2 * Routines for smb packet dissection
3 * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
5 * $Id: packet-smb.c,v 1.122 2001/10/20 19:29:21 guy Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@ethereal.com>
9 * Copyright 1998 Gerald Combs
11 * Copied from packet-pop.c
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
34 #ifdef HAVE_SYS_TYPES_H
35 # include <sys/types.h>
38 #ifdef HAVE_NETINET_IN_H
39 # include <netinet/in.h>
47 #include "conversation.h"
49 #include "alignment.h"
52 #include "packet-smb-mailslot.h"
53 #include "packet-smb-pipe.h"
55 static int proto_smb = -1;
57 static int hf_smb_cmd = -1;
58 static int hf_smb_status = -1;
59 static int hf_smb_errcls = -1;
60 static int hf_smb_flags = -1;
61 static int hf_smb_flags2 = -1;
62 static int hf_smb_tid = -1;
63 static int hf_smb_pid = -1;
64 static int hf_smb_uid = -1;
65 static int hf_smb_mid = -1;
67 static gint ett_smb = -1;
68 static gint ett_smb_hdr = -1;
69 static gint ett_smb_fileattributes = -1;
70 static gint ett_smb_capabilities = -1;
71 static gint ett_smb_aflags = -1;
72 static gint ett_smb_dialects = -1;
73 static gint ett_smb_mode = -1;
74 static gint ett_smb_rawmode = -1;
75 static gint ett_smb_flags = -1;
76 static gint ett_smb_flags2 = -1;
77 static gint ett_smb_desiredaccess = -1;
78 static gint ett_smb_search = -1;
79 static gint ett_smb_file = -1;
80 static gint ett_smb_openfunction = -1;
81 static gint ett_smb_filetype = -1;
82 static gint ett_smb_openaction = -1;
83 static gint ett_smb_writemode = -1;
84 static gint ett_smb_lock_type = -1;
85 static gint ett_smb_ssetupandxaction = -1;
86 static gint ett_smb_optionsup = -1;
90 * Struct passed to each SMB decode routine of info it may need
93 char *decode_smb_name(unsigned char);
95 int smb_packet_init_count = 200;
98 * This is a hash table matching transaction requests and replies.
100 * Unfortunately, the MID is not a transaction ID in, say, the ONC RPC
101 * sense; instead, it's a "multiplex ID" used when there's more than one
102 * request *currently* in flight, to distinguish replies.
104 * This means that the MID and PID don't uniquely identify a request in
107 * Therefore, we have to use some other value to distinguish between
108 * requests with the same MID and PID.
110 * On the first pass through the capture, when we first see a request,
111 * we hash it by conversation, MID, and PID.
113 * When we first see a reply to it, we add it to a new hash table,
114 * hashing it by conversation, MID, PID, and frame number of the reply.
116 * This works as long as
118 * 1) a client doesn't screw up and have multiple requests outstanding
119 * with the same MID and PID
123 * 2) we don't have, within the same frame, replies to multiple
124 * requests with the same MID and PID.
126 * 2) should happen only if the server screws up and puts the wrong MID or
127 * PID into a reply (in which case not only can we not handle this, the
128 * client can't handle it either) or if the client has screwed up as per
129 * 1) and the server's dutifully replied to both of the requests with the
130 * same MID and PID (in which case, again, neither we nor the client can
133 * We don't have to correctly dissect screwups; we just have to keep from
134 * dumping core on them.
136 * XXX - in addition, we need to keep a hash table of replies, so that we
137 * can associate continuations with the reply to which they're a continuation.
139 struct smb_request_key {
140 guint32 conversation;
146 static GHashTable *smb_request_hash = NULL;
147 static GMemChunk *smb_request_keys = NULL;
148 static GMemChunk *smb_request_vals = NULL;
151 * This is a hash table matching continued transation replies and their
154 * It works similarly to the request/reply hash table.
156 static GHashTable *smb_continuation_hash = NULL;
158 static GMemChunk *smb_continuation_vals = NULL;
162 smb_equal(gconstpointer v, gconstpointer w)
164 struct smb_request_key *v1 = (struct smb_request_key *)v;
165 struct smb_request_key *v2 = (struct smb_request_key *)w;
167 #if defined(DEBUG_SMB_HASH)
168 printf("Comparing %08X:%u:%u:%u\n and %08X:%u:%u:%u\n",
169 v1 -> conversation, v1 -> mid, v1 -> pid, v1 -> frame_num,
170 v2 -> conversation, v2 -> mid, v2 -> pid, v2 -> frame_num);
173 if (v1 -> conversation == v2 -> conversation &&
174 v1 -> mid == v2 -> mid &&
175 v1 -> pid == v2 -> pid &&
176 v1 -> frame_num == v2 -> frame_num) {
186 smb_hash (gconstpointer v)
188 struct smb_request_key *key = (struct smb_request_key *)v;
191 val = (key -> conversation) + (key -> mid) + (key -> pid) +
194 #if defined(DEBUG_SMB_HASH)
195 printf("SMB Hash calculated as %u\n", val);
203 * Free up any state information we've saved, and re-initialize the
204 * tables of state information.
208 * For a hash table entry, free the address data to which the key refers
209 * and the fragment data to which the value refers.
210 * (The actual key and value structures get freed by "reassemble_init()".)
213 free_request_val_data(gpointer key, gpointer value, gpointer user_data)
215 struct smb_request_val *request_val = value;
217 if (request_val->last_transact_command != NULL)
218 g_free(request_val->last_transact_command);
219 if (request_val->last_param_descrip != NULL)
220 g_free(request_val->last_param_descrip);
221 if (request_val->last_data_descrip != NULL)
222 g_free(request_val->last_data_descrip);
223 if (request_val->last_aux_data_descrip != NULL)
224 g_free(request_val->last_aux_data_descrip);
228 static struct smb_request_val *
229 do_transaction_hashing(conversation_t *conversation, struct smb_info si,
232 struct smb_request_key request_key, *new_request_key;
233 struct smb_request_val *request_val = NULL;
234 gpointer new_request_key_ret, request_val_ret;
240 * If this is the first time the frame has been seen, check for
241 * an entry for the request in the hash table. If it's not found,
242 * insert an entry for it.
244 * If it's the first time it's been seen, then we can't have seen
245 * the reply yet, so the reply frame number should be 0, for
248 if (!fd->flags.visited) {
249 request_key.conversation = conversation->index;
250 request_key.mid = si.mid;
251 request_key.pid = si.pid;
252 request_key.frame_num = 0;
254 request_val = (struct smb_request_val *) g_hash_table_lookup(smb_request_hash, &request_key);
256 if (request_val == NULL) {
260 new_request_key = g_mem_chunk_alloc(smb_request_keys);
261 new_request_key -> conversation = conversation->index;
262 new_request_key -> mid = si.mid;
263 new_request_key -> pid = si.pid;
264 new_request_key -> frame_num = 0;
266 request_val = g_mem_chunk_alloc(smb_request_vals);
267 request_val -> frame = fd->num;
268 request_val -> last_transact2_command = -1; /* unknown */
269 request_val -> last_transact_command = NULL;
270 request_val -> last_param_descrip = NULL;
271 request_val -> last_data_descrip = NULL;
272 request_val -> last_aux_data_descrip = NULL;
274 g_hash_table_insert(smb_request_hash, new_request_key, request_val);
277 * This means that we've seen another request in this conversation
278 * with the same request and reply, and without an intervening
279 * reply to that first request, and thus won't be using this
280 * "request_val" structure for that request (as we'd use it only
283 * Clean out the structure, and set it to refer to this frame.
285 request_val -> frame = fd->num;
286 request_val -> last_transact2_command = -1; /* unknown */
287 if (request_val -> last_transact_command)
288 g_free(request_val -> last_transact_command);
289 request_val -> last_transact_command = NULL;
290 if (request_val -> last_param_descrip)
291 g_free(request_val -> last_param_descrip);
292 request_val -> last_param_descrip = NULL;
293 if (request_val -> last_data_descrip)
294 g_free(request_val -> last_data_descrip);
295 request_val -> last_data_descrip = NULL;
296 if (request_val -> last_aux_data_descrip)
297 g_free(request_val -> last_aux_data_descrip);
298 request_val -> last_aux_data_descrip = NULL;
305 if (!fd->flags.visited) {
307 * This is the first time the frame has been seen; check for
308 * an entry for a matching request, with an unknown reply frame
309 * number, in the hash table.
311 * If we find it, re-hash it with this frame's number as the
312 * reply frame number.
314 request_key.conversation = conversation->index;
315 request_key.mid = si.mid;
316 request_key.pid = si.pid;
317 request_key.frame_num = 0;
320 * Look it up - and, if we find it, get pointers to the key and
321 * value structures for it.
323 if (g_hash_table_lookup_extended(smb_request_hash, &request_key,
324 &new_request_key_ret,
326 new_request_key = new_request_key_ret;
327 request_val = request_val_ret;
331 * Remove the old entry.
333 g_hash_table_remove(smb_request_hash, &request_key);
336 * Now update the key, and put it back into the hash table with
339 new_request_key->frame_num = fd->num;
340 g_hash_table_insert(smb_request_hash, new_request_key, request_val);
344 * This is not the first time the frame has been seen; check for
345 * an entry for a matching request, with this frame's frame
346 * number as the reply frame number, in the hash table.
348 request_key.conversation = conversation->index;
349 request_key.mid = si.mid;
350 request_key.pid = si.pid;
351 request_key.frame_num = fd->num;
353 request_val = (struct smb_request_val *) g_hash_table_lookup(smb_request_hash, &request_key);
360 static struct smb_continuation_val *
361 do_continuation_hashing(conversation_t *conversation, struct smb_info si,
362 frame_data *fd, guint16 TotalDataCount,
363 guint16 DataCount, const char **TransactName)
365 struct smb_request_key request_key, *new_request_key;
366 struct smb_continuation_val *continuation_val, *new_continuation_val;
367 gpointer new_request_key_ret, continuation_val_ret;
369 continuation_val = NULL;
372 * This reply isn't the first in the series; there should be a
373 * reply of which it is a continuation.
375 if (!fd->flags.visited) {
377 * This is the first time the frame has been seen; check for
378 * an entry for a matching continued message, with an unknown
379 * continuation frame number, in the hash table.
381 * If we find it, re-hash it with this frame's number as the
382 * continuation frame number.
384 request_key.conversation = conversation->index;
385 request_key.mid = si.mid;
386 request_key.pid = si.pid;
387 request_key.frame_num = 0;
390 * Look it up - and, if we find it, get pointers to the key and
391 * value structures for it.
393 if (g_hash_table_lookup_extended(smb_continuation_hash, &request_key,
394 &new_request_key_ret,
395 &continuation_val_ret)) {
396 new_request_key = new_request_key_ret;
397 continuation_val = continuation_val_ret;
401 * Remove the old entry.
403 g_hash_table_remove(smb_continuation_hash, &request_key);
406 * Now update the key, and put it back into the hash table with
409 new_request_key->frame_num = fd->num;
410 g_hash_table_insert(smb_continuation_hash, new_request_key,
415 * This is not the first time the frame has been seen; check for
416 * an entry for a matching request, with this frame's frame
417 * number as the continuation frame number, in the hash table.
419 request_key.conversation = conversation->index;
420 request_key.mid = si.mid;
421 request_key.pid = si.pid;
422 request_key.frame_num = fd->num;
424 continuation_val = (struct smb_continuation_val *)
425 g_hash_table_lookup(smb_continuation_hash, &request_key);
430 * If we found the entry for the message of which this is a continuation,
431 * and our caller cares, get the transaction name for that message, as
432 * it's the transaction name for this message as well.
434 if (continuation_val != NULL && TransactName != NULL)
435 *TransactName = continuation_val -> transact_name;
437 if (TotalDataCount > DataCount + si.ddisp) {
439 * This reply isn't the last in the series; there should be a
440 * continuation for it later in the capture.
442 * If this is the first time the frame has been seen, check for
443 * an entry for the reply in the hash table. If it's not found,
444 * insert an entry for it.
446 * If it's the first time it's been seen, then we can't have seen
447 * the continuation yet, so the continuation frame number should
448 * be 0, for "unknown".
450 if (!fd->flags.visited) {
451 request_key.conversation = conversation->index;
452 request_key.mid = si.mid;
453 request_key.pid = si.pid;
454 request_key.frame_num = 0;
456 new_continuation_val = (struct smb_continuation_val *)
457 g_hash_table_lookup(smb_continuation_hash, &request_key);
459 if (new_continuation_val == NULL) {
463 new_request_key = g_mem_chunk_alloc(smb_request_keys);
464 new_request_key -> conversation = conversation->index;
465 new_request_key -> mid = si.mid;
466 new_request_key -> pid = si.pid;
467 new_request_key -> frame_num = 0;
469 new_continuation_val = g_mem_chunk_alloc(smb_continuation_vals);
470 new_continuation_val -> frame = fd->num;
471 if (TransactName != NULL)
472 new_continuation_val -> transact_name = *TransactName;
474 new_continuation_val -> transact_name = NULL;
476 g_hash_table_insert(smb_continuation_hash, new_request_key,
477 new_continuation_val);
480 * This presumably means we never saw the continuation of
481 * the message we found, and this is a reply to a different
482 * request; as we never saw the continuation of that message,
483 * we won't be using this "request_val" structure for that
484 * message (as we'd use it only for the continuation).
486 * Clean out the structure, and set it to refer to this frame.
488 new_continuation_val -> frame = fd->num;
493 return continuation_val;
497 smb_init_protocol(void)
499 #if defined(DEBUG_SMB_HASH)
500 printf("Initializing SMB hashtable area\n");
503 if (smb_request_hash) {
505 * Remove all entries from the hash table and free all strings
506 * attached to the keys and values. (The keys and values
507 * themselves are freed with "g_mem_chunk_destroy()" calls
510 g_hash_table_foreach_remove(smb_request_hash, free_request_val_data, NULL);
511 g_hash_table_destroy(smb_request_hash);
513 if (smb_continuation_hash)
514 g_hash_table_destroy(smb_continuation_hash);
515 if (smb_request_keys)
516 g_mem_chunk_destroy(smb_request_keys);
517 if (smb_request_vals)
518 g_mem_chunk_destroy(smb_request_vals);
519 if (smb_continuation_vals)
520 g_mem_chunk_destroy(smb_continuation_vals);
522 smb_request_hash = g_hash_table_new(smb_hash, smb_equal);
523 smb_continuation_hash = g_hash_table_new(smb_hash, smb_equal);
524 smb_request_keys = g_mem_chunk_new("smb_request_keys",
525 sizeof(struct smb_request_key),
526 smb_packet_init_count * sizeof(struct smb_request_key), G_ALLOC_AND_FREE);
527 smb_request_vals = g_mem_chunk_new("smb_request_vals",
528 sizeof(struct smb_request_val),
529 smb_packet_init_count * sizeof(struct smb_request_val), G_ALLOC_AND_FREE);
530 smb_continuation_vals = g_mem_chunk_new("smb_continuation_vals",
531 sizeof(struct smb_continuation_val),
532 smb_packet_init_count * sizeof(struct smb_continuation_val), G_ALLOC_AND_FREE);
535 static void (*dissect[256])(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info si, int, int);
537 static const value_string smb_cmd_vals[] = {
538 { 0x00, "SMBcreatedirectory" },
539 { 0x01, "SMBdeletedirectory" },
541 { 0x03, "SMBcreate" },
542 { 0x04, "SMBclose" },
543 { 0x05, "SMBflush" },
544 { 0x06, "SMBunlink" },
546 { 0x08, "SMBgetatr" },
547 { 0x09, "SMBsetatr" },
549 { 0x0B, "SMBwrite" },
551 { 0x0D, "SMBunlock" },
552 { 0x0E, "SMBctemp" },
553 { 0x0F, "SMBmknew" },
554 { 0x10, "SMBchkpth" },
556 { 0x12, "SMBlseek" },
557 { 0x13, "SMBlockread" },
558 { 0x14, "SMBwriteunlock" },
559 { 0x1A, "SMBreadBraw" },
560 { 0x1B, "SMBreadBmpx" },
561 { 0x1C, "SMBreadBs" },
562 { 0x1D, "SMBwriteBraw" },
563 { 0x1E, "SMBwriteBmpx" },
564 { 0x1F, "SMBwriteBs" },
565 { 0x20, "SMBwriteC" },
566 { 0x22, "SMBsetattrE" },
567 { 0x23, "SMBgetattrE" },
568 { 0x24, "SMBlockingX" },
569 { 0x25, "SMBtrans" },
570 { 0x26, "SMBtranss" },
571 { 0x27, "SMBioctl" },
572 { 0x28, "SMBioctls" },
576 { 0x2C, "SMBwriteclose" },
577 { 0x2D, "SMBopenX" },
578 { 0x2E, "SMBreadX" },
579 { 0x2F, "SMBwriteX" },
580 { 0x31, "SMBcloseandtreedisc" },
581 { 0x32, "SMBtrans2" },
582 { 0x33, "SMBtrans2secondary" },
583 { 0x34, "SMBfindclose2" },
584 { 0x35, "SMBfindnotifyclose" },
587 { 0x72, "SMBnegprot" },
588 { 0x73, "SMBsesssetupX" },
589 { 0x74, "SMBlogoffX" },
590 { 0x75, "SMBtconX" },
591 { 0x80, "SMBdskattr" },
592 { 0x81, "SMBsearch" },
593 { 0x82, "SMBffirst" },
594 { 0x83, "SMBfunique" },
595 { 0x84, "SMBfclose" },
596 { 0xA0, "SMBnttransact" },
597 { 0xA1, "SMBnttransactsecondary" },
598 { 0xA2, "SMBntcreateX" },
599 { 0xA4, "SMBntcancel" },
600 { 0xC0, "SMBsplopen" },
601 { 0xC1, "SMBsplwr" },
602 { 0xC2, "SMBsplclose" },
603 { 0xC3, "SMBsplretq" },
604 { 0xD0, "SMBsends" },
605 { 0xD1, "SMBsendb" },
606 { 0xD2, "SMBfwdname" },
607 { 0xD3, "SMBcancelf" },
608 { 0xD4, "SMBgetmac" },
609 { 0xD5, "SMBsendstrt" },
610 { 0xD6, "SMBsendend" },
611 { 0xD7, "SMBsendtxt" },
612 { 0xD8, "SMBreadbulk" },
613 { 0xD9, "SMBwritebulk" },
614 { 0xDA, "SMBwritebulkdata" },
615 { 0xFE, "SMBinvalid" },
619 char *SMB_names[256] = {
620 "SMBcreatedirectory",
621 "SMBdeletedirectory",
669 "SMBcloseandtreedisc",
671 "SMBtrans2secondary",
673 "SMBfindnotifyclose",
781 "SMBnttransactsecondary",
879 dissect_unknown_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
884 proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Data (%u bytes)",
892 * Dissect a UNIX like date ...
895 struct tm *_gtime; /* Add leading underscore ("_") to prevent symbol
896 conflict with /usr/include/time.h on some NetBSD
900 dissect_smbu_date(guint16 date, guint16 time)
903 static char datebuf[4+2+2+2+1+10];
904 time_t ltime = (date << 16) + time;
906 _gtime = gmtime(<ime);
909 sprintf(datebuf, "%04d-%02d-%02d",
910 1900 + (_gtime -> tm_year), 1 + (_gtime -> tm_mon), _gtime -> tm_mday);
912 sprintf(datebuf, "Bad date format");
922 dissect_smbu_time(guint16 date, guint16 time)
925 static char timebuf[2+2+2+2+1+10];
928 sprintf(timebuf, "%02d:%02d:%02d",
929 _gtime -> tm_hour, _gtime -> tm_min, _gtime -> tm_sec);
931 sprintf(timebuf, "Bad time format");
938 * Dissect a DOS-format date.
941 dissect_dos_date(guint16 date)
943 static char datebuf[4+2+2+1];
945 sprintf(datebuf, "%04d-%02d-%02d",
946 ((date>>9)&0x7F) + 1980, (date>>5)&0x0F, date&0x1F);
951 * Dissect a DOS-format time.
954 dissect_dos_time(guint16 time)
956 static char timebuf[2+2+2+1];
958 sprintf(timebuf, "%02d:%02d:%02d",
959 (time>>11)&0x1F, (time>>5)&0x3F, (time&0x1F)*2);
963 /* Max string length for displaying Unicode strings. */
964 #define MAX_UNICODE_STR_LEN 256
966 /* Turn a little-endian Unicode '\0'-terminated string into a string we
968 XXX - for now, we just handle the ISO 8859-1 characters. */
970 unicode_to_str(const guint8 *us, int *us_lenp) {
971 static gchar str[3][MAX_UNICODE_STR_LEN+3+1];
978 if (cur == &str[0][0]) {
980 } else if (cur == &str[1][0]) {
986 len = MAX_UNICODE_STR_LEN;
988 while (*us != 0 || *(us + 1) != 0) {
998 /* Note that we're not showing the full string. */
1008 /* Get a null terminated string, which is Unicode if "is_unicode" is true
1009 and ASCII (OEM character set) otherwise.
1010 XXX - for now, we just handle the ISO 8859-1 subset of Unicode. */
1011 static const gchar *
1012 get_unicode_or_ascii_string(const u_char *pd, int *offsetp, int SMB_offset,
1013 gboolean is_unicode, int *len)
1015 int offset = *offsetp;
1016 const gchar *string;
1020 if ((offset - SMB_offset) % 2) {
1022 * XXX - this should be an offset relative to the beginning of the SMB,
1023 * not an offset relative to the beginning of the frame; if the stuff
1024 * before the SMB has an odd number of bytes, an offset relative to
1025 * the beginning of the frame will give the wrong answer.
1027 offset++; /* Looks like a pad byte there sometimes */
1030 string = unicode_to_str(pd + offset, &string_len);
1033 string = pd + offset;
1034 string_len = strlen(string) + 1;
1040 static const value_string buffer_format_vals[] = {
1041 { 1, "Data block" },
1045 { 5, "Variable block" },
1050 * Each dissect routine is passed an offset to wct and works from there
1054 dissect_flush_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
1062 /* Request(s) dissect code */
1064 /* Build display for: Word Count (WCT) */
1066 WordCount = GBYTE(pd, offset);
1070 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1074 offset += 1; /* Skip Word Count (WCT) */
1076 /* Build display for: FID */
1078 FID = GSHORT(pd, offset);
1082 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
1086 offset += 2; /* Skip FID */
1088 /* Build display for: Byte Count */
1090 ByteCount = GSHORT(pd, offset);
1094 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
1098 offset += 2; /* Skip Byte Count */
1101 /* Response(s) dissect code */
1103 /* Build display for: Word Count (WCT) */
1105 WordCount = GBYTE(pd, offset);
1109 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1113 offset += 1; /* Skip Word Count (WCT) */
1115 /* Build display for: Byte Count (BCC) */
1117 ByteCount = GSHORT(pd, offset);
1121 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1125 offset += 2; /* Skip Byte Count (BCC) */
1132 dissect_get_disk_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
1140 guint16 BlocksPerUnit;
1144 /* Request(s) dissect code */
1146 /* Build display for: Word Count (WCT) */
1148 WordCount = GBYTE(pd, offset);
1152 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1156 offset += 1; /* Skip Word Count (WCT) */
1158 /* Build display for: Byte Count (BCC) */
1160 ByteCount = GSHORT(pd, offset);
1164 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1168 offset += 2; /* Skip Byte Count (BCC) */
1171 /* Response(s) dissect code */
1173 /* Build display for: Word Count (WCT) */
1175 WordCount = GBYTE(pd, offset);
1179 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1183 offset += 1; /* Skip Word Count (WCT) */
1185 if (WordCount != 0) {
1187 /* Build display for: Total Units */
1189 TotalUnits = GSHORT(pd, offset);
1193 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Units: %u", TotalUnits);
1197 offset += 2; /* Skip Total Units */
1199 /* Build display for: Blocks Per Unit */
1201 BlocksPerUnit = GSHORT(pd, offset);
1205 proto_tree_add_text(tree, NullTVB, offset, 2, "Blocks Per Unit: %u", BlocksPerUnit);
1209 offset += 2; /* Skip Blocks Per Unit */
1211 /* Build display for: Block Size */
1213 BlockSize = GSHORT(pd, offset);
1217 proto_tree_add_text(tree, NullTVB, offset, 2, "Block Size: %u", BlockSize);
1221 offset += 2; /* Skip Block Size */
1223 /* Build display for: Free Units */
1225 FreeUnits = GSHORT(pd, offset);
1229 proto_tree_add_text(tree, NullTVB, offset, 2, "Free Units: %u", FreeUnits);
1233 offset += 2; /* Skip Free Units */
1235 /* Build display for: Reserved */
1237 Reserved = GSHORT(pd, offset);
1241 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
1245 offset += 2; /* Skip Reserved */
1249 /* Build display for: Byte Count (BCC) */
1251 ByteCount = GSHORT(pd, offset);
1255 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1259 offset += 2; /* Skip Byte Count (BCC) */
1266 dissect_set_file_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
1269 proto_tree *Attributes_tree;
1273 guint8 BufferFormat;
1279 guint16 LastWriteTime;
1280 guint16 LastWriteDate;
1282 const char *FileName;
1286 /* Request(s) dissect code */
1288 /* Build display for: Word Count (WCT) */
1290 WordCount = GBYTE(pd, offset);
1294 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1298 offset += 1; /* Skip Word Count (WCT) */
1300 if (WordCount != 0) {
1302 /* Build display for: Attributes */
1304 Attributes = GSHORT(pd, offset);
1308 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Attributes: 0x%02x", Attributes);
1309 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
1310 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1311 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
1312 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1313 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
1314 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1315 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
1316 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1317 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
1318 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1319 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
1320 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1321 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
1325 offset += 2; /* Skip Attributes */
1327 /* Build display for: Last Write Time */
1329 LastWriteTime = GSHORT(pd, offset);
1333 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_dos_time(LastWriteTime));
1337 offset += 2; /* Skip Last Write Time */
1339 /* Build display for: Last Write Date */
1341 LastWriteDate = GSHORT(pd, offset);
1345 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_dos_date(LastWriteDate));
1349 offset += 2; /* Skip Last Write Date */
1351 /* Build display for: Reserved 1 */
1353 Reserved1 = GSHORT(pd, offset);
1357 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
1361 offset += 2; /* Skip Reserved 1 */
1363 /* Build display for: Reserved 2 */
1365 Reserved2 = GSHORT(pd, offset);
1369 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 2: %u", Reserved2);
1373 offset += 2; /* Skip Reserved 2 */
1375 /* Build display for: Reserved 3 */
1377 Reserved3 = GSHORT(pd, offset);
1381 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 3: %u", Reserved3);
1385 offset += 2; /* Skip Reserved 3 */
1387 /* Build display for: Reserved 4 */
1389 Reserved4 = GSHORT(pd, offset);
1393 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 4: %u", Reserved4);
1397 offset += 2; /* Skip Reserved 4 */
1399 /* Build display for: Reserved 5 */
1401 Reserved5 = GSHORT(pd, offset);
1405 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 5: %u", Reserved5);
1409 offset += 2; /* Skip Reserved 5 */
1413 /* Build display for: Byte Count (BCC) */
1415 ByteCount = GSHORT(pd, offset);
1419 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1423 offset += 2; /* Skip Byte Count (BCC) */
1425 /* Build display for: Buffer Format */
1427 BufferFormat = GBYTE(pd, offset);
1431 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %s (%u)",
1432 val_to_str(BufferFormat, buffer_format_vals, "Unknown"),
1437 offset += 1; /* Skip Buffer Format */
1439 /* Build display for: File Name */
1441 FileName = get_unicode_or_ascii_string(pd, &offset, SMB_offset, si.unicode, &string_len);
1445 proto_tree_add_text(tree, NullTVB, offset, string_len, "File Name: %s", FileName);
1449 offset += string_len; /* Skip File Name */
1452 /* Response(s) dissect code */
1454 /* Build display for: Word Count (WCT) */
1456 WordCount = GBYTE(pd, offset);
1460 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1464 offset += 1; /* Skip Word Count (WCT) */
1466 /* Build display for: Byte Count (BCC) */
1468 ByteCount = GBYTE(pd, offset);
1472 proto_tree_add_text(tree, NullTVB, offset, 1, "Byte Count (BCC): %u", ByteCount);
1476 offset += 1; /* Skip Byte Count (BCC) */
1483 dissect_write_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
1487 guint8 BufferFormat;
1496 /* Request(s) dissect code */
1498 /* Build display for: Word Count (WCT) */
1500 WordCount = GBYTE(pd, offset);
1504 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1508 offset += 1; /* Skip Word Count (WCT) */
1510 /* Build display for: FID */
1512 FID = GSHORT(pd, offset);
1516 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
1520 offset += 2; /* Skip FID */
1522 /* Build display for: Count */
1524 Count = GSHORT(pd, offset);
1528 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
1532 offset += 2; /* Skip Count */
1534 /* Build display for: Offset */
1536 Offset = GWORD(pd, offset);
1540 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
1544 offset += 4; /* Skip Offset */
1546 /* Build display for: Remaining */
1548 Remaining = GSHORT(pd, offset);
1552 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
1556 offset += 2; /* Skip Remaining */
1558 /* Build display for: Byte Count (BCC) */
1560 ByteCount = GSHORT(pd, offset);
1564 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1568 offset += 2; /* Skip Byte Count (BCC) */
1570 /* Build display for: Buffer Format */
1572 BufferFormat = GBYTE(pd, offset);
1576 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %s (%u)",
1577 val_to_str(BufferFormat, buffer_format_vals, "Unknown"),
1582 offset += 1; /* Skip Buffer Format */
1584 /* Build display for: Data Length */
1586 DataLength = GSHORT(pd, offset);
1590 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
1594 offset += 2; /* Skip Data Length */
1596 if (DataLength > 0 && tree) {
1598 if(END_OF_FRAME >= DataLength)
1599 proto_tree_add_text(tree, NullTVB, offset, DataLength, "Data (%u bytes)", DataLength);
1601 proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Data (first %u bytes)", END_OF_FRAME);
1606 /* Response(s) dissect code */
1608 /* Build display for: Word Count (WCT) */
1610 WordCount = GBYTE(pd, offset);
1614 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1618 offset += 1; /* Skip Word Count (WCT) */
1620 /* Build display for: Count */
1622 Count = GSHORT(pd, offset);
1626 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
1630 offset += 2; /* Skip Count */
1632 /* Build display for: Byte Count (BCC) */
1634 ByteCount = GSHORT(pd, offset);
1638 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1642 offset += 2; /* Skip Byte Count (BCC) */
1649 dissect_read_mpx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *arent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
1663 guint16 DataCompactionMode;
1668 /* Request(s) dissect code */
1670 /* Build display for: Word Count (WCT) */
1672 WordCount = GBYTE(pd, offset);
1676 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1680 offset += 1; /* Skip Word Count (WCT) */
1682 /* Build display for: FID */
1684 FID = GSHORT(pd, offset);
1688 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
1692 offset += 2; /* Skip FID */
1694 /* Build display for: Offset */
1696 Offset = GWORD(pd, offset);
1700 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
1704 offset += 4; /* Skip Offset */
1706 /* Build display for: Max Count */
1708 MaxCount = GSHORT(pd, offset);
1712 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
1716 offset += 2; /* Skip Max Count */
1718 /* Build display for: Min Count */
1720 MinCount = GSHORT(pd, offset);
1724 proto_tree_add_text(tree, NullTVB, offset, 2, "Min Count: %u", MinCount);
1728 offset += 2; /* Skip Min Count */
1730 /* Build display for: Reserved 1 */
1732 Reserved1 = GWORD(pd, offset);
1736 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved 1: %u", Reserved1);
1740 offset += 4; /* Skip Reserved 1 */
1742 /* Build display for: Reserved 2 */
1744 Reserved2 = GSHORT(pd, offset);
1748 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 2: %u", Reserved2);
1752 offset += 2; /* Skip Reserved 2 */
1754 /* Build display for: Byte Count (BCC) */
1756 ByteCount = GSHORT(pd, offset);
1760 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1764 offset += 2; /* Skip Byte Count (BCC) */
1767 /* Response(s) dissect code */
1769 /* Build display for: Word Count */
1771 WordCount = GBYTE(pd, offset);
1775 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count: %u", WordCount);
1779 offset += 1; /* Skip Word Count */
1781 if (WordCount != 0) {
1783 /* Build display for: Offset */
1785 Offset = GWORD(pd, offset);
1789 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
1793 offset += 4; /* Skip Offset */
1795 /* Build display for: Count */
1797 Count = GSHORT(pd, offset);
1801 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
1805 offset += 2; /* Skip Count */
1807 /* Build display for: Reserved */
1809 Reserved = GSHORT(pd, offset);
1813 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
1817 offset += 2; /* Skip Reserved */
1819 /* Build display for: Data Compaction Mode */
1821 DataCompactionMode = GSHORT(pd, offset);
1825 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Compaction Mode: %u", DataCompactionMode);
1829 offset += 2; /* Skip Data Compaction Mode */
1831 /* Build display for: Reserved */
1833 Reserved = GSHORT(pd, offset);
1837 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
1841 offset += 2; /* Skip Reserved */
1843 /* Build display for: Data Length */
1845 DataLength = GSHORT(pd, offset);
1849 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
1853 offset += 2; /* Skip Data Length */
1855 /* Build display for: Data Offset */
1857 DataOffset = GSHORT(pd, offset);
1861 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
1865 offset += 2; /* Skip Data Offset */
1869 /* Build display for: Byte Count (BCC) */
1871 ByteCount = GSHORT(pd, offset);
1875 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1879 offset += 2; /* Skip Byte Count (BCC) */
1881 /* Build display for: Pad */
1883 Pad = GBYTE(pd, offset);
1887 proto_tree_add_text(tree, NullTVB, offset, 1, "Pad: %u", Pad);
1891 offset += 1; /* Skip Pad */
1898 dissect_delete_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *paernt, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
1902 guint8 BufferFormat;
1903 guint16 SearchAttributes;
1905 const char *FileName;
1909 /* Request(s) dissect code */
1911 /* Build display for: Word Count (WCT) */
1913 WordCount = GBYTE(pd, offset);
1917 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1921 offset += 1; /* Skip Word Count (WCT) */
1923 /* Build display for: SearchAttributes */
1925 SearchAttributes = GSHORT(pd, offset);
1929 proto_tree_add_text(tree, NullTVB, offset, 2, "Search Attributes: %u", SearchAttributes);
1932 offset += 2; /* Skip SearchAttributes */
1934 /* Build display for: Byte Count (BCC) */
1936 ByteCount = GSHORT(pd, offset);
1940 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1944 offset += 2; /* Skip Byte Count (BCC) */
1946 /* Build display for: Buffer Format */
1948 BufferFormat = GBYTE(pd, offset);
1952 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %s (%u)",
1953 val_to_str(BufferFormat, buffer_format_vals, "Unknown"),
1958 offset += 1; /* Skip Buffer Format */
1960 /* Build display for: File Name */
1962 FileName = get_unicode_or_ascii_string(pd, &offset, SMB_offset, si.unicode, &string_len);
1966 proto_tree_add_text(tree, NullTVB, offset, string_len, "File Name: %s", FileName);
1970 offset += string_len; /* Skip File Name */
1973 /* Response(s) dissect code */
1975 /* Build display for: Word Count (WCT) */
1977 WordCount = GBYTE(pd, offset);
1981 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1985 offset += 1; /* Skip Word Count (WCT) */
1987 /* Build display for: Byte Count (BCC) */
1989 ByteCount = GSHORT(pd, offset);
1993 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1997 offset += 2; /* Skip Byte Count (BCC) */
2004 dissect_query_info2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
2007 proto_tree *Attributes_tree;
2010 guint32 FileDataSize;
2011 guint32 FileAllocationSize;
2012 guint16 LastWriteTime;
2013 guint16 LastWriteDate;
2014 guint16 LastAccessTime;
2015 guint16 LastAccessDate;
2017 guint16 CreationTime;
2018 guint16 CreationDate;
2023 /* Request(s) dissect code */
2025 /* Build display for: Word Count (WCT) */
2027 WordCount = GBYTE(pd, offset);
2031 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
2035 offset += 1; /* Skip Word Count (WCT) */
2037 /* Build display for: FID */
2039 FID = GSHORT(pd, offset);
2043 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
2047 offset += 2; /* Skip FID */
2049 /* Build display for: Byte Count */
2051 ByteCount = GSHORT(pd, offset);
2055 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
2059 offset += 2; /* Skip Byte Count */
2062 /* Response(s) dissect code */
2064 /* Build display for: Word Count (WCT) */
2066 WordCount = GBYTE(pd, offset);
2070 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
2074 offset += 1; /* Skip Word Count (WCT) */
2076 if (WordCount != 0) {
2078 /* Build display for: Creation Date */
2080 CreationDate = GSHORT(pd, offset);
2084 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Date: %s", dissect_dos_date(CreationDate));
2088 offset += 2; /* Skip Creation Date */
2090 /* Build display for: Creation Time */
2092 CreationTime = GSHORT(pd, offset);
2096 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Time: %s", dissect_dos_time(CreationTime));
2100 offset += 2; /* Skip Creation Time */
2102 /* Build display for: Last Access Date */
2104 LastAccessDate = GSHORT(pd, offset);
2108 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Access Date: %s", dissect_dos_date(LastAccessDate));
2112 offset += 2; /* Skip Last Access Date */
2114 /* Build display for: Last Access Time */
2116 LastAccessTime = GSHORT(pd, offset);
2120 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Access Time: %s", dissect_dos_time(LastAccessTime));
2124 offset += 2; /* Skip Last Access Time */
2126 /* Build display for: Last Write Date */
2128 LastWriteDate = GSHORT(pd, offset);
2132 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_dos_date(LastWriteDate));
2136 offset += 2; /* Skip Last Write Date */
2138 /* Build display for: Last Write Time */
2140 LastWriteTime = GSHORT(pd, offset);
2144 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_dos_time(LastWriteTime));
2148 offset += 2; /* Skip Last Write Time */
2150 /* Build display for: File Data Size */
2152 FileDataSize = GWORD(pd, offset);
2156 proto_tree_add_text(tree, NullTVB, offset, 4, "File Data Size: %u", FileDataSize);
2160 offset += 4; /* Skip File Data Size */
2162 /* Build display for: File Allocation Size */
2164 FileAllocationSize = GWORD(pd, offset);
2168 proto_tree_add_text(tree, NullTVB, offset, 4, "File Allocation Size: %u", FileAllocationSize);
2172 offset += 4; /* Skip File Allocation Size */
2174 /* Build display for: Attributes */
2176 Attributes = GSHORT(pd, offset);
2180 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Attributes: 0x%02x", Attributes);
2181 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
2182 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
2183 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
2184 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
2185 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
2186 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
2187 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
2188 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
2189 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
2190 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
2191 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
2192 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
2193 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
2197 offset += 2; /* Skip Attributes */
2201 /* Build display for: Byte Count */
2203 ByteCount = GSHORT(pd, offset);
2207 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
2211 offset += 2; /* Skip Byte Count */
2218 dissect_treecon_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
2222 guint8 BufferFormat3;
2223 guint8 BufferFormat2;
2224 guint8 BufferFormat1;
2226 guint16 MaxBufferSize;
2228 const char *SharePath;
2229 const char *Service;
2230 const char *Password;
2234 /* Request(s) dissect code */
2236 /* Build display for: Word Count (WCT) */
2238 WordCount = GBYTE(pd, offset);
2242 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
2246 offset += 1; /* Skip Word Count (WCT) */
2248 /* Build display for: Byte Count (BCC) */
2250 ByteCount = GSHORT(pd, offset);
2254 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
2258 offset += 2; /* Skip Byte Count (BCC) */
2260 /* Build display for: BufferFormat1 */
2262 BufferFormat1 = GBYTE(pd, offset);
2266 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format 1: %s (%u)",
2267 val_to_str(BufferFormat1, buffer_format_vals, "Unknown"),
2272 offset += 1; /* Skip BufferFormat1 */
2274 /* Build display for: Share Path */
2276 SharePath = get_unicode_or_ascii_string(pd, &offset, SMB_offset, si.unicode, &string_len);
2280 proto_tree_add_text(tree, NullTVB, offset, string_len, "Share Path: %s", SharePath);
2284 offset += string_len; /* Skip Share Path */
2286 /* Build display for: BufferFormat2 */
2288 BufferFormat2 = GBYTE(pd, offset);
2292 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format 2: %s (%u)",
2293 val_to_str(BufferFormat2, buffer_format_vals, "Unknown"),
2298 offset += 1; /* Skip BufferFormat2 */
2300 /* Build display for: Password */
2302 Password = pd + offset;
2306 proto_tree_add_text(tree, NullTVB, offset, strlen(Password) + 1, "Password: %s", Password);
2310 offset += strlen(Password) + 1; /* Skip Password */
2312 /* Build display for: BufferFormat3 */
2314 BufferFormat3 = GBYTE(pd, offset);
2318 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format 3: %s (%u)",
2319 val_to_str(BufferFormat3, buffer_format_vals, "Unknown"),
2324 offset += 1; /* Skip BufferFormat3 */
2326 /* Build display for: Service */
2328 Service = pd + offset;
2332 proto_tree_add_text(tree, NullTVB, offset, strlen(Service) + 1, "Service: %s", Service);
2336 offset += strlen(Service) + 1; /* Skip Service */
2339 /* Response(s) dissect code */
2341 /* Build display for: Word Count (WCT) */
2343 WordCount = GBYTE(pd, offset);
2347 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
2351 offset += 1; /* Skip Word Count (WCT) */
2353 if (WordCount != 0) {
2355 /* Build display for: Max Buffer Size */
2357 MaxBufferSize = GSHORT(pd, offset);
2361 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Buffer Size: %u", MaxBufferSize);
2365 offset += 2; /* Skip Max Buffer Size */
2367 /* Build display for: TID */
2369 TID = GSHORT(pd, offset);
2373 proto_tree_add_text(tree, NullTVB, offset, 2, "TID: %u", TID);
2377 offset += 2; /* Skip TID */
2381 /* Build display for: Byte Count (BCC) */
2383 ByteCount = GSHORT(pd, offset);
2387 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
2391 offset += 2; /* Skip Byte Count (BCC) */
2397 /* Generated by build-dissect.pl Vesion 0.6 27-Jun-1999, ACT */
2399 dissect_ssetup_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
2402 proto_tree *Capabilities_tree;
2403 proto_tree *Action_tree;
2406 guint8 AndXReserved;
2407 guint8 AndXCommand = 0xFF;
2410 guint32 Capabilities;
2412 guint16 SecurityBlobLength;
2413 guint16 ANSIAccountPasswordLength;
2414 guint16 UNICODEAccountPasswordLength;
2415 guint16 PasswordLen;
2416 guint16 MaxMpxCount;
2417 guint16 MaxBufferSize;
2419 guint16 AndXOffset = 0;
2421 const char *ANSIPassword;
2422 const char *UNICODEPassword;
2423 const char *SecurityBlob;
2424 const char *Password;
2425 const char *PrimaryDomain;
2426 const char *NativeOS;
2427 const char *NativeLanManType;
2428 const char *NativeLanMan;
2429 const char *AccountName;
2433 /* Request(s) dissect code */
2435 /* Build display for: Word Count (WCT) */
2437 WordCount = GBYTE(pd, offset);
2441 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
2445 offset += 1; /* Skip Word Count (WCT) */
2447 switch (WordCount) {
2451 /* Build display for: AndXCommand */
2453 AndXCommand = GBYTE(pd, offset);
2457 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
2458 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
2462 offset += 1; /* Skip AndXCommand */
2464 /* Build display for: AndXReserved */
2466 AndXReserved = GBYTE(pd, offset);
2470 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
2474 offset += 1; /* Skip AndXReserved */
2476 /* Build display for: AndXOffset */
2478 AndXOffset = GSHORT(pd, offset);
2482 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
2486 offset += 2; /* Skip AndXOffset */
2488 /* Build display for: MaxBufferSize */
2490 MaxBufferSize = GSHORT(pd, offset);
2494 proto_tree_add_text(tree, NullTVB, offset, 2, "MaxBufferSize: %u", MaxBufferSize);
2498 offset += 2; /* Skip MaxBufferSize */
2500 /* Build display for: MaxMpxCount */
2502 MaxMpxCount = GSHORT(pd, offset);
2506 proto_tree_add_text(tree, NullTVB, offset, 2, "MaxMpxCount: %u", MaxMpxCount);
2510 offset += 2; /* Skip MaxMpxCount */
2512 /* Build display for: VcNumber */
2514 VcNumber = GSHORT(pd, offset);
2518 proto_tree_add_text(tree, NullTVB, offset, 2, "VcNumber: %u", VcNumber);
2522 offset += 2; /* Skip VcNumber */
2524 /* Build display for: SessionKey */
2526 SessionKey = GWORD(pd, offset);
2530 proto_tree_add_text(tree, NullTVB, offset, 4, "SessionKey: %u", SessionKey);
2534 offset += 4; /* Skip SessionKey */
2536 /* Build display for: PasswordLen */
2538 PasswordLen = GSHORT(pd, offset);
2542 proto_tree_add_text(tree, NullTVB, offset, 2, "PasswordLen: %u", PasswordLen);
2546 offset += 2; /* Skip PasswordLen */
2548 /* Build display for: Reserved */
2550 Reserved = GWORD(pd, offset);
2554 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved: %u", Reserved);
2558 offset += 4; /* Skip Reserved */
2560 /* Build display for: Byte Count (BCC) */
2562 ByteCount = GSHORT(pd, offset);
2566 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
2570 offset += 2; /* Skip Byte Count (BCC) */
2572 if (ByteCount > 0) {
2574 /* Build display for: Password */
2576 Password = pd + offset;
2580 proto_tree_add_text(tree, NullTVB, offset, strlen(Password) + 1, "Password: %s", Password);
2584 offset += PasswordLen;
2586 /* Build display for: AccountName */
2588 AccountName = pd + offset;
2592 proto_tree_add_text(tree, NullTVB, offset, strlen(AccountName) + 1, "AccountName: %s", AccountName);
2596 offset += strlen(AccountName) + 1; /* Skip AccountName */
2598 /* Build display for: PrimaryDomain */
2600 PrimaryDomain = pd + offset;
2604 proto_tree_add_text(tree, NullTVB, offset, strlen(PrimaryDomain) + 1, "PrimaryDomain: %s", PrimaryDomain);
2608 offset += strlen(PrimaryDomain) + 1; /* Skip PrimaryDomain */
2610 /* Build display for: NativeOS */
2612 NativeOS = pd + offset;
2616 proto_tree_add_text(tree, NullTVB, offset, strlen(NativeOS) + 1, "Native OS: %s", NativeOS);
2620 offset += strlen(NativeOS) + 1; /* Skip NativeOS */
2622 /* Build display for: NativeLanMan */
2624 NativeLanMan = pd + offset;
2628 proto_tree_add_text(tree, NullTVB, offset, strlen(NativeLanMan) + 1, "Native Lan Manager: %s", NativeLanMan);
2632 offset += strlen(NativeLanMan) + 1; /* Skip NativeLanMan */
2640 /* Build display for: AndXCommand */
2642 AndXCommand = GBYTE(pd, offset);
2646 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
2647 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
2651 offset += 1; /* Skip AndXCommand */
2653 /* Build display for: AndXReserved */
2655 AndXReserved = GBYTE(pd, offset);
2659 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
2663 offset += 1; /* Skip AndXReserved */
2665 /* Build display for: AndXOffset */
2667 AndXOffset = GSHORT(pd, offset);
2671 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
2675 offset += 2; /* Skip AndXOffset */
2677 /* Build display for: MaxBufferSize */
2679 MaxBufferSize = GSHORT(pd, offset);
2683 proto_tree_add_text(tree, NullTVB, offset, 2, "MaxBufferSize: %u", MaxBufferSize);
2687 offset += 2; /* Skip MaxBufferSize */
2689 /* Build display for: MaxMpxCount */
2691 MaxMpxCount = GSHORT(pd, offset);
2695 proto_tree_add_text(tree, NullTVB, offset, 2, "MaxMpxCount: %u", MaxMpxCount);
2699 offset += 2; /* Skip MaxMpxCount */
2701 /* Build display for: VcNumber */
2703 VcNumber = GSHORT(pd, offset);
2707 proto_tree_add_text(tree, NullTVB, offset, 2, "VcNumber: %u", VcNumber);
2711 offset += 2; /* Skip VcNumber */
2713 /* Build display for: SessionKey */
2715 SessionKey = GWORD(pd, offset);
2719 proto_tree_add_text(tree, NullTVB, offset, 4, "SessionKey: %u", SessionKey);
2723 offset += 4; /* Skip SessionKey */
2725 /* Build display for: Security Blob Length */
2727 SecurityBlobLength = GSHORT(pd, offset);
2731 proto_tree_add_text(tree, NullTVB, offset, 2, "Security Blob Length: %u", SecurityBlobLength);
2735 offset += 2; /* Skip Security Blob Length */
2737 /* Build display for: Reserved */
2739 Reserved = GWORD(pd, offset);
2743 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved: %u", Reserved);
2747 offset += 4; /* Skip Reserved */
2749 /* Build display for: Capabilities */
2751 Capabilities = GWORD(pd, offset);
2755 ti = proto_tree_add_text(tree, NullTVB, offset, 4, "Capabilities: 0x%08x", Capabilities);
2756 Capabilities_tree = proto_item_add_subtree(ti, ett_smb_capabilities);
2757 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2758 decode_boolean_bitfield(Capabilities, 0x0001, 32, " Raw Mode supported", " Raw Mode not supported"));
2759 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2760 decode_boolean_bitfield(Capabilities, 0x0002, 32, " Raw Mode supported", " MPX Mode not supported"));
2761 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2762 decode_boolean_bitfield(Capabilities, 0x0004, 32," Unicode supported", " Unicode not supported"));
2763 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2764 decode_boolean_bitfield(Capabilities, 0x0008, 32, " Large Files supported", " Large Files not supported"));
2765 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2766 decode_boolean_bitfield(Capabilities, 0x0010, 32, " NT LM 0.12 SMBs supported", " NT LM 0.12 SMBs not supported"));
2767 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2768 decode_boolean_bitfield(Capabilities, 0x0020, 32, " RPC Remote APIs supported", " RPC Remote APIs not supported"));
2769 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2770 decode_boolean_bitfield(Capabilities, 0x0040, 32, " NT Status Codes supported", " NT Status Codes not supported"));
2771 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2772 decode_boolean_bitfield(Capabilities, 0x0080, 32, " Level 2 OpLocks supported", " Level 2 OpLocks not supported"));
2773 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2774 decode_boolean_bitfield(Capabilities, 0x0100, 32, " Lock&Read supported", " Lock&Read not supported"));
2775 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2776 decode_boolean_bitfield(Capabilities, 0x0200, 32, " NT Find supported", " NT Find not supported"));
2777 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2778 decode_boolean_bitfield(Capabilities, 0x1000, 32, " DFS supported", " DFS not supported"));
2779 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2780 decode_boolean_bitfield(Capabilities, 0x4000, 32, " Large READX supported", " Large READX not supported"));
2781 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2782 decode_boolean_bitfield(Capabilities, 0x8000, 32, " Large WRITEX supported", " Large WRITEX not supported"));
2783 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2784 decode_boolean_bitfield(Capabilities, 0x80000000, 32, " Extended Security Exchanges supported", " Extended Security Exchanges not supported"));
2788 offset += 4; /* Skip Capabilities */
2790 /* Build display for: Byte Count */
2792 ByteCount = GSHORT(pd, offset);
2796 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
2800 offset += 2; /* Skip Byte Count */
2802 if (ByteCount > 0) {
2804 /* Build display for: Security Blob */
2806 SecurityBlob = pd + offset;
2808 if (SecurityBlobLength > 0) {
2810 /* XXX - is this ASN.1-encoded? Is it a Kerberos data structure,
2811 at least in NT 5.0-and-later server replies? */
2815 proto_tree_add_text(tree, NullTVB, offset, SecurityBlobLength, "Security Blob: %s",
2816 bytes_to_str(SecurityBlob, SecurityBlobLength));
2820 offset += SecurityBlobLength; /* Skip Security Blob */
2824 /* Build display for: Native OS */
2826 NativeOS = get_unicode_or_ascii_string(pd, &offset, SMB_offset, si.unicode, &string_len);
2830 proto_tree_add_text(tree, NullTVB, offset, string_len, "Native OS: %s", NativeOS);
2834 offset += string_len; /* Skip Native OS */
2836 /* Build display for: Native LanMan Type */
2838 NativeLanManType = get_unicode_or_ascii_string(pd, &offset, SMB_offset, si.unicode, &string_len);
2842 proto_tree_add_text(tree, NullTVB, offset, string_len, "Native LanMan Type: %s", NativeLanManType);
2846 offset += string_len; /* Skip Native LanMan Type */
2848 /* Build display for: Primary Domain */
2850 PrimaryDomain = get_unicode_or_ascii_string(pd, &offset, SMB_offset, si.unicode, &string_len);
2854 proto_tree_add_text(tree, NullTVB, offset, string_len, "Primary Domain: %s", PrimaryDomain);
2858 offset += string_len; /* Skip Primary Domain */
2866 /* Build display for: AndXCommand */
2868 AndXCommand = GBYTE(pd, offset);
2872 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
2873 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
2877 offset += 1; /* Skip AndXCommand */
2879 /* Build display for: AndXReserved */
2881 AndXReserved = GBYTE(pd, offset);
2885 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
2889 offset += 1; /* Skip AndXReserved */
2891 /* Build display for: AndXOffset */
2893 AndXOffset = GSHORT(pd, offset);
2897 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
2901 offset += 2; /* Skip AndXOffset */
2903 /* Build display for: MaxBufferSize */
2905 MaxBufferSize = GSHORT(pd, offset);
2909 proto_tree_add_text(tree, NullTVB, offset, 2, "MaxBufferSize: %u", MaxBufferSize);
2913 offset += 2; /* Skip MaxBufferSize */
2915 /* Build display for: MaxMpxCount */
2917 MaxMpxCount = GSHORT(pd, offset);
2921 proto_tree_add_text(tree, NullTVB, offset, 2, "MaxMpxCount: %u", MaxMpxCount);
2925 offset += 2; /* Skip MaxMpxCount */
2927 /* Build display for: VcNumber */
2929 VcNumber = GSHORT(pd, offset);
2933 proto_tree_add_text(tree, NullTVB, offset, 2, "VcNumber: %u", VcNumber);
2937 offset += 2; /* Skip VcNumber */
2939 /* Build display for: SessionKey */
2941 SessionKey = GWORD(pd, offset);
2945 proto_tree_add_text(tree, NullTVB, offset, 4, "SessionKey: %u", SessionKey);
2949 offset += 4; /* Skip SessionKey */
2951 /* Build display for: ANSI Account Password Length */
2953 ANSIAccountPasswordLength = GSHORT(pd, offset);
2957 proto_tree_add_text(tree, NullTVB, offset, 2, "ANSI Account Password Length: %u", ANSIAccountPasswordLength);
2961 offset += 2; /* Skip ANSI Account Password Length */
2963 /* Build display for: UNICODE Account Password Length */
2965 UNICODEAccountPasswordLength = GSHORT(pd, offset);
2969 proto_tree_add_text(tree, NullTVB, offset, 2, "UNICODE Account Password Length: %u", UNICODEAccountPasswordLength);
2973 offset += 2; /* Skip UNICODE Account Password Length */
2975 /* Build display for: Reserved */
2977 Reserved = GWORD(pd, offset);
2981 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved: %u", Reserved);
2985 offset += 4; /* Skip Reserved */
2987 /* Build display for: Capabilities */
2989 Capabilities = GWORD(pd, offset);
2993 ti = proto_tree_add_text(tree, NullTVB, offset, 4, "Capabilities: 0x%08x", Capabilities);
2994 Capabilities_tree = proto_item_add_subtree(ti, ett_smb_capabilities);
2995 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2996 decode_boolean_bitfield(Capabilities, 0x0001, 32, " Raw Mode supported", " Raw Mode not supported"));
2997 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2998 decode_boolean_bitfield(Capabilities, 0x0002, 32, " Raw Mode supported", " MPX Mode not supported"));
2999 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
3000 decode_boolean_bitfield(Capabilities, 0x0004, 32," Unicode supported", " Unicode not supported"));
3001 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
3002 decode_boolean_bitfield(Capabilities, 0x0008, 32, " Large Files supported", " Large Files not supported"));
3003 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
3004 decode_boolean_bitfield(Capabilities, 0x0010, 32, " NT LM 0.12 SMBs supported", " NT LM 0.12 SMBs not supported"));
3005 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
3006 decode_boolean_bitfield(Capabilities, 0x0020, 32, " RPC Remote APIs supported", " RPC Remote APIs not supported"));
3007 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
3008 decode_boolean_bitfield(Capabilities, 0x0040, 32, " NT Status Codes supported", " NT Status Codes not supported"));
3009 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
3010 decode_boolean_bitfield(Capabilities, 0x0080, 32, " Level 2 OpLocks supported", " Level 2 OpLocks not supported"));
3011 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
3012 decode_boolean_bitfield(Capabilities, 0x0100, 32, " Lock&Read supported", " Lock&Read not supported"));
3013 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
3014 decode_boolean_bitfield(Capabilities, 0x0200, 32, " NT Find supported", " NT Find not supported"));
3015 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
3016 decode_boolean_bitfield(Capabilities, 0x1000, 32, " DFS supported", " DFS not supported"));
3017 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
3018 decode_boolean_bitfield(Capabilities, 0x4000, 32, " Large READX supported", " Large READX not supported"));
3019 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
3020 decode_boolean_bitfield(Capabilities, 0x8000, 32, " Large WRITEX supported", " Large WRITEX not supported"));
3021 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
3022 decode_boolean_bitfield(Capabilities, 0x80000000, 32, " Extended Security Exchanges supported", " Extended Security Exchanges not supported"));
3026 offset += 4; /* Skip Capabilities */
3028 /* Build display for: Byte Count */
3030 ByteCount = GSHORT(pd, offset);
3034 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
3038 offset += 2; /* Skip Byte Count */
3040 if (ByteCount > 0) {
3042 /* Build display for: ANSI Password */
3044 ANSIPassword = pd + offset;
3046 if (ANSIAccountPasswordLength > 0) {
3050 proto_tree_add_text(tree, NullTVB, offset, ANSIAccountPasswordLength, "ANSI Password: %s", format_text(ANSIPassword, ANSIAccountPasswordLength));
3054 offset += ANSIAccountPasswordLength; /* Skip ANSI Password */
3057 /* Build display for: UNICODE Password */
3059 UNICODEPassword = pd + offset;
3061 if (UNICODEAccountPasswordLength > 0) {
3065 proto_tree_add_text(tree, NullTVB, offset, UNICODEAccountPasswordLength, "UNICODE Password: %s", format_text(UNICODEPassword, UNICODEAccountPasswordLength));
3069 offset += UNICODEAccountPasswordLength; /* Skip UNICODE Password */
3073 /* Build display for: Account Name */
3075 AccountName = get_unicode_or_ascii_string(pd, &offset, SMB_offset, si.unicode, &string_len);
3079 proto_tree_add_text(tree, NullTVB, offset, string_len, "Account Name: %s", AccountName);
3083 offset += string_len; /* Skip Account Name */
3085 /* Build display for: Primary Domain */
3088 * XXX - pre-W2K NT systems sometimes appear to stick an extra
3089 * byte in front of this, at least if all the strings are
3090 * ASCII and the account name is empty. Another bug?
3093 PrimaryDomain = get_unicode_or_ascii_string(pd, &offset, SMB_offset, si.unicode, &string_len);
3097 proto_tree_add_text(tree, NullTVB, offset, string_len, "Primary Domain: %s", PrimaryDomain);
3101 offset += string_len; /* Skip Primary Domain */
3103 /* Build display for: Native OS */
3105 NativeOS = get_unicode_or_ascii_string(pd, &offset, SMB_offset, si.unicode, &string_len);
3109 proto_tree_add_text(tree, NullTVB, offset, string_len, "Native OS: %s", NativeOS);
3113 offset += string_len; /* Skip Native OS */
3115 /* Build display for: Native LanMan Type */
3118 * XXX - pre-W2K NT systems appear to stick an extra 2 bytes of
3119 * padding/null string/whatever in front of this. W2K doesn't
3120 * appear to. I suspect that's a bug that got fixed; I also
3121 * suspect that, in practice, nobody ever looks at that field
3122 * because the bug didn't appear to get fixed until NT 5.0....
3125 NativeLanManType = get_unicode_or_ascii_string(pd, &offset, SMB_offset, si.unicode, &string_len);
3129 proto_tree_add_text(tree, NullTVB, offset, string_len, "Native LanMan Type: %s", NativeLanManType);
3133 offset += string_len; /* Skip Native LanMan Type */
3141 /* XXX - dump the parameter words, one word at a time? */
3143 offset += WordCount;
3145 /* Build display for: Byte Count (BCC) */
3147 ByteCount = GSHORT(pd, offset);
3151 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3155 offset += 2; /* Skip Byte Count (BCC) */
3161 if (AndXCommand != 0xFF) {
3163 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset);
3168 /* Response(s) dissect code */
3170 /* Build display for: Word Count (WCT) */
3172 WordCount = GBYTE(pd, offset);
3176 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3180 offset += 1; /* Skip Word Count (WCT) */
3182 switch (WordCount) {
3186 /* Build display for: AndXCommand */
3188 AndXCommand = GBYTE(pd, offset);
3192 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
3193 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
3197 offset += 1; /* Skip AndXCommand */
3199 /* Build display for: AndXReserved */
3201 AndXReserved = GBYTE(pd, offset);
3205 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
3209 offset += 1; /* Skip AndXReserved */
3211 /* Build display for: AndXOffset */
3213 AndXOffset = GSHORT(pd, offset);
3217 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
3221 offset += 2; /* Skip AndXOffset */
3223 /* Build display for: Action */
3225 Action = GSHORT(pd, offset);
3229 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Action: %u", Action);
3230 Action_tree = proto_item_add_subtree(ti, ett_smb_ssetupandxaction);
3231 proto_tree_add_text(Action_tree, NullTVB, offset, 2, "%s",
3232 decode_boolean_bitfield(Action, 0x0001, 16, "Logged in as GUEST", "Not logged in as GUEST"));
3236 offset += 2; /* Skip Action */
3238 /* Build display for: Byte Count (BCC) */
3240 ByteCount = GSHORT(pd, offset);
3244 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3248 offset += 2; /* Skip Byte Count (BCC) */
3250 if (ByteCount > 0) {
3252 /* Build display for: NativeOS */
3254 NativeOS = get_unicode_or_ascii_string(pd, &offset, SMB_offset, si.unicode, &string_len);
3258 proto_tree_add_text(tree, NullTVB, offset, string_len, "NativeOS: %s", NativeOS);
3262 offset += string_len; /* Skip NativeOS */
3264 /* Build display for: NativeLanMan */
3266 NativeLanMan = get_unicode_or_ascii_string(pd, &offset, SMB_offset, si.unicode, &string_len);
3270 proto_tree_add_text(tree, NullTVB, offset, string_len, "NativeLanMan: %s", NativeLanMan);
3274 offset += string_len; /* Skip NativeLanMan */
3276 /* Build display for: PrimaryDomain */
3278 PrimaryDomain = get_unicode_or_ascii_string(pd, &offset, SMB_offset, si.unicode, &string_len);
3282 proto_tree_add_text(tree, NullTVB, offset, string_len, "PrimaryDomain: %s", PrimaryDomain);
3286 offset += string_len; /* Skip PrimaryDomain */
3294 /* Build display for: AndXCommand */
3296 AndXCommand = GBYTE(pd, offset);
3300 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
3301 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
3305 offset += 1; /* Skip AndXCommand */
3307 /* Build display for: AndXReserved */
3309 AndXReserved = GBYTE(pd, offset);
3313 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
3317 offset += 1; /* Skip AndXReserved */
3319 /* Build display for: AndXOffset */
3321 AndXOffset = GSHORT(pd, offset);
3325 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
3330 offset += 2; /* Skip AndXOffset */
3332 /* Build display for: Action */
3334 Action = GSHORT(pd, offset);
3338 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Action: %u", Action);
3339 Action_tree = proto_item_add_subtree(ti, ett_smb_ssetupandxaction);
3340 proto_tree_add_text(Action_tree, NullTVB, offset, 2, "%s",
3341 decode_boolean_bitfield(Action, 0x0001, 16, "Logged in as GUEST", "Not logged in as GUEST"));
3345 offset += 2; /* Skip Action */
3347 /* Build display for: Security Blob Length */
3349 SecurityBlobLength = GSHORT(pd, offset);
3353 proto_tree_add_text(tree, NullTVB, offset, 2, "Security Blob Length: %u", SecurityBlobLength);
3357 offset += 2; /* Skip Security Blob Length */
3359 /* Build display for: Byte Count (BCC) */
3361 ByteCount = GSHORT(pd, offset);
3365 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3369 offset += 2; /* Skip Byte Count (BCC) */
3371 if (ByteCount > 0) {
3373 SecurityBlob = pd + offset;
3375 if (SecurityBlobLength > 0) {
3377 /* XXX - is this ASN.1-encoded? Is it a Kerberos data structure,
3378 at least in NT 5.0-and-later server replies? */
3382 proto_tree_add_text(tree, NullTVB, offset, SecurityBlobLength, "Security Blob: %s",
3383 bytes_to_str(SecurityBlob, SecurityBlobLength));
3387 offset += SecurityBlobLength; /* Skip Security Blob */
3391 /* Build display for: NativeOS */
3393 NativeOS = get_unicode_or_ascii_string(pd, &offset, SMB_offset, si.unicode, &string_len);
3397 proto_tree_add_text(tree, NullTVB, offset, string_len, "NativeOS: %s", NativeOS);
3401 offset += string_len; /* Skip NativeOS */
3403 /* Build display for: NativeLanMan */
3405 NativeLanMan = get_unicode_or_ascii_string(pd, &offset, SMB_offset, si.unicode, &string_len);
3409 proto_tree_add_text(tree, NullTVB, offset, string_len, "NativeLanMan: %s", NativeLanMan);
3413 offset += string_len; /* Skip NativeLanMan */
3421 /* XXX - dump the parameter words, one word at a time? */
3423 offset += WordCount;
3425 /* Build display for: Byte Count (BCC) */
3427 ByteCount = GSHORT(pd, offset);
3431 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3435 offset += 2; /* Skip Byte Count (BCC) */
3441 if (AndXCommand != 0xFF) {
3443 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset);
3452 dissect_tcon_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
3455 guint8 wct, andxcmd = 0xFF;
3456 guint16 andxoffs = 0, flags, passwdlen, bcc, optionsup;
3459 proto_tree *flags_tree;
3460 proto_tree *optionsup_tree;
3465 /* Now figure out what format we are talking about, 2, 3, or 4 response
3469 if (!(si.request && (wct == 4)) && !(!si.request && (wct == 2)) &&
3470 !(!si.request && (wct == 3)) && !(wct == 0)) {
3474 proto_tree_add_text(tree, NullTVB, offset, 1, "Invalid TCON_ANDX format. WCT should be 0, 2, 3, or 4 ..., not %u", wct);
3476 proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Data");
3486 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", wct);
3494 andxcmd = pd[offset];
3498 proto_tree_add_text(tree, NullTVB, offset, 1, "Next Command: %s",
3499 (andxcmd == 0xFF) ? "No further commands":
3500 decode_smb_name(andxcmd));
3502 proto_tree_add_text(tree, NullTVB, offset + 1, 1, "Reserved (MBZ): %u", pd[offset+1]);
3508 andxoffs = GSHORT(pd, offset);
3512 proto_tree_add_text(tree, NullTVB, offset, 2, "Offset to next command: %u", andxoffs);
3524 bcc = GSHORT(pd, offset);
3528 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
3536 flags = GSHORT(pd, offset);
3540 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Additional Flags: 0x%04x", flags);
3541 flags_tree = proto_item_add_subtree(ti, ett_smb_aflags);
3542 proto_tree_add_text(flags_tree, NullTVB, offset, 2, "%s",
3543 decode_boolean_bitfield(flags, 0x0001, 16,
3545 "Don't disconnect TID"));
3551 passwdlen = GSHORT(pd, offset);
3555 proto_tree_add_text(tree, NullTVB, offset, 2, "Password Length: %u", passwdlen);
3561 bcc = GSHORT(pd, offset);
3565 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
3575 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Password: %s", format_text(str, passwdlen));
3579 offset += passwdlen;
3581 str = get_unicode_or_ascii_string(pd, &offset, SMB_offset, si.unicode, &string_len);
3585 proto_tree_add_text(tree, NullTVB, offset, string_len, "Path: %s", str);
3589 offset += string_len;
3595 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Service: %s", str);
3603 bcc = GSHORT(pd, offset);
3607 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
3617 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Service Type: %s",
3622 offset += strlen(str) + 1;
3628 optionsup = GSHORT(pd, offset);
3632 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Optional Support: 0x%04x",
3634 optionsup_tree = proto_item_add_subtree(ti, ett_smb_optionsup);
3635 proto_tree_add_text(optionsup_tree, NullTVB, offset, 2, "%s",
3636 decode_boolean_bitfield(optionsup, 0x0001, 16, "Share supports Search", "Share doesn't support Search"));
3637 proto_tree_add_text(optionsup_tree, NullTVB, offset, 2, "%s",
3638 decode_boolean_bitfield(optionsup, 0x0002, 16, "Share is in DFS", "Share isn't in DFS"));
3644 bcc = GSHORT(pd, offset);
3648 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
3655 * NOTE: the Service string is always ASCII, even if the "strings are
3656 * Unicode" bit is set in the flags2 field of the SMB.
3663 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Service: %s", str);
3667 offset += strlen(str) + 1;
3669 str = get_unicode_or_ascii_string(pd, &offset, SMB_offset, si.unicode, &string_len);
3673 proto_tree_add_text(tree, NullTVB, offset, string_len, "Native File System: %s", str);
3677 offset += string_len;
3687 if (andxcmd != 0xFF) /* Process that next command ... ??? */
3689 (dissect[andxcmd])(pd, SMB_offset + andxoffs, fd, parent, tree, si, max_data - offset, SMB_offset);
3694 dissect_negprot_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
3696 guint8 wct, enckeylen;
3697 guint16 bcc, mode, rawmode, dialect;
3699 proto_tree *dialects = NULL, *mode_tree, *caps_tree, *rawmode_tree;
3705 wct = pd[offset]; /* Should be 0, 1 or 13 or 17, I think */
3707 if (!((wct == 0) && si.request) && !((wct == 1) && !si.request) &&
3708 !((wct == 13) && !si.request) && !((wct == 17) && !si.request)) {
3711 proto_tree_add_text(tree, NullTVB, offset, 1, "Invalid Negotiate Protocol format. WCT should be zero or 1 or 13 or 17 ..., not %u", wct);
3713 proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Data");
3721 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %d", wct);
3727 if (!si.request && wct == 0) {
3729 /* Build display for: Byte Count (BCC) */
3731 bcc = GSHORT(pd, offset);
3735 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
3739 offset += 2; /* Skip Byte Count (BCC) */
3745 /* Now decode the various formats ... */
3749 case 0: /* A request */
3751 bcc = GSHORT(pd, offset);
3755 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
3763 ti = proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Dialects");
3764 dialects = proto_item_add_subtree(ti, ett_smb_dialects);
3768 while (IS_DATA_IN_FRAME(offset)) {
3773 proto_tree_add_text(dialects, NullTVB, offset, 1, "Dialect Marker: %d", pd[offset]);
3783 proto_tree_add_text(dialects, NullTVB, offset, strlen(str)+1, "Dialect: %s", str);
3787 offset += strlen(str) + 1;
3792 case 1: /* PC NETWORK PROGRAM 1.0 */
3794 dialect = GSHORT(pd, offset);
3796 if (tree) { /* Hmmmm, what if none of the dialects is recognized */
3798 if (dialect == 0xFFFF) { /* Server didn't like them dialects */
3800 proto_tree_add_text(tree, NullTVB, offset, 2, "Supplied dialects not recognized");
3805 proto_tree_add_text(tree, NullTVB, offset, 2, "Dialect Index: %u, PC NETWORK PROTGRAM 1.0", dialect);
3813 bcc = GSHORT(pd, offset);
3817 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
3823 case 13: /* Greater than Core and up to and incl LANMAN2.1 */
3827 proto_tree_add_text(tree, NullTVB, offset, 2, "Dialect Index: %u, Greater than CORE PROTOCOL and up to LANMAN2.1", GSHORT(pd, offset));
3831 /* Much of this is similar to response 17 below */
3835 mode = GSHORT(pd, offset);
3839 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Security Mode: 0x%04x", mode);
3840 mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
3841 proto_tree_add_text(mode_tree, NullTVB, offset, 2, "%s",
3842 decode_boolean_bitfield(mode, 0x0001, 16,
3844 "Security = Share"));
3845 proto_tree_add_text(mode_tree, NullTVB, offset, 2, "%s",
3846 decode_boolean_bitfield(mode, 0x0002, 16,
3847 "Passwords = Encrypted",
3848 "Passwords = Plaintext"));
3856 proto_tree_add_text(tree, NullTVB, offset, 2, "Max buffer size: %u", GSHORT(pd, offset));
3864 proto_tree_add_text(tree, NullTVB, offset, 2, "Max multiplex count: %u", GSHORT(pd, offset));
3872 proto_tree_add_text(tree, NullTVB, offset, 2, "Max vcs: %u", GSHORT(pd, offset));
3878 rawmode = GSHORT(pd, offset);
3882 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Raw Mode: 0x%04x", rawmode);
3883 rawmode_tree = proto_item_add_subtree(ti, ett_smb_rawmode);
3884 proto_tree_add_text(rawmode_tree, NullTVB, offset, 2, "%s",
3885 decode_boolean_bitfield(rawmode, 0x01, 16,
3886 "Read Raw supported",
3887 "Read Raw not supported"));
3888 proto_tree_add_text(rawmode_tree, NullTVB, offset, 2, "%s",
3889 decode_boolean_bitfield(rawmode, 0x02, 16,
3890 "Write Raw supported",
3891 "Write Raw not supported"));
3899 proto_tree_add_text(tree, NullTVB, offset, 4, "Session key: %08x", GWORD(pd, offset));
3905 /* Now the server time, two short parameters ... */
3909 proto_tree_add_text(tree, NullTVB, offset, 2, "Server Time: %s",
3910 dissect_dos_time(GSHORT(pd, offset)));
3911 proto_tree_add_text(tree, NullTVB, offset + 2, 2, "Server Date: %s",
3912 dissect_dos_date(GSHORT(pd, offset + 2)));
3918 /* Server Time Zone, SHORT */
3922 proto_tree_add_text(tree, NullTVB, offset, 2, "Server time zone: %i min from UTC",
3923 (signed short)GSSHORT(pd, offset));
3929 /* Challenge Length */
3931 enckeylen = GSHORT(pd, offset);
3935 proto_tree_add_text(tree, NullTVB, offset, 2, "Challenge Length: %u", enckeylen);
3943 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u (MBZ)", GSHORT(pd, offset));
3949 bcc = GSHORT(pd, offset);
3953 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
3959 if (enckeylen) { /* only if non-zero key len */
3965 proto_tree_add_text(tree, NullTVB, offset, enckeylen, "Challenge: %s",
3966 bytes_to_str(str, enckeylen));
3969 offset += enckeylen;
3973 /* Primary Domain ... */
3979 proto_tree_add_text(tree, NullTVB, offset, strlen(str)+1, "Primary Domain: %s", str);
3985 case 17: /* Greater than LANMAN2.1 */
3989 proto_tree_add_text(tree, NullTVB, offset, 2, "Dialect Index: %u, Greater than LANMAN2.1", GSHORT(pd, offset));
3995 mode = GBYTE(pd, offset);
3999 ti = proto_tree_add_text(tree, NullTVB, offset, 1, "Security Mode: 0x%02x", mode);
4000 mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
4001 proto_tree_add_text(mode_tree, NullTVB, offset, 1, "%s",
4002 decode_boolean_bitfield(mode, 0x01, 8,
4004 "Security = Share"));
4005 proto_tree_add_text(mode_tree, NullTVB, offset, 1, "%s",
4006 decode_boolean_bitfield(mode, 0x02, 8,
4007 "Passwords = Encrypted",
4008 "Passwords = Plaintext"));
4009 proto_tree_add_text(mode_tree, NullTVB, offset, 1, "%s",
4010 decode_boolean_bitfield(mode, 0x04, 8,
4011 "Security signatures enabled",
4012 "Security signatures not enabled"));
4013 proto_tree_add_text(mode_tree, NullTVB, offset, 1, "%s",
4014 decode_boolean_bitfield(mode, 0x08, 8,
4015 "Security signatures required",
4016 "Security signatures not required"));
4024 proto_tree_add_text(tree, NullTVB, offset, 2, "Max multiplex count: %u", GSHORT(pd, offset));
4032 proto_tree_add_text(tree, NullTVB, offset, 2, "Max vcs: %u", GSHORT(pd, offset));
4040 proto_tree_add_text(tree, NullTVB, offset, 2, "Max buffer size: %u", GWORD(pd, offset));
4048 proto_tree_add_text(tree, NullTVB, offset, 4, "Max raw size: %u", GWORD(pd, offset));
4056 proto_tree_add_text(tree, NullTVB, offset, 4, "Session key: %08x", GWORD(pd, offset));
4062 caps = GWORD(pd, offset);
4066 ti = proto_tree_add_text(tree, NullTVB, offset, 4, "Capabilities: 0x%04x", caps);
4067 caps_tree = proto_item_add_subtree(ti, ett_smb_capabilities);
4068 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
4069 decode_boolean_bitfield(caps, 0x0001, 32,
4070 "Raw Mode supported",
4071 "Raw Mode not supported"));
4072 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
4073 decode_boolean_bitfield(caps, 0x0002, 32,
4074 "MPX Mode supported",
4075 "MPX Mode not supported"));
4076 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
4077 decode_boolean_bitfield(caps, 0x0004, 32,
4078 "Unicode supported",
4079 "Unicode not supported"));
4080 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
4081 decode_boolean_bitfield(caps, 0x0008, 32,
4082 "Large files supported",
4083 "Large files not supported"));
4084 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
4085 decode_boolean_bitfield(caps, 0x0010, 32,
4086 "NT LM 0.12 SMBs supported",
4087 "NT LM 0.12 SMBs not supported"));
4088 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
4089 decode_boolean_bitfield(caps, 0x0020, 32,
4090 "RPC remote APIs supported",
4091 "RPC remote APIs not supported"));
4092 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
4093 decode_boolean_bitfield(caps, 0x0040, 32,
4094 "NT status codes supported",
4095 "NT status codes not supported"));
4096 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
4097 decode_boolean_bitfield(caps, 0x0080, 32,
4098 "Level 2 OpLocks supported",
4099 "Level 2 OpLocks not supported"));
4100 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
4101 decode_boolean_bitfield(caps, 0x0100, 32,
4102 "Lock&Read supported",
4103 "Lock&Read not supported"));
4104 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
4105 decode_boolean_bitfield(caps, 0x0200, 32,
4106 "NT Find supported",
4107 "NT Find not supported"));
4108 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
4109 decode_boolean_bitfield(caps, 0x1000, 32,
4111 "DFS not supported"));
4112 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
4113 decode_boolean_bitfield(caps, 0x4000, 32,
4114 "Large READX supported",
4115 "Large READX not supported"));
4116 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
4117 decode_boolean_bitfield(caps, 0x8000, 32,
4118 "Large WRITEX supported",
4119 "Large WRITEX not supported"));
4120 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
4121 decode_boolean_bitfield(caps, 0x80000000, 32,
4122 "Extended security exchanges supported",
4123 "Extended security exchanges not supported"));
4128 /* Server time, 2 WORDS */
4132 proto_tree_add_text(tree, NullTVB, offset, 4, "System Time Low: 0x%08x", GWORD(pd, offset));
4133 proto_tree_add_text(tree, NullTVB, offset + 4, 4, "System Time High: 0x%08x", GWORD(pd, offset + 4));
4139 /* Server Time Zone, SHORT */
4143 proto_tree_add_text(tree, NullTVB, offset, 2, "Server time zone: %i min from UTC",
4144 (signed short)GSSHORT(pd, offset));
4150 /* Encryption key len */
4152 enckeylen = pd[offset];
4156 proto_tree_add_text(tree, NullTVB, offset, 1, "Encryption key len: %u", enckeylen);
4162 bcc = GSHORT(pd, offset);
4166 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte count (BCC): %u", bcc);
4172 if (caps & 0x80000000) {
4173 /* Extended security */
4179 /* XXX - show it in GUID form, with dashes or whatever */
4180 proto_tree_add_text(tree, NullTVB, offset, 16, "GUID: %s",
4181 bytes_to_str(&pd[offset], 16));
4188 /* XXX - is this ASN.1-encoded? Is it a Kerberos data structure,
4189 at least in NT 5.0-and-later server replies? */
4196 proto_tree_add_text(tree, NullTVB, offset, bcc, "Security blob: %s",
4197 bytes_to_str(&pd[offset], bcc));
4202 /* Non-extended security */
4204 if (enckeylen) { /* only if non-zero key len */
4206 /* Encryption challenge key */
4212 proto_tree_add_text(tree, NullTVB, offset, enckeylen, "Challenge encryption key: %s",
4213 bytes_to_str(str, enckeylen));
4217 offset += enckeylen;
4221 /* The domain, a null terminated string; Unicode if "caps" has
4222 the 0x0004 bit set, ASCII (OEM character set) otherwise.
4223 XXX - for now, we just handle the ISO 8859-1 subset of Unicode. */
4229 if (caps & 0x0004) {
4230 ustr = unicode_to_str(str, &ustr_len);
4231 proto_tree_add_text(tree, NullTVB, offset, ustr_len+2, "OEM domain name: %s", ustr);
4233 proto_tree_add_text(tree, NullTVB, offset, strlen(str)+1, "OEM domain name: %s", str);
4241 default: /* Baddd */
4244 proto_tree_add_text(tree, NullTVB, offset, 1, "Bad format, should never get here");
4252 dissect_deletedir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
4256 guint8 BufferFormat;
4258 const char *DirectoryName;
4262 /* Request(s) dissect code */
4264 /* Build display for: Word Count (WCT) */
4266 WordCount = GBYTE(pd, offset);
4270 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4274 offset += 1; /* Skip Word Count (WCT) */
4276 /* Build display for: Byte Count (BCC) */
4278 ByteCount = GSHORT(pd, offset);
4282 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
4286 offset += 2; /* Skip Byte Count (BCC) */
4288 /* Build display for: Buffer Format */
4290 BufferFormat = GBYTE(pd, offset);
4294 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %s (%u)",
4295 val_to_str(BufferFormat, buffer_format_vals, "Unknown"),
4300 offset += 1; /* Skip Buffer Format */
4302 /* Build display for: Directory Name */
4304 DirectoryName = get_unicode_or_ascii_string(pd, &offset, SMB_offset, si.unicode, &string_len);
4308 proto_tree_add_text(tree, NullTVB, offset, string_len, "Directory Name: %s", DirectoryName);
4312 offset += string_len; /* Skip Directory Name */
4315 /* Response(s) dissect code */
4317 /* Build display for: Word Count (WCT) */
4319 WordCount = GBYTE(pd, offset);
4323 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4327 offset += 1; /* Skip Word Count (WCT) */
4329 /* Build display for: Byte Count (BCC) */
4331 ByteCount = GSHORT(pd, offset);
4335 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
4339 offset += 2; /* Skip Byte Count (BCC) */
4346 dissect_createdir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
4350 guint8 BufferFormat;
4352 const char *DirectoryName;
4356 /* Request(s) dissect code */
4358 /* Build display for: Word Count (WCT) */
4360 WordCount = GBYTE(pd, offset);
4364 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4368 offset += 1; /* Skip Word Count (WCT) */
4370 /* Build display for: Byte Count (BCC) */
4372 ByteCount = GSHORT(pd, offset);
4376 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
4380 offset += 2; /* Skip Byte Count (BCC) */
4382 /* Build display for: Buffer Format */
4384 BufferFormat = GBYTE(pd, offset);
4388 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %s (%u)",
4389 val_to_str(BufferFormat, buffer_format_vals, "Unknown"),
4394 offset += 1; /* Skip Buffer Format */
4396 /* Build display for: Directory Name */
4398 DirectoryName = get_unicode_or_ascii_string(pd, &offset, SMB_offset, si.unicode, &string_len);
4402 proto_tree_add_text(tree, NullTVB, offset, string_len, "Directory Name: %s", DirectoryName);
4406 offset += string_len; /* Skip Directory Name */
4409 /* Response(s) dissect code */
4411 /* Build display for: Word Count (WCT) */
4413 WordCount = GBYTE(pd, offset);
4417 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4421 offset += 1; /* Skip Word Count (WCT) */
4423 /* Build display for: Byte Count (BCC) */
4425 ByteCount = GSHORT(pd, offset);
4429 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
4433 offset += 2; /* Skip Byte Count (BCC) */
4441 dissect_checkdir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
4445 guint8 BufferFormat;
4447 const char *DirectoryName;
4451 /* Request(s) dissect code */
4453 /* Build display for: Word Count (WCT) */
4455 WordCount = GBYTE(pd, offset);
4459 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4463 offset += 1; /* Skip Word Count (WCT) */
4465 /* Build display for: Byte Count (BCC) */
4467 ByteCount = GSHORT(pd, offset);
4471 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
4475 offset += 2; /* Skip Byte Count (BCC) */
4477 /* Build display for: Buffer Format */
4479 BufferFormat = GBYTE(pd, offset);
4483 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %s (%u)",
4484 val_to_str(BufferFormat, buffer_format_vals, "Unknown"),
4489 offset += 1; /* Skip Buffer Format */
4491 /* Build display for: Directory Name */
4493 DirectoryName = get_unicode_or_ascii_string(pd, &offset, SMB_offset, si.unicode, &string_len);
4497 proto_tree_add_text(tree, NullTVB, offset, string_len, "Directory Name: %s", DirectoryName);
4501 offset += string_len; /* Skip Directory Name */
4504 /* Response(s) dissect code */
4506 /* Build display for: Word Count (WCT) */
4508 WordCount = GBYTE(pd, offset);
4512 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4516 offset += 1; /* Skip Word Count (WCT) */
4518 /* Build display for: Byte Count (BCC) */
4520 ByteCount = GSHORT(pd, offset);
4524 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
4528 offset += 2; /* Skip Byte Count (BCC) */
4535 dissect_open_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
4538 static const value_string OpenFunction_0x10[] = {
4539 { 0, "Fail if file does not exist"},
4540 { 16, "Create file if it does not exist"},
4543 static const value_string OpenFunction_0x03[] = {
4544 { 0, "Fail if file exists"},
4545 { 1, "Open file if it exists"},
4546 { 2, "Truncate File if it exists"},
4549 static const value_string FileType_0xFFFF[] = {
4550 { 0, "Disk file or directory"},
4551 { 1, "Named pipe in byte mode"},
4552 { 2, "Named pipe in message mode"},
4553 { 3, "Spooled printer"},
4556 static const value_string DesiredAccess_0x70[] = {
4557 { 00, "Compatibility mode"},
4558 { 16, "Deny read/write/execute (exclusive)"},
4559 { 32, "Deny write"},
4560 { 48, "Deny read/execute"},
4564 static const value_string DesiredAccess_0x700[] = {
4565 { 0, "Locality of reference unknown"},
4566 { 256, "Mainly sequential access"},
4567 { 512, "Mainly random access"},
4568 { 768, "Random access with some locality"},
4571 static const value_string DesiredAccess_0x4000[] = {
4572 { 0, "Write through mode disabled"},
4573 { 16384, "Write through mode enabled"},
4576 static const value_string DesiredAccess_0x1000[] = {
4577 { 0, "Normal file (caching permitted)"},
4578 { 4096, "Do not cache this file"},
4581 static const value_string DesiredAccess_0x07[] = {
4582 { 0, "Open for reading"},
4583 { 1, "Open for writing"},
4584 { 2, "Open for reading and writing"},
4585 { 3, "Open for execute"},
4588 static const value_string Action_0x8000[] = {
4589 { 0, "File opened by another user (or mode not supported by server)"},
4590 { 32768, "File is opened only by this user at present"},
4593 static const value_string Action_0x0003[] = {
4594 { 0, "No action taken?"},
4595 { 1, "The file existed and was opened"},
4596 { 2, "The file did not exist but was created"},
4597 { 3, "The file existed and was truncated"},
4600 proto_tree *Search_tree;
4601 proto_tree *OpenFunction_tree;
4602 proto_tree *Flags_tree;
4603 proto_tree *File_tree;
4604 proto_tree *FileType_tree;
4605 proto_tree *FileAttributes_tree;
4606 proto_tree *DesiredAccess_tree;
4607 proto_tree *Action_tree;
4610 guint8 AndXReserved;
4611 guint8 AndXCommand = 0xFF;
4616 guint32 AllocatedSize;
4619 guint16 OpenFunction;
4620 guint16 LastWriteTime;
4621 guint16 LastWriteDate;
4622 guint16 GrantedAccess;
4625 guint16 FileAttributes;
4628 guint16 DeviceState;
4629 guint16 DesiredAccess;
4630 guint16 CreationTime;
4631 guint16 CreationDate;
4633 guint16 AndXOffset = 0;
4635 const char *FileName;
4639 /* Request(s) dissect code */
4641 /* Build display for: Word Count (WCT) */
4643 WordCount = GBYTE(pd, offset);
4647 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4651 offset += 1; /* Skip Word Count (WCT) */
4653 /* Build display for: AndXCommand */
4655 AndXCommand = GBYTE(pd, offset);
4659 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
4660 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
4664 offset += 1; /* Skip AndXCommand */
4666 /* Build display for: AndXReserved */
4668 AndXReserved = GBYTE(pd, offset);
4672 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
4676 offset += 1; /* Skip AndXReserved */
4678 /* Build display for: AndXOffset */
4680 AndXOffset = GSHORT(pd, offset);
4684 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
4688 offset += 2; /* Skip AndXOffset */
4690 /* Build display for: Flags */
4692 Flags = GSHORT(pd, offset);
4696 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Flags: 0x%02x", Flags);
4697 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
4698 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
4699 decode_boolean_bitfield(Flags, 0x01, 16, "Dont Return Additional Info", "Return Additional Info"));
4700 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
4701 decode_boolean_bitfield(Flags, 0x02, 16, "Exclusive OpLock not Requested", "Exclusive OpLock Requested"));
4702 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
4703 decode_boolean_bitfield(Flags, 0x04, 16, "Batch OpLock not Requested", "Batch OpLock Requested"));
4707 offset += 2; /* Skip Flags */
4709 /* Build display for: Desired Access */
4711 DesiredAccess = GSHORT(pd, offset);
4715 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Desired Access: 0x%02x", DesiredAccess);
4716 DesiredAccess_tree = proto_item_add_subtree(ti, ett_smb_desiredaccess);
4717 proto_tree_add_text(DesiredAccess_tree, NullTVB, offset, 2, "%s",
4718 decode_enumerated_bitfield(DesiredAccess, 0x07, 16, DesiredAccess_0x07, "%s"));
4719 proto_tree_add_text(DesiredAccess_tree, NullTVB, offset, 2, "%s",
4720 decode_enumerated_bitfield(DesiredAccess, 0x70, 16, DesiredAccess_0x70, "%s"));
4721 proto_tree_add_text(DesiredAccess_tree, NullTVB, offset, 2, "%s",
4722 decode_enumerated_bitfield(DesiredAccess, 0x700, 16, DesiredAccess_0x700, "%s"));
4723 proto_tree_add_text(DesiredAccess_tree, NullTVB, offset, 2, "%s",
4724 decode_enumerated_bitfield(DesiredAccess, 0x1000, 16, DesiredAccess_0x1000, "%s"));
4725 proto_tree_add_text(DesiredAccess_tree, NullTVB, offset, 2, "%s",
4726 decode_enumerated_bitfield(DesiredAccess, 0x4000, 16, DesiredAccess_0x4000, "%s"));
4730 offset += 2; /* Skip Desired Access */
4732 /* Build display for: Search */
4734 Search = GSHORT(pd, offset);
4738 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Search: 0x%02x", Search);
4739 Search_tree = proto_item_add_subtree(ti, ett_smb_search);
4740 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
4741 decode_boolean_bitfield(Search, 0x01, 16, "Read only file", "Not a read only file"));
4742 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
4743 decode_boolean_bitfield(Search, 0x02, 16, "Hidden file", "Not a hidden file"));
4744 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
4745 decode_boolean_bitfield(Search, 0x04, 16, "System file", "Not a system file"));
4746 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
4747 decode_boolean_bitfield(Search, 0x08, 16, " Volume", "Not a volume"));
4748 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
4749 decode_boolean_bitfield(Search, 0x10, 16, " Directory", "Not a directory"));
4750 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
4751 decode_boolean_bitfield(Search, 0x20, 16, "Archive file", "Do not archive file"));
4755 offset += 2; /* Skip Search */
4757 /* Build display for: File */
4759 File = GSHORT(pd, offset);
4763 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "File: 0x%02x", File);
4764 File_tree = proto_item_add_subtree(ti, ett_smb_file);
4765 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
4766 decode_boolean_bitfield(File, 0x01, 16, "Read only file", "Not a read only file"));
4767 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
4768 decode_boolean_bitfield(File, 0x02, 16, "Hidden file", "Not a hidden file"));
4769 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
4770 decode_boolean_bitfield(File, 0x04, 16, "System file", "Not a system file"));
4771 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
4772 decode_boolean_bitfield(File, 0x08, 16, " Volume", "Not a volume"));
4773 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
4774 decode_boolean_bitfield(File, 0x10, 16, " Directory", "Not a directory"));
4775 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
4776 decode_boolean_bitfield(File, 0x20, 16, "Archive file", "Do not archive file"));
4780 offset += 2; /* Skip File */
4782 /* Build display for: Creation Time */
4784 CreationTime = GSHORT(pd, offset);
4791 offset += 2; /* Skip Creation Time */
4793 /* Build display for: Creation Date */
4795 CreationDate = GSHORT(pd, offset);
4799 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Date: %s", dissect_smbu_date(CreationDate, CreationTime));
4800 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Time: %s", dissect_smbu_time(CreationDate, CreationTime));
4804 offset += 2; /* Skip Creation Date */
4806 /* Build display for: Open Function */
4808 OpenFunction = GSHORT(pd, offset);
4812 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Open Function: 0x%02x", OpenFunction);
4813 OpenFunction_tree = proto_item_add_subtree(ti, ett_smb_openfunction);
4814 proto_tree_add_text(OpenFunction_tree, NullTVB, offset, 2, "%s",
4815 decode_enumerated_bitfield(OpenFunction, 0x10, 16, OpenFunction_0x10, "%s"));
4816 proto_tree_add_text(OpenFunction_tree, NullTVB, offset, 2, "%s",
4817 decode_enumerated_bitfield(OpenFunction, 0x03, 16, OpenFunction_0x03, "%s"));
4821 offset += 2; /* Skip Open Function */
4823 /* Build display for: Allocated Size */
4825 AllocatedSize = GWORD(pd, offset);
4829 proto_tree_add_text(tree, NullTVB, offset, 4, "Allocated Size: %u", AllocatedSize);
4833 offset += 4; /* Skip Allocated Size */
4835 /* Build display for: Reserved1 */
4837 Reserved1 = GWORD(pd, offset);
4841 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved1: %u", Reserved1);
4845 offset += 4; /* Skip Reserved1 */
4847 /* Build display for: Reserved2 */
4849 Reserved2 = GWORD(pd, offset);
4853 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved2: %u", Reserved2);
4857 offset += 4; /* Skip Reserved2 */
4859 /* Build display for: Byte Count */
4861 ByteCount = GSHORT(pd, offset);
4865 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
4869 offset += 2; /* Skip Byte Count */
4871 /* Build display for: File Name */
4873 FileName = get_unicode_or_ascii_string(pd, &offset, SMB_offset, si.unicode, &string_len);
4877 proto_tree_add_text(tree, NullTVB, offset, string_len, "File Name: %s", FileName);
4881 offset += string_len; /* Skip File Name */
4884 if (AndXCommand != 0xFF) {
4886 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset);
4891 /* Response(s) dissect code */
4893 /* Build display for: Word Count (WCT) */
4895 WordCount = GBYTE(pd, offset);
4899 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4903 offset += 1; /* Skip Word Count (WCT) */
4905 if (WordCount != 0) {
4907 /* Build display for: AndXCommand */
4909 AndXCommand = GBYTE(pd, offset);
4913 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
4914 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
4918 offset += 1; /* Skip AndXCommand */
4920 /* Build display for: AndXReserved */
4922 AndXReserved = GBYTE(pd, offset);
4926 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
4930 offset += 1; /* Skip AndXReserved */
4932 /* Build display for: AndXOffset */
4934 AndXOffset = GSHORT(pd, offset);
4938 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
4942 offset += 2; /* Skip AndXOffset */
4944 /* Build display for: FID */
4946 FID = GSHORT(pd, offset);
4950 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
4954 offset += 2; /* Skip FID */
4956 /* Build display for: FileAttributes */
4958 FileAttributes = GSHORT(pd, offset);
4962 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "FileAttributes: 0x%02x", FileAttributes);
4963 FileAttributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
4964 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
4965 decode_boolean_bitfield(FileAttributes, 0x01, 16, "Read only file", "Not a read only file"));
4966 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
4967 decode_boolean_bitfield(FileAttributes, 0x02, 16, "Hidden file", "Not a hidden file"));
4968 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
4969 decode_boolean_bitfield(FileAttributes, 0x04, 16, "System file", "Not a system file"));
4970 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
4971 decode_boolean_bitfield(FileAttributes, 0x08, 16, " Volume", "Not a volume"));
4972 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
4973 decode_boolean_bitfield(FileAttributes, 0x10, 16, " Directory", "Not a directory"));
4974 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
4975 decode_boolean_bitfield(FileAttributes, 0x20, 16, "Archive file", "Do not archive file"));
4979 offset += 2; /* Skip FileAttributes */
4981 /* Build display for: Last Write Time */
4983 LastWriteTime = GSHORT(pd, offset);
4989 offset += 2; /* Skip Last Write Time */
4991 /* Build display for: Last Write Date */
4993 LastWriteDate = GSHORT(pd, offset);
4997 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_smbu_date(LastWriteDate, LastWriteTime));
4998 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_smbu_time(LastWriteDate, LastWriteTime));
5003 offset += 2; /* Skip Last Write Date */
5005 /* Build display for: Data Size */
5007 DataSize = GWORD(pd, offset);
5011 proto_tree_add_text(tree, NullTVB, offset, 4, "Data Size: %u", DataSize);
5015 offset += 4; /* Skip Data Size */
5017 /* Build display for: Granted Access */
5019 GrantedAccess = GSHORT(pd, offset);
5023 proto_tree_add_text(tree, NullTVB, offset, 2, "Granted Access: %u", GrantedAccess);
5027 offset += 2; /* Skip Granted Access */
5029 /* Build display for: File Type */
5031 FileType = GSHORT(pd, offset);
5035 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "File Type: 0x%02x", FileType);
5036 FileType_tree = proto_item_add_subtree(ti, ett_smb_filetype);
5037 proto_tree_add_text(FileType_tree, NullTVB, offset, 2, "%s",
5038 decode_enumerated_bitfield(FileType, 0xFFFF, 16, FileType_0xFFFF, "%s"));
5042 offset += 2; /* Skip File Type */
5044 /* Build display for: Device State */
5046 DeviceState = GSHORT(pd, offset);
5050 proto_tree_add_text(tree, NullTVB, offset, 2, "Device State: %u", DeviceState);
5054 offset += 2; /* Skip Device State */
5056 /* Build display for: Action */
5058 Action = GSHORT(pd, offset);
5062 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Action: 0x%02x", Action);
5063 Action_tree = proto_item_add_subtree(ti, ett_smb_openaction);
5064 proto_tree_add_text(Action_tree, NullTVB, offset, 2, "%s",
5065 decode_enumerated_bitfield(Action, 0x8000, 16, Action_0x8000, "%s"));
5066 proto_tree_add_text(Action_tree, NullTVB, offset, 2, "%s",
5067 decode_enumerated_bitfield(Action, 0x0003, 16, Action_0x0003, "%s"));
5071 offset += 2; /* Skip Action */
5073 /* Build display for: Server FID */
5075 ServerFID = GWORD(pd, offset);
5079 proto_tree_add_text(tree, NullTVB, offset, 4, "Server FID: %u", ServerFID);
5083 offset += 4; /* Skip Server FID */
5085 /* Build display for: Reserved */
5087 Reserved = GSHORT(pd, offset);
5091 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
5095 offset += 2; /* Skip Reserved */
5099 /* Build display for: Byte Count */
5101 ByteCount = GSHORT(pd, offset);
5105 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
5109 offset += 2; /* Skip Byte Count */
5112 if (AndXCommand != 0xFF) {
5114 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset);
5123 dissect_write_raw_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
5126 proto_tree *WriteMode_tree;
5143 /* Request(s) dissect code */
5145 WordCount = GBYTE(pd, offset);
5147 switch (WordCount) {
5151 /* Build display for: Word Count (WCT) */
5153 WordCount = GBYTE(pd, offset);
5157 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5161 offset += 1; /* Skip Word Count (WCT) */
5163 /* Build display for: FID */
5165 FID = GSHORT(pd, offset);
5169 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
5173 offset += 2; /* Skip FID */
5175 /* Build display for: Count */
5177 Count = GSHORT(pd, offset);
5181 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
5185 offset += 2; /* Skip Count */
5187 /* Build display for: Reserved 1 */
5189 Reserved1 = GSHORT(pd, offset);
5193 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
5197 offset += 2; /* Skip Reserved 1 */
5199 /* Build display for: Offset */
5201 Offset = GWORD(pd, offset);
5205 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
5209 offset += 4; /* Skip Offset */
5211 /* Build display for: Timeout */
5213 Timeout = GWORD(pd, offset);
5217 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
5221 offset += 4; /* Skip Timeout */
5223 /* Build display for: WriteMode */
5225 WriteMode = GSHORT(pd, offset);
5229 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "WriteMode: 0x%02x", WriteMode);
5230 WriteMode_tree = proto_item_add_subtree(ti, ett_smb_writemode);
5231 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
5232 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
5233 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
5234 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining (pipe/dev)", "Dont return Remaining (pipe/dev)"));
5238 offset += 2; /* Skip WriteMode */
5240 /* Build display for: Reserved 2 */
5242 Reserved2 = GWORD(pd, offset);
5246 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved 2: %u", Reserved2);
5250 offset += 4; /* Skip Reserved 2 */
5252 /* Build display for: Data Length */
5254 DataLength = GSHORT(pd, offset);
5258 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
5262 offset += 2; /* Skip Data Length */
5264 /* Build display for: Data Offset */
5266 DataOffset = GSHORT(pd, offset);
5270 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
5274 offset += 2; /* Skip Data Offset */
5276 /* Build display for: Byte Count (BCC) */
5278 ByteCount = GSHORT(pd, offset);
5282 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5286 offset += 2; /* Skip Byte Count (BCC) */
5288 /* Build display for: Pad */
5290 Pad = GBYTE(pd, offset);
5294 proto_tree_add_text(tree, NullTVB, offset, 1, "Pad: %u", Pad);
5298 offset += 1; /* Skip Pad */
5304 /* Build display for: Word Count (WCT) */
5306 WordCount = GBYTE(pd, offset);
5310 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5314 offset += 1; /* Skip Word Count (WCT) */
5316 /* Build display for: FID */
5318 FID = GSHORT(pd, offset);
5322 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
5326 offset += 2; /* Skip FID */
5328 /* Build display for: Count */
5330 Count = GSHORT(pd, offset);
5334 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
5338 offset += 2; /* Skip Count */
5340 /* Build display for: Reserved 1 */
5342 Reserved1 = GSHORT(pd, offset);
5346 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
5350 offset += 2; /* Skip Reserved 1 */
5352 /* Build display for: Timeout */
5354 Timeout = GWORD(pd, offset);
5358 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
5362 offset += 4; /* Skip Timeout */
5364 /* Build display for: WriteMode */
5366 WriteMode = GSHORT(pd, offset);
5370 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "WriteMode: 0x%02x", WriteMode);
5371 WriteMode_tree = proto_item_add_subtree(ti, ett_smb_writemode);
5372 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
5373 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
5374 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
5375 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining (pipe/dev)", "Dont return Remaining (pipe/dev)"));
5379 offset += 2; /* Skip WriteMode */
5381 /* Build display for: Reserved 2 */
5383 Reserved2 = GWORD(pd, offset);
5387 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved 2: %u", Reserved2);
5391 offset += 4; /* Skip Reserved 2 */
5393 /* Build display for: Data Length */
5395 DataLength = GSHORT(pd, offset);
5399 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
5403 offset += 2; /* Skip Data Length */
5405 /* Build display for: Data Offset */
5407 DataOffset = GSHORT(pd, offset);
5411 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
5415 offset += 2; /* Skip Data Offset */
5417 /* Build display for: Byte Count (BCC) */
5419 ByteCount = GSHORT(pd, offset);
5423 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5427 offset += 2; /* Skip Byte Count (BCC) */
5429 /* Build display for: Pad */
5431 Pad = GBYTE(pd, offset);
5435 proto_tree_add_text(tree, NullTVB, offset, 1, "Pad: %u", Pad);
5439 offset += 1; /* Skip Pad */
5446 /* Response(s) dissect code */
5448 /* Build display for: Word Count (WCT) */
5450 WordCount = GBYTE(pd, offset);
5454 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5458 offset += 1; /* Skip Word Count (WCT) */
5460 if (WordCount != 0) {
5462 /* Build display for: Remaining */
5464 Remaining = GSHORT(pd, offset);
5468 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
5472 offset += 2; /* Skip Remaining */
5476 /* Build display for: Byte Count */
5478 ByteCount = GSHORT(pd, offset);
5482 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
5486 offset += 2; /* Skip Byte Count */
5493 dissect_tdis_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
5500 /* Request(s) dissect code */
5502 /* Build display for: Word Count (WCT) */
5504 WordCount = GBYTE(pd, offset);
5508 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5512 offset += 1; /* Skip Word Count (WCT) */
5514 /* Build display for: Byte Count (BCC) */
5516 ByteCount = GSHORT(pd, offset);
5520 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5524 offset += 2; /* Skip Byte Count (BCC) */
5527 /* Response(s) dissect code */
5529 /* Build display for: Word Count (WCT) */
5531 WordCount = GBYTE(pd, offset);
5535 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5539 offset += 1; /* Skip Word Count (WCT) */
5541 /* Build display for: Byte Count (BCC) */
5543 ByteCount = GSHORT(pd, offset);
5547 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5551 offset += 2; /* Skip Byte Count (BCC) */
5558 dissect_move_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
5561 static const value_string Flags_0x03[] = {
5562 { 0, "Target must be a file"},
5563 { 1, "Target must be a directory"},
5566 { 4, "Verify all writes"},
5569 proto_tree *Flags_tree;
5572 guint8 ErrorFileFormat;
5574 guint16 OpenFunction;
5578 const char *ErrorFileName;
5582 /* Request(s) dissect code */
5584 /* Build display for: Word Count (WCT) */
5586 WordCount = GBYTE(pd, offset);
5590 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5594 offset += 1; /* Skip Word Count (WCT) */
5596 /* Build display for: TID2 */
5598 TID2 = GSHORT(pd, offset);
5602 proto_tree_add_text(tree, NullTVB, offset, 2, "TID2: %u", TID2);
5606 offset += 2; /* Skip TID2 */
5608 /* Build display for: Open Function */
5610 OpenFunction = GSHORT(pd, offset);
5614 proto_tree_add_text(tree, NullTVB, offset, 2, "Open Function: %u", OpenFunction);
5618 offset += 2; /* Skip Open Function */
5620 /* Build display for: Flags */
5622 Flags = GSHORT(pd, offset);
5626 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Flags: 0x%02x", Flags);
5627 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
5628 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
5629 decode_enumerated_bitfield(Flags, 0x03, 16, Flags_0x03, "%s"));
5633 offset += 2; /* Skip Flags */
5636 /* Response(s) dissect code */
5638 /* Build display for: Word Count (WCT) */
5640 WordCount = GBYTE(pd, offset);
5644 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5648 offset += 1; /* Skip Word Count (WCT) */
5650 if (WordCount != 0) {
5652 /* Build display for: Count */
5654 Count = GSHORT(pd, offset);
5658 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
5662 offset += 2; /* Skip Count */
5666 /* Build display for: Byte Count */
5668 ByteCount = GSHORT(pd, offset);
5672 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
5676 offset += 2; /* Skip Byte Count */
5678 /* Build display for: Error File Format */
5680 ErrorFileFormat = GBYTE(pd, offset);
5684 proto_tree_add_text(tree, NullTVB, offset, 1, "Error File Format: %s (%u)",
5685 val_to_str(ErrorFileFormat, buffer_format_vals, "Unknown"),
5690 offset += 1; /* Skip Error File Format */
5692 /* Build display for: Error File Name */
5694 ErrorFileName = get_unicode_or_ascii_string(pd, &offset, SMB_offset, si.unicode, &string_len);
5698 proto_tree_add_text(tree, NullTVB, offset, string_len, "Error File Name: %s", ErrorFileName);
5702 offset += string_len; /* Skip Error File Name */
5709 dissect_rename_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
5713 guint8 BufferFormat2;
5714 guint8 BufferFormat1;
5715 guint16 SearchAttributes;
5717 const char *OldFileName;
5718 const char *NewFileName;
5722 /* Request(s) dissect code */
5724 /* Build display for: Word Count (WCT) */
5726 WordCount = GBYTE(pd, offset);
5730 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5734 offset += 1; /* Skip Word Count (WCT) */
5736 /* Build display for: Search Attributes */
5738 SearchAttributes = GSHORT(pd, offset);
5742 proto_tree_add_text(tree, NullTVB, offset, 2, "Search Attributes: %u", SearchAttributes);
5746 offset += 2; /* Skip Search Attributes */
5748 /* Build display for: Byte Count */
5750 ByteCount = GSHORT(pd, offset);
5754 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
5758 offset += 2; /* Skip Byte Count */
5760 /* Build display for: Buffer Format 1 */
5762 BufferFormat1 = GBYTE(pd, offset);
5766 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format 1: %s (%u)",
5767 val_to_str(BufferFormat1, buffer_format_vals, "Unknown"),
5772 offset += 1; /* Skip Buffer Format 1 */
5774 /* Build display for: Old File Name */
5776 OldFileName = get_unicode_or_ascii_string(pd, &offset, SMB_offset, si.unicode, &string_len);
5780 proto_tree_add_text(tree, NullTVB, offset, string_len, "Old File Name: %s", OldFileName);
5784 offset += string_len; /* Skip Old File Name */
5786 /* Build display for: Buffer Format 2 */
5788 BufferFormat2 = GBYTE(pd, offset);
5792 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format 2: %s (%u)",
5793 val_to_str(BufferFormat2, buffer_format_vals, "Unknown"),
5798 offset += 1; /* Skip Buffer Format 2 */
5800 /* Build display for: New File Name */
5802 NewFileName = get_unicode_or_ascii_string(pd, &offset, SMB_offset, si.unicode, &string_len);
5806 proto_tree_add_text(tree, NullTVB, offset, string_len, "New File Name: %s", NewFileName);
5810 offset += string_len; /* Skip New File Name */
5813 /* Response(s) dissect code */
5815 /* Build display for: Word Count (WCT) */
5817 WordCount = GBYTE(pd, offset);
5821 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5825 offset += 1; /* Skip Word Count (WCT) */
5827 /* Build display for: Byte Count (BCC) */
5829 ByteCount = GSHORT(pd, offset);
5833 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5837 offset += 2; /* Skip Byte Count (BCC) */
5844 dissect_open_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
5847 static const value_string Mode_0x03[] = {
5848 { 0, "Text mode (DOS expands TABs)"},
5849 { 1, "Graphics mode"},
5852 proto_tree *Mode_tree;
5855 guint8 BufferFormat;
5856 guint16 SetupLength;
5860 const char *IdentifierString;
5864 /* Request(s) dissect code */
5866 /* Build display for: Word Count (WCT) */
5868 WordCount = GBYTE(pd, offset);
5872 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5876 offset += 1; /* Skip Word Count (WCT) */
5878 /* Build display for: Setup Length */
5880 SetupLength = GSHORT(pd, offset);
5884 proto_tree_add_text(tree, NullTVB, offset, 2, "Setup Length: %u", SetupLength);
5888 offset += 2; /* Skip Setup Length */
5890 /* Build display for: Mode */
5892 Mode = GSHORT(pd, offset);
5896 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Mode: 0x%02x", Mode);
5897 Mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
5898 proto_tree_add_text(Mode_tree, NullTVB, offset, 2, "%s",
5899 decode_enumerated_bitfield(Mode, 0x03, 16, Mode_0x03, "%s"));
5903 offset += 2; /* Skip Mode */
5905 /* Build display for: Byte Count (BCC) */
5907 ByteCount = GSHORT(pd, offset);
5911 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5915 offset += 2; /* Skip Byte Count (BCC) */
5917 /* Build display for: Buffer Format */
5919 BufferFormat = GBYTE(pd, offset);
5923 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %s (%u)",
5924 val_to_str(BufferFormat, buffer_format_vals, "Unknown"),
5929 offset += 1; /* Skip Buffer Format */
5931 /* Build display for: Identifier String */
5933 IdentifierString = get_unicode_or_ascii_string(pd, &offset, SMB_offset, si.unicode, &string_len);
5937 proto_tree_add_text(tree, NullTVB, offset, string_len, "Identifier String: %s", IdentifierString);
5941 offset += string_len; /* Skip Identifier String */
5944 /* Response(s) dissect code */
5946 /* Build display for: Word Count (WCT) */
5948 WordCount = GBYTE(pd, offset);
5952 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5956 offset += 1; /* Skip Word Count (WCT) */
5958 /* Build display for: FID */
5960 FID = GSHORT(pd, offset);
5964 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
5968 offset += 2; /* Skip FID */
5970 /* Build display for: Byte Count (BCC) */
5972 ByteCount = GSHORT(pd, offset);
5976 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5980 offset += 2; /* Skip Byte Count (BCC) */
5987 dissect_close_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
5995 /* Request(s) dissect code */
5997 /* Build display for: Word Count (WCT) */
5999 WordCount = GBYTE(pd, offset);
6003 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6007 offset += 1; /* Skip Word Count (WCT) */
6009 /* Build display for: FID */
6011 FID = GSHORT(pd, offset);
6015 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
6019 offset += 2; /* Skip FID */
6021 /* Build display for: Byte Count (BCC) */
6023 ByteCount = GSHORT(pd, offset);
6027 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6031 offset += 2; /* Skip Byte Count (BCC) */
6034 /* Response(s) dissect code */
6036 /* Build display for: Word Count */
6038 WordCount = GBYTE(pd, offset);
6042 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count: %u", WordCount);
6046 offset += 1; /* Skip Word Count */
6048 /* Build display for: Byte Count (BCC) */
6050 ByteCount = GSHORT(pd, offset);
6054 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6058 offset += 2; /* Skip Byte Count (BCC) */
6065 dissect_read_raw_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
6079 /* Request(s) dissect code */
6081 WordCount = GBYTE(pd, offset);
6083 switch (WordCount) {
6087 /* Build display for: Word Count (WCT) */
6089 WordCount = GBYTE(pd, offset);
6093 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6097 offset += 1; /* Skip Word Count (WCT) */
6099 /* Build display for: FID */
6101 FID = GSHORT(pd, offset);
6105 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
6109 offset += 2; /* Skip FID */
6111 /* Build display for: Offset */
6113 Offset = GWORD(pd, offset);
6117 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
6121 offset += 4; /* Skip Offset */
6123 /* Build display for: Max Count */
6125 MaxCount = GSHORT(pd, offset);
6129 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
6133 offset += 2; /* Skip Max Count */
6135 /* Build display for: Min Count */
6137 MinCount = GSHORT(pd, offset);
6141 proto_tree_add_text(tree, NullTVB, offset, 2, "Min Count: %u", MinCount);
6145 offset += 2; /* Skip Min Count */
6147 /* Build display for: Timeout */
6149 Timeout = GWORD(pd, offset);
6153 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
6157 offset += 4; /* Skip Timeout */
6159 /* Build display for: Reserved */
6161 Reserved = GSHORT(pd, offset);
6165 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
6169 offset += 2; /* Skip Reserved */
6171 /* Build display for: Byte Count (BCC) */
6173 ByteCount = GSHORT(pd, offset);
6177 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6181 offset += 2; /* Skip Byte Count (BCC) */
6187 /* Build display for: Word Count (WCT) */
6189 WordCount = GBYTE(pd, offset);
6193 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6197 offset += 1; /* Skip Word Count (WCT) */
6199 /* Build display for: FID */
6201 FID = GSHORT(pd, offset);
6205 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
6209 offset += 2; /* Skip FID */
6211 /* Build display for: Offset */
6213 Offset = GWORD(pd, offset);
6217 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
6221 offset += 4; /* Skip Offset */
6223 /* Build display for: Max Count */
6225 MaxCount = GSHORT(pd, offset);
6229 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
6233 offset += 2; /* Skip Max Count */
6235 /* Build display for: Min Count */
6237 MinCount = GSHORT(pd, offset);
6241 proto_tree_add_text(tree, NullTVB, offset, 2, "Min Count: %u", MinCount);
6245 offset += 2; /* Skip Min Count */
6247 /* Build display for: Timeout */
6249 Timeout = GWORD(pd, offset);
6253 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
6257 offset += 4; /* Skip Timeout */
6259 /* Build display for: Reserved */
6261 Reserved = GSHORT(pd, offset);
6265 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
6269 offset += 2; /* Skip Reserved */
6271 /* Build display for: Offset High */
6273 OffsetHigh = GWORD(pd, offset);
6277 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset High: %u", OffsetHigh);
6281 offset += 4; /* Skip Offset High */
6283 /* Build display for: Byte Count (BCC) */
6285 ByteCount = GSHORT(pd, offset);
6289 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6293 offset += 2; /* Skip Byte Count (BCC) */
6300 /* Response(s) dissect code */
6307 dissect_read_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
6311 guint8 AndXReserved;
6312 guint8 AndXCommand = 0xFF;
6314 guint16 AndXOffset = 0;
6316 guint16 DataCompactionMode;
6328 /* Request(s) dissect code */
6330 /* Build display for: Word Count (WCT) */
6332 WordCount = GBYTE(pd, offset);
6336 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6340 offset += 1; /* Skip Word Count (WCT) */
6342 /* Build display for: AndXCommand */
6344 AndXCommand = GBYTE(pd, offset);
6348 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %u", AndXCommand);
6352 offset += 1; /* Skip AndXCommand */
6354 /* Build display for: AndXReserved */
6356 AndXReserved = GBYTE(pd, offset);
6360 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
6364 offset += 1; /* Skip AndXReserved */
6366 /* Build display for: AndXOffset */
6368 AndXOffset = GSHORT(pd, offset);
6372 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
6376 offset += 2; /* Skip AndXOffset */
6378 /* Build display for: FID */
6380 FID = GSHORT(pd, offset);
6384 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
6388 offset += 2; /* Skip FID */
6390 /* Build display for: Offset */
6392 Offset = GWORD(pd, offset);
6396 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
6400 offset += 4; /* Skip Offset */
6402 /* Build display for: Max Count */
6404 MaxCount = GSHORT(pd, offset);
6408 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
6412 offset += 2; /* Skip Max Count */
6414 /* Build display for: Min Count */
6416 MinCount = GSHORT(pd, offset);
6420 proto_tree_add_text(tree, NullTVB, offset, 2, "Min Count: %u", MinCount);
6424 offset += 2; /* Skip Min Count */
6426 /* Build display for: Reserved */
6428 Reserved = GWORD(pd, offset);
6432 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved: %u", Reserved);
6436 offset += 4; /* Skip Reserved */
6438 /* Build display for: Remaining */
6440 Remaining = GSHORT(pd, offset);
6444 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
6448 offset += 2; /* Skip Remaining */
6450 if (WordCount == 12) {
6452 /* Build display for: Offset High */
6454 OffsetHigh = GWORD(pd, offset);
6458 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset High: %u", OffsetHigh);
6462 offset += 4; /* Skip Offset High */
6465 /* Build display for: Byte Count (BCC) */
6467 ByteCount = GSHORT(pd, offset);
6471 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6475 offset += 2; /* Skip Byte Count (BCC) */
6478 if (AndXCommand != 0xFF) {
6480 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset);
6485 /* Response(s) dissect code */
6487 /* Build display for: Word Count (WCT) */
6489 WordCount = GBYTE(pd, offset);
6493 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6497 offset += 1; /* Skip Word Count (WCT) */
6499 /* Build display for: AndXCommand */
6501 AndXCommand = GBYTE(pd, offset);
6505 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %u", AndXCommand);
6509 offset += 1; /* Skip AndXCommand */
6511 /* Build display for: AndXReserved */
6513 AndXReserved = GBYTE(pd, offset);
6517 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
6521 offset += 1; /* Skip AndXReserved */
6523 /* Build display for: AndXOffset */
6525 AndXOffset = GSHORT(pd, offset);
6529 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
6533 offset += 2; /* Skip AndXOffset */
6535 /* Build display for: Remaining */
6537 Remaining = GSHORT(pd, offset);
6541 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
6545 offset += 2; /* Skip Remaining */
6547 /* Build display for: Data Compaction Mode */
6549 DataCompactionMode = GSHORT(pd, offset);
6553 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Compaction Mode: %u", DataCompactionMode);
6557 offset += 2; /* Skip Data Compaction Mode */
6559 /* Build display for: Reserved */
6561 Reserved = GSHORT(pd, offset);
6565 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
6569 offset += 2; /* Skip Reserved */
6571 /* Build display for: Data Length */
6573 DataLength = GSHORT(pd, offset);
6577 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
6581 offset += 2; /* Skip Data Length */
6583 /* Build display for: Data Offset */
6585 DataOffset = GSHORT(pd, offset);
6589 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
6593 offset += 2; /* Skip Data Offset */
6595 /* Build display for: Reserved[5] */
6597 for(i = 1; i <= 5; ++i) {
6599 Reserved = GSHORT(pd, offset);
6603 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved%u: %u", i, Reserved);
6609 /* Build display for: Byte Count (BCC) */
6611 ByteCount = GSHORT(pd, offset);
6615 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6619 offset += 2; /* Skip Byte Count (BCC) */
6621 /* Build display for data */
6625 offset = SMB_offset + DataOffset;
6626 if(END_OF_FRAME >= DataLength)
6627 proto_tree_add_text(tree, NullTVB, offset, DataLength, "Data (%u bytes)", DataLength);
6629 proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Data (first %u bytes)", END_OF_FRAME);
6633 if (AndXCommand != 0xFF) {
6635 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset);
6644 dissect_logoff_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
6648 guint8 AndXReserved;
6649 guint8 AndXCommand = 0xFF;
6651 guint16 AndXOffset = 0;
6654 /* Request(s) dissect code */
6656 /* Build display for: Word Count (WCT) */
6658 WordCount = GBYTE(pd, offset);
6662 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6666 offset += 1; /* Skip Word Count (WCT) */
6668 /* Build display for: AndXCommand */
6670 AndXCommand = GBYTE(pd, offset);
6674 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %u", AndXCommand);
6678 offset += 1; /* Skip AndXCommand */
6680 /* Build display for: AndXReserved */
6682 AndXReserved = GBYTE(pd, offset);
6686 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
6690 offset += 1; /* Skip AndXReserved */
6692 /* Build display for: AndXOffset */
6694 AndXOffset = GSHORT(pd, offset);
6698 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
6702 offset += 2; /* Skip AndXOffset */
6704 /* Build display for: Byte Count (BCC) */
6706 ByteCount = GSHORT(pd, offset);
6710 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6714 offset += 2; /* Skip Byte Count (BCC) */
6717 if (AndXCommand != 0xFF) {
6719 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset);
6724 /* Response(s) dissect code */
6726 /* Build display for: Word Count (WCT) */
6728 WordCount = GBYTE(pd, offset);
6732 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6736 offset += 1; /* Skip Word Count (WCT) */
6738 /* Build display for: AndXCommand */
6740 AndXCommand = GBYTE(pd, offset);
6744 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %u", AndXCommand);
6748 offset += 1; /* Skip AndXCommand */
6750 /* Build display for: AndXReserved */
6752 AndXReserved = GBYTE(pd, offset);
6756 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
6760 offset += 1; /* Skip AndXReserved */
6762 /* Build display for: AndXOffset */
6764 AndXOffset = GSHORT(pd, offset);
6768 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
6772 offset += 2; /* Skip AndXOffset */
6774 /* Build display for: Byte Count (BCC) */
6776 ByteCount = GSHORT(pd, offset);
6780 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6784 offset += 2; /* Skip Byte Count (BCC) */
6787 if (AndXCommand != 0xFF) {
6789 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset);
6798 dissect_seek_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
6801 static const value_string Mode_0x03[] = {
6802 { 0, "Seek from start of file"},
6803 { 1, "Seek from current position"},
6804 { 2, "Seek from end of file"},
6807 proto_tree *Mode_tree;
6816 /* Request(s) dissect code */
6818 /* Build display for: Word Count (WCT) */
6820 WordCount = GBYTE(pd, offset);
6824 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6828 offset += 1; /* Skip Word Count (WCT) */
6830 /* Build display for: FID */
6832 FID = GSHORT(pd, offset);
6836 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
6840 offset += 2; /* Skip FID */
6842 /* Build display for: Mode */
6844 Mode = GSHORT(pd, offset);
6848 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Mode: 0x%02x", Mode);
6849 Mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
6850 proto_tree_add_text(Mode_tree, NullTVB, offset, 2, "%s",
6851 decode_enumerated_bitfield(Mode, 0x03, 16, Mode_0x03, "%s"));
6855 offset += 2; /* Skip Mode */
6857 /* Build display for: Offset */
6859 Offset = GWORD(pd, offset);
6863 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
6867 offset += 4; /* Skip Offset */
6869 /* Build display for: Byte Count (BCC) */
6871 ByteCount = GSHORT(pd, offset);
6875 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6879 offset += 2; /* Skip Byte Count (BCC) */
6882 /* Response(s) dissect code */
6884 /* Build display for: Word Count (WCT) */
6886 WordCount = GBYTE(pd, offset);
6890 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6894 offset += 1; /* Skip Word Count (WCT) */
6896 /* Build display for: Offset */
6898 Offset = GWORD(pd, offset);
6902 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
6906 offset += 4; /* Skip Offset */
6908 /* Build display for: Byte Count (BCC) */
6910 ByteCount = GSHORT(pd, offset);
6914 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6918 offset += 2; /* Skip Byte Count (BCC) */
6925 dissect_write_and_unlock_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
6929 guint8 BufferFormat;
6938 /* Request(s) dissect code */
6940 /* Build display for: Word Count (WCT) */
6942 WordCount = GBYTE(pd, offset);
6946 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6950 offset += 1; /* Skip Word Count (WCT) */
6952 /* Build display for: FID */
6954 FID = GSHORT(pd, offset);
6958 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
6962 offset += 2; /* Skip FID */
6964 /* Build display for: Count */
6966 Count = GSHORT(pd, offset);
6970 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
6974 offset += 2; /* Skip Count */
6976 /* Build display for: Offset */
6978 Offset = GWORD(pd, offset);
6982 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
6986 offset += 4; /* Skip Offset */
6988 /* Build display for: Remaining */
6990 Remaining = GSHORT(pd, offset);
6994 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
6998 offset += 2; /* Skip Remaining */
7000 /* Build display for: Byte Count (BCC) */
7002 ByteCount = GSHORT(pd, offset);
7006 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7010 offset += 2; /* Skip Byte Count (BCC) */
7012 /* Build display for: Buffer Format */
7014 BufferFormat = GBYTE(pd, offset);
7018 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %s (%u)",
7019 val_to_str(BufferFormat, buffer_format_vals, "Unknown"),
7024 offset += 1; /* Skip Buffer Format */
7026 /* Build display for: Data Length */
7028 DataLength = GSHORT(pd, offset);
7032 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
7036 offset += 2; /* Skip Data Length */
7039 /* Response(s) dissect code */
7041 /* Build display for: Word Count (WCT) */
7043 WordCount = GBYTE(pd, offset);
7047 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7051 offset += 1; /* Skip Word Count (WCT) */
7053 /* Build display for: Count */
7055 Count = GSHORT(pd, offset);
7059 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
7063 offset += 2; /* Skip Count */
7065 /* Build display for: Byte Count (BCC) */
7067 ByteCount = GSHORT(pd, offset);
7071 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7075 offset += 2; /* Skip Byte Count (BCC) */
7082 dissect_set_info2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
7086 guint16 LastWriteTime;
7087 guint16 LastWriteDate;
7088 guint16 LastAccessTime;
7089 guint16 LastAccessDate;
7091 guint16 CreationTime;
7092 guint16 CreationDate;
7096 /* Request(s) dissect code */
7098 /* Build display for: Word Count */
7100 WordCount = GBYTE(pd, offset);
7104 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count: %u", WordCount);
7108 offset += 1; /* Skip Word Count */
7110 /* Build display for: FID */
7112 FID = GSHORT(pd, offset);
7116 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
7120 offset += 2; /* Skip FID */
7122 /* Build display for: Creation Date */
7124 CreationDate = GSHORT(pd, offset);
7128 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Date: %s", dissect_dos_date(CreationDate));
7132 offset += 2; /* Skip Creation Date */
7134 /* Build display for: Creation Time */
7136 CreationTime = GSHORT(pd, offset);
7140 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Time: %s", dissect_dos_time(CreationTime));
7144 offset += 2; /* Skip Creation Time */
7146 /* Build display for: Last Access Date */
7148 LastAccessDate = GSHORT(pd, offset);
7152 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Access Date: %s", dissect_dos_date(LastAccessDate));
7156 offset += 2; /* Skip Last Access Date */
7158 /* Build display for: Last Access Time */
7160 LastAccessTime = GSHORT(pd, offset);
7164 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Access Time: %s", dissect_dos_time(LastAccessTime));
7168 offset += 2; /* Skip Last Access Time */
7170 /* Build display for: Last Write Date */
7172 LastWriteDate = GSHORT(pd, offset);
7176 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_dos_date(LastWriteDate));
7180 offset += 2; /* Skip Last Write Date */
7182 /* Build display for: Last Write Time */
7184 LastWriteTime = GSHORT(pd, offset);
7188 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_dos_time(LastWriteTime));
7192 offset += 2; /* Skip Last Write Time */
7194 /* Build display for: Byte Count (BCC) */
7196 ByteCount = GSHORT(pd, offset);
7200 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7204 offset += 2; /* Skip Byte Count (BCC) */
7207 /* Response(s) dissect code */
7209 /* Build display for: Word Count (WCC) */
7211 WordCount = GBYTE(pd, offset);
7215 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCC): %u", WordCount);
7219 offset += 1; /* Skip Word Count (WCC) */
7221 /* Build display for: Byte Count (BCC) */
7223 ByteCount = GSHORT(pd, offset);
7227 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7231 offset += 2; /* Skip Byte Count (BCC) */
7238 dissect_lock_bytes_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
7248 /* Request(s) dissect code */
7250 /* Build display for: Word Count (WCT) */
7252 WordCount = GBYTE(pd, offset);
7256 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7260 offset += 1; /* Skip Word Count (WCT) */
7262 /* Build display for: FID */
7264 FID = GSHORT(pd, offset);
7268 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
7272 offset += 2; /* Skip FID */
7274 /* Build display for: Count */
7276 Count = GWORD(pd, offset);
7280 proto_tree_add_text(tree, NullTVB, offset, 4, "Count: %u", Count);
7284 offset += 4; /* Skip Count */
7286 /* Build display for: Offset */
7288 Offset = GWORD(pd, offset);
7292 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
7296 offset += 4; /* Skip Offset */
7298 /* Build display for: Byte Count (BCC) */
7300 ByteCount = GSHORT(pd, offset);
7304 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7308 offset += 2; /* Skip Byte Count (BCC) */
7311 /* Response(s) dissect code */
7313 /* Build display for: Word Count (WCT) */
7315 WordCount = GBYTE(pd, offset);
7319 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7323 offset += 1; /* Skip Word Count (WCT) */
7325 /* Build display for: Byte Count (BCC) */
7327 ByteCount = GSHORT(pd, offset);
7331 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7335 offset += 2; /* Skip Byte Count (BCC) */
7342 dissect_get_print_queue_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
7346 guint8 BufferFormat;
7348 guint16 RestartIndex;
7355 /* Request(s) dissect code */
7357 /* Build display for: Word Count */
7359 WordCount = GBYTE(pd, offset);
7363 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count: %u", WordCount);
7367 offset += 1; /* Skip Word Count */
7369 /* Build display for: Max Count */
7371 MaxCount = GSHORT(pd, offset);
7375 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
7379 offset += 2; /* Skip Max Count */
7381 /* Build display for: Start Index */
7383 StartIndex = GSHORT(pd, offset);
7387 proto_tree_add_text(tree, NullTVB, offset, 2, "Start Index: %u", StartIndex);
7391 offset += 2; /* Skip Start Index */
7393 /* Build display for: Byte Count (BCC) */
7395 ByteCount = GSHORT(pd, offset);
7399 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7403 offset += 2; /* Skip Byte Count (BCC) */
7406 /* Response(s) dissect code */
7408 /* Build display for: Word Count (WCT) */
7410 WordCount = GBYTE(pd, offset);
7414 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7418 offset += 1; /* Skip Word Count (WCT) */
7420 if (WordCount != 0) {
7422 /* Build display for: Count */
7424 Count = GSHORT(pd, offset);
7428 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
7432 offset += 2; /* Skip Count */
7434 /* Build display for: Restart Index */
7436 RestartIndex = GSHORT(pd, offset);
7440 proto_tree_add_text(tree, NullTVB, offset, 2, "Restart Index: %u", RestartIndex);
7444 offset += 2; /* Skip Restart Index */
7446 /* Build display for: Byte Count (BCC) */
7450 ByteCount = GSHORT(pd, offset);
7454 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7458 offset += 2; /* Skip Byte Count (BCC) */
7460 /* Build display for: Buffer Format */
7462 BufferFormat = GBYTE(pd, offset);
7466 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %s (%u)",
7467 val_to_str(BufferFormat, buffer_format_vals, "Unknown"),
7472 offset += 1; /* Skip Buffer Format */
7474 /* Build display for: Data Length */
7476 DataLength = GSHORT(pd, offset);
7480 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
7484 offset += 2; /* Skip Data Length */
7491 dissect_locking_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
7494 proto_tree *LockType_tree;
7499 guint8 AndXReserved;
7500 guint8 AndXCommand = 0xFF;
7502 guint16 NumberofLocks;
7503 guint16 NumberOfUnlocks;
7507 guint16 AndXOffset = 0;
7510 /* Request(s) dissect code */
7512 /* Build display for: Word Count (WCT) */
7514 WordCount = GBYTE(pd, offset);
7518 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7522 offset += 1; /* Skip Word Count (WCT) */
7524 /* Build display for: AndXCommand */
7526 AndXCommand = GBYTE(pd, offset);
7530 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
7531 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
7535 offset += 1; /* Skip AndXCommand */
7537 /* Build display for: AndXReserved */
7539 AndXReserved = GBYTE(pd, offset);
7543 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
7547 offset += 1; /* Skip AndXReserved */
7549 /* Build display for: AndXOffset */
7551 AndXOffset = GSHORT(pd, offset);
7555 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
7559 offset += 2; /* Skip AndXOffset */
7561 /* Build display for: FID */
7563 FID = GSHORT(pd, offset);
7567 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
7571 offset += 2; /* Skip FID */
7573 /* Build display for: Lock Type */
7575 LockType = GBYTE(pd, offset);
7579 ti = proto_tree_add_text(tree, NullTVB, offset, 1, "Lock Type: 0x%01x", LockType);
7580 LockType_tree = proto_item_add_subtree(ti, ett_smb_lock_type);
7581 proto_tree_add_text(LockType_tree, NullTVB, offset, 1, "%s",
7582 decode_boolean_bitfield(LockType, 0x01, 16, "Read-only lock", "Not a Read-only lock"));
7583 proto_tree_add_text(LockType_tree, NullTVB, offset, 1, "%s",
7584 decode_boolean_bitfield(LockType, 0x02, 16, "Oplock break notification", "Not an Oplock break notification"));
7585 proto_tree_add_text(LockType_tree, NullTVB, offset, 1, "%s",
7586 decode_boolean_bitfield(LockType, 0x04, 16, "Change lock type", "Not a lock type change"));
7587 proto_tree_add_text(LockType_tree, NullTVB, offset, 1, "%s",
7588 decode_boolean_bitfield(LockType, 0x08, 16, "Cancel outstanding request", "Dont cancel outstanding request"));
7589 proto_tree_add_text(LockType_tree, NullTVB, offset, 1, "%s",
7590 decode_boolean_bitfield(LockType, 0x10, 16, "Large file locking format", "Not a large file locking format"));
7594 offset += 1; /* Skip Lock Type */
7596 /* Build display for: OplockLevel */
7598 OplockLevel = GBYTE(pd, offset);
7602 proto_tree_add_text(tree, NullTVB, offset, 1, "OplockLevel: %u", OplockLevel);
7606 offset += 1; /* Skip OplockLevel */
7608 /* Build display for: Timeout */
7610 Timeout = GWORD(pd, offset);
7614 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
7618 offset += 4; /* Skip Timeout */
7620 /* Build display for: Number Of Unlocks */
7622 NumberOfUnlocks = GSHORT(pd, offset);
7626 proto_tree_add_text(tree, NullTVB, offset, 2, "Number Of Unlocks: %u", NumberOfUnlocks);
7630 offset += 2; /* Skip Number Of Unlocks */
7632 /* Build display for: Number of Locks */
7634 NumberofLocks = GSHORT(pd, offset);
7638 proto_tree_add_text(tree, NullTVB, offset, 2, "Number of Locks: %u", NumberofLocks);
7642 offset += 2; /* Skip Number of Locks */
7644 /* Build display for: Byte Count (BCC) */
7646 ByteCount = GSHORT(pd, offset);
7650 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7654 offset += 2; /* Skip Byte Count (BCC) */
7657 if (AndXCommand != 0xFF) {
7659 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset);
7664 /* Response(s) dissect code */
7666 /* Build display for: Word Count (WCT) */
7668 WordCount = GBYTE(pd, offset);
7672 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7676 offset += 1; /* Skip Word Count (WCT) */
7678 if (WordCount != 0) {
7680 /* Build display for: AndXCommand */
7682 AndXCommand = GBYTE(pd, offset);
7686 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
7687 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
7691 offset += 1; /* Skip AndXCommand */
7693 /* Build display for: AndXReserved */
7695 AndXReserved = GBYTE(pd, offset);
7699 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
7703 offset += 1; /* Skip AndXReserved */
7705 /* Build display for: AndXoffset */
7707 AndXoffset = GSHORT(pd, offset);
7711 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXoffset: %u", AndXoffset);
7715 offset += 2; /* Skip AndXoffset */
7719 /* Build display for: Byte Count */
7721 ByteCount = GSHORT(pd, offset);
7725 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
7729 offset += 2; /* Skip Byte Count */
7732 if (AndXCommand != 0xFF) {
7734 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset);
7743 dissect_unlock_bytes_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
7753 /* Request(s) dissect code */
7755 /* Build display for: Word Count (WCT) */
7757 WordCount = GBYTE(pd, offset);
7761 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7765 offset += 1; /* Skip Word Count (WCT) */
7767 /* Build display for: FID */
7769 FID = GSHORT(pd, offset);
7773 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
7777 offset += 2; /* Skip FID */
7779 /* Build display for: Count */
7781 Count = GWORD(pd, offset);
7785 proto_tree_add_text(tree, NullTVB, offset, 4, "Count: %u", Count);
7789 offset += 4; /* Skip Count */
7791 /* Build display for: Offset */
7793 Offset = GWORD(pd, offset);
7797 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
7801 offset += 4; /* Skip Offset */
7803 /* Build display for: Byte Count (BCC) */
7805 ByteCount = GSHORT(pd, offset);
7809 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7813 offset += 2; /* Skip Byte Count (BCC) */
7816 /* Response(s) dissect code */
7818 /* Build display for: Word Count (WCT) */
7820 WordCount = GBYTE(pd, offset);
7824 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7828 offset += 1; /* Skip Word Count (WCT) */
7830 /* Build display for: Byte Count (BCC) */
7832 ByteCount = GSHORT(pd, offset);
7836 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7840 offset += 2; /* Skip Byte Count (BCC) */
7847 dissect_create_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
7850 proto_tree *Attributes_tree;
7853 guint8 BufferFormat;
7855 guint16 CreationTime;
7858 const char *FileName;
7862 /* Request(s) dissect code */
7864 /* Build display for: Word Count (WCT) */
7866 WordCount = GBYTE(pd, offset);
7870 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7874 offset += 1; /* Skip Word Count (WCT) */
7876 /* Build display for: Attributes */
7878 Attributes = GSHORT(pd, offset);
7882 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Attributes: 0x%02x", Attributes);
7883 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
7884 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7885 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
7886 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7887 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
7888 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7889 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
7890 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7891 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
7892 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7893 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
7894 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7895 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
7899 offset += 2; /* Skip Attributes */
7901 /* Build display for: Creation Time */
7903 CreationTime = GSHORT(pd, offset);
7907 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Time: %s", dissect_dos_time(CreationTime));
7911 offset += 2; /* Skip Creation Time */
7913 /* Build display for: Byte Count (BCC) */
7915 ByteCount = GSHORT(pd, offset);
7919 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7923 offset += 2; /* Skip Byte Count (BCC) */
7925 /* Build display for: Buffer Format */
7927 BufferFormat = GBYTE(pd, offset);
7931 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %s (%u)",
7932 val_to_str(BufferFormat, buffer_format_vals, "Unknown"),
7937 offset += 1; /* Skip Buffer Format */
7939 /* Build display for: File Name */
7941 FileName = get_unicode_or_ascii_string(pd, &offset, SMB_offset, si.unicode, &string_len);
7945 proto_tree_add_text(tree, NullTVB, offset, string_len, "File Name: %s", FileName);
7949 offset += string_len; /* Skip File Name */
7952 /* Response(s) dissect code */
7954 /* Build display for: Word Count (WCT) */
7956 WordCount = GBYTE(pd, offset);
7960 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7964 offset += 1; /* Skip Word Count (WCT) */
7966 if (WordCount != 0) {
7968 /* Build display for: FID */
7970 FID = GSHORT(pd, offset);
7974 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
7978 offset += 2; /* Skip FID */
7982 /* Build display for: Byte Count (BCC) */
7984 ByteCount = GSHORT(pd, offset);
7988 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7992 offset += 2; /* Skip Byte Count (BCC) */
7999 dissect_search_dir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
8003 guint8 BufferFormat2;
8004 guint8 BufferFormat1;
8005 guint8 BufferFormat;
8006 guint16 SearchAttributes;
8007 guint16 ResumeKeyLength;
8012 const char *FileName;
8016 /* Request(s) dissect code */
8018 /* Build display for: Word Count (WCT) */
8020 WordCount = GBYTE(pd, offset);
8024 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8028 offset += 1; /* Skip Word Count (WCT) */
8030 /* Build display for: Max Count */
8032 MaxCount = GSHORT(pd, offset);
8036 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
8040 offset += 2; /* Skip Max Count */
8042 /* Build display for: Search Attributes */
8044 SearchAttributes = GSHORT(pd, offset);
8048 proto_tree_add_text(tree, NullTVB, offset, 2, "Search Attributes: %u", SearchAttributes);
8052 offset += 2; /* Skip Search Attributes */
8054 /* Build display for: Byte Count (BCC) */
8056 ByteCount = GSHORT(pd, offset);
8060 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8064 offset += 2; /* Skip Byte Count (BCC) */
8066 /* Build display for: Buffer Format 1 */
8068 BufferFormat1 = GBYTE(pd, offset);
8072 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format 1: %s (%u)",
8073 val_to_str(BufferFormat1, buffer_format_vals, "Unknown"),
8078 offset += 1; /* Skip Buffer Format 1 */
8080 /* Build display for: File Name */
8082 FileName = get_unicode_or_ascii_string(pd, &offset, SMB_offset, si.unicode, &string_len);
8086 proto_tree_add_text(tree, NullTVB, offset, string_len, "File Name: %s", FileName);
8090 offset += string_len; /* Skip File Name */
8092 /* Build display for: Buffer Format 2 */
8094 BufferFormat2 = GBYTE(pd, offset);
8098 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format 2: %s (%u)",
8099 val_to_str(BufferFormat2, buffer_format_vals, "Unknown"),
8104 offset += 1; /* Skip Buffer Format 2 */
8106 /* Build display for: Resume Key Length */
8108 ResumeKeyLength = GSHORT(pd, offset);
8112 proto_tree_add_text(tree, NullTVB, offset, 2, "Resume Key Length: %u", ResumeKeyLength);
8116 offset += 2; /* Skip Resume Key Length */
8119 /* Response(s) dissect code */
8121 /* Build display for: Word Count (WCT) */
8123 WordCount = GBYTE(pd, offset);
8127 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8131 offset += 1; /* Skip Word Count (WCT) */
8133 if (WordCount != 0) {
8135 /* Build display for: Count */
8137 Count = GSHORT(pd, offset);
8141 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
8145 offset += 2; /* Skip Count */
8149 /* Build display for: Byte Count (BCC) */
8151 ByteCount = GSHORT(pd, offset);
8155 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8159 offset += 2; /* Skip Byte Count (BCC) */
8161 /* Build display for: Buffer Format */
8163 BufferFormat = GBYTE(pd, offset);
8167 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %s (%u)",
8168 val_to_str(BufferFormat, buffer_format_vals, "Unknown"),
8173 offset += 1; /* Skip Buffer Format */
8175 /* Build display for: Data Length */
8177 DataLength = GSHORT(pd, offset);
8181 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
8185 offset += 2; /* Skip Data Length */
8192 dissect_create_temporary_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
8196 guint8 BufferFormat;
8199 guint16 CreationTime;
8200 guint16 CreationDate;
8202 const char *FileName;
8203 const char *DirectoryName;
8207 /* Request(s) dissect code */
8209 /* Build display for: Word Count (WCT) */
8211 WordCount = GBYTE(pd, offset);
8215 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8219 offset += 1; /* Skip Word Count (WCT) */
8221 /* Build display for: Reserved */
8223 Reserved = GSHORT(pd, offset);
8227 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
8231 offset += 2; /* Skip Reserved */
8233 /* Build display for: Creation Time */
8235 CreationTime = GSHORT(pd, offset);
8239 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Time: %s", dissect_dos_time(CreationTime));
8243 offset += 2; /* Skip Creation Time */
8245 /* Build display for: Creation Date */
8247 CreationDate = GSHORT(pd, offset);
8251 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Date: %s", dissect_dos_date(CreationDate));
8255 offset += 2; /* Skip Creation Date */
8257 /* Build display for: Byte Count (BCC) */
8259 ByteCount = GSHORT(pd, offset);
8263 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8267 offset += 2; /* Skip Byte Count (BCC) */
8269 /* Build display for: Buffer Format */
8271 BufferFormat = GBYTE(pd, offset);
8275 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %s (%u)",
8276 val_to_str(BufferFormat, buffer_format_vals, "Unknown"),
8281 offset += 1; /* Skip Buffer Format */
8283 /* Build display for: Directory Name */
8285 DirectoryName = get_unicode_or_ascii_string(pd, &offset, SMB_offset, si.unicode, &string_len);
8289 proto_tree_add_text(tree, NullTVB, offset, string_len, "Directory Name: %s", DirectoryName);
8293 offset += string_len; /* Skip Directory Name */
8296 /* Response(s) dissect code */
8298 /* Build display for: Word Count (WCT) */
8300 WordCount = GBYTE(pd, offset);
8304 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8308 offset += 1; /* Skip Word Count (WCT) */
8310 if (WordCount != 0) {
8312 /* Build display for: FID */
8314 FID = GSHORT(pd, offset);
8318 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
8322 offset += 2; /* Skip FID */
8326 /* Build display for: Byte Count (BCC) */
8328 ByteCount = GSHORT(pd, offset);
8332 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8336 offset += 2; /* Skip Byte Count (BCC) */
8338 /* Build display for: Buffer Format */
8340 BufferFormat = GBYTE(pd, offset);
8344 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %s (%u)",
8345 val_to_str(BufferFormat, buffer_format_vals, "Unknown"),
8350 offset += 1; /* Skip Buffer Format */
8352 /* Build display for: File Name */
8354 FileName = get_unicode_or_ascii_string(pd, &offset, SMB_offset, si.unicode, &string_len);
8358 proto_tree_add_text(tree, NullTVB, offset, string_len, "File Name: %s", FileName);
8362 offset += string_len; /* Skip File Name */
8369 dissect_close_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
8373 guint16 LastWriteTime;
8374 guint16 LastWriteDate;
8379 /* Request(s) dissect code */
8381 /* Build display for: Word Count (WCT) */
8383 WordCount = GBYTE(pd, offset);
8387 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8391 offset += 1; /* Skip Word Count (WCT) */
8393 /* Build display for: FID */
8395 FID = GSHORT(pd, offset);
8399 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
8403 offset += 2; /* Skip FID */
8405 /* Build display for: Last Write Time */
8407 LastWriteTime = GSHORT(pd, offset);
8411 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_dos_time(LastWriteTime));
8415 offset += 2; /* Skip Last Write Time */
8417 /* Build display for: Last Write Date */
8419 LastWriteDate = GSHORT(pd, offset);
8423 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_dos_date(LastWriteDate));
8427 offset += 2; /* Skip Last Write Date */
8429 /* Build display for: Byte Count (BCC) */
8431 ByteCount = GSHORT(pd, offset);
8435 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8439 offset += 2; /* Skip Byte Count (BCC) */
8442 /* Response(s) dissect code */
8444 /* Build display for: Word Count (WCT) */
8446 WordCount = GBYTE(pd, offset);
8450 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8454 offset += 1; /* Skip Word Count (WCT) */
8456 /* Build display for: Byte Count (BCC) */
8458 ByteCount = GSHORT(pd, offset);
8462 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8466 offset += 2; /* Skip Byte Count (BCC) */
8473 dissect_write_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
8477 guint8 BufferFormat;
8483 /* Request(s) dissect code */
8485 /* Build display for: Word Count (WCT) */
8487 WordCount = GBYTE(pd, offset);
8491 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8495 offset += 1; /* Skip Word Count (WCT) */
8497 /* Build display for: FID */
8499 FID = GSHORT(pd, offset);
8503 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
8507 offset += 2; /* Skip FID */
8509 /* Build display for: Byte Count (BCC) */
8511 ByteCount = GSHORT(pd, offset);
8515 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8519 offset += 2; /* Skip Byte Count (BCC) */
8521 /* Build display for: Buffer Format */
8523 BufferFormat = GBYTE(pd, offset);
8527 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %s (%u)",
8528 val_to_str(BufferFormat, buffer_format_vals, "Unknown"),
8533 offset += 1; /* Skip Buffer Format */
8535 /* Build display for: Data Length */
8537 DataLength = GSHORT(pd, offset);
8541 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
8545 offset += 2; /* Skip Data Length */
8548 /* Response(s) dissect code */
8550 /* Build display for: Word Count (WCT) */
8552 WordCount = GBYTE(pd, offset);
8556 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8560 offset += 1; /* Skip Word Count (WCT) */
8562 /* Build display for: Byte Count (BCC) */
8564 ByteCount = GSHORT(pd, offset);
8568 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8572 offset += 2; /* Skip Byte Count (BCC) */
8579 dissect_lock_and_read_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
8583 guint8 BufferFormat;
8596 /* Request(s) dissect code */
8598 /* Build display for: Word Count (WCT) */
8600 WordCount = GBYTE(pd, offset);
8604 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8608 offset += 1; /* Skip Word Count (WCT) */
8610 /* Build display for: FID */
8612 FID = GSHORT(pd, offset);
8616 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
8620 offset += 2; /* Skip FID */
8622 /* Build display for: Count */
8624 Count = GSHORT(pd, offset);
8628 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
8632 offset += 2; /* Skip Count */
8634 /* Build display for: Offset */
8636 Offset = GWORD(pd, offset);
8640 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
8644 offset += 4; /* Skip Offset */
8646 /* Build display for: Remaining */
8648 Remaining = GSHORT(pd, offset);
8652 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
8656 offset += 2; /* Skip Remaining */
8658 /* Build display for: Byte Count (BCC) */
8660 ByteCount = GSHORT(pd, offset);
8664 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8668 offset += 2; /* Skip Byte Count (BCC) */
8671 /* Response(s) dissect code */
8673 /* Build display for: Word Count (WCT) */
8675 WordCount = GBYTE(pd, offset);
8679 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8683 offset += 1; /* Skip Word Count (WCT) */
8685 if (WordCount != 0) {
8687 /* Build display for: Count */
8689 Count = GSHORT(pd, offset);
8693 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
8697 offset += 2; /* Skip Count */
8699 /* Build display for: Reserved 1 */
8701 Reserved1 = GSHORT(pd, offset);
8705 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
8709 offset += 2; /* Skip Reserved 1 */
8711 /* Build display for: Reserved 2 */
8713 Reserved2 = GSHORT(pd, offset);
8717 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 2: %u", Reserved2);
8721 offset += 2; /* Skip Reserved 2 */
8723 /* Build display for: Reserved 3 */
8725 Reserved3 = GSHORT(pd, offset);
8729 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 3: %u", Reserved3);
8733 offset += 2; /* Skip Reserved 3 */
8735 /* Build display for: Reserved 4 */
8737 Reserved4 = GSHORT(pd, offset);
8741 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 4: %u", Reserved4);
8745 offset += 2; /* Skip Reserved 4 */
8749 /* Build display for: Byte Count (BCC) */
8751 ByteCount = GSHORT(pd, offset);
8755 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8759 offset += 2; /* Skip Byte Count (BCC) */
8761 /* Build display for: Buffer Format */
8763 BufferFormat = GBYTE(pd, offset);
8767 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %s (%u)",
8768 val_to_str(BufferFormat, buffer_format_vals, "Unknown"),
8773 offset += 1; /* Skip Buffer Format */
8775 /* Build display for: Data Length */
8777 DataLength = GSHORT(pd, offset);
8781 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
8785 offset += 2; /* Skip Data Length */
8792 dissect_process_exit_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
8799 /* Request(s) dissect code */
8801 /* Build display for: Word Count (WCT) */
8803 WordCount = GBYTE(pd, offset);
8807 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8811 offset += 1; /* Skip Word Count (WCT) */
8813 /* Build display for: Byte Count (BCC) */
8815 ByteCount = GSHORT(pd, offset);
8819 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8823 offset += 2; /* Skip Byte Count (BCC) */
8826 /* Response(s) dissect code */
8828 /* Build display for: Word Count (WCT) */
8830 WordCount = GBYTE(pd, offset);
8834 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8838 offset += 1; /* Skip Word Count (WCT) */
8840 /* Build display for: Byte Count (BCC) */
8842 ByteCount = GSHORT(pd, offset);
8846 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8850 offset += 2; /* Skip Byte Count (BCC) */
8857 dissect_get_file_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
8860 proto_tree *Attributes_tree;
8863 guint8 BufferFormat;
8870 guint16 LastWriteTime;
8871 guint16 LastWriteDate;
8874 const char *FileName;
8878 /* Request(s) dissect code */
8880 /* Build display for: Word Count (WCT) */
8882 WordCount = GBYTE(pd, offset);
8886 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8890 offset += 1; /* Skip Word Count (WCT) */
8892 /* Build display for: Byte Count (BCC) */
8894 ByteCount = GSHORT(pd, offset);
8898 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8902 offset += 2; /* Skip Byte Count (BCC) */
8904 /* Build display for: Buffer Format */
8906 BufferFormat = GBYTE(pd, offset);
8910 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %s (%u)",
8911 val_to_str(BufferFormat, buffer_format_vals, "Unknown"),
8916 offset += 1; /* Skip Buffer Format */
8918 /* Build display for: File Name */
8920 FileName = get_unicode_or_ascii_string(pd, &offset, SMB_offset, si.unicode, &string_len);
8924 proto_tree_add_text(tree, NullTVB, offset, string_len, "File Name: %s", FileName);
8928 offset += string_len; /* Skip File Name */
8931 /* Response(s) dissect code */
8933 /* Build display for: Word Count (WCT) */
8935 WordCount = GBYTE(pd, offset);
8939 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8943 offset += 1; /* Skip Word Count (WCT) */
8945 if (WordCount != 0) {
8947 /* Build display for: Attributes */
8949 Attributes = GSHORT(pd, offset);
8953 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Attributes: 0x%02x", Attributes);
8954 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
8955 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
8956 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
8957 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
8958 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
8959 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
8960 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
8961 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
8962 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
8963 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
8964 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
8965 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
8966 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
8970 offset += 2; /* Skip Attributes */
8972 /* Build display for: Last Write Time */
8974 LastWriteTime = GSHORT(pd, offset);
8980 offset += 2; /* Skip Last Write Time */
8982 /* Build display for: Last Write Date */
8984 LastWriteDate = GSHORT(pd, offset);
8988 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_smbu_date(LastWriteDate, LastWriteTime));
8990 proto_tree_add_text(tree, NullTVB, offset - 2, 2, "Last Write Time: %s", dissect_smbu_time(LastWriteDate, LastWriteTime));
8994 offset += 2; /* Skip Last Write Date */
8996 /* Build display for: File Size */
8998 FileSize = GWORD(pd, offset);
9002 proto_tree_add_text(tree, NullTVB, offset, 4, "File Size: %u", FileSize);
9006 offset += 4; /* Skip File Size */
9008 /* Build display for: Reserved 1 */
9010 Reserved1 = GSHORT(pd, offset);
9014 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
9018 offset += 2; /* Skip Reserved 1 */
9020 /* Build display for: Reserved 2 */
9022 Reserved2 = GSHORT(pd, offset);
9026 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 2: %u", Reserved2);
9030 offset += 2; /* Skip Reserved 2 */
9032 /* Build display for: Reserved 3 */
9034 Reserved3 = GSHORT(pd, offset);
9038 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 3: %u", Reserved3);
9042 offset += 2; /* Skip Reserved 3 */
9044 /* Build display for: Reserved 4 */
9046 Reserved4 = GSHORT(pd, offset);
9050 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 4: %u", Reserved4);
9054 offset += 2; /* Skip Reserved 4 */
9056 /* Build display for: Reserved 5 */
9058 Reserved5 = GSHORT(pd, offset);
9062 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 5: %u", Reserved5);
9066 offset += 2; /* Skip Reserved 5 */
9070 /* Build display for: Byte Count (BCC) */
9072 ByteCount = GSHORT(pd, offset);
9076 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
9080 offset += 2; /* Skip Byte Count (BCC) */
9087 dissect_read_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
9101 guint16 BufferFormat;
9104 /* Request(s) dissect code */
9106 /* Build display for: Word Count (WCT) */
9108 WordCount = GBYTE(pd, offset);
9112 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
9116 offset += 1; /* Skip Word Count (WCT) */
9118 /* Build display for: FID */
9120 FID = GSHORT(pd, offset);
9124 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
9128 offset += 2; /* Skip FID */
9130 /* Build display for: Count */
9132 Count = GSHORT(pd, offset);
9136 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
9140 offset += 2; /* Skip Count */
9142 /* Build display for: Offset */
9144 Offset = GWORD(pd, offset);
9148 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
9152 offset += 4; /* Skip Offset */
9154 /* Build display for: Remaining */
9156 Remaining = GSHORT(pd, offset);
9160 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
9164 offset += 2; /* Skip Remaining */
9166 /* Build display for: Byte Count (BCC) */
9168 ByteCount = GSHORT(pd, offset);
9172 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
9176 offset += 2; /* Skip Byte Count (BCC) */
9179 /* Response(s) dissect code */
9181 /* Build display for: Word Count (WCT) */
9183 WordCount = GBYTE(pd, offset);
9187 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
9191 offset += 1; /* Skip Word Count (WCT) */
9193 if (WordCount != 0) {
9195 /* Build display for: Count */
9197 Count = GSHORT(pd, offset);
9201 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
9205 offset += 2; /* Skip Count */
9207 /* Build display for: Reserved 1 */
9209 Reserved1 = GSHORT(pd, offset);
9213 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
9217 offset += 2; /* Skip Reserved 1 */
9219 /* Build display for: Reserved 2 */
9221 Reserved2 = GSHORT(pd, offset);
9225 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 2: %u", Reserved2);
9229 offset += 2; /* Skip Reserved 2 */
9231 /* Build display for: Reserved 3 */
9233 Reserved3 = GSHORT(pd, offset);
9237 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 3: %u", Reserved3);
9241 offset += 2; /* Skip Reserved 3 */
9243 /* Build display for: Reserved 4 */
9245 Reserved4 = GSHORT(pd, offset);
9249 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 4: %u", Reserved4);
9253 offset += 2; /* Skip Reserved 4 */
9257 /* Build display for: Byte Count (BCC) */
9259 ByteCount = GSHORT(pd, offset);
9263 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
9267 offset += 2; /* Skip Byte Count (BCC) */
9269 /* Build display for: Buffer Format */
9271 BufferFormat = GSHORT(pd, offset);
9275 proto_tree_add_text(tree, NullTVB, offset, 2, "Buffer Format: %s (%u)",
9276 val_to_str(BufferFormat, buffer_format_vals, "Unknown"),
9281 offset += 2; /* Skip Buffer Format */
9283 /* Build display for: Data Length */
9285 DataLength = GSHORT(pd, offset);
9289 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
9293 offset += 2; /* Skip Data Length */
9300 dissect_write_mpx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
9303 proto_tree *WriteMode_tree;
9308 guint32 ResponseMask;
9309 guint32 RequestMask;
9319 /* Request(s) dissect code */
9321 /* Build display for: Word Count (WCT) */
9323 WordCount = GBYTE(pd, offset);
9327 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
9331 offset += 1; /* Skip Word Count (WCT) */
9333 /* Build display for: FID */
9335 FID = GSHORT(pd, offset);
9339 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
9343 offset += 2; /* Skip FID */
9345 /* Build display for: Count */
9347 Count = GSHORT(pd, offset);
9351 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
9355 offset += 2; /* Skip Count */
9357 /* Build display for: Reserved 1 */
9359 Reserved1 = GSHORT(pd, offset);
9363 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
9367 offset += 2; /* Skip Reserved 1 */
9369 /* Build display for: Timeout */
9371 Timeout = GWORD(pd, offset);
9375 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
9379 offset += 4; /* Skip Timeout */
9381 /* Build display for: WriteMode */
9383 WriteMode = GSHORT(pd, offset);
9387 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "WriteMode: 0x%02x", WriteMode);
9388 WriteMode_tree = proto_item_add_subtree(ti, ett_smb_writemode);
9389 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
9390 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
9391 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
9392 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining", "Dont return Remaining"));
9393 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
9394 decode_boolean_bitfield(WriteMode, 0x40, 16, "Connectionless mode requested", "Connectionless mode not requested"));
9398 offset += 2; /* Skip WriteMode */
9400 /* Build display for: Request Mask */
9402 RequestMask = GWORD(pd, offset);
9406 proto_tree_add_text(tree, NullTVB, offset, 4, "Request Mask: %u", RequestMask);
9410 offset += 4; /* Skip Request Mask */
9412 /* Build display for: Data Length */
9414 DataLength = GSHORT(pd, offset);
9418 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
9422 offset += 2; /* Skip Data Length */
9424 /* Build display for: Data Offset */
9426 DataOffset = GSHORT(pd, offset);
9430 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
9434 offset += 2; /* Skip Data Offset */
9436 /* Build display for: Byte Count (BCC) */
9438 ByteCount = GSHORT(pd, offset);
9442 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
9446 offset += 2; /* Skip Byte Count (BCC) */
9448 /* Build display for: Pad */
9450 Pad = GBYTE(pd, offset);
9454 proto_tree_add_text(tree, NullTVB, offset, 1, "Pad: %u", Pad);
9458 offset += 1; /* Skip Pad */
9461 /* Response(s) dissect code */
9463 /* Build display for: Word Count (WCT) */
9465 WordCount = GBYTE(pd, offset);
9469 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
9473 offset += 1; /* Skip Word Count (WCT) */
9475 if (WordCount != 0) {
9477 /* Build display for: Response Mask */
9479 ResponseMask = GWORD(pd, offset);
9483 proto_tree_add_text(tree, NullTVB, offset, 4, "Response Mask: %u", ResponseMask);
9487 offset += 4; /* Skip Response Mask */
9491 /* Build display for: Byte Count (BCC) */
9493 ByteCount = GSHORT(pd, offset);
9497 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
9501 offset += 2; /* Skip Byte Count (BCC) */
9508 dissect_find_close2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
9516 /* Request(s) dissect code */
9518 /* Build display for: Word Count (WTC) */
9520 WordCount = GBYTE(pd, offset);
9524 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WTC): %u", WordCount);
9528 offset += 1; /* Skip Word Count (WTC) */
9530 /* Build display for: FID */
9532 FID = GSHORT(pd, offset);
9536 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
9540 offset += 2; /* Skip FID */
9542 /* Build display for: Byte Count (BCC) */
9544 ByteCount = GSHORT(pd, offset);
9548 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
9552 offset += 2; /* Skip Byte Count (BCC) */
9555 /* Response(s) dissect code */
9557 /* Build display for: Word Count (WCT) */
9559 WordCount = GBYTE(pd, offset);
9563 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
9567 offset += 1; /* Skip Word Count (WCT) */
9569 /* Build display for: Byte Count (BCC) */
9571 ByteCount = GBYTE(pd, offset);
9575 proto_tree_add_text(tree, NullTVB, offset, 1, "Byte Count (BCC): %u", ByteCount);
9579 offset += 1; /* Skip Byte Count (BCC) */
9585 static const value_string trans2_cmd_vals[] = {
9586 { 0x00, "TRANS2_OPEN" },
9587 { 0x01, "TRANS2_FIND_FIRST2" },
9588 { 0x02, "TRANS2_FIND_NEXT2" },
9589 { 0x03, "TRANS2_QUERY_FS_INFORMATION" },
9590 { 0x05, "TRANS2_QUERY_PATH_INFORMATION" },
9591 { 0x06, "TRANS2_SET_PATH_INFORMATION" },
9592 { 0x07, "TRANS2_QUERY_FILE_INFORMATION" },
9593 { 0x08, "TRANS2_SET_FILE_INFORMATION" },
9594 { 0x09, "TRANS2_FSCTL" },
9595 { 0x0A, "TRANS2_IOCTL2" },
9596 { 0x0B, "TRANS2_FIND_NOTIFY_FIRST" },
9597 { 0x0C, "TRANS2_FIND_NOTIFY_NEXT" },
9598 { 0x0D, "TRANS2_CREATE_DIRECTORY" },
9599 { 0x0E, "TRANS2_SESSION_SETUP" },
9600 { 0x10, "TRANS2_GET_DFS_REFERRAL" },
9601 { 0x11, "TRANS2_REPORT_DFS_INCONSISTENCY" },
9606 dissect_transact2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset)
9609 proto_tree *Flags_tree;
9615 guint8 MaxSetupCount;
9618 guint16 TotalParameterCount;
9619 guint16 TotalDataCount;
9622 guint16 ParameterOffset;
9623 guint16 ParameterDisplacement;
9624 guint16 ParameterCount;
9625 guint16 MaxParameterCount;
9626 guint16 MaxDataCount;
9629 guint16 DataDisplacement;
9632 conversation_t *conversation;
9633 struct smb_request_val *request_val;
9634 struct smb_continuation_val *continuation_val;
9637 * Find out what conversation this packet is part of.
9638 * XXX - this should really be done by the transport-layer protocol,
9639 * although for connectionless transports, we may not want to do that
9640 * unless we know some higher-level protocol will want it - or we
9641 * may want to do it, so you can say e.g. "show only the packets in
9642 * this UDP 'connection'".
9644 * Note that we don't have to worry about the direction this packet
9645 * was going - the conversation code handles that for us, treating
9646 * packets from A:X to B:Y as being part of the same conversation as
9647 * packets from B:Y to A:X.
9649 conversation = find_conversation(&pi.src, &pi.dst, pi.ptype,
9650 pi.srcport, pi.destport, 0);
9651 if (conversation == NULL) {
9652 /* It's not part of any conversation - create a new one. */
9653 conversation = conversation_new(&pi.src, &pi.dst, pi.ptype,
9654 pi.srcport, pi.destport, 0);
9657 si.conversation = conversation; /* Save this for later */
9659 request_val = do_transaction_hashing(conversation, si, fd);
9661 si.request_val = request_val; /* Save this for later */
9664 /* Request(s) dissect code */
9666 /* Build display for: Word Count (WCT) */
9668 WordCount = GBYTE(pd, offset);
9672 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
9676 offset += 1; /* Skip Word Count (WCT) */
9678 /* Build display for: Total Parameter Count */
9680 TotalParameterCount = GSHORT(pd, offset);
9684 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
9688 offset += 2; /* Skip Total Parameter Count */
9690 /* Build display for: Total Data Count */
9692 TotalDataCount = GSHORT(pd, offset);
9696 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Data Count: %u", TotalDataCount);
9700 offset += 2; /* Skip Total Data Count */
9702 /* Build display for: Max Parameter Count */
9704 MaxParameterCount = GSHORT(pd, offset);
9708 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Parameter Count: %u", MaxParameterCount);
9712 offset += 2; /* Skip Max Parameter Count */
9714 /* Build display for: Max Data Count */
9716 MaxDataCount = GSHORT(pd, offset);
9720 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Data Count: %u", MaxDataCount);
9724 offset += 2; /* Skip Max Data Count */
9726 /* Build display for: Max Setup Count */
9728 MaxSetupCount = GBYTE(pd, offset);
9732 proto_tree_add_text(tree, NullTVB, offset, 1, "Max Setup Count: %u", MaxSetupCount);
9736 offset += 1; /* Skip Max Setup Count */
9738 /* Build display for: Reserved1 */
9740 Reserved1 = GBYTE(pd, offset);
9744 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved1: %u", Reserved1);
9748 offset += 1; /* Skip Reserved1 */
9750 /* Build display for: Flags */
9752 Flags = GSHORT(pd, offset);
9756 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Flags: 0x%02x", Flags);
9757 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
9758 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
9759 decode_boolean_bitfield(Flags, 0x01, 16, "Also disconnect TID", "Dont disconnect TID"));
9760 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
9761 decode_boolean_bitfield(Flags, 0x02, 16, "One way transaction", "Two way transaction"));
9765 offset += 2; /* Skip Flags */
9767 /* Build display for: Timeout */
9769 Timeout = GWORD(pd, offset);
9773 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
9777 offset += 4; /* Skip Timeout */
9779 /* Build display for: Reserved2 */
9781 Reserved2 = GSHORT(pd, offset);
9785 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved2: %u", Reserved2);
9789 offset += 2; /* Skip Reserved2 */
9791 /* Build display for: Parameter Count */
9793 if (!BYTES_ARE_IN_FRAME(offset, 2))
9796 ParameterCount = GSHORT(pd, offset);
9800 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Count: %u", ParameterCount);
9804 offset += 2; /* Skip Parameter Count */
9806 /* Build display for: Parameter Offset */
9808 if (!BYTES_ARE_IN_FRAME(offset, 2))
9811 ParameterOffset = GSHORT(pd, offset);
9815 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Offset: %u", ParameterOffset);
9819 offset += 2; /* Skip Parameter Offset */
9821 /* Build display for: Data Count */
9823 if (!BYTES_ARE_IN_FRAME(offset, 2))
9826 DataCount = GSHORT(pd, offset);
9830 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Count: %u", DataCount);
9834 offset += 2; /* Skip Data Count */
9836 /* Build display for: Data Offset */
9838 if (!BYTES_ARE_IN_FRAME(offset, 2))
9841 DataOffset = GSHORT(pd, offset);
9845 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
9849 offset += 2; /* Skip Data Offset */
9851 /* Build display for: Setup Count */
9853 if (!BYTES_ARE_IN_FRAME(offset, 2))
9856 SetupCount = GBYTE(pd, offset);
9860 proto_tree_add_text(tree, NullTVB, offset, 1, "Setup Count: %u", SetupCount);
9864 offset += 1; /* Skip Setup Count */
9866 /* Build display for: Reserved3 */
9868 Reserved3 = GBYTE(pd, offset);
9872 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved3: %u", Reserved3);
9876 offset += 1; /* Skip Reserved3 */
9878 /* Build display for: Setup */
9880 if (SetupCount != 0) {
9884 if (!BYTES_ARE_IN_FRAME(offset, 2))
9888 * First Setup word is transaction code.
9890 Setup = GSHORT(pd, offset);
9892 if (!fd->flags.visited) {
9894 * This is the first time this frame has been seen; remember
9895 * the transaction code.
9897 g_assert(request_val -> last_transact2_command == -1);
9898 request_val -> last_transact2_command = Setup; /* Save for later */
9901 if (check_col(fd, COL_INFO)) {
9903 col_add_fstr(fd, COL_INFO, "%s Request",
9904 val_to_str(Setup, trans2_cmd_vals, "Unknown (0x%02X)"));
9910 proto_tree_add_text(tree, NullTVB, offset, 2, "Setup1: %s",
9911 val_to_str(Setup, trans2_cmd_vals, "Unknown (0x%02X)"));
9915 offset += 2; /* Skip Setup word */
9917 for (i = 2; i <= SetupCount; i++) {
9919 if (!BYTES_ARE_IN_FRAME(offset, 2))
9922 Setup = GSHORT(pd, offset);
9926 proto_tree_add_text(tree, NullTVB, offset, 2, "Setup%i: %u", i, Setup);
9930 offset += 2; /* Skip Setup word */
9936 /* Build display for: Byte Count (BCC) */
9938 if (!BYTES_ARE_IN_FRAME(offset, 2))
9941 ByteCount = GSHORT(pd, offset);
9945 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
9949 offset += 2; /* Skip Byte Count (BCC) */
9951 if (offset < (SMB_offset + ParameterOffset)) {
9953 int pad1Count = SMB_offset + ParameterOffset - offset;
9955 /* Build display for: Pad1 */
9959 proto_tree_add_text(tree, NullTVB, offset, pad1Count, "Pad1: %s",
9960 bytes_to_str(pd + offset, pad1Count));
9963 offset += pad1Count; /* Skip Pad1 */
9967 if (ParameterCount > 0) {
9969 /* Build display for: Parameters */
9973 proto_tree_add_text(tree, NullTVB, SMB_offset + ParameterOffset,
9974 ParameterCount, "Parameters: %s",
9975 bytes_to_str(pd + SMB_offset + ParameterOffset,
9980 offset += ParameterCount; /* Skip Parameters */
9984 if (DataCount > 0 && offset < (SMB_offset + DataOffset)) {
9986 int pad2Count = SMB_offset + DataOffset - offset;
9988 /* Build display for: Pad2 */
9992 proto_tree_add_text(tree, NullTVB, offset, pad2Count, "Pad2: %s",
9993 bytes_to_str(pd + offset, pad2Count));
9997 offset += pad2Count; /* Skip Pad2 */
10001 if (DataCount > 0) {
10003 /* Build display for: Data */
10005 Data = GBYTE(pd, offset);
10009 proto_tree_add_text(tree, NullTVB, SMB_offset + DataOffset,
10010 DataCount, "Data: %s",
10011 bytes_to_str(pd + offset, DataCount));
10015 offset += DataCount; /* Skip Data */
10019 /* Response(s) dissect code */
10021 /* Pick up the last transact2 command and put it in the right places */
10023 if (check_col(fd, COL_INFO)) {
10025 if (request_val == NULL)
10026 col_set_str(fd, COL_INFO, "Response to unknown SMBtrans2");
10027 else if (request_val -> last_transact2_command == -1)
10028 col_set_str(fd, COL_INFO, "Response to SMBtrans2 of unknown type");
10030 col_add_fstr(fd, COL_INFO, "%s Response",
10031 val_to_str(request_val -> last_transact2_command,
10032 trans2_cmd_vals, "Unknown (0x%02X)"));
10036 /* Build display for: Word Count (WCT) */
10038 WordCount = GBYTE(pd, offset);
10042 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
10046 offset += 1; /* Skip Word Count (WCT) */
10048 if (WordCount == 0) {
10050 /* Interim response. */
10052 if (check_col(fd, COL_INFO)) {
10054 if (request_val == NULL)
10055 col_set_str(fd, COL_INFO, "Interim response to unknown SMBtrans2");
10056 else if (request_val -> last_transact2_command == -1)
10057 col_set_str(fd, COL_INFO, "Interim response to SMBtrans2 of unknown type");
10059 col_add_fstr(fd, COL_INFO, "%s interim response",
10060 val_to_str(request_val -> last_transact2_command,
10061 trans2_cmd_vals, "Unknown (0x%02X)"));
10065 /* Build display for: Byte Count (BCC) */
10067 ByteCount = GSHORT(pd, offset);
10071 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
10075 offset += 2; /* Skip Byte Count (BCC) */
10081 /* Build display for: Total Parameter Count */
10083 TotalParameterCount = GSHORT(pd, offset);
10087 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
10091 offset += 2; /* Skip Total Parameter Count */
10093 /* Build display for: Total Data Count */
10095 TotalDataCount = GSHORT(pd, offset);
10099 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Data Count: %u", TotalDataCount);
10103 offset += 2; /* Skip Total Data Count */
10105 /* Build display for: Reserved2 */
10107 Reserved2 = GSHORT(pd, offset);
10111 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved2: %u", Reserved2);
10115 offset += 2; /* Skip Reserved2 */
10117 /* Build display for: Parameter Count */
10119 ParameterCount = GSHORT(pd, offset);
10123 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Count: %u", ParameterCount);
10127 offset += 2; /* Skip Parameter Count */
10129 /* Build display for: Parameter Offset */
10131 ParameterOffset = GSHORT(pd, offset);
10135 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Offset: %u", ParameterOffset);
10139 offset += 2; /* Skip Parameter Offset */
10141 /* Build display for: Parameter Displacement */
10143 ParameterDisplacement = GSHORT(pd, offset);
10147 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Displacement: %u", ParameterDisplacement);
10151 offset += 2; /* Skip Parameter Displacement */
10153 /* Build display for: Data Count */
10155 DataCount = GSHORT(pd, offset);
10159 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Count: %u", DataCount);
10163 offset += 2; /* Skip Data Count */
10165 /* Build display for: Data Offset */
10167 DataOffset = GSHORT(pd, offset);
10171 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
10175 offset += 2; /* Skip Data Offset */
10177 /* Build display for: Data Displacement */
10179 if (!BYTES_ARE_IN_FRAME(offset, 2))
10182 DataDisplacement = GSHORT(pd, offset);
10183 si.ddisp = DataDisplacement;
10187 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Displacement: %u", DataDisplacement);
10191 offset += 2; /* Skip Data Displacement */
10193 /* Build display for: Setup Count */
10195 SetupCount = GBYTE(pd, offset);
10199 proto_tree_add_text(tree, NullTVB, offset, 1, "Setup Count: %u", SetupCount);
10203 offset += 1; /* Skip Setup Count */
10205 /* Build display for: Reserved3 */
10207 Reserved3 = GBYTE(pd, offset);
10211 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved3: %u", Reserved3);
10215 offset += 1; /* Skip Reserved3 */
10217 if (SetupCount != 0) {
10221 for (i = 1; i <= SetupCount; i++) {
10223 Setup = GSHORT(pd, offset);
10227 proto_tree_add_text(tree, NullTVB, offset, 2, "Setup%i: %u", i, Setup);
10231 offset += 2; /* Skip Setup */
10236 /* Build display for: Byte Count (BCC) */
10238 ByteCount = GSHORT(pd, offset);
10242 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
10246 offset += 2; /* Skip Byte Count (BCC) */
10248 if (offset < (SMB_offset + ParameterOffset)) {
10250 int pad1Count = SMB_offset + ParameterOffset - offset;
10252 /* Build display for: Pad1 */
10256 proto_tree_add_text(tree, NullTVB, offset, pad1Count, "Pad1: %s",
10257 bytes_to_str(pd + offset, pad1Count));
10260 offset += pad1Count; /* Skip Pad1 */
10264 /* Build display for: Parameters */
10266 if (ParameterCount > 0) {
10270 proto_tree_add_text(tree, NullTVB, offset, ParameterCount,
10272 bytes_to_str(pd + offset, ParameterCount));
10276 offset += ParameterCount; /* Skip Parameters */
10280 if (DataCount > 0 && offset < (SMB_offset + DataOffset)) {
10282 int pad2Count = SMB_offset + DataOffset - offset;
10284 /* Build display for: Pad2 */
10288 proto_tree_add_text(tree, NullTVB, offset, pad2Count, "Pad2: %s",
10289 bytes_to_str(pd + offset, pad2Count));
10293 offset += pad2Count; /* Skip Pad2 */
10297 /* Build display for: Data */
10299 if (DataCount > 0) {
10303 proto_tree_add_text(tree, NullTVB, offset, DataCount,
10305 bytes_to_str(pd + offset, DataCount));
10309 offset += DataCount; /* Skip Data */
10319 dissect_transact_params(const u_char *pd, int offset, frame_data *fd,
10320 proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data,
10321 int SMB_offset, int DataOffset, int DataCount,
10322 int ParameterOffset, int ParameterCount, int SetupAreaOffset,
10323 int SetupCount, const char *TransactName)
10325 char *TransactNameCopy;
10326 char *trans_type = NULL, *trans_cmd, *loc_of_slash = NULL;
10329 packet_info *pinfo;
10330 tvbuff_t *next_tvb;
10331 tvbuff_t *setup_tvb;
10333 if (TransactName != NULL) {
10334 /* Should check for error here ... */
10336 TransactNameCopy = g_strdup(TransactName);
10338 if (TransactNameCopy[0] == '\\') {
10339 trans_type = TransactNameCopy + 1; /* Skip the slash */
10340 loc_of_slash = trans_type ? strchr(trans_type, '\\') : NULL;
10343 if (loc_of_slash) {
10344 index = loc_of_slash - trans_type; /* Make it a real index */
10345 trans_cmd = trans_type + index + 1;
10346 trans_type[index] = '\0';
10356 * Number of bytes of parameter.
10358 si.parameter_count = ParameterCount;
10360 if (DataOffset < 0) {
10362 * This is an interim response, so there're no parameters or data
10365 si.is_interim_response = TRUE;
10368 * Create a zero-length tvbuff.
10370 next_tvb = tvb_create_from_top(pi.captured_len);
10373 * This isn't an interim response.
10375 si.is_interim_response = FALSE;
10378 * Create a tvbuff for the parameters and data.
10380 next_tvb = tvb_create_from_top(SMB_offset + ParameterOffset);
10384 * Offset of beginning of data from beginning of next_tvb.
10386 si.data_offset = DataOffset - ParameterOffset;
10389 * Number of bytes of data.
10391 si.data_count = DataCount;
10396 si.trans_cmd = trans_cmd;
10399 * Pass "si" to the subdissector.
10401 pinfo->private = &si;
10404 * Tvbuff for setup area, for mailslot call.
10407 * Is there a setup area?
10409 if (SetupAreaOffset < 0) {
10411 * No - create a zero-length tvbuff.
10413 setup_tvb = tvb_create_from_top(pi.captured_len);
10416 * Create a tvbuff for the setup area.
10418 setup_tvb = tvb_create_from_top(SetupAreaOffset);
10421 if ((trans_cmd == NULL) ||
10422 (((trans_type == NULL || strcmp(trans_type, "MAILSLOT") != 0) ||
10423 !dissect_mailslot_smb(setup_tvb, next_tvb, pinfo, parent)) &&
10424 ((trans_type == NULL || strcmp(trans_type, "PIPE") != 0) ||
10425 !dissect_pipe_smb(next_tvb, pinfo, parent)))) {
10427 if (ParameterCount > 0) {
10429 /* Build display for: Parameters */
10433 proto_tree_add_text(tree, NullTVB, SMB_offset + ParameterOffset,
10434 ParameterCount, "Parameters: %s",
10435 bytes_to_str(pd + SMB_offset + ParameterOffset,
10440 offset = SMB_offset + ParameterOffset + ParameterCount; /* Skip Parameters */
10444 if (DataCount > 0 && offset < (SMB_offset + DataOffset)) {
10446 int pad2Count = SMB_offset + DataOffset - offset;
10448 /* Build display for: Pad2 */
10452 proto_tree_add_text(tree, NullTVB, offset, pad2Count, "Pad2: %s",
10453 bytes_to_str(pd + offset, pad2Count));
10457 offset += pad2Count; /* Skip Pad2 */
10461 if (DataCount > 0) {
10463 /* Build display for: Data */
10465 Data = pd + SMB_offset + DataOffset;
10469 proto_tree_add_text(tree, NullTVB, SMB_offset + DataOffset, DataCount,
10471 bytes_to_str(pd + SMB_offset + DataOffset, DataCount));
10475 offset += DataCount; /* Skip Data */
10483 dissect_transact_smb(const u_char *pd, int offset, frame_data *fd,
10484 proto_tree *parent, proto_tree *tree,
10485 struct smb_info si, int max_data, int SMB_offset)
10487 proto_tree *Flags_tree;
10493 guint8 MaxSetupCount;
10495 guint16 TotalParameterCount;
10496 guint16 TotalDataCount;
10499 guint16 ParameterOffset;
10500 guint16 ParameterDisplacement;
10501 guint16 ParameterCount;
10502 guint16 MaxParameterCount;
10503 guint16 MaxDataCount;
10505 guint16 DataOffset;
10506 guint16 DataDisplacement;
10510 const char *TransactName;
10511 conversation_t *conversation;
10512 struct smb_request_val *request_val;
10513 guint16 SetupAreaOffset;
10516 * Find out what conversation this packet is part of
10519 conversation = find_conversation(&pi.src, &pi.dst, pi.ptype,
10520 pi.srcport, pi.destport, 0);
10522 if (conversation == NULL) { /* Create a new conversation */
10524 conversation = conversation_new(&pi.src, &pi.dst, pi.ptype,
10525 pi.srcport, pi.destport, 0);
10529 si.conversation = conversation; /* Save this */
10531 request_val = do_transaction_hashing(conversation, si, fd);
10533 si.request_val = request_val; /* Save this for later */
10536 /* Request(s) dissect code */
10538 /* Build display for: Word Count (WCT) */
10540 WordCount = GBYTE(pd, offset);
10544 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
10548 offset += 1; /* Skip Word Count (WCT) */
10550 /* Build display for: Total Parameter Count */
10552 TotalParameterCount = GSHORT(pd, offset);
10556 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
10560 offset += 2; /* Skip Total Parameter Count */
10562 /* Build display for: Total Data Count */
10564 if (!BYTES_ARE_IN_FRAME(offset, 2))
10567 TotalDataCount = GSHORT(pd, offset);
10571 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Data Count: %u", TotalDataCount);
10575 offset += 2; /* Skip Total Data Count */
10577 /* Build display for: Max Parameter Count */
10579 MaxParameterCount = GSHORT(pd, offset);
10583 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Parameter Count: %u", MaxParameterCount);
10587 offset += 2; /* Skip Max Parameter Count */
10589 /* Build display for: Max Data Count */
10591 MaxDataCount = GSHORT(pd, offset);
10595 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Data Count: %u", MaxDataCount);
10599 offset += 2; /* Skip Max Data Count */
10601 /* Build display for: Max Setup Count */
10603 MaxSetupCount = GBYTE(pd, offset);
10607 proto_tree_add_text(tree, NullTVB, offset, 1, "Max Setup Count: %u", MaxSetupCount);
10611 offset += 1; /* Skip Max Setup Count */
10613 /* Build display for: Reserved1 */
10615 Reserved1 = GBYTE(pd, offset);
10619 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved1: %u", Reserved1);
10623 offset += 1; /* Skip Reserved1 */
10625 /* Build display for: Flags */
10627 Flags = GSHORT(pd, offset);
10631 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Flags: 0x%02x", Flags);
10632 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
10633 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
10634 decode_boolean_bitfield(Flags, 0x01, 16, "Also disconnect TID", "Dont disconnect TID"));
10635 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
10636 decode_boolean_bitfield(Flags, 0x02, 16, "One way transaction", "Two way transaction"));
10640 offset += 2; /* Skip Flags */
10642 /* Build display for: Timeout */
10644 Timeout = GWORD(pd, offset);
10648 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
10652 offset += 4; /* Skip Timeout */
10654 /* Build display for: Reserved2 */
10656 Reserved2 = GSHORT(pd, offset);
10660 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved2: %u", Reserved2);
10664 offset += 2; /* Skip Reserved2 */
10666 /* Build display for: Parameter Count */
10668 if (!BYTES_ARE_IN_FRAME(offset, 2))
10671 ParameterCount = GSHORT(pd, offset);
10675 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Count: %u", ParameterCount);
10679 offset += 2; /* Skip Parameter Count */
10681 /* Build display for: Parameter Offset */
10683 if (!BYTES_ARE_IN_FRAME(offset, 2))
10686 ParameterOffset = GSHORT(pd, offset);
10690 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Offset: %u", ParameterOffset);
10694 offset += 2; /* Skip Parameter Offset */
10696 /* Build display for: Data Count */
10698 if (!BYTES_ARE_IN_FRAME(offset, 2))
10701 DataCount = GSHORT(pd, offset);
10705 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Count: %u", DataCount);
10709 offset += 2; /* Skip Data Count */
10711 /* Build display for: Data Offset */
10713 if (!BYTES_ARE_IN_FRAME(offset, 2))
10716 DataOffset = GSHORT(pd, offset);
10720 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
10724 offset += 2; /* Skip Data Offset */
10726 /* Build display for: Setup Count */
10728 if (!BYTES_ARE_IN_FRAME(offset, 2))
10731 SetupCount = GBYTE(pd, offset);
10735 proto_tree_add_text(tree, NullTVB, offset, 1, "Setup Count: %u", SetupCount);
10739 offset += 1; /* Skip Setup Count */
10741 /* Build display for: Reserved3 */
10743 Reserved3 = GBYTE(pd, offset);
10747 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved3: %u", Reserved3);
10750 offset += 1; /* Skip Reserved3 */
10752 SetupAreaOffset = offset;
10754 /* Build display for: Setup */
10756 if (SetupCount > 0) {
10758 int i = SetupCount;
10760 if (!BYTES_ARE_IN_FRAME(offset, 2))
10763 Setup = GSHORT(pd, offset);
10765 for (i = 1; i <= SetupCount; i++) {
10767 if (!BYTES_ARE_IN_FRAME(offset, 2))
10770 Setup = GSHORT(pd, offset);
10774 proto_tree_add_text(tree, NullTVB, offset, 2, "Setup%i: %u", i, Setup);
10778 offset += 2; /* Skip Setup */
10784 /* Build display for: Byte Count (BCC) */
10786 if (!BYTES_ARE_IN_FRAME(offset, 2))
10789 ByteCount = GSHORT(pd, offset);
10793 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
10797 offset += 2; /* Skip Byte Count (BCC) */
10799 /* Build display for: Transact Name */
10801 TransactName = get_unicode_or_ascii_string(pd, &offset, SMB_offset, si.unicode, &TNlen);
10803 if (!fd->flags.visited) {
10805 * This is the first time this frame has been seen; remember
10806 * the transaction name.
10808 g_assert(request_val -> last_transact_command == NULL);
10809 request_val -> last_transact_command = g_strdup(TransactName);
10812 if (check_col(fd, COL_INFO)) {
10814 col_add_fstr(fd, COL_INFO, "%s Request", TransactName);
10820 proto_tree_add_text(tree, NullTVB, offset, TNlen, "Transact Name: %s", TransactName);
10824 offset += TNlen; /* Skip Transact Name */
10825 if (si.unicode) offset += 2; /* There are two more extraneous bytes there*/
10827 if (offset < (SMB_offset + ParameterOffset)) {
10829 int pad1Count = SMB_offset + ParameterOffset - offset;
10831 /* Build display for: Pad1 */
10835 proto_tree_add_text(tree, NullTVB, offset, pad1Count, "Pad1: %s",
10836 bytes_to_str(pd + offset, pad1Count));
10839 offset += pad1Count; /* Skip Pad1 */
10843 /* Let's see if we can decode this */
10845 dissect_transact_params(pd, offset, fd, parent, tree, si, max_data,
10846 SMB_offset, DataOffset, DataCount,
10847 ParameterOffset, ParameterCount,
10848 SetupAreaOffset, SetupCount, TransactName);
10851 /* Response(s) dissect code */
10853 if (check_col(fd, COL_INFO)) {
10854 if ( request_val == NULL )
10855 col_set_str(fd, COL_INFO, "Response to unknown SMBtrans");
10856 else if (request_val -> last_transact_command == NULL)
10857 col_set_str(fd, COL_INFO, "Response to SMBtrans of unknown type");
10859 col_add_fstr(fd, COL_INFO, "%s Response",
10860 request_val -> last_transact_command);
10864 /* Build display for: Word Count (WCT) */
10866 WordCount = GBYTE(pd, offset);
10870 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
10874 offset += 1; /* Skip Word Count (WCT) */
10876 if (WordCount == 0) {
10878 /* Interim response. */
10880 if (check_col(fd, COL_INFO)) {
10881 if ( request_val == NULL )
10882 col_set_str(fd, COL_INFO, "Interim response to unknown SMBtrans");
10883 else if (request_val -> last_transact_command == NULL)
10884 col_set_str(fd, COL_INFO, "Interim response to SMBtrans of unknown type");
10886 col_add_fstr(fd, COL_INFO, "%s interim response",
10887 request_val -> last_transact_command);
10891 /* Build display for: Byte Count (BCC) */
10893 ByteCount = GSHORT(pd, offset);
10897 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
10901 offset += 2; /* Skip Byte Count (BCC) */
10903 /* Dissect the interim response by showing the type of request to
10904 which it's a reply, if we have that information. */
10905 if (request_val != NULL) {
10906 dissect_transact_params(pd, offset, fd, parent, tree, si, max_data,
10907 SMB_offset, -1, -1, -1, -1, -1, -1,
10908 request_val -> last_transact_command);
10915 /* Build display for: Total Parameter Count */
10917 TotalParameterCount = GSHORT(pd, offset);
10921 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
10925 offset += 2; /* Skip Total Parameter Count */
10927 /* Build display for: Total Data Count */
10929 TotalDataCount = GSHORT(pd, offset);
10933 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Data Count: %u", TotalDataCount);
10937 offset += 2; /* Skip Total Data Count */
10939 /* Build display for: Reserved2 */
10941 Reserved2 = GSHORT(pd, offset);
10945 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved2: %u", Reserved2);
10949 offset += 2; /* Skip Reserved2 */
10951 /* Build display for: Parameter Count */
10953 ParameterCount = GSHORT(pd, offset);
10957 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Count: %u", ParameterCount);
10961 offset += 2; /* Skip Parameter Count */
10963 /* Build display for: Parameter Offset */
10965 ParameterOffset = GSHORT(pd, offset);
10969 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Offset: %u", ParameterOffset);
10973 offset += 2; /* Skip Parameter Offset */
10975 /* Build display for: Parameter Displacement */
10977 ParameterDisplacement = GSHORT(pd, offset);
10981 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Displacement: %u", ParameterDisplacement);
10985 offset += 2; /* Skip Parameter Displacement */
10987 /* Build display for: Data Count */
10989 DataCount = GSHORT(pd, offset);
10993 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Count: %u", DataCount);
10997 offset += 2; /* Skip Data Count */
10999 /* Build display for: Data Offset */
11001 DataOffset = GSHORT(pd, offset);
11005 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
11009 offset += 2; /* Skip Data Offset */
11011 /* Build display for: Data Displacement */
11013 if (!BYTES_ARE_IN_FRAME(offset, 2))
11016 DataDisplacement = GSHORT(pd, offset);
11017 si.ddisp = DataDisplacement;
11021 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Displacement: %u", DataDisplacement);
11025 offset += 2; /* Skip Data Displacement */
11027 /* Build display for: Setup Count */
11029 SetupCount = GBYTE(pd, offset);
11033 proto_tree_add_text(tree, NullTVB, offset, 1, "Setup Count: %u", SetupCount);
11037 offset += 1; /* Skip Setup Count */
11040 /* Build display for: Reserved3 */
11042 Reserved3 = GBYTE(pd, offset);
11046 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved3: %u", Reserved3);
11051 offset += 1; /* Skip Reserved3 */
11053 SetupAreaOffset = offset;
11055 /* Build display for: Setup */
11057 if (SetupCount > 0) {
11059 int i = SetupCount;
11061 Setup = GSHORT(pd, offset);
11063 for (i = 1; i <= SetupCount; i++) {
11065 Setup = GSHORT(pd, offset);
11069 proto_tree_add_text(tree, NullTVB, offset, 2, "Setup%i: %u", i, Setup);
11073 offset += 2; /* Skip Setup */
11079 /* Build display for: Byte Count (BCC) */
11081 ByteCount = GSHORT(pd, offset);
11085 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
11089 offset += 2; /* Skip Byte Count (BCC) */
11091 /* Build display for: Pad1 */
11093 if (offset < (SMB_offset + ParameterOffset)) {
11095 int pad1Count = SMB_offset + ParameterOffset - offset;
11097 /* Build display for: Pad1 */
11101 proto_tree_add_text(tree, NullTVB, offset, pad1Count, "Pad1: %s",
11102 bytes_to_str(pd + offset, pad1Count));
11105 offset += pad1Count; /* Skip Pad1 */
11109 if (request_val != NULL)
11110 TransactName = request_val -> last_transact_command;
11112 TransactName = NULL;
11115 * Make an entry for this, if it's continued; get the entry for
11116 * the message of which it's a continuation, and get the transaction
11117 * name for that message, if it's a continuation.
11119 * XXX - eventually, do reassembly of all the continuations, so
11120 * we can dissect the entire reply.
11122 si.continuation_val = do_continuation_hashing(conversation, si, fd,
11123 TotalDataCount, DataCount,
11125 dissect_transact_params(pd, offset, fd, parent, tree, si, max_data,
11126 SMB_offset, DataOffset, DataCount,
11127 ParameterOffset, ParameterCount,
11128 SetupAreaOffset, SetupCount, TransactName);
11138 static void (*dissect[256])(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info, int, int) = {
11140 dissect_createdir_smb, /* unknown SMB 0x00 */
11141 dissect_deletedir_smb, /* unknown SMB 0x01 */
11142 dissect_unknown_smb, /* SMBopen open a file */
11143 dissect_create_file_smb, /* SMBcreate create a file */
11144 dissect_close_smb, /* SMBclose close a file */
11145 dissect_flush_file_smb, /* SMBflush flush a file */
11146 dissect_delete_file_smb, /* SMBunlink delete a file */
11147 dissect_rename_file_smb, /* SMBmv rename a file */
11148 dissect_get_file_attr_smb,/* SMBgetatr get file attributes */
11149 dissect_set_file_attr_smb,/* SMBsetatr set file attributes */
11150 dissect_read_file_smb, /* SMBread read from a file */
11151 dissect_write_file_smb, /* SMBwrite write to a file */
11152 dissect_lock_bytes_smb, /* SMBlock lock a byte range */
11153 dissect_unlock_bytes_smb, /* SMBunlock unlock a byte range */
11154 dissect_create_temporary_file_smb,/* SMBctemp create a temporary file */
11155 dissect_unknown_smb, /* SMBmknew make a new file */
11156 dissect_checkdir_smb, /* SMBchkpth check a directory path */
11157 dissect_process_exit_smb, /* SMBexit process exit */
11158 dissect_unknown_smb, /* SMBlseek seek */
11159 dissect_lock_and_read_smb,/* SMBlockread Lock a range and read it */
11160 dissect_write_and_unlock_smb,/* SMBwriteunlock Unlock a range and then write */
11161 dissect_unknown_smb, /* unknown SMB 0x15 */
11162 dissect_unknown_smb, /* unknown SMB 0x16 */
11163 dissect_unknown_smb, /* unknown SMB 0x17 */
11164 dissect_unknown_smb, /* unknown SMB 0x18 */
11165 dissect_unknown_smb, /* unknown SMB 0x19 */
11166 dissect_read_raw_smb, /* SMBreadBraw read block raw */
11167 dissect_read_mpx_smb, /* SMBreadBmpx read block multiplexed */
11168 dissect_unknown_smb, /* SMBreadBs read block (secondary response) */
11169 dissect_write_raw_smb, /* SMBwriteBraw write block raw */
11170 dissect_write_mpx_smb, /* SMBwriteBmpx write block multiplexed */
11171 dissect_unknown_smb, /* SMBwriteBs write block (secondary request) */
11172 dissect_unknown_smb, /* SMBwriteC write complete response */
11173 dissect_unknown_smb, /* unknown SMB 0x21 */
11174 dissect_set_info2_smb, /* SMBsetattrE set file attributes expanded */
11175 dissect_query_info2_smb, /* SMBgetattrE get file attributes expanded */
11176 dissect_locking_andx_smb, /* SMBlockingX lock/unlock byte ranges and X */
11177 dissect_transact_smb, /* SMBtrans transaction - name, bytes in/out */
11178 dissect_unknown_smb, /* SMBtranss transaction (secondary request/response) */
11179 dissect_unknown_smb, /* SMBioctl IOCTL */
11180 dissect_unknown_smb, /* SMBioctls IOCTL (secondary request/response) */
11181 dissect_unknown_smb, /* SMBcopy copy */
11182 dissect_move_smb, /* SMBmove move */
11183 dissect_unknown_smb, /* SMBecho echo */
11184 dissect_unknown_smb, /* SMBwriteclose write a file and then close it */
11185 dissect_open_andx_smb, /* SMBopenX open and X */
11186 dissect_read_andx_smb, /* SMBreadX read and X */
11187 dissect_unknown_smb, /* SMBwriteX write and X */
11188 dissect_unknown_smb, /* unknown SMB 0x30 */
11189 dissect_unknown_smb, /* unknown SMB 0x31 */
11190 dissect_transact2_smb, /* unknown SMB 0x32 */
11191 dissect_unknown_smb, /* unknown SMB 0x33 */
11192 dissect_find_close2_smb, /* unknown SMB 0x34 */
11193 dissect_unknown_smb, /* unknown SMB 0x35 */
11194 dissect_unknown_smb, /* unknown SMB 0x36 */
11195 dissect_unknown_smb, /* unknown SMB 0x37 */
11196 dissect_unknown_smb, /* unknown SMB 0x38 */
11197 dissect_unknown_smb, /* unknown SMB 0x39 */
11198 dissect_unknown_smb, /* unknown SMB 0x3a */
11199 dissect_unknown_smb, /* unknown SMB 0x3b */
11200 dissect_unknown_smb, /* unknown SMB 0x3c */
11201 dissect_unknown_smb, /* unknown SMB 0x3d */
11202 dissect_unknown_smb, /* unknown SMB 0x3e */
11203 dissect_unknown_smb, /* unknown SMB 0x3f */
11204 dissect_unknown_smb, /* unknown SMB 0x40 */
11205 dissect_unknown_smb, /* unknown SMB 0x41 */
11206 dissect_unknown_smb, /* unknown SMB 0x42 */
11207 dissect_unknown_smb, /* unknown SMB 0x43 */
11208 dissect_unknown_smb, /* unknown SMB 0x44 */
11209 dissect_unknown_smb, /* unknown SMB 0x45 */
11210 dissect_unknown_smb, /* unknown SMB 0x46 */
11211 dissect_unknown_smb, /* unknown SMB 0x47 */
11212 dissect_unknown_smb, /* unknown SMB 0x48 */
11213 dissect_unknown_smb, /* unknown SMB 0x49 */
11214 dissect_unknown_smb, /* unknown SMB 0x4a */
11215 dissect_unknown_smb, /* unknown SMB 0x4b */
11216 dissect_unknown_smb, /* unknown SMB 0x4c */
11217 dissect_unknown_smb, /* unknown SMB 0x4d */
11218 dissect_unknown_smb, /* unknown SMB 0x4e */
11219 dissect_unknown_smb, /* unknown SMB 0x4f */
11220 dissect_unknown_smb, /* unknown SMB 0x50 */
11221 dissect_unknown_smb, /* unknown SMB 0x51 */
11222 dissect_unknown_smb, /* unknown SMB 0x52 */
11223 dissect_unknown_smb, /* unknown SMB 0x53 */
11224 dissect_unknown_smb, /* unknown SMB 0x54 */
11225 dissect_unknown_smb, /* unknown SMB 0x55 */
11226 dissect_unknown_smb, /* unknown SMB 0x56 */
11227 dissect_unknown_smb, /* unknown SMB 0x57 */
11228 dissect_unknown_smb, /* unknown SMB 0x58 */
11229 dissect_unknown_smb, /* unknown SMB 0x59 */
11230 dissect_unknown_smb, /* unknown SMB 0x5a */
11231 dissect_unknown_smb, /* unknown SMB 0x5b */
11232 dissect_unknown_smb, /* unknown SMB 0x5c */
11233 dissect_unknown_smb, /* unknown SMB 0x5d */
11234 dissect_unknown_smb, /* unknown SMB 0x5e */
11235 dissect_unknown_smb, /* unknown SMB 0x5f */
11236 dissect_unknown_smb, /* unknown SMB 0x60 */
11237 dissect_unknown_smb, /* unknown SMB 0x61 */
11238 dissect_unknown_smb, /* unknown SMB 0x62 */
11239 dissect_unknown_smb, /* unknown SMB 0x63 */
11240 dissect_unknown_smb, /* unknown SMB 0x64 */
11241 dissect_unknown_smb, /* unknown SMB 0x65 */
11242 dissect_unknown_smb, /* unknown SMB 0x66 */
11243 dissect_unknown_smb, /* unknown SMB 0x67 */
11244 dissect_unknown_smb, /* unknown SMB 0x68 */
11245 dissect_unknown_smb, /* unknown SMB 0x69 */
11246 dissect_unknown_smb, /* unknown SMB 0x6a */
11247 dissect_unknown_smb, /* unknown SMB 0x6b */
11248 dissect_unknown_smb, /* unknown SMB 0x6c */
11249 dissect_unknown_smb, /* unknown SMB 0x6d */
11250 dissect_unknown_smb, /* unknown SMB 0x6e */
11251 dissect_unknown_smb, /* unknown SMB 0x6f */
11252 dissect_treecon_smb, /* SMBtcon tree connect */
11253 dissect_tdis_smb, /* SMBtdis tree disconnect */
11254 dissect_negprot_smb, /* SMBnegprot negotiate a protocol */
11255 dissect_ssetup_andx_smb, /* SMBsesssetupX Session Set Up & X (including User Logon) */
11256 dissect_logoff_andx_smb, /* SMBlogof Logoff & X */
11257 dissect_tcon_andx_smb, /* SMBtconX tree connect and X */
11258 dissect_unknown_smb, /* unknown SMB 0x76 */
11259 dissect_unknown_smb, /* unknown SMB 0x77 */
11260 dissect_unknown_smb, /* unknown SMB 0x78 */
11261 dissect_unknown_smb, /* unknown SMB 0x79 */
11262 dissect_unknown_smb, /* unknown SMB 0x7a */
11263 dissect_unknown_smb, /* unknown SMB 0x7b */
11264 dissect_unknown_smb, /* unknown SMB 0x7c */
11265 dissect_unknown_smb, /* unknown SMB 0x7d */
11266 dissect_unknown_smb, /* unknown SMB 0x7e */
11267 dissect_unknown_smb, /* unknown SMB 0x7f */
11268 dissect_get_disk_attr_smb,/* SMBdskattr get disk attributes */
11269 dissect_search_dir_smb, /* SMBsearch search a directory */
11270 dissect_unknown_smb, /* SMBffirst find first */
11271 dissect_unknown_smb, /* SMBfunique find unique */
11272 dissect_unknown_smb, /* SMBfclose find close */
11273 dissect_unknown_smb, /* unknown SMB 0x85 */
11274 dissect_unknown_smb, /* unknown SMB 0x86 */
11275 dissect_unknown_smb, /* unknown SMB 0x87 */
11276 dissect_unknown_smb, /* unknown SMB 0x88 */
11277 dissect_unknown_smb, /* unknown SMB 0x89 */
11278 dissect_unknown_smb, /* unknown SMB 0x8a */
11279 dissect_unknown_smb, /* unknown SMB 0x8b */
11280 dissect_unknown_smb, /* unknown SMB 0x8c */
11281 dissect_unknown_smb, /* unknown SMB 0x8d */
11282 dissect_unknown_smb, /* unknown SMB 0x8e */
11283 dissect_unknown_smb, /* unknown SMB 0x8f */
11284 dissect_unknown_smb, /* unknown SMB 0x90 */
11285 dissect_unknown_smb, /* unknown SMB 0x91 */
11286 dissect_unknown_smb, /* unknown SMB 0x92 */
11287 dissect_unknown_smb, /* unknown SMB 0x93 */
11288 dissect_unknown_smb, /* unknown SMB 0x94 */
11289 dissect_unknown_smb, /* unknown SMB 0x95 */
11290 dissect_unknown_smb, /* unknown SMB 0x96 */
11291 dissect_unknown_smb, /* unknown SMB 0x97 */
11292 dissect_unknown_smb, /* unknown SMB 0x98 */
11293 dissect_unknown_smb, /* unknown SMB 0x99 */
11294 dissect_unknown_smb, /* unknown SMB 0x9a */
11295 dissect_unknown_smb, /* unknown SMB 0x9b */
11296 dissect_unknown_smb, /* unknown SMB 0x9c */
11297 dissect_unknown_smb, /* unknown SMB 0x9d */
11298 dissect_unknown_smb, /* unknown SMB 0x9e */
11299 dissect_unknown_smb, /* unknown SMB 0x9f */
11300 dissect_unknown_smb, /* unknown SMB 0xa0 */
11301 dissect_unknown_smb, /* unknown SMB 0xa1 */
11302 dissect_unknown_smb, /* unknown SMB 0xa2 */
11303 dissect_unknown_smb, /* unknown SMB 0xa3 */
11304 dissect_unknown_smb, /* unknown SMB 0xa4 */
11305 dissect_unknown_smb, /* unknown SMB 0xa5 */
11306 dissect_unknown_smb, /* unknown SMB 0xa6 */
11307 dissect_unknown_smb, /* unknown SMB 0xa7 */
11308 dissect_unknown_smb, /* unknown SMB 0xa8 */
11309 dissect_unknown_smb, /* unknown SMB 0xa9 */
11310 dissect_unknown_smb, /* unknown SMB 0xaa */
11311 dissect_unknown_smb, /* unknown SMB 0xab */
11312 dissect_unknown_smb, /* unknown SMB 0xac */
11313 dissect_unknown_smb, /* unknown SMB 0xad */
11314 dissect_unknown_smb, /* unknown SMB 0xae */
11315 dissect_unknown_smb, /* unknown SMB 0xaf */
11316 dissect_unknown_smb, /* unknown SMB 0xb0 */
11317 dissect_unknown_smb, /* unknown SMB 0xb1 */
11318 dissect_unknown_smb, /* unknown SMB 0xb2 */
11319 dissect_unknown_smb, /* unknown SMB 0xb3 */
11320 dissect_unknown_smb, /* unknown SMB 0xb4 */
11321 dissect_unknown_smb, /* unknown SMB 0xb5 */
11322 dissect_unknown_smb, /* unknown SMB 0xb6 */
11323 dissect_unknown_smb, /* unknown SMB 0xb7 */
11324 dissect_unknown_smb, /* unknown SMB 0xb8 */
11325 dissect_unknown_smb, /* unknown SMB 0xb9 */
11326 dissect_unknown_smb, /* unknown SMB 0xba */
11327 dissect_unknown_smb, /* unknown SMB 0xbb */
11328 dissect_unknown_smb, /* unknown SMB 0xbc */
11329 dissect_unknown_smb, /* unknown SMB 0xbd */
11330 dissect_unknown_smb, /* unknown SMB 0xbe */
11331 dissect_unknown_smb, /* unknown SMB 0xbf */
11332 dissect_unknown_smb, /* SMBsplopen open a print spool file */
11333 dissect_write_print_file_smb,/* SMBsplwr write to a print spool file */
11334 dissect_close_print_file_smb,/* SMBsplclose close a print spool file */
11335 dissect_get_print_queue_smb, /* SMBsplretq return print queue */
11336 dissect_unknown_smb, /* unknown SMB 0xc4 */
11337 dissect_unknown_smb, /* unknown SMB 0xc5 */
11338 dissect_unknown_smb, /* unknown SMB 0xc6 */
11339 dissect_unknown_smb, /* unknown SMB 0xc7 */
11340 dissect_unknown_smb, /* unknown SMB 0xc8 */
11341 dissect_unknown_smb, /* unknown SMB 0xc9 */
11342 dissect_unknown_smb, /* unknown SMB 0xca */
11343 dissect_unknown_smb, /* unknown SMB 0xcb */
11344 dissect_unknown_smb, /* unknown SMB 0xcc */
11345 dissect_unknown_smb, /* unknown SMB 0xcd */
11346 dissect_unknown_smb, /* unknown SMB 0xce */
11347 dissect_unknown_smb, /* unknown SMB 0xcf */
11348 dissect_unknown_smb, /* SMBsends send a single block message */
11349 dissect_unknown_smb, /* SMBsendb send a broadcast message */
11350 dissect_unknown_smb, /* SMBfwdname forward user name */
11351 dissect_unknown_smb, /* SMBcancelf cancel forward */
11352 dissect_unknown_smb, /* SMBgetmac get a machine name */
11353 dissect_unknown_smb, /* SMBsendstrt send start of multi-block message */
11354 dissect_unknown_smb, /* SMBsendend send end of multi-block message */
11355 dissect_unknown_smb, /* SMBsendtxt send text of multi-block message */
11356 dissect_unknown_smb, /* unknown SMB 0xd8 */
11357 dissect_unknown_smb, /* unknown SMB 0xd9 */
11358 dissect_unknown_smb, /* unknown SMB 0xda */
11359 dissect_unknown_smb, /* unknown SMB 0xdb */
11360 dissect_unknown_smb, /* unknown SMB 0xdc */
11361 dissect_unknown_smb, /* unknown SMB 0xdd */
11362 dissect_unknown_smb, /* unknown SMB 0xde */
11363 dissect_unknown_smb, /* unknown SMB 0xdf */
11364 dissect_unknown_smb, /* unknown SMB 0xe0 */
11365 dissect_unknown_smb, /* unknown SMB 0xe1 */
11366 dissect_unknown_smb, /* unknown SMB 0xe2 */
11367 dissect_unknown_smb, /* unknown SMB 0xe3 */
11368 dissect_unknown_smb, /* unknown SMB 0xe4 */
11369 dissect_unknown_smb, /* unknown SMB 0xe5 */
11370 dissect_unknown_smb, /* unknown SMB 0xe6 */
11371 dissect_unknown_smb, /* unknown SMB 0xe7 */
11372 dissect_unknown_smb, /* unknown SMB 0xe8 */
11373 dissect_unknown_smb, /* unknown SMB 0xe9 */
11374 dissect_unknown_smb, /* unknown SMB 0xea */
11375 dissect_unknown_smb, /* unknown SMB 0xeb */
11376 dissect_unknown_smb, /* unknown SMB 0xec */
11377 dissect_unknown_smb, /* unknown SMB 0xed */
11378 dissect_unknown_smb, /* unknown SMB 0xee */
11379 dissect_unknown_smb, /* unknown SMB 0xef */
11380 dissect_unknown_smb, /* unknown SMB 0xf0 */
11381 dissect_unknown_smb, /* unknown SMB 0xf1 */
11382 dissect_unknown_smb, /* unknown SMB 0xf2 */
11383 dissect_unknown_smb, /* unknown SMB 0xf3 */
11384 dissect_unknown_smb, /* unknown SMB 0xf4 */
11385 dissect_unknown_smb, /* unknown SMB 0xf5 */
11386 dissect_unknown_smb, /* unknown SMB 0xf6 */
11387 dissect_unknown_smb, /* unknown SMB 0xf7 */
11388 dissect_unknown_smb, /* unknown SMB 0xf8 */
11389 dissect_unknown_smb, /* unknown SMB 0xf9 */
11390 dissect_unknown_smb, /* unknown SMB 0xfa */
11391 dissect_unknown_smb, /* unknown SMB 0xfb */
11392 dissect_unknown_smb, /* unknown SMB 0xfc */
11393 dissect_unknown_smb, /* unknown SMB 0xfd */
11394 dissect_unknown_smb, /* SMBinvalid invalid command */
11395 dissect_unknown_smb /* unknown SMB 0xff */
11399 static const value_string errcls_types[] = {
11400 { SMB_SUCCESS, "Success"},
11401 { SMB_ERRDOS, "DOS Error"},
11402 { SMB_ERRSRV, "Server Error"},
11403 { SMB_ERRHRD, "Hardware Error"},
11404 { SMB_ERRCMD, "Command Error - Not an SMB format command"},
11408 char *decode_smb_name(unsigned char cmd)
11411 return(SMB_names[cmd]);
11415 static const value_string DOS_errors[] = {
11416 {SMBE_badfunc, "Invalid function (or system call)"},
11417 {SMBE_badfile, "File not found (pathname error)"},
11418 {SMBE_badpath, "Directory not found"},
11419 {SMBE_nofids, "Too many open files"},
11420 {SMBE_noaccess, "Access denied"},
11421 {SMBE_badfid, "Invalid fid"},
11422 {SMBE_nomem, "Out of memory"},
11423 {SMBE_badmem, "Invalid memory block address"},
11424 {SMBE_badenv, "Invalid environment"},
11425 {SMBE_badaccess, "Invalid open mode"},
11426 {SMBE_baddata, "Invalid data (only from ioctl call)"},
11427 {SMBE_res, "Reserved error code?"},
11428 {SMBE_baddrive, "Invalid drive"},
11429 {SMBE_remcd, "Attempt to delete current directory"},
11430 {SMBE_diffdevice, "Rename/move across different filesystems"},
11431 {SMBE_nofiles, "no more files found in file search"},
11432 {SMBE_badshare, "Share mode on file conflict with open mode"},
11433 {SMBE_lock, "Lock request conflicts with existing lock"},
11434 {SMBE_unsup, "Request unsupported, returned by Win 95"},
11435 {SMBE_nosuchshare, "Requested share does not exist"},
11436 {SMBE_filexists, "File in operation already exists"},
11437 {SMBE_cannotopen, "Cannot open the file specified"},
11438 {SMBE_unknownlevel, "Unknown level??"},
11439 {SMBE_badpipe, "Named pipe invalid"},
11440 {SMBE_pipebusy, "All instances of pipe are busy"},
11441 {SMBE_pipeclosing, "Named pipe close in progress"},
11442 {SMBE_notconnected, "No process on other end of named pipe"},
11443 {SMBE_moredata, "More data to be returned"},
11444 {SMBE_baddirectory, "Invalid directory name in a path."},
11445 {SMBE_eas_didnt_fit, "Extended attributes didn't fit"},
11446 {SMBE_eas_nsup, "Extended attributes not supported"},
11447 {SMBE_notify_buf_small, "Buffer too small to return change notify."},
11448 {SMBE_unknownipc, "Unknown IPC Operation"},
11449 {SMBE_noipc, "Don't support ipc"},
11453 /* Error codes for the ERRSRV class */
11455 static const value_string SRV_errors[] = {
11456 {SMBE_error, "Non specific error code"},
11457 {SMBE_badpw, "Bad password"},
11458 {SMBE_badtype, "Reserved"},
11459 {SMBE_access, "No permissions to perform the requested operation"},
11460 {SMBE_invnid, "TID invalid"},
11461 {SMBE_invnetname, "Invalid network name. Service not found"},
11462 {SMBE_invdevice, "Invalid device"},
11463 {SMBE_unknownsmb, "Unknown SMB, from NT 3.5 response"},
11464 {SMBE_qfull, "Print queue full"},
11465 {SMBE_qtoobig, "Queued item too big"},
11466 {SMBE_qeof, "EOF on print queue dump"},
11467 {SMBE_invpfid, "Invalid print file in smb_fid"},
11468 {SMBE_smbcmd, "Unrecognised command"},
11469 {SMBE_srverror, "SMB server internal error"},
11470 {SMBE_filespecs, "Fid and pathname invalid combination"},
11471 {SMBE_badlink, "Bad link in request ???"},
11472 {SMBE_badpermits, "Access specified for a file is not valid"},
11473 {SMBE_badpid, "Bad process id in request"},
11474 {SMBE_setattrmode, "Attribute mode invalid"},
11475 {SMBE_paused, "Message server paused"},
11476 {SMBE_msgoff, "Not receiving messages"},
11477 {SMBE_noroom, "No room for message"},
11478 {SMBE_rmuns, "Too many remote usernames"},
11479 {SMBE_timeout, "Operation timed out"},
11480 {SMBE_noresource, "No resources currently available for request."},
11481 {SMBE_toomanyuids, "Too many userids"},
11482 {SMBE_baduid, "Bad userid"},
11483 {SMBE_useMPX, "Temporarily unable to use raw mode, use MPX mode"},
11484 {SMBE_useSTD, "Temporarily unable to use raw mode, use standard mode"},
11485 {SMBE_contMPX, "Resume MPX mode"},
11486 {SMBE_badPW, "Bad Password???"},
11487 {SMBE_nosupport, "Operation not supported"},
11491 /* Error codes for the ERRHRD class */
11493 static const value_string HRD_errors[] = {
11494 {SMBE_nowrite, "read only media"},
11495 {SMBE_badunit, "Unknown device"},
11496 {SMBE_notready, "Drive not ready"},
11497 {SMBE_badcmd, "Unknown command"},
11498 {SMBE_data, "Data (CRC) error"},
11499 {SMBE_badreq, "Bad request structure length"},
11500 {SMBE_seek, "Seek error???"},
11501 {SMBE_badmedia, "Bad media???"},
11502 {SMBE_badsector, "Bad sector???"},
11503 {SMBE_nopaper, "No paper in printer???"},
11504 {SMBE_write, "Write error???"},
11505 {SMBE_read, "Read error???"},
11506 {SMBE_general, "General error???"},
11507 {SMBE_badshare, "A open conflicts with an existing open"},
11508 {SMBE_lock, "Lock/unlock error"},
11509 {SMBE_wrongdisk, "Wrong disk???"},
11510 {SMBE_FCBunavail, "FCB unavailable???"},
11511 {SMBE_sharebufexc, "Share buffer excluded???"},
11512 {SMBE_diskfull, "Disk full???"},
11516 char *decode_smb_error(guint8 errcls, guint16 errcode)
11523 return("No Error"); /* No error ??? */
11528 return(val_to_str(errcode, DOS_errors, "Unknown DOS error (%x)"));
11533 return(val_to_str(errcode, SRV_errors, "Unknown SRV error (%x)"));
11538 return(val_to_str(errcode, HRD_errors, "Unknown HRD error (%x)"));
11543 return("Unknown error class!");
11554 * http://www.wildpackets.com/elements/SMB_NT_Status_Codes.txt
11556 static const value_string NT_errors[] = {
11557 { 0x00000000, "STATUS_SUCCESS" },
11558 { 0x00000000, "STATUS_WAIT_0" },
11559 { 0x00000001, "STATUS_WAIT_1" },
11560 { 0x00000002, "STATUS_WAIT_2" },
11561 { 0x00000003, "STATUS_WAIT_3" },
11562 { 0x0000003F, "STATUS_WAIT_63" },
11563 { 0x00000080, "STATUS_ABANDONED" },
11564 { 0x00000080, "STATUS_ABANDONED_WAIT_0" },
11565 { 0x000000BF, "STATUS_ABANDONED_WAIT_63" },
11566 { 0x000000C0, "STATUS_USER_APC" },
11567 { 0x00000100, "STATUS_KERNEL_APC" },
11568 { 0x00000101, "STATUS_ALERTED" },
11569 { 0x00000102, "STATUS_TIMEOUT" },
11570 { 0x00000103, "STATUS_PENDING" },
11571 { 0x00000104, "STATUS_REPARSE" },
11572 { 0x00000105, "STATUS_MORE_ENTRIES" },
11573 { 0x00000106, "STATUS_NOT_ALL_ASSIGNED" },
11574 { 0x00000107, "STATUS_SOME_NOT_MAPPED" },
11575 { 0x00000108, "STATUS_OPLOCK_BREAK_IN_PROGRESS" },
11576 { 0x00000109, "STATUS_VOLUME_MOUNTED" },
11577 { 0x0000010A, "STATUS_RXACT_COMMITTED" },
11578 { 0x0000010B, "STATUS_NOTIFY_CLEANUP" },
11579 { 0x0000010C, "STATUS_NOTIFY_ENUM_DIR" },
11580 { 0x0000010D, "STATUS_NO_QUOTAS_FOR_ACCOUNT" },
11581 { 0x0000010E, "STATUS_PRIMARY_TRANSPORT_CONNECT_FAILED" },
11582 { 0x00000110, "STATUS_PAGE_FAULT_TRANSITION" },
11583 { 0x00000111, "STATUS_PAGE_FAULT_DEMAND_ZERO" },
11584 { 0x00000112, "STATUS_PAGE_FAULT_COPY_ON_WRITE" },
11585 { 0x00000113, "STATUS_PAGE_FAULT_GUARD_PAGE" },
11586 { 0x00000114, "STATUS_PAGE_FAULT_PAGING_FILE" },
11587 { 0x00000115, "STATUS_CACHE_PAGE_LOCKED" },
11588 { 0x00000116, "STATUS_CRASH_DUMP" },
11589 { 0x00000117, "STATUS_BUFFER_ALL_ZEROS" },
11590 { 0x00000118, "STATUS_REPARSE_OBJECT" },
11591 { 0x40000000, "STATUS_OBJECT_NAME_EXISTS" },
11592 { 0x40000001, "STATUS_THREAD_WAS_SUSPENDED" },
11593 { 0x40000002, "STATUS_WORKING_SET_LIMIT_RANGE" },
11594 { 0x40000003, "STATUS_IMAGE_NOT_AT_BASE" },
11595 { 0x40000004, "STATUS_RXACT_STATE_CREATED" },
11596 { 0x40000005, "STATUS_SEGMENT_NOTIFICATION" },
11597 { 0x40000006, "STATUS_LOCAL_USER_SESSION_KEY" },
11598 { 0x40000007, "STATUS_BAD_CURRENT_DIRECTORY" },
11599 { 0x40000008, "STATUS_SERIAL_MORE_WRITES" },
11600 { 0x40000009, "STATUS_REGISTRY_RECOVERED" },
11601 { 0x4000000A, "STATUS_FT_READ_RECOVERY_FROM_BACKUP" },
11602 { 0x4000000B, "STATUS_FT_WRITE_RECOVERY" },
11603 { 0x4000000C, "STATUS_SERIAL_COUNTER_TIMEOUT" },
11604 { 0x4000000D, "STATUS_NULL_LM_PASSWORD" },
11605 { 0x4000000E, "STATUS_IMAGE_MACHINE_TYPE_MISMATCH" },
11606 { 0x4000000F, "STATUS_RECEIVE_PARTIAL" },
11607 { 0x40000010, "STATUS_RECEIVE_EXPEDITED" },
11608 { 0x40000011, "STATUS_RECEIVE_PARTIAL_EXPEDITED" },
11609 { 0x40000012, "STATUS_EVENT_DONE" },
11610 { 0x40000013, "STATUS_EVENT_PENDING" },
11611 { 0x40000014, "STATUS_CHECKING_FILE_SYSTEM" },
11612 { 0x40000015, "STATUS_FATAL_APP_EXIT" },
11613 { 0x40000016, "STATUS_PREDEFINED_HANDLE" },
11614 { 0x40000017, "STATUS_WAS_UNLOCKED" },
11615 { 0x40000018, "STATUS_SERVICE_NOTIFICATION" },
11616 { 0x40000019, "STATUS_WAS_LOCKED" },
11617 { 0x4000001A, "STATUS_LOG_HARD_ERROR" },
11618 { 0x4000001B, "STATUS_ALREADY_WIN32" },
11619 { 0x4000001C, "STATUS_WX86_UNSIMULATE" },
11620 { 0x4000001D, "STATUS_WX86_CONTINUE" },
11621 { 0x4000001E, "STATUS_WX86_SINGLE_STEP" },
11622 { 0x4000001F, "STATUS_WX86_BREAKPOINT" },
11623 { 0x40000020, "STATUS_WX86_EXCEPTION_CONTINUE" },
11624 { 0x40000021, "STATUS_WX86_EXCEPTION_LASTCHANCE" },
11625 { 0x40000022, "STATUS_WX86_EXCEPTION_CHAIN" },
11626 { 0x40000023, "STATUS_IMAGE_MACHINE_TYPE_MISMATCH_EXE" },
11627 { 0x40000024, "STATUS_NO_YIELD_PERFORMED" },
11628 { 0x40000025, "STATUS_TIMER_RESUME_IGNORED" },
11629 { 0x80000001, "STATUS_GUARD_PAGE_VIOLATION" },
11630 { 0x80000002, "STATUS_DATATYPE_MISALIGNMENT" },
11631 { 0x80000003, "STATUS_BREAKPOINT" },
11632 { 0x80000004, "STATUS_SINGLE_STEP" },
11633 { 0x80000005, "STATUS_BUFFER_OVERFLOW" },
11634 { 0x80000006, "STATUS_NO_MORE_FILES" },
11635 { 0x80000007, "STATUS_WAKE_SYSTEM_DEBUGGER" },
11636 { 0x8000000A, "STATUS_HANDLES_CLOSED" },
11637 { 0x8000000B, "STATUS_NO_INHERITANCE" },
11638 { 0x8000000C, "STATUS_GUID_SUBSTITUTION_MADE" },
11639 { 0x8000000D, "STATUS_PARTIAL_COPY" },
11640 { 0x8000000E, "STATUS_DEVICE_PAPER_EMPTY" },
11641 { 0x8000000F, "STATUS_DEVICE_POWERED_OFF" },
11642 { 0x80000010, "STATUS_DEVICE_OFF_LINE" },
11643 { 0x80000011, "STATUS_DEVICE_BUSY" },
11644 { 0x80000012, "STATUS_NO_MORE_EAS" },
11645 { 0x80000013, "STATUS_INVALID_EA_NAME" },
11646 { 0x80000014, "STATUS_EA_LIST_INCONSISTENT" },
11647 { 0x80000015, "STATUS_INVALID_EA_FLAG" },
11648 { 0x80000016, "STATUS_VERIFY_REQUIRED" },
11649 { 0x80000017, "STATUS_EXTRANEOUS_INFORMATION" },
11650 { 0x80000018, "STATUS_RXACT_COMMIT_NECESSARY" },
11651 { 0x8000001A, "STATUS_NO_MORE_ENTRIES" },
11652 { 0x8000001B, "STATUS_FILEMARK_DETECTED" },
11653 { 0x8000001C, "STATUS_MEDIA_CHANGED" },
11654 { 0x8000001D, "STATUS_BUS_RESET" },
11655 { 0x8000001E, "STATUS_END_OF_MEDIA" },
11656 { 0x8000001F, "STATUS_BEGINNING_OF_MEDIA" },
11657 { 0x80000020, "STATUS_MEDIA_CHECK" },
11658 { 0x80000021, "STATUS_SETMARK_DETECTED" },
11659 { 0x80000022, "STATUS_NO_DATA_DETECTED" },
11660 { 0x80000023, "STATUS_REDIRECTOR_HAS_OPEN_HANDLES" },
11661 { 0x80000024, "STATUS_SERVER_HAS_OPEN_HANDLES" },
11662 { 0x80000025, "STATUS_ALREADY_DISCONNECTED" },
11663 { 0x80000026, "STATUS_LONGJUMP" },
11664 { 0xC0000001, "STATUS_UNSUCCESSFUL" },
11665 { 0xC0000002, "STATUS_NOT_IMPLEMENTED" },
11666 { 0xC0000003, "STATUS_INVALID_INFO_CLASS" },
11667 { 0xC0000004, "STATUS_INFO_LENGTH_MISMATCH" },
11668 { 0xC0000005, "STATUS_ACCESS_VIOLATION" },
11669 { 0xC0000006, "STATUS_IN_PAGE_ERROR" },
11670 { 0xC0000007, "STATUS_PAGEFILE_QUOTA" },
11671 { 0xC0000008, "STATUS_INVALID_HANDLE" },
11672 { 0xC0000009, "STATUS_BAD_INITIAL_STACK" },
11673 { 0xC000000A, "STATUS_BAD_INITIAL_PC" },
11674 { 0xC000000B, "STATUS_INVALID_CID" },
11675 { 0xC000000C, "STATUS_TIMER_NOT_CANCELED" },
11676 { 0xC000000D, "STATUS_INVALID_PARAMETER" },
11677 { 0xC000000E, "STATUS_NO_SUCH_DEVICE" },
11678 { 0xC000000F, "STATUS_NO_SUCH_FILE" },
11679 { 0xC0000010, "STATUS_INVALID_DEVICE_REQUEST" },
11680 { 0xC0000011, "STATUS_END_OF_FILE" },
11681 { 0xC0000012, "STATUS_WRONG_VOLUME" },
11682 { 0xC0000013, "STATUS_NO_MEDIA_IN_DEVICE" },
11683 { 0xC0000014, "STATUS_UNRECOGNIZED_MEDIA" },
11684 { 0xC0000015, "STATUS_NONEXISTENT_SECTOR" },
11685 { 0xC0000016, "STATUS_MORE_PROCESSING_REQUIRED" },
11686 { 0xC0000017, "STATUS_NO_MEMORY" },
11687 { 0xC0000018, "STATUS_CONFLICTING_ADDRESSES" },
11688 { 0xC0000019, "STATUS_NOT_MAPPED_VIEW" },
11689 { 0xC000001A, "STATUS_UNABLE_TO_FREE_VM" },
11690 { 0xC000001B, "STATUS_UNABLE_TO_DELETE_SECTION" },
11691 { 0xC000001C, "STATUS_INVALID_SYSTEM_SERVICE" },
11692 { 0xC000001D, "STATUS_ILLEGAL_INSTRUCTION" },
11693 { 0xC000001E, "STATUS_INVALID_LOCK_SEQUENCE" },
11694 { 0xC000001F, "STATUS_INVALID_VIEW_SIZE" },
11695 { 0xC0000020, "STATUS_INVALID_FILE_FOR_SECTION" },
11696 { 0xC0000021, "STATUS_ALREADY_COMMITTED" },
11697 { 0xC0000022, "STATUS_ACCESS_DENIED" },
11698 { 0xC0000023, "STATUS_BUFFER_TOO_SMALL" },
11699 { 0xC0000024, "STATUS_OBJECT_TYPE_MISMATCH" },
11700 { 0xC0000025, "STATUS_NONCONTINUABLE_EXCEPTION" },
11701 { 0xC0000026, "STATUS_INVALID_DISPOSITION" },
11702 { 0xC0000027, "STATUS_UNWIND" },
11703 { 0xC0000028, "STATUS_BAD_STACK" },
11704 { 0xC0000029, "STATUS_INVALID_UNWIND_TARGET" },
11705 { 0xC000002A, "STATUS_NOT_LOCKED" },
11706 { 0xC000002B, "STATUS_PARITY_ERROR" },
11707 { 0xC000002C, "STATUS_UNABLE_TO_DECOMMIT_VM" },
11708 { 0xC000002D, "STATUS_NOT_COMMITTED" },
11709 { 0xC000002E, "STATUS_INVALID_PORT_ATTRIBUTES" },
11710 { 0xC000002F, "STATUS_PORT_MESSAGE_TOO_LONG" },
11711 { 0xC0000030, "STATUS_INVALID_PARAMETER_MIX" },
11712 { 0xC0000031, "STATUS_INVALID_QUOTA_LOWER" },
11713 { 0xC0000032, "STATUS_DISK_CORRUPT_ERROR" },
11714 { 0xC0000033, "STATUS_OBJECT_NAME_INVALID" },
11715 { 0xC0000034, "STATUS_OBJECT_NAME_NOT_FOUND" },
11716 { 0xC0000035, "STATUS_OBJECT_NAME_COLLISION" },
11717 { 0xC0000037, "STATUS_PORT_DISCONNECTED" },
11718 { 0xC0000038, "STATUS_DEVICE_ALREADY_ATTACHED" },
11719 { 0xC0000039, "STATUS_OBJECT_PATH_INVALID" },
11720 { 0xC000003A, "STATUS_OBJECT_PATH_NOT_FOUND" },
11721 { 0xC000003B, "STATUS_OBJECT_PATH_SYNTAX_BAD" },
11722 { 0xC000003C, "STATUS_DATA_OVERRUN" },
11723 { 0xC000003D, "STATUS_DATA_LATE_ERROR" },
11724 { 0xC000003E, "STATUS_DATA_ERROR" },
11725 { 0xC000003F, "STATUS_CRC_ERROR" },
11726 { 0xC0000040, "STATUS_SECTION_TOO_BIG" },
11727 { 0xC0000041, "STATUS_PORT_CONNECTION_REFUSED" },
11728 { 0xC0000042, "STATUS_INVALID_PORT_HANDLE" },
11729 { 0xC0000043, "STATUS_SHARING_VIOLATION" },
11730 { 0xC0000044, "STATUS_QUOTA_EXCEEDED" },
11731 { 0xC0000045, "STATUS_INVALID_PAGE_PROTECTION" },
11732 { 0xC0000046, "STATUS_MUTANT_NOT_OWNED" },
11733 { 0xC0000047, "STATUS_SEMAPHORE_LIMIT_EXCEEDED" },
11734 { 0xC0000048, "STATUS_PORT_ALREADY_SET" },
11735 { 0xC0000049, "STATUS_SECTION_NOT_IMAGE" },
11736 { 0xC000004A, "STATUS_SUSPEND_COUNT_EXCEEDED" },
11737 { 0xC000004B, "STATUS_THREAD_IS_TERMINATING" },
11738 { 0xC000004C, "STATUS_BAD_WORKING_SET_LIMIT" },
11739 { 0xC000004D, "STATUS_INCOMPATIBLE_FILE_MAP" },
11740 { 0xC000004E, "STATUS_SECTION_PROTECTION" },
11741 { 0xC000004F, "STATUS_EAS_NOT_SUPPORTED" },
11742 { 0xC0000050, "STATUS_EA_TOO_LARGE" },
11743 { 0xC0000051, "STATUS_NONEXISTENT_EA_ENTRY" },
11744 { 0xC0000052, "STATUS_NO_EAS_ON_FILE" },
11745 { 0xC0000053, "STATUS_EA_CORRUPT_ERROR" },
11746 { 0xC0000054, "STATUS_FILE_LOCK_CONFLICT" },
11747 { 0xC0000055, "STATUS_LOCK_NOT_GRANTED" },
11748 { 0xC0000056, "STATUS_DELETE_PENDING" },
11749 { 0xC0000057, "STATUS_CTL_FILE_NOT_SUPPORTED" },
11750 { 0xC0000058, "STATUS_UNKNOWN_REVISION" },
11751 { 0xC0000059, "STATUS_REVISION_MISMATCH" },
11752 { 0xC000005A, "STATUS_INVALID_OWNER" },
11753 { 0xC000005B, "STATUS_INVALID_PRIMARY_GROUP" },
11754 { 0xC000005C, "STATUS_NO_IMPERSONATION_TOKEN" },
11755 { 0xC000005D, "STATUS_CANT_DISABLE_MANDATORY" },
11756 { 0xC000005E, "STATUS_NO_LOGON_SERVERS" },
11757 { 0xC000005F, "STATUS_NO_SUCH_LOGON_SESSION" },
11758 { 0xC0000060, "STATUS_NO_SUCH_PRIVILEGE" },
11759 { 0xC0000061, "STATUS_PRIVILEGE_NOT_HELD" },
11760 { 0xC0000062, "STATUS_INVALID_ACCOUNT_NAME" },
11761 { 0xC0000063, "STATUS_USER_EXISTS" },
11762 { 0xC0000064, "STATUS_NO_SUCH_USER" },
11763 { 0xC0000065, "STATUS_GROUP_EXISTS" },
11764 { 0xC0000066, "STATUS_NO_SUCH_GROUP" },
11765 { 0xC0000067, "STATUS_MEMBER_IN_GROUP" },
11766 { 0xC0000068, "STATUS_MEMBER_NOT_IN_GROUP" },
11767 { 0xC0000069, "STATUS_LAST_ADMIN" },
11768 { 0xC000006A, "STATUS_WRONG_PASSWORD" },
11769 { 0xC000006B, "STATUS_ILL_FORMED_PASSWORD" },
11770 { 0xC000006C, "STATUS_PASSWORD_RESTRICTION" },
11771 { 0xC000006D, "STATUS_LOGON_FAILURE" },
11772 { 0xC000006E, "STATUS_ACCOUNT_RESTRICTION" },
11773 { 0xC000006F, "STATUS_INVALID_LOGON_HOURS" },
11774 { 0xC0000070, "STATUS_INVALID_WORKSTATION" },
11775 { 0xC0000071, "STATUS_PASSWORD_EXPIRED" },
11776 { 0xC0000072, "STATUS_ACCOUNT_DISABLED" },
11777 { 0xC0000073, "STATUS_NONE_MAPPED" },
11778 { 0xC0000074, "STATUS_TOO_MANY_LUIDS_REQUESTED" },
11779 { 0xC0000075, "STATUS_LUIDS_EXHAUSTED" },
11780 { 0xC0000076, "STATUS_INVALID_SUB_AUTHORITY" },
11781 { 0xC0000077, "STATUS_INVALID_ACL" },
11782 { 0xC0000078, "STATUS_INVALID_SID" },
11783 { 0xC0000079, "STATUS_INVALID_SECURITY_DESCR" },
11784 { 0xC000007A, "STATUS_PROCEDURE_NOT_FOUND" },
11785 { 0xC000007B, "STATUS_INVALID_IMAGE_FORMAT" },
11786 { 0xC000007C, "STATUS_NO_TOKEN" },
11787 { 0xC000007D, "STATUS_BAD_INHERITANCE_ACL" },
11788 { 0xC000007E, "STATUS_RANGE_NOT_LOCKED" },
11789 { 0xC000007F, "STATUS_DISK_FULL" },
11790 { 0xC0000080, "STATUS_SERVER_DISABLED" },
11791 { 0xC0000081, "STATUS_SERVER_NOT_DISABLED" },
11792 { 0xC0000082, "STATUS_TOO_MANY_GUIDS_REQUESTED" },
11793 { 0xC0000083, "STATUS_GUIDS_EXHAUSTED" },
11794 { 0xC0000084, "STATUS_INVALID_ID_AUTHORITY" },
11795 { 0xC0000085, "STATUS_AGENTS_EXHAUSTED" },
11796 { 0xC0000086, "STATUS_INVALID_VOLUME_LABEL" },
11797 { 0xC0000087, "STATUS_SECTION_NOT_EXTENDED" },
11798 { 0xC0000088, "STATUS_NOT_MAPPED_DATA" },
11799 { 0xC0000089, "STATUS_RESOURCE_DATA_NOT_FOUND" },
11800 { 0xC000008A, "STATUS_RESOURCE_TYPE_NOT_FOUND" },
11801 { 0xC000008B, "STATUS_RESOURCE_NAME_NOT_FOUND" },
11802 { 0xC000008C, "STATUS_ARRAY_BOUNDS_EXCEEDED" },
11803 { 0xC000008D, "STATUS_FLOAT_DENORMAL_OPERAND" },
11804 { 0xC000008E, "STATUS_FLOAT_DIVIDE_BY_ZERO" },
11805 { 0xC000008F, "STATUS_FLOAT_INEXACT_RESULT" },
11806 { 0xC0000090, "STATUS_FLOAT_INVALID_OPERATION" },
11807 { 0xC0000091, "STATUS_FLOAT_OVERFLOW" },
11808 { 0xC0000092, "STATUS_FLOAT_STACK_CHECK" },
11809 { 0xC0000093, "STATUS_FLOAT_UNDERFLOW" },
11810 { 0xC0000094, "STATUS_INTEGER_DIVIDE_BY_ZERO" },
11811 { 0xC0000095, "STATUS_INTEGER_OVERFLOW" },
11812 { 0xC0000096, "STATUS_PRIVILEGED_INSTRUCTION" },
11813 { 0xC0000097, "STATUS_TOO_MANY_PAGING_FILES" },
11814 { 0xC0000098, "STATUS_FILE_INVALID" },
11815 { 0xC0000099, "STATUS_ALLOTTED_SPACE_EXCEEDED" },
11816 { 0xC000009A, "STATUS_INSUFFICIENT_RESOURCES" },
11817 { 0xC000009B, "STATUS_DFS_EXIT_PATH_FOUND" },
11818 { 0xC000009C, "STATUS_DEVICE_DATA_ERROR" },
11819 { 0xC000009D, "STATUS_DEVICE_NOT_CONNECTED" },
11820 { 0xC000009E, "STATUS_DEVICE_POWER_FAILURE" },
11821 { 0xC000009F, "STATUS_FREE_VM_NOT_AT_BASE" },
11822 { 0xC00000A0, "STATUS_MEMORY_NOT_ALLOCATED" },
11823 { 0xC00000A1, "STATUS_WORKING_SET_QUOTA" },
11824 { 0xC00000A2, "STATUS_MEDIA_WRITE_PROTECTED" },
11825 { 0xC00000A3, "STATUS_DEVICE_NOT_READY" },
11826 { 0xC00000A4, "STATUS_INVALID_GROUP_ATTRIBUTES" },
11827 { 0xC00000A5, "STATUS_BAD_IMPERSONATION_LEVEL" },
11828 { 0xC00000A6, "STATUS_CANT_OPEN_ANONYMOUS" },
11829 { 0xC00000A7, "STATUS_BAD_VALIDATION_CLASS" },
11830 { 0xC00000A8, "STATUS_BAD_TOKEN_TYPE" },
11831 { 0xC00000A9, "STATUS_BAD_MASTER_BOOT_RECORD" },
11832 { 0xC00000AA, "STATUS_INSTRUCTION_MISALIGNMENT" },
11833 { 0xC00000AB, "STATUS_INSTANCE_NOT_AVAILABLE" },
11834 { 0xC00000AC, "STATUS_PIPE_NOT_AVAILABLE" },
11835 { 0xC00000AD, "STATUS_INVALID_PIPE_STATE" },
11836 { 0xC00000AE, "STATUS_PIPE_BUSY" },
11837 { 0xC00000AF, "STATUS_ILLEGAL_FUNCTION" },
11838 { 0xC00000B0, "STATUS_PIPE_DISCONNECTED" },
11839 { 0xC00000B1, "STATUS_PIPE_CLOSING" },
11840 { 0xC00000B2, "STATUS_PIPE_CONNECTED" },
11841 { 0xC00000B3, "STATUS_PIPE_LISTENING" },
11842 { 0xC00000B4, "STATUS_INVALID_READ_MODE" },
11843 { 0xC00000B5, "STATUS_IO_TIMEOUT" },
11844 { 0xC00000B6, "STATUS_FILE_FORCED_CLOSED" },
11845 { 0xC00000B7, "STATUS_PROFILING_NOT_STARTED" },
11846 { 0xC00000B8, "STATUS_PROFILING_NOT_STOPPED" },
11847 { 0xC00000B9, "STATUS_COULD_NOT_INTERPRET" },
11848 { 0xC00000BA, "STATUS_FILE_IS_A_DIRECTORY" },
11849 { 0xC00000BB, "STATUS_NOT_SUPPORTED" },
11850 { 0xC00000BC, "STATUS_REMOTE_NOT_LISTENING" },
11851 { 0xC00000BD, "STATUS_DUPLICATE_NAME" },
11852 { 0xC00000BE, "STATUS_BAD_NETWORK_PATH" },
11853 { 0xC00000BF, "STATUS_NETWORK_BUSY" },
11854 { 0xC00000C0, "STATUS_DEVICE_DOES_NOT_EXIST" },
11855 { 0xC00000C1, "STATUS_TOO_MANY_COMMANDS" },
11856 { 0xC00000C2, "STATUS_ADAPTER_HARDWARE_ERROR" },
11857 { 0xC00000C3, "STATUS_INVALID_NETWORK_RESPONSE" },
11858 { 0xC00000C4, "STATUS_UNEXPECTED_NETWORK_ERROR" },
11859 { 0xC00000C5, "STATUS_BAD_REMOTE_ADAPTER" },
11860 { 0xC00000C6, "STATUS_PRINT_QUEUE_FULL" },
11861 { 0xC00000C7, "STATUS_NO_SPOOL_SPACE" },
11862 { 0xC00000C8, "STATUS_PRINT_CANCELLED" },
11863 { 0xC00000C9, "STATUS_NETWORK_NAME_DELETED" },
11864 { 0xC00000CA, "STATUS_NETWORK_ACCESS_DENIED" },
11865 { 0xC00000CB, "STATUS_BAD_DEVICE_TYPE" },
11866 { 0xC00000CC, "STATUS_BAD_NETWORK_NAME" },
11867 { 0xC00000CD, "STATUS_TOO_MANY_NAMES" },
11868 { 0xC00000CE, "STATUS_TOO_MANY_SESSIONS" },
11869 { 0xC00000CF, "STATUS_SHARING_PAUSED" },
11870 { 0xC00000D0, "STATUS_REQUEST_NOT_ACCEPTED" },
11871 { 0xC00000D1, "STATUS_REDIRECTOR_PAUSED" },
11872 { 0xC00000D2, "STATUS_NET_WRITE_FAULT" },
11873 { 0xC00000D3, "STATUS_PROFILING_AT_LIMIT" },
11874 { 0xC00000D4, "STATUS_NOT_SAME_DEVICE" },
11875 { 0xC00000D5, "STATUS_FILE_RENAMED" },
11876 { 0xC00000D6, "STATUS_VIRTUAL_CIRCUIT_CLOSED" },
11877 { 0xC00000D7, "STATUS_NO_SECURITY_ON_OBJECT" },
11878 { 0xC00000D8, "STATUS_CANT_WAIT" },
11879 { 0xC00000D9, "STATUS_PIPE_EMPTY" },
11880 { 0xC00000DA, "STATUS_CANT_ACCESS_DOMAIN_INFO" },
11881 { 0xC00000DB, "STATUS_CANT_TERMINATE_SELF" },
11882 { 0xC00000DC, "STATUS_INVALID_SERVER_STATE" },
11883 { 0xC00000DD, "STATUS_INVALID_DOMAIN_STATE" },
11884 { 0xC00000DE, "STATUS_INVALID_DOMAIN_ROLE" },
11885 { 0xC00000DF, "STATUS_NO_SUCH_DOMAIN" },
11886 { 0xC00000E0, "STATUS_DOMAIN_EXISTS" },
11887 { 0xC00000E1, "STATUS_DOMAIN_LIMIT_EXCEEDED" },
11888 { 0xC00000E2, "STATUS_OPLOCK_NOT_GRANTED" },
11889 { 0xC00000E3, "STATUS_INVALID_OPLOCK_PROTOCOL" },
11890 { 0xC00000E4, "STATUS_INTERNAL_DB_CORRUPTION" },
11891 { 0xC00000E5, "STATUS_INTERNAL_ERROR" },
11892 { 0xC00000E6, "STATUS_GENERIC_NOT_MAPPED" },
11893 { 0xC00000E7, "STATUS_BAD_DESCRIPTOR_FORMAT" },
11894 { 0xC00000E8, "STATUS_INVALID_USER_BUFFER" },
11895 { 0xC00000E9, "STATUS_UNEXPECTED_IO_ERROR" },
11896 { 0xC00000EA, "STATUS_UNEXPECTED_MM_CREATE_ERR" },
11897 { 0xC00000EB, "STATUS_UNEXPECTED_MM_MAP_ERROR" },
11898 { 0xC00000EC, "STATUS_UNEXPECTED_MM_EXTEND_ERR" },
11899 { 0xC00000ED, "STATUS_NOT_LOGON_PROCESS" },
11900 { 0xC00000EE, "STATUS_LOGON_SESSION_EXISTS" },
11901 { 0xC00000EF, "STATUS_INVALID_PARAMETER_1" },
11902 { 0xC00000F0, "STATUS_INVALID_PARAMETER_2" },
11903 { 0xC00000F1, "STATUS_INVALID_PARAMETER_3" },
11904 { 0xC00000F2, "STATUS_INVALID_PARAMETER_4" },
11905 { 0xC00000F3, "STATUS_INVALID_PARAMETER_5" },
11906 { 0xC00000F4, "STATUS_INVALID_PARAMETER_6" },
11907 { 0xC00000F5, "STATUS_INVALID_PARAMETER_7" },
11908 { 0xC00000F6, "STATUS_INVALID_PARAMETER_8" },
11909 { 0xC00000F7, "STATUS_INVALID_PARAMETER_9" },
11910 { 0xC00000F8, "STATUS_INVALID_PARAMETER_10" },
11911 { 0xC00000F9, "STATUS_INVALID_PARAMETER_11" },
11912 { 0xC00000FA, "STATUS_INVALID_PARAMETER_12" },
11913 { 0xC00000FB, "STATUS_REDIRECTOR_NOT_STARTED" },
11914 { 0xC00000FC, "STATUS_REDIRECTOR_STARTED" },
11915 { 0xC00000FD, "STATUS_STACK_OVERFLOW" },
11916 { 0xC00000FE, "STATUS_NO_SUCH_PACKAGE" },
11917 { 0xC00000FF, "STATUS_BAD_FUNCTION_TABLE" },
11918 { 0xC0000100, "STATUS_VARIABLE_NOT_FOUND" },
11919 { 0xC0000101, "STATUS_DIRECTORY_NOT_EMPTY" },
11920 { 0xC0000102, "STATUS_FILE_CORRUPT_ERROR" },
11921 { 0xC0000103, "STATUS_NOT_A_DIRECTORY" },
11922 { 0xC0000104, "STATUS_BAD_LOGON_SESSION_STATE" },
11923 { 0xC0000105, "STATUS_LOGON_SESSION_COLLISION" },
11924 { 0xC0000106, "STATUS_NAME_TOO_LONG" },
11925 { 0xC0000107, "STATUS_FILES_OPEN" },
11926 { 0xC0000108, "STATUS_CONNECTION_IN_USE" },
11927 { 0xC0000109, "STATUS_MESSAGE_NOT_FOUND" },
11928 { 0xC000010A, "STATUS_PROCESS_IS_TERMINATING" },
11929 { 0xC000010B, "STATUS_INVALID_LOGON_TYPE" },
11930 { 0xC000010C, "STATUS_NO_GUID_TRANSLATION" },
11931 { 0xC000010D, "STATUS_CANNOT_IMPERSONATE" },
11932 { 0xC000010E, "STATUS_IMAGE_ALREADY_LOADED" },
11933 { 0xC000010F, "STATUS_ABIOS_NOT_PRESENT" },
11934 { 0xC0000110, "STATUS_ABIOS_LID_NOT_EXIST" },
11935 { 0xC0000111, "STATUS_ABIOS_LID_ALREADY_OWNED" },
11936 { 0xC0000112, "STATUS_ABIOS_NOT_LID_OWNER" },
11937 { 0xC0000113, "STATUS_ABIOS_INVALID_COMMAND" },
11938 { 0xC0000114, "STATUS_ABIOS_INVALID_LID" },
11939 { 0xC0000115, "STATUS_ABIOS_SELECTOR_NOT_AVAILABLE" },
11940 { 0xC0000116, "STATUS_ABIOS_INVALID_SELECTOR" },
11941 { 0xC0000117, "STATUS_NO_LDT" },
11942 { 0xC0000118, "STATUS_INVALID_LDT_SIZE" },
11943 { 0xC0000119, "STATUS_INVALID_LDT_OFFSET" },
11944 { 0xC000011A, "STATUS_INVALID_LDT_DESCRIPTOR" },
11945 { 0xC000011B, "STATUS_INVALID_IMAGE_NE_FORMAT" },
11946 { 0xC000011C, "STATUS_RXACT_INVALID_STATE" },
11947 { 0xC000011D, "STATUS_RXACT_COMMIT_FAILURE" },
11948 { 0xC000011E, "STATUS_MAPPED_FILE_SIZE_ZERO" },
11949 { 0xC000011F, "STATUS_TOO_MANY_OPENED_FILES" },
11950 { 0xC0000120, "STATUS_CANCELLED" },
11951 { 0xC0000121, "STATUS_CANNOT_DELETE" },
11952 { 0xC0000122, "STATUS_INVALID_COMPUTER_NAME" },
11953 { 0xC0000123, "STATUS_FILE_DELETED" },
11954 { 0xC0000124, "STATUS_SPECIAL_ACCOUNT" },
11955 { 0xC0000125, "STATUS_SPECIAL_GROUP" },
11956 { 0xC0000126, "STATUS_SPECIAL_USER" },
11957 { 0xC0000127, "STATUS_MEMBERS_PRIMARY_GROUP" },
11958 { 0xC0000128, "STATUS_FILE_CLOSED" },
11959 { 0xC0000129, "STATUS_TOO_MANY_THREADS" },
11960 { 0xC000012A, "STATUS_THREAD_NOT_IN_PROCESS" },
11961 { 0xC000012B, "STATUS_TOKEN_ALREADY_IN_USE" },
11962 { 0xC000012C, "STATUS_PAGEFILE_QUOTA_EXCEEDED" },
11963 { 0xC000012D, "STATUS_COMMITMENT_LIMIT" },
11964 { 0xC000012E, "STATUS_INVALID_IMAGE_LE_FORMAT" },
11965 { 0xC000012F, "STATUS_INVALID_IMAGE_NOT_MZ" },
11966 { 0xC0000130, "STATUS_INVALID_IMAGE_PROTECT" },
11967 { 0xC0000131, "STATUS_INVALID_IMAGE_WIN_16" },
11968 { 0xC0000132, "STATUS_LOGON_SERVER_CONFLICT" },
11969 { 0xC0000133, "STATUS_TIME_DIFFERENCE_AT_DC" },
11970 { 0xC0000134, "STATUS_SYNCHRONIZATION_REQUIRED" },
11971 { 0xC0000135, "STATUS_DLL_NOT_FOUND" },
11972 { 0xC0000136, "STATUS_OPEN_FAILED" },
11973 { 0xC0000137, "STATUS_IO_PRIVILEGE_FAILED" },
11974 { 0xC0000138, "STATUS_ORDINAL_NOT_FOUND" },
11975 { 0xC0000139, "STATUS_ENTRYPOINT_NOT_FOUND" },
11976 { 0xC000013A, "STATUS_CONTROL_C_EXIT" },
11977 { 0xC000013B, "STATUS_LOCAL_DISCONNECT" },
11978 { 0xC000013C, "STATUS_REMOTE_DISCONNECT" },
11979 { 0xC000013D, "STATUS_REMOTE_RESOURCES" },
11980 { 0xC000013E, "STATUS_LINK_FAILED" },
11981 { 0xC000013F, "STATUS_LINK_TIMEOUT" },
11982 { 0xC0000140, "STATUS_INVALID_CONNECTION" },
11983 { 0xC0000141, "STATUS_INVALID_ADDRESS" },
11984 { 0xC0000142, "STATUS_DLL_INIT_FAILED" },
11985 { 0xC0000143, "STATUS_MISSING_SYSTEMFILE" },
11986 { 0xC0000144, "STATUS_UNHANDLED_EXCEPTION" },
11987 { 0xC0000145, "STATUS_APP_INIT_FAILURE" },
11988 { 0xC0000146, "STATUS_PAGEFILE_CREATE_FAILED" },
11989 { 0xC0000147, "STATUS_NO_PAGEFILE" },
11990 { 0xC0000148, "STATUS_INVALID_LEVEL" },
11991 { 0xC0000149, "STATUS_WRONG_PASSWORD_CORE" },
11992 { 0xC000014A, "STATUS_ILLEGAL_FLOAT_CONTEXT" },
11993 { 0xC000014B, "STATUS_PIPE_BROKEN" },
11994 { 0xC000014C, "STATUS_REGISTRY_CORRUPT" },
11995 { 0xC000014D, "STATUS_REGISTRY_IO_FAILED" },
11996 { 0xC000014E, "STATUS_NO_EVENT_PAIR" },
11997 { 0xC000014F, "STATUS_UNRECOGNIZED_VOLUME" },
11998 { 0xC0000150, "STATUS_SERIAL_NO_DEVICE_INITED" },
11999 { 0xC0000151, "STATUS_NO_SUCH_ALIAS" },
12000 { 0xC0000152, "STATUS_MEMBER_NOT_IN_ALIAS" },
12001 { 0xC0000153, "STATUS_MEMBER_IN_ALIAS" },
12002 { 0xC0000154, "STATUS_ALIAS_EXISTS" },
12003 { 0xC0000155, "STATUS_LOGON_NOT_GRANTED" },
12004 { 0xC0000156, "STATUS_TOO_MANY_SECRETS" },
12005 { 0xC0000157, "STATUS_SECRET_TOO_LONG" },
12006 { 0xC0000158, "STATUS_INTERNAL_DB_ERROR" },
12007 { 0xC0000159, "STATUS_FULLSCREEN_MODE" },
12008 { 0xC000015A, "STATUS_TOO_MANY_CONTEXT_IDS" },
12009 { 0xC000015B, "STATUS_LOGON_TYPE_NOT_GRANTED" },
12010 { 0xC000015C, "STATUS_NOT_REGISTRY_FILE" },
12011 { 0xC000015D, "STATUS_NT_CROSS_ENCRYPTION_REQUIRED" },
12012 { 0xC000015E, "STATUS_DOMAIN_CTRLR_CONFIG_ERROR" },
12013 { 0xC000015F, "STATUS_FT_MISSING_MEMBER" },
12014 { 0xC0000160, "STATUS_ILL_FORMED_SERVICE_ENTRY" },
12015 { 0xC0000161, "STATUS_ILLEGAL_CHARACTER" },
12016 { 0xC0000162, "STATUS_UNMAPPABLE_CHARACTER" },
12017 { 0xC0000163, "STATUS_UNDEFINED_CHARACTER" },
12018 { 0xC0000164, "STATUS_FLOPPY_VOLUME" },
12019 { 0xC0000165, "STATUS_FLOPPY_ID_MARK_NOT_FOUND" },
12020 { 0xC0000166, "STATUS_FLOPPY_WRONG_CYLINDER" },
12021 { 0xC0000167, "STATUS_FLOPPY_UNKNOWN_ERROR" },
12022 { 0xC0000168, "STATUS_FLOPPY_BAD_REGISTERS" },
12023 { 0xC0000169, "STATUS_DISK_RECALIBRATE_FAILED" },
12024 { 0xC000016A, "STATUS_DISK_OPERATION_FAILED" },
12025 { 0xC000016B, "STATUS_DISK_RESET_FAILED" },
12026 { 0xC000016C, "STATUS_SHARED_IRQ_BUSY" },
12027 { 0xC000016D, "STATUS_FT_ORPHANING" },
12028 { 0xC000016E, "STATUS_BIOS_FAILED_TO_CONNECT_INTERRUPT" },
12029 { 0xC0000172, "STATUS_PARTITION_FAILURE" },
12030 { 0xC0000173, "STATUS_INVALID_BLOCK_LENGTH" },
12031 { 0xC0000174, "STATUS_DEVICE_NOT_PARTITIONED" },
12032 { 0xC0000175, "STATUS_UNABLE_TO_LOCK_MEDIA" },
12033 { 0xC0000176, "STATUS_UNABLE_TO_UNLOAD_MEDIA" },
12034 { 0xC0000177, "STATUS_EOM_OVERFLOW" },
12035 { 0xC0000178, "STATUS_NO_MEDIA" },
12036 { 0xC000017A, "STATUS_NO_SUCH_MEMBER" },
12037 { 0xC000017B, "STATUS_INVALID_MEMBER" },
12038 { 0xC000017C, "STATUS_KEY_DELETED" },
12039 { 0xC000017D, "STATUS_NO_LOG_SPACE" },
12040 { 0xC000017E, "STATUS_TOO_MANY_SIDS" },
12041 { 0xC000017F, "STATUS_LM_CROSS_ENCRYPTION_REQUIRED" },
12042 { 0xC0000180, "STATUS_KEY_HAS_CHILDREN" },
12043 { 0xC0000181, "STATUS_CHILD_MUST_BE_VOLATILE" },
12044 { 0xC0000182, "STATUS_DEVICE_CONFIGURATION_ERROR" },
12045 { 0xC0000183, "STATUS_DRIVER_INTERNAL_ERROR" },
12046 { 0xC0000184, "STATUS_INVALID_DEVICE_STATE" },
12047 { 0xC0000185, "STATUS_IO_DEVICE_ERROR" },
12048 { 0xC0000186, "STATUS_DEVICE_PROTOCOL_ERROR" },
12049 { 0xC0000187, "STATUS_BACKUP_CONTROLLER" },
12050 { 0xC0000188, "STATUS_LOG_FILE_FULL" },
12051 { 0xC0000189, "STATUS_TOO_LATE" },
12052 { 0xC000018A, "STATUS_NO_TRUST_LSA_SECRET" },
12053 { 0xC000018B, "STATUS_NO_TRUST_SAM_ACCOUNT" },
12054 { 0xC000018C, "STATUS_TRUSTED_DOMAIN_FAILURE" },
12055 { 0xC000018D, "STATUS_TRUSTED_RELATIONSHIP_FAILURE" },
12056 { 0xC000018E, "STATUS_EVENTLOG_FILE_CORRUPT" },
12057 { 0xC000018F, "STATUS_EVENTLOG_CANT_START" },
12058 { 0xC0000190, "STATUS_TRUST_FAILURE" },
12059 { 0xC0000191, "STATUS_MUTANT_LIMIT_EXCEEDED" },
12060 { 0xC0000192, "STATUS_NETLOGON_NOT_STARTED" },
12061 { 0xC0000193, "STATUS_ACCOUNT_EXPIRED" },
12062 { 0xC0000194, "STATUS_POSSIBLE_DEADLOCK" },
12063 { 0xC0000195, "STATUS_NETWORK_CREDENTIAL_CONFLICT" },
12064 { 0xC0000196, "STATUS_REMOTE_SESSION_LIMIT" },
12065 { 0xC0000197, "STATUS_EVENTLOG_FILE_CHANGED" },
12066 { 0xC0000198, "STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT" },
12067 { 0xC0000199, "STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT" },
12068 { 0xC000019A, "STATUS_NOLOGON_SERVER_TRUST_ACCOUNT" },
12069 { 0xC000019B, "STATUS_DOMAIN_TRUST_INCONSISTENT" },
12070 { 0xC000019C, "STATUS_FS_DRIVER_REQUIRED" },
12071 { 0xC0000202, "STATUS_NO_USER_SESSION_KEY" },
12072 { 0xC0000203, "STATUS_USER_SESSION_DELETED" },
12073 { 0xC0000204, "STATUS_RESOURCE_LANG_NOT_FOUND" },
12074 { 0xC0000205, "STATUS_INSUFF_SERVER_RESOURCES" },
12075 { 0xC0000206, "STATUS_INVALID_BUFFER_SIZE" },
12076 { 0xC0000207, "STATUS_INVALID_ADDRESS_COMPONENT" },
12077 { 0xC0000208, "STATUS_INVALID_ADDRESS_WILDCARD" },
12078 { 0xC0000209, "STATUS_TOO_MANY_ADDRESSES" },
12079 { 0xC000020A, "STATUS_ADDRESS_ALREADY_EXISTS" },
12080 { 0xC000020B, "STATUS_ADDRESS_CLOSED" },
12081 { 0xC000020C, "STATUS_CONNECTION_DISCONNECTED" },
12082 { 0xC000020D, "STATUS_CONNECTION_RESET" },
12083 { 0xC000020E, "STATUS_TOO_MANY_NODES" },
12084 { 0xC000020F, "STATUS_TRANSACTION_ABORTED" },
12085 { 0xC0000210, "STATUS_TRANSACTION_TIMED_OUT" },
12086 { 0xC0000211, "STATUS_TRANSACTION_NO_RELEASE" },
12087 { 0xC0000212, "STATUS_TRANSACTION_NO_MATCH" },
12088 { 0xC0000213, "STATUS_TRANSACTION_RESPONDED" },
12089 { 0xC0000214, "STATUS_TRANSACTION_INVALID_ID" },
12090 { 0xC0000215, "STATUS_TRANSACTION_INVALID_TYPE" },
12091 { 0xC0000216, "STATUS_NOT_SERVER_SESSION" },
12092 { 0xC0000217, "STATUS_NOT_CLIENT_SESSION" },
12093 { 0xC0000218, "STATUS_CANNOT_LOAD_REGISTRY_FILE" },
12094 { 0xC0000219, "STATUS_DEBUG_ATTACH_FAILED" },
12095 { 0xC000021A, "STATUS_SYSTEM_PROCESS_TERMINATED" },
12096 { 0xC000021B, "STATUS_DATA_NOT_ACCEPTED" },
12097 { 0xC000021C, "STATUS_NO_BROWSER_SERVERS_FOUND" },
12098 { 0xC000021D, "STATUS_VDM_HARD_ERROR" },
12099 { 0xC000021E, "STATUS_DRIVER_CANCEL_TIMEOUT" },
12100 { 0xC000021F, "STATUS_REPLY_MESSAGE_MISMATCH" },
12101 { 0xC0000220, "STATUS_MAPPED_ALIGNMENT" },
12102 { 0xC0000221, "STATUS_IMAGE_CHECKSUM_MISMATCH" },
12103 { 0xC0000222, "STATUS_LOST_WRITEBEHIND_DATA" },
12104 { 0xC0000223, "STATUS_CLIENT_SERVER_PARAMETERS_INVALID" },
12105 { 0xC0000224, "STATUS_PASSWORD_MUST_CHANGE" },
12106 { 0xC0000225, "STATUS_NOT_FOUND" },
12107 { 0xC0000226, "STATUS_NOT_TINY_STREAM" },
12108 { 0xC0000227, "STATUS_RECOVERY_FAILURE" },
12109 { 0xC0000228, "STATUS_STACK_OVERFLOW_READ" },
12110 { 0xC0000229, "STATUS_FAIL_CHECK" },
12111 { 0xC000022A, "STATUS_DUPLICATE_OBJECTID" },
12112 { 0xC000022B, "STATUS_OBJECTID_EXISTS" },
12113 { 0xC000022C, "STATUS_CONVERT_TO_LARGE" },
12114 { 0xC000022D, "STATUS_RETRY" },
12115 { 0xC000022E, "STATUS_FOUND_OUT_OF_SCOPE" },
12116 { 0xC000022F, "STATUS_ALLOCATE_BUCKET" },
12117 { 0xC0000230, "STATUS_PROPSET_NOT_FOUND" },
12118 { 0xC0000231, "STATUS_MARSHALL_OVERFLOW" },
12119 { 0xC0000232, "STATUS_INVALID_VARIANT" },
12120 { 0xC0000233, "STATUS_DOMAIN_CONTROLLER_NOT_FOUND" },
12121 { 0xC0000234, "STATUS_ACCOUNT_LOCKED_OUT" },
12122 { 0xC0000235, "STATUS_HANDLE_NOT_CLOSABLE" },
12123 { 0xC0000236, "STATUS_CONNECTION_REFUSED" },
12124 { 0xC0000237, "STATUS_GRACEFUL_DISCONNECT" },
12125 { 0xC0000238, "STATUS_ADDRESS_ALREADY_ASSOCIATED" },
12126 { 0xC0000239, "STATUS_ADDRESS_NOT_ASSOCIATED" },
12127 { 0xC000023A, "STATUS_CONNECTION_INVALID" },
12128 { 0xC000023B, "STATUS_CONNECTION_ACTIVE" },
12129 { 0xC000023C, "STATUS_NETWORK_UNREACHABLE" },
12130 { 0xC000023D, "STATUS_HOST_UNREACHABLE" },
12131 { 0xC000023E, "STATUS_PROTOCOL_UNREACHABLE" },
12132 { 0xC000023F, "STATUS_PORT_UNREACHABLE" },
12133 { 0xC0000240, "STATUS_REQUEST_ABORTED" },
12134 { 0xC0000241, "STATUS_CONNECTION_ABORTED" },
12135 { 0xC0000242, "STATUS_BAD_COMPRESSION_BUFFER" },
12136 { 0xC0000243, "STATUS_USER_MAPPED_FILE" },
12137 { 0xC0000244, "STATUS_AUDIT_FAILED" },
12138 { 0xC0000245, "STATUS_TIMER_RESOLUTION_NOT_SET" },
12139 { 0xC0000246, "STATUS_CONNECTION_COUNT_LIMIT" },
12140 { 0xC0000247, "STATUS_LOGIN_TIME_RESTRICTION" },
12141 { 0xC0000248, "STATUS_LOGIN_WKSTA_RESTRICTION" },
12142 { 0xC0000249, "STATUS_IMAGE_MP_UP_MISMATCH" },
12143 { 0xC0000250, "STATUS_INSUFFICIENT_LOGON_INFO" },
12144 { 0xC0000251, "STATUS_BAD_DLL_ENTRYPOINT" },
12145 { 0xC0000252, "STATUS_BAD_SERVICE_ENTRYPOINT" },
12146 { 0xC0000253, "STATUS_LPC_REPLY_LOST" },
12147 { 0xC0000254, "STATUS_IP_ADDRESS_CONFLICT1" },
12148 { 0xC0000255, "STATUS_IP_ADDRESS_CONFLICT2" },
12149 { 0xC0000256, "STATUS_REGISTRY_QUOTA_LIMIT" },
12150 { 0xC0000257, "STATUS_PATH_NOT_COVERED" },
12151 { 0xC0000258, "STATUS_NO_CALLBACK_ACTIVE" },
12152 { 0xC0000259, "STATUS_LICENSE_QUOTA_EXCEEDED" },
12153 { 0xC000025A, "STATUS_PWD_TOO_SHORT" },
12154 { 0xC000025B, "STATUS_PWD_TOO_RECENT" },
12155 { 0xC000025C, "STATUS_PWD_HISTORY_CONFLICT" },
12156 { 0xC000025E, "STATUS_PLUGPLAY_NO_DEVICE" },
12157 { 0xC000025F, "STATUS_UNSUPPORTED_COMPRESSION" },
12158 { 0xC0000260, "STATUS_INVALID_HW_PROFILE" },
12159 { 0xC0000261, "STATUS_INVALID_PLUGPLAY_DEVICE_PATH" },
12160 { 0xC0000262, "STATUS_DRIVER_ORDINAL_NOT_FOUND" },
12161 { 0xC0000263, "STATUS_DRIVER_ENTRYPOINT_NOT_FOUND" },
12162 { 0xC0000264, "STATUS_RESOURCE_NOT_OWNED" },
12163 { 0xC0000265, "STATUS_TOO_MANY_LINKS" },
12164 { 0xC0000266, "STATUS_QUOTA_LIST_INCONSISTENT" },
12165 { 0xC0000267, "STATUS_FILE_IS_OFFLINE" },
12166 { 0xC0000268, "STATUS_EVALUATION_EXPIRATION" },
12167 { 0xC0000269, "STATUS_ILLEGAL_DLL_RELOCATION" },
12168 { 0xC000026A, "STATUS_LICENSE_VIOLATION" },
12169 { 0xC000026B, "STATUS_DLL_INIT_FAILED_LOGOFF" },
12170 { 0xC000026C, "STATUS_DRIVER_UNABLE_TO_LOAD" },
12171 { 0xC000026D, "STATUS_DFS_UNAVAILABLE" },
12172 { 0xC000026E, "STATUS_VOLUME_DISMOUNTED" },
12173 { 0xC000026F, "STATUS_WX86_INTERNAL_ERROR" },
12174 { 0xC0000270, "STATUS_WX86_FLOAT_STACK_CHECK" },
12175 { 0xC0009898, "STATUS_WOW_ASSERTION" },
12176 { 0xC0020001, "RPC_NT_INVALID_STRING_BINDING" },
12177 { 0xC0020002, "RPC_NT_WRONG_KIND_OF_BINDING" },
12178 { 0xC0020003, "RPC_NT_INVALID_BINDING" },
12179 { 0xC0020004, "RPC_NT_PROTSEQ_NOT_SUPPORTED" },
12180 { 0xC0020005, "RPC_NT_INVALID_RPC_PROTSEQ" },
12181 { 0xC0020006, "RPC_NT_INVALID_STRING_UUID" },
12182 { 0xC0020007, "RPC_NT_INVALID_ENDPOINT_FORMAT" },
12183 { 0xC0020008, "RPC_NT_INVALID_NET_ADDR" },
12184 { 0xC0020009, "RPC_NT_NO_ENDPOINT_FOUND" },
12185 { 0xC002000A, "RPC_NT_INVALID_TIMEOUT" },
12186 { 0xC002000B, "RPC_NT_OBJECT_NOT_FOUND" },
12187 { 0xC002000C, "RPC_NT_ALREADY_REGISTERED" },
12188 { 0xC002000D, "RPC_NT_TYPE_ALREADY_REGISTERED" },
12189 { 0xC002000E, "RPC_NT_ALREADY_LISTENING" },
12190 { 0xC002000F, "RPC_NT_NO_PROTSEQS_REGISTERED" },
12191 { 0xC0020010, "RPC_NT_NOT_LISTENING" },
12192 { 0xC0020011, "RPC_NT_UNKNOWN_MGR_TYPE" },
12193 { 0xC0020012, "RPC_NT_UNKNOWN_IF" },
12194 { 0xC0020013, "RPC_NT_NO_BINDINGS" },
12195 { 0xC0020014, "RPC_NT_NO_PROTSEQS" },
12196 { 0xC0020015, "RPC_NT_CANT_CREATE_ENDPOINT" },
12197 { 0xC0020016, "RPC_NT_OUT_OF_RESOURCES" },
12198 { 0xC0020017, "RPC_NT_SERVER_UNAVAILABLE" },
12199 { 0xC0020018, "RPC_NT_SERVER_TOO_BUSY" },
12200 { 0xC0020019, "RPC_NT_INVALID_NETWORK_OPTIONS" },
12201 { 0xC002001A, "RPC_NT_NO_CALL_ACTIVE" },
12202 { 0xC002001B, "RPC_NT_CALL_FAILED" },
12203 { 0xC002001C, "RPC_NT_CALL_FAILED_DNE" },
12204 { 0xC002001D, "RPC_NT_PROTOCOL_ERROR" },
12205 { 0xC002001F, "RPC_NT_UNSUPPORTED_TRANS_SYN" },
12206 { 0xC0020021, "RPC_NT_UNSUPPORTED_TYPE" },
12207 { 0xC0020022, "RPC_NT_INVALID_TAG" },
12208 { 0xC0020023, "RPC_NT_INVALID_BOUND" },
12209 { 0xC0020024, "RPC_NT_NO_ENTRY_NAME" },
12210 { 0xC0020025, "RPC_NT_INVALID_NAME_SYNTAX" },
12211 { 0xC0020026, "RPC_NT_UNSUPPORTED_NAME_SYNTAX" },
12212 { 0xC0020028, "RPC_NT_UUID_NO_ADDRESS" },
12213 { 0xC0020029, "RPC_NT_DUPLICATE_ENDPOINT" },
12214 { 0xC002002A, "RPC_NT_UNKNOWN_AUTHN_TYPE" },
12215 { 0xC002002B, "RPC_NT_MAX_CALLS_TOO_SMALL" },
12216 { 0xC002002C, "RPC_NT_STRING_TOO_LONG" },
12217 { 0xC002002D, "RPC_NT_PROTSEQ_NOT_FOUND" },
12218 { 0xC002002E, "RPC_NT_PROCNUM_OUT_OF_RANGE" },
12219 { 0xC002002F, "RPC_NT_BINDING_HAS_NO_AUTH" },
12220 { 0xC0020030, "RPC_NT_UNKNOWN_AUTHN_SERVICE" },
12221 { 0xC0020031, "RPC_NT_UNKNOWN_AUTHN_LEVEL" },
12222 { 0xC0020032, "RPC_NT_INVALID_AUTH_IDENTITY" },
12223 { 0xC0020033, "RPC_NT_UNKNOWN_AUTHZ_SERVICE" },
12224 { 0xC0020034, "EPT_NT_INVALID_ENTRY" },
12225 { 0xC0020035, "EPT_NT_CANT_PERFORM_OP" },
12226 { 0xC0020036, "EPT_NT_NOT_REGISTERED" },
12227 { 0xC0020037, "RPC_NT_NOTHING_TO_EXPORT" },
12228 { 0xC0020038, "RPC_NT_INCOMPLETE_NAME" },
12229 { 0xC0020039, "RPC_NT_INVALID_VERS_OPTION" },
12230 { 0xC002003A, "RPC_NT_NO_MORE_MEMBERS" },
12231 { 0xC002003B, "RPC_NT_NOT_ALL_OBJS_UNEXPORTED" },
12232 { 0xC002003C, "RPC_NT_INTERFACE_NOT_FOUND" },
12233 { 0xC002003D, "RPC_NT_ENTRY_ALREADY_EXISTS" },
12234 { 0xC002003E, "RPC_NT_ENTRY_NOT_FOUND" },
12235 { 0xC002003F, "RPC_NT_NAME_SERVICE_UNAVAILABLE" },
12236 { 0xC0020040, "RPC_NT_INVALID_NAF_ID" },
12237 { 0xC0020041, "RPC_NT_CANNOT_SUPPORT" },
12238 { 0xC0020042, "RPC_NT_NO_CONTEXT_AVAILABLE" },
12239 { 0xC0020043, "RPC_NT_INTERNAL_ERROR" },
12240 { 0xC0020044, "RPC_NT_ZERO_DIVIDE" },
12241 { 0xC0020045, "RPC_NT_ADDRESS_ERROR" },
12242 { 0xC0020046, "RPC_NT_FP_DIV_ZERO" },
12243 { 0xC0020047, "RPC_NT_FP_UNDERFLOW" },
12244 { 0xC0020048, "RPC_NT_FP_OVERFLOW" },
12245 { 0xC0030001, "RPC_NT_NO_MORE_ENTRIES" },
12246 { 0xC0030002, "RPC_NT_SS_CHAR_TRANS_OPEN_FAIL" },
12247 { 0xC0030003, "RPC_NT_SS_CHAR_TRANS_SHORT_FILE" },
12248 { 0xC0030004, "RPC_NT_SS_IN_NULL_CONTEXT" },
12249 { 0xC0030005, "RPC_NT_SS_CONTEXT_MISMATCH" },
12250 { 0xC0030006, "RPC_NT_SS_CONTEXT_DAMAGED" },
12251 { 0xC0030007, "RPC_NT_SS_HANDLES_MISMATCH" },
12252 { 0xC0030008, "RPC_NT_SS_CANNOT_GET_CALL_HANDLE" },
12253 { 0xC0030009, "RPC_NT_NULL_REF_POINTER" },
12254 { 0xC003000A, "RPC_NT_ENUM_VALUE_OUT_OF_RANGE" },
12255 { 0xC003000B, "RPC_NT_BYTE_COUNT_TOO_SMALL" },
12256 { 0xC003000C, "RPC_NT_BAD_STUB_DATA" },
12257 { 0xC0020049, "RPC_NT_CALL_IN_PROGRESS" },
12258 { 0xC002004A, "RPC_NT_NO_MORE_BINDINGS" },
12259 { 0xC002004B, "RPC_NT_GROUP_MEMBER_NOT_FOUND" },
12260 { 0xC002004C, "EPT_NT_CANT_CREATE" },
12261 { 0xC002004D, "RPC_NT_INVALID_OBJECT" },
12262 { 0xC002004F, "RPC_NT_NO_INTERFACES" },
12263 { 0xC0020050, "RPC_NT_CALL_CANCELLED" },
12264 { 0xC0020051, "RPC_NT_BINDING_INCOMPLETE" },
12265 { 0xC0020052, "RPC_NT_COMM_FAILURE" },
12266 { 0xC0020053, "RPC_NT_UNSUPPORTED_AUTHN_LEVEL" },
12267 { 0xC0020054, "RPC_NT_NO_PRINC_NAME" },
12268 { 0xC0020055, "RPC_NT_NOT_RPC_ERROR" },
12269 { 0x40020056, "RPC_NT_UUID_LOCAL_ONLY" },
12270 { 0xC0020057, "RPC_NT_SEC_PKG_ERROR" },
12271 { 0xC0020058, "RPC_NT_NOT_CANCELLED" },
12272 { 0xC0030059, "RPC_NT_INVALID_ES_ACTION" },
12273 { 0xC003005A, "RPC_NT_WRONG_ES_VERSION" },
12274 { 0xC003005B, "RPC_NT_WRONG_STUB_VERSION" },
12275 { 0xC003005C, "RPC_NT_INVALID_PIPE_OBJECT" },
12276 { 0xC003005D, "RPC_NT_INVALID_PIPE_OPERATION" },
12277 { 0xC003005E, "RPC_NT_WRONG_PIPE_VERSION" },
12278 { 0x400200AF, "RPC_NT_SEND_INCOMPLETE" },
12282 #define SMB_FLAGS_DIRN 0x80
12285 dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
12288 struct smb_info si;
12289 static const char smb_signature[4] = { 0xFF, 'S', 'M', 'B' };
12290 proto_tree *smb_tree = tree, *smb_hdr_tree = NULL, *flags_tree, *flags2_tree;
12291 proto_item *ti, *tf, *th;
12292 guint8 cmd, errcls, errcode1, flags;
12293 guint16 flags2, errcode, tid, pid, uid, mid;
12298 /* OK, is this an SMB message? */
12299 if (!tvb_bytes_exist(tvb, 0, 4))
12301 if (memcmp(tvb_get_ptr(tvb, 0, 4), smb_signature, 4) != 0) {
12307 si.unicode = FALSE;
12310 if (check_col(pinfo->fd, COL_PROTOCOL))
12311 col_set_str(pinfo->fd, COL_PROTOCOL, "SMB");
12312 if (check_col(pinfo->fd, COL_INFO))
12313 col_clear(pinfo->fd, COL_INFO);
12315 cmd = tvb_get_guint8(tvb, SMB_hdr_com_offset);
12316 if (check_col(pinfo->fd, COL_INFO)) {
12318 col_add_fstr(pinfo->fd, COL_INFO, "%s", decode_smb_name(cmd));
12324 ti = proto_tree_add_item(tree, proto_smb, tvb, offset, tvb_length(tvb), FALSE);
12325 smb_tree = proto_item_add_subtree(ti, ett_smb);
12327 th = proto_tree_add_text(smb_tree, NullTVB, offset, 32, "SMB Header");
12329 smb_hdr_tree = proto_item_add_subtree(th, ett_smb_hdr);
12331 /* 0xFFSMB is actually a 1 byte msg type and 3 byte server
12332 * component ... SMB is only one used
12335 proto_tree_add_text(smb_hdr_tree, tvb, offset, 1, "Message Type: 0xFF");
12336 proto_tree_add_text(smb_hdr_tree, tvb, offset+1, 3, "Server Component: SMB");
12340 offset += 4; /* Skip the marker */
12344 proto_tree_add_uint(smb_hdr_tree, hf_smb_cmd, tvb, offset, 1, cmd);
12350 /* Get flags2; we need it to know whether the error code is
12351 an NT error code or a DOS error code. */
12353 flags2 = tvb_get_letohs(tvb, 10);
12355 /* Handle error code */
12357 if (flags2 & 0x4000) {
12359 /* handle NT 32 bit error code */
12360 status = tvb_get_letohl(tvb, offset);
12365 * XXX - break the value down into severity code,
12366 * customer code, facility, and error?
12368 proto_tree_add_uint(smb_hdr_tree, hf_smb_status,
12369 tvb, offset, 4, status);
12377 /* handle DOS error code & class */
12379 /* Next, look at the error class, SMB_RETCLASS */
12381 errcls = tvb_get_guint8(tvb, offset);
12385 proto_tree_add_uint(smb_hdr_tree, hf_smb_errcls,
12386 tvb, offset, 1, errcls);
12391 /* Error code, SMB_HEINFO ... */
12393 errcode1 = tvb_get_guint8(tvb, offset);
12397 proto_tree_add_text(smb_hdr_tree, tvb, offset, 1, "Reserved: %i", errcode1);
12403 errcode = tvb_get_letohs(tvb, offset);
12408 * XXX - the type of this field depends on the value of
12409 * "errcls", so there isn't a single value_string array
12410 * for it, so there can't be a single field for it.
12412 proto_tree_add_text(smb_hdr_tree, tvb, offset, 2, "Error Code: %s",
12413 decode_smb_error(errcls, errcode));
12420 /* Now for the flags: Bit 0 = 0 means cmd, 0 = 1 means resp */
12422 flags = tvb_get_guint8(tvb, offset);
12423 si.request = !(flags&SMB_FLAGS_DIRN);
12425 if (check_col(pinfo->fd, COL_INFO)) {
12427 col_append_fstr(pinfo->fd, COL_INFO, " %s", si.request ? "Request" : "Response");
12433 tf = proto_tree_add_uint(smb_hdr_tree, hf_smb_flags, tvb, offset, 1, flags);
12435 flags_tree = proto_item_add_subtree(tf, ett_smb_flags);
12436 proto_tree_add_text(flags_tree, tvb, offset, 1, "%s",
12437 decode_boolean_bitfield(flags, 0x01, 8,
12438 "Lock&Read, Write&Unlock supported",
12439 "Lock&Read, Write&Unlock not supported"));
12440 proto_tree_add_text(flags_tree, tvb, offset, 1, "%s",
12441 decode_boolean_bitfield(flags, 0x02, 8,
12442 "Receive buffer posted",
12443 "Receive buffer not posted"));
12444 proto_tree_add_text(flags_tree, tvb, offset, 1, "%s",
12445 decode_boolean_bitfield(flags, 0x08, 8,
12446 "Path names caseless",
12447 "Path names case sensitive"));
12448 proto_tree_add_text(flags_tree, tvb, offset, 1, "%s",
12449 decode_boolean_bitfield(flags, 0x10, 8,
12450 "Pathnames canonicalized",
12451 "Pathnames not canonicalized"));
12452 proto_tree_add_text(flags_tree, tvb, offset, 1, "%s",
12453 decode_boolean_bitfield(flags, 0x20, 8,
12454 "OpLocks requested/granted",
12455 "OpLocks not requested/granted"));
12456 proto_tree_add_text(flags_tree, tvb, offset, 1, "%s",
12457 decode_boolean_bitfield(flags, 0x40, 8,
12459 "Notify open only"));
12461 proto_tree_add_text(flags_tree, tvb, offset, 1, "%s",
12462 decode_boolean_bitfield(flags, SMB_FLAGS_DIRN,
12463 8, "Response to client/redirector", "Request to server"));
12469 /* Now put flags2 into the tree */
12473 tf = proto_tree_add_uint(smb_hdr_tree, hf_smb_flags2, tvb, offset, 2, flags2);
12475 flags2_tree = proto_item_add_subtree(tf, ett_smb_flags2);
12476 proto_tree_add_text(flags2_tree, tvb, offset, 2, "%s",
12477 decode_boolean_bitfield(flags2, 0x0001, 16,
12478 "Long file names supported",
12479 "Long file names not supported"));
12480 proto_tree_add_text(flags2_tree, tvb, offset, 2, "%s",
12481 decode_boolean_bitfield(flags2, 0x0002, 16,
12482 "Extended attributes supported",
12483 "Extended attributes not supported"));
12484 proto_tree_add_text(flags2_tree, tvb, offset, 1, "%s",
12485 decode_boolean_bitfield(flags2, 0x0004, 16,
12486 "Security signatures supported",
12487 "Security signatures not supported"));
12488 proto_tree_add_text(flags2_tree, tvb, offset, 2, "%s",
12489 decode_boolean_bitfield(flags2, 0x0800, 16,
12490 "Extended security negotiation supported",
12491 "Extended security negotiation not supported"));
12492 proto_tree_add_text(flags2_tree, tvb, offset, 2, "%s",
12493 decode_boolean_bitfield(flags2, 0x1000, 16,
12494 "Resolve pathnames with DFS",
12495 "Don't resolve pathnames with DFS"));
12496 proto_tree_add_text(flags2_tree, tvb, offset, 2, "%s",
12497 decode_boolean_bitfield(flags2, 0x2000, 16,
12498 "Permit reads if execute-only",
12499 "Don't permit reads if execute-only"));
12500 proto_tree_add_text(flags2_tree, tvb, offset, 2, "%s",
12501 decode_boolean_bitfield(flags2, 0x4000, 16,
12502 "Error codes are NT error codes",
12503 "Error codes are DOS error codes"));
12504 proto_tree_add_text(flags2_tree, tvb, offset, 2, "%s",
12505 decode_boolean_bitfield(flags2, 0x8000, 16,
12506 "Strings are Unicode",
12507 "Strings are ASCII"));
12511 if (flags2 & 0x8000) si.unicode = TRUE; /* Mark them as Unicode */
12520 * http://www.samba.org/samba/ftp/specs/smbpub.txt
12522 * (a text version of "Microsoft Networks SMB FILE SHARING
12523 * PROTOCOL, Document Version 6.0p") says that:
12525 * the first 2 bytes of these 12 bytes are, for NT Create and X,
12526 * the "High Part of PID";
12528 * the next four bytes are reserved;
12530 * the next four bytes are, for SMB-over-IPX (with no
12531 * NetBIOS involved) two bytes of Session ID and two bytes
12532 * of SequenceNumber.
12534 * If we ever implement SMB-over-IPX (which I suspect goes over
12535 * IPX sockets 0x0550, 0x0552, and maybe 0x0554, as per the
12536 * document in question), we'd probably want to have some way
12537 * to determine whether this is SMB-over-IPX or not (which could
12538 * be done by adding a PT_IPXSOCKET port type, having the
12539 * IPX dissector set "pinfo->srcport" and "pinfo->destport",
12540 * and having the SMB dissector check for a port type of
12541 * PT_IPXSOCKET and for "pinfo->match_port" being either
12542 * IPX_SOCKET_NWLINK_SMB_SERVER or IPX_SOCKET_NWLINK_SMB_REDIR
12543 * or, if it also uses 0x0554, IPX_SOCKET_NWLINK_SMB_MESSENGER).
12545 proto_tree_add_text(smb_hdr_tree, tvb, offset, 12, "Reserved: 6 WORDS");
12551 /* Now the TID, tree ID */
12553 tid = tvb_get_letohs(tvb, offset);
12558 proto_tree_add_uint(smb_hdr_tree, hf_smb_tid, tvb, offset, 2, tid);
12564 /* Now the PID, Process ID */
12566 pid = tvb_get_letohs(tvb, offset);
12571 proto_tree_add_uint(smb_hdr_tree, hf_smb_pid, tvb, offset, 2, pid);
12577 /* Now the UID, User ID */
12579 uid = tvb_get_letohs(tvb, offset);
12584 proto_tree_add_uint(smb_hdr_tree, hf_smb_uid, tvb, offset, 2, uid);
12590 /* Now the MID, Multiplex ID */
12592 mid = tvb_get_letohs(tvb, offset);
12597 proto_tree_add_uint(smb_hdr_tree, hf_smb_mid, tvb, offset, 2, mid);
12604 * Get old-style information from the tvbuff we've been handed.
12606 tvb_compat(tvb, &pd, &SMB_offset);
12607 offset += SMB_offset;
12609 /* Now vector through the table to dissect them */
12611 (dissect[cmd])(pd, offset, pinfo->fd, tree, smb_tree, si,
12612 tvb_length(tvb), SMB_offset);
12617 /*** External routines called during the registration process */
12619 extern void register_proto_smb_browse( void);
12620 extern void register_proto_smb_logon( void);
12621 extern void register_proto_smb_mailslot( void);
12622 extern void register_proto_smb_pipe( void);
12623 extern void register_proto_smb_mailslot( void);
12627 proto_register_smb(void)
12629 static hf_register_info hf[] = {
12631 { "SMB Command", "smb.cmd",
12632 FT_UINT8, BASE_HEX, VALS(smb_cmd_vals), 0x0, "", HFILL }},
12634 { "Status", "smb.status",
12635 FT_UINT32, BASE_HEX, VALS(NT_errors), 0x0, "", HFILL }},
12637 { "Error Class", "smb.errcls",
12638 FT_UINT8, BASE_HEX, VALS(errcls_types), 0x0, "", HFILL }},
12640 { "Flags", "smb.flags",
12641 FT_UINT8, BASE_HEX, NULL, 0x0, "", HFILL }},
12643 { "Flags2", "smb.flags2",
12644 FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL }},
12646 { "Network Path/Tree ID (TID)", "smb.tid",
12647 FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL }},
12649 { "Process ID (PID)", "smb.pid",
12650 FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL }},
12652 { "User ID (UID)", "smb.uid",
12653 FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL }},
12655 { "Multiplex ID (MID)", "smb.mid",
12656 FT_UINT16, BASE_HEX, NULL, 0x0, "", HFILL }},
12658 static gint *ett[] = {
12661 &ett_smb_fileattributes,
12662 &ett_smb_capabilities,
12669 &ett_smb_desiredaccess,
12672 &ett_smb_openfunction,
12674 &ett_smb_openaction,
12675 &ett_smb_writemode,
12676 &ett_smb_lock_type,
12677 &ett_smb_ssetupandxaction,
12678 &ett_smb_optionsup,
12681 proto_smb = proto_register_protocol("SMB (Server Message Block Protocol)",
12684 proto_register_subtree_array(ett, array_length(ett));
12685 proto_register_field_array(proto_smb, hf, array_length(hf));
12686 register_init_routine(&smb_init_protocol);
12688 register_proto_smb_browse();
12689 register_proto_smb_logon();
12690 register_proto_smb_mailslot();
12691 register_proto_smb_pipe();
12695 proto_reg_handoff_smb(void)
12697 heur_dissector_add("netbios", dissect_smb, proto_smb);
git.samba.org / obnox / wireshark / wip.git / blob