1 /* packet-dcom-sysact.c
2 * Routines for the ISystemActivator interface
3 * Copyright 2004, Jelmer Vernooij <jelmer@samba.org>
4 * Copyright 2012, Litao Gao <ltgao@juniper.net>
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * SPDX-License-Identifier: GPL-2.0-or-later
15 #include <epan/packet.h>
16 #include "packet-dcerpc.h"
17 #include "packet-dcom.h"
19 void proto_register_ISystemActivator(void);
20 void proto_reg_handoff_ISystemActivator(void);
22 static int proto_ISystemActivator = -1;
24 static gint ett_isystemactivator = -1;
25 static int hf_opnum = -1;
26 static int hf_sysact_actproperties = -1;
27 /* static int hf_sysact_unknown = -1; */
29 static gint ett_actproperties = -1;
30 static int hf_sysact_totalsize = -1;
31 static int hf_sysact_res = -1;
33 static gint ett_commonheader = -1;
34 static gint ett_propguids = -1;
35 static gint ett_properties = -1;
36 static int hf_sysact_customhdrsize = -1;
37 static int hf_sysact_dstctx = -1;
38 static int hf_sysact_actpropnumber = -1;
39 static int hf_sysact_actpropclsinfoid = -1;
40 /* static int hf_sysact_actpropclsids = -1; */
41 static int hf_sysact_actpropclsid = -1;
42 /* static int hf_sysact_actpropsizes = -1; */
43 static int hf_sysact_actpropsize = -1;
46 static gint ett_dcom_spclsysprop = -1;
47 static gint ett_dcom_reserved = -1;
48 static int hf_sysact_spsysprop_sid = -1;
49 static int hf_sysact_spsysprop_remotethissid = -1;
50 static int hf_sysact_spsysprop_cltimpersonating = -1;
51 static int hf_sysact_spsysprop_partitionid = -1;
52 static int hf_sysact_spsysprop_defauthlvl = -1;
53 static int hf_sysact_spsysprop_partition = -1;
54 static int hf_sysact_spsysprop_procrqstflgs = -1;
55 static int hf_sysact_spsysprop_origclsctx = -1;
56 static int hf_sysact_spsysprop_flags = -1;
57 /* static int hf_sysact_spsysprop_procid = -1; */
58 /* static int hf_sysact_spsysprop_hwnd = -1; */
60 static gint ett_dcom_instantianinfo = -1;
61 static int hf_sysact_instninfo_clsid = -1;
62 static int hf_sysact_instninfo_clsctx = -1;
63 static int hf_sysact_instninfo_actflags = -1;
64 static int hf_sysact_instninfo_issurrogate = -1;
65 static int hf_sysact_instninfo_iidcount = -1;
66 static int hf_sysact_instninfo_instflags = -1;
67 static int hf_sysact_instninfo_entiresize = -1;
68 static int hf_sysact_instninfo_iid = -1;
70 static gint ett_dcom_actctxinfo = -1;
71 static int hf_sysact_actctxinfo_cltok = -1;
72 static int hf_sysact_context = -1;
74 static gint ett_dcom_context = -1;
75 static int hf_sysact_ctx_id = -1;
76 static int hf_sysact_ctx_flags = -1;
77 static int hf_sysact_ctx_res = -1;
78 static int hf_sysact_ctx_numextents = -1;
79 static int hf_sysact_ctx_extentscnt = -1;
80 static int hf_sysact_ctx_mashflags = -1;
81 static int hf_sysact_ctx_count = -1;
82 static int hf_sysact_ctx_frozen = -1;
84 static gint ett_dcom_securityinfo = -1;
85 static int hf_sysact_si_authflalgs = -1;
86 static int hf_sysact_si_ci_res = -1;
87 static int hf_sysact_si_ci_string = -1;
88 static int hf_sysact_si_serverinfo = -1;
90 static gint ett_dcom_locationinfo = -1;
91 static int hf_sysact_li_string = -1;
92 static int hf_sysact_li_procid = -1;
93 static int hf_sysact_li_apartid = -1;
94 static int hf_sysact_li_ctxid = -1;
96 static gint ett_dcom_scmrqstinfo = -1;
97 static gint ett_dcom_rmtrqst = -1;
99 static int hf_sysact_sri_cltimplvl = -1;
100 static int hf_sysact_sri_protseqnum = -1;
101 static int hf_sysact_sri_protseq = -1;
103 static gint ett_dcom_propsoutput = -1;
104 static int hf_sysact_pi_ifnum = -1;
105 static int hf_sysact_pi_retval = -1;
106 static int hf_sysact_pi_interf = -1;
107 static int hf_sysact_pi_iid = -1;
109 static gint ett_dcom_scmrespinfo = -1;
110 static gint ett_dcom_rmtresp = -1;
111 static gint ett_dcom_oxidbinding = -1;
112 static int hf_sysact_scmri_rmtunknid = -1;
113 static int hf_sysact_scmri_authhint = -1;
114 static int hf_sysact_scmri_binding = -1;
115 static int hf_sysact_scmri_oxid = -1;
116 static int hf_sysact_unused_buffer = -1;
118 static gint ett_typeszcommhdr = -1;
119 static gint ett_typeszprivhdr = -1;
120 static int hf_typeszch = -1;
121 static int hf_typeszph = -1;
122 static int hf_typesz_ver = -1;
123 static int hf_typesz_endianness = -1;
124 static int hf_typesz_commhdrlen = -1;
125 static int hf_typesz_filler = -1;
126 static int hf_typesz_buflen = -1;
128 static e_guid_t uuid_ISystemActivator = { 0x000001a0, 0x0000, 0x0000, { 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46 } };
129 static guint16 ver_ISystemActivator = 0;
131 /*static e_guid_t clsid_ActivationPropertiesIn = { 0x00000338, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };*/
132 /*static e_guid_t clsid_ActivationPropertiesOut = { 0x00000339, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };*/
133 static e_guid_t iid_ActivationPropertiesIn = { 0x000001a2, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
134 static e_guid_t iid_ActivationPropertiesOut = { 0x000001a3, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
136 static e_guid_t clsid_SpecialSystemProperties = { 0x000001b9, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
137 static e_guid_t clsid_InstantiationInfo = { 0x000001ab, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
138 static e_guid_t clsid_ActivationContextInfo = { 0x000001a5, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
139 static e_guid_t clsid_ContextMarshaler = { 0x0000033b, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
140 static e_guid_t clsid_SecurityInfo = { 0x000001a6, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
141 static e_guid_t clsid_ServerLocationInfo = { 0x000001a4, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
142 static e_guid_t clsid_ScmRequestInfo = { 0x000001aa, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
143 static e_guid_t clsid_PropsOutInfo = { 0x00000339, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
144 static e_guid_t clsid_ScmReplyInfo = { 0x000001b6, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
145 /*static e_guid_t clsid_InstanceInfo = { 0x000001ad, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };*/
148 static const value_string instninfo_actflags[] = {
149 { 0x00000002, "ACTVFLAGS_DISABLE_AAA" },
150 { 0x00000004, "ACTVFLAGS_ACTIVATE_32_BIT_SERVER" },
151 { 0x00000008, "ACTVFLAGS_ACTIVATE_64_BIT_SERVER" },
152 { 0x00000020, "ACTVFLAGS_NO_FAILURE_LOG" },
156 static const value_string boolean_flag_vals[] = {
157 { 0x00000001, "TRUE" },
158 { 0x00000000, "FALSE" },
162 static const value_string dcom_context_flag_vals[] = {
163 { 0x00000002, "MarshalByValue" },
167 static const value_string ts_endian_vals[] = {
168 { 0x10, "Little-endian" },
169 { 0x00, "Big-endian" },
173 /* MS-DCOM 2.2.28.1 */
174 #define MIN_ACTPROP_LIMIT 1
175 #define MAX_ACTPROP_LIMIT 10
177 typedef struct property_guids {
178 e_guid_t guid[MAX_ACTPROP_LIMIT];
179 guint32 size[MAX_ACTPROP_LIMIT];
184 /* Type Serialization Version 1 */
186 dissect_TypeSzCommPrivHdr(tvbuff_t *tvb, gint offset, packet_info *pinfo,
187 proto_tree *tree, dcerpc_info *di, guint8 *drep)
189 proto_item *sub_item;
190 proto_tree *sub_tree;
192 guint8 endian = 0x10;
195 /* Common Header use little endian */
196 sub_item = proto_tree_add_item(tree, hf_typeszch, tvb, offset, 0, ENC_NA);
197 sub_tree = proto_item_add_subtree(sub_item, ett_typeszcommhdr);
200 offset = dissect_dcom_BYTE(tvb, offset, pinfo, sub_tree, di, drep,
201 hf_typesz_ver, NULL);
203 offset = dissect_dcom_BYTE(tvb, offset, pinfo, sub_tree, di, drep,
204 hf_typesz_endianness, &endian);
206 *drep = DREP_LITTLE_ENDIAN;
208 *drep &= ~DREP_LITTLE_ENDIAN;
210 drep_tmp = DREP_LITTLE_ENDIAN;
211 offset = dissect_dcom_WORD(tvb, offset, pinfo, sub_tree, di, &drep_tmp,
212 hf_typesz_commhdrlen, NULL);
213 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, &drep_tmp,
214 hf_typesz_filler, NULL);
215 proto_item_set_len(sub_item, offset - old_offset);
219 sub_item = proto_tree_add_item(tree, hf_typeszph, tvb, offset, 0, ENC_NA);
220 sub_tree = proto_item_add_subtree(sub_item, ett_typeszprivhdr);
221 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
222 hf_typesz_buflen, NULL);
223 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
224 hf_typesz_filler, NULL);
225 proto_item_set_len(sub_item, offset - old_offset);
233 dissect_dcom_Property_Guid(tvbuff_t *tvb, gint offset, packet_info *pinfo,
234 proto_tree *tree, dcerpc_info *di, guint8 *drep)
236 property_guids_t *pg;
238 pg = (property_guids_t*)di->private_data;
240 if (pg->id_idx < MAX_ACTPROP_LIMIT) {
241 offset = dissect_dcom_UUID(tvb, offset, pinfo, tree, di, drep,
242 hf_sysact_actpropclsid, &pg->guid[pg->id_idx++]);
245 /* TODO: expert info */
246 tvb_ensure_bytes_exist(tvb, offset, 16);
254 dissect_dcom_ActivationPropertiesCustomerHdr_PropertyGuids(tvbuff_t *tvb, gint offset,
255 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
257 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep, dissect_dcom_Property_Guid);
262 dissect_dcom_Property_Size(tvbuff_t *tvb, gint offset, packet_info *pinfo,
263 proto_tree *tree, dcerpc_info *di, guint8 *drep)
265 property_guids_t *pg;
267 pg = (property_guids_t*)di->private_data;
269 if (pg->size_idx < MAX_ACTPROP_LIMIT) {
270 offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, di, drep,
271 hf_sysact_actpropsize, &pg->size[pg->size_idx++]);
274 /* TODO: expert info */
275 tvb_ensure_bytes_exist(tvb, offset, 4);
283 dissect_dcom_ActivationPropertiesCustomerHdr_PropertySizes(tvbuff_t *tvb, gint offset,
284 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
286 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep, dissect_dcom_Property_Size);
291 dissect_dcom_ActivationPropertiesCustomerHdr(tvbuff_t *tvb, gint offset, packet_info *pinfo,
292 proto_tree *tree, dcerpc_info *di, guint8 *drep)
294 guint32 u32TotalSize;
295 guint32 u32CustomHdrSize;
296 guint32 u32ActPropNumber;
299 proto_item *sub_item;
300 proto_tree *sub_tree;
302 sub_tree = proto_tree_add_subtree(tree, tvb, offset, 0, ett_commonheader, &sub_item, "CustomHeader");
305 offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di, drep);
307 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
308 hf_sysact_totalsize, &u32TotalSize);
309 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
310 hf_sysact_customhdrsize, &u32CustomHdrSize);
311 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
312 hf_sysact_res, NULL);
313 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
314 hf_sysact_dstctx, NULL);
315 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
316 hf_sysact_actpropnumber, &u32ActPropNumber);
317 offset = dissect_dcom_UUID(tvb, offset, pinfo, sub_tree, di, drep,
318 hf_sysact_actpropclsinfoid, NULL);
320 /* ClsIdPtr, SizesPtr */
321 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
322 dissect_dcom_ActivationPropertiesCustomerHdr_PropertyGuids, NDR_POINTER_UNIQUE,
323 "ClsIdPtr",hf_sysact_actpropclsid);
324 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
325 dissect_dcom_ActivationPropertiesCustomerHdr_PropertySizes, NDR_POINTER_UNIQUE,
326 "ClsSizesPtr",hf_sysact_actpropclsid);
327 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
328 NULL, NDR_POINTER_UNIQUE, "OpaqueDataPtr: Pointer To NULL", 0);
330 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
331 proto_item_set_len(sub_item, offset - old_offset);
338 dissect_dcom_ActivationProperty(tvbuff_t *tvb, gint offset, packet_info *pinfo,
339 proto_tree *tree, dcerpc_info *di, guint8 *drep, e_guid_t *clsid, gint size)
341 dcom_dissect_fn_t routine = NULL;
343 /* the following data depends on the clsid, get the routine by clsid */
344 routine = dcom_get_rountine_by_uuid(clsid);
346 offset = routine(tvb, offset, pinfo, tree, di, drep, size);
355 dissect_dcom_ActivationPropertiesBody(tvbuff_t *tvb, gint offset, packet_info *pinfo,
356 proto_tree *tree, dcerpc_info *di, guint8 *drep)
360 proto_item *sub_item;
361 proto_tree *sub_tree;
362 property_guids_t *pg;
366 pg = (property_guids_t*)di->private_data;
368 if (pg->id_idx == pg->size_idx) {
369 min_idx = pg->id_idx;
372 /* TODO: expert info */
373 min_idx = MIN(pg->id_idx, pg->size_idx);
376 sub_tree = proto_tree_add_subtree(tree, tvb, offset, 0, ett_properties, &sub_item, "Properties");
379 for (i = 0; i < min_idx; i++) {
380 offset = dissect_dcom_ActivationProperty(tvb, offset, pinfo, sub_tree, di, drep,
381 &pg->guid[i], pg->size[i]);
383 proto_item_set_len(sub_item, offset - old_offset);
389 dissect_dcom_ActivationProperties(tvbuff_t *tvb, gint offset, packet_info *pinfo,
390 proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size _U_)
392 proto_item *sub_item;
393 proto_tree *sub_tree;
394 property_guids_t *old_pg = NULL;
396 guint32 u32TotalSize;
399 sub_item = proto_tree_add_item(tree, hf_sysact_actproperties, tvb, offset, 0, ENC_NA);
400 sub_tree = proto_item_add_subtree(sub_item, ett_actproperties);
402 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
403 hf_sysact_totalsize, &u32TotalSize);
404 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
405 hf_sysact_res, &u32Res);
407 old_pg = (property_guids_t*)di->private_data;
408 di->private_data = wmem_new0(wmem_packet_scope(), property_guids_t);
410 offset = dissect_dcom_ActivationPropertiesCustomerHdr(tvb, offset, pinfo, sub_tree, di, drep);
411 offset = dissect_dcom_ActivationPropertiesBody(tvb, offset, pinfo, sub_tree, di, drep);
413 di->private_data = old_pg;
419 dissect_dcom_ContextMarshaler(tvbuff_t *tvb, gint offset, packet_info *pinfo,
420 proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size _U_)
422 proto_item *sub_item;
423 proto_tree *sub_tree;
429 sub_tree = proto_tree_add_subtree(tree, tvb, offset, 0, ett_dcom_context, &sub_item, "Context");
431 offset = dissect_dcom_COMVERSION(tvb, offset, pinfo, sub_tree, di, drep,
433 offset = dissect_dcom_UUID(tvb, offset, pinfo, sub_tree, di, drep,
434 hf_sysact_ctx_id, NULL);
435 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
436 hf_sysact_ctx_flags, NULL);
437 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
438 hf_sysact_ctx_res, NULL);
439 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
440 hf_sysact_ctx_numextents, NULL);
441 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
442 hf_sysact_ctx_extentscnt, NULL);
443 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
444 hf_sysact_ctx_mashflags, NULL);
445 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
446 hf_sysact_ctx_count, &u32Count);
447 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
448 hf_sysact_ctx_frozen, NULL);
451 /*PropMarshalHeader array*/
455 proto_item_set_len(sub_item, offset - old_offset);
461 dissect_dcom_SpecialSystemProperties(tvbuff_t *tvb, gint offset, packet_info *pinfo,
462 proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size)
464 proto_tree *sub_tree, *tr;
465 gint old_offset, len, i;
470 /* TODO: expert info */
474 sub_tree = proto_tree_add_subtree(tree, tvb, offset, size, ett_dcom_spclsysprop, NULL, "SpecialSystemProperties");
476 offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di, drep);
478 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
479 hf_sysact_spsysprop_sid, NULL);
480 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
481 hf_sysact_spsysprop_remotethissid, NULL);
482 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
483 hf_sysact_spsysprop_cltimpersonating, NULL);
484 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
485 hf_sysact_spsysprop_partitionid, NULL);
486 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
487 hf_sysact_spsysprop_defauthlvl, NULL);
488 offset = dissect_dcom_UUID(tvb, offset, pinfo, sub_tree, di, drep,
489 hf_sysact_spsysprop_partition, NULL);
490 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
491 hf_sysact_spsysprop_procrqstflgs, NULL);
492 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
493 hf_sysact_spsysprop_origclsctx, NULL);
494 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
495 hf_sysact_spsysprop_flags, NULL);
498 * offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
499 * hf_sysact_spsysprop_procid, NULL);
500 * offset = dissect_dcom_I8(tvb, offset, pinfo, sub_tree, drep,
501 * hf_sysact_spsysprop_hwnd, NULL);
504 tr = proto_tree_add_subtree(sub_tree, tvb, offset, sizeof(guint32)*8,
505 ett_dcom_reserved, NULL, "Reserved: 8 DWORDs");
506 for (i = 0; i < 8; i++) {
507 offset = dissect_dcom_DWORD(tvb, offset, pinfo, tr, di, drep,
508 hf_sysact_res, NULL);
511 len = offset - old_offset;
513 /* TODO expert info */
516 else if (size > len) {
517 proto_tree_add_item(sub_tree, hf_sysact_unused_buffer, tvb, offset, size - len, ENC_NA);
520 offset = old_offset + size;
525 dissect_dcom_InterfaceId(tvbuff_t *tvb, gint offset, packet_info *pinfo,
526 proto_tree *tree, dcerpc_info *di, guint8 *drep)
528 offset = dissect_dcom_UUID(tvb, offset, pinfo, tree, di, drep,
529 hf_sysact_instninfo_iid, NULL);
534 dissect_InstantiationInfoIids(tvbuff_t *tvb, gint offset,
535 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
537 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep,
538 dissect_dcom_InterfaceId);
544 dissect_dcom_InstantiationInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
545 proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size)
547 proto_tree *sub_tree;
548 gint old_offset, len;
553 /* TODO: expert info */
557 sub_tree = proto_tree_add_subtree(tree, tvb, offset, size, ett_dcom_instantianinfo, NULL, "InstantiationInfo");
559 offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di, drep);
561 offset = dissect_dcom_UUID(tvb, offset, pinfo, sub_tree, di, drep,
562 hf_sysact_instninfo_clsid, NULL);
563 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
564 hf_sysact_instninfo_clsctx, NULL);
565 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
566 hf_sysact_instninfo_actflags, NULL);
567 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
568 hf_sysact_instninfo_issurrogate, NULL);
569 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
570 hf_sysact_instninfo_iidcount, NULL);
571 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
572 hf_sysact_instninfo_instflags, NULL);
574 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
575 dissect_InstantiationInfoIids, NDR_POINTER_UNIQUE,
576 "InterfaceIdsPtr", -1);
578 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
579 hf_sysact_instninfo_entiresize, NULL);
580 offset = dissect_dcom_COMVERSION(tvb, offset, pinfo, sub_tree, di, drep,
583 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
585 len = offset - old_offset;
587 /* TODO expert info */
590 else if (size > len) {
591 proto_tree_add_item(sub_tree, hf_sysact_unused_buffer, tvb, offset, size - len, ENC_NA);
594 offset = old_offset + size;
599 dissect_ActCtxInfo_PropCtx(tvbuff_t *tvb _U_, gint offset,
600 packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info *di _U_, guint8 *drep _U_)
608 dissect_ActCtxInfo_CltCtx(tvbuff_t *tvb, gint offset,
609 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
611 if (di->conformant_run) {
615 offset = dissect_dcom_MInterfacePointer(tvb, offset, pinfo, tree, di, drep,
616 hf_sysact_context, NULL);
621 dissect_dcom_ActivationContextInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
622 proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size)
624 proto_tree *sub_tree;
625 gint old_offset, len;
630 /* TODO: expert info */
634 sub_tree = proto_tree_add_subtree(tree, tvb, offset, size, ett_dcom_actctxinfo, NULL, "ActivationContextInfo");
636 offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di, drep);
638 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
639 hf_sysact_actctxinfo_cltok, NULL);
640 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
641 hf_sysact_res, NULL);
642 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
643 hf_sysact_res, NULL);
644 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
645 hf_sysact_res, NULL);
647 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
648 dissect_ActCtxInfo_CltCtx, NDR_POINTER_UNIQUE,
650 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
651 dissect_ActCtxInfo_PropCtx, NDR_POINTER_UNIQUE,
653 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
655 len = offset - old_offset;
657 /* TODO expert info */
660 else if (size > len) {
661 proto_tree_add_item(sub_tree, hf_sysact_unused_buffer, tvb, offset, size - len, ENC_NA);
664 offset = old_offset + size;
670 dissect_dcom_COSERVERINFO(tvbuff_t *tvb, gint offset,
671 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex)
673 proto_item *sub_item;
674 proto_tree *sub_tree;
677 if (di->conformant_run) {
681 sub_item = proto_tree_add_item(tree, hfindex, tvb, offset, 0, ENC_NA);
682 sub_tree = proto_item_add_subtree(sub_item, ett_dcom_securityinfo);
685 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
686 hf_sysact_si_ci_res, NULL);
687 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
688 dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE, "Name(wstring)",
689 hf_sysact_si_ci_string);
690 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
691 NULL, NDR_POINTER_UNIQUE, "AuthInfoPtr", -1);
692 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
693 hf_sysact_si_ci_res, NULL);
695 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
697 proto_item_set_len(sub_item, offset - old_offset);
703 dissect_dcom_SI_ServerInfo(tvbuff_t *tvb, gint offset,
704 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
706 offset = dissect_dcom_COSERVERINFO(tvb, offset, pinfo, tree, di, drep,
707 hf_sysact_si_serverinfo);
712 dissect_dcom_SecurtiyInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
713 proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size)
715 proto_tree *sub_tree;
716 gint old_offset, len;
721 /* TODO: expert info */
725 sub_tree = proto_tree_add_subtree(tree, tvb, offset, size, ett_dcom_securityinfo, NULL, "SecurityInfo");
727 offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di ,drep);
729 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
730 hf_sysact_si_authflalgs, NULL);
731 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
732 dissect_dcom_SI_ServerInfo, NDR_POINTER_UNIQUE, "ServerInfoPtr", -1);
733 /*This SHOULD be NULL and MUST be ignored on receipt*/
734 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
735 NULL, NDR_POINTER_UNIQUE, "ReservedPtr", -1);
736 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
738 len = offset - old_offset;
740 /* TODO expert info */
743 else if (size > len) {
744 proto_tree_add_item(sub_tree, hf_sysact_unused_buffer, tvb, offset, size - len, ENC_NA);
747 offset = old_offset + size;
752 dissect_dcom_LocationInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
753 proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size)
755 proto_tree *sub_tree;
756 gint old_offset, len;
761 /* TODO: expert info */
765 sub_tree = proto_tree_add_subtree(tree, tvb, offset, size, ett_dcom_locationinfo, NULL, "LocationInfo");
767 offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di, drep);
769 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
770 dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE, "MachineNamePtr",
771 hf_sysact_li_string);
773 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
774 hf_sysact_li_procid, NULL);
775 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
776 hf_sysact_li_apartid, NULL);
777 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
778 hf_sysact_li_ctxid, NULL);
780 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
782 len = offset - old_offset;
784 /* TODO expert info */
787 else if (size > len) {
788 proto_tree_add_item(sub_tree, hf_sysact_unused_buffer, tvb, offset, size - len, ENC_NA);
791 offset = old_offset + size;
797 dissect_dcom_ProtoSeq(tvbuff_t *tvb, gint offset, packet_info *pinfo,
798 proto_tree *tree, dcerpc_info *di, guint8 *drep)
800 offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, di, drep,
801 hf_sysact_sri_protseq, NULL);
807 dissect_dcom_ProtoSeqArray(tvbuff_t *tvb, gint offset,
808 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
810 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep,
811 dissect_dcom_ProtoSeq);
816 dissect_dcom_customREMOTE_REQUEST_SCM_INFO(tvbuff_t *tvb, gint offset,
817 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
819 proto_item *sub_item;
820 proto_tree *sub_tree;
823 if (di->conformant_run) {
827 sub_tree = proto_tree_add_subtree(tree, tvb, offset, 0, ett_dcom_rmtrqst, &sub_item, "RemoteRequest");
830 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
831 hf_sysact_sri_cltimplvl, NULL);
832 offset = dissect_dcom_WORD(tvb, offset, pinfo, sub_tree, di, drep,
833 hf_sysact_sri_protseqnum, NULL);
834 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
835 dissect_dcom_ProtoSeqArray, NDR_POINTER_UNIQUE, "ProtocolSeqsArrayPtr", -1);
836 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
838 proto_item_set_len(sub_item, offset - old_offset);
844 dissect_dcom_ScmRqstInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
845 proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size)
847 proto_tree *sub_tree;
848 gint old_offset, len;
853 /* TODO: expert info */
857 sub_tree = proto_tree_add_subtree(tree, tvb, offset, size, ett_dcom_scmrqstinfo, NULL, "ScmRequestInfo");
859 offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di, drep);
861 /*This MUST be set to NULL and MUST be ignored on receipt*/
862 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
863 NULL, NDR_POINTER_UNIQUE, "Ptr", -1);
864 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
865 dissect_dcom_customREMOTE_REQUEST_SCM_INFO, NDR_POINTER_UNIQUE,
866 "RemoteRequestPtr", -1);
867 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
869 len = offset - old_offset;
871 /* TODO expert info */
874 else if (size > len) {
875 proto_tree_add_item(sub_tree, hf_sysact_unused_buffer, tvb, offset, size - len, ENC_NA);
878 offset = old_offset + size;
884 dissect_dcom_IfId(tvbuff_t *tvb, gint offset, packet_info *pinfo,
885 proto_tree *tree, dcerpc_info *di, guint8 *drep)
887 offset = dissect_dcom_UUID(tvb, offset, pinfo, tree, di, drep,
888 hf_sysact_pi_iid, NULL);
893 dissect_dcom_IfIds(tvbuff_t *tvb, gint offset,
894 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
896 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep,
902 dissect_dcom_ReturnVal(tvbuff_t *tvb, gint offset, packet_info *pinfo,
903 proto_tree *tree, dcerpc_info *di, guint8 *drep)
905 offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, di, drep,
906 hf_sysact_pi_retval, NULL);
911 dissect_dcom_ReturnVals(tvbuff_t *tvb, gint offset,
912 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
914 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep,
915 dissect_dcom_ReturnVal);
920 dissect_OneInterfData(tvbuff_t *tvb, gint offset,
921 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
923 offset = dissect_dcom_MInterfacePointer(tvb, offset, pinfo, tree, di, drep,
924 hf_sysact_pi_interf, NULL);
929 dissect_dcom_OneInterfDataPtr(tvbuff_t *tvb, gint offset, packet_info *pinfo,
930 proto_tree *tree, dcerpc_info *di, guint8 *drep)
932 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, di, drep,
933 dissect_OneInterfData, NDR_POINTER_UNIQUE, "InterfacePtr", -1);
938 * This MUST be an array of MInterfacePointer pointers containing the OBJREFs for
939 * the interfaces returned by the server.
942 dissect_dcom_InterfData(tvbuff_t *tvb, gint offset,
943 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
945 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep,
946 dissect_dcom_OneInterfDataPtr);
947 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
952 dissect_dcom_PropsOutInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
953 proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size)
955 proto_tree *sub_tree;
956 gint old_offset, len;
961 /* TODO: expert info */
965 sub_tree = proto_tree_add_subtree(tree, tvb, offset, size, ett_dcom_propsoutput, NULL, "PropertiesOutput");
967 offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di, drep);
969 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
970 hf_sysact_pi_ifnum, NULL);
972 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
973 dissect_dcom_IfIds, NDR_POINTER_UNIQUE, "InterfaceIdsPtr", -1);
974 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
975 dissect_dcom_ReturnVals, NDR_POINTER_UNIQUE, "ReturnValuesPtr", -1);
976 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
977 dissect_dcom_InterfData, NDR_POINTER_UNIQUE, "InterfacePtrsPtr", -1);
978 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
980 len = offset - old_offset;
982 /* TODO expert info */
985 else if (size > len) {
986 proto_tree_add_item(sub_tree, hf_sysact_unused_buffer, tvb, offset, size - len, ENC_NA);
989 offset = old_offset + size;
996 *typedef struct tagDUALSTRINGARRAY {
997 * unsigned short wNumEntries;
998 * unsigned short wSecurityOffset;
999 * [size_is(wNumEntries)] unsigned short aStringArray[];
1003 dissect_dcom_OxidBindings(tvbuff_t *tvb, gint offset,
1004 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
1006 proto_item *sub_item;
1007 proto_tree *sub_tree;
1010 if (di->conformant_run) {
1014 old_offset = offset;
1015 sub_tree = proto_tree_add_subtree(tree, tvb, offset, 0, ett_dcom_oxidbinding, &sub_item, "OxidBindings");
1017 offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, sub_tree, di, drep, NULL);
1018 offset = dissect_dcom_DUALSTRINGARRAY(tvb, offset, pinfo, sub_tree, di, drep,
1019 hf_sysact_scmri_binding, NULL);
1021 proto_item_set_len(sub_item, offset - old_offset);
1027 dissect_dcom_customREMOTE_REPLY_SCM_INFO(tvbuff_t *tvb, gint offset,
1028 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
1030 proto_item *sub_item;
1031 proto_tree *sub_tree;
1034 if (di->conformant_run) {
1038 sub_tree = proto_tree_add_subtree(tree, tvb, offset, 0, ett_dcom_rmtresp, &sub_item, "RemoteReply");
1040 old_offset = offset;
1041 offset = dissect_dcom_ID(tvb, offset, pinfo, sub_tree, di, drep,
1042 hf_sysact_scmri_oxid, NULL);
1043 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
1044 dissect_dcom_OxidBindings, NDR_POINTER_UNIQUE, "OxidBindingsPtr", -1);
1045 offset = dissect_dcom_UUID(tvb, offset, pinfo, sub_tree, di, drep,
1046 hf_sysact_scmri_rmtunknid, NULL);
1047 offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
1048 hf_sysact_scmri_authhint, NULL);
1049 offset = dissect_dcom_COMVERSION(tvb, offset, pinfo, sub_tree, di, drep,
1051 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1053 proto_item_set_len(sub_item, offset - old_offset);
1060 dissect_dcom_ScmReplyInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
1061 proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size)
1063 proto_tree *sub_tree;
1064 gint old_offset, len;
1066 old_offset = offset;
1069 /* TODO: expert info */
1073 sub_tree = proto_tree_add_subtree(tree, tvb, offset, size, ett_dcom_scmrespinfo, NULL, "ScmReplyInfo");
1075 offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di, drep);
1077 /*This MUST be set to NULL and MUST be ignored on receipt*/
1078 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
1079 NULL, NDR_POINTER_UNIQUE, "Ptr", -1);
1080 offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
1081 dissect_dcom_customREMOTE_REPLY_SCM_INFO, NDR_POINTER_UNIQUE,
1082 "RemoteRequestPtr", -1);
1083 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1085 len = offset - old_offset;
1087 /* TODO expert info */
1090 else if (size > len) {
1091 proto_tree_add_item(sub_tree, hf_sysact_unused_buffer, tvb, offset, size - len, ENC_NA);
1094 offset = old_offset + size;
1100 sysact_register_routines(void)
1102 dcom_register_rountine(dissect_dcom_ActivationProperties, &iid_ActivationPropertiesIn);
1103 dcom_register_rountine(dissect_dcom_ActivationProperties, &iid_ActivationPropertiesOut);
1104 dcom_register_rountine(dissect_dcom_SpecialSystemProperties, &clsid_SpecialSystemProperties);
1105 dcom_register_rountine(dissect_dcom_InstantiationInfo, &clsid_InstantiationInfo);
1106 dcom_register_rountine(dissect_dcom_ActivationContextInfo, &clsid_ActivationContextInfo);
1107 dcom_register_rountine(dissect_dcom_ContextMarshaler, &clsid_ContextMarshaler);
1108 dcom_register_rountine(dissect_dcom_SecurtiyInfo, &clsid_SecurityInfo);
1109 dcom_register_rountine(dissect_dcom_LocationInfo, &clsid_ServerLocationInfo);
1110 dcom_register_rountine(dissect_dcom_ScmRqstInfo, &clsid_ScmRequestInfo);
1111 dcom_register_rountine(dissect_dcom_PropsOutInfo, &clsid_PropsOutInfo);
1112 dcom_register_rountine(dissect_dcom_ScmReplyInfo, &clsid_ScmReplyInfo);
1118 dissect_remsysact_remotecreateinstance_rqst(tvbuff_t *tvb, int offset,
1119 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
1122 sysact_register_routines();
1124 offset = dissect_dcom_this(tvb, offset, pinfo, tree, di, drep);
1126 /* XXX - what is this? */
1127 offset = dissect_dcom_nospec_data(tvb, offset, pinfo, tree, drep, 4);
1128 offset = dissect_dcom_PMInterfacePointer(tvb, offset, pinfo, tree, di, drep,
1129 hf_sysact_actproperties, NULL /* XXX */);
1134 dissect_remsysact_remotecreateinstance_resp(tvbuff_t *tvb, int offset,
1135 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
1137 sysact_register_routines();
1139 offset = dissect_dcom_that(tvb, offset, pinfo, tree, di, drep);
1141 offset = dissect_dcom_PMInterfacePointer(tvb, offset, pinfo, tree, di, drep,
1142 hf_sysact_actproperties, NULL /* XXX */);
1144 offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, di, drep,
1145 NULL /* pu32HResult */);
1151 static dcerpc_sub_dissector ISystemActivator_dissectors[] = {
1152 { 0, "QueryInterfaceIRemoteSCMActivator", NULL, NULL },
1153 { 1, "AddRefIRemoteISCMActivator", NULL, NULL },
1154 { 2, "ReleaseIRemoteISCMActivator", NULL, NULL },
1155 { 3, "RemoteGetClassObject", NULL, NULL },
1156 { 4, "RemoteCreateInstance", dissect_remsysact_remotecreateinstance_rqst, dissect_remsysact_remotecreateinstance_resp },
1157 { 0, NULL, NULL, NULL },
1161 proto_register_ISystemActivator (void)
1164 static hf_register_info hf[] = {
1166 { "Operation", "isystemactivator.opnum", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1167 { &hf_sysact_actproperties,
1168 { "IActProperties", "isystemactivator.actproperties", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1170 { &hf_sysact_unknown,
1171 { "IUnknown", "isystemactivator.unknown", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1175 static hf_register_info hf_actproperties[] = {
1176 { &hf_sysact_totalsize,
1177 { "Totalsize", "isystemactivator.actproperties.size", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1179 { "Reserved", "isystemactivator.actproperties.resv", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1181 { &hf_sysact_customhdrsize,
1182 { "CustomHeaderSize", "isystemactivator.customhdr.size", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1183 { &hf_sysact_dstctx,
1184 { "DestinationContext", "isystemactivator.customhdr.dc", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1185 { &hf_sysact_actpropnumber,
1186 { "NumActivationPropertyStructs", "isystemactivator.customhdr.actpropnumber", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1187 { &hf_sysact_actpropclsinfoid,
1188 { "ClassInfoClsid", "isystemactivator.customhdr.clsinfoid", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1190 { &hf_sysact_actpropclsids,
1191 { "PropertyGuids", "isystemactivator.customhdr.clsids", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1193 { &hf_sysact_actpropclsid,
1194 { "PropertyStructGuid", "isystemactivator.customhdr.clsid", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1196 { &hf_sysact_actpropsizes,
1197 { "PropertyDataSizes", "isystemactivator.customhdr.datasizes", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1199 { &hf_sysact_actpropsize,
1200 { "PropertyDataSize", "isystemactivator.customhdr.datasize", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1202 /*SpecialSystemProperties*/
1203 { &hf_sysact_spsysprop_sid,
1204 { "SessionID", "isystemactivator.properties.spcl.sid", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, "A value that uniquely identifies a logon session on the server", HFILL }},
1205 { &hf_sysact_spsysprop_remotethissid,
1206 { "RemoteThisSessionID", "isystemactivator.properties.spcl.remotesid", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1207 { &hf_sysact_spsysprop_cltimpersonating,
1208 { "ClientImpersonating", "isystemactivator.properties.spcl.cltimp", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1209 { &hf_sysact_spsysprop_partitionid,
1210 { "PartitionIDPresent", "isystemactivator.properties.spcl.cltimp", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1211 { &hf_sysact_spsysprop_defauthlvl,
1212 { "DefaultAuthnLevel", "isystemactivator.properties.spcl.defauthlvl", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1213 { &hf_sysact_spsysprop_partition,
1214 { "PartitionGuid", "isystemactivator.properties.spcl.partition", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1215 { &hf_sysact_spsysprop_procrqstflgs,
1216 { "ProcessRequestFlags", "isystemactivator.properties.spcl.procreqstflgs", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1217 { &hf_sysact_spsysprop_origclsctx,
1218 { "OriginalClassContext", "isystemactivator.properties.spcl.origclsctx", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1219 { &hf_sysact_spsysprop_flags,
1220 { "Flags", "isystemactivator.properties.spcl.flags", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1222 { &hf_sysact_spsysprop_procid,
1223 { "ProcessID", "isystemactivator.properties.spcl.procid", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1226 { &hf_sysact_spsysprop_hwnd,
1227 { "hWnd", "isystemactivator.properties.spcl.hwnd", FT_UINT64, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1230 /*InstantiationInfo*/
1231 { &hf_sysact_instninfo_clsid,
1232 { "InstantiatedObjectClsId", "isystemactivator.properties.instninfo.clsid", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1233 { &hf_sysact_instninfo_clsctx,
1234 { "ClassContext", "isystemactivator.properties.instninfo.clsctx", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1235 { &hf_sysact_instninfo_actflags,
1236 { "ActivationFlags", "isystemactivator.properties.instninfo.actflags", FT_UINT32, BASE_DEC_HEX, VALS(instninfo_actflags), 0x0, NULL, HFILL }},
1237 { &hf_sysact_instninfo_issurrogate,
1238 { "FlagsSurrogate", "isystemactivator.properties.instninfo.actflags", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1239 { &hf_sysact_instninfo_iidcount,
1240 { "InterfaceIdCount", "isystemactivator.properties.instninfo.iidcount", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1241 { &hf_sysact_instninfo_instflags,
1242 { "InstantiationFlag", "isystemactivator.properties.instninfo.instflags", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1243 { &hf_sysact_instninfo_entiresize,
1244 { "EntirePropertySize", "isystemactivator.properties.instninfo.entiresize", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1245 { &hf_sysact_instninfo_iid,
1246 { "InterfaceIds", "isystemactivator.properties.instninfo.iid", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1248 /*ActivationContextInfo*/
1249 { &hf_sysact_actctxinfo_cltok,
1250 { "ClientOk", "isystemactivator.properties.actctxinfo.cltok", FT_INT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1251 { &hf_sysact_context,
1252 { "ClientContext", "isystemactivator.properties.context", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1255 { &hf_sysact_ctx_id,
1256 { "ContextID", "isystemactivator.properties.context.id", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1257 { &hf_sysact_ctx_flags,
1258 { "Flags", "isystemactivator.properties.context.flags", FT_UINT32, BASE_HEX, VALS(dcom_context_flag_vals), 0x0, NULL, HFILL }},
1259 { &hf_sysact_ctx_res,
1260 { "Reserved", "isystemactivator.properties.context.res", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL }},
1261 { &hf_sysact_ctx_numextents,
1262 { "NumExtents", "isystemactivator.properties.context.numext", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1263 { &hf_sysact_ctx_extentscnt,
1264 { "ExtentCount", "isystemactivator.properties.context.extcnt", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1265 { &hf_sysact_ctx_mashflags,
1266 { "MarshalFlags", "isystemactivator.properties.context.mashflags", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1267 { &hf_sysact_ctx_count,
1268 { "ContextPropertyCount", "isystemactivator.properties.context.cnt", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1269 { &hf_sysact_ctx_frozen,
1270 { "Frozen", "isystemactivator.properties.context.frz", FT_UINT32, BASE_HEX, VALS(boolean_flag_vals), 0x0, NULL, HFILL }},
1273 { &hf_sysact_si_authflalgs,
1274 { "AuthenticationFlags", "isystemactivator.properties.si.authflags", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL }},
1275 { &hf_sysact_si_serverinfo,
1276 { "ServerInfo", "isystemactivator.properties.si.ci", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
1277 { &hf_sysact_si_ci_res,
1278 { "Reserved", "isystemactivator.properties.si.ci.res", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL }},
1279 { &hf_sysact_si_ci_string,
1280 { "String", "isystemactivator.properties.si.ci.name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
1283 { &hf_sysact_li_string,
1284 { "String", "isystemactivator.properties.li.name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
1285 { &hf_sysact_li_procid,
1286 { "ProcessId", "isystemactivator.properties.li.procid", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1287 { &hf_sysact_li_apartid,
1288 { "ApartmentId", "isystemactivator.properties.li.apartid", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1289 { &hf_sysact_li_ctxid,
1290 { "ContextId", "isystemactivator.properties.li.ctxid", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1293 { &hf_sysact_sri_cltimplvl,
1294 { "ClientImpersonationLevel", "isystemactivator.properties.sri.cltimplvl", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1295 { &hf_sysact_sri_protseqnum,
1296 { "NumProtocolSequences", "isystemactivator.properties.sri.protseqnum", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1297 { &hf_sysact_sri_protseq,
1298 { "ProtocolSeq", "isystemactivator.properties.sri.protseq", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1301 { &hf_sysact_pi_ifnum,
1302 { "NumInterfaces", "isystemactivator.properties.pi.ifnum", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1303 { &hf_sysact_pi_retval,
1304 { "ReturnValue", "isystemactivator.properties.retval", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1305 { &hf_sysact_pi_interf,
1306 { "Interface", "isystemactivator.properties.interf", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1307 { &hf_sysact_pi_iid,
1308 { "IID", "isystemactivator.properties.iid", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1311 { &hf_sysact_scmri_rmtunknid,
1312 { "IRemUnknownInterfacePointerId", "isystemactivator.properties.scmresp.rmtunknid", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1313 { &hf_sysact_scmri_authhint,
1314 { "AuthenticationHint", "isystemactivator.properties.scmresp.authhint", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1315 { &hf_sysact_scmri_binding,
1316 { "Bindings", "isystemactivator.properties.scmresp.binding", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1317 { &hf_sysact_scmri_oxid,
1318 { "OXID", "isystemactivator.properties.scmresp.oxid", FT_UINT64, BASE_HEX, NULL, 0x0, NULL, HFILL }},
1319 { &hf_sysact_unused_buffer,
1320 { "Unused buffer", "isystemactivator.unused_buffer", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1323 static hf_register_info hf_tshdr[] = {
1325 { "CommonHeader", "isystemactivator.actproperties.ts.hdr", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1327 { "PrivateHeader", "isystemactivator.actproperties.ts.hdr", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1329 { "Version", "isystemactivator.actproperties.ts.ver", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }},
1330 { &hf_typesz_endianness,
1331 { "Endianness", "isystemactivator.actproperties.ts.end", FT_UINT8, BASE_HEX, VALS(ts_endian_vals), 0x0, NULL, HFILL }},
1332 { &hf_typesz_commhdrlen,
1333 { "CommonHeaderLength", "isystemactivator.actproperties.ts.chl", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1334 { &hf_typesz_filler,
1335 { "Filler", "isystemactivator.actproperties.ts.fil", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL }},
1336 { &hf_typesz_buflen,
1337 { "ObjectBufferLength", "isystemactivator.actproperties.ts.buflen", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1342 static gint *ett[] = {
1343 &ett_isystemactivator,
1350 &ett_dcom_spclsysprop,
1352 &ett_dcom_instantianinfo,
1353 &ett_dcom_actctxinfo,
1355 &ett_dcom_securityinfo,
1356 &ett_dcom_locationinfo,
1357 &ett_dcom_scmrqstinfo,
1360 &ett_dcom_propsoutput,
1361 &ett_dcom_scmrespinfo,
1363 &ett_dcom_oxidbinding,
1367 proto_ISystemActivator = proto_register_protocol ("ISystemActivator ISystemActivator Resolver", "ISystemActivator", "isystemactivator");
1368 proto_register_field_array (proto_ISystemActivator, hf, array_length (hf));
1369 proto_register_field_array (proto_ISystemActivator, hf_actproperties, array_length (hf_actproperties));
1370 proto_register_field_array(proto_ISystemActivator, hf_tshdr, array_length(hf_tshdr));
1371 proto_register_subtree_array (ett, array_length (ett));
1375 proto_reg_handoff_ISystemActivator (void)
1377 /* Register the protocol as dcerpc */
1378 dcerpc_init_uuid (proto_ISystemActivator, ett_isystemactivator, &uuid_ISystemActivator,
1379 ver_ISystemActivator, ISystemActivator_dissectors, hf_opnum);
1383 * Editor modelines - http://www.wireshark.org/tools/modelines.html
1388 * indent-tabs-mode: nil
1391 * vi: set shiftwidth=4 tabstop=8 expandtab:
1392 * :indentSize=4:tabSize=8:noTabs=true: