1 /* packet-dcerpc-tapi.c
2 * Routines for DCERPC TAPI packet disassembly
3 * Copyright 2002, Ronnie Sahlberg
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 1998 Gerald Combs
9 * SPDX-License-Identifier: GPL-2.0-or-later
11 /* The IDL file for this interface can be extracted by grepping for idl
17 #include <epan/packet.h>
18 #include "packet-dcerpc.h"
19 #include "packet-dcerpc-nt.h"
20 #include "packet-dcerpc-tapi.h"
21 #include "packet-windows-common.h"
23 void proto_register_dcerpc_tapi(void);
24 void proto_reg_handoff_dcerpc_tapi(void);
26 static int proto_dcerpc_tapi
;
27 static int hf_tapi_opnum
;
28 static int hf_tapi_rc
;
29 static int hf_tapi_hnd
;
30 static int hf_tapi_unknown_long
;
31 static int hf_tapi_unknown_string
;
32 static int hf_tapi_unknown_bytes
;
34 static int ett_dcerpc_tapi
;
37 IDL [ uuid(2f5f6520-ca46-1067-b319-00dd010662da),
39 IDL implicit_handle(handle_t rpc_binding)
43 static e_guid_t uuid_dcerpc_tapi
= {
44 0x2f5f6520, 0xca46, 0x1067,
45 { 0xb3, 0x19, 0x00, 0xdd, 0x01, 0x06, 0x62, 0xda }
48 static uint16_t ver_dcerpc_tapi
= 1;
51 IDL long ClientAttach(
52 IDL [out] [context_handle] void *element_1,
53 IDL [in] long element_2,
54 IDL [out] long element_3,
55 IDL [in] [string] [ref] wchar_t *element_4,
56 IDL [in] [string] [ref] wchar_t *element_5
60 dissect_tapi_client_attach_rqst(tvbuff_t
*tvb
, int offset
,
61 packet_info
*pinfo
, proto_tree
*tree
,
62 dcerpc_info
*di
, uint8_t *drep
)
64 offset
= dissect_ndr_uint32(tvb
, offset
, pinfo
, tree
, di
, drep
,
65 hf_tapi_unknown_long
, NULL
);
67 offset
= dissect_ndr_str_pointer_item(tvb
, offset
, pinfo
, tree
, di
, drep
,
68 NDR_POINTER_REF
, "unknown string",
69 hf_tapi_unknown_string
, 0);
71 offset
= dissect_ndr_str_pointer_item(tvb
, offset
, pinfo
, tree
, di
, drep
,
72 NDR_POINTER_REF
, "unknown string",
73 hf_tapi_unknown_string
, 0);
78 dissect_tapi_client_attach_reply(tvbuff_t
*tvb
, int offset
,
79 packet_info
*pinfo
, proto_tree
*tree
,
80 dcerpc_info
*di
, uint8_t *drep
)
82 offset
= dissect_ndr_ctx_hnd(tvb
, offset
, pinfo
, tree
, di
, drep
,
85 offset
= dissect_ndr_uint32(tvb
, offset
, pinfo
, tree
, di
, drep
,
86 hf_tapi_unknown_long
, NULL
);
88 offset
= dissect_ndr_uint32(tvb
, offset
, pinfo
, tree
, di
, drep
,
95 IDL long ClientRequest(
96 IDL [in] [context_handle] void *element_6,
97 IDL [in,out] [size_is(element_8)] [length_is(???)] char element_7[*],
98 IDL [in] long element_8
102 dissect_tapi_TYPE_1(tvbuff_t
*tvb
, int offset
,
103 packet_info
*pinfo
, proto_tree
*tree
,
104 dcerpc_info
*di
, uint8_t *drep
)
106 if(di
->conformant_run
){
107 /* this call is to make wireshark eat the array header for the conformant run */
108 offset
=dissect_ndr_ucvarray(tvb
, offset
, pinfo
, tree
, di
, drep
, NULL
);
113 proto_tree_add_item(tree
, hf_tapi_unknown_bytes
, tvb
, offset
,
114 di
->array_actual_count
, ENC_NA
);
115 offset
+= di
->array_actual_count
;
121 dissect_tapi_client_request_rqst(tvbuff_t
*tvb
, int offset
,
122 packet_info
*pinfo
, proto_tree
*tree
,
123 dcerpc_info
*di
, uint8_t *drep
)
125 offset
= dissect_ndr_ctx_hnd(tvb
, offset
, pinfo
, tree
, di
, drep
,
128 offset
= dissect_ndr_pointer(tvb
, offset
, pinfo
, tree
, di
, drep
,
129 dissect_tapi_TYPE_1
, NDR_POINTER_REF
,
130 "unknown array", -1);
132 offset
= dissect_ndr_uint32(tvb
, offset
, pinfo
, tree
, di
, drep
,
133 hf_tapi_unknown_long
, NULL
);
138 dissect_tapi_client_request_reply(tvbuff_t
*tvb
, int offset
,
139 packet_info
*pinfo
, proto_tree
*tree
,
140 dcerpc_info
*di
, uint8_t *drep
)
142 offset
= dissect_ndr_uint32(tvb
, offset
, pinfo
, tree
, di
, drep
,
150 IDL void ClientDetach(
155 dissect_tapi_client_detach_rqst(tvbuff_t
*tvb _U_
, int offset
,
156 packet_info
*pinfo _U_
, proto_tree
*tree _U_
,
157 dcerpc_info
*di _U_
, uint8_t *drep _U_
)
162 dissect_tapi_client_detach_reply(tvbuff_t
*tvb _U_
, int offset
,
163 packet_info
*pinfo _U_
, proto_tree
*tree _U_
,
164 dcerpc_info
*di _U_
, uint8_t *drep _U_
)
172 static const dcerpc_sub_dissector dcerpc_tapi_dissectors
[] = {
173 { TAPI_CLIENT_ATTACH
, "ClientAttach",
174 dissect_tapi_client_attach_rqst
,
175 dissect_tapi_client_attach_reply
},
176 { TAPI_CLIENT_REQUEST
, "ClientRequest",
177 dissect_tapi_client_request_rqst
,
178 dissect_tapi_client_request_reply
},
179 { TAPI_CLIENT_DETACH
, "ClientDetach",
180 dissect_tapi_client_detach_rqst
,
181 dissect_tapi_client_detach_reply
},
183 {0, NULL
, NULL
, NULL
}
187 proto_register_dcerpc_tapi(void)
189 static hf_register_info hf
[] = {
191 "Operation", "tapi.opnum", FT_UINT16
, BASE_DEC
,
192 NULL
, 0x0, NULL
, HFILL
}},
194 "Return code", "tapi.rc", FT_UINT32
, BASE_HEX
| BASE_EXT_STRING
,
195 &NT_errors_ext
, 0x0, "TAPI return code", HFILL
}},
197 "Context Handle", "tapi.hnd", FT_BYTES
, BASE_NONE
,
198 NULL
, 0x0, NULL
, HFILL
}},
199 { &hf_tapi_unknown_long
, {
200 "Unknown long", "tapi.unknown.long", FT_UINT32
, BASE_HEX
,
201 NULL
, 0x0, "Unknown long. If you know what this is, contact wireshark developers.", HFILL
}},
202 { &hf_tapi_unknown_string
, {
203 "Unknown string", "tapi.unknown.string", FT_STRING
, BASE_NONE
,
204 NULL
, 0x0, "Unknown string. If you know what this is, contact wireshark developers.", HFILL
}},
205 { &hf_tapi_unknown_bytes
, {
206 "Unknown bytes", "tapi.unknown.bytes", FT_BYTES
, BASE_NONE
,
207 NULL
, 0x0, "Unknown bytes. If you know what this is, contact wireshark developers.", HFILL
}}
210 static int *ett
[] = {
214 proto_dcerpc_tapi
= proto_register_protocol("Microsoft Telephony API Service", "TAPI", "tapi");
216 proto_register_field_array(proto_dcerpc_tapi
, hf
,
219 proto_register_subtree_array(ett
, array_length(ett
));
223 proto_reg_handoff_dcerpc_tapi(void)
225 /* Register protocol as dcerpc */
227 dcerpc_init_uuid(proto_dcerpc_tapi
, ett_dcerpc_tapi
,
228 &uuid_dcerpc_tapi
, ver_dcerpc_tapi
,
229 dcerpc_tapi_dissectors
, hf_tapi_opnum
);
238 * indent-tabs-mode: t
241 * ex: set shiftwidth=8 tabstop=8 noexpandtab:
242 * :indentSize=8:tabSize=8:noTabs=false:
