Ethereal-dev: Re: [Ethereal-dev] Dissecting SAMR GetDomainPasswordInfo

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Jaime Fournier <jafour1@xxxxxxxxx>
Date: Sat, 9 Nov 2002 11:19:34 -0800 (PST)
Depending if it's nul terminated or not.
I have some examples in the other dcerpc code such as
packet-dcerpc-cds_clerkxxx.c

--- dheitmueller <dheitmueller@xxxxxxxxxxx> wrote:
> 
> I am looking at the dissection routine for the
> GetDomainPasswordInfo, and it fails to properly
> dissect the request.
> 
> Looking at the source code (packet-dcerpc-samr.c
> line 2011), the domain field is using
> dissect_ndr_pointer.  However, when I look at the
> payload, it would appear that we are dealing with a
> straight UNICODE string.
> 
> xx xx xx xx xx xx xx xx 08 00 00 00 5c 00 5c 00
> ........ ....\.\.
> 70 00 61 00 75 00 6c 00 32 00 30 00            
> p.a.u.l. 2.0.
> 
> It looks like there is just a length, an offset,
> then the string.
> 
> I am trying to figure out the NDR routines for
> dissecting strings, and do not see one that handles
> this format.  If I recall, I had the same issue with
> the NTLMSSP dissector, and ended up decoding it into
> three separate fields (length, offset, string) using
> get_unicode_or_ascii_string.
> 
> So here's the question.  Is there a more standard
> function for decoding this string type.  Also, does
> anyone have a packet capture for this request that
> DOES properly dissect the request?  The last thing I
> want to do is break someone elses dissector.
> 
> Devin Heitmueller
> Senior Software Engineer
> Netilla Networks Inc
> 
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
>
http://www.ethereal.com/mailman/listinfo/ethereal-dev


=====
Jaime Fournier

__________________________________________________
Do you Yahoo!?
U2 on LAUNCH - Exclusive greatest hits videos
http://launch.yahoo.com/u2