epan/dissectors/packet-dcom.h

   1 /* packet-dcom.h
   2  * Routines for DCOM generics
   3  *
   4  * Wireshark - Network traffic analyzer
   5  * By Gerald Combs <gerald@wireshark.org>
   6  * Copyright 1998 Gerald Combs
   7  *
   8  * SPDX-License-Identifier: GPL-2.0-or-later
   9  */
  10
  11 #ifndef __PACKET_DCOM_H
  12 #define __PACKET_DCOM_H
  13
  14 #include "ws_symbol_export.h"
  15
  16 WS_DLL_PUBLIC const value_string dcom_hresult_vals[];
  17 WS_DLL_PUBLIC const value_string dcom_variant_type_vals[];
  18 extern const value_string dcom_protseq_vals[];
  19
  20 extern int hf_dcom_iid;
  21 extern int hf_dcom_clsid;
  22 extern int hf_dcom_oxid;
  23 extern int hf_dcom_oid;
  24 extern int hf_dcom_ipid;
  25
  26 extern GHashTable *dcom_uuids;
  27
  28 /* preferences */
  29 WS_DLL_PUBLIC bool dcom_prefs_display_unmarshalling_details;
  30
  31
  32 typedef struct dcom_machine_s {
  33     GList           *objects;
  34     int             first_packet;
  35
  36     address         ip;
  37 } dcom_machine_t;
  38
  39 typedef struct dcom_object_s {
  40     dcom_machine_t  *parent;
  41     GList           *interfaces;
  42     void            *private_data;
  43     int             first_packet;
  44
  45     uint64_t        oid;
  46     uint64_t        oxid;
  47 } dcom_object_t;
  48
  49 typedef struct dcom_interface_s {
  50     dcom_object_t   *parent;
  51     void            *private_data;
  52     int             first_packet;
  53
  54     e_guid_t        iid;
  55     e_guid_t        ipid;   /* the DCE/RPC Object UUID */
  56 } dcom_interface_t;
  57
  58 typedef int (*dcom_dissect_fn_t) (tvbuff_t *tvb, int offset, packet_info *pinfo,
  59                        proto_tree *tree, dcerpc_info *di, uint8_t *drep, int size);
  60
  61 typedef struct dcom_marshaler_s {
  62     dcom_object_t   *parent;
  63     void            *private_data;
  64
  65     e_guid_t        uuid;
  66     dcom_dissect_fn_t routine;
  67 } dcom_marshaler_t;
  68
  69 WS_DLL_PUBLIC dcom_interface_t *dcom_interface_new(packet_info *pinfo, const address *addr, e_guid_t *iid, uint64_t oxid, uint64_t oid, e_guid_t *ipid);
  70 WS_DLL_PUBLIC dcom_interface_t *dcom_interface_find(packet_info *pinfo, const address *addr, e_guid_t *ipid);
  71 #ifdef DEBUG
  72 extern void dcom_interface_dump(void);
  73 #endif
  74 extern int dcom_register_routine(dcom_dissect_fn_t routine, e_guid_t* uuid);
  75 extern void dcom_register_common_routines_(void);
  76
  77 extern dcom_dissect_fn_t dcom_get_routine_by_uuid(const e_guid_t* uuid);
  78
  79 /* the essential DCOM this and that, starting every call */
  80 WS_DLL_PUBLIC int
  81 dissect_dcom_this(tvbuff_t *tvb, int offset,
  82         packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep);
  83 WS_DLL_PUBLIC int
  84 dissect_dcom_that(tvbuff_t *tvb, int offset,
  85         packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep);
  86
  87
  88 /* dissection of somewhat more simple data types */
  89 #define dissect_dcom_BOOLEAN            dissect_ndr_uint8
  90 #define dissect_dcom_BYTE                       dissect_ndr_uint8
  91 #define dissect_dcom_WORD                       dissect_ndr_uint16
  92 #define dissect_dcom_DWORD                      dissect_ndr_uint32
  93 #define dissect_dcom_I8                 dissect_ndr_uint64
  94 #define dissect_dcom_ID                         dissect_ndr_duint32
  95 #define dissect_dcom_FILETIME           dissect_ndr_duint32 /* ToBeDone */
  96 #define dissect_dcom_VARIANT_BOOL       dissect_ndr_uint16
  97 #define dissect_dcom_FLOAT                      dissect_ndr_float
  98 #define dissect_dcom_DOUBLE                     dissect_ndr_double
  99 #define dissect_dcom_DATE                       dissect_ndr_double
 100
 101 WS_DLL_PUBLIC int
 102 dissect_dcom_UUID(tvbuff_t *tvb, int offset,
 103         packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep,
 104         int hfindex, e_guid_t *uuid);
 105
 106 WS_DLL_PUBLIC int
 107 dissect_dcom_append_UUID(tvbuff_t *tvb, int offset,
 108         packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep,
 109         int hfindex, int field_index, e_guid_t *uuid);
 110
 111 extern int
 112 dissect_dcom_indexed_WORD(tvbuff_t *tvb, int offset,    packet_info *pinfo,
 113                                          proto_tree *tree, dcerpc_info *di, uint8_t *drep,
 114                                          int hfindex, uint16_t * pu16WORD, int field_index);
 115
 116 WS_DLL_PUBLIC int
 117 dissect_dcom_indexed_DWORD(tvbuff_t *tvb, int offset,   packet_info *pinfo,
 118                                          proto_tree *tree, dcerpc_info *di, uint8_t *drep,
 119                                          int hfindex, uint32_t * pu32DWORD, int field_index);
 120
 121 WS_DLL_PUBLIC int
 122 dissect_dcom_HRESULT(tvbuff_t *tvb, int offset,
 123         packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep, uint32_t * pu32hresult);
 124
 125 WS_DLL_PUBLIC int
 126 dissect_dcom_HRESULT_item(tvbuff_t *tvb, int offset,    packet_info *pinfo,
 127                                          proto_tree *tree, dcerpc_info *di, uint8_t *drep,
 128                                          uint32_t * pu32HResult, int field_index, proto_item **item);
 129
 130 WS_DLL_PUBLIC int
 131 dissect_dcom_indexed_HRESULT(tvbuff_t *tvb, int offset, packet_info *pinfo,
 132                                          proto_tree *tree, dcerpc_info *di, uint8_t *drep,
 133                                          uint32_t * pu32hresult, int field_index);
 134
 135 extern int
 136 dissect_dcom_COMVERSION(tvbuff_t *tvb, int offset,
 137         packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep,
 138         uint16_t        * pu16version_major, uint16_t * pu16version_minor);
 139
 140 typedef void (*sa_callback_t) (tvbuff_t *tvb, int offset, packet_info *pinfo,
 141                        proto_tree *tree, dcerpc_info *di, uint8_t *drep,
 142                        uint32_t u32VarType, uint32_t u32ArraySize);
 143
 144 WS_DLL_PUBLIC int
 145 dissect_dcom_SAFEARRAY(tvbuff_t *tvb, int offset, packet_info *pinfo,
 146                                                 proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex _U_, sa_callback_t sacb);
 147
 148 WS_DLL_PUBLIC int
 149 dissect_dcom_LPWSTR(tvbuff_t *tvb, int offset, packet_info *pinfo,
 150                        proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex,
 151                                            char *psz_buffer, uint32_t u32max_buffer);
 152
 153 WS_DLL_PUBLIC int
 154 dissect_dcom_indexed_LPWSTR(tvbuff_t *tvb, int offset, packet_info *pinfo,
 155                        proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex,
 156                                            char *pszStr, uint32_t u32MaxStr, int field_index);
 157
 158 WS_DLL_PUBLIC int
 159 dissect_dcom_BSTR(tvbuff_t *tvb, int offset, packet_info *pinfo,
 160                        proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex,
 161                                            char *psz_buffer, uint32_t u32max_buffer);
 162
 163 extern int
 164 dissect_dcom_DUALSTRINGARRAY(tvbuff_t *tvb, int offset, packet_info *pinfo,
 165                        proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex, char *ip);
 166
 167 extern int
 168 dissect_dcom_STDOBJREF(tvbuff_t *tvb, int offset, packet_info *pinfo,
 169                        proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex,
 170                        uint64_t *oxid, uint64_t *oid, e_guid_t *ipid);
 171 extern int
 172 dissect_dcom_OBJREF(tvbuff_t *tvb, int offset, packet_info *pinfo,
 173                        proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex, dcom_interface_t **interf);
 174
 175 WS_DLL_PUBLIC int
 176 dissect_dcom_MInterfacePointer(tvbuff_t *tvb, int offset, packet_info *pinfo,
 177                        proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex, dcom_interface_t **interf);
 178 WS_DLL_PUBLIC int
 179 dissect_dcom_PMInterfacePointer(tvbuff_t *tvb, int offset, packet_info *pinfo,
 180                        proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex, dcom_interface_t **interf);
 181
 182 WS_DLL_PUBLIC int
 183 dissect_dcom_VARTYPE(tvbuff_t *tvb, int offset,
 184         packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep,
 185         uint16_t *pu16Vartype);
 186
 187 WS_DLL_PUBLIC int
 188 dissect_dcom_VARIANT(tvbuff_t *tvb, int offset, packet_info *pinfo,
 189                                          proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex);
 190
 191 /* dcom "dcerpc internal" unmarshalling */
 192 WS_DLL_PUBLIC int
 193 dissect_dcom_dcerpc_array_size(tvbuff_t *tvb, int offset, packet_info *pinfo,
 194                        proto_tree *tree, dcerpc_info *di, uint8_t *drep, uint32_t *pu32array_size);
 195
 196 WS_DLL_PUBLIC int
 197 dissect_dcom_dcerpc_pointer(tvbuff_t *tvb, int offset, packet_info *pinfo,
 198                        proto_tree *tree, dcerpc_info *di, uint8_t *drep, uint32_t *pu32pointer);
 199
 200 /* mark things as "to be done" */
 201 extern int
 202 dissect_dcom_tobedone_data(tvbuff_t *tvb, int offset,
 203         packet_info *pinfo, proto_tree *tree, uint8_t *drep, int length);
 204
 205 /* mark things "no specification available" */
 206 extern int
 207 dissect_dcom_nospec_data(tvbuff_t *tvb, int offset,
 208         packet_info *pinfo, proto_tree *tree, uint8_t *drep, int length);
 209
 210 /* very simple parameter-profiles dissectors (for very simple requests ;-) */
 211 /* request: no parameters */
 212 WS_DLL_PUBLIC int
 213 dissect_dcom_simple_rqst(tvbuff_t *tvb, int offset,
 214         packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep);
 215 /* response: only HRESULT */
 216 WS_DLL_PUBLIC int
 217 dissect_dcom_simple_resp(tvbuff_t *tvb, int offset,
 218         packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep);
 219
 220 #endif /* packet-dcom.h */