epan/dissectors/packet-dcerpc-taskschedulerservice.c

   1 /* packet-dcerpc-taskschedulerservice.c
   2  * Routines for DCE/RPC ITaskSchedulerService
   3  * Copyright 2021, Alex Sirr <alexsirruw@gmail.com>
   4  *
   5  * Wireshark - Network traffic analyzer
   6  * By Gerald Combs <gerald@wireshark.org>
   7  * Copyright 1998 Gerald Combs
   8  *
   9  * SPDX-License-Identifier: GPL-2.0-or-later
  10  */
  11
  12 #include "config.h"
  13
  14 #include <epan/packet.h>
  15 #include <wsutil/array.h>
  16 #include "packet-dcerpc.h"
  17
  18 void proto_register_dcerpc_taskschedulerservice(void);
  19 void proto_reg_handoff_dcerpc_taskschedulerservice(void);
  20
  21 static int hf_taskschedulerservice_opnum;
  22
  23 static e_guid_t uuid_taskschedulerservice = {0x86d35949, 0x83c9, 0x4044, {0xb4, 0x24, 0xdb, 0x36, 0x32, 0x31, 0xfd, 0x0c}};
  24 static uint16_t ver_taskschedulerservice = 1;
  25 static int ett_taskschedulerservice;
  26 static int proto_taskschedulerservice;
  27
  28 /* sub dissector table of ITaskSchedulerService interface */
  29 static const dcerpc_sub_dissector taskschedulerservice_dissectors[] = {
  30     /* Just map operations for now. Payloads are encrypted due to PKT_PRIVACY */
  31     {0, "SchRpcHighestVersion", NULL, NULL},
  32     {1, "SchRpcRegisterTask", NULL, NULL},
  33     {2, "SchRpcRetrieveTask", NULL, NULL},
  34     {3, "SchRpcCreateFolder", NULL, NULL},
  35     {4, "SchRpcSetSecurity", NULL, NULL},
  36     {5, "SchRpcGetSecurity", NULL, NULL},
  37     {6, "SchRpcEnumFolders", NULL, NULL},
  38     {7, "SchRpcEnumTasks", NULL, NULL},
  39     {8, "SchRpcEnumInstances", NULL, NULL},
  40     {9, "SchRpcGetInstanceInfo", NULL, NULL},
  41     {10, "SchRpcStopInstance", NULL, NULL},
  42     {11, "SchRpcStop", NULL, NULL},
  43     {12, "SchRpcRun", NULL, NULL},
  44     {13, "SchRpcDelete", NULL, NULL},
  45     {14, "SchRpcRename", NULL, NULL},
  46     {15, "SchRpcScheduledRuntimes", NULL, NULL},
  47     {16, "SchRpcGetLastRunInfo", NULL, NULL},
  48     {17, "SchRpcGetTaskInfo", NULL, NULL},
  49     {18, "SchRpcGetNumberOfMissedRuns", NULL, NULL},
  50     {19, "SchRpcEnableTask", NULL, NULL},
  51     {0, NULL, NULL, NULL},
  52 };
  53
  54 void proto_register_dcerpc_taskschedulerservice(void)
  55 {
  56      static hf_register_info hf_taskschedulerservice_array[] = {
  57         {&hf_taskschedulerservice_opnum,
  58          {"Operation", "taskschedulerservice.opnum", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL}},
  59     };
  60
  61
  62     static int *ett[] = {
  63         &ett_taskschedulerservice,
  64     };
  65
  66     proto_taskschedulerservice = proto_register_protocol("Microsoft Task Scheduler Service", "TaskSchedulerService", "taskschedulerservice");
  67     proto_register_field_array(proto_taskschedulerservice, hf_taskschedulerservice_array, array_length (hf_taskschedulerservice_array));
  68     proto_register_subtree_array(ett, array_length(ett));
  69 }
  70
  71 void proto_reg_handoff_dcerpc_taskschedulerservice(void)
  72 {
  73     dcerpc_init_uuid(proto_taskschedulerservice, ett_taskschedulerservice,
  74                      &uuid_taskschedulerservice, ver_taskschedulerservice,
  75                      taskschedulerservice_dissectors, hf_taskschedulerservice_opnum);
  76 }
  77
  78 /*
  79  * Editor modelines  -  https://www.wireshark.org/tools/modelines.html
  80  *
  81  * Local variables:
  82  * c-basic-offset: 8
  83  * tab-width: 8
  84  * indent-tabs-mode: t
  85  * End:
  86  *
  87  * vi: set shiftwidth=8 tabstop=8 noexpandtab:
  88  * :indentSize=8:tabSize=8:noTabs=false:
  89  */