };
@@ -232,8 +234,6 @@ static const value_string dcom_thisthat_flag_vals[] = {
};
-GHashTable *dcom_uuids=NULL;
-
void dcom_interface_dump(void) {
dcom_machine_t *machine;
@@ -255,8 +255,8 @@ void dcom_interface_dump(void) {
for(interfaces = object->interfaces; interfaces != NULL; interfaces = g_list_next(interfaces)) {
interf = interfaces->data;
g_warning(" Interface(#%4u): iid:%s",
- interf->first_packet, dcom_uuid_to_str(&interf->iid));
- g_warning(" ipid:%s", dcom_uuid_to_str(&interf->ipid));
+ interf->first_packet, guids_resolve_uuid_to_str(&interf->iid));
+ g_warning(" ipid:%s", guids_resolve_uuid_to_str(&interf->ipid));
}
}
}
@@ -727,7 +727,7 @@ dissect_dcom_extent(tvbuff_t *tvb, int offset,
hf_dcom_extent_id, &uuidExtend);
/* look for a registered uuid name */
- if((uuid_name = guids_get_guid_name(dcom_uuids, (e_guid_t *) &uuidExtend)) != NULL) {
+ if((uuid_name = guids_get_uuid_name(&uuidExtend)) != NULL) {
proto_tree_add_guid_format_value(sub_tree, hf_dcom_extent_id, tvb,
offset, sizeof(e_uuid_t), (e_guid_t *) &uuidExtend, "%s (%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x)",
uuid_name,
@@ -807,11 +807,13 @@ dissect_dcom_this(tvbuff_t *tvb, int offset,
/* update subtree header */
proto_item_append_text(sub_item, ", V%u.%u, Causality ID: %s",
- u16VersionMajor, u16VersionMinor, dcom_uuid_to_str(&uuidCausality));
+ u16VersionMajor, u16VersionMinor, guids_resolve_uuid_to_str(&uuidCausality));
proto_item_set_len(sub_item, offset - u32SubStart);
if(memcmp(&info->call_data->object_uuid, &uuid_null, sizeof(uuid_null)) != 0) {
- pi = proto_tree_add_guid(tree, hf_dcom_ipid, tvb, offset, GUID_LEN, (e_guid_t *) &info->call_data->object_uuid);
+ pi = proto_tree_add_guid_format(tree, hf_dcom_ipid, tvb, offset, 0,
+ (e_guid_t *) &info->call_data->object_uuid,
+ "Object UUID/IPID: %s", guids_resolve_uuid_to_str(&info->call_data->object_uuid));
PROTO_ITEM_SET_GENERATED(pi);
}
@@ -846,7 +848,9 @@ dissect_dcom_that(tvbuff_t *tvb, int offset,
proto_item_set_len(sub_item, offset - u32SubStart);
if(memcmp(&info->call_data->object_uuid, &uuid_null, sizeof(uuid_null)) != 0) {
- pi = proto_tree_add_guid(tree, hf_dcom_ipid, tvb, offset, GUID_LEN, (e_guid_t *) &info->call_data->object_uuid);
+ pi = proto_tree_add_guid_format(tree, hf_dcom_ipid, tvb, offset, 0,
+ (e_guid_t *) &info->call_data->object_uuid,
+ "Object UUID/IPID: %s", guids_resolve_uuid_to_str(&info->call_data->object_uuid));
PROTO_ITEM_SET_GENERATED(pi);
}
@@ -888,37 +892,6 @@ dissect_dcom_simple_resp(tvbuff_t *tvb, int offset,
}
-/* Tries to match uuid against its name.
- Returns the associated string ptr on a match.
- Formats uuid number and returns the resulting string, on failure.
- (copied from val_to_str) */
-const gchar* dcom_uuid_to_str(e_uuid_t *uuid) {
- const gchar *ret;
- static gchar str[3][64];
- static gchar *cur;
-
-
- /* all DCOM interfaces are registered with version 0 */
- ret = dcerpc_get_uuid_name(uuid, 0);
- if (ret != NULL)
- return ret;
- if (cur == &str[0][0]) {
- cur = &str[1][0];
- } else if (cur == &str[1][0]) {
- cur = &str[2][0];
- } else {
- cur = &str[0][0];
- }
- g_snprintf(cur, 64, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
- uuid->Data1, uuid->Data2, uuid->Data3,
- uuid->Data4[0], uuid->Data4[1],
- uuid->Data4[2], uuid->Data4[3],
- uuid->Data4[4], uuid->Data4[5],
- uuid->Data4[6], uuid->Data4[7]);
- return cur;
-}
-
-
/* dissect a dcerpc array size */
int
dissect_dcom_dcerpc_array_size(tvbuff_t *tvb, gint offset, packet_info *pinfo,
@@ -1432,57 +1405,35 @@ dissect_dcom_UUID(tvbuff_t *tvb, int offset,
int hfindex, e_uuid_t *pdata)
{
const gchar *uuid_name;
- proto_item *pi;
header_field_info *hfi;
e_uuid_t uuid;
-#ifdef _WIN32
- char uuid_name2[MAX_PATH];
-#endif
- /* XXX - this is far from being performance optimized! */
/* get the UUID, but don't put it into the tree */
offset = dissect_ndr_uuid_t(tvb, offset, pinfo, NULL, drep,
hfindex, &uuid);
- /* look for a registered uuid name */
- uuid_name = dcerpc_get_uuid_name(&uuid, 0);
- if(uuid_name == NULL) {
- uuid_name = guids_get_guid_name(dcom_uuids, (e_guid_t *) &uuid);
- }
-
-#ifdef _WIN32
- if(uuid_name == NULL && ResolveWin32UUID(uuid, uuid_name2, MAX_PATH)) {
- uuid_name = uuid_name2;
- }
-#endif
-
/* add to the tree */
hfi = proto_registrar_get_nth(hfindex);
- pi = proto_tree_add_guid_format(tree, hfindex, tvb, offset-16, 16, (e_guid_t *) &uuid, "%s: ", hfi->name);
-
- /* give an expert info, if UUID is not known and not of a "temporary" kind */
- if( uuid_name == NULL &&
- strcmp(hfi->name, "Causality ID") != 0 &&
- strcmp(hfi->name, "IPID") != 0)
- {
- expert_add_info_format(pinfo, pi, PI_UNDECODED, PI_NOTE, "unknown %s: %s",
- hfi->name, guid_to_str( (e_guid_t *) &uuid));
- }
-
+ uuid_name = guids_get_uuid_name(&uuid);
if(uuid_name) {
- proto_item_append_text(pi, "%s (", uuid_name);
- }
-
- proto_item_append_text(pi, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
+ proto_tree_add_guid_format(tree, hfindex, tvb, offset-16, 16, (e_guid_t *) &uuid,
+ "%s: %s (%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x)",
+ hfi->name, uuid_name,
+ uuid.Data1, uuid.Data2, uuid.Data3,
+ uuid.Data4[0], uuid.Data4[1],
+ uuid.Data4[2], uuid.Data4[3],
+ uuid.Data4[4], uuid.Data4[5],
+ uuid.Data4[6], uuid.Data4[7]);
+ } else {
+ proto_tree_add_guid_format(tree, hfindex, tvb, offset-16, 16, (e_guid_t *) &uuid,
+ "%s: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
+ hfi->name,
uuid.Data1, uuid.Data2, uuid.Data3,
uuid.Data4[0], uuid.Data4[1],
uuid.Data4[2], uuid.Data4[3],
uuid.Data4[4], uuid.Data4[5],
uuid.Data4[6], uuid.Data4[7]);
-
- if(uuid_name) {
- proto_item_append_text(pi, ")", uuid_name);
}
if(pdata != NULL) {
@@ -1501,9 +1452,6 @@ dissect_dcom_append_UUID(tvbuff_t *tvb, int offset,
const gchar *uuid_name;
proto_item *pi;
header_field_info *hfi;
-#ifdef _WIN32
- char uuid_name2[MAX_PATH];
-#endif
/* XXX - this is far from being performance optimized! */
@@ -1513,30 +1461,12 @@ dissect_dcom_append_UUID(tvbuff_t *tvb, int offset,
hfindex, uuid);
/* look for a registered uuid name */
- uuid_name = dcerpc_get_uuid_name(uuid, 0);
- if(uuid_name == NULL) {
- uuid_name = guids_get_guid_name(dcom_uuids, (e_guid_t *) uuid);
- }
-
-#ifdef _WIN32
- if(uuid_name == NULL && ResolveWin32UUID(uuid, uuid_name2, MAX_PATH)) {
- uuid_name = uuid_name2;
- }
-#endif
+ uuid_name = guids_get_uuid_name(uuid);
/* add to the tree */
hfi = proto_registrar_get_nth(hfindex);
pi = proto_tree_add_guid_format(tree, hfindex, tvb, offset-16, 16, (e_guid_t *) uuid, "%s", hfi->name);
- /* give an expert info, if UUID is not known and not of a "temporary" kind */
- if( uuid_name == NULL &&
- strcmp(hfi->name, "Causality ID") != 0 &&
- strcmp(hfi->name, "IPID") != 0)
- {
- expert_add_info_format(pinfo, pi, PI_UNDECODED, PI_NOTE, "unknown %s: %s",
- hfi->name, guid_to_str( (e_guid_t *) uuid));
- }
-
if (field_index != -1) {
proto_item_append_text(pi, "[%u]: ", field_index);
} else {
@@ -1916,7 +1846,7 @@ dissect_dcom_STDOBJREF(tvbuff_t *tvb, gint offset, packet_info *pinfo,
/* append info to subtree header */
proto_item_append_text(sub_item, ": PublicRefs=%u IPID=%s",
- u32PublicRefs, dcom_uuid_to_str(ipid));
+ u32PublicRefs, guids_resolve_uuid_to_str(ipid));
proto_item_set_len(sub_item, offset - u32SubStart);
return offset;
@@ -2062,17 +1992,6 @@ dissect_dcom_PMInterfacePointer(tvbuff_t *tvb, gint offset, packet_info *pinfo,
}
-
-void dcom_register_server_coclass(int proto _U_, int ett _U_, e_uuid_t *uuid _U_, guint16 ver _U_,
- dcerpc_sub_dissector *sub_dissectors _U_, int opnum_hf _U_) {
-
- /* XXX: this must be simply the name registration of the UUID,
- * not a whole sub_dissector registration */
- /* but this is currently not possible :-( */
-/* dcerpc_init_uuid (proto, ett, uuid, ver, sub_dissectors, opnum_hf);*/
-}
-
-
static void dcom_reinit( void) {
dcom_machines = NULL;
dcom_interfaces = NULL;
@@ -2325,15 +2244,6 @@ proto_register_dcom (void)
proto_register_field_array(proto_dcom, hf_dcom_sa_array, array_length(hf_dcom_sa_array));
proto_register_subtree_array (ett_dcom, array_length (ett_dcom));
- /* register some "well known" UUID's */
- dcom_uuids = guids_new();
- guids_add_guid(dcom_uuids, (e_guid_t *) &uuid_debug_ext, "Debug Information Body Extension", NULL);
- guids_add_guid(dcom_uuids, (e_guid_t *) &uuid_ext_error_ext, "Extended Error Info Body Extension", NULL);
- guids_add_guid(dcom_uuids, (e_guid_t *) &ipid_rem_unknown, "IRemUnknown", NULL);
- guids_add_guid(dcom_uuids, (e_guid_t *) &iid_unknown, "IUnknown", NULL);
- guids_add_guid(dcom_uuids, (e_guid_t *) &uuid_null, "NULL", NULL);
- guids_add_guid(dcom_uuids, (e_guid_t *) &iid_class_factory, "IClassFactory", NULL);
-
/* preferences */
dcom_module = prefs_register_protocol(proto_dcom, proto_reg_handoff_dcom);
@@ -2351,6 +2261,14 @@ void
proto_reg_handoff_dcom (void)
{
+ /* register some "well known" UUID's */
+ guids_add_uuid(&uuid_debug_ext, "Debug Information Body Extension");
+ guids_add_uuid(&uuid_ext_error_ext, "Extended Error Info Body Extension");
+ guids_add_uuid(&ipid_rem_unknown, "IRemUnknown");
+ guids_add_uuid(&iid_unknown, "IUnknown");
+ guids_add_uuid(&uuid_null, "NULL");
+ guids_add_uuid(&iid_class_factory, "IClassFactory");
+
/* Currently, we have nothing to register for DCOM */
}
diff --git a/epan/dissectors/packet-dcom.h b/epan/dissectors/packet-dcom.h
index a1163fc79e..9de60fc7c4 100644
--- a/epan/dissectors/packet-dcom.h
+++ b/epan/dissectors/packet-dcom.h
@@ -106,9 +106,6 @@ dissect_dcom_append_UUID(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep,
int hfindex, int field_index, e_uuid_t *uuid);
-extern const gchar*
-dcom_uuid_to_str(e_uuid_t *uuid);
-
extern int
dissect_dcom_indexed_WORD(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep,
@@ -200,8 +197,4 @@ extern int
dissect_dcom_simple_resp(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, guint8 *drep);
-void dcom_register_server_coclass(int proto, int ett,
- e_uuid_t *uuid, guint16 ver,
- dcerpc_sub_dissector *sub_dissectors, int opnum_hf);
-
#endif /* packet-dcerpc-dcom.h */
generated by cgit v1.2.1 (git 2.18.0) at 2024-06-19 18:25:40 +0000