Ethereal-dev: [Ethereal-dev] DCOM implementation, first try!

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Ulf Lamping <ulf.lamping@xxxxxx>
Date: Mon, 26 Aug 2002 00:58:55 +0200
Hi list!

Here is the first implementation of the DCOM dissection I mentioned earlier.

All files for DCOM currently called something like: "packet-dcerpc-xy.c"
(e.g. packet-dcerpc-oxid.c). I have called them "packet-dcom-xy.c", 
as the DCOM dissectors mentioned above are sitting on top of DCOM, not on top of DCERPC,
and of course the DCOM implementation itself is not part of DCERPC.

What I have done so far to add DCOM to Ethereal:

Changes in the existing code:
-----------------------------
Changes in dcerpc.c/.h:
new methods dissect_dcerpc_uuid() and similar
Special uuid registration for DCOM subdissectors (I'm not happy with this).

Changes in dcerpc-ndr.c:
added some simple datatypes: float, double, uuid

New code implemented decoding the basic DCOM mechanisms (in WinNt4):
--------------------------------------------------------------------
implementation of a lot DCOM datatypes:
-BYTE,WORD,DWORD,...
-DATE,FILETIME,BSTR,OBJREF,DUALSTRINGARRAY,...
-VARIANT (currently not all varianttypes)
-SAFEARRAY (currently not all data types)

Implementation of the following DCOM-interfaces (still some lesser used methods missing):
-IOXIDResolver (now implemented)
-IRemoteActivation (now implemented)
-IRemUnknown (newly implemented)
-IDispatch (newly implemented, not complete)


Hint to Check-In the code:
--------------------------
1. add the attached files from zip
2. patch existing code using cvs.diff from zip
3. Delete the files (packet-dcerpc-oxid.c and packet-dcerpc-remact.c)


Conclusion:
-----------
I'm currently not satisfied with my implementation of the DCOM subdissector protocol registration inside packet-dcerpc.c.

I need some more example capture files, as there are still a lot of ToBeDone's inside the code.

Info: The code has the "ready to use" state, but is maybe not "production stable".

Regards ULFL

______________________________________________________________________________
Weniger ist manchmal mehr. Verwalten Sie alle E-Mail-Adressen zentral.
Mehr Informationen unter: http://freemail.web.de/?mc=021122

Attachment: packet-dcom.zip
Description: Zip compressed data