epan/dissectors/packet-dcom-sysact.c

   1 /* packet-dcom-sysact.c
   2  * Routines for the ISystemActivator interface
   3  * Copyright 2004, Jelmer Vernooij <jelmer@samba.org>
   4  * Copyright 2012, Litao Gao <ltgao@juniper.net>
   5  *
   6  * Wireshark - Network traffic analyzer
   7  * By Gerald Combs <gerald@wireshark.org>
   8  * Copyright 1998 Gerald Combs
   9  *
  10  * SPDX-License-Identifier: GPL-2.0-or-later
  11  */
  12
  13 #include "config.h"
  14
  15 #include <epan/packet.h>
  16 #include "packet-dcerpc.h"
  17 #include "packet-dcom.h"
  18
  19 void proto_register_ISystemActivator(void);
  20 void proto_reg_handoff_ISystemActivator(void);
  21
  22 static int proto_ISystemActivator = -1;
  23
  24 static gint ett_isystemactivator = -1;
  25 static int hf_opnum = -1;
  26 static int hf_sysact_actproperties = -1;
  27 /* static int hf_sysact_unknown = -1; */
  28
  29 static gint ett_actproperties = -1;
  30 static int hf_sysact_totalsize = -1;
  31 static int hf_sysact_res = -1;
  32
  33 static gint ett_commonheader = -1;
  34 static gint ett_propguids = -1;
  35 static gint ett_properties = -1;
  36 static int hf_sysact_customhdrsize = -1;
  37 static int hf_sysact_dstctx = -1;
  38 static int hf_sysact_actpropnumber = -1;
  39 static int hf_sysact_actpropclsinfoid = -1;
  40 /* static int hf_sysact_actpropclsids = -1; */
  41 static int hf_sysact_actpropclsid = -1;
  42 /* static int hf_sysact_actpropsizes = -1; */
  43 static int hf_sysact_actpropsize = -1;
  44
  45
  46 static gint ett_dcom_spclsysprop = -1;
  47 static gint ett_dcom_reserved = -1;
  48 static int hf_sysact_spsysprop_sid = -1;
  49 static int hf_sysact_spsysprop_remotethissid = -1;
  50 static int hf_sysact_spsysprop_cltimpersonating = -1;
  51 static int hf_sysact_spsysprop_partitionid = -1;
  52 static int hf_sysact_spsysprop_defauthlvl = -1;
  53 static int hf_sysact_spsysprop_partition = -1;
  54 static int hf_sysact_spsysprop_procrqstflgs = -1;
  55 static int hf_sysact_spsysprop_origclsctx = -1;
  56 static int hf_sysact_spsysprop_flags = -1;
  57 /* static int hf_sysact_spsysprop_procid = -1; */
  58 /* static int hf_sysact_spsysprop_hwnd = -1; */
  59
  60 static gint ett_dcom_instantianinfo = -1;
  61 static int hf_sysact_instninfo_clsid = -1;
  62 static int hf_sysact_instninfo_clsctx = -1;
  63 static int hf_sysact_instninfo_actflags = -1;
  64 static int hf_sysact_instninfo_issurrogate = -1;
  65 static int hf_sysact_instninfo_iidcount = -1;
  66 static int hf_sysact_instninfo_instflags = -1;
  67 static int hf_sysact_instninfo_entiresize = -1;
  68 static int hf_sysact_instninfo_iid = -1;
  69
  70 static gint ett_dcom_actctxinfo = -1;
  71 static int hf_sysact_actctxinfo_cltok = -1;
  72 static int hf_sysact_context = -1;
  73
  74 static gint ett_dcom_context = -1;
  75 static int hf_sysact_ctx_id = -1;
  76 static int hf_sysact_ctx_flags = -1;
  77 static int hf_sysact_ctx_res = -1;
  78 static int hf_sysact_ctx_numextents = -1;
  79 static int hf_sysact_ctx_extentscnt = -1;
  80 static int hf_sysact_ctx_mashflags = -1;
  81 static int hf_sysact_ctx_count = -1;
  82 static int hf_sysact_ctx_frozen = -1;
  83
  84 static gint ett_dcom_securityinfo = -1;
  85 static int hf_sysact_si_authflalgs = -1;
  86 static int hf_sysact_si_ci_res = -1;
  87 static int hf_sysact_si_ci_string = -1;
  88 static int hf_sysact_si_serverinfo = -1;
  89
  90 static gint ett_dcom_locationinfo = -1;
  91 static int hf_sysact_li_string = -1;
  92 static int hf_sysact_li_procid = -1;
  93 static int hf_sysact_li_apartid = -1;
  94 static int hf_sysact_li_ctxid = -1;
  95
  96 static gint ett_dcom_scmrqstinfo = -1;
  97 static gint ett_dcom_rmtrqst = -1;
  98
  99 static int hf_sysact_sri_cltimplvl = -1;
 100 static int hf_sysact_sri_protseqnum = -1;
 101 static int hf_sysact_sri_protseq = -1;
 102
 103 static gint ett_dcom_propsoutput = -1;
 104 static int hf_sysact_pi_ifnum = -1;
 105 static int hf_sysact_pi_retval = -1;
 106 static int hf_sysact_pi_interf = -1;
 107 static int hf_sysact_pi_iid = -1;
 108
 109 static gint ett_dcom_scmrespinfo = -1;
 110 static gint ett_dcom_rmtresp = -1;
 111 static gint ett_dcom_oxidbinding = -1;
 112 static int hf_sysact_scmri_rmtunknid = -1;
 113 static int hf_sysact_scmri_authhint = -1;
 114 static int hf_sysact_scmri_binding = -1;
 115 static int hf_sysact_scmri_oxid = -1;
 116 static int hf_sysact_unused_buffer = -1;
 117
 118 static gint ett_typeszcommhdr = -1;
 119 static gint ett_typeszprivhdr = -1;
 120 static int hf_typeszch = -1;
 121 static int hf_typeszph = -1;
 122 static int hf_typesz_ver = -1;
 123 static int hf_typesz_endianness = -1;
 124 static int hf_typesz_commhdrlen = -1;
 125 static int hf_typesz_filler = -1;
 126 static int hf_typesz_buflen = -1;
 127
 128 static e_guid_t uuid_ISystemActivator = { 0x000001a0, 0x0000, 0x0000, { 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46 } };
 129 static guint16  ver_ISystemActivator = 0;
 130
 131 /*static e_guid_t clsid_ActivationPropertiesIn = { 0x00000338, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };*/
 132 /*static e_guid_t clsid_ActivationPropertiesOut = { 0x00000339, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };*/
 133 static e_guid_t iid_ActivationPropertiesIn = { 0x000001a2, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
 134 static e_guid_t iid_ActivationPropertiesOut = { 0x000001a3, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
 135
 136 static e_guid_t clsid_SpecialSystemProperties = { 0x000001b9, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
 137 static e_guid_t clsid_InstantiationInfo = { 0x000001ab, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
 138 static e_guid_t clsid_ActivationContextInfo = { 0x000001a5, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
 139 static e_guid_t clsid_ContextMarshaler = { 0x0000033b, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
 140 static e_guid_t clsid_SecurityInfo = { 0x000001a6, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
 141 static e_guid_t clsid_ServerLocationInfo = { 0x000001a4, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
 142 static e_guid_t clsid_ScmRequestInfo = { 0x000001aa, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
 143 static e_guid_t clsid_PropsOutInfo = { 0x00000339, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
 144 static e_guid_t clsid_ScmReplyInfo = { 0x000001b6, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };
 145 /*static e_guid_t clsid_InstanceInfo = { 0x000001ad, 0x0000, 0x0000, { 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46} };*/
 146
 147
 148 static const value_string instninfo_actflags[] = {
 149     { 0x00000002, "ACTVFLAGS_DISABLE_AAA" },
 150     { 0x00000004, "ACTVFLAGS_ACTIVATE_32_BIT_SERVER" },
 151     { 0x00000008, "ACTVFLAGS_ACTIVATE_64_BIT_SERVER" },
 152     { 0x00000020, "ACTVFLAGS_NO_FAILURE_LOG" },
 153     { 0,  NULL }
 154 };
 155
 156 static const value_string boolean_flag_vals[] = {
 157     { 0x00000001, "TRUE" },
 158     { 0x00000000, "FALSE" },
 159     { 0,  NULL }
 160 };
 161
 162 static const value_string dcom_context_flag_vals[] = {
 163     { 0x00000002, "MarshalByValue" },
 164     { 0,  NULL }
 165 };
 166
 167 static const value_string ts_endian_vals[] = {
 168     { 0x10, "Little-endian" },
 169     { 0x00, "Big-endian" },
 170     { 0,  NULL }
 171 };
 172
 173 /* MS-DCOM 2.2.28.1 */
 174 #define MIN_ACTPROP_LIMIT 1
 175 #define MAX_ACTPROP_LIMIT 10
 176
 177 typedef struct property_guids {
 178     e_guid_t guid[MAX_ACTPROP_LIMIT];
 179     guint32  size[MAX_ACTPROP_LIMIT];
 180     guint32  id_idx;
 181     guint32  size_idx;
 182 } property_guids_t;
 183
 184 /* Type Serialization Version 1 */
 185 static int
 186 dissect_TypeSzCommPrivHdr(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 187                        proto_tree *tree, dcerpc_info *di, guint8 *drep)
 188 {
 189     proto_item *sub_item;
 190     proto_tree *sub_tree;
 191     guint8 drep_tmp;
 192     guint8 endian = 0x10;
 193     gint   old_offset;
 194
 195     /* Common Header use little endian */
 196     sub_item = proto_tree_add_item(tree, hf_typeszch, tvb, offset, 0, ENC_NA);
 197     sub_tree = proto_item_add_subtree(sub_item, ett_typeszcommhdr);
 198
 199     old_offset = offset;
 200     offset = dissect_dcom_BYTE(tvb, offset, pinfo, sub_tree, di, drep,
 201             hf_typesz_ver, NULL);
 202
 203     offset = dissect_dcom_BYTE(tvb, offset, pinfo, sub_tree, di, drep,
 204             hf_typesz_endianness, &endian);
 205     if (endian == 0x10)
 206         *drep = DREP_LITTLE_ENDIAN;
 207     else
 208         *drep &= ~DREP_LITTLE_ENDIAN;
 209
 210     drep_tmp = DREP_LITTLE_ENDIAN;
 211     offset = dissect_dcom_WORD(tvb, offset, pinfo, sub_tree, di, &drep_tmp,
 212             hf_typesz_commhdrlen, NULL);
 213     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, &drep_tmp,
 214             hf_typesz_filler, NULL);
 215     proto_item_set_len(sub_item, offset - old_offset);
 216
 217     /* Private Header */
 218     old_offset = offset;
 219     sub_item = proto_tree_add_item(tree, hf_typeszph, tvb, offset, 0, ENC_NA);
 220     sub_tree = proto_item_add_subtree(sub_item, ett_typeszprivhdr);
 221     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 222             hf_typesz_buflen, NULL);
 223     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 224             hf_typesz_filler, NULL);
 225     proto_item_set_len(sub_item, offset - old_offset);
 226
 227     return offset;
 228 }
 229
 230
 231
 232 static int
 233 dissect_dcom_Property_Guid(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 234                             proto_tree *tree, dcerpc_info *di, guint8 *drep)
 235 {
 236     property_guids_t *pg;
 237
 238     pg = (property_guids_t*)di->private_data;
 239
 240     if (pg->id_idx < MAX_ACTPROP_LIMIT) {
 241         offset = dissect_dcom_UUID(tvb, offset, pinfo, tree, di, drep,
 242                 hf_sysact_actpropclsid, &pg->guid[pg->id_idx++]);
 243     }
 244     else {
 245         /* TODO: expert info */
 246         tvb_ensure_bytes_exist(tvb, offset, 16);
 247         offset += 16;
 248     }
 249
 250     return offset;
 251 }
 252
 253 static int
 254 dissect_dcom_ActivationPropertiesCustomerHdr_PropertyGuids(tvbuff_t *tvb, gint offset,
 255         packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
 256 {
 257     offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep, dissect_dcom_Property_Guid);
 258     return offset;
 259 }
 260
 261 static int
 262 dissect_dcom_Property_Size(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 263                             proto_tree *tree, dcerpc_info *di, guint8 *drep)
 264 {
 265     property_guids_t *pg;
 266
 267     pg = (property_guids_t*)di->private_data;
 268
 269     if (pg->size_idx < MAX_ACTPROP_LIMIT) {
 270         offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, di, drep,
 271                 hf_sysact_actpropsize, &pg->size[pg->size_idx++]);
 272     }
 273     else {
 274         /* TODO: expert info */
 275         tvb_ensure_bytes_exist(tvb, offset, 4);
 276         offset += 4;
 277     }
 278
 279     return offset;
 280 }
 281
 282 static int
 283 dissect_dcom_ActivationPropertiesCustomerHdr_PropertySizes(tvbuff_t *tvb, gint offset,
 284         packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
 285 {
 286     offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep, dissect_dcom_Property_Size);
 287     return offset;
 288 }
 289
 290 static int
 291 dissect_dcom_ActivationPropertiesCustomerHdr(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 292                        proto_tree *tree, dcerpc_info *di, guint8 *drep)
 293 {
 294     guint32   u32TotalSize;
 295     guint32   u32CustomHdrSize;
 296     guint32   u32ActPropNumber;
 297     gint      old_offset;
 298
 299     proto_item *sub_item;
 300     proto_tree *sub_tree;
 301
 302     sub_tree = proto_tree_add_subtree(tree, tvb, offset, 0, ett_commonheader, &sub_item, "CustomHeader");
 303
 304     old_offset = offset;
 305     offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di, drep);
 306
 307     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 308             hf_sysact_totalsize, &u32TotalSize);
 309     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 310             hf_sysact_customhdrsize, &u32CustomHdrSize);
 311     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 312             hf_sysact_res, NULL);
 313     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 314             hf_sysact_dstctx, NULL);
 315     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 316             hf_sysact_actpropnumber, &u32ActPropNumber);
 317     offset = dissect_dcom_UUID(tvb, offset, pinfo, sub_tree, di, drep,
 318             hf_sysact_actpropclsinfoid, NULL);
 319
 320     /* ClsIdPtr, SizesPtr */
 321     offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
 322             dissect_dcom_ActivationPropertiesCustomerHdr_PropertyGuids, NDR_POINTER_UNIQUE,
 323             "ClsIdPtr",hf_sysact_actpropclsid);
 324     offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
 325             dissect_dcom_ActivationPropertiesCustomerHdr_PropertySizes, NDR_POINTER_UNIQUE,
 326             "ClsSizesPtr",hf_sysact_actpropclsid);
 327     offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
 328             NULL, NDR_POINTER_UNIQUE, "OpaqueDataPtr: Pointer To NULL", 0);
 329
 330     offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
 331     proto_item_set_len(sub_item, offset - old_offset);
 332
 333     return offset;
 334 }
 335
 336
 337 static int
 338 dissect_dcom_ActivationProperty(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 339                        proto_tree *tree, dcerpc_info *di, guint8 *drep, e_guid_t *clsid, gint size)
 340 {
 341     dcom_dissect_fn_t routine = NULL;
 342
 343     /* the following data depends on the clsid, get the routine by clsid */
 344     routine = dcom_get_rountine_by_uuid(clsid);
 345     if (routine){
 346         offset = routine(tvb, offset, pinfo, tree, di, drep, size);
 347     }
 348
 349     return offset;
 350 }
 351
 352
 353
 354 static int
 355 dissect_dcom_ActivationPropertiesBody(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 356                        proto_tree *tree, dcerpc_info *di, guint8 *drep)
 357 {
 358     gint      old_offset;
 359
 360     proto_item *sub_item;
 361     proto_tree *sub_tree;
 362     property_guids_t *pg;
 363     guint32 i;
 364     guint32 min_idx;
 365
 366     pg = (property_guids_t*)di->private_data;
 367
 368     if (pg->id_idx == pg->size_idx) {
 369         min_idx = pg->id_idx;
 370     }
 371     else {
 372         /* TODO: expert info */
 373         min_idx = MIN(pg->id_idx, pg->size_idx);
 374     }
 375
 376     sub_tree = proto_tree_add_subtree(tree, tvb, offset, 0, ett_properties, &sub_item, "Properties");
 377
 378     old_offset = offset;
 379     for (i = 0; i < min_idx; i++) {
 380         offset = dissect_dcom_ActivationProperty(tvb, offset, pinfo, sub_tree, di, drep,
 381                                                     &pg->guid[i], pg->size[i]);
 382     }
 383     proto_item_set_len(sub_item, offset - old_offset);
 384
 385     return offset;
 386 }
 387
 388 static int
 389 dissect_dcom_ActivationProperties(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 390         proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size _U_)
 391 {
 392     proto_item *sub_item;
 393     proto_tree *sub_tree;
 394     property_guids_t *old_pg = NULL;
 395
 396     guint32    u32TotalSize;
 397     guint32    u32Res;
 398
 399     sub_item = proto_tree_add_item(tree, hf_sysact_actproperties, tvb, offset, 0, ENC_NA);
 400     sub_tree = proto_item_add_subtree(sub_item, ett_actproperties);
 401
 402     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 403             hf_sysact_totalsize, &u32TotalSize);
 404     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 405             hf_sysact_res, &u32Res);
 406
 407     old_pg = (property_guids_t*)di->private_data;
 408     di->private_data = wmem_new0(wmem_packet_scope(), property_guids_t);
 409
 410     offset = dissect_dcom_ActivationPropertiesCustomerHdr(tvb, offset, pinfo, sub_tree, di, drep);
 411     offset = dissect_dcom_ActivationPropertiesBody(tvb, offset, pinfo, sub_tree, di, drep);
 412
 413     di->private_data = old_pg;
 414
 415     return offset;
 416 }
 417
 418 static int
 419 dissect_dcom_ContextMarshaler(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 420                        proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size _U_)
 421 {
 422     proto_item  *sub_item;
 423     proto_tree  *sub_tree;
 424     gint        old_offset;
 425
 426     guint32    u32Count;
 427
 428     old_offset = offset;
 429     sub_tree = proto_tree_add_subtree(tree, tvb, offset, 0, ett_dcom_context, &sub_item, "Context");
 430
 431     offset = dissect_dcom_COMVERSION(tvb, offset, pinfo, sub_tree, di, drep,
 432                 NULL, NULL);
 433     offset = dissect_dcom_UUID(tvb, offset, pinfo, sub_tree, di, drep,
 434             hf_sysact_ctx_id, NULL);
 435     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 436             hf_sysact_ctx_flags, NULL);
 437     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 438             hf_sysact_ctx_res, NULL);
 439     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 440             hf_sysact_ctx_numextents, NULL);
 441     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 442             hf_sysact_ctx_extentscnt, NULL);
 443     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 444             hf_sysact_ctx_mashflags, NULL);
 445     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 446             hf_sysact_ctx_count, &u32Count);
 447     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 448             hf_sysact_ctx_frozen, NULL);
 449
 450     if (u32Count) {
 451         /*PropMarshalHeader array*/
 452         /*TBD*/
 453     }
 454
 455     proto_item_set_len(sub_item, offset - old_offset);
 456
 457     return offset;
 458 }
 459
 460 static int
 461 dissect_dcom_SpecialSystemProperties(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 462                        proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size)
 463 {
 464     proto_tree *sub_tree, *tr;
 465     gint old_offset, len, i;
 466
 467     old_offset = offset;
 468
 469     if (size <= 0) {
 470         /* TODO: expert info */
 471         size = -1;
 472     }
 473
 474     sub_tree = proto_tree_add_subtree(tree, tvb, offset, size, ett_dcom_spclsysprop, NULL, "SpecialSystemProperties");
 475
 476     offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di, drep);
 477
 478     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 479             hf_sysact_spsysprop_sid, NULL);
 480     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 481             hf_sysact_spsysprop_remotethissid, NULL);
 482     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 483             hf_sysact_spsysprop_cltimpersonating, NULL);
 484     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 485             hf_sysact_spsysprop_partitionid, NULL);
 486     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 487             hf_sysact_spsysprop_defauthlvl, NULL);
 488     offset = dissect_dcom_UUID(tvb, offset, pinfo, sub_tree, di, drep,
 489             hf_sysact_spsysprop_partition, NULL);
 490     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 491             hf_sysact_spsysprop_procrqstflgs, NULL);
 492     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 493             hf_sysact_spsysprop_origclsctx, NULL);
 494     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 495             hf_sysact_spsysprop_flags, NULL);
 496 /*
 497  *
 498  *    offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 499  *            hf_sysact_spsysprop_procid, NULL);
 500  *    offset = dissect_dcom_I8(tvb, offset, pinfo, sub_tree, drep,
 501  *            hf_sysact_spsysprop_hwnd, NULL);
 502  *
 503  */
 504     tr = proto_tree_add_subtree(sub_tree, tvb, offset, sizeof(guint32)*8,
 505                              ett_dcom_reserved, NULL, "Reserved: 8 DWORDs");
 506     for (i = 0; i < 8; i++) {
 507         offset = dissect_dcom_DWORD(tvb, offset, pinfo, tr, di, drep,
 508                 hf_sysact_res, NULL);
 509     }
 510
 511     len = offset - old_offset;
 512     if (size < len) {
 513         /* TODO expert info */
 514         size = len;
 515     }
 516     else if (size > len) {
 517         proto_tree_add_item(sub_tree, hf_sysact_unused_buffer, tvb, offset, size - len, ENC_NA);
 518     }
 519
 520     offset = old_offset + size;
 521     return offset;
 522 }
 523
 524 static int
 525 dissect_dcom_InterfaceId(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 526                             proto_tree *tree, dcerpc_info *di, guint8 *drep)
 527 {
 528     offset = dissect_dcom_UUID(tvb, offset, pinfo, tree, di, drep,
 529                         hf_sysact_instninfo_iid, NULL);
 530     return offset;
 531 }
 532
 533 static int
 534 dissect_InstantiationInfoIids(tvbuff_t *tvb, gint offset,
 535         packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
 536 {
 537     offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep,
 538             dissect_dcom_InterfaceId);
 539
 540     return offset;
 541 }
 542
 543 static int
 544 dissect_dcom_InstantiationInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 545                        proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size)
 546 {
 547     proto_tree *sub_tree;
 548     gint old_offset, len;
 549
 550     old_offset = offset;
 551
 552     if (size <= 0) {
 553         /* TODO: expert info */
 554         size = -1;
 555     }
 556
 557     sub_tree = proto_tree_add_subtree(tree, tvb, offset, size, ett_dcom_instantianinfo, NULL, "InstantiationInfo");
 558
 559     offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di, drep);
 560
 561     offset = dissect_dcom_UUID(tvb, offset, pinfo, sub_tree, di, drep,
 562             hf_sysact_instninfo_clsid, NULL);
 563     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 564             hf_sysact_instninfo_clsctx, NULL);
 565     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 566             hf_sysact_instninfo_actflags, NULL);
 567     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 568             hf_sysact_instninfo_issurrogate, NULL);
 569     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 570             hf_sysact_instninfo_iidcount, NULL);
 571     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 572             hf_sysact_instninfo_instflags, NULL);
 573
 574     offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
 575             dissect_InstantiationInfoIids, NDR_POINTER_UNIQUE,
 576             "InterfaceIdsPtr", -1);
 577
 578     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 579             hf_sysact_instninfo_entiresize, NULL);
 580     offset = dissect_dcom_COMVERSION(tvb, offset, pinfo, sub_tree, di, drep,
 581             NULL, NULL);
 582
 583     offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
 584
 585     len = offset - old_offset;
 586     if (size < len) {
 587         /* TODO expert info */
 588         size = len;
 589     }
 590     else if (size > len) {
 591         proto_tree_add_item(sub_tree, hf_sysact_unused_buffer, tvb, offset, size - len, ENC_NA);
 592     }
 593
 594     offset = old_offset + size;
 595     return offset;
 596 }
 597
 598 static int
 599 dissect_ActCtxInfo_PropCtx(tvbuff_t *tvb _U_, gint offset,
 600         packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info *di _U_, guint8 *drep _U_)
 601 {
 602     /*TBD*/
 603     return offset;
 604 }
 605
 606
 607 static int
 608 dissect_ActCtxInfo_CltCtx(tvbuff_t *tvb, gint offset,
 609         packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
 610 {
 611     if (di->conformant_run) {
 612         return offset;
 613     }
 614
 615     offset = dissect_dcom_MInterfacePointer(tvb, offset, pinfo, tree, di, drep,
 616             hf_sysact_context, NULL);
 617     return offset;
 618 }
 619
 620 static int
 621 dissect_dcom_ActivationContextInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 622                        proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size)
 623 {
 624     proto_tree *sub_tree;
 625     gint old_offset, len;
 626
 627     old_offset = offset;
 628
 629     if (size <= 0) {
 630         /* TODO: expert info */
 631         size = -1;
 632     }
 633
 634     sub_tree = proto_tree_add_subtree(tree, tvb, offset, size, ett_dcom_actctxinfo, NULL, "ActivationContextInfo");
 635
 636     offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di, drep);
 637
 638     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 639             hf_sysact_actctxinfo_cltok, NULL);
 640     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 641             hf_sysact_res, NULL);
 642     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 643             hf_sysact_res, NULL);
 644     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 645             hf_sysact_res, NULL);
 646
 647     offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
 648             dissect_ActCtxInfo_CltCtx, NDR_POINTER_UNIQUE,
 649             "ClientPtr", -1);
 650     offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
 651             dissect_ActCtxInfo_PropCtx, NDR_POINTER_UNIQUE,
 652             "PrototypePtr", -1);
 653     offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
 654
 655     len = offset - old_offset;
 656     if (size < len) {
 657         /* TODO expert info */
 658         size = len;
 659     }
 660     else if (size > len) {
 661         proto_tree_add_item(sub_tree, hf_sysact_unused_buffer, tvb, offset, size - len, ENC_NA);
 662     }
 663
 664     offset = old_offset + size;
 665     return offset;
 666 }
 667
 668
 669 static int
 670 dissect_dcom_COSERVERINFO(tvbuff_t *tvb, gint offset,
 671         packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex)
 672 {
 673     proto_item *sub_item;
 674     proto_tree *sub_tree;
 675     gint old_offset;
 676
 677     if (di->conformant_run) {
 678         return offset;
 679     }
 680
 681     sub_item = proto_tree_add_item(tree, hfindex, tvb, offset, 0, ENC_NA);
 682     sub_tree = proto_item_add_subtree(sub_item, ett_dcom_securityinfo);
 683
 684     old_offset = offset;
 685     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 686             hf_sysact_si_ci_res, NULL);
 687     offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
 688             dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE, "Name(wstring)",
 689             hf_sysact_si_ci_string);
 690     offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
 691             NULL, NDR_POINTER_UNIQUE, "AuthInfoPtr", -1);
 692     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 693             hf_sysact_si_ci_res, NULL);
 694
 695     offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
 696
 697     proto_item_set_len(sub_item, offset - old_offset);
 698
 699     return offset;
 700 }
 701
 702 static int
 703 dissect_dcom_SI_ServerInfo(tvbuff_t *tvb, gint offset,
 704         packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
 705 {
 706     offset = dissect_dcom_COSERVERINFO(tvb, offset, pinfo, tree, di, drep,
 707             hf_sysact_si_serverinfo);
 708     return offset;
 709 }
 710
 711 static int
 712 dissect_dcom_SecurtiyInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 713                        proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size)
 714 {
 715     proto_tree *sub_tree;
 716     gint old_offset, len;
 717
 718     old_offset = offset;
 719
 720     if (size <= 0) {
 721         /* TODO: expert info */
 722         size = -1;
 723     }
 724
 725     sub_tree = proto_tree_add_subtree(tree, tvb, offset, size, ett_dcom_securityinfo, NULL, "SecurityInfo");
 726
 727     offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di ,drep);
 728
 729     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 730             hf_sysact_si_authflalgs, NULL);
 731     offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
 732             dissect_dcom_SI_ServerInfo, NDR_POINTER_UNIQUE, "ServerInfoPtr", -1);
 733     /*This SHOULD be NULL and MUST be ignored on receipt*/
 734     offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
 735             NULL, NDR_POINTER_UNIQUE, "ReservedPtr", -1);
 736     offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
 737
 738     len = offset - old_offset;
 739     if (size < len) {
 740         /* TODO expert info */
 741         size = len;
 742     }
 743     else if (size > len) {
 744         proto_tree_add_item(sub_tree, hf_sysact_unused_buffer, tvb, offset, size - len, ENC_NA);
 745     }
 746
 747     offset = old_offset + size;
 748     return offset;
 749 }
 750
 751 static int
 752 dissect_dcom_LocationInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 753                        proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size)
 754 {
 755     proto_tree *sub_tree;
 756     gint old_offset, len;
 757
 758     old_offset = offset;
 759
 760     if (size <= 0) {
 761         /* TODO: expert info */
 762         size = -1;
 763     }
 764
 765     sub_tree = proto_tree_add_subtree(tree, tvb, offset, size, ett_dcom_locationinfo, NULL, "LocationInfo");
 766
 767     offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di, drep);
 768
 769     offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
 770             dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE, "MachineNamePtr",
 771             hf_sysact_li_string);
 772
 773     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 774             hf_sysact_li_procid, NULL);
 775     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 776             hf_sysact_li_apartid, NULL);
 777     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 778             hf_sysact_li_ctxid, NULL);
 779
 780     offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
 781
 782     len = offset - old_offset;
 783     if (size < len) {
 784         /* TODO expert info */
 785         size = len;
 786     }
 787     else if (size > len) {
 788         proto_tree_add_item(sub_tree, hf_sysact_unused_buffer, tvb, offset, size - len, ENC_NA);
 789     }
 790
 791     offset = old_offset + size;
 792
 793     return offset;
 794 }
 795
 796 static int
 797 dissect_dcom_ProtoSeq(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 798                         proto_tree *tree, dcerpc_info *di, guint8 *drep)
 799 {
 800     offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, di, drep,
 801                         hf_sysact_sri_protseq, NULL);
 802
 803     return offset;
 804 }
 805
 806 static int
 807 dissect_dcom_ProtoSeqArray(tvbuff_t *tvb, gint offset,
 808                     packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
 809 {
 810     offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep,
 811             dissect_dcom_ProtoSeq);
 812     return offset;
 813 }
 814
 815 static int
 816 dissect_dcom_customREMOTE_REQUEST_SCM_INFO(tvbuff_t *tvb, gint offset,
 817         packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
 818 {
 819     proto_item *sub_item;
 820     proto_tree *sub_tree;
 821     gint old_offset;
 822
 823     if (di->conformant_run) {
 824         return offset;
 825     }
 826
 827     sub_tree = proto_tree_add_subtree(tree, tvb, offset, 0, ett_dcom_rmtrqst, &sub_item, "RemoteRequest");
 828
 829     old_offset = offset;
 830     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 831             hf_sysact_sri_cltimplvl, NULL);
 832     offset = dissect_dcom_WORD(tvb, offset, pinfo, sub_tree, di, drep,
 833             hf_sysact_sri_protseqnum, NULL);
 834     offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
 835             dissect_dcom_ProtoSeqArray, NDR_POINTER_UNIQUE, "ProtocolSeqsArrayPtr", -1);
 836     offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
 837
 838     proto_item_set_len(sub_item, offset - old_offset);
 839
 840     return offset;
 841 }
 842
 843 static int
 844 dissect_dcom_ScmRqstInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 845                        proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size)
 846 {
 847     proto_tree *sub_tree;
 848     gint old_offset, len;
 849
 850     old_offset = offset;
 851
 852     if (size <= 0) {
 853         /* TODO: expert info */
 854         size = -1;
 855     }
 856
 857     sub_tree = proto_tree_add_subtree(tree, tvb, offset, size, ett_dcom_scmrqstinfo, NULL, "ScmRequestInfo");
 858
 859     offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di, drep);
 860
 861     /*This MUST be set to NULL and MUST be ignored on receipt*/
 862     offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
 863             NULL, NDR_POINTER_UNIQUE, "Ptr", -1);
 864     offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
 865             dissect_dcom_customREMOTE_REQUEST_SCM_INFO, NDR_POINTER_UNIQUE,
 866             "RemoteRequestPtr", -1);
 867     offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
 868
 869     len = offset - old_offset;
 870     if (size < len) {
 871         /* TODO expert info */
 872         size = len;
 873     }
 874     else if (size > len) {
 875         proto_tree_add_item(sub_tree, hf_sysact_unused_buffer, tvb, offset, size - len, ENC_NA);
 876     }
 877
 878     offset = old_offset + size;
 879
 880     return offset;
 881 }
 882
 883 static int
 884 dissect_dcom_IfId(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 885                         proto_tree *tree, dcerpc_info *di, guint8 *drep)
 886 {
 887     offset = dissect_dcom_UUID(tvb, offset, pinfo, tree, di, drep,
 888             hf_sysact_pi_iid, NULL);
 889     return offset;
 890 }
 891
 892 static int
 893 dissect_dcom_IfIds(tvbuff_t *tvb, gint offset,
 894                     packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
 895 {
 896     offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep,
 897             dissect_dcom_IfId);
 898     return offset;
 899 }
 900
 901 static int
 902 dissect_dcom_ReturnVal(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 903                             proto_tree *tree, dcerpc_info *di, guint8 *drep)
 904 {
 905     offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, di, drep,
 906                         hf_sysact_pi_retval, NULL);
 907     return offset;
 908 }
 909
 910 static int
 911 dissect_dcom_ReturnVals(tvbuff_t *tvb, gint offset,
 912         packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
 913 {
 914     offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep,
 915             dissect_dcom_ReturnVal);
 916     return offset;
 917 }
 918
 919 static int
 920 dissect_OneInterfData(tvbuff_t *tvb, gint offset,
 921         packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
 922 {
 923     offset = dissect_dcom_MInterfacePointer(tvb, offset, pinfo, tree, di, drep,
 924             hf_sysact_pi_interf, NULL);
 925     return offset;
 926 }
 927
 928 static int
 929 dissect_dcom_OneInterfDataPtr(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 930                             proto_tree *tree, dcerpc_info *di, guint8 *drep)
 931 {
 932     offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, di, drep,
 933             dissect_OneInterfData, NDR_POINTER_UNIQUE, "InterfacePtr", -1);
 934     return offset;
 935 }
 936
 937 /*
 938  * This MUST be an array of MInterfacePointer pointers containing the OBJREFs for
 939  * the interfaces returned by the server.
 940  */
 941 static int
 942 dissect_dcom_InterfData(tvbuff_t *tvb, gint offset,
 943         packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
 944 {
 945     offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep,
 946             dissect_dcom_OneInterfDataPtr);
 947     offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
 948     return offset;
 949 }
 950
 951 static int
 952 dissect_dcom_PropsOutInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
 953                        proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size)
 954 {
 955     proto_tree *sub_tree;
 956     gint old_offset, len;
 957
 958     old_offset = offset;
 959
 960     if (size <= 0) {
 961         /* TODO: expert info */
 962         size = -1;
 963     }
 964
 965     sub_tree = proto_tree_add_subtree(tree, tvb, offset, size, ett_dcom_propsoutput, NULL, "PropertiesOutput");
 966
 967     offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di, drep);
 968
 969     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
 970             hf_sysact_pi_ifnum, NULL);
 971
 972     offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
 973             dissect_dcom_IfIds, NDR_POINTER_UNIQUE, "InterfaceIdsPtr", -1);
 974     offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
 975             dissect_dcom_ReturnVals, NDR_POINTER_UNIQUE, "ReturnValuesPtr", -1);
 976     offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
 977             dissect_dcom_InterfData, NDR_POINTER_UNIQUE, "InterfacePtrsPtr", -1);
 978     offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
 979
 980     len = offset - old_offset;
 981     if (size < len) {
 982         /* TODO expert info */
 983         size = len;
 984     }
 985     else if (size > len) {
 986         proto_tree_add_item(sub_tree, hf_sysact_unused_buffer, tvb, offset, size - len, ENC_NA);
 987     }
 988
 989     offset = old_offset + size;
 990
 991     return offset;
 992 }
 993
 994
 995 /*
 996  *typedef struct tagDUALSTRINGARRAY {
 997  *  unsigned short wNumEntries;
 998  *  unsigned short wSecurityOffset;
 999  *  [size_is(wNumEntries)] unsigned short aStringArray[];
1000  *} DUALSTRINGARRAY;
1001  */
1002 static int
1003 dissect_dcom_OxidBindings(tvbuff_t *tvb, gint offset,
1004                     packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
1005 {
1006     proto_item *sub_item;
1007     proto_tree *sub_tree;
1008     gint old_offset;
1009
1010     if (di->conformant_run) {
1011         return offset;
1012     }
1013
1014     old_offset = offset;
1015     sub_tree = proto_tree_add_subtree(tree, tvb, offset, 0, ett_dcom_oxidbinding, &sub_item, "OxidBindings");
1016
1017     offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, sub_tree, di, drep, NULL);
1018     offset = dissect_dcom_DUALSTRINGARRAY(tvb, offset, pinfo, sub_tree, di, drep,
1019             hf_sysact_scmri_binding, NULL);
1020
1021     proto_item_set_len(sub_item, offset - old_offset);
1022     return offset;
1023 }
1024
1025
1026 static int
1027 dissect_dcom_customREMOTE_REPLY_SCM_INFO(tvbuff_t *tvb, gint offset,
1028         packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
1029 {
1030     proto_item *sub_item;
1031     proto_tree *sub_tree;
1032     gint old_offset;
1033
1034     if (di->conformant_run) {
1035         return offset;
1036     }
1037
1038     sub_tree = proto_tree_add_subtree(tree, tvb, offset, 0, ett_dcom_rmtresp, &sub_item, "RemoteReply");
1039
1040     old_offset = offset;
1041     offset = dissect_dcom_ID(tvb, offset, pinfo, sub_tree, di, drep,
1042             hf_sysact_scmri_oxid, NULL);
1043     offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
1044             dissect_dcom_OxidBindings, NDR_POINTER_UNIQUE, "OxidBindingsPtr", -1);
1045     offset = dissect_dcom_UUID(tvb, offset, pinfo, sub_tree, di, drep,
1046             hf_sysact_scmri_rmtunknid, NULL);
1047     offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, di, drep,
1048             hf_sysact_scmri_authhint, NULL);
1049     offset = dissect_dcom_COMVERSION(tvb, offset, pinfo, sub_tree, di, drep,
1050                 NULL, NULL);
1051     offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1052
1053     proto_item_set_len(sub_item, offset - old_offset);
1054
1055     return offset;
1056 }
1057
1058
1059 static int
1060 dissect_dcom_ScmReplyInfo(tvbuff_t *tvb, gint offset, packet_info *pinfo,
1061                        proto_tree *tree, dcerpc_info *di, guint8 *drep, gint size)
1062 {
1063     proto_tree *sub_tree;
1064     gint old_offset, len;
1065
1066     old_offset = offset;
1067
1068     if (size <= 0) {
1069         /* TODO: expert info */
1070         size = -1;
1071     }
1072
1073     sub_tree = proto_tree_add_subtree(tree, tvb, offset, size, ett_dcom_scmrespinfo, NULL, "ScmReplyInfo");
1074
1075     offset = dissect_TypeSzCommPrivHdr(tvb, offset, pinfo, sub_tree, di, drep);
1076
1077     /*This MUST be set to NULL and MUST be ignored on receipt*/
1078     offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
1079             NULL, NDR_POINTER_UNIQUE, "Ptr", -1);
1080     offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, sub_tree, di, drep,
1081             dissect_dcom_customREMOTE_REPLY_SCM_INFO, NDR_POINTER_UNIQUE,
1082             "RemoteRequestPtr", -1);
1083     offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1084
1085     len = offset - old_offset;
1086     if (size < len) {
1087         /* TODO expert info */
1088         size = len;
1089     }
1090     else if (size > len) {
1091         proto_tree_add_item(sub_tree, hf_sysact_unused_buffer, tvb, offset, size - len, ENC_NA);
1092     }
1093
1094     offset = old_offset + size;
1095
1096     return offset;
1097 }
1098
1099 static void
1100 sysact_register_routines(void)
1101 {
1102     dcom_register_rountine(dissect_dcom_ActivationProperties, &iid_ActivationPropertiesIn);
1103     dcom_register_rountine(dissect_dcom_ActivationProperties, &iid_ActivationPropertiesOut);
1104     dcom_register_rountine(dissect_dcom_SpecialSystemProperties, &clsid_SpecialSystemProperties);
1105     dcom_register_rountine(dissect_dcom_InstantiationInfo, &clsid_InstantiationInfo);
1106     dcom_register_rountine(dissect_dcom_ActivationContextInfo, &clsid_ActivationContextInfo);
1107     dcom_register_rountine(dissect_dcom_ContextMarshaler, &clsid_ContextMarshaler);
1108     dcom_register_rountine(dissect_dcom_SecurtiyInfo, &clsid_SecurityInfo);
1109     dcom_register_rountine(dissect_dcom_LocationInfo, &clsid_ServerLocationInfo);
1110     dcom_register_rountine(dissect_dcom_ScmRqstInfo, &clsid_ScmRequestInfo);
1111     dcom_register_rountine(dissect_dcom_PropsOutInfo, &clsid_PropsOutInfo);
1112     dcom_register_rountine(dissect_dcom_ScmReplyInfo, &clsid_ScmReplyInfo);
1113
1114     return;
1115 }
1116
1117 static int
1118 dissect_remsysact_remotecreateinstance_rqst(tvbuff_t *tvb, int offset,
1119     packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
1120 {
1121
1122     sysact_register_routines();
1123
1124     offset = dissect_dcom_this(tvb, offset, pinfo, tree, di, drep);
1125
1126     /* XXX - what is this? */
1127     offset = dissect_dcom_nospec_data(tvb, offset, pinfo, tree, drep, 4);
1128     offset = dissect_dcom_PMInterfacePointer(tvb, offset, pinfo, tree, di, drep,
1129                         hf_sysact_actproperties, NULL /* XXX */);
1130     return offset;
1131 }
1132
1133 static int
1134 dissect_remsysact_remotecreateinstance_resp(tvbuff_t *tvb, int offset,
1135     packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
1136 {
1137     sysact_register_routines();
1138
1139     offset = dissect_dcom_that(tvb, offset, pinfo, tree, di, drep);
1140
1141     offset = dissect_dcom_PMInterfacePointer(tvb, offset, pinfo, tree, di, drep,
1142                         hf_sysact_actproperties, NULL /* XXX */);
1143
1144     offset = dissect_dcom_HRESULT(tvb, offset, pinfo, tree, di, drep,
1145                      NULL /* pu32HResult */);
1146
1147     return offset;
1148 }
1149
1150
1151 static dcerpc_sub_dissector ISystemActivator_dissectors[] = {
1152     { 0, "QueryInterfaceIRemoteSCMActivator", NULL, NULL },
1153     { 1, "AddRefIRemoteISCMActivator", NULL, NULL },
1154     { 2, "ReleaseIRemoteISCMActivator", NULL, NULL },
1155     { 3, "RemoteGetClassObject", NULL, NULL },
1156     { 4, "RemoteCreateInstance", dissect_remsysact_remotecreateinstance_rqst, dissect_remsysact_remotecreateinstance_resp },
1157     { 0, NULL, NULL, NULL },
1158 };
1159
1160 void
1161 proto_register_ISystemActivator (void)
1162 {
1163     /* fields */
1164     static hf_register_info hf[] = {
1165         { &hf_opnum,
1166           { "Operation", "isystemactivator.opnum", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1167         { &hf_sysact_actproperties,
1168         { "IActProperties", "isystemactivator.actproperties", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1169 #if 0
1170         { &hf_sysact_unknown,
1171         { "IUnknown", "isystemactivator.unknown", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1172 #endif
1173     };
1174
1175     static hf_register_info hf_actproperties[] = {
1176         { &hf_sysact_totalsize,
1177         { "Totalsize", "isystemactivator.actproperties.size", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1178         { &hf_sysact_res,
1179         { "Reserved", "isystemactivator.actproperties.resv", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1180
1181         { &hf_sysact_customhdrsize,
1182         { "CustomHeaderSize", "isystemactivator.customhdr.size", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1183         { &hf_sysact_dstctx,
1184         { "DestinationContext", "isystemactivator.customhdr.dc", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1185         { &hf_sysact_actpropnumber,
1186         { "NumActivationPropertyStructs", "isystemactivator.customhdr.actpropnumber", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1187         { &hf_sysact_actpropclsinfoid,
1188         { "ClassInfoClsid", "isystemactivator.customhdr.clsinfoid", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1189 #if 0
1190         { &hf_sysact_actpropclsids,
1191         { "PropertyGuids", "isystemactivator.customhdr.clsids", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1192 #endif
1193         { &hf_sysact_actpropclsid,
1194         { "PropertyStructGuid", "isystemactivator.customhdr.clsid", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1195 #if 0
1196         { &hf_sysact_actpropsizes,
1197         { "PropertyDataSizes", "isystemactivator.customhdr.datasizes", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1198 #endif
1199         { &hf_sysact_actpropsize,
1200         { "PropertyDataSize", "isystemactivator.customhdr.datasize", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1201
1202         /*SpecialSystemProperties*/
1203         { &hf_sysact_spsysprop_sid,
1204         { "SessionID", "isystemactivator.properties.spcl.sid", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, "A value that uniquely identifies a logon session on the server", HFILL }},
1205         { &hf_sysact_spsysprop_remotethissid,
1206         { "RemoteThisSessionID", "isystemactivator.properties.spcl.remotesid", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1207         { &hf_sysact_spsysprop_cltimpersonating,
1208         { "ClientImpersonating", "isystemactivator.properties.spcl.cltimp", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1209         { &hf_sysact_spsysprop_partitionid,
1210         { "PartitionIDPresent", "isystemactivator.properties.spcl.cltimp", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1211         { &hf_sysact_spsysprop_defauthlvl,
1212         { "DefaultAuthnLevel", "isystemactivator.properties.spcl.defauthlvl", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1213         { &hf_sysact_spsysprop_partition,
1214         { "PartitionGuid", "isystemactivator.properties.spcl.partition", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1215         { &hf_sysact_spsysprop_procrqstflgs,
1216         { "ProcessRequestFlags", "isystemactivator.properties.spcl.procreqstflgs", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1217         { &hf_sysact_spsysprop_origclsctx,
1218         { "OriginalClassContext", "isystemactivator.properties.spcl.origclsctx", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1219         { &hf_sysact_spsysprop_flags,
1220         { "Flags", "isystemactivator.properties.spcl.flags", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1221 #if 0
1222         { &hf_sysact_spsysprop_procid,
1223         { "ProcessID", "isystemactivator.properties.spcl.procid", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1224 #endif
1225 #if 0
1226         { &hf_sysact_spsysprop_hwnd,
1227         { "hWnd", "isystemactivator.properties.spcl.hwnd", FT_UINT64, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1228 #endif
1229
1230         /*InstantiationInfo*/
1231         { &hf_sysact_instninfo_clsid,
1232         { "InstantiatedObjectClsId", "isystemactivator.properties.instninfo.clsid", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1233         { &hf_sysact_instninfo_clsctx,
1234         { "ClassContext", "isystemactivator.properties.instninfo.clsctx", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1235         { &hf_sysact_instninfo_actflags,
1236         { "ActivationFlags", "isystemactivator.properties.instninfo.actflags", FT_UINT32, BASE_DEC_HEX, VALS(instninfo_actflags), 0x0, NULL, HFILL }},
1237         { &hf_sysact_instninfo_issurrogate,
1238         { "FlagsSurrogate", "isystemactivator.properties.instninfo.actflags", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1239         { &hf_sysact_instninfo_iidcount,
1240         { "InterfaceIdCount", "isystemactivator.properties.instninfo.iidcount", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1241         { &hf_sysact_instninfo_instflags,
1242         { "InstantiationFlag", "isystemactivator.properties.instninfo.instflags", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1243         { &hf_sysact_instninfo_entiresize,
1244         { "EntirePropertySize", "isystemactivator.properties.instninfo.entiresize", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1245         { &hf_sysact_instninfo_iid,
1246         { "InterfaceIds", "isystemactivator.properties.instninfo.iid", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1247
1248         /*ActivationContextInfo*/
1249         { &hf_sysact_actctxinfo_cltok,
1250         { "ClientOk", "isystemactivator.properties.actctxinfo.cltok", FT_INT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1251         { &hf_sysact_context,
1252         { "ClientContext", "isystemactivator.properties.context", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1253
1254         /*dcom Context*/
1255         { &hf_sysact_ctx_id,
1256         { "ContextID", "isystemactivator.properties.context.id", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1257         { &hf_sysact_ctx_flags,
1258         { "Flags", "isystemactivator.properties.context.flags", FT_UINT32, BASE_HEX, VALS(dcom_context_flag_vals), 0x0, NULL, HFILL }},
1259         { &hf_sysact_ctx_res,
1260         { "Reserved", "isystemactivator.properties.context.res", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL }},
1261         { &hf_sysact_ctx_numextents,
1262         { "NumExtents", "isystemactivator.properties.context.numext", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1263         { &hf_sysact_ctx_extentscnt,
1264         { "ExtentCount", "isystemactivator.properties.context.extcnt", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1265         { &hf_sysact_ctx_mashflags,
1266         { "MarshalFlags", "isystemactivator.properties.context.mashflags", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1267         { &hf_sysact_ctx_count,
1268         { "ContextPropertyCount", "isystemactivator.properties.context.cnt", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1269         { &hf_sysact_ctx_frozen,
1270         { "Frozen", "isystemactivator.properties.context.frz", FT_UINT32, BASE_HEX, VALS(boolean_flag_vals), 0x0, NULL, HFILL }},
1271
1272         /*Security Info*/
1273         { &hf_sysact_si_authflalgs,
1274         { "AuthenticationFlags", "isystemactivator.properties.si.authflags", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL }},
1275         { &hf_sysact_si_serverinfo,
1276         { "ServerInfo", "isystemactivator.properties.si.ci", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
1277         { &hf_sysact_si_ci_res,
1278         { "Reserved", "isystemactivator.properties.si.ci.res", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL }},
1279         { &hf_sysact_si_ci_string,
1280         { "String", "isystemactivator.properties.si.ci.name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
1281
1282         /*Location info*/
1283         { &hf_sysact_li_string,
1284         { "String", "isystemactivator.properties.li.name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
1285         { &hf_sysact_li_procid,
1286         { "ProcessId", "isystemactivator.properties.li.procid", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1287         { &hf_sysact_li_apartid,
1288         { "ApartmentId", "isystemactivator.properties.li.apartid", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1289         { &hf_sysact_li_ctxid,
1290         { "ContextId", "isystemactivator.properties.li.ctxid", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }},
1291
1292         /*ScmRequst info*/
1293         { &hf_sysact_sri_cltimplvl,
1294         { "ClientImpersonationLevel", "isystemactivator.properties.sri.cltimplvl", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1295         { &hf_sysact_sri_protseqnum,
1296         { "NumProtocolSequences", "isystemactivator.properties.sri.protseqnum", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1297         { &hf_sysact_sri_protseq,
1298         { "ProtocolSeq", "isystemactivator.properties.sri.protseq", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1299
1300         /*PropsOutInfo*/
1301         { &hf_sysact_pi_ifnum,
1302         { "NumInterfaces", "isystemactivator.properties.pi.ifnum", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1303         { &hf_sysact_pi_retval,
1304         { "ReturnValue", "isystemactivator.properties.retval", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1305         { &hf_sysact_pi_interf,
1306         { "Interface", "isystemactivator.properties.interf", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1307         { &hf_sysact_pi_iid,
1308         { "IID", "isystemactivator.properties.iid", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1309
1310         /*ScmReply info*/
1311         { &hf_sysact_scmri_rmtunknid,
1312         { "IRemUnknownInterfacePointerId", "isystemactivator.properties.scmresp.rmtunknid", FT_GUID, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1313         { &hf_sysact_scmri_authhint,
1314         { "AuthenticationHint", "isystemactivator.properties.scmresp.authhint", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1315         { &hf_sysact_scmri_binding,
1316         { "Bindings", "isystemactivator.properties.scmresp.binding", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1317         { &hf_sysact_scmri_oxid,
1318         { "OXID", "isystemactivator.properties.scmresp.oxid", FT_UINT64, BASE_HEX, NULL, 0x0, NULL, HFILL }},
1319         { &hf_sysact_unused_buffer,
1320         { "Unused buffer", "isystemactivator.unused_buffer", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1321     };
1322
1323     static hf_register_info hf_tshdr[] = {
1324         { &hf_typeszch,
1325         { "CommonHeader", "isystemactivator.actproperties.ts.hdr", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1326         { &hf_typeszph,
1327         { "PrivateHeader", "isystemactivator.actproperties.ts.hdr", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
1328         { &hf_typesz_ver,
1329         { "Version", "isystemactivator.actproperties.ts.ver", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }},
1330         { &hf_typesz_endianness,
1331         { "Endianness", "isystemactivator.actproperties.ts.end", FT_UINT8, BASE_HEX, VALS(ts_endian_vals), 0x0, NULL, HFILL }},
1332         { &hf_typesz_commhdrlen,
1333         { "CommonHeaderLength", "isystemactivator.actproperties.ts.chl", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1334         { &hf_typesz_filler,
1335         { "Filler", "isystemactivator.actproperties.ts.fil", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL }},
1336         { &hf_typesz_buflen,
1337         { "ObjectBufferLength", "isystemactivator.actproperties.ts.buflen", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
1338     };
1339
1340
1341     /* Tree */
1342     static gint *ett[] = {
1343         &ett_isystemactivator,
1344         &ett_actproperties,
1345         &ett_properties,
1346         &ett_commonheader,
1347         &ett_propguids,
1348         &ett_typeszcommhdr,
1349         &ett_typeszprivhdr,
1350         &ett_dcom_spclsysprop,
1351         &ett_dcom_reserved,
1352         &ett_dcom_instantianinfo,
1353         &ett_dcom_actctxinfo,
1354         &ett_dcom_context,
1355         &ett_dcom_securityinfo,
1356         &ett_dcom_locationinfo,
1357         &ett_dcom_scmrqstinfo,
1358         &ett_dcom_rmtrqst,
1359
1360         &ett_dcom_propsoutput,
1361         &ett_dcom_scmrespinfo,
1362         &ett_dcom_rmtresp,
1363         &ett_dcom_oxidbinding,
1364
1365     };
1366
1367     proto_ISystemActivator = proto_register_protocol ("ISystemActivator ISystemActivator Resolver", "ISystemActivator", "isystemactivator");
1368     proto_register_field_array (proto_ISystemActivator, hf, array_length (hf));
1369     proto_register_field_array (proto_ISystemActivator, hf_actproperties, array_length (hf_actproperties));
1370     proto_register_field_array(proto_ISystemActivator, hf_tshdr, array_length(hf_tshdr));
1371     proto_register_subtree_array (ett, array_length (ett));
1372 }
1373
1374 void
1375 proto_reg_handoff_ISystemActivator (void)
1376 {
1377     /* Register the protocol as dcerpc */
1378     dcerpc_init_uuid (proto_ISystemActivator, ett_isystemactivator, &uuid_ISystemActivator,
1379             ver_ISystemActivator, ISystemActivator_dissectors, hf_opnum);
1380 }
1381
1382 /*
1383  * Editor modelines  -  http://www.wireshark.org/tools/modelines.html
1384  *
1385  * Local variables:
1386  * c-basic-offset: 4
1387  * tab-width: 8
1388  * indent-tabs-mode: nil
1389  * End:
1390  *
1391  * vi: set shiftwidth=4 tabstop=8 expandtab:
1392  * :indentSize=4:tabSize=8:noTabs=true:
1393  */