2 * Routines for smb packet dissection
3 * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
5 * $Id: packet-smb.c,v 1.29 1999/10/16 16:02:46 sharpe Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@unicom.net>
9 * Copyright 1998 Gerald Combs
11 * Copied from packet-pop.c
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
34 #ifdef HAVE_SYS_TYPES_H
35 # include <sys/types.h>
38 #ifdef HAVE_NETINET_IN_H
39 # include <netinet/in.h>
46 #include "alignment.h"
48 static int proto_smb = -1;
50 #define DEBUG_SMB_HASH
53 * Struct passed to each SMB decode routine of info it may need
57 int tid, uid, mid, pid; /* Any more? */
60 char *decode_smb_name(unsigned char);
62 int smb_packet_init_count = 200;
64 struct smb_request_key {
65 guint32 ip_src, ip_dst;
66 guint16 port_src, port_dst;
70 struct smb_request_val {
71 guint16 last_transact2_command;
75 GHashTable *smb_request_hash = NULL;
76 GMemChunk *smb_request_keys = NULL;
77 GMemChunk *smb_request_vals = NULL;
81 smb_equal(gconstpointer v, gconstpointer w)
83 struct smb_request_key *v1 = (struct smb_request_key *)v;
84 struct smb_request_key *v2 = (struct smb_request_key *)w;
86 #if defined(DEBUG_SMB_HASH)
87 printf("Comparing %08X:%08X:%d:%d:%d\n and %08X:%08X:%d:%d:%d\n",
88 v1 -> ip_src, v1 -> ip_dst, v1 -> port_src, v1 -> port_dst, v1 -> mid,
89 v2 -> ip_src, v2 -> ip_dst, v2 -> port_src, v2 -> port_dst, v2 -> mid);
92 if (v1 -> ip_src == v2 -> ip_src &&
93 v1 -> ip_dst == v2 -> ip_dst &&
94 v1 -> port_src == v2 -> port_src &&
95 v1 -> port_dst == v2 -> port_dst &&
96 v1 -> mid == v2 -> mid) {
106 smb_hash (gconstpointer v)
108 struct smb_request_key *key = (struct smb_request_key *)v;
111 val = key -> ip_src + key -> ip_dst + key -> port_src + key -> port_dst +
114 #if defined(DEBUG_SMB_HASH)
115 printf("SMB Hash calculated as %d\n", val);
123 * Initialize some variables every time a file is loaded or re-loaded
127 smb_init_protocol(void)
129 #if defined(DEBUG_SMB_HASH)
130 printf("Initializing SMB hashtable area\n");
133 if (smb_request_hash)
134 g_hash_table_destroy(smb_request_hash);
135 if (smb_request_keys)
136 g_mem_chunk_destroy(smb_request_keys);
137 if (smb_request_vals)
138 g_mem_chunk_destroy(smb_request_vals);
140 smb_request_hash = g_hash_table_new(smb_hash, smb_equal);
141 smb_request_keys = g_mem_chunk_new("smb_request_keys",
142 sizeof(struct smb_request_key),
143 smb_packet_init_count * sizeof(struct smb_request_key), G_ALLOC_AND_FREE);
144 smb_request_vals = g_mem_chunk_new("smb_request_vals",
145 sizeof(struct smb_request_val),
146 smb_packet_init_count * sizeof(struct smb_request_val), G_ALLOC_AND_FREE);
149 void (*dissect[256])(const u_char *, int, frame_data *, proto_tree *, struct smb_info si, int, int, int, int);
151 char *SMB_names[256] = {
152 "SMBcreatedirectory",
153 "SMBdeletedirectory",
201 "SMBcloseandtreedisc",
203 "SMBtrans2secondary",
205 "SMBfindnotifyclose",
313 "SMBnttransactsecondary",
411 dissect_unknown_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
416 proto_tree_add_text(tree, offset, END_OF_FRAME, "Data (%u bytes)",
424 * Dissect a UNIX like date ...
430 dissect_smbu_date(guint16 date, guint16 time)
433 static char datebuf[4+2+2+2+1];
434 time_t ltime = (date << 16) + time;
436 gtime = gmtime(<ime);
437 sprintf(datebuf, "%04d-%02d-%02d",
438 1900 + (gtime -> tm_year), gtime -> tm_mon, gtime -> tm_mday);
448 dissect_smbu_time(guint16 date, guint16 time)
451 static char timebuf[2+2+2+2+1];
453 sprintf(timebuf, "%02d:%02d:%02d",
454 gtime -> tm_hour, gtime -> tm_min, gtime -> tm_sec);
461 * Dissect a DOS-format date.
464 dissect_dos_date(guint16 date)
466 static char datebuf[4+2+2+1];
468 sprintf(datebuf, "%04d-%02d-%02d",
469 ((date>>9)&0x7F) + 1980, (date>>5)&0x0F, date&0x1F);
474 * Dissect a DOS-format time.
477 dissect_dos_time(guint16 time)
479 static char timebuf[2+2+2+1];
481 sprintf(timebuf, "%02d:%02d:%02d",
482 (time>>11)&0x1F, (time>>5)&0x3F, (time&0x1F)*2);
486 /* Max string length for displaying Unicode strings. */
487 #define MAX_UNICODE_STR_LEN 256
489 /* Turn a little-endian Unicode '\0'-terminated string into a string we
491 XXX - for now, we just handle the ISO 8859-1 characters. */
493 unicode_to_str(const guint8 *us, int *us_lenp) {
494 static gchar str[3][MAX_UNICODE_STR_LEN+3+1];
501 if (cur == &str[0][0]) {
503 } else if (cur == &str[1][0]) {
509 len = MAX_UNICODE_STR_LEN;
511 while (*us != 0 || *(us + 1) != 0) {
521 /* Note that we're not showing the full string. */
532 * Each dissect routine is passed an offset to wct and works from there
536 dissect_flush_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
543 if (dirn == 1) { /* Request(s) dissect code */
545 /* Build display for: Word Count (WCT) */
547 WordCount = GBYTE(pd, offset);
551 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
555 offset += 1; /* Skip Word Count (WCT) */
557 /* Build display for: FID */
559 FID = GSHORT(pd, offset);
563 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
567 offset += 2; /* Skip FID */
569 /* Build display for: Byte Count */
571 ByteCount = GSHORT(pd, offset);
575 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
579 offset += 2; /* Skip Byte Count */
583 if (dirn == 0) { /* Response(s) dissect code */
585 /* Build display for: Word Count (WCT) */
587 WordCount = GBYTE(pd, offset);
591 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
595 offset += 1; /* Skip Word Count (WCT) */
597 /* Build display for: Byte Count (BCC) */
599 ByteCount = GSHORT(pd, offset);
603 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
607 offset += 2; /* Skip Byte Count (BCC) */
614 dissect_get_disk_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
622 guint16 BlocksPerUnit;
625 if (dirn == 1) { /* Request(s) dissect code */
627 /* Build display for: Word Count (WCT) */
629 WordCount = GBYTE(pd, offset);
633 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
637 offset += 1; /* Skip Word Count (WCT) */
639 /* Build display for: Byte Count (BCC) */
641 ByteCount = GSHORT(pd, offset);
645 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
649 offset += 2; /* Skip Byte Count (BCC) */
653 if (dirn == 0) { /* Response(s) dissect code */
655 /* Build display for: Word Count (WCT) */
657 WordCount = GBYTE(pd, offset);
661 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
665 offset += 1; /* Skip Word Count (WCT) */
669 /* Build display for: Total Units */
671 TotalUnits = GSHORT(pd, offset);
675 proto_tree_add_text(tree, offset, 2, "Total Units: %u", TotalUnits);
679 offset += 2; /* Skip Total Units */
681 /* Build display for: Blocks Per Unit */
683 BlocksPerUnit = GSHORT(pd, offset);
687 proto_tree_add_text(tree, offset, 2, "Blocks Per Unit: %u", BlocksPerUnit);
691 offset += 2; /* Skip Blocks Per Unit */
693 /* Build display for: Block Size */
695 BlockSize = GSHORT(pd, offset);
699 proto_tree_add_text(tree, offset, 2, "Block Size: %u", BlockSize);
703 offset += 2; /* Skip Block Size */
705 /* Build display for: Free Units */
707 FreeUnits = GSHORT(pd, offset);
711 proto_tree_add_text(tree, offset, 2, "Free Units: %u", FreeUnits);
715 offset += 2; /* Skip Free Units */
717 /* Build display for: Reserved */
719 Reserved = GSHORT(pd, offset);
723 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
727 offset += 2; /* Skip Reserved */
731 /* Build display for: Byte Count (BCC) */
733 ByteCount = GSHORT(pd, offset);
737 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
741 offset += 2; /* Skip Byte Count (BCC) */
748 dissect_set_file_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
751 proto_tree *Attributes_tree;
761 guint16 LastWriteTime;
762 guint16 LastWriteDate;
764 const char *FileName;
766 if (dirn == 1) { /* Request(s) dissect code */
768 /* Build display for: Word Count (WCT) */
770 WordCount = GBYTE(pd, offset);
774 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
778 offset += 1; /* Skip Word Count (WCT) */
782 /* Build display for: Attributes */
784 Attributes = GSHORT(pd, offset);
788 ti = proto_tree_add_text(tree, offset, 2, "Attributes: 0x%02x", Attributes);
789 Attributes_tree = proto_item_add_subtree(ti, ETT_SMB_FILEATTRIBUTES);
790 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
791 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
792 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
793 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
794 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
795 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
796 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
797 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
798 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
799 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
800 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
801 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
805 offset += 2; /* Skip Attributes */
807 /* Build display for: Last Write Time */
809 LastWriteTime = GSHORT(pd, offset);
813 proto_tree_add_text(tree, offset, 2, "Last Write Time: %u", dissect_dos_time(LastWriteTime));
817 offset += 2; /* Skip Last Write Time */
819 /* Build display for: Last Write Date */
821 LastWriteDate = GSHORT(pd, offset);
825 proto_tree_add_text(tree, offset, 2, "Last Write Date: %u", dissect_dos_date(LastWriteDate));
829 offset += 2; /* Skip Last Write Date */
831 /* Build display for: Reserved 1 */
833 Reserved1 = GSHORT(pd, offset);
837 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
841 offset += 2; /* Skip Reserved 1 */
843 /* Build display for: Reserved 2 */
845 Reserved2 = GSHORT(pd, offset);
849 proto_tree_add_text(tree, offset, 2, "Reserved 2: %u", Reserved2);
853 offset += 2; /* Skip Reserved 2 */
855 /* Build display for: Reserved 3 */
857 Reserved3 = GSHORT(pd, offset);
861 proto_tree_add_text(tree, offset, 2, "Reserved 3: %u", Reserved3);
865 offset += 2; /* Skip Reserved 3 */
867 /* Build display for: Reserved 4 */
869 Reserved4 = GSHORT(pd, offset);
873 proto_tree_add_text(tree, offset, 2, "Reserved 4: %u", Reserved4);
877 offset += 2; /* Skip Reserved 4 */
879 /* Build display for: Reserved 5 */
881 Reserved5 = GSHORT(pd, offset);
885 proto_tree_add_text(tree, offset, 2, "Reserved 5: %u", Reserved5);
889 offset += 2; /* Skip Reserved 5 */
893 /* Build display for: Byte Count (BCC) */
895 ByteCount = GSHORT(pd, offset);
899 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
903 offset += 2; /* Skip Byte Count (BCC) */
905 /* Build display for: Buffer Format */
907 BufferFormat = GBYTE(pd, offset);
911 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
915 offset += 1; /* Skip Buffer Format */
917 /* Build display for: File Name */
919 FileName = pd + offset;
923 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
927 offset += strlen(FileName) + 1; /* Skip File Name */
931 if (dirn == 0) { /* Response(s) dissect code */
933 /* Build display for: Word Count (WCT) */
935 WordCount = GBYTE(pd, offset);
939 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
943 offset += 1; /* Skip Word Count (WCT) */
945 /* Build display for: Byte Count (BCC) */
947 ByteCount = GBYTE(pd, offset);
951 proto_tree_add_text(tree, offset, 1, "Byte Count (BCC): %u", ByteCount);
955 offset += 1; /* Skip Byte Count (BCC) */
962 dissect_write_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
974 if (dirn == 1) { /* Request(s) dissect code */
976 /* Build display for: Word Count (WCT) */
978 WordCount = GBYTE(pd, offset);
982 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
986 offset += 1; /* Skip Word Count (WCT) */
988 /* Build display for: FID */
990 FID = GSHORT(pd, offset);
994 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
998 offset += 2; /* Skip FID */
1000 /* Build display for: Count */
1002 Count = GSHORT(pd, offset);
1006 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
1010 offset += 2; /* Skip Count */
1012 /* Build display for: Offset */
1014 Offset = GWORD(pd, offset);
1018 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
1022 offset += 4; /* Skip Offset */
1024 /* Build display for: Remaining */
1026 Remaining = GSHORT(pd, offset);
1030 proto_tree_add_text(tree, offset, 2, "Remaining: %u", Remaining);
1034 offset += 2; /* Skip Remaining */
1036 /* Build display for: Byte Count (BCC) */
1038 ByteCount = GSHORT(pd, offset);
1042 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1046 offset += 2; /* Skip Byte Count (BCC) */
1048 /* Build display for: Buffer Format */
1050 BufferFormat = GBYTE(pd, offset);
1054 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
1058 offset += 1; /* Skip Buffer Format */
1060 /* Build display for: Data Length */
1062 DataLength = GSHORT(pd, offset);
1066 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
1070 offset += 2; /* Skip Data Length */
1074 if (dirn == 0) { /* Response(s) dissect code */
1076 /* Build display for: Word Count (WCT) */
1078 WordCount = GBYTE(pd, offset);
1082 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1086 offset += 1; /* Skip Word Count (WCT) */
1088 /* Build display for: Count */
1090 Count = GSHORT(pd, offset);
1094 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
1098 offset += 2; /* Skip Count */
1100 /* Build display for: Byte Count (BCC) */
1102 ByteCount = GSHORT(pd, offset);
1106 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1110 offset += 2; /* Skip Byte Count (BCC) */
1117 dissect_read_mpx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1131 guint16 DataCompactionMode;
1135 if (dirn == 1) { /* Request(s) dissect code */
1137 /* Build display for: Word Count (WCT) */
1139 WordCount = GBYTE(pd, offset);
1143 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1147 offset += 1; /* Skip Word Count (WCT) */
1149 /* Build display for: FID */
1151 FID = GSHORT(pd, offset);
1155 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
1159 offset += 2; /* Skip FID */
1161 /* Build display for: Offset */
1163 Offset = GWORD(pd, offset);
1167 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
1171 offset += 4; /* Skip Offset */
1173 /* Build display for: Max Count */
1175 MaxCount = GSHORT(pd, offset);
1179 proto_tree_add_text(tree, offset, 2, "Max Count: %u", MaxCount);
1183 offset += 2; /* Skip Max Count */
1185 /* Build display for: Min Count */
1187 MinCount = GSHORT(pd, offset);
1191 proto_tree_add_text(tree, offset, 2, "Min Count: %u", MinCount);
1195 offset += 2; /* Skip Min Count */
1197 /* Build display for: Reserved 1 */
1199 Reserved1 = GWORD(pd, offset);
1203 proto_tree_add_text(tree, offset, 4, "Reserved 1: %u", Reserved1);
1207 offset += 4; /* Skip Reserved 1 */
1209 /* Build display for: Reserved 2 */
1211 Reserved2 = GSHORT(pd, offset);
1215 proto_tree_add_text(tree, offset, 2, "Reserved 2: %u", Reserved2);
1219 offset += 2; /* Skip Reserved 2 */
1221 /* Build display for: Byte Count (BCC) */
1223 ByteCount = GSHORT(pd, offset);
1227 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1231 offset += 2; /* Skip Byte Count (BCC) */
1235 if (dirn == 0) { /* Response(s) dissect code */
1237 /* Build display for: Word Count */
1239 WordCount = GBYTE(pd, offset);
1243 proto_tree_add_text(tree, offset, 1, "Word Count: %u", WordCount);
1247 offset += 1; /* Skip Word Count */
1249 if (WordCount > 0) {
1251 /* Build display for: Offset */
1253 Offset = GWORD(pd, offset);
1257 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
1261 offset += 4; /* Skip Offset */
1263 /* Build display for: Count */
1265 Count = GSHORT(pd, offset);
1269 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
1273 offset += 2; /* Skip Count */
1275 /* Build display for: Reserved */
1277 Reserved = GSHORT(pd, offset);
1281 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
1285 offset += 2; /* Skip Reserved */
1287 /* Build display for: Data Compaction Mode */
1289 DataCompactionMode = GSHORT(pd, offset);
1293 proto_tree_add_text(tree, offset, 2, "Data Compaction Mode: %u", DataCompactionMode);
1297 offset += 2; /* Skip Data Compaction Mode */
1299 /* Build display for: Reserved */
1301 Reserved = GSHORT(pd, offset);
1305 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
1309 offset += 2; /* Skip Reserved */
1311 /* Build display for: Data Length */
1313 DataLength = GSHORT(pd, offset);
1317 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
1321 offset += 2; /* Skip Data Length */
1323 /* Build display for: Data Offset */
1325 DataOffset = GSHORT(pd, offset);
1329 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
1333 offset += 2; /* Skip Data Offset */
1337 /* Build display for: Byte Count (BCC) */
1339 ByteCount = GSHORT(pd, offset);
1343 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1347 offset += 2; /* Skip Byte Count (BCC) */
1349 /* Build display for: Pad */
1351 Pad = GBYTE(pd, offset);
1355 proto_tree_add_text(tree, offset, 1, "Pad: %u", Pad);
1359 offset += 1; /* Skip Pad */
1366 dissect_delete_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1370 guint8 BufferFormat;
1372 const char *FileName;
1374 if (dirn == 1) { /* Request(s) dissect code */
1376 /* Build display for: Word Count (WCT) */
1378 WordCount = GBYTE(pd, offset);
1382 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1386 offset += 1; /* Skip Word Count (WCT) */
1388 /* Build display for: Byte Count (BCC) */
1390 ByteCount = GSHORT(pd, offset);
1394 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1398 offset += 2; /* Skip Byte Count (BCC) */
1400 /* Build display for: Buffer Format */
1402 BufferFormat = GBYTE(pd, offset);
1406 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
1410 offset += 1; /* Skip Buffer Format */
1412 /* Build display for: File Name */
1414 FileName = pd + offset;
1418 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
1422 offset += strlen(FileName) + 1; /* Skip File Name */
1426 if (dirn == 0) { /* Response(s) dissect code */
1428 /* Build display for: Word Count (WCT) */
1430 WordCount = GBYTE(pd, offset);
1434 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1438 offset += 1; /* Skip Word Count (WCT) */
1440 /* Build display for: Byte Count (BCC) */
1442 ByteCount = GSHORT(pd, offset);
1446 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1450 offset += 2; /* Skip Byte Count (BCC) */
1457 dissect_query_info2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1460 proto_tree *Attributes_tree;
1463 guint32 FileDataSize;
1464 guint32 FileAllocationSize;
1465 guint16 LastWriteTime;
1466 guint16 LastWriteDate;
1467 guint16 LastAccessTime;
1468 guint16 LastAccessDate;
1470 guint16 CreationTime;
1471 guint16 CreationDate;
1475 if (dirn == 1) { /* Request(s) dissect code */
1477 /* Build display for: Word Count (WCT) */
1479 WordCount = GBYTE(pd, offset);
1483 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1487 offset += 1; /* Skip Word Count (WCT) */
1489 /* Build display for: FID */
1491 FID = GSHORT(pd, offset);
1495 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
1499 offset += 2; /* Skip FID */
1501 /* Build display for: Byte Count */
1503 ByteCount = GSHORT(pd, offset);
1507 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
1511 offset += 2; /* Skip Byte Count */
1515 if (dirn == 0) { /* Response(s) dissect code */
1517 /* Build display for: Word Count (WCT) */
1519 WordCount = GBYTE(pd, offset);
1523 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1527 offset += 1; /* Skip Word Count (WCT) */
1529 if (WordCount > 0) {
1531 /* Build display for: Creation Date */
1533 CreationDate = GSHORT(pd, offset);
1537 proto_tree_add_text(tree, offset, 2, "Creation Date: %u", dissect_dos_date(CreationDate));
1541 offset += 2; /* Skip Creation Date */
1543 /* Build display for: Creation Time */
1545 CreationTime = GSHORT(pd, offset);
1549 proto_tree_add_text(tree, offset, 2, "Creation Time: %u", dissect_dos_time(CreationTime));
1553 offset += 2; /* Skip Creation Time */
1555 /* Build display for: Last Access Date */
1557 LastAccessDate = GSHORT(pd, offset);
1561 proto_tree_add_text(tree, offset, 2, "Last Access Date: %u", dissect_dos_date(LastAccessDate));
1565 offset += 2; /* Skip Last Access Date */
1567 /* Build display for: Last Access Time */
1569 LastAccessTime = GSHORT(pd, offset);
1573 proto_tree_add_text(tree, offset, 2, "Last Access Time: %u", dissect_dos_time(LastAccessTime));
1577 offset += 2; /* Skip Last Access Time */
1579 /* Build display for: Last Write Date */
1581 LastWriteDate = GSHORT(pd, offset);
1585 proto_tree_add_text(tree, offset, 2, "Last Write Date: %u", dissect_dos_date(LastWriteDate));
1589 offset += 2; /* Skip Last Write Date */
1591 /* Build display for: Last Write Time */
1593 LastWriteTime = GSHORT(pd, offset);
1597 proto_tree_add_text(tree, offset, 2, "Last Write Time: %u", dissect_dos_time(LastWriteTime));
1601 offset += 2; /* Skip Last Write Time */
1603 /* Build display for: File Data Size */
1605 FileDataSize = GWORD(pd, offset);
1609 proto_tree_add_text(tree, offset, 4, "File Data Size: %u", FileDataSize);
1613 offset += 4; /* Skip File Data Size */
1615 /* Build display for: File Allocation Size */
1617 FileAllocationSize = GWORD(pd, offset);
1621 proto_tree_add_text(tree, offset, 4, "File Allocation Size: %u", FileAllocationSize);
1625 offset += 4; /* Skip File Allocation Size */
1627 /* Build display for: Attributes */
1629 Attributes = GSHORT(pd, offset);
1633 ti = proto_tree_add_text(tree, offset, 2, "Attributes: 0x%02x", Attributes);
1634 Attributes_tree = proto_item_add_subtree(ti, ETT_SMB_FILEATTRIBUTES);
1635 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1636 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
1637 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1638 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
1639 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1640 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
1641 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1642 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
1643 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1644 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
1645 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1646 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
1650 offset += 2; /* Skip Attributes */
1654 /* Build display for: Byte Count */
1656 ByteCount = GSHORT(pd, offset);
1660 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
1664 offset += 2; /* Skip Byte Count */
1671 dissect_treecon_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1675 guint8 BufferFormat3;
1676 guint8 BufferFormat2;
1677 guint8 BufferFormat1;
1679 guint16 MaxBufferSize;
1681 const char *SharePath;
1682 const char *Service;
1683 const char *Password;
1685 if (dirn == 1) { /* Request(s) dissect code */
1687 /* Build display for: Word Count (WCT) */
1689 WordCount = GBYTE(pd, offset);
1693 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1697 offset += 1; /* Skip Word Count (WCT) */
1699 /* Build display for: Byte Count (BCC) */
1701 ByteCount = GSHORT(pd, offset);
1705 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1709 offset += 2; /* Skip Byte Count (BCC) */
1711 /* Build display for: BufferFormat1 */
1713 BufferFormat1 = GBYTE(pd, offset);
1717 proto_tree_add_text(tree, offset, 1, "BufferFormat1: %u", BufferFormat1);
1721 offset += 1; /* Skip BufferFormat1 */
1723 /* Build display for: Share Path */
1725 SharePath = pd + offset;
1729 proto_tree_add_text(tree, offset, strlen(SharePath) + 1, "Share Path: %s", SharePath);
1733 offset += strlen(SharePath) + 1; /* Skip Share Path */
1735 /* Build display for: BufferFormat2 */
1737 BufferFormat2 = GBYTE(pd, offset);
1741 proto_tree_add_text(tree, offset, 1, "BufferFormat2: %u", BufferFormat2);
1745 offset += 1; /* Skip BufferFormat2 */
1747 /* Build display for: Password */
1749 Password = pd + offset;
1753 proto_tree_add_text(tree, offset, strlen(Password) + 1, "Password: %s", Password);
1757 offset += strlen(Password) + 1; /* Skip Password */
1759 /* Build display for: BufferFormat3 */
1761 BufferFormat3 = GBYTE(pd, offset);
1765 proto_tree_add_text(tree, offset, 1, "BufferFormat3: %u", BufferFormat3);
1769 offset += 1; /* Skip BufferFormat3 */
1771 /* Build display for: Service */
1773 Service = pd + offset;
1777 proto_tree_add_text(tree, offset, strlen(Service) + 1, "Service: %s", Service);
1781 offset += strlen(Service) + 1; /* Skip Service */
1785 if (dirn == 0) { /* Response(s) dissect code */
1787 /* Build display for: Word Count (WCT) */
1789 WordCount = GBYTE(pd, offset);
1793 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1797 if (errcode != 0) return;
1799 offset += 1; /* Skip Word Count (WCT) */
1801 /* Build display for: Max Buffer Size */
1803 MaxBufferSize = GSHORT(pd, offset);
1807 proto_tree_add_text(tree, offset, 2, "Max Buffer Size: %u", MaxBufferSize);
1811 offset += 2; /* Skip Max Buffer Size */
1813 /* Build display for: TID */
1815 TID = GSHORT(pd, offset);
1819 proto_tree_add_text(tree, offset, 2, "TID: %u", TID);
1823 offset += 2; /* Skip TID */
1825 /* Build display for: Byte Count (BCC) */
1827 ByteCount = GSHORT(pd, offset);
1831 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1835 offset += 2; /* Skip Byte Count (BCC) */
1841 /* Generated by build-dissect.pl Vesion 0.6 27-Jun-1999, ACT */
1843 dissect_ssetup_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1846 proto_tree *Capabilities_tree;
1849 guint8 AndXReserved;
1850 guint8 AndXCommand = 0xFF;
1853 guint32 Capabilities;
1855 guint16 UNICODEAccountPasswordLength;
1856 guint16 PasswordLen;
1857 guint16 MaxMpxCount;
1858 guint16 MaxBufferSize;
1862 guint16 ANSIAccountPasswordLength;
1863 const char *UNICODEPassword;
1864 const char *PrimaryDomain;
1865 const char *NativeOS;
1866 const char *NativeLanManType;
1867 const char *NativeLanMan;
1868 const char *AccountName;
1869 const char *ANSIPassword;
1871 if (dirn == 1) { /* Request(s) dissect code */
1873 WordCount = GBYTE(pd, offset);
1875 switch (WordCount) {
1879 /* Build display for: Word Count (WCT) */
1881 WordCount = GBYTE(pd, offset);
1885 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1889 offset += 1; /* Skip Word Count (WCT) */
1891 /* Build display for: AndXCommand */
1893 AndXCommand = GBYTE(pd, offset);
1897 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
1898 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
1902 offset += 1; /* Skip AndXCommand */
1904 /* Build display for: AndXReserved */
1906 AndXReserved = GBYTE(pd, offset);
1910 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
1914 offset += 1; /* Skip AndXReserved */
1916 /* Build display for: AndXOffset */
1918 AndXOffset = GSHORT(pd, offset);
1922 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
1926 offset += 2; /* Skip AndXOffset */
1928 /* Build display for: MaxBufferSize */
1930 MaxBufferSize = GSHORT(pd, offset);
1934 proto_tree_add_text(tree, offset, 2, "MaxBufferSize: %u", MaxBufferSize);
1938 offset += 2; /* Skip MaxBufferSize */
1940 /* Build display for: MaxMpxCount */
1942 MaxMpxCount = GSHORT(pd, offset);
1946 proto_tree_add_text(tree, offset, 2, "MaxMpxCount: %u", MaxMpxCount);
1950 offset += 2; /* Skip MaxMpxCount */
1952 /* Build display for: VcNumber */
1954 VcNumber = GSHORT(pd, offset);
1958 proto_tree_add_text(tree, offset, 2, "VcNumber: %u", VcNumber);
1962 offset += 2; /* Skip VcNumber */
1964 /* Build display for: SessionKey */
1966 SessionKey = GWORD(pd, offset);
1970 proto_tree_add_text(tree, offset, 4, "SessionKey: %u", SessionKey);
1974 offset += 4; /* Skip SessionKey */
1976 /* Build display for: PasswordLen */
1978 PasswordLen = GSHORT(pd, offset);
1982 proto_tree_add_text(tree, offset, 2, "PasswordLen: %u", PasswordLen);
1986 offset += 2; /* Skip PasswordLen */
1988 /* Build display for: Reserved */
1990 Reserved = GWORD(pd, offset);
1994 proto_tree_add_text(tree, offset, 4, "Reserved: %u", Reserved);
1998 offset += 4; /* Skip Reserved */
2000 /* Build display for: Byte Count (BCC) */
2002 ByteCount = GSHORT(pd, offset);
2006 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
2010 offset += 2; /* Skip Byte Count (BCC) */
2012 if (ByteCount > 0) {
2014 /* Build display for: AccountName */
2016 AccountName = pd + offset;
2020 proto_tree_add_text(tree, offset, strlen(AccountName) + 1, "AccountName: %s", AccountName);
2024 offset += strlen(AccountName) + 1; /* Skip AccountName */
2026 /* Build display for: PrimaryDomain */
2028 PrimaryDomain = pd + offset;
2032 proto_tree_add_text(tree, offset, strlen(PrimaryDomain) + 1, "PrimaryDomain: %s", PrimaryDomain);
2036 offset += strlen(PrimaryDomain) + 1; /* Skip PrimaryDomain */
2038 /* Build display for: NativeOS */
2040 NativeOS = pd + offset;
2044 proto_tree_add_text(tree, offset, strlen(NativeOS) + 1, "NativeOS: %s", NativeOS);
2048 offset += strlen(NativeOS) + 1; /* Skip NativeOS */
2056 /* Build display for: Word Count (WCT) */
2058 WordCount = GBYTE(pd, offset);
2062 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
2066 offset += 1; /* Skip Word Count (WCT) */
2068 /* Build display for: AndXCommand */
2070 AndXCommand = GBYTE(pd, offset);
2074 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
2075 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
2079 offset += 1; /* Skip AndXCommand */
2081 /* Build display for: AndXReserved */
2083 AndXReserved = GBYTE(pd, offset);
2087 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
2091 offset += 1; /* Skip AndXReserved */
2093 /* Build display for: AndXOffset */
2095 AndXOffset = GSHORT(pd, offset);
2099 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
2103 offset += 2; /* Skip AndXOffset */
2105 /* Build display for: MaxBufferSize */
2107 MaxBufferSize = GSHORT(pd, offset);
2111 proto_tree_add_text(tree, offset, 2, "MaxBufferSize: %u", MaxBufferSize);
2115 offset += 2; /* Skip MaxBufferSize */
2117 /* Build display for: MaxMpxCount */
2119 MaxMpxCount = GSHORT(pd, offset);
2123 proto_tree_add_text(tree, offset, 2, "MaxMpxCount: %u", MaxMpxCount);
2127 offset += 2; /* Skip MaxMpxCount */
2129 /* Build display for: VcNumber */
2131 VcNumber = GSHORT(pd, offset);
2135 proto_tree_add_text(tree, offset, 2, "VcNumber: %u", VcNumber);
2139 offset += 2; /* Skip VcNumber */
2141 /* Build display for: SessionKey */
2143 SessionKey = GWORD(pd, offset);
2147 proto_tree_add_text(tree, offset, 4, "SessionKey: %u", SessionKey);
2151 offset += 4; /* Skip SessionKey */
2153 /* Build display for: ANSI Account Password Length */
2155 ANSIAccountPasswordLength = GSHORT(pd, offset);
2159 proto_tree_add_text(tree, offset, 2, "ANSI Account Password Length: %u", ANSIAccountPasswordLength);
2163 offset += 2; /* Skip ANSI Account Password Length */
2165 /* Build display for: UNICODE Account Password Length */
2167 UNICODEAccountPasswordLength = GSHORT(pd, offset);
2171 proto_tree_add_text(tree, offset, 2, "UNICODE Account Password Length: %u", UNICODEAccountPasswordLength);
2175 offset += 2; /* Skip UNICODE Account Password Length */
2177 /* Build display for: Reserved */
2179 Reserved = GWORD(pd, offset);
2183 proto_tree_add_text(tree, offset, 4, "Reserved: %u", Reserved);
2187 offset += 4; /* Skip Reserved */
2189 /* Build display for: Capabilities */
2191 Capabilities = GWORD(pd, offset);
2195 ti = proto_tree_add_text(tree, offset, 4, "Capabilities: 0x%04x", Capabilities);
2196 Capabilities_tree = proto_item_add_subtree(ti, ETT_SMB_CAPABILITIES);
2197 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2198 decode_boolean_bitfield(Capabilities, 0x0001, 32, " Raw Mode supported", " Raw Mode not supported"));
2199 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2200 decode_boolean_bitfield(Capabilities, 0x0002, 32, " Raw Mode supported", " MPX Mode not supported"));
2201 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2202 decode_boolean_bitfield(Capabilities, 0x0004, 32," Unicode supported", " Unicode not supported"));
2203 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2204 decode_boolean_bitfield(Capabilities, 0x0008, 32, " Large Files supported", " Large Files not supported"));
2205 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2206 decode_boolean_bitfield(Capabilities, 0x0010, 32, " NT LM 0.12 SMBs supported", " NT LM 0.12 SMBs not supported"));
2207 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2208 decode_boolean_bitfield(Capabilities, 0x0020, 32, " RPC Remote APIs supported", " RPC Remote APIs not supported"));
2209 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2210 decode_boolean_bitfield(Capabilities, 0x0040, 32, " NT Status Codes supported", " NT Status Codes not supported"));
2211 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2212 decode_boolean_bitfield(Capabilities, 0x0080, 32, " Level 2 OpLocks supported", " Level 2 OpLocks not supported"));
2213 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2214 decode_boolean_bitfield(Capabilities, 0x0100, 32, " Lock&Read supported", " Lock&Read not supported"));
2215 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2216 decode_boolean_bitfield(Capabilities, 0x0200, 32, " NT Find supported", " NT Find not supported"));
2217 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2218 decode_boolean_bitfield(Capabilities, 0x1000, 32, " DFS supported", " DFS not supported"));
2219 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2220 decode_boolean_bitfield(Capabilities, 0x4000, 32, " Large READX supported", " Large READX not supported"));
2221 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2222 decode_boolean_bitfield(Capabilities, 0x8000, 32, " Large WRITEX supported", " Large WRITEX not supported"));
2223 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2224 decode_boolean_bitfield(Capabilities, 0x80000000, 32, " Extended Security Exchanges supported", " Extended Security Exchanges not supported"));
2228 offset += 4; /* Skip Capabilities */
2230 /* Build display for: Byte Count */
2232 ByteCount = GSHORT(pd, offset);
2236 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
2240 offset += 2; /* Skip Byte Count */
2242 if (ByteCount > 0) {
2244 /* Build display for: ANSI Password */
2246 ANSIPassword = pd + offset;
2250 proto_tree_add_text(tree, offset, strlen(ANSIPassword) + 1, "ANSI Password: %s", ANSIPassword);
2254 offset += ANSIAccountPasswordLength; /* Skip ANSI Password */
2256 /* Build display for: UNICODE Password */
2258 UNICODEPassword = pd + offset;
2260 if (UNICODEAccountPasswordLength > 0) {
2264 proto_tree_add_text(tree, offset, strlen(UNICODEPassword) + 1, "UNICODE Password: %s", UNICODEPassword);
2268 offset += strlen(UNICODEPassword) + 1; /* Skip UNICODE Password */
2272 /* Build display for: Account Name */
2274 AccountName = pd + offset;
2278 proto_tree_add_text(tree, offset, strlen(AccountName) + 1, "Account Name: %s", AccountName);
2282 offset += strlen(AccountName) + 1; /* Skip Account Name */
2284 /* Build display for: Primary Domain */
2286 PrimaryDomain = pd + offset;
2290 proto_tree_add_text(tree, offset, strlen(PrimaryDomain) + 1, "Primary Domain: %s", PrimaryDomain);
2294 offset += strlen(PrimaryDomain) + 1; /* Skip Primary Domain */
2296 /* Build display for: Native OS */
2298 NativeOS = pd + offset;
2302 proto_tree_add_text(tree, offset, strlen(NativeOS) + 1, "Native OS: %s", NativeOS);
2306 offset += strlen(NativeOS) + 1; /* Skip Native OS */
2308 /* Build display for: Native LanMan Type */
2310 NativeLanManType = pd + offset;
2314 proto_tree_add_text(tree, offset, strlen(NativeLanManType) + 1, "Native LanMan Type: %s", NativeLanManType);
2318 offset += strlen(NativeLanManType) + 1; /* Skip Native LanMan Type */
2327 if (AndXCommand != 0xFF) {
2329 (dissect[AndXCommand])(pd, offset, fd, tree, si, max_data, SMB_offset, errcode, dirn);
2335 if (dirn == 0) { /* Response(s) dissect code */
2337 /* Build display for: Word Count (WCT) */
2339 WordCount = GBYTE(pd, offset);
2343 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
2347 offset += 1; /* Skip Word Count (WCT) */
2349 if (WordCount > 0) {
2351 /* Build display for: AndXCommand */
2353 AndXCommand = GBYTE(pd, offset);
2357 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
2358 (AndXCommand == 0xFF ? "No futher commands" : decode_smb_name(AndXCommand)));
2362 offset += 1; /* Skip AndXCommand */
2364 /* Build display for: AndXReserved */
2366 AndXReserved = GBYTE(pd, offset);
2370 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
2374 offset += 1; /* Skip AndXReserved */
2376 /* Build display for: AndXOffset */
2378 AndXOffset = GSHORT(pd, offset);
2382 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
2387 offset += 2; /* Skip AndXOffset */
2389 /* Build display for: Action */
2391 Action = GSHORT(pd, offset);
2395 proto_tree_add_text(tree, offset, 2, "Action: %u", Action);
2399 offset += 2; /* Skip Action */
2403 /* Build display for: Byte Count (BCC) */
2405 ByteCount = GSHORT(pd, offset);
2409 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
2413 if (errcode != 0 && WordCount == 0xFF) return; /* No more here ... */
2415 offset += 2; /* Skip Byte Count (BCC) */
2417 if (ByteCount > 0) {
2419 /* Build display for: NativeOS */
2421 NativeOS = pd + offset;
2425 proto_tree_add_text(tree, offset, strlen(NativeOS) + 1, "NativeOS: %s", NativeOS);
2429 offset += strlen(NativeOS) + 1; /* Skip NativeOS */
2431 /* Build display for: NativeLanMan */
2433 NativeLanMan = pd + offset;
2437 proto_tree_add_text(tree, offset, strlen(NativeLanMan) + 1, "NativeLanMan: %s", NativeLanMan);
2441 offset += strlen(NativeLanMan) + 1; /* Skip NativeLanMan */
2443 /* Build display for: PrimaryDomain */
2445 PrimaryDomain = pd + offset;
2449 proto_tree_add_text(tree, offset, strlen(PrimaryDomain) + 1, "PrimaryDomain: %s", PrimaryDomain);
2453 offset += strlen(PrimaryDomain) + 1; /* Skip PrimaryDomain */
2457 if (AndXCommand != 0xFF) {
2459 (dissect[AndXCommand])(pd, offset, fd, tree, si, max_data, SMB_offset, errcode, dirn);
2468 dissect_tcon_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
2471 guint8 wct, andxcmd;
2472 guint16 andxoffs, flags, passwdlen, bcc, optionsup;
2474 proto_tree *flags_tree;
2479 /* Now figure out what format we are talking about, 2, 3, or 4 response
2483 if (!((dirn == 1) && (wct == 4)) && !((dirn == 0) && (wct == 2)) &&
2484 !((dirn == 0) && (wct == 3)) && !(wct == 0)) {
2488 proto_tree_add_text(tree, offset, 1, "Invalid TCON_ANDX format. WCT should be 0, 2, 3, or 4 ..., not %u", wct);
2490 proto_tree_add_text(tree, offset, END_OF_FRAME, "Data");
2500 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", wct);
2508 andxcmd = pd[offset];
2512 proto_tree_add_text(tree, offset, 1, "Next Command: %s",
2513 (andxcmd == 0xFF) ? "No further commands":
2514 decode_smb_name(andxcmd));
2516 proto_tree_add_text(tree, offset + 1, 1, "Reserved (MBZ): %u", pd[offset+1]);
2522 andxoffs = GSHORT(pd, offset);
2526 proto_tree_add_text(tree, offset, 2, "Offset to next command: %u", andxoffs);
2538 bcc = GSHORT(pd, offset);
2542 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2550 flags = GSHORT(pd, offset);
2554 ti = proto_tree_add_text(tree, offset, 2, "Additional Flags: 0x%02x", flags);
2555 flags_tree = proto_item_add_subtree(ti, ETT_SMB_AFLAGS);
2556 proto_tree_add_text(flags_tree, offset, 2, "%s",
2557 decode_boolean_bitfield(flags, 0x01, 16,
2559 "Don't disconnect TID"));
2565 passwdlen = GSHORT(pd, offset);
2569 proto_tree_add_text(tree, offset, 2, "Password Length: %u", passwdlen);
2575 bcc = GSHORT(pd, offset);
2579 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2589 proto_tree_add_text(tree, offset, strlen(str) + 1, "Password: %s", format_text(str, passwdlen));
2593 offset += passwdlen;
2599 proto_tree_add_text(tree, offset, strlen(str) + 1, "Path: %s", str);
2603 offset += strlen(str) + 1;
2609 proto_tree_add_text(tree, offset, strlen(str) + 1, "Service: %s", str);
2617 bcc = GSHORT(pd, offset);
2621 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2631 proto_tree_add_text(tree, offset, strlen(str) + 1, "Service Type: %s",
2636 offset += strlen(str) + 1;
2642 optionsup = GSHORT(pd, offset);
2644 if (tree) { /* Should break out the bits */
2646 proto_tree_add_text(tree, offset, 2, "Optional Support: 0x%04x",
2653 bcc = GSHORT(pd, offset);
2657 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2667 proto_tree_add_text(tree, offset, strlen(str) + 1, "Service: %s", str);
2671 offset += strlen(str) + 1;
2677 proto_tree_add_text(tree, offset, strlen(str) + 1, "Native File System: %s", str);
2681 offset += strlen(str) + 1;
2691 if (andxcmd != 0xFF) /* Process that next command ... ??? */
2693 (dissect[andxcmd])(pd, offset, fd, tree, si, max_data - offset, SMB_offset, errcode, dirn);
2698 dissect_negprot_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
2700 guint8 wct, enckeylen;
2701 guint16 bcc, mode, rawmode, dialect;
2703 proto_tree *dialects = NULL, *mode_tree, *caps_tree, *rawmode_tree;
2709 wct = pd[offset]; /* Should be 0, 1 or 13 or 17, I think */
2711 if (!((wct == 0) && (dirn == 1)) && !((wct == 1) && (dirn == 0)) &&
2712 !((wct == 13) && (dirn == 0)) && !((wct == 17) && (dirn == 0))) {
2715 proto_tree_add_text(tree, offset, 1, "Invalid Negotiate Protocol format. WCT should be zero or 1 or 13 or 17 ..., not %u", wct);
2717 proto_tree_add_text(tree, offset, END_OF_FRAME, "Data");
2725 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %d", wct);
2729 if (dirn == 0 && errcode != 0) return; /* No more info ... */
2733 /* Now decode the various formats ... */
2737 case 0: /* A request */
2739 bcc = GSHORT(pd, offset);
2743 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2751 ti = proto_tree_add_text(tree, offset, END_OF_FRAME, "Dialects");
2752 dialects = proto_item_add_subtree(ti, ETT_SMB_DIALECTS);
2756 while (IS_DATA_IN_FRAME(offset)) {
2761 proto_tree_add_text(dialects, offset, 1, "Dialect Marker: %d", pd[offset]);
2771 proto_tree_add_text(dialects, offset, strlen(str)+1, "Dialect: %s", str);
2775 offset += strlen(str) + 1;
2780 case 1: /* PC NETWORK PROGRAM 1.0 */
2782 dialect = GSHORT(pd, offset);
2784 if (tree) { /* Hmmmm, what if none of the dialects is recognized */
2786 if (dialect == 0xFFFF) { /* Server didn't like them dialects */
2788 proto_tree_add_text(tree, offset, 2, "Supplied dialects not recognized");
2793 proto_tree_add_text(tree, offset, 2, "Dialect Index: %u, PC NETWORK PROTGRAM 1.0", dialect);
2801 bcc = GSHORT(pd, offset);
2805 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2811 case 13: /* Greater than Core and up to and incl LANMAN2.1 */
2815 proto_tree_add_text(tree, offset, 2, "Dialect Index: %u, Greater than CORE PROTOCOL and up to LANMAN2.1", GSHORT(pd, offset));
2819 /* Much of this is similar to response 17 below */
2823 mode = GSHORT(pd, offset);
2827 ti = proto_tree_add_text(tree, offset, 2, "Security Mode: 0x%04x", mode);
2828 mode_tree = proto_item_add_subtree(ti, ETT_SMB_MODE);
2829 proto_tree_add_text(mode_tree, offset, 2, "%s",
2830 decode_boolean_bitfield(mode, 0x0001, 16,
2832 "Security = Share"));
2833 proto_tree_add_text(mode_tree, offset, 2, "%s",
2834 decode_boolean_bitfield(mode, 0x0002, 16,
2835 "Passwords = Encrypted",
2836 "Passwords = Plaintext"));
2844 proto_tree_add_text(tree, offset, 2, "Max buffer size: %u", GSHORT(pd, offset));
2852 proto_tree_add_text(tree, offset, 2, "Max multiplex count: %u", GSHORT(pd, offset));
2860 proto_tree_add_text(tree, offset, 2, "Max vcs: %u", GSHORT(pd, offset));
2866 rawmode = GSHORT(pd, offset);
2870 ti = proto_tree_add_text(tree, offset, 2, "Raw Mode: 0x%04x", rawmode);
2871 rawmode_tree = proto_item_add_subtree(ti, ETT_SMB_RAWMODE);
2872 proto_tree_add_text(rawmode_tree, offset, 2, "%s",
2873 decode_boolean_bitfield(rawmode, 0x01, 16,
2874 "Read Raw supported",
2875 "Read Raw not supported"));
2876 proto_tree_add_text(rawmode_tree, offset, 2, "%s",
2877 decode_boolean_bitfield(rawmode, 0x02, 16,
2878 "Write Raw supported",
2879 "Write Raw not supported"));
2887 proto_tree_add_text(tree, offset, 4, "Session key: %08x", GWORD(pd, offset));
2893 /* Now the server time, two short parameters ... */
2897 proto_tree_add_text(tree, offset, 2, "Server Time: %s",
2898 dissect_dos_time(GSHORT(pd, offset)));
2899 proto_tree_add_text(tree, offset + 2, 2, "Server Date: %s",
2900 dissect_dos_date(GSHORT(pd, offset + 2)));
2906 /* Server Time Zone, SHORT */
2910 proto_tree_add_text(tree, offset, 2, "Server time zone: %i min from UTC",
2911 (signed)GSSHORT(pd, offset));
2917 /* Challenge Length */
2919 enckeylen = GSHORT(pd, offset);
2923 proto_tree_add_text(tree, offset, 2, "Challenge Length: %u", enckeylen);
2931 proto_tree_add_text(tree, offset, 2, "Reserved: %u (MBZ)", GSHORT(pd, offset));
2937 bcc = GSHORT(pd, offset);
2941 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2947 if (enckeylen) { /* only if non-zero key len */
2953 proto_tree_add_text(tree, offset, enckeylen, "Challenge: %s",
2954 bytes_to_str(str, enckeylen));
2957 offset += enckeylen;
2961 /* Primary Domain ... */
2967 proto_tree_add_text(tree, offset, strlen(str)+1, "Primary Domain: %s", str);
2973 case 17: /* Greater than LANMAN2.1 */
2977 proto_tree_add_text(tree, offset, 2, "Dialect Index: %u, Greater than LANMAN2.1", GSHORT(pd, offset));
2983 mode = GBYTE(pd, offset);
2987 ti = proto_tree_add_text(tree, offset, 1, "Security Mode: 0x%02x", mode);
2988 mode_tree = proto_item_add_subtree(ti, ETT_SMB_MODE);
2989 proto_tree_add_text(mode_tree, offset, 1, "%s",
2990 decode_boolean_bitfield(mode, 0x01, 8,
2992 "Security = Share"));
2993 proto_tree_add_text(mode_tree, offset, 1, "%s",
2994 decode_boolean_bitfield(mode, 0x02, 8,
2995 "Passwords = Encrypted",
2996 "Passwords = Plaintext"));
2997 proto_tree_add_text(mode_tree, offset, 1, "%s",
2998 decode_boolean_bitfield(mode, 0x04, 8,
2999 "Security signatures enabled",
3000 "Security signatures not enabled"));
3001 proto_tree_add_text(mode_tree, offset, 1, "%s",
3002 decode_boolean_bitfield(mode, 0x08, 8,
3003 "Security signatures required",
3004 "Security signatures not required"));
3012 proto_tree_add_text(tree, offset, 2, "Max multiplex count: %u", GSHORT(pd, offset));
3020 proto_tree_add_text(tree, offset, 2, "Max vcs: %u", GSHORT(pd, offset));
3028 proto_tree_add_text(tree, offset, 2, "Max buffer size: %u", GWORD(pd, offset));
3036 proto_tree_add_text(tree, offset, 4, "Max raw size: %u", GWORD(pd, offset));
3044 proto_tree_add_text(tree, offset, 4, "Session key: %08x", GWORD(pd, offset));
3050 caps = GWORD(pd, offset);
3054 ti = proto_tree_add_text(tree, offset, 4, "Capabilities: 0x%04x", caps);
3055 caps_tree = proto_item_add_subtree(ti, ETT_SMB_CAPABILITIES);
3056 proto_tree_add_text(caps_tree, offset, 4, "%s",
3057 decode_boolean_bitfield(caps, 0x0001, 32,
3058 "Raw Mode supported",
3059 "Raw Mode not supported"));
3060 proto_tree_add_text(caps_tree, offset, 4, "%s",
3061 decode_boolean_bitfield(caps, 0x0002, 32,
3062 "MPX Mode supported",
3063 "MPX Mode not supported"));
3064 proto_tree_add_text(caps_tree, offset, 4, "%s",
3065 decode_boolean_bitfield(caps, 0x0004, 32,
3066 "Unicode supported",
3067 "Unicode not supported"));
3068 proto_tree_add_text(caps_tree, offset, 4, "%s",
3069 decode_boolean_bitfield(caps, 0x0008, 32,
3070 "Large files supported",
3071 "Large files not supported"));
3072 proto_tree_add_text(caps_tree, offset, 4, "%s",
3073 decode_boolean_bitfield(caps, 0x0010, 32,
3074 "NT LM 0.12 SMBs supported",
3075 "NT LM 0.12 SMBs not supported"));
3076 proto_tree_add_text(caps_tree, offset, 4, "%s",
3077 decode_boolean_bitfield(caps, 0x0020, 32,
3078 "RPC remote APIs supported",
3079 "RPC remote APIs not supported"));
3080 proto_tree_add_text(caps_tree, offset, 4, "%s",
3081 decode_boolean_bitfield(caps, 0x0040, 32,
3082 "NT status codes supported",
3083 "NT status codes not supported"));
3084 proto_tree_add_text(caps_tree, offset, 4, "%s",
3085 decode_boolean_bitfield(caps, 0x0080, 32,
3086 "Level 2 OpLocks supported",
3087 "Level 2 OpLocks not supported"));
3088 proto_tree_add_text(caps_tree, offset, 4, "%s",
3089 decode_boolean_bitfield(caps, 0x0100, 32,
3090 "Lock&Read supported",
3091 "Lock&Read not supported"));
3092 proto_tree_add_text(caps_tree, offset, 4, "%s",
3093 decode_boolean_bitfield(caps, 0x0200, 32,
3094 "NT Find supported",
3095 "NT Find not supported"));
3096 proto_tree_add_text(caps_tree, offset, 4, "%s",
3097 decode_boolean_bitfield(caps, 0x1000, 32,
3099 "DFS not supported"));
3100 proto_tree_add_text(caps_tree, offset, 4, "%s",
3101 decode_boolean_bitfield(caps, 0x4000, 32,
3102 "Large READX supported",
3103 "Large READX not supported"));
3104 proto_tree_add_text(caps_tree, offset, 4, "%s",
3105 decode_boolean_bitfield(caps, 0x8000, 32,
3106 "Large WRITEX supported",
3107 "Large WRITEX not supported"));
3108 proto_tree_add_text(caps_tree, offset, 4, "%s",
3109 decode_boolean_bitfield(caps, 0x80000000, 32,
3110 "Extended security exchanges supported",
3111 "Extended security exchanges not supported"));
3116 /* Server time, 2 WORDS */
3120 proto_tree_add_text(tree, offset, 4, "System Time Low: 0x%08x", GWORD(pd, offset));
3121 proto_tree_add_text(tree, offset + 4, 4, "System Time High: 0x%08x", GWORD(pd, offset + 4));
3127 /* Server Time Zone, SHORT */
3131 proto_tree_add_text(tree, offset, 2, "Server time zone: %i min from UTC",
3132 (signed)GSSHORT(pd, offset));
3138 /* Encryption key len */
3140 enckeylen = pd[offset];
3144 proto_tree_add_text(tree, offset, 1, "Encryption key len: %u", enckeylen);
3150 bcc = GSHORT(pd, offset);
3154 proto_tree_add_text(tree, offset, 2, "Byte count (BCC): %u", bcc);
3160 if (enckeylen) { /* only if non-zero key len */
3162 /* Encryption challenge key */
3168 proto_tree_add_text(tree, offset, enckeylen, "Challenge encryption key: %s",
3169 bytes_to_str(str, enckeylen));
3173 offset += enckeylen;
3177 /* The domain, a null terminated string; Unicode if "caps" has
3178 the 0x0004 bit set, ASCII (OEM character set) otherwise.
3179 XXX - for now, we just handle the ISO 8859-1 subset of Unicode. */
3185 if (caps & 0x0004) {
3186 ustr = unicode_to_str(str, &ustr_len);
3187 proto_tree_add_text(tree, offset, ustr_len+2, "OEM domain name: %s", ustr);
3189 proto_tree_add_text(tree, offset, strlen(str)+1, "OEM domain name: %s", str);
3196 default: /* Baddd */
3199 proto_tree_add_text(tree, offset, 1, "Bad format, should never get here");
3207 dissect_deletedir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3211 guint8 BufferFormat;
3213 const char *DirectoryName;
3215 if (dirn == 1) { /* Request(s) dissect code */
3217 /* Build display for: Word Count (WCT) */
3219 WordCount = GBYTE(pd, offset);
3223 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3227 offset += 1; /* Skip Word Count (WCT) */
3229 /* Build display for: Byte Count (BCC) */
3231 ByteCount = GSHORT(pd, offset);
3235 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3239 offset += 2; /* Skip Byte Count (BCC) */
3241 /* Build display for: Buffer Format */
3243 BufferFormat = GBYTE(pd, offset);
3247 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
3251 offset += 1; /* Skip Buffer Format */
3253 /* Build display for: Directory Name */
3255 DirectoryName = pd + offset;
3259 proto_tree_add_text(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3263 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3267 if (dirn == 0) { /* Response(s) dissect code */
3269 /* Build display for: Word Count (WCT) */
3271 WordCount = GBYTE(pd, offset);
3275 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3279 offset += 1; /* Skip Word Count (WCT) */
3281 /* Build display for: Byte Count (BCC) */
3283 ByteCount = GSHORT(pd, offset);
3287 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3291 offset += 2; /* Skip Byte Count (BCC) */
3298 dissect_createdir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3302 guint8 BufferFormat;
3304 const char *DirectoryName;
3306 if (dirn == 1) { /* Request(s) dissect code */
3308 /* Build display for: Word Count (WCT) */
3310 WordCount = GBYTE(pd, offset);
3314 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3318 offset += 1; /* Skip Word Count (WCT) */
3320 /* Build display for: Byte Count (BCC) */
3322 ByteCount = GSHORT(pd, offset);
3326 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3330 offset += 2; /* Skip Byte Count (BCC) */
3332 /* Build display for: Buffer Format */
3334 BufferFormat = GBYTE(pd, offset);
3338 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
3342 offset += 1; /* Skip Buffer Format */
3344 /* Build display for: Directory Name */
3346 DirectoryName = pd + offset;
3350 proto_tree_add_text(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3354 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3358 if (dirn == 0) { /* Response(s) dissect code */
3360 /* Build display for: Word Count (WCT) */
3362 WordCount = GBYTE(pd, offset);
3366 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3370 offset += 1; /* Skip Word Count (WCT) */
3372 /* Build display for: Byte Count (BCC) */
3374 ByteCount = GSHORT(pd, offset);
3378 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3382 offset += 2; /* Skip Byte Count (BCC) */
3389 dissect_checkdir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3393 guint8 BufferFormat;
3395 const char *DirectoryName;
3397 if (dirn == 1) { /* Request(s) dissect code */
3399 /* Build display for: Word Count (WCT) */
3401 WordCount = GBYTE(pd, offset);
3405 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3409 offset += 1; /* Skip Word Count (WCT) */
3411 /* Build display for: Byte Count (BCC) */
3413 ByteCount = GSHORT(pd, offset);
3417 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3421 offset += 2; /* Skip Byte Count (BCC) */
3423 /* Build display for: Buffer Format */
3425 BufferFormat = GBYTE(pd, offset);
3429 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
3433 offset += 1; /* Skip Buffer Format */
3435 /* Build display for: Directory Name */
3437 DirectoryName = pd + offset;
3441 proto_tree_add_text(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3445 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3449 if (dirn == 0) { /* Response(s) dissect code */
3451 /* Build display for: Word Count (WCT) */
3453 WordCount = GBYTE(pd, offset);
3457 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3461 offset += 1; /* Skip Word Count (WCT) */
3463 /* Build display for: Byte Count (BCC) */
3465 ByteCount = GSHORT(pd, offset);
3469 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3473 offset += 2; /* Skip Byte Count (BCC) */
3480 dissect_open_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3483 static const value_string OpenFunction_0x10[] = {
3484 { 0, "Fail if file does not exist"},
3485 { 16, "Create file if it does not exist"},
3488 static const value_string OpenFunction_0x03[] = {
3489 { 0, "Fail if file exists"},
3490 { 1, "Open file if it exists"},
3491 { 2, "Truncate File if it exists"},
3494 static const value_string FileType_0xFFFF[] = {
3495 { 0, "Disk file or directory"},
3496 { 1, "Named pipe in byte mode"},
3497 { 2, "Named pipe in message mode"},
3498 { 3, "Spooled printer"},
3501 static const value_string DesiredAccess_0x70[] = {
3502 { 00, "Compatibility mode"},
3503 { 16, "Deny read/write/execute (exclusive)"},
3504 { 32, "Deny write"},
3505 { 48, "Deny read/execute"},
3509 static const value_string DesiredAccess_0x700[] = {
3510 { 0, "Locality of reference unknown"},
3511 { 256, "Mainly sequential access"},
3512 { 512, "Mainly random access"},
3513 { 768, "Random access with some locality"},
3516 static const value_string DesiredAccess_0x4000[] = {
3517 { 0, "Write through mode disabled"},
3518 { 16384, "Write through mode enabled"},
3521 static const value_string DesiredAccess_0x1000[] = {
3522 { 0, "Normal file (caching permitted)"},
3523 { 4096, "Do not cache this file"},
3526 static const value_string DesiredAccess_0x07[] = {
3527 { 0, "Open for reading"},
3528 { 1, "Open for writing"},
3529 { 2, "Open for reading and writing"},
3530 { 3, "Open for execute"},
3533 static const value_string Action_0x8000[] = {
3534 { 0, "File opened by another user (or mode not supported by server)"},
3535 { 32768, "File is opened only by this user at present"},
3538 static const value_string Action_0x0003[] = {
3539 { 0, "No action taken?"},
3540 { 1, "The file existed and was opened"},
3541 { 2, "The file did not exist but was created"},
3542 { 3, "The file existed and was truncated"},
3545 proto_tree *Search_tree;
3546 proto_tree *OpenFunction_tree;
3547 proto_tree *Flags_tree;
3548 proto_tree *File_tree;
3549 proto_tree *FileType_tree;
3550 proto_tree *FileAttributes_tree;
3551 proto_tree *DesiredAccess_tree;
3552 proto_tree *Action_tree;
3555 guint8 BufferFormat;
3556 guint8 AndXReserved;
3557 guint8 AndXCommand = 0xFF;
3562 guint32 AllocatedSize;
3565 guint16 OpenFunction;
3566 guint16 LastWriteTime;
3567 guint16 LastWriteDate;
3568 guint16 GrantedAccess;
3571 guint16 FileAttributes;
3574 guint16 DeviceState;
3575 guint16 DesiredAccess;
3576 guint16 CreationTime;
3577 guint16 CreationDate;
3581 const char *FileName;
3583 if (dirn == 1) { /* Request(s) dissect code */
3585 /* Build display for: Word Count (WCT) */
3587 WordCount = GBYTE(pd, offset);
3591 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3595 offset += 1; /* Skip Word Count (WCT) */
3597 /* Build display for: AndXCommand */
3599 AndXCommand = GBYTE(pd, offset);
3603 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
3604 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
3608 offset += 1; /* Skip AndXCommand */
3610 /* Build display for: AndXReserved */
3612 AndXReserved = GBYTE(pd, offset);
3616 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
3620 offset += 1; /* Skip AndXReserved */
3622 /* Build display for: AndXOffset */
3624 AndXOffset = GSHORT(pd, offset);
3628 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
3632 offset += 2; /* Skip AndXOffset */
3634 /* Build display for: Flags */
3636 Flags = GSHORT(pd, offset);
3640 ti = proto_tree_add_text(tree, offset, 2, "Flags: 0x%02x", Flags);
3641 Flags_tree = proto_item_add_subtree(ti, ETT_SMB_FLAGS);
3642 proto_tree_add_text(Flags_tree, offset, 2, "%s",
3643 decode_boolean_bitfield(Flags, 0x01, 16, "Dont Return Additional Info", "Return Additional Info"));
3644 proto_tree_add_text(Flags_tree, offset, 2, "%s",
3645 decode_boolean_bitfield(Flags, 0x02, 16, "Exclusive OpLock not Requested", "Exclusive OpLock Requested"));
3646 proto_tree_add_text(Flags_tree, offset, 2, "%s",
3647 decode_boolean_bitfield(Flags, 0x04, 16, "Batch OpLock not Requested", "Batch OpLock Requested"));
3651 offset += 2; /* Skip Flags */
3653 /* Build display for: Desired Access */
3655 DesiredAccess = GSHORT(pd, offset);
3659 ti = proto_tree_add_text(tree, offset, 2, "Desired Access: 0x%02x", DesiredAccess);
3660 DesiredAccess_tree = proto_item_add_subtree(ti, ETT_SMB_DESIREDACCESS);
3661 proto_tree_add_text(DesiredAccess_tree, offset, 2, "%s",
3662 decode_enumerated_bitfield(DesiredAccess, 0x07, 16, DesiredAccess_0x07, "%s"));
3663 proto_tree_add_text(DesiredAccess_tree, offset, 2, "%s",
3664 decode_enumerated_bitfield(DesiredAccess, 0x70, 16, DesiredAccess_0x70, "%s"));
3665 proto_tree_add_text(DesiredAccess_tree, offset, 2, "%s",
3666 decode_enumerated_bitfield(DesiredAccess, 0x700, 16, DesiredAccess_0x700, "%s"));
3667 proto_tree_add_text(DesiredAccess_tree, offset, 2, "%s",
3668 decode_enumerated_bitfield(DesiredAccess, 0x1000, 16, DesiredAccess_0x1000, "%s"));
3669 proto_tree_add_text(DesiredAccess_tree, offset, 2, "%s",
3670 decode_enumerated_bitfield(DesiredAccess, 0x4000, 16, DesiredAccess_0x4000, "%s"));
3674 offset += 2; /* Skip Desired Access */
3676 /* Build display for: Search */
3678 Search = GSHORT(pd, offset);
3682 ti = proto_tree_add_text(tree, offset, 2, "Search: 0x%02x", Search);
3683 Search_tree = proto_item_add_subtree(ti, ETT_SMB_SEARCH);
3684 proto_tree_add_text(Search_tree, offset, 2, "%s",
3685 decode_boolean_bitfield(Search, 0x01, 16, "Read only file", "Not a read only file"));
3686 proto_tree_add_text(Search_tree, offset, 2, "%s",
3687 decode_boolean_bitfield(Search, 0x02, 16, "Hidden file", "Not a hidden file"));
3688 proto_tree_add_text(Search_tree, offset, 2, "%s",
3689 decode_boolean_bitfield(Search, 0x04, 16, "System file", "Not a system file"));
3690 proto_tree_add_text(Search_tree, offset, 2, "%s",
3691 decode_boolean_bitfield(Search, 0x08, 16, " Volume", "Not a volume"));
3692 proto_tree_add_text(Search_tree, offset, 2, "%s",
3693 decode_boolean_bitfield(Search, 0x10, 16, " Directory", "Not a directory"));
3694 proto_tree_add_text(Search_tree, offset, 2, "%s",
3695 decode_boolean_bitfield(Search, 0x20, 16, "Archive file", "Do not archive file"));
3699 offset += 2; /* Skip Search */
3701 /* Build display for: File */
3703 File = GSHORT(pd, offset);
3707 ti = proto_tree_add_text(tree, offset, 2, "File: 0x%02x", File);
3708 File_tree = proto_item_add_subtree(ti, ETT_SMB_FILE);
3709 proto_tree_add_text(File_tree, offset, 2, "%s",
3710 decode_boolean_bitfield(File, 0x01, 16, "Read only file", "Not a read only file"));
3711 proto_tree_add_text(File_tree, offset, 2, "%s",
3712 decode_boolean_bitfield(File, 0x02, 16, "Hidden file", "Not a hidden file"));
3713 proto_tree_add_text(File_tree, offset, 2, "%s",
3714 decode_boolean_bitfield(File, 0x04, 16, "System file", "Not a system file"));
3715 proto_tree_add_text(File_tree, offset, 2, "%s",
3716 decode_boolean_bitfield(File, 0x08, 16, " Volume", "Not a volume"));
3717 proto_tree_add_text(File_tree, offset, 2, "%s",
3718 decode_boolean_bitfield(File, 0x10, 16, " Directory", "Not a directory"));
3719 proto_tree_add_text(File_tree, offset, 2, "%s",
3720 decode_boolean_bitfield(File, 0x20, 16, "Archive file", "Do not archive file"));
3724 offset += 2; /* Skip File */
3726 /* Build display for: Creation Time */
3728 CreationTime = GSHORT(pd, offset);
3735 offset += 2; /* Skip Creation Time */
3737 /* Build display for: Creation Date */
3739 CreationDate = GSHORT(pd, offset);
3743 proto_tree_add_text(tree, offset, 2, "Creation Date: %s", dissect_smbu_date(CreationDate, CreationTime));
3744 proto_tree_add_text(tree, offset, 2, "Creation Time: %s", dissect_smbu_time(CreationDate, CreationTime));
3748 offset += 2; /* Skip Creation Date */
3750 /* Build display for: Open Function */
3752 OpenFunction = GSHORT(pd, offset);
3756 ti = proto_tree_add_text(tree, offset, 2, "Open Function: 0x%02x", OpenFunction);
3757 OpenFunction_tree = proto_item_add_subtree(ti, ETT_SMB_OPENFUNCTION);
3758 proto_tree_add_text(OpenFunction_tree, offset, 2, "%s",
3759 decode_enumerated_bitfield(OpenFunction, 0x10, 16, OpenFunction_0x10, "%s"));
3760 proto_tree_add_text(OpenFunction_tree, offset, 2, "%s",
3761 decode_enumerated_bitfield(OpenFunction, 0x03, 16, OpenFunction_0x03, "%s"));
3765 offset += 2; /* Skip Open Function */
3767 /* Build display for: Allocated Size */
3769 AllocatedSize = GWORD(pd, offset);
3773 proto_tree_add_text(tree, offset, 4, "Allocated Size: %u", AllocatedSize);
3777 offset += 4; /* Skip Allocated Size */
3779 /* Build display for: Reserved1 */
3781 Reserved1 = GWORD(pd, offset);
3785 proto_tree_add_text(tree, offset, 4, "Reserved1: %u", Reserved1);
3789 offset += 4; /* Skip Reserved1 */
3791 /* Build display for: Reserved2 */
3793 Reserved2 = GWORD(pd, offset);
3797 proto_tree_add_text(tree, offset, 4, "Reserved2: %u", Reserved2);
3801 offset += 4; /* Skip Reserved2 */
3803 /* Build display for: Byte Count */
3805 ByteCount = GSHORT(pd, offset);
3809 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
3813 offset += 2; /* Skip Byte Count */
3815 /* Build display for: File Name */
3817 FileName = pd + offset;
3821 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
3825 offset += strlen(FileName) + 1; /* Skip File Name */
3828 if (AndXCommand != 0xFF) {
3830 (dissect[AndXCommand])(pd, offset, fd, tree, si, max_data, SMB_offset, errcode, dirn);
3836 if (dirn == 0) { /* Response(s) dissect code */
3838 /* Build display for: Word Count (WCT) */
3840 WordCount = GBYTE(pd, offset);
3844 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3848 offset += 1; /* Skip Word Count (WCT) */
3850 if (WordCount > 0) {
3852 /* Build display for: AndXCommand */
3854 AndXCommand = GBYTE(pd, offset);
3858 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
3859 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
3863 offset += 1; /* Skip AndXCommand */
3865 /* Build display for: AndXReserved */
3867 AndXReserved = GBYTE(pd, offset);
3871 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
3875 offset += 1; /* Skip AndXReserved */
3877 /* Build display for: AndXOffset */
3879 AndXOffset = GSHORT(pd, offset);
3883 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
3887 offset += 2; /* Skip AndXOffset */
3889 /* Build display for: FID */
3891 FID = GSHORT(pd, offset);
3895 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
3899 offset += 2; /* Skip FID */
3901 /* Build display for: FileAttributes */
3903 FileAttributes = GSHORT(pd, offset);
3907 ti = proto_tree_add_text(tree, offset, 2, "FileAttributes: 0x%02x", FileAttributes);
3908 FileAttributes_tree = proto_item_add_subtree(ti, ETT_SMB_FILEATTRIBUTES);
3909 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3910 decode_boolean_bitfield(FileAttributes, 0x01, 16, "Read only file", "Not a read only file"));
3911 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3912 decode_boolean_bitfield(FileAttributes, 0x02, 16, "Hidden file", "Not a hidden file"));
3913 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3914 decode_boolean_bitfield(FileAttributes, 0x04, 16, "System file", "Not a system file"));
3915 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3916 decode_boolean_bitfield(FileAttributes, 0x08, 16, " Volume", "Not a volume"));
3917 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3918 decode_boolean_bitfield(FileAttributes, 0x10, 16, " Directory", "Not a directory"));
3919 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3920 decode_boolean_bitfield(FileAttributes, 0x20, 16, "Archive file", "Do not archive file"));
3924 offset += 2; /* Skip FileAttributes */
3926 /* Build display for: Last Write Time */
3928 LastWriteTime = GSHORT(pd, offset);
3934 offset += 2; /* Skip Last Write Time */
3936 /* Build display for: Last Write Date */
3938 LastWriteDate = GSHORT(pd, offset);
3942 proto_tree_add_text(tree, offset, 2, "Last Write Date: %s", dissect_smbu_date(LastWriteDate, LastWriteTime));
3943 proto_tree_add_text(tree, offset, 2, "Last Write Time: %s", dissect_smbu_time(LastWriteDate, LastWriteTime));
3948 offset += 2; /* Skip Last Write Date */
3950 /* Build display for: Data Size */
3952 DataSize = GWORD(pd, offset);
3956 proto_tree_add_text(tree, offset, 4, "Data Size: %u", DataSize);
3960 offset += 4; /* Skip Data Size */
3962 /* Build display for: Granted Access */
3964 GrantedAccess = GSHORT(pd, offset);
3968 proto_tree_add_text(tree, offset, 2, "Granted Access: %u", GrantedAccess);
3972 offset += 2; /* Skip Granted Access */
3974 /* Build display for: File Type */
3976 FileType = GSHORT(pd, offset);
3980 ti = proto_tree_add_text(tree, offset, 2, "File Type: 0x%02x", FileType);
3981 FileType_tree = proto_item_add_subtree(ti, ETT_SMB_FILETYPE);
3982 proto_tree_add_text(FileType_tree, offset, 2, "%s",
3983 decode_enumerated_bitfield(FileType, 0xFFFF, 16, FileType_0xFFFF, "%s"));
3987 offset += 2; /* Skip File Type */
3989 /* Build display for: Device State */
3991 DeviceState = GSHORT(pd, offset);
3995 proto_tree_add_text(tree, offset, 2, "Device State: %u", DeviceState);
3999 offset += 2; /* Skip Device State */
4001 /* Build display for: Action */
4003 Action = GSHORT(pd, offset);
4007 ti = proto_tree_add_text(tree, offset, 2, "Action: 0x%02x", Action);
4008 Action_tree = proto_item_add_subtree(ti, ETT_SMB_ACTION);
4009 proto_tree_add_text(Action_tree, offset, 2, "%s",
4010 decode_enumerated_bitfield(Action, 0x8000, 16, Action_0x8000, "%s"));
4011 proto_tree_add_text(Action_tree, offset, 2, "%s",
4012 decode_enumerated_bitfield(Action, 0x0003, 16, Action_0x0003, "%s"));
4016 offset += 2; /* Skip Action */
4018 /* Build display for: Server FID */
4020 ServerFID = GWORD(pd, offset);
4024 proto_tree_add_text(tree, offset, 4, "Server FID: %u", ServerFID);
4028 offset += 4; /* Skip Server FID */
4030 /* Build display for: Reserved */
4032 Reserved = GSHORT(pd, offset);
4036 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
4040 offset += 2; /* Skip Reserved */
4044 /* Build display for: Byte Count */
4046 ByteCount = GSHORT(pd, offset);
4050 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
4054 offset += 2; /* Skip Byte Count */
4057 if (AndXCommand != 0xFF) {
4059 (dissect[AndXCommand])(pd, offset, fd, tree, si, max_data, SMB_offset, errcode, dirn);
4068 dissect_write_raw_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4071 proto_tree *WriteMode_tree;
4087 if (dirn == 1) { /* Request(s) dissect code */
4089 WordCount = GBYTE(pd, offset);
4091 switch (WordCount) {
4095 /* Build display for: Word Count (WCT) */
4097 WordCount = GBYTE(pd, offset);
4101 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4105 offset += 1; /* Skip Word Count (WCT) */
4107 /* Build display for: FID */
4109 FID = GSHORT(pd, offset);
4113 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
4117 offset += 2; /* Skip FID */
4119 /* Build display for: Count */
4121 Count = GSHORT(pd, offset);
4125 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
4129 offset += 2; /* Skip Count */
4131 /* Build display for: Reserved 1 */
4133 Reserved1 = GSHORT(pd, offset);
4137 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
4141 offset += 2; /* Skip Reserved 1 */
4143 /* Build display for: Offset */
4145 Offset = GWORD(pd, offset);
4149 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
4153 offset += 4; /* Skip Offset */
4155 /* Build display for: Timeout */
4157 Timeout = GWORD(pd, offset);
4161 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
4165 offset += 4; /* Skip Timeout */
4167 /* Build display for: WriteMode */
4169 WriteMode = GSHORT(pd, offset);
4173 ti = proto_tree_add_text(tree, offset, 2, "WriteMode: 0x%02x", WriteMode);
4174 WriteMode_tree = proto_item_add_subtree(ti, ETT_SMB_WRITEMODE);
4175 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
4176 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
4177 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
4178 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining (pipe/dev)", "Dont return Remaining (pipe/dev)"));
4182 offset += 2; /* Skip WriteMode */
4184 /* Build display for: Reserved 2 */
4186 Reserved2 = GWORD(pd, offset);
4190 proto_tree_add_text(tree, offset, 4, "Reserved 2: %u", Reserved2);
4194 offset += 4; /* Skip Reserved 2 */
4196 /* Build display for: Data Length */
4198 DataLength = GSHORT(pd, offset);
4202 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
4206 offset += 2; /* Skip Data Length */
4208 /* Build display for: Data Offset */
4210 DataOffset = GSHORT(pd, offset);
4214 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
4218 offset += 2; /* Skip Data Offset */
4220 /* Build display for: Byte Count (BCC) */
4222 ByteCount = GSHORT(pd, offset);
4226 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4230 offset += 2; /* Skip Byte Count (BCC) */
4232 /* Build display for: Pad */
4234 Pad = GBYTE(pd, offset);
4238 proto_tree_add_text(tree, offset, 1, "Pad: %u", Pad);
4242 offset += 1; /* Skip Pad */
4248 /* Build display for: Word Count (WCT) */
4250 WordCount = GBYTE(pd, offset);
4254 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4258 offset += 1; /* Skip Word Count (WCT) */
4260 /* Build display for: FID */
4262 FID = GSHORT(pd, offset);
4266 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
4270 offset += 2; /* Skip FID */
4272 /* Build display for: Count */
4274 Count = GSHORT(pd, offset);
4278 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
4282 offset += 2; /* Skip Count */
4284 /* Build display for: Reserved 1 */
4286 Reserved1 = GSHORT(pd, offset);
4290 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
4294 offset += 2; /* Skip Reserved 1 */
4296 /* Build display for: Timeout */
4298 Timeout = GWORD(pd, offset);
4302 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
4306 offset += 4; /* Skip Timeout */
4308 /* Build display for: WriteMode */
4310 WriteMode = GSHORT(pd, offset);
4314 ti = proto_tree_add_text(tree, offset, 2, "WriteMode: 0x%02x", WriteMode);
4315 WriteMode_tree = proto_item_add_subtree(ti, ETT_SMB_WRITEMODE);
4316 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
4317 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
4318 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
4319 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining (pipe/dev)", "Dont return Remaining (pipe/dev)"));
4323 offset += 2; /* Skip WriteMode */
4325 /* Build display for: Reserved 2 */
4327 Reserved2 = GWORD(pd, offset);
4331 proto_tree_add_text(tree, offset, 4, "Reserved 2: %u", Reserved2);
4335 offset += 4; /* Skip Reserved 2 */
4337 /* Build display for: Data Length */
4339 DataLength = GSHORT(pd, offset);
4343 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
4347 offset += 2; /* Skip Data Length */
4349 /* Build display for: Data Offset */
4351 DataOffset = GSHORT(pd, offset);
4355 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
4359 offset += 2; /* Skip Data Offset */
4361 /* Build display for: Byte Count (BCC) */
4363 ByteCount = GSHORT(pd, offset);
4367 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4371 offset += 2; /* Skip Byte Count (BCC) */
4373 /* Build display for: Pad */
4375 Pad = GBYTE(pd, offset);
4379 proto_tree_add_text(tree, offset, 1, "Pad: %u", Pad);
4383 offset += 1; /* Skip Pad */
4391 if (dirn == 0) { /* Response(s) dissect code */
4393 /* Build display for: Word Count (WCT) */
4395 WordCount = GBYTE(pd, offset);
4399 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4403 offset += 1; /* Skip Word Count (WCT) */
4405 if (WordCount > 0) {
4407 /* Build display for: Remaining */
4409 Remaining = GSHORT(pd, offset);
4413 proto_tree_add_text(tree, offset, 2, "Remaining: %u", Remaining);
4417 offset += 2; /* Skip Remaining */
4421 /* Build display for: Byte Count */
4423 ByteCount = GSHORT(pd, offset);
4427 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
4431 offset += 2; /* Skip Byte Count */
4438 dissect_tdis_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4444 if (dirn == 1) { /* Request(s) dissect code */
4446 /* Build display for: Word Count (WCT) */
4448 WordCount = GBYTE(pd, offset);
4452 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4456 offset += 1; /* Skip Word Count (WCT) */
4458 /* Build display for: Byte Count (BCC) */
4460 ByteCount = GSHORT(pd, offset);
4464 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4468 offset += 2; /* Skip Byte Count (BCC) */
4472 if (dirn == 0) { /* Response(s) dissect code */
4474 /* Build display for: Word Count (WCT) */
4476 WordCount = GBYTE(pd, offset);
4480 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4484 offset += 1; /* Skip Word Count (WCT) */
4486 /* Build display for: Byte Count (BCC) */
4488 ByteCount = GSHORT(pd, offset);
4492 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4496 offset += 2; /* Skip Byte Count (BCC) */
4503 dissect_move_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4506 static const value_string Flags_0x03[] = {
4507 { 0, "Target must be a file"},
4508 { 1, "Target must be a directory"},
4511 { 4, "Verify all writes"},
4514 proto_tree *Flags_tree;
4517 guint8 ErrorFileFormat;
4519 guint16 OpenFunction;
4523 const char *ErrorFileName;
4525 if (dirn == 1) { /* Request(s) dissect code */
4527 /* Build display for: Word Count (WCT) */
4529 WordCount = GBYTE(pd, offset);
4533 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4537 offset += 1; /* Skip Word Count (WCT) */
4539 /* Build display for: TID2 */
4541 TID2 = GSHORT(pd, offset);
4545 proto_tree_add_text(tree, offset, 2, "TID2: %u", TID2);
4549 offset += 2; /* Skip TID2 */
4551 /* Build display for: Open Function */
4553 OpenFunction = GSHORT(pd, offset);
4557 proto_tree_add_text(tree, offset, 2, "Open Function: %u", OpenFunction);
4561 offset += 2; /* Skip Open Function */
4563 /* Build display for: Flags */
4565 Flags = GSHORT(pd, offset);
4569 ti = proto_tree_add_text(tree, offset, 2, "Flags: 0x%02x", Flags);
4570 Flags_tree = proto_item_add_subtree(ti, ETT_SMB_FLAGS);
4571 proto_tree_add_text(Flags_tree, offset, 2, "%s",
4572 decode_enumerated_bitfield(Flags, 0x03, 16, Flags_0x03, "%s"));
4576 offset += 2; /* Skip Flags */
4580 if (dirn == 0) { /* Response(s) dissect code */
4582 /* Build display for: Word Count (WCT) */
4584 WordCount = GBYTE(pd, offset);
4588 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4592 offset += 1; /* Skip Word Count (WCT) */
4594 if (WordCount > 0) {
4596 /* Build display for: Count */
4598 Count = GSHORT(pd, offset);
4602 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
4606 offset += 2; /* Skip Count */
4610 /* Build display for: Byte Count */
4612 ByteCount = GSHORT(pd, offset);
4616 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
4620 offset += 2; /* Skip Byte Count */
4622 /* Build display for: Error File Format */
4624 ErrorFileFormat = GBYTE(pd, offset);
4628 proto_tree_add_text(tree, offset, 1, "Error File Format: %u", ErrorFileFormat);
4632 offset += 1; /* Skip Error File Format */
4634 /* Build display for: Error File Name */
4636 ErrorFileName = pd + offset;
4640 proto_tree_add_text(tree, offset, strlen(ErrorFileName) + 1, "Error File Name: %s", ErrorFileName);
4644 offset += strlen(ErrorFileName) + 1; /* Skip Error File Name */
4651 dissect_rename_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4655 guint8 BufferFormat2;
4656 guint8 BufferFormat1;
4657 guint16 SearchAttributes;
4659 const char *OldFileName;
4660 const char *NewFileName;
4662 if (dirn == 1) { /* Request(s) dissect code */
4664 /* Build display for: Word Count (WCT) */
4666 WordCount = GBYTE(pd, offset);
4670 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4674 offset += 1; /* Skip Word Count (WCT) */
4676 /* Build display for: Search Attributes */
4678 SearchAttributes = GSHORT(pd, offset);
4682 proto_tree_add_text(tree, offset, 2, "Search Attributes: %u", SearchAttributes);
4686 offset += 2; /* Skip Search Attributes */
4688 /* Build display for: Byte Count */
4690 ByteCount = GSHORT(pd, offset);
4694 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
4698 offset += 2; /* Skip Byte Count */
4700 /* Build display for: Buffer Format 1 */
4702 BufferFormat1 = GBYTE(pd, offset);
4706 proto_tree_add_text(tree, offset, 1, "Buffer Format 1: %u", BufferFormat1);
4710 offset += 1; /* Skip Buffer Format 1 */
4712 /* Build display for: Old File Name */
4714 OldFileName = pd + offset;
4718 proto_tree_add_text(tree, offset, strlen(OldFileName) + 1, "Old File Name: %s", OldFileName);
4722 offset += strlen(OldFileName) + 1; /* Skip Old File Name */
4724 /* Build display for: Buffer Format 2 */
4726 BufferFormat2 = GBYTE(pd, offset);
4730 proto_tree_add_text(tree, offset, 1, "Buffer Format 2: %u", BufferFormat2);
4734 offset += 1; /* Skip Buffer Format 2 */
4736 /* Build display for: New File Name */
4738 NewFileName = pd + offset;
4742 proto_tree_add_text(tree, offset, strlen(NewFileName) + 1, "New File Name: %s", NewFileName);
4746 offset += strlen(NewFileName) + 1; /* Skip New File Name */
4750 if (dirn == 0) { /* Response(s) dissect code */
4752 /* Build display for: Word Count (WCT) */
4754 WordCount = GBYTE(pd, offset);
4758 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4762 offset += 1; /* Skip Word Count (WCT) */
4764 /* Build display for: Byte Count (BCC) */
4766 ByteCount = GSHORT(pd, offset);
4770 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4774 offset += 2; /* Skip Byte Count (BCC) */
4781 dissect_open_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4784 static const value_string Mode_0x03[] = {
4785 { 0, "Text mode (DOS expands TABs)"},
4786 { 1, "Graphics mode"},
4789 proto_tree *Mode_tree;
4792 guint8 BufferFormat;
4793 guint16 SetupLength;
4797 const char *IdentifierString;
4799 if (dirn == 1) { /* Request(s) dissect code */
4801 /* Build display for: Word Count (WCT) */
4803 WordCount = GBYTE(pd, offset);
4807 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4811 offset += 1; /* Skip Word Count (WCT) */
4813 /* Build display for: Setup Length */
4815 SetupLength = GSHORT(pd, offset);
4819 proto_tree_add_text(tree, offset, 2, "Setup Length: %u", SetupLength);
4823 offset += 2; /* Skip Setup Length */
4825 /* Build display for: Mode */
4827 Mode = GSHORT(pd, offset);
4831 ti = proto_tree_add_text(tree, offset, 2, "Mode: 0x%02x", Mode);
4832 Mode_tree = proto_item_add_subtree(ti, ETT_SMB_MODE);
4833 proto_tree_add_text(Mode_tree, offset, 2, "%s",
4834 decode_enumerated_bitfield(Mode, 0x03, 16, Mode_0x03, "%s"));
4838 offset += 2; /* Skip Mode */
4840 /* Build display for: Byte Count (BCC) */
4842 ByteCount = GSHORT(pd, offset);
4846 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4850 offset += 2; /* Skip Byte Count (BCC) */
4852 /* Build display for: Buffer Format */
4854 BufferFormat = GBYTE(pd, offset);
4858 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
4862 offset += 1; /* Skip Buffer Format */
4864 /* Build display for: Identifier String */
4866 IdentifierString = pd + offset;
4870 proto_tree_add_text(tree, offset, strlen(IdentifierString) + 1, "Identifier String: %s", IdentifierString);
4874 offset += strlen(IdentifierString) + 1; /* Skip Identifier String */
4878 if (dirn == 0) { /* Response(s) dissect code */
4880 /* Build display for: Word Count (WCT) */
4882 WordCount = GBYTE(pd, offset);
4886 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4890 offset += 1; /* Skip Word Count (WCT) */
4892 /* Build display for: FID */
4894 FID = GSHORT(pd, offset);
4898 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
4902 offset += 2; /* Skip FID */
4904 /* Build display for: Byte Count (BCC) */
4906 ByteCount = GSHORT(pd, offset);
4910 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4914 offset += 2; /* Skip Byte Count (BCC) */
4921 dissect_close_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4928 if (dirn == 1) { /* Request(s) dissect code */
4930 /* Build display for: Word Count (WCT) */
4932 WordCount = GBYTE(pd, offset);
4936 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4940 offset += 1; /* Skip Word Count (WCT) */
4942 /* Build display for: FID */
4944 FID = GSHORT(pd, offset);
4948 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
4952 offset += 2; /* Skip FID */
4954 /* Build display for: Byte Count (BCC) */
4956 ByteCount = GSHORT(pd, offset);
4960 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4964 offset += 2; /* Skip Byte Count (BCC) */
4968 if (dirn == 0) { /* Response(s) dissect code */
4970 /* Build display for: Word Count */
4972 WordCount = GBYTE(pd, offset);
4976 proto_tree_add_text(tree, offset, 1, "Word Count: %u", WordCount);
4980 offset += 1; /* Skip Word Count */
4982 /* Build display for: Byte Count (BCC) */
4984 ByteCount = GSHORT(pd, offset);
4988 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4992 offset += 2; /* Skip Byte Count (BCC) */
4999 dissect_read_raw_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5012 if (dirn == 1) { /* Request(s) dissect code */
5014 WordCount = GBYTE(pd, offset);
5016 switch (WordCount) {
5020 /* Build display for: Word Count (WCT) */
5022 WordCount = GBYTE(pd, offset);
5026 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5030 offset += 1; /* Skip Word Count (WCT) */
5032 /* Build display for: FID */
5034 FID = GSHORT(pd, offset);
5038 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5042 offset += 2; /* Skip FID */
5044 /* Build display for: Offset */
5046 Offset = GWORD(pd, offset);
5050 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5054 offset += 4; /* Skip Offset */
5056 /* Build display for: Max Count */
5058 MaxCount = GSHORT(pd, offset);
5062 proto_tree_add_text(tree, offset, 2, "Max Count: %u", MaxCount);
5066 offset += 2; /* Skip Max Count */
5068 /* Build display for: Min Count */
5070 MinCount = GSHORT(pd, offset);
5074 proto_tree_add_text(tree, offset, 2, "Min Count: %u", MinCount);
5078 offset += 2; /* Skip Min Count */
5080 /* Build display for: Timeout */
5082 Timeout = GWORD(pd, offset);
5086 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
5090 offset += 4; /* Skip Timeout */
5092 /* Build display for: Reserved */
5094 Reserved = GSHORT(pd, offset);
5098 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
5102 offset += 2; /* Skip Reserved */
5104 /* Build display for: Byte Count (BCC) */
5106 ByteCount = GSHORT(pd, offset);
5110 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5114 offset += 2; /* Skip Byte Count (BCC) */
5120 /* Build display for: Word Count (WCT) */
5122 WordCount = GBYTE(pd, offset);
5126 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5130 offset += 1; /* Skip Word Count (WCT) */
5132 /* Build display for: FID */
5134 FID = GSHORT(pd, offset);
5138 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5142 offset += 2; /* Skip FID */
5144 /* Build display for: Offset */
5146 Offset = GWORD(pd, offset);
5150 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5154 offset += 4; /* Skip Offset */
5156 /* Build display for: Max Count */
5158 MaxCount = GSHORT(pd, offset);
5162 proto_tree_add_text(tree, offset, 2, "Max Count: %u", MaxCount);
5166 offset += 2; /* Skip Max Count */
5168 /* Build display for: Min Count */
5170 MinCount = GSHORT(pd, offset);
5174 proto_tree_add_text(tree, offset, 2, "Min Count: %u", MinCount);
5178 offset += 2; /* Skip Min Count */
5180 /* Build display for: Timeout */
5182 Timeout = GWORD(pd, offset);
5186 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
5190 offset += 4; /* Skip Timeout */
5192 /* Build display for: Reserved */
5194 Reserved = GSHORT(pd, offset);
5198 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
5202 offset += 2; /* Skip Reserved */
5204 /* Build display for: Offset High */
5206 OffsetHigh = GWORD(pd, offset);
5210 proto_tree_add_text(tree, offset, 4, "Offset High: %u", OffsetHigh);
5214 offset += 4; /* Skip Offset High */
5216 /* Build display for: Byte Count (BCC) */
5218 ByteCount = GSHORT(pd, offset);
5222 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5226 offset += 2; /* Skip Byte Count (BCC) */
5234 if (dirn == 0) { /* Response(s) dissect code */
5241 dissect_logoff_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5245 guint8 AndXReserved;
5246 guint8 AndXCommand = 0xFF;
5250 if (dirn == 1) { /* Request(s) dissect code */
5252 /* Build display for: Word Count (WCT) */
5254 WordCount = GBYTE(pd, offset);
5258 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5262 offset += 1; /* Skip Word Count (WCT) */
5264 /* Build display for: AndXCommand */
5266 AndXCommand = GBYTE(pd, offset);
5270 proto_tree_add_text(tree, offset, 1, "AndXCommand: %u", AndXCommand);
5274 offset += 1; /* Skip AndXCommand */
5276 /* Build display for: AndXReserved */
5278 AndXReserved = GBYTE(pd, offset);
5282 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
5286 offset += 1; /* Skip AndXReserved */
5288 /* Build display for: AndXOffset */
5290 AndXOffset = GSHORT(pd, offset);
5294 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
5298 offset += 2; /* Skip AndXOffset */
5300 /* Build display for: Byte Count (BCC) */
5302 ByteCount = GSHORT(pd, offset);
5306 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5310 offset += 2; /* Skip Byte Count (BCC) */
5313 if (AndXCommand != 0xFF) {
5315 (dissect[AndXCommand])(pd, offset, fd, tree, si, max_data, SMB_offset, errcode, dirn);
5321 if (dirn == 0) { /* Response(s) dissect code */
5323 /* Build display for: Word Count (WCT) */
5325 WordCount = GBYTE(pd, offset);
5329 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5333 offset += 1; /* Skip Word Count (WCT) */
5335 /* Build display for: AndXCommand */
5337 AndXCommand = GBYTE(pd, offset);
5341 proto_tree_add_text(tree, offset, 1, "AndXCommand: %u", AndXCommand);
5345 offset += 1; /* Skip AndXCommand */
5347 /* Build display for: AndXReserved */
5349 AndXReserved = GBYTE(pd, offset);
5353 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
5357 offset += 1; /* Skip AndXReserved */
5359 /* Build display for: AndXOffset */
5361 AndXOffset = GSHORT(pd, offset);
5365 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
5369 offset += 2; /* Skip AndXOffset */
5371 /* Build display for: Byte Count (BCC) */
5373 ByteCount = GSHORT(pd, offset);
5377 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5381 offset += 2; /* Skip Byte Count (BCC) */
5384 if (AndXCommand != 0xFF) {
5386 (dissect[AndXCommand])(pd, offset, fd, tree, si, max_data, SMB_offset, errcode, dirn);
5395 dissect_seek_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5398 static const value_string Mode_0x03[] = {
5399 { 0, "Seek from start of file"},
5400 { 1, "Seek from current position"},
5401 { 2, "Seek from end of file"},
5404 proto_tree *Mode_tree;
5412 if (dirn == 1) { /* Request(s) dissect code */
5414 /* Build display for: Word Count (WCT) */
5416 WordCount = GBYTE(pd, offset);
5420 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5424 offset += 1; /* Skip Word Count (WCT) */
5426 /* Build display for: FID */
5428 FID = GSHORT(pd, offset);
5432 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5436 offset += 2; /* Skip FID */
5438 /* Build display for: Mode */
5440 Mode = GSHORT(pd, offset);
5444 ti = proto_tree_add_text(tree, offset, 2, "Mode: 0x%02x", Mode);
5445 Mode_tree = proto_item_add_subtree(ti, ETT_SMB_MODE);
5446 proto_tree_add_text(Mode_tree, offset, 2, "%s",
5447 decode_enumerated_bitfield(Mode, 0x03, 16, Mode_0x03, "%s"));
5451 offset += 2; /* Skip Mode */
5453 /* Build display for: Offset */
5455 Offset = GWORD(pd, offset);
5459 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5463 offset += 4; /* Skip Offset */
5465 /* Build display for: Byte Count (BCC) */
5467 ByteCount = GSHORT(pd, offset);
5471 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5475 offset += 2; /* Skip Byte Count (BCC) */
5479 if (dirn == 0) { /* Response(s) dissect code */
5481 /* Build display for: Word Count (WCT) */
5483 WordCount = GBYTE(pd, offset);
5487 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5491 offset += 1; /* Skip Word Count (WCT) */
5493 /* Build display for: Offset */
5495 Offset = GWORD(pd, offset);
5499 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5503 offset += 4; /* Skip Offset */
5505 /* Build display for: Byte Count (BCC) */
5507 ByteCount = GSHORT(pd, offset);
5511 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5515 offset += 2; /* Skip Byte Count (BCC) */
5522 dissect_write_and_unlock_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5526 guint8 BufferFormat;
5534 if (dirn == 1) { /* Request(s) dissect code */
5536 /* Build display for: Word Count (WCT) */
5538 WordCount = GBYTE(pd, offset);
5542 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5546 offset += 1; /* Skip Word Count (WCT) */
5548 /* Build display for: FID */
5550 FID = GSHORT(pd, offset);
5554 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5558 offset += 2; /* Skip FID */
5560 /* Build display for: Count */
5562 Count = GSHORT(pd, offset);
5566 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
5570 offset += 2; /* Skip Count */
5572 /* Build display for: Offset */
5574 Offset = GWORD(pd, offset);
5578 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5582 offset += 4; /* Skip Offset */
5584 /* Build display for: Remaining */
5586 Remaining = GSHORT(pd, offset);
5590 proto_tree_add_text(tree, offset, 2, "Remaining: %u", Remaining);
5594 offset += 2; /* Skip Remaining */
5596 /* Build display for: Byte Count (BCC) */
5598 ByteCount = GSHORT(pd, offset);
5602 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5606 offset += 2; /* Skip Byte Count (BCC) */
5608 /* Build display for: Buffer Format */
5610 BufferFormat = GBYTE(pd, offset);
5614 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
5618 offset += 1; /* Skip Buffer Format */
5620 /* Build display for: Data Length */
5622 DataLength = GSHORT(pd, offset);
5626 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
5630 offset += 2; /* Skip Data Length */
5634 if (dirn == 0) { /* Response(s) dissect code */
5636 /* Build display for: Word Count (WCT) */
5638 WordCount = GBYTE(pd, offset);
5642 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5646 offset += 1; /* Skip Word Count (WCT) */
5648 /* Build display for: Count */
5650 Count = GSHORT(pd, offset);
5654 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
5658 offset += 2; /* Skip Count */
5660 /* Build display for: Byte Count (BCC) */
5662 ByteCount = GSHORT(pd, offset);
5666 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5670 offset += 2; /* Skip Byte Count (BCC) */
5677 dissect_set_info2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5681 guint16 LastWriteTime;
5682 guint16 LastWriteDate;
5683 guint16 LastAccessTime;
5684 guint16 LastAccessDate;
5686 guint16 CreationTime;
5687 guint16 CreationDate;
5690 if (dirn == 1) { /* Request(s) dissect code */
5692 /* Build display for: Word Count */
5694 WordCount = GBYTE(pd, offset);
5698 proto_tree_add_text(tree, offset, 1, "Word Count: %u", WordCount);
5702 offset += 1; /* Skip Word Count */
5704 /* Build display for: FID */
5706 FID = GSHORT(pd, offset);
5710 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5714 offset += 2; /* Skip FID */
5716 /* Build display for: Creation Date */
5718 CreationDate = GSHORT(pd, offset);
5722 proto_tree_add_text(tree, offset, 2, "Creation Date: %u", dissect_dos_date(CreationDate));
5726 offset += 2; /* Skip Creation Date */
5728 /* Build display for: Creation Time */
5730 CreationTime = GSHORT(pd, offset);
5734 proto_tree_add_text(tree, offset, 2, "Creation Time: %u", dissect_dos_time(CreationTime));
5738 offset += 2; /* Skip Creation Time */
5740 /* Build display for: Last Access Date */
5742 LastAccessDate = GSHORT(pd, offset);
5746 proto_tree_add_text(tree, offset, 2, "Last Access Date: %u", dissect_dos_date(LastAccessDate));
5750 offset += 2; /* Skip Last Access Date */
5752 /* Build display for: Last Access Time */
5754 LastAccessTime = GSHORT(pd, offset);
5758 proto_tree_add_text(tree, offset, 2, "Last Access Time: %u", dissect_dos_time(LastAccessTime));
5762 offset += 2; /* Skip Last Access Time */
5764 /* Build display for: Last Write Date */
5766 LastWriteDate = GSHORT(pd, offset);
5770 proto_tree_add_text(tree, offset, 2, "Last Write Date: %u", dissect_dos_date(LastWriteDate));
5774 offset += 2; /* Skip Last Write Date */
5776 /* Build display for: Last Write Time */
5778 LastWriteTime = GSHORT(pd, offset);
5782 proto_tree_add_text(tree, offset, 2, "Last Write Time: %u", dissect_dos_time(LastWriteTime));
5786 offset += 2; /* Skip Last Write Time */
5788 /* Build display for: Byte Count (BCC) */
5790 ByteCount = GSHORT(pd, offset);
5794 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5798 offset += 2; /* Skip Byte Count (BCC) */
5802 if (dirn == 0) { /* Response(s) dissect code */
5804 /* Build display for: Word Count (WCC) */
5806 WordCount = GBYTE(pd, offset);
5810 proto_tree_add_text(tree, offset, 1, "Word Count (WCC): %u", WordCount);
5814 offset += 1; /* Skip Word Count (WCC) */
5816 /* Build display for: Byte Count (BCC) */
5818 ByteCount = GSHORT(pd, offset);
5822 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5826 offset += 2; /* Skip Byte Count (BCC) */
5833 dissect_lock_bytes_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5842 if (dirn == 1) { /* Request(s) dissect code */
5844 /* Build display for: Word Count (WCT) */
5846 WordCount = GBYTE(pd, offset);
5850 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5854 offset += 1; /* Skip Word Count (WCT) */
5856 /* Build display for: FID */
5858 FID = GSHORT(pd, offset);
5862 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5866 offset += 2; /* Skip FID */
5868 /* Build display for: Count */
5870 Count = GWORD(pd, offset);
5874 proto_tree_add_text(tree, offset, 4, "Count: %u", Count);
5878 offset += 4; /* Skip Count */
5880 /* Build display for: Offset */
5882 Offset = GWORD(pd, offset);
5886 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5890 offset += 4; /* Skip Offset */
5892 /* Build display for: Byte Count (BCC) */
5894 ByteCount = GSHORT(pd, offset);
5898 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5902 offset += 2; /* Skip Byte Count (BCC) */
5906 if (dirn == 0) { /* Response(s) dissect code */
5908 /* Build display for: Word Count (WCT) */
5910 WordCount = GBYTE(pd, offset);
5914 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5918 offset += 1; /* Skip Word Count (WCT) */
5920 /* Build display for: Byte Count (BCC) */
5922 ByteCount = GSHORT(pd, offset);
5926 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5930 offset += 2; /* Skip Byte Count (BCC) */
5937 dissect_get_print_queue_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5941 guint8 BufferFormat;
5943 guint16 RestartIndex;
5949 if (dirn == 1) { /* Request(s) dissect code */
5951 /* Build display for: Word Count */
5953 WordCount = GBYTE(pd, offset);
5957 proto_tree_add_text(tree, offset, 1, "Word Count: %u", WordCount);
5961 offset += 1; /* Skip Word Count */
5963 /* Build display for: Max Count */
5965 MaxCount = GSHORT(pd, offset);
5969 proto_tree_add_text(tree, offset, 2, "Max Count: %u", MaxCount);
5973 offset += 2; /* Skip Max Count */
5975 /* Build display for: Start Index */
5977 StartIndex = GSHORT(pd, offset);
5981 proto_tree_add_text(tree, offset, 2, "Start Index: %u", StartIndex);
5985 offset += 2; /* Skip Start Index */
5987 /* Build display for: Byte Count (BCC) */
5989 ByteCount = GSHORT(pd, offset);
5993 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5997 offset += 2; /* Skip Byte Count (BCC) */
6001 if (dirn == 0) { /* Response(s) dissect code */
6003 /* Build display for: Word Count (WCT) */
6005 WordCount = GBYTE(pd, offset);
6009 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6013 offset += 1; /* Skip Word Count (WCT) */
6015 if (WordCount > 0) {
6017 /* Build display for: Count */
6019 Count = GSHORT(pd, offset);
6023 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
6027 offset += 2; /* Skip Count */
6029 /* Build display for: Restart Index */
6031 RestartIndex = GSHORT(pd, offset);
6035 proto_tree_add_text(tree, offset, 2, "Restart Index: %u", RestartIndex);
6039 offset += 2; /* Skip Restart Index */
6041 /* Build display for: Byte Count (BCC) */
6045 ByteCount = GSHORT(pd, offset);
6049 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6053 offset += 2; /* Skip Byte Count (BCC) */
6055 /* Build display for: Buffer Format */
6057 BufferFormat = GBYTE(pd, offset);
6061 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
6065 offset += 1; /* Skip Buffer Format */
6067 /* Build display for: Data Length */
6069 DataLength = GSHORT(pd, offset);
6073 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
6077 offset += 2; /* Skip Data Length */
6084 dissect_locking_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6087 proto_tree *LockType_tree;
6092 guint8 AndXReserved;
6093 guint8 AndXCommand = 0xFF;
6095 guint16 NumberofLocks;
6096 guint16 NumberOfUnlocks;
6102 if (dirn == 1) { /* Request(s) dissect code */
6104 /* Build display for: Word Count (WCT) */
6106 WordCount = GBYTE(pd, offset);
6110 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6114 offset += 1; /* Skip Word Count (WCT) */
6116 /* Build display for: AndXCommand */
6118 AndXCommand = GBYTE(pd, offset);
6122 proto_tree_add_text(tree, offset, 1, "AndXCommand: %u", AndXCommand);
6126 offset += 1; /* Skip AndXCommand */
6128 /* Build display for: AndXReserved */
6130 AndXReserved = GBYTE(pd, offset);
6134 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
6138 offset += 1; /* Skip AndXReserved */
6140 /* Build display for: AndXOffset */
6142 AndXOffset = GSHORT(pd, offset);
6146 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
6150 offset += 2; /* Skip AndXOffset */
6152 /* Build display for: FID */
6154 FID = GSHORT(pd, offset);
6158 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
6162 offset += 2; /* Skip FID */
6164 /* Build display for: Lock Type */
6166 LockType = GBYTE(pd, offset);
6170 ti = proto_tree_add_text(tree, offset, 1, "Lock Type: 0x%01x", LockType);
6171 LockType_tree = proto_item_add_subtree(ti, ETT_SMB_LOCK_TYPE);
6172 proto_tree_add_text(LockType_tree, offset, 1, "%s",
6173 decode_boolean_bitfield(LockType, 0x01, 16, "Read-only lock", "Not a Read-only lock"));
6174 proto_tree_add_text(LockType_tree, offset, 1, "%s",
6175 decode_boolean_bitfield(LockType, 0x02, 16, "Oplock break notification", "Not an Oplock break notification"));
6176 proto_tree_add_text(LockType_tree, offset, 1, "%s",
6177 decode_boolean_bitfield(LockType, 0x04, 16, "Change lock type", "Not a lock type change"));
6178 proto_tree_add_text(LockType_tree, offset, 1, "%s",
6179 decode_boolean_bitfield(LockType, 0x08, 16, "Cancel outstanding request", "Dont cancel outstanding request"));
6180 proto_tree_add_text(LockType_tree, offset, 1, "%s",
6181 decode_boolean_bitfield(LockType, 0x10, 16, "Large file locking format", "Not a large file locking format"));
6185 offset += 1; /* Skip Lock Type */
6187 /* Build display for: OplockLevel */
6189 OplockLevel = GBYTE(pd, offset);
6193 proto_tree_add_text(tree, offset, 1, "OplockLevel: %u", OplockLevel);
6197 offset += 1; /* Skip OplockLevel */
6199 /* Build display for: Timeout */
6201 Timeout = GWORD(pd, offset);
6205 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
6209 offset += 4; /* Skip Timeout */
6211 /* Build display for: Number Of Unlocks */
6213 NumberOfUnlocks = GSHORT(pd, offset);
6217 proto_tree_add_text(tree, offset, 2, "Number Of Unlocks: %u", NumberOfUnlocks);
6221 offset += 2; /* Skip Number Of Unlocks */
6223 /* Build display for: Number of Locks */
6225 NumberofLocks = GSHORT(pd, offset);
6229 proto_tree_add_text(tree, offset, 2, "Number of Locks: %u", NumberofLocks);
6233 offset += 2; /* Skip Number of Locks */
6235 /* Build display for: Byte Count (BCC) */
6237 ByteCount = GSHORT(pd, offset);
6241 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6245 offset += 2; /* Skip Byte Count (BCC) */
6248 if (AndXCommand != 0xFF) {
6250 (dissect[AndXCommand])(pd, offset, fd, tree, si, max_data, SMB_offset, errcode, dirn);
6256 if (dirn == 0) { /* Response(s) dissect code */
6258 /* Build display for: Word Count (WCT) */
6260 WordCount = GBYTE(pd, offset);
6264 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6268 offset += 1; /* Skip Word Count (WCT) */
6270 if (WordCount > 0) {
6272 /* Build display for: AndXCommand */
6274 AndXCommand = GBYTE(pd, offset);
6278 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
6279 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
6283 offset += 1; /* Skip AndXCommand */
6285 /* Build display for: AndXReserved */
6287 AndXReserved = GBYTE(pd, offset);
6291 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
6295 offset += 1; /* Skip AndXReserved */
6297 /* Build display for: AndXoffset */
6299 AndXoffset = GSHORT(pd, offset);
6303 proto_tree_add_text(tree, offset, 2, "AndXoffset: %u", AndXoffset);
6307 offset += 2; /* Skip AndXoffset */
6311 /* Build display for: Byte Count */
6313 ByteCount = GSHORT(pd, offset);
6317 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
6321 offset += 2; /* Skip Byte Count */
6324 if (AndXCommand != 0xFF) {
6326 (dissect[AndXCommand])(pd, offset, fd, tree, si, max_data, SMB_offset, errcode, dirn);
6335 dissect_unlock_bytes_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6344 if (dirn == 1) { /* Request(s) dissect code */
6346 /* Build display for: Word Count (WCT) */
6348 WordCount = GBYTE(pd, offset);
6352 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6356 offset += 1; /* Skip Word Count (WCT) */
6358 /* Build display for: FID */
6360 FID = GSHORT(pd, offset);
6364 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
6368 offset += 2; /* Skip FID */
6370 /* Build display for: Count */
6372 Count = GWORD(pd, offset);
6376 proto_tree_add_text(tree, offset, 4, "Count: %u", Count);
6380 offset += 4; /* Skip Count */
6382 /* Build display for: Offset */
6384 Offset = GWORD(pd, offset);
6388 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
6392 offset += 4; /* Skip Offset */
6394 /* Build display for: Byte Count (BCC) */
6396 ByteCount = GSHORT(pd, offset);
6400 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6404 offset += 2; /* Skip Byte Count (BCC) */
6408 if (dirn == 0) { /* Response(s) dissect code */
6410 /* Build display for: Word Count (WCT) */
6412 WordCount = GBYTE(pd, offset);
6416 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6420 offset += 1; /* Skip Word Count (WCT) */
6422 /* Build display for: Byte Count (BCC) */
6424 ByteCount = GSHORT(pd, offset);
6428 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6432 offset += 2; /* Skip Byte Count (BCC) */
6439 dissect_create_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6442 proto_tree *Attributes_tree;
6445 guint8 BufferFormat;
6447 guint16 CreationTime;
6450 const char *FileName;
6452 if (dirn == 1) { /* Request(s) dissect code */
6454 /* Build display for: Word Count (WCT) */
6456 WordCount = GBYTE(pd, offset);
6460 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6464 offset += 1; /* Skip Word Count (WCT) */
6466 /* Build display for: Attributes */
6468 Attributes = GSHORT(pd, offset);
6472 ti = proto_tree_add_text(tree, offset, 2, "Attributes: 0x%02x", Attributes);
6473 Attributes_tree = proto_item_add_subtree(ti, ETT_SMB_FILEATTRIBUTES);
6474 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6475 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
6476 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6477 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
6478 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6479 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
6480 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6481 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
6482 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6483 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
6484 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6485 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
6489 offset += 2; /* Skip Attributes */
6491 /* Build display for: Creation Time */
6493 CreationTime = GSHORT(pd, offset);
6497 proto_tree_add_text(tree, offset, 2, "Creation Time: %u", dissect_dos_time(CreationTime));
6501 offset += 2; /* Skip Creation Time */
6503 /* Build display for: Byte Count (BCC) */
6505 ByteCount = GSHORT(pd, offset);
6509 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6513 offset += 2; /* Skip Byte Count (BCC) */
6515 /* Build display for: Buffer Format */
6517 BufferFormat = GBYTE(pd, offset);
6521 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
6525 offset += 1; /* Skip Buffer Format */
6527 /* Build display for: File Name */
6529 FileName = pd + offset;
6533 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
6537 offset += strlen(FileName) + 1; /* Skip File Name */
6541 if (dirn == 0) { /* Response(s) dissect code */
6543 /* Build display for: Word Count (WCT) */
6545 WordCount = GBYTE(pd, offset);
6549 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6553 offset += 1; /* Skip Word Count (WCT) */
6555 if (WordCount > 0) {
6557 /* Build display for: FID */
6559 FID = GSHORT(pd, offset);
6563 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
6567 offset += 2; /* Skip FID */
6571 /* Build display for: Byte Count (BCC) */
6573 ByteCount = GSHORT(pd, offset);
6577 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6581 offset += 2; /* Skip Byte Count (BCC) */
6588 dissect_search_dir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6592 guint8 BufferFormat2;
6593 guint8 BufferFormat1;
6594 guint8 BufferFormat;
6595 guint16 SearchAttributes;
6596 guint16 ResumeKeyLength;
6601 const char *FileName;
6603 if (dirn == 1) { /* Request(s) dissect code */
6605 /* Build display for: Word Count (WCT) */
6607 WordCount = GBYTE(pd, offset);
6611 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6615 offset += 1; /* Skip Word Count (WCT) */
6617 /* Build display for: Max Count */
6619 MaxCount = GSHORT(pd, offset);
6623 proto_tree_add_text(tree, offset, 2, "Max Count: %u", MaxCount);
6627 offset += 2; /* Skip Max Count */
6629 /* Build display for: Search Attributes */
6631 SearchAttributes = GSHORT(pd, offset);
6635 proto_tree_add_text(tree, offset, 2, "Search Attributes: %u", SearchAttributes);
6639 offset += 2; /* Skip Search Attributes */
6641 /* Build display for: Byte Count (BCC) */
6643 ByteCount = GSHORT(pd, offset);
6647 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6651 offset += 2; /* Skip Byte Count (BCC) */
6653 /* Build display for: Buffer Format 1 */
6655 BufferFormat1 = GBYTE(pd, offset);
6659 proto_tree_add_text(tree, offset, 1, "Buffer Format 1: %u", BufferFormat1);
6663 offset += 1; /* Skip Buffer Format 1 */
6665 /* Build display for: File Name */
6667 FileName = pd + offset;
6671 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
6675 offset += strlen(FileName) + 1; /* Skip File Name */
6677 /* Build display for: Buffer Format 2 */
6679 BufferFormat2 = GBYTE(pd, offset);
6683 proto_tree_add_text(tree, offset, 1, "Buffer Format 2: %u", BufferFormat2);
6687 offset += 1; /* Skip Buffer Format 2 */
6689 /* Build display for: Resume Key Length */
6691 ResumeKeyLength = GSHORT(pd, offset);
6695 proto_tree_add_text(tree, offset, 2, "Resume Key Length: %u", ResumeKeyLength);
6699 offset += 2; /* Skip Resume Key Length */
6703 if (dirn == 0) { /* Response(s) dissect code */
6705 /* Build display for: Word Count (WCT) */
6707 WordCount = GBYTE(pd, offset);
6711 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6715 offset += 1; /* Skip Word Count (WCT) */
6717 if (WordCount > 0) {
6719 /* Build display for: Count */
6721 Count = GSHORT(pd, offset);
6725 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
6729 offset += 2; /* Skip Count */
6733 /* Build display for: Byte Count (BCC) */
6735 ByteCount = GSHORT(pd, offset);
6739 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6743 offset += 2; /* Skip Byte Count (BCC) */
6745 /* Build display for: Buffer Format */
6747 BufferFormat = GBYTE(pd, offset);
6751 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
6755 offset += 1; /* Skip Buffer Format */
6757 /* Build display for: Data Length */
6759 DataLength = GSHORT(pd, offset);
6763 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
6767 offset += 2; /* Skip Data Length */
6774 dissect_create_temporary_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6778 guint8 BufferFormat;
6781 guint16 CreationTime;
6782 guint16 CreationDate;
6784 const char *FileName;
6785 const char *DirectoryName;
6787 if (dirn == 1) { /* Request(s) dissect code */
6789 /* Build display for: Word Count (WCT) */
6791 WordCount = GBYTE(pd, offset);
6795 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6799 offset += 1; /* Skip Word Count (WCT) */
6801 /* Build display for: Reserved */
6803 Reserved = GSHORT(pd, offset);
6807 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
6811 offset += 2; /* Skip Reserved */
6813 /* Build display for: Creation Time */
6815 CreationTime = GSHORT(pd, offset);
6819 proto_tree_add_text(tree, offset, 2, "Creation Time: %u", dissect_dos_time(CreationTime));
6823 offset += 2; /* Skip Creation Time */
6825 /* Build display for: Creation Date */
6827 CreationDate = GSHORT(pd, offset);
6831 proto_tree_add_text(tree, offset, 2, "Creation Date: %u", dissect_dos_date(CreationDate));
6835 offset += 2; /* Skip Creation Date */
6837 /* Build display for: Byte Count (BCC) */
6839 ByteCount = GSHORT(pd, offset);
6843 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6847 offset += 2; /* Skip Byte Count (BCC) */
6849 /* Build display for: Buffer Format */
6851 BufferFormat = GBYTE(pd, offset);
6855 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
6859 offset += 1; /* Skip Buffer Format */
6861 /* Build display for: Directory Name */
6863 DirectoryName = pd + offset;
6867 proto_tree_add_text(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
6871 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
6875 if (dirn == 0) { /* Response(s) dissect code */
6877 /* Build display for: Word Count (WCT) */
6879 WordCount = GBYTE(pd, offset);
6883 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6887 offset += 1; /* Skip Word Count (WCT) */
6889 if (WordCount > 0) {
6891 /* Build display for: FID */
6893 FID = GSHORT(pd, offset);
6897 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
6901 offset += 2; /* Skip FID */
6905 /* Build display for: Byte Count (BCC) */
6907 ByteCount = GSHORT(pd, offset);
6911 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6915 offset += 2; /* Skip Byte Count (BCC) */
6917 /* Build display for: Buffer Format */
6919 BufferFormat = GBYTE(pd, offset);
6923 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
6927 offset += 1; /* Skip Buffer Format */
6929 /* Build display for: File Name */
6931 FileName = pd + offset;
6935 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
6939 offset += strlen(FileName) + 1; /* Skip File Name */
6946 dissect_close_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6950 guint16 LastWriteTime;
6951 guint16 LastWriteDate;
6955 if (dirn == 1) { /* Request(s) dissect code */
6957 /* Build display for: Word Count (WCT) */
6959 WordCount = GBYTE(pd, offset);
6963 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6967 offset += 1; /* Skip Word Count (WCT) */
6969 /* Build display for: FID */
6971 FID = GSHORT(pd, offset);
6975 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
6979 offset += 2; /* Skip FID */
6981 /* Build display for: Last Write Time */
6983 LastWriteTime = GSHORT(pd, offset);
6987 proto_tree_add_text(tree, offset, 2, "Last Write Time: %u", dissect_dos_time(LastWriteTime));
6991 offset += 2; /* Skip Last Write Time */
6993 /* Build display for: Last Write Date */
6995 LastWriteDate = GSHORT(pd, offset);
6999 proto_tree_add_text(tree, offset, 2, "Last Write Date: %u", dissect_dos_date(LastWriteDate));
7003 offset += 2; /* Skip Last Write Date */
7005 /* Build display for: Byte Count (BCC) */
7007 ByteCount = GSHORT(pd, offset);
7011 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7015 offset += 2; /* Skip Byte Count (BCC) */
7019 if (dirn == 0) { /* Response(s) dissect code */
7021 /* Build display for: Word Count (WCT) */
7023 WordCount = GBYTE(pd, offset);
7027 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7031 offset += 1; /* Skip Word Count (WCT) */
7033 /* Build display for: Byte Count (BCC) */
7035 ByteCount = GSHORT(pd, offset);
7039 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7043 offset += 2; /* Skip Byte Count (BCC) */
7050 dissect_write_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7054 guint8 BufferFormat;
7059 if (dirn == 1) { /* Request(s) dissect code */
7061 /* Build display for: Word Count (WCT) */
7063 WordCount = GBYTE(pd, offset);
7067 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7071 offset += 1; /* Skip Word Count (WCT) */
7073 /* Build display for: FID */
7075 FID = GSHORT(pd, offset);
7079 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
7083 offset += 2; /* Skip FID */
7085 /* Build display for: Byte Count (BCC) */
7087 ByteCount = GSHORT(pd, offset);
7091 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7095 offset += 2; /* Skip Byte Count (BCC) */
7097 /* Build display for: Buffer Format */
7099 BufferFormat = GBYTE(pd, offset);
7103 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
7107 offset += 1; /* Skip Buffer Format */
7109 /* Build display for: Data Length */
7111 DataLength = GSHORT(pd, offset);
7115 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
7119 offset += 2; /* Skip Data Length */
7123 if (dirn == 0) { /* Response(s) dissect code */
7125 /* Build display for: Word Count (WCT) */
7127 WordCount = GBYTE(pd, offset);
7131 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7135 offset += 1; /* Skip Word Count (WCT) */
7137 /* Build display for: Byte Count (BCC) */
7139 ByteCount = GSHORT(pd, offset);
7143 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7147 offset += 2; /* Skip Byte Count (BCC) */
7154 dissect_lock_and_read_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7158 guint8 BufferFormat;
7170 if (dirn == 1) { /* Request(s) dissect code */
7172 /* Build display for: Word Count (WCT) */
7174 WordCount = GBYTE(pd, offset);
7178 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7182 offset += 1; /* Skip Word Count (WCT) */
7184 /* Build display for: FID */
7186 FID = GSHORT(pd, offset);
7190 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
7194 offset += 2; /* Skip FID */
7196 /* Build display for: Count */
7198 Count = GSHORT(pd, offset);
7202 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
7206 offset += 2; /* Skip Count */
7208 /* Build display for: Offset */
7210 Offset = GWORD(pd, offset);
7214 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
7218 offset += 4; /* Skip Offset */
7220 /* Build display for: Remaining */
7222 Remaining = GSHORT(pd, offset);
7226 proto_tree_add_text(tree, offset, 2, "Remaining: %u", Remaining);
7230 offset += 2; /* Skip Remaining */
7232 /* Build display for: Byte Count (BCC) */
7234 ByteCount = GSHORT(pd, offset);
7238 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7242 offset += 2; /* Skip Byte Count (BCC) */
7246 if (dirn == 0) { /* Response(s) dissect code */
7248 /* Build display for: Word Count (WCT) */
7250 WordCount = GBYTE(pd, offset);
7254 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7258 offset += 1; /* Skip Word Count (WCT) */
7260 if (WordCount > 0) {
7262 /* Build display for: Count */
7264 Count = GSHORT(pd, offset);
7268 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
7272 offset += 2; /* Skip Count */
7274 /* Build display for: Reserved 1 */
7276 Reserved1 = GSHORT(pd, offset);
7280 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
7284 offset += 2; /* Skip Reserved 1 */
7286 /* Build display for: Reserved 2 */
7288 Reserved2 = GSHORT(pd, offset);
7292 proto_tree_add_text(tree, offset, 2, "Reserved 2: %u", Reserved2);
7296 offset += 2; /* Skip Reserved 2 */
7298 /* Build display for: Reserved 3 */
7300 Reserved3 = GSHORT(pd, offset);
7304 proto_tree_add_text(tree, offset, 2, "Reserved 3: %u", Reserved3);
7308 offset += 2; /* Skip Reserved 3 */
7310 /* Build display for: Reserved 4 */
7312 Reserved4 = GSHORT(pd, offset);
7316 proto_tree_add_text(tree, offset, 2, "Reserved 4: %u", Reserved4);
7320 offset += 2; /* Skip Reserved 4 */
7322 /* Build display for: Byte Count (BCC) */
7324 ByteCount = GSHORT(pd, offset);
7328 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7334 offset += 2; /* Skip Byte Count (BCC) */
7336 /* Build display for: Buffer Format */
7338 BufferFormat = GBYTE(pd, offset);
7342 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
7346 offset += 1; /* Skip Buffer Format */
7348 /* Build display for: Data Length */
7350 DataLength = GSHORT(pd, offset);
7354 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
7358 offset += 2; /* Skip Data Length */
7365 dissect_process_exit_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7371 if (dirn == 1) { /* Request(s) dissect code */
7373 /* Build display for: Word Count (WCT) */
7375 WordCount = GBYTE(pd, offset);
7379 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7383 offset += 1; /* Skip Word Count (WCT) */
7385 /* Build display for: Byte Count (BCC) */
7387 ByteCount = GSHORT(pd, offset);
7391 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7395 offset += 2; /* Skip Byte Count (BCC) */
7399 if (dirn == 0) { /* Response(s) dissect code */
7401 /* Build display for: Word Count (WCT) */
7403 WordCount = GBYTE(pd, offset);
7407 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7411 offset += 1; /* Skip Word Count (WCT) */
7413 /* Build display for: Byte Count (BCC) */
7415 ByteCount = GSHORT(pd, offset);
7419 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7423 offset += 2; /* Skip Byte Count (BCC) */
7430 dissect_get_file_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7433 proto_tree *Attributes_tree;
7436 guint8 BufferFormat;
7443 guint16 LastWriteTime;
7444 guint16 LastWriteDate;
7447 const char *FileName;
7449 if (dirn == 1) { /* Request(s) dissect code */
7451 /* Build display for: Word Count (WCT) */
7453 WordCount = GBYTE(pd, offset);
7457 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7461 offset += 1; /* Skip Word Count (WCT) */
7463 /* Build display for: Byte Count (BCC) */
7465 ByteCount = GSHORT(pd, offset);
7469 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7473 offset += 2; /* Skip Byte Count (BCC) */
7475 /* Build display for: Buffer Format */
7477 BufferFormat = GBYTE(pd, offset);
7481 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
7485 offset += 1; /* Skip Buffer Format */
7487 /* Build display for: File Name */
7489 FileName = pd + offset;
7493 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
7497 offset += strlen(FileName) + 1; /* Skip File Name */
7501 if (dirn == 0) { /* Response(s) dissect code */
7503 /* Build display for: Word Count (WCT) */
7505 WordCount = GBYTE(pd, offset);
7509 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7513 offset += 1; /* Skip Word Count (WCT) */
7515 if (WordCount > 0) {
7517 /* Build display for: Attributes */
7519 Attributes = GSHORT(pd, offset);
7523 ti = proto_tree_add_text(tree, offset, 2, "Attributes: 0x%02x", Attributes);
7524 Attributes_tree = proto_item_add_subtree(ti, ETT_SMB_FILEATTRIBUTES);
7525 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7526 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
7527 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7528 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
7529 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7530 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
7531 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7532 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
7533 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7534 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
7535 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7536 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
7540 offset += 2; /* Skip Attributes */
7542 /* Build display for: Last Write Time */
7544 LastWriteTime = GSHORT(pd, offset);
7550 offset += 2; /* Skip Last Write Time */
7552 /* Build display for: Last Write Date */
7554 LastWriteDate = GSHORT(pd, offset);
7558 proto_tree_add_text(tree, offset, 2, "Last Write Date: %s", dissect_smbu_date(LastWriteDate, LastWriteTime));
7560 proto_tree_add_text(tree, offset, 2, "Last Write Time: %s", dissect_smbu_time(LastWriteDate, LastWriteTime));
7564 offset += 2; /* Skip Last Write Date */
7566 /* Build display for: File Size */
7568 FileSize = GWORD(pd, offset);
7572 proto_tree_add_text(tree, offset, 4, "File Size: %u", FileSize);
7576 offset += 4; /* Skip File Size */
7578 /* Build display for: Reserved 1 */
7580 Reserved1 = GSHORT(pd, offset);
7584 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
7588 offset += 2; /* Skip Reserved 1 */
7590 /* Build display for: Reserved 2 */
7592 Reserved2 = GSHORT(pd, offset);
7596 proto_tree_add_text(tree, offset, 2, "Reserved 2: %u", Reserved2);
7600 offset += 2; /* Skip Reserved 2 */
7602 /* Build display for: Reserved 3 */
7604 Reserved3 = GSHORT(pd, offset);
7608 proto_tree_add_text(tree, offset, 2, "Reserved 3: %u", Reserved3);
7612 offset += 2; /* Skip Reserved 3 */
7614 /* Build display for: Reserved 4 */
7616 Reserved4 = GSHORT(pd, offset);
7620 proto_tree_add_text(tree, offset, 2, "Reserved 4: %u", Reserved4);
7624 offset += 2; /* Skip Reserved 4 */
7626 /* Build display for: Reserved 5 */
7628 Reserved5 = GSHORT(pd, offset);
7632 proto_tree_add_text(tree, offset, 2, "Reserved 5: %u", Reserved5);
7636 offset += 2; /* Skip Reserved 5 */
7640 /* Build display for: Byte Count (BCC) */
7642 ByteCount = GSHORT(pd, offset);
7646 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7650 offset += 2; /* Skip Byte Count (BCC) */
7657 dissect_read_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7671 guint16 BufferFormat;
7673 if (dirn == 1) { /* Request(s) dissect code */
7675 /* Build display for: Word Count (WCT) */
7677 WordCount = GBYTE(pd, offset);
7681 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7685 offset += 1; /* Skip Word Count (WCT) */
7687 /* Build display for: FID */
7689 FID = GSHORT(pd, offset);
7693 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
7697 offset += 2; /* Skip FID */
7699 /* Build display for: Count */
7701 Count = GSHORT(pd, offset);
7705 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
7709 offset += 2; /* Skip Count */
7711 /* Build display for: Offset */
7713 Offset = GWORD(pd, offset);
7717 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
7721 offset += 4; /* Skip Offset */
7723 /* Build display for: Remaining */
7725 Remaining = GSHORT(pd, offset);
7729 proto_tree_add_text(tree, offset, 2, "Remaining: %u", Remaining);
7733 offset += 2; /* Skip Remaining */
7735 /* Build display for: Byte Count (BCC) */
7737 ByteCount = GSHORT(pd, offset);
7741 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7745 offset += 2; /* Skip Byte Count (BCC) */
7749 if (dirn == 0) { /* Response(s) dissect code */
7751 /* Build display for: Word Count (WCT) */
7753 WordCount = GBYTE(pd, offset);
7757 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7761 offset += 1; /* Skip Word Count (WCT) */
7763 if (WordCount > 0) {
7765 /* Build display for: Count */
7767 Count = GSHORT(pd, offset);
7771 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
7775 offset += 2; /* Skip Count */
7777 /* Build display for: Reserved 1 */
7779 Reserved1 = GSHORT(pd, offset);
7783 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
7787 offset += 2; /* Skip Reserved 1 */
7789 /* Build display for: Reserved 2 */
7791 Reserved2 = GSHORT(pd, offset);
7795 proto_tree_add_text(tree, offset, 2, "Reserved 2: %u", Reserved2);
7799 offset += 2; /* Skip Reserved 2 */
7801 /* Build display for: Reserved 3 */
7803 Reserved3 = GSHORT(pd, offset);
7807 proto_tree_add_text(tree, offset, 2, "Reserved 3: %u", Reserved3);
7811 offset += 2; /* Skip Reserved 3 */
7813 /* Build display for: Reserved 4 */
7815 Reserved4 = GSHORT(pd, offset);
7819 proto_tree_add_text(tree, offset, 2, "Reserved 4: %u", Reserved4);
7823 offset += 2; /* Skip Reserved 4 */
7827 /* Build display for: Byte Count (BCC) */
7829 ByteCount = GSHORT(pd, offset);
7833 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7837 offset += 2; /* Skip Byte Count (BCC) */
7839 /* Build display for: Buffer Format */
7841 BufferFormat = GSHORT(pd, offset);
7845 proto_tree_add_text(tree, offset, 2, "Buffer Format: %u", BufferFormat);
7849 offset += 2; /* Skip Buffer Format */
7851 /* Build display for: Data Length */
7853 DataLength = GSHORT(pd, offset);
7857 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
7861 offset += 2; /* Skip Data Length */
7868 dissect_write_mpx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7871 proto_tree *WriteMode_tree;
7876 guint32 ResponseMask;
7877 guint32 RequestMask;
7886 if (dirn == 1) { /* Request(s) dissect code */
7888 /* Build display for: Word Count (WCT) */
7890 WordCount = GBYTE(pd, offset);
7894 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7898 offset += 1; /* Skip Word Count (WCT) */
7900 /* Build display for: FID */
7902 FID = GSHORT(pd, offset);
7906 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
7910 offset += 2; /* Skip FID */
7912 /* Build display for: Count */
7914 Count = GSHORT(pd, offset);
7918 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
7922 offset += 2; /* Skip Count */
7924 /* Build display for: Reserved 1 */
7926 Reserved1 = GSHORT(pd, offset);
7930 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
7934 offset += 2; /* Skip Reserved 1 */
7936 /* Build display for: Timeout */
7938 Timeout = GWORD(pd, offset);
7942 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
7946 offset += 4; /* Skip Timeout */
7948 /* Build display for: WriteMode */
7950 WriteMode = GSHORT(pd, offset);
7954 ti = proto_tree_add_text(tree, offset, 2, "WriteMode: 0x%02x", WriteMode);
7955 WriteMode_tree = proto_item_add_subtree(ti, ETT_SMB_WRITEMODE);
7956 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
7957 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
7958 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
7959 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining", "Dont return Remaining"));
7960 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
7961 decode_boolean_bitfield(WriteMode, 0x40, 16, "Connectionless mode requested", "Connectionless mode not requested"));
7965 offset += 2; /* Skip WriteMode */
7967 /* Build display for: Request Mask */
7969 RequestMask = GWORD(pd, offset);
7973 proto_tree_add_text(tree, offset, 4, "Request Mask: %u", RequestMask);
7977 offset += 4; /* Skip Request Mask */
7979 /* Build display for: Data Length */
7981 DataLength = GSHORT(pd, offset);
7985 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
7989 offset += 2; /* Skip Data Length */
7991 /* Build display for: Data Offset */
7993 DataOffset = GSHORT(pd, offset);
7997 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
8001 offset += 2; /* Skip Data Offset */
8003 /* Build display for: Byte Count (BCC) */
8005 ByteCount = GSHORT(pd, offset);
8009 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
8013 offset += 2; /* Skip Byte Count (BCC) */
8015 /* Build display for: Pad */
8017 Pad = GBYTE(pd, offset);
8021 proto_tree_add_text(tree, offset, 1, "Pad: %u", Pad);
8025 offset += 1; /* Skip Pad */
8029 if (dirn == 0) { /* Response(s) dissect code */
8031 /* Build display for: Word Count (WCT) */
8033 WordCount = GBYTE(pd, offset);
8037 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
8041 offset += 1; /* Skip Word Count (WCT) */
8043 if (WordCount > 0) {
8045 /* Build display for: Response Mask */
8047 ResponseMask = GWORD(pd, offset);
8051 proto_tree_add_text(tree, offset, 4, "Response Mask: %u", ResponseMask);
8055 offset += 4; /* Skip Response Mask */
8057 /* Build display for: Byte Count (BCC) */
8059 ByteCount = GSHORT(pd, offset);
8063 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
8069 offset += 2; /* Skip Byte Count (BCC) */
8076 dissect_find_close2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8083 if (dirn == 1) { /* Request(s) dissect code */
8085 /* Build display for: Word Count (WTC) */
8087 WordCount = GBYTE(pd, offset);
8091 proto_tree_add_text(tree, offset, 1, "Word Count (WTC): %u", WordCount);
8095 offset += 1; /* Skip Word Count (WTC) */
8097 /* Build display for: FID */
8099 FID = GSHORT(pd, offset);
8103 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
8107 offset += 2; /* Skip FID */
8109 /* Build display for: Byte Count (BCC) */
8111 ByteCount = GSHORT(pd, offset);
8115 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
8119 offset += 2; /* Skip Byte Count (BCC) */
8123 if (dirn == 0) { /* Response(s) dissect code */
8125 /* Build display for: Word Count (WCT) */
8127 WordCount = GBYTE(pd, offset);
8131 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
8135 offset += 1; /* Skip Word Count (WCT) */
8137 /* Build display for: Byte Count (BCC) */
8139 ByteCount = GBYTE(pd, offset);
8143 proto_tree_add_text(tree, offset, 1, "Byte Count (BCC): %u", ByteCount);
8147 offset += 1; /* Skip Byte Count (BCC) */
8153 char *trans2_cmd_names[] = {
8155 "TRANS2_FIND_FIRST2",
8156 "TRANS2_FIND_NEXT2",
8157 "TRANS2_QUERY_FS_INFORMATION",
8158 "TRANS2_QUERY_PATH_INFORMATION",
8159 "TRANS2_SET_PATH_INFORMATION",
8160 "TRANS2_QUERY_FILE_INFORMATION",
8161 "TRANS2_SET_FILE_INFORMATION",
8164 "TRANS2_FIND_NOTIFY_FIRST",
8165 "TRANS2_FIND_NOTIFY_NEXT",
8166 "TRANS2_CREATE_DIRECTORY",
8167 "TRANS2_SESSION_SETUP",
8168 "TRANS2_GET_DFS_REFERRAL",
8170 "TRANS2_REPORT_DFS_INCONSISTENCY"};
8172 char *decode_trans2_name(int code)
8175 if (code > 17 || code < 0) {
8177 return("no such command");
8181 return trans2_cmd_names[code];
8185 dissect_transact2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8188 proto_tree *Flags_tree;
8198 guint8 MaxSetupCount;
8201 guint16 TotalParameterCount;
8202 guint16 TotalDataCount;
8205 guint16 ParameterOffset;
8206 guint16 ParameterDisplacement;
8207 guint16 ParameterCount;
8208 guint16 MaxParameterCount;
8209 guint16 MaxDataCount;
8212 guint16 DataDisplacement;
8215 const char *TransactName;
8216 struct smb_request_key request_key, *new_request_key;
8217 struct smb_request_val *request_val;
8220 * Check for and insert entry in hash table if does not exist
8221 * Since we want request and response to hash to the same, we make
8222 * sure that src and dst swapped for response
8225 request_key.ip_src = ((dirn == 0) ? pi.ip_src : pi.ip_dst);
8226 request_key.ip_dst = ((dirn == 0) ? pi.ip_dst : pi.ip_src);
8227 request_key.port_src = ((dirn == 0) ? pi.srcport : pi.destport);
8228 request_key.port_dst = ((dirn == 0) ? pi.destport : pi.srcport);
8229 request_key.mid = si.mid;
8231 request_val = (struct smb_request_val *) g_hash_table_lookup(smb_request_hash, &request_key);
8233 if (!request_val) { /* Create one */
8235 new_request_key = g_mem_chunk_alloc(smb_request_keys);
8236 new_request_key -> ip_src = ((dirn == 0) ? pi.ip_src : pi.ip_dst);
8237 new_request_key -> ip_dst = ((dirn == 0) ? pi.ip_dst : pi.ip_src);
8238 new_request_key -> port_src = ((dirn == 0) ? pi.srcport : pi.destport);
8239 new_request_key -> port_dst = ((dirn == 0) ? pi.destport : pi.srcport);
8240 new_request_key -> mid = si.mid;
8242 request_val = g_mem_chunk_alloc(smb_request_vals);
8243 request_val -> mid = si.mid;
8244 request_val -> last_transact2_command = 0xFFFF;
8246 g_hash_table_insert(smb_request_hash, new_request_key, request_val);
8249 else { /* Update the transact request */
8251 request_val -> mid = si.mid;
8256 if (dirn == 1) { /* Request(s) dissect code */
8258 /* Build display for: Word Count (WCT) */
8260 WordCount = GBYTE(pd, offset);
8264 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
8268 offset += 1; /* Skip Word Count (WCT) */
8270 /* Build display for: Total Parameter Count */
8272 TotalParameterCount = GSHORT(pd, offset);
8276 proto_tree_add_text(tree, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
8280 offset += 2; /* Skip Total Parameter Count */
8282 /* Build display for: Total Data Count */
8284 TotalDataCount = GSHORT(pd, offset);
8288 proto_tree_add_text(tree, offset, 2, "Total Data Count: %u", TotalDataCount);
8292 offset += 2; /* Skip Total Data Count */
8294 /* Build display for: Max Parameter Count */
8296 MaxParameterCount = GSHORT(pd, offset);
8300 proto_tree_add_text(tree, offset, 2, "Max Parameter Count: %u", MaxParameterCount);
8304 offset += 2; /* Skip Max Parameter Count */
8306 /* Build display for: Max Data Count */
8308 MaxDataCount = GSHORT(pd, offset);
8312 proto_tree_add_text(tree, offset, 2, "Max Data Count: %u", MaxDataCount);
8316 offset += 2; /* Skip Max Data Count */
8318 /* Build display for: Max Setup Count */
8320 MaxSetupCount = GBYTE(pd, offset);
8324 proto_tree_add_text(tree, offset, 1, "Max Setup Count: %u", MaxSetupCount);
8328 offset += 1; /* Skip Max Setup Count */
8330 /* Build display for: Reserved1 */
8332 Reserved1 = GBYTE(pd, offset);
8336 proto_tree_add_text(tree, offset, 1, "Reserved1: %u", Reserved1);
8340 offset += 1; /* Skip Reserved1 */
8342 /* Build display for: Flags */
8344 Flags = GSHORT(pd, offset);
8348 ti = proto_tree_add_text(tree, offset, 2, "Flags: 0x%02x", Flags);
8349 Flags_tree = proto_item_add_subtree(ti, ETT_SMB_FLAGS);
8350 proto_tree_add_text(Flags_tree, offset, 2, "%s",
8351 decode_boolean_bitfield(Flags, 0x01, 16, "Also disconnect TID", "Dont disconnect TID"));
8352 proto_tree_add_text(Flags_tree, offset, 2, "%s",
8353 decode_boolean_bitfield(Flags, 0x02, 16, "One way transaction", "Two way transaction"));
8357 offset += 2; /* Skip Flags */
8359 /* Build display for: Timeout */
8361 Timeout = GWORD(pd, offset);
8365 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
8369 offset += 4; /* Skip Timeout */
8371 /* Build display for: Reserved2 */
8373 Reserved2 = GSHORT(pd, offset);
8377 proto_tree_add_text(tree, offset, 2, "Reserved2: %u", Reserved2);
8381 offset += 2; /* Skip Reserved2 */
8383 /* Build display for: Parameter Count */
8385 ParameterCount = GSHORT(pd, offset);
8389 proto_tree_add_text(tree, offset, 2, "Parameter Count: %u", ParameterCount);
8393 offset += 2; /* Skip Parameter Count */
8395 /* Build display for: Parameter Offset */
8397 ParameterOffset = GSHORT(pd, offset);
8401 proto_tree_add_text(tree, offset, 2, "Parameter Offset: %u", ParameterOffset);
8405 offset += 2; /* Skip Parameter Offset */
8407 /* Build display for: Data Count */
8409 DataCount = GSHORT(pd, offset);
8413 proto_tree_add_text(tree, offset, 2, "Data Count: %u", DataCount);
8417 offset += 2; /* Skip Data Count */
8419 /* Build display for: Data Offset */
8421 DataOffset = GSHORT(pd, offset);
8425 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
8429 offset += 2; /* Skip Data Offset */
8431 /* Build display for: Setup Count */
8433 SetupCount = GBYTE(pd, offset);
8437 proto_tree_add_text(tree, offset, 1, "Setup Count: %u", SetupCount);
8441 offset += 1; /* Skip Setup Count */
8443 /* Build display for: Reserved3 */
8445 Reserved3 = GBYTE(pd, offset);
8449 proto_tree_add_text(tree, offset, 1, "Reserved3: %u", Reserved3);
8453 offset += 1; /* Skip Reserved3 */
8455 /* Build display for: Setup */
8457 if (SetupCount > 0) {
8461 Setup = GSHORT(pd, offset);
8463 request_val -> last_transact2_command = Setup; /* Save for later */
8465 if (check_col(fd, COL_INFO)) {
8467 col_add_fstr(fd, COL_INFO, "%s %s", decode_trans2_name(Setup), (dirn ? "Request" : "Response"));
8471 for (i = 1; i <= SetupCount; i++) {
8474 Setup1 = GSHORT(pd, offset);
8478 proto_tree_add_text(tree, offset, 2, "Setup%i: %u", i, Setup1);
8482 offset += 2; /* Skip Setup */
8488 /* Build display for: Byte Count (BCC) */
8490 ByteCount = GSHORT(pd, offset);
8494 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
8498 offset += 2; /* Skip Byte Count (BCC) */
8500 /* Build display for: Transact Name */
8502 TransactName = pd + offset;
8506 proto_tree_add_text(tree, offset, strlen(TransactName) + 1, "Transact Name: %s", decode_trans2_name(Setup));
8510 offset += strlen(TransactName) + 1; /* Skip Transact Name */
8514 /* Build display for: Pad1 */
8516 Pad1 = GBYTE(pd, offset);
8520 proto_tree_add_text(tree, offset, 1, "Pad1: %u", Pad1);
8524 offset += 1; /* Skip Pad1 */
8528 if (ParameterCount > 0) {
8530 /* Build display for: Parameters */
8534 proto_tree_add_text(tree, SMB_offset + ParameterOffset, ParameterCount, "Parameters: %S: %d", format_text(&pd[SMB_offset + ParameterOffset], ParameterCount), SMB_offset + ParameterOffset);
8538 offset += ParameterCount; /* Skip Parameters */
8544 /* Build display for: Pad2 */
8546 Pad2 = GBYTE(pd, offset);
8550 proto_tree_add_text(tree, offset, 1, "Pad2: %u", Pad2);
8554 offset += 1; /* Skip Pad2 */
8558 if (DataCount > 0) {
8560 /* Build display for: Data */
8562 Data = GBYTE(pd, offset);
8566 proto_tree_add_text(tree, SMB_offset + DataOffset, DataCount, "Data: %s", format_text(&pd[offset], DataCount));
8570 offset += DataCount; /* Skip Data */
8576 if (dirn == 0) { /* Response(s) dissect code */
8578 /* Pick up the last transact2 command and put it in the right places */
8580 if (check_col(fd, COL_INFO)) {
8582 col_add_fstr(fd, COL_INFO, "%s %s", decode_trans2_name(request_val -> last_transact2_command), "response");
8586 /* Build display for: Word Count (WCT) */
8588 WordCount = GBYTE(pd, offset);
8592 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
8596 offset += 1; /* Skip Word Count (WCT) */
8598 /* Build display for: Total Parameter Count */
8600 TotalParameterCount = GSHORT(pd, offset);
8604 proto_tree_add_text(tree, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
8608 offset += 2; /* Skip Total Parameter Count */
8610 /* Build display for: Total Data Count */
8612 TotalDataCount = GSHORT(pd, offset);
8616 proto_tree_add_text(tree, offset, 2, "Total Data Count: %u", TotalDataCount);
8620 offset += 2; /* Skip Total Data Count */
8622 /* Build display for: Reserved2 */
8624 Reserved2 = GSHORT(pd, offset);
8628 proto_tree_add_text(tree, offset, 2, "Reserved2: %u", Reserved2);
8632 offset += 2; /* Skip Reserved2 */
8634 /* Build display for: Parameter Count */
8636 ParameterCount = GSHORT(pd, offset);
8640 proto_tree_add_text(tree, offset, 2, "Parameter Count: %u", ParameterCount);
8644 offset += 2; /* Skip Parameter Count */
8646 /* Build display for: Parameter Offset */
8648 ParameterOffset = GSHORT(pd, offset);
8652 proto_tree_add_text(tree, offset, 2, "Parameter Offset: %u", ParameterOffset);
8656 offset += 2; /* Skip Parameter Offset */
8658 /* Build display for: Parameter Displacement */
8660 ParameterDisplacement = GSHORT(pd, offset);
8664 proto_tree_add_text(tree, offset, 2, "Parameter Displacement: %u", ParameterDisplacement);
8668 offset += 2; /* Skip Parameter Displacement */
8670 /* Build display for: Data Count */
8672 DataCount = GSHORT(pd, offset);
8676 proto_tree_add_text(tree, offset, 2, "Data Count: %u", DataCount);
8680 offset += 2; /* Skip Data Count */
8682 /* Build display for: Data Offset */
8684 DataOffset = GSHORT(pd, offset);
8688 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
8692 offset += 2; /* Skip Data Offset */
8694 /* Build display for: Data Displacement */
8696 DataDisplacement = GSHORT(pd, offset);
8700 proto_tree_add_text(tree, offset, 2, "Data Displacement: %u", DataDisplacement);
8704 offset += 2; /* Skip Data Displacement */
8706 /* Build display for: Setup Count */
8708 SetupCount = GBYTE(pd, offset);
8712 proto_tree_add_text(tree, offset, 1, "Setup Count: %u", SetupCount);
8716 offset += 1; /* Skip Setup Count */
8718 /* Build display for: Reserved3 */
8720 Reserved3 = GBYTE(pd, offset);
8724 proto_tree_add_text(tree, offset, 1, "Reserved3: %u", Reserved3);
8728 offset += 1; /* Skip Reserved3 */
8730 /* Build display for: Setup */
8732 Setup = GSHORT(pd, offset);
8736 proto_tree_add_text(tree, offset, 2, "Setup: %u", Setup);
8740 offset += 2; /* Skip Setup */
8742 /* Build display for: Byte Count (BCC) */
8744 ByteCount = GSHORT(pd, offset);
8748 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
8752 offset += 2; /* Skip Byte Count (BCC) */
8754 /* Build display for: Pad1 */
8756 Pad1 = GBYTE(pd, offset);
8760 proto_tree_add_text(tree, offset, 1, "Pad1: %u", Pad1);
8764 offset += 1; /* Skip Pad1 */
8766 /* Build display for: Parameter */
8768 Parameter = GBYTE(pd, offset);
8772 proto_tree_add_text(tree, offset, 1, "Parameter: %u", Parameter);
8776 offset += 1; /* Skip Parameter */
8778 /* Build display for: Pad2 */
8780 Pad2 = GBYTE(pd, offset);
8784 proto_tree_add_text(tree, offset, 1, "Pad2: %u", Pad2);
8788 offset += 1; /* Skip Pad2 */
8790 /* Build display for: Data */
8792 Data = GBYTE(pd, offset);
8796 proto_tree_add_text(tree, offset, 1, "Data: %u", Data);
8800 offset += 1; /* Skip Data */
8807 dissect_transact_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8810 proto_tree *Flags_tree;
8820 guint8 MaxSetupCount;
8823 guint16 TotalParameterCount;
8824 guint16 TotalDataCount;
8827 guint16 ParameterOffset;
8828 guint16 ParameterDisplacement;
8829 guint16 ParameterCount;
8830 guint16 MaxParameterCount;
8831 guint16 MaxDataCount;
8834 guint16 DataDisplacement;
8837 const char *TransactName;
8839 if (dirn == 1) { /* Request(s) dissect code */
8841 /* Build display for: Word Count (WCT) */
8843 WordCount = GBYTE(pd, offset);
8847 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
8851 offset += 1; /* Skip Word Count (WCT) */
8853 /* Build display for: Total Parameter Count */
8855 TotalParameterCount = GSHORT(pd, offset);
8859 proto_tree_add_text(tree, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
8863 offset += 2; /* Skip Total Parameter Count */
8865 /* Build display for: Total Data Count */
8867 TotalDataCount = GSHORT(pd, offset);
8871 proto_tree_add_text(tree, offset, 2, "Total Data Count: %u", TotalDataCount);
8875 offset += 2; /* Skip Total Data Count */
8877 /* Build display for: Max Parameter Count */
8879 MaxParameterCount = GSHORT(pd, offset);
8883 proto_tree_add_text(tree, offset, 2, "Max Parameter Count: %u", MaxParameterCount);
8887 offset += 2; /* Skip Max Parameter Count */
8889 /* Build display for: Max Data Count */
8891 MaxDataCount = GSHORT(pd, offset);
8895 proto_tree_add_text(tree, offset, 2, "Max Data Count: %u", MaxDataCount);
8899 offset += 2; /* Skip Max Data Count */
8901 /* Build display for: Max Setup Count */
8903 MaxSetupCount = GBYTE(pd, offset);
8907 proto_tree_add_text(tree, offset, 1, "Max Setup Count: %u", MaxSetupCount);
8911 offset += 1; /* Skip Max Setup Count */
8913 /* Build display for: Reserved1 */
8915 Reserved1 = GBYTE(pd, offset);
8919 proto_tree_add_text(tree, offset, 1, "Reserved1: %u", Reserved1);
8923 offset += 1; /* Skip Reserved1 */
8925 /* Build display for: Flags */
8927 Flags = GSHORT(pd, offset);
8931 ti = proto_tree_add_text(tree, offset, 2, "Flags: 0x%02x", Flags);
8932 Flags_tree = proto_item_add_subtree(ti, ETT_SMB_FLAGS);
8933 proto_tree_add_text(Flags_tree, offset, 2, "%s",
8934 decode_boolean_bitfield(Flags, 0x01, 16, "Also disconnect TID", "Dont disconnect TID"));
8935 proto_tree_add_text(Flags_tree, offset, 2, "%s",
8936 decode_boolean_bitfield(Flags, 0x02, 16, "One way transaction", "Two way transaction"));
8940 offset += 2; /* Skip Flags */
8942 /* Build display for: Timeout */
8944 Timeout = GWORD(pd, offset);
8948 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
8952 offset += 4; /* Skip Timeout */
8954 /* Build display for: Reserved2 */
8956 Reserved2 = GSHORT(pd, offset);
8960 proto_tree_add_text(tree, offset, 2, "Reserved2: %u", Reserved2);
8964 offset += 2; /* Skip Reserved2 */
8966 /* Build display for: Parameter Count */
8968 ParameterCount = GSHORT(pd, offset);
8972 proto_tree_add_text(tree, offset, 2, "Parameter Count: %u", ParameterCount);
8976 offset += 2; /* Skip Parameter Count */
8978 /* Build display for: Parameter Offset */
8980 ParameterOffset = GSHORT(pd, offset);
8984 proto_tree_add_text(tree, offset, 2, "Parameter Offset: %u", ParameterOffset);
8988 offset += 2; /* Skip Parameter Offset */
8990 /* Build display for: Data Count */
8992 DataCount = GSHORT(pd, offset);
8996 proto_tree_add_text(tree, offset, 2, "Data Count: %u", DataCount);
9000 offset += 2; /* Skip Data Count */
9002 /* Build display for: Data Offset */
9004 DataOffset = GSHORT(pd, offset);
9008 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
9012 offset += 2; /* Skip Data Offset */
9014 /* Build display for: Setup Count */
9016 SetupCount = GBYTE(pd, offset);
9020 proto_tree_add_text(tree, offset, 1, "Setup Count: %u", SetupCount);
9024 offset += 1; /* Skip Setup Count */
9026 /* Build display for: Reserved3 */
9028 Reserved3 = GBYTE(pd, offset);
9032 proto_tree_add_text(tree, offset, 1, "Reserved3: %u", Reserved3);
9036 offset += 1; /* Skip Reserved3 */
9038 /* Build display for: Setup */
9040 if (SetupCount > 0) {
9044 Setup = GSHORT(pd, offset);
9046 for (i = 1; i <= SetupCount; i++) {
9048 Setup = GSHORT(pd, offset);
9052 proto_tree_add_text(tree, offset, 2, "Setup%i: %u", i, Setup);
9056 offset += 2; /* Skip Setup */
9062 /* Build display for: Byte Count (BCC) */
9064 ByteCount = GSHORT(pd, offset);
9068 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
9072 offset += 2; /* Skip Byte Count (BCC) */
9074 /* Build display for: Transact Name */
9076 TransactName = pd + offset;
9080 proto_tree_add_text(tree, offset, strlen(TransactName) + 1, "Transact Name: %s", TransactName);
9084 offset += strlen(TransactName) + 1; /* Skip Transact Name */
9088 /* Build display for: Pad1 */
9090 Pad1 = GBYTE(pd, offset);
9094 proto_tree_add_text(tree, offset, 1, "Pad1: %u", Pad1);
9098 offset += 1; /* Skip Pad1 */
9102 if (ParameterCount > 0) {
9104 /* Build display for: Parameters */
9108 proto_tree_add_text(tree, SMB_offset + ParameterOffset, ParameterCount, "Parameters: %S: %d", format_text(&pd[SMB_offset + ParameterOffset], ParameterCount), SMB_offset + ParameterOffset);
9112 offset += ParameterCount; /* Skip Parameters */
9118 /* Build display for: Pad2 */
9120 Pad2 = GBYTE(pd, offset);
9124 proto_tree_add_text(tree, offset, 1, "Pad2: %u", Pad2);
9128 offset += 1; /* Skip Pad2 */
9132 if (DataCount > 0) {
9134 /* Build display for: Data */
9136 Data = GBYTE(pd, offset);
9140 proto_tree_add_text(tree, SMB_offset + DataOffset, DataCount, "Data: %s", format_text(&pd[offset], DataCount));
9144 offset += DataCount; /* Skip Data */
9150 if (dirn == 0) { /* Response(s) dissect code */
9152 /* Build display for: Word Count (WCT) */
9154 WordCount = GBYTE(pd, offset);
9158 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
9162 offset += 1; /* Skip Word Count (WCT) */
9164 /* Build display for: Total Parameter Count */
9166 TotalParameterCount = GSHORT(pd, offset);
9170 proto_tree_add_text(tree, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
9174 offset += 2; /* Skip Total Parameter Count */
9176 /* Build display for: Total Data Count */
9178 TotalDataCount = GSHORT(pd, offset);
9182 proto_tree_add_text(tree, offset, 2, "Total Data Count: %u", TotalDataCount);
9186 offset += 2; /* Skip Total Data Count */
9188 /* Build display for: Reserved2 */
9190 Reserved2 = GSHORT(pd, offset);
9194 proto_tree_add_text(tree, offset, 2, "Reserved2: %u", Reserved2);
9198 offset += 2; /* Skip Reserved2 */
9200 /* Build display for: Parameter Count */
9202 ParameterCount = GSHORT(pd, offset);
9206 proto_tree_add_text(tree, offset, 2, "Parameter Count: %u", ParameterCount);
9210 offset += 2; /* Skip Parameter Count */
9212 /* Build display for: Parameter Offset */
9214 ParameterOffset = GSHORT(pd, offset);
9218 proto_tree_add_text(tree, offset, 2, "Parameter Offset: %u", ParameterOffset);
9222 offset += 2; /* Skip Parameter Offset */
9224 /* Build display for: Parameter Displacement */
9226 ParameterDisplacement = GSHORT(pd, offset);
9230 proto_tree_add_text(tree, offset, 2, "Parameter Displacement: %u", ParameterDisplacement);
9234 offset += 2; /* Skip Parameter Displacement */
9236 /* Build display for: Data Count */
9238 DataCount = GSHORT(pd, offset);
9242 proto_tree_add_text(tree, offset, 2, "Data Count: %u", DataCount);
9246 offset += 2; /* Skip Data Count */
9248 /* Build display for: Data Offset */
9250 DataOffset = GSHORT(pd, offset);
9254 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
9258 offset += 2; /* Skip Data Offset */
9260 /* Build display for: Data Displacement */
9262 DataDisplacement = GSHORT(pd, offset);
9266 proto_tree_add_text(tree, offset, 2, "Data Displacement: %u", DataDisplacement);
9270 offset += 2; /* Skip Data Displacement */
9272 /* Build display for: Setup Count */
9274 SetupCount = GBYTE(pd, offset);
9278 proto_tree_add_text(tree, offset, 1, "Setup Count: %u", SetupCount);
9282 offset += 1; /* Skip Setup Count */
9284 /* Build display for: Reserved3 */
9286 Reserved3 = GBYTE(pd, offset);
9290 proto_tree_add_text(tree, offset, 1, "Reserved3: %u", Reserved3);
9294 offset += 1; /* Skip Reserved3 */
9296 /* Build display for: Setup */
9298 Setup = GSHORT(pd, offset);
9302 proto_tree_add_text(tree, offset, 2, "Setup: %u", Setup);
9306 offset += 2; /* Skip Setup */
9308 /* Build display for: Byte Count (BCC) */
9310 ByteCount = GSHORT(pd, offset);
9314 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
9318 offset += 2; /* Skip Byte Count (BCC) */
9320 /* Build display for: Pad1 */
9322 Pad1 = GBYTE(pd, offset);
9326 proto_tree_add_text(tree, offset, 1, "Pad1: %u", Pad1);
9330 offset += 1; /* Skip Pad1 */
9332 /* Build display for: Parameter */
9334 Parameter = GBYTE(pd, offset);
9338 proto_tree_add_text(tree, offset, 1, "Parameter: %u", Parameter);
9342 offset += 1; /* Skip Parameter */
9344 /* Build display for: Pad2 */
9346 Pad2 = GBYTE(pd, offset);
9350 proto_tree_add_text(tree, offset, 1, "Pad2: %u", Pad2);
9354 offset += 1; /* Skip Pad2 */
9356 /* Build display for: Data */
9358 Data = GBYTE(pd, offset);
9362 proto_tree_add_text(tree, offset, 1, "Data: %u", Data);
9366 offset += 1; /* Skip Data */
9372 void (*dissect[256])(const u_char *, int, frame_data *, proto_tree *, struct smb_info, int, int, int, int) = {
9374 dissect_unknown_smb, /* unknown SMB 0x00 */
9375 dissect_unknown_smb, /* unknown SMB 0x01 */
9376 dissect_unknown_smb, /* SMBopen open a file */
9377 dissect_create_file_smb, /* SMBcreate create a file */
9378 dissect_close_smb, /* SMBclose close a file */
9379 dissect_flush_file_smb, /* SMBflush flush a file */
9380 dissect_delete_file_smb, /* SMBunlink delete a file */
9381 dissect_rename_file_smb, /* SMBmv rename a file */
9382 dissect_get_file_attr_smb,/* SMBgetatr get file attributes */
9383 dissect_set_file_attr_smb,/* SMBsetatr set file attributes */
9384 dissect_read_file_smb, /* SMBread read from a file */
9385 dissect_write_file_smb, /* SMBwrite write to a file */
9386 dissect_lock_bytes_smb, /* SMBlock lock a byte range */
9387 dissect_unlock_bytes_smb, /* SMBunlock unlock a byte range */
9388 dissect_create_temporary_file_smb,/* SMBctemp create a temporary file */
9389 dissect_unknown_smb, /* SMBmknew make a new file */
9390 dissect_checkdir_smb, /* SMBchkpth check a directory path */
9391 dissect_process_exit_smb, /* SMBexit process exit */
9392 dissect_unknown_smb, /* SMBlseek seek */
9393 dissect_lock_and_read_smb,/* SMBlockread Lock a range and read it */
9394 dissect_write_and_unlock_smb,/* SMBwriteunlock Unlock a range and then write */
9395 dissect_unknown_smb, /* unknown SMB 0x15 */
9396 dissect_unknown_smb, /* unknown SMB 0x16 */
9397 dissect_unknown_smb, /* unknown SMB 0x17 */
9398 dissect_unknown_smb, /* unknown SMB 0x18 */
9399 dissect_unknown_smb, /* unknown SMB 0x19 */
9400 dissect_read_raw_smb, /* SMBreadBraw read block raw */
9401 dissect_read_mpx_smb, /* SMBreadBmpx read block multiplexed */
9402 dissect_unknown_smb, /* SMBreadBs read block (secondary response) */
9403 dissect_write_raw_smb, /* SMBwriteBraw write block raw */
9404 dissect_write_mpx_smb, /* SMBwriteBmpx write block multiplexed */
9405 dissect_unknown_smb, /* SMBwriteBs write block (secondary request) */
9406 dissect_unknown_smb, /* SMBwriteC write complete response */
9407 dissect_unknown_smb, /* unknown SMB 0x21 */
9408 dissect_set_info2_smb, /* SMBsetattrE set file attributes expanded */
9409 dissect_query_info2_smb, /* SMBgetattrE get file attributes expanded */
9410 dissect_locking_andx_smb, /* SMBlockingX lock/unlock byte ranges and X */
9411 dissect_transact_smb, /* SMBtrans transaction - name, bytes in/out */
9412 dissect_unknown_smb, /* SMBtranss transaction (secondary request/response) */
9413 dissect_unknown_smb, /* SMBioctl IOCTL */
9414 dissect_unknown_smb, /* SMBioctls IOCTL (secondary request/response) */
9415 dissect_unknown_smb, /* SMBcopy copy */
9416 dissect_move_smb, /* SMBmove move */
9417 dissect_unknown_smb, /* SMBecho echo */
9418 dissect_unknown_smb, /* SMBwriteclose write a file and then close it */
9419 dissect_open_andx_smb, /* SMBopenX open and X */
9420 dissect_unknown_smb, /* SMBreadX read and X */
9421 dissect_unknown_smb, /* SMBwriteX write and X */
9422 dissect_unknown_smb, /* unknown SMB 0x30 */
9423 dissect_unknown_smb, /* unknown SMB 0x31 */
9424 dissect_transact2_smb, /* unknown SMB 0x32 */
9425 dissect_unknown_smb, /* unknown SMB 0x33 */
9426 dissect_find_close2_smb, /* unknown SMB 0x34 */
9427 dissect_unknown_smb, /* unknown SMB 0x35 */
9428 dissect_unknown_smb, /* unknown SMB 0x36 */
9429 dissect_unknown_smb, /* unknown SMB 0x37 */
9430 dissect_unknown_smb, /* unknown SMB 0x38 */
9431 dissect_unknown_smb, /* unknown SMB 0x39 */
9432 dissect_unknown_smb, /* unknown SMB 0x3a */
9433 dissect_unknown_smb, /* unknown SMB 0x3b */
9434 dissect_unknown_smb, /* unknown SMB 0x3c */
9435 dissect_unknown_smb, /* unknown SMB 0x3d */
9436 dissect_unknown_smb, /* unknown SMB 0x3e */
9437 dissect_unknown_smb, /* unknown SMB 0x3f */
9438 dissect_unknown_smb, /* unknown SMB 0x40 */
9439 dissect_unknown_smb, /* unknown SMB 0x41 */
9440 dissect_unknown_smb, /* unknown SMB 0x42 */
9441 dissect_unknown_smb, /* unknown SMB 0x43 */
9442 dissect_unknown_smb, /* unknown SMB 0x44 */
9443 dissect_unknown_smb, /* unknown SMB 0x45 */
9444 dissect_unknown_smb, /* unknown SMB 0x46 */
9445 dissect_unknown_smb, /* unknown SMB 0x47 */
9446 dissect_unknown_smb, /* unknown SMB 0x48 */
9447 dissect_unknown_smb, /* unknown SMB 0x49 */
9448 dissect_unknown_smb, /* unknown SMB 0x4a */
9449 dissect_unknown_smb, /* unknown SMB 0x4b */
9450 dissect_unknown_smb, /* unknown SMB 0x4c */
9451 dissect_unknown_smb, /* unknown SMB 0x4d */
9452 dissect_unknown_smb, /* unknown SMB 0x4e */
9453 dissect_unknown_smb, /* unknown SMB 0x4f */
9454 dissect_unknown_smb, /* unknown SMB 0x50 */
9455 dissect_unknown_smb, /* unknown SMB 0x51 */
9456 dissect_unknown_smb, /* unknown SMB 0x52 */
9457 dissect_unknown_smb, /* unknown SMB 0x53 */
9458 dissect_unknown_smb, /* unknown SMB 0x54 */
9459 dissect_unknown_smb, /* unknown SMB 0x55 */
9460 dissect_unknown_smb, /* unknown SMB 0x56 */
9461 dissect_unknown_smb, /* unknown SMB 0x57 */
9462 dissect_unknown_smb, /* unknown SMB 0x58 */
9463 dissect_unknown_smb, /* unknown SMB 0x59 */
9464 dissect_unknown_smb, /* unknown SMB 0x5a */
9465 dissect_unknown_smb, /* unknown SMB 0x5b */
9466 dissect_unknown_smb, /* unknown SMB 0x5c */
9467 dissect_unknown_smb, /* unknown SMB 0x5d */
9468 dissect_unknown_smb, /* unknown SMB 0x5e */
9469 dissect_unknown_smb, /* unknown SMB 0x5f */
9470 dissect_unknown_smb, /* unknown SMB 0x60 */
9471 dissect_unknown_smb, /* unknown SMB 0x61 */
9472 dissect_unknown_smb, /* unknown SMB 0x62 */
9473 dissect_unknown_smb, /* unknown SMB 0x63 */
9474 dissect_unknown_smb, /* unknown SMB 0x64 */
9475 dissect_unknown_smb, /* unknown SMB 0x65 */
9476 dissect_unknown_smb, /* unknown SMB 0x66 */
9477 dissect_unknown_smb, /* unknown SMB 0x67 */
9478 dissect_unknown_smb, /* unknown SMB 0x68 */
9479 dissect_unknown_smb, /* unknown SMB 0x69 */
9480 dissect_unknown_smb, /* unknown SMB 0x6a */
9481 dissect_unknown_smb, /* unknown SMB 0x6b */
9482 dissect_unknown_smb, /* unknown SMB 0x6c */
9483 dissect_unknown_smb, /* unknown SMB 0x6d */
9484 dissect_unknown_smb, /* unknown SMB 0x6e */
9485 dissect_unknown_smb, /* unknown SMB 0x6f */
9486 dissect_treecon_smb, /* SMBtcon tree connect */
9487 dissect_tdis_smb, /* SMBtdis tree disconnect */
9488 dissect_negprot_smb, /* SMBnegprot negotiate a protocol */
9489 dissect_ssetup_andx_smb, /* SMBsesssetupX Session Set Up & X (including User Logon) */
9490 dissect_logoff_andx_smb, /* SMBlogof Logoff & X */
9491 dissect_tcon_andx_smb, /* SMBtconX tree connect and X */
9492 dissect_unknown_smb, /* unknown SMB 0x76 */
9493 dissect_unknown_smb, /* unknown SMB 0x77 */
9494 dissect_unknown_smb, /* unknown SMB 0x78 */
9495 dissect_unknown_smb, /* unknown SMB 0x79 */
9496 dissect_unknown_smb, /* unknown SMB 0x7a */
9497 dissect_unknown_smb, /* unknown SMB 0x7b */
9498 dissect_unknown_smb, /* unknown SMB 0x7c */
9499 dissect_unknown_smb, /* unknown SMB 0x7d */
9500 dissect_unknown_smb, /* unknown SMB 0x7e */
9501 dissect_unknown_smb, /* unknown SMB 0x7f */
9502 dissect_get_disk_attr_smb,/* SMBdskattr get disk attributes */
9503 dissect_search_dir_smb, /* SMBsearch search a directory */
9504 dissect_unknown_smb, /* SMBffirst find first */
9505 dissect_unknown_smb, /* SMBfunique find unique */
9506 dissect_unknown_smb, /* SMBfclose find close */
9507 dissect_unknown_smb, /* unknown SMB 0x85 */
9508 dissect_unknown_smb, /* unknown SMB 0x86 */
9509 dissect_unknown_smb, /* unknown SMB 0x87 */
9510 dissect_unknown_smb, /* unknown SMB 0x88 */
9511 dissect_unknown_smb, /* unknown SMB 0x89 */
9512 dissect_unknown_smb, /* unknown SMB 0x8a */
9513 dissect_unknown_smb, /* unknown SMB 0x8b */
9514 dissect_unknown_smb, /* unknown SMB 0x8c */
9515 dissect_unknown_smb, /* unknown SMB 0x8d */
9516 dissect_unknown_smb, /* unknown SMB 0x8e */
9517 dissect_unknown_smb, /* unknown SMB 0x8f */
9518 dissect_unknown_smb, /* unknown SMB 0x90 */
9519 dissect_unknown_smb, /* unknown SMB 0x91 */
9520 dissect_unknown_smb, /* unknown SMB 0x92 */
9521 dissect_unknown_smb, /* unknown SMB 0x93 */
9522 dissect_unknown_smb, /* unknown SMB 0x94 */
9523 dissect_unknown_smb, /* unknown SMB 0x95 */
9524 dissect_unknown_smb, /* unknown SMB 0x96 */
9525 dissect_unknown_smb, /* unknown SMB 0x97 */
9526 dissect_unknown_smb, /* unknown SMB 0x98 */
9527 dissect_unknown_smb, /* unknown SMB 0x99 */
9528 dissect_unknown_smb, /* unknown SMB 0x9a */
9529 dissect_unknown_smb, /* unknown SMB 0x9b */
9530 dissect_unknown_smb, /* unknown SMB 0x9c */
9531 dissect_unknown_smb, /* unknown SMB 0x9d */
9532 dissect_unknown_smb, /* unknown SMB 0x9e */
9533 dissect_unknown_smb, /* unknown SMB 0x9f */
9534 dissect_unknown_smb, /* unknown SMB 0xa0 */
9535 dissect_unknown_smb, /* unknown SMB 0xa1 */
9536 dissect_unknown_smb, /* unknown SMB 0xa2 */
9537 dissect_unknown_smb, /* unknown SMB 0xa3 */
9538 dissect_unknown_smb, /* unknown SMB 0xa4 */
9539 dissect_unknown_smb, /* unknown SMB 0xa5 */
9540 dissect_unknown_smb, /* unknown SMB 0xa6 */
9541 dissect_unknown_smb, /* unknown SMB 0xa7 */
9542 dissect_unknown_smb, /* unknown SMB 0xa8 */
9543 dissect_unknown_smb, /* unknown SMB 0xa9 */
9544 dissect_unknown_smb, /* unknown SMB 0xaa */
9545 dissect_unknown_smb, /* unknown SMB 0xab */
9546 dissect_unknown_smb, /* unknown SMB 0xac */
9547 dissect_unknown_smb, /* unknown SMB 0xad */
9548 dissect_unknown_smb, /* unknown SMB 0xae */
9549 dissect_unknown_smb, /* unknown SMB 0xaf */
9550 dissect_unknown_smb, /* unknown SMB 0xb0 */
9551 dissect_unknown_smb, /* unknown SMB 0xb1 */
9552 dissect_unknown_smb, /* unknown SMB 0xb2 */
9553 dissect_unknown_smb, /* unknown SMB 0xb3 */
9554 dissect_unknown_smb, /* unknown SMB 0xb4 */
9555 dissect_unknown_smb, /* unknown SMB 0xb5 */
9556 dissect_unknown_smb, /* unknown SMB 0xb6 */
9557 dissect_unknown_smb, /* unknown SMB 0xb7 */
9558 dissect_unknown_smb, /* unknown SMB 0xb8 */
9559 dissect_unknown_smb, /* unknown SMB 0xb9 */
9560 dissect_unknown_smb, /* unknown SMB 0xba */
9561 dissect_unknown_smb, /* unknown SMB 0xbb */
9562 dissect_unknown_smb, /* unknown SMB 0xbc */
9563 dissect_unknown_smb, /* unknown SMB 0xbd */
9564 dissect_unknown_smb, /* unknown SMB 0xbe */
9565 dissect_unknown_smb, /* unknown SMB 0xbf */
9566 dissect_unknown_smb, /* SMBsplopen open a print spool file */
9567 dissect_write_print_file_smb,/* SMBsplwr write to a print spool file */
9568 dissect_close_print_file_smb,/* SMBsplclose close a print spool file */
9569 dissect_get_print_queue_smb, /* SMBsplretq return print queue */
9570 dissect_unknown_smb, /* unknown SMB 0xc4 */
9571 dissect_unknown_smb, /* unknown SMB 0xc5 */
9572 dissect_unknown_smb, /* unknown SMB 0xc6 */
9573 dissect_unknown_smb, /* unknown SMB 0xc7 */
9574 dissect_unknown_smb, /* unknown SMB 0xc8 */
9575 dissect_unknown_smb, /* unknown SMB 0xc9 */
9576 dissect_unknown_smb, /* unknown SMB 0xca */
9577 dissect_unknown_smb, /* unknown SMB 0xcb */
9578 dissect_unknown_smb, /* unknown SMB 0xcc */
9579 dissect_unknown_smb, /* unknown SMB 0xcd */
9580 dissect_unknown_smb, /* unknown SMB 0xce */
9581 dissect_unknown_smb, /* unknown SMB 0xcf */
9582 dissect_unknown_smb, /* SMBsends send a single block message */
9583 dissect_unknown_smb, /* SMBsendb send a broadcast message */
9584 dissect_unknown_smb, /* SMBfwdname forward user name */
9585 dissect_unknown_smb, /* SMBcancelf cancel forward */
9586 dissect_unknown_smb, /* SMBgetmac get a machine name */
9587 dissect_unknown_smb, /* SMBsendstrt send start of multi-block message */
9588 dissect_unknown_smb, /* SMBsendend send end of multi-block message */
9589 dissect_unknown_smb, /* SMBsendtxt send text of multi-block message */
9590 dissect_unknown_smb, /* unknown SMB 0xd8 */
9591 dissect_unknown_smb, /* unknown SMB 0xd9 */
9592 dissect_unknown_smb, /* unknown SMB 0xda */
9593 dissect_unknown_smb, /* unknown SMB 0xdb */
9594 dissect_unknown_smb, /* unknown SMB 0xdc */
9595 dissect_unknown_smb, /* unknown SMB 0xdd */
9596 dissect_unknown_smb, /* unknown SMB 0xde */
9597 dissect_unknown_smb, /* unknown SMB 0xdf */
9598 dissect_unknown_smb, /* unknown SMB 0xe0 */
9599 dissect_unknown_smb, /* unknown SMB 0xe1 */
9600 dissect_unknown_smb, /* unknown SMB 0xe2 */
9601 dissect_unknown_smb, /* unknown SMB 0xe3 */
9602 dissect_unknown_smb, /* unknown SMB 0xe4 */
9603 dissect_unknown_smb, /* unknown SMB 0xe5 */
9604 dissect_unknown_smb, /* unknown SMB 0xe6 */
9605 dissect_unknown_smb, /* unknown SMB 0xe7 */
9606 dissect_unknown_smb, /* unknown SMB 0xe8 */
9607 dissect_unknown_smb, /* unknown SMB 0xe9 */
9608 dissect_unknown_smb, /* unknown SMB 0xea */
9609 dissect_unknown_smb, /* unknown SMB 0xeb */
9610 dissect_unknown_smb, /* unknown SMB 0xec */
9611 dissect_unknown_smb, /* unknown SMB 0xed */
9612 dissect_unknown_smb, /* unknown SMB 0xee */
9613 dissect_unknown_smb, /* unknown SMB 0xef */
9614 dissect_unknown_smb, /* unknown SMB 0xf0 */
9615 dissect_unknown_smb, /* unknown SMB 0xf1 */
9616 dissect_unknown_smb, /* unknown SMB 0xf2 */
9617 dissect_unknown_smb, /* unknown SMB 0xf3 */
9618 dissect_unknown_smb, /* unknown SMB 0xf4 */
9619 dissect_unknown_smb, /* unknown SMB 0xf5 */
9620 dissect_unknown_smb, /* unknown SMB 0xf6 */
9621 dissect_unknown_smb, /* unknown SMB 0xf7 */
9622 dissect_unknown_smb, /* unknown SMB 0xf8 */
9623 dissect_unknown_smb, /* unknown SMB 0xf9 */
9624 dissect_unknown_smb, /* unknown SMB 0xfa */
9625 dissect_unknown_smb, /* unknown SMB 0xfb */
9626 dissect_unknown_smb, /* unknown SMB 0xfc */
9627 dissect_unknown_smb, /* unknown SMB 0xfd */
9628 dissect_unknown_smb, /* SMBinvalid invalid command */
9629 dissect_unknown_smb /* unknown SMB 0xff */
9633 static const value_string errcls_types[] = {
9634 { SMB_SUCCESS, "Success"},
9635 { SMB_ERRDOS, "DOS Error"},
9636 { SMB_ERRSRV, "Server Error"},
9637 { SMB_ERRHRD, "Hardware Error"},
9638 { SMB_ERRCMD, "Command Error - Not an SMB format command"},
9642 char *decode_smb_name(unsigned char cmd)
9645 return(SMB_names[cmd]);
9649 static const value_string DOS_errors[] = {
9650 {SMBE_badfunc, "Invalid function (or system call)"},
9651 {SMBE_badfile, "File not found (pathname error)"},
9652 {SMBE_badpath, "Directory not found"},
9653 {SMBE_nofids, "Too many open files"},
9654 {SMBE_noaccess, "Access denied"},
9655 {SMBE_badfid, "Invalid fid"},
9656 {SMBE_nomem, "Out of memory"},
9657 {SMBE_badmem, "Invalid memory block address"},
9658 {SMBE_badenv, "Invalid environment"},
9659 {SMBE_badaccess, "Invalid open mode"},
9660 {SMBE_baddata, "Invalid data (only from ioctl call)"},
9661 {SMBE_res, "Reserved error code?"},
9662 {SMBE_baddrive, "Invalid drive"},
9663 {SMBE_remcd, "Attempt to delete current directory"},
9664 {SMBE_diffdevice, "Rename/move across different filesystems"},
9665 {SMBE_nofiles, "no more files found in file search"},
9666 {SMBE_badshare, "Share mode on file conflict with open mode"},
9667 {SMBE_lock, "Lock request conflicts with existing lock"},
9668 {SMBE_unsup, "Request unsupported, returned by Win 95"},
9669 {SMBE_filexists, "File in operation already exists"},
9670 {SMBE_cannotopen, "Cannot open the file specified"},
9671 {SMBE_unknownlevel, "Unknown level??"},
9672 {SMBE_badpipe, "Named pipe invalid"},
9673 {SMBE_pipebusy, "All instances of pipe are busy"},
9674 {SMBE_pipeclosing, "Named pipe close in progress"},
9675 {SMBE_notconnected, "No process on other end of named pipe"},
9676 {SMBE_moredata, "More data to be returned"},
9677 {SMBE_baddirectory, "Invalid directory name in a path."},
9678 {SMBE_eas_didnt_fit, "Extended attributes didn't fit"},
9679 {SMBE_eas_nsup, "Extended attributes not supported"},
9680 {SMBE_notify_buf_small, "Buffer too small to return change notify."},
9681 {SMBE_unknownipc, "Unknown IPC Operation"},
9682 {SMBE_noipc, "Don't support ipc"},
9686 /* Error codes for the ERRSRV class */
9688 static const value_string SRV_errors[] = {
9689 {SMBE_error, "Non specific error code"},
9690 {SMBE_badpw, "Bad password"},
9691 {SMBE_badtype, "Reserved"},
9692 {SMBE_access, "No permissions to perform the requested operation"},
9693 {SMBE_invnid, "TID invalid"},
9694 {SMBE_invnetname, "Invalid network name. Service not found"},
9695 {SMBE_invdevice, "Invalid device"},
9696 {SMBE_unknownsmb, "Unknown SMB, from NT 3.5 response"},
9697 {SMBE_qfull, "Print queue full"},
9698 {SMBE_qtoobig, "Queued item too big"},
9699 {SMBE_qeof, "EOF on print queue dump"},
9700 {SMBE_invpfid, "Invalid print file in smb_fid"},
9701 {SMBE_smbcmd, "Unrecognised command"},
9702 {SMBE_srverror, "SMB server internal error"},
9703 {SMBE_filespecs, "Fid and pathname invalid combination"},
9704 {SMBE_badlink, "Bad link in request ???"},
9705 {SMBE_badpermits, "Access specified for a file is not valid"},
9706 {SMBE_badpid, "Bad process id in request"},
9707 {SMBE_setattrmode, "Attribute mode invalid"},
9708 {SMBE_paused, "Message server paused"},
9709 {SMBE_msgoff, "Not receiving messages"},
9710 {SMBE_noroom, "No room for message"},
9711 {SMBE_rmuns, "Too many remote usernames"},
9712 {SMBE_timeout, "Operation timed out"},
9713 {SMBE_noresource, "No resources currently available for request."},
9714 {SMBE_toomanyuids, "Too many userids"},
9715 {SMBE_baduid, "Bad userid"},
9716 {SMBE_useMPX, "Temporarily unable to use raw mode, use MPX mode"},
9717 {SMBE_useSTD, "Temporarily unable to use raw mode, use standard mode"},
9718 {SMBE_contMPX, "Resume MPX mode"},
9719 {SMBE_badPW, "Bad Password???"},
9720 {SMBE_nosupport, "Operation not supported???"},
9724 /* Error codes for the ERRHRD class */
9726 static const value_string HRD_errors[] = {
9727 {SMBE_nowrite, "read only media"},
9728 {SMBE_badunit, "Unknown device"},
9729 {SMBE_notready, "Drive not ready"},
9730 {SMBE_badcmd, "Unknown command"},
9731 {SMBE_data, "Data (CRC) error"},
9732 {SMBE_badreq, "Bad request structure length"},
9733 {SMBE_seek, "Seek error???"},
9734 {SMBE_badmedia, "Bad media???"},
9735 {SMBE_badsector, "Bad sector???"},
9736 {SMBE_nopaper, "No paper in printer???"},
9737 {SMBE_write, "Write error???"},
9738 {SMBE_read, "Read error???"},
9739 {SMBE_general, "General error???"},
9740 {SMBE_badshare, "A open conflicts with an existing open"},
9741 {SMBE_lock, "Lock/unlock error"},
9742 {SMBE_wrongdisk, "Wrong disk???"},
9743 {SMBE_FCBunavail, "FCB unavailable???"},
9744 {SMBE_sharebufexc, "Share buffer excluded???"},
9745 {SMBE_diskfull, "Disk full???"},
9749 char *decode_smb_error(guint8 errcls, guint8 errcode)
9756 return("No Error"); /* No error ??? */
9761 return(val_to_str(errcode, DOS_errors, "Unknown DOS error (%x)"));
9766 return(val_to_str(errcode, SRV_errors, "Unknown SRV error (%x)"));
9771 return(val_to_str(errcode, HRD_errors, "Unknown HRD error (%x)"));
9776 return("Unknown error class!");
9782 #define SMB_FLAGS_DIRN 0x80
9785 dissect_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data)
9787 proto_tree *smb_tree = tree, *flags_tree, *flags2_tree;
9788 proto_item *ti, *tf;
9789 guint8 cmd, errcls, errcode1, flags;
9790 guint16 flags2, errcode, tid, pid, uid, mid;
9791 int SMB_offset = offset;
9794 cmd = pd[offset + SMB_hdr_com_offset];
9796 if (check_col(fd, COL_PROTOCOL))
9797 col_add_str(fd, COL_PROTOCOL, "SMB");
9799 /* Hmmm, poor coding here ... Also, should check the type */
9801 if (check_col(fd, COL_INFO)) {
9803 col_add_fstr(fd, COL_INFO, "%s %s", decode_smb_name(cmd), (pi.match_port == pi.destport)? "Request" : "Response");
9809 ti = proto_tree_add_item(tree, proto_smb, offset, END_OF_FRAME, NULL);
9810 smb_tree = proto_item_add_subtree(ti, ETT_SMB);
9812 /* 0xFFSMB is actually a 1 byte msg type and 3 byte server
9813 * component ... SMB is only one used
9816 proto_tree_add_text(smb_tree, offset, 1, "Message Type: 0xFF");
9817 proto_tree_add_text(smb_tree, offset+1, 3, "Server Component: SMB");
9821 offset += 4; /* Skip the marker */
9825 proto_tree_add_text(smb_tree, offset, 1, "Command: %s", decode_smb_name(cmd));
9831 /* Next, look at the error class, SMB_RETCLASS */
9833 errcls = pd[offset];
9837 proto_tree_add_text(smb_tree, offset, 1, "Error Class: %s",
9838 val_to_str((guint8)pd[offset], errcls_types, "Unknown Error Class (%x)"));
9843 /* Error code, SMB_HEINFO ... */
9845 errcode1 = pd[offset];
9849 proto_tree_add_text(smb_tree, offset, 1, "Reserved: %i", errcode1);
9855 errcode = GSHORT(pd, offset);
9859 proto_tree_add_text(smb_tree, offset, 2, "Error Code: %s",
9860 decode_smb_error(errcls, errcode));
9866 /* Now for the flags: Bit 0 = 0 means cmd, 0 = 1 means resp */
9872 tf = proto_tree_add_text(smb_tree, offset, 1, "Flags: 0x%02x", flags);
9874 flags_tree = proto_item_add_subtree(tf, ETT_SMB_FLAGS);
9875 proto_tree_add_text(flags_tree, offset, 1, "%s",
9876 decode_boolean_bitfield(flags, 0x01, 8,
9877 "Lock&Read, Write&Unlock supported",
9878 "Lock&Read, Write&Unlock not supported"));
9879 proto_tree_add_text(flags_tree, offset, 1, "%s",
9880 decode_boolean_bitfield(flags, 0x02, 8,
9881 "Receive buffer posted",
9882 "Receive buffer not posted"));
9883 proto_tree_add_text(flags_tree, offset, 1, "%s",
9884 decode_boolean_bitfield(flags, 0x08, 8,
9885 "Path names caseless",
9886 "Path names case sensitive"));
9887 proto_tree_add_text(flags_tree, offset, 1, "%s",
9888 decode_boolean_bitfield(flags, 0x10, 8,
9889 "Pathnames canonicalized",
9890 "Pathnames not canonicalized"));
9891 proto_tree_add_text(flags_tree, offset, 1, "%s",
9892 decode_boolean_bitfield(flags, 0x20, 8,
9893 "OpLocks requested/granted",
9894 "OpLocks not requested/granted"));
9895 proto_tree_add_text(flags_tree, offset, 1, "%s",
9896 decode_boolean_bitfield(flags, 0x40, 8,
9898 "Notify open only"));
9900 proto_tree_add_text(flags_tree, offset, 1, "%s",
9901 decode_boolean_bitfield(flags, SMB_FLAGS_DIRN,
9902 8, "Response to client/redirector", "Request to server"));
9908 flags2 = GSHORT(pd, offset);
9912 tf = proto_tree_add_text(smb_tree, offset, 1, "Flags2: 0x%04x", flags2);
9914 flags2_tree = proto_item_add_subtree(tf, ETT_SMB_FLAGS2);
9915 proto_tree_add_text(flags2_tree, offset, 1, "%s",
9916 decode_boolean_bitfield(flags2, 0x0001, 16,
9917 "Long file names supported",
9918 "Long file names not supported"));
9919 proto_tree_add_text(flags2_tree, offset, 1, "%s",
9920 decode_boolean_bitfield(flags2, 0x0002, 16,
9921 "Extended attributes supported",
9922 "Extended attributes not supported"));
9923 proto_tree_add_text(flags2_tree, offset, 1, "%s",
9924 decode_boolean_bitfield(flags2, 0x0004, 16,
9925 "Security signatures supported",
9926 "Security signatures not supported"));
9927 proto_tree_add_text(flags2_tree, offset, 1, "%s",
9928 decode_boolean_bitfield(flags2, 0x0800, 16,
9929 "Extended security negotiation supported",
9930 "Extended security negotiation not supported"));
9931 proto_tree_add_text(flags2_tree, offset, 1, "%s",
9932 decode_boolean_bitfield(flags2, 0x1000, 16,
9933 "Resolve pathnames with DFS",
9934 "Don't resolve pathnames with DFS"));
9935 proto_tree_add_text(flags2_tree, offset, 1, "%s",
9936 decode_boolean_bitfield(flags2, 0x2000, 16,
9937 "Permit reads if execute-only",
9938 "Don't permit reads if execute-only"));
9939 proto_tree_add_text(flags2_tree, offset, 1, "%s",
9940 decode_boolean_bitfield(flags2, 0x4000, 16,
9941 "Error codes are NT error codes",
9942 "Error codes are DOS error codes"));
9943 proto_tree_add_text(flags2_tree, offset, 1, "%s",
9944 decode_boolean_bitfield(flags2, 0x8000, 16,
9945 "Strings are Unicode",
9946 "Strings are ASCII"));
9954 proto_tree_add_text(smb_tree, offset, 12, "Reserved: 6 WORDS");
9960 /* Now the TID, tree ID */
9962 tid = GSHORT(pd, offset);
9967 proto_tree_add_text(smb_tree, offset, 2, "Network Path/Tree ID (TID): %i (%04x)", tid, tid);
9973 /* Now the PID, Process ID */
9975 pid = GSHORT(pd, offset);
9980 proto_tree_add_text(smb_tree, offset, 2, "Process ID (PID): %i (%04x)", pid, pid);
9986 /* Now the UID, User ID */
9988 uid = GSHORT(pd, offset);
9993 proto_tree_add_text(smb_tree, offset, 2, "User ID (UID): %i (%04x)", uid, uid);
9999 /* Now the MID, Multiplex ID */
10001 mid = GSHORT(pd, offset);
10006 proto_tree_add_text(smb_tree, offset, 2, "Multiplex ID (MID): %i (%04x)", mid, mid);
10012 /* Now vector through the table to dissect them */
10014 (dissect[cmd])(pd, offset, fd, smb_tree, si, max_data, SMB_offset, errcode,
10015 ((flags & 0x80) == 0));
10021 proto_register_smb(void)
10023 /* static hf_register_info hf[] = {
10025 { "Name", "smb.abbreviation", TYPE, VALS_POINTER }},
10028 proto_smb = proto_register_protocol("Server Message Block Protocol", "smb");
10029 /* proto_register_field_array(proto_smb, hf, array_length(hf));*/
git.samba.org / obnox / wireshark / wip.git / blob