epan/dissectors/packet-dcom-provideclassinfo.c

   1 /* packet-dcom-provideclassinfo.c
   2  * Routines for DCOM IProvideClassInfo
   3  *
   4  * Copyright 2019, Alex Sirr <alexsirruw@gmail.com>
   5  *
   6  * Wireshark - Network traffic analyzer
   7  * By Gerald Combs <gerald@wireshark.org>
   8  * Copyright 1998 Gerald Combs
   9  *
  10  * SPDX-License-Identifier: GPL-2.0-or-later
  11  */
  12
  13 /* see packet-dcom.c for details about DCOM */
  14
  15 #include "config.h"
  16
  17 #include <epan/packet.h>
  18 #include "packet-dcerpc.h"
  19 #include "packet-dcom.h"
  20
  21 void proto_register_dcom_provideclassinfo(void);
  22 void proto_reg_handoff_dcom_provideclassinfo(void);
  23
  24 static int hf_provideclassinfo_opnum;
  25 static int hf_typeinfo;
  26
  27 static e_guid_t uuid_provideclassinfo = { 0xb196b283, 0xbab4, 0x101a, { 0xB6, 0x9C, 0x00, 0xAA, 0x00, 0x34, 0x1D, 0x07} };
  28 static uint16_t ver_provideclassinfo;
  29 static int ett_provideclassinfo;
  30 static int proto_provideclassinfo;
  31
  32 static int dissect_IProvideClassInfo_GetClassInfo_rqst(tvbuff_t *tvb, int offset,
  33                                             packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
  34 {
  35     offset = dissect_dcom_this(tvb, offset, pinfo, tree, di, drep);
  36
  37     return offset;
  38 }
  39
  40 static int dissect_IProvideClassInfo_GetClassInfo_resp(tvbuff_t *tvb, int offset,
  41                                             packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
  42 {
  43     uint32_t u32HResult;
  44
  45     offset = dissect_dcom_that(tvb, offset, pinfo, tree, di, drep);
  46
  47     offset = dissect_dcom_PMInterfacePointer(tvb, offset, pinfo, tree, di, drep,
  48                     hf_typeinfo, NULL);
  49
  50     offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, di, drep,
  51                                   &u32HResult);
  52
  53     return offset;
  54 }
  55
  56 /* sub dissector table of IProvideClassInfo interface */
  57 static const dcerpc_sub_dissector provideclassinfo_dissectors[] = {
  58     {3, "GetClassInfo", dissect_IProvideClassInfo_GetClassInfo_rqst, dissect_IProvideClassInfo_GetClassInfo_resp},
  59     {0, NULL, NULL, NULL},
  60 };
  61
  62 void proto_register_dcom_provideclassinfo(void)
  63 {
  64     static hf_register_info hf_provideclassinfo_array[] = {
  65         {&hf_provideclassinfo_opnum,
  66          {"Operation", "provideclassinfo.opnum", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL}},
  67         { &hf_typeinfo,
  68          { "ITypeInfo", "provideclassinfo.itypeinfo", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }}
  69     };
  70
  71     static int *ett[] = {
  72         &ett_provideclassinfo,
  73     };
  74
  75     proto_provideclassinfo = proto_register_protocol("DCOM IProvideClassInfo", "IProvideClassInfo", "provideclassinfo");
  76     proto_register_field_array(proto_provideclassinfo, hf_provideclassinfo_array, array_length(hf_provideclassinfo_array));
  77     proto_register_subtree_array(ett, array_length(ett));
  78 }
  79
  80 void proto_reg_handoff_dcom_provideclassinfo(void)
  81 {
  82     dcerpc_init_uuid(proto_provideclassinfo, ett_provideclassinfo,
  83                      &uuid_provideclassinfo, ver_provideclassinfo,
  84                      provideclassinfo_dissectors, hf_provideclassinfo_opnum);
  85 }
  86
  87 /*
  88  * Editor modelines  -  https://www.wireshark.org/tools/modelines.html
  89  *
  90  * Local variables:
  91  * c-basic-offset: 4
  92  * tab-width: 8
  93  * indent-tabs-mode: nil
  94  * End:
  95  *
  96  * vi: set shiftwidth=4 tabstop=8 expandtab:
  97  * :indentSize=4:tabSize=8:noTabs=true:
  98  */