Wireshark 4.7.0
The Wireshark network protocol analyzer
Loading...
Searching...
No Matches
packet-dcerpc-nt.h
1/* packet-dcerpc-nt.h
2 * Routines for DCERPC over SMB packet disassembly
3 * Copyright 2001-2003 Tim Potter <[email protected]>
4 *
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <[email protected]>
7 * Copyright 1998 Gerald Combs
8 *
9 * SPDX-License-Identifier: GPL-2.0-or-later
10 */
11
12#ifndef __PACKET_DCERPC_NT_H
13#define __PACKET_DCERPC_NT_H
14
15#include <epan/dissectors/packet-dcerpc.h>
16#include "ws_symbol_export.h"
17
18/*
19 * Platform ID values, used by several dissectors.
20 */
21extern const value_string platform_id_vals[];
22
23/* Routines for handling deferral of referants in NDR */
24
25#define ALIGN_TO_8_BYTES \
26 { \
27 if(!di->conformant_run) { \
28 if(offset&0x07) { \
29 offset=(offset&0xfffffff8)+8; \
30 } \
31 } \
32 }
33#define ALIGN_TO_4_BYTES \
34 { \
35 if(!di->conformant_run) { \
36 if(offset&0x03) { \
37 offset=(offset&0xfffffffc)+4; \
38 } \
39 } \
40 }
41#define ALIGN_TO_2_BYTES \
42 { \
43 if(!di->conformant_run) { \
44 if(offset&0x01) { \
45 offset=(offset&0xfffffffe)+2; \
46 } \
47 } \
48 }
49
50#define ALIGN_TO_5_BYTES ALIGN_TO_4_OR_8_BYTES
51
52#define ALIGN_TO_4_OR_8_BYTES \
53 { \
54 if (di->call_data->flags & DCERPC_IS_NDR64) { \
55 ALIGN_TO_8_BYTES; \
56 } else { \
57 ALIGN_TO_4_BYTES; \
58 } \
59 }
60
61#define ALIGN_TO_3_BYTES ALIGN_TO_2_OR_4_BYTES
62
63#define ALIGN_TO_2_OR_4_BYTES \
64 { \
65 if (di->call_data->flags & DCERPC_IS_NDR64) { \
66 ALIGN_TO_4_BYTES; \
67 } else { \
68 ALIGN_TO_2_BYTES; \
69 } \
70 }
71
72#define UNION_ALIGN_TO_2_BYTES \
73 do { \
74 if (di->call_data->flags & DCERPC_IS_NDR64) { \
75 ALIGN_TO_2_BYTES; \
76 } \
77 } while(0)
78
79#define UNION_ALIGN_TO_3_BYTES \
80 do { \
81 if (di->call_data->flags & DCERPC_IS_NDR64) { \
82 ALIGN_TO_3_BYTES; \
83 } \
84 } while(0)
85
86#define UNION_ALIGN_TO_4_BYTES \
87 do { \
88 if (di->call_data->flags & DCERPC_IS_NDR64) { \
89 ALIGN_TO_4_BYTES; \
90 } \
91 } while(0)
92
93#define UNION_ALIGN_TO_5_BYTES \
94 do { \
95 if (di->call_data->flags & DCERPC_IS_NDR64) { \
96 ALIGN_TO_5_BYTES; \
97 } \
98 } while(0)
99
100#define UNION_ALIGN_TO_8_BYTES \
101 do { \
102 if (di->call_data->flags & DCERPC_IS_NDR64) { \
103 ALIGN_TO_8_BYTES; \
104 } \
105 } while(0)
106
107unsigned
108dissect_ndr_datablob(tvbuff_t *tvb, unsigned offset, packet_info *pinfo,
109 proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hf_index,
110 int use_remaining_space);
111
112unsigned
113dissect_null_term_string(tvbuff_t *tvb, unsigned offset, packet_info *pinfo,
114 proto_tree *tree, uint8_t *drep, int hf_index,
115 int levels);
116
117unsigned
118dissect_null_term_wstring(tvbuff_t *tvb, unsigned offset, packet_info *pinfo,
119 proto_tree *tree, uint8_t *drep, int hf_index,
120 int levels);
121
122unsigned
123dissect_ndr_counted_ascii_string_cb(tvbuff_t *tvb, unsigned offset,
124 packet_info *pinfo, proto_tree *tree,
125 dcerpc_info *di, uint8_t *drep, int hf_index,
126 dcerpc_callback_fnct_t *callback,
127 void *callback_args);
128unsigned
129dissect_ndr_counted_ascii_string(tvbuff_t *tvb, unsigned offset,
130 packet_info *pinfo, proto_tree *tree,
131 dcerpc_info *di, uint8_t *drep, int hf_index, int levels);
132
133unsigned
134dissect_ndr_counted_string_cb(tvbuff_t *tvb, unsigned offset,
135 packet_info *pinfo, proto_tree *tree,
136 dcerpc_info *di, uint8_t *drep, int hf_index,
137 dcerpc_callback_fnct_t *callback,
138 void *callback_args);
139
140unsigned
141dissect_ndr_counted_string_ptr(tvbuff_t *tvb, unsigned offset,
142 packet_info *pinfo, proto_tree *parent_tree,
143 dcerpc_info *di, uint8_t *drep);
144
145unsigned
146dissect_ndr_counted_string(tvbuff_t *tvb, unsigned offset,
147 packet_info *pinfo, proto_tree *parent_tree,
148 dcerpc_info *di, uint8_t *drep, int hf_index, int levels);
149
150unsigned
151dissect_ndr_counted_byte_array(tvbuff_t *tvb, unsigned offset,
152 packet_info *pinfo, proto_tree *parent_tree,
153 dcerpc_info *di, uint8_t *drep, int hf_index, int levels);
154
155unsigned
156dissect_ndr_counted_byte_array_cb(tvbuff_t *tvb, unsigned offset,
157 packet_info *pinfo, proto_tree *tree,
158 dcerpc_info *di, uint8_t *drep, int hf_index,
159 dcerpc_callback_fnct_t *callback,
160 void *callback_args);
161
162unsigned
163dissect_ndr_nt_acct_ctrl(tvbuff_t *tvb, unsigned offset, packet_info *pinfo,
164 proto_tree *parent_tree, dcerpc_info *di, uint8_t *drep);
165
166unsigned
167dissect_nt_GUID(tvbuff_t *tvb, unsigned offset,
168 packet_info *pinfo, proto_tree *tree,
169 dcerpc_info *di, uint8_t *drep);
170
171unsigned
172dissect_ndr_lsa_String(tvbuff_t *tvb, unsigned offset, packet_info *pinfo,
173 proto_tree *parent_tree, dcerpc_info *di, uint8_t *drep,
174 uint32_t param, int hfindex);
175
176WS_DLL_PUBLIC
177unsigned
178dissect_ndr_nt_NTTIME (tvbuff_t *tvb, unsigned offset,
179 packet_info *pinfo, proto_tree *tree,
180 dcerpc_info *di, uint8_t *drep, int hf_index);
181unsigned
182dissect_ndr_nt_NTTIME_hyper (tvbuff_t *tvb, unsigned offset,
183 packet_info *pinfo, proto_tree *tree,
184 dcerpc_info *di, uint8_t *drep, int hf_index);
185unsigned
186dissect_ndr_nt_NTTIME_1sec (tvbuff_t *tvb, unsigned offset,
187 packet_info *pinfo, proto_tree *tree,
188 dcerpc_info *di, uint8_t *drep, int hf_index);
189unsigned
190dissect_ndr_nt_LOGON_HOURS(tvbuff_t *tvb, unsigned offset,
191 packet_info *pinfo, proto_tree *parent_tree,
192 dcerpc_info *di, uint8_t *drep);
193unsigned
194dissect_ndr_nt_SID(tvbuff_t *tvb, unsigned offset,
195 packet_info *pinfo, proto_tree *tree,
196 dcerpc_info *di, uint8_t *drep);
197unsigned
198dissect_ndr_nt_SID_with_options(tvbuff_t *tvb, unsigned offset,
199 packet_info *pinfo, proto_tree *tree,
200 dcerpc_info *di, uint8_t *drep, uint32_t options, int hf_index);
201unsigned
202dissect_ndr_nt_PSID_cb(tvbuff_t *tvb, unsigned offset,
203 packet_info *pinfo, proto_tree *parent_tree,
204 dcerpc_info *di, uint8_t *drep,
205 dcerpc_callback_fnct_t *callback, void *callback_args);
206unsigned
207dissect_ndr_nt_PSID(tvbuff_t *tvb, unsigned offset,
208 packet_info *pinfo, proto_tree *parent_tree,
209 dcerpc_info *di, uint8_t *drep);
210unsigned
211dissect_ndr_nt_PSID_ARRAY(tvbuff_t *tvb, unsigned offset,
212 packet_info *pinfo, proto_tree *parent_tree,
213 dcerpc_info *di, uint8_t *drep);
214
215unsigned
216dissect_ndr_nt_SE_GROUP_ATTRIBUTES(tvbuff_t *tvb, unsigned offset,
217 packet_info *pinfo, proto_tree *parent_tree,
218 dcerpc_info *di, uint8_t *drep);
219
220unsigned
221dissect_ndr_nt_SID_AND_ATTRIBUTES_ARRAY(tvbuff_t *tvb, unsigned offset,
222 packet_info *pinfo, proto_tree *parent_tree,
223 dcerpc_info *di, uint8_t *drep);
224unsigned
225dissect_ndr_nt_SID_AND_ATTRIBUTES(tvbuff_t *tvb, unsigned offset,
226 packet_info *pinfo, proto_tree *parent_tree,
227 dcerpc_info *di, uint8_t *drep);
228
229unsigned
230dissect_ndr_nt_SID28(tvbuff_t *tvb, unsigned offset, packet_info *pinfo,
231 proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hf_index);
232/*
233 * Policy handle hashing
234 */
235
236/* Store open and close packet numbers for a policy handle */
237
238void
239dcerpc_smb_store_pol_pkts(e_ctx_hnd *policy_hnd, packet_info *pinfo,
240 uint32_t param);
241
242/* Store a name with a policy handle */
243
244void
245dcerpc_store_polhnd_name(e_ctx_hnd *policy_hnd, packet_info *pinfo,
246 const char *name);
247
248/* Fetch details stored with a policy handle */
249
250bool
251dcerpc_fetch_polhnd_data(e_ctx_hnd *policy_hnd, char **name, uint32_t *type,
252 uint32_t *open_frame, uint32_t *close_frame,
253 uint32_t cur_frame);
254
255/* Dissect NT specific things */
256
257unsigned
258dissect_ntstatus(tvbuff_t *tvb, unsigned offset, packet_info *pinfo,
259 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
260 int hfindex, uint32_t *pdata);
261
262unsigned
263dissect_doserror(tvbuff_t *tvb, unsigned offset, packet_info *pinfo,
264 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
265 int hfindex, uint32_t *pdata);
266
267unsigned
268dissect_werror(tvbuff_t *tvb, unsigned offset, packet_info *pinfo,
269 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
270 int hfindex, uint32_t *pdata);
271
272unsigned
273dissect_hresult(tvbuff_t *tvb, unsigned offset, packet_info *pinfo,
274 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
275 int hfindex, uint32_t *pdata);
276
277unsigned
278dissect_nt_policy_hnd(tvbuff_t *tvb, unsigned offset, packet_info *pinfo,
279 proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex,
280 e_ctx_hnd *pdata, proto_item **pitem,
281 uint32_t param);
282
283unsigned
284PIDL_dissect_policy_hnd(tvbuff_t *tvb, unsigned offset, packet_info *pinfo,
285 proto_tree *tree, dcerpc_info* di, uint8_t *drep, int hfindex,
286 uint32_t param);
287
288unsigned
289dissect_nt_guid_hnd(tvbuff_t *tvb, unsigned offset, packet_info *pinfo,
290 proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex,
291 e_ctx_hnd *pdata, proto_item **pitem,
292 uint32_t param);
293
294unsigned
295dissect_nt_LUID(tvbuff_t *tvb, unsigned offset,
296 packet_info *pinfo, proto_tree *tree,
297 uint8_t *drep);
298
299/* Stored here instead of packet-dcerpc{,-ndr}.c as they are probably not
300 official NDR representations. */
301
302unsigned dissect_dcerpc_uint8s(tvbuff_t *tvb, unsigned offset, packet_info *pinfo,
303 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
304 int hfindex, int length, const uint8_t **pdata);
305
306unsigned dissect_ndr_uint8s(tvbuff_t *tvb, unsigned offset, packet_info *pinfo,
307 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
308 int hfindex, int length, const uint8_t **pdata);
309
310unsigned dissect_dcerpc_uint16s(tvbuff_t *tvb, unsigned offset, packet_info *pinfo,
311 proto_tree *tree, uint8_t *drep,
312 int hfindex, int length);
313
314unsigned dissect_ndr_uint16s(tvbuff_t *tvb, unsigned offset, packet_info *pinfo,
315 proto_tree *tree, dcerpc_info *di, uint8_t *drep,
316 int hfindex, int length);
317
318unsigned dissect_ndr_str_pointer_item(tvbuff_t *tvb, unsigned offset,
319 packet_info *pinfo, proto_tree *tree,
320 dcerpc_info *di, uint8_t *drep, int type, const char *text,
321 int hf_index, int levels);
322
323unsigned nt_dissect_MIDL_NDRHEADERBLOB(proto_tree *parent_tree, tvbuff_t *tvb, unsigned offset, uint8_t *drep);
324
325/*
326 * Helper routines for dissecting NDR strings
327 */
328
329/* Number of levels to go up appending string to pointer item */
330#define CB_STR_ITEM_LEVELS(x) ((x) & 0xFFFF)
331#define CB_STR_SAVE 0x20000000 /* Save string to dcv->private_data */
332#define CB_STR_COL_INFO 0x10000000 /* Append string to COL_INFO */
333
334void cb_wstr_postprocess(packet_info *pinfo, proto_tree *tree _U_,
335 proto_item *item, dcerpc_info *di, tvbuff_t *tvb,
336 unsigned start_offset, unsigned end_offset,
337 void *callback_args);
338void cb_str_postprocess(packet_info *pinfo, proto_tree *tree _U_,
339 proto_item *item, dcerpc_info *di, tvbuff_t *tvb,
340 unsigned start_offset, unsigned end_offset,
341 void *callback_args);
342
343/* Initialise DCERPC over SMB */
344
345void dcerpc_smb_init(int proto_dcerpc);
346
347/* Used into packet-dcerpc-netlogon.c*/
348extern int hf_nt_cs_len;
349extern int hf_nt_cs_size;
350
351#endif /* packet-dcerpc-nt.h */
_dcerpc_info
Definition packet-dcerpc.h:154
_e_ctx_hnd
Definition packet-dcerpc.h:54
_packet_info
Definition packet_info.h:43
_proto_node
Definition proto.h:907
_value_string
Mapping between a 32-bit integer value and its string representation.
Definition value_string.h:33
tvbuff
Definition tvbuff-int.h:36
Generated by doxygen 1.9.8