12#ifndef __PACKET_DCERPC_H__
13#define __PACKET_DCERPC_H__
16#include "ws_symbol_export.h"
22#define DCERPC_TABLE_NAME "dcerpc.uuid"
26#define DREP_LITTLE_ENDIAN 0x10
28#define DREP_EBCDIC 0x01
33#define DREP_ENC_INTEGER(drep) \
34 (((drep)[0] & DREP_LITTLE_ENDIAN) ? ENC_LITTLE_ENDIAN : ENC_BIG_ENDIAN)
39#define DREP_ENC_CHAR(drep) \
40 (((drep)[0] & DREP_EBCDIC) ? ENC_EBCDIC|ENC_NA : ENC_ASCII|ENC_NA)
49#define DCERPC_UUID_NULL { 0,0,0, {0,0,0,0,0,0,0,0} }
52#define DCERPC_UUID_STR_LEN 36+1
61 uint8_t rpc_ver_minor;
98 uint32_t auth_context_id;
150#define DCERPC_IS_NDR64 0x00000001
157 uint64_t transport_salt;
161 int32_t conformant_eaten;
162 uint32_t array_max_count;
163 uint32_t array_max_count_offset;
164 uint32_t array_offset;
165 uint32_t array_offset_offset;
166 uint32_t array_actual_count;
167 uint32_t array_actual_count_offset;
170 const char *dcerpc_procedure_name;
180 bool must_check_size;
209#define PDU_CL_CANCEL 8
211#define PDU_CANCEL_ACK 10
213#define PDU_BIND_ACK 12
214#define PDU_BIND_NAK 13
216#define PDU_ALTER_ACK 15
218#define PDU_SHUTDOWN 17
219#define PDU_CO_CANCEL 18
220#define PDU_ORPHANED 19
228uint16_t dcerpc_tvb_get_ntohs (
tvbuff_t *tvb,
int offset, uint8_t *drep);
229uint32_t dcerpc_tvb_get_ntohl (
tvbuff_t *tvb,
int offset, uint8_t *drep);
230void dcerpc_tvb_get_uuid (
tvbuff_t *tvb,
int offset, uint8_t *drep,
e_guid_t *uuid);
234 int hfindex, uint8_t *pdata);
238 int hfindex, uint8_t *pdata);
242 int hfindex, uint16_t *pdata);
246 int hfindex, uint32_t *pdata);
250 int hfindex, uint64_t *pdata);
253 int hfindex,
float *pdata);
256 int hfindex,
double *pdata);
259 int hfindex, uint32_t *pdata);
271 int hfindex, uint8_t *pdata);
277 int hfindex, uint16_t *pdata);
283 int hfindex, uint32_t *pdata);
289 int hfindex, uint64_t *pdata);
293 int hfindex, uint64_t *pdata);
299 int hfindex,
float *pdata);
303 int hfindex,
double *pdata);
308 int hfindex, uint32_t *pdata);
317#define FT_UINT1632 FT_UINT32
318typedef uint32_t uint1632_t;
323 int hfindex, uint1632_t *pdata);
325typedef uint64_t uint3264_t;
330 int hfindex, uint3264_t *pdata);
337#define NDR_POINTER_REF 1
338#define NDR_POINTER_UNIQUE 2
339#define NDR_POINTER_PTR 3
343 dcerpc_dissect_fnct_t *fnct,
int type,
const char *text,
344 int hf_index, dcerpc_callback_fnct_t *callback,
345 void *callback_args);
349 dcerpc_dissect_fnct_t *fnct,
int type,
const char *text,
354 dcerpc_dissect_fnct_t *fnct,
int type,
const char *text,
358 dcerpc_dissect_fnct_t *fnct,
int type,
const char *text,
364 dcerpc_dissect_fnct_t *fnct);
368 dcerpc_dissect_fnct_blk_t *fnct);
375 dcerpc_dissect_fnct_t *fnct);
379 dcerpc_dissect_fnct_blk_t *fnct);
384 dcerpc_dissect_fnct_t *fnct);
391 int hfinfo,
bool add_subtree,
401 int hfindex,
bool add_subtree,
char **data);
404 int hfinfo,
bool add_subtree,
414 dcerpc_dissect_fnct_t *dissect_rqst;
415 dcerpc_dissect_fnct_t *dissect_resp;
424const char *dcerpc_get_proto_name(
e_guid_t *uuid, uint16_t ver);
426int dcerpc_get_proto_hf_opnum(
e_guid_t *uuid, uint16_t ver);
436WS_DLL_PUBLIC
void decode_dcerpc_reset_all(
void);
437typedef void (*decode_add_show_list_func)(
void *data,
void *user_data);
438WS_DLL_PUBLIC
void decode_dcerpc_add_show_list(decode_add_show_list_func func,
void *user_data);
447WS_DLL_PUBLIC GHashTable *dcerpc_uuids;
471 dcerpc_dissect_fnct_t *bind_fn;
472 dcerpc_dissect_fnct_t *bind_ack_fn;
473 dcerpc_dissect_fnct_t *auth3_fn;
474 dcerpc_dissect_fnct_t *req_verf_fn;
475 dcerpc_dissect_fnct_t *resp_verf_fn;
479 dcerpc_decode_data_fnct_t *req_data_fn;
480 dcerpc_decode_data_fnct_t *resp_data_fn;
484void register_dcerpc_auth_subdissector(uint8_t auth_level, uint8_t auth_type,
497 uint64_t transport_salt;
504WS_DLL_PUBLIC uint64_t dcerpc_get_transport_salt(
packet_info *pinfo);
505WS_DLL_PUBLIC
void dcerpc_set_transport_salt(uint64_t dcetransportsalt,
packet_info *pinfo);
515#define DCE_C_RPC_AUTHN_PROTOCOL_NONE 0
516#define DCE_C_RPC_AUTHN_PROTOCOL_KRB5 1
517#define DCE_C_RPC_AUTHN_PROTOCOL_SPNEGO 9
518#define DCE_C_RPC_AUTHN_PROTOCOL_NTLMSSP 10
519#define DCE_C_RPC_AUTHN_PROTOCOL_GSS_SCHANNEL 14
520#define DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS 16
521#define DCE_C_RPC_AUTHN_PROTOCOL_DPA 17
522#define DCE_C_RPC_AUTHN_PROTOCOL_MSN 18
523#define DCE_C_RPC_AUTHN_PROTOCOL_DIGEST 21
524#define DCE_C_RPC_AUTHN_PROTOCOL_SEC_CHAN 68
525#define DCE_C_RPC_AUTHN_PROTOCOL_MQ 100
529#define DCE_C_AUTHN_LEVEL_NONE 1
530#define DCE_C_AUTHN_LEVEL_CONNECT 2
531#define DCE_C_AUTHN_LEVEL_CALL 3
532#define DCE_C_AUTHN_LEVEL_PKT 4
533#define DCE_C_AUTHN_LEVEL_PKT_INTEGRITY 5
534#define DCE_C_AUTHN_LEVEL_PKT_PRIVACY 6
556#define PIDL_POLHND_OPEN 0x80000000
557#define PIDL_POLHND_CLOSE 0x40000000
558#define PIDL_POLHND_USE 0x00000000
560#define PIDL_STR_SAVE 0x20000000
562#define PIDL_SET_COL_INFO 0x10000000
565#define PIDL_POLHND_TYPE_MASK 0x00ff0000
566#define PIDL_POLHND_TYPE_SAMR_USER 0x00010000
567#define PIDL_POLHND_TYPE_SAMR_CONNECT 0x00020000
568#define PIDL_POLHND_TYPE_SAMR_DOMAIN 0x00030000
569#define PIDL_POLHND_TYPE_SAMR_GROUP 0x00040000
570#define PIDL_POLHND_TYPE_SAMR_ALIAS 0x00050000
572#define PIDL_POLHND_TYPE_LSA_POLICY 0x00060000
573#define PIDL_POLHND_TYPE_LSA_ACCOUNT 0x00070000
574#define PIDL_POLHND_TYPE_LSA_SECRET 0x00080000
575#define PIDL_POLHND_TYPE_LSA_DOMAIN 0x00090000
580 uint32_t open_frame, close_frame;
581 uint32_t first_frame;
588extern int hf_dcerpc_drep_byteorder;
589extern int hf_dcerpc_ndr_padding;
591#define FAKE_DCERPC_INFO_STRUCTURE \
594 dcerpc_call_value call_data; \
596 di.conformant_run = false; \
597 di.no_align = true; \
600 call_data.flags = 0; \
601 di.call_data = &call_data;
Definition packet-dcerpc.h:94
Definition packet-dcerpc.h:467
Definition packet-dcerpc.h:128
Definition packet-dcerpc.h:154
Definition packet-dcerpc.h:411
Definition packet-dcerpc.h:449
Definition packet-dcerpc.h:54
Definition packet-dcerpc.h:59
Definition packet-dcerpc.h:70
Definition guid-utils.h:23
Definition packet_info.h:43
Definition value_string.h:25
Definition conversation.h:224
Definition packet-dcerpc.h:109
Definition packet-dcerpc.h:488
Definition packet-dcerpc.h:578
Definition tvbuff-int.h:35