epan/dissectors/packet-dcerpc-messenger.c

   1 /* packet-dcerpc-messenger.c
   2  * Routines for SMB \PIPE\msgsvc packet disassembly
   3  * Copyright 2003 Ronnie Sahlberg
   4  *
   5  * Wireshark - Network traffic analyzer
   6  * By Gerald Combs <gerald@wireshark.org>
   7  * Copyright 1998 Gerald Combs
   8  *
   9  * SPDX-License-Identifier: GPL-2.0-or-later
  10  */
  11
  12 #include "config.h"
  13
  14 #include <epan/packet.h>
  15 #include "packet-dcerpc.h"
  16 #include "packet-dcerpc-nt.h"
  17 #include "packet-windows-common.h"
  18
  19 void proto_register_dcerpc_messenger(void);
  20 void proto_reg_handoff_dcerpc_messenger(void);
  21
  22 static int proto_dcerpc_messenger;
  23 static int hf_messenger_opnum;
  24 static int hf_messenger_rc;
  25 static int hf_messenger_server;
  26 static int hf_messenger_client;
  27 static int hf_messenger_message;
  28
  29 static int ett_dcerpc_messenger;
  30
  31
  32 /* Windows messenger service listens on two endpoints:
  33  *   \pipe\msgsvc named pipe
  34  *   a dynamic UDP port
  35  */
  36
  37 static e_guid_t uuid_dcerpc_messenger = {
  38         0x5a7b91f8, 0xff00, 0x11d0,
  39         { 0xa9, 0xb2, 0x00, 0xc0, 0x4f, 0xb6, 0xe6, 0xfc}
  40 };
  41
  42 static uint16_t ver_dcerpc_messenger = 1;
  43
  44
  45
  46 /*
  47  * IDL  [in][string][ref] char *server;
  48  * IDL  [in][string][ref] char *client;
  49  * IDL  [in][string][ref] char *message;
  50  */
  51 static int
  52 messenger_dissect_send_message_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
  53                             proto_tree *tree, dcerpc_info *di, uint8_t *drep)
  54 {
  55         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
  56                         dissect_ndr_char_cvstring, NDR_POINTER_REF,
  57                         "Server", hf_messenger_server);
  58         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
  59                         dissect_ndr_char_cvstring, NDR_POINTER_REF,
  60                         "Client", hf_messenger_client);
  61         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
  62                         dissect_ndr_char_cvstring, NDR_POINTER_REF,
  63                         "Message", hf_messenger_message);
  64
  65
  66         return offset;
  67 }
  68 static int
  69 messenger_dissect_send_message_reply(tvbuff_t *tvb, int offset, packet_info *pinfo,
  70                             proto_tree *tree, dcerpc_info *di, uint8_t *drep)
  71 {
  72         offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep,
  73                                   hf_messenger_rc, NULL);
  74
  75         return offset;
  76 }
  77
  78
  79
  80 static const dcerpc_sub_dissector dcerpc_messenger_dissectors[] = {
  81         {0, "NetrSendMessage",
  82                 messenger_dissect_send_message_rqst,
  83                 messenger_dissect_send_message_reply },
  84         {0, NULL, NULL,  NULL }
  85 };
  86
  87 void
  88 proto_register_dcerpc_messenger(void)
  89 {
  90         static hf_register_info hf[] = {
  91
  92                 { &hf_messenger_opnum,
  93                   { "Operation", "messenger.opnum", FT_UINT16, BASE_DEC,
  94                     NULL, 0x0, NULL, HFILL }},
  95
  96                 { &hf_messenger_rc,
  97                   { "Return code", "messenger.rc", FT_UINT32, BASE_HEX | BASE_EXT_STRING, &NT_errors_ext, 0x0, NULL, HFILL }},
  98
  99                 { &hf_messenger_server, {
 100                 "Server", "messenger.server",
 101                 FT_STRING, BASE_NONE, NULL, 0, "Server to send the message to", HFILL }},
 102
 103                 { &hf_messenger_client, {
 104                 "Client", "messenger.client",
 105                 FT_STRING, BASE_NONE, NULL, 0, "Client that sent the message", HFILL }},
 106
 107                 { &hf_messenger_message, {
 108                 "Message", "messenger.message",
 109                 FT_STRING, BASE_NONE, NULL, 0, "The message being sent", HFILL }}
 110
 111         };
 112
 113         static int *ett[] = {
 114                 &ett_dcerpc_messenger
 115         };
 116
 117         proto_dcerpc_messenger = proto_register_protocol("Microsoft Messenger Service", "Messenger", "messenger");
 118
 119         proto_register_field_array (proto_dcerpc_messenger, hf, array_length (hf));
 120         proto_register_subtree_array(ett, array_length(ett));
 121
 122 }
 123
 124 void
 125 proto_reg_handoff_dcerpc_messenger(void)
 126 {
 127         /* Register protocol as dcerpc */
 128
 129         dcerpc_init_uuid(proto_dcerpc_messenger, ett_dcerpc_messenger, &uuid_dcerpc_messenger,
 130                          ver_dcerpc_messenger, dcerpc_messenger_dissectors, hf_messenger_opnum);
 131 }
 132
 133 /*
 134  * Editor modelines  -  https://www.wireshark.org/tools/modelines.html
 135  *
 136  * Local variables:
 137  * c-basic-offset: 8
 138  * tab-width: 8
 139  * indent-tabs-mode: t
 140  * End:
 141  *
 142  * vi: set shiftwidth=8 tabstop=8 noexpandtab:
 143  * :indentSize=8:tabSize=8:noTabs=false:
 144  */