Ethereal-dev: [Ethereal-dev] new dcerpc dissector
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Jaime Fournier <jafour1@xxxxxxxxx>
Date: Tue, 21 Oct 2003 14:37:57 -0700 (PDT)
Attached is a dissector for yet another DCERPC interface. ===== Jaime Fournier __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com
/* packet-dcerpc-butc.c * Routines for butc dissection * Copyright 2002, Jaime Fournier <jafour1@xxxxxxxxx> * This information is based off the released idl files from opengroup. * ftp://ftp.opengroup.org/pub/dce122/dce/src/file.tar.gz bubasics/butc.idl * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@xxxxxxxxxxxx> * Copyright 1998 Gerald Combs * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifdef HAVE_CONFIG_H #include "config.h" #endif #ifdef HAVE_SYS_TYPES_H #include <sys/types.h> #endif #include <string.h> #include <glib.h> #include <epan/packet.h> #include "packet-dcerpc.h" #include "packet-dcerpc-macros.h" static int proto_butc = -1; static int hf_butc_opnum = -1; static gint ett_butc = -1; static e_uuid_t uuid_butc = { 0x1d193c08, 0x000b, 0x11ca, { 0xba, 0x1d, 0x02, 0x60, 0x8c, 0x2e, 0xa9, 0x6e } }; static guint16 ver_butc = 4; #define TC_DEFAULT_STACK_SIZE (150*1024) /* stack size for tc threads */ #define TC_MAXGENNAMELEN 512 /* length of generic name */ #define TC_MAXDUMPPATH 256 /* dump path names*/ #define TC_MAXNAMELEN 128 /* name length */ #define TC_MAXFORMATLEN 100 /*size of the format statement */ #define TC_MAXHOSTLEN 128 /*for server/machine names */ #define TC_MAXTAPELEN 256 /*max tape name allowed */ #define TC_STAT_DONE 1 /* all done */ #define TC_STAT_OPRWAIT 2 /* waiting for user interaction */ #define TC_STAT_DUMP 4 /* true if dump, false if restore */ #define TC_STAT_ABORTED 8 /* the operation was aborted */ #define TC_STAT_ERROR 16 /* error ocuured in the operation */ #define TSK_STAT_FIRST 0x1 /* get id of first task */ #define TSK_STAT_END 0x2 /* no more tasks */ #define TSK_STAT_NOTFOUND 0x4 /* couldn't find task id requested */ #define TCOP_NONE 0 #define TCOP_READLABEL 1 #define TCOP_LABELTAPE 2 #define TCOP_DUMP 3 #define TCOP_RESTORE 4 #define TCOP_SCANTAPE 5 #define TCOP_SAVEDB 6 #define TCOP_RESTOREDB 7 #define TCOP_STATUS 8 #define TCOP_SPARE 9 /* macro time */ /* handle tc_dumpInterface */ static int butc_performdump_resp (tvbuff_t * tvb, int offset, packet_info * pinfo, proto_tree * tree, char *drep) { /* [ref, in] tc_dumpInterface *tcdiPtr, [ref, in] tc_dumpArray *dumps, [ref, out] signed32 *dumpID */ return offset; } static dcerpc_sub_dissector butc_dissectors[] = { { 0, "PerformDump", NULL, NULL}, { 1, "PerformRestore", NULL, NULL}, { 2, "AbortDump", NULL, NULL}, { 3, "LabelTape", NULL, NULL}, { 4, "ReadLabel", NULL, NULL}, { 5, "ScanDumps", NULL, NULL}, { 6, "TCInfo", NULL, NULL}, { 7, "SaveDb", NULL, NULL}, { 8, "RestoreDb", NULL, NULL}, { 9, "EndStatus", NULL, NULL}, { 10, "GetStatus", NULL, NULL}, { 11, "RequestAbort", NULL, NULL}, { 12, "ScanStatus", NULL, NULL}, { 13, "GetServerInterfaces", NULL, NULL}, { 0, NULL, NULL, NULL } }; static const value_string butc_opnum_vals[] = { { 0, "PerformDump"}, { 1, "PerformRestore"}, { 2, "AbortDump"}, { 3, "LabelTape"}, { 4, "ReadLabel"}, { 5, "ScanDumps"}, { 6, "TCInfo"}, { 7, "SaveDb"}, { 8, "RestoreDb"}, { 9, "EndStatus"}, { 10, "GetStatus"}, { 11, "RequestAbort"}, { 12, "ScanStatus"}, { 13, "GetServerInterfaces"}, }; void proto_register_butc (void) { static hf_register_info hf[] = { { &hf_butc_opnum, { "Operation", "butc.opnum", FT_UINT16, BASE_DEC, VALS(butc_opnum_vals), 0x0, "Operation", HFILL }}, }; static gint *ett[] = { &ett_butc, }; proto_butc = proto_register_protocol ("DCE/RPC BUTC", "BUTC", "butc"); proto_register_field_array (proto_butc, hf, array_length (hf)); proto_register_subtree_array (ett, array_length (ett)); } void proto_reg_handoff_butc (void) { /* Register the protocol as dcerpc */ dcerpc_init_uuid (proto_butc, ett_butc, &uuid_butc, ver_butc, butc_dissectors, hf_butc_opnum); }
- Follow-Ups:
- Re: [Ethereal-dev] new dcerpc dissector
- From: Ronnie Sahlberg
- Re: [Ethereal-dev] new dcerpc dissector
- Prev by Date: Re: [Ethereal-dev] Truncated frames, SCSI & decoding question
- Next by Date: Re: [Ethereal-dev] Menu Usability Changes
- Previous by thread: RE: [Ethereal-dev] Truncated frames, SCSI & decoding question
- Next by thread: Re: [Ethereal-dev] new dcerpc dissector
- Index(es):