ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Ethereal-dev: [Ethereal-dev] Re: Partial patch to packet-dcerpc-remact.c - call for assistance

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Ulf Lamping" <ulf.lamping@xxxxxx>
Date: Tue, 23 Sep 2003 18:58:00 +0200
> Date: Mon, 22 Sep 2003 23:20:46 -0400
> From: Todd Sabin <tsabin@xxxxxxxxxxxxx>
> Subject: Re: [Ethereal-dev] Partial patch to packet-dcerpc-remact.c -
> 	call	for assistance
> To: Yaniv Kaul <ykaul@xxxxxxxxxxxx>
> Cc: ethereal-dev <ethereal-dev@xxxxxxxxxxxx>
> Message-ID: <m3zngw2nsh.fsf@xxxxxxxxxxxxxx>
> Content-Type: text/plain; charset=us-ascii
> 
> Yaniv Kaul <ykaul@xxxxxxxxxxxx> writes:
> 
> > <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
> > <html>
> > <head>
> 
> Please don't send html email.  (That may be why no one else has
> replied to you, yet.)
> 
> > With all the noise around DCOM over
> > DCE-RPC, no one bothered to dissect it properly.
> > I've began adding proper dissection to it.
> > However, due to lack of time, lack of GOOD (read: not exploits) traffic
> > captures, and lack of normal documentation of this protocol, I'm unable
> > to complete the dissector properly.
> > I'll be happy if someone can pick it up and finish it or help me a bit.
> > Once this is done, it'll be trivial to do SystemActivator over DCE-RPC.
> 
> Actually, Ulf Lamping did quite a lot of work on DCOM (including the
> REMACT interface) over a year ago, but it has yet to make in into
> ethereal.  That's most likely my fault, as I asked him to break his
> work up into several patches, and then had no time to look at them.
> (Sorry, Ulf!)
> 
> > Attached please find my uncomplete patch. (Do NOT check in). Pay
> > attention to the FIXME notes in it.
> 
> Haven't looked at it, yet, but I'll try to go over that and Ulf's
> older stuff in the near future.  Of course, I may find that I don't
> have the time again, in which case I'd suggest that Guy (or someone)
> just apply Ulf's stuff as it stands (though the patch is probably
> stale by now).
> 
> -- 
> Todd Sabin                                          <tsabin@xxxxxxxxxxxxx>
> 
> 

Hi Todd, hi Yaniv!

The last time I tried to submit patches to this topic, I ran "out of spirit", as I couldn't get any patches checked in.

I'm using my DCOM dissection for over a year now, it's working quite well for me and others.

As I have also made a lot of other changes compared to the CVS tree, my diff file is getting larger and larger (about 50kB right now + other seperate files), and submitting patches is now even more complicated for me than a year ago. But my tree is still in sync with latest CVS :-)

Regards, ULFL

______________________________________________________________________________
Die Besten ihrer Klasse! WEB.DE FreeMail (1,7) und WEB.DE Club (1,9) -
bei der Stiftung Warentest - ein Doppelsieg! http://f.web.de/?mc=021184
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube