2 * Routines for smb packet dissection
3 * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
5 * $Id: packet-smb.c,v 1.68 2000/05/31 05:07:42 guy Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@zing.org>
9 * Copyright 1998 Gerald Combs
11 * Copied from packet-pop.c
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
34 #ifdef HAVE_SYS_TYPES_H
35 # include <sys/types.h>
38 #ifdef HAVE_NETINET_IN_H
39 # include <netinet/in.h>
47 #include "conversation.h"
49 #include "alignment.h"
51 guint32 dissect_mailslot_smb(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info, int, int, int, int, const u_char *, int, int, int, int);
53 guint32 dissect_pipe_smb(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info, int, int, int, int, const u_char *, int, int, int, int);
56 static int proto_smb = -1;
58 static gint ett_smb = -1;
59 static gint ett_smb_fileattributes = -1;
60 static gint ett_smb_capabilities = -1;
61 static gint ett_smb_aflags = -1;
62 static gint ett_smb_dialects = -1;
63 static gint ett_smb_mode = -1;
64 static gint ett_smb_rawmode = -1;
65 static gint ett_smb_flags = -1;
66 static gint ett_smb_flags2 = -1;
67 static gint ett_smb_desiredaccess = -1;
68 static gint ett_smb_search = -1;
69 static gint ett_smb_file = -1;
70 static gint ett_smb_openfunction = -1;
71 static gint ett_smb_filetype = -1;
72 static gint ett_smb_action = -1;
73 static gint ett_smb_writemode = -1;
74 static gint ett_smb_lock_type = -1;
79 * Struct passed to each SMB decode routine of info it may need
82 char *decode_smb_name(unsigned char);
84 int smb_packet_init_count = 200;
86 struct smb_request_key {
92 GHashTable *smb_request_hash = NULL;
93 GMemChunk *smb_request_keys = NULL;
94 GMemChunk *smb_request_vals = NULL;
98 smb_equal(gconstpointer v, gconstpointer w)
100 struct smb_request_key *v1 = (struct smb_request_key *)v;
101 struct smb_request_key *v2 = (struct smb_request_key *)w;
103 #if defined(DEBUG_SMB_HASH)
104 printf("Comparing %08X:%u\n and %08X:%u\n",
105 v1 -> conversation, v1 -> mid,
106 v2 -> conversation, v2 -> mid);
109 if (v1 -> conversation == v2 -> conversation &&
110 v1 -> mid == v2 -> mid) {
120 smb_hash (gconstpointer v)
122 struct smb_request_key *key = (struct smb_request_key *)v;
125 val = key -> conversation + key -> mid;
127 #if defined(DEBUG_SMB_HASH)
128 printf("SMB Hash calculated as %u\n", val);
136 * Free up any state information we've saved, and re-initialize the
137 * tables of state information.
140 smb_init_protocol(void)
142 #if defined(DEBUG_SMB_HASH)
143 printf("Initializing SMB hashtable area\n");
146 if (smb_request_hash)
147 g_hash_table_destroy(smb_request_hash);
148 if (smb_request_keys)
149 g_mem_chunk_destroy(smb_request_keys);
150 if (smb_request_vals)
151 g_mem_chunk_destroy(smb_request_vals);
153 smb_request_hash = g_hash_table_new(smb_hash, smb_equal);
154 smb_request_keys = g_mem_chunk_new("smb_request_keys",
155 sizeof(struct smb_request_key),
156 smb_packet_init_count * sizeof(struct smb_request_key), G_ALLOC_AND_FREE);
157 smb_request_vals = g_mem_chunk_new("smb_request_vals",
158 sizeof(struct smb_request_val),
159 smb_packet_init_count * sizeof(struct smb_request_val), G_ALLOC_AND_FREE);
162 void (*dissect[256])(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info si, int, int, int, int);
164 char *SMB_names[256] = {
165 "SMBcreatedirectory",
166 "SMBdeletedirectory",
214 "SMBcloseandtreedisc",
216 "SMBtrans2secondary",
218 "SMBfindnotifyclose",
326 "SMBnttransactsecondary",
424 dissect_unknown_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
429 proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Data (%u bytes)",
437 * Dissect a UNIX like date ...
440 struct tm *_gtime; /* Add leading underscore ("_") to prevent symbol
441 conflict with /usr/include/time.h on some NetBSD
445 dissect_smbu_date(guint16 date, guint16 time)
448 static char datebuf[4+2+2+2+1];
449 time_t ltime = (date << 16) + time;
451 _gtime = gmtime(<ime);
452 sprintf(datebuf, "%04d-%02d-%02d",
453 1900 + (_gtime -> tm_year), 1 + (_gtime -> tm_mon), _gtime -> tm_mday);
463 dissect_smbu_time(guint16 date, guint16 time)
466 static char timebuf[2+2+2+2+1];
468 sprintf(timebuf, "%02d:%02d:%02d",
469 _gtime -> tm_hour, _gtime -> tm_min, _gtime -> tm_sec);
476 * Dissect a DOS-format date.
479 dissect_dos_date(guint16 date)
481 static char datebuf[4+2+2+1];
483 sprintf(datebuf, "%04d-%02d-%02d",
484 ((date>>9)&0x7F) + 1980, (date>>5)&0x0F, date&0x1F);
489 * Dissect a DOS-format time.
492 dissect_dos_time(guint16 time)
494 static char timebuf[2+2+2+1];
496 sprintf(timebuf, "%02d:%02d:%02d",
497 (time>>11)&0x1F, (time>>5)&0x3F, (time&0x1F)*2);
501 /* Max string length for displaying Unicode strings. */
502 #define MAX_UNICODE_STR_LEN 256
504 /* Turn a little-endian Unicode '\0'-terminated string into a string we
506 XXX - for now, we just handle the ISO 8859-1 characters. */
508 unicode_to_str(const guint8 *us, int *us_lenp) {
509 static gchar str[3][MAX_UNICODE_STR_LEN+3+1];
516 if (cur == &str[0][0]) {
518 } else if (cur == &str[1][0]) {
524 len = MAX_UNICODE_STR_LEN;
526 while (*us != 0 || *(us + 1) != 0) {
536 /* Note that we're not showing the full string. */
547 * Each dissect routine is passed an offset to wct and works from there
551 dissect_flush_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
558 if (dirn == 1) { /* Request(s) dissect code */
560 /* Build display for: Word Count (WCT) */
562 WordCount = GBYTE(pd, offset);
566 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
570 offset += 1; /* Skip Word Count (WCT) */
572 /* Build display for: FID */
574 FID = GSHORT(pd, offset);
578 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
582 offset += 2; /* Skip FID */
584 /* Build display for: Byte Count */
586 ByteCount = GSHORT(pd, offset);
590 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
594 offset += 2; /* Skip Byte Count */
598 if (dirn == 0) { /* Response(s) dissect code */
600 /* Build display for: Word Count (WCT) */
602 WordCount = GBYTE(pd, offset);
606 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
610 offset += 1; /* Skip Word Count (WCT) */
612 /* Build display for: Byte Count (BCC) */
614 ByteCount = GSHORT(pd, offset);
618 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
622 offset += 2; /* Skip Byte Count (BCC) */
629 dissect_get_disk_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
637 guint16 BlocksPerUnit;
640 if (dirn == 1) { /* Request(s) dissect code */
642 /* Build display for: Word Count (WCT) */
644 WordCount = GBYTE(pd, offset);
648 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
652 offset += 1; /* Skip Word Count (WCT) */
654 /* Build display for: Byte Count (BCC) */
656 ByteCount = GSHORT(pd, offset);
660 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
664 offset += 2; /* Skip Byte Count (BCC) */
668 if (dirn == 0) { /* Response(s) dissect code */
670 /* Build display for: Word Count (WCT) */
672 WordCount = GBYTE(pd, offset);
676 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
680 offset += 1; /* Skip Word Count (WCT) */
684 /* Build display for: Total Units */
686 TotalUnits = GSHORT(pd, offset);
690 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Units: %u", TotalUnits);
694 offset += 2; /* Skip Total Units */
696 /* Build display for: Blocks Per Unit */
698 BlocksPerUnit = GSHORT(pd, offset);
702 proto_tree_add_text(tree, NullTVB, offset, 2, "Blocks Per Unit: %u", BlocksPerUnit);
706 offset += 2; /* Skip Blocks Per Unit */
708 /* Build display for: Block Size */
710 BlockSize = GSHORT(pd, offset);
714 proto_tree_add_text(tree, NullTVB, offset, 2, "Block Size: %u", BlockSize);
718 offset += 2; /* Skip Block Size */
720 /* Build display for: Free Units */
722 FreeUnits = GSHORT(pd, offset);
726 proto_tree_add_text(tree, NullTVB, offset, 2, "Free Units: %u", FreeUnits);
730 offset += 2; /* Skip Free Units */
732 /* Build display for: Reserved */
734 Reserved = GSHORT(pd, offset);
738 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
742 offset += 2; /* Skip Reserved */
746 /* Build display for: Byte Count (BCC) */
748 ByteCount = GSHORT(pd, offset);
752 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
756 offset += 2; /* Skip Byte Count (BCC) */
763 dissect_set_file_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
766 proto_tree *Attributes_tree;
776 guint16 LastWriteTime;
777 guint16 LastWriteDate;
779 const char *FileName;
781 if (dirn == 1) { /* Request(s) dissect code */
783 /* Build display for: Word Count (WCT) */
785 WordCount = GBYTE(pd, offset);
789 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
793 offset += 1; /* Skip Word Count (WCT) */
797 /* Build display for: Attributes */
799 Attributes = GSHORT(pd, offset);
803 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Attributes: 0x%02x", Attributes);
804 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
805 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
806 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
807 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
808 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
809 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
810 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
811 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
812 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
813 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
814 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
815 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
816 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
820 offset += 2; /* Skip Attributes */
822 /* Build display for: Last Write Time */
824 LastWriteTime = GSHORT(pd, offset);
828 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_dos_time(LastWriteTime));
832 offset += 2; /* Skip Last Write Time */
834 /* Build display for: Last Write Date */
836 LastWriteDate = GSHORT(pd, offset);
840 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_dos_date(LastWriteDate));
844 offset += 2; /* Skip Last Write Date */
846 /* Build display for: Reserved 1 */
848 Reserved1 = GSHORT(pd, offset);
852 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
856 offset += 2; /* Skip Reserved 1 */
858 /* Build display for: Reserved 2 */
860 Reserved2 = GSHORT(pd, offset);
864 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 2: %u", Reserved2);
868 offset += 2; /* Skip Reserved 2 */
870 /* Build display for: Reserved 3 */
872 Reserved3 = GSHORT(pd, offset);
876 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 3: %u", Reserved3);
880 offset += 2; /* Skip Reserved 3 */
882 /* Build display for: Reserved 4 */
884 Reserved4 = GSHORT(pd, offset);
888 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 4: %u", Reserved4);
892 offset += 2; /* Skip Reserved 4 */
894 /* Build display for: Reserved 5 */
896 Reserved5 = GSHORT(pd, offset);
900 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 5: %u", Reserved5);
904 offset += 2; /* Skip Reserved 5 */
908 /* Build display for: Byte Count (BCC) */
910 ByteCount = GSHORT(pd, offset);
914 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
918 offset += 2; /* Skip Byte Count (BCC) */
920 /* Build display for: Buffer Format */
922 BufferFormat = GBYTE(pd, offset);
926 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
930 offset += 1; /* Skip Buffer Format */
932 /* Build display for: File Name */
934 FileName = pd + offset;
938 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
942 offset += strlen(FileName) + 1; /* Skip File Name */
946 if (dirn == 0) { /* Response(s) dissect code */
948 /* Build display for: Word Count (WCT) */
950 WordCount = GBYTE(pd, offset);
954 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
958 offset += 1; /* Skip Word Count (WCT) */
960 /* Build display for: Byte Count (BCC) */
962 ByteCount = GBYTE(pd, offset);
966 proto_tree_add_text(tree, NullTVB, offset, 1, "Byte Count (BCC): %u", ByteCount);
970 offset += 1; /* Skip Byte Count (BCC) */
977 dissect_write_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
989 if (dirn == 1) { /* Request(s) dissect code */
991 /* Build display for: Word Count (WCT) */
993 WordCount = GBYTE(pd, offset);
997 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1001 offset += 1; /* Skip Word Count (WCT) */
1003 /* Build display for: FID */
1005 FID = GSHORT(pd, offset);
1009 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
1013 offset += 2; /* Skip FID */
1015 /* Build display for: Count */
1017 Count = GSHORT(pd, offset);
1021 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
1025 offset += 2; /* Skip Count */
1027 /* Build display for: Offset */
1029 Offset = GWORD(pd, offset);
1033 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
1037 offset += 4; /* Skip Offset */
1039 /* Build display for: Remaining */
1041 Remaining = GSHORT(pd, offset);
1045 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
1049 offset += 2; /* Skip Remaining */
1051 /* Build display for: Byte Count (BCC) */
1053 ByteCount = GSHORT(pd, offset);
1057 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1061 offset += 2; /* Skip Byte Count (BCC) */
1063 /* Build display for: Buffer Format */
1065 BufferFormat = GBYTE(pd, offset);
1069 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
1073 offset += 1; /* Skip Buffer Format */
1075 /* Build display for: Data Length */
1077 DataLength = GSHORT(pd, offset);
1081 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
1085 offset += 2; /* Skip Data Length */
1087 if (ByteCount > 0 && tree) {
1089 if(END_OF_FRAME >= ByteCount)
1090 proto_tree_add_text(tree, NullTVB, offset, ByteCount, "Data (%u bytes)", ByteCount);
1092 proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Data (first %u bytes)", END_OF_FRAME);
1098 if (dirn == 0) { /* Response(s) dissect code */
1100 /* Build display for: Word Count (WCT) */
1102 WordCount = GBYTE(pd, offset);
1106 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1110 offset += 1; /* Skip Word Count (WCT) */
1112 /* Build display for: Count */
1114 Count = GSHORT(pd, offset);
1118 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
1122 offset += 2; /* Skip Count */
1124 /* Build display for: Byte Count (BCC) */
1126 ByteCount = GSHORT(pd, offset);
1130 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1134 offset += 2; /* Skip Byte Count (BCC) */
1141 dissect_read_mpx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *arent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1155 guint16 DataCompactionMode;
1159 if (dirn == 1) { /* Request(s) dissect code */
1161 /* Build display for: Word Count (WCT) */
1163 WordCount = GBYTE(pd, offset);
1167 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1171 offset += 1; /* Skip Word Count (WCT) */
1173 /* Build display for: FID */
1175 FID = GSHORT(pd, offset);
1179 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
1183 offset += 2; /* Skip FID */
1185 /* Build display for: Offset */
1187 Offset = GWORD(pd, offset);
1191 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
1195 offset += 4; /* Skip Offset */
1197 /* Build display for: Max Count */
1199 MaxCount = GSHORT(pd, offset);
1203 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
1207 offset += 2; /* Skip Max Count */
1209 /* Build display for: Min Count */
1211 MinCount = GSHORT(pd, offset);
1215 proto_tree_add_text(tree, NullTVB, offset, 2, "Min Count: %u", MinCount);
1219 offset += 2; /* Skip Min Count */
1221 /* Build display for: Reserved 1 */
1223 Reserved1 = GWORD(pd, offset);
1227 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved 1: %u", Reserved1);
1231 offset += 4; /* Skip Reserved 1 */
1233 /* Build display for: Reserved 2 */
1235 Reserved2 = GSHORT(pd, offset);
1239 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 2: %u", Reserved2);
1243 offset += 2; /* Skip Reserved 2 */
1245 /* Build display for: Byte Count (BCC) */
1247 ByteCount = GSHORT(pd, offset);
1251 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1255 offset += 2; /* Skip Byte Count (BCC) */
1259 if (dirn == 0) { /* Response(s) dissect code */
1261 /* Build display for: Word Count */
1263 WordCount = GBYTE(pd, offset);
1267 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count: %u", WordCount);
1271 offset += 1; /* Skip Word Count */
1273 if (WordCount > 0) {
1275 /* Build display for: Offset */
1277 Offset = GWORD(pd, offset);
1281 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
1285 offset += 4; /* Skip Offset */
1287 /* Build display for: Count */
1289 Count = GSHORT(pd, offset);
1293 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
1297 offset += 2; /* Skip Count */
1299 /* Build display for: Reserved */
1301 Reserved = GSHORT(pd, offset);
1305 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
1309 offset += 2; /* Skip Reserved */
1311 /* Build display for: Data Compaction Mode */
1313 DataCompactionMode = GSHORT(pd, offset);
1317 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Compaction Mode: %u", DataCompactionMode);
1321 offset += 2; /* Skip Data Compaction Mode */
1323 /* Build display for: Reserved */
1325 Reserved = GSHORT(pd, offset);
1329 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
1333 offset += 2; /* Skip Reserved */
1335 /* Build display for: Data Length */
1337 DataLength = GSHORT(pd, offset);
1341 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
1345 offset += 2; /* Skip Data Length */
1347 /* Build display for: Data Offset */
1349 DataOffset = GSHORT(pd, offset);
1353 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
1357 offset += 2; /* Skip Data Offset */
1361 /* Build display for: Byte Count (BCC) */
1363 ByteCount = GSHORT(pd, offset);
1367 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1371 offset += 2; /* Skip Byte Count (BCC) */
1373 /* Build display for: Pad */
1375 Pad = GBYTE(pd, offset);
1379 proto_tree_add_text(tree, NullTVB, offset, 1, "Pad: %u", Pad);
1383 offset += 1; /* Skip Pad */
1390 dissect_delete_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *paernt, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1394 guint8 BufferFormat;
1395 guint16 SearchAttributes;
1397 const char *FileName;
1399 if (dirn == 1) { /* Request(s) dissect code */
1401 /* Build display for: Word Count (WCT) */
1403 WordCount = GBYTE(pd, offset);
1407 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1411 offset += 1; /* Skip Word Count (WCT) */
1413 /* Build display for: SearchAttributes */
1415 SearchAttributes = GSHORT(pd, offset);
1419 proto_tree_add_text(tree, NullTVB, offset, 2, "Search Attributes: %u", SearchAttributes);
1422 offset += 2; /* Skip SearchAttributes */
1424 /* Build display for: Byte Count (BCC) */
1426 ByteCount = GSHORT(pd, offset);
1430 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1434 offset += 2; /* Skip Byte Count (BCC) */
1436 /* Build display for: Buffer Format */
1438 BufferFormat = GBYTE(pd, offset);
1442 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
1446 offset += 1; /* Skip Buffer Format */
1448 /* Build display for: File Name */
1450 FileName = pd + offset;
1454 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
1458 offset += strlen(FileName) + 1; /* Skip File Name */
1462 if (dirn == 0) { /* Response(s) dissect code */
1464 /* Build display for: Word Count (WCT) */
1466 WordCount = GBYTE(pd, offset);
1470 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1474 offset += 1; /* Skip Word Count (WCT) */
1476 /* Build display for: Byte Count (BCC) */
1478 ByteCount = GSHORT(pd, offset);
1482 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1486 offset += 2; /* Skip Byte Count (BCC) */
1493 dissect_query_info2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1496 proto_tree *Attributes_tree;
1499 guint32 FileDataSize;
1500 guint32 FileAllocationSize;
1501 guint16 LastWriteTime;
1502 guint16 LastWriteDate;
1503 guint16 LastAccessTime;
1504 guint16 LastAccessDate;
1506 guint16 CreationTime;
1507 guint16 CreationDate;
1511 if (dirn == 1) { /* Request(s) dissect code */
1513 /* Build display for: Word Count (WCT) */
1515 WordCount = GBYTE(pd, offset);
1519 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1523 offset += 1; /* Skip Word Count (WCT) */
1525 /* Build display for: FID */
1527 FID = GSHORT(pd, offset);
1531 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
1535 offset += 2; /* Skip FID */
1537 /* Build display for: Byte Count */
1539 ByteCount = GSHORT(pd, offset);
1543 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
1547 offset += 2; /* Skip Byte Count */
1551 if (dirn == 0) { /* Response(s) dissect code */
1553 /* Build display for: Word Count (WCT) */
1555 WordCount = GBYTE(pd, offset);
1559 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1563 offset += 1; /* Skip Word Count (WCT) */
1565 if (WordCount > 0) {
1567 /* Build display for: Creation Date */
1569 CreationDate = GSHORT(pd, offset);
1573 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Date: %s", dissect_dos_date(CreationDate));
1577 offset += 2; /* Skip Creation Date */
1579 /* Build display for: Creation Time */
1581 CreationTime = GSHORT(pd, offset);
1585 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Time: %s", dissect_dos_time(CreationTime));
1589 offset += 2; /* Skip Creation Time */
1591 /* Build display for: Last Access Date */
1593 LastAccessDate = GSHORT(pd, offset);
1597 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Access Date: %s", dissect_dos_date(LastAccessDate));
1601 offset += 2; /* Skip Last Access Date */
1603 /* Build display for: Last Access Time */
1605 LastAccessTime = GSHORT(pd, offset);
1609 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Access Time: %s", dissect_dos_time(LastAccessTime));
1613 offset += 2; /* Skip Last Access Time */
1615 /* Build display for: Last Write Date */
1617 LastWriteDate = GSHORT(pd, offset);
1621 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_dos_date(LastWriteDate));
1625 offset += 2; /* Skip Last Write Date */
1627 /* Build display for: Last Write Time */
1629 LastWriteTime = GSHORT(pd, offset);
1633 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_dos_time(LastWriteTime));
1637 offset += 2; /* Skip Last Write Time */
1639 /* Build display for: File Data Size */
1641 FileDataSize = GWORD(pd, offset);
1645 proto_tree_add_text(tree, NullTVB, offset, 4, "File Data Size: %u", FileDataSize);
1649 offset += 4; /* Skip File Data Size */
1651 /* Build display for: File Allocation Size */
1653 FileAllocationSize = GWORD(pd, offset);
1657 proto_tree_add_text(tree, NullTVB, offset, 4, "File Allocation Size: %u", FileAllocationSize);
1661 offset += 4; /* Skip File Allocation Size */
1663 /* Build display for: Attributes */
1665 Attributes = GSHORT(pd, offset);
1669 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Attributes: 0x%02x", Attributes);
1670 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
1671 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1672 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
1673 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1674 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
1675 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1676 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
1677 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1678 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
1679 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1680 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
1681 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1682 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
1686 offset += 2; /* Skip Attributes */
1690 /* Build display for: Byte Count */
1692 ByteCount = GSHORT(pd, offset);
1696 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
1700 offset += 2; /* Skip Byte Count */
1707 dissect_treecon_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1711 guint8 BufferFormat3;
1712 guint8 BufferFormat2;
1713 guint8 BufferFormat1;
1715 guint16 MaxBufferSize;
1717 const char *SharePath;
1718 const char *Service;
1719 const char *Password;
1721 if (dirn == 1) { /* Request(s) dissect code */
1723 /* Build display for: Word Count (WCT) */
1725 WordCount = GBYTE(pd, offset);
1729 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1733 offset += 1; /* Skip Word Count (WCT) */
1735 /* Build display for: Byte Count (BCC) */
1737 ByteCount = GSHORT(pd, offset);
1741 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1745 offset += 2; /* Skip Byte Count (BCC) */
1747 /* Build display for: BufferFormat1 */
1749 BufferFormat1 = GBYTE(pd, offset);
1753 proto_tree_add_text(tree, NullTVB, offset, 1, "BufferFormat1: %u", BufferFormat1);
1757 offset += 1; /* Skip BufferFormat1 */
1759 /* Build display for: Share Path */
1761 SharePath = pd + offset;
1765 proto_tree_add_text(tree, NullTVB, offset, strlen(SharePath) + 1, "Share Path: %s", SharePath);
1769 offset += strlen(SharePath) + 1; /* Skip Share Path */
1771 /* Build display for: BufferFormat2 */
1773 BufferFormat2 = GBYTE(pd, offset);
1777 proto_tree_add_text(tree, NullTVB, offset, 1, "BufferFormat2: %u", BufferFormat2);
1781 offset += 1; /* Skip BufferFormat2 */
1783 /* Build display for: Password */
1785 Password = pd + offset;
1789 proto_tree_add_text(tree, NullTVB, offset, strlen(Password) + 1, "Password: %s", Password);
1793 offset += strlen(Password) + 1; /* Skip Password */
1795 /* Build display for: BufferFormat3 */
1797 BufferFormat3 = GBYTE(pd, offset);
1801 proto_tree_add_text(tree, NullTVB, offset, 1, "BufferFormat3: %u", BufferFormat3);
1805 offset += 1; /* Skip BufferFormat3 */
1807 /* Build display for: Service */
1809 Service = pd + offset;
1813 proto_tree_add_text(tree, NullTVB, offset, strlen(Service) + 1, "Service: %s", Service);
1817 offset += strlen(Service) + 1; /* Skip Service */
1821 if (dirn == 0) { /* Response(s) dissect code */
1823 /* Build display for: Word Count (WCT) */
1825 WordCount = GBYTE(pd, offset);
1829 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1833 if (errcode != 0) return;
1835 offset += 1; /* Skip Word Count (WCT) */
1837 /* Build display for: Max Buffer Size */
1839 MaxBufferSize = GSHORT(pd, offset);
1843 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Buffer Size: %u", MaxBufferSize);
1847 offset += 2; /* Skip Max Buffer Size */
1849 /* Build display for: TID */
1851 TID = GSHORT(pd, offset);
1855 proto_tree_add_text(tree, NullTVB, offset, 2, "TID: %u", TID);
1859 offset += 2; /* Skip TID */
1861 /* Build display for: Byte Count (BCC) */
1863 ByteCount = GSHORT(pd, offset);
1867 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1871 offset += 2; /* Skip Byte Count (BCC) */
1877 /* Generated by build-dissect.pl Vesion 0.6 27-Jun-1999, ACT */
1879 dissect_ssetup_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1882 proto_tree *Capabilities_tree;
1885 guint8 AndXReserved;
1886 guint8 AndXCommand = 0xFF;
1889 guint32 Capabilities;
1891 guint16 UNICODEAccountPasswordLength;
1892 guint16 PasswordLen;
1893 guint16 MaxMpxCount;
1894 guint16 MaxBufferSize;
1896 guint16 AndXOffset = 0;
1898 guint16 ANSIAccountPasswordLength;
1899 const char *UNICODEPassword;
1900 const char *Password;
1901 const char *PrimaryDomain;
1902 const char *NativeOS;
1903 const char *NativeLanManType;
1904 const char *NativeLanMan;
1905 const char *AccountName;
1906 const char *ANSIPassword;
1908 if (dirn == 1) { /* Request(s) dissect code */
1910 WordCount = GBYTE(pd, offset);
1912 switch (WordCount) {
1916 /* Build display for: Word Count (WCT) */
1918 WordCount = GBYTE(pd, offset);
1922 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1926 offset += 1; /* Skip Word Count (WCT) */
1928 /* Build display for: AndXCommand */
1930 AndXCommand = GBYTE(pd, offset);
1934 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
1935 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
1939 offset += 1; /* Skip AndXCommand */
1941 /* Build display for: AndXReserved */
1943 AndXReserved = GBYTE(pd, offset);
1947 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
1951 offset += 1; /* Skip AndXReserved */
1953 /* Build display for: AndXOffset */
1955 AndXOffset = GSHORT(pd, offset);
1959 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
1963 offset += 2; /* Skip AndXOffset */
1965 /* Build display for: MaxBufferSize */
1967 MaxBufferSize = GSHORT(pd, offset);
1971 proto_tree_add_text(tree, NullTVB, offset, 2, "MaxBufferSize: %u", MaxBufferSize);
1975 offset += 2; /* Skip MaxBufferSize */
1977 /* Build display for: MaxMpxCount */
1979 MaxMpxCount = GSHORT(pd, offset);
1983 proto_tree_add_text(tree, NullTVB, offset, 2, "MaxMpxCount: %u", MaxMpxCount);
1987 offset += 2; /* Skip MaxMpxCount */
1989 /* Build display for: VcNumber */
1991 VcNumber = GSHORT(pd, offset);
1995 proto_tree_add_text(tree, NullTVB, offset, 2, "VcNumber: %u", VcNumber);
1999 offset += 2; /* Skip VcNumber */
2001 /* Build display for: SessionKey */
2003 SessionKey = GWORD(pd, offset);
2007 proto_tree_add_text(tree, NullTVB, offset, 4, "SessionKey: %u", SessionKey);
2011 offset += 4; /* Skip SessionKey */
2013 /* Build display for: PasswordLen */
2015 PasswordLen = GSHORT(pd, offset);
2019 proto_tree_add_text(tree, NullTVB, offset, 2, "PasswordLen: %u", PasswordLen);
2023 offset += 2; /* Skip PasswordLen */
2025 /* Build display for: Reserved */
2027 Reserved = GWORD(pd, offset);
2031 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved: %u", Reserved);
2035 offset += 4; /* Skip Reserved */
2037 /* Build display for: Byte Count (BCC) */
2039 ByteCount = GSHORT(pd, offset);
2043 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
2047 offset += 2; /* Skip Byte Count (BCC) */
2049 if (ByteCount > 0) {
2051 /* Build displat for: Password */
2053 Password = pd + offset;
2057 proto_tree_add_text(tree, NullTVB, offset, strlen(Password) + 1, "Password: %s", Password);
2061 offset += PasswordLen;
2063 /* Build display for: AccountName */
2065 AccountName = pd + offset;
2069 proto_tree_add_text(tree, NullTVB, offset, strlen(AccountName) + 1, "AccountName: %s", AccountName);
2073 offset += strlen(AccountName) + 1; /* Skip AccountName */
2075 /* Build display for: PrimaryDomain */
2077 PrimaryDomain = pd + offset;
2081 proto_tree_add_text(tree, NullTVB, offset, strlen(PrimaryDomain) + 1, "PrimaryDomain: %s", PrimaryDomain);
2085 offset += strlen(PrimaryDomain) + 1; /* Skip PrimaryDomain */
2087 /* Build display for: NativeOS */
2089 NativeOS = pd + offset;
2093 proto_tree_add_text(tree, NullTVB, offset, strlen(NativeOS) + 1, "Native OS: %s", NativeOS);
2097 offset += strlen(NativeOS) + 1; /* Skip NativeOS */
2099 /* Build display for: NativeLanMan */
2101 NativeLanMan = pd + offset;
2105 proto_tree_add_text(tree, NullTVB, offset, strlen(NativeLanMan) + 1, "Native Lan Manager: %s", NativeLanMan);
2109 offset += strlen(NativeLanMan) + 1; /* Skip NativeLanMan */
2117 /* Build display for: Word Count (WCT) */
2119 WordCount = GBYTE(pd, offset);
2123 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
2127 offset += 1; /* Skip Word Count (WCT) */
2129 /* Build display for: AndXCommand */
2131 AndXCommand = GBYTE(pd, offset);
2135 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
2136 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
2140 offset += 1; /* Skip AndXCommand */
2142 /* Build display for: AndXReserved */
2144 AndXReserved = GBYTE(pd, offset);
2148 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
2152 offset += 1; /* Skip AndXReserved */
2154 /* Build display for: AndXOffset */
2156 AndXOffset = GSHORT(pd, offset);
2160 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
2164 offset += 2; /* Skip AndXOffset */
2166 /* Build display for: MaxBufferSize */
2168 MaxBufferSize = GSHORT(pd, offset);
2172 proto_tree_add_text(tree, NullTVB, offset, 2, "MaxBufferSize: %u", MaxBufferSize);
2176 offset += 2; /* Skip MaxBufferSize */
2178 /* Build display for: MaxMpxCount */
2180 MaxMpxCount = GSHORT(pd, offset);
2184 proto_tree_add_text(tree, NullTVB, offset, 2, "MaxMpxCount: %u", MaxMpxCount);
2188 offset += 2; /* Skip MaxMpxCount */
2190 /* Build display for: VcNumber */
2192 VcNumber = GSHORT(pd, offset);
2196 proto_tree_add_text(tree, NullTVB, offset, 2, "VcNumber: %u", VcNumber);
2200 offset += 2; /* Skip VcNumber */
2202 /* Build display for: SessionKey */
2204 SessionKey = GWORD(pd, offset);
2208 proto_tree_add_text(tree, NullTVB, offset, 4, "SessionKey: %u", SessionKey);
2212 offset += 4; /* Skip SessionKey */
2214 /* Build display for: ANSI Account Password Length */
2216 ANSIAccountPasswordLength = GSHORT(pd, offset);
2220 proto_tree_add_text(tree, NullTVB, offset, 2, "ANSI Account Password Length: %u", ANSIAccountPasswordLength);
2224 offset += 2; /* Skip ANSI Account Password Length */
2226 /* Build display for: UNICODE Account Password Length */
2228 UNICODEAccountPasswordLength = GSHORT(pd, offset);
2232 proto_tree_add_text(tree, NullTVB, offset, 2, "UNICODE Account Password Length: %u", UNICODEAccountPasswordLength);
2236 offset += 2; /* Skip UNICODE Account Password Length */
2238 /* Build display for: Reserved */
2240 Reserved = GWORD(pd, offset);
2244 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved: %u", Reserved);
2248 offset += 4; /* Skip Reserved */
2250 /* Build display for: Capabilities */
2252 Capabilities = GWORD(pd, offset);
2256 ti = proto_tree_add_text(tree, NullTVB, offset, 4, "Capabilities: 0x%04x", Capabilities);
2257 Capabilities_tree = proto_item_add_subtree(ti, ett_smb_capabilities);
2258 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2259 decode_boolean_bitfield(Capabilities, 0x0001, 32, " Raw Mode supported", " Raw Mode not supported"));
2260 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2261 decode_boolean_bitfield(Capabilities, 0x0002, 32, " Raw Mode supported", " MPX Mode not supported"));
2262 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2263 decode_boolean_bitfield(Capabilities, 0x0004, 32," Unicode supported", " Unicode not supported"));
2264 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2265 decode_boolean_bitfield(Capabilities, 0x0008, 32, " Large Files supported", " Large Files not supported"));
2266 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2267 decode_boolean_bitfield(Capabilities, 0x0010, 32, " NT LM 0.12 SMBs supported", " NT LM 0.12 SMBs not supported"));
2268 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2269 decode_boolean_bitfield(Capabilities, 0x0020, 32, " RPC Remote APIs supported", " RPC Remote APIs not supported"));
2270 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2271 decode_boolean_bitfield(Capabilities, 0x0040, 32, " NT Status Codes supported", " NT Status Codes not supported"));
2272 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2273 decode_boolean_bitfield(Capabilities, 0x0080, 32, " Level 2 OpLocks supported", " Level 2 OpLocks not supported"));
2274 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2275 decode_boolean_bitfield(Capabilities, 0x0100, 32, " Lock&Read supported", " Lock&Read not supported"));
2276 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2277 decode_boolean_bitfield(Capabilities, 0x0200, 32, " NT Find supported", " NT Find not supported"));
2278 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2279 decode_boolean_bitfield(Capabilities, 0x1000, 32, " DFS supported", " DFS not supported"));
2280 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2281 decode_boolean_bitfield(Capabilities, 0x4000, 32, " Large READX supported", " Large READX not supported"));
2282 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2283 decode_boolean_bitfield(Capabilities, 0x8000, 32, " Large WRITEX supported", " Large WRITEX not supported"));
2284 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2285 decode_boolean_bitfield(Capabilities, 0x80000000, 32, " Extended Security Exchanges supported", " Extended Security Exchanges not supported"));
2289 offset += 4; /* Skip Capabilities */
2291 /* Build display for: Byte Count */
2293 ByteCount = GSHORT(pd, offset);
2297 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
2301 offset += 2; /* Skip Byte Count */
2303 if (ByteCount > 0) {
2305 /* Build display for: ANSI Password */
2307 ANSIPassword = pd + offset;
2309 if (ANSIAccountPasswordLength > 0) {
2313 proto_tree_add_text(tree, NullTVB, offset, ANSIAccountPasswordLength, "ANSI Password: %s", format_text(ANSIPassword, ANSIAccountPasswordLength));
2317 offset += ANSIAccountPasswordLength; /* Skip ANSI Password */
2320 /* Build display for: UNICODE Password */
2322 UNICODEPassword = pd + offset;
2324 if (UNICODEAccountPasswordLength > 0) {
2328 proto_tree_add_text(tree, NullTVB, offset, UNICODEAccountPasswordLength, "UNICODE Password: %s", format_text(UNICODEPassword, UNICODEAccountPasswordLength));
2332 offset += UNICODEAccountPasswordLength; /* Skip UNICODE Password */
2336 /* Build display for: Account Name */
2338 AccountName = pd + offset;
2342 proto_tree_add_text(tree, NullTVB, offset, strlen(AccountName) + 1, "Account Name: %s", AccountName);
2346 offset += strlen(AccountName) + 1; /* Skip Account Name */
2348 /* Build display for: Primary Domain */
2350 PrimaryDomain = pd + offset;
2354 proto_tree_add_text(tree, NullTVB, offset, strlen(PrimaryDomain) + 1, "Primary Domain: %s", PrimaryDomain);
2358 offset += strlen(PrimaryDomain) + 1; /* Skip Primary Domain */
2360 /* Build display for: Native OS */
2362 NativeOS = pd + offset;
2366 proto_tree_add_text(tree, NullTVB, offset, strlen(NativeOS) + 1, "Native OS: %s", NativeOS);
2370 offset += strlen(NativeOS) + 1; /* Skip Native OS */
2372 /* Build display for: Native LanMan Type */
2374 NativeLanManType = pd + offset;
2378 proto_tree_add_text(tree, NullTVB, offset, strlen(NativeLanManType) + 1, "Native LanMan Type: %s", NativeLanManType);
2382 offset += strlen(NativeLanManType) + 1; /* Skip Native LanMan Type */
2391 if (AndXCommand != 0xFF) {
2393 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
2399 if (dirn == 0) { /* Response(s) dissect code */
2401 /* Build display for: Word Count (WCT) */
2403 WordCount = GBYTE(pd, offset);
2407 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
2411 offset += 1; /* Skip Word Count (WCT) */
2413 if (WordCount > 0) {
2415 /* Build display for: AndXCommand */
2417 AndXCommand = GBYTE(pd, offset);
2421 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
2422 (AndXCommand == 0xFF ? "No futher commands" : decode_smb_name(AndXCommand)));
2426 offset += 1; /* Skip AndXCommand */
2428 /* Build display for: AndXReserved */
2430 AndXReserved = GBYTE(pd, offset);
2434 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
2438 offset += 1; /* Skip AndXReserved */
2440 /* Build display for: AndXOffset */
2442 AndXOffset = GSHORT(pd, offset);
2446 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
2451 offset += 2; /* Skip AndXOffset */
2453 /* Build display for: Action */
2455 Action = GSHORT(pd, offset);
2459 proto_tree_add_text(tree, NullTVB, offset, 2, "Action: %u", Action);
2463 offset += 2; /* Skip Action */
2467 /* Build display for: Byte Count (BCC) */
2469 ByteCount = GSHORT(pd, offset);
2473 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
2477 if (errcode != 0 && WordCount == 0xFF) return; /* No more here ... */
2479 offset += 2; /* Skip Byte Count (BCC) */
2481 if (ByteCount > 0) {
2483 /* Build display for: NativeOS */
2485 NativeOS = pd + offset;
2489 proto_tree_add_text(tree, NullTVB, offset, strlen(NativeOS) + 1, "NativeOS: %s", NativeOS);
2493 offset += strlen(NativeOS) + 1; /* Skip NativeOS */
2495 /* Build display for: NativeLanMan */
2497 NativeLanMan = pd + offset;
2501 proto_tree_add_text(tree, NullTVB, offset, strlen(NativeLanMan) + 1, "NativeLanMan: %s", NativeLanMan);
2505 offset += strlen(NativeLanMan) + 1; /* Skip NativeLanMan */
2507 /* Build display for: PrimaryDomain */
2509 PrimaryDomain = pd + offset;
2513 proto_tree_add_text(tree, NullTVB, offset, strlen(PrimaryDomain) + 1, "PrimaryDomain: %s", PrimaryDomain);
2517 offset += strlen(PrimaryDomain) + 1; /* Skip PrimaryDomain */
2521 if (AndXCommand != 0xFF) {
2523 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
2532 dissect_tcon_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
2535 guint8 wct, andxcmd = 0xFF;
2536 guint16 andxoffs = 0, flags, passwdlen, bcc, optionsup;
2538 proto_tree *flags_tree;
2543 /* Now figure out what format we are talking about, 2, 3, or 4 response
2547 if (!((dirn == 1) && (wct == 4)) && !((dirn == 0) && (wct == 2)) &&
2548 !((dirn == 0) && (wct == 3)) && !(wct == 0)) {
2552 proto_tree_add_text(tree, NullTVB, offset, 1, "Invalid TCON_ANDX format. WCT should be 0, 2, 3, or 4 ..., not %u", wct);
2554 proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Data");
2564 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", wct);
2572 andxcmd = pd[offset];
2576 proto_tree_add_text(tree, NullTVB, offset, 1, "Next Command: %s",
2577 (andxcmd == 0xFF) ? "No further commands":
2578 decode_smb_name(andxcmd));
2580 proto_tree_add_text(tree, NullTVB, offset + 1, 1, "Reserved (MBZ): %u", pd[offset+1]);
2586 andxoffs = GSHORT(pd, offset);
2590 proto_tree_add_text(tree, NullTVB, offset, 2, "Offset to next command: %u", andxoffs);
2602 bcc = GSHORT(pd, offset);
2606 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
2614 flags = GSHORT(pd, offset);
2618 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Additional Flags: 0x%02x", flags);
2619 flags_tree = proto_item_add_subtree(ti, ett_smb_aflags);
2620 proto_tree_add_text(flags_tree, NullTVB, offset, 2, "%s",
2621 decode_boolean_bitfield(flags, 0x01, 16,
2623 "Don't disconnect TID"));
2629 passwdlen = GSHORT(pd, offset);
2633 proto_tree_add_text(tree, NullTVB, offset, 2, "Password Length: %u", passwdlen);
2639 bcc = GSHORT(pd, offset);
2643 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
2653 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Password: %s", format_text(str, passwdlen));
2657 offset += passwdlen;
2663 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Path: %s", str);
2667 offset += strlen(str) + 1;
2673 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Service: %s", str);
2681 bcc = GSHORT(pd, offset);
2685 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
2695 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Service Type: %s",
2700 offset += strlen(str) + 1;
2706 optionsup = GSHORT(pd, offset);
2708 if (tree) { /* Should break out the bits */
2710 proto_tree_add_text(tree, NullTVB, offset, 2, "Optional Support: 0x%04x",
2717 bcc = GSHORT(pd, offset);
2721 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
2731 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Service: %s", str);
2735 offset += strlen(str) + 1;
2741 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Native File System: %s", str);
2745 offset += strlen(str) + 1;
2755 if (andxcmd != 0xFF) /* Process that next command ... ??? */
2757 (dissect[andxcmd])(pd, SMB_offset + andxoffs, fd, parent, tree, si, max_data - offset, SMB_offset, errcode, dirn);
2762 dissect_negprot_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
2764 guint8 wct, enckeylen;
2765 guint16 bcc, mode, rawmode, dialect;
2767 proto_tree *dialects = NULL, *mode_tree, *caps_tree, *rawmode_tree;
2773 wct = pd[offset]; /* Should be 0, 1 or 13 or 17, I think */
2775 if (!((wct == 0) && (dirn == 1)) && !((wct == 1) && (dirn == 0)) &&
2776 !((wct == 13) && (dirn == 0)) && !((wct == 17) && (dirn == 0))) {
2779 proto_tree_add_text(tree, NullTVB, offset, 1, "Invalid Negotiate Protocol format. WCT should be zero or 1 or 13 or 17 ..., not %u", wct);
2781 proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Data");
2789 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %d", wct);
2793 if (dirn == 0 && errcode != 0) return; /* No more info ... */
2797 /* Now decode the various formats ... */
2801 case 0: /* A request */
2803 bcc = GSHORT(pd, offset);
2807 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
2815 ti = proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Dialects");
2816 dialects = proto_item_add_subtree(ti, ett_smb_dialects);
2820 while (IS_DATA_IN_FRAME(offset)) {
2825 proto_tree_add_text(dialects, NullTVB, offset, 1, "Dialect Marker: %d", pd[offset]);
2835 proto_tree_add_text(dialects, NullTVB, offset, strlen(str)+1, "Dialect: %s", str);
2839 offset += strlen(str) + 1;
2844 case 1: /* PC NETWORK PROGRAM 1.0 */
2846 dialect = GSHORT(pd, offset);
2848 if (tree) { /* Hmmmm, what if none of the dialects is recognized */
2850 if (dialect == 0xFFFF) { /* Server didn't like them dialects */
2852 proto_tree_add_text(tree, NullTVB, offset, 2, "Supplied dialects not recognized");
2857 proto_tree_add_text(tree, NullTVB, offset, 2, "Dialect Index: %u, PC NETWORK PROTGRAM 1.0", dialect);
2865 bcc = GSHORT(pd, offset);
2869 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
2875 case 13: /* Greater than Core and up to and incl LANMAN2.1 */
2879 proto_tree_add_text(tree, NullTVB, offset, 2, "Dialect Index: %u, Greater than CORE PROTOCOL and up to LANMAN2.1", GSHORT(pd, offset));
2883 /* Much of this is similar to response 17 below */
2887 mode = GSHORT(pd, offset);
2891 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Security Mode: 0x%04x", mode);
2892 mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
2893 proto_tree_add_text(mode_tree, NullTVB, offset, 2, "%s",
2894 decode_boolean_bitfield(mode, 0x0001, 16,
2896 "Security = Share"));
2897 proto_tree_add_text(mode_tree, NullTVB, offset, 2, "%s",
2898 decode_boolean_bitfield(mode, 0x0002, 16,
2899 "Passwords = Encrypted",
2900 "Passwords = Plaintext"));
2908 proto_tree_add_text(tree, NullTVB, offset, 2, "Max buffer size: %u", GSHORT(pd, offset));
2916 proto_tree_add_text(tree, NullTVB, offset, 2, "Max multiplex count: %u", GSHORT(pd, offset));
2924 proto_tree_add_text(tree, NullTVB, offset, 2, "Max vcs: %u", GSHORT(pd, offset));
2930 rawmode = GSHORT(pd, offset);
2934 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Raw Mode: 0x%04x", rawmode);
2935 rawmode_tree = proto_item_add_subtree(ti, ett_smb_rawmode);
2936 proto_tree_add_text(rawmode_tree, NullTVB, offset, 2, "%s",
2937 decode_boolean_bitfield(rawmode, 0x01, 16,
2938 "Read Raw supported",
2939 "Read Raw not supported"));
2940 proto_tree_add_text(rawmode_tree, NullTVB, offset, 2, "%s",
2941 decode_boolean_bitfield(rawmode, 0x02, 16,
2942 "Write Raw supported",
2943 "Write Raw not supported"));
2951 proto_tree_add_text(tree, NullTVB, offset, 4, "Session key: %08x", GWORD(pd, offset));
2957 /* Now the server time, two short parameters ... */
2961 proto_tree_add_text(tree, NullTVB, offset, 2, "Server Time: %s",
2962 dissect_dos_time(GSHORT(pd, offset)));
2963 proto_tree_add_text(tree, NullTVB, offset + 2, 2, "Server Date: %s",
2964 dissect_dos_date(GSHORT(pd, offset + 2)));
2970 /* Server Time Zone, SHORT */
2974 proto_tree_add_text(tree, NullTVB, offset, 2, "Server time zone: %i min from UTC",
2975 (signed)GSSHORT(pd, offset));
2981 /* Challenge Length */
2983 enckeylen = GSHORT(pd, offset);
2987 proto_tree_add_text(tree, NullTVB, offset, 2, "Challenge Length: %u", enckeylen);
2995 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u (MBZ)", GSHORT(pd, offset));
3001 bcc = GSHORT(pd, offset);
3005 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
3011 if (enckeylen) { /* only if non-zero key len */
3017 proto_tree_add_text(tree, NullTVB, offset, enckeylen, "Challenge: %s",
3018 bytes_to_str(str, enckeylen));
3021 offset += enckeylen;
3025 /* Primary Domain ... */
3031 proto_tree_add_text(tree, NullTVB, offset, strlen(str)+1, "Primary Domain: %s", str);
3037 case 17: /* Greater than LANMAN2.1 */
3041 proto_tree_add_text(tree, NullTVB, offset, 2, "Dialect Index: %u, Greater than LANMAN2.1", GSHORT(pd, offset));
3047 mode = GBYTE(pd, offset);
3051 ti = proto_tree_add_text(tree, NullTVB, offset, 1, "Security Mode: 0x%02x", mode);
3052 mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
3053 proto_tree_add_text(mode_tree, NullTVB, offset, 1, "%s",
3054 decode_boolean_bitfield(mode, 0x01, 8,
3056 "Security = Share"));
3057 proto_tree_add_text(mode_tree, NullTVB, offset, 1, "%s",
3058 decode_boolean_bitfield(mode, 0x02, 8,
3059 "Passwords = Encrypted",
3060 "Passwords = Plaintext"));
3061 proto_tree_add_text(mode_tree, NullTVB, offset, 1, "%s",
3062 decode_boolean_bitfield(mode, 0x04, 8,
3063 "Security signatures enabled",
3064 "Security signatures not enabled"));
3065 proto_tree_add_text(mode_tree, NullTVB, offset, 1, "%s",
3066 decode_boolean_bitfield(mode, 0x08, 8,
3067 "Security signatures required",
3068 "Security signatures not required"));
3076 proto_tree_add_text(tree, NullTVB, offset, 2, "Max multiplex count: %u", GSHORT(pd, offset));
3084 proto_tree_add_text(tree, NullTVB, offset, 2, "Max vcs: %u", GSHORT(pd, offset));
3092 proto_tree_add_text(tree, NullTVB, offset, 2, "Max buffer size: %u", GWORD(pd, offset));
3100 proto_tree_add_text(tree, NullTVB, offset, 4, "Max raw size: %u", GWORD(pd, offset));
3108 proto_tree_add_text(tree, NullTVB, offset, 4, "Session key: %08x", GWORD(pd, offset));
3114 caps = GWORD(pd, offset);
3118 ti = proto_tree_add_text(tree, NullTVB, offset, 4, "Capabilities: 0x%04x", caps);
3119 caps_tree = proto_item_add_subtree(ti, ett_smb_capabilities);
3120 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3121 decode_boolean_bitfield(caps, 0x0001, 32,
3122 "Raw Mode supported",
3123 "Raw Mode not supported"));
3124 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3125 decode_boolean_bitfield(caps, 0x0002, 32,
3126 "MPX Mode supported",
3127 "MPX Mode not supported"));
3128 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3129 decode_boolean_bitfield(caps, 0x0004, 32,
3130 "Unicode supported",
3131 "Unicode not supported"));
3132 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3133 decode_boolean_bitfield(caps, 0x0008, 32,
3134 "Large files supported",
3135 "Large files not supported"));
3136 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3137 decode_boolean_bitfield(caps, 0x0010, 32,
3138 "NT LM 0.12 SMBs supported",
3139 "NT LM 0.12 SMBs not supported"));
3140 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3141 decode_boolean_bitfield(caps, 0x0020, 32,
3142 "RPC remote APIs supported",
3143 "RPC remote APIs not supported"));
3144 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3145 decode_boolean_bitfield(caps, 0x0040, 32,
3146 "NT status codes supported",
3147 "NT status codes not supported"));
3148 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3149 decode_boolean_bitfield(caps, 0x0080, 32,
3150 "Level 2 OpLocks supported",
3151 "Level 2 OpLocks not supported"));
3152 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3153 decode_boolean_bitfield(caps, 0x0100, 32,
3154 "Lock&Read supported",
3155 "Lock&Read not supported"));
3156 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3157 decode_boolean_bitfield(caps, 0x0200, 32,
3158 "NT Find supported",
3159 "NT Find not supported"));
3160 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3161 decode_boolean_bitfield(caps, 0x1000, 32,
3163 "DFS not supported"));
3164 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3165 decode_boolean_bitfield(caps, 0x4000, 32,
3166 "Large READX supported",
3167 "Large READX not supported"));
3168 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3169 decode_boolean_bitfield(caps, 0x8000, 32,
3170 "Large WRITEX supported",
3171 "Large WRITEX not supported"));
3172 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3173 decode_boolean_bitfield(caps, 0x80000000, 32,
3174 "Extended security exchanges supported",
3175 "Extended security exchanges not supported"));
3180 /* Server time, 2 WORDS */
3184 proto_tree_add_text(tree, NullTVB, offset, 4, "System Time Low: 0x%08x", GWORD(pd, offset));
3185 proto_tree_add_text(tree, NullTVB, offset + 4, 4, "System Time High: 0x%08x", GWORD(pd, offset + 4));
3191 /* Server Time Zone, SHORT */
3195 proto_tree_add_text(tree, NullTVB, offset, 2, "Server time zone: %i min from UTC",
3196 (signed)GSSHORT(pd, offset));
3202 /* Encryption key len */
3204 enckeylen = pd[offset];
3208 proto_tree_add_text(tree, NullTVB, offset, 1, "Encryption key len: %u", enckeylen);
3214 bcc = GSHORT(pd, offset);
3218 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte count (BCC): %u", bcc);
3224 if (enckeylen) { /* only if non-zero key len */
3226 /* Encryption challenge key */
3232 proto_tree_add_text(tree, NullTVB, offset, enckeylen, "Challenge encryption key: %s",
3233 bytes_to_str(str, enckeylen));
3237 offset += enckeylen;
3241 /* The domain, a null terminated string; Unicode if "caps" has
3242 the 0x0004 bit set, ASCII (OEM character set) otherwise.
3243 XXX - for now, we just handle the ISO 8859-1 subset of Unicode. */
3249 if (caps & 0x0004) {
3250 ustr = unicode_to_str(str, &ustr_len);
3251 proto_tree_add_text(tree, NullTVB, offset, ustr_len+2, "OEM domain name: %s", ustr);
3253 proto_tree_add_text(tree, NullTVB, offset, strlen(str)+1, "OEM domain name: %s", str);
3260 default: /* Baddd */
3263 proto_tree_add_text(tree, NullTVB, offset, 1, "Bad format, should never get here");
3271 dissect_deletedir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3275 guint8 BufferFormat;
3277 const char *DirectoryName;
3279 if (dirn == 1) { /* Request(s) dissect code */
3281 /* Build display for: Word Count (WCT) */
3283 WordCount = GBYTE(pd, offset);
3287 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3291 offset += 1; /* Skip Word Count (WCT) */
3293 /* Build display for: Byte Count (BCC) */
3295 ByteCount = GSHORT(pd, offset);
3299 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3303 offset += 2; /* Skip Byte Count (BCC) */
3305 /* Build display for: Buffer Format */
3307 BufferFormat = GBYTE(pd, offset);
3311 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
3315 offset += 1; /* Skip Buffer Format */
3317 /* Build display for: Directory Name */
3319 DirectoryName = pd + offset;
3323 proto_tree_add_text(tree, NullTVB, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3327 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3331 if (dirn == 0) { /* Response(s) dissect code */
3333 /* Build display for: Word Count (WCT) */
3335 WordCount = GBYTE(pd, offset);
3339 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3343 offset += 1; /* Skip Word Count (WCT) */
3345 /* Build display for: Byte Count (BCC) */
3347 ByteCount = GSHORT(pd, offset);
3351 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3355 offset += 2; /* Skip Byte Count (BCC) */
3362 dissect_createdir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3366 guint8 BufferFormat;
3368 const char *DirectoryName;
3370 if (dirn == 1) { /* Request(s) dissect code */
3372 /* Build display for: Word Count (WCT) */
3374 WordCount = GBYTE(pd, offset);
3378 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3382 offset += 1; /* Skip Word Count (WCT) */
3384 /* Build display for: Byte Count (BCC) */
3386 ByteCount = GSHORT(pd, offset);
3390 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3394 offset += 2; /* Skip Byte Count (BCC) */
3396 /* Build display for: Buffer Format */
3398 BufferFormat = GBYTE(pd, offset);
3402 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
3406 offset += 1; /* Skip Buffer Format */
3408 /* Build display for: Directory Name */
3410 DirectoryName = pd + offset;
3414 proto_tree_add_text(tree, NullTVB, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3418 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3422 if (dirn == 0) { /* Response(s) dissect code */
3424 /* Build display for: Word Count (WCT) */
3426 WordCount = GBYTE(pd, offset);
3430 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3434 offset += 1; /* Skip Word Count (WCT) */
3436 /* Build display for: Byte Count (BCC) */
3438 ByteCount = GSHORT(pd, offset);
3442 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3446 offset += 2; /* Skip Byte Count (BCC) */
3454 dissect_checkdir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3458 guint8 BufferFormat;
3460 const char *DirectoryName;
3462 if (dirn == 1) { /* Request(s) dissect code */
3464 /* Build display for: Word Count (WCT) */
3466 WordCount = GBYTE(pd, offset);
3470 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3474 offset += 1; /* Skip Word Count (WCT) */
3476 /* Build display for: Byte Count (BCC) */
3478 ByteCount = GSHORT(pd, offset);
3482 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3486 offset += 2; /* Skip Byte Count (BCC) */
3488 /* Build display for: Buffer Format */
3490 BufferFormat = GBYTE(pd, offset);
3494 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
3498 offset += 1; /* Skip Buffer Format */
3500 /* Build display for: Directory Name */
3502 DirectoryName = pd + offset;
3506 proto_tree_add_text(tree, NullTVB, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3510 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3514 if (dirn == 0) { /* Response(s) dissect code */
3516 /* Build display for: Word Count (WCT) */
3518 WordCount = GBYTE(pd, offset);
3522 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3526 offset += 1; /* Skip Word Count (WCT) */
3528 /* Build display for: Byte Count (BCC) */
3530 ByteCount = GSHORT(pd, offset);
3534 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3538 offset += 2; /* Skip Byte Count (BCC) */
3545 dissect_open_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3548 static const value_string OpenFunction_0x10[] = {
3549 { 0, "Fail if file does not exist"},
3550 { 16, "Create file if it does not exist"},
3553 static const value_string OpenFunction_0x03[] = {
3554 { 0, "Fail if file exists"},
3555 { 1, "Open file if it exists"},
3556 { 2, "Truncate File if it exists"},
3559 static const value_string FileType_0xFFFF[] = {
3560 { 0, "Disk file or directory"},
3561 { 1, "Named pipe in byte mode"},
3562 { 2, "Named pipe in message mode"},
3563 { 3, "Spooled printer"},
3566 static const value_string DesiredAccess_0x70[] = {
3567 { 00, "Compatibility mode"},
3568 { 16, "Deny read/write/execute (exclusive)"},
3569 { 32, "Deny write"},
3570 { 48, "Deny read/execute"},
3574 static const value_string DesiredAccess_0x700[] = {
3575 { 0, "Locality of reference unknown"},
3576 { 256, "Mainly sequential access"},
3577 { 512, "Mainly random access"},
3578 { 768, "Random access with some locality"},
3581 static const value_string DesiredAccess_0x4000[] = {
3582 { 0, "Write through mode disabled"},
3583 { 16384, "Write through mode enabled"},
3586 static const value_string DesiredAccess_0x1000[] = {
3587 { 0, "Normal file (caching permitted)"},
3588 { 4096, "Do not cache this file"},
3591 static const value_string DesiredAccess_0x07[] = {
3592 { 0, "Open for reading"},
3593 { 1, "Open for writing"},
3594 { 2, "Open for reading and writing"},
3595 { 3, "Open for execute"},
3598 static const value_string Action_0x8000[] = {
3599 { 0, "File opened by another user (or mode not supported by server)"},
3600 { 32768, "File is opened only by this user at present"},
3603 static const value_string Action_0x0003[] = {
3604 { 0, "No action taken?"},
3605 { 1, "The file existed and was opened"},
3606 { 2, "The file did not exist but was created"},
3607 { 3, "The file existed and was truncated"},
3610 proto_tree *Search_tree;
3611 proto_tree *OpenFunction_tree;
3612 proto_tree *Flags_tree;
3613 proto_tree *File_tree;
3614 proto_tree *FileType_tree;
3615 proto_tree *FileAttributes_tree;
3616 proto_tree *DesiredAccess_tree;
3617 proto_tree *Action_tree;
3620 guint8 AndXReserved;
3621 guint8 AndXCommand = 0xFF;
3626 guint32 AllocatedSize;
3629 guint16 OpenFunction;
3630 guint16 LastWriteTime;
3631 guint16 LastWriteDate;
3632 guint16 GrantedAccess;
3635 guint16 FileAttributes;
3638 guint16 DeviceState;
3639 guint16 DesiredAccess;
3640 guint16 CreationTime;
3641 guint16 CreationDate;
3643 guint16 AndXOffset = 0;
3645 const char *FileName;
3647 if (dirn == 1) { /* Request(s) dissect code */
3649 /* Build display for: Word Count (WCT) */
3651 WordCount = GBYTE(pd, offset);
3655 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3659 offset += 1; /* Skip Word Count (WCT) */
3661 /* Build display for: AndXCommand */
3663 AndXCommand = GBYTE(pd, offset);
3667 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
3668 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
3672 offset += 1; /* Skip AndXCommand */
3674 /* Build display for: AndXReserved */
3676 AndXReserved = GBYTE(pd, offset);
3680 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
3684 offset += 1; /* Skip AndXReserved */
3686 /* Build display for: AndXOffset */
3688 AndXOffset = GSHORT(pd, offset);
3692 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
3696 offset += 2; /* Skip AndXOffset */
3698 /* Build display for: Flags */
3700 Flags = GSHORT(pd, offset);
3704 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Flags: 0x%02x", Flags);
3705 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
3706 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
3707 decode_boolean_bitfield(Flags, 0x01, 16, "Dont Return Additional Info", "Return Additional Info"));
3708 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
3709 decode_boolean_bitfield(Flags, 0x02, 16, "Exclusive OpLock not Requested", "Exclusive OpLock Requested"));
3710 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
3711 decode_boolean_bitfield(Flags, 0x04, 16, "Batch OpLock not Requested", "Batch OpLock Requested"));
3715 offset += 2; /* Skip Flags */
3717 /* Build display for: Desired Access */
3719 DesiredAccess = GSHORT(pd, offset);
3723 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Desired Access: 0x%02x", DesiredAccess);
3724 DesiredAccess_tree = proto_item_add_subtree(ti, ett_smb_desiredaccess);
3725 proto_tree_add_text(DesiredAccess_tree, NullTVB, offset, 2, "%s",
3726 decode_enumerated_bitfield(DesiredAccess, 0x07, 16, DesiredAccess_0x07, "%s"));
3727 proto_tree_add_text(DesiredAccess_tree, NullTVB, offset, 2, "%s",
3728 decode_enumerated_bitfield(DesiredAccess, 0x70, 16, DesiredAccess_0x70, "%s"));
3729 proto_tree_add_text(DesiredAccess_tree, NullTVB, offset, 2, "%s",
3730 decode_enumerated_bitfield(DesiredAccess, 0x700, 16, DesiredAccess_0x700, "%s"));
3731 proto_tree_add_text(DesiredAccess_tree, NullTVB, offset, 2, "%s",
3732 decode_enumerated_bitfield(DesiredAccess, 0x1000, 16, DesiredAccess_0x1000, "%s"));
3733 proto_tree_add_text(DesiredAccess_tree, NullTVB, offset, 2, "%s",
3734 decode_enumerated_bitfield(DesiredAccess, 0x4000, 16, DesiredAccess_0x4000, "%s"));
3738 offset += 2; /* Skip Desired Access */
3740 /* Build display for: Search */
3742 Search = GSHORT(pd, offset);
3746 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Search: 0x%02x", Search);
3747 Search_tree = proto_item_add_subtree(ti, ett_smb_search);
3748 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
3749 decode_boolean_bitfield(Search, 0x01, 16, "Read only file", "Not a read only file"));
3750 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
3751 decode_boolean_bitfield(Search, 0x02, 16, "Hidden file", "Not a hidden file"));
3752 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
3753 decode_boolean_bitfield(Search, 0x04, 16, "System file", "Not a system file"));
3754 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
3755 decode_boolean_bitfield(Search, 0x08, 16, " Volume", "Not a volume"));
3756 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
3757 decode_boolean_bitfield(Search, 0x10, 16, " Directory", "Not a directory"));
3758 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
3759 decode_boolean_bitfield(Search, 0x20, 16, "Archive file", "Do not archive file"));
3763 offset += 2; /* Skip Search */
3765 /* Build display for: File */
3767 File = GSHORT(pd, offset);
3771 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "File: 0x%02x", File);
3772 File_tree = proto_item_add_subtree(ti, ett_smb_file);
3773 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
3774 decode_boolean_bitfield(File, 0x01, 16, "Read only file", "Not a read only file"));
3775 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
3776 decode_boolean_bitfield(File, 0x02, 16, "Hidden file", "Not a hidden file"));
3777 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
3778 decode_boolean_bitfield(File, 0x04, 16, "System file", "Not a system file"));
3779 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
3780 decode_boolean_bitfield(File, 0x08, 16, " Volume", "Not a volume"));
3781 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
3782 decode_boolean_bitfield(File, 0x10, 16, " Directory", "Not a directory"));
3783 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
3784 decode_boolean_bitfield(File, 0x20, 16, "Archive file", "Do not archive file"));
3788 offset += 2; /* Skip File */
3790 /* Build display for: Creation Time */
3792 CreationTime = GSHORT(pd, offset);
3799 offset += 2; /* Skip Creation Time */
3801 /* Build display for: Creation Date */
3803 CreationDate = GSHORT(pd, offset);
3807 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Date: %s", dissect_smbu_date(CreationDate, CreationTime));
3808 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Time: %s", dissect_smbu_time(CreationDate, CreationTime));
3812 offset += 2; /* Skip Creation Date */
3814 /* Build display for: Open Function */
3816 OpenFunction = GSHORT(pd, offset);
3820 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Open Function: 0x%02x", OpenFunction);
3821 OpenFunction_tree = proto_item_add_subtree(ti, ett_smb_openfunction);
3822 proto_tree_add_text(OpenFunction_tree, NullTVB, offset, 2, "%s",
3823 decode_enumerated_bitfield(OpenFunction, 0x10, 16, OpenFunction_0x10, "%s"));
3824 proto_tree_add_text(OpenFunction_tree, NullTVB, offset, 2, "%s",
3825 decode_enumerated_bitfield(OpenFunction, 0x03, 16, OpenFunction_0x03, "%s"));
3829 offset += 2; /* Skip Open Function */
3831 /* Build display for: Allocated Size */
3833 AllocatedSize = GWORD(pd, offset);
3837 proto_tree_add_text(tree, NullTVB, offset, 4, "Allocated Size: %u", AllocatedSize);
3841 offset += 4; /* Skip Allocated Size */
3843 /* Build display for: Reserved1 */
3845 Reserved1 = GWORD(pd, offset);
3849 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved1: %u", Reserved1);
3853 offset += 4; /* Skip Reserved1 */
3855 /* Build display for: Reserved2 */
3857 Reserved2 = GWORD(pd, offset);
3861 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved2: %u", Reserved2);
3865 offset += 4; /* Skip Reserved2 */
3867 /* Build display for: Byte Count */
3869 ByteCount = GSHORT(pd, offset);
3873 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
3877 offset += 2; /* Skip Byte Count */
3879 /* Build display for: File Name */
3881 FileName = pd + offset;
3885 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
3889 offset += strlen(FileName) + 1; /* Skip File Name */
3892 if (AndXCommand != 0xFF) {
3894 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
3900 if (dirn == 0) { /* Response(s) dissect code */
3902 /* Build display for: Word Count (WCT) */
3904 WordCount = GBYTE(pd, offset);
3908 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3912 offset += 1; /* Skip Word Count (WCT) */
3914 if (WordCount > 0) {
3916 /* Build display for: AndXCommand */
3918 AndXCommand = GBYTE(pd, offset);
3922 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
3923 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
3927 offset += 1; /* Skip AndXCommand */
3929 /* Build display for: AndXReserved */
3931 AndXReserved = GBYTE(pd, offset);
3935 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
3939 offset += 1; /* Skip AndXReserved */
3941 /* Build display for: AndXOffset */
3943 AndXOffset = GSHORT(pd, offset);
3947 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
3951 offset += 2; /* Skip AndXOffset */
3953 /* Build display for: FID */
3955 FID = GSHORT(pd, offset);
3959 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
3963 offset += 2; /* Skip FID */
3965 /* Build display for: FileAttributes */
3967 FileAttributes = GSHORT(pd, offset);
3971 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "FileAttributes: 0x%02x", FileAttributes);
3972 FileAttributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
3973 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
3974 decode_boolean_bitfield(FileAttributes, 0x01, 16, "Read only file", "Not a read only file"));
3975 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
3976 decode_boolean_bitfield(FileAttributes, 0x02, 16, "Hidden file", "Not a hidden file"));
3977 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
3978 decode_boolean_bitfield(FileAttributes, 0x04, 16, "System file", "Not a system file"));
3979 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
3980 decode_boolean_bitfield(FileAttributes, 0x08, 16, " Volume", "Not a volume"));
3981 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
3982 decode_boolean_bitfield(FileAttributes, 0x10, 16, " Directory", "Not a directory"));
3983 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
3984 decode_boolean_bitfield(FileAttributes, 0x20, 16, "Archive file", "Do not archive file"));
3988 offset += 2; /* Skip FileAttributes */
3990 /* Build display for: Last Write Time */
3992 LastWriteTime = GSHORT(pd, offset);
3998 offset += 2; /* Skip Last Write Time */
4000 /* Build display for: Last Write Date */
4002 LastWriteDate = GSHORT(pd, offset);
4006 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_smbu_date(LastWriteDate, LastWriteTime));
4007 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_smbu_time(LastWriteDate, LastWriteTime));
4012 offset += 2; /* Skip Last Write Date */
4014 /* Build display for: Data Size */
4016 DataSize = GWORD(pd, offset);
4020 proto_tree_add_text(tree, NullTVB, offset, 4, "Data Size: %u", DataSize);
4024 offset += 4; /* Skip Data Size */
4026 /* Build display for: Granted Access */
4028 GrantedAccess = GSHORT(pd, offset);
4032 proto_tree_add_text(tree, NullTVB, offset, 2, "Granted Access: %u", GrantedAccess);
4036 offset += 2; /* Skip Granted Access */
4038 /* Build display for: File Type */
4040 FileType = GSHORT(pd, offset);
4044 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "File Type: 0x%02x", FileType);
4045 FileType_tree = proto_item_add_subtree(ti, ett_smb_filetype);
4046 proto_tree_add_text(FileType_tree, NullTVB, offset, 2, "%s",
4047 decode_enumerated_bitfield(FileType, 0xFFFF, 16, FileType_0xFFFF, "%s"));
4051 offset += 2; /* Skip File Type */
4053 /* Build display for: Device State */
4055 DeviceState = GSHORT(pd, offset);
4059 proto_tree_add_text(tree, NullTVB, offset, 2, "Device State: %u", DeviceState);
4063 offset += 2; /* Skip Device State */
4065 /* Build display for: Action */
4067 Action = GSHORT(pd, offset);
4071 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Action: 0x%02x", Action);
4072 Action_tree = proto_item_add_subtree(ti, ett_smb_action);
4073 proto_tree_add_text(Action_tree, NullTVB, offset, 2, "%s",
4074 decode_enumerated_bitfield(Action, 0x8000, 16, Action_0x8000, "%s"));
4075 proto_tree_add_text(Action_tree, NullTVB, offset, 2, "%s",
4076 decode_enumerated_bitfield(Action, 0x0003, 16, Action_0x0003, "%s"));
4080 offset += 2; /* Skip Action */
4082 /* Build display for: Server FID */
4084 ServerFID = GWORD(pd, offset);
4088 proto_tree_add_text(tree, NullTVB, offset, 4, "Server FID: %u", ServerFID);
4092 offset += 4; /* Skip Server FID */
4094 /* Build display for: Reserved */
4096 Reserved = GSHORT(pd, offset);
4100 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
4104 offset += 2; /* Skip Reserved */
4108 /* Build display for: Byte Count */
4110 ByteCount = GSHORT(pd, offset);
4114 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
4118 offset += 2; /* Skip Byte Count */
4121 if (AndXCommand != 0xFF) {
4123 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
4132 dissect_write_raw_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4135 proto_tree *WriteMode_tree;
4151 if (dirn == 1) { /* Request(s) dissect code */
4153 WordCount = GBYTE(pd, offset);
4155 switch (WordCount) {
4159 /* Build display for: Word Count (WCT) */
4161 WordCount = GBYTE(pd, offset);
4165 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4169 offset += 1; /* Skip Word Count (WCT) */
4171 /* Build display for: FID */
4173 FID = GSHORT(pd, offset);
4177 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
4181 offset += 2; /* Skip FID */
4183 /* Build display for: Count */
4185 Count = GSHORT(pd, offset);
4189 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
4193 offset += 2; /* Skip Count */
4195 /* Build display for: Reserved 1 */
4197 Reserved1 = GSHORT(pd, offset);
4201 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
4205 offset += 2; /* Skip Reserved 1 */
4207 /* Build display for: Offset */
4209 Offset = GWORD(pd, offset);
4213 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
4217 offset += 4; /* Skip Offset */
4219 /* Build display for: Timeout */
4221 Timeout = GWORD(pd, offset);
4225 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
4229 offset += 4; /* Skip Timeout */
4231 /* Build display for: WriteMode */
4233 WriteMode = GSHORT(pd, offset);
4237 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "WriteMode: 0x%02x", WriteMode);
4238 WriteMode_tree = proto_item_add_subtree(ti, ett_smb_writemode);
4239 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
4240 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
4241 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
4242 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining (pipe/dev)", "Dont return Remaining (pipe/dev)"));
4246 offset += 2; /* Skip WriteMode */
4248 /* Build display for: Reserved 2 */
4250 Reserved2 = GWORD(pd, offset);
4254 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved 2: %u", Reserved2);
4258 offset += 4; /* Skip Reserved 2 */
4260 /* Build display for: Data Length */
4262 DataLength = GSHORT(pd, offset);
4266 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
4270 offset += 2; /* Skip Data Length */
4272 /* Build display for: Data Offset */
4274 DataOffset = GSHORT(pd, offset);
4278 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
4282 offset += 2; /* Skip Data Offset */
4284 /* Build display for: Byte Count (BCC) */
4286 ByteCount = GSHORT(pd, offset);
4290 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
4294 offset += 2; /* Skip Byte Count (BCC) */
4296 /* Build display for: Pad */
4298 Pad = GBYTE(pd, offset);
4302 proto_tree_add_text(tree, NullTVB, offset, 1, "Pad: %u", Pad);
4306 offset += 1; /* Skip Pad */
4312 /* Build display for: Word Count (WCT) */
4314 WordCount = GBYTE(pd, offset);
4318 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4322 offset += 1; /* Skip Word Count (WCT) */
4324 /* Build display for: FID */
4326 FID = GSHORT(pd, offset);
4330 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
4334 offset += 2; /* Skip FID */
4336 /* Build display for: Count */
4338 Count = GSHORT(pd, offset);
4342 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
4346 offset += 2; /* Skip Count */
4348 /* Build display for: Reserved 1 */
4350 Reserved1 = GSHORT(pd, offset);
4354 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
4358 offset += 2; /* Skip Reserved 1 */
4360 /* Build display for: Timeout */
4362 Timeout = GWORD(pd, offset);
4366 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
4370 offset += 4; /* Skip Timeout */
4372 /* Build display for: WriteMode */
4374 WriteMode = GSHORT(pd, offset);
4378 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "WriteMode: 0x%02x", WriteMode);
4379 WriteMode_tree = proto_item_add_subtree(ti, ett_smb_writemode);
4380 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
4381 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
4382 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
4383 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining (pipe/dev)", "Dont return Remaining (pipe/dev)"));
4387 offset += 2; /* Skip WriteMode */
4389 /* Build display for: Reserved 2 */
4391 Reserved2 = GWORD(pd, offset);
4395 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved 2: %u", Reserved2);
4399 offset += 4; /* Skip Reserved 2 */
4401 /* Build display for: Data Length */
4403 DataLength = GSHORT(pd, offset);
4407 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
4411 offset += 2; /* Skip Data Length */
4413 /* Build display for: Data Offset */
4415 DataOffset = GSHORT(pd, offset);
4419 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
4423 offset += 2; /* Skip Data Offset */
4425 /* Build display for: Byte Count (BCC) */
4427 ByteCount = GSHORT(pd, offset);
4431 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
4435 offset += 2; /* Skip Byte Count (BCC) */
4437 /* Build display for: Pad */
4439 Pad = GBYTE(pd, offset);
4443 proto_tree_add_text(tree, NullTVB, offset, 1, "Pad: %u", Pad);
4447 offset += 1; /* Skip Pad */
4455 if (dirn == 0) { /* Response(s) dissect code */
4457 /* Build display for: Word Count (WCT) */
4459 WordCount = GBYTE(pd, offset);
4463 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4467 offset += 1; /* Skip Word Count (WCT) */
4469 if (WordCount > 0) {
4471 /* Build display for: Remaining */
4473 Remaining = GSHORT(pd, offset);
4477 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
4481 offset += 2; /* Skip Remaining */
4485 /* Build display for: Byte Count */
4487 ByteCount = GSHORT(pd, offset);
4491 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
4495 offset += 2; /* Skip Byte Count */
4502 dissect_tdis_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4508 if (dirn == 1) { /* Request(s) dissect code */
4510 /* Build display for: Word Count (WCT) */
4512 WordCount = GBYTE(pd, offset);
4516 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4520 offset += 1; /* Skip Word Count (WCT) */
4522 /* Build display for: Byte Count (BCC) */
4524 ByteCount = GSHORT(pd, offset);
4528 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
4532 offset += 2; /* Skip Byte Count (BCC) */
4536 if (dirn == 0) { /* Response(s) dissect code */
4538 /* Build display for: Word Count (WCT) */
4540 WordCount = GBYTE(pd, offset);
4544 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4548 offset += 1; /* Skip Word Count (WCT) */
4550 /* Build display for: Byte Count (BCC) */
4552 ByteCount = GSHORT(pd, offset);
4556 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
4560 offset += 2; /* Skip Byte Count (BCC) */
4567 dissect_move_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4570 static const value_string Flags_0x03[] = {
4571 { 0, "Target must be a file"},
4572 { 1, "Target must be a directory"},
4575 { 4, "Verify all writes"},
4578 proto_tree *Flags_tree;
4581 guint8 ErrorFileFormat;
4583 guint16 OpenFunction;
4587 const char *ErrorFileName;
4589 if (dirn == 1) { /* Request(s) dissect code */
4591 /* Build display for: Word Count (WCT) */
4593 WordCount = GBYTE(pd, offset);
4597 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4601 offset += 1; /* Skip Word Count (WCT) */
4603 /* Build display for: TID2 */
4605 TID2 = GSHORT(pd, offset);
4609 proto_tree_add_text(tree, NullTVB, offset, 2, "TID2: %u", TID2);
4613 offset += 2; /* Skip TID2 */
4615 /* Build display for: Open Function */
4617 OpenFunction = GSHORT(pd, offset);
4621 proto_tree_add_text(tree, NullTVB, offset, 2, "Open Function: %u", OpenFunction);
4625 offset += 2; /* Skip Open Function */
4627 /* Build display for: Flags */
4629 Flags = GSHORT(pd, offset);
4633 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Flags: 0x%02x", Flags);
4634 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
4635 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
4636 decode_enumerated_bitfield(Flags, 0x03, 16, Flags_0x03, "%s"));
4640 offset += 2; /* Skip Flags */
4644 if (dirn == 0) { /* Response(s) dissect code */
4646 /* Build display for: Word Count (WCT) */
4648 WordCount = GBYTE(pd, offset);
4652 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4656 offset += 1; /* Skip Word Count (WCT) */
4658 if (WordCount > 0) {
4660 /* Build display for: Count */
4662 Count = GSHORT(pd, offset);
4666 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
4670 offset += 2; /* Skip Count */
4674 /* Build display for: Byte Count */
4676 ByteCount = GSHORT(pd, offset);
4680 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
4684 offset += 2; /* Skip Byte Count */
4686 /* Build display for: Error File Format */
4688 ErrorFileFormat = GBYTE(pd, offset);
4692 proto_tree_add_text(tree, NullTVB, offset, 1, "Error File Format: %u", ErrorFileFormat);
4696 offset += 1; /* Skip Error File Format */
4698 /* Build display for: Error File Name */
4700 ErrorFileName = pd + offset;
4704 proto_tree_add_text(tree, NullTVB, offset, strlen(ErrorFileName) + 1, "Error File Name: %s", ErrorFileName);
4708 offset += strlen(ErrorFileName) + 1; /* Skip Error File Name */
4715 dissect_rename_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4719 guint8 BufferFormat2;
4720 guint8 BufferFormat1;
4721 guint16 SearchAttributes;
4723 const char *OldFileName;
4724 const char *NewFileName;
4726 if (dirn == 1) { /* Request(s) dissect code */
4728 /* Build display for: Word Count (WCT) */
4730 WordCount = GBYTE(pd, offset);
4734 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4738 offset += 1; /* Skip Word Count (WCT) */
4740 /* Build display for: Search Attributes */
4742 SearchAttributes = GSHORT(pd, offset);
4746 proto_tree_add_text(tree, NullTVB, offset, 2, "Search Attributes: %u", SearchAttributes);
4750 offset += 2; /* Skip Search Attributes */
4752 /* Build display for: Byte Count */
4754 ByteCount = GSHORT(pd, offset);
4758 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
4762 offset += 2; /* Skip Byte Count */
4764 /* Build display for: Buffer Format 1 */
4766 BufferFormat1 = GBYTE(pd, offset);
4770 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format 1: %u", BufferFormat1);
4774 offset += 1; /* Skip Buffer Format 1 */
4776 /* Build display for: Old File Name */
4778 OldFileName = pd + offset;
4782 proto_tree_add_text(tree, NullTVB, offset, strlen(OldFileName) + 1, "Old File Name: %s", OldFileName);
4786 offset += strlen(OldFileName) + 1; /* Skip Old File Name */
4788 /* Build display for: Buffer Format 2 */
4790 BufferFormat2 = GBYTE(pd, offset);
4794 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format 2: %u", BufferFormat2);
4798 offset += 1; /* Skip Buffer Format 2 */
4800 /* Build display for: New File Name */
4802 NewFileName = pd + offset;
4806 proto_tree_add_text(tree, NullTVB, offset, strlen(NewFileName) + 1, "New File Name: %s", NewFileName);
4810 offset += strlen(NewFileName) + 1; /* Skip New File Name */
4814 if (dirn == 0) { /* Response(s) dissect code */
4816 /* Build display for: Word Count (WCT) */
4818 WordCount = GBYTE(pd, offset);
4822 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4826 offset += 1; /* Skip Word Count (WCT) */
4828 /* Build display for: Byte Count (BCC) */
4830 ByteCount = GSHORT(pd, offset);
4834 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
4838 offset += 2; /* Skip Byte Count (BCC) */
4845 dissect_open_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4848 static const value_string Mode_0x03[] = {
4849 { 0, "Text mode (DOS expands TABs)"},
4850 { 1, "Graphics mode"},
4853 proto_tree *Mode_tree;
4856 guint8 BufferFormat;
4857 guint16 SetupLength;
4861 const char *IdentifierString;
4863 if (dirn == 1) { /* Request(s) dissect code */
4865 /* Build display for: Word Count (WCT) */
4867 WordCount = GBYTE(pd, offset);
4871 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4875 offset += 1; /* Skip Word Count (WCT) */
4877 /* Build display for: Setup Length */
4879 SetupLength = GSHORT(pd, offset);
4883 proto_tree_add_text(tree, NullTVB, offset, 2, "Setup Length: %u", SetupLength);
4887 offset += 2; /* Skip Setup Length */
4889 /* Build display for: Mode */
4891 Mode = GSHORT(pd, offset);
4895 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Mode: 0x%02x", Mode);
4896 Mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
4897 proto_tree_add_text(Mode_tree, NullTVB, offset, 2, "%s",
4898 decode_enumerated_bitfield(Mode, 0x03, 16, Mode_0x03, "%s"));
4902 offset += 2; /* Skip Mode */
4904 /* Build display for: Byte Count (BCC) */
4906 ByteCount = GSHORT(pd, offset);
4910 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
4914 offset += 2; /* Skip Byte Count (BCC) */
4916 /* Build display for: Buffer Format */
4918 BufferFormat = GBYTE(pd, offset);
4922 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
4926 offset += 1; /* Skip Buffer Format */
4928 /* Build display for: Identifier String */
4930 IdentifierString = pd + offset;
4934 proto_tree_add_text(tree, NullTVB, offset, strlen(IdentifierString) + 1, "Identifier String: %s", IdentifierString);
4938 offset += strlen(IdentifierString) + 1; /* Skip Identifier String */
4942 if (dirn == 0) { /* Response(s) dissect code */
4944 /* Build display for: Word Count (WCT) */
4946 WordCount = GBYTE(pd, offset);
4950 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4954 offset += 1; /* Skip Word Count (WCT) */
4956 /* Build display for: FID */
4958 FID = GSHORT(pd, offset);
4962 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
4966 offset += 2; /* Skip FID */
4968 /* Build display for: Byte Count (BCC) */
4970 ByteCount = GSHORT(pd, offset);
4974 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
4978 offset += 2; /* Skip Byte Count (BCC) */
4985 dissect_close_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4992 if (dirn == 1) { /* Request(s) dissect code */
4994 /* Build display for: Word Count (WCT) */
4996 WordCount = GBYTE(pd, offset);
5000 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5004 offset += 1; /* Skip Word Count (WCT) */
5006 /* Build display for: FID */
5008 FID = GSHORT(pd, offset);
5012 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
5016 offset += 2; /* Skip FID */
5018 /* Build display for: Byte Count (BCC) */
5020 ByteCount = GSHORT(pd, offset);
5024 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5028 offset += 2; /* Skip Byte Count (BCC) */
5032 if (dirn == 0) { /* Response(s) dissect code */
5034 /* Build display for: Word Count */
5036 WordCount = GBYTE(pd, offset);
5040 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count: %u", WordCount);
5044 offset += 1; /* Skip Word Count */
5046 /* Build display for: Byte Count (BCC) */
5048 ByteCount = GSHORT(pd, offset);
5052 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5056 offset += 2; /* Skip Byte Count (BCC) */
5063 dissect_read_raw_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5076 if (dirn == 1) { /* Request(s) dissect code */
5078 WordCount = GBYTE(pd, offset);
5080 switch (WordCount) {
5084 /* Build display for: Word Count (WCT) */
5086 WordCount = GBYTE(pd, offset);
5090 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5094 offset += 1; /* Skip Word Count (WCT) */
5096 /* Build display for: FID */
5098 FID = GSHORT(pd, offset);
5102 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
5106 offset += 2; /* Skip FID */
5108 /* Build display for: Offset */
5110 Offset = GWORD(pd, offset);
5114 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
5118 offset += 4; /* Skip Offset */
5120 /* Build display for: Max Count */
5122 MaxCount = GSHORT(pd, offset);
5126 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
5130 offset += 2; /* Skip Max Count */
5132 /* Build display for: Min Count */
5134 MinCount = GSHORT(pd, offset);
5138 proto_tree_add_text(tree, NullTVB, offset, 2, "Min Count: %u", MinCount);
5142 offset += 2; /* Skip Min Count */
5144 /* Build display for: Timeout */
5146 Timeout = GWORD(pd, offset);
5150 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
5154 offset += 4; /* Skip Timeout */
5156 /* Build display for: Reserved */
5158 Reserved = GSHORT(pd, offset);
5162 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
5166 offset += 2; /* Skip Reserved */
5168 /* Build display for: Byte Count (BCC) */
5170 ByteCount = GSHORT(pd, offset);
5174 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5178 offset += 2; /* Skip Byte Count (BCC) */
5184 /* Build display for: Word Count (WCT) */
5186 WordCount = GBYTE(pd, offset);
5190 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5194 offset += 1; /* Skip Word Count (WCT) */
5196 /* Build display for: FID */
5198 FID = GSHORT(pd, offset);
5202 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
5206 offset += 2; /* Skip FID */
5208 /* Build display for: Offset */
5210 Offset = GWORD(pd, offset);
5214 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
5218 offset += 4; /* Skip Offset */
5220 /* Build display for: Max Count */
5222 MaxCount = GSHORT(pd, offset);
5226 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
5230 offset += 2; /* Skip Max Count */
5232 /* Build display for: Min Count */
5234 MinCount = GSHORT(pd, offset);
5238 proto_tree_add_text(tree, NullTVB, offset, 2, "Min Count: %u", MinCount);
5242 offset += 2; /* Skip Min Count */
5244 /* Build display for: Timeout */
5246 Timeout = GWORD(pd, offset);
5250 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
5254 offset += 4; /* Skip Timeout */
5256 /* Build display for: Reserved */
5258 Reserved = GSHORT(pd, offset);
5262 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
5266 offset += 2; /* Skip Reserved */
5268 /* Build display for: Offset High */
5270 OffsetHigh = GWORD(pd, offset);
5274 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset High: %u", OffsetHigh);
5278 offset += 4; /* Skip Offset High */
5280 /* Build display for: Byte Count (BCC) */
5282 ByteCount = GSHORT(pd, offset);
5286 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5290 offset += 2; /* Skip Byte Count (BCC) */
5298 if (dirn == 0) { /* Response(s) dissect code */
5305 dissect_read_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5309 guint8 AndXReserved;
5310 guint8 AndXCommand = 0xFF;
5312 guint16 AndXOffset = 0;
5314 guint16 DataCompactionMode;
5325 if (dirn == 1) { /* Request(s) dissect code */
5327 /* Build display for: Word Count (WCT) */
5329 WordCount = GBYTE(pd, offset);
5333 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5337 offset += 1; /* Skip Word Count (WCT) */
5339 /* Build display for: AndXCommand */
5341 AndXCommand = GBYTE(pd, offset);
5345 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %u", AndXCommand);
5349 offset += 1; /* Skip AndXCommand */
5351 /* Build display for: AndXReserved */
5353 AndXReserved = GBYTE(pd, offset);
5357 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
5361 offset += 1; /* Skip AndXReserved */
5363 /* Build display for: AndXOffset */
5365 AndXOffset = GSHORT(pd, offset);
5369 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
5373 offset += 2; /* Skip AndXOffset */
5375 /* Build display for: FID */
5377 FID = GSHORT(pd, offset);
5381 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
5385 offset += 2; /* Skip FID */
5387 /* Build display for: Offset */
5389 Offset = GWORD(pd, offset);
5393 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
5397 offset += 4; /* Skip Offset */
5399 /* Build display for: Max Count */
5401 MaxCount = GSHORT(pd, offset);
5405 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
5409 offset += 2; /* Skip Max Count */
5411 /* Build display for: Min Count */
5413 MinCount = GSHORT(pd, offset);
5417 proto_tree_add_text(tree, NullTVB, offset, 2, "Min Count: %u", MinCount);
5421 offset += 2; /* Skip Min Count */
5423 /* Build display for: Reserved */
5425 Reserved = GWORD(pd, offset);
5429 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved: %u", Reserved);
5433 offset += 4; /* Skip Reserved */
5435 /* Build display for: Remaining */
5437 Remaining = GSHORT(pd, offset);
5441 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
5445 offset += 2; /* Skip Remaining */
5447 if (WordCount == 12) {
5449 /* Build display for: Offset High */
5451 OffsetHigh = GWORD(pd, offset);
5455 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset High: %u", OffsetHigh);
5459 offset += 4; /* Skip Offset High */
5462 /* Build display for: Byte Count (BCC) */
5464 ByteCount = GSHORT(pd, offset);
5468 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5472 offset += 2; /* Skip Byte Count (BCC) */
5475 if (AndXCommand != 0xFF) {
5477 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
5483 if (dirn == 0) { /* Response(s) dissect code */
5485 /* Build display for: Word Count (WCT) */
5487 WordCount = GBYTE(pd, offset);
5491 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5495 offset += 1; /* Skip Word Count (WCT) */
5497 /* Build display for: AndXCommand */
5499 AndXCommand = GBYTE(pd, offset);
5503 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %u", AndXCommand);
5507 offset += 1; /* Skip AndXCommand */
5509 /* Build display for: AndXReserved */
5511 AndXReserved = GBYTE(pd, offset);
5515 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
5519 offset += 1; /* Skip AndXReserved */
5521 /* Build display for: AndXOffset */
5523 AndXOffset = GSHORT(pd, offset);
5527 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
5531 offset += 2; /* Skip AndXOffset */
5533 /* Build display for: Remaining */
5535 Remaining = GSHORT(pd, offset);
5539 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
5543 offset += 2; /* Skip Remaining */
5545 /* Build display for: Data Compaction Mode */
5547 DataCompactionMode = GSHORT(pd, offset);
5551 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Compaction Mode: %u", DataCompactionMode);
5555 offset += 2; /* Skip Data Compaction Mode */
5557 /* Build display for: Reserved */
5559 Reserved = GSHORT(pd, offset);
5563 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
5567 offset += 2; /* Skip Reserved */
5569 /* Build display for: Data Length */
5571 DataLength = GSHORT(pd, offset);
5575 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
5579 offset += 2; /* Skip Data Length */
5581 /* Build display for: Data Offset */
5583 DataOffset = GSHORT(pd, offset);
5587 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
5591 offset += 2; /* Skip Data Offset */
5593 /* Build display for: Reserved[5] */
5595 for(i = 1; i <= 5; ++i) {
5597 Reserved = GSHORT(pd, offset);
5601 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved%u: %u", i, Reserved);
5607 /* Build display for: Byte Count (BCC) */
5609 ByteCount = GSHORT(pd, offset);
5613 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5617 offset += 2; /* Skip Byte Count (BCC) */
5619 /* Build display for data */
5623 offset = SMB_offset + DataOffset;
5624 if(END_OF_FRAME >= DataLength)
5625 proto_tree_add_text(tree, NullTVB, offset, DataLength, "Data (%u bytes)", DataLength);
5627 proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Data (first %u bytes)", END_OF_FRAME);
5631 if (AndXCommand != 0xFF) {
5633 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
5642 dissect_logoff_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5646 guint8 AndXReserved;
5647 guint8 AndXCommand = 0xFF;
5649 guint16 AndXOffset = 0;
5651 if (dirn == 1) { /* Request(s) dissect code */
5653 /* Build display for: Word Count (WCT) */
5655 WordCount = GBYTE(pd, offset);
5659 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5663 offset += 1; /* Skip Word Count (WCT) */
5665 /* Build display for: AndXCommand */
5667 AndXCommand = GBYTE(pd, offset);
5671 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %u", AndXCommand);
5675 offset += 1; /* Skip AndXCommand */
5677 /* Build display for: AndXReserved */
5679 AndXReserved = GBYTE(pd, offset);
5683 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
5687 offset += 1; /* Skip AndXReserved */
5689 /* Build display for: AndXOffset */
5691 AndXOffset = GSHORT(pd, offset);
5695 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
5699 offset += 2; /* Skip AndXOffset */
5701 /* Build display for: Byte Count (BCC) */
5703 ByteCount = GSHORT(pd, offset);
5707 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5711 offset += 2; /* Skip Byte Count (BCC) */
5714 if (AndXCommand != 0xFF) {
5716 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
5722 if (dirn == 0) { /* Response(s) dissect code */
5724 /* Build display for: Word Count (WCT) */
5726 WordCount = GBYTE(pd, offset);
5730 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5734 offset += 1; /* Skip Word Count (WCT) */
5736 /* Build display for: AndXCommand */
5738 AndXCommand = GBYTE(pd, offset);
5742 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %u", AndXCommand);
5746 offset += 1; /* Skip AndXCommand */
5748 /* Build display for: AndXReserved */
5750 AndXReserved = GBYTE(pd, offset);
5754 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
5758 offset += 1; /* Skip AndXReserved */
5760 /* Build display for: AndXOffset */
5762 AndXOffset = GSHORT(pd, offset);
5766 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
5770 offset += 2; /* Skip AndXOffset */
5772 /* Build display for: Byte Count (BCC) */
5774 ByteCount = GSHORT(pd, offset);
5778 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5782 offset += 2; /* Skip Byte Count (BCC) */
5785 if (AndXCommand != 0xFF) {
5787 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
5796 dissect_seek_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5799 static const value_string Mode_0x03[] = {
5800 { 0, "Seek from start of file"},
5801 { 1, "Seek from current position"},
5802 { 2, "Seek from end of file"},
5805 proto_tree *Mode_tree;
5813 if (dirn == 1) { /* Request(s) dissect code */
5815 /* Build display for: Word Count (WCT) */
5817 WordCount = GBYTE(pd, offset);
5821 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5825 offset += 1; /* Skip Word Count (WCT) */
5827 /* Build display for: FID */
5829 FID = GSHORT(pd, offset);
5833 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
5837 offset += 2; /* Skip FID */
5839 /* Build display for: Mode */
5841 Mode = GSHORT(pd, offset);
5845 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Mode: 0x%02x", Mode);
5846 Mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
5847 proto_tree_add_text(Mode_tree, NullTVB, offset, 2, "%s",
5848 decode_enumerated_bitfield(Mode, 0x03, 16, Mode_0x03, "%s"));
5852 offset += 2; /* Skip Mode */
5854 /* Build display for: Offset */
5856 Offset = GWORD(pd, offset);
5860 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
5864 offset += 4; /* Skip Offset */
5866 /* Build display for: Byte Count (BCC) */
5868 ByteCount = GSHORT(pd, offset);
5872 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5876 offset += 2; /* Skip Byte Count (BCC) */
5880 if (dirn == 0) { /* Response(s) dissect code */
5882 /* Build display for: Word Count (WCT) */
5884 WordCount = GBYTE(pd, offset);
5888 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5892 offset += 1; /* Skip Word Count (WCT) */
5894 /* Build display for: Offset */
5896 Offset = GWORD(pd, offset);
5900 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
5904 offset += 4; /* Skip Offset */
5906 /* Build display for: Byte Count (BCC) */
5908 ByteCount = GSHORT(pd, offset);
5912 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5916 offset += 2; /* Skip Byte Count (BCC) */
5923 dissect_write_and_unlock_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5927 guint8 BufferFormat;
5935 if (dirn == 1) { /* Request(s) dissect code */
5937 /* Build display for: Word Count (WCT) */
5939 WordCount = GBYTE(pd, offset);
5943 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5947 offset += 1; /* Skip Word Count (WCT) */
5949 /* Build display for: FID */
5951 FID = GSHORT(pd, offset);
5955 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
5959 offset += 2; /* Skip FID */
5961 /* Build display for: Count */
5963 Count = GSHORT(pd, offset);
5967 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
5971 offset += 2; /* Skip Count */
5973 /* Build display for: Offset */
5975 Offset = GWORD(pd, offset);
5979 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
5983 offset += 4; /* Skip Offset */
5985 /* Build display for: Remaining */
5987 Remaining = GSHORT(pd, offset);
5991 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
5995 offset += 2; /* Skip Remaining */
5997 /* Build display for: Byte Count (BCC) */
5999 ByteCount = GSHORT(pd, offset);
6003 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6007 offset += 2; /* Skip Byte Count (BCC) */
6009 /* Build display for: Buffer Format */
6011 BufferFormat = GBYTE(pd, offset);
6015 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
6019 offset += 1; /* Skip Buffer Format */
6021 /* Build display for: Data Length */
6023 DataLength = GSHORT(pd, offset);
6027 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
6031 offset += 2; /* Skip Data Length */
6035 if (dirn == 0) { /* Response(s) dissect code */
6037 /* Build display for: Word Count (WCT) */
6039 WordCount = GBYTE(pd, offset);
6043 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6047 offset += 1; /* Skip Word Count (WCT) */
6049 /* Build display for: Count */
6051 Count = GSHORT(pd, offset);
6055 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
6059 offset += 2; /* Skip Count */
6061 /* Build display for: Byte Count (BCC) */
6063 ByteCount = GSHORT(pd, offset);
6067 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6071 offset += 2; /* Skip Byte Count (BCC) */
6078 dissect_set_info2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6082 guint16 LastWriteTime;
6083 guint16 LastWriteDate;
6084 guint16 LastAccessTime;
6085 guint16 LastAccessDate;
6087 guint16 CreationTime;
6088 guint16 CreationDate;
6091 if (dirn == 1) { /* Request(s) dissect code */
6093 /* Build display for: Word Count */
6095 WordCount = GBYTE(pd, offset);
6099 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count: %u", WordCount);
6103 offset += 1; /* Skip Word Count */
6105 /* Build display for: FID */
6107 FID = GSHORT(pd, offset);
6111 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
6115 offset += 2; /* Skip FID */
6117 /* Build display for: Creation Date */
6119 CreationDate = GSHORT(pd, offset);
6123 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Date: %s", dissect_dos_date(CreationDate));
6127 offset += 2; /* Skip Creation Date */
6129 /* Build display for: Creation Time */
6131 CreationTime = GSHORT(pd, offset);
6135 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Time: %s", dissect_dos_time(CreationTime));
6139 offset += 2; /* Skip Creation Time */
6141 /* Build display for: Last Access Date */
6143 LastAccessDate = GSHORT(pd, offset);
6147 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Access Date: %s", dissect_dos_date(LastAccessDate));
6151 offset += 2; /* Skip Last Access Date */
6153 /* Build display for: Last Access Time */
6155 LastAccessTime = GSHORT(pd, offset);
6159 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Access Time: %s", dissect_dos_time(LastAccessTime));
6163 offset += 2; /* Skip Last Access Time */
6165 /* Build display for: Last Write Date */
6167 LastWriteDate = GSHORT(pd, offset);
6171 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_dos_date(LastWriteDate));
6175 offset += 2; /* Skip Last Write Date */
6177 /* Build display for: Last Write Time */
6179 LastWriteTime = GSHORT(pd, offset);
6183 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_dos_time(LastWriteTime));
6187 offset += 2; /* Skip Last Write Time */
6189 /* Build display for: Byte Count (BCC) */
6191 ByteCount = GSHORT(pd, offset);
6195 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6199 offset += 2; /* Skip Byte Count (BCC) */
6203 if (dirn == 0) { /* Response(s) dissect code */
6205 /* Build display for: Word Count (WCC) */
6207 WordCount = GBYTE(pd, offset);
6211 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCC): %u", WordCount);
6215 offset += 1; /* Skip Word Count (WCC) */
6217 /* Build display for: Byte Count (BCC) */
6219 ByteCount = GSHORT(pd, offset);
6223 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6227 offset += 2; /* Skip Byte Count (BCC) */
6234 dissect_lock_bytes_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6243 if (dirn == 1) { /* Request(s) dissect code */
6245 /* Build display for: Word Count (WCT) */
6247 WordCount = GBYTE(pd, offset);
6251 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6255 offset += 1; /* Skip Word Count (WCT) */
6257 /* Build display for: FID */
6259 FID = GSHORT(pd, offset);
6263 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
6267 offset += 2; /* Skip FID */
6269 /* Build display for: Count */
6271 Count = GWORD(pd, offset);
6275 proto_tree_add_text(tree, NullTVB, offset, 4, "Count: %u", Count);
6279 offset += 4; /* Skip Count */
6281 /* Build display for: Offset */
6283 Offset = GWORD(pd, offset);
6287 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
6291 offset += 4; /* Skip Offset */
6293 /* Build display for: Byte Count (BCC) */
6295 ByteCount = GSHORT(pd, offset);
6299 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6303 offset += 2; /* Skip Byte Count (BCC) */
6307 if (dirn == 0) { /* Response(s) dissect code */
6309 /* Build display for: Word Count (WCT) */
6311 WordCount = GBYTE(pd, offset);
6315 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6319 offset += 1; /* Skip Word Count (WCT) */
6321 /* Build display for: Byte Count (BCC) */
6323 ByteCount = GSHORT(pd, offset);
6327 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6331 offset += 2; /* Skip Byte Count (BCC) */
6338 dissect_get_print_queue_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6342 guint8 BufferFormat;
6344 guint16 RestartIndex;
6350 if (dirn == 1) { /* Request(s) dissect code */
6352 /* Build display for: Word Count */
6354 WordCount = GBYTE(pd, offset);
6358 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count: %u", WordCount);
6362 offset += 1; /* Skip Word Count */
6364 /* Build display for: Max Count */
6366 MaxCount = GSHORT(pd, offset);
6370 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
6374 offset += 2; /* Skip Max Count */
6376 /* Build display for: Start Index */
6378 StartIndex = GSHORT(pd, offset);
6382 proto_tree_add_text(tree, NullTVB, offset, 2, "Start Index: %u", StartIndex);
6386 offset += 2; /* Skip Start Index */
6388 /* Build display for: Byte Count (BCC) */
6390 ByteCount = GSHORT(pd, offset);
6394 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6398 offset += 2; /* Skip Byte Count (BCC) */
6402 if (dirn == 0) { /* Response(s) dissect code */
6404 /* Build display for: Word Count (WCT) */
6406 WordCount = GBYTE(pd, offset);
6410 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6414 offset += 1; /* Skip Word Count (WCT) */
6416 if (WordCount > 0) {
6418 /* Build display for: Count */
6420 Count = GSHORT(pd, offset);
6424 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
6428 offset += 2; /* Skip Count */
6430 /* Build display for: Restart Index */
6432 RestartIndex = GSHORT(pd, offset);
6436 proto_tree_add_text(tree, NullTVB, offset, 2, "Restart Index: %u", RestartIndex);
6440 offset += 2; /* Skip Restart Index */
6442 /* Build display for: Byte Count (BCC) */
6446 ByteCount = GSHORT(pd, offset);
6450 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6454 offset += 2; /* Skip Byte Count (BCC) */
6456 /* Build display for: Buffer Format */
6458 BufferFormat = GBYTE(pd, offset);
6462 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
6466 offset += 1; /* Skip Buffer Format */
6468 /* Build display for: Data Length */
6470 DataLength = GSHORT(pd, offset);
6474 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
6478 offset += 2; /* Skip Data Length */
6485 dissect_locking_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6488 proto_tree *LockType_tree;
6493 guint8 AndXReserved;
6494 guint8 AndXCommand = 0xFF;
6496 guint16 NumberofLocks;
6497 guint16 NumberOfUnlocks;
6501 guint16 AndXOffset = 0;
6503 if (dirn == 1) { /* Request(s) dissect code */
6505 /* Build display for: Word Count (WCT) */
6507 WordCount = GBYTE(pd, offset);
6511 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6515 offset += 1; /* Skip Word Count (WCT) */
6517 /* Build display for: AndXCommand */
6519 AndXCommand = GBYTE(pd, offset);
6523 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %u", AndXCommand);
6527 offset += 1; /* Skip AndXCommand */
6529 /* Build display for: AndXReserved */
6531 AndXReserved = GBYTE(pd, offset);
6535 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
6539 offset += 1; /* Skip AndXReserved */
6541 /* Build display for: AndXOffset */
6543 AndXOffset = GSHORT(pd, offset);
6547 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
6551 offset += 2; /* Skip AndXOffset */
6553 /* Build display for: FID */
6555 FID = GSHORT(pd, offset);
6559 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
6563 offset += 2; /* Skip FID */
6565 /* Build display for: Lock Type */
6567 LockType = GBYTE(pd, offset);
6571 ti = proto_tree_add_text(tree, NullTVB, offset, 1, "Lock Type: 0x%01x", LockType);
6572 LockType_tree = proto_item_add_subtree(ti, ett_smb_lock_type);
6573 proto_tree_add_text(LockType_tree, NullTVB, offset, 1, "%s",
6574 decode_boolean_bitfield(LockType, 0x01, 16, "Read-only lock", "Not a Read-only lock"));
6575 proto_tree_add_text(LockType_tree, NullTVB, offset, 1, "%s",
6576 decode_boolean_bitfield(LockType, 0x02, 16, "Oplock break notification", "Not an Oplock break notification"));
6577 proto_tree_add_text(LockType_tree, NullTVB, offset, 1, "%s",
6578 decode_boolean_bitfield(LockType, 0x04, 16, "Change lock type", "Not a lock type change"));
6579 proto_tree_add_text(LockType_tree, NullTVB, offset, 1, "%s",
6580 decode_boolean_bitfield(LockType, 0x08, 16, "Cancel outstanding request", "Dont cancel outstanding request"));
6581 proto_tree_add_text(LockType_tree, NullTVB, offset, 1, "%s",
6582 decode_boolean_bitfield(LockType, 0x10, 16, "Large file locking format", "Not a large file locking format"));
6586 offset += 1; /* Skip Lock Type */
6588 /* Build display for: OplockLevel */
6590 OplockLevel = GBYTE(pd, offset);
6594 proto_tree_add_text(tree, NullTVB, offset, 1, "OplockLevel: %u", OplockLevel);
6598 offset += 1; /* Skip OplockLevel */
6600 /* Build display for: Timeout */
6602 Timeout = GWORD(pd, offset);
6606 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
6610 offset += 4; /* Skip Timeout */
6612 /* Build display for: Number Of Unlocks */
6614 NumberOfUnlocks = GSHORT(pd, offset);
6618 proto_tree_add_text(tree, NullTVB, offset, 2, "Number Of Unlocks: %u", NumberOfUnlocks);
6622 offset += 2; /* Skip Number Of Unlocks */
6624 /* Build display for: Number of Locks */
6626 NumberofLocks = GSHORT(pd, offset);
6630 proto_tree_add_text(tree, NullTVB, offset, 2, "Number of Locks: %u", NumberofLocks);
6634 offset += 2; /* Skip Number of Locks */
6636 /* Build display for: Byte Count (BCC) */
6638 ByteCount = GSHORT(pd, offset);
6642 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6646 offset += 2; /* Skip Byte Count (BCC) */
6649 if (AndXCommand != 0xFF) {
6651 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
6657 if (dirn == 0) { /* Response(s) dissect code */
6659 /* Build display for: Word Count (WCT) */
6661 WordCount = GBYTE(pd, offset);
6665 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6669 offset += 1; /* Skip Word Count (WCT) */
6671 if (WordCount > 0) {
6673 /* Build display for: AndXCommand */
6675 AndXCommand = GBYTE(pd, offset);
6679 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
6680 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
6684 offset += 1; /* Skip AndXCommand */
6686 /* Build display for: AndXReserved */
6688 AndXReserved = GBYTE(pd, offset);
6692 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
6696 offset += 1; /* Skip AndXReserved */
6698 /* Build display for: AndXoffset */
6700 AndXoffset = GSHORT(pd, offset);
6704 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXoffset: %u", AndXoffset);
6708 offset += 2; /* Skip AndXoffset */
6712 /* Build display for: Byte Count */
6714 ByteCount = GSHORT(pd, offset);
6718 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
6722 offset += 2; /* Skip Byte Count */
6725 if (AndXCommand != 0xFF) {
6727 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
6736 dissect_unlock_bytes_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6745 if (dirn == 1) { /* Request(s) dissect code */
6747 /* Build display for: Word Count (WCT) */
6749 WordCount = GBYTE(pd, offset);
6753 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6757 offset += 1; /* Skip Word Count (WCT) */
6759 /* Build display for: FID */
6761 FID = GSHORT(pd, offset);
6765 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
6769 offset += 2; /* Skip FID */
6771 /* Build display for: Count */
6773 Count = GWORD(pd, offset);
6777 proto_tree_add_text(tree, NullTVB, offset, 4, "Count: %u", Count);
6781 offset += 4; /* Skip Count */
6783 /* Build display for: Offset */
6785 Offset = GWORD(pd, offset);
6789 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
6793 offset += 4; /* Skip Offset */
6795 /* Build display for: Byte Count (BCC) */
6797 ByteCount = GSHORT(pd, offset);
6801 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6805 offset += 2; /* Skip Byte Count (BCC) */
6809 if (dirn == 0) { /* Response(s) dissect code */
6811 /* Build display for: Word Count (WCT) */
6813 WordCount = GBYTE(pd, offset);
6817 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6821 offset += 1; /* Skip Word Count (WCT) */
6823 /* Build display for: Byte Count (BCC) */
6825 ByteCount = GSHORT(pd, offset);
6829 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6833 offset += 2; /* Skip Byte Count (BCC) */
6840 dissect_create_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6843 proto_tree *Attributes_tree;
6846 guint8 BufferFormat;
6848 guint16 CreationTime;
6851 const char *FileName;
6853 if (dirn == 1) { /* Request(s) dissect code */
6855 /* Build display for: Word Count (WCT) */
6857 WordCount = GBYTE(pd, offset);
6861 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6865 offset += 1; /* Skip Word Count (WCT) */
6867 /* Build display for: Attributes */
6869 Attributes = GSHORT(pd, offset);
6873 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Attributes: 0x%02x", Attributes);
6874 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
6875 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
6876 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
6877 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
6878 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
6879 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
6880 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
6881 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
6882 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
6883 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
6884 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
6885 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
6886 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
6890 offset += 2; /* Skip Attributes */
6892 /* Build display for: Creation Time */
6894 CreationTime = GSHORT(pd, offset);
6898 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Time: %s", dissect_dos_time(CreationTime));
6902 offset += 2; /* Skip Creation Time */
6904 /* Build display for: Byte Count (BCC) */
6906 ByteCount = GSHORT(pd, offset);
6910 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6914 offset += 2; /* Skip Byte Count (BCC) */
6916 /* Build display for: Buffer Format */
6918 BufferFormat = GBYTE(pd, offset);
6922 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
6926 offset += 1; /* Skip Buffer Format */
6928 /* Build display for: File Name */
6930 FileName = pd + offset;
6934 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
6938 offset += strlen(FileName) + 1; /* Skip File Name */
6942 if (dirn == 0) { /* Response(s) dissect code */
6944 /* Build display for: Word Count (WCT) */
6946 WordCount = GBYTE(pd, offset);
6950 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6954 offset += 1; /* Skip Word Count (WCT) */
6956 if (WordCount > 0) {
6958 /* Build display for: FID */
6960 FID = GSHORT(pd, offset);
6964 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
6968 offset += 2; /* Skip FID */
6972 /* Build display for: Byte Count (BCC) */
6974 ByteCount = GSHORT(pd, offset);
6978 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6982 offset += 2; /* Skip Byte Count (BCC) */
6989 dissect_search_dir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6993 guint8 BufferFormat2;
6994 guint8 BufferFormat1;
6995 guint8 BufferFormat;
6996 guint16 SearchAttributes;
6997 guint16 ResumeKeyLength;
7002 const char *FileName;
7004 if (dirn == 1) { /* Request(s) dissect code */
7006 /* Build display for: Word Count (WCT) */
7008 WordCount = GBYTE(pd, offset);
7012 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7016 offset += 1; /* Skip Word Count (WCT) */
7018 /* Build display for: Max Count */
7020 MaxCount = GSHORT(pd, offset);
7024 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
7028 offset += 2; /* Skip Max Count */
7030 /* Build display for: Search Attributes */
7032 SearchAttributes = GSHORT(pd, offset);
7036 proto_tree_add_text(tree, NullTVB, offset, 2, "Search Attributes: %u", SearchAttributes);
7040 offset += 2; /* Skip Search Attributes */
7042 /* Build display for: Byte Count (BCC) */
7044 ByteCount = GSHORT(pd, offset);
7048 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7052 offset += 2; /* Skip Byte Count (BCC) */
7054 /* Build display for: Buffer Format 1 */
7056 BufferFormat1 = GBYTE(pd, offset);
7060 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format 1: %u", BufferFormat1);
7064 offset += 1; /* Skip Buffer Format 1 */
7066 /* Build display for: File Name */
7068 FileName = pd + offset;
7072 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
7076 offset += strlen(FileName) + 1; /* Skip File Name */
7078 /* Build display for: Buffer Format 2 */
7080 BufferFormat2 = GBYTE(pd, offset);
7084 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format 2: %u", BufferFormat2);
7088 offset += 1; /* Skip Buffer Format 2 */
7090 /* Build display for: Resume Key Length */
7092 ResumeKeyLength = GSHORT(pd, offset);
7096 proto_tree_add_text(tree, NullTVB, offset, 2, "Resume Key Length: %u", ResumeKeyLength);
7100 offset += 2; /* Skip Resume Key Length */
7104 if (dirn == 0) { /* Response(s) dissect code */
7106 /* Build display for: Word Count (WCT) */
7108 WordCount = GBYTE(pd, offset);
7112 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7116 offset += 1; /* Skip Word Count (WCT) */
7118 if (WordCount > 0) {
7120 /* Build display for: Count */
7122 Count = GSHORT(pd, offset);
7126 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
7130 offset += 2; /* Skip Count */
7134 /* Build display for: Byte Count (BCC) */
7136 ByteCount = GSHORT(pd, offset);
7140 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7144 offset += 2; /* Skip Byte Count (BCC) */
7146 /* Build display for: Buffer Format */
7148 BufferFormat = GBYTE(pd, offset);
7152 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
7156 offset += 1; /* Skip Buffer Format */
7158 /* Build display for: Data Length */
7160 DataLength = GSHORT(pd, offset);
7164 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
7168 offset += 2; /* Skip Data Length */
7175 dissect_create_temporary_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7179 guint8 BufferFormat;
7182 guint16 CreationTime;
7183 guint16 CreationDate;
7185 const char *FileName;
7186 const char *DirectoryName;
7188 if (dirn == 1) { /* Request(s) dissect code */
7190 /* Build display for: Word Count (WCT) */
7192 WordCount = GBYTE(pd, offset);
7196 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7200 offset += 1; /* Skip Word Count (WCT) */
7202 /* Build display for: Reserved */
7204 Reserved = GSHORT(pd, offset);
7208 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
7212 offset += 2; /* Skip Reserved */
7214 /* Build display for: Creation Time */
7216 CreationTime = GSHORT(pd, offset);
7220 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Time: %s", dissect_dos_time(CreationTime));
7224 offset += 2; /* Skip Creation Time */
7226 /* Build display for: Creation Date */
7228 CreationDate = GSHORT(pd, offset);
7232 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Date: %s", dissect_dos_date(CreationDate));
7236 offset += 2; /* Skip Creation Date */
7238 /* Build display for: Byte Count (BCC) */
7240 ByteCount = GSHORT(pd, offset);
7244 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7248 offset += 2; /* Skip Byte Count (BCC) */
7250 /* Build display for: Buffer Format */
7252 BufferFormat = GBYTE(pd, offset);
7256 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
7260 offset += 1; /* Skip Buffer Format */
7262 /* Build display for: Directory Name */
7264 DirectoryName = pd + offset;
7268 proto_tree_add_text(tree, NullTVB, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
7272 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
7276 if (dirn == 0) { /* Response(s) dissect code */
7278 /* Build display for: Word Count (WCT) */
7280 WordCount = GBYTE(pd, offset);
7284 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7288 offset += 1; /* Skip Word Count (WCT) */
7290 if (WordCount > 0) {
7292 /* Build display for: FID */
7294 FID = GSHORT(pd, offset);
7298 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
7302 offset += 2; /* Skip FID */
7306 /* Build display for: Byte Count (BCC) */
7308 ByteCount = GSHORT(pd, offset);
7312 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7316 offset += 2; /* Skip Byte Count (BCC) */
7318 /* Build display for: Buffer Format */
7320 BufferFormat = GBYTE(pd, offset);
7324 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
7328 offset += 1; /* Skip Buffer Format */
7330 /* Build display for: File Name */
7332 FileName = pd + offset;
7336 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
7340 offset += strlen(FileName) + 1; /* Skip File Name */
7347 dissect_close_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7351 guint16 LastWriteTime;
7352 guint16 LastWriteDate;
7356 if (dirn == 1) { /* Request(s) dissect code */
7358 /* Build display for: Word Count (WCT) */
7360 WordCount = GBYTE(pd, offset);
7364 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7368 offset += 1; /* Skip Word Count (WCT) */
7370 /* Build display for: FID */
7372 FID = GSHORT(pd, offset);
7376 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
7380 offset += 2; /* Skip FID */
7382 /* Build display for: Last Write Time */
7384 LastWriteTime = GSHORT(pd, offset);
7388 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_dos_time(LastWriteTime));
7392 offset += 2; /* Skip Last Write Time */
7394 /* Build display for: Last Write Date */
7396 LastWriteDate = GSHORT(pd, offset);
7400 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_dos_date(LastWriteDate));
7404 offset += 2; /* Skip Last Write Date */
7406 /* Build display for: Byte Count (BCC) */
7408 ByteCount = GSHORT(pd, offset);
7412 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7416 offset += 2; /* Skip Byte Count (BCC) */
7420 if (dirn == 0) { /* Response(s) dissect code */
7422 /* Build display for: Word Count (WCT) */
7424 WordCount = GBYTE(pd, offset);
7428 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7432 offset += 1; /* Skip Word Count (WCT) */
7434 /* Build display for: Byte Count (BCC) */
7436 ByteCount = GSHORT(pd, offset);
7440 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7444 offset += 2; /* Skip Byte Count (BCC) */
7451 dissect_write_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7455 guint8 BufferFormat;
7460 if (dirn == 1) { /* Request(s) dissect code */
7462 /* Build display for: Word Count (WCT) */
7464 WordCount = GBYTE(pd, offset);
7468 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7472 offset += 1; /* Skip Word Count (WCT) */
7474 /* Build display for: FID */
7476 FID = GSHORT(pd, offset);
7480 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
7484 offset += 2; /* Skip FID */
7486 /* Build display for: Byte Count (BCC) */
7488 ByteCount = GSHORT(pd, offset);
7492 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7496 offset += 2; /* Skip Byte Count (BCC) */
7498 /* Build display for: Buffer Format */
7500 BufferFormat = GBYTE(pd, offset);
7504 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
7508 offset += 1; /* Skip Buffer Format */
7510 /* Build display for: Data Length */
7512 DataLength = GSHORT(pd, offset);
7516 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
7520 offset += 2; /* Skip Data Length */
7524 if (dirn == 0) { /* Response(s) dissect code */
7526 /* Build display for: Word Count (WCT) */
7528 WordCount = GBYTE(pd, offset);
7532 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7536 offset += 1; /* Skip Word Count (WCT) */
7538 /* Build display for: Byte Count (BCC) */
7540 ByteCount = GSHORT(pd, offset);
7544 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7548 offset += 2; /* Skip Byte Count (BCC) */
7555 dissect_lock_and_read_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7559 guint8 BufferFormat;
7571 if (dirn == 1) { /* Request(s) dissect code */
7573 /* Build display for: Word Count (WCT) */
7575 WordCount = GBYTE(pd, offset);
7579 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7583 offset += 1; /* Skip Word Count (WCT) */
7585 /* Build display for: FID */
7587 FID = GSHORT(pd, offset);
7591 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
7595 offset += 2; /* Skip FID */
7597 /* Build display for: Count */
7599 Count = GSHORT(pd, offset);
7603 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
7607 offset += 2; /* Skip Count */
7609 /* Build display for: Offset */
7611 Offset = GWORD(pd, offset);
7615 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
7619 offset += 4; /* Skip Offset */
7621 /* Build display for: Remaining */
7623 Remaining = GSHORT(pd, offset);
7627 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
7631 offset += 2; /* Skip Remaining */
7633 /* Build display for: Byte Count (BCC) */
7635 ByteCount = GSHORT(pd, offset);
7639 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7643 offset += 2; /* Skip Byte Count (BCC) */
7647 if (dirn == 0) { /* Response(s) dissect code */
7649 /* Build display for: Word Count (WCT) */
7651 WordCount = GBYTE(pd, offset);
7655 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7659 offset += 1; /* Skip Word Count (WCT) */
7661 if (WordCount > 0) {
7663 /* Build display for: Count */
7665 Count = GSHORT(pd, offset);
7669 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
7673 offset += 2; /* Skip Count */
7675 /* Build display for: Reserved 1 */
7677 Reserved1 = GSHORT(pd, offset);
7681 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
7685 offset += 2; /* Skip Reserved 1 */
7687 /* Build display for: Reserved 2 */
7689 Reserved2 = GSHORT(pd, offset);
7693 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 2: %u", Reserved2);
7697 offset += 2; /* Skip Reserved 2 */
7699 /* Build display for: Reserved 3 */
7701 Reserved3 = GSHORT(pd, offset);
7705 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 3: %u", Reserved3);
7709 offset += 2; /* Skip Reserved 3 */
7711 /* Build display for: Reserved 4 */
7713 Reserved4 = GSHORT(pd, offset);
7717 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 4: %u", Reserved4);
7721 offset += 2; /* Skip Reserved 4 */
7723 /* Build display for: Byte Count (BCC) */
7725 ByteCount = GSHORT(pd, offset);
7729 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7735 offset += 2; /* Skip Byte Count (BCC) */
7737 /* Build display for: Buffer Format */
7739 BufferFormat = GBYTE(pd, offset);
7743 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
7747 offset += 1; /* Skip Buffer Format */
7749 /* Build display for: Data Length */
7751 DataLength = GSHORT(pd, offset);
7755 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
7759 offset += 2; /* Skip Data Length */
7766 dissect_process_exit_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7772 if (dirn == 1) { /* Request(s) dissect code */
7774 /* Build display for: Word Count (WCT) */
7776 WordCount = GBYTE(pd, offset);
7780 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7784 offset += 1; /* Skip Word Count (WCT) */
7786 /* Build display for: Byte Count (BCC) */
7788 ByteCount = GSHORT(pd, offset);
7792 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7796 offset += 2; /* Skip Byte Count (BCC) */
7800 if (dirn == 0) { /* Response(s) dissect code */
7802 /* Build display for: Word Count (WCT) */
7804 WordCount = GBYTE(pd, offset);
7808 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7812 offset += 1; /* Skip Word Count (WCT) */
7814 /* Build display for: Byte Count (BCC) */
7816 ByteCount = GSHORT(pd, offset);
7820 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7824 offset += 2; /* Skip Byte Count (BCC) */
7831 dissect_get_file_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7834 proto_tree *Attributes_tree;
7837 guint8 BufferFormat;
7844 guint16 LastWriteTime;
7845 guint16 LastWriteDate;
7848 const char *FileName;
7850 if (dirn == 1) { /* Request(s) dissect code */
7852 /* Build display for: Word Count (WCT) */
7854 WordCount = GBYTE(pd, offset);
7858 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7862 offset += 1; /* Skip Word Count (WCT) */
7864 /* Build display for: Byte Count (BCC) */
7866 ByteCount = GSHORT(pd, offset);
7870 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7874 offset += 2; /* Skip Byte Count (BCC) */
7876 /* Build display for: Buffer Format */
7878 BufferFormat = GBYTE(pd, offset);
7882 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
7886 offset += 1; /* Skip Buffer Format */
7888 /* Build display for: File Name */
7890 FileName = pd + offset;
7894 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
7898 offset += strlen(FileName) + 1; /* Skip File Name */
7902 if (dirn == 0) { /* Response(s) dissect code */
7904 /* Build display for: Word Count (WCT) */
7906 WordCount = GBYTE(pd, offset);
7910 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7914 offset += 1; /* Skip Word Count (WCT) */
7916 if (WordCount > 0) {
7918 /* Build display for: Attributes */
7920 Attributes = GSHORT(pd, offset);
7924 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Attributes: 0x%02x", Attributes);
7925 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
7926 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7927 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
7928 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7929 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
7930 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7931 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
7932 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7933 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
7934 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7935 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
7936 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7937 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
7941 offset += 2; /* Skip Attributes */
7943 /* Build display for: Last Write Time */
7945 LastWriteTime = GSHORT(pd, offset);
7951 offset += 2; /* Skip Last Write Time */
7953 /* Build display for: Last Write Date */
7955 LastWriteDate = GSHORT(pd, offset);
7959 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_smbu_date(LastWriteDate, LastWriteTime));
7961 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_smbu_time(LastWriteDate, LastWriteTime));
7965 offset += 2; /* Skip Last Write Date */
7967 /* Build display for: File Size */
7969 FileSize = GWORD(pd, offset);
7973 proto_tree_add_text(tree, NullTVB, offset, 4, "File Size: %u", FileSize);
7977 offset += 4; /* Skip File Size */
7979 /* Build display for: Reserved 1 */
7981 Reserved1 = GSHORT(pd, offset);
7985 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
7989 offset += 2; /* Skip Reserved 1 */
7991 /* Build display for: Reserved 2 */
7993 Reserved2 = GSHORT(pd, offset);
7997 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 2: %u", Reserved2);
8001 offset += 2; /* Skip Reserved 2 */
8003 /* Build display for: Reserved 3 */
8005 Reserved3 = GSHORT(pd, offset);
8009 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 3: %u", Reserved3);
8013 offset += 2; /* Skip Reserved 3 */
8015 /* Build display for: Reserved 4 */
8017 Reserved4 = GSHORT(pd, offset);
8021 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 4: %u", Reserved4);
8025 offset += 2; /* Skip Reserved 4 */
8027 /* Build display for: Reserved 5 */
8029 Reserved5 = GSHORT(pd, offset);
8033 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 5: %u", Reserved5);
8037 offset += 2; /* Skip Reserved 5 */
8041 /* Build display for: Byte Count (BCC) */
8043 ByteCount = GSHORT(pd, offset);
8047 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8051 offset += 2; /* Skip Byte Count (BCC) */
8058 dissect_read_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8072 guint16 BufferFormat;
8074 if (dirn == 1) { /* Request(s) dissect code */
8076 /* Build display for: Word Count (WCT) */
8078 WordCount = GBYTE(pd, offset);
8082 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8086 offset += 1; /* Skip Word Count (WCT) */
8088 /* Build display for: FID */
8090 FID = GSHORT(pd, offset);
8094 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
8098 offset += 2; /* Skip FID */
8100 /* Build display for: Count */
8102 Count = GSHORT(pd, offset);
8106 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
8110 offset += 2; /* Skip Count */
8112 /* Build display for: Offset */
8114 Offset = GWORD(pd, offset);
8118 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
8122 offset += 4; /* Skip Offset */
8124 /* Build display for: Remaining */
8126 Remaining = GSHORT(pd, offset);
8130 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
8134 offset += 2; /* Skip Remaining */
8136 /* Build display for: Byte Count (BCC) */
8138 ByteCount = GSHORT(pd, offset);
8142 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8146 offset += 2; /* Skip Byte Count (BCC) */
8150 if (dirn == 0) { /* Response(s) dissect code */
8152 /* Build display for: Word Count (WCT) */
8154 WordCount = GBYTE(pd, offset);
8158 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8162 offset += 1; /* Skip Word Count (WCT) */
8164 if (WordCount > 0) {
8166 /* Build display for: Count */
8168 Count = GSHORT(pd, offset);
8172 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
8176 offset += 2; /* Skip Count */
8178 /* Build display for: Reserved 1 */
8180 Reserved1 = GSHORT(pd, offset);
8184 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
8188 offset += 2; /* Skip Reserved 1 */
8190 /* Build display for: Reserved 2 */
8192 Reserved2 = GSHORT(pd, offset);
8196 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 2: %u", Reserved2);
8200 offset += 2; /* Skip Reserved 2 */
8202 /* Build display for: Reserved 3 */
8204 Reserved3 = GSHORT(pd, offset);
8208 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 3: %u", Reserved3);
8212 offset += 2; /* Skip Reserved 3 */
8214 /* Build display for: Reserved 4 */
8216 Reserved4 = GSHORT(pd, offset);
8220 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 4: %u", Reserved4);
8224 offset += 2; /* Skip Reserved 4 */
8228 /* Build display for: Byte Count (BCC) */
8230 ByteCount = GSHORT(pd, offset);
8234 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8238 offset += 2; /* Skip Byte Count (BCC) */
8240 /* Build display for: Buffer Format */
8242 BufferFormat = GSHORT(pd, offset);
8246 proto_tree_add_text(tree, NullTVB, offset, 2, "Buffer Format: %u", BufferFormat);
8250 offset += 2; /* Skip Buffer Format */
8252 /* Build display for: Data Length */
8254 DataLength = GSHORT(pd, offset);
8258 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
8262 offset += 2; /* Skip Data Length */
8269 dissect_write_mpx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8272 proto_tree *WriteMode_tree;
8277 guint32 ResponseMask;
8278 guint32 RequestMask;
8287 if (dirn == 1) { /* Request(s) dissect code */
8289 /* Build display for: Word Count (WCT) */
8291 WordCount = GBYTE(pd, offset);
8295 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8299 offset += 1; /* Skip Word Count (WCT) */
8301 /* Build display for: FID */
8303 FID = GSHORT(pd, offset);
8307 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
8311 offset += 2; /* Skip FID */
8313 /* Build display for: Count */
8315 Count = GSHORT(pd, offset);
8319 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
8323 offset += 2; /* Skip Count */
8325 /* Build display for: Reserved 1 */
8327 Reserved1 = GSHORT(pd, offset);
8331 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
8335 offset += 2; /* Skip Reserved 1 */
8337 /* Build display for: Timeout */
8339 Timeout = GWORD(pd, offset);
8343 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
8347 offset += 4; /* Skip Timeout */
8349 /* Build display for: WriteMode */
8351 WriteMode = GSHORT(pd, offset);
8355 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "WriteMode: 0x%02x", WriteMode);
8356 WriteMode_tree = proto_item_add_subtree(ti, ett_smb_writemode);
8357 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
8358 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
8359 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
8360 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining", "Dont return Remaining"));
8361 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
8362 decode_boolean_bitfield(WriteMode, 0x40, 16, "Connectionless mode requested", "Connectionless mode not requested"));
8366 offset += 2; /* Skip WriteMode */
8368 /* Build display for: Request Mask */
8370 RequestMask = GWORD(pd, offset);
8374 proto_tree_add_text(tree, NullTVB, offset, 4, "Request Mask: %u", RequestMask);
8378 offset += 4; /* Skip Request Mask */
8380 /* Build display for: Data Length */
8382 DataLength = GSHORT(pd, offset);
8386 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
8390 offset += 2; /* Skip Data Length */
8392 /* Build display for: Data Offset */
8394 DataOffset = GSHORT(pd, offset);
8398 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
8402 offset += 2; /* Skip Data Offset */
8404 /* Build display for: Byte Count (BCC) */
8406 ByteCount = GSHORT(pd, offset);
8410 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8414 offset += 2; /* Skip Byte Count (BCC) */
8416 /* Build display for: Pad */
8418 Pad = GBYTE(pd, offset);
8422 proto_tree_add_text(tree, NullTVB, offset, 1, "Pad: %u", Pad);
8426 offset += 1; /* Skip Pad */
8430 if (dirn == 0) { /* Response(s) dissect code */
8432 /* Build display for: Word Count (WCT) */
8434 WordCount = GBYTE(pd, offset);
8438 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8442 offset += 1; /* Skip Word Count (WCT) */
8444 if (WordCount > 0) {
8446 /* Build display for: Response Mask */
8448 ResponseMask = GWORD(pd, offset);
8452 proto_tree_add_text(tree, NullTVB, offset, 4, "Response Mask: %u", ResponseMask);
8456 offset += 4; /* Skip Response Mask */
8458 /* Build display for: Byte Count (BCC) */
8460 ByteCount = GSHORT(pd, offset);
8464 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8470 offset += 2; /* Skip Byte Count (BCC) */
8477 dissect_find_close2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8484 if (dirn == 1) { /* Request(s) dissect code */
8486 /* Build display for: Word Count (WTC) */
8488 WordCount = GBYTE(pd, offset);
8492 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WTC): %u", WordCount);
8496 offset += 1; /* Skip Word Count (WTC) */
8498 /* Build display for: FID */
8500 FID = GSHORT(pd, offset);
8504 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
8508 offset += 2; /* Skip FID */
8510 /* Build display for: Byte Count (BCC) */
8512 ByteCount = GSHORT(pd, offset);
8516 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8520 offset += 2; /* Skip Byte Count (BCC) */
8524 if (dirn == 0) { /* Response(s) dissect code */
8526 /* Build display for: Word Count (WCT) */
8528 WordCount = GBYTE(pd, offset);
8532 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8536 offset += 1; /* Skip Word Count (WCT) */
8538 /* Build display for: Byte Count (BCC) */
8540 ByteCount = GBYTE(pd, offset);
8544 proto_tree_add_text(tree, NullTVB, offset, 1, "Byte Count (BCC): %u", ByteCount);
8548 offset += 1; /* Skip Byte Count (BCC) */
8554 char *trans2_cmd_names[] = {
8556 "TRANS2_FIND_FIRST2",
8557 "TRANS2_FIND_NEXT2",
8558 "TRANS2_QUERY_FS_INFORMATION",
8560 "TRANS2_QUERY_PATH_INFORMATION",
8561 "TRANS2_SET_PATH_INFORMATION",
8562 "TRANS2_QUERY_FILE_INFORMATION",
8563 "TRANS2_SET_FILE_INFORMATION",
8566 "TRANS2_FIND_NOTIFY_FIRST",
8567 "TRANS2_FIND_NOTIFY_NEXT",
8568 "TRANS2_CREATE_DIRECTORY",
8569 "TRANS2_SESSION_SETUP",
8570 "TRANS2_GET_DFS_REFERRAL",
8572 "TRANS2_REPORT_DFS_INCONSISTENCY"};
8574 char *decode_trans2_name(int code)
8577 if (code > 17 || code < 0) {
8579 return("no such command");
8583 return trans2_cmd_names[code];
8589 dissect_transact2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8592 proto_tree *Flags_tree;
8598 guint8 MaxSetupCount;
8601 guint16 TotalParameterCount;
8602 guint16 TotalDataCount;
8605 guint16 ParameterOffset;
8606 guint16 ParameterDisplacement;
8607 guint16 ParameterCount;
8608 guint16 MaxParameterCount;
8609 guint16 MaxDataCount;
8612 guint16 DataDisplacement;
8615 conversation_t *conversation;
8616 struct smb_request_key request_key, *new_request_key;
8617 struct smb_request_val *request_val;
8620 * Find out what conversation this packet is part of.
8621 * XXX - this should really be done by the transport-layer protocol,
8622 * although for connectionless transports, we may not want to do that
8623 * unless we know some higher-level protocol will want it - or we
8624 * may want to do it, so you can say e.g. "show only the packets in
8625 * this UDP 'connection'".
8627 * Note that we don't have to worry about the direction this packet
8628 * was going - the conversation code handles that for us, treating
8629 * packets from A:X to B:Y as being part of the same conversation as
8630 * packets from B:Y to A:X.
8632 conversation = find_conversation(&pi.src, &pi.dst, pi.ptype,
8633 pi.srcport, pi.destport);
8634 if (conversation == NULL) {
8635 /* It's not part of any conversation - create a new one. */
8636 conversation = conversation_new(&pi.src, &pi.dst, pi.ptype,
8637 pi.srcport, pi.destport, NULL);
8640 si.conversation = conversation; /* Save this for later */
8643 * Check for and insert entry in request hash table if does not exist
8645 request_key.conversation = conversation->index;
8646 request_key.mid = si.mid;
8648 request_val = (struct smb_request_val *) g_hash_table_lookup(smb_request_hash, &request_key);
8650 if (!request_val) { /* Create one */
8652 new_request_key = g_mem_chunk_alloc(smb_request_keys);
8653 new_request_key -> conversation = conversation->index;
8654 new_request_key -> mid = si.mid;
8656 request_val = g_mem_chunk_alloc(smb_request_vals);
8657 request_val -> mid = si.mid;
8658 request_val -> last_transact2_command = 0xFFFF;
8660 g_hash_table_insert(smb_request_hash, new_request_key, request_val);
8663 else { /* Update the transact request */
8665 request_val -> mid = si.mid;
8669 si.request_val = request_val; /* Save this for later */
8672 if (dirn == 1) { /* Request(s) dissect code */
8674 /* Build display for: Word Count (WCT) */
8676 WordCount = GBYTE(pd, offset);
8680 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8684 offset += 1; /* Skip Word Count (WCT) */
8686 /* Build display for: Total Parameter Count */
8688 TotalParameterCount = GSHORT(pd, offset);
8692 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
8696 offset += 2; /* Skip Total Parameter Count */
8698 /* Build display for: Total Data Count */
8700 TotalDataCount = GSHORT(pd, offset);
8704 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Data Count: %u", TotalDataCount);
8708 offset += 2; /* Skip Total Data Count */
8710 /* Build display for: Max Parameter Count */
8712 MaxParameterCount = GSHORT(pd, offset);
8716 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Parameter Count: %u", MaxParameterCount);
8720 offset += 2; /* Skip Max Parameter Count */
8722 /* Build display for: Max Data Count */
8724 MaxDataCount = GSHORT(pd, offset);
8728 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Data Count: %u", MaxDataCount);
8732 offset += 2; /* Skip Max Data Count */
8734 /* Build display for: Max Setup Count */
8736 MaxSetupCount = GBYTE(pd, offset);
8740 proto_tree_add_text(tree, NullTVB, offset, 1, "Max Setup Count: %u", MaxSetupCount);
8744 offset += 1; /* Skip Max Setup Count */
8746 /* Build display for: Reserved1 */
8748 Reserved1 = GBYTE(pd, offset);
8752 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved1: %u", Reserved1);
8756 offset += 1; /* Skip Reserved1 */
8758 /* Build display for: Flags */
8760 Flags = GSHORT(pd, offset);
8764 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Flags: 0x%02x", Flags);
8765 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
8766 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
8767 decode_boolean_bitfield(Flags, 0x01, 16, "Also disconnect TID", "Dont disconnect TID"));
8768 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
8769 decode_boolean_bitfield(Flags, 0x02, 16, "One way transaction", "Two way transaction"));
8773 offset += 2; /* Skip Flags */
8775 /* Build display for: Timeout */
8777 Timeout = GWORD(pd, offset);
8781 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
8785 offset += 4; /* Skip Timeout */
8787 /* Build display for: Reserved2 */
8789 Reserved2 = GSHORT(pd, offset);
8793 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved2: %u", Reserved2);
8797 offset += 2; /* Skip Reserved2 */
8799 /* Build display for: Parameter Count */
8801 ParameterCount = GSHORT(pd, offset);
8805 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Count: %u", ParameterCount);
8809 offset += 2; /* Skip Parameter Count */
8811 /* Build display for: Parameter Offset */
8813 ParameterOffset = GSHORT(pd, offset);
8817 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Offset: %u", ParameterOffset);
8821 offset += 2; /* Skip Parameter Offset */
8823 /* Build display for: Data Count */
8825 DataCount = GSHORT(pd, offset);
8829 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Count: %u", DataCount);
8833 offset += 2; /* Skip Data Count */
8835 /* Build display for: Data Offset */
8837 DataOffset = GSHORT(pd, offset);
8841 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
8845 offset += 2; /* Skip Data Offset */
8847 /* Build display for: Setup Count */
8849 SetupCount = GBYTE(pd, offset);
8853 proto_tree_add_text(tree, NullTVB, offset, 1, "Setup Count: %u", SetupCount);
8857 offset += 1; /* Skip Setup Count */
8859 /* Build display for: Reserved3 */
8861 Reserved3 = GBYTE(pd, offset);
8865 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved3: %u", Reserved3);
8869 offset += 1; /* Skip Reserved3 */
8871 /* Build display for: Setup */
8873 if (SetupCount > 0) {
8877 Setup = GSHORT(pd, offset);
8879 request_val -> last_transact2_command = Setup; /* Save for later */
8881 if (check_col(fd, COL_INFO)) {
8883 col_add_fstr(fd, COL_INFO, "%s %s", decode_trans2_name(Setup), (dirn ? "Request" : "Response"));
8887 for (i = 1; i <= SetupCount; i++) {
8890 Setup1 = GSHORT(pd, offset);
8894 proto_tree_add_text(tree, NullTVB, offset, 2, "Setup%i: %u", i, Setup1);
8898 offset += 2; /* Skip Setup */
8904 /* Build display for: Byte Count (BCC) */
8906 ByteCount = GSHORT(pd, offset);
8910 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8914 offset += 2; /* Skip Byte Count (BCC) */
8916 /* Build display for: Transact Name */
8920 proto_tree_add_text(tree, NullTVB, offset, 2, "Transact Name: %s", decode_trans2_name(Setup));
8924 if (offset < (SMB_offset + ParameterOffset)) {
8926 int pad1Count = SMB_offset + ParameterOffset - offset;
8928 /* Build display for: Pad1 */
8932 proto_tree_add_text(tree, NullTVB, offset, pad1Count, "Pad1: %s", format_text(pd + offset, pad1Count));
8935 offset += pad1Count; /* Skip Pad1 */
8939 if (ParameterCount > 0) {
8941 /* Build display for: Parameters */
8945 proto_tree_add_text(tree, NullTVB, SMB_offset + ParameterOffset, ParameterCount, "Parameters: %s", format_text(pd + SMB_offset + ParameterOffset, ParameterCount));
8949 offset += ParameterCount; /* Skip Parameters */
8953 if (DataCount > 0 && offset < (SMB_offset + DataOffset)) {
8955 int pad2Count = SMB_offset + DataOffset - offset;
8957 /* Build display for: Pad2 */
8961 proto_tree_add_text(tree, NullTVB, offset, pad2Count, "Pad2: %s", format_text(pd + offset, pad2Count));
8965 offset += pad2Count; /* Skip Pad2 */
8969 if (DataCount > 0) {
8971 /* Build display for: Data */
8973 Data = GBYTE(pd, offset);
8977 proto_tree_add_text(tree, NullTVB, SMB_offset + DataOffset, DataCount, "Data: %s", format_text(&pd[offset], DataCount));
8981 offset += DataCount; /* Skip Data */
8986 if (dirn == 0) { /* Response(s) dissect code */
8988 /* Pick up the last transact2 command and put it in the right places */
8990 if (check_col(fd, COL_INFO)) {
8992 col_add_fstr(fd, COL_INFO, "%s %s", decode_trans2_name(request_val -> last_transact2_command), "response");
8996 /* Build display for: Word Count (WCT) */
8998 WordCount = GBYTE(pd, offset);
9002 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
9006 offset += 1; /* Skip Word Count (WCT) */
9008 /* Build display for: Total Parameter Count */
9010 TotalParameterCount = GSHORT(pd, offset);
9014 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
9018 offset += 2; /* Skip Total Parameter Count */
9020 /* Build display for: Total Data Count */
9022 TotalDataCount = GSHORT(pd, offset);
9026 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Data Count: %u", TotalDataCount);
9030 offset += 2; /* Skip Total Data Count */
9032 /* Build display for: Reserved2 */
9034 Reserved2 = GSHORT(pd, offset);
9038 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved2: %u", Reserved2);
9042 offset += 2; /* Skip Reserved2 */
9044 /* Build display for: Parameter Count */
9046 ParameterCount = GSHORT(pd, offset);
9050 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Count: %u", ParameterCount);
9054 offset += 2; /* Skip Parameter Count */
9056 /* Build display for: Parameter Offset */
9058 ParameterOffset = GSHORT(pd, offset);
9062 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Offset: %u", ParameterOffset);
9066 offset += 2; /* Skip Parameter Offset */
9068 /* Build display for: Parameter Displacement */
9070 ParameterDisplacement = GSHORT(pd, offset);
9074 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Displacement: %u", ParameterDisplacement);
9078 offset += 2; /* Skip Parameter Displacement */
9080 /* Build display for: Data Count */
9082 DataCount = GSHORT(pd, offset);
9086 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Count: %u", DataCount);
9090 offset += 2; /* Skip Data Count */
9092 /* Build display for: Data Offset */
9094 DataOffset = GSHORT(pd, offset);
9098 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
9102 offset += 2; /* Skip Data Offset */
9104 /* Build display for: Data Displacement */
9106 DataDisplacement = GSHORT(pd, offset);
9110 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Displacement: %u", DataDisplacement);
9114 offset += 2; /* Skip Data Displacement */
9116 /* Build display for: Setup Count */
9118 SetupCount = GBYTE(pd, offset);
9122 proto_tree_add_text(tree, NullTVB, offset, 1, "Setup Count: %u", SetupCount);
9126 offset += 1; /* Skip Setup Count */
9128 /* Build display for: Reserved3 */
9130 Reserved3 = GBYTE(pd, offset);
9134 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved3: %u", Reserved3);
9138 offset += 1; /* Skip Reserved3 */
9140 if (SetupCount > 0) {
9144 Setup = GSHORT(pd, offset);
9146 for (i = 1; i <= SetupCount; i++) {
9148 Setup = GSHORT(pd, offset);
9152 proto_tree_add_text(tree, NullTVB, offset, 2, "Setup%i: %u", i, Setup);
9156 offset += 2; /* Skip Setup */
9161 /* Build display for: Byte Count (BCC) */
9163 ByteCount = GSHORT(pd, offset);
9167 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
9171 offset += 2; /* Skip Byte Count (BCC) */
9173 if (offset < (SMB_offset + ParameterOffset)) {
9175 int pad1Count = SMB_offset + ParameterOffset - offset;
9177 /* Build display for: Pad1 */
9181 proto_tree_add_text(tree, NullTVB, offset, pad1Count, "Pad1: %s", format_text(pd + offset, pad1Count));
9184 offset += pad1Count; /* Skip Pad1 */
9188 /* Build display for: Parameter */
9190 if (ParameterCount > 0) {
9194 proto_tree_add_text(tree, NullTVB, offset, ParameterCount, "Parameter: %s", format_text(pd + SMB_offset + ParameterOffset, ParameterCount));
9198 offset += ParameterCount; /* Skip Parameter */
9202 if (DataCount > 0 && offset < (SMB_offset + DataOffset)) {
9204 int pad2Count = SMB_offset + DataOffset - offset;
9206 /* Build display for: Pad2 */
9210 proto_tree_add_text(tree, NullTVB, offset, pad2Count, "Pad2: %s", format_text(pd + offset, pad2Count));
9214 offset += pad2Count; /* Skip Pad2 */
9218 /* Build display for: Data */
9220 if (DataCount > 0) {
9224 proto_tree_add_text(tree, NullTVB, offset, DataCount, "Data: %s", format_text(pd + SMB_offset + DataOffset, DataCount));
9228 offset += DataCount; /* Skip Data */
9238 dissect_transact_params(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn, int DataOffset, int DataCount, int ParameterOffset, int ParameterCount, int SetupAreaOffset, int SetupCount, const char *TransactName)
9240 char *TransactNameCopy;
9241 char *trans_type = NULL, *trans_cmd, *loc_of_slash = NULL;
9248 TransactNameCopy = g_malloc(strlen(TransactName) + 1);
9250 /* Should check for error here ... */
9252 strcpy(TransactNameCopy, TransactName);
9253 if (TransactNameCopy[0] == '\\') {
9254 trans_type = TransactNameCopy + 1; /* Skip the slash */
9255 loc_of_slash = strchr(trans_type, '\\');
9259 index = loc_of_slash - trans_type; /* Make it a real index */
9260 trans_cmd = trans_type + index + 1;
9261 trans_type[index] = '\0';
9266 if ((trans_cmd == NULL) ||
9267 (((strcmp(trans_type, "MAILSLOT") != 0) ||
9268 !dissect_mailslot_smb(pd, SetupAreaOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, trans_cmd, SMB_offset + DataOffset, DataCount, SMB_offset + ParameterOffset, ParameterCount)) &&
9269 ((strcmp(trans_type, "PIPE") != 0) ||
9270 !dissect_pipe_smb(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, trans_cmd, DataOffset, DataCount, ParameterOffset, ParameterCount)))) {
9272 if (ParameterCount > 0) {
9274 /* Build display for: Parameters */
9278 proto_tree_add_text(tree, NullTVB, SMB_offset + ParameterOffset, ParameterCount, "Parameters: %s", format_text(pd + SMB_offset + ParameterOffset, ParameterCount));
9282 offset = SMB_offset + ParameterOffset + ParameterCount; /* Skip Parameters */
9286 if (DataCount > 0 && offset < (SMB_offset + DataOffset)) {
9288 int pad2Count = SMB_offset + DataOffset - offset;
9290 /* Build display for: Pad2 */
9294 proto_tree_add_text(tree, NullTVB, offset, pad2Count, "Pad2: %s", format_text(pd + offset, pad2Count));
9298 offset += pad2Count; /* Skip Pad2 */
9302 if (DataCount > 0) {
9304 /* Build display for: Data */
9306 Data = pd + SMB_offset + DataOffset;
9310 proto_tree_add_text(tree, NullTVB, SMB_offset + DataOffset, DataCount, "Data: %s", format_text(pd + SMB_offset + DataOffset, DataCount));
9314 offset += DataCount; /* Skip Data */
9322 dissect_transact_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
9325 proto_tree *Flags_tree;
9331 guint8 MaxSetupCount;
9333 guint16 TotalParameterCount;
9334 guint16 TotalDataCount;
9337 guint16 ParameterOffset;
9338 guint16 ParameterDisplacement;
9339 guint16 ParameterCount;
9340 guint16 MaxParameterCount;
9341 guint16 MaxDataCount;
9344 guint16 DataDisplacement;
9348 const char *TransactName;
9349 conversation_t *conversation;
9350 struct smb_request_key request_key, *new_request_key;
9351 struct smb_request_val *request_val;
9353 guint16 SetupAreaOffset;
9357 * Find out what conversation this packet is part of
9360 conversation = find_conversation(&pi.src, &pi.dst, pi.ptype,
9361 pi.srcport, pi.destport);
9363 if (conversation == NULL) { /* Create a new conversation */
9365 conversation = conversation_new(&pi.src, &pi.dst, pi.ptype,
9366 pi.srcport, pi.destport, NULL);
9370 si.conversation = conversation; /* Save this */
9373 * Check for and insert entry in request hash table if does not exist
9375 request_key.conversation = conversation->index;
9376 request_key.mid = si.mid;
9378 request_val = (struct smb_request_val *) g_hash_table_lookup(smb_request_hash, &request_key);
9380 if (!request_val) { /* Create one */
9382 new_request_key = g_mem_chunk_alloc(smb_request_keys);
9383 new_request_key -> conversation = conversation -> index;
9384 new_request_key -> mid = si.mid;
9386 request_val = g_mem_chunk_alloc(smb_request_vals);
9387 request_val -> mid = si.mid;
9388 request_val -> last_transact_command = NULL;
9389 request_val -> last_param_descrip = NULL;
9390 request_val -> last_data_descrip = NULL;
9392 g_hash_table_insert(smb_request_hash, new_request_key, request_val);
9396 si.request_val = request_val; /* Save this for later */
9398 if (dirn == 1) { /* Request(s) dissect code */
9400 /* Build display for: Word Count (WCT) */
9402 WordCount = GBYTE(pd, offset);
9406 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
9410 offset += 1; /* Skip Word Count (WCT) */
9412 /* Build display for: Total Parameter Count */
9414 TotalParameterCount = GSHORT(pd, offset);
9418 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
9422 offset += 2; /* Skip Total Parameter Count */
9424 /* Build display for: Total Data Count */
9426 TotalDataCount = GSHORT(pd, offset);
9430 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Data Count: %u", TotalDataCount);
9434 offset += 2; /* Skip Total Data Count */
9436 /* Build display for: Max Parameter Count */
9438 MaxParameterCount = GSHORT(pd, offset);
9442 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Parameter Count: %u", MaxParameterCount);
9446 offset += 2; /* Skip Max Parameter Count */
9448 /* Build display for: Max Data Count */
9450 MaxDataCount = GSHORT(pd, offset);
9454 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Data Count: %u", MaxDataCount);
9458 offset += 2; /* Skip Max Data Count */
9460 /* Build display for: Max Setup Count */
9462 MaxSetupCount = GBYTE(pd, offset);
9466 proto_tree_add_text(tree, NullTVB, offset, 1, "Max Setup Count: %u", MaxSetupCount);
9470 offset += 1; /* Skip Max Setup Count */
9472 /* Build display for: Reserved1 */
9474 Reserved1 = GBYTE(pd, offset);
9478 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved1: %u", Reserved1);
9482 offset += 1; /* Skip Reserved1 */
9484 /* Build display for: Flags */
9486 Flags = GSHORT(pd, offset);
9490 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Flags: 0x%02x", Flags);
9491 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
9492 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
9493 decode_boolean_bitfield(Flags, 0x01, 16, "Also disconnect TID", "Dont disconnect TID"));
9494 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
9495 decode_boolean_bitfield(Flags, 0x02, 16, "One way transaction", "Two way transaction"));
9499 offset += 2; /* Skip Flags */
9501 /* Build display for: Timeout */
9503 Timeout = GWORD(pd, offset);
9507 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
9511 offset += 4; /* Skip Timeout */
9513 /* Build display for: Reserved2 */
9515 Reserved2 = GSHORT(pd, offset);
9519 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved2: %u", Reserved2);
9523 offset += 2; /* Skip Reserved2 */
9525 /* Build display for: Parameter Count */
9527 ParameterCount = GSHORT(pd, offset);
9531 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Count: %u", ParameterCount);
9535 offset += 2; /* Skip Parameter Count */
9537 /* Build display for: Parameter Offset */
9539 ParameterOffset = GSHORT(pd, offset);
9543 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Offset: %u", ParameterOffset);
9547 offset += 2; /* Skip Parameter Offset */
9549 /* Build display for: Data Count */
9551 DataCount = GSHORT(pd, offset);
9555 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Count: %u", DataCount);
9559 offset += 2; /* Skip Data Count */
9561 /* Build display for: Data Offset */
9563 DataOffset = GSHORT(pd, offset);
9567 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
9571 offset += 2; /* Skip Data Offset */
9573 /* Build display for: Setup Count */
9575 SetupCount = GBYTE(pd, offset);
9579 proto_tree_add_text(tree, NullTVB, offset, 1, "Setup Count: %u", SetupCount);
9583 offset += 1; /* Skip Setup Count */
9585 /* Build display for: Reserved3 */
9587 Reserved3 = GBYTE(pd, offset);
9591 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved3: %u", Reserved3);
9594 offset += 1; /* Skip Reserved3 */
9596 SetupAreaOffset = offset;
9598 /* Build display for: Setup */
9600 if (SetupCount > 0) {
9604 Setup = GSHORT(pd, offset);
9606 for (i = 1; i <= SetupCount; i++) {
9608 Setup = GSHORT(pd, offset);
9612 proto_tree_add_text(tree, NullTVB, offset, 2, "Setup%i: %u", i, Setup);
9616 offset += 2; /* Skip Setup */
9622 /* Build display for: Byte Count (BCC) */
9624 ByteCount = GSHORT(pd, offset);
9628 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
9632 offset += 2; /* Skip Byte Count (BCC) */
9634 /* Build display for: Transact Name */
9636 /* Watch out for Unicode names */
9640 if (offset % 2) offset++; /* Looks like a pad byte there sometimes */
9642 TransactName = unicode_to_str(pd + offset, &TNlen);
9647 TransactName = pd + offset;
9648 TNlen = strlen(TransactName) + 1;
9651 if (request_val -> last_transact_command) g_free(request_val -> last_transact_command);
9653 request_val -> last_transact_command = g_malloc(strlen(TransactName) + 1);
9655 if (request_val -> last_transact_command)
9656 strcpy(request_val -> last_transact_command, TransactName);
9658 if (check_col(fd, COL_INFO)) {
9660 col_add_fstr(fd, COL_INFO, "%s %s", TransactName, (dirn ? "Request" : "Response"));
9666 proto_tree_add_text(tree, NullTVB, offset, TNlen, "Transact Name: %s", TransactName);
9670 offset += TNlen; /* Skip Transact Name */
9671 if (si.unicode) offset += 2; /* There are two more extraneous bytes there*/
9673 if (offset < (SMB_offset + ParameterOffset)) {
9675 int pad1Count = SMB_offset + ParameterOffset - offset;
9677 /* Build display for: Pad1 */
9681 proto_tree_add_text(tree, NullTVB, offset, pad1Count, "Pad1: %s", format_text(pd + offset, pad1Count));
9684 offset += pad1Count; /* Skip Pad1 */
9688 /* Let's see if we can decode this */
9690 dissect_transact_params(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, DataOffset, DataCount, ParameterOffset, ParameterCount, SetupAreaOffset, SetupCount, TransactName);
9694 if (dirn == 0) { /* Response(s) dissect code */
9696 if (check_col(fd, COL_INFO)) {
9697 if ( request_val -> last_transact_command )
9698 col_add_fstr(fd, COL_INFO, "%s %s", request_val -> last_transact_command, "Response");
9699 else col_add_fstr(fd, COL_INFO, "Response to unknown message");
9703 /* Build display for: Word Count (WCT) */
9705 WordCount = GBYTE(pd, offset);
9709 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
9713 offset += 1; /* Skip Word Count (WCT) */
9715 /* Build display for: Total Parameter Count */
9717 TotalParameterCount = GSHORT(pd, offset);
9721 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
9725 offset += 2; /* Skip Total Parameter Count */
9727 /* Build display for: Total Data Count */
9729 TotalDataCount = GSHORT(pd, offset);
9733 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Data Count: %u", TotalDataCount);
9737 offset += 2; /* Skip Total Data Count */
9739 /* Build display for: Reserved2 */
9741 Reserved2 = GSHORT(pd, offset);
9745 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved2: %u", Reserved2);
9749 offset += 2; /* Skip Reserved2 */
9751 /* Build display for: Parameter Count */
9753 ParameterCount = GSHORT(pd, offset);
9757 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Count: %u", ParameterCount);
9761 offset += 2; /* Skip Parameter Count */
9763 /* Build display for: Parameter Offset */
9765 ParameterOffset = GSHORT(pd, offset);
9769 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Offset: %u", ParameterOffset);
9773 offset += 2; /* Skip Parameter Offset */
9775 /* Build display for: Parameter Displacement */
9777 ParameterDisplacement = GSHORT(pd, offset);
9781 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Displacement: %u", ParameterDisplacement);
9785 offset += 2; /* Skip Parameter Displacement */
9787 /* Build display for: Data Count */
9789 DataCount = GSHORT(pd, offset);
9793 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Count: %u", DataCount);
9797 offset += 2; /* Skip Data Count */
9799 /* Build display for: Data Offset */
9801 DataOffset = GSHORT(pd, offset);
9805 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
9809 offset += 2; /* Skip Data Offset */
9811 /* Build display for: Data Displacement */
9813 DataDisplacement = GSHORT(pd, offset);
9817 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Displacement: %u", DataDisplacement);
9821 offset += 2; /* Skip Data Displacement */
9823 /* Build display for: Setup Count */
9825 SetupCount = GBYTE(pd, offset);
9829 proto_tree_add_text(tree, NullTVB, offset, 1, "Setup Count: %u", SetupCount);
9833 offset += 1; /* Skip Setup Count */
9836 /* Build display for: Reserved3 */
9838 Reserved3 = GBYTE(pd, offset);
9842 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved3: %u", Reserved3);
9847 offset += 1; /* Skip Reserved3 */
9849 SetupAreaOffset = offset;
9851 /* Build display for: Setup */
9853 if (SetupCount > 0) {
9857 Setup = GSHORT(pd, offset);
9859 for (i = 1; i <= SetupCount; i++) {
9861 Setup = GSHORT(pd, offset);
9865 proto_tree_add_text(tree, NullTVB, offset, 2, "Setup%i: %u", i, Setup);
9869 offset += 2; /* Skip Setup */
9875 /* Build display for: Byte Count (BCC) */
9877 ByteCount = GSHORT(pd, offset);
9881 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
9885 offset += 2; /* Skip Byte Count (BCC) */
9887 /* Build display for: Pad1 */
9889 if (offset < (SMB_offset + ParameterOffset)) {
9891 int pad1Count = SMB_offset + ParameterOffset - offset;
9893 /* Build display for: Pad1 */
9897 proto_tree_add_text(tree, NullTVB, offset, pad1Count, "Pad1: %s", format_text(pd + offset, pad1Count));
9900 offset += pad1Count; /* Skip Pad1 */
9904 dissect_transact_params(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, DataOffset, DataCount, ParameterOffset, ParameterCount, SetupAreaOffset, SetupCount, si.request_val -> last_transact_command);
9914 void (*dissect[256])(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info, int, int, int, int) = {
9916 dissect_createdir_smb, /* unknown SMB 0x00 */
9917 dissect_deletedir_smb, /* unknown SMB 0x01 */
9918 dissect_unknown_smb, /* SMBopen open a file */
9919 dissect_create_file_smb, /* SMBcreate create a file */
9920 dissect_close_smb, /* SMBclose close a file */
9921 dissect_flush_file_smb, /* SMBflush flush a file */
9922 dissect_delete_file_smb, /* SMBunlink delete a file */
9923 dissect_rename_file_smb, /* SMBmv rename a file */
9924 dissect_get_file_attr_smb,/* SMBgetatr get file attributes */
9925 dissect_set_file_attr_smb,/* SMBsetatr set file attributes */
9926 dissect_read_file_smb, /* SMBread read from a file */
9927 dissect_write_file_smb, /* SMBwrite write to a file */
9928 dissect_lock_bytes_smb, /* SMBlock lock a byte range */
9929 dissect_unlock_bytes_smb, /* SMBunlock unlock a byte range */
9930 dissect_create_temporary_file_smb,/* SMBctemp create a temporary file */
9931 dissect_unknown_smb, /* SMBmknew make a new file */
9932 dissect_checkdir_smb, /* SMBchkpth check a directory path */
9933 dissect_process_exit_smb, /* SMBexit process exit */
9934 dissect_unknown_smb, /* SMBlseek seek */
9935 dissect_lock_and_read_smb,/* SMBlockread Lock a range and read it */
9936 dissect_write_and_unlock_smb,/* SMBwriteunlock Unlock a range and then write */
9937 dissect_unknown_smb, /* unknown SMB 0x15 */
9938 dissect_unknown_smb, /* unknown SMB 0x16 */
9939 dissect_unknown_smb, /* unknown SMB 0x17 */
9940 dissect_unknown_smb, /* unknown SMB 0x18 */
9941 dissect_unknown_smb, /* unknown SMB 0x19 */
9942 dissect_read_raw_smb, /* SMBreadBraw read block raw */
9943 dissect_read_mpx_smb, /* SMBreadBmpx read block multiplexed */
9944 dissect_unknown_smb, /* SMBreadBs read block (secondary response) */
9945 dissect_write_raw_smb, /* SMBwriteBraw write block raw */
9946 dissect_write_mpx_smb, /* SMBwriteBmpx write block multiplexed */
9947 dissect_unknown_smb, /* SMBwriteBs write block (secondary request) */
9948 dissect_unknown_smb, /* SMBwriteC write complete response */
9949 dissect_unknown_smb, /* unknown SMB 0x21 */
9950 dissect_set_info2_smb, /* SMBsetattrE set file attributes expanded */
9951 dissect_query_info2_smb, /* SMBgetattrE get file attributes expanded */
9952 dissect_locking_andx_smb, /* SMBlockingX lock/unlock byte ranges and X */
9953 dissect_transact_smb, /* SMBtrans transaction - name, bytes in/out */
9954 dissect_unknown_smb, /* SMBtranss transaction (secondary request/response) */
9955 dissect_unknown_smb, /* SMBioctl IOCTL */
9956 dissect_unknown_smb, /* SMBioctls IOCTL (secondary request/response) */
9957 dissect_unknown_smb, /* SMBcopy copy */
9958 dissect_move_smb, /* SMBmove move */
9959 dissect_unknown_smb, /* SMBecho echo */
9960 dissect_unknown_smb, /* SMBwriteclose write a file and then close it */
9961 dissect_open_andx_smb, /* SMBopenX open and X */
9962 dissect_read_andx_smb, /* SMBreadX read and X */
9963 dissect_unknown_smb, /* SMBwriteX write and X */
9964 dissect_unknown_smb, /* unknown SMB 0x30 */
9965 dissect_unknown_smb, /* unknown SMB 0x31 */
9966 dissect_transact2_smb, /* unknown SMB 0x32 */
9967 dissect_unknown_smb, /* unknown SMB 0x33 */
9968 dissect_find_close2_smb, /* unknown SMB 0x34 */
9969 dissect_unknown_smb, /* unknown SMB 0x35 */
9970 dissect_unknown_smb, /* unknown SMB 0x36 */
9971 dissect_unknown_smb, /* unknown SMB 0x37 */
9972 dissect_unknown_smb, /* unknown SMB 0x38 */
9973 dissect_unknown_smb, /* unknown SMB 0x39 */
9974 dissect_unknown_smb, /* unknown SMB 0x3a */
9975 dissect_unknown_smb, /* unknown SMB 0x3b */
9976 dissect_unknown_smb, /* unknown SMB 0x3c */
9977 dissect_unknown_smb, /* unknown SMB 0x3d */
9978 dissect_unknown_smb, /* unknown SMB 0x3e */
9979 dissect_unknown_smb, /* unknown SMB 0x3f */
9980 dissect_unknown_smb, /* unknown SMB 0x40 */
9981 dissect_unknown_smb, /* unknown SMB 0x41 */
9982 dissect_unknown_smb, /* unknown SMB 0x42 */
9983 dissect_unknown_smb, /* unknown SMB 0x43 */
9984 dissect_unknown_smb, /* unknown SMB 0x44 */
9985 dissect_unknown_smb, /* unknown SMB 0x45 */
9986 dissect_unknown_smb, /* unknown SMB 0x46 */
9987 dissect_unknown_smb, /* unknown SMB 0x47 */
9988 dissect_unknown_smb, /* unknown SMB 0x48 */
9989 dissect_unknown_smb, /* unknown SMB 0x49 */
9990 dissect_unknown_smb, /* unknown SMB 0x4a */
9991 dissect_unknown_smb, /* unknown SMB 0x4b */
9992 dissect_unknown_smb, /* unknown SMB 0x4c */
9993 dissect_unknown_smb, /* unknown SMB 0x4d */
9994 dissect_unknown_smb, /* unknown SMB 0x4e */
9995 dissect_unknown_smb, /* unknown SMB 0x4f */
9996 dissect_unknown_smb, /* unknown SMB 0x50 */
9997 dissect_unknown_smb, /* unknown SMB 0x51 */
9998 dissect_unknown_smb, /* unknown SMB 0x52 */
9999 dissect_unknown_smb, /* unknown SMB 0x53 */
10000 dissect_unknown_smb, /* unknown SMB 0x54 */
10001 dissect_unknown_smb, /* unknown SMB 0x55 */
10002 dissect_unknown_smb, /* unknown SMB 0x56 */
10003 dissect_unknown_smb, /* unknown SMB 0x57 */
10004 dissect_unknown_smb, /* unknown SMB 0x58 */
10005 dissect_unknown_smb, /* unknown SMB 0x59 */
10006 dissect_unknown_smb, /* unknown SMB 0x5a */
10007 dissect_unknown_smb, /* unknown SMB 0x5b */
10008 dissect_unknown_smb, /* unknown SMB 0x5c */
10009 dissect_unknown_smb, /* unknown SMB 0x5d */
10010 dissect_unknown_smb, /* unknown SMB 0x5e */
10011 dissect_unknown_smb, /* unknown SMB 0x5f */
10012 dissect_unknown_smb, /* unknown SMB 0x60 */
10013 dissect_unknown_smb, /* unknown SMB 0x61 */
10014 dissect_unknown_smb, /* unknown SMB 0x62 */
10015 dissect_unknown_smb, /* unknown SMB 0x63 */
10016 dissect_unknown_smb, /* unknown SMB 0x64 */
10017 dissect_unknown_smb, /* unknown SMB 0x65 */
10018 dissect_unknown_smb, /* unknown SMB 0x66 */
10019 dissect_unknown_smb, /* unknown SMB 0x67 */
10020 dissect_unknown_smb, /* unknown SMB 0x68 */
10021 dissect_unknown_smb, /* unknown SMB 0x69 */
10022 dissect_unknown_smb, /* unknown SMB 0x6a */
10023 dissect_unknown_smb, /* unknown SMB 0x6b */
10024 dissect_unknown_smb, /* unknown SMB 0x6c */
10025 dissect_unknown_smb, /* unknown SMB 0x6d */
10026 dissect_unknown_smb, /* unknown SMB 0x6e */
10027 dissect_unknown_smb, /* unknown SMB 0x6f */
10028 dissect_treecon_smb, /* SMBtcon tree connect */
10029 dissect_tdis_smb, /* SMBtdis tree disconnect */
10030 dissect_negprot_smb, /* SMBnegprot negotiate a protocol */
10031 dissect_ssetup_andx_smb, /* SMBsesssetupX Session Set Up & X (including User Logon) */
10032 dissect_logoff_andx_smb, /* SMBlogof Logoff & X */
10033 dissect_tcon_andx_smb, /* SMBtconX tree connect and X */
10034 dissect_unknown_smb, /* unknown SMB 0x76 */
10035 dissect_unknown_smb, /* unknown SMB 0x77 */
10036 dissect_unknown_smb, /* unknown SMB 0x78 */
10037 dissect_unknown_smb, /* unknown SMB 0x79 */
10038 dissect_unknown_smb, /* unknown SMB 0x7a */
10039 dissect_unknown_smb, /* unknown SMB 0x7b */
10040 dissect_unknown_smb, /* unknown SMB 0x7c */
10041 dissect_unknown_smb, /* unknown SMB 0x7d */
10042 dissect_unknown_smb, /* unknown SMB 0x7e */
10043 dissect_unknown_smb, /* unknown SMB 0x7f */
10044 dissect_get_disk_attr_smb,/* SMBdskattr get disk attributes */
10045 dissect_search_dir_smb, /* SMBsearch search a directory */
10046 dissect_unknown_smb, /* SMBffirst find first */
10047 dissect_unknown_smb, /* SMBfunique find unique */
10048 dissect_unknown_smb, /* SMBfclose find close */
10049 dissect_unknown_smb, /* unknown SMB 0x85 */
10050 dissect_unknown_smb, /* unknown SMB 0x86 */
10051 dissect_unknown_smb, /* unknown SMB 0x87 */
10052 dissect_unknown_smb, /* unknown SMB 0x88 */
10053 dissect_unknown_smb, /* unknown SMB 0x89 */
10054 dissect_unknown_smb, /* unknown SMB 0x8a */
10055 dissect_unknown_smb, /* unknown SMB 0x8b */
10056 dissect_unknown_smb, /* unknown SMB 0x8c */
10057 dissect_unknown_smb, /* unknown SMB 0x8d */
10058 dissect_unknown_smb, /* unknown SMB 0x8e */
10059 dissect_unknown_smb, /* unknown SMB 0x8f */
10060 dissect_unknown_smb, /* unknown SMB 0x90 */
10061 dissect_unknown_smb, /* unknown SMB 0x91 */
10062 dissect_unknown_smb, /* unknown SMB 0x92 */
10063 dissect_unknown_smb, /* unknown SMB 0x93 */
10064 dissect_unknown_smb, /* unknown SMB 0x94 */
10065 dissect_unknown_smb, /* unknown SMB 0x95 */
10066 dissect_unknown_smb, /* unknown SMB 0x96 */
10067 dissect_unknown_smb, /* unknown SMB 0x97 */
10068 dissect_unknown_smb, /* unknown SMB 0x98 */
10069 dissect_unknown_smb, /* unknown SMB 0x99 */
10070 dissect_unknown_smb, /* unknown SMB 0x9a */
10071 dissect_unknown_smb, /* unknown SMB 0x9b */
10072 dissect_unknown_smb, /* unknown SMB 0x9c */
10073 dissect_unknown_smb, /* unknown SMB 0x9d */
10074 dissect_unknown_smb, /* unknown SMB 0x9e */
10075 dissect_unknown_smb, /* unknown SMB 0x9f */
10076 dissect_unknown_smb, /* unknown SMB 0xa0 */
10077 dissect_unknown_smb, /* unknown SMB 0xa1 */
10078 dissect_unknown_smb, /* unknown SMB 0xa2 */
10079 dissect_unknown_smb, /* unknown SMB 0xa3 */
10080 dissect_unknown_smb, /* unknown SMB 0xa4 */
10081 dissect_unknown_smb, /* unknown SMB 0xa5 */
10082 dissect_unknown_smb, /* unknown SMB 0xa6 */
10083 dissect_unknown_smb, /* unknown SMB 0xa7 */
10084 dissect_unknown_smb, /* unknown SMB 0xa8 */
10085 dissect_unknown_smb, /* unknown SMB 0xa9 */
10086 dissect_unknown_smb, /* unknown SMB 0xaa */
10087 dissect_unknown_smb, /* unknown SMB 0xab */
10088 dissect_unknown_smb, /* unknown SMB 0xac */
10089 dissect_unknown_smb, /* unknown SMB 0xad */
10090 dissect_unknown_smb, /* unknown SMB 0xae */
10091 dissect_unknown_smb, /* unknown SMB 0xaf */
10092 dissect_unknown_smb, /* unknown SMB 0xb0 */
10093 dissect_unknown_smb, /* unknown SMB 0xb1 */
10094 dissect_unknown_smb, /* unknown SMB 0xb2 */
10095 dissect_unknown_smb, /* unknown SMB 0xb3 */
10096 dissect_unknown_smb, /* unknown SMB 0xb4 */
10097 dissect_unknown_smb, /* unknown SMB 0xb5 */
10098 dissect_unknown_smb, /* unknown SMB 0xb6 */
10099 dissect_unknown_smb, /* unknown SMB 0xb7 */
10100 dissect_unknown_smb, /* unknown SMB 0xb8 */
10101 dissect_unknown_smb, /* unknown SMB 0xb9 */
10102 dissect_unknown_smb, /* unknown SMB 0xba */
10103 dissect_unknown_smb, /* unknown SMB 0xbb */
10104 dissect_unknown_smb, /* unknown SMB 0xbc */
10105 dissect_unknown_smb, /* unknown SMB 0xbd */
10106 dissect_unknown_smb, /* unknown SMB 0xbe */
10107 dissect_unknown_smb, /* unknown SMB 0xbf */
10108 dissect_unknown_smb, /* SMBsplopen open a print spool file */
10109 dissect_write_print_file_smb,/* SMBsplwr write to a print spool file */
10110 dissect_close_print_file_smb,/* SMBsplclose close a print spool file */
10111 dissect_get_print_queue_smb, /* SMBsplretq return print queue */
10112 dissect_unknown_smb, /* unknown SMB 0xc4 */
10113 dissect_unknown_smb, /* unknown SMB 0xc5 */
10114 dissect_unknown_smb, /* unknown SMB 0xc6 */
10115 dissect_unknown_smb, /* unknown SMB 0xc7 */
10116 dissect_unknown_smb, /* unknown SMB 0xc8 */
10117 dissect_unknown_smb, /* unknown SMB 0xc9 */
10118 dissect_unknown_smb, /* unknown SMB 0xca */
10119 dissect_unknown_smb, /* unknown SMB 0xcb */
10120 dissect_unknown_smb, /* unknown SMB 0xcc */
10121 dissect_unknown_smb, /* unknown SMB 0xcd */
10122 dissect_unknown_smb, /* unknown SMB 0xce */
10123 dissect_unknown_smb, /* unknown SMB 0xcf */
10124 dissect_unknown_smb, /* SMBsends send a single block message */
10125 dissect_unknown_smb, /* SMBsendb send a broadcast message */
10126 dissect_unknown_smb, /* SMBfwdname forward user name */
10127 dissect_unknown_smb, /* SMBcancelf cancel forward */
10128 dissect_unknown_smb, /* SMBgetmac get a machine name */
10129 dissect_unknown_smb, /* SMBsendstrt send start of multi-block message */
10130 dissect_unknown_smb, /* SMBsendend send end of multi-block message */
10131 dissect_unknown_smb, /* SMBsendtxt send text of multi-block message */
10132 dissect_unknown_smb, /* unknown SMB 0xd8 */
10133 dissect_unknown_smb, /* unknown SMB 0xd9 */
10134 dissect_unknown_smb, /* unknown SMB 0xda */
10135 dissect_unknown_smb, /* unknown SMB 0xdb */
10136 dissect_unknown_smb, /* unknown SMB 0xdc */
10137 dissect_unknown_smb, /* unknown SMB 0xdd */
10138 dissect_unknown_smb, /* unknown SMB 0xde */
10139 dissect_unknown_smb, /* unknown SMB 0xdf */
10140 dissect_unknown_smb, /* unknown SMB 0xe0 */
10141 dissect_unknown_smb, /* unknown SMB 0xe1 */
10142 dissect_unknown_smb, /* unknown SMB 0xe2 */
10143 dissect_unknown_smb, /* unknown SMB 0xe3 */
10144 dissect_unknown_smb, /* unknown SMB 0xe4 */
10145 dissect_unknown_smb, /* unknown SMB 0xe5 */
10146 dissect_unknown_smb, /* unknown SMB 0xe6 */
10147 dissect_unknown_smb, /* unknown SMB 0xe7 */
10148 dissect_unknown_smb, /* unknown SMB 0xe8 */
10149 dissect_unknown_smb, /* unknown SMB 0xe9 */
10150 dissect_unknown_smb, /* unknown SMB 0xea */
10151 dissect_unknown_smb, /* unknown SMB 0xeb */
10152 dissect_unknown_smb, /* unknown SMB 0xec */
10153 dissect_unknown_smb, /* unknown SMB 0xed */
10154 dissect_unknown_smb, /* unknown SMB 0xee */
10155 dissect_unknown_smb, /* unknown SMB 0xef */
10156 dissect_unknown_smb, /* unknown SMB 0xf0 */
10157 dissect_unknown_smb, /* unknown SMB 0xf1 */
10158 dissect_unknown_smb, /* unknown SMB 0xf2 */
10159 dissect_unknown_smb, /* unknown SMB 0xf3 */
10160 dissect_unknown_smb, /* unknown SMB 0xf4 */
10161 dissect_unknown_smb, /* unknown SMB 0xf5 */
10162 dissect_unknown_smb, /* unknown SMB 0xf6 */
10163 dissect_unknown_smb, /* unknown SMB 0xf7 */
10164 dissect_unknown_smb, /* unknown SMB 0xf8 */
10165 dissect_unknown_smb, /* unknown SMB 0xf9 */
10166 dissect_unknown_smb, /* unknown SMB 0xfa */
10167 dissect_unknown_smb, /* unknown SMB 0xfb */
10168 dissect_unknown_smb, /* unknown SMB 0xfc */
10169 dissect_unknown_smb, /* unknown SMB 0xfd */
10170 dissect_unknown_smb, /* SMBinvalid invalid command */
10171 dissect_unknown_smb /* unknown SMB 0xff */
10175 static const value_string errcls_types[] = {
10176 { SMB_SUCCESS, "Success"},
10177 { SMB_ERRDOS, "DOS Error"},
10178 { SMB_ERRSRV, "Server Error"},
10179 { SMB_ERRHRD, "Hardware Error"},
10180 { SMB_ERRCMD, "Command Error - Not an SMB format command"},
10184 char *decode_smb_name(unsigned char cmd)
10187 return(SMB_names[cmd]);
10191 static const value_string DOS_errors[] = {
10192 {SMBE_badfunc, "Invalid function (or system call)"},
10193 {SMBE_badfile, "File not found (pathname error)"},
10194 {SMBE_badpath, "Directory not found"},
10195 {SMBE_nofids, "Too many open files"},
10196 {SMBE_noaccess, "Access denied"},
10197 {SMBE_badfid, "Invalid fid"},
10198 {SMBE_nomem, "Out of memory"},
10199 {SMBE_badmem, "Invalid memory block address"},
10200 {SMBE_badenv, "Invalid environment"},
10201 {SMBE_badaccess, "Invalid open mode"},
10202 {SMBE_baddata, "Invalid data (only from ioctl call)"},
10203 {SMBE_res, "Reserved error code?"},
10204 {SMBE_baddrive, "Invalid drive"},
10205 {SMBE_remcd, "Attempt to delete current directory"},
10206 {SMBE_diffdevice, "Rename/move across different filesystems"},
10207 {SMBE_nofiles, "no more files found in file search"},
10208 {SMBE_badshare, "Share mode on file conflict with open mode"},
10209 {SMBE_lock, "Lock request conflicts with existing lock"},
10210 {SMBE_unsup, "Request unsupported, returned by Win 95"},
10211 {SMBE_filexists, "File in operation already exists"},
10212 {SMBE_cannotopen, "Cannot open the file specified"},
10213 {SMBE_unknownlevel, "Unknown level??"},
10214 {SMBE_badpipe, "Named pipe invalid"},
10215 {SMBE_pipebusy, "All instances of pipe are busy"},
10216 {SMBE_pipeclosing, "Named pipe close in progress"},
10217 {SMBE_notconnected, "No process on other end of named pipe"},
10218 {SMBE_moredata, "More data to be returned"},
10219 {SMBE_baddirectory, "Invalid directory name in a path."},
10220 {SMBE_eas_didnt_fit, "Extended attributes didn't fit"},
10221 {SMBE_eas_nsup, "Extended attributes not supported"},
10222 {SMBE_notify_buf_small, "Buffer too small to return change notify."},
10223 {SMBE_unknownipc, "Unknown IPC Operation"},
10224 {SMBE_noipc, "Don't support ipc"},
10228 /* Error codes for the ERRSRV class */
10230 static const value_string SRV_errors[] = {
10231 {SMBE_error, "Non specific error code"},
10232 {SMBE_badpw, "Bad password"},
10233 {SMBE_badtype, "Reserved"},
10234 {SMBE_access, "No permissions to perform the requested operation"},
10235 {SMBE_invnid, "TID invalid"},
10236 {SMBE_invnetname, "Invalid network name. Service not found"},
10237 {SMBE_invdevice, "Invalid device"},
10238 {SMBE_unknownsmb, "Unknown SMB, from NT 3.5 response"},
10239 {SMBE_qfull, "Print queue full"},
10240 {SMBE_qtoobig, "Queued item too big"},
10241 {SMBE_qeof, "EOF on print queue dump"},
10242 {SMBE_invpfid, "Invalid print file in smb_fid"},
10243 {SMBE_smbcmd, "Unrecognised command"},
10244 {SMBE_srverror, "SMB server internal error"},
10245 {SMBE_filespecs, "Fid and pathname invalid combination"},
10246 {SMBE_badlink, "Bad link in request ???"},
10247 {SMBE_badpermits, "Access specified for a file is not valid"},
10248 {SMBE_badpid, "Bad process id in request"},
10249 {SMBE_setattrmode, "Attribute mode invalid"},
10250 {SMBE_paused, "Message server paused"},
10251 {SMBE_msgoff, "Not receiving messages"},
10252 {SMBE_noroom, "No room for message"},
10253 {SMBE_rmuns, "Too many remote usernames"},
10254 {SMBE_timeout, "Operation timed out"},
10255 {SMBE_noresource, "No resources currently available for request."},
10256 {SMBE_toomanyuids, "Too many userids"},
10257 {SMBE_baduid, "Bad userid"},
10258 {SMBE_useMPX, "Temporarily unable to use raw mode, use MPX mode"},
10259 {SMBE_useSTD, "Temporarily unable to use raw mode, use standard mode"},
10260 {SMBE_contMPX, "Resume MPX mode"},
10261 {SMBE_badPW, "Bad Password???"},
10262 {SMBE_nosupport, "Operation not supported"},
10266 /* Error codes for the ERRHRD class */
10268 static const value_string HRD_errors[] = {
10269 {SMBE_nowrite, "read only media"},
10270 {SMBE_badunit, "Unknown device"},
10271 {SMBE_notready, "Drive not ready"},
10272 {SMBE_badcmd, "Unknown command"},
10273 {SMBE_data, "Data (CRC) error"},
10274 {SMBE_badreq, "Bad request structure length"},
10275 {SMBE_seek, "Seek error???"},
10276 {SMBE_badmedia, "Bad media???"},
10277 {SMBE_badsector, "Bad sector???"},
10278 {SMBE_nopaper, "No paper in printer???"},
10279 {SMBE_write, "Write error???"},
10280 {SMBE_read, "Read error???"},
10281 {SMBE_general, "General error???"},
10282 {SMBE_badshare, "A open conflicts with an existing open"},
10283 {SMBE_lock, "Lock/unlock error"},
10284 {SMBE_wrongdisk, "Wrong disk???"},
10285 {SMBE_FCBunavail, "FCB unavailable???"},
10286 {SMBE_sharebufexc, "Share buffer excluded???"},
10287 {SMBE_diskfull, "Disk full???"},
10291 char *decode_smb_error(guint8 errcls, guint16 errcode)
10298 return("No Error"); /* No error ??? */
10303 return(val_to_str(errcode, DOS_errors, "Unknown DOS error (%x)"));
10308 return(val_to_str(errcode, SRV_errors, "Unknown SRV error (%x)"));
10313 return(val_to_str(errcode, HRD_errors, "Unknown HRD error (%x)"));
10318 return("Unknown error class!");
10324 #define SMB_FLAGS_DIRN 0x80
10327 dissect_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data)
10329 proto_tree *smb_tree = tree, *flags_tree, *flags2_tree;
10330 proto_item *ti, *tf;
10331 guint8 cmd, errcls, errcode1, flags;
10332 guint16 flags2, errcode, tid, pid, uid, mid;
10334 int SMB_offset = offset;
10335 struct smb_info si;
10339 cmd = pd[offset + SMB_hdr_com_offset];
10341 if (check_col(fd, COL_PROTOCOL))
10342 col_add_str(fd, COL_PROTOCOL, "SMB");
10344 /* Hmmm, poor coding here ... Also, should check the type */
10346 if (check_col(fd, COL_INFO)) {
10348 col_add_fstr(fd, COL_INFO, "%s %s", decode_smb_name(cmd), (pi.match_port == pi.destport)? "Request" : "Response");
10354 ti = proto_tree_add_item(tree, proto_smb, NullTVB, offset, END_OF_FRAME, FALSE);
10355 smb_tree = proto_item_add_subtree(ti, ett_smb);
10357 /* 0xFFSMB is actually a 1 byte msg type and 3 byte server
10358 * component ... SMB is only one used
10361 proto_tree_add_text(smb_tree, NullTVB, offset, 1, "Message Type: 0xFF");
10362 proto_tree_add_text(smb_tree, NullTVB, offset+1, 3, "Server Component: SMB");
10366 offset += 4; /* Skip the marker */
10370 proto_tree_add_text(smb_tree, NullTVB, offset, 1, "Command: %s", decode_smb_name(cmd));
10376 /* Handle error code */
10378 if (GSHORT(pd, SMB_offset + 10) & 0x4000) {
10379 /* handle NT 32 bit error code */
10380 errcode = 0; /* better than a random number */
10381 status = GWORD(pd, offset);
10385 proto_tree_add_text(smb_tree, NullTVB, offset, 4, "Status: 0x%08x",
10394 /* handle DOS error code & class */
10396 /* Next, look at the error class, SMB_RETCLASS */
10398 errcls = pd[offset];
10402 proto_tree_add_text(smb_tree, NullTVB, offset, 1, "Error Class: %s",
10403 val_to_str((guint8)pd[offset], errcls_types, "Unknown Error Class (%x)"));
10408 /* Error code, SMB_HEINFO ... */
10410 errcode1 = pd[offset];
10414 proto_tree_add_text(smb_tree, NullTVB, offset, 1, "Reserved: %i", errcode1);
10420 errcode = GSHORT(pd, offset);
10424 proto_tree_add_text(smb_tree, NullTVB, offset, 2, "Error Code: %s",
10425 decode_smb_error(errcls, errcode));
10432 /* Now for the flags: Bit 0 = 0 means cmd, 0 = 1 means resp */
10434 flags = pd[offset];
10438 tf = proto_tree_add_text(smb_tree, NullTVB, offset, 1, "Flags: 0x%02x", flags);
10440 flags_tree = proto_item_add_subtree(tf, ett_smb_flags);
10441 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10442 decode_boolean_bitfield(flags, 0x01, 8,
10443 "Lock&Read, Write&Unlock supported",
10444 "Lock&Read, Write&Unlock not supported"));
10445 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10446 decode_boolean_bitfield(flags, 0x02, 8,
10447 "Receive buffer posted",
10448 "Receive buffer not posted"));
10449 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10450 decode_boolean_bitfield(flags, 0x08, 8,
10451 "Path names caseless",
10452 "Path names case sensitive"));
10453 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10454 decode_boolean_bitfield(flags, 0x10, 8,
10455 "Pathnames canonicalized",
10456 "Pathnames not canonicalized"));
10457 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10458 decode_boolean_bitfield(flags, 0x20, 8,
10459 "OpLocks requested/granted",
10460 "OpLocks not requested/granted"));
10461 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10462 decode_boolean_bitfield(flags, 0x40, 8,
10464 "Notify open only"));
10466 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10467 decode_boolean_bitfield(flags, SMB_FLAGS_DIRN,
10468 8, "Response to client/redirector", "Request to server"));
10474 flags2 = GSHORT(pd, offset);
10478 tf = proto_tree_add_text(smb_tree, NullTVB, offset, 1, "Flags2: 0x%04x", flags2);
10480 flags2_tree = proto_item_add_subtree(tf, ett_smb_flags2);
10481 proto_tree_add_text(flags2_tree, NullTVB, offset, 1, "%s",
10482 decode_boolean_bitfield(flags2, 0x0001, 16,
10483 "Long file names supported",
10484 "Long file names not supported"));
10485 proto_tree_add_text(flags2_tree, NullTVB, offset, 1, "%s",
10486 decode_boolean_bitfield(flags2, 0x0002, 16,
10487 "Extended attributes supported",
10488 "Extended attributes not supported"));
10489 proto_tree_add_text(flags2_tree, NullTVB, offset, 1, "%s",
10490 decode_boolean_bitfield(flags2, 0x0004, 16,
10491 "Security signatures supported",
10492 "Security signatures not supported"));
10493 proto_tree_add_text(flags2_tree, NullTVB, offset, 1, "%s",
10494 decode_boolean_bitfield(flags2, 0x0800, 16,
10495 "Extended security negotiation supported",
10496 "Extended security negotiation not supported"));
10497 proto_tree_add_text(flags2_tree, NullTVB, offset, 1, "%s",
10498 decode_boolean_bitfield(flags2, 0x1000, 16,
10499 "Resolve pathnames with DFS",
10500 "Don't resolve pathnames with DFS"));
10501 proto_tree_add_text(flags2_tree, NullTVB, offset, 1, "%s",
10502 decode_boolean_bitfield(flags2, 0x2000, 16,
10503 "Permit reads if execute-only",
10504 "Don't permit reads if execute-only"));
10505 proto_tree_add_text(flags2_tree, NullTVB, offset, 1, "%s",
10506 decode_boolean_bitfield(flags2, 0x4000, 16,
10507 "Error codes are NT error codes",
10508 "Error codes are DOS error codes"));
10509 proto_tree_add_text(flags2_tree, NullTVB, offset, 1, "%s",
10510 decode_boolean_bitfield(flags2, 0x8000, 16,
10511 "Strings are Unicode",
10512 "Strings are ASCII"));
10516 if (flags2 & 0x8000) si.unicode = 1; /* Mark them as Unicode */
10522 proto_tree_add_text(smb_tree, NullTVB, offset, 12, "Reserved: 6 WORDS");
10528 /* Now the TID, tree ID */
10530 tid = GSHORT(pd, offset);
10535 proto_tree_add_text(smb_tree, NullTVB, offset, 2, "Network Path/Tree ID (TID): %i (%04x)", tid, tid);
10541 /* Now the PID, Process ID */
10543 pid = GSHORT(pd, offset);
10548 proto_tree_add_text(smb_tree, NullTVB, offset, 2, "Process ID (PID): %i (%04x)", pid, pid);
10554 /* Now the UID, User ID */
10556 uid = GSHORT(pd, offset);
10561 proto_tree_add_text(smb_tree, NullTVB, offset, 2, "User ID (UID): %i (%04x)", uid, uid);
10567 /* Now the MID, Multiplex ID */
10569 mid = GSHORT(pd, offset);
10574 proto_tree_add_text(smb_tree, NullTVB, offset, 2, "Multiplex ID (MID): %i (%04x)", mid, mid);
10580 /* Now vector through the table to dissect them */
10582 (dissect[cmd])(pd, offset, fd, tree, smb_tree, si, max_data, SMB_offset, errcode,
10583 ((flags & 0x80) == 0));
10588 /*** External routines called during the registration process */
10590 extern void register_proto_smb_browse( void);
10591 extern void register_proto_smb_logon( void);
10592 extern void register_proto_smb_mailslot( void);
10593 extern void register_proto_smb_pipe( void);
10594 extern void register_proto_smb_mailslot( void);
10598 proto_register_smb(void)
10600 static gint *ett[] = {
10602 &ett_smb_fileattributes,
10603 &ett_smb_capabilities,
10610 &ett_smb_desiredaccess,
10613 &ett_smb_openfunction,
10616 &ett_smb_writemode,
10617 &ett_smb_lock_type,
10620 proto_smb = proto_register_protocol("Server Message Block Protocol", "smb");
10622 proto_register_subtree_array(ett, array_length(ett));
10623 register_init_routine(&smb_init_protocol);
10625 register_proto_smb_browse();
10626 register_proto_smb_logon( );
10627 register_proto_smb_mailslot();
10628 register_proto_smb_pipe();
git.samba.org / obnox / wireshark / wip.git / blob