summaryrefslogtreecommitdiff
path: root/epan/dissectors/packet-dcerpc.c
diff options
context:
space:
mode:
Diffstat (limited to 'epan/dissectors/packet-dcerpc.c')
-rw-r--r--epan/dissectors/packet-dcerpc.c287
1 files changed, 32 insertions, 255 deletions
diff --git a/epan/dissectors/packet-dcerpc.c b/epan/dissectors/packet-dcerpc.c
index 1eab86f40b..0fd7068351 100644
--- a/epan/dissectors/packet-dcerpc.c
+++ b/epan/dissectors/packet-dcerpc.c
@@ -48,10 +48,6 @@
#include <epan/expert.h>
#include <epan/strutil.h>
-#ifdef _WIN32
-#include <tchar.h>
-#endif
-
static int dcerpc_tap = -1;
@@ -494,38 +490,6 @@ static const fragment_items dcerpc_frag_items = {
/* list of hooks to be called when init_protocols is done */
GHookList dcerpc_hooks_init_protos;
-#ifdef _WIN32
-int ResolveWin32UUID(e_uuid_t if_id, char *uuid_name, int uuid_name_max_len)
-{
- TCHAR reg_uuid_name[MAX_PATH];
- HKEY hKey = NULL;
- DWORD uuid_max_size = MAX_PATH;
- TCHAR reg_uuid_str[MAX_PATH];
-
- if(uuid_name_max_len < 2)
- return 0;
- reg_uuid_name[0] = '\0';
- _snwprintf(reg_uuid_str, MAX_PATH, _T("SOFTWARE\\Classes\\Interface\\{%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}"),
- if_id.Data1, if_id.Data2, if_id.Data3,
- if_id.Data4[0], if_id.Data4[1],
- if_id.Data4[2], if_id.Data4[3],
- if_id.Data4[4], if_id.Data4[5],
- if_id.Data4[6], if_id.Data4[7]);
- if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, reg_uuid_str, 0, KEY_QUERY_VALUE, &hKey) == ERROR_SUCCESS)
- {
- if (RegQueryValueEx(hKey, NULL, NULL, NULL, (LPBYTE)reg_uuid_name, &uuid_max_size) == ERROR_SUCCESS && uuid_max_size <= MAX_PATH)
- {
- g_snprintf(uuid_name, uuid_name_max_len, "%s", utf_16to8(reg_uuid_name));
- RegCloseKey(hKey);
- return strlen(uuid_name);
- }
- RegCloseKey(hKey);
- }
- return 0; /* we didn't find anything anyhow. Please don't use the string! */
-
-}
-#endif
-
static dcerpc_info *
get_next_di(void)
{
@@ -730,30 +694,11 @@ dcerpc_init_uuid (int proto, int ett, e_uuid_t *uuid, guint16 ver,
hf_info = proto_registrar_get_nth(opnum_hf);
hf_info->strings = value_string_from_subdissectors(procs);
-}
-
-/* try to get registered name for this uuid */
-const gchar *dcerpc_get_uuid_name(e_uuid_t *uuid, guint16 ver)
-{
- dcerpc_uuid_key key;
- dcerpc_uuid_value *sub_proto;
-
-
- /* try to get registered uuid "name" of if_id */
- key.uuid = *uuid;
- key.ver = ver;
-
- if ((sub_proto = g_hash_table_lookup (dcerpc_uuids, &key)) != NULL
- && proto_is_protocol_enabled(sub_proto->proto)) {
-
- return sub_proto->name;
- }
-
- return NULL;
+ /* add this GUID to the global name resolving */
+ guids_add_uuid(uuid, proto_get_protocol_short_name (value->proto));
}
-
/* Function to find the name of a registered protocol
* or NULL if the protocol/version is not known to wireshark.
*/
@@ -1147,41 +1092,15 @@ dissect_dcerpc_uuid_t (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
int hfindex, e_uuid_t *pdata)
{
e_uuid_t uuid;
-#if 0
- header_field_info* hfi;
- gchar *uuid_name;
-#endif
- dcerpc_tvb_get_uuid (tvb, offset, drep, &uuid);
+ if (drep[0] & 0x10) {
+ tvb_get_letohguid (tvb, offset, (e_guid_t *) &uuid);
+ } else {
+ tvb_get_ntohguid (tvb, offset, (e_guid_t *) &uuid);
+ }
if (tree) {
-#if 0
- /* get name of protocol field to prepend it later */
- hfi = proto_registrar_get_nth(hfindex);
-
- /* XXX - get the name won't work correct, as we don't know the version of this uuid (if it has one) */
- /* look for a registered uuid name */
- uuid_name = dcerpc_get_uuid_name(&uuid, 0);
-
- if (uuid_name) {
- /* we know the name of this uuid */
- proto_tree_add_string_format (tree, hfindex, tvb, offset, 16, "",
- "%s: %s (%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x)",
- hfi->name, uuid_name,
- uuid.Data1, uuid.Data2, uuid.Data3,
- uuid.Data4[0], uuid.Data4[1],
- uuid.Data4[2], uuid.Data4[3],
- uuid.Data4[4], uuid.Data4[5],
- uuid.Data4[6], uuid.Data4[7]);
- } else {
-#endif
- /* GUID have changed from FT_STRING to FT_GUID
- (XXX - have we changed all dissectors?).
- */
- proto_tree_add_guid(tree, hfindex, tvb, offset, 16, (e_guid_t *) &uuid);
-#if 0
- }
-#endif
+ proto_tree_add_guid(tree, hfindex, tvb, offset, 16, (e_guid_t *) &uuid);
}
if (pdata) {
*pdata = uuid;
@@ -1224,7 +1143,6 @@ dcerpc_tvb_get_uuid (tvbuff_t *tvb, gint offset, guint8 *drep, e_uuid_t *uuid)
}
-
/* NDR arrays */
/* function to dissect a unidimensional conformant array */
int
@@ -2210,9 +2128,6 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree,
tvbuff_t *volatile stub_tvb;
volatile guint auth_pad_len;
volatile int auth_pad_offset;
-#ifdef _WIN32
- char uuid_name[MAX_PATH];
-#endif
proto_item *sub_item=NULL;
proto_item *pi;
@@ -2230,20 +2145,8 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree,
proto_tree_add_boolean_hidden(dcerpc_tree, hf_dcerpc_unknown_if_id,
tvb, offset, 0, TRUE);
if (check_col (pinfo->cinfo, COL_INFO)) {
-#ifdef _WIN32
- if(ResolveWin32UUID(info->call_data->uuid, uuid_name, MAX_PATH))
- col_append_fstr (pinfo->cinfo, COL_INFO, " [%s] UUID: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x rpcver: %u",
- uuid_name, info->call_data->uuid.Data1, info->call_data->uuid.Data2, info->call_data->uuid.Data3, info->call_data->uuid.Data4[0],
- info->call_data->uuid.Data4[1], info->call_data->uuid.Data4[2], info->call_data->uuid.Data4[3],
- info->call_data->uuid.Data4[4], info->call_data->uuid.Data4[5], info->call_data->uuid.Data4[6],
- info->call_data->uuid.Data4[7], info->call_data->ver);
-else
-#endif
- col_append_fstr (pinfo->cinfo, COL_INFO, " UNKUUID: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x rpcver: %u",
- info->call_data->uuid.Data1, info->call_data->uuid.Data2, info->call_data->uuid.Data3, info->call_data->uuid.Data4[0],
- info->call_data->uuid.Data4[1], info->call_data->uuid.Data4[2], info->call_data->uuid.Data4[3],
- info->call_data->uuid.Data4[4], info->call_data->uuid.Data4[5], info->call_data->uuid.Data4[6],
- info->call_data->uuid.Data4[7], info->call_data->ver);
+ col_append_fstr (pinfo->cinfo, COL_INFO, " %s V%u",
+ guids_resolve_uuid_to_str(&info->call_data->uuid), info->call_data->ver);
}
if (decrypted_tvb != NULL) {
@@ -2611,13 +2514,9 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
e_uuid_t trans_id;
guint32 trans_ver;
guint16 if_ver, if_ver_minor;
- char uuid_str[DCERPC_UUID_STR_LEN];
- int uuid_str_len;
dcerpc_auth_info auth_info;
- char *uuid_name = NULL;
-#ifdef _WIN32
- char uuid_name2[MAX_PATH];
-#endif
+ char *uuid_str;
+ const char *uuid_name = NULL;
proto_item *iface_item;
offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
@@ -2683,33 +2582,17 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
iface_item = proto_tree_add_item(ctx_tree, hf_dcerpc_cn_bind_abstract_syntax, tvb, offset, 0, FALSE);
iface_tree = proto_item_add_subtree(iface_item, ett_dcerpc_cn_iface);
- uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
- "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
- if_id.Data1, if_id.Data2, if_id.Data3,
- if_id.Data4[0], if_id.Data4[1],
- if_id.Data4[2], if_id.Data4[3],
- if_id.Data4[4], if_id.Data4[5],
- if_id.Data4[6], if_id.Data4[7]);
-
- if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
- memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
-
-#ifdef _WIN32
- if(ResolveWin32UUID(if_id, uuid_name2, MAX_PATH)) {
- uuid_name = uuid_name2;
- }
+ uuid_str = guid_to_str((e_guid_t*)&if_id);
+ uuid_name = guids_get_uuid_name(&if_id);
if(uuid_name) {
proto_tree_add_guid_format (iface_tree, hf_dcerpc_cn_bind_if_id, tvb,
offset, 16, (e_guid_t *) &if_id, "Interface: %s UUID: %s", uuid_name, uuid_str);
proto_item_append_text(iface_item, "%s", uuid_name);
} else {
-#endif
proto_tree_add_guid_format (iface_tree, hf_dcerpc_cn_bind_if_id, tvb,
offset, 16, (e_guid_t *) &if_id, "Interface UUID: %s", uuid_str);
proto_item_append_text(iface_item, "%s", uuid_str);
-#ifdef _WIN32
}
-#endif
}
offset += 16;
@@ -2767,36 +2650,11 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
}
if (check_col (pinfo->cinfo, COL_INFO)) {
- dcerpc_uuid_key key;
- dcerpc_uuid_value *value;
-
- key.uuid = if_id;
- key.ver = if_ver;
-
if (num_ctx_items > 1)
col_append_fstr(pinfo->cinfo, COL_INFO, ", %u context items, 1st", num_ctx_items);
- if ((value = g_hash_table_lookup(dcerpc_uuids, &key)))
- col_append_fstr(pinfo->cinfo, COL_INFO, " UUID: %s", value->name);
- else
-#ifdef _WIN32
- if(ResolveWin32UUID(if_id, uuid_name2, MAX_PATH))
- col_append_fstr(pinfo->cinfo, COL_INFO, " [%s] UUID: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x ver %u.%u",
- uuid_name2, if_id.Data1, if_id.Data2, if_id.Data3,
- if_id.Data4[0], if_id.Data4[1],
- if_id.Data4[2], if_id.Data4[3],
- if_id.Data4[4], if_id.Data4[5],
- if_id.Data4[6], if_id.Data4[7],
- if_ver, if_ver_minor);
- else
-#endif
- col_append_fstr(pinfo->cinfo, COL_INFO, " UUID: %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x ver %u.%u",
- if_id.Data1, if_id.Data2, if_id.Data3,
- if_id.Data4[0], if_id.Data4[1],
- if_id.Data4[2], if_id.Data4[3],
- if_id.Data4[4], if_id.Data4[5],
- if_id.Data4[6], if_id.Data4[7],
- if_ver, if_ver_minor);
+ col_append_fstr(pinfo->cinfo, COL_INFO, " %s V%u.%u",
+ guids_resolve_uuid_to_str(&if_id), if_ver, if_ver_minor);
}
saw_ctx_item = TRUE;
}
@@ -2811,15 +2669,7 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, gint offset, packet_info *pinfo,
trans_item = proto_tree_add_item(ctx_tree, hf_dcerpc_cn_bind_trans_syntax, tvb, offset, 0, FALSE);
trans_tree = proto_item_add_subtree(trans_item, ett_dcerpc_cn_trans_syntax);
- uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
- "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
- trans_id.Data1, trans_id.Data2, trans_id.Data3,
- trans_id.Data4[0], trans_id.Data4[1],
- trans_id.Data4[2], trans_id.Data4[3],
- trans_id.Data4[4], trans_id.Data4[5],
- trans_id.Data4[6], trans_id.Data4[7]);
- if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
- memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
+ uuid_str = guid_to_str((e_guid_t *) &trans_id);
proto_tree_add_guid_format (trans_tree, hf_dcerpc_cn_bind_trans_id, tvb,
offset, 16, (e_guid_t *) &trans_id, "Transfer Syntax: %s", uuid_str);
proto_item_append_text(trans_item, "[%u]: %s", j+1, uuid_str);
@@ -2859,8 +2709,6 @@ dissect_dcerpc_cn_bind_ack (tvbuff_t *tvb, gint offset, packet_info *pinfo,
guint16 reason;
e_uuid_t trans_id;
guint32 trans_ver;
- char uuid_str[DCERPC_UUID_STR_LEN];
- int uuid_str_len;
dcerpc_auth_info auth_info;
offset = dissect_dcerpc_uint16 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
@@ -2917,17 +2765,9 @@ dissect_dcerpc_cn_bind_ack (tvbuff_t *tvb, gint offset, packet_info *pinfo,
dcerpc_tvb_get_uuid (tvb, offset, hdr->drep, &trans_id);
if (ctx_tree) {
- uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
- "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
- trans_id.Data1, trans_id.Data2, trans_id.Data3,
- trans_id.Data4[0], trans_id.Data4[1],
- trans_id.Data4[2], trans_id.Data4[3],
- trans_id.Data4[4], trans_id.Data4[5],
- trans_id.Data4[6], trans_id.Data4[7]);
- if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
- memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
proto_tree_add_guid_format (ctx_tree, hf_dcerpc_cn_ack_trans_id, tvb,
- offset, 16, (e_guid_t *) &trans_id, "Transfer Syntax: %s", uuid_str);
+ offset, 16, (e_guid_t *) &trans_id, "Transfer Syntax: %s",
+ guid_to_str((e_guid_t *) &trans_id));
}
offset += 16;
@@ -3334,8 +3174,6 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo,
e_uuid_t obj_id = DCERPC_UUID_NULL;
dcerpc_auth_info auth_info;
guint32 alloc_hint;
- char uuid_str[DCERPC_UUID_STR_LEN];
- int uuid_str_len;
proto_item *pi;
proto_item *parent_pi;
@@ -3373,21 +3211,9 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, gint offset, packet_info *pinfo,
if (hdr->flags & PFC_OBJECT_UUID) {
dcerpc_tvb_get_uuid (tvb, offset, hdr->drep, &obj_id);
if (dcerpc_tree) {
- uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
- "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
- obj_id.Data1, obj_id.Data2, obj_id.Data3,
- obj_id.Data4[0],
- obj_id.Data4[1],
- obj_id.Data4[2],
- obj_id.Data4[3],
- obj_id.Data4[4],
- obj_id.Data4[5],
- obj_id.Data4[6],
- obj_id.Data4[7]);
- if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
- memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_obj_id, tvb,
- offset, 16, (e_guid_t *) &obj_id, "Object UUID: %s", uuid_str);
+ offset, 16, (e_guid_t *) &obj_id, "Object UUID: %s",
+ guid_to_str((e_guid_t *) &obj_id));
}
offset += 16;
}
@@ -3527,8 +3353,6 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, gint offset, packet_info *pinfo,
guint32 alloc_hint;
proto_item *pi;
proto_item *parent_pi;
- char uuid_str[DCERPC_UUID_STR_LEN];
- int uuid_str_len;
e_uuid_t obj_id_null = DCERPC_UUID_NULL;
offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, hdr->drep,
@@ -3625,21 +3449,9 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, gint offset, packet_info *pinfo,
/* (optional) "Object UUID" from request */
if (value && dcerpc_tree && memcmp(&value->object_uuid, &obj_id_null, sizeof(obj_id_null)) != 0) {
- uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
- "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
- value->object_uuid.Data1, value->object_uuid.Data2, value->object_uuid.Data3,
- value->object_uuid.Data4[0],
- value->object_uuid.Data4[1],
- value->object_uuid.Data4[2],
- value->object_uuid.Data4[3],
- value->object_uuid.Data4[4],
- value->object_uuid.Data4[5],
- value->object_uuid.Data4[6],
- value->object_uuid.Data4[7]);
- if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
- memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
pi = proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_obj_id, tvb,
- offset, 0, (e_guid_t *) &value->object_uuid, "Object UUID: %s", uuid_str);
+ offset, 0, (e_guid_t *) &value->object_uuid, "Object UUID: %s",
+ guid_to_str((e_guid_t *) &value->object_uuid));
PROTO_ITEM_SET_GENERATED(pi);
}
@@ -4850,8 +4662,6 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
int offset = 0;
conversation_t *conv;
int auth_level;
- char uuid_str[DCERPC_UUID_STR_LEN];
- int uuid_str_len;
/*
* Check if this looks like a CL DCERPC call. All dg packets
@@ -5005,59 +4815,23 @@ dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
offset++;
if (tree) {
- uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
- "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
- hdr.obj_id.Data1, hdr.obj_id.Data2, hdr.obj_id.Data3,
- hdr.obj_id.Data4[0],
- hdr.obj_id.Data4[1],
- hdr.obj_id.Data4[2],
- hdr.obj_id.Data4[3],
- hdr.obj_id.Data4[4],
- hdr.obj_id.Data4[5],
- hdr.obj_id.Data4[6],
- hdr.obj_id.Data4[7]);
- if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
- memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_obj_id, tvb,
- offset, 16, (e_guid_t *) &hdr.obj_id, "Object UUID: %s", uuid_str);
+ offset, 16, (e_guid_t *) &hdr.obj_id, "Object UUID: %s",
+ guid_to_str((e_guid_t *) &hdr.obj_id));
}
offset += 16;
if (tree) {
- uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
- "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
- hdr.if_id.Data1, hdr.if_id.Data2, hdr.if_id.Data3,
- hdr.if_id.Data4[0],
- hdr.if_id.Data4[1],
- hdr.if_id.Data4[2],
- hdr.if_id.Data4[3],
- hdr.if_id.Data4[4],
- hdr.if_id.Data4[5],
- hdr.if_id.Data4[6],
- hdr.if_id.Data4[7]);
- if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
- memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_dg_if_id, tvb,
- offset, 16, (e_guid_t *) &hdr.if_id, "Interface: %s", uuid_str);
+ offset, 16, (e_guid_t *) &hdr.if_id, "Interface: %s",
+ guid_to_str((e_guid_t *) &hdr.if_id));
}
offset += 16;
if (tree) {
- uuid_str_len = g_snprintf(uuid_str, DCERPC_UUID_STR_LEN,
- "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
- hdr.act_id.Data1, hdr.act_id.Data2, hdr.act_id.Data3,
- hdr.act_id.Data4[0],
- hdr.act_id.Data4[1],
- hdr.act_id.Data4[2],
- hdr.act_id.Data4[3],
- hdr.act_id.Data4[4],
- hdr.act_id.Data4[5],
- hdr.act_id.Data4[6],
- hdr.act_id.Data4[7]);
- if (uuid_str_len == -1 || uuid_str_len >= DCERPC_UUID_STR_LEN)
- memset(uuid_str, 0, DCERPC_UUID_STR_LEN);
proto_tree_add_guid_format (dcerpc_tree, hf_dcerpc_dg_act_id, tvb,
- offset, 16, (e_guid_t *) &hdr.act_id, "Activity: %s", uuid_str);
+ offset, 16, (e_guid_t *) &hdr.act_id, "Activity: %s",
+ guid_to_str((e_guid_t *) &hdr.act_id));
}
offset += 16;
@@ -5569,6 +5343,9 @@ proto_register_dcerpc (void)
dcerpc_tap=register_tap("dcerpc");
g_hook_list_init(&dcerpc_hooks_init_protos, sizeof(GHook));
+
+ /* XXX - might better be located in a more general place than this */
+ guids_init();
}
void
generated by cgit v1.2.1 (git 2.18.0) at 2024-06-27 02:37:06 +0000