Yaniv Kaul <ykaul@xxxxxxxxxxxx> writes:
> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
> <html>
> <head>
Please don't send html email. (That may be why no one else has
replied to you, yet.)
> With all the noise around DCOM over
> DCE-RPC, no one bothered to dissect it properly.
> I've began adding proper dissection to it.
> However, due to lack of time, lack of GOOD (read: not exploits) traffic
> captures, and lack of normal documentation of this protocol, I'm unable
> to complete the dissector properly.
> I'll be happy if someone can pick it up and finish it or help me a bit.
> Once this is done, it'll be trivial to do SystemActivator over DCE-RPC.
Actually, Ulf Lamping did quite a lot of work on DCOM (including the
REMACT interface) over a year ago, but it has yet to make in into
ethereal. That's most likely my fault, as I asked him to break his
work up into several patches, and then had no time to look at them.
(Sorry, Ulf!)
> Attached please find my uncomplete patch. (Do NOT check in). Pay
> attention to the FIXME notes in it.
Haven't looked at it, yet, but I'll try to go over that and Ulf's
older stuff in the near future. Of course, I may find that I don't
have the time again, in which case I'd suggest that Guy (or someone)
just apply Ulf's stuff as it stands (though the patch is probably
stale by now).
--
Todd Sabin <tsabin@xxxxxxxxxxxxx>