Wireshark · Ethereal-dev: [Ethereal-dev] Dissecting SAMR GetDomainPasswordInfo

Ethereal-dev: [Ethereal-dev] Dissecting SAMR GetDomainPasswordInfo

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: dheitmueller <dheitmueller@xxxxxxxxxxx>

Date: Sat, 09 Nov 2002 11:49:49 -0500 (EST)

I am looking at the dissection routine for the GetDomainPasswordInfo, and it fails to properly dissect the request.

Looking at the source code (packet-dcerpc-samr.c line 2011), the domain field is using dissect_ndr_pointer.  However, when I look at the payload, it would appear that we are dealing with a straight UNICODE string.

xx xx xx xx xx xx xx xx 08 00 00 00 5c 00 5c 00 ........ ....\.\.
70 00 61 00 75 00 6c 00 32 00 30 00             p.a.u.l. 2.0.

It looks like there is just a length, an offset, then the string.

I am trying to figure out the NDR routines for dissecting strings, and do not see one that handles this format.  If I recall, I had the same issue with the NTLMSSP dissector, and ended up decoding it into three separate fields (length, offset, string) using get_unicode_or_ascii_string.

So here's the question.  Is there a more standard function for decoding this string type.  Also, does anyone have a packet capture for this request that DOES properly dissect the request?  The last thing I want to do is break someone elses dissector.

Devin Heitmueller
Senior Software Engineer
Netilla Networks Inc

Follow-Ups:
- Re: [Ethereal-dev] Dissecting SAMR GetDomainPasswordInfo
  - From: Jaime Fournier
- Re: [Ethereal-dev] Dissecting SAMR GetDomainPasswordInfo
  - From: Ronnie Sahlberg

Prev by Date: Re: [Ethereal-dev] problems with packets inside ICMP
Next by Date: Re: [Ethereal-dev] patch for packet-m2pa.c: support draft -2 as option and add preference for port numbers
Previous by thread: Re: [Ethereal-dev] Compilation problems on rh8.0 gcc 3.2
Next by thread: Re: [Ethereal-dev] Dissecting SAMR GetDomainPasswordInfo
Index(es):
- Date
- Thread