Depending if it's nul terminated or not.
I have some examples in the other dcerpc code such as
packet-dcerpc-cds_clerkxxx.c
--- dheitmueller <dheitmueller@xxxxxxxxxxx> wrote:
>
> I am looking at the dissection routine for the
> GetDomainPasswordInfo, and it fails to properly
> dissect the request.
>
> Looking at the source code (packet-dcerpc-samr.c
> line 2011), the domain field is using
> dissect_ndr_pointer. However, when I look at the
> payload, it would appear that we are dealing with a
> straight UNICODE string.
>
> xx xx xx xx xx xx xx xx 08 00 00 00 5c 00 5c 00
> ........ ....\.\.
> 70 00 61 00 75 00 6c 00 32 00 30 00
> p.a.u.l. 2.0.
>
> It looks like there is just a length, an offset,
> then the string.
>
> I am trying to figure out the NDR routines for
> dissecting strings, and do not see one that handles
> this format. If I recall, I had the same issue with
> the NTLMSSP dissector, and ended up decoding it into
> three separate fields (length, offset, string) using
> get_unicode_or_ascii_string.
>
> So here's the question. Is there a more standard
> function for decoding this string type. Also, does
> anyone have a packet capture for this request that
> DOES properly dissect the request? The last thing I
> want to do is break someone elses dissector.
>
> Devin Heitmueller
> Senior Software Engineer
> Netilla Networks Inc
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
>
http://www.ethereal.com/mailman/listinfo/ethereal-dev
=====
Jaime Fournier
__________________________________________________
Do you Yahoo!?
U2 on LAUNCH - Exclusive greatest hits videos
http://launch.yahoo.com/u2