epan/dissectors/packet-dcerpc-messenger.c

   1 /* packet-dcerpc-messenger.c
   2  * Routines for SMB \PIPE\msgsvc packet disassembly
   3  * Copyright 2003 Ronnie Sahlberg
   4  *
   5  * $Id$
   6  *
   7  * Wireshark - Network traffic analyzer
   8  * By Gerald Combs <gerald@wireshark.org>
   9  * Copyright 1998 Gerald Combs
  10  *
  11  * This program is free software; you can redistribute it and/or
  12  * modify it under the terms of the GNU General Public License
  13  * as published by the Free Software Foundation; either version 2
  14  * of the License, or (at your option) any later version.
  15  *
  16  * This program is distributed in the hope that it will be useful,
  17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  19  * GNU General Public License for more details.
  20  *
  21  * You should have received a copy of the GNU General Public License
  22  * along with this program; if not, write to the Free Software
  23  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  24  */
  25
  26 #include "config.h"
  27
  28 #include <glib.h>
  29 #include "packet-dcerpc.h"
  30 #include "packet-dcerpc-nt.h"
  31 #include "packet-windows-common.h"
  32
  33
  34 static int proto_dcerpc_messenger = -1;
  35 static int hf_messenger_opnum = -1;
  36 static int hf_messenger_rc = -1;
  37 static int hf_messenger_server = -1;
  38 static int hf_messenger_client = -1;
  39 static int hf_messenger_message = -1;
  40
  41 static gint ett_dcerpc_messenger = -1;
  42
  43
  44 /* Windows messenger service listens on two endpoints:
  45  *   \pipe\msgsvc named pipe
  46  *   a dynamic UDP port
  47  */
  48
  49 static e_uuid_t uuid_dcerpc_messenger = {
  50         0x5a7b91f8, 0xff00, 0x11d0,
  51         { 0xa9, 0xb2, 0x00, 0xc0, 0x4f, 0xb6, 0xe6, 0xfc}
  52 };
  53
  54 static guint16 ver_dcerpc_messenger = 1;
  55
  56
  57
  58 /*
  59  * IDL  [in][string][ref] char *server;
  60  * IDL  [in][string][ref] char *client;
  61  * IDL  [in][string][ref] char *message;
  62  */
  63 static int
  64 messenger_dissect_send_message_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo,
  65                             proto_tree *tree, dcerpc_info *di, guint8 *drep)
  66 {
  67         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
  68                         dissect_ndr_char_cvstring, NDR_POINTER_REF,
  69                         "Server", hf_messenger_server);
  70         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
  71                         dissect_ndr_char_cvstring, NDR_POINTER_REF,
  72                         "Client", hf_messenger_client);
  73         offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
  74                         dissect_ndr_char_cvstring, NDR_POINTER_REF,
  75                         "Message", hf_messenger_message);
  76
  77
  78         return offset;
  79 }
  80 static int
  81 messenger_dissect_send_message_reply(tvbuff_t *tvb, int offset, packet_info *pinfo,
  82                             proto_tree *tree, dcerpc_info *di _U_, guint8 *drep)
  83 {
  84         offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep,
  85                                   hf_messenger_rc, NULL);
  86
  87         return offset;
  88 }
  89
  90
  91
  92 static dcerpc_sub_dissector dcerpc_messenger_dissectors[] = {
  93         {0, "NetrSendMessage",
  94                 messenger_dissect_send_message_rqst,
  95                 messenger_dissect_send_message_reply },
  96         {0, NULL, NULL,  NULL }
  97 };
  98
  99 void
 100 proto_register_dcerpc_messenger(void)
 101 {
 102         static hf_register_info hf[] = {
 103
 104                 { &hf_messenger_opnum,
 105                   { "Operation", "messenger.opnum", FT_UINT16, BASE_DEC,
 106                     NULL, 0x0, NULL, HFILL }},
 107
 108                 { &hf_messenger_rc,
 109                   { "Return code", "messenger.rc", FT_UINT32, BASE_HEX, VALS (NT_errors), 0x0, NULL, HFILL }},
 110
 111                 { &hf_messenger_server, {
 112                 "Server", "messenger.server",
 113                 FT_STRING, BASE_NONE, NULL, 0, "Server to send the message to", HFILL }},
 114
 115                 { &hf_messenger_client, {
 116                 "Client", "messenger.client",
 117                 FT_STRING, BASE_NONE, NULL, 0, "Client that sent the message", HFILL }},
 118
 119                 { &hf_messenger_message, {
 120                 "Message", "messenger.message",
 121                 FT_STRING, BASE_NONE, NULL, 0, "The message being sent", HFILL }}
 122
 123         };
 124
 125         static gint *ett[] = {
 126                 &ett_dcerpc_messenger
 127         };
 128
 129         proto_dcerpc_messenger = proto_register_protocol(
 130                 "Microsoft Messenger Service", "Messenger", "messenger");
 131
 132         proto_register_field_array (proto_dcerpc_messenger, hf, array_length (hf));
 133         proto_register_subtree_array(ett, array_length(ett));
 134
 135 }
 136
 137 void
 138 proto_reg_handoff_dcerpc_messenger(void)
 139 {
 140         /* Register protocol as dcerpc */
 141
 142         dcerpc_init_uuid(proto_dcerpc_messenger, ett_dcerpc_messenger, &uuid_dcerpc_messenger,
 143                          ver_dcerpc_messenger, dcerpc_messenger_dissectors, hf_messenger_opnum);
 144 }