search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
HACK: 2nd try to match RowsetProperties
[wireshark-wip.git] / epan / dissectors / packet-dcerpc-browser.c
blob39113d23e627057e69dd021554435fa817a24369
1 /* packet-dcerpc-browser.c
2 * Routines for DCERPC Browser packet disassembly
3 * Copyright 2001, Ronnie Sahlberg
4 *
5 * $Id$
6 *
7 * Wireshark - Network traffic analyzer
8 * By Gerald Combs <gerald@wireshark.org>
9 * Copyright 1998 Gerald Combs
10 *
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
26 /* The IDL file for this interface can be extracted by grepping for idl
27 * in capitals.
28 */
29
30 #include "config.h"
31
32 #include <glib.h>
33
34 #include <epan/packet.h>
35 #include <epan/exceptions.h>
36
37 #include "packet-dcerpc.h"
38 #include "packet-dcerpc-browser.h"
39 #include "packet-dcerpc-nt.h"
40 #include "packet-windows-common.h"
41
42 static int proto_dcerpc_browser = -1;
43 static int hf_browser_opnum = -1;
44 static int hf_browser_rc = -1;
45 static int hf_browser_unknown_long = -1;
46 static int hf_browser_unknown_hyper = -1;
47 static int hf_browser_unknown_bytes = -1;
48 static int hf_browser_unknown_string = -1;
49
50
51 static gint ett_dcerpc_browser = -1;
52
53
54 static int
55 dissect_browser_long_pointer(tvbuff_t *tvb, int offset,
56 packet_info *pinfo, proto_tree *tree,
57 dcerpc_info *di, guint8 *drep)
58 {
59 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep,
60 di->hf_index, NULL);
61 return offset;
62 }
63
64
65
66 /*
67 IDL [ uuid(6bffd098-a112-3610-9833-012892020162),
68 IDL version(0.0),
69 IDL implicit_handle(handle_t rpc_binding)
70 IDL ] interface browser
71 IDL {
72 */
73
74 static e_uuid_t uuid_dcerpc_browser = {
75 0x6bffd098, 0xa112, 0x3610,
76 { 0x98, 0x33, 0x01, 0x28, 0x92, 0x02, 0x01, 0x62 }
77 };
78
79 static guint16 ver_dcerpc_browser = 0;
80
81
82 /*
83 IDL typedef struct {
84 IDL long element_7;
85 IDL [size_is(element_7)] [unique] byte *element_8;
86 IDL } TYPE_4;
87 */
88 static int
89 dissect_browser_TYPE_4_data(tvbuff_t *tvb, int offset,
90 packet_info *pinfo, proto_tree *tree,
91 dcerpc_info *di, guint8 *drep)
92 {
93 guint32 len;
94 int old_offset = offset;
95
96 if(di->conformant_run){
97 /* this call is to make wireshark eat the array header for the conformant run */
98 offset =dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep, NULL);
99
100 return offset;
101 }
102 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
103 hf_browser_unknown_long, &len);
104
105 proto_tree_add_item(tree, hf_browser_unknown_bytes, tvb, offset, len,
106 ENC_NA);
107 offset += len;
108 if (offset < old_offset)
109 THROW(ReportedBoundsError);
110
111 return len;
112 }
113 static int
114 dissect_browser_TYPE_4(tvbuff_t *tvb, int offset,
115 packet_info *pinfo, proto_tree *tree,
116 dcerpc_info *di, guint8 *drep)
117 {
118 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
119 hf_browser_unknown_long, NULL);
120
121 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
122 dissect_browser_TYPE_4_data, NDR_POINTER_UNIQUE,
123 "unknown TYPE_4", -1);
124
125 return offset;
126 }
127
128
129 /*
130 IDL typedef struct {
131 IDL long element_5;
132 IDL [size_is(element_5)] [unique] byte *element_6;
133 IDL } TYPE_3;
134 */
135 static int
136 dissect_browser_TYPE_3_data(tvbuff_t *tvb, int offset,
137 packet_info *pinfo, proto_tree *tree,
138 dcerpc_info *di, guint8 *drep)
139 {
140 guint32 len;
141 int old_offset = offset;
142
143 if(di->conformant_run){
144 /* this call is to make wireshark eat the array header for the conformant run */
145 offset =dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep, NULL);
146
147 return offset;
148 }
149
150 /* this is really the length of the encoded data */
151 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
152 hf_browser_unknown_long, &len);
153 proto_tree_add_item(tree, hf_browser_unknown_bytes, tvb, offset, len,
154 ENC_NA);
155 offset += len;
156 if (offset < old_offset)
157 THROW(ReportedBoundsError);
158
159 return len;
160 }
161 static int
162 dissect_browser_TYPE_3(tvbuff_t *tvb, int offset,
163 packet_info *pinfo, proto_tree *tree,
164 dcerpc_info *di, guint8 *drep)
165 {
166 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
167 hf_browser_unknown_long, NULL);
168
169 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
170 dissect_browser_TYPE_3_data, NDR_POINTER_UNIQUE,
171 "unknown TYPE_3", -1);
172
173 return offset;
174 }
175
176
177
178 /*
179 IDL typedef [switch_type(long)] union {
180 IDL [case(100)] [unique] TYPE_3 *element_3;
181 IDL [case(101)] [unique] TYPE_4 *element_4;
182 IDL } TYPE_2;
183 */
184 static int
185 dissect_browser_TYPE_2(tvbuff_t *tvb, int offset,
186 packet_info *pinfo, proto_tree *tree,
187 dcerpc_info *di, guint8 *drep)
188 {
189 guint32 level;
190
191 /* this is really the union switch arm */
192 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
193 hf_browser_unknown_long, &level);
194
195 ALIGN_TO_4_BYTES;
196
197 switch(level){
198 case 100:
199 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
200 dissect_browser_TYPE_3, NDR_POINTER_UNIQUE,
201 "unknown TYPE_3", -1);
202 break;
203 case 101:
204 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
205 dissect_browser_TYPE_4, NDR_POINTER_UNIQUE,
206 "unknown TYPE_4", -1);
207 break;
208 }
209
210 return offset;
211 }
212
213
214 /*
215 IDL typedef struct {
216 IDL long element_1;
217 IDL TYPE_2 element_2;
218 IDL } TYPE_1;
219 */
220 static int
221 dissect_browser_TYPE_1(tvbuff_t *tvb, int offset,
222 packet_info *pinfo, proto_tree *tree,
223 dcerpc_info *di, guint8 *drep)
224 {
225 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
226 hf_browser_unknown_long, NULL);
227
228 offset = dissect_browser_TYPE_2(tvb, offset, pinfo, tree, di, drep);
229
230 return offset;
231 }
232
233
234
235 /*
236 IDL long BrowserrServerEnum(
237 IDL [in] [unique] [string] wchar_t *element_9,
238 IDL [in] [unique] [string] wchar_t *element_10,
239 IDL [in] [unique] [string] wchar_t *element_11,
240 IDL [in,out] [ref] TYPE_1 *element_12,
241 IDL [in] long element_13,
242 IDL [out] long element_14,
243 IDL [in] long element_15,
244 IDL [in] [unique] [string] wchar_t *element_16,
245 IDL [in,out] [unique] long *element_17
246 IDL );
247 */
248 static int
249 dissect_browser_browserr_server_enum_rqst(tvbuff_t *tvb, int offset,
250 packet_info *pinfo, proto_tree *tree,
251 dcerpc_info *di, guint8 *drep)
252 {
253 offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, di, drep,
254 NDR_POINTER_UNIQUE, "unknown string",
255 hf_browser_unknown_string, 0);
256
257 offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, di, drep,
258 NDR_POINTER_UNIQUE, "unknown string",
259 hf_browser_unknown_string, 0);
260
261 offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, di, drep,
262 NDR_POINTER_UNIQUE, "unknown string",
263 hf_browser_unknown_string, 0);
264
265 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
266 dissect_browser_TYPE_1, NDR_POINTER_REF,
267 "unknown TYPE_1", -1);
268
269 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
270 hf_browser_unknown_long, NULL);
271
272 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
273 hf_browser_unknown_long, NULL);
274
275 offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, di, drep,
276 NDR_POINTER_UNIQUE, "unknown string",
277 hf_browser_unknown_string, 0);
278
279 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
280 dissect_browser_long_pointer, NDR_POINTER_UNIQUE,
281 "unknown long", hf_browser_unknown_long);
282
283 return offset;
284 }
285 static int
286 dissect_browser_browserr_server_enum_reply(tvbuff_t *tvb, int offset,
287 packet_info *pinfo, proto_tree *tree,
288 dcerpc_info *di, guint8 *drep)
289 {
290 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
291 dissect_browser_TYPE_1, NDR_POINTER_REF,
292 "unknown TYPE_1", -1);
293
294 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
295 hf_browser_unknown_long, NULL);
296
297 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
298 dissect_browser_long_pointer, NDR_POINTER_UNIQUE,
299 "unknown long", hf_browser_unknown_long);
300
301 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
302 hf_browser_rc, NULL);
303
304 return offset;
305 }
306
307 /*
308 IDL long BrowserrDebugCall(
309 IDL [in] [unique] [string] wchar_t *element_18,
310 IDL [in] long element_19,
311 IDL [in] long element_20
312 IDL );
313 */
314 static int
315 dissect_browser_browserr_debug_call_rqst(tvbuff_t *tvb, int offset,
316 packet_info *pinfo, proto_tree *tree,
317 dcerpc_info *di, guint8 *drep)
318 {
319 offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, di, drep,
320 NDR_POINTER_UNIQUE, "unknown string",
321 hf_browser_unknown_string, 0);
322
323 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
324 hf_browser_unknown_long, NULL);
325
326 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
327 hf_browser_unknown_long, NULL);
328
329 return offset;
330 }
331 static int
332 dissect_browser_browserr_debug_call_reply(tvbuff_t *tvb, int offset,
333 packet_info *pinfo, proto_tree *tree,
334 dcerpc_info *di _U_, guint8 *drep)
335 {
336 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
337 hf_browser_rc, NULL);
338
339 return offset;
340 }
341
342
343 /*
344 IDL long BrowserrQueryOtherDomains(
345 IDL [in] [unique] [string] wchar_t *element_21,
346 IDL [in,out] [ref] TYPE_1 *element_22,
347 IDL [out] long element_23
348 IDL );
349 */
350 static int
351 dissect_browser_browserr_query_other_domains_rqst(tvbuff_t *tvb, int offset,
352 packet_info *pinfo, proto_tree *tree,
353 dcerpc_info *di, guint8 *drep)
354 {
355 offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, di, drep,
356 NDR_POINTER_UNIQUE, "unknown string",
357 hf_browser_unknown_string, 0);
358
359 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
360 dissect_browser_TYPE_1, NDR_POINTER_REF,
361 "unknown TYPE_1", -1);
362
363 return offset;
364 }
365 static int
366 dissect_browser_browserr_query_other_domains_reply(tvbuff_t *tvb, int offset,
367 packet_info *pinfo, proto_tree *tree,
368 dcerpc_info *di _U_, guint8 *drep)
369 {
370 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
371 hf_browser_unknown_long, NULL);
372
373 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
374 hf_browser_rc, NULL);
375
376 return offset;
377 }
378
379
380 /*
381 IDL long BrowserrResetNetlogonState(
382 IDL [in] [unique] [string] wchar_t *element_24
383 IDL );
384 */
385 static int
386 dissect_browser_browserr_reset_netlogon_state_rqst(tvbuff_t *tvb, int offset,
387 packet_info *pinfo, proto_tree *tree,
388 dcerpc_info *di, guint8 *drep)
389 {
390 offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, di, drep,
391 NDR_POINTER_UNIQUE, "unknown string",
392 hf_browser_unknown_string, 0);
393
394 return offset;
395 }
396 static int
397 dissect_browser_browserr_reset_netlogon_state_reply(tvbuff_t *tvb, int offset,
398 packet_info *pinfo, proto_tree *tree,
399 dcerpc_info *di _U_, guint8 *drep)
400 {
401 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
402 hf_browser_rc, NULL);
403
404 return offset;
405 }
406
407
408 /*
409 IDL long BrowserrDebugTrace(
410 IDL [in] [unique] [string] wchar_t *element_25,
411 IDL [in] [string] char element_26
412 IDL );
413 */
414 static int
415 dissect_browser_browserr_debug_trace_rqst(tvbuff_t *tvb, int offset,
416 packet_info *pinfo, proto_tree *tree,
417 dcerpc_info *di, guint8 *drep)
418 {
419 offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, di, drep,
420 NDR_POINTER_UNIQUE, "unknown string",
421 hf_browser_unknown_string, 0);
422
423 offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, di, drep,
424 NDR_POINTER_REF, "unknown string",
425 hf_browser_unknown_string, 0);
426
427 return offset;
428 }
429 static int
430 dissect_browser_browserr_debug_trace_reply(tvbuff_t *tvb, int offset,
431 packet_info *pinfo, proto_tree *tree,
432 dcerpc_info *di _U_, guint8 *drep)
433 {
434 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
435 hf_browser_rc, NULL);
436
437 return offset;
438 }
439
440
441
442 /*
443 IDL typedef struct {
444 IDL TYPE_6 element_27;
445 IDL TYPE_6 element_28;
446 IDL TYPE_6 element_29;
447 IDL long element_30;
448 IDL long element_31;
449 IDL long element_32;
450 IDL long element_33;
451 IDL long element_34;
452 IDL long element_35;
453 IDL long element_36;
454 IDL long element_37;
455 IDL long element_38;
456 IDL long element_39;
457 IDL long element_40;
458 IDL long element_41;
459 IDL long element_42;
460 IDL long element_43;
461 IDL long element_44;
462 IDL TYPE_6 element_45;
463 IDL } TYPE_5;
464 IDL
465 IDL typedef struct {
466 IDL hyper element_46;
467 IDL } TYPE_6;
468 */
469 static int
470 dissect_browser_TYPE_5(tvbuff_t *tvb, int offset,
471 packet_info *pinfo, proto_tree *tree,
472 dcerpc_info *di, guint8 *drep)
473 {
474 offset = dissect_ndr_duint32(tvb, offset, pinfo, tree, di, drep,
475 hf_browser_unknown_hyper, NULL);
476
477 offset = dissect_ndr_duint32(tvb, offset, pinfo, tree, di, drep,
478 hf_browser_unknown_hyper, NULL);
479
480 offset = dissect_ndr_duint32(tvb, offset, pinfo, tree, di, drep,
481 hf_browser_unknown_hyper, NULL);
482
483 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
484 hf_browser_unknown_long, NULL);
485
486 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
487 hf_browser_unknown_long, NULL);
488
489 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
490 hf_browser_unknown_long, NULL);
491
492 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
493 hf_browser_unknown_long, NULL);
494
495 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
496 hf_browser_unknown_long, NULL);
497
498 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
499 hf_browser_unknown_long, NULL);
500
501 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
502 hf_browser_unknown_long, NULL);
503
504 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
505 hf_browser_unknown_long, NULL);
506
507 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
508 hf_browser_unknown_long, NULL);
509
510 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
511 hf_browser_unknown_long, NULL);
512
513 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
514 hf_browser_unknown_long, NULL);
515
516 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
517 hf_browser_unknown_long, NULL);
518
519 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
520 hf_browser_unknown_long, NULL);
521
522 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
523 hf_browser_unknown_long, NULL);
524
525 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
526 hf_browser_unknown_long, NULL);
527
528 offset = dissect_ndr_duint32(tvb, offset, pinfo, tree, di, drep,
529 hf_browser_unknown_hyper, NULL);
530
531 return offset;
532 }
533
534
535 /*
536 IDL long BrowserrQueryStatistics(
537 IDL [in] [unique] [string] wchar_t *element_47,
538 IDL [out] [ref] TYPE_5 **element_48
539 IDL );
540 */
541 static int
542 dissect_browser_browserr_query_statistics_rqst(tvbuff_t *tvb, int offset,
543 packet_info *pinfo, proto_tree *tree,
544 dcerpc_info *di, guint8 *drep)
545 {
546 offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, di, drep,
547 NDR_POINTER_UNIQUE, "unknown string",
548 hf_browser_unknown_string, 0);
549
550 return offset;
551 }
552 static int
553 dissect_browser_browserr_query_statistics_reply(tvbuff_t *tvb, int offset,
554 packet_info *pinfo, proto_tree *tree,
555 dcerpc_info *di, guint8 *drep)
556 {
557 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
558 dissect_browser_TYPE_5, NDR_POINTER_UNIQUE,
559 "unknown TYPE_5", -1);
560
561 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
562 hf_browser_rc, NULL);
563
564 return offset;
565 }
566
567
568 /*
569 IDL long BrowserrResetStatistics(
570 IDL [in] [unique] [string] wchar_t *element_49
571 IDL );
572 */
573 static int
574 dissect_browser_browserr_reset_statistics_rqst(tvbuff_t *tvb, int offset,
575 packet_info *pinfo, proto_tree *tree,
576 dcerpc_info *di, guint8 *drep)
577 {
578 offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, di, drep,
579 NDR_POINTER_UNIQUE, "unknown string",
580 hf_browser_unknown_string, 0);
581
582 return offset;
583 }
584 static int
585 dissect_browser_browserr_reset_statistics_reply(tvbuff_t *tvb, int offset,
586 packet_info *pinfo, proto_tree *tree,
587 dcerpc_info *di _U_, guint8 *drep)
588 {
589 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
590 hf_browser_rc, NULL);
591
592 return offset;
593 }
594
595
596 /*
597 IDL long NetrBrowserStatisticsClear(
598 IDL [in] [unique] [string] wchar_t *element_49
599 IDL );
600 */
601 static int
602 dissect_browser_netr_browser_statistics_clear_rqst(tvbuff_t *tvb, int offset,
603 packet_info *pinfo, proto_tree *tree,
604 dcerpc_info *di, guint8 *drep)
605 {
606 offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, di, drep,
607 NDR_POINTER_UNIQUE, "unknown string",
608 hf_browser_unknown_string, 0);
609
610 return offset;
611 }
612 static int
613 dissect_browser_netr_browser_statistics_clear_reply(tvbuff_t *tvb, int offset,
614 packet_info *pinfo, proto_tree *tree,
615 dcerpc_info *di _U_, guint8 *drep)
616 {
617 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
618 hf_browser_rc, NULL);
619
620 return offset;
621 }
622
623
624 /*
625 IDL typedef struct {
626 IDL TYPE_6 element_59;
627 IDL TYPE_6 element_60;
628 IDL TYPE_6 element_61;
629 IDL long element_62;
630 IDL long element_63;
631 IDL long element_64;
632 IDL TYPE_6 element_65;
633 IDL long element_66;
634 IDL long element_67;
635 IDL long element_68;
636 IDL long element_69;
637 IDL long element_70;
638 IDL long element_71;
639 IDL long element_72;
640 IDL long element_73;
641 IDL long element_74;
642 IDL } TYPE_11;
643 */
644 static int
645 dissect_browser_TYPE_11(tvbuff_t *tvb, int offset,
646 packet_info *pinfo, proto_tree *tree,
647 dcerpc_info *di _U_, guint8 *drep)
648 {
649 offset = dissect_ndr_duint32(tvb, offset, pinfo, tree, di, drep,
650 hf_browser_unknown_hyper, NULL);
651
652 offset = dissect_ndr_duint32(tvb, offset, pinfo, tree, di, drep,
653 hf_browser_unknown_hyper, NULL);
654
655 offset = dissect_ndr_duint32(tvb, offset, pinfo, tree, di, drep,
656 hf_browser_unknown_hyper, NULL);
657
658 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
659 hf_browser_unknown_long, NULL);
660
661 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
662 hf_browser_unknown_long, NULL);
663
664 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
665 hf_browser_unknown_long, NULL);
666
667 offset = dissect_ndr_duint32(tvb, offset, pinfo, tree, di, drep,
668 hf_browser_unknown_hyper, NULL);
669
670 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
671 hf_browser_unknown_long, NULL);
672
673 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
674 hf_browser_unknown_long, NULL);
675
676 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
677 hf_browser_unknown_long, NULL);
678
679 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
680 hf_browser_unknown_long, NULL);
681
682 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
683 hf_browser_unknown_long, NULL);
684
685 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
686 hf_browser_unknown_long, NULL);
687
688 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
689 hf_browser_unknown_long, NULL);
690
691 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
692 hf_browser_unknown_long, NULL);
693
694 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
695 hf_browser_unknown_long, NULL);
696
697 return offset;
698 }
699
700 /*
701 IDL typedef struct {
702 IDL long element_57;
703 IDL [size_is(element_57)] [unique] TYPE_11 *element_58;
704 IDL } TYPE_10;
705 */
706 static int
707 dissect_browser_TYPE_11_array(tvbuff_t *tvb, int offset,
708 packet_info *pinfo, proto_tree *tree,
709 dcerpc_info *di, guint8 *drep)
710 {
711 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep,
712 dissect_browser_TYPE_11);
713
714 return offset;
715 }
716
717 static int
718 dissect_browser_TYPE_10(tvbuff_t *tvb, int offset,
719 packet_info *pinfo, proto_tree *tree,
720 dcerpc_info *di, guint8 *drep)
721 {
722 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
723 hf_browser_unknown_long, NULL);
724
725 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
726 dissect_browser_TYPE_11_array, NDR_POINTER_UNIQUE,
727 "unknown TYPE_11_ARRAY", -1);
728
729 return offset;
730 }
731
732
733 /*
734 IDL typedef struct {
735 IDL long element_55;
736 IDL [size_is(element_55)] [unique] byte *element_56;
737 IDL } TYPE_9;
738 */
739 static int
740 dissect_browser_TYPE_9_data(tvbuff_t *tvb, int offset,
741 packet_info *pinfo, proto_tree *tree,
742 dcerpc_info *di, guint8 *drep)
743 {
744 guint32 len;
745 int old_offset = offset;
746
747 if(di->conformant_run){
748 /* this call is to make wireshark eat the array header for the conformant run */
749 offset =dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep, NULL);
750
751 return offset;
752 }
753
754 /* this is really the length of the encoded data */
755 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
756 hf_browser_unknown_long, &len);
757
758 proto_tree_add_item(tree, hf_browser_unknown_bytes, tvb, offset, len,
759 ENC_NA);
760 offset += len;
761 if (offset < old_offset)
762 THROW(ReportedBoundsError);
763
764 return len;
765 }
766 static int
767 dissect_browser_TYPE_9(tvbuff_t *tvb, int offset,
768 packet_info *pinfo, proto_tree *tree,
769 dcerpc_info *di, guint8 *drep)
770 {
771 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
772 hf_browser_unknown_long, NULL);
773
774 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
775 dissect_browser_TYPE_9_data, NDR_POINTER_UNIQUE,
776 "unknown TYPE_9", -1);
777
778 return offset;
779 }
780
781
782 /*
783 IDL typedef [switch_type(long)] union {
784 IDL [case(100)] [unique] TYPE_9 *element_53;
785 IDL [case(101)] [unique] TYPE_10 *element_54;
786 IDL } TYPE_8;
787 */
788 static int
789 dissect_browser_TYPE_8(tvbuff_t *tvb, int offset,
790 packet_info *pinfo, proto_tree *tree,
791 dcerpc_info *di, guint8 *drep)
792 {
793 guint32 level;
794
795 /* this is really the union switch arm */
796 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
797 hf_browser_unknown_long, &level);
798
799 ALIGN_TO_4_BYTES;
800
801 switch(level){
802 case 100:
803 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
804 dissect_browser_TYPE_9, NDR_POINTER_UNIQUE,
805 "unknown TYPE_9", -1);
806 break;
807 case 101:
808 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
809 dissect_browser_TYPE_10, NDR_POINTER_UNIQUE,
810 "unknown TYPE_10", -1);
811 break;
812 }
813
814 return offset;
815 }
816
817
818 /*
819 IDL typedef struct {
820 IDL long element_51;
821 IDL TYPE_8 element_52;
822 IDL } TYPE_7;
823 */
824 static int
825 dissect_browser_TYPE_7(tvbuff_t *tvb, int offset,
826 packet_info *pinfo, proto_tree *tree,
827 dcerpc_info *di, guint8 *drep)
828 {
829 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
830 hf_browser_unknown_long, NULL);
831
832 offset = dissect_browser_TYPE_8(tvb, offset, pinfo, tree, di, drep);
833
834 return offset;
835 }
836
837
838 /*
839 IDL long NetrBrowserStatisticsGet(
840 IDL [in] [unique] [string] wchar_t *element_75,
841 IDL [in] long element_76,
842 IDL [in,out] [ref] TYPE_7 *element_77
843 IDL );
844 */
845 static int
846 dissect_browser_netr_browser_statistics_get_rqst(tvbuff_t *tvb, int offset,
847 packet_info *pinfo, proto_tree *tree,
848 dcerpc_info *di, guint8 *drep)
849 {
850 offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, di, drep,
851 NDR_POINTER_UNIQUE, "unknown string",
852 hf_browser_unknown_string, 0);
853
854 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
855 hf_browser_unknown_long, NULL);
856
857 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
858 dissect_browser_TYPE_7, NDR_POINTER_REF,
859 "unknown TYPE_7", -1);
860
861 return offset;
862 }
863 static int
864 dissect_browser_netr_browser_statistics_get_reply(tvbuff_t *tvb, int offset,
865 packet_info *pinfo, proto_tree *tree,
866 dcerpc_info *di, guint8 *drep)
867 {
868 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
869 dissect_browser_TYPE_7, NDR_POINTER_REF,
870 "unknown TYPE_7", -1);
871
872 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
873 hf_browser_rc, NULL);
874
875 return offset;
876 }
877
878
879 /*
880 IDL long BrowserrSetNetlogonState(
881 IDL [in] [unique] [string] wchar_t *element_78,
882 IDL [in] [ref] [string] wchar_t *element_79,
883 IDL [in] [unique] [string] wchar_t *element_80,
884 IDL [in] long element_81
885 IDL );
886 */
887 static int
888 dissect_browser_browserr_set_netlogon_state_rqst(tvbuff_t *tvb, int offset,
889 packet_info *pinfo, proto_tree *tree,
890 dcerpc_info *di, guint8 *drep)
891 {
892 offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, di, drep,
893 NDR_POINTER_UNIQUE, "unknown string",
894 hf_browser_unknown_string, 0);
895
896 offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, di, drep,
897 NDR_POINTER_REF, "unknown string",
898 hf_browser_unknown_string, 0);
899
900 offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, di, drep,
901 NDR_POINTER_UNIQUE, "unknown string",
902 hf_browser_unknown_string, 0);
903
904 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
905 hf_browser_unknown_long, NULL);
906
907 return offset;
908 }
909 static int
910 dissect_browser_browserr_set_netlogon_state_reply(tvbuff_t *tvb, int offset,
911 packet_info *pinfo, proto_tree *tree,
912 dcerpc_info *di _U_, guint8 *drep)
913 {
914 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
915 hf_browser_rc, NULL);
916
917 return offset;
918 }
919
920
921
922
923 /*
924 IDL typedef struct {
925 IDL long element_82;
926 IDL [size_is(element_82)] [unique] byte *element_83;
927 IDL } TYPE_12;
928 */
929 static int
930 dissect_browser_TYPE_12_data(tvbuff_t *tvb, int offset,
931 packet_info *pinfo, proto_tree *tree,
932 dcerpc_info *di, guint8 *drep)
933 {
934 guint32 len;
935 int old_offset = offset;
936
937 if(di->conformant_run){
938 /* this call is to make wireshark eat the array header for the conformant run */
939 offset =dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep, NULL);
940
941 return offset;
942 }
943
944 /* this is really the length of the encoded data */
945 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
946 hf_browser_unknown_long, &len);
947
948 proto_tree_add_item(tree, hf_browser_unknown_bytes, tvb, offset, len,
949 ENC_NA);
950 offset += len;
951 if (offset < old_offset)
952 THROW(ReportedBoundsError);
953
954 return offset;
955 }
956 static int
957 dissect_browser_TYPE_12(tvbuff_t *tvb, int offset,
958 packet_info *pinfo, proto_tree *tree,
959 dcerpc_info *di, guint8 *drep)
960 {
961 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
962 hf_browser_unknown_long, NULL);
963
964 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
965 dissect_browser_TYPE_12_data, NDR_POINTER_UNIQUE,
966 "unknown TYPE_12", -1);
967
968 return offset;
969 }
970
971
972 /*
973 IDL long BrowserrQueryEmulatedDomains(
974 IDL [in] [unique] [string] wchar_t *element_84,
975 IDL [in,out] [ref] TYPE_12 *element_85
976 );
977 */
978 static int
979 dissect_browser_browserr_query_emulated_domains_rqst(tvbuff_t *tvb, int offset,
980 packet_info *pinfo, proto_tree *tree,
981 dcerpc_info *di, guint8 *drep)
982 {
983 offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, di, drep,
984 NDR_POINTER_UNIQUE, "unknown string",
985 hf_browser_unknown_string, 0);
986
987 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
988 dissect_browser_TYPE_12, NDR_POINTER_REF,
989 "unknown TYPE_12", -1);
990
991 return offset;
992 }
993 static int
994 dissect_browser_browserr_query_emulated_domains_reply(tvbuff_t *tvb, int offset,
995 packet_info *pinfo, proto_tree *tree,
996 dcerpc_info *di, guint8 *drep)
997 {
998 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
999 dissect_browser_TYPE_12, NDR_POINTER_REF,
1000 "unknown TYPE_12", -1);
1001
1002 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
1003 hf_browser_rc, NULL);
1004
1005 return offset;
1006 }
1007
1008
1009 /*
1010 IDL long BrowserrServerEnumEx(
1011 IDL [in] [unique] [string] wchar_t *element_86,
1012 IDL [in] [unique] [string] wchar_t *element_87,
1013 IDL [in] [unique] [string] wchar_t *element_88,
1014 IDL [in,out] [ref] TYPE_1 *element_89,
1015 IDL [in] long element_90,
1016 IDL [out] long element_91,
1017 IDL [in] long element_92,
1018 IDL [in] [unique] [string] wchar_t *element_93,
1019 IDL [in] [unique] [string] wchar_t *element_94
1020 IDL );
1021 */
1022 static int
1023 dissect_browser_browserr_server_enum_ex_rqst(tvbuff_t *tvb, int offset,
1024 packet_info *pinfo, proto_tree *tree,
1025 dcerpc_info *di, guint8 *drep)
1026 {
1027 offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, di, drep,
1028 NDR_POINTER_UNIQUE, "unknown string",
1029 hf_browser_unknown_string, 0);
1030
1031 offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, di, drep,
1032 NDR_POINTER_UNIQUE, "unknown string",
1033 hf_browser_unknown_string, 0);
1034
1035 offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, di, drep,
1036 NDR_POINTER_UNIQUE, "unknown string",
1037 hf_browser_unknown_string, 0);
1038
1039 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
1040 dissect_browser_TYPE_1, NDR_POINTER_REF,
1041 "unknown TYPE_1", -1);
1042
1043 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
1044 hf_browser_unknown_long, NULL);
1045
1046 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
1047 hf_browser_unknown_long, NULL);
1048
1049 offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, di, drep,
1050 NDR_POINTER_UNIQUE, "unknown string",
1051 hf_browser_unknown_string, 0);
1052
1053 offset = dissect_ndr_str_pointer_item(tvb, offset, pinfo, tree, di, drep,
1054 NDR_POINTER_UNIQUE, "unknown string",
1055 hf_browser_unknown_string, 0);
1056
1057 return offset;
1058 }
1059 static int
1060 dissect_browser_browserr_server_enum_ex_reply(tvbuff_t *tvb, int offset,
1061 packet_info *pinfo, proto_tree *tree,
1062 dcerpc_info *di, guint8 *drep)
1063 {
1064 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
1065 dissect_browser_TYPE_1, NDR_POINTER_REF,
1066 "unknown TYPE_1", -1);
1067
1068 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
1069 hf_browser_unknown_long, NULL);
1070
1071 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
1072 hf_browser_rc, NULL);
1073
1074 return offset;
1075 }
1076
1077
1078
1079 /*
1080 IDL }
1081 */
1082 static dcerpc_sub_dissector dcerpc_browser_dissectors[] = {
1083 { BROWSER_BROWSERR_SERVER_ENUM, "BrowserrServerEnum",
1084 dissect_browser_browserr_server_enum_rqst,
1085 dissect_browser_browserr_server_enum_reply },
1086 { BROWSER_BROWSERR_DEBUG_CALL, "BrowserrDebugCall",
1087 dissect_browser_browserr_debug_call_rqst,
1088 dissect_browser_browserr_debug_call_reply },
1089 { BROWSER_BROWSERR_QUERY_OTHER_DOMAINS,
1090 "BrowserrQueryOtherDomains",
1091 dissect_browser_browserr_query_other_domains_rqst,
1092 dissect_browser_browserr_query_other_domains_reply },
1093 { BROWSER_BROWSERR_RESET_NETLOGON_STATE,
1094 "BrowserrResetNetlogonState",
1095 dissect_browser_browserr_reset_netlogon_state_rqst,
1096 dissect_browser_browserr_reset_netlogon_state_reply },
1097 { BROWSER_BROWSERR_DEBUG_TRACE,
1098 "BrowserrDebugTrace",
1099 dissect_browser_browserr_debug_trace_rqst,
1100 dissect_browser_browserr_debug_trace_reply },
1101 { BROWSER_BROWSERR_QUERY_STATISTICS,
1102 "BrowserrQueryStatistics",
1103 dissect_browser_browserr_query_statistics_rqst,
1104 dissect_browser_browserr_query_statistics_reply },
1105 { BROWSER_BROWSERR_RESET_STATISTICS,
1106 "BrowserrResetStatistics",
1107 dissect_browser_browserr_reset_statistics_rqst,
1108 dissect_browser_browserr_reset_statistics_reply },
1109 { BROWSER_NETR_BROWSER_STATISTICS_CLEAR,
1110 "NetrBrowserStatisticsClear",
1111 dissect_browser_netr_browser_statistics_clear_rqst,
1112 dissect_browser_netr_browser_statistics_clear_reply },
1113 { BROWSER_NETR_BROWSER_STATISTICS_GET,
1114 "NetrBrowserStatisticsGet",
1115 dissect_browser_netr_browser_statistics_get_rqst,
1116 dissect_browser_netr_browser_statistics_get_reply },
1117 { BROWSER_BROWSERR_SET_NETLOGON_STATE,
1118 "BrowserrSetNetlogonState",
1119 dissect_browser_browserr_set_netlogon_state_rqst,
1120 dissect_browser_browserr_set_netlogon_state_reply },
1121 { BROWSER_BROWSERR_QUERY_EMULATED_DOMAINS,
1122 "BrowserrQueryEmulatedDomains",
1123 dissect_browser_browserr_query_emulated_domains_rqst,
1124 dissect_browser_browserr_query_emulated_domains_reply },
1125 { BROWSER_BROWSERR_SERVER_ENUM_EX,
1126 "BrowserrServerEnumEx",
1127 dissect_browser_browserr_server_enum_ex_rqst,
1128 dissect_browser_browserr_server_enum_ex_reply },
1129
1130 {0, NULL, NULL, NULL }
1131 };
1132
1133 void
1134 proto_register_dcerpc_browser(void)
1135 {
1136 static hf_register_info hf[] = {
1137
1138 { &hf_browser_opnum, {
1139 "Operation", "rpc_browser.opnum", FT_UINT16, BASE_DEC,
1140 NULL, 0x0, NULL, HFILL }},
1141
1142 { &hf_browser_rc, {
1143 "Return code", "rpc_browser.rc", FT_UINT32, BASE_HEX,
1144 VALS(NT_errors), 0x0, "Browser return code", HFILL }},
1145
1146 { &hf_browser_unknown_long, {
1147 "Unknown long", "rpc_browser.unknown.long", FT_UINT32, BASE_HEX,
1148 NULL, 0x0, "Unknown long. If you know what this is, contact wireshark developers.", HFILL }},
1149
1150 { &hf_browser_unknown_hyper, {
1151 "Unknown hyper", "rpc_browser.unknown.hyper", FT_UINT64, BASE_HEX,
1152 NULL, 0x0, "Unknown hyper. If you know what this is, contact wireshark developers.", HFILL }},
1153
1154 { &hf_browser_unknown_bytes, {
1155 "Unknown bytes", "rpc_browser.unknown.bytes", FT_BYTES, BASE_NONE,
1156 NULL, 0x0, "Unknown bytes. If you know what this is, contact wireshark developers.", HFILL }},
1157
1158 { &hf_browser_unknown_string, {
1159 "Unknown string", "rpc_browser.unknown.string", FT_STRING, BASE_NONE,
1160 NULL, 0x0, "Unknown string. If you know what this is, contact wireshark developers.", HFILL }}
1161
1162 };
1163 static gint *ett[] = {
1164 &ett_dcerpc_browser
1165 };
1166
1167 proto_dcerpc_browser = proto_register_protocol(
1168 "RPC Browser", "RPC_BROWSER", "rpc_browser");
1169
1170 proto_register_field_array(proto_dcerpc_browser, hf,
1171 array_length(hf));
1172 proto_register_subtree_array(ett, array_length(ett));
1173 }
1174
1175 void
1176 proto_reg_handoff_dcerpc_browser(void)
1177 {
1178 /* Register protocol as dcerpc */
1179
1180 dcerpc_init_uuid(proto_dcerpc_browser, ett_dcerpc_browser,
1181 &uuid_dcerpc_browser, ver_dcerpc_browser,
1182 dcerpc_browser_dissectors, hf_browser_opnum);
1183 }