Wireshark-dev: Re: [Wireshark-dev] ASN1: How to display an octet-string as UTF16 LE

From: Isaac Boukris <iboukris@xxxxxxxxx>
Date: Wed, 16 Jun 2021 17:36:54 +0300
On Wed, Jun 16, 2021 at 2:48 PM Anders Broman via Wireshark-dev
<wireshark-dev@xxxxxxxxxxxxx> wrote:
>
>
>
> -----Original Message-----
> From: Wireshark-dev <wireshark-dev-bounces@xxxxxxxxxxxxx> On Behalf Of Isaac Boukris
> Sent: den 16 juni 2021 12:52
> To: wireshark-dev@xxxxxxxxxxxxx
> Subject: [Wireshark-dev] ASN1: How to display an octet-string as UTF16 LE
>
> Hello,
>
> I'd like to add the following asn1 struct to the credssp dissector (following MR 3020):
> TSRemoteGuardPackageCred ::= SEQUENCE {
>         packageName     [0] OCTET STRING,
>         credBuffer      [1] OCTET STRING
> }
>
> It gets displayed like this:
> logonCred
>     packageName: 4b00650072006200650072006f007300
>     credBuffer:
> 0a000000020000007304000018050000200000000000000093040000000000006182046f…
>
> Now, the package name is a UTF16 LE string (Kerberos), and I wonder if there is an easy way to make it display it as a string instead of HEX
> - thoughts?
>
> Thanks!
>
> Hi,
> If it's always an UTF16 string you will have to do .cnf magic and add something like
> proto_tree_add_item(tree, hf_krb_pac_upn_upn_name, tvb, upn_offset, upn_len, ENC_UTF_16|ENC_LITTLE_ENDIAN);

Thanks, replacing the DEFAULT_BODY along with setting TYPE_ATTR did
the trick. I wonder if it could be better generalized but anyway that
would be for another day.

Regards