2 * Routines for smb packet dissection
3 * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
5 * $Id: packet-smb.c,v 1.65 2000/05/11 08:15:46 gram Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@zing.org>
9 * Copyright 1998 Gerald Combs
11 * Copied from packet-pop.c
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
34 #ifdef HAVE_SYS_TYPES_H
35 # include <sys/types.h>
38 #ifdef HAVE_NETINET_IN_H
39 # include <netinet/in.h>
47 #include "conversation.h"
49 #include "alignment.h"
51 guint32 dissect_mailslot_smb(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info, int, int, int, int, const u_char *, int, int, int, int);
53 guint32 dissect_pipe_smb(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info, int, int, int, int, const u_char *, int, int, int, int);
56 static int proto_smb = -1;
58 static gint ett_smb = -1;
59 static gint ett_smb_fileattributes = -1;
60 static gint ett_smb_capabilities = -1;
61 static gint ett_smb_aflags = -1;
62 static gint ett_smb_dialects = -1;
63 static gint ett_smb_mode = -1;
64 static gint ett_smb_rawmode = -1;
65 static gint ett_smb_flags = -1;
66 static gint ett_smb_flags2 = -1;
67 static gint ett_smb_desiredaccess = -1;
68 static gint ett_smb_search = -1;
69 static gint ett_smb_file = -1;
70 static gint ett_smb_openfunction = -1;
71 static gint ett_smb_filetype = -1;
72 static gint ett_smb_action = -1;
73 static gint ett_smb_writemode = -1;
74 static gint ett_smb_lock_type = -1;
79 * Struct passed to each SMB decode routine of info it may need
82 char *decode_smb_name(unsigned char);
84 int smb_packet_init_count = 200;
86 struct smb_request_key {
92 GHashTable *smb_request_hash = NULL;
93 GMemChunk *smb_request_keys = NULL;
94 GMemChunk *smb_request_vals = NULL;
98 smb_equal(gconstpointer v, gconstpointer w)
100 struct smb_request_key *v1 = (struct smb_request_key *)v;
101 struct smb_request_key *v2 = (struct smb_request_key *)w;
103 #if defined(DEBUG_SMB_HASH)
104 printf("Comparing %08X:%u\n and %08X:%u\n",
105 v1 -> conversation, v1 -> mid,
106 v2 -> conversation, v2 -> mid);
109 if (v1 -> conversation == v2 -> conversation &&
110 v1 -> mid == v2 -> mid) {
120 smb_hash (gconstpointer v)
122 struct smb_request_key *key = (struct smb_request_key *)v;
125 val = key -> conversation + key -> mid;
127 #if defined(DEBUG_SMB_HASH)
128 printf("SMB Hash calculated as %u\n", val);
136 * Free up any state information we've saved, and re-initialize the
137 * tables of state information.
140 smb_init_protocol(void)
142 #if defined(DEBUG_SMB_HASH)
143 printf("Initializing SMB hashtable area\n");
146 if (smb_request_hash)
147 g_hash_table_destroy(smb_request_hash);
148 if (smb_request_keys)
149 g_mem_chunk_destroy(smb_request_keys);
150 if (smb_request_vals)
151 g_mem_chunk_destroy(smb_request_vals);
153 smb_request_hash = g_hash_table_new(smb_hash, smb_equal);
154 smb_request_keys = g_mem_chunk_new("smb_request_keys",
155 sizeof(struct smb_request_key),
156 smb_packet_init_count * sizeof(struct smb_request_key), G_ALLOC_AND_FREE);
157 smb_request_vals = g_mem_chunk_new("smb_request_vals",
158 sizeof(struct smb_request_val),
159 smb_packet_init_count * sizeof(struct smb_request_val), G_ALLOC_AND_FREE);
162 void (*dissect[256])(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info si, int, int, int, int);
164 char *SMB_names[256] = {
165 "SMBcreatedirectory",
166 "SMBdeletedirectory",
214 "SMBcloseandtreedisc",
216 "SMBtrans2secondary",
218 "SMBfindnotifyclose",
326 "SMBnttransactsecondary",
424 dissect_unknown_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
429 proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Data (%u bytes)",
437 * Dissect a UNIX like date ...
440 struct tm *_gtime; /* Add leading underscore ("_") to prevent symbol
441 conflict with /usr/include/time.h on some NetBSD
445 dissect_smbu_date(guint16 date, guint16 time)
448 static char datebuf[4+2+2+2+1];
449 time_t ltime = (date << 16) + time;
451 _gtime = gmtime(<ime);
452 sprintf(datebuf, "%04d-%02d-%02d",
453 1900 + (_gtime -> tm_year), 1 + (_gtime -> tm_mon), _gtime -> tm_mday);
463 dissect_smbu_time(guint16 date, guint16 time)
466 static char timebuf[2+2+2+2+1];
468 sprintf(timebuf, "%02d:%02d:%02d",
469 _gtime -> tm_hour, _gtime -> tm_min, _gtime -> tm_sec);
476 * Dissect a DOS-format date.
479 dissect_dos_date(guint16 date)
481 static char datebuf[4+2+2+1];
483 sprintf(datebuf, "%04d-%02d-%02d",
484 ((date>>9)&0x7F) + 1980, (date>>5)&0x0F, date&0x1F);
489 * Dissect a DOS-format time.
492 dissect_dos_time(guint16 time)
494 static char timebuf[2+2+2+1];
496 sprintf(timebuf, "%02d:%02d:%02d",
497 (time>>11)&0x1F, (time>>5)&0x3F, (time&0x1F)*2);
501 /* Max string length for displaying Unicode strings. */
502 #define MAX_UNICODE_STR_LEN 256
504 /* Turn a little-endian Unicode '\0'-terminated string into a string we
506 XXX - for now, we just handle the ISO 8859-1 characters. */
508 unicode_to_str(const guint8 *us, int *us_lenp) {
509 static gchar str[3][MAX_UNICODE_STR_LEN+3+1];
516 if (cur == &str[0][0]) {
518 } else if (cur == &str[1][0]) {
524 len = MAX_UNICODE_STR_LEN;
526 while (*us != 0 || *(us + 1) != 0) {
536 /* Note that we're not showing the full string. */
547 * Each dissect routine is passed an offset to wct and works from there
551 dissect_flush_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
558 if (dirn == 1) { /* Request(s) dissect code */
560 /* Build display for: Word Count (WCT) */
562 WordCount = GBYTE(pd, offset);
566 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
570 offset += 1; /* Skip Word Count (WCT) */
572 /* Build display for: FID */
574 FID = GSHORT(pd, offset);
578 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
582 offset += 2; /* Skip FID */
584 /* Build display for: Byte Count */
586 ByteCount = GSHORT(pd, offset);
590 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
594 offset += 2; /* Skip Byte Count */
598 if (dirn == 0) { /* Response(s) dissect code */
600 /* Build display for: Word Count (WCT) */
602 WordCount = GBYTE(pd, offset);
606 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
610 offset += 1; /* Skip Word Count (WCT) */
612 /* Build display for: Byte Count (BCC) */
614 ByteCount = GSHORT(pd, offset);
618 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
622 offset += 2; /* Skip Byte Count (BCC) */
629 dissect_get_disk_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
637 guint16 BlocksPerUnit;
640 if (dirn == 1) { /* Request(s) dissect code */
642 /* Build display for: Word Count (WCT) */
644 WordCount = GBYTE(pd, offset);
648 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
652 offset += 1; /* Skip Word Count (WCT) */
654 /* Build display for: Byte Count (BCC) */
656 ByteCount = GSHORT(pd, offset);
660 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
664 offset += 2; /* Skip Byte Count (BCC) */
668 if (dirn == 0) { /* Response(s) dissect code */
670 /* Build display for: Word Count (WCT) */
672 WordCount = GBYTE(pd, offset);
676 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
680 offset += 1; /* Skip Word Count (WCT) */
684 /* Build display for: Total Units */
686 TotalUnits = GSHORT(pd, offset);
690 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Units: %u", TotalUnits);
694 offset += 2; /* Skip Total Units */
696 /* Build display for: Blocks Per Unit */
698 BlocksPerUnit = GSHORT(pd, offset);
702 proto_tree_add_text(tree, NullTVB, offset, 2, "Blocks Per Unit: %u", BlocksPerUnit);
706 offset += 2; /* Skip Blocks Per Unit */
708 /* Build display for: Block Size */
710 BlockSize = GSHORT(pd, offset);
714 proto_tree_add_text(tree, NullTVB, offset, 2, "Block Size: %u", BlockSize);
718 offset += 2; /* Skip Block Size */
720 /* Build display for: Free Units */
722 FreeUnits = GSHORT(pd, offset);
726 proto_tree_add_text(tree, NullTVB, offset, 2, "Free Units: %u", FreeUnits);
730 offset += 2; /* Skip Free Units */
732 /* Build display for: Reserved */
734 Reserved = GSHORT(pd, offset);
738 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
742 offset += 2; /* Skip Reserved */
746 /* Build display for: Byte Count (BCC) */
748 ByteCount = GSHORT(pd, offset);
752 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
756 offset += 2; /* Skip Byte Count (BCC) */
763 dissect_set_file_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
766 proto_tree *Attributes_tree;
776 guint16 LastWriteTime;
777 guint16 LastWriteDate;
779 const char *FileName;
781 if (dirn == 1) { /* Request(s) dissect code */
783 /* Build display for: Word Count (WCT) */
785 WordCount = GBYTE(pd, offset);
789 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
793 offset += 1; /* Skip Word Count (WCT) */
797 /* Build display for: Attributes */
799 Attributes = GSHORT(pd, offset);
803 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Attributes: 0x%02x", Attributes);
804 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
805 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
806 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
807 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
808 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
809 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
810 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
811 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
812 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
813 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
814 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
815 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
816 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
820 offset += 2; /* Skip Attributes */
822 /* Build display for: Last Write Time */
824 LastWriteTime = GSHORT(pd, offset);
828 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_dos_time(LastWriteTime));
832 offset += 2; /* Skip Last Write Time */
834 /* Build display for: Last Write Date */
836 LastWriteDate = GSHORT(pd, offset);
840 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_dos_date(LastWriteDate));
844 offset += 2; /* Skip Last Write Date */
846 /* Build display for: Reserved 1 */
848 Reserved1 = GSHORT(pd, offset);
852 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
856 offset += 2; /* Skip Reserved 1 */
858 /* Build display for: Reserved 2 */
860 Reserved2 = GSHORT(pd, offset);
864 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 2: %u", Reserved2);
868 offset += 2; /* Skip Reserved 2 */
870 /* Build display for: Reserved 3 */
872 Reserved3 = GSHORT(pd, offset);
876 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 3: %u", Reserved3);
880 offset += 2; /* Skip Reserved 3 */
882 /* Build display for: Reserved 4 */
884 Reserved4 = GSHORT(pd, offset);
888 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 4: %u", Reserved4);
892 offset += 2; /* Skip Reserved 4 */
894 /* Build display for: Reserved 5 */
896 Reserved5 = GSHORT(pd, offset);
900 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 5: %u", Reserved5);
904 offset += 2; /* Skip Reserved 5 */
908 /* Build display for: Byte Count (BCC) */
910 ByteCount = GSHORT(pd, offset);
914 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
918 offset += 2; /* Skip Byte Count (BCC) */
920 /* Build display for: Buffer Format */
922 BufferFormat = GBYTE(pd, offset);
926 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
930 offset += 1; /* Skip Buffer Format */
932 /* Build display for: File Name */
934 FileName = pd + offset;
938 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
942 offset += strlen(FileName) + 1; /* Skip File Name */
946 if (dirn == 0) { /* Response(s) dissect code */
948 /* Build display for: Word Count (WCT) */
950 WordCount = GBYTE(pd, offset);
954 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
958 offset += 1; /* Skip Word Count (WCT) */
960 /* Build display for: Byte Count (BCC) */
962 ByteCount = GBYTE(pd, offset);
966 proto_tree_add_text(tree, NullTVB, offset, 1, "Byte Count (BCC): %u", ByteCount);
970 offset += 1; /* Skip Byte Count (BCC) */
977 dissect_write_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
989 if (dirn == 1) { /* Request(s) dissect code */
991 /* Build display for: Word Count (WCT) */
993 WordCount = GBYTE(pd, offset);
997 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1001 offset += 1; /* Skip Word Count (WCT) */
1003 /* Build display for: FID */
1005 FID = GSHORT(pd, offset);
1009 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
1013 offset += 2; /* Skip FID */
1015 /* Build display for: Count */
1017 Count = GSHORT(pd, offset);
1021 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
1025 offset += 2; /* Skip Count */
1027 /* Build display for: Offset */
1029 Offset = GWORD(pd, offset);
1033 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
1037 offset += 4; /* Skip Offset */
1039 /* Build display for: Remaining */
1041 Remaining = GSHORT(pd, offset);
1045 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
1049 offset += 2; /* Skip Remaining */
1051 /* Build display for: Byte Count (BCC) */
1053 ByteCount = GSHORT(pd, offset);
1057 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1061 offset += 2; /* Skip Byte Count (BCC) */
1063 /* Build display for: Buffer Format */
1065 BufferFormat = GBYTE(pd, offset);
1069 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
1073 offset += 1; /* Skip Buffer Format */
1075 /* Build display for: Data Length */
1077 DataLength = GSHORT(pd, offset);
1081 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
1085 offset += 2; /* Skip Data Length */
1089 if (dirn == 0) { /* Response(s) dissect code */
1091 /* Build display for: Word Count (WCT) */
1093 WordCount = GBYTE(pd, offset);
1097 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1101 offset += 1; /* Skip Word Count (WCT) */
1103 /* Build display for: Count */
1105 Count = GSHORT(pd, offset);
1109 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
1113 offset += 2; /* Skip Count */
1115 /* Build display for: Byte Count (BCC) */
1117 ByteCount = GSHORT(pd, offset);
1121 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1125 offset += 2; /* Skip Byte Count (BCC) */
1132 dissect_read_mpx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *arent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1146 guint16 DataCompactionMode;
1150 if (dirn == 1) { /* Request(s) dissect code */
1152 /* Build display for: Word Count (WCT) */
1154 WordCount = GBYTE(pd, offset);
1158 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1162 offset += 1; /* Skip Word Count (WCT) */
1164 /* Build display for: FID */
1166 FID = GSHORT(pd, offset);
1170 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
1174 offset += 2; /* Skip FID */
1176 /* Build display for: Offset */
1178 Offset = GWORD(pd, offset);
1182 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
1186 offset += 4; /* Skip Offset */
1188 /* Build display for: Max Count */
1190 MaxCount = GSHORT(pd, offset);
1194 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
1198 offset += 2; /* Skip Max Count */
1200 /* Build display for: Min Count */
1202 MinCount = GSHORT(pd, offset);
1206 proto_tree_add_text(tree, NullTVB, offset, 2, "Min Count: %u", MinCount);
1210 offset += 2; /* Skip Min Count */
1212 /* Build display for: Reserved 1 */
1214 Reserved1 = GWORD(pd, offset);
1218 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved 1: %u", Reserved1);
1222 offset += 4; /* Skip Reserved 1 */
1224 /* Build display for: Reserved 2 */
1226 Reserved2 = GSHORT(pd, offset);
1230 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 2: %u", Reserved2);
1234 offset += 2; /* Skip Reserved 2 */
1236 /* Build display for: Byte Count (BCC) */
1238 ByteCount = GSHORT(pd, offset);
1242 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1246 offset += 2; /* Skip Byte Count (BCC) */
1250 if (dirn == 0) { /* Response(s) dissect code */
1252 /* Build display for: Word Count */
1254 WordCount = GBYTE(pd, offset);
1258 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count: %u", WordCount);
1262 offset += 1; /* Skip Word Count */
1264 if (WordCount > 0) {
1266 /* Build display for: Offset */
1268 Offset = GWORD(pd, offset);
1272 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
1276 offset += 4; /* Skip Offset */
1278 /* Build display for: Count */
1280 Count = GSHORT(pd, offset);
1284 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
1288 offset += 2; /* Skip Count */
1290 /* Build display for: Reserved */
1292 Reserved = GSHORT(pd, offset);
1296 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
1300 offset += 2; /* Skip Reserved */
1302 /* Build display for: Data Compaction Mode */
1304 DataCompactionMode = GSHORT(pd, offset);
1308 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Compaction Mode: %u", DataCompactionMode);
1312 offset += 2; /* Skip Data Compaction Mode */
1314 /* Build display for: Reserved */
1316 Reserved = GSHORT(pd, offset);
1320 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
1324 offset += 2; /* Skip Reserved */
1326 /* Build display for: Data Length */
1328 DataLength = GSHORT(pd, offset);
1332 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
1336 offset += 2; /* Skip Data Length */
1338 /* Build display for: Data Offset */
1340 DataOffset = GSHORT(pd, offset);
1344 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
1348 offset += 2; /* Skip Data Offset */
1352 /* Build display for: Byte Count (BCC) */
1354 ByteCount = GSHORT(pd, offset);
1358 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1362 offset += 2; /* Skip Byte Count (BCC) */
1364 /* Build display for: Pad */
1366 Pad = GBYTE(pd, offset);
1370 proto_tree_add_text(tree, NullTVB, offset, 1, "Pad: %u", Pad);
1374 offset += 1; /* Skip Pad */
1381 dissect_delete_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *paernt, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1385 guint8 BufferFormat;
1387 const char *FileName;
1389 if (dirn == 1) { /* Request(s) dissect code */
1391 /* Build display for: Word Count (WCT) */
1393 WordCount = GBYTE(pd, offset);
1397 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1401 offset += 1; /* Skip Word Count (WCT) */
1403 /* Build display for: Byte Count (BCC) */
1405 ByteCount = GSHORT(pd, offset);
1409 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1413 offset += 2; /* Skip Byte Count (BCC) */
1415 /* Build display for: Buffer Format */
1417 BufferFormat = GBYTE(pd, offset);
1421 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
1425 offset += 1; /* Skip Buffer Format */
1427 /* Build display for: File Name */
1429 FileName = pd + offset;
1433 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
1437 offset += strlen(FileName) + 1; /* Skip File Name */
1441 if (dirn == 0) { /* Response(s) dissect code */
1443 /* Build display for: Word Count (WCT) */
1445 WordCount = GBYTE(pd, offset);
1449 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1453 offset += 1; /* Skip Word Count (WCT) */
1455 /* Build display for: Byte Count (BCC) */
1457 ByteCount = GSHORT(pd, offset);
1461 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1465 offset += 2; /* Skip Byte Count (BCC) */
1472 dissect_query_info2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1475 proto_tree *Attributes_tree;
1478 guint32 FileDataSize;
1479 guint32 FileAllocationSize;
1480 guint16 LastWriteTime;
1481 guint16 LastWriteDate;
1482 guint16 LastAccessTime;
1483 guint16 LastAccessDate;
1485 guint16 CreationTime;
1486 guint16 CreationDate;
1490 if (dirn == 1) { /* Request(s) dissect code */
1492 /* Build display for: Word Count (WCT) */
1494 WordCount = GBYTE(pd, offset);
1498 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1502 offset += 1; /* Skip Word Count (WCT) */
1504 /* Build display for: FID */
1506 FID = GSHORT(pd, offset);
1510 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
1514 offset += 2; /* Skip FID */
1516 /* Build display for: Byte Count */
1518 ByteCount = GSHORT(pd, offset);
1522 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
1526 offset += 2; /* Skip Byte Count */
1530 if (dirn == 0) { /* Response(s) dissect code */
1532 /* Build display for: Word Count (WCT) */
1534 WordCount = GBYTE(pd, offset);
1538 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1542 offset += 1; /* Skip Word Count (WCT) */
1544 if (WordCount > 0) {
1546 /* Build display for: Creation Date */
1548 CreationDate = GSHORT(pd, offset);
1552 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Date: %s", dissect_dos_date(CreationDate));
1556 offset += 2; /* Skip Creation Date */
1558 /* Build display for: Creation Time */
1560 CreationTime = GSHORT(pd, offset);
1564 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Time: %s", dissect_dos_time(CreationTime));
1568 offset += 2; /* Skip Creation Time */
1570 /* Build display for: Last Access Date */
1572 LastAccessDate = GSHORT(pd, offset);
1576 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Access Date: %s", dissect_dos_date(LastAccessDate));
1580 offset += 2; /* Skip Last Access Date */
1582 /* Build display for: Last Access Time */
1584 LastAccessTime = GSHORT(pd, offset);
1588 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Access Time: %s", dissect_dos_time(LastAccessTime));
1592 offset += 2; /* Skip Last Access Time */
1594 /* Build display for: Last Write Date */
1596 LastWriteDate = GSHORT(pd, offset);
1600 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_dos_date(LastWriteDate));
1604 offset += 2; /* Skip Last Write Date */
1606 /* Build display for: Last Write Time */
1608 LastWriteTime = GSHORT(pd, offset);
1612 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_dos_time(LastWriteTime));
1616 offset += 2; /* Skip Last Write Time */
1618 /* Build display for: File Data Size */
1620 FileDataSize = GWORD(pd, offset);
1624 proto_tree_add_text(tree, NullTVB, offset, 4, "File Data Size: %u", FileDataSize);
1628 offset += 4; /* Skip File Data Size */
1630 /* Build display for: File Allocation Size */
1632 FileAllocationSize = GWORD(pd, offset);
1636 proto_tree_add_text(tree, NullTVB, offset, 4, "File Allocation Size: %u", FileAllocationSize);
1640 offset += 4; /* Skip File Allocation Size */
1642 /* Build display for: Attributes */
1644 Attributes = GSHORT(pd, offset);
1648 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Attributes: 0x%02x", Attributes);
1649 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
1650 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1651 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
1652 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1653 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
1654 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1655 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
1656 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1657 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
1658 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1659 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
1660 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1661 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
1665 offset += 2; /* Skip Attributes */
1669 /* Build display for: Byte Count */
1671 ByteCount = GSHORT(pd, offset);
1675 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
1679 offset += 2; /* Skip Byte Count */
1686 dissect_treecon_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1690 guint8 BufferFormat3;
1691 guint8 BufferFormat2;
1692 guint8 BufferFormat1;
1694 guint16 MaxBufferSize;
1696 const char *SharePath;
1697 const char *Service;
1698 const char *Password;
1700 if (dirn == 1) { /* Request(s) dissect code */
1702 /* Build display for: Word Count (WCT) */
1704 WordCount = GBYTE(pd, offset);
1708 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1712 offset += 1; /* Skip Word Count (WCT) */
1714 /* Build display for: Byte Count (BCC) */
1716 ByteCount = GSHORT(pd, offset);
1720 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1724 offset += 2; /* Skip Byte Count (BCC) */
1726 /* Build display for: BufferFormat1 */
1728 BufferFormat1 = GBYTE(pd, offset);
1732 proto_tree_add_text(tree, NullTVB, offset, 1, "BufferFormat1: %u", BufferFormat1);
1736 offset += 1; /* Skip BufferFormat1 */
1738 /* Build display for: Share Path */
1740 SharePath = pd + offset;
1744 proto_tree_add_text(tree, NullTVB, offset, strlen(SharePath) + 1, "Share Path: %s", SharePath);
1748 offset += strlen(SharePath) + 1; /* Skip Share Path */
1750 /* Build display for: BufferFormat2 */
1752 BufferFormat2 = GBYTE(pd, offset);
1756 proto_tree_add_text(tree, NullTVB, offset, 1, "BufferFormat2: %u", BufferFormat2);
1760 offset += 1; /* Skip BufferFormat2 */
1762 /* Build display for: Password */
1764 Password = pd + offset;
1768 proto_tree_add_text(tree, NullTVB, offset, strlen(Password) + 1, "Password: %s", Password);
1772 offset += strlen(Password) + 1; /* Skip Password */
1774 /* Build display for: BufferFormat3 */
1776 BufferFormat3 = GBYTE(pd, offset);
1780 proto_tree_add_text(tree, NullTVB, offset, 1, "BufferFormat3: %u", BufferFormat3);
1784 offset += 1; /* Skip BufferFormat3 */
1786 /* Build display for: Service */
1788 Service = pd + offset;
1792 proto_tree_add_text(tree, NullTVB, offset, strlen(Service) + 1, "Service: %s", Service);
1796 offset += strlen(Service) + 1; /* Skip Service */
1800 if (dirn == 0) { /* Response(s) dissect code */
1802 /* Build display for: Word Count (WCT) */
1804 WordCount = GBYTE(pd, offset);
1808 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1812 if (errcode != 0) return;
1814 offset += 1; /* Skip Word Count (WCT) */
1816 /* Build display for: Max Buffer Size */
1818 MaxBufferSize = GSHORT(pd, offset);
1822 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Buffer Size: %u", MaxBufferSize);
1826 offset += 2; /* Skip Max Buffer Size */
1828 /* Build display for: TID */
1830 TID = GSHORT(pd, offset);
1834 proto_tree_add_text(tree, NullTVB, offset, 2, "TID: %u", TID);
1838 offset += 2; /* Skip TID */
1840 /* Build display for: Byte Count (BCC) */
1842 ByteCount = GSHORT(pd, offset);
1846 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1850 offset += 2; /* Skip Byte Count (BCC) */
1856 /* Generated by build-dissect.pl Vesion 0.6 27-Jun-1999, ACT */
1858 dissect_ssetup_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1861 proto_tree *Capabilities_tree;
1864 guint8 AndXReserved;
1865 guint8 AndXCommand = 0xFF;
1868 guint32 Capabilities;
1870 guint16 UNICODEAccountPasswordLength;
1871 guint16 PasswordLen;
1872 guint16 MaxMpxCount;
1873 guint16 MaxBufferSize;
1875 guint16 AndXOffset = 0;
1877 guint16 ANSIAccountPasswordLength;
1878 const char *UNICODEPassword;
1879 const char *Password;
1880 const char *PrimaryDomain;
1881 const char *NativeOS;
1882 const char *NativeLanManType;
1883 const char *NativeLanMan;
1884 const char *AccountName;
1885 const char *ANSIPassword;
1887 if (dirn == 1) { /* Request(s) dissect code */
1889 WordCount = GBYTE(pd, offset);
1891 switch (WordCount) {
1895 /* Build display for: Word Count (WCT) */
1897 WordCount = GBYTE(pd, offset);
1901 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1905 offset += 1; /* Skip Word Count (WCT) */
1907 /* Build display for: AndXCommand */
1909 AndXCommand = GBYTE(pd, offset);
1913 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
1914 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
1918 offset += 1; /* Skip AndXCommand */
1920 /* Build display for: AndXReserved */
1922 AndXReserved = GBYTE(pd, offset);
1926 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
1930 offset += 1; /* Skip AndXReserved */
1932 /* Build display for: AndXOffset */
1934 AndXOffset = GSHORT(pd, offset);
1938 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
1942 offset += 2; /* Skip AndXOffset */
1944 /* Build display for: MaxBufferSize */
1946 MaxBufferSize = GSHORT(pd, offset);
1950 proto_tree_add_text(tree, NullTVB, offset, 2, "MaxBufferSize: %u", MaxBufferSize);
1954 offset += 2; /* Skip MaxBufferSize */
1956 /* Build display for: MaxMpxCount */
1958 MaxMpxCount = GSHORT(pd, offset);
1962 proto_tree_add_text(tree, NullTVB, offset, 2, "MaxMpxCount: %u", MaxMpxCount);
1966 offset += 2; /* Skip MaxMpxCount */
1968 /* Build display for: VcNumber */
1970 VcNumber = GSHORT(pd, offset);
1974 proto_tree_add_text(tree, NullTVB, offset, 2, "VcNumber: %u", VcNumber);
1978 offset += 2; /* Skip VcNumber */
1980 /* Build display for: SessionKey */
1982 SessionKey = GWORD(pd, offset);
1986 proto_tree_add_text(tree, NullTVB, offset, 4, "SessionKey: %u", SessionKey);
1990 offset += 4; /* Skip SessionKey */
1992 /* Build display for: PasswordLen */
1994 PasswordLen = GSHORT(pd, offset);
1998 proto_tree_add_text(tree, NullTVB, offset, 2, "PasswordLen: %u", PasswordLen);
2002 offset += 2; /* Skip PasswordLen */
2004 /* Build display for: Reserved */
2006 Reserved = GWORD(pd, offset);
2010 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved: %u", Reserved);
2014 offset += 4; /* Skip Reserved */
2016 /* Build display for: Byte Count (BCC) */
2018 ByteCount = GSHORT(pd, offset);
2022 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
2026 offset += 2; /* Skip Byte Count (BCC) */
2028 if (ByteCount > 0) {
2030 /* Build displat for: Password */
2032 Password = pd + offset;
2036 proto_tree_add_text(tree, NullTVB, offset, strlen(Password) + 1, "Password: %s", Password);
2040 offset += PasswordLen;
2042 /* Build display for: AccountName */
2044 AccountName = pd + offset;
2048 proto_tree_add_text(tree, NullTVB, offset, strlen(AccountName) + 1, "AccountName: %s", AccountName);
2052 offset += strlen(AccountName) + 1; /* Skip AccountName */
2054 /* Build display for: PrimaryDomain */
2056 PrimaryDomain = pd + offset;
2060 proto_tree_add_text(tree, NullTVB, offset, strlen(PrimaryDomain) + 1, "PrimaryDomain: %s", PrimaryDomain);
2064 offset += strlen(PrimaryDomain) + 1; /* Skip PrimaryDomain */
2066 /* Build display for: NativeOS */
2068 NativeOS = pd + offset;
2072 proto_tree_add_text(tree, NullTVB, offset, strlen(NativeOS) + 1, "Native OS: %s", NativeOS);
2076 offset += strlen(NativeOS) + 1; /* Skip NativeOS */
2078 /* Build display for: NativeLanMan */
2080 NativeLanMan = pd + offset;
2084 proto_tree_add_text(tree, NullTVB, offset, strlen(NativeLanMan) + 1, "Native Lan Manager: %s", NativeLanMan);
2088 offset += strlen(NativeLanMan) + 1; /* Skip NativeLanMan */
2096 /* Build display for: Word Count (WCT) */
2098 WordCount = GBYTE(pd, offset);
2102 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
2106 offset += 1; /* Skip Word Count (WCT) */
2108 /* Build display for: AndXCommand */
2110 AndXCommand = GBYTE(pd, offset);
2114 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
2115 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
2119 offset += 1; /* Skip AndXCommand */
2121 /* Build display for: AndXReserved */
2123 AndXReserved = GBYTE(pd, offset);
2127 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
2131 offset += 1; /* Skip AndXReserved */
2133 /* Build display for: AndXOffset */
2135 AndXOffset = GSHORT(pd, offset);
2139 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
2143 offset += 2; /* Skip AndXOffset */
2145 /* Build display for: MaxBufferSize */
2147 MaxBufferSize = GSHORT(pd, offset);
2151 proto_tree_add_text(tree, NullTVB, offset, 2, "MaxBufferSize: %u", MaxBufferSize);
2155 offset += 2; /* Skip MaxBufferSize */
2157 /* Build display for: MaxMpxCount */
2159 MaxMpxCount = GSHORT(pd, offset);
2163 proto_tree_add_text(tree, NullTVB, offset, 2, "MaxMpxCount: %u", MaxMpxCount);
2167 offset += 2; /* Skip MaxMpxCount */
2169 /* Build display for: VcNumber */
2171 VcNumber = GSHORT(pd, offset);
2175 proto_tree_add_text(tree, NullTVB, offset, 2, "VcNumber: %u", VcNumber);
2179 offset += 2; /* Skip VcNumber */
2181 /* Build display for: SessionKey */
2183 SessionKey = GWORD(pd, offset);
2187 proto_tree_add_text(tree, NullTVB, offset, 4, "SessionKey: %u", SessionKey);
2191 offset += 4; /* Skip SessionKey */
2193 /* Build display for: ANSI Account Password Length */
2195 ANSIAccountPasswordLength = GSHORT(pd, offset);
2199 proto_tree_add_text(tree, NullTVB, offset, 2, "ANSI Account Password Length: %u", ANSIAccountPasswordLength);
2203 offset += 2; /* Skip ANSI Account Password Length */
2205 /* Build display for: UNICODE Account Password Length */
2207 UNICODEAccountPasswordLength = GSHORT(pd, offset);
2211 proto_tree_add_text(tree, NullTVB, offset, 2, "UNICODE Account Password Length: %u", UNICODEAccountPasswordLength);
2215 offset += 2; /* Skip UNICODE Account Password Length */
2217 /* Build display for: Reserved */
2219 Reserved = GWORD(pd, offset);
2223 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved: %u", Reserved);
2227 offset += 4; /* Skip Reserved */
2229 /* Build display for: Capabilities */
2231 Capabilities = GWORD(pd, offset);
2235 ti = proto_tree_add_text(tree, NullTVB, offset, 4, "Capabilities: 0x%04x", Capabilities);
2236 Capabilities_tree = proto_item_add_subtree(ti, ett_smb_capabilities);
2237 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2238 decode_boolean_bitfield(Capabilities, 0x0001, 32, " Raw Mode supported", " Raw Mode not supported"));
2239 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2240 decode_boolean_bitfield(Capabilities, 0x0002, 32, " Raw Mode supported", " MPX Mode not supported"));
2241 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2242 decode_boolean_bitfield(Capabilities, 0x0004, 32," Unicode supported", " Unicode not supported"));
2243 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2244 decode_boolean_bitfield(Capabilities, 0x0008, 32, " Large Files supported", " Large Files not supported"));
2245 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2246 decode_boolean_bitfield(Capabilities, 0x0010, 32, " NT LM 0.12 SMBs supported", " NT LM 0.12 SMBs not supported"));
2247 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2248 decode_boolean_bitfield(Capabilities, 0x0020, 32, " RPC Remote APIs supported", " RPC Remote APIs not supported"));
2249 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2250 decode_boolean_bitfield(Capabilities, 0x0040, 32, " NT Status Codes supported", " NT Status Codes not supported"));
2251 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2252 decode_boolean_bitfield(Capabilities, 0x0080, 32, " Level 2 OpLocks supported", " Level 2 OpLocks not supported"));
2253 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2254 decode_boolean_bitfield(Capabilities, 0x0100, 32, " Lock&Read supported", " Lock&Read not supported"));
2255 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2256 decode_boolean_bitfield(Capabilities, 0x0200, 32, " NT Find supported", " NT Find not supported"));
2257 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2258 decode_boolean_bitfield(Capabilities, 0x1000, 32, " DFS supported", " DFS not supported"));
2259 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2260 decode_boolean_bitfield(Capabilities, 0x4000, 32, " Large READX supported", " Large READX not supported"));
2261 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2262 decode_boolean_bitfield(Capabilities, 0x8000, 32, " Large WRITEX supported", " Large WRITEX not supported"));
2263 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2264 decode_boolean_bitfield(Capabilities, 0x80000000, 32, " Extended Security Exchanges supported", " Extended Security Exchanges not supported"));
2268 offset += 4; /* Skip Capabilities */
2270 /* Build display for: Byte Count */
2272 ByteCount = GSHORT(pd, offset);
2276 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
2280 offset += 2; /* Skip Byte Count */
2282 if (ByteCount > 0) {
2284 /* Build display for: ANSI Password */
2286 ANSIPassword = pd + offset;
2290 proto_tree_add_text(tree, NullTVB, offset, ANSIAccountPasswordLength, "ANSI Password: %s", format_text(ANSIPassword, ANSIAccountPasswordLength));
2294 offset += ANSIAccountPasswordLength; /* Skip ANSI Password */
2295 if (ANSIAccountPasswordLength == 0) offset++; /* Add 1 */
2297 /* Build display for: UNICODE Password */
2299 UNICODEPassword = pd + offset;
2301 if (UNICODEAccountPasswordLength > 0) {
2305 proto_tree_add_text(tree, NullTVB, offset, UNICODEAccountPasswordLength, "UNICODE Password: %s", format_text(UNICODEPassword, UNICODEAccountPasswordLength));
2309 offset += UNICODEAccountPasswordLength; /* Skip UNICODE Password */
2313 /* Build display for: Account Name */
2315 AccountName = pd + offset;
2319 proto_tree_add_text(tree, NullTVB, offset, strlen(AccountName) + 1, "Account Name: %s", AccountName);
2323 offset += strlen(AccountName) + 1; /* Skip Account Name */
2325 /* Build display for: Primary Domain */
2327 PrimaryDomain = pd + offset;
2331 proto_tree_add_text(tree, NullTVB, offset, strlen(PrimaryDomain) + 1, "Primary Domain: %s", PrimaryDomain);
2335 offset += strlen(PrimaryDomain) + 1; /* Skip Primary Domain */
2337 /* Build display for: Native OS */
2339 NativeOS = pd + offset;
2343 proto_tree_add_text(tree, NullTVB, offset, strlen(NativeOS) + 1, "Native OS: %s", NativeOS);
2347 offset += strlen(NativeOS) + 1; /* Skip Native OS */
2349 /* Build display for: Native LanMan Type */
2351 NativeLanManType = pd + offset;
2355 proto_tree_add_text(tree, NullTVB, offset, strlen(NativeLanManType) + 1, "Native LanMan Type: %s", NativeLanManType);
2359 offset += strlen(NativeLanManType) + 1; /* Skip Native LanMan Type */
2368 if (AndXCommand != 0xFF) {
2370 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
2376 if (dirn == 0) { /* Response(s) dissect code */
2378 /* Build display for: Word Count (WCT) */
2380 WordCount = GBYTE(pd, offset);
2384 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
2388 offset += 1; /* Skip Word Count (WCT) */
2390 if (WordCount > 0) {
2392 /* Build display for: AndXCommand */
2394 AndXCommand = GBYTE(pd, offset);
2398 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
2399 (AndXCommand == 0xFF ? "No futher commands" : decode_smb_name(AndXCommand)));
2403 offset += 1; /* Skip AndXCommand */
2405 /* Build display for: AndXReserved */
2407 AndXReserved = GBYTE(pd, offset);
2411 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
2415 offset += 1; /* Skip AndXReserved */
2417 /* Build display for: AndXOffset */
2419 AndXOffset = GSHORT(pd, offset);
2423 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
2428 offset += 2; /* Skip AndXOffset */
2430 /* Build display for: Action */
2432 Action = GSHORT(pd, offset);
2436 proto_tree_add_text(tree, NullTVB, offset, 2, "Action: %u", Action);
2440 offset += 2; /* Skip Action */
2444 /* Build display for: Byte Count (BCC) */
2446 ByteCount = GSHORT(pd, offset);
2450 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
2454 if (errcode != 0 && WordCount == 0xFF) return; /* No more here ... */
2456 offset += 2; /* Skip Byte Count (BCC) */
2458 if (ByteCount > 0) {
2460 /* Build display for: NativeOS */
2462 NativeOS = pd + offset;
2466 proto_tree_add_text(tree, NullTVB, offset, strlen(NativeOS) + 1, "NativeOS: %s", NativeOS);
2470 offset += strlen(NativeOS) + 1; /* Skip NativeOS */
2472 /* Build display for: NativeLanMan */
2474 NativeLanMan = pd + offset;
2478 proto_tree_add_text(tree, NullTVB, offset, strlen(NativeLanMan) + 1, "NativeLanMan: %s", NativeLanMan);
2482 offset += strlen(NativeLanMan) + 1; /* Skip NativeLanMan */
2484 /* Build display for: PrimaryDomain */
2486 PrimaryDomain = pd + offset;
2490 proto_tree_add_text(tree, NullTVB, offset, strlen(PrimaryDomain) + 1, "PrimaryDomain: %s", PrimaryDomain);
2494 offset += strlen(PrimaryDomain) + 1; /* Skip PrimaryDomain */
2498 if (AndXCommand != 0xFF) {
2500 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
2509 dissect_tcon_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
2512 guint8 wct, andxcmd = 0xFF;
2513 guint16 andxoffs = 0, flags, passwdlen, bcc, optionsup;
2515 proto_tree *flags_tree;
2520 /* Now figure out what format we are talking about, 2, 3, or 4 response
2524 if (!((dirn == 1) && (wct == 4)) && !((dirn == 0) && (wct == 2)) &&
2525 !((dirn == 0) && (wct == 3)) && !(wct == 0)) {
2529 proto_tree_add_text(tree, NullTVB, offset, 1, "Invalid TCON_ANDX format. WCT should be 0, 2, 3, or 4 ..., not %u", wct);
2531 proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Data");
2541 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", wct);
2549 andxcmd = pd[offset];
2553 proto_tree_add_text(tree, NullTVB, offset, 1, "Next Command: %s",
2554 (andxcmd == 0xFF) ? "No further commands":
2555 decode_smb_name(andxcmd));
2557 proto_tree_add_text(tree, NullTVB, offset + 1, 1, "Reserved (MBZ): %u", pd[offset+1]);
2563 andxoffs = GSHORT(pd, offset);
2567 proto_tree_add_text(tree, NullTVB, offset, 2, "Offset to next command: %u", andxoffs);
2579 bcc = GSHORT(pd, offset);
2583 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
2591 flags = GSHORT(pd, offset);
2595 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Additional Flags: 0x%02x", flags);
2596 flags_tree = proto_item_add_subtree(ti, ett_smb_aflags);
2597 proto_tree_add_text(flags_tree, NullTVB, offset, 2, "%s",
2598 decode_boolean_bitfield(flags, 0x01, 16,
2600 "Don't disconnect TID"));
2606 passwdlen = GSHORT(pd, offset);
2610 proto_tree_add_text(tree, NullTVB, offset, 2, "Password Length: %u", passwdlen);
2616 bcc = GSHORT(pd, offset);
2620 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
2630 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Password: %s", format_text(str, passwdlen));
2634 offset += passwdlen;
2640 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Path: %s", str);
2644 offset += strlen(str) + 1;
2650 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Service: %s", str);
2658 bcc = GSHORT(pd, offset);
2662 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
2672 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Service Type: %s",
2677 offset += strlen(str) + 1;
2683 optionsup = GSHORT(pd, offset);
2685 if (tree) { /* Should break out the bits */
2687 proto_tree_add_text(tree, NullTVB, offset, 2, "Optional Support: 0x%04x",
2694 bcc = GSHORT(pd, offset);
2698 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
2708 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Service: %s", str);
2712 offset += strlen(str) + 1;
2718 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Native File System: %s", str);
2722 offset += strlen(str) + 1;
2732 if (andxcmd != 0xFF) /* Process that next command ... ??? */
2734 (dissect[andxcmd])(pd, SMB_offset + andxoffs, fd, parent, tree, si, max_data - offset, SMB_offset, errcode, dirn);
2739 dissect_negprot_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
2741 guint8 wct, enckeylen;
2742 guint16 bcc, mode, rawmode, dialect;
2744 proto_tree *dialects = NULL, *mode_tree, *caps_tree, *rawmode_tree;
2750 wct = pd[offset]; /* Should be 0, 1 or 13 or 17, I think */
2752 if (!((wct == 0) && (dirn == 1)) && !((wct == 1) && (dirn == 0)) &&
2753 !((wct == 13) && (dirn == 0)) && !((wct == 17) && (dirn == 0))) {
2756 proto_tree_add_text(tree, NullTVB, offset, 1, "Invalid Negotiate Protocol format. WCT should be zero or 1 or 13 or 17 ..., not %u", wct);
2758 proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Data");
2766 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %d", wct);
2770 if (dirn == 0 && errcode != 0) return; /* No more info ... */
2774 /* Now decode the various formats ... */
2778 case 0: /* A request */
2780 bcc = GSHORT(pd, offset);
2784 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
2792 ti = proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Dialects");
2793 dialects = proto_item_add_subtree(ti, ett_smb_dialects);
2797 while (IS_DATA_IN_FRAME(offset)) {
2802 proto_tree_add_text(dialects, NullTVB, offset, 1, "Dialect Marker: %d", pd[offset]);
2812 proto_tree_add_text(dialects, NullTVB, offset, strlen(str)+1, "Dialect: %s", str);
2816 offset += strlen(str) + 1;
2821 case 1: /* PC NETWORK PROGRAM 1.0 */
2823 dialect = GSHORT(pd, offset);
2825 if (tree) { /* Hmmmm, what if none of the dialects is recognized */
2827 if (dialect == 0xFFFF) { /* Server didn't like them dialects */
2829 proto_tree_add_text(tree, NullTVB, offset, 2, "Supplied dialects not recognized");
2834 proto_tree_add_text(tree, NullTVB, offset, 2, "Dialect Index: %u, PC NETWORK PROTGRAM 1.0", dialect);
2842 bcc = GSHORT(pd, offset);
2846 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
2852 case 13: /* Greater than Core and up to and incl LANMAN2.1 */
2856 proto_tree_add_text(tree, NullTVB, offset, 2, "Dialect Index: %u, Greater than CORE PROTOCOL and up to LANMAN2.1", GSHORT(pd, offset));
2860 /* Much of this is similar to response 17 below */
2864 mode = GSHORT(pd, offset);
2868 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Security Mode: 0x%04x", mode);
2869 mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
2870 proto_tree_add_text(mode_tree, NullTVB, offset, 2, "%s",
2871 decode_boolean_bitfield(mode, 0x0001, 16,
2873 "Security = Share"));
2874 proto_tree_add_text(mode_tree, NullTVB, offset, 2, "%s",
2875 decode_boolean_bitfield(mode, 0x0002, 16,
2876 "Passwords = Encrypted",
2877 "Passwords = Plaintext"));
2885 proto_tree_add_text(tree, NullTVB, offset, 2, "Max buffer size: %u", GSHORT(pd, offset));
2893 proto_tree_add_text(tree, NullTVB, offset, 2, "Max multiplex count: %u", GSHORT(pd, offset));
2901 proto_tree_add_text(tree, NullTVB, offset, 2, "Max vcs: %u", GSHORT(pd, offset));
2907 rawmode = GSHORT(pd, offset);
2911 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Raw Mode: 0x%04x", rawmode);
2912 rawmode_tree = proto_item_add_subtree(ti, ett_smb_rawmode);
2913 proto_tree_add_text(rawmode_tree, NullTVB, offset, 2, "%s",
2914 decode_boolean_bitfield(rawmode, 0x01, 16,
2915 "Read Raw supported",
2916 "Read Raw not supported"));
2917 proto_tree_add_text(rawmode_tree, NullTVB, offset, 2, "%s",
2918 decode_boolean_bitfield(rawmode, 0x02, 16,
2919 "Write Raw supported",
2920 "Write Raw not supported"));
2928 proto_tree_add_text(tree, NullTVB, offset, 4, "Session key: %08x", GWORD(pd, offset));
2934 /* Now the server time, two short parameters ... */
2938 proto_tree_add_text(tree, NullTVB, offset, 2, "Server Time: %s",
2939 dissect_dos_time(GSHORT(pd, offset)));
2940 proto_tree_add_text(tree, NullTVB, offset + 2, 2, "Server Date: %s",
2941 dissect_dos_date(GSHORT(pd, offset + 2)));
2947 /* Server Time Zone, SHORT */
2951 proto_tree_add_text(tree, NullTVB, offset, 2, "Server time zone: %i min from UTC",
2952 (signed)GSSHORT(pd, offset));
2958 /* Challenge Length */
2960 enckeylen = GSHORT(pd, offset);
2964 proto_tree_add_text(tree, NullTVB, offset, 2, "Challenge Length: %u", enckeylen);
2972 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u (MBZ)", GSHORT(pd, offset));
2978 bcc = GSHORT(pd, offset);
2982 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
2988 if (enckeylen) { /* only if non-zero key len */
2994 proto_tree_add_text(tree, NullTVB, offset, enckeylen, "Challenge: %s",
2995 bytes_to_str(str, enckeylen));
2998 offset += enckeylen;
3002 /* Primary Domain ... */
3008 proto_tree_add_text(tree, NullTVB, offset, strlen(str)+1, "Primary Domain: %s", str);
3014 case 17: /* Greater than LANMAN2.1 */
3018 proto_tree_add_text(tree, NullTVB, offset, 2, "Dialect Index: %u, Greater than LANMAN2.1", GSHORT(pd, offset));
3024 mode = GBYTE(pd, offset);
3028 ti = proto_tree_add_text(tree, NullTVB, offset, 1, "Security Mode: 0x%02x", mode);
3029 mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
3030 proto_tree_add_text(mode_tree, NullTVB, offset, 1, "%s",
3031 decode_boolean_bitfield(mode, 0x01, 8,
3033 "Security = Share"));
3034 proto_tree_add_text(mode_tree, NullTVB, offset, 1, "%s",
3035 decode_boolean_bitfield(mode, 0x02, 8,
3036 "Passwords = Encrypted",
3037 "Passwords = Plaintext"));
3038 proto_tree_add_text(mode_tree, NullTVB, offset, 1, "%s",
3039 decode_boolean_bitfield(mode, 0x04, 8,
3040 "Security signatures enabled",
3041 "Security signatures not enabled"));
3042 proto_tree_add_text(mode_tree, NullTVB, offset, 1, "%s",
3043 decode_boolean_bitfield(mode, 0x08, 8,
3044 "Security signatures required",
3045 "Security signatures not required"));
3053 proto_tree_add_text(tree, NullTVB, offset, 2, "Max multiplex count: %u", GSHORT(pd, offset));
3061 proto_tree_add_text(tree, NullTVB, offset, 2, "Max vcs: %u", GSHORT(pd, offset));
3069 proto_tree_add_text(tree, NullTVB, offset, 2, "Max buffer size: %u", GWORD(pd, offset));
3077 proto_tree_add_text(tree, NullTVB, offset, 4, "Max raw size: %u", GWORD(pd, offset));
3085 proto_tree_add_text(tree, NullTVB, offset, 4, "Session key: %08x", GWORD(pd, offset));
3091 caps = GWORD(pd, offset);
3095 ti = proto_tree_add_text(tree, NullTVB, offset, 4, "Capabilities: 0x%04x", caps);
3096 caps_tree = proto_item_add_subtree(ti, ett_smb_capabilities);
3097 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3098 decode_boolean_bitfield(caps, 0x0001, 32,
3099 "Raw Mode supported",
3100 "Raw Mode not supported"));
3101 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3102 decode_boolean_bitfield(caps, 0x0002, 32,
3103 "MPX Mode supported",
3104 "MPX Mode not supported"));
3105 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3106 decode_boolean_bitfield(caps, 0x0004, 32,
3107 "Unicode supported",
3108 "Unicode not supported"));
3109 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3110 decode_boolean_bitfield(caps, 0x0008, 32,
3111 "Large files supported",
3112 "Large files not supported"));
3113 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3114 decode_boolean_bitfield(caps, 0x0010, 32,
3115 "NT LM 0.12 SMBs supported",
3116 "NT LM 0.12 SMBs not supported"));
3117 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3118 decode_boolean_bitfield(caps, 0x0020, 32,
3119 "RPC remote APIs supported",
3120 "RPC remote APIs not supported"));
3121 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3122 decode_boolean_bitfield(caps, 0x0040, 32,
3123 "NT status codes supported",
3124 "NT status codes not supported"));
3125 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3126 decode_boolean_bitfield(caps, 0x0080, 32,
3127 "Level 2 OpLocks supported",
3128 "Level 2 OpLocks not supported"));
3129 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3130 decode_boolean_bitfield(caps, 0x0100, 32,
3131 "Lock&Read supported",
3132 "Lock&Read not supported"));
3133 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3134 decode_boolean_bitfield(caps, 0x0200, 32,
3135 "NT Find supported",
3136 "NT Find not supported"));
3137 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3138 decode_boolean_bitfield(caps, 0x1000, 32,
3140 "DFS not supported"));
3141 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3142 decode_boolean_bitfield(caps, 0x4000, 32,
3143 "Large READX supported",
3144 "Large READX not supported"));
3145 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3146 decode_boolean_bitfield(caps, 0x8000, 32,
3147 "Large WRITEX supported",
3148 "Large WRITEX not supported"));
3149 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3150 decode_boolean_bitfield(caps, 0x80000000, 32,
3151 "Extended security exchanges supported",
3152 "Extended security exchanges not supported"));
3157 /* Server time, 2 WORDS */
3161 proto_tree_add_text(tree, NullTVB, offset, 4, "System Time Low: 0x%08x", GWORD(pd, offset));
3162 proto_tree_add_text(tree, NullTVB, offset + 4, 4, "System Time High: 0x%08x", GWORD(pd, offset + 4));
3168 /* Server Time Zone, SHORT */
3172 proto_tree_add_text(tree, NullTVB, offset, 2, "Server time zone: %i min from UTC",
3173 (signed)GSSHORT(pd, offset));
3179 /* Encryption key len */
3181 enckeylen = pd[offset];
3185 proto_tree_add_text(tree, NullTVB, offset, 1, "Encryption key len: %u", enckeylen);
3191 bcc = GSHORT(pd, offset);
3195 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte count (BCC): %u", bcc);
3201 if (enckeylen) { /* only if non-zero key len */
3203 /* Encryption challenge key */
3209 proto_tree_add_text(tree, NullTVB, offset, enckeylen, "Challenge encryption key: %s",
3210 bytes_to_str(str, enckeylen));
3214 offset += enckeylen;
3218 /* The domain, a null terminated string; Unicode if "caps" has
3219 the 0x0004 bit set, ASCII (OEM character set) otherwise.
3220 XXX - for now, we just handle the ISO 8859-1 subset of Unicode. */
3226 if (caps & 0x0004) {
3227 ustr = unicode_to_str(str, &ustr_len);
3228 proto_tree_add_text(tree, NullTVB, offset, ustr_len+2, "OEM domain name: %s", ustr);
3230 proto_tree_add_text(tree, NullTVB, offset, strlen(str)+1, "OEM domain name: %s", str);
3237 default: /* Baddd */
3240 proto_tree_add_text(tree, NullTVB, offset, 1, "Bad format, should never get here");
3248 dissect_deletedir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3252 guint8 BufferFormat;
3254 const char *DirectoryName;
3256 if (dirn == 1) { /* Request(s) dissect code */
3258 /* Build display for: Word Count (WCT) */
3260 WordCount = GBYTE(pd, offset);
3264 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3268 offset += 1; /* Skip Word Count (WCT) */
3270 /* Build display for: Byte Count (BCC) */
3272 ByteCount = GSHORT(pd, offset);
3276 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3280 offset += 2; /* Skip Byte Count (BCC) */
3282 /* Build display for: Buffer Format */
3284 BufferFormat = GBYTE(pd, offset);
3288 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
3292 offset += 1; /* Skip Buffer Format */
3294 /* Build display for: Directory Name */
3296 DirectoryName = pd + offset;
3300 proto_tree_add_text(tree, NullTVB, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3304 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3308 if (dirn == 0) { /* Response(s) dissect code */
3310 /* Build display for: Word Count (WCT) */
3312 WordCount = GBYTE(pd, offset);
3316 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3320 offset += 1; /* Skip Word Count (WCT) */
3322 /* Build display for: Byte Count (BCC) */
3324 ByteCount = GSHORT(pd, offset);
3328 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3332 offset += 2; /* Skip Byte Count (BCC) */
3339 dissect_createdir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3343 guint8 BufferFormat;
3345 const char *DirectoryName;
3347 if (dirn == 1) { /* Request(s) dissect code */
3349 /* Build display for: Word Count (WCT) */
3351 WordCount = GBYTE(pd, offset);
3355 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3359 offset += 1; /* Skip Word Count (WCT) */
3361 /* Build display for: Byte Count (BCC) */
3363 ByteCount = GSHORT(pd, offset);
3367 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3371 offset += 2; /* Skip Byte Count (BCC) */
3373 /* Build display for: Buffer Format */
3375 BufferFormat = GBYTE(pd, offset);
3379 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
3383 offset += 1; /* Skip Buffer Format */
3385 /* Build display for: Directory Name */
3387 DirectoryName = pd + offset;
3391 proto_tree_add_text(tree, NullTVB, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3395 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3399 if (dirn == 0) { /* Response(s) dissect code */
3401 /* Build display for: Word Count (WCT) */
3403 WordCount = GBYTE(pd, offset);
3407 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3411 offset += 1; /* Skip Word Count (WCT) */
3413 /* Build display for: Byte Count (BCC) */
3415 ByteCount = GSHORT(pd, offset);
3419 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3423 offset += 2; /* Skip Byte Count (BCC) */
3430 dissect_checkdir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3434 guint8 BufferFormat;
3436 const char *DirectoryName;
3438 if (dirn == 1) { /* Request(s) dissect code */
3440 /* Build display for: Word Count (WCT) */
3442 WordCount = GBYTE(pd, offset);
3446 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3450 offset += 1; /* Skip Word Count (WCT) */
3452 /* Build display for: Byte Count (BCC) */
3454 ByteCount = GSHORT(pd, offset);
3458 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3462 offset += 2; /* Skip Byte Count (BCC) */
3464 /* Build display for: Buffer Format */
3466 BufferFormat = GBYTE(pd, offset);
3470 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
3474 offset += 1; /* Skip Buffer Format */
3476 /* Build display for: Directory Name */
3478 DirectoryName = pd + offset;
3482 proto_tree_add_text(tree, NullTVB, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3486 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3490 if (dirn == 0) { /* Response(s) dissect code */
3492 /* Build display for: Word Count (WCT) */
3494 WordCount = GBYTE(pd, offset);
3498 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3502 offset += 1; /* Skip Word Count (WCT) */
3504 /* Build display for: Byte Count (BCC) */
3506 ByteCount = GSHORT(pd, offset);
3510 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3514 offset += 2; /* Skip Byte Count (BCC) */
3521 dissect_open_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3524 static const value_string OpenFunction_0x10[] = {
3525 { 0, "Fail if file does not exist"},
3526 { 16, "Create file if it does not exist"},
3529 static const value_string OpenFunction_0x03[] = {
3530 { 0, "Fail if file exists"},
3531 { 1, "Open file if it exists"},
3532 { 2, "Truncate File if it exists"},
3535 static const value_string FileType_0xFFFF[] = {
3536 { 0, "Disk file or directory"},
3537 { 1, "Named pipe in byte mode"},
3538 { 2, "Named pipe in message mode"},
3539 { 3, "Spooled printer"},
3542 static const value_string DesiredAccess_0x70[] = {
3543 { 00, "Compatibility mode"},
3544 { 16, "Deny read/write/execute (exclusive)"},
3545 { 32, "Deny write"},
3546 { 48, "Deny read/execute"},
3550 static const value_string DesiredAccess_0x700[] = {
3551 { 0, "Locality of reference unknown"},
3552 { 256, "Mainly sequential access"},
3553 { 512, "Mainly random access"},
3554 { 768, "Random access with some locality"},
3557 static const value_string DesiredAccess_0x4000[] = {
3558 { 0, "Write through mode disabled"},
3559 { 16384, "Write through mode enabled"},
3562 static const value_string DesiredAccess_0x1000[] = {
3563 { 0, "Normal file (caching permitted)"},
3564 { 4096, "Do not cache this file"},
3567 static const value_string DesiredAccess_0x07[] = {
3568 { 0, "Open for reading"},
3569 { 1, "Open for writing"},
3570 { 2, "Open for reading and writing"},
3571 { 3, "Open for execute"},
3574 static const value_string Action_0x8000[] = {
3575 { 0, "File opened by another user (or mode not supported by server)"},
3576 { 32768, "File is opened only by this user at present"},
3579 static const value_string Action_0x0003[] = {
3580 { 0, "No action taken?"},
3581 { 1, "The file existed and was opened"},
3582 { 2, "The file did not exist but was created"},
3583 { 3, "The file existed and was truncated"},
3586 proto_tree *Search_tree;
3587 proto_tree *OpenFunction_tree;
3588 proto_tree *Flags_tree;
3589 proto_tree *File_tree;
3590 proto_tree *FileType_tree;
3591 proto_tree *FileAttributes_tree;
3592 proto_tree *DesiredAccess_tree;
3593 proto_tree *Action_tree;
3596 guint8 AndXReserved;
3597 guint8 AndXCommand = 0xFF;
3602 guint32 AllocatedSize;
3605 guint16 OpenFunction;
3606 guint16 LastWriteTime;
3607 guint16 LastWriteDate;
3608 guint16 GrantedAccess;
3611 guint16 FileAttributes;
3614 guint16 DeviceState;
3615 guint16 DesiredAccess;
3616 guint16 CreationTime;
3617 guint16 CreationDate;
3619 guint16 AndXOffset = 0;
3621 const char *FileName;
3623 if (dirn == 1) { /* Request(s) dissect code */
3625 /* Build display for: Word Count (WCT) */
3627 WordCount = GBYTE(pd, offset);
3631 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3635 offset += 1; /* Skip Word Count (WCT) */
3637 /* Build display for: AndXCommand */
3639 AndXCommand = GBYTE(pd, offset);
3643 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
3644 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
3648 offset += 1; /* Skip AndXCommand */
3650 /* Build display for: AndXReserved */
3652 AndXReserved = GBYTE(pd, offset);
3656 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
3660 offset += 1; /* Skip AndXReserved */
3662 /* Build display for: AndXOffset */
3664 AndXOffset = GSHORT(pd, offset);
3668 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
3672 offset += 2; /* Skip AndXOffset */
3674 /* Build display for: Flags */
3676 Flags = GSHORT(pd, offset);
3680 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Flags: 0x%02x", Flags);
3681 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
3682 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
3683 decode_boolean_bitfield(Flags, 0x01, 16, "Dont Return Additional Info", "Return Additional Info"));
3684 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
3685 decode_boolean_bitfield(Flags, 0x02, 16, "Exclusive OpLock not Requested", "Exclusive OpLock Requested"));
3686 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
3687 decode_boolean_bitfield(Flags, 0x04, 16, "Batch OpLock not Requested", "Batch OpLock Requested"));
3691 offset += 2; /* Skip Flags */
3693 /* Build display for: Desired Access */
3695 DesiredAccess = GSHORT(pd, offset);
3699 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Desired Access: 0x%02x", DesiredAccess);
3700 DesiredAccess_tree = proto_item_add_subtree(ti, ett_smb_desiredaccess);
3701 proto_tree_add_text(DesiredAccess_tree, NullTVB, offset, 2, "%s",
3702 decode_enumerated_bitfield(DesiredAccess, 0x07, 16, DesiredAccess_0x07, "%s"));
3703 proto_tree_add_text(DesiredAccess_tree, NullTVB, offset, 2, "%s",
3704 decode_enumerated_bitfield(DesiredAccess, 0x70, 16, DesiredAccess_0x70, "%s"));
3705 proto_tree_add_text(DesiredAccess_tree, NullTVB, offset, 2, "%s",
3706 decode_enumerated_bitfield(DesiredAccess, 0x700, 16, DesiredAccess_0x700, "%s"));
3707 proto_tree_add_text(DesiredAccess_tree, NullTVB, offset, 2, "%s",
3708 decode_enumerated_bitfield(DesiredAccess, 0x1000, 16, DesiredAccess_0x1000, "%s"));
3709 proto_tree_add_text(DesiredAccess_tree, NullTVB, offset, 2, "%s",
3710 decode_enumerated_bitfield(DesiredAccess, 0x4000, 16, DesiredAccess_0x4000, "%s"));
3714 offset += 2; /* Skip Desired Access */
3716 /* Build display for: Search */
3718 Search = GSHORT(pd, offset);
3722 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Search: 0x%02x", Search);
3723 Search_tree = proto_item_add_subtree(ti, ett_smb_search);
3724 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
3725 decode_boolean_bitfield(Search, 0x01, 16, "Read only file", "Not a read only file"));
3726 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
3727 decode_boolean_bitfield(Search, 0x02, 16, "Hidden file", "Not a hidden file"));
3728 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
3729 decode_boolean_bitfield(Search, 0x04, 16, "System file", "Not a system file"));
3730 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
3731 decode_boolean_bitfield(Search, 0x08, 16, " Volume", "Not a volume"));
3732 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
3733 decode_boolean_bitfield(Search, 0x10, 16, " Directory", "Not a directory"));
3734 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
3735 decode_boolean_bitfield(Search, 0x20, 16, "Archive file", "Do not archive file"));
3739 offset += 2; /* Skip Search */
3741 /* Build display for: File */
3743 File = GSHORT(pd, offset);
3747 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "File: 0x%02x", File);
3748 File_tree = proto_item_add_subtree(ti, ett_smb_file);
3749 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
3750 decode_boolean_bitfield(File, 0x01, 16, "Read only file", "Not a read only file"));
3751 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
3752 decode_boolean_bitfield(File, 0x02, 16, "Hidden file", "Not a hidden file"));
3753 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
3754 decode_boolean_bitfield(File, 0x04, 16, "System file", "Not a system file"));
3755 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
3756 decode_boolean_bitfield(File, 0x08, 16, " Volume", "Not a volume"));
3757 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
3758 decode_boolean_bitfield(File, 0x10, 16, " Directory", "Not a directory"));
3759 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
3760 decode_boolean_bitfield(File, 0x20, 16, "Archive file", "Do not archive file"));
3764 offset += 2; /* Skip File */
3766 /* Build display for: Creation Time */
3768 CreationTime = GSHORT(pd, offset);
3775 offset += 2; /* Skip Creation Time */
3777 /* Build display for: Creation Date */
3779 CreationDate = GSHORT(pd, offset);
3783 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Date: %s", dissect_smbu_date(CreationDate, CreationTime));
3784 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Time: %s", dissect_smbu_time(CreationDate, CreationTime));
3788 offset += 2; /* Skip Creation Date */
3790 /* Build display for: Open Function */
3792 OpenFunction = GSHORT(pd, offset);
3796 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Open Function: 0x%02x", OpenFunction);
3797 OpenFunction_tree = proto_item_add_subtree(ti, ett_smb_openfunction);
3798 proto_tree_add_text(OpenFunction_tree, NullTVB, offset, 2, "%s",
3799 decode_enumerated_bitfield(OpenFunction, 0x10, 16, OpenFunction_0x10, "%s"));
3800 proto_tree_add_text(OpenFunction_tree, NullTVB, offset, 2, "%s",
3801 decode_enumerated_bitfield(OpenFunction, 0x03, 16, OpenFunction_0x03, "%s"));
3805 offset += 2; /* Skip Open Function */
3807 /* Build display for: Allocated Size */
3809 AllocatedSize = GWORD(pd, offset);
3813 proto_tree_add_text(tree, NullTVB, offset, 4, "Allocated Size: %u", AllocatedSize);
3817 offset += 4; /* Skip Allocated Size */
3819 /* Build display for: Reserved1 */
3821 Reserved1 = GWORD(pd, offset);
3825 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved1: %u", Reserved1);
3829 offset += 4; /* Skip Reserved1 */
3831 /* Build display for: Reserved2 */
3833 Reserved2 = GWORD(pd, offset);
3837 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved2: %u", Reserved2);
3841 offset += 4; /* Skip Reserved2 */
3843 /* Build display for: Byte Count */
3845 ByteCount = GSHORT(pd, offset);
3849 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
3853 offset += 2; /* Skip Byte Count */
3855 /* Build display for: File Name */
3857 FileName = pd + offset;
3861 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
3865 offset += strlen(FileName) + 1; /* Skip File Name */
3868 if (AndXCommand != 0xFF) {
3870 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
3876 if (dirn == 0) { /* Response(s) dissect code */
3878 /* Build display for: Word Count (WCT) */
3880 WordCount = GBYTE(pd, offset);
3884 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3888 offset += 1; /* Skip Word Count (WCT) */
3890 if (WordCount > 0) {
3892 /* Build display for: AndXCommand */
3894 AndXCommand = GBYTE(pd, offset);
3898 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
3899 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
3903 offset += 1; /* Skip AndXCommand */
3905 /* Build display for: AndXReserved */
3907 AndXReserved = GBYTE(pd, offset);
3911 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
3915 offset += 1; /* Skip AndXReserved */
3917 /* Build display for: AndXOffset */
3919 AndXOffset = GSHORT(pd, offset);
3923 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
3927 offset += 2; /* Skip AndXOffset */
3929 /* Build display for: FID */
3931 FID = GSHORT(pd, offset);
3935 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
3939 offset += 2; /* Skip FID */
3941 /* Build display for: FileAttributes */
3943 FileAttributes = GSHORT(pd, offset);
3947 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "FileAttributes: 0x%02x", FileAttributes);
3948 FileAttributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
3949 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
3950 decode_boolean_bitfield(FileAttributes, 0x01, 16, "Read only file", "Not a read only file"));
3951 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
3952 decode_boolean_bitfield(FileAttributes, 0x02, 16, "Hidden file", "Not a hidden file"));
3953 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
3954 decode_boolean_bitfield(FileAttributes, 0x04, 16, "System file", "Not a system file"));
3955 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
3956 decode_boolean_bitfield(FileAttributes, 0x08, 16, " Volume", "Not a volume"));
3957 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
3958 decode_boolean_bitfield(FileAttributes, 0x10, 16, " Directory", "Not a directory"));
3959 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
3960 decode_boolean_bitfield(FileAttributes, 0x20, 16, "Archive file", "Do not archive file"));
3964 offset += 2; /* Skip FileAttributes */
3966 /* Build display for: Last Write Time */
3968 LastWriteTime = GSHORT(pd, offset);
3974 offset += 2; /* Skip Last Write Time */
3976 /* Build display for: Last Write Date */
3978 LastWriteDate = GSHORT(pd, offset);
3982 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_smbu_date(LastWriteDate, LastWriteTime));
3983 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_smbu_time(LastWriteDate, LastWriteTime));
3988 offset += 2; /* Skip Last Write Date */
3990 /* Build display for: Data Size */
3992 DataSize = GWORD(pd, offset);
3996 proto_tree_add_text(tree, NullTVB, offset, 4, "Data Size: %u", DataSize);
4000 offset += 4; /* Skip Data Size */
4002 /* Build display for: Granted Access */
4004 GrantedAccess = GSHORT(pd, offset);
4008 proto_tree_add_text(tree, NullTVB, offset, 2, "Granted Access: %u", GrantedAccess);
4012 offset += 2; /* Skip Granted Access */
4014 /* Build display for: File Type */
4016 FileType = GSHORT(pd, offset);
4020 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "File Type: 0x%02x", FileType);
4021 FileType_tree = proto_item_add_subtree(ti, ett_smb_filetype);
4022 proto_tree_add_text(FileType_tree, NullTVB, offset, 2, "%s",
4023 decode_enumerated_bitfield(FileType, 0xFFFF, 16, FileType_0xFFFF, "%s"));
4027 offset += 2; /* Skip File Type */
4029 /* Build display for: Device State */
4031 DeviceState = GSHORT(pd, offset);
4035 proto_tree_add_text(tree, NullTVB, offset, 2, "Device State: %u", DeviceState);
4039 offset += 2; /* Skip Device State */
4041 /* Build display for: Action */
4043 Action = GSHORT(pd, offset);
4047 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Action: 0x%02x", Action);
4048 Action_tree = proto_item_add_subtree(ti, ett_smb_action);
4049 proto_tree_add_text(Action_tree, NullTVB, offset, 2, "%s",
4050 decode_enumerated_bitfield(Action, 0x8000, 16, Action_0x8000, "%s"));
4051 proto_tree_add_text(Action_tree, NullTVB, offset, 2, "%s",
4052 decode_enumerated_bitfield(Action, 0x0003, 16, Action_0x0003, "%s"));
4056 offset += 2; /* Skip Action */
4058 /* Build display for: Server FID */
4060 ServerFID = GWORD(pd, offset);
4064 proto_tree_add_text(tree, NullTVB, offset, 4, "Server FID: %u", ServerFID);
4068 offset += 4; /* Skip Server FID */
4070 /* Build display for: Reserved */
4072 Reserved = GSHORT(pd, offset);
4076 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
4080 offset += 2; /* Skip Reserved */
4084 /* Build display for: Byte Count */
4086 ByteCount = GSHORT(pd, offset);
4090 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
4094 offset += 2; /* Skip Byte Count */
4097 if (AndXCommand != 0xFF) {
4099 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
4108 dissect_write_raw_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4111 proto_tree *WriteMode_tree;
4127 if (dirn == 1) { /* Request(s) dissect code */
4129 WordCount = GBYTE(pd, offset);
4131 switch (WordCount) {
4135 /* Build display for: Word Count (WCT) */
4137 WordCount = GBYTE(pd, offset);
4141 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4145 offset += 1; /* Skip Word Count (WCT) */
4147 /* Build display for: FID */
4149 FID = GSHORT(pd, offset);
4153 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
4157 offset += 2; /* Skip FID */
4159 /* Build display for: Count */
4161 Count = GSHORT(pd, offset);
4165 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
4169 offset += 2; /* Skip Count */
4171 /* Build display for: Reserved 1 */
4173 Reserved1 = GSHORT(pd, offset);
4177 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
4181 offset += 2; /* Skip Reserved 1 */
4183 /* Build display for: Offset */
4185 Offset = GWORD(pd, offset);
4189 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
4193 offset += 4; /* Skip Offset */
4195 /* Build display for: Timeout */
4197 Timeout = GWORD(pd, offset);
4201 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
4205 offset += 4; /* Skip Timeout */
4207 /* Build display for: WriteMode */
4209 WriteMode = GSHORT(pd, offset);
4213 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "WriteMode: 0x%02x", WriteMode);
4214 WriteMode_tree = proto_item_add_subtree(ti, ett_smb_writemode);
4215 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
4216 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
4217 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
4218 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining (pipe/dev)", "Dont return Remaining (pipe/dev)"));
4222 offset += 2; /* Skip WriteMode */
4224 /* Build display for: Reserved 2 */
4226 Reserved2 = GWORD(pd, offset);
4230 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved 2: %u", Reserved2);
4234 offset += 4; /* Skip Reserved 2 */
4236 /* Build display for: Data Length */
4238 DataLength = GSHORT(pd, offset);
4242 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
4246 offset += 2; /* Skip Data Length */
4248 /* Build display for: Data Offset */
4250 DataOffset = GSHORT(pd, offset);
4254 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
4258 offset += 2; /* Skip Data Offset */
4260 /* Build display for: Byte Count (BCC) */
4262 ByteCount = GSHORT(pd, offset);
4266 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
4270 offset += 2; /* Skip Byte Count (BCC) */
4272 /* Build display for: Pad */
4274 Pad = GBYTE(pd, offset);
4278 proto_tree_add_text(tree, NullTVB, offset, 1, "Pad: %u", Pad);
4282 offset += 1; /* Skip Pad */
4288 /* Build display for: Word Count (WCT) */
4290 WordCount = GBYTE(pd, offset);
4294 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4298 offset += 1; /* Skip Word Count (WCT) */
4300 /* Build display for: FID */
4302 FID = GSHORT(pd, offset);
4306 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
4310 offset += 2; /* Skip FID */
4312 /* Build display for: Count */
4314 Count = GSHORT(pd, offset);
4318 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
4322 offset += 2; /* Skip Count */
4324 /* Build display for: Reserved 1 */
4326 Reserved1 = GSHORT(pd, offset);
4330 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
4334 offset += 2; /* Skip Reserved 1 */
4336 /* Build display for: Timeout */
4338 Timeout = GWORD(pd, offset);
4342 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
4346 offset += 4; /* Skip Timeout */
4348 /* Build display for: WriteMode */
4350 WriteMode = GSHORT(pd, offset);
4354 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "WriteMode: 0x%02x", WriteMode);
4355 WriteMode_tree = proto_item_add_subtree(ti, ett_smb_writemode);
4356 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
4357 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
4358 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
4359 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining (pipe/dev)", "Dont return Remaining (pipe/dev)"));
4363 offset += 2; /* Skip WriteMode */
4365 /* Build display for: Reserved 2 */
4367 Reserved2 = GWORD(pd, offset);
4371 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved 2: %u", Reserved2);
4375 offset += 4; /* Skip Reserved 2 */
4377 /* Build display for: Data Length */
4379 DataLength = GSHORT(pd, offset);
4383 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
4387 offset += 2; /* Skip Data Length */
4389 /* Build display for: Data Offset */
4391 DataOffset = GSHORT(pd, offset);
4395 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
4399 offset += 2; /* Skip Data Offset */
4401 /* Build display for: Byte Count (BCC) */
4403 ByteCount = GSHORT(pd, offset);
4407 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
4411 offset += 2; /* Skip Byte Count (BCC) */
4413 /* Build display for: Pad */
4415 Pad = GBYTE(pd, offset);
4419 proto_tree_add_text(tree, NullTVB, offset, 1, "Pad: %u", Pad);
4423 offset += 1; /* Skip Pad */
4431 if (dirn == 0) { /* Response(s) dissect code */
4433 /* Build display for: Word Count (WCT) */
4435 WordCount = GBYTE(pd, offset);
4439 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4443 offset += 1; /* Skip Word Count (WCT) */
4445 if (WordCount > 0) {
4447 /* Build display for: Remaining */
4449 Remaining = GSHORT(pd, offset);
4453 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
4457 offset += 2; /* Skip Remaining */
4461 /* Build display for: Byte Count */
4463 ByteCount = GSHORT(pd, offset);
4467 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
4471 offset += 2; /* Skip Byte Count */
4478 dissect_tdis_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4484 if (dirn == 1) { /* Request(s) dissect code */
4486 /* Build display for: Word Count (WCT) */
4488 WordCount = GBYTE(pd, offset);
4492 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4496 offset += 1; /* Skip Word Count (WCT) */
4498 /* Build display for: Byte Count (BCC) */
4500 ByteCount = GSHORT(pd, offset);
4504 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
4508 offset += 2; /* Skip Byte Count (BCC) */
4512 if (dirn == 0) { /* Response(s) dissect code */
4514 /* Build display for: Word Count (WCT) */
4516 WordCount = GBYTE(pd, offset);
4520 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4524 offset += 1; /* Skip Word Count (WCT) */
4526 /* Build display for: Byte Count (BCC) */
4528 ByteCount = GSHORT(pd, offset);
4532 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
4536 offset += 2; /* Skip Byte Count (BCC) */
4543 dissect_move_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4546 static const value_string Flags_0x03[] = {
4547 { 0, "Target must be a file"},
4548 { 1, "Target must be a directory"},
4551 { 4, "Verify all writes"},
4554 proto_tree *Flags_tree;
4557 guint8 ErrorFileFormat;
4559 guint16 OpenFunction;
4563 const char *ErrorFileName;
4565 if (dirn == 1) { /* Request(s) dissect code */
4567 /* Build display for: Word Count (WCT) */
4569 WordCount = GBYTE(pd, offset);
4573 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4577 offset += 1; /* Skip Word Count (WCT) */
4579 /* Build display for: TID2 */
4581 TID2 = GSHORT(pd, offset);
4585 proto_tree_add_text(tree, NullTVB, offset, 2, "TID2: %u", TID2);
4589 offset += 2; /* Skip TID2 */
4591 /* Build display for: Open Function */
4593 OpenFunction = GSHORT(pd, offset);
4597 proto_tree_add_text(tree, NullTVB, offset, 2, "Open Function: %u", OpenFunction);
4601 offset += 2; /* Skip Open Function */
4603 /* Build display for: Flags */
4605 Flags = GSHORT(pd, offset);
4609 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Flags: 0x%02x", Flags);
4610 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
4611 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
4612 decode_enumerated_bitfield(Flags, 0x03, 16, Flags_0x03, "%s"));
4616 offset += 2; /* Skip Flags */
4620 if (dirn == 0) { /* Response(s) dissect code */
4622 /* Build display for: Word Count (WCT) */
4624 WordCount = GBYTE(pd, offset);
4628 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4632 offset += 1; /* Skip Word Count (WCT) */
4634 if (WordCount > 0) {
4636 /* Build display for: Count */
4638 Count = GSHORT(pd, offset);
4642 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
4646 offset += 2; /* Skip Count */
4650 /* Build display for: Byte Count */
4652 ByteCount = GSHORT(pd, offset);
4656 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
4660 offset += 2; /* Skip Byte Count */
4662 /* Build display for: Error File Format */
4664 ErrorFileFormat = GBYTE(pd, offset);
4668 proto_tree_add_text(tree, NullTVB, offset, 1, "Error File Format: %u", ErrorFileFormat);
4672 offset += 1; /* Skip Error File Format */
4674 /* Build display for: Error File Name */
4676 ErrorFileName = pd + offset;
4680 proto_tree_add_text(tree, NullTVB, offset, strlen(ErrorFileName) + 1, "Error File Name: %s", ErrorFileName);
4684 offset += strlen(ErrorFileName) + 1; /* Skip Error File Name */
4691 dissect_rename_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4695 guint8 BufferFormat2;
4696 guint8 BufferFormat1;
4697 guint16 SearchAttributes;
4699 const char *OldFileName;
4700 const char *NewFileName;
4702 if (dirn == 1) { /* Request(s) dissect code */
4704 /* Build display for: Word Count (WCT) */
4706 WordCount = GBYTE(pd, offset);
4710 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4714 offset += 1; /* Skip Word Count (WCT) */
4716 /* Build display for: Search Attributes */
4718 SearchAttributes = GSHORT(pd, offset);
4722 proto_tree_add_text(tree, NullTVB, offset, 2, "Search Attributes: %u", SearchAttributes);
4726 offset += 2; /* Skip Search Attributes */
4728 /* Build display for: Byte Count */
4730 ByteCount = GSHORT(pd, offset);
4734 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
4738 offset += 2; /* Skip Byte Count */
4740 /* Build display for: Buffer Format 1 */
4742 BufferFormat1 = GBYTE(pd, offset);
4746 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format 1: %u", BufferFormat1);
4750 offset += 1; /* Skip Buffer Format 1 */
4752 /* Build display for: Old File Name */
4754 OldFileName = pd + offset;
4758 proto_tree_add_text(tree, NullTVB, offset, strlen(OldFileName) + 1, "Old File Name: %s", OldFileName);
4762 offset += strlen(OldFileName) + 1; /* Skip Old File Name */
4764 /* Build display for: Buffer Format 2 */
4766 BufferFormat2 = GBYTE(pd, offset);
4770 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format 2: %u", BufferFormat2);
4774 offset += 1; /* Skip Buffer Format 2 */
4776 /* Build display for: New File Name */
4778 NewFileName = pd + offset;
4782 proto_tree_add_text(tree, NullTVB, offset, strlen(NewFileName) + 1, "New File Name: %s", NewFileName);
4786 offset += strlen(NewFileName) + 1; /* Skip New File Name */
4790 if (dirn == 0) { /* Response(s) dissect code */
4792 /* Build display for: Word Count (WCT) */
4794 WordCount = GBYTE(pd, offset);
4798 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4802 offset += 1; /* Skip Word Count (WCT) */
4804 /* Build display for: Byte Count (BCC) */
4806 ByteCount = GSHORT(pd, offset);
4810 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
4814 offset += 2; /* Skip Byte Count (BCC) */
4821 dissect_open_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4824 static const value_string Mode_0x03[] = {
4825 { 0, "Text mode (DOS expands TABs)"},
4826 { 1, "Graphics mode"},
4829 proto_tree *Mode_tree;
4832 guint8 BufferFormat;
4833 guint16 SetupLength;
4837 const char *IdentifierString;
4839 if (dirn == 1) { /* Request(s) dissect code */
4841 /* Build display for: Word Count (WCT) */
4843 WordCount = GBYTE(pd, offset);
4847 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4851 offset += 1; /* Skip Word Count (WCT) */
4853 /* Build display for: Setup Length */
4855 SetupLength = GSHORT(pd, offset);
4859 proto_tree_add_text(tree, NullTVB, offset, 2, "Setup Length: %u", SetupLength);
4863 offset += 2; /* Skip Setup Length */
4865 /* Build display for: Mode */
4867 Mode = GSHORT(pd, offset);
4871 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Mode: 0x%02x", Mode);
4872 Mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
4873 proto_tree_add_text(Mode_tree, NullTVB, offset, 2, "%s",
4874 decode_enumerated_bitfield(Mode, 0x03, 16, Mode_0x03, "%s"));
4878 offset += 2; /* Skip Mode */
4880 /* Build display for: Byte Count (BCC) */
4882 ByteCount = GSHORT(pd, offset);
4886 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
4890 offset += 2; /* Skip Byte Count (BCC) */
4892 /* Build display for: Buffer Format */
4894 BufferFormat = GBYTE(pd, offset);
4898 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
4902 offset += 1; /* Skip Buffer Format */
4904 /* Build display for: Identifier String */
4906 IdentifierString = pd + offset;
4910 proto_tree_add_text(tree, NullTVB, offset, strlen(IdentifierString) + 1, "Identifier String: %s", IdentifierString);
4914 offset += strlen(IdentifierString) + 1; /* Skip Identifier String */
4918 if (dirn == 0) { /* Response(s) dissect code */
4920 /* Build display for: Word Count (WCT) */
4922 WordCount = GBYTE(pd, offset);
4926 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4930 offset += 1; /* Skip Word Count (WCT) */
4932 /* Build display for: FID */
4934 FID = GSHORT(pd, offset);
4938 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
4942 offset += 2; /* Skip FID */
4944 /* Build display for: Byte Count (BCC) */
4946 ByteCount = GSHORT(pd, offset);
4950 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
4954 offset += 2; /* Skip Byte Count (BCC) */
4961 dissect_close_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4968 if (dirn == 1) { /* Request(s) dissect code */
4970 /* Build display for: Word Count (WCT) */
4972 WordCount = GBYTE(pd, offset);
4976 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4980 offset += 1; /* Skip Word Count (WCT) */
4982 /* Build display for: FID */
4984 FID = GSHORT(pd, offset);
4988 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
4992 offset += 2; /* Skip FID */
4994 /* Build display for: Byte Count (BCC) */
4996 ByteCount = GSHORT(pd, offset);
5000 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5004 offset += 2; /* Skip Byte Count (BCC) */
5008 if (dirn == 0) { /* Response(s) dissect code */
5010 /* Build display for: Word Count */
5012 WordCount = GBYTE(pd, offset);
5016 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count: %u", WordCount);
5020 offset += 1; /* Skip Word Count */
5022 /* Build display for: Byte Count (BCC) */
5024 ByteCount = GSHORT(pd, offset);
5028 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5032 offset += 2; /* Skip Byte Count (BCC) */
5039 dissect_read_raw_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5052 if (dirn == 1) { /* Request(s) dissect code */
5054 WordCount = GBYTE(pd, offset);
5056 switch (WordCount) {
5060 /* Build display for: Word Count (WCT) */
5062 WordCount = GBYTE(pd, offset);
5066 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5070 offset += 1; /* Skip Word Count (WCT) */
5072 /* Build display for: FID */
5074 FID = GSHORT(pd, offset);
5078 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
5082 offset += 2; /* Skip FID */
5084 /* Build display for: Offset */
5086 Offset = GWORD(pd, offset);
5090 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
5094 offset += 4; /* Skip Offset */
5096 /* Build display for: Max Count */
5098 MaxCount = GSHORT(pd, offset);
5102 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
5106 offset += 2; /* Skip Max Count */
5108 /* Build display for: Min Count */
5110 MinCount = GSHORT(pd, offset);
5114 proto_tree_add_text(tree, NullTVB, offset, 2, "Min Count: %u", MinCount);
5118 offset += 2; /* Skip Min Count */
5120 /* Build display for: Timeout */
5122 Timeout = GWORD(pd, offset);
5126 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
5130 offset += 4; /* Skip Timeout */
5132 /* Build display for: Reserved */
5134 Reserved = GSHORT(pd, offset);
5138 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
5142 offset += 2; /* Skip Reserved */
5144 /* Build display for: Byte Count (BCC) */
5146 ByteCount = GSHORT(pd, offset);
5150 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5154 offset += 2; /* Skip Byte Count (BCC) */
5160 /* Build display for: Word Count (WCT) */
5162 WordCount = GBYTE(pd, offset);
5166 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5170 offset += 1; /* Skip Word Count (WCT) */
5172 /* Build display for: FID */
5174 FID = GSHORT(pd, offset);
5178 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
5182 offset += 2; /* Skip FID */
5184 /* Build display for: Offset */
5186 Offset = GWORD(pd, offset);
5190 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
5194 offset += 4; /* Skip Offset */
5196 /* Build display for: Max Count */
5198 MaxCount = GSHORT(pd, offset);
5202 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
5206 offset += 2; /* Skip Max Count */
5208 /* Build display for: Min Count */
5210 MinCount = GSHORT(pd, offset);
5214 proto_tree_add_text(tree, NullTVB, offset, 2, "Min Count: %u", MinCount);
5218 offset += 2; /* Skip Min Count */
5220 /* Build display for: Timeout */
5222 Timeout = GWORD(pd, offset);
5226 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
5230 offset += 4; /* Skip Timeout */
5232 /* Build display for: Reserved */
5234 Reserved = GSHORT(pd, offset);
5238 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
5242 offset += 2; /* Skip Reserved */
5244 /* Build display for: Offset High */
5246 OffsetHigh = GWORD(pd, offset);
5250 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset High: %u", OffsetHigh);
5254 offset += 4; /* Skip Offset High */
5256 /* Build display for: Byte Count (BCC) */
5258 ByteCount = GSHORT(pd, offset);
5262 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5266 offset += 2; /* Skip Byte Count (BCC) */
5274 if (dirn == 0) { /* Response(s) dissect code */
5281 dissect_logoff_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5285 guint8 AndXReserved;
5286 guint8 AndXCommand = 0xFF;
5288 guint16 AndXOffset = 0;
5290 if (dirn == 1) { /* Request(s) dissect code */
5292 /* Build display for: Word Count (WCT) */
5294 WordCount = GBYTE(pd, offset);
5298 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5302 offset += 1; /* Skip Word Count (WCT) */
5304 /* Build display for: AndXCommand */
5306 AndXCommand = GBYTE(pd, offset);
5310 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %u", AndXCommand);
5314 offset += 1; /* Skip AndXCommand */
5316 /* Build display for: AndXReserved */
5318 AndXReserved = GBYTE(pd, offset);
5322 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
5326 offset += 1; /* Skip AndXReserved */
5328 /* Build display for: AndXOffset */
5330 AndXOffset = GSHORT(pd, offset);
5334 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
5338 offset += 2; /* Skip AndXOffset */
5340 /* Build display for: Byte Count (BCC) */
5342 ByteCount = GSHORT(pd, offset);
5346 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5350 offset += 2; /* Skip Byte Count (BCC) */
5353 if (AndXCommand != 0xFF) {
5355 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
5361 if (dirn == 0) { /* Response(s) dissect code */
5363 /* Build display for: Word Count (WCT) */
5365 WordCount = GBYTE(pd, offset);
5369 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5373 offset += 1; /* Skip Word Count (WCT) */
5375 /* Build display for: AndXCommand */
5377 AndXCommand = GBYTE(pd, offset);
5381 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %u", AndXCommand);
5385 offset += 1; /* Skip AndXCommand */
5387 /* Build display for: AndXReserved */
5389 AndXReserved = GBYTE(pd, offset);
5393 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
5397 offset += 1; /* Skip AndXReserved */
5399 /* Build display for: AndXOffset */
5401 AndXOffset = GSHORT(pd, offset);
5405 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
5409 offset += 2; /* Skip AndXOffset */
5411 /* Build display for: Byte Count (BCC) */
5413 ByteCount = GSHORT(pd, offset);
5417 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5421 offset += 2; /* Skip Byte Count (BCC) */
5424 if (AndXCommand != 0xFF) {
5426 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
5435 dissect_seek_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5438 static const value_string Mode_0x03[] = {
5439 { 0, "Seek from start of file"},
5440 { 1, "Seek from current position"},
5441 { 2, "Seek from end of file"},
5444 proto_tree *Mode_tree;
5452 if (dirn == 1) { /* Request(s) dissect code */
5454 /* Build display for: Word Count (WCT) */
5456 WordCount = GBYTE(pd, offset);
5460 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5464 offset += 1; /* Skip Word Count (WCT) */
5466 /* Build display for: FID */
5468 FID = GSHORT(pd, offset);
5472 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
5476 offset += 2; /* Skip FID */
5478 /* Build display for: Mode */
5480 Mode = GSHORT(pd, offset);
5484 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Mode: 0x%02x", Mode);
5485 Mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
5486 proto_tree_add_text(Mode_tree, NullTVB, offset, 2, "%s",
5487 decode_enumerated_bitfield(Mode, 0x03, 16, Mode_0x03, "%s"));
5491 offset += 2; /* Skip Mode */
5493 /* Build display for: Offset */
5495 Offset = GWORD(pd, offset);
5499 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
5503 offset += 4; /* Skip Offset */
5505 /* Build display for: Byte Count (BCC) */
5507 ByteCount = GSHORT(pd, offset);
5511 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5515 offset += 2; /* Skip Byte Count (BCC) */
5519 if (dirn == 0) { /* Response(s) dissect code */
5521 /* Build display for: Word Count (WCT) */
5523 WordCount = GBYTE(pd, offset);
5527 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5531 offset += 1; /* Skip Word Count (WCT) */
5533 /* Build display for: Offset */
5535 Offset = GWORD(pd, offset);
5539 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
5543 offset += 4; /* Skip Offset */
5545 /* Build display for: Byte Count (BCC) */
5547 ByteCount = GSHORT(pd, offset);
5551 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5555 offset += 2; /* Skip Byte Count (BCC) */
5562 dissect_write_and_unlock_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5566 guint8 BufferFormat;
5574 if (dirn == 1) { /* Request(s) dissect code */
5576 /* Build display for: Word Count (WCT) */
5578 WordCount = GBYTE(pd, offset);
5582 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5586 offset += 1; /* Skip Word Count (WCT) */
5588 /* Build display for: FID */
5590 FID = GSHORT(pd, offset);
5594 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
5598 offset += 2; /* Skip FID */
5600 /* Build display for: Count */
5602 Count = GSHORT(pd, offset);
5606 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
5610 offset += 2; /* Skip Count */
5612 /* Build display for: Offset */
5614 Offset = GWORD(pd, offset);
5618 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
5622 offset += 4; /* Skip Offset */
5624 /* Build display for: Remaining */
5626 Remaining = GSHORT(pd, offset);
5630 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
5634 offset += 2; /* Skip Remaining */
5636 /* Build display for: Byte Count (BCC) */
5638 ByteCount = GSHORT(pd, offset);
5642 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5646 offset += 2; /* Skip Byte Count (BCC) */
5648 /* Build display for: Buffer Format */
5650 BufferFormat = GBYTE(pd, offset);
5654 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
5658 offset += 1; /* Skip Buffer Format */
5660 /* Build display for: Data Length */
5662 DataLength = GSHORT(pd, offset);
5666 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
5670 offset += 2; /* Skip Data Length */
5674 if (dirn == 0) { /* Response(s) dissect code */
5676 /* Build display for: Word Count (WCT) */
5678 WordCount = GBYTE(pd, offset);
5682 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5686 offset += 1; /* Skip Word Count (WCT) */
5688 /* Build display for: Count */
5690 Count = GSHORT(pd, offset);
5694 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
5698 offset += 2; /* Skip Count */
5700 /* Build display for: Byte Count (BCC) */
5702 ByteCount = GSHORT(pd, offset);
5706 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5710 offset += 2; /* Skip Byte Count (BCC) */
5717 dissect_set_info2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5721 guint16 LastWriteTime;
5722 guint16 LastWriteDate;
5723 guint16 LastAccessTime;
5724 guint16 LastAccessDate;
5726 guint16 CreationTime;
5727 guint16 CreationDate;
5730 if (dirn == 1) { /* Request(s) dissect code */
5732 /* Build display for: Word Count */
5734 WordCount = GBYTE(pd, offset);
5738 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count: %u", WordCount);
5742 offset += 1; /* Skip Word Count */
5744 /* Build display for: FID */
5746 FID = GSHORT(pd, offset);
5750 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
5754 offset += 2; /* Skip FID */
5756 /* Build display for: Creation Date */
5758 CreationDate = GSHORT(pd, offset);
5762 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Date: %s", dissect_dos_date(CreationDate));
5766 offset += 2; /* Skip Creation Date */
5768 /* Build display for: Creation Time */
5770 CreationTime = GSHORT(pd, offset);
5774 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Time: %s", dissect_dos_time(CreationTime));
5778 offset += 2; /* Skip Creation Time */
5780 /* Build display for: Last Access Date */
5782 LastAccessDate = GSHORT(pd, offset);
5786 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Access Date: %s", dissect_dos_date(LastAccessDate));
5790 offset += 2; /* Skip Last Access Date */
5792 /* Build display for: Last Access Time */
5794 LastAccessTime = GSHORT(pd, offset);
5798 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Access Time: %s", dissect_dos_time(LastAccessTime));
5802 offset += 2; /* Skip Last Access Time */
5804 /* Build display for: Last Write Date */
5806 LastWriteDate = GSHORT(pd, offset);
5810 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_dos_date(LastWriteDate));
5814 offset += 2; /* Skip Last Write Date */
5816 /* Build display for: Last Write Time */
5818 LastWriteTime = GSHORT(pd, offset);
5822 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_dos_time(LastWriteTime));
5826 offset += 2; /* Skip Last Write Time */
5828 /* Build display for: Byte Count (BCC) */
5830 ByteCount = GSHORT(pd, offset);
5834 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5838 offset += 2; /* Skip Byte Count (BCC) */
5842 if (dirn == 0) { /* Response(s) dissect code */
5844 /* Build display for: Word Count (WCC) */
5846 WordCount = GBYTE(pd, offset);
5850 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCC): %u", WordCount);
5854 offset += 1; /* Skip Word Count (WCC) */
5856 /* Build display for: Byte Count (BCC) */
5858 ByteCount = GSHORT(pd, offset);
5862 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5866 offset += 2; /* Skip Byte Count (BCC) */
5873 dissect_lock_bytes_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5882 if (dirn == 1) { /* Request(s) dissect code */
5884 /* Build display for: Word Count (WCT) */
5886 WordCount = GBYTE(pd, offset);
5890 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5894 offset += 1; /* Skip Word Count (WCT) */
5896 /* Build display for: FID */
5898 FID = GSHORT(pd, offset);
5902 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
5906 offset += 2; /* Skip FID */
5908 /* Build display for: Count */
5910 Count = GWORD(pd, offset);
5914 proto_tree_add_text(tree, NullTVB, offset, 4, "Count: %u", Count);
5918 offset += 4; /* Skip Count */
5920 /* Build display for: Offset */
5922 Offset = GWORD(pd, offset);
5926 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
5930 offset += 4; /* Skip Offset */
5932 /* Build display for: Byte Count (BCC) */
5934 ByteCount = GSHORT(pd, offset);
5938 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5942 offset += 2; /* Skip Byte Count (BCC) */
5946 if (dirn == 0) { /* Response(s) dissect code */
5948 /* Build display for: Word Count (WCT) */
5950 WordCount = GBYTE(pd, offset);
5954 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5958 offset += 1; /* Skip Word Count (WCT) */
5960 /* Build display for: Byte Count (BCC) */
5962 ByteCount = GSHORT(pd, offset);
5966 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5970 offset += 2; /* Skip Byte Count (BCC) */
5977 dissect_get_print_queue_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5981 guint8 BufferFormat;
5983 guint16 RestartIndex;
5989 if (dirn == 1) { /* Request(s) dissect code */
5991 /* Build display for: Word Count */
5993 WordCount = GBYTE(pd, offset);
5997 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count: %u", WordCount);
6001 offset += 1; /* Skip Word Count */
6003 /* Build display for: Max Count */
6005 MaxCount = GSHORT(pd, offset);
6009 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
6013 offset += 2; /* Skip Max Count */
6015 /* Build display for: Start Index */
6017 StartIndex = GSHORT(pd, offset);
6021 proto_tree_add_text(tree, NullTVB, offset, 2, "Start Index: %u", StartIndex);
6025 offset += 2; /* Skip Start Index */
6027 /* Build display for: Byte Count (BCC) */
6029 ByteCount = GSHORT(pd, offset);
6033 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6037 offset += 2; /* Skip Byte Count (BCC) */
6041 if (dirn == 0) { /* Response(s) dissect code */
6043 /* Build display for: Word Count (WCT) */
6045 WordCount = GBYTE(pd, offset);
6049 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6053 offset += 1; /* Skip Word Count (WCT) */
6055 if (WordCount > 0) {
6057 /* Build display for: Count */
6059 Count = GSHORT(pd, offset);
6063 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
6067 offset += 2; /* Skip Count */
6069 /* Build display for: Restart Index */
6071 RestartIndex = GSHORT(pd, offset);
6075 proto_tree_add_text(tree, NullTVB, offset, 2, "Restart Index: %u", RestartIndex);
6079 offset += 2; /* Skip Restart Index */
6081 /* Build display for: Byte Count (BCC) */
6085 ByteCount = GSHORT(pd, offset);
6089 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6093 offset += 2; /* Skip Byte Count (BCC) */
6095 /* Build display for: Buffer Format */
6097 BufferFormat = GBYTE(pd, offset);
6101 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
6105 offset += 1; /* Skip Buffer Format */
6107 /* Build display for: Data Length */
6109 DataLength = GSHORT(pd, offset);
6113 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
6117 offset += 2; /* Skip Data Length */
6124 dissect_locking_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6127 proto_tree *LockType_tree;
6132 guint8 AndXReserved;
6133 guint8 AndXCommand = 0xFF;
6135 guint16 NumberofLocks;
6136 guint16 NumberOfUnlocks;
6140 guint16 AndXOffset = 0;
6142 if (dirn == 1) { /* Request(s) dissect code */
6144 /* Build display for: Word Count (WCT) */
6146 WordCount = GBYTE(pd, offset);
6150 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6154 offset += 1; /* Skip Word Count (WCT) */
6156 /* Build display for: AndXCommand */
6158 AndXCommand = GBYTE(pd, offset);
6162 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %u", AndXCommand);
6166 offset += 1; /* Skip AndXCommand */
6168 /* Build display for: AndXReserved */
6170 AndXReserved = GBYTE(pd, offset);
6174 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
6178 offset += 1; /* Skip AndXReserved */
6180 /* Build display for: AndXOffset */
6182 AndXOffset = GSHORT(pd, offset);
6186 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
6190 offset += 2; /* Skip AndXOffset */
6192 /* Build display for: FID */
6194 FID = GSHORT(pd, offset);
6198 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
6202 offset += 2; /* Skip FID */
6204 /* Build display for: Lock Type */
6206 LockType = GBYTE(pd, offset);
6210 ti = proto_tree_add_text(tree, NullTVB, offset, 1, "Lock Type: 0x%01x", LockType);
6211 LockType_tree = proto_item_add_subtree(ti, ett_smb_lock_type);
6212 proto_tree_add_text(LockType_tree, NullTVB, offset, 1, "%s",
6213 decode_boolean_bitfield(LockType, 0x01, 16, "Read-only lock", "Not a Read-only lock"));
6214 proto_tree_add_text(LockType_tree, NullTVB, offset, 1, "%s",
6215 decode_boolean_bitfield(LockType, 0x02, 16, "Oplock break notification", "Not an Oplock break notification"));
6216 proto_tree_add_text(LockType_tree, NullTVB, offset, 1, "%s",
6217 decode_boolean_bitfield(LockType, 0x04, 16, "Change lock type", "Not a lock type change"));
6218 proto_tree_add_text(LockType_tree, NullTVB, offset, 1, "%s",
6219 decode_boolean_bitfield(LockType, 0x08, 16, "Cancel outstanding request", "Dont cancel outstanding request"));
6220 proto_tree_add_text(LockType_tree, NullTVB, offset, 1, "%s",
6221 decode_boolean_bitfield(LockType, 0x10, 16, "Large file locking format", "Not a large file locking format"));
6225 offset += 1; /* Skip Lock Type */
6227 /* Build display for: OplockLevel */
6229 OplockLevel = GBYTE(pd, offset);
6233 proto_tree_add_text(tree, NullTVB, offset, 1, "OplockLevel: %u", OplockLevel);
6237 offset += 1; /* Skip OplockLevel */
6239 /* Build display for: Timeout */
6241 Timeout = GWORD(pd, offset);
6245 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
6249 offset += 4; /* Skip Timeout */
6251 /* Build display for: Number Of Unlocks */
6253 NumberOfUnlocks = GSHORT(pd, offset);
6257 proto_tree_add_text(tree, NullTVB, offset, 2, "Number Of Unlocks: %u", NumberOfUnlocks);
6261 offset += 2; /* Skip Number Of Unlocks */
6263 /* Build display for: Number of Locks */
6265 NumberofLocks = GSHORT(pd, offset);
6269 proto_tree_add_text(tree, NullTVB, offset, 2, "Number of Locks: %u", NumberofLocks);
6273 offset += 2; /* Skip Number of Locks */
6275 /* Build display for: Byte Count (BCC) */
6277 ByteCount = GSHORT(pd, offset);
6281 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6285 offset += 2; /* Skip Byte Count (BCC) */
6288 if (AndXCommand != 0xFF) {
6290 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
6296 if (dirn == 0) { /* Response(s) dissect code */
6298 /* Build display for: Word Count (WCT) */
6300 WordCount = GBYTE(pd, offset);
6304 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6308 offset += 1; /* Skip Word Count (WCT) */
6310 if (WordCount > 0) {
6312 /* Build display for: AndXCommand */
6314 AndXCommand = GBYTE(pd, offset);
6318 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
6319 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
6323 offset += 1; /* Skip AndXCommand */
6325 /* Build display for: AndXReserved */
6327 AndXReserved = GBYTE(pd, offset);
6331 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
6335 offset += 1; /* Skip AndXReserved */
6337 /* Build display for: AndXoffset */
6339 AndXoffset = GSHORT(pd, offset);
6343 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXoffset: %u", AndXoffset);
6347 offset += 2; /* Skip AndXoffset */
6351 /* Build display for: Byte Count */
6353 ByteCount = GSHORT(pd, offset);
6357 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
6361 offset += 2; /* Skip Byte Count */
6364 if (AndXCommand != 0xFF) {
6366 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
6375 dissect_unlock_bytes_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6384 if (dirn == 1) { /* Request(s) dissect code */
6386 /* Build display for: Word Count (WCT) */
6388 WordCount = GBYTE(pd, offset);
6392 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6396 offset += 1; /* Skip Word Count (WCT) */
6398 /* Build display for: FID */
6400 FID = GSHORT(pd, offset);
6404 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
6408 offset += 2; /* Skip FID */
6410 /* Build display for: Count */
6412 Count = GWORD(pd, offset);
6416 proto_tree_add_text(tree, NullTVB, offset, 4, "Count: %u", Count);
6420 offset += 4; /* Skip Count */
6422 /* Build display for: Offset */
6424 Offset = GWORD(pd, offset);
6428 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
6432 offset += 4; /* Skip Offset */
6434 /* Build display for: Byte Count (BCC) */
6436 ByteCount = GSHORT(pd, offset);
6440 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6444 offset += 2; /* Skip Byte Count (BCC) */
6448 if (dirn == 0) { /* Response(s) dissect code */
6450 /* Build display for: Word Count (WCT) */
6452 WordCount = GBYTE(pd, offset);
6456 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6460 offset += 1; /* Skip Word Count (WCT) */
6462 /* Build display for: Byte Count (BCC) */
6464 ByteCount = GSHORT(pd, offset);
6468 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6472 offset += 2; /* Skip Byte Count (BCC) */
6479 dissect_create_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6482 proto_tree *Attributes_tree;
6485 guint8 BufferFormat;
6487 guint16 CreationTime;
6490 const char *FileName;
6492 if (dirn == 1) { /* Request(s) dissect code */
6494 /* Build display for: Word Count (WCT) */
6496 WordCount = GBYTE(pd, offset);
6500 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6504 offset += 1; /* Skip Word Count (WCT) */
6506 /* Build display for: Attributes */
6508 Attributes = GSHORT(pd, offset);
6512 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Attributes: 0x%02x", Attributes);
6513 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
6514 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
6515 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
6516 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
6517 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
6518 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
6519 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
6520 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
6521 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
6522 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
6523 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
6524 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
6525 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
6529 offset += 2; /* Skip Attributes */
6531 /* Build display for: Creation Time */
6533 CreationTime = GSHORT(pd, offset);
6537 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Time: %s", dissect_dos_time(CreationTime));
6541 offset += 2; /* Skip Creation Time */
6543 /* Build display for: Byte Count (BCC) */
6545 ByteCount = GSHORT(pd, offset);
6549 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6553 offset += 2; /* Skip Byte Count (BCC) */
6555 /* Build display for: Buffer Format */
6557 BufferFormat = GBYTE(pd, offset);
6561 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
6565 offset += 1; /* Skip Buffer Format */
6567 /* Build display for: File Name */
6569 FileName = pd + offset;
6573 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
6577 offset += strlen(FileName) + 1; /* Skip File Name */
6581 if (dirn == 0) { /* Response(s) dissect code */
6583 /* Build display for: Word Count (WCT) */
6585 WordCount = GBYTE(pd, offset);
6589 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6593 offset += 1; /* Skip Word Count (WCT) */
6595 if (WordCount > 0) {
6597 /* Build display for: FID */
6599 FID = GSHORT(pd, offset);
6603 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
6607 offset += 2; /* Skip FID */
6611 /* Build display for: Byte Count (BCC) */
6613 ByteCount = GSHORT(pd, offset);
6617 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6621 offset += 2; /* Skip Byte Count (BCC) */
6628 dissect_search_dir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6632 guint8 BufferFormat2;
6633 guint8 BufferFormat1;
6634 guint8 BufferFormat;
6635 guint16 SearchAttributes;
6636 guint16 ResumeKeyLength;
6641 const char *FileName;
6643 if (dirn == 1) { /* Request(s) dissect code */
6645 /* Build display for: Word Count (WCT) */
6647 WordCount = GBYTE(pd, offset);
6651 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6655 offset += 1; /* Skip Word Count (WCT) */
6657 /* Build display for: Max Count */
6659 MaxCount = GSHORT(pd, offset);
6663 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
6667 offset += 2; /* Skip Max Count */
6669 /* Build display for: Search Attributes */
6671 SearchAttributes = GSHORT(pd, offset);
6675 proto_tree_add_text(tree, NullTVB, offset, 2, "Search Attributes: %u", SearchAttributes);
6679 offset += 2; /* Skip Search Attributes */
6681 /* Build display for: Byte Count (BCC) */
6683 ByteCount = GSHORT(pd, offset);
6687 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6691 offset += 2; /* Skip Byte Count (BCC) */
6693 /* Build display for: Buffer Format 1 */
6695 BufferFormat1 = GBYTE(pd, offset);
6699 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format 1: %u", BufferFormat1);
6703 offset += 1; /* Skip Buffer Format 1 */
6705 /* Build display for: File Name */
6707 FileName = pd + offset;
6711 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
6715 offset += strlen(FileName) + 1; /* Skip File Name */
6717 /* Build display for: Buffer Format 2 */
6719 BufferFormat2 = GBYTE(pd, offset);
6723 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format 2: %u", BufferFormat2);
6727 offset += 1; /* Skip Buffer Format 2 */
6729 /* Build display for: Resume Key Length */
6731 ResumeKeyLength = GSHORT(pd, offset);
6735 proto_tree_add_text(tree, NullTVB, offset, 2, "Resume Key Length: %u", ResumeKeyLength);
6739 offset += 2; /* Skip Resume Key Length */
6743 if (dirn == 0) { /* Response(s) dissect code */
6745 /* Build display for: Word Count (WCT) */
6747 WordCount = GBYTE(pd, offset);
6751 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6755 offset += 1; /* Skip Word Count (WCT) */
6757 if (WordCount > 0) {
6759 /* Build display for: Count */
6761 Count = GSHORT(pd, offset);
6765 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
6769 offset += 2; /* Skip Count */
6773 /* Build display for: Byte Count (BCC) */
6775 ByteCount = GSHORT(pd, offset);
6779 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6783 offset += 2; /* Skip Byte Count (BCC) */
6785 /* Build display for: Buffer Format */
6787 BufferFormat = GBYTE(pd, offset);
6791 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
6795 offset += 1; /* Skip Buffer Format */
6797 /* Build display for: Data Length */
6799 DataLength = GSHORT(pd, offset);
6803 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
6807 offset += 2; /* Skip Data Length */
6814 dissect_create_temporary_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6818 guint8 BufferFormat;
6821 guint16 CreationTime;
6822 guint16 CreationDate;
6824 const char *FileName;
6825 const char *DirectoryName;
6827 if (dirn == 1) { /* Request(s) dissect code */
6829 /* Build display for: Word Count (WCT) */
6831 WordCount = GBYTE(pd, offset);
6835 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6839 offset += 1; /* Skip Word Count (WCT) */
6841 /* Build display for: Reserved */
6843 Reserved = GSHORT(pd, offset);
6847 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
6851 offset += 2; /* Skip Reserved */
6853 /* Build display for: Creation Time */
6855 CreationTime = GSHORT(pd, offset);
6859 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Time: %s", dissect_dos_time(CreationTime));
6863 offset += 2; /* Skip Creation Time */
6865 /* Build display for: Creation Date */
6867 CreationDate = GSHORT(pd, offset);
6871 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Date: %s", dissect_dos_date(CreationDate));
6875 offset += 2; /* Skip Creation Date */
6877 /* Build display for: Byte Count (BCC) */
6879 ByteCount = GSHORT(pd, offset);
6883 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6887 offset += 2; /* Skip Byte Count (BCC) */
6889 /* Build display for: Buffer Format */
6891 BufferFormat = GBYTE(pd, offset);
6895 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
6899 offset += 1; /* Skip Buffer Format */
6901 /* Build display for: Directory Name */
6903 DirectoryName = pd + offset;
6907 proto_tree_add_text(tree, NullTVB, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
6911 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
6915 if (dirn == 0) { /* Response(s) dissect code */
6917 /* Build display for: Word Count (WCT) */
6919 WordCount = GBYTE(pd, offset);
6923 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6927 offset += 1; /* Skip Word Count (WCT) */
6929 if (WordCount > 0) {
6931 /* Build display for: FID */
6933 FID = GSHORT(pd, offset);
6937 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
6941 offset += 2; /* Skip FID */
6945 /* Build display for: Byte Count (BCC) */
6947 ByteCount = GSHORT(pd, offset);
6951 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6955 offset += 2; /* Skip Byte Count (BCC) */
6957 /* Build display for: Buffer Format */
6959 BufferFormat = GBYTE(pd, offset);
6963 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
6967 offset += 1; /* Skip Buffer Format */
6969 /* Build display for: File Name */
6971 FileName = pd + offset;
6975 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
6979 offset += strlen(FileName) + 1; /* Skip File Name */
6986 dissect_close_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6990 guint16 LastWriteTime;
6991 guint16 LastWriteDate;
6995 if (dirn == 1) { /* Request(s) dissect code */
6997 /* Build display for: Word Count (WCT) */
6999 WordCount = GBYTE(pd, offset);
7003 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7007 offset += 1; /* Skip Word Count (WCT) */
7009 /* Build display for: FID */
7011 FID = GSHORT(pd, offset);
7015 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
7019 offset += 2; /* Skip FID */
7021 /* Build display for: Last Write Time */
7023 LastWriteTime = GSHORT(pd, offset);
7027 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_dos_time(LastWriteTime));
7031 offset += 2; /* Skip Last Write Time */
7033 /* Build display for: Last Write Date */
7035 LastWriteDate = GSHORT(pd, offset);
7039 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_dos_date(LastWriteDate));
7043 offset += 2; /* Skip Last Write Date */
7045 /* Build display for: Byte Count (BCC) */
7047 ByteCount = GSHORT(pd, offset);
7051 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7055 offset += 2; /* Skip Byte Count (BCC) */
7059 if (dirn == 0) { /* Response(s) dissect code */
7061 /* Build display for: Word Count (WCT) */
7063 WordCount = GBYTE(pd, offset);
7067 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7071 offset += 1; /* Skip Word Count (WCT) */
7073 /* Build display for: Byte Count (BCC) */
7075 ByteCount = GSHORT(pd, offset);
7079 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7083 offset += 2; /* Skip Byte Count (BCC) */
7090 dissect_write_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7094 guint8 BufferFormat;
7099 if (dirn == 1) { /* Request(s) dissect code */
7101 /* Build display for: Word Count (WCT) */
7103 WordCount = GBYTE(pd, offset);
7107 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7111 offset += 1; /* Skip Word Count (WCT) */
7113 /* Build display for: FID */
7115 FID = GSHORT(pd, offset);
7119 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
7123 offset += 2; /* Skip FID */
7125 /* Build display for: Byte Count (BCC) */
7127 ByteCount = GSHORT(pd, offset);
7131 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7135 offset += 2; /* Skip Byte Count (BCC) */
7137 /* Build display for: Buffer Format */
7139 BufferFormat = GBYTE(pd, offset);
7143 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
7147 offset += 1; /* Skip Buffer Format */
7149 /* Build display for: Data Length */
7151 DataLength = GSHORT(pd, offset);
7155 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
7159 offset += 2; /* Skip Data Length */
7163 if (dirn == 0) { /* Response(s) dissect code */
7165 /* Build display for: Word Count (WCT) */
7167 WordCount = GBYTE(pd, offset);
7171 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7175 offset += 1; /* Skip Word Count (WCT) */
7177 /* Build display for: Byte Count (BCC) */
7179 ByteCount = GSHORT(pd, offset);
7183 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7187 offset += 2; /* Skip Byte Count (BCC) */
7194 dissect_lock_and_read_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7198 guint8 BufferFormat;
7210 if (dirn == 1) { /* Request(s) dissect code */
7212 /* Build display for: Word Count (WCT) */
7214 WordCount = GBYTE(pd, offset);
7218 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7222 offset += 1; /* Skip Word Count (WCT) */
7224 /* Build display for: FID */
7226 FID = GSHORT(pd, offset);
7230 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
7234 offset += 2; /* Skip FID */
7236 /* Build display for: Count */
7238 Count = GSHORT(pd, offset);
7242 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
7246 offset += 2; /* Skip Count */
7248 /* Build display for: Offset */
7250 Offset = GWORD(pd, offset);
7254 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
7258 offset += 4; /* Skip Offset */
7260 /* Build display for: Remaining */
7262 Remaining = GSHORT(pd, offset);
7266 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
7270 offset += 2; /* Skip Remaining */
7272 /* Build display for: Byte Count (BCC) */
7274 ByteCount = GSHORT(pd, offset);
7278 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7282 offset += 2; /* Skip Byte Count (BCC) */
7286 if (dirn == 0) { /* Response(s) dissect code */
7288 /* Build display for: Word Count (WCT) */
7290 WordCount = GBYTE(pd, offset);
7294 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7298 offset += 1; /* Skip Word Count (WCT) */
7300 if (WordCount > 0) {
7302 /* Build display for: Count */
7304 Count = GSHORT(pd, offset);
7308 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
7312 offset += 2; /* Skip Count */
7314 /* Build display for: Reserved 1 */
7316 Reserved1 = GSHORT(pd, offset);
7320 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
7324 offset += 2; /* Skip Reserved 1 */
7326 /* Build display for: Reserved 2 */
7328 Reserved2 = GSHORT(pd, offset);
7332 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 2: %u", Reserved2);
7336 offset += 2; /* Skip Reserved 2 */
7338 /* Build display for: Reserved 3 */
7340 Reserved3 = GSHORT(pd, offset);
7344 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 3: %u", Reserved3);
7348 offset += 2; /* Skip Reserved 3 */
7350 /* Build display for: Reserved 4 */
7352 Reserved4 = GSHORT(pd, offset);
7356 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 4: %u", Reserved4);
7360 offset += 2; /* Skip Reserved 4 */
7362 /* Build display for: Byte Count (BCC) */
7364 ByteCount = GSHORT(pd, offset);
7368 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7374 offset += 2; /* Skip Byte Count (BCC) */
7376 /* Build display for: Buffer Format */
7378 BufferFormat = GBYTE(pd, offset);
7382 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
7386 offset += 1; /* Skip Buffer Format */
7388 /* Build display for: Data Length */
7390 DataLength = GSHORT(pd, offset);
7394 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
7398 offset += 2; /* Skip Data Length */
7405 dissect_process_exit_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7411 if (dirn == 1) { /* Request(s) dissect code */
7413 /* Build display for: Word Count (WCT) */
7415 WordCount = GBYTE(pd, offset);
7419 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7423 offset += 1; /* Skip Word Count (WCT) */
7425 /* Build display for: Byte Count (BCC) */
7427 ByteCount = GSHORT(pd, offset);
7431 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7435 offset += 2; /* Skip Byte Count (BCC) */
7439 if (dirn == 0) { /* Response(s) dissect code */
7441 /* Build display for: Word Count (WCT) */
7443 WordCount = GBYTE(pd, offset);
7447 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7451 offset += 1; /* Skip Word Count (WCT) */
7453 /* Build display for: Byte Count (BCC) */
7455 ByteCount = GSHORT(pd, offset);
7459 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7463 offset += 2; /* Skip Byte Count (BCC) */
7470 dissect_get_file_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7473 proto_tree *Attributes_tree;
7476 guint8 BufferFormat;
7483 guint16 LastWriteTime;
7484 guint16 LastWriteDate;
7487 const char *FileName;
7489 if (dirn == 1) { /* Request(s) dissect code */
7491 /* Build display for: Word Count (WCT) */
7493 WordCount = GBYTE(pd, offset);
7497 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7501 offset += 1; /* Skip Word Count (WCT) */
7503 /* Build display for: Byte Count (BCC) */
7505 ByteCount = GSHORT(pd, offset);
7509 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7513 offset += 2; /* Skip Byte Count (BCC) */
7515 /* Build display for: Buffer Format */
7517 BufferFormat = GBYTE(pd, offset);
7521 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
7525 offset += 1; /* Skip Buffer Format */
7527 /* Build display for: File Name */
7529 FileName = pd + offset;
7533 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
7537 offset += strlen(FileName) + 1; /* Skip File Name */
7541 if (dirn == 0) { /* Response(s) dissect code */
7543 /* Build display for: Word Count (WCT) */
7545 WordCount = GBYTE(pd, offset);
7549 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7553 offset += 1; /* Skip Word Count (WCT) */
7555 if (WordCount > 0) {
7557 /* Build display for: Attributes */
7559 Attributes = GSHORT(pd, offset);
7563 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Attributes: 0x%02x", Attributes);
7564 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
7565 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7566 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
7567 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7568 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
7569 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7570 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
7571 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7572 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
7573 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7574 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
7575 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7576 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
7580 offset += 2; /* Skip Attributes */
7582 /* Build display for: Last Write Time */
7584 LastWriteTime = GSHORT(pd, offset);
7590 offset += 2; /* Skip Last Write Time */
7592 /* Build display for: Last Write Date */
7594 LastWriteDate = GSHORT(pd, offset);
7598 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_smbu_date(LastWriteDate, LastWriteTime));
7600 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_smbu_time(LastWriteDate, LastWriteTime));
7604 offset += 2; /* Skip Last Write Date */
7606 /* Build display for: File Size */
7608 FileSize = GWORD(pd, offset);
7612 proto_tree_add_text(tree, NullTVB, offset, 4, "File Size: %u", FileSize);
7616 offset += 4; /* Skip File Size */
7618 /* Build display for: Reserved 1 */
7620 Reserved1 = GSHORT(pd, offset);
7624 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
7628 offset += 2; /* Skip Reserved 1 */
7630 /* Build display for: Reserved 2 */
7632 Reserved2 = GSHORT(pd, offset);
7636 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 2: %u", Reserved2);
7640 offset += 2; /* Skip Reserved 2 */
7642 /* Build display for: Reserved 3 */
7644 Reserved3 = GSHORT(pd, offset);
7648 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 3: %u", Reserved3);
7652 offset += 2; /* Skip Reserved 3 */
7654 /* Build display for: Reserved 4 */
7656 Reserved4 = GSHORT(pd, offset);
7660 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 4: %u", Reserved4);
7664 offset += 2; /* Skip Reserved 4 */
7666 /* Build display for: Reserved 5 */
7668 Reserved5 = GSHORT(pd, offset);
7672 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 5: %u", Reserved5);
7676 offset += 2; /* Skip Reserved 5 */
7680 /* Build display for: Byte Count (BCC) */
7682 ByteCount = GSHORT(pd, offset);
7686 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7690 offset += 2; /* Skip Byte Count (BCC) */
7697 dissect_read_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7711 guint16 BufferFormat;
7713 if (dirn == 1) { /* Request(s) dissect code */
7715 /* Build display for: Word Count (WCT) */
7717 WordCount = GBYTE(pd, offset);
7721 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7725 offset += 1; /* Skip Word Count (WCT) */
7727 /* Build display for: FID */
7729 FID = GSHORT(pd, offset);
7733 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
7737 offset += 2; /* Skip FID */
7739 /* Build display for: Count */
7741 Count = GSHORT(pd, offset);
7745 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
7749 offset += 2; /* Skip Count */
7751 /* Build display for: Offset */
7753 Offset = GWORD(pd, offset);
7757 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
7761 offset += 4; /* Skip Offset */
7763 /* Build display for: Remaining */
7765 Remaining = GSHORT(pd, offset);
7769 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
7773 offset += 2; /* Skip Remaining */
7775 /* Build display for: Byte Count (BCC) */
7777 ByteCount = GSHORT(pd, offset);
7781 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7785 offset += 2; /* Skip Byte Count (BCC) */
7789 if (dirn == 0) { /* Response(s) dissect code */
7791 /* Build display for: Word Count (WCT) */
7793 WordCount = GBYTE(pd, offset);
7797 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7801 offset += 1; /* Skip Word Count (WCT) */
7803 if (WordCount > 0) {
7805 /* Build display for: Count */
7807 Count = GSHORT(pd, offset);
7811 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
7815 offset += 2; /* Skip Count */
7817 /* Build display for: Reserved 1 */
7819 Reserved1 = GSHORT(pd, offset);
7823 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
7827 offset += 2; /* Skip Reserved 1 */
7829 /* Build display for: Reserved 2 */
7831 Reserved2 = GSHORT(pd, offset);
7835 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 2: %u", Reserved2);
7839 offset += 2; /* Skip Reserved 2 */
7841 /* Build display for: Reserved 3 */
7843 Reserved3 = GSHORT(pd, offset);
7847 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 3: %u", Reserved3);
7851 offset += 2; /* Skip Reserved 3 */
7853 /* Build display for: Reserved 4 */
7855 Reserved4 = GSHORT(pd, offset);
7859 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 4: %u", Reserved4);
7863 offset += 2; /* Skip Reserved 4 */
7867 /* Build display for: Byte Count (BCC) */
7869 ByteCount = GSHORT(pd, offset);
7873 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7877 offset += 2; /* Skip Byte Count (BCC) */
7879 /* Build display for: Buffer Format */
7881 BufferFormat = GSHORT(pd, offset);
7885 proto_tree_add_text(tree, NullTVB, offset, 2, "Buffer Format: %u", BufferFormat);
7889 offset += 2; /* Skip Buffer Format */
7891 /* Build display for: Data Length */
7893 DataLength = GSHORT(pd, offset);
7897 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
7901 offset += 2; /* Skip Data Length */
7908 dissect_write_mpx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7911 proto_tree *WriteMode_tree;
7916 guint32 ResponseMask;
7917 guint32 RequestMask;
7926 if (dirn == 1) { /* Request(s) dissect code */
7928 /* Build display for: Word Count (WCT) */
7930 WordCount = GBYTE(pd, offset);
7934 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7938 offset += 1; /* Skip Word Count (WCT) */
7940 /* Build display for: FID */
7942 FID = GSHORT(pd, offset);
7946 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
7950 offset += 2; /* Skip FID */
7952 /* Build display for: Count */
7954 Count = GSHORT(pd, offset);
7958 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
7962 offset += 2; /* Skip Count */
7964 /* Build display for: Reserved 1 */
7966 Reserved1 = GSHORT(pd, offset);
7970 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
7974 offset += 2; /* Skip Reserved 1 */
7976 /* Build display for: Timeout */
7978 Timeout = GWORD(pd, offset);
7982 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
7986 offset += 4; /* Skip Timeout */
7988 /* Build display for: WriteMode */
7990 WriteMode = GSHORT(pd, offset);
7994 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "WriteMode: 0x%02x", WriteMode);
7995 WriteMode_tree = proto_item_add_subtree(ti, ett_smb_writemode);
7996 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
7997 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
7998 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
7999 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining", "Dont return Remaining"));
8000 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
8001 decode_boolean_bitfield(WriteMode, 0x40, 16, "Connectionless mode requested", "Connectionless mode not requested"));
8005 offset += 2; /* Skip WriteMode */
8007 /* Build display for: Request Mask */
8009 RequestMask = GWORD(pd, offset);
8013 proto_tree_add_text(tree, NullTVB, offset, 4, "Request Mask: %u", RequestMask);
8017 offset += 4; /* Skip Request Mask */
8019 /* Build display for: Data Length */
8021 DataLength = GSHORT(pd, offset);
8025 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
8029 offset += 2; /* Skip Data Length */
8031 /* Build display for: Data Offset */
8033 DataOffset = GSHORT(pd, offset);
8037 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
8041 offset += 2; /* Skip Data Offset */
8043 /* Build display for: Byte Count (BCC) */
8045 ByteCount = GSHORT(pd, offset);
8049 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8053 offset += 2; /* Skip Byte Count (BCC) */
8055 /* Build display for: Pad */
8057 Pad = GBYTE(pd, offset);
8061 proto_tree_add_text(tree, NullTVB, offset, 1, "Pad: %u", Pad);
8065 offset += 1; /* Skip Pad */
8069 if (dirn == 0) { /* Response(s) dissect code */
8071 /* Build display for: Word Count (WCT) */
8073 WordCount = GBYTE(pd, offset);
8077 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8081 offset += 1; /* Skip Word Count (WCT) */
8083 if (WordCount > 0) {
8085 /* Build display for: Response Mask */
8087 ResponseMask = GWORD(pd, offset);
8091 proto_tree_add_text(tree, NullTVB, offset, 4, "Response Mask: %u", ResponseMask);
8095 offset += 4; /* Skip Response Mask */
8097 /* Build display for: Byte Count (BCC) */
8099 ByteCount = GSHORT(pd, offset);
8103 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8109 offset += 2; /* Skip Byte Count (BCC) */
8116 dissect_find_close2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8123 if (dirn == 1) { /* Request(s) dissect code */
8125 /* Build display for: Word Count (WTC) */
8127 WordCount = GBYTE(pd, offset);
8131 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WTC): %u", WordCount);
8135 offset += 1; /* Skip Word Count (WTC) */
8137 /* Build display for: FID */
8139 FID = GSHORT(pd, offset);
8143 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
8147 offset += 2; /* Skip FID */
8149 /* Build display for: Byte Count (BCC) */
8151 ByteCount = GSHORT(pd, offset);
8155 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8159 offset += 2; /* Skip Byte Count (BCC) */
8163 if (dirn == 0) { /* Response(s) dissect code */
8165 /* Build display for: Word Count (WCT) */
8167 WordCount = GBYTE(pd, offset);
8171 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8175 offset += 1; /* Skip Word Count (WCT) */
8177 /* Build display for: Byte Count (BCC) */
8179 ByteCount = GBYTE(pd, offset);
8183 proto_tree_add_text(tree, NullTVB, offset, 1, "Byte Count (BCC): %u", ByteCount);
8187 offset += 1; /* Skip Byte Count (BCC) */
8193 char *trans2_cmd_names[] = {
8195 "TRANS2_FIND_FIRST2",
8196 "TRANS2_FIND_NEXT2",
8197 "TRANS2_QUERY_FS_INFORMATION",
8198 "TRANS2_QUERY_PATH_INFORMATION",
8199 "TRANS2_SET_PATH_INFORMATION",
8200 "TRANS2_QUERY_FILE_INFORMATION",
8201 "TRANS2_SET_FILE_INFORMATION",
8204 "TRANS2_FIND_NOTIFY_FIRST",
8205 "TRANS2_FIND_NOTIFY_NEXT",
8206 "TRANS2_CREATE_DIRECTORY",
8207 "TRANS2_SESSION_SETUP",
8208 "TRANS2_GET_DFS_REFERRAL",
8210 "TRANS2_REPORT_DFS_INCONSISTENCY"};
8212 char *decode_trans2_name(int code)
8215 if (code > 17 || code < 0) {
8217 return("no such command");
8221 return trans2_cmd_names[code];
8227 dissect_transact2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8230 proto_tree *Flags_tree;
8238 guint8 MaxSetupCount;
8241 guint16 TotalParameterCount;
8242 guint16 TotalDataCount;
8245 guint16 ParameterOffset;
8246 guint16 ParameterDisplacement;
8247 guint16 ParameterCount;
8248 guint16 MaxParameterCount;
8249 guint16 MaxDataCount;
8252 guint16 DataDisplacement;
8255 conversation_t *conversation;
8256 struct smb_request_key request_key, *new_request_key;
8257 struct smb_request_val *request_val;
8260 * Find out what conversation this packet is part of.
8261 * XXX - this should really be done by the transport-layer protocol,
8262 * although for connectionless transports, we may not want to do that
8263 * unless we know some higher-level protocol will want it - or we
8264 * may want to do it, so you can say e.g. "show only the packets in
8265 * this UDP 'connection'".
8267 * Note that we don't have to worry about the direction this packet
8268 * was going - the conversation code handles that for us, treating
8269 * packets from A:X to B:Y as being part of the same conversation as
8270 * packets from B:Y to A:X.
8272 conversation = find_conversation(&pi.src, &pi.dst, pi.ptype,
8273 pi.srcport, pi.destport);
8274 if (conversation == NULL) {
8275 /* It's not part of any conversation - create a new one. */
8276 conversation = conversation_new(&pi.src, &pi.dst, pi.ptype,
8277 pi.srcport, pi.destport, NULL);
8280 si.conversation = conversation; /* Save this for later */
8283 * Check for and insert entry in request hash table if does not exist
8285 request_key.conversation = conversation->index;
8286 request_key.mid = si.mid;
8288 request_val = (struct smb_request_val *) g_hash_table_lookup(smb_request_hash, &request_key);
8290 if (!request_val) { /* Create one */
8292 new_request_key = g_mem_chunk_alloc(smb_request_keys);
8293 new_request_key -> conversation = conversation->index;
8294 new_request_key -> mid = si.mid;
8296 request_val = g_mem_chunk_alloc(smb_request_vals);
8297 request_val -> mid = si.mid;
8298 request_val -> last_transact2_command = 0xFFFF;
8300 g_hash_table_insert(smb_request_hash, new_request_key, request_val);
8303 else { /* Update the transact request */
8305 request_val -> mid = si.mid;
8309 si.request_val = request_val; /* Save this for later */
8312 if (dirn == 1) { /* Request(s) dissect code */
8314 /* Build display for: Word Count (WCT) */
8316 WordCount = GBYTE(pd, offset);
8320 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8324 offset += 1; /* Skip Word Count (WCT) */
8326 /* Build display for: Total Parameter Count */
8328 TotalParameterCount = GSHORT(pd, offset);
8332 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
8336 offset += 2; /* Skip Total Parameter Count */
8338 /* Build display for: Total Data Count */
8340 TotalDataCount = GSHORT(pd, offset);
8344 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Data Count: %u", TotalDataCount);
8348 offset += 2; /* Skip Total Data Count */
8350 /* Build display for: Max Parameter Count */
8352 MaxParameterCount = GSHORT(pd, offset);
8356 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Parameter Count: %u", MaxParameterCount);
8360 offset += 2; /* Skip Max Parameter Count */
8362 /* Build display for: Max Data Count */
8364 MaxDataCount = GSHORT(pd, offset);
8368 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Data Count: %u", MaxDataCount);
8372 offset += 2; /* Skip Max Data Count */
8374 /* Build display for: Max Setup Count */
8376 MaxSetupCount = GBYTE(pd, offset);
8380 proto_tree_add_text(tree, NullTVB, offset, 1, "Max Setup Count: %u", MaxSetupCount);
8384 offset += 1; /* Skip Max Setup Count */
8386 /* Build display for: Reserved1 */
8388 Reserved1 = GBYTE(pd, offset);
8392 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved1: %u", Reserved1);
8396 offset += 1; /* Skip Reserved1 */
8398 /* Build display for: Flags */
8400 Flags = GSHORT(pd, offset);
8404 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Flags: 0x%02x", Flags);
8405 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
8406 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
8407 decode_boolean_bitfield(Flags, 0x01, 16, "Also disconnect TID", "Dont disconnect TID"));
8408 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
8409 decode_boolean_bitfield(Flags, 0x02, 16, "One way transaction", "Two way transaction"));
8413 offset += 2; /* Skip Flags */
8415 /* Build display for: Timeout */
8417 Timeout = GWORD(pd, offset);
8421 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
8425 offset += 4; /* Skip Timeout */
8427 /* Build display for: Reserved2 */
8429 Reserved2 = GSHORT(pd, offset);
8433 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved2: %u", Reserved2);
8437 offset += 2; /* Skip Reserved2 */
8439 /* Build display for: Parameter Count */
8441 ParameterCount = GSHORT(pd, offset);
8445 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Count: %u", ParameterCount);
8449 offset += 2; /* Skip Parameter Count */
8451 /* Build display for: Parameter Offset */
8453 ParameterOffset = GSHORT(pd, offset);
8457 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Offset: %u", ParameterOffset);
8461 offset += 2; /* Skip Parameter Offset */
8463 /* Build display for: Data Count */
8465 DataCount = GSHORT(pd, offset);
8469 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Count: %u", DataCount);
8473 offset += 2; /* Skip Data Count */
8475 /* Build display for: Data Offset */
8477 DataOffset = GSHORT(pd, offset);
8481 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
8485 offset += 2; /* Skip Data Offset */
8487 /* Build display for: Setup Count */
8489 SetupCount = GBYTE(pd, offset);
8493 proto_tree_add_text(tree, NullTVB, offset, 1, "Setup Count: %u", SetupCount);
8497 offset += 1; /* Skip Setup Count */
8499 /* Build display for: Reserved3 */
8501 Reserved3 = GBYTE(pd, offset);
8505 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved3: %u", Reserved3);
8509 offset += 1; /* Skip Reserved3 */
8511 /* Build display for: Setup */
8513 if (SetupCount > 0) {
8517 Setup = GSHORT(pd, offset);
8519 request_val -> last_transact2_command = Setup; /* Save for later */
8521 if (check_col(fd, COL_INFO)) {
8523 col_add_fstr(fd, COL_INFO, "%s %s", decode_trans2_name(Setup), (dirn ? "Request" : "Response"));
8527 for (i = 1; i <= SetupCount; i++) {
8530 Setup1 = GSHORT(pd, offset);
8534 proto_tree_add_text(tree, NullTVB, offset, 2, "Setup%i: %u", i, Setup1);
8538 offset += 2; /* Skip Setup */
8544 /* Build display for: Byte Count (BCC) */
8546 ByteCount = GSHORT(pd, offset);
8550 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8554 offset += 2; /* Skip Byte Count (BCC) */
8556 /* Build display for: Transact Name */
8560 proto_tree_add_text(tree, NullTVB, offset, 2, "Transact Name: %s", decode_trans2_name(Setup));
8566 /* Build display for: Pad1 */
8568 Pad1 = GBYTE(pd, offset);
8572 proto_tree_add_text(tree, NullTVB, offset, 1, "Pad1: %u", Pad1);
8576 offset += 1; /* Skip Pad1 */
8580 if (ParameterCount > 0) {
8582 /* Build display for: Parameters */
8586 proto_tree_add_text(tree, NullTVB, SMB_offset + ParameterOffset, ParameterCount, "Parameters: %s", format_text(pd + SMB_offset + ParameterOffset, ParameterCount));
8590 offset += ParameterCount; /* Skip Parameters */
8596 /* Build display for: Pad2 */
8598 Pad2 = GBYTE(pd, offset);
8602 proto_tree_add_text(tree, NullTVB, offset, 1, "Pad2: %u", Pad2);
8606 offset += 1; /* Skip Pad2 */
8610 if (DataCount > 0) {
8612 /* Build display for: Data */
8614 Data = GBYTE(pd, offset);
8618 proto_tree_add_text(tree, NullTVB, SMB_offset + DataOffset, DataCount, "Data: %s", format_text(&pd[offset], DataCount));
8622 offset += DataCount; /* Skip Data */
8627 if (dirn == 0) { /* Response(s) dissect code */
8629 /* Pick up the last transact2 command and put it in the right places */
8631 if (check_col(fd, COL_INFO)) {
8633 col_add_fstr(fd, COL_INFO, "%s %s", decode_trans2_name(request_val -> last_transact2_command), "response");
8637 /* Build display for: Word Count (WCT) */
8639 WordCount = GBYTE(pd, offset);
8643 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8647 offset += 1; /* Skip Word Count (WCT) */
8649 /* Build display for: Total Parameter Count */
8651 TotalParameterCount = GSHORT(pd, offset);
8655 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
8659 offset += 2; /* Skip Total Parameter Count */
8661 /* Build display for: Total Data Count */
8663 TotalDataCount = GSHORT(pd, offset);
8667 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Data Count: %u", TotalDataCount);
8671 offset += 2; /* Skip Total Data Count */
8673 /* Build display for: Reserved2 */
8675 Reserved2 = GSHORT(pd, offset);
8679 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved2: %u", Reserved2);
8683 offset += 2; /* Skip Reserved2 */
8685 /* Build display for: Parameter Count */
8687 ParameterCount = GSHORT(pd, offset);
8691 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Count: %u", ParameterCount);
8695 offset += 2; /* Skip Parameter Count */
8697 /* Build display for: Parameter Offset */
8699 ParameterOffset = GSHORT(pd, offset);
8703 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Offset: %u", ParameterOffset);
8707 offset += 2; /* Skip Parameter Offset */
8709 /* Build display for: Parameter Displacement */
8711 ParameterDisplacement = GSHORT(pd, offset);
8715 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Displacement: %u", ParameterDisplacement);
8719 offset += 2; /* Skip Parameter Displacement */
8721 /* Build display for: Data Count */
8723 DataCount = GSHORT(pd, offset);
8727 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Count: %u", DataCount);
8731 offset += 2; /* Skip Data Count */
8733 /* Build display for: Data Offset */
8735 DataOffset = GSHORT(pd, offset);
8739 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
8743 offset += 2; /* Skip Data Offset */
8745 /* Build display for: Data Displacement */
8747 DataDisplacement = GSHORT(pd, offset);
8751 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Displacement: %u", DataDisplacement);
8755 offset += 2; /* Skip Data Displacement */
8757 /* Build display for: Setup Count */
8759 SetupCount = GBYTE(pd, offset);
8763 proto_tree_add_text(tree, NullTVB, offset, 1, "Setup Count: %u", SetupCount);
8767 offset += 1; /* Skip Setup Count */
8769 /* Build display for: Reserved3 */
8771 Reserved3 = GBYTE(pd, offset);
8775 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved3: %u", Reserved3);
8779 offset += 1; /* Skip Reserved3 */
8781 /* Build display for: Setup */
8783 Setup = GSHORT(pd, offset);
8787 proto_tree_add_text(tree, NullTVB, offset, 2, "Setup: %u", Setup);
8791 offset += 2; /* Skip Setup */
8793 /* Build display for: Byte Count (BCC) */
8795 ByteCount = GSHORT(pd, offset);
8799 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8803 offset += 2; /* Skip Byte Count (BCC) */
8805 /* Build display for: Pad1 */
8807 Pad1 = GBYTE(pd, offset);
8811 proto_tree_add_text(tree, NullTVB, offset, 1, "Pad1: %u", Pad1);
8815 offset += 1; /* Skip Pad1 */
8817 /* Build display for: Parameter */
8819 if (ParameterCount > 0) {
8823 proto_tree_add_text(tree, NullTVB, offset, ParameterCount, "Parameter: %s", format_text(pd + SMB_offset + ParameterOffset, ParameterCount));
8827 offset += ParameterCount; /* Skip Parameter */
8831 /* Build display for: Pad2 */
8833 Pad2 = GBYTE(pd, offset);
8837 proto_tree_add_text(tree, NullTVB, offset, 1, "Pad2: %u", Pad2);
8841 offset += 1; /* Skip Pad2 */
8843 /* Build display for: Data */
8845 if (DataCount > 0) {
8849 proto_tree_add_text(tree, NullTVB, offset, DataCount, "Data: %s", format_text(pd + SMB_offset + DataOffset, DataCount));
8853 offset += DataCount; /* Skip Data */
8863 dissect_transact_params(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn, int DataOffset, int DataCount, int ParameterOffset, int ParameterCount, int SetupAreaOffset, int SetupCount, const char *TransactName)
8865 char *TransactNameCopy;
8866 char *trans_type = NULL, *trans_cmd, *loc_of_slash = NULL;
8874 TransactNameCopy = g_malloc(strlen(TransactName) + 1);
8876 /* Should check for error here ... */
8878 strcpy(TransactNameCopy, TransactName);
8879 if (TransactNameCopy[0] == '\\') {
8880 trans_type = TransactNameCopy + 1; /* Skip the slash */
8881 loc_of_slash = strchr(trans_type, '\\');
8885 index = loc_of_slash - trans_type; /* Make it a real index */
8886 trans_cmd = trans_type + index + 1;
8887 trans_type[index] = '\0';
8892 if ((trans_cmd == NULL) ||
8893 (((strcmp(trans_type, "MAILSLOT") != 0) ||
8894 !dissect_mailslot_smb(pd, SetupAreaOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, trans_cmd, SMB_offset + DataOffset, DataCount, SMB_offset + ParameterOffset, ParameterCount)) &&
8895 ((strcmp(trans_type, "PIPE") != 0) ||
8896 !dissect_pipe_smb(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, trans_cmd, DataOffset, DataCount, ParameterOffset, ParameterCount)))) {
8898 if (ParameterCount > 0) {
8900 /* Build display for: Parameters */
8904 proto_tree_add_text(tree, NullTVB, SMB_offset + ParameterOffset, ParameterCount, "Parameters: %s", format_text(pd + SMB_offset + ParameterOffset, ParameterCount));
8908 offset = SMB_offset + ParameterOffset + ParameterCount; /* Skip Parameters */
8914 /* Build display for: Pad2 */
8916 Pad2 = GBYTE(pd, offset);
8920 proto_tree_add_text(tree, NullTVB, offset, 1, "Pad2: %u: %u", Pad2, offset);
8924 offset += 1; /* Skip Pad2 */
8928 if (DataCount > 0) {
8930 /* Build display for: Data */
8932 Data = pd + SMB_offset + DataOffset;
8936 proto_tree_add_text(tree, NullTVB, SMB_offset + DataOffset, DataCount, "Data: %s", format_text(pd + SMB_offset + DataOffset, DataCount));
8940 offset += DataCount; /* Skip Data */
8948 dissect_transact_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8951 proto_tree *Flags_tree;
8958 guint8 MaxSetupCount;
8960 guint16 TotalParameterCount;
8961 guint16 TotalDataCount;
8964 guint16 ParameterOffset;
8965 guint16 ParameterDisplacement;
8966 guint16 ParameterCount;
8967 guint16 MaxParameterCount;
8968 guint16 MaxDataCount;
8971 guint16 DataDisplacement;
8975 const char *TransactName;
8976 conversation_t *conversation;
8977 struct smb_request_key request_key, *new_request_key;
8978 struct smb_request_val *request_val;
8980 guint16 SetupAreaOffset;
8984 * Find out what conversation this packet is part of
8987 conversation = find_conversation(&pi.src, &pi.dst, pi.ptype,
8988 pi.srcport, pi.destport);
8990 if (conversation == NULL) { /* Create a new conversation */
8992 conversation = conversation_new(&pi.src, &pi.dst, pi.ptype,
8993 pi.srcport, pi.destport, NULL);
8997 si.conversation = conversation; /* Save this */
9000 * Check for and insert entry in request hash table if does not exist
9002 request_key.conversation = conversation->index;
9003 request_key.mid = si.mid;
9005 request_val = (struct smb_request_val *) g_hash_table_lookup(smb_request_hash, &request_key);
9007 if (!request_val) { /* Create one */
9009 new_request_key = g_mem_chunk_alloc(smb_request_keys);
9010 new_request_key -> conversation = conversation -> index;
9011 new_request_key -> mid = si.mid;
9013 request_val = g_mem_chunk_alloc(smb_request_vals);
9014 request_val -> mid = si.mid;
9015 request_val -> last_transact_command = NULL;
9016 request_val -> last_param_descrip = NULL;
9017 request_val -> last_data_descrip = NULL;
9019 g_hash_table_insert(smb_request_hash, new_request_key, request_val);
9023 si.request_val = request_val; /* Save this for later */
9025 if (dirn == 1) { /* Request(s) dissect code */
9027 /* Build display for: Word Count (WCT) */
9029 WordCount = GBYTE(pd, offset);
9033 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
9037 offset += 1; /* Skip Word Count (WCT) */
9039 /* Build display for: Total Parameter Count */
9041 TotalParameterCount = GSHORT(pd, offset);
9045 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
9049 offset += 2; /* Skip Total Parameter Count */
9051 /* Build display for: Total Data Count */
9053 TotalDataCount = GSHORT(pd, offset);
9057 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Data Count: %u", TotalDataCount);
9061 offset += 2; /* Skip Total Data Count */
9063 /* Build display for: Max Parameter Count */
9065 MaxParameterCount = GSHORT(pd, offset);
9069 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Parameter Count: %u", MaxParameterCount);
9073 offset += 2; /* Skip Max Parameter Count */
9075 /* Build display for: Max Data Count */
9077 MaxDataCount = GSHORT(pd, offset);
9081 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Data Count: %u", MaxDataCount);
9085 offset += 2; /* Skip Max Data Count */
9087 /* Build display for: Max Setup Count */
9089 MaxSetupCount = GBYTE(pd, offset);
9093 proto_tree_add_text(tree, NullTVB, offset, 1, "Max Setup Count: %u", MaxSetupCount);
9097 offset += 1; /* Skip Max Setup Count */
9099 /* Build display for: Reserved1 */
9101 Reserved1 = GBYTE(pd, offset);
9105 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved1: %u", Reserved1);
9109 offset += 1; /* Skip Reserved1 */
9111 /* Build display for: Flags */
9113 Flags = GSHORT(pd, offset);
9117 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Flags: 0x%02x", Flags);
9118 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
9119 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
9120 decode_boolean_bitfield(Flags, 0x01, 16, "Also disconnect TID", "Dont disconnect TID"));
9121 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
9122 decode_boolean_bitfield(Flags, 0x02, 16, "One way transaction", "Two way transaction"));
9126 offset += 2; /* Skip Flags */
9128 /* Build display for: Timeout */
9130 Timeout = GWORD(pd, offset);
9134 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
9138 offset += 4; /* Skip Timeout */
9140 /* Build display for: Reserved2 */
9142 Reserved2 = GSHORT(pd, offset);
9146 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved2: %u", Reserved2);
9150 offset += 2; /* Skip Reserved2 */
9152 /* Build display for: Parameter Count */
9154 ParameterCount = GSHORT(pd, offset);
9158 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Count: %u", ParameterCount);
9162 offset += 2; /* Skip Parameter Count */
9164 /* Build display for: Parameter Offset */
9166 ParameterOffset = GSHORT(pd, offset);
9170 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Offset: %u", ParameterOffset);
9174 offset += 2; /* Skip Parameter Offset */
9176 /* Build display for: Data Count */
9178 DataCount = GSHORT(pd, offset);
9182 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Count: %u", DataCount);
9186 offset += 2; /* Skip Data Count */
9188 /* Build display for: Data Offset */
9190 DataOffset = GSHORT(pd, offset);
9194 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
9198 offset += 2; /* Skip Data Offset */
9200 /* Build display for: Setup Count */
9202 SetupCount = GBYTE(pd, offset);
9206 proto_tree_add_text(tree, NullTVB, offset, 1, "Setup Count: %u", SetupCount);
9210 offset += 1; /* Skip Setup Count */
9212 /* Build display for: Reserved3 */
9214 Reserved3 = GBYTE(pd, offset);
9218 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved3: %u", Reserved3);
9221 offset += 1; /* Skip Reserved3 */
9223 SetupAreaOffset = offset;
9225 /* Build display for: Setup */
9227 if (SetupCount > 0) {
9231 Setup = GSHORT(pd, offset);
9233 for (i = 1; i <= SetupCount; i++) {
9235 Setup = GSHORT(pd, offset);
9239 proto_tree_add_text(tree, NullTVB, offset, 2, "Setup%i: %u", i, Setup);
9243 offset += 2; /* Skip Setup */
9249 /* Build display for: Byte Count (BCC) */
9251 ByteCount = GSHORT(pd, offset);
9255 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
9259 offset += 2; /* Skip Byte Count (BCC) */
9261 /* Build display for: Transact Name */
9263 /* Watch out for Unicode names */
9267 if (offset % 2) offset++; /* Looks like a pad byte there sometimes */
9269 TransactName = unicode_to_str(pd + offset, &TNlen);
9274 TransactName = pd + offset;
9275 TNlen = strlen(TransactName) + 1;
9278 if (request_val -> last_transact_command) g_free(request_val -> last_transact_command);
9280 request_val -> last_transact_command = g_malloc(strlen(TransactName) + 1);
9282 if (request_val -> last_transact_command)
9283 strcpy(request_val -> last_transact_command, TransactName);
9285 if (check_col(fd, COL_INFO)) {
9287 col_add_fstr(fd, COL_INFO, "%s %s", TransactName, (dirn ? "Request" : "Response"));
9293 proto_tree_add_text(tree, NullTVB, offset, TNlen, "Transact Name: %s", TransactName);
9297 offset += TNlen; /* Skip Transact Name */
9298 if (si.unicode) offset += 2; /* There are two more extraneous bytes there*/
9302 /* Build display for: Pad1 */
9304 Pad1 = GBYTE(pd, offset);
9308 proto_tree_add_text(tree, NullTVB, offset, 1, "Pad1: %u", Pad1);
9312 offset += 1; /* Skip Pad1 */
9316 /* Let's see if we can decode this */
9318 dissect_transact_params(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, DataOffset, DataCount, ParameterOffset, ParameterCount, SetupAreaOffset, SetupCount, TransactName);
9322 if (dirn == 0) { /* Response(s) dissect code */
9324 if (check_col(fd, COL_INFO)) {
9325 if ( request_val -> last_transact_command )
9326 col_add_fstr(fd, COL_INFO, "%s %s", request_val -> last_transact_command, "Response");
9327 else col_add_fstr(fd, COL_INFO, "Response to unknown message");
9331 /* Build display for: Word Count (WCT) */
9333 WordCount = GBYTE(pd, offset);
9337 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
9341 offset += 1; /* Skip Word Count (WCT) */
9343 /* Build display for: Total Parameter Count */
9345 TotalParameterCount = GSHORT(pd, offset);
9349 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
9353 offset += 2; /* Skip Total Parameter Count */
9355 /* Build display for: Total Data Count */
9357 TotalDataCount = GSHORT(pd, offset);
9361 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Data Count: %u", TotalDataCount);
9365 offset += 2; /* Skip Total Data Count */
9367 /* Build display for: Reserved2 */
9369 Reserved2 = GSHORT(pd, offset);
9373 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved2: %u", Reserved2);
9377 offset += 2; /* Skip Reserved2 */
9379 /* Build display for: Parameter Count */
9381 ParameterCount = GSHORT(pd, offset);
9385 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Count: %u", ParameterCount);
9389 offset += 2; /* Skip Parameter Count */
9391 /* Build display for: Parameter Offset */
9393 ParameterOffset = GSHORT(pd, offset);
9397 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Offset: %u", ParameterOffset);
9401 offset += 2; /* Skip Parameter Offset */
9403 /* Build display for: Parameter Displacement */
9405 ParameterDisplacement = GSHORT(pd, offset);
9409 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Displacement: %u", ParameterDisplacement);
9413 offset += 2; /* Skip Parameter Displacement */
9415 /* Build display for: Data Count */
9417 DataCount = GSHORT(pd, offset);
9421 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Count: %u", DataCount);
9425 offset += 2; /* Skip Data Count */
9427 /* Build display for: Data Offset */
9429 DataOffset = GSHORT(pd, offset);
9433 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
9437 offset += 2; /* Skip Data Offset */
9439 /* Build display for: Data Displacement */
9441 DataDisplacement = GSHORT(pd, offset);
9445 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Displacement: %u", DataDisplacement);
9449 offset += 2; /* Skip Data Displacement */
9451 /* Build display for: Setup Count */
9453 SetupCount = GBYTE(pd, offset);
9457 proto_tree_add_text(tree, NullTVB, offset, 1, "Setup Count: %u", SetupCount);
9461 offset += 1; /* Skip Setup Count */
9464 /* Build display for: Reserved3 */
9466 Reserved3 = GBYTE(pd, offset);
9470 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved3: %u", Reserved3);
9475 offset += 1; /* Skip Reserved3 */
9477 SetupAreaOffset = offset;
9479 /* Build display for: Setup */
9481 if (SetupCount > 0) {
9483 /* Hmmm, should code for all setup words ... */
9485 Setup = GSHORT(pd, offset);
9489 proto_tree_add_text(tree, NullTVB, offset, 2, "Setup: %u", Setup);
9493 offset += 2; /* Skip Setup */
9497 /* Build display for: Byte Count (BCC) */
9499 ByteCount = GSHORT(pd, offset);
9503 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
9507 offset += 2; /* Skip Byte Count (BCC) */
9509 /* Build display for: Pad1 */
9513 Pad1 = GBYTE(pd, offset);
9517 proto_tree_add_text(tree, NullTVB, offset, 1, "Pad1: %u", Pad1);
9521 offset += 1; /* Skip Pad1 */
9525 dissect_transact_params(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, DataOffset, DataCount, ParameterOffset, ParameterCount, SetupAreaOffset, SetupCount, si.request_val -> last_transact_command);
9535 void (*dissect[256])(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info, int, int, int, int) = {
9537 dissect_unknown_smb, /* unknown SMB 0x00 */
9538 dissect_unknown_smb, /* unknown SMB 0x01 */
9539 dissect_unknown_smb, /* SMBopen open a file */
9540 dissect_create_file_smb, /* SMBcreate create a file */
9541 dissect_close_smb, /* SMBclose close a file */
9542 dissect_flush_file_smb, /* SMBflush flush a file */
9543 dissect_delete_file_smb, /* SMBunlink delete a file */
9544 dissect_rename_file_smb, /* SMBmv rename a file */
9545 dissect_get_file_attr_smb,/* SMBgetatr get file attributes */
9546 dissect_set_file_attr_smb,/* SMBsetatr set file attributes */
9547 dissect_read_file_smb, /* SMBread read from a file */
9548 dissect_write_file_smb, /* SMBwrite write to a file */
9549 dissect_lock_bytes_smb, /* SMBlock lock a byte range */
9550 dissect_unlock_bytes_smb, /* SMBunlock unlock a byte range */
9551 dissect_create_temporary_file_smb,/* SMBctemp create a temporary file */
9552 dissect_unknown_smb, /* SMBmknew make a new file */
9553 dissect_checkdir_smb, /* SMBchkpth check a directory path */
9554 dissect_process_exit_smb, /* SMBexit process exit */
9555 dissect_unknown_smb, /* SMBlseek seek */
9556 dissect_lock_and_read_smb,/* SMBlockread Lock a range and read it */
9557 dissect_write_and_unlock_smb,/* SMBwriteunlock Unlock a range and then write */
9558 dissect_unknown_smb, /* unknown SMB 0x15 */
9559 dissect_unknown_smb, /* unknown SMB 0x16 */
9560 dissect_unknown_smb, /* unknown SMB 0x17 */
9561 dissect_unknown_smb, /* unknown SMB 0x18 */
9562 dissect_unknown_smb, /* unknown SMB 0x19 */
9563 dissect_read_raw_smb, /* SMBreadBraw read block raw */
9564 dissect_read_mpx_smb, /* SMBreadBmpx read block multiplexed */
9565 dissect_unknown_smb, /* SMBreadBs read block (secondary response) */
9566 dissect_write_raw_smb, /* SMBwriteBraw write block raw */
9567 dissect_write_mpx_smb, /* SMBwriteBmpx write block multiplexed */
9568 dissect_unknown_smb, /* SMBwriteBs write block (secondary request) */
9569 dissect_unknown_smb, /* SMBwriteC write complete response */
9570 dissect_unknown_smb, /* unknown SMB 0x21 */
9571 dissect_set_info2_smb, /* SMBsetattrE set file attributes expanded */
9572 dissect_query_info2_smb, /* SMBgetattrE get file attributes expanded */
9573 dissect_locking_andx_smb, /* SMBlockingX lock/unlock byte ranges and X */
9574 dissect_transact_smb, /* SMBtrans transaction - name, bytes in/out */
9575 dissect_unknown_smb, /* SMBtranss transaction (secondary request/response) */
9576 dissect_unknown_smb, /* SMBioctl IOCTL */
9577 dissect_unknown_smb, /* SMBioctls IOCTL (secondary request/response) */
9578 dissect_unknown_smb, /* SMBcopy copy */
9579 dissect_move_smb, /* SMBmove move */
9580 dissect_unknown_smb, /* SMBecho echo */
9581 dissect_unknown_smb, /* SMBwriteclose write a file and then close it */
9582 dissect_open_andx_smb, /* SMBopenX open and X */
9583 dissect_unknown_smb, /* SMBreadX read and X */
9584 dissect_unknown_smb, /* SMBwriteX write and X */
9585 dissect_unknown_smb, /* unknown SMB 0x30 */
9586 dissect_unknown_smb, /* unknown SMB 0x31 */
9587 dissect_transact2_smb, /* unknown SMB 0x32 */
9588 dissect_unknown_smb, /* unknown SMB 0x33 */
9589 dissect_find_close2_smb, /* unknown SMB 0x34 */
9590 dissect_unknown_smb, /* unknown SMB 0x35 */
9591 dissect_unknown_smb, /* unknown SMB 0x36 */
9592 dissect_unknown_smb, /* unknown SMB 0x37 */
9593 dissect_unknown_smb, /* unknown SMB 0x38 */
9594 dissect_unknown_smb, /* unknown SMB 0x39 */
9595 dissect_unknown_smb, /* unknown SMB 0x3a */
9596 dissect_unknown_smb, /* unknown SMB 0x3b */
9597 dissect_unknown_smb, /* unknown SMB 0x3c */
9598 dissect_unknown_smb, /* unknown SMB 0x3d */
9599 dissect_unknown_smb, /* unknown SMB 0x3e */
9600 dissect_unknown_smb, /* unknown SMB 0x3f */
9601 dissect_unknown_smb, /* unknown SMB 0x40 */
9602 dissect_unknown_smb, /* unknown SMB 0x41 */
9603 dissect_unknown_smb, /* unknown SMB 0x42 */
9604 dissect_unknown_smb, /* unknown SMB 0x43 */
9605 dissect_unknown_smb, /* unknown SMB 0x44 */
9606 dissect_unknown_smb, /* unknown SMB 0x45 */
9607 dissect_unknown_smb, /* unknown SMB 0x46 */
9608 dissect_unknown_smb, /* unknown SMB 0x47 */
9609 dissect_unknown_smb, /* unknown SMB 0x48 */
9610 dissect_unknown_smb, /* unknown SMB 0x49 */
9611 dissect_unknown_smb, /* unknown SMB 0x4a */
9612 dissect_unknown_smb, /* unknown SMB 0x4b */
9613 dissect_unknown_smb, /* unknown SMB 0x4c */
9614 dissect_unknown_smb, /* unknown SMB 0x4d */
9615 dissect_unknown_smb, /* unknown SMB 0x4e */
9616 dissect_unknown_smb, /* unknown SMB 0x4f */
9617 dissect_unknown_smb, /* unknown SMB 0x50 */
9618 dissect_unknown_smb, /* unknown SMB 0x51 */
9619 dissect_unknown_smb, /* unknown SMB 0x52 */
9620 dissect_unknown_smb, /* unknown SMB 0x53 */
9621 dissect_unknown_smb, /* unknown SMB 0x54 */
9622 dissect_unknown_smb, /* unknown SMB 0x55 */
9623 dissect_unknown_smb, /* unknown SMB 0x56 */
9624 dissect_unknown_smb, /* unknown SMB 0x57 */
9625 dissect_unknown_smb, /* unknown SMB 0x58 */
9626 dissect_unknown_smb, /* unknown SMB 0x59 */
9627 dissect_unknown_smb, /* unknown SMB 0x5a */
9628 dissect_unknown_smb, /* unknown SMB 0x5b */
9629 dissect_unknown_smb, /* unknown SMB 0x5c */
9630 dissect_unknown_smb, /* unknown SMB 0x5d */
9631 dissect_unknown_smb, /* unknown SMB 0x5e */
9632 dissect_unknown_smb, /* unknown SMB 0x5f */
9633 dissect_unknown_smb, /* unknown SMB 0x60 */
9634 dissect_unknown_smb, /* unknown SMB 0x61 */
9635 dissect_unknown_smb, /* unknown SMB 0x62 */
9636 dissect_unknown_smb, /* unknown SMB 0x63 */
9637 dissect_unknown_smb, /* unknown SMB 0x64 */
9638 dissect_unknown_smb, /* unknown SMB 0x65 */
9639 dissect_unknown_smb, /* unknown SMB 0x66 */
9640 dissect_unknown_smb, /* unknown SMB 0x67 */
9641 dissect_unknown_smb, /* unknown SMB 0x68 */
9642 dissect_unknown_smb, /* unknown SMB 0x69 */
9643 dissect_unknown_smb, /* unknown SMB 0x6a */
9644 dissect_unknown_smb, /* unknown SMB 0x6b */
9645 dissect_unknown_smb, /* unknown SMB 0x6c */
9646 dissect_unknown_smb, /* unknown SMB 0x6d */
9647 dissect_unknown_smb, /* unknown SMB 0x6e */
9648 dissect_unknown_smb, /* unknown SMB 0x6f */
9649 dissect_treecon_smb, /* SMBtcon tree connect */
9650 dissect_tdis_smb, /* SMBtdis tree disconnect */
9651 dissect_negprot_smb, /* SMBnegprot negotiate a protocol */
9652 dissect_ssetup_andx_smb, /* SMBsesssetupX Session Set Up & X (including User Logon) */
9653 dissect_logoff_andx_smb, /* SMBlogof Logoff & X */
9654 dissect_tcon_andx_smb, /* SMBtconX tree connect and X */
9655 dissect_unknown_smb, /* unknown SMB 0x76 */
9656 dissect_unknown_smb, /* unknown SMB 0x77 */
9657 dissect_unknown_smb, /* unknown SMB 0x78 */
9658 dissect_unknown_smb, /* unknown SMB 0x79 */
9659 dissect_unknown_smb, /* unknown SMB 0x7a */
9660 dissect_unknown_smb, /* unknown SMB 0x7b */
9661 dissect_unknown_smb, /* unknown SMB 0x7c */
9662 dissect_unknown_smb, /* unknown SMB 0x7d */
9663 dissect_unknown_smb, /* unknown SMB 0x7e */
9664 dissect_unknown_smb, /* unknown SMB 0x7f */
9665 dissect_get_disk_attr_smb,/* SMBdskattr get disk attributes */
9666 dissect_search_dir_smb, /* SMBsearch search a directory */
9667 dissect_unknown_smb, /* SMBffirst find first */
9668 dissect_unknown_smb, /* SMBfunique find unique */
9669 dissect_unknown_smb, /* SMBfclose find close */
9670 dissect_unknown_smb, /* unknown SMB 0x85 */
9671 dissect_unknown_smb, /* unknown SMB 0x86 */
9672 dissect_unknown_smb, /* unknown SMB 0x87 */
9673 dissect_unknown_smb, /* unknown SMB 0x88 */
9674 dissect_unknown_smb, /* unknown SMB 0x89 */
9675 dissect_unknown_smb, /* unknown SMB 0x8a */
9676 dissect_unknown_smb, /* unknown SMB 0x8b */
9677 dissect_unknown_smb, /* unknown SMB 0x8c */
9678 dissect_unknown_smb, /* unknown SMB 0x8d */
9679 dissect_unknown_smb, /* unknown SMB 0x8e */
9680 dissect_unknown_smb, /* unknown SMB 0x8f */
9681 dissect_unknown_smb, /* unknown SMB 0x90 */
9682 dissect_unknown_smb, /* unknown SMB 0x91 */
9683 dissect_unknown_smb, /* unknown SMB 0x92 */
9684 dissect_unknown_smb, /* unknown SMB 0x93 */
9685 dissect_unknown_smb, /* unknown SMB 0x94 */
9686 dissect_unknown_smb, /* unknown SMB 0x95 */
9687 dissect_unknown_smb, /* unknown SMB 0x96 */
9688 dissect_unknown_smb, /* unknown SMB 0x97 */
9689 dissect_unknown_smb, /* unknown SMB 0x98 */
9690 dissect_unknown_smb, /* unknown SMB 0x99 */
9691 dissect_unknown_smb, /* unknown SMB 0x9a */
9692 dissect_unknown_smb, /* unknown SMB 0x9b */
9693 dissect_unknown_smb, /* unknown SMB 0x9c */
9694 dissect_unknown_smb, /* unknown SMB 0x9d */
9695 dissect_unknown_smb, /* unknown SMB 0x9e */
9696 dissect_unknown_smb, /* unknown SMB 0x9f */
9697 dissect_unknown_smb, /* unknown SMB 0xa0 */
9698 dissect_unknown_smb, /* unknown SMB 0xa1 */
9699 dissect_unknown_smb, /* unknown SMB 0xa2 */
9700 dissect_unknown_smb, /* unknown SMB 0xa3 */
9701 dissect_unknown_smb, /* unknown SMB 0xa4 */
9702 dissect_unknown_smb, /* unknown SMB 0xa5 */
9703 dissect_unknown_smb, /* unknown SMB 0xa6 */
9704 dissect_unknown_smb, /* unknown SMB 0xa7 */
9705 dissect_unknown_smb, /* unknown SMB 0xa8 */
9706 dissect_unknown_smb, /* unknown SMB 0xa9 */
9707 dissect_unknown_smb, /* unknown SMB 0xaa */
9708 dissect_unknown_smb, /* unknown SMB 0xab */
9709 dissect_unknown_smb, /* unknown SMB 0xac */
9710 dissect_unknown_smb, /* unknown SMB 0xad */
9711 dissect_unknown_smb, /* unknown SMB 0xae */
9712 dissect_unknown_smb, /* unknown SMB 0xaf */
9713 dissect_unknown_smb, /* unknown SMB 0xb0 */
9714 dissect_unknown_smb, /* unknown SMB 0xb1 */
9715 dissect_unknown_smb, /* unknown SMB 0xb2 */
9716 dissect_unknown_smb, /* unknown SMB 0xb3 */
9717 dissect_unknown_smb, /* unknown SMB 0xb4 */
9718 dissect_unknown_smb, /* unknown SMB 0xb5 */
9719 dissect_unknown_smb, /* unknown SMB 0xb6 */
9720 dissect_unknown_smb, /* unknown SMB 0xb7 */
9721 dissect_unknown_smb, /* unknown SMB 0xb8 */
9722 dissect_unknown_smb, /* unknown SMB 0xb9 */
9723 dissect_unknown_smb, /* unknown SMB 0xba */
9724 dissect_unknown_smb, /* unknown SMB 0xbb */
9725 dissect_unknown_smb, /* unknown SMB 0xbc */
9726 dissect_unknown_smb, /* unknown SMB 0xbd */
9727 dissect_unknown_smb, /* unknown SMB 0xbe */
9728 dissect_unknown_smb, /* unknown SMB 0xbf */
9729 dissect_unknown_smb, /* SMBsplopen open a print spool file */
9730 dissect_write_print_file_smb,/* SMBsplwr write to a print spool file */
9731 dissect_close_print_file_smb,/* SMBsplclose close a print spool file */
9732 dissect_get_print_queue_smb, /* SMBsplretq return print queue */
9733 dissect_unknown_smb, /* unknown SMB 0xc4 */
9734 dissect_unknown_smb, /* unknown SMB 0xc5 */
9735 dissect_unknown_smb, /* unknown SMB 0xc6 */
9736 dissect_unknown_smb, /* unknown SMB 0xc7 */
9737 dissect_unknown_smb, /* unknown SMB 0xc8 */
9738 dissect_unknown_smb, /* unknown SMB 0xc9 */
9739 dissect_unknown_smb, /* unknown SMB 0xca */
9740 dissect_unknown_smb, /* unknown SMB 0xcb */
9741 dissect_unknown_smb, /* unknown SMB 0xcc */
9742 dissect_unknown_smb, /* unknown SMB 0xcd */
9743 dissect_unknown_smb, /* unknown SMB 0xce */
9744 dissect_unknown_smb, /* unknown SMB 0xcf */
9745 dissect_unknown_smb, /* SMBsends send a single block message */
9746 dissect_unknown_smb, /* SMBsendb send a broadcast message */
9747 dissect_unknown_smb, /* SMBfwdname forward user name */
9748 dissect_unknown_smb, /* SMBcancelf cancel forward */
9749 dissect_unknown_smb, /* SMBgetmac get a machine name */
9750 dissect_unknown_smb, /* SMBsendstrt send start of multi-block message */
9751 dissect_unknown_smb, /* SMBsendend send end of multi-block message */
9752 dissect_unknown_smb, /* SMBsendtxt send text of multi-block message */
9753 dissect_unknown_smb, /* unknown SMB 0xd8 */
9754 dissect_unknown_smb, /* unknown SMB 0xd9 */
9755 dissect_unknown_smb, /* unknown SMB 0xda */
9756 dissect_unknown_smb, /* unknown SMB 0xdb */
9757 dissect_unknown_smb, /* unknown SMB 0xdc */
9758 dissect_unknown_smb, /* unknown SMB 0xdd */
9759 dissect_unknown_smb, /* unknown SMB 0xde */
9760 dissect_unknown_smb, /* unknown SMB 0xdf */
9761 dissect_unknown_smb, /* unknown SMB 0xe0 */
9762 dissect_unknown_smb, /* unknown SMB 0xe1 */
9763 dissect_unknown_smb, /* unknown SMB 0xe2 */
9764 dissect_unknown_smb, /* unknown SMB 0xe3 */
9765 dissect_unknown_smb, /* unknown SMB 0xe4 */
9766 dissect_unknown_smb, /* unknown SMB 0xe5 */
9767 dissect_unknown_smb, /* unknown SMB 0xe6 */
9768 dissect_unknown_smb, /* unknown SMB 0xe7 */
9769 dissect_unknown_smb, /* unknown SMB 0xe8 */
9770 dissect_unknown_smb, /* unknown SMB 0xe9 */
9771 dissect_unknown_smb, /* unknown SMB 0xea */
9772 dissect_unknown_smb, /* unknown SMB 0xeb */
9773 dissect_unknown_smb, /* unknown SMB 0xec */
9774 dissect_unknown_smb, /* unknown SMB 0xed */
9775 dissect_unknown_smb, /* unknown SMB 0xee */
9776 dissect_unknown_smb, /* unknown SMB 0xef */
9777 dissect_unknown_smb, /* unknown SMB 0xf0 */
9778 dissect_unknown_smb, /* unknown SMB 0xf1 */
9779 dissect_unknown_smb, /* unknown SMB 0xf2 */
9780 dissect_unknown_smb, /* unknown SMB 0xf3 */
9781 dissect_unknown_smb, /* unknown SMB 0xf4 */
9782 dissect_unknown_smb, /* unknown SMB 0xf5 */
9783 dissect_unknown_smb, /* unknown SMB 0xf6 */
9784 dissect_unknown_smb, /* unknown SMB 0xf7 */
9785 dissect_unknown_smb, /* unknown SMB 0xf8 */
9786 dissect_unknown_smb, /* unknown SMB 0xf9 */
9787 dissect_unknown_smb, /* unknown SMB 0xfa */
9788 dissect_unknown_smb, /* unknown SMB 0xfb */
9789 dissect_unknown_smb, /* unknown SMB 0xfc */
9790 dissect_unknown_smb, /* unknown SMB 0xfd */
9791 dissect_unknown_smb, /* SMBinvalid invalid command */
9792 dissect_unknown_smb /* unknown SMB 0xff */
9796 static const value_string errcls_types[] = {
9797 { SMB_SUCCESS, "Success"},
9798 { SMB_ERRDOS, "DOS Error"},
9799 { SMB_ERRSRV, "Server Error"},
9800 { SMB_ERRHRD, "Hardware Error"},
9801 { SMB_ERRCMD, "Command Error - Not an SMB format command"},
9805 char *decode_smb_name(unsigned char cmd)
9808 return(SMB_names[cmd]);
9812 static const value_string DOS_errors[] = {
9813 {SMBE_badfunc, "Invalid function (or system call)"},
9814 {SMBE_badfile, "File not found (pathname error)"},
9815 {SMBE_badpath, "Directory not found"},
9816 {SMBE_nofids, "Too many open files"},
9817 {SMBE_noaccess, "Access denied"},
9818 {SMBE_badfid, "Invalid fid"},
9819 {SMBE_nomem, "Out of memory"},
9820 {SMBE_badmem, "Invalid memory block address"},
9821 {SMBE_badenv, "Invalid environment"},
9822 {SMBE_badaccess, "Invalid open mode"},
9823 {SMBE_baddata, "Invalid data (only from ioctl call)"},
9824 {SMBE_res, "Reserved error code?"},
9825 {SMBE_baddrive, "Invalid drive"},
9826 {SMBE_remcd, "Attempt to delete current directory"},
9827 {SMBE_diffdevice, "Rename/move across different filesystems"},
9828 {SMBE_nofiles, "no more files found in file search"},
9829 {SMBE_badshare, "Share mode on file conflict with open mode"},
9830 {SMBE_lock, "Lock request conflicts with existing lock"},
9831 {SMBE_unsup, "Request unsupported, returned by Win 95"},
9832 {SMBE_filexists, "File in operation already exists"},
9833 {SMBE_cannotopen, "Cannot open the file specified"},
9834 {SMBE_unknownlevel, "Unknown level??"},
9835 {SMBE_badpipe, "Named pipe invalid"},
9836 {SMBE_pipebusy, "All instances of pipe are busy"},
9837 {SMBE_pipeclosing, "Named pipe close in progress"},
9838 {SMBE_notconnected, "No process on other end of named pipe"},
9839 {SMBE_moredata, "More data to be returned"},
9840 {SMBE_baddirectory, "Invalid directory name in a path."},
9841 {SMBE_eas_didnt_fit, "Extended attributes didn't fit"},
9842 {SMBE_eas_nsup, "Extended attributes not supported"},
9843 {SMBE_notify_buf_small, "Buffer too small to return change notify."},
9844 {SMBE_unknownipc, "Unknown IPC Operation"},
9845 {SMBE_noipc, "Don't support ipc"},
9849 /* Error codes for the ERRSRV class */
9851 static const value_string SRV_errors[] = {
9852 {SMBE_error, "Non specific error code"},
9853 {SMBE_badpw, "Bad password"},
9854 {SMBE_badtype, "Reserved"},
9855 {SMBE_access, "No permissions to perform the requested operation"},
9856 {SMBE_invnid, "TID invalid"},
9857 {SMBE_invnetname, "Invalid network name. Service not found"},
9858 {SMBE_invdevice, "Invalid device"},
9859 {SMBE_unknownsmb, "Unknown SMB, from NT 3.5 response"},
9860 {SMBE_qfull, "Print queue full"},
9861 {SMBE_qtoobig, "Queued item too big"},
9862 {SMBE_qeof, "EOF on print queue dump"},
9863 {SMBE_invpfid, "Invalid print file in smb_fid"},
9864 {SMBE_smbcmd, "Unrecognised command"},
9865 {SMBE_srverror, "SMB server internal error"},
9866 {SMBE_filespecs, "Fid and pathname invalid combination"},
9867 {SMBE_badlink, "Bad link in request ???"},
9868 {SMBE_badpermits, "Access specified for a file is not valid"},
9869 {SMBE_badpid, "Bad process id in request"},
9870 {SMBE_setattrmode, "Attribute mode invalid"},
9871 {SMBE_paused, "Message server paused"},
9872 {SMBE_msgoff, "Not receiving messages"},
9873 {SMBE_noroom, "No room for message"},
9874 {SMBE_rmuns, "Too many remote usernames"},
9875 {SMBE_timeout, "Operation timed out"},
9876 {SMBE_noresource, "No resources currently available for request."},
9877 {SMBE_toomanyuids, "Too many userids"},
9878 {SMBE_baduid, "Bad userid"},
9879 {SMBE_useMPX, "Temporarily unable to use raw mode, use MPX mode"},
9880 {SMBE_useSTD, "Temporarily unable to use raw mode, use standard mode"},
9881 {SMBE_contMPX, "Resume MPX mode"},
9882 {SMBE_badPW, "Bad Password???"},
9883 {SMBE_nosupport, "Operation not supported???"},
9887 /* Error codes for the ERRHRD class */
9889 static const value_string HRD_errors[] = {
9890 {SMBE_nowrite, "read only media"},
9891 {SMBE_badunit, "Unknown device"},
9892 {SMBE_notready, "Drive not ready"},
9893 {SMBE_badcmd, "Unknown command"},
9894 {SMBE_data, "Data (CRC) error"},
9895 {SMBE_badreq, "Bad request structure length"},
9896 {SMBE_seek, "Seek error???"},
9897 {SMBE_badmedia, "Bad media???"},
9898 {SMBE_badsector, "Bad sector???"},
9899 {SMBE_nopaper, "No paper in printer???"},
9900 {SMBE_write, "Write error???"},
9901 {SMBE_read, "Read error???"},
9902 {SMBE_general, "General error???"},
9903 {SMBE_badshare, "A open conflicts with an existing open"},
9904 {SMBE_lock, "Lock/unlock error"},
9905 {SMBE_wrongdisk, "Wrong disk???"},
9906 {SMBE_FCBunavail, "FCB unavailable???"},
9907 {SMBE_sharebufexc, "Share buffer excluded???"},
9908 {SMBE_diskfull, "Disk full???"},
9912 char *decode_smb_error(guint8 errcls, guint8 errcode)
9919 return("No Error"); /* No error ??? */
9924 return(val_to_str(errcode, DOS_errors, "Unknown DOS error (%x)"));
9929 return(val_to_str(errcode, SRV_errors, "Unknown SRV error (%x)"));
9934 return(val_to_str(errcode, HRD_errors, "Unknown HRD error (%x)"));
9939 return("Unknown error class!");
9945 #define SMB_FLAGS_DIRN 0x80
9948 dissect_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data)
9950 proto_tree *smb_tree = tree, *flags_tree, *flags2_tree;
9951 proto_item *ti, *tf;
9952 guint8 cmd, errcls, errcode1, flags;
9953 guint16 flags2, errcode, tid, pid, uid, mid;
9954 int SMB_offset = offset;
9959 cmd = pd[offset + SMB_hdr_com_offset];
9961 if (check_col(fd, COL_PROTOCOL))
9962 col_add_str(fd, COL_PROTOCOL, "SMB");
9964 /* Hmmm, poor coding here ... Also, should check the type */
9966 if (check_col(fd, COL_INFO)) {
9968 col_add_fstr(fd, COL_INFO, "%s %s", decode_smb_name(cmd), (pi.match_port == pi.destport)? "Request" : "Response");
9974 ti = proto_tree_add_item(tree, proto_smb, NullTVB, offset, END_OF_FRAME, NULL);
9975 smb_tree = proto_item_add_subtree(ti, ett_smb);
9977 /* 0xFFSMB is actually a 1 byte msg type and 3 byte server
9978 * component ... SMB is only one used
9981 proto_tree_add_text(smb_tree, NullTVB, offset, 1, "Message Type: 0xFF");
9982 proto_tree_add_text(smb_tree, NullTVB, offset+1, 3, "Server Component: SMB");
9986 offset += 4; /* Skip the marker */
9990 proto_tree_add_text(smb_tree, NullTVB, offset, 1, "Command: %s", decode_smb_name(cmd));
9996 /* Next, look at the error class, SMB_RETCLASS */
9998 errcls = pd[offset];
10002 proto_tree_add_text(smb_tree, NullTVB, offset, 1, "Error Class: %s",
10003 val_to_str((guint8)pd[offset], errcls_types, "Unknown Error Class (%x)"));
10008 /* Error code, SMB_HEINFO ... */
10010 errcode1 = pd[offset];
10014 proto_tree_add_text(smb_tree, NullTVB, offset, 1, "Reserved: %i", errcode1);
10020 errcode = GSHORT(pd, offset);
10024 proto_tree_add_text(smb_tree, NullTVB, offset, 2, "Error Code: %s",
10025 decode_smb_error(errcls, errcode));
10031 /* Now for the flags: Bit 0 = 0 means cmd, 0 = 1 means resp */
10033 flags = pd[offset];
10037 tf = proto_tree_add_text(smb_tree, NullTVB, offset, 1, "Flags: 0x%02x", flags);
10039 flags_tree = proto_item_add_subtree(tf, ett_smb_flags);
10040 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10041 decode_boolean_bitfield(flags, 0x01, 8,
10042 "Lock&Read, Write&Unlock supported",
10043 "Lock&Read, Write&Unlock not supported"));
10044 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10045 decode_boolean_bitfield(flags, 0x02, 8,
10046 "Receive buffer posted",
10047 "Receive buffer not posted"));
10048 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10049 decode_boolean_bitfield(flags, 0x08, 8,
10050 "Path names caseless",
10051 "Path names case sensitive"));
10052 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10053 decode_boolean_bitfield(flags, 0x10, 8,
10054 "Pathnames canonicalized",
10055 "Pathnames not canonicalized"));
10056 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10057 decode_boolean_bitfield(flags, 0x20, 8,
10058 "OpLocks requested/granted",
10059 "OpLocks not requested/granted"));
10060 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10061 decode_boolean_bitfield(flags, 0x40, 8,
10063 "Notify open only"));
10065 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10066 decode_boolean_bitfield(flags, SMB_FLAGS_DIRN,
10067 8, "Response to client/redirector", "Request to server"));
10073 flags2 = GSHORT(pd, offset);
10077 tf = proto_tree_add_text(smb_tree, NullTVB, offset, 1, "Flags2: 0x%04x", flags2);
10079 flags2_tree = proto_item_add_subtree(tf, ett_smb_flags2);
10080 proto_tree_add_text(flags2_tree, NullTVB, offset, 1, "%s",
10081 decode_boolean_bitfield(flags2, 0x0001, 16,
10082 "Long file names supported",
10083 "Long file names not supported"));
10084 proto_tree_add_text(flags2_tree, NullTVB, offset, 1, "%s",
10085 decode_boolean_bitfield(flags2, 0x0002, 16,
10086 "Extended attributes supported",
10087 "Extended attributes not supported"));
10088 proto_tree_add_text(flags2_tree, NullTVB, offset, 1, "%s",
10089 decode_boolean_bitfield(flags2, 0x0004, 16,
10090 "Security signatures supported",
10091 "Security signatures not supported"));
10092 proto_tree_add_text(flags2_tree, NullTVB, offset, 1, "%s",
10093 decode_boolean_bitfield(flags2, 0x0800, 16,
10094 "Extended security negotiation supported",
10095 "Extended security negotiation not supported"));
10096 proto_tree_add_text(flags2_tree, NullTVB, offset, 1, "%s",
10097 decode_boolean_bitfield(flags2, 0x1000, 16,
10098 "Resolve pathnames with DFS",
10099 "Don't resolve pathnames with DFS"));
10100 proto_tree_add_text(flags2_tree, NullTVB, offset, 1, "%s",
10101 decode_boolean_bitfield(flags2, 0x2000, 16,
10102 "Permit reads if execute-only",
10103 "Don't permit reads if execute-only"));
10104 proto_tree_add_text(flags2_tree, NullTVB, offset, 1, "%s",
10105 decode_boolean_bitfield(flags2, 0x4000, 16,
10106 "Error codes are NT error codes",
10107 "Error codes are DOS error codes"));
10108 proto_tree_add_text(flags2_tree, NullTVB, offset, 1, "%s",
10109 decode_boolean_bitfield(flags2, 0x8000, 16,
10110 "Strings are Unicode",
10111 "Strings are ASCII"));
10115 if (flags2 & 0x8000) si.unicode = 1; /* Mark them as Unicode */
10121 proto_tree_add_text(smb_tree, NullTVB, offset, 12, "Reserved: 6 WORDS");
10127 /* Now the TID, tree ID */
10129 tid = GSHORT(pd, offset);
10134 proto_tree_add_text(smb_tree, NullTVB, offset, 2, "Network Path/Tree ID (TID): %i (%04x)", tid, tid);
10140 /* Now the PID, Process ID */
10142 pid = GSHORT(pd, offset);
10147 proto_tree_add_text(smb_tree, NullTVB, offset, 2, "Process ID (PID): %i (%04x)", pid, pid);
10153 /* Now the UID, User ID */
10155 uid = GSHORT(pd, offset);
10160 proto_tree_add_text(smb_tree, NullTVB, offset, 2, "User ID (UID): %i (%04x)", uid, uid);
10166 /* Now the MID, Multiplex ID */
10168 mid = GSHORT(pd, offset);
10173 proto_tree_add_text(smb_tree, NullTVB, offset, 2, "Multiplex ID (MID): %i (%04x)", mid, mid);
10179 /* Now vector through the table to dissect them */
10181 (dissect[cmd])(pd, offset, fd, tree, smb_tree, si, max_data, SMB_offset, errcode,
10182 ((flags & 0x80) == 0));
10187 /*** External routines called during the registration process */
10189 extern void register_proto_smb_browse( void);
10190 extern void register_proto_smb_logon( void);
10191 extern void register_proto_smb_mailslot( void);
10192 extern void register_proto_smb_pipe( void);
10193 extern void register_proto_smb_mailslot( void);
10197 proto_register_smb(void)
10199 static gint *ett[] = {
10201 &ett_smb_fileattributes,
10202 &ett_smb_capabilities,
10209 &ett_smb_desiredaccess,
10212 &ett_smb_openfunction,
10215 &ett_smb_writemode,
10216 &ett_smb_lock_type,
10219 proto_smb = proto_register_protocol("Server Message Block Protocol", "smb");
10221 proto_register_subtree_array(ett, array_length(ett));
10222 register_init_routine(&smb_init_protocol);
10224 register_proto_smb_browse();
10225 register_proto_smb_logon( );
10226 register_proto_smb_mailslot();
10227 register_proto_smb_pipe();
git.samba.org / obnox / wireshark / wip.git / blob