2 * Routines for smb packet dissection
3 * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
5 * $Id: packet-smb.c,v 1.76 2000/12/17 03:48:44 sharpe Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@zing.org>
9 * Copyright 1998 Gerald Combs
11 * Copied from packet-pop.c
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
34 #ifdef HAVE_SYS_TYPES_H
35 # include <sys/types.h>
38 #ifdef HAVE_NETINET_IN_H
39 # include <netinet/in.h>
47 #include "conversation.h"
49 #include "alignment.h"
52 guint32 dissect_mailslot_smb(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info, int, int, int, int, const u_char *, int, int, int, int);
54 guint32 dissect_pipe_smb(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info, int, int, int, int, const u_char *, int, int, int, int);
57 static int proto_smb = -1;
59 static int hf_smb_cmd = -1;
61 static gint ett_smb = -1;
62 static gint ett_smb_fileattributes = -1;
63 static gint ett_smb_capabilities = -1;
64 static gint ett_smb_aflags = -1;
65 static gint ett_smb_dialects = -1;
66 static gint ett_smb_mode = -1;
67 static gint ett_smb_rawmode = -1;
68 static gint ett_smb_flags = -1;
69 static gint ett_smb_flags2 = -1;
70 static gint ett_smb_desiredaccess = -1;
71 static gint ett_smb_search = -1;
72 static gint ett_smb_file = -1;
73 static gint ett_smb_openfunction = -1;
74 static gint ett_smb_filetype = -1;
75 static gint ett_smb_action = -1;
76 static gint ett_smb_writemode = -1;
77 static gint ett_smb_lock_type = -1;
82 * Struct passed to each SMB decode routine of info it may need
85 char *decode_smb_name(unsigned char);
87 int smb_packet_init_count = 200;
89 struct smb_request_key {
95 GHashTable *smb_request_hash = NULL;
96 GMemChunk *smb_request_keys = NULL;
97 GMemChunk *smb_request_vals = NULL;
101 smb_equal(gconstpointer v, gconstpointer w)
103 struct smb_request_key *v1 = (struct smb_request_key *)v;
104 struct smb_request_key *v2 = (struct smb_request_key *)w;
106 #if defined(DEBUG_SMB_HASH)
107 printf("Comparing %08X:%u\n and %08X:%u\n",
108 v1 -> conversation, v1 -> mid,
109 v2 -> conversation, v2 -> mid);
112 if (v1 -> conversation == v2 -> conversation &&
113 v1 -> mid == v2 -> mid) {
123 smb_hash (gconstpointer v)
125 struct smb_request_key *key = (struct smb_request_key *)v;
128 val = key -> conversation + key -> mid;
130 #if defined(DEBUG_SMB_HASH)
131 printf("SMB Hash calculated as %u\n", val);
139 * Free up any state information we've saved, and re-initialize the
140 * tables of state information.
143 smb_init_protocol(void)
145 #if defined(DEBUG_SMB_HASH)
146 printf("Initializing SMB hashtable area\n");
149 if (smb_request_hash)
150 g_hash_table_destroy(smb_request_hash);
151 if (smb_request_keys)
152 g_mem_chunk_destroy(smb_request_keys);
153 if (smb_request_vals)
154 g_mem_chunk_destroy(smb_request_vals);
156 smb_request_hash = g_hash_table_new(smb_hash, smb_equal);
157 smb_request_keys = g_mem_chunk_new("smb_request_keys",
158 sizeof(struct smb_request_key),
159 smb_packet_init_count * sizeof(struct smb_request_key), G_ALLOC_AND_FREE);
160 smb_request_vals = g_mem_chunk_new("smb_request_vals",
161 sizeof(struct smb_request_val),
162 smb_packet_init_count * sizeof(struct smb_request_val), G_ALLOC_AND_FREE);
165 void (*dissect[256])(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info si, int, int, int, int);
167 static const value_string smb_cmd_vals[] = {
168 { 0x00, "SMBcreatedirectory" },
169 { 0x01, "SMBdeletedirectory" },
171 { 0x03, "SMBcreate" },
172 { 0x04, "SMBclose" },
173 { 0x05, "SMBflush" },
174 { 0x06, "SMBunlink" },
176 { 0x08, "SMBgetatr" },
177 { 0x09, "SMBsetatr" },
179 { 0x0B, "SMBwrite" },
181 { 0x0D, "SMBunlock" },
182 { 0x0E, "SMBctemp" },
183 { 0x0F, "SMBmknew" },
184 { 0x10, "SMBchkpth" },
186 { 0x12, "SMBlseek" },
187 { 0x13, "SMBlockread" },
188 { 0x14, "SMBwriteunlock" },
189 { 0x15, "unknown-0x15" },
190 { 0x16, "unknown-0x16" },
191 { 0x17, "unknown-0x17" },
192 { 0x18, "unknown-0x18" },
193 { 0x19, "unknown-0x19" },
194 { 0x1A, "SMBreadBraw" },
195 { 0x1B, "SMBreadBmpx" },
196 { 0x1C, "SMBreadBs" },
197 { 0x1D, "SMBwriteBraw" },
198 { 0x1E, "SMBwriteBmpx" },
199 { 0x1F, "SMBwriteBs" },
200 { 0x20, "SMBwriteC" },
201 { 0x21, "unknown-0x21" },
202 { 0x22, "SMBsetattrE" },
203 { 0x23, "SMBgetattrE" },
204 { 0x24, "SMBlockingX" },
205 { 0x25, "SMBtrans" },
206 { 0x26, "SMBtranss" },
207 { 0x27, "SMBioctl" },
208 { 0x28, "SMBioctls" },
212 { 0x2C, "SMBwriteclose" },
213 { 0x2D, "SMBopenX" },
214 { 0x2E, "SMBreadX" },
215 { 0x2F, "SMBwriteX" },
216 { 0x30, "unknown-0x30" },
217 { 0x31, "SMBcloseandtreedisc" },
218 { 0x32, "SMBtrans2" },
219 { 0x33, "SMBtrans2secondary" },
220 { 0x34, "SMBfindclose2" },
221 { 0x35, "SMBfindnotifyclose" },
222 { 0x36, "unknown-0x36" },
223 { 0x37, "unknown-0x37" },
224 { 0x38, "unknown-0x38" },
225 { 0x39, "unknown-0x39" },
226 { 0x3A, "unknown-0x3A" },
227 { 0x3B, "unknown-0x3B" },
228 { 0x3C, "unknown-0x3C" },
229 { 0x3D, "unknown-0x3D" },
230 { 0x3E, "unknown-0x3E" },
231 { 0x3F, "unknown-0x3F" },
232 { 0x40, "unknown-0x40" },
233 { 0x41, "unknown-0x41" },
234 { 0x42, "unknown-0x42" },
235 { 0x43, "unknown-0x43" },
236 { 0x44, "unknown-0x44" },
237 { 0x45, "unknown-0x45" },
238 { 0x46, "unknown-0x46" },
239 { 0x47, "unknown-0x47" },
240 { 0x48, "unknown-0x48" },
241 { 0x49, "unknown-0x49" },
242 { 0x4A, "unknown-0x4A" },
243 { 0x4B, "unknown-0x4B" },
244 { 0x4C, "unknown-0x4C" },
245 { 0x4D, "unknown-0x4D" },
246 { 0x4E, "unknown-0x4E" },
247 { 0x4F, "unknown-0x4F" },
248 { 0x50, "unknown-0x50" },
249 { 0x51, "unknown-0x51" },
250 { 0x52, "unknown-0x52" },
251 { 0x53, "unknown-0x53" },
252 { 0x54, "unknown-0x54" },
253 { 0x55, "unknown-0x55" },
254 { 0x56, "unknown-0x56" },
255 { 0x57, "unknown-0x57" },
256 { 0x58, "unknown-0x58" },
257 { 0x59, "unknown-0x59" },
258 { 0x5A, "unknown-0x5A" },
259 { 0x5B, "unknown-0x5B" },
260 { 0x5C, "unknown-0x5C" },
261 { 0x5D, "unknown-0x5D" },
262 { 0x5E, "unknown-0x5E" },
263 { 0x5F, "unknown-0x5F" },
264 { 0x60, "unknown-0x60" },
265 { 0x61, "unknown-0x61" },
266 { 0x62, "unknown-0x62" },
267 { 0x63, "unknown-0x63" },
268 { 0x64, "unknown-0x64" },
269 { 0x65, "unknown-0x65" },
270 { 0x66, "unknown-0x66" },
271 { 0x67, "unknown-0x67" },
272 { 0x68, "unknown-0x68" },
273 { 0x69, "unknown-0x69" },
274 { 0x6A, "unknown-0x6A" },
275 { 0x6B, "unknown-0x6B" },
276 { 0x6C, "unknown-0x6C" },
277 { 0x6D, "unknown-0x6D" },
278 { 0x6E, "unknown-0x6E" },
279 { 0x6F, "unknown-0x6F" },
282 { 0x72, "SMBnegprot" },
283 { 0x73, "SMBsesssetupX" },
284 { 0x74, "SMBlogoffX" },
285 { 0x75, "SMBtconX" },
286 { 0x76, "unknown-0x76" },
287 { 0x77, "unknown-0x77" },
288 { 0x78, "unknown-0x78" },
289 { 0x79, "unknown-0x79" },
290 { 0x7A, "unknown-0x7A" },
291 { 0x7B, "unknown-0x7B" },
292 { 0x7C, "unknown-0x7C" },
293 { 0x7D, "unknown-0x7D" },
294 { 0x7E, "unknown-0x7E" },
295 { 0x7F, "unknown-0x7F" },
296 { 0x80, "SMBdskattr" },
297 { 0x81, "SMBsearch" },
298 { 0x82, "SMBffirst" },
299 { 0x83, "SMBfunique" },
300 { 0x84, "SMBfclose" },
301 { 0x85, "unknown-0x85" },
302 { 0x86, "unknown-0x86" },
303 { 0x87, "unknown-0x87" },
304 { 0x88, "unknown-0x88" },
305 { 0x89, "unknown-0x89" },
306 { 0x8A, "unknown-0x8A" },
307 { 0x8B, "unknown-0x8B" },
308 { 0x8C, "unknown-0x8C" },
309 { 0x8D, "unknown-0x8D" },
310 { 0x8E, "unknown-0x8E" },
311 { 0x8F, "unknown-0x8F" },
312 { 0x90, "unknown-0x90" },
313 { 0x91, "unknown-0x91" },
314 { 0x92, "unknown-0x92" },
315 { 0x93, "unknown-0x93" },
316 { 0x94, "unknown-0x94" },
317 { 0x95, "unknown-0x95" },
318 { 0x96, "unknown-0x96" },
319 { 0x97, "unknown-0x97" },
320 { 0x98, "unknown-0x98" },
321 { 0x99, "unknown-0x99" },
322 { 0x9A, "unknown-0x9A" },
323 { 0x9B, "unknown-0x9B" },
324 { 0x9C, "unknown-0x9C" },
325 { 0x9D, "unknown-0x9D" },
326 { 0x9E, "unknown-0x9E" },
327 { 0x9F, "unknown-0x9F" },
328 { 0xA0, "SMBnttransact" },
329 { 0xA1, "SMBnttransactsecondary" },
330 { 0xA2, "SMBntcreateX" },
331 { 0xA3, "unknown-0xA3" },
332 { 0xA4, "SMBntcancel" },
333 { 0xA5, "unknown-0xA5" },
334 { 0xA6, "unknown-0xA6" },
335 { 0xA7, "unknown-0xA7" },
336 { 0xA8, "unknown-0xA8" },
337 { 0xA9, "unknown-0xA9" },
338 { 0xAA, "unknown-0xAA" },
339 { 0xAB, "unknown-0xAB" },
340 { 0xAC, "unknown-0xAC" },
341 { 0xAD, "unknown-0xAD" },
342 { 0xAE, "unknown-0xAE" },
343 { 0xAF, "unknown-0xAF" },
344 { 0xB0, "unknown-0xB0" },
345 { 0xB1, "unknown-0xB1" },
346 { 0xB2, "unknown-0xB2" },
347 { 0xB3, "unknown-0xB3" },
348 { 0xB4, "unknown-0xB4" },
349 { 0xB5, "unknown-0xB5" },
350 { 0xB6, "unknown-0xB6" },
351 { 0xB7, "unknown-0xB7" },
352 { 0xB8, "unknown-0xB8" },
353 { 0xB9, "unknown-0xB9" },
354 { 0xBA, "unknown-0xBA" },
355 { 0xBB, "unknown-0xBB" },
356 { 0xBC, "unknown-0xBC" },
357 { 0xBD, "unknown-0xBD" },
358 { 0xBE, "unknown-0xBE" },
359 { 0xBF, "unknown-0xBF" },
360 { 0xC0, "SMBsplopen" },
361 { 0xC1, "SMBsplwr" },
362 { 0xC2, "SMBsplclose" },
363 { 0xC3, "SMBsplretq" },
364 { 0xC4, "unknown-0xC4" },
365 { 0xC5, "unknown-0xC5" },
366 { 0xC6, "unknown-0xC6" },
367 { 0xC7, "unknown-0xC7" },
368 { 0xC8, "unknown-0xC8" },
369 { 0xC9, "unknown-0xC9" },
370 { 0xCA, "unknown-0xCA" },
371 { 0xCB, "unknown-0xCB" },
372 { 0xCC, "unknown-0xCC" },
373 { 0xCD, "unknown-0xCD" },
374 { 0xCE, "unknown-0xCE" },
375 { 0xCF, "unknown-0xCF" },
376 { 0xD0, "SMBsends" },
377 { 0xD1, "SMBsendb" },
378 { 0xD2, "SMBfwdname" },
379 { 0xD3, "SMBcancelf" },
380 { 0xD4, "SMBgetmac" },
381 { 0xD5, "SMBsendstrt" },
382 { 0xD6, "SMBsendend" },
383 { 0xD7, "SMBsendtxt" },
384 { 0xD8, "SMBreadbulk" },
385 { 0xD9, "SMBwritebulk" },
386 { 0xDA, "SMBwritebulkdata" },
387 { 0xDB, "unknown-0xDB" },
388 { 0xDC, "unknown-0xDC" },
389 { 0xDD, "unknown-0xDD" },
390 { 0xDE, "unknown-0xDE" },
391 { 0xDF, "unknown-0xDF" },
392 { 0xE0, "unknown-0xE0" },
393 { 0xE1, "unknown-0xE1" },
394 { 0xE2, "unknown-0xE2" },
395 { 0xE3, "unknown-0xE3" },
396 { 0xE4, "unknown-0xE4" },
397 { 0xE5, "unknown-0xE5" },
398 { 0xE6, "unknown-0xE6" },
399 { 0xE7, "unknown-0xE7" },
400 { 0xE8, "unknown-0xE8" },
401 { 0xE9, "unknown-0xE9" },
402 { 0xEA, "unknown-0xEA" },
403 { 0xEB, "unknown-0xEB" },
404 { 0xEC, "unknown-0xEC" },
405 { 0xED, "unknown-0xED" },
406 { 0xEE, "unknown-0xEE" },
407 { 0xEF, "unknown-0xEF" },
408 { 0xF0, "unknown-0xF0" },
409 { 0xF1, "unknown-0xF1" },
410 { 0xF2, "unknown-0xF2" },
411 { 0xF3, "unknown-0xF3" },
412 { 0xF4, "unknown-0xF4" },
413 { 0xF5, "unknown-0xF5" },
414 { 0xF6, "unknown-0xF6" },
415 { 0xF7, "unknown-0xF7" },
416 { 0xF8, "unknown-0xF8" },
417 { 0xF9, "unknown-0xF9" },
418 { 0xFA, "unknown-0xFA" },
419 { 0xFB, "unknown-0xFB" },
420 { 0xFC, "unknown-0xFC" },
421 { 0xFD, "unknown-0xFD" },
422 { 0xFE, "SMBinvalid" },
423 { 0xFF, "unknown-0xFF" },
426 char *SMB_names[256] = {
427 "SMBcreatedirectory",
428 "SMBdeletedirectory",
476 "SMBcloseandtreedisc",
478 "SMBtrans2secondary",
480 "SMBfindnotifyclose",
588 "SMBnttransactsecondary",
686 dissect_unknown_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
691 proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Data (%u bytes)",
699 * Dissect a UNIX like date ...
702 struct tm *_gtime; /* Add leading underscore ("_") to prevent symbol
703 conflict with /usr/include/time.h on some NetBSD
707 dissect_smbu_date(guint16 date, guint16 time)
710 static char datebuf[4+2+2+2+1+10];
711 time_t ltime = (date << 16) + time;
713 _gtime = gmtime(<ime);
716 sprintf(datebuf, "%04d-%02d-%02d",
717 1900 + (_gtime -> tm_year), 1 + (_gtime -> tm_mon), _gtime -> tm_mday);
719 sprintf(datebuf, "Bad date format");
729 dissect_smbu_time(guint16 date, guint16 time)
732 static char timebuf[2+2+2+2+1+10];
735 sprintf(timebuf, "%02d:%02d:%02d",
736 _gtime -> tm_hour, _gtime -> tm_min, _gtime -> tm_sec);
738 sprintf(timebuf, "Bad time format");
745 * Dissect a DOS-format date.
748 dissect_dos_date(guint16 date)
750 static char datebuf[4+2+2+1];
752 sprintf(datebuf, "%04d-%02d-%02d",
753 ((date>>9)&0x7F) + 1980, (date>>5)&0x0F, date&0x1F);
758 * Dissect a DOS-format time.
761 dissect_dos_time(guint16 time)
763 static char timebuf[2+2+2+1];
765 sprintf(timebuf, "%02d:%02d:%02d",
766 (time>>11)&0x1F, (time>>5)&0x3F, (time&0x1F)*2);
770 /* Max string length for displaying Unicode strings. */
771 #define MAX_UNICODE_STR_LEN 256
773 /* Turn a little-endian Unicode '\0'-terminated string into a string we
775 XXX - for now, we just handle the ISO 8859-1 characters. */
777 unicode_to_str(const guint8 *us, int *us_lenp) {
778 static gchar str[3][MAX_UNICODE_STR_LEN+3+1];
785 if (cur == &str[0][0]) {
787 } else if (cur == &str[1][0]) {
793 len = MAX_UNICODE_STR_LEN;
795 while (*us != 0 || *(us + 1) != 0) {
805 /* Note that we're not showing the full string. */
816 * Each dissect routine is passed an offset to wct and works from there
820 dissect_flush_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
827 if (dirn == 1) { /* Request(s) dissect code */
829 /* Build display for: Word Count (WCT) */
831 WordCount = GBYTE(pd, offset);
835 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
839 offset += 1; /* Skip Word Count (WCT) */
841 /* Build display for: FID */
843 FID = GSHORT(pd, offset);
847 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
851 offset += 2; /* Skip FID */
853 /* Build display for: Byte Count */
855 ByteCount = GSHORT(pd, offset);
859 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
863 offset += 2; /* Skip Byte Count */
867 if (dirn == 0) { /* Response(s) dissect code */
869 /* Build display for: Word Count (WCT) */
871 WordCount = GBYTE(pd, offset);
875 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
879 offset += 1; /* Skip Word Count (WCT) */
881 /* Build display for: Byte Count (BCC) */
883 ByteCount = GSHORT(pd, offset);
887 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
891 offset += 2; /* Skip Byte Count (BCC) */
898 dissect_get_disk_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
906 guint16 BlocksPerUnit;
909 if (dirn == 1) { /* Request(s) dissect code */
911 /* Build display for: Word Count (WCT) */
913 WordCount = GBYTE(pd, offset);
917 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
921 offset += 1; /* Skip Word Count (WCT) */
923 /* Build display for: Byte Count (BCC) */
925 ByteCount = GSHORT(pd, offset);
929 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
933 offset += 2; /* Skip Byte Count (BCC) */
937 if (dirn == 0) { /* Response(s) dissect code */
939 /* Build display for: Word Count (WCT) */
941 WordCount = GBYTE(pd, offset);
945 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
949 offset += 1; /* Skip Word Count (WCT) */
953 /* Build display for: Total Units */
955 TotalUnits = GSHORT(pd, offset);
959 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Units: %u", TotalUnits);
963 offset += 2; /* Skip Total Units */
965 /* Build display for: Blocks Per Unit */
967 BlocksPerUnit = GSHORT(pd, offset);
971 proto_tree_add_text(tree, NullTVB, offset, 2, "Blocks Per Unit: %u", BlocksPerUnit);
975 offset += 2; /* Skip Blocks Per Unit */
977 /* Build display for: Block Size */
979 BlockSize = GSHORT(pd, offset);
983 proto_tree_add_text(tree, NullTVB, offset, 2, "Block Size: %u", BlockSize);
987 offset += 2; /* Skip Block Size */
989 /* Build display for: Free Units */
991 FreeUnits = GSHORT(pd, offset);
995 proto_tree_add_text(tree, NullTVB, offset, 2, "Free Units: %u", FreeUnits);
999 offset += 2; /* Skip Free Units */
1001 /* Build display for: Reserved */
1003 Reserved = GSHORT(pd, offset);
1007 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
1011 offset += 2; /* Skip Reserved */
1015 /* Build display for: Byte Count (BCC) */
1017 ByteCount = GSHORT(pd, offset);
1021 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1025 offset += 2; /* Skip Byte Count (BCC) */
1032 dissect_set_file_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1035 proto_tree *Attributes_tree;
1039 guint8 BufferFormat;
1045 guint16 LastWriteTime;
1046 guint16 LastWriteDate;
1048 const char *FileName;
1050 if (dirn == 1) { /* Request(s) dissect code */
1052 /* Build display for: Word Count (WCT) */
1054 WordCount = GBYTE(pd, offset);
1058 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1062 offset += 1; /* Skip Word Count (WCT) */
1064 if (WordCount > 0) {
1066 /* Build display for: Attributes */
1068 Attributes = GSHORT(pd, offset);
1072 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Attributes: 0x%02x", Attributes);
1073 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
1074 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1075 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
1076 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1077 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
1078 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1079 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
1080 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1081 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
1082 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1083 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
1084 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1085 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
1089 offset += 2; /* Skip Attributes */
1091 /* Build display for: Last Write Time */
1093 LastWriteTime = GSHORT(pd, offset);
1097 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_dos_time(LastWriteTime));
1101 offset += 2; /* Skip Last Write Time */
1103 /* Build display for: Last Write Date */
1105 LastWriteDate = GSHORT(pd, offset);
1109 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_dos_date(LastWriteDate));
1113 offset += 2; /* Skip Last Write Date */
1115 /* Build display for: Reserved 1 */
1117 Reserved1 = GSHORT(pd, offset);
1121 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
1125 offset += 2; /* Skip Reserved 1 */
1127 /* Build display for: Reserved 2 */
1129 Reserved2 = GSHORT(pd, offset);
1133 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 2: %u", Reserved2);
1137 offset += 2; /* Skip Reserved 2 */
1139 /* Build display for: Reserved 3 */
1141 Reserved3 = GSHORT(pd, offset);
1145 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 3: %u", Reserved3);
1149 offset += 2; /* Skip Reserved 3 */
1151 /* Build display for: Reserved 4 */
1153 Reserved4 = GSHORT(pd, offset);
1157 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 4: %u", Reserved4);
1161 offset += 2; /* Skip Reserved 4 */
1163 /* Build display for: Reserved 5 */
1165 Reserved5 = GSHORT(pd, offset);
1169 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 5: %u", Reserved5);
1173 offset += 2; /* Skip Reserved 5 */
1177 /* Build display for: Byte Count (BCC) */
1179 ByteCount = GSHORT(pd, offset);
1183 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1187 offset += 2; /* Skip Byte Count (BCC) */
1189 /* Build display for: Buffer Format */
1191 BufferFormat = GBYTE(pd, offset);
1195 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
1199 offset += 1; /* Skip Buffer Format */
1201 /* Build display for: File Name */
1203 FileName = pd + offset;
1207 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
1211 offset += strlen(FileName) + 1; /* Skip File Name */
1215 if (dirn == 0) { /* Response(s) dissect code */
1217 /* Build display for: Word Count (WCT) */
1219 WordCount = GBYTE(pd, offset);
1223 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1227 offset += 1; /* Skip Word Count (WCT) */
1229 /* Build display for: Byte Count (BCC) */
1231 ByteCount = GBYTE(pd, offset);
1235 proto_tree_add_text(tree, NullTVB, offset, 1, "Byte Count (BCC): %u", ByteCount);
1239 offset += 1; /* Skip Byte Count (BCC) */
1246 dissect_write_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1250 guint8 BufferFormat;
1258 if (dirn == 1) { /* Request(s) dissect code */
1260 /* Build display for: Word Count (WCT) */
1262 WordCount = GBYTE(pd, offset);
1266 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1270 offset += 1; /* Skip Word Count (WCT) */
1272 /* Build display for: FID */
1274 FID = GSHORT(pd, offset);
1278 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
1282 offset += 2; /* Skip FID */
1284 /* Build display for: Count */
1286 Count = GSHORT(pd, offset);
1290 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
1294 offset += 2; /* Skip Count */
1296 /* Build display for: Offset */
1298 Offset = GWORD(pd, offset);
1302 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
1306 offset += 4; /* Skip Offset */
1308 /* Build display for: Remaining */
1310 Remaining = GSHORT(pd, offset);
1314 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
1318 offset += 2; /* Skip Remaining */
1320 /* Build display for: Byte Count (BCC) */
1322 ByteCount = GSHORT(pd, offset);
1326 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1330 offset += 2; /* Skip Byte Count (BCC) */
1332 /* Build display for: Buffer Format */
1334 BufferFormat = GBYTE(pd, offset);
1338 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
1342 offset += 1; /* Skip Buffer Format */
1344 /* Build display for: Data Length */
1346 DataLength = GSHORT(pd, offset);
1350 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
1354 offset += 2; /* Skip Data Length */
1356 if (ByteCount > 0 && tree) {
1358 if(END_OF_FRAME >= ByteCount)
1359 proto_tree_add_text(tree, NullTVB, offset, ByteCount, "Data (%u bytes)", ByteCount);
1361 proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Data (first %u bytes)", END_OF_FRAME);
1367 if (dirn == 0) { /* Response(s) dissect code */
1369 /* Build display for: Word Count (WCT) */
1371 WordCount = GBYTE(pd, offset);
1375 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1379 offset += 1; /* Skip Word Count (WCT) */
1381 /* Build display for: Count */
1383 Count = GSHORT(pd, offset);
1387 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
1391 offset += 2; /* Skip Count */
1393 /* Build display for: Byte Count (BCC) */
1395 ByteCount = GSHORT(pd, offset);
1399 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1403 offset += 2; /* Skip Byte Count (BCC) */
1410 dissect_read_mpx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *arent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1424 guint16 DataCompactionMode;
1428 if (dirn == 1) { /* Request(s) dissect code */
1430 /* Build display for: Word Count (WCT) */
1432 WordCount = GBYTE(pd, offset);
1436 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1440 offset += 1; /* Skip Word Count (WCT) */
1442 /* Build display for: FID */
1444 FID = GSHORT(pd, offset);
1448 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
1452 offset += 2; /* Skip FID */
1454 /* Build display for: Offset */
1456 Offset = GWORD(pd, offset);
1460 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
1464 offset += 4; /* Skip Offset */
1466 /* Build display for: Max Count */
1468 MaxCount = GSHORT(pd, offset);
1472 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
1476 offset += 2; /* Skip Max Count */
1478 /* Build display for: Min Count */
1480 MinCount = GSHORT(pd, offset);
1484 proto_tree_add_text(tree, NullTVB, offset, 2, "Min Count: %u", MinCount);
1488 offset += 2; /* Skip Min Count */
1490 /* Build display for: Reserved 1 */
1492 Reserved1 = GWORD(pd, offset);
1496 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved 1: %u", Reserved1);
1500 offset += 4; /* Skip Reserved 1 */
1502 /* Build display for: Reserved 2 */
1504 Reserved2 = GSHORT(pd, offset);
1508 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 2: %u", Reserved2);
1512 offset += 2; /* Skip Reserved 2 */
1514 /* Build display for: Byte Count (BCC) */
1516 ByteCount = GSHORT(pd, offset);
1520 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1524 offset += 2; /* Skip Byte Count (BCC) */
1528 if (dirn == 0) { /* Response(s) dissect code */
1530 /* Build display for: Word Count */
1532 WordCount = GBYTE(pd, offset);
1536 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count: %u", WordCount);
1540 offset += 1; /* Skip Word Count */
1542 if (WordCount > 0) {
1544 /* Build display for: Offset */
1546 Offset = GWORD(pd, offset);
1550 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
1554 offset += 4; /* Skip Offset */
1556 /* Build display for: Count */
1558 Count = GSHORT(pd, offset);
1562 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
1566 offset += 2; /* Skip Count */
1568 /* Build display for: Reserved */
1570 Reserved = GSHORT(pd, offset);
1574 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
1578 offset += 2; /* Skip Reserved */
1580 /* Build display for: Data Compaction Mode */
1582 DataCompactionMode = GSHORT(pd, offset);
1586 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Compaction Mode: %u", DataCompactionMode);
1590 offset += 2; /* Skip Data Compaction Mode */
1592 /* Build display for: Reserved */
1594 Reserved = GSHORT(pd, offset);
1598 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
1602 offset += 2; /* Skip Reserved */
1604 /* Build display for: Data Length */
1606 DataLength = GSHORT(pd, offset);
1610 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
1614 offset += 2; /* Skip Data Length */
1616 /* Build display for: Data Offset */
1618 DataOffset = GSHORT(pd, offset);
1622 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
1626 offset += 2; /* Skip Data Offset */
1630 /* Build display for: Byte Count (BCC) */
1632 ByteCount = GSHORT(pd, offset);
1636 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1640 offset += 2; /* Skip Byte Count (BCC) */
1642 /* Build display for: Pad */
1644 Pad = GBYTE(pd, offset);
1648 proto_tree_add_text(tree, NullTVB, offset, 1, "Pad: %u", Pad);
1652 offset += 1; /* Skip Pad */
1659 dissect_delete_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *paernt, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1663 guint8 BufferFormat;
1664 guint16 SearchAttributes;
1666 const char *FileName;
1668 if (dirn == 1) { /* Request(s) dissect code */
1670 /* Build display for: Word Count (WCT) */
1672 WordCount = GBYTE(pd, offset);
1676 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1680 offset += 1; /* Skip Word Count (WCT) */
1682 /* Build display for: SearchAttributes */
1684 SearchAttributes = GSHORT(pd, offset);
1688 proto_tree_add_text(tree, NullTVB, offset, 2, "Search Attributes: %u", SearchAttributes);
1691 offset += 2; /* Skip SearchAttributes */
1693 /* Build display for: Byte Count (BCC) */
1695 ByteCount = GSHORT(pd, offset);
1699 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1703 offset += 2; /* Skip Byte Count (BCC) */
1705 /* Build display for: Buffer Format */
1707 BufferFormat = GBYTE(pd, offset);
1711 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
1715 offset += 1; /* Skip Buffer Format */
1717 /* Build display for: File Name */
1719 FileName = pd + offset;
1723 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
1727 offset += strlen(FileName) + 1; /* Skip File Name */
1731 if (dirn == 0) { /* Response(s) dissect code */
1733 /* Build display for: Word Count (WCT) */
1735 WordCount = GBYTE(pd, offset);
1739 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1743 offset += 1; /* Skip Word Count (WCT) */
1745 /* Build display for: Byte Count (BCC) */
1747 ByteCount = GSHORT(pd, offset);
1751 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1755 offset += 2; /* Skip Byte Count (BCC) */
1762 dissect_query_info2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1765 proto_tree *Attributes_tree;
1768 guint32 FileDataSize;
1769 guint32 FileAllocationSize;
1770 guint16 LastWriteTime;
1771 guint16 LastWriteDate;
1772 guint16 LastAccessTime;
1773 guint16 LastAccessDate;
1775 guint16 CreationTime;
1776 guint16 CreationDate;
1780 if (dirn == 1) { /* Request(s) dissect code */
1782 /* Build display for: Word Count (WCT) */
1784 WordCount = GBYTE(pd, offset);
1788 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1792 offset += 1; /* Skip Word Count (WCT) */
1794 /* Build display for: FID */
1796 FID = GSHORT(pd, offset);
1800 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
1804 offset += 2; /* Skip FID */
1806 /* Build display for: Byte Count */
1808 ByteCount = GSHORT(pd, offset);
1812 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
1816 offset += 2; /* Skip Byte Count */
1820 if (dirn == 0) { /* Response(s) dissect code */
1822 /* Build display for: Word Count (WCT) */
1824 WordCount = GBYTE(pd, offset);
1828 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1832 offset += 1; /* Skip Word Count (WCT) */
1834 if (WordCount > 0) {
1836 /* Build display for: Creation Date */
1838 CreationDate = GSHORT(pd, offset);
1842 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Date: %s", dissect_dos_date(CreationDate));
1846 offset += 2; /* Skip Creation Date */
1848 /* Build display for: Creation Time */
1850 CreationTime = GSHORT(pd, offset);
1854 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Time: %s", dissect_dos_time(CreationTime));
1858 offset += 2; /* Skip Creation Time */
1860 /* Build display for: Last Access Date */
1862 LastAccessDate = GSHORT(pd, offset);
1866 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Access Date: %s", dissect_dos_date(LastAccessDate));
1870 offset += 2; /* Skip Last Access Date */
1872 /* Build display for: Last Access Time */
1874 LastAccessTime = GSHORT(pd, offset);
1878 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Access Time: %s", dissect_dos_time(LastAccessTime));
1882 offset += 2; /* Skip Last Access Time */
1884 /* Build display for: Last Write Date */
1886 LastWriteDate = GSHORT(pd, offset);
1890 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_dos_date(LastWriteDate));
1894 offset += 2; /* Skip Last Write Date */
1896 /* Build display for: Last Write Time */
1898 LastWriteTime = GSHORT(pd, offset);
1902 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_dos_time(LastWriteTime));
1906 offset += 2; /* Skip Last Write Time */
1908 /* Build display for: File Data Size */
1910 FileDataSize = GWORD(pd, offset);
1914 proto_tree_add_text(tree, NullTVB, offset, 4, "File Data Size: %u", FileDataSize);
1918 offset += 4; /* Skip File Data Size */
1920 /* Build display for: File Allocation Size */
1922 FileAllocationSize = GWORD(pd, offset);
1926 proto_tree_add_text(tree, NullTVB, offset, 4, "File Allocation Size: %u", FileAllocationSize);
1930 offset += 4; /* Skip File Allocation Size */
1932 /* Build display for: Attributes */
1934 Attributes = GSHORT(pd, offset);
1938 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Attributes: 0x%02x", Attributes);
1939 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
1940 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1941 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
1942 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1943 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
1944 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1945 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
1946 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1947 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
1948 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1949 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
1950 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1951 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
1955 offset += 2; /* Skip Attributes */
1959 /* Build display for: Byte Count */
1961 ByteCount = GSHORT(pd, offset);
1965 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
1969 offset += 2; /* Skip Byte Count */
1976 dissect_treecon_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1980 guint8 BufferFormat3;
1981 guint8 BufferFormat2;
1982 guint8 BufferFormat1;
1984 guint16 MaxBufferSize;
1986 const char *SharePath;
1987 const char *Service;
1988 const char *Password;
1990 if (dirn == 1) { /* Request(s) dissect code */
1992 /* Build display for: Word Count (WCT) */
1994 WordCount = GBYTE(pd, offset);
1998 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
2002 offset += 1; /* Skip Word Count (WCT) */
2004 /* Build display for: Byte Count (BCC) */
2006 ByteCount = GSHORT(pd, offset);
2010 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
2014 offset += 2; /* Skip Byte Count (BCC) */
2016 /* Build display for: BufferFormat1 */
2018 BufferFormat1 = GBYTE(pd, offset);
2022 proto_tree_add_text(tree, NullTVB, offset, 1, "BufferFormat1: %u", BufferFormat1);
2026 offset += 1; /* Skip BufferFormat1 */
2028 /* Build display for: Share Path */
2030 SharePath = pd + offset;
2034 proto_tree_add_text(tree, NullTVB, offset, strlen(SharePath) + 1, "Share Path: %s", SharePath);
2038 offset += strlen(SharePath) + 1; /* Skip Share Path */
2040 /* Build display for: BufferFormat2 */
2042 BufferFormat2 = GBYTE(pd, offset);
2046 proto_tree_add_text(tree, NullTVB, offset, 1, "BufferFormat2: %u", BufferFormat2);
2050 offset += 1; /* Skip BufferFormat2 */
2052 /* Build display for: Password */
2054 Password = pd + offset;
2058 proto_tree_add_text(tree, NullTVB, offset, strlen(Password) + 1, "Password: %s", Password);
2062 offset += strlen(Password) + 1; /* Skip Password */
2064 /* Build display for: BufferFormat3 */
2066 BufferFormat3 = GBYTE(pd, offset);
2070 proto_tree_add_text(tree, NullTVB, offset, 1, "BufferFormat3: %u", BufferFormat3);
2074 offset += 1; /* Skip BufferFormat3 */
2076 /* Build display for: Service */
2078 Service = pd + offset;
2082 proto_tree_add_text(tree, NullTVB, offset, strlen(Service) + 1, "Service: %s", Service);
2086 offset += strlen(Service) + 1; /* Skip Service */
2090 if (dirn == 0) { /* Response(s) dissect code */
2092 /* Build display for: Word Count (WCT) */
2094 WordCount = GBYTE(pd, offset);
2098 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
2102 if (errcode != 0) return;
2104 offset += 1; /* Skip Word Count (WCT) */
2106 /* Build display for: Max Buffer Size */
2108 MaxBufferSize = GSHORT(pd, offset);
2112 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Buffer Size: %u", MaxBufferSize);
2116 offset += 2; /* Skip Max Buffer Size */
2118 /* Build display for: TID */
2120 TID = GSHORT(pd, offset);
2124 proto_tree_add_text(tree, NullTVB, offset, 2, "TID: %u", TID);
2128 offset += 2; /* Skip TID */
2130 /* Build display for: Byte Count (BCC) */
2132 ByteCount = GSHORT(pd, offset);
2136 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
2140 offset += 2; /* Skip Byte Count (BCC) */
2146 /* Generated by build-dissect.pl Vesion 0.6 27-Jun-1999, ACT */
2148 dissect_ssetup_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
2151 proto_tree *Capabilities_tree;
2154 guint8 AndXReserved;
2155 guint8 AndXCommand = 0xFF;
2158 guint32 Capabilities;
2160 guint16 UNICODEAccountPasswordLength;
2161 guint16 PasswordLen;
2162 guint16 MaxMpxCount;
2163 guint16 MaxBufferSize;
2165 guint16 AndXOffset = 0;
2167 guint16 ANSIAccountPasswordLength;
2168 const char *UNICODEPassword;
2169 const char *Password;
2170 const char *PrimaryDomain;
2171 const char *NativeOS;
2172 const char *NativeLanManType;
2173 const char *NativeLanMan;
2174 const char *AccountName;
2175 const char *ANSIPassword;
2177 if (dirn == 1) { /* Request(s) dissect code */
2179 WordCount = GBYTE(pd, offset);
2181 switch (WordCount) {
2185 /* Build display for: Word Count (WCT) */
2187 WordCount = GBYTE(pd, offset);
2191 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
2195 offset += 1; /* Skip Word Count (WCT) */
2197 /* Build display for: AndXCommand */
2199 AndXCommand = GBYTE(pd, offset);
2203 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
2204 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
2208 offset += 1; /* Skip AndXCommand */
2210 /* Build display for: AndXReserved */
2212 AndXReserved = GBYTE(pd, offset);
2216 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
2220 offset += 1; /* Skip AndXReserved */
2222 /* Build display for: AndXOffset */
2224 AndXOffset = GSHORT(pd, offset);
2228 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
2232 offset += 2; /* Skip AndXOffset */
2234 /* Build display for: MaxBufferSize */
2236 MaxBufferSize = GSHORT(pd, offset);
2240 proto_tree_add_text(tree, NullTVB, offset, 2, "MaxBufferSize: %u", MaxBufferSize);
2244 offset += 2; /* Skip MaxBufferSize */
2246 /* Build display for: MaxMpxCount */
2248 MaxMpxCount = GSHORT(pd, offset);
2252 proto_tree_add_text(tree, NullTVB, offset, 2, "MaxMpxCount: %u", MaxMpxCount);
2256 offset += 2; /* Skip MaxMpxCount */
2258 /* Build display for: VcNumber */
2260 VcNumber = GSHORT(pd, offset);
2264 proto_tree_add_text(tree, NullTVB, offset, 2, "VcNumber: %u", VcNumber);
2268 offset += 2; /* Skip VcNumber */
2270 /* Build display for: SessionKey */
2272 SessionKey = GWORD(pd, offset);
2276 proto_tree_add_text(tree, NullTVB, offset, 4, "SessionKey: %u", SessionKey);
2280 offset += 4; /* Skip SessionKey */
2282 /* Build display for: PasswordLen */
2284 PasswordLen = GSHORT(pd, offset);
2288 proto_tree_add_text(tree, NullTVB, offset, 2, "PasswordLen: %u", PasswordLen);
2292 offset += 2; /* Skip PasswordLen */
2294 /* Build display for: Reserved */
2296 Reserved = GWORD(pd, offset);
2300 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved: %u", Reserved);
2304 offset += 4; /* Skip Reserved */
2306 /* Build display for: Byte Count (BCC) */
2308 ByteCount = GSHORT(pd, offset);
2312 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
2316 offset += 2; /* Skip Byte Count (BCC) */
2318 if (ByteCount > 0) {
2320 /* Build displat for: Password */
2322 Password = pd + offset;
2326 proto_tree_add_text(tree, NullTVB, offset, strlen(Password) + 1, "Password: %s", Password);
2330 offset += PasswordLen;
2332 /* Build display for: AccountName */
2334 AccountName = pd + offset;
2338 proto_tree_add_text(tree, NullTVB, offset, strlen(AccountName) + 1, "AccountName: %s", AccountName);
2342 offset += strlen(AccountName) + 1; /* Skip AccountName */
2344 /* Build display for: PrimaryDomain */
2346 PrimaryDomain = pd + offset;
2350 proto_tree_add_text(tree, NullTVB, offset, strlen(PrimaryDomain) + 1, "PrimaryDomain: %s", PrimaryDomain);
2354 offset += strlen(PrimaryDomain) + 1; /* Skip PrimaryDomain */
2356 /* Build display for: NativeOS */
2358 NativeOS = pd + offset;
2362 proto_tree_add_text(tree, NullTVB, offset, strlen(NativeOS) + 1, "Native OS: %s", NativeOS);
2366 offset += strlen(NativeOS) + 1; /* Skip NativeOS */
2368 /* Build display for: NativeLanMan */
2370 NativeLanMan = pd + offset;
2374 proto_tree_add_text(tree, NullTVB, offset, strlen(NativeLanMan) + 1, "Native Lan Manager: %s", NativeLanMan);
2378 offset += strlen(NativeLanMan) + 1; /* Skip NativeLanMan */
2386 /* Build display for: Word Count (WCT) */
2388 WordCount = GBYTE(pd, offset);
2392 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
2396 offset += 1; /* Skip Word Count (WCT) */
2398 /* Build display for: AndXCommand */
2400 AndXCommand = GBYTE(pd, offset);
2404 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
2405 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
2409 offset += 1; /* Skip AndXCommand */
2411 /* Build display for: AndXReserved */
2413 AndXReserved = GBYTE(pd, offset);
2417 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
2421 offset += 1; /* Skip AndXReserved */
2423 /* Build display for: AndXOffset */
2425 AndXOffset = GSHORT(pd, offset);
2429 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
2433 offset += 2; /* Skip AndXOffset */
2435 /* Build display for: MaxBufferSize */
2437 MaxBufferSize = GSHORT(pd, offset);
2441 proto_tree_add_text(tree, NullTVB, offset, 2, "MaxBufferSize: %u", MaxBufferSize);
2445 offset += 2; /* Skip MaxBufferSize */
2447 /* Build display for: MaxMpxCount */
2449 MaxMpxCount = GSHORT(pd, offset);
2453 proto_tree_add_text(tree, NullTVB, offset, 2, "MaxMpxCount: %u", MaxMpxCount);
2457 offset += 2; /* Skip MaxMpxCount */
2459 /* Build display for: VcNumber */
2461 VcNumber = GSHORT(pd, offset);
2465 proto_tree_add_text(tree, NullTVB, offset, 2, "VcNumber: %u", VcNumber);
2469 offset += 2; /* Skip VcNumber */
2471 /* Build display for: SessionKey */
2473 SessionKey = GWORD(pd, offset);
2477 proto_tree_add_text(tree, NullTVB, offset, 4, "SessionKey: %u", SessionKey);
2481 offset += 4; /* Skip SessionKey */
2483 /* Build display for: ANSI Account Password Length */
2485 ANSIAccountPasswordLength = GSHORT(pd, offset);
2489 proto_tree_add_text(tree, NullTVB, offset, 2, "ANSI Account Password Length: %u", ANSIAccountPasswordLength);
2493 offset += 2; /* Skip ANSI Account Password Length */
2495 /* Build display for: UNICODE Account Password Length */
2497 UNICODEAccountPasswordLength = GSHORT(pd, offset);
2501 proto_tree_add_text(tree, NullTVB, offset, 2, "UNICODE Account Password Length: %u", UNICODEAccountPasswordLength);
2505 offset += 2; /* Skip UNICODE Account Password Length */
2507 /* Build display for: Reserved */
2509 Reserved = GWORD(pd, offset);
2513 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved: %u", Reserved);
2517 offset += 4; /* Skip Reserved */
2519 /* Build display for: Capabilities */
2521 Capabilities = GWORD(pd, offset);
2525 ti = proto_tree_add_text(tree, NullTVB, offset, 4, "Capabilities: 0x%04x", Capabilities);
2526 Capabilities_tree = proto_item_add_subtree(ti, ett_smb_capabilities);
2527 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2528 decode_boolean_bitfield(Capabilities, 0x0001, 32, " Raw Mode supported", " Raw Mode not supported"));
2529 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2530 decode_boolean_bitfield(Capabilities, 0x0002, 32, " Raw Mode supported", " MPX Mode not supported"));
2531 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2532 decode_boolean_bitfield(Capabilities, 0x0004, 32," Unicode supported", " Unicode not supported"));
2533 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2534 decode_boolean_bitfield(Capabilities, 0x0008, 32, " Large Files supported", " Large Files not supported"));
2535 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2536 decode_boolean_bitfield(Capabilities, 0x0010, 32, " NT LM 0.12 SMBs supported", " NT LM 0.12 SMBs not supported"));
2537 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2538 decode_boolean_bitfield(Capabilities, 0x0020, 32, " RPC Remote APIs supported", " RPC Remote APIs not supported"));
2539 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2540 decode_boolean_bitfield(Capabilities, 0x0040, 32, " NT Status Codes supported", " NT Status Codes not supported"));
2541 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2542 decode_boolean_bitfield(Capabilities, 0x0080, 32, " Level 2 OpLocks supported", " Level 2 OpLocks not supported"));
2543 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2544 decode_boolean_bitfield(Capabilities, 0x0100, 32, " Lock&Read supported", " Lock&Read not supported"));
2545 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2546 decode_boolean_bitfield(Capabilities, 0x0200, 32, " NT Find supported", " NT Find not supported"));
2547 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2548 decode_boolean_bitfield(Capabilities, 0x1000, 32, " DFS supported", " DFS not supported"));
2549 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2550 decode_boolean_bitfield(Capabilities, 0x4000, 32, " Large READX supported", " Large READX not supported"));
2551 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2552 decode_boolean_bitfield(Capabilities, 0x8000, 32, " Large WRITEX supported", " Large WRITEX not supported"));
2553 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2554 decode_boolean_bitfield(Capabilities, 0x80000000, 32, " Extended Security Exchanges supported", " Extended Security Exchanges not supported"));
2558 offset += 4; /* Skip Capabilities */
2560 /* Build display for: Byte Count */
2562 ByteCount = GSHORT(pd, offset);
2566 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
2570 offset += 2; /* Skip Byte Count */
2572 if (ByteCount > 0) {
2574 /* Build display for: ANSI Password */
2576 ANSIPassword = pd + offset;
2578 if (ANSIAccountPasswordLength > 0) {
2582 proto_tree_add_text(tree, NullTVB, offset, ANSIAccountPasswordLength, "ANSI Password: %s", format_text(ANSIPassword, ANSIAccountPasswordLength));
2586 offset += ANSIAccountPasswordLength; /* Skip ANSI Password */
2589 /* Build display for: UNICODE Password */
2591 UNICODEPassword = pd + offset;
2593 if (UNICODEAccountPasswordLength > 0) {
2597 proto_tree_add_text(tree, NullTVB, offset, UNICODEAccountPasswordLength, "UNICODE Password: %s", format_text(UNICODEPassword, UNICODEAccountPasswordLength));
2601 offset += UNICODEAccountPasswordLength; /* Skip UNICODE Password */
2605 /* Build display for: Account Name */
2607 AccountName = pd + offset;
2611 proto_tree_add_text(tree, NullTVB, offset, strlen(AccountName) + 1, "Account Name: %s", AccountName);
2615 offset += strlen(AccountName) + 1; /* Skip Account Name */
2617 /* Build display for: Primary Domain */
2619 PrimaryDomain = pd + offset;
2623 proto_tree_add_text(tree, NullTVB, offset, strlen(PrimaryDomain) + 1, "Primary Domain: %s", PrimaryDomain);
2627 offset += strlen(PrimaryDomain) + 1; /* Skip Primary Domain */
2629 /* Build display for: Native OS */
2631 NativeOS = pd + offset;
2635 proto_tree_add_text(tree, NullTVB, offset, strlen(NativeOS) + 1, "Native OS: %s", NativeOS);
2639 offset += strlen(NativeOS) + 1; /* Skip Native OS */
2641 /* Build display for: Native LanMan Type */
2643 NativeLanManType = pd + offset;
2647 proto_tree_add_text(tree, NullTVB, offset, strlen(NativeLanManType) + 1, "Native LanMan Type: %s", NativeLanManType);
2651 offset += strlen(NativeLanManType) + 1; /* Skip Native LanMan Type */
2660 if (AndXCommand != 0xFF) {
2662 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
2668 if (dirn == 0) { /* Response(s) dissect code */
2670 /* Build display for: Word Count (WCT) */
2672 WordCount = GBYTE(pd, offset);
2676 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
2680 offset += 1; /* Skip Word Count (WCT) */
2682 if (WordCount > 0) {
2684 /* Build display for: AndXCommand */
2686 AndXCommand = GBYTE(pd, offset);
2690 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
2691 (AndXCommand == 0xFF ? "No futher commands" : decode_smb_name(AndXCommand)));
2695 offset += 1; /* Skip AndXCommand */
2697 /* Build display for: AndXReserved */
2699 AndXReserved = GBYTE(pd, offset);
2703 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
2707 offset += 1; /* Skip AndXReserved */
2709 /* Build display for: AndXOffset */
2711 AndXOffset = GSHORT(pd, offset);
2715 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
2720 offset += 2; /* Skip AndXOffset */
2722 /* Build display for: Action */
2724 Action = GSHORT(pd, offset);
2728 proto_tree_add_text(tree, NullTVB, offset, 2, "Action: %u", Action);
2732 offset += 2; /* Skip Action */
2736 /* Build display for: Byte Count (BCC) */
2738 ByteCount = GSHORT(pd, offset);
2742 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
2746 if (errcode != 0 && WordCount == 0xFF) return; /* No more here ... */
2748 offset += 2; /* Skip Byte Count (BCC) */
2750 if (ByteCount > 0) {
2752 /* Build display for: NativeOS */
2754 NativeOS = pd + offset;
2758 proto_tree_add_text(tree, NullTVB, offset, strlen(NativeOS) + 1, "NativeOS: %s", NativeOS);
2762 offset += strlen(NativeOS) + 1; /* Skip NativeOS */
2764 /* Build display for: NativeLanMan */
2766 NativeLanMan = pd + offset;
2770 proto_tree_add_text(tree, NullTVB, offset, strlen(NativeLanMan) + 1, "NativeLanMan: %s", NativeLanMan);
2774 offset += strlen(NativeLanMan) + 1; /* Skip NativeLanMan */
2776 /* Build display for: PrimaryDomain */
2778 PrimaryDomain = pd + offset;
2782 proto_tree_add_text(tree, NullTVB, offset, strlen(PrimaryDomain) + 1, "PrimaryDomain: %s", PrimaryDomain);
2786 offset += strlen(PrimaryDomain) + 1; /* Skip PrimaryDomain */
2790 if (AndXCommand != 0xFF) {
2792 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
2801 dissect_tcon_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
2804 guint8 wct, andxcmd = 0xFF;
2805 guint16 andxoffs = 0, flags, passwdlen, bcc, optionsup;
2807 proto_tree *flags_tree;
2812 /* Now figure out what format we are talking about, 2, 3, or 4 response
2816 if (!((dirn == 1) && (wct == 4)) && !((dirn == 0) && (wct == 2)) &&
2817 !((dirn == 0) && (wct == 3)) && !(wct == 0)) {
2821 proto_tree_add_text(tree, NullTVB, offset, 1, "Invalid TCON_ANDX format. WCT should be 0, 2, 3, or 4 ..., not %u", wct);
2823 proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Data");
2833 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", wct);
2841 andxcmd = pd[offset];
2845 proto_tree_add_text(tree, NullTVB, offset, 1, "Next Command: %s",
2846 (andxcmd == 0xFF) ? "No further commands":
2847 decode_smb_name(andxcmd));
2849 proto_tree_add_text(tree, NullTVB, offset + 1, 1, "Reserved (MBZ): %u", pd[offset+1]);
2855 andxoffs = GSHORT(pd, offset);
2859 proto_tree_add_text(tree, NullTVB, offset, 2, "Offset to next command: %u", andxoffs);
2871 bcc = GSHORT(pd, offset);
2875 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
2883 flags = GSHORT(pd, offset);
2887 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Additional Flags: 0x%02x", flags);
2888 flags_tree = proto_item_add_subtree(ti, ett_smb_aflags);
2889 proto_tree_add_text(flags_tree, NullTVB, offset, 2, "%s",
2890 decode_boolean_bitfield(flags, 0x01, 16,
2892 "Don't disconnect TID"));
2898 passwdlen = GSHORT(pd, offset);
2902 proto_tree_add_text(tree, NullTVB, offset, 2, "Password Length: %u", passwdlen);
2908 bcc = GSHORT(pd, offset);
2912 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
2922 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Password: %s", format_text(str, passwdlen));
2926 offset += passwdlen;
2932 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Path: %s", str);
2936 offset += strlen(str) + 1;
2942 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Service: %s", str);
2950 bcc = GSHORT(pd, offset);
2954 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
2964 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Service Type: %s",
2969 offset += strlen(str) + 1;
2975 optionsup = GSHORT(pd, offset);
2977 if (tree) { /* Should break out the bits */
2979 proto_tree_add_text(tree, NullTVB, offset, 2, "Optional Support: 0x%04x",
2986 bcc = GSHORT(pd, offset);
2990 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
3000 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Service: %s", str);
3004 offset += strlen(str) + 1;
3010 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Native File System: %s", str);
3014 offset += strlen(str) + 1;
3024 if (andxcmd != 0xFF) /* Process that next command ... ??? */
3026 (dissect[andxcmd])(pd, SMB_offset + andxoffs, fd, parent, tree, si, max_data - offset, SMB_offset, errcode, dirn);
3031 dissect_negprot_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3033 guint8 wct, enckeylen;
3034 guint16 bcc, mode, rawmode, dialect;
3036 proto_tree *dialects = NULL, *mode_tree, *caps_tree, *rawmode_tree;
3042 wct = pd[offset]; /* Should be 0, 1 or 13 or 17, I think */
3044 if (!((wct == 0) && (dirn == 1)) && !((wct == 1) && (dirn == 0)) &&
3045 !((wct == 13) && (dirn == 0)) && !((wct == 17) && (dirn == 0))) {
3048 proto_tree_add_text(tree, NullTVB, offset, 1, "Invalid Negotiate Protocol format. WCT should be zero or 1 or 13 or 17 ..., not %u", wct);
3050 proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Data");
3058 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %d", wct);
3062 if (dirn == 0 && errcode != 0) return; /* No more info ... */
3066 /* Now decode the various formats ... */
3070 case 0: /* A request */
3072 bcc = GSHORT(pd, offset);
3076 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
3084 ti = proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Dialects");
3085 dialects = proto_item_add_subtree(ti, ett_smb_dialects);
3089 while (IS_DATA_IN_FRAME(offset)) {
3094 proto_tree_add_text(dialects, NullTVB, offset, 1, "Dialect Marker: %d", pd[offset]);
3104 proto_tree_add_text(dialects, NullTVB, offset, strlen(str)+1, "Dialect: %s", str);
3108 offset += strlen(str) + 1;
3113 case 1: /* PC NETWORK PROGRAM 1.0 */
3115 dialect = GSHORT(pd, offset);
3117 if (tree) { /* Hmmmm, what if none of the dialects is recognized */
3119 if (dialect == 0xFFFF) { /* Server didn't like them dialects */
3121 proto_tree_add_text(tree, NullTVB, offset, 2, "Supplied dialects not recognized");
3126 proto_tree_add_text(tree, NullTVB, offset, 2, "Dialect Index: %u, PC NETWORK PROTGRAM 1.0", dialect);
3134 bcc = GSHORT(pd, offset);
3138 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
3144 case 13: /* Greater than Core and up to and incl LANMAN2.1 */
3148 proto_tree_add_text(tree, NullTVB, offset, 2, "Dialect Index: %u, Greater than CORE PROTOCOL and up to LANMAN2.1", GSHORT(pd, offset));
3152 /* Much of this is similar to response 17 below */
3156 mode = GSHORT(pd, offset);
3160 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Security Mode: 0x%04x", mode);
3161 mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
3162 proto_tree_add_text(mode_tree, NullTVB, offset, 2, "%s",
3163 decode_boolean_bitfield(mode, 0x0001, 16,
3165 "Security = Share"));
3166 proto_tree_add_text(mode_tree, NullTVB, offset, 2, "%s",
3167 decode_boolean_bitfield(mode, 0x0002, 16,
3168 "Passwords = Encrypted",
3169 "Passwords = Plaintext"));
3177 proto_tree_add_text(tree, NullTVB, offset, 2, "Max buffer size: %u", GSHORT(pd, offset));
3185 proto_tree_add_text(tree, NullTVB, offset, 2, "Max multiplex count: %u", GSHORT(pd, offset));
3193 proto_tree_add_text(tree, NullTVB, offset, 2, "Max vcs: %u", GSHORT(pd, offset));
3199 rawmode = GSHORT(pd, offset);
3203 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Raw Mode: 0x%04x", rawmode);
3204 rawmode_tree = proto_item_add_subtree(ti, ett_smb_rawmode);
3205 proto_tree_add_text(rawmode_tree, NullTVB, offset, 2, "%s",
3206 decode_boolean_bitfield(rawmode, 0x01, 16,
3207 "Read Raw supported",
3208 "Read Raw not supported"));
3209 proto_tree_add_text(rawmode_tree, NullTVB, offset, 2, "%s",
3210 decode_boolean_bitfield(rawmode, 0x02, 16,
3211 "Write Raw supported",
3212 "Write Raw not supported"));
3220 proto_tree_add_text(tree, NullTVB, offset, 4, "Session key: %08x", GWORD(pd, offset));
3226 /* Now the server time, two short parameters ... */
3230 proto_tree_add_text(tree, NullTVB, offset, 2, "Server Time: %s",
3231 dissect_dos_time(GSHORT(pd, offset)));
3232 proto_tree_add_text(tree, NullTVB, offset + 2, 2, "Server Date: %s",
3233 dissect_dos_date(GSHORT(pd, offset + 2)));
3239 /* Server Time Zone, SHORT */
3243 proto_tree_add_text(tree, NullTVB, offset, 2, "Server time zone: %i min from UTC",
3244 (signed)GSSHORT(pd, offset));
3250 /* Challenge Length */
3252 enckeylen = GSHORT(pd, offset);
3256 proto_tree_add_text(tree, NullTVB, offset, 2, "Challenge Length: %u", enckeylen);
3264 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u (MBZ)", GSHORT(pd, offset));
3270 bcc = GSHORT(pd, offset);
3274 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
3280 if (enckeylen) { /* only if non-zero key len */
3286 proto_tree_add_text(tree, NullTVB, offset, enckeylen, "Challenge: %s",
3287 bytes_to_str(str, enckeylen));
3290 offset += enckeylen;
3294 /* Primary Domain ... */
3300 proto_tree_add_text(tree, NullTVB, offset, strlen(str)+1, "Primary Domain: %s", str);
3306 case 17: /* Greater than LANMAN2.1 */
3310 proto_tree_add_text(tree, NullTVB, offset, 2, "Dialect Index: %u, Greater than LANMAN2.1", GSHORT(pd, offset));
3316 mode = GBYTE(pd, offset);
3320 ti = proto_tree_add_text(tree, NullTVB, offset, 1, "Security Mode: 0x%02x", mode);
3321 mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
3322 proto_tree_add_text(mode_tree, NullTVB, offset, 1, "%s",
3323 decode_boolean_bitfield(mode, 0x01, 8,
3325 "Security = Share"));
3326 proto_tree_add_text(mode_tree, NullTVB, offset, 1, "%s",
3327 decode_boolean_bitfield(mode, 0x02, 8,
3328 "Passwords = Encrypted",
3329 "Passwords = Plaintext"));
3330 proto_tree_add_text(mode_tree, NullTVB, offset, 1, "%s",
3331 decode_boolean_bitfield(mode, 0x04, 8,
3332 "Security signatures enabled",
3333 "Security signatures not enabled"));
3334 proto_tree_add_text(mode_tree, NullTVB, offset, 1, "%s",
3335 decode_boolean_bitfield(mode, 0x08, 8,
3336 "Security signatures required",
3337 "Security signatures not required"));
3345 proto_tree_add_text(tree, NullTVB, offset, 2, "Max multiplex count: %u", GSHORT(pd, offset));
3353 proto_tree_add_text(tree, NullTVB, offset, 2, "Max vcs: %u", GSHORT(pd, offset));
3361 proto_tree_add_text(tree, NullTVB, offset, 2, "Max buffer size: %u", GWORD(pd, offset));
3369 proto_tree_add_text(tree, NullTVB, offset, 4, "Max raw size: %u", GWORD(pd, offset));
3377 proto_tree_add_text(tree, NullTVB, offset, 4, "Session key: %08x", GWORD(pd, offset));
3383 caps = GWORD(pd, offset);
3387 ti = proto_tree_add_text(tree, NullTVB, offset, 4, "Capabilities: 0x%04x", caps);
3388 caps_tree = proto_item_add_subtree(ti, ett_smb_capabilities);
3389 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3390 decode_boolean_bitfield(caps, 0x0001, 32,
3391 "Raw Mode supported",
3392 "Raw Mode not supported"));
3393 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3394 decode_boolean_bitfield(caps, 0x0002, 32,
3395 "MPX Mode supported",
3396 "MPX Mode not supported"));
3397 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3398 decode_boolean_bitfield(caps, 0x0004, 32,
3399 "Unicode supported",
3400 "Unicode not supported"));
3401 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3402 decode_boolean_bitfield(caps, 0x0008, 32,
3403 "Large files supported",
3404 "Large files not supported"));
3405 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3406 decode_boolean_bitfield(caps, 0x0010, 32,
3407 "NT LM 0.12 SMBs supported",
3408 "NT LM 0.12 SMBs not supported"));
3409 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3410 decode_boolean_bitfield(caps, 0x0020, 32,
3411 "RPC remote APIs supported",
3412 "RPC remote APIs not supported"));
3413 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3414 decode_boolean_bitfield(caps, 0x0040, 32,
3415 "NT status codes supported",
3416 "NT status codes not supported"));
3417 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3418 decode_boolean_bitfield(caps, 0x0080, 32,
3419 "Level 2 OpLocks supported",
3420 "Level 2 OpLocks not supported"));
3421 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3422 decode_boolean_bitfield(caps, 0x0100, 32,
3423 "Lock&Read supported",
3424 "Lock&Read not supported"));
3425 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3426 decode_boolean_bitfield(caps, 0x0200, 32,
3427 "NT Find supported",
3428 "NT Find not supported"));
3429 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3430 decode_boolean_bitfield(caps, 0x1000, 32,
3432 "DFS not supported"));
3433 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3434 decode_boolean_bitfield(caps, 0x4000, 32,
3435 "Large READX supported",
3436 "Large READX not supported"));
3437 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3438 decode_boolean_bitfield(caps, 0x8000, 32,
3439 "Large WRITEX supported",
3440 "Large WRITEX not supported"));
3441 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3442 decode_boolean_bitfield(caps, 0x80000000, 32,
3443 "Extended security exchanges supported",
3444 "Extended security exchanges not supported"));
3449 /* Server time, 2 WORDS */
3453 proto_tree_add_text(tree, NullTVB, offset, 4, "System Time Low: 0x%08x", GWORD(pd, offset));
3454 proto_tree_add_text(tree, NullTVB, offset + 4, 4, "System Time High: 0x%08x", GWORD(pd, offset + 4));
3460 /* Server Time Zone, SHORT */
3464 proto_tree_add_text(tree, NullTVB, offset, 2, "Server time zone: %i min from UTC",
3465 (signed)GSSHORT(pd, offset));
3471 /* Encryption key len */
3473 enckeylen = pd[offset];
3477 proto_tree_add_text(tree, NullTVB, offset, 1, "Encryption key len: %u", enckeylen);
3483 bcc = GSHORT(pd, offset);
3487 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte count (BCC): %u", bcc);
3493 if (enckeylen) { /* only if non-zero key len */
3495 /* Encryption challenge key */
3501 proto_tree_add_text(tree, NullTVB, offset, enckeylen, "Challenge encryption key: %s",
3502 bytes_to_str(str, enckeylen));
3506 offset += enckeylen;
3510 /* The domain, a null terminated string; Unicode if "caps" has
3511 the 0x0004 bit set, ASCII (OEM character set) otherwise.
3512 XXX - for now, we just handle the ISO 8859-1 subset of Unicode. */
3518 if (caps & 0x0004) {
3519 ustr = unicode_to_str(str, &ustr_len);
3520 proto_tree_add_text(tree, NullTVB, offset, ustr_len+2, "OEM domain name: %s", ustr);
3522 proto_tree_add_text(tree, NullTVB, offset, strlen(str)+1, "OEM domain name: %s", str);
3529 default: /* Baddd */
3532 proto_tree_add_text(tree, NullTVB, offset, 1, "Bad format, should never get here");
3540 dissect_deletedir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3544 guint8 BufferFormat;
3546 const char *DirectoryName;
3548 if (dirn == 1) { /* Request(s) dissect code */
3550 /* Build display for: Word Count (WCT) */
3552 WordCount = GBYTE(pd, offset);
3556 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3560 offset += 1; /* Skip Word Count (WCT) */
3562 /* Build display for: Byte Count (BCC) */
3564 ByteCount = GSHORT(pd, offset);
3568 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3572 offset += 2; /* Skip Byte Count (BCC) */
3574 /* Build display for: Buffer Format */
3576 BufferFormat = GBYTE(pd, offset);
3580 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
3584 offset += 1; /* Skip Buffer Format */
3586 /* Build display for: Directory Name */
3588 DirectoryName = pd + offset;
3592 proto_tree_add_text(tree, NullTVB, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3596 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3600 if (dirn == 0) { /* Response(s) dissect code */
3602 /* Build display for: Word Count (WCT) */
3604 WordCount = GBYTE(pd, offset);
3608 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3612 offset += 1; /* Skip Word Count (WCT) */
3614 /* Build display for: Byte Count (BCC) */
3616 ByteCount = GSHORT(pd, offset);
3620 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3624 offset += 2; /* Skip Byte Count (BCC) */
3631 dissect_createdir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3635 guint8 BufferFormat;
3637 const char *DirectoryName;
3639 if (dirn == 1) { /* Request(s) dissect code */
3641 /* Build display for: Word Count (WCT) */
3643 WordCount = GBYTE(pd, offset);
3647 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3651 offset += 1; /* Skip Word Count (WCT) */
3653 /* Build display for: Byte Count (BCC) */
3655 ByteCount = GSHORT(pd, offset);
3659 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3663 offset += 2; /* Skip Byte Count (BCC) */
3665 /* Build display for: Buffer Format */
3667 BufferFormat = GBYTE(pd, offset);
3671 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
3675 offset += 1; /* Skip Buffer Format */
3677 /* Build display for: Directory Name */
3679 DirectoryName = pd + offset;
3683 proto_tree_add_text(tree, NullTVB, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3687 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3691 if (dirn == 0) { /* Response(s) dissect code */
3693 /* Build display for: Word Count (WCT) */
3695 WordCount = GBYTE(pd, offset);
3699 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3703 offset += 1; /* Skip Word Count (WCT) */
3705 /* Build display for: Byte Count (BCC) */
3707 ByteCount = GSHORT(pd, offset);
3711 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3715 offset += 2; /* Skip Byte Count (BCC) */
3723 dissect_checkdir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3727 guint8 BufferFormat;
3729 const char *DirectoryName;
3731 if (dirn == 1) { /* Request(s) dissect code */
3733 /* Build display for: Word Count (WCT) */
3735 WordCount = GBYTE(pd, offset);
3739 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3743 offset += 1; /* Skip Word Count (WCT) */
3745 /* Build display for: Byte Count (BCC) */
3747 ByteCount = GSHORT(pd, offset);
3751 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3755 offset += 2; /* Skip Byte Count (BCC) */
3757 /* Build display for: Buffer Format */
3759 BufferFormat = GBYTE(pd, offset);
3763 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
3767 offset += 1; /* Skip Buffer Format */
3769 /* Build display for: Directory Name */
3771 DirectoryName = pd + offset;
3775 proto_tree_add_text(tree, NullTVB, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3779 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3783 if (dirn == 0) { /* Response(s) dissect code */
3785 /* Build display for: Word Count (WCT) */
3787 WordCount = GBYTE(pd, offset);
3791 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3795 offset += 1; /* Skip Word Count (WCT) */
3797 /* Build display for: Byte Count (BCC) */
3799 ByteCount = GSHORT(pd, offset);
3803 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3807 offset += 2; /* Skip Byte Count (BCC) */
3814 dissect_open_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3817 static const value_string OpenFunction_0x10[] = {
3818 { 0, "Fail if file does not exist"},
3819 { 16, "Create file if it does not exist"},
3822 static const value_string OpenFunction_0x03[] = {
3823 { 0, "Fail if file exists"},
3824 { 1, "Open file if it exists"},
3825 { 2, "Truncate File if it exists"},
3828 static const value_string FileType_0xFFFF[] = {
3829 { 0, "Disk file or directory"},
3830 { 1, "Named pipe in byte mode"},
3831 { 2, "Named pipe in message mode"},
3832 { 3, "Spooled printer"},
3835 static const value_string DesiredAccess_0x70[] = {
3836 { 00, "Compatibility mode"},
3837 { 16, "Deny read/write/execute (exclusive)"},
3838 { 32, "Deny write"},
3839 { 48, "Deny read/execute"},
3843 static const value_string DesiredAccess_0x700[] = {
3844 { 0, "Locality of reference unknown"},
3845 { 256, "Mainly sequential access"},
3846 { 512, "Mainly random access"},
3847 { 768, "Random access with some locality"},
3850 static const value_string DesiredAccess_0x4000[] = {
3851 { 0, "Write through mode disabled"},
3852 { 16384, "Write through mode enabled"},
3855 static const value_string DesiredAccess_0x1000[] = {
3856 { 0, "Normal file (caching permitted)"},
3857 { 4096, "Do not cache this file"},
3860 static const value_string DesiredAccess_0x07[] = {
3861 { 0, "Open for reading"},
3862 { 1, "Open for writing"},
3863 { 2, "Open for reading and writing"},
3864 { 3, "Open for execute"},
3867 static const value_string Action_0x8000[] = {
3868 { 0, "File opened by another user (or mode not supported by server)"},
3869 { 32768, "File is opened only by this user at present"},
3872 static const value_string Action_0x0003[] = {
3873 { 0, "No action taken?"},
3874 { 1, "The file existed and was opened"},
3875 { 2, "The file did not exist but was created"},
3876 { 3, "The file existed and was truncated"},
3879 proto_tree *Search_tree;
3880 proto_tree *OpenFunction_tree;
3881 proto_tree *Flags_tree;
3882 proto_tree *File_tree;
3883 proto_tree *FileType_tree;
3884 proto_tree *FileAttributes_tree;
3885 proto_tree *DesiredAccess_tree;
3886 proto_tree *Action_tree;
3889 guint8 AndXReserved;
3890 guint8 AndXCommand = 0xFF;
3895 guint32 AllocatedSize;
3898 guint16 OpenFunction;
3899 guint16 LastWriteTime;
3900 guint16 LastWriteDate;
3901 guint16 GrantedAccess;
3904 guint16 FileAttributes;
3907 guint16 DeviceState;
3908 guint16 DesiredAccess;
3909 guint16 CreationTime;
3910 guint16 CreationDate;
3912 guint16 AndXOffset = 0;
3914 const char *FileName;
3916 if (dirn == 1) { /* Request(s) dissect code */
3918 /* Build display for: Word Count (WCT) */
3920 WordCount = GBYTE(pd, offset);
3924 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3928 offset += 1; /* Skip Word Count (WCT) */
3930 /* Build display for: AndXCommand */
3932 AndXCommand = GBYTE(pd, offset);
3936 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
3937 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
3941 offset += 1; /* Skip AndXCommand */
3943 /* Build display for: AndXReserved */
3945 AndXReserved = GBYTE(pd, offset);
3949 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
3953 offset += 1; /* Skip AndXReserved */
3955 /* Build display for: AndXOffset */
3957 AndXOffset = GSHORT(pd, offset);
3961 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
3965 offset += 2; /* Skip AndXOffset */
3967 /* Build display for: Flags */
3969 Flags = GSHORT(pd, offset);
3973 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Flags: 0x%02x", Flags);
3974 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
3975 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
3976 decode_boolean_bitfield(Flags, 0x01, 16, "Dont Return Additional Info", "Return Additional Info"));
3977 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
3978 decode_boolean_bitfield(Flags, 0x02, 16, "Exclusive OpLock not Requested", "Exclusive OpLock Requested"));
3979 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
3980 decode_boolean_bitfield(Flags, 0x04, 16, "Batch OpLock not Requested", "Batch OpLock Requested"));
3984 offset += 2; /* Skip Flags */
3986 /* Build display for: Desired Access */
3988 DesiredAccess = GSHORT(pd, offset);
3992 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Desired Access: 0x%02x", DesiredAccess);
3993 DesiredAccess_tree = proto_item_add_subtree(ti, ett_smb_desiredaccess);
3994 proto_tree_add_text(DesiredAccess_tree, NullTVB, offset, 2, "%s",
3995 decode_enumerated_bitfield(DesiredAccess, 0x07, 16, DesiredAccess_0x07, "%s"));
3996 proto_tree_add_text(DesiredAccess_tree, NullTVB, offset, 2, "%s",
3997 decode_enumerated_bitfield(DesiredAccess, 0x70, 16, DesiredAccess_0x70, "%s"));
3998 proto_tree_add_text(DesiredAccess_tree, NullTVB, offset, 2, "%s",
3999 decode_enumerated_bitfield(DesiredAccess, 0x700, 16, DesiredAccess_0x700, "%s"));
4000 proto_tree_add_text(DesiredAccess_tree, NullTVB, offset, 2, "%s",
4001 decode_enumerated_bitfield(DesiredAccess, 0x1000, 16, DesiredAccess_0x1000, "%s"));
4002 proto_tree_add_text(DesiredAccess_tree, NullTVB, offset, 2, "%s",
4003 decode_enumerated_bitfield(DesiredAccess, 0x4000, 16, DesiredAccess_0x4000, "%s"));
4007 offset += 2; /* Skip Desired Access */
4009 /* Build display for: Search */
4011 Search = GSHORT(pd, offset);
4015 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Search: 0x%02x", Search);
4016 Search_tree = proto_item_add_subtree(ti, ett_smb_search);
4017 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
4018 decode_boolean_bitfield(Search, 0x01, 16, "Read only file", "Not a read only file"));
4019 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
4020 decode_boolean_bitfield(Search, 0x02, 16, "Hidden file", "Not a hidden file"));
4021 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
4022 decode_boolean_bitfield(Search, 0x04, 16, "System file", "Not a system file"));
4023 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
4024 decode_boolean_bitfield(Search, 0x08, 16, " Volume", "Not a volume"));
4025 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
4026 decode_boolean_bitfield(Search, 0x10, 16, " Directory", "Not a directory"));
4027 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
4028 decode_boolean_bitfield(Search, 0x20, 16, "Archive file", "Do not archive file"));
4032 offset += 2; /* Skip Search */
4034 /* Build display for: File */
4036 File = GSHORT(pd, offset);
4040 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "File: 0x%02x", File);
4041 File_tree = proto_item_add_subtree(ti, ett_smb_file);
4042 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
4043 decode_boolean_bitfield(File, 0x01, 16, "Read only file", "Not a read only file"));
4044 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
4045 decode_boolean_bitfield(File, 0x02, 16, "Hidden file", "Not a hidden file"));
4046 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
4047 decode_boolean_bitfield(File, 0x04, 16, "System file", "Not a system file"));
4048 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
4049 decode_boolean_bitfield(File, 0x08, 16, " Volume", "Not a volume"));
4050 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
4051 decode_boolean_bitfield(File, 0x10, 16, " Directory", "Not a directory"));
4052 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
4053 decode_boolean_bitfield(File, 0x20, 16, "Archive file", "Do not archive file"));
4057 offset += 2; /* Skip File */
4059 /* Build display for: Creation Time */
4061 CreationTime = GSHORT(pd, offset);
4068 offset += 2; /* Skip Creation Time */
4070 /* Build display for: Creation Date */
4072 CreationDate = GSHORT(pd, offset);
4076 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Date: %s", dissect_smbu_date(CreationDate, CreationTime));
4077 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Time: %s", dissect_smbu_time(CreationDate, CreationTime));
4081 offset += 2; /* Skip Creation Date */
4083 /* Build display for: Open Function */
4085 OpenFunction = GSHORT(pd, offset);
4089 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Open Function: 0x%02x", OpenFunction);
4090 OpenFunction_tree = proto_item_add_subtree(ti, ett_smb_openfunction);
4091 proto_tree_add_text(OpenFunction_tree, NullTVB, offset, 2, "%s",
4092 decode_enumerated_bitfield(OpenFunction, 0x10, 16, OpenFunction_0x10, "%s"));
4093 proto_tree_add_text(OpenFunction_tree, NullTVB, offset, 2, "%s",
4094 decode_enumerated_bitfield(OpenFunction, 0x03, 16, OpenFunction_0x03, "%s"));
4098 offset += 2; /* Skip Open Function */
4100 /* Build display for: Allocated Size */
4102 AllocatedSize = GWORD(pd, offset);
4106 proto_tree_add_text(tree, NullTVB, offset, 4, "Allocated Size: %u", AllocatedSize);
4110 offset += 4; /* Skip Allocated Size */
4112 /* Build display for: Reserved1 */
4114 Reserved1 = GWORD(pd, offset);
4118 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved1: %u", Reserved1);
4122 offset += 4; /* Skip Reserved1 */
4124 /* Build display for: Reserved2 */
4126 Reserved2 = GWORD(pd, offset);
4130 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved2: %u", Reserved2);
4134 offset += 4; /* Skip Reserved2 */
4136 /* Build display for: Byte Count */
4138 ByteCount = GSHORT(pd, offset);
4142 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
4146 offset += 2; /* Skip Byte Count */
4148 /* Build display for: File Name */
4150 FileName = pd + offset;
4154 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
4158 offset += strlen(FileName) + 1; /* Skip File Name */
4161 if (AndXCommand != 0xFF) {
4163 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
4169 if (dirn == 0) { /* Response(s) dissect code */
4171 /* Build display for: Word Count (WCT) */
4173 WordCount = GBYTE(pd, offset);
4177 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4181 offset += 1; /* Skip Word Count (WCT) */
4183 if (WordCount > 0) {
4185 /* Build display for: AndXCommand */
4187 AndXCommand = GBYTE(pd, offset);
4191 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
4192 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
4196 offset += 1; /* Skip AndXCommand */
4198 /* Build display for: AndXReserved */
4200 AndXReserved = GBYTE(pd, offset);
4204 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
4208 offset += 1; /* Skip AndXReserved */
4210 /* Build display for: AndXOffset */
4212 AndXOffset = GSHORT(pd, offset);
4216 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
4220 offset += 2; /* Skip AndXOffset */
4222 /* Build display for: FID */
4224 FID = GSHORT(pd, offset);
4228 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
4232 offset += 2; /* Skip FID */
4234 /* Build display for: FileAttributes */
4236 FileAttributes = GSHORT(pd, offset);
4240 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "FileAttributes: 0x%02x", FileAttributes);
4241 FileAttributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
4242 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
4243 decode_boolean_bitfield(FileAttributes, 0x01, 16, "Read only file", "Not a read only file"));
4244 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
4245 decode_boolean_bitfield(FileAttributes, 0x02, 16, "Hidden file", "Not a hidden file"));
4246 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
4247 decode_boolean_bitfield(FileAttributes, 0x04, 16, "System file", "Not a system file"));
4248 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
4249 decode_boolean_bitfield(FileAttributes, 0x08, 16, " Volume", "Not a volume"));
4250 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
4251 decode_boolean_bitfield(FileAttributes, 0x10, 16, " Directory", "Not a directory"));
4252 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
4253 decode_boolean_bitfield(FileAttributes, 0x20, 16, "Archive file", "Do not archive file"));
4257 offset += 2; /* Skip FileAttributes */
4259 /* Build display for: Last Write Time */
4261 LastWriteTime = GSHORT(pd, offset);
4267 offset += 2; /* Skip Last Write Time */
4269 /* Build display for: Last Write Date */
4271 LastWriteDate = GSHORT(pd, offset);
4275 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_smbu_date(LastWriteDate, LastWriteTime));
4276 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_smbu_time(LastWriteDate, LastWriteTime));
4281 offset += 2; /* Skip Last Write Date */
4283 /* Build display for: Data Size */
4285 DataSize = GWORD(pd, offset);
4289 proto_tree_add_text(tree, NullTVB, offset, 4, "Data Size: %u", DataSize);
4293 offset += 4; /* Skip Data Size */
4295 /* Build display for: Granted Access */
4297 GrantedAccess = GSHORT(pd, offset);
4301 proto_tree_add_text(tree, NullTVB, offset, 2, "Granted Access: %u", GrantedAccess);
4305 offset += 2; /* Skip Granted Access */
4307 /* Build display for: File Type */
4309 FileType = GSHORT(pd, offset);
4313 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "File Type: 0x%02x", FileType);
4314 FileType_tree = proto_item_add_subtree(ti, ett_smb_filetype);
4315 proto_tree_add_text(FileType_tree, NullTVB, offset, 2, "%s",
4316 decode_enumerated_bitfield(FileType, 0xFFFF, 16, FileType_0xFFFF, "%s"));
4320 offset += 2; /* Skip File Type */
4322 /* Build display for: Device State */
4324 DeviceState = GSHORT(pd, offset);
4328 proto_tree_add_text(tree, NullTVB, offset, 2, "Device State: %u", DeviceState);
4332 offset += 2; /* Skip Device State */
4334 /* Build display for: Action */
4336 Action = GSHORT(pd, offset);
4340 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Action: 0x%02x", Action);
4341 Action_tree = proto_item_add_subtree(ti, ett_smb_action);
4342 proto_tree_add_text(Action_tree, NullTVB, offset, 2, "%s",
4343 decode_enumerated_bitfield(Action, 0x8000, 16, Action_0x8000, "%s"));
4344 proto_tree_add_text(Action_tree, NullTVB, offset, 2, "%s",
4345 decode_enumerated_bitfield(Action, 0x0003, 16, Action_0x0003, "%s"));
4349 offset += 2; /* Skip Action */
4351 /* Build display for: Server FID */
4353 ServerFID = GWORD(pd, offset);
4357 proto_tree_add_text(tree, NullTVB, offset, 4, "Server FID: %u", ServerFID);
4361 offset += 4; /* Skip Server FID */
4363 /* Build display for: Reserved */
4365 Reserved = GSHORT(pd, offset);
4369 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
4373 offset += 2; /* Skip Reserved */
4377 /* Build display for: Byte Count */
4379 ByteCount = GSHORT(pd, offset);
4383 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
4387 offset += 2; /* Skip Byte Count */
4390 if (AndXCommand != 0xFF) {
4392 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
4401 dissect_write_raw_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4404 proto_tree *WriteMode_tree;
4420 if (dirn == 1) { /* Request(s) dissect code */
4422 WordCount = GBYTE(pd, offset);
4424 switch (WordCount) {
4428 /* Build display for: Word Count (WCT) */
4430 WordCount = GBYTE(pd, offset);
4434 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4438 offset += 1; /* Skip Word Count (WCT) */
4440 /* Build display for: FID */
4442 FID = GSHORT(pd, offset);
4446 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
4450 offset += 2; /* Skip FID */
4452 /* Build display for: Count */
4454 Count = GSHORT(pd, offset);
4458 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
4462 offset += 2; /* Skip Count */
4464 /* Build display for: Reserved 1 */
4466 Reserved1 = GSHORT(pd, offset);
4470 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
4474 offset += 2; /* Skip Reserved 1 */
4476 /* Build display for: Offset */
4478 Offset = GWORD(pd, offset);
4482 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
4486 offset += 4; /* Skip Offset */
4488 /* Build display for: Timeout */
4490 Timeout = GWORD(pd, offset);
4494 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
4498 offset += 4; /* Skip Timeout */
4500 /* Build display for: WriteMode */
4502 WriteMode = GSHORT(pd, offset);
4506 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "WriteMode: 0x%02x", WriteMode);
4507 WriteMode_tree = proto_item_add_subtree(ti, ett_smb_writemode);
4508 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
4509 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
4510 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
4511 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining (pipe/dev)", "Dont return Remaining (pipe/dev)"));
4515 offset += 2; /* Skip WriteMode */
4517 /* Build display for: Reserved 2 */
4519 Reserved2 = GWORD(pd, offset);
4523 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved 2: %u", Reserved2);
4527 offset += 4; /* Skip Reserved 2 */
4529 /* Build display for: Data Length */
4531 DataLength = GSHORT(pd, offset);
4535 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
4539 offset += 2; /* Skip Data Length */
4541 /* Build display for: Data Offset */
4543 DataOffset = GSHORT(pd, offset);
4547 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
4551 offset += 2; /* Skip Data Offset */
4553 /* Build display for: Byte Count (BCC) */
4555 ByteCount = GSHORT(pd, offset);
4559 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
4563 offset += 2; /* Skip Byte Count (BCC) */
4565 /* Build display for: Pad */
4567 Pad = GBYTE(pd, offset);
4571 proto_tree_add_text(tree, NullTVB, offset, 1, "Pad: %u", Pad);
4575 offset += 1; /* Skip Pad */
4581 /* Build display for: Word Count (WCT) */
4583 WordCount = GBYTE(pd, offset);
4587 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4591 offset += 1; /* Skip Word Count (WCT) */
4593 /* Build display for: FID */
4595 FID = GSHORT(pd, offset);
4599 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
4603 offset += 2; /* Skip FID */
4605 /* Build display for: Count */
4607 Count = GSHORT(pd, offset);
4611 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
4615 offset += 2; /* Skip Count */
4617 /* Build display for: Reserved 1 */
4619 Reserved1 = GSHORT(pd, offset);
4623 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
4627 offset += 2; /* Skip Reserved 1 */
4629 /* Build display for: Timeout */
4631 Timeout = GWORD(pd, offset);
4635 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
4639 offset += 4; /* Skip Timeout */
4641 /* Build display for: WriteMode */
4643 WriteMode = GSHORT(pd, offset);
4647 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "WriteMode: 0x%02x", WriteMode);
4648 WriteMode_tree = proto_item_add_subtree(ti, ett_smb_writemode);
4649 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
4650 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
4651 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
4652 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining (pipe/dev)", "Dont return Remaining (pipe/dev)"));
4656 offset += 2; /* Skip WriteMode */
4658 /* Build display for: Reserved 2 */
4660 Reserved2 = GWORD(pd, offset);
4664 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved 2: %u", Reserved2);
4668 offset += 4; /* Skip Reserved 2 */
4670 /* Build display for: Data Length */
4672 DataLength = GSHORT(pd, offset);
4676 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
4680 offset += 2; /* Skip Data Length */
4682 /* Build display for: Data Offset */
4684 DataOffset = GSHORT(pd, offset);
4688 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
4692 offset += 2; /* Skip Data Offset */
4694 /* Build display for: Byte Count (BCC) */
4696 ByteCount = GSHORT(pd, offset);
4700 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
4704 offset += 2; /* Skip Byte Count (BCC) */
4706 /* Build display for: Pad */
4708 Pad = GBYTE(pd, offset);
4712 proto_tree_add_text(tree, NullTVB, offset, 1, "Pad: %u", Pad);
4716 offset += 1; /* Skip Pad */
4724 if (dirn == 0) { /* Response(s) dissect code */
4726 /* Build display for: Word Count (WCT) */
4728 WordCount = GBYTE(pd, offset);
4732 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4736 offset += 1; /* Skip Word Count (WCT) */
4738 if (WordCount > 0) {
4740 /* Build display for: Remaining */
4742 Remaining = GSHORT(pd, offset);
4746 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
4750 offset += 2; /* Skip Remaining */
4754 /* Build display for: Byte Count */
4756 ByteCount = GSHORT(pd, offset);
4760 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
4764 offset += 2; /* Skip Byte Count */
4771 dissect_tdis_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4777 if (dirn == 1) { /* Request(s) dissect code */
4779 /* Build display for: Word Count (WCT) */
4781 WordCount = GBYTE(pd, offset);
4785 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4789 offset += 1; /* Skip Word Count (WCT) */
4791 /* Build display for: Byte Count (BCC) */
4793 ByteCount = GSHORT(pd, offset);
4797 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
4801 offset += 2; /* Skip Byte Count (BCC) */
4805 if (dirn == 0) { /* Response(s) dissect code */
4807 /* Build display for: Word Count (WCT) */
4809 WordCount = GBYTE(pd, offset);
4813 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4817 offset += 1; /* Skip Word Count (WCT) */
4819 /* Build display for: Byte Count (BCC) */
4821 ByteCount = GSHORT(pd, offset);
4825 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
4829 offset += 2; /* Skip Byte Count (BCC) */
4836 dissect_move_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4839 static const value_string Flags_0x03[] = {
4840 { 0, "Target must be a file"},
4841 { 1, "Target must be a directory"},
4844 { 4, "Verify all writes"},
4847 proto_tree *Flags_tree;
4850 guint8 ErrorFileFormat;
4852 guint16 OpenFunction;
4856 const char *ErrorFileName;
4858 if (dirn == 1) { /* Request(s) dissect code */
4860 /* Build display for: Word Count (WCT) */
4862 WordCount = GBYTE(pd, offset);
4866 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4870 offset += 1; /* Skip Word Count (WCT) */
4872 /* Build display for: TID2 */
4874 TID2 = GSHORT(pd, offset);
4878 proto_tree_add_text(tree, NullTVB, offset, 2, "TID2: %u", TID2);
4882 offset += 2; /* Skip TID2 */
4884 /* Build display for: Open Function */
4886 OpenFunction = GSHORT(pd, offset);
4890 proto_tree_add_text(tree, NullTVB, offset, 2, "Open Function: %u", OpenFunction);
4894 offset += 2; /* Skip Open Function */
4896 /* Build display for: Flags */
4898 Flags = GSHORT(pd, offset);
4902 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Flags: 0x%02x", Flags);
4903 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
4904 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
4905 decode_enumerated_bitfield(Flags, 0x03, 16, Flags_0x03, "%s"));
4909 offset += 2; /* Skip Flags */
4913 if (dirn == 0) { /* Response(s) dissect code */
4915 /* Build display for: Word Count (WCT) */
4917 WordCount = GBYTE(pd, offset);
4921 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4925 offset += 1; /* Skip Word Count (WCT) */
4927 if (WordCount > 0) {
4929 /* Build display for: Count */
4931 Count = GSHORT(pd, offset);
4935 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
4939 offset += 2; /* Skip Count */
4943 /* Build display for: Byte Count */
4945 ByteCount = GSHORT(pd, offset);
4949 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
4953 offset += 2; /* Skip Byte Count */
4955 /* Build display for: Error File Format */
4957 ErrorFileFormat = GBYTE(pd, offset);
4961 proto_tree_add_text(tree, NullTVB, offset, 1, "Error File Format: %u", ErrorFileFormat);
4965 offset += 1; /* Skip Error File Format */
4967 /* Build display for: Error File Name */
4969 ErrorFileName = pd + offset;
4973 proto_tree_add_text(tree, NullTVB, offset, strlen(ErrorFileName) + 1, "Error File Name: %s", ErrorFileName);
4977 offset += strlen(ErrorFileName) + 1; /* Skip Error File Name */
4984 dissect_rename_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4988 guint8 BufferFormat2;
4989 guint8 BufferFormat1;
4990 guint16 SearchAttributes;
4992 const char *OldFileName;
4993 const char *NewFileName;
4995 if (dirn == 1) { /* Request(s) dissect code */
4997 /* Build display for: Word Count (WCT) */
4999 WordCount = GBYTE(pd, offset);
5003 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5007 offset += 1; /* Skip Word Count (WCT) */
5009 /* Build display for: Search Attributes */
5011 SearchAttributes = GSHORT(pd, offset);
5015 proto_tree_add_text(tree, NullTVB, offset, 2, "Search Attributes: %u", SearchAttributes);
5019 offset += 2; /* Skip Search Attributes */
5021 /* Build display for: Byte Count */
5023 ByteCount = GSHORT(pd, offset);
5027 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
5031 offset += 2; /* Skip Byte Count */
5033 /* Build display for: Buffer Format 1 */
5035 BufferFormat1 = GBYTE(pd, offset);
5039 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format 1: %u", BufferFormat1);
5043 offset += 1; /* Skip Buffer Format 1 */
5045 /* Build display for: Old File Name */
5047 OldFileName = pd + offset;
5051 proto_tree_add_text(tree, NullTVB, offset, strlen(OldFileName) + 1, "Old File Name: %s", OldFileName);
5055 offset += strlen(OldFileName) + 1; /* Skip Old File Name */
5057 /* Build display for: Buffer Format 2 */
5059 BufferFormat2 = GBYTE(pd, offset);
5063 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format 2: %u", BufferFormat2);
5067 offset += 1; /* Skip Buffer Format 2 */
5069 /* Build display for: New File Name */
5071 NewFileName = pd + offset;
5075 proto_tree_add_text(tree, NullTVB, offset, strlen(NewFileName) + 1, "New File Name: %s", NewFileName);
5079 offset += strlen(NewFileName) + 1; /* Skip New File Name */
5083 if (dirn == 0) { /* Response(s) dissect code */
5085 /* Build display for: Word Count (WCT) */
5087 WordCount = GBYTE(pd, offset);
5091 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5095 offset += 1; /* Skip Word Count (WCT) */
5097 /* Build display for: Byte Count (BCC) */
5099 ByteCount = GSHORT(pd, offset);
5103 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5107 offset += 2; /* Skip Byte Count (BCC) */
5114 dissect_open_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5117 static const value_string Mode_0x03[] = {
5118 { 0, "Text mode (DOS expands TABs)"},
5119 { 1, "Graphics mode"},
5122 proto_tree *Mode_tree;
5125 guint8 BufferFormat;
5126 guint16 SetupLength;
5130 const char *IdentifierString;
5132 if (dirn == 1) { /* Request(s) dissect code */
5134 /* Build display for: Word Count (WCT) */
5136 WordCount = GBYTE(pd, offset);
5140 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5144 offset += 1; /* Skip Word Count (WCT) */
5146 /* Build display for: Setup Length */
5148 SetupLength = GSHORT(pd, offset);
5152 proto_tree_add_text(tree, NullTVB, offset, 2, "Setup Length: %u", SetupLength);
5156 offset += 2; /* Skip Setup Length */
5158 /* Build display for: Mode */
5160 Mode = GSHORT(pd, offset);
5164 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Mode: 0x%02x", Mode);
5165 Mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
5166 proto_tree_add_text(Mode_tree, NullTVB, offset, 2, "%s",
5167 decode_enumerated_bitfield(Mode, 0x03, 16, Mode_0x03, "%s"));
5171 offset += 2; /* Skip Mode */
5173 /* Build display for: Byte Count (BCC) */
5175 ByteCount = GSHORT(pd, offset);
5179 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5183 offset += 2; /* Skip Byte Count (BCC) */
5185 /* Build display for: Buffer Format */
5187 BufferFormat = GBYTE(pd, offset);
5191 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
5195 offset += 1; /* Skip Buffer Format */
5197 /* Build display for: Identifier String */
5199 IdentifierString = pd + offset;
5203 proto_tree_add_text(tree, NullTVB, offset, strlen(IdentifierString) + 1, "Identifier String: %s", IdentifierString);
5207 offset += strlen(IdentifierString) + 1; /* Skip Identifier String */
5211 if (dirn == 0) { /* Response(s) dissect code */
5213 /* Build display for: Word Count (WCT) */
5215 WordCount = GBYTE(pd, offset);
5219 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5223 offset += 1; /* Skip Word Count (WCT) */
5225 /* Build display for: FID */
5227 FID = GSHORT(pd, offset);
5231 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
5235 offset += 2; /* Skip FID */
5237 /* Build display for: Byte Count (BCC) */
5239 ByteCount = GSHORT(pd, offset);
5243 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5247 offset += 2; /* Skip Byte Count (BCC) */
5254 dissect_close_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5261 if (dirn == 1) { /* Request(s) dissect code */
5263 /* Build display for: Word Count (WCT) */
5265 WordCount = GBYTE(pd, offset);
5269 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5273 offset += 1; /* Skip Word Count (WCT) */
5275 /* Build display for: FID */
5277 FID = GSHORT(pd, offset);
5281 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
5285 offset += 2; /* Skip FID */
5287 /* Build display for: Byte Count (BCC) */
5289 ByteCount = GSHORT(pd, offset);
5293 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5297 offset += 2; /* Skip Byte Count (BCC) */
5301 if (dirn == 0) { /* Response(s) dissect code */
5303 /* Build display for: Word Count */
5305 WordCount = GBYTE(pd, offset);
5309 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count: %u", WordCount);
5313 offset += 1; /* Skip Word Count */
5315 /* Build display for: Byte Count (BCC) */
5317 ByteCount = GSHORT(pd, offset);
5321 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5325 offset += 2; /* Skip Byte Count (BCC) */
5332 dissect_read_raw_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5345 if (dirn == 1) { /* Request(s) dissect code */
5347 WordCount = GBYTE(pd, offset);
5349 switch (WordCount) {
5353 /* Build display for: Word Count (WCT) */
5355 WordCount = GBYTE(pd, offset);
5359 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5363 offset += 1; /* Skip Word Count (WCT) */
5365 /* Build display for: FID */
5367 FID = GSHORT(pd, offset);
5371 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
5375 offset += 2; /* Skip FID */
5377 /* Build display for: Offset */
5379 Offset = GWORD(pd, offset);
5383 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
5387 offset += 4; /* Skip Offset */
5389 /* Build display for: Max Count */
5391 MaxCount = GSHORT(pd, offset);
5395 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
5399 offset += 2; /* Skip Max Count */
5401 /* Build display for: Min Count */
5403 MinCount = GSHORT(pd, offset);
5407 proto_tree_add_text(tree, NullTVB, offset, 2, "Min Count: %u", MinCount);
5411 offset += 2; /* Skip Min Count */
5413 /* Build display for: Timeout */
5415 Timeout = GWORD(pd, offset);
5419 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
5423 offset += 4; /* Skip Timeout */
5425 /* Build display for: Reserved */
5427 Reserved = GSHORT(pd, offset);
5431 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
5435 offset += 2; /* Skip Reserved */
5437 /* Build display for: Byte Count (BCC) */
5439 ByteCount = GSHORT(pd, offset);
5443 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5447 offset += 2; /* Skip Byte Count (BCC) */
5453 /* Build display for: Word Count (WCT) */
5455 WordCount = GBYTE(pd, offset);
5459 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5463 offset += 1; /* Skip Word Count (WCT) */
5465 /* Build display for: FID */
5467 FID = GSHORT(pd, offset);
5471 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
5475 offset += 2; /* Skip FID */
5477 /* Build display for: Offset */
5479 Offset = GWORD(pd, offset);
5483 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
5487 offset += 4; /* Skip Offset */
5489 /* Build display for: Max Count */
5491 MaxCount = GSHORT(pd, offset);
5495 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
5499 offset += 2; /* Skip Max Count */
5501 /* Build display for: Min Count */
5503 MinCount = GSHORT(pd, offset);
5507 proto_tree_add_text(tree, NullTVB, offset, 2, "Min Count: %u", MinCount);
5511 offset += 2; /* Skip Min Count */
5513 /* Build display for: Timeout */
5515 Timeout = GWORD(pd, offset);
5519 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
5523 offset += 4; /* Skip Timeout */
5525 /* Build display for: Reserved */
5527 Reserved = GSHORT(pd, offset);
5531 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
5535 offset += 2; /* Skip Reserved */
5537 /* Build display for: Offset High */
5539 OffsetHigh = GWORD(pd, offset);
5543 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset High: %u", OffsetHigh);
5547 offset += 4; /* Skip Offset High */
5549 /* Build display for: Byte Count (BCC) */
5551 ByteCount = GSHORT(pd, offset);
5555 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5559 offset += 2; /* Skip Byte Count (BCC) */
5567 if (dirn == 0) { /* Response(s) dissect code */
5574 dissect_read_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5578 guint8 AndXReserved;
5579 guint8 AndXCommand = 0xFF;
5581 guint16 AndXOffset = 0;
5583 guint16 DataCompactionMode;
5594 if (dirn == 1) { /* Request(s) dissect code */
5596 /* Build display for: Word Count (WCT) */
5598 WordCount = GBYTE(pd, offset);
5602 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5606 offset += 1; /* Skip Word Count (WCT) */
5608 /* Build display for: AndXCommand */
5610 AndXCommand = GBYTE(pd, offset);
5614 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %u", AndXCommand);
5618 offset += 1; /* Skip AndXCommand */
5620 /* Build display for: AndXReserved */
5622 AndXReserved = GBYTE(pd, offset);
5626 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
5630 offset += 1; /* Skip AndXReserved */
5632 /* Build display for: AndXOffset */
5634 AndXOffset = GSHORT(pd, offset);
5638 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
5642 offset += 2; /* Skip AndXOffset */
5644 /* Build display for: FID */
5646 FID = GSHORT(pd, offset);
5650 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
5654 offset += 2; /* Skip FID */
5656 /* Build display for: Offset */
5658 Offset = GWORD(pd, offset);
5662 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
5666 offset += 4; /* Skip Offset */
5668 /* Build display for: Max Count */
5670 MaxCount = GSHORT(pd, offset);
5674 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
5678 offset += 2; /* Skip Max Count */
5680 /* Build display for: Min Count */
5682 MinCount = GSHORT(pd, offset);
5686 proto_tree_add_text(tree, NullTVB, offset, 2, "Min Count: %u", MinCount);
5690 offset += 2; /* Skip Min Count */
5692 /* Build display for: Reserved */
5694 Reserved = GWORD(pd, offset);
5698 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved: %u", Reserved);
5702 offset += 4; /* Skip Reserved */
5704 /* Build display for: Remaining */
5706 Remaining = GSHORT(pd, offset);
5710 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
5714 offset += 2; /* Skip Remaining */
5716 if (WordCount == 12) {
5718 /* Build display for: Offset High */
5720 OffsetHigh = GWORD(pd, offset);
5724 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset High: %u", OffsetHigh);
5728 offset += 4; /* Skip Offset High */
5731 /* Build display for: Byte Count (BCC) */
5733 ByteCount = GSHORT(pd, offset);
5737 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5741 offset += 2; /* Skip Byte Count (BCC) */
5744 if (AndXCommand != 0xFF) {
5746 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
5752 if (dirn == 0) { /* Response(s) dissect code */
5754 /* Build display for: Word Count (WCT) */
5756 WordCount = GBYTE(pd, offset);
5760 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5764 offset += 1; /* Skip Word Count (WCT) */
5766 /* Build display for: AndXCommand */
5768 AndXCommand = GBYTE(pd, offset);
5772 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %u", AndXCommand);
5776 offset += 1; /* Skip AndXCommand */
5778 /* Build display for: AndXReserved */
5780 AndXReserved = GBYTE(pd, offset);
5784 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
5788 offset += 1; /* Skip AndXReserved */
5790 /* Build display for: AndXOffset */
5792 AndXOffset = GSHORT(pd, offset);
5796 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
5800 offset += 2; /* Skip AndXOffset */
5802 /* Build display for: Remaining */
5804 Remaining = GSHORT(pd, offset);
5808 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
5812 offset += 2; /* Skip Remaining */
5814 /* Build display for: Data Compaction Mode */
5816 DataCompactionMode = GSHORT(pd, offset);
5820 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Compaction Mode: %u", DataCompactionMode);
5824 offset += 2; /* Skip Data Compaction Mode */
5826 /* Build display for: Reserved */
5828 Reserved = GSHORT(pd, offset);
5832 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
5836 offset += 2; /* Skip Reserved */
5838 /* Build display for: Data Length */
5840 DataLength = GSHORT(pd, offset);
5844 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
5848 offset += 2; /* Skip Data Length */
5850 /* Build display for: Data Offset */
5852 DataOffset = GSHORT(pd, offset);
5856 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
5860 offset += 2; /* Skip Data Offset */
5862 /* Build display for: Reserved[5] */
5864 for(i = 1; i <= 5; ++i) {
5866 Reserved = GSHORT(pd, offset);
5870 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved%u: %u", i, Reserved);
5876 /* Build display for: Byte Count (BCC) */
5878 ByteCount = GSHORT(pd, offset);
5882 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5886 offset += 2; /* Skip Byte Count (BCC) */
5888 /* Build display for data */
5892 offset = SMB_offset + DataOffset;
5893 if(END_OF_FRAME >= DataLength)
5894 proto_tree_add_text(tree, NullTVB, offset, DataLength, "Data (%u bytes)", DataLength);
5896 proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Data (first %u bytes)", END_OF_FRAME);
5900 if (AndXCommand != 0xFF) {
5902 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
5911 dissect_logoff_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5915 guint8 AndXReserved;
5916 guint8 AndXCommand = 0xFF;
5918 guint16 AndXOffset = 0;
5920 if (dirn == 1) { /* Request(s) dissect code */
5922 /* Build display for: Word Count (WCT) */
5924 WordCount = GBYTE(pd, offset);
5928 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5932 offset += 1; /* Skip Word Count (WCT) */
5934 /* Build display for: AndXCommand */
5936 AndXCommand = GBYTE(pd, offset);
5940 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %u", AndXCommand);
5944 offset += 1; /* Skip AndXCommand */
5946 /* Build display for: AndXReserved */
5948 AndXReserved = GBYTE(pd, offset);
5952 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
5956 offset += 1; /* Skip AndXReserved */
5958 /* Build display for: AndXOffset */
5960 AndXOffset = GSHORT(pd, offset);
5964 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
5968 offset += 2; /* Skip AndXOffset */
5970 /* Build display for: Byte Count (BCC) */
5972 ByteCount = GSHORT(pd, offset);
5976 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5980 offset += 2; /* Skip Byte Count (BCC) */
5983 if (AndXCommand != 0xFF) {
5985 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
5991 if (dirn == 0) { /* Response(s) dissect code */
5993 /* Build display for: Word Count (WCT) */
5995 WordCount = GBYTE(pd, offset);
5999 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6003 offset += 1; /* Skip Word Count (WCT) */
6005 /* Build display for: AndXCommand */
6007 AndXCommand = GBYTE(pd, offset);
6011 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %u", AndXCommand);
6015 offset += 1; /* Skip AndXCommand */
6017 /* Build display for: AndXReserved */
6019 AndXReserved = GBYTE(pd, offset);
6023 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
6027 offset += 1; /* Skip AndXReserved */
6029 /* Build display for: AndXOffset */
6031 AndXOffset = GSHORT(pd, offset);
6035 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
6039 offset += 2; /* Skip AndXOffset */
6041 /* Build display for: Byte Count (BCC) */
6043 ByteCount = GSHORT(pd, offset);
6047 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6051 offset += 2; /* Skip Byte Count (BCC) */
6054 if (AndXCommand != 0xFF) {
6056 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
6065 dissect_seek_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6068 static const value_string Mode_0x03[] = {
6069 { 0, "Seek from start of file"},
6070 { 1, "Seek from current position"},
6071 { 2, "Seek from end of file"},
6074 proto_tree *Mode_tree;
6082 if (dirn == 1) { /* Request(s) dissect code */
6084 /* Build display for: Word Count (WCT) */
6086 WordCount = GBYTE(pd, offset);
6090 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6094 offset += 1; /* Skip Word Count (WCT) */
6096 /* Build display for: FID */
6098 FID = GSHORT(pd, offset);
6102 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
6106 offset += 2; /* Skip FID */
6108 /* Build display for: Mode */
6110 Mode = GSHORT(pd, offset);
6114 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Mode: 0x%02x", Mode);
6115 Mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
6116 proto_tree_add_text(Mode_tree, NullTVB, offset, 2, "%s",
6117 decode_enumerated_bitfield(Mode, 0x03, 16, Mode_0x03, "%s"));
6121 offset += 2; /* Skip Mode */
6123 /* Build display for: Offset */
6125 Offset = GWORD(pd, offset);
6129 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
6133 offset += 4; /* Skip Offset */
6135 /* Build display for: Byte Count (BCC) */
6137 ByteCount = GSHORT(pd, offset);
6141 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6145 offset += 2; /* Skip Byte Count (BCC) */
6149 if (dirn == 0) { /* Response(s) dissect code */
6151 /* Build display for: Word Count (WCT) */
6153 WordCount = GBYTE(pd, offset);
6157 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6161 offset += 1; /* Skip Word Count (WCT) */
6163 /* Build display for: Offset */
6165 Offset = GWORD(pd, offset);
6169 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
6173 offset += 4; /* Skip Offset */
6175 /* Build display for: Byte Count (BCC) */
6177 ByteCount = GSHORT(pd, offset);
6181 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6185 offset += 2; /* Skip Byte Count (BCC) */
6192 dissect_write_and_unlock_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6196 guint8 BufferFormat;
6204 if (dirn == 1) { /* Request(s) dissect code */
6206 /* Build display for: Word Count (WCT) */
6208 WordCount = GBYTE(pd, offset);
6212 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6216 offset += 1; /* Skip Word Count (WCT) */
6218 /* Build display for: FID */
6220 FID = GSHORT(pd, offset);
6224 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
6228 offset += 2; /* Skip FID */
6230 /* Build display for: Count */
6232 Count = GSHORT(pd, offset);
6236 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
6240 offset += 2; /* Skip Count */
6242 /* Build display for: Offset */
6244 Offset = GWORD(pd, offset);
6248 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
6252 offset += 4; /* Skip Offset */
6254 /* Build display for: Remaining */
6256 Remaining = GSHORT(pd, offset);
6260 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
6264 offset += 2; /* Skip Remaining */
6266 /* Build display for: Byte Count (BCC) */
6268 ByteCount = GSHORT(pd, offset);
6272 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6276 offset += 2; /* Skip Byte Count (BCC) */
6278 /* Build display for: Buffer Format */
6280 BufferFormat = GBYTE(pd, offset);
6284 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
6288 offset += 1; /* Skip Buffer Format */
6290 /* Build display for: Data Length */
6292 DataLength = GSHORT(pd, offset);
6296 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
6300 offset += 2; /* Skip Data Length */
6304 if (dirn == 0) { /* Response(s) dissect code */
6306 /* Build display for: Word Count (WCT) */
6308 WordCount = GBYTE(pd, offset);
6312 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6316 offset += 1; /* Skip Word Count (WCT) */
6318 /* Build display for: Count */
6320 Count = GSHORT(pd, offset);
6324 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
6328 offset += 2; /* Skip Count */
6330 /* Build display for: Byte Count (BCC) */
6332 ByteCount = GSHORT(pd, offset);
6336 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6340 offset += 2; /* Skip Byte Count (BCC) */
6347 dissect_set_info2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6351 guint16 LastWriteTime;
6352 guint16 LastWriteDate;
6353 guint16 LastAccessTime;
6354 guint16 LastAccessDate;
6356 guint16 CreationTime;
6357 guint16 CreationDate;
6360 if (dirn == 1) { /* Request(s) dissect code */
6362 /* Build display for: Word Count */
6364 WordCount = GBYTE(pd, offset);
6368 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count: %u", WordCount);
6372 offset += 1; /* Skip Word Count */
6374 /* Build display for: FID */
6376 FID = GSHORT(pd, offset);
6380 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
6384 offset += 2; /* Skip FID */
6386 /* Build display for: Creation Date */
6388 CreationDate = GSHORT(pd, offset);
6392 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Date: %s", dissect_dos_date(CreationDate));
6396 offset += 2; /* Skip Creation Date */
6398 /* Build display for: Creation Time */
6400 CreationTime = GSHORT(pd, offset);
6404 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Time: %s", dissect_dos_time(CreationTime));
6408 offset += 2; /* Skip Creation Time */
6410 /* Build display for: Last Access Date */
6412 LastAccessDate = GSHORT(pd, offset);
6416 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Access Date: %s", dissect_dos_date(LastAccessDate));
6420 offset += 2; /* Skip Last Access Date */
6422 /* Build display for: Last Access Time */
6424 LastAccessTime = GSHORT(pd, offset);
6428 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Access Time: %s", dissect_dos_time(LastAccessTime));
6432 offset += 2; /* Skip Last Access Time */
6434 /* Build display for: Last Write Date */
6436 LastWriteDate = GSHORT(pd, offset);
6440 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_dos_date(LastWriteDate));
6444 offset += 2; /* Skip Last Write Date */
6446 /* Build display for: Last Write Time */
6448 LastWriteTime = GSHORT(pd, offset);
6452 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_dos_time(LastWriteTime));
6456 offset += 2; /* Skip Last Write Time */
6458 /* Build display for: Byte Count (BCC) */
6460 ByteCount = GSHORT(pd, offset);
6464 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6468 offset += 2; /* Skip Byte Count (BCC) */
6472 if (dirn == 0) { /* Response(s) dissect code */
6474 /* Build display for: Word Count (WCC) */
6476 WordCount = GBYTE(pd, offset);
6480 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCC): %u", WordCount);
6484 offset += 1; /* Skip Word Count (WCC) */
6486 /* Build display for: Byte Count (BCC) */
6488 ByteCount = GSHORT(pd, offset);
6492 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6496 offset += 2; /* Skip Byte Count (BCC) */
6503 dissect_lock_bytes_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6512 if (dirn == 1) { /* Request(s) dissect code */
6514 /* Build display for: Word Count (WCT) */
6516 WordCount = GBYTE(pd, offset);
6520 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6524 offset += 1; /* Skip Word Count (WCT) */
6526 /* Build display for: FID */
6528 FID = GSHORT(pd, offset);
6532 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
6536 offset += 2; /* Skip FID */
6538 /* Build display for: Count */
6540 Count = GWORD(pd, offset);
6544 proto_tree_add_text(tree, NullTVB, offset, 4, "Count: %u", Count);
6548 offset += 4; /* Skip Count */
6550 /* Build display for: Offset */
6552 Offset = GWORD(pd, offset);
6556 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
6560 offset += 4; /* Skip Offset */
6562 /* Build display for: Byte Count (BCC) */
6564 ByteCount = GSHORT(pd, offset);
6568 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6572 offset += 2; /* Skip Byte Count (BCC) */
6576 if (dirn == 0) { /* Response(s) dissect code */
6578 /* Build display for: Word Count (WCT) */
6580 WordCount = GBYTE(pd, offset);
6584 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6588 offset += 1; /* Skip Word Count (WCT) */
6590 /* Build display for: Byte Count (BCC) */
6592 ByteCount = GSHORT(pd, offset);
6596 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6600 offset += 2; /* Skip Byte Count (BCC) */
6607 dissect_get_print_queue_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6611 guint8 BufferFormat;
6613 guint16 RestartIndex;
6619 if (dirn == 1) { /* Request(s) dissect code */
6621 /* Build display for: Word Count */
6623 WordCount = GBYTE(pd, offset);
6627 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count: %u", WordCount);
6631 offset += 1; /* Skip Word Count */
6633 /* Build display for: Max Count */
6635 MaxCount = GSHORT(pd, offset);
6639 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
6643 offset += 2; /* Skip Max Count */
6645 /* Build display for: Start Index */
6647 StartIndex = GSHORT(pd, offset);
6651 proto_tree_add_text(tree, NullTVB, offset, 2, "Start Index: %u", StartIndex);
6655 offset += 2; /* Skip Start Index */
6657 /* Build display for: Byte Count (BCC) */
6659 ByteCount = GSHORT(pd, offset);
6663 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6667 offset += 2; /* Skip Byte Count (BCC) */
6671 if (dirn == 0) { /* Response(s) dissect code */
6673 /* Build display for: Word Count (WCT) */
6675 WordCount = GBYTE(pd, offset);
6679 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6683 offset += 1; /* Skip Word Count (WCT) */
6685 if (WordCount > 0) {
6687 /* Build display for: Count */
6689 Count = GSHORT(pd, offset);
6693 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
6697 offset += 2; /* Skip Count */
6699 /* Build display for: Restart Index */
6701 RestartIndex = GSHORT(pd, offset);
6705 proto_tree_add_text(tree, NullTVB, offset, 2, "Restart Index: %u", RestartIndex);
6709 offset += 2; /* Skip Restart Index */
6711 /* Build display for: Byte Count (BCC) */
6715 ByteCount = GSHORT(pd, offset);
6719 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6723 offset += 2; /* Skip Byte Count (BCC) */
6725 /* Build display for: Buffer Format */
6727 BufferFormat = GBYTE(pd, offset);
6731 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
6735 offset += 1; /* Skip Buffer Format */
6737 /* Build display for: Data Length */
6739 DataLength = GSHORT(pd, offset);
6743 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
6747 offset += 2; /* Skip Data Length */
6754 dissect_locking_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6757 proto_tree *LockType_tree;
6762 guint8 AndXReserved;
6763 guint8 AndXCommand = 0xFF;
6765 guint16 NumberofLocks;
6766 guint16 NumberOfUnlocks;
6770 guint16 AndXOffset = 0;
6772 if (dirn == 1) { /* Request(s) dissect code */
6774 /* Build display for: Word Count (WCT) */
6776 WordCount = GBYTE(pd, offset);
6780 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6784 offset += 1; /* Skip Word Count (WCT) */
6786 /* Build display for: AndXCommand */
6788 AndXCommand = GBYTE(pd, offset);
6792 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %u", AndXCommand);
6796 offset += 1; /* Skip AndXCommand */
6798 /* Build display for: AndXReserved */
6800 AndXReserved = GBYTE(pd, offset);
6804 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
6808 offset += 1; /* Skip AndXReserved */
6810 /* Build display for: AndXOffset */
6812 AndXOffset = GSHORT(pd, offset);
6816 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
6820 offset += 2; /* Skip AndXOffset */
6822 /* Build display for: FID */
6824 FID = GSHORT(pd, offset);
6828 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
6832 offset += 2; /* Skip FID */
6834 /* Build display for: Lock Type */
6836 LockType = GBYTE(pd, offset);
6840 ti = proto_tree_add_text(tree, NullTVB, offset, 1, "Lock Type: 0x%01x", LockType);
6841 LockType_tree = proto_item_add_subtree(ti, ett_smb_lock_type);
6842 proto_tree_add_text(LockType_tree, NullTVB, offset, 1, "%s",
6843 decode_boolean_bitfield(LockType, 0x01, 16, "Read-only lock", "Not a Read-only lock"));
6844 proto_tree_add_text(LockType_tree, NullTVB, offset, 1, "%s",
6845 decode_boolean_bitfield(LockType, 0x02, 16, "Oplock break notification", "Not an Oplock break notification"));
6846 proto_tree_add_text(LockType_tree, NullTVB, offset, 1, "%s",
6847 decode_boolean_bitfield(LockType, 0x04, 16, "Change lock type", "Not a lock type change"));
6848 proto_tree_add_text(LockType_tree, NullTVB, offset, 1, "%s",
6849 decode_boolean_bitfield(LockType, 0x08, 16, "Cancel outstanding request", "Dont cancel outstanding request"));
6850 proto_tree_add_text(LockType_tree, NullTVB, offset, 1, "%s",
6851 decode_boolean_bitfield(LockType, 0x10, 16, "Large file locking format", "Not a large file locking format"));
6855 offset += 1; /* Skip Lock Type */
6857 /* Build display for: OplockLevel */
6859 OplockLevel = GBYTE(pd, offset);
6863 proto_tree_add_text(tree, NullTVB, offset, 1, "OplockLevel: %u", OplockLevel);
6867 offset += 1; /* Skip OplockLevel */
6869 /* Build display for: Timeout */
6871 Timeout = GWORD(pd, offset);
6875 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
6879 offset += 4; /* Skip Timeout */
6881 /* Build display for: Number Of Unlocks */
6883 NumberOfUnlocks = GSHORT(pd, offset);
6887 proto_tree_add_text(tree, NullTVB, offset, 2, "Number Of Unlocks: %u", NumberOfUnlocks);
6891 offset += 2; /* Skip Number Of Unlocks */
6893 /* Build display for: Number of Locks */
6895 NumberofLocks = GSHORT(pd, offset);
6899 proto_tree_add_text(tree, NullTVB, offset, 2, "Number of Locks: %u", NumberofLocks);
6903 offset += 2; /* Skip Number of Locks */
6905 /* Build display for: Byte Count (BCC) */
6907 ByteCount = GSHORT(pd, offset);
6911 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6915 offset += 2; /* Skip Byte Count (BCC) */
6918 if (AndXCommand != 0xFF) {
6920 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
6926 if (dirn == 0) { /* Response(s) dissect code */
6928 /* Build display for: Word Count (WCT) */
6930 WordCount = GBYTE(pd, offset);
6934 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6938 offset += 1; /* Skip Word Count (WCT) */
6940 if (WordCount > 0) {
6942 /* Build display for: AndXCommand */
6944 AndXCommand = GBYTE(pd, offset);
6948 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
6949 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
6953 offset += 1; /* Skip AndXCommand */
6955 /* Build display for: AndXReserved */
6957 AndXReserved = GBYTE(pd, offset);
6961 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
6965 offset += 1; /* Skip AndXReserved */
6967 /* Build display for: AndXoffset */
6969 AndXoffset = GSHORT(pd, offset);
6973 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXoffset: %u", AndXoffset);
6977 offset += 2; /* Skip AndXoffset */
6981 /* Build display for: Byte Count */
6983 ByteCount = GSHORT(pd, offset);
6987 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
6991 offset += 2; /* Skip Byte Count */
6994 if (AndXCommand != 0xFF) {
6996 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
7005 dissect_unlock_bytes_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7014 if (dirn == 1) { /* Request(s) dissect code */
7016 /* Build display for: Word Count (WCT) */
7018 WordCount = GBYTE(pd, offset);
7022 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7026 offset += 1; /* Skip Word Count (WCT) */
7028 /* Build display for: FID */
7030 FID = GSHORT(pd, offset);
7034 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
7038 offset += 2; /* Skip FID */
7040 /* Build display for: Count */
7042 Count = GWORD(pd, offset);
7046 proto_tree_add_text(tree, NullTVB, offset, 4, "Count: %u", Count);
7050 offset += 4; /* Skip Count */
7052 /* Build display for: Offset */
7054 Offset = GWORD(pd, offset);
7058 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
7062 offset += 4; /* Skip Offset */
7064 /* Build display for: Byte Count (BCC) */
7066 ByteCount = GSHORT(pd, offset);
7070 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7074 offset += 2; /* Skip Byte Count (BCC) */
7078 if (dirn == 0) { /* Response(s) dissect code */
7080 /* Build display for: Word Count (WCT) */
7082 WordCount = GBYTE(pd, offset);
7086 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7090 offset += 1; /* Skip Word Count (WCT) */
7092 /* Build display for: Byte Count (BCC) */
7094 ByteCount = GSHORT(pd, offset);
7098 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7102 offset += 2; /* Skip Byte Count (BCC) */
7109 dissect_create_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7112 proto_tree *Attributes_tree;
7115 guint8 BufferFormat;
7117 guint16 CreationTime;
7120 const char *FileName;
7122 if (dirn == 1) { /* Request(s) dissect code */
7124 /* Build display for: Word Count (WCT) */
7126 WordCount = GBYTE(pd, offset);
7130 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7134 offset += 1; /* Skip Word Count (WCT) */
7136 /* Build display for: Attributes */
7138 Attributes = GSHORT(pd, offset);
7142 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Attributes: 0x%02x", Attributes);
7143 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
7144 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7145 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
7146 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7147 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
7148 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7149 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
7150 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7151 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
7152 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7153 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
7154 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7155 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
7159 offset += 2; /* Skip Attributes */
7161 /* Build display for: Creation Time */
7163 CreationTime = GSHORT(pd, offset);
7167 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Time: %s", dissect_dos_time(CreationTime));
7171 offset += 2; /* Skip Creation Time */
7173 /* Build display for: Byte Count (BCC) */
7175 ByteCount = GSHORT(pd, offset);
7179 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7183 offset += 2; /* Skip Byte Count (BCC) */
7185 /* Build display for: Buffer Format */
7187 BufferFormat = GBYTE(pd, offset);
7191 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
7195 offset += 1; /* Skip Buffer Format */
7197 /* Build display for: File Name */
7199 FileName = pd + offset;
7203 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
7207 offset += strlen(FileName) + 1; /* Skip File Name */
7211 if (dirn == 0) { /* Response(s) dissect code */
7213 /* Build display for: Word Count (WCT) */
7215 WordCount = GBYTE(pd, offset);
7219 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7223 offset += 1; /* Skip Word Count (WCT) */
7225 if (WordCount > 0) {
7227 /* Build display for: FID */
7229 FID = GSHORT(pd, offset);
7233 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
7237 offset += 2; /* Skip FID */
7241 /* Build display for: Byte Count (BCC) */
7243 ByteCount = GSHORT(pd, offset);
7247 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7251 offset += 2; /* Skip Byte Count (BCC) */
7258 dissect_search_dir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7262 guint8 BufferFormat2;
7263 guint8 BufferFormat1;
7264 guint8 BufferFormat;
7265 guint16 SearchAttributes;
7266 guint16 ResumeKeyLength;
7271 const char *FileName;
7273 if (dirn == 1) { /* Request(s) dissect code */
7275 /* Build display for: Word Count (WCT) */
7277 WordCount = GBYTE(pd, offset);
7281 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7285 offset += 1; /* Skip Word Count (WCT) */
7287 /* Build display for: Max Count */
7289 MaxCount = GSHORT(pd, offset);
7293 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
7297 offset += 2; /* Skip Max Count */
7299 /* Build display for: Search Attributes */
7301 SearchAttributes = GSHORT(pd, offset);
7305 proto_tree_add_text(tree, NullTVB, offset, 2, "Search Attributes: %u", SearchAttributes);
7309 offset += 2; /* Skip Search Attributes */
7311 /* Build display for: Byte Count (BCC) */
7313 ByteCount = GSHORT(pd, offset);
7317 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7321 offset += 2; /* Skip Byte Count (BCC) */
7323 /* Build display for: Buffer Format 1 */
7325 BufferFormat1 = GBYTE(pd, offset);
7329 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format 1: %u", BufferFormat1);
7333 offset += 1; /* Skip Buffer Format 1 */
7335 /* Build display for: File Name */
7337 FileName = pd + offset;
7341 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
7345 offset += strlen(FileName) + 1; /* Skip File Name */
7347 /* Build display for: Buffer Format 2 */
7349 BufferFormat2 = GBYTE(pd, offset);
7353 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format 2: %u", BufferFormat2);
7357 offset += 1; /* Skip Buffer Format 2 */
7359 /* Build display for: Resume Key Length */
7361 ResumeKeyLength = GSHORT(pd, offset);
7365 proto_tree_add_text(tree, NullTVB, offset, 2, "Resume Key Length: %u", ResumeKeyLength);
7369 offset += 2; /* Skip Resume Key Length */
7373 if (dirn == 0) { /* Response(s) dissect code */
7375 /* Build display for: Word Count (WCT) */
7377 WordCount = GBYTE(pd, offset);
7381 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7385 offset += 1; /* Skip Word Count (WCT) */
7387 if (WordCount > 0) {
7389 /* Build display for: Count */
7391 Count = GSHORT(pd, offset);
7395 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
7399 offset += 2; /* Skip Count */
7403 /* Build display for: Byte Count (BCC) */
7405 ByteCount = GSHORT(pd, offset);
7409 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7413 offset += 2; /* Skip Byte Count (BCC) */
7415 /* Build display for: Buffer Format */
7417 BufferFormat = GBYTE(pd, offset);
7421 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
7425 offset += 1; /* Skip Buffer Format */
7427 /* Build display for: Data Length */
7429 DataLength = GSHORT(pd, offset);
7433 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
7437 offset += 2; /* Skip Data Length */
7444 dissect_create_temporary_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7448 guint8 BufferFormat;
7451 guint16 CreationTime;
7452 guint16 CreationDate;
7454 const char *FileName;
7455 const char *DirectoryName;
7457 if (dirn == 1) { /* Request(s) dissect code */
7459 /* Build display for: Word Count (WCT) */
7461 WordCount = GBYTE(pd, offset);
7465 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7469 offset += 1; /* Skip Word Count (WCT) */
7471 /* Build display for: Reserved */
7473 Reserved = GSHORT(pd, offset);
7477 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
7481 offset += 2; /* Skip Reserved */
7483 /* Build display for: Creation Time */
7485 CreationTime = GSHORT(pd, offset);
7489 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Time: %s", dissect_dos_time(CreationTime));
7493 offset += 2; /* Skip Creation Time */
7495 /* Build display for: Creation Date */
7497 CreationDate = GSHORT(pd, offset);
7501 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Date: %s", dissect_dos_date(CreationDate));
7505 offset += 2; /* Skip Creation Date */
7507 /* Build display for: Byte Count (BCC) */
7509 ByteCount = GSHORT(pd, offset);
7513 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7517 offset += 2; /* Skip Byte Count (BCC) */
7519 /* Build display for: Buffer Format */
7521 BufferFormat = GBYTE(pd, offset);
7525 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
7529 offset += 1; /* Skip Buffer Format */
7531 /* Build display for: Directory Name */
7533 DirectoryName = pd + offset;
7537 proto_tree_add_text(tree, NullTVB, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
7541 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
7545 if (dirn == 0) { /* Response(s) dissect code */
7547 /* Build display for: Word Count (WCT) */
7549 WordCount = GBYTE(pd, offset);
7553 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7557 offset += 1; /* Skip Word Count (WCT) */
7559 if (WordCount > 0) {
7561 /* Build display for: FID */
7563 FID = GSHORT(pd, offset);
7567 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
7571 offset += 2; /* Skip FID */
7575 /* Build display for: Byte Count (BCC) */
7577 ByteCount = GSHORT(pd, offset);
7581 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7585 offset += 2; /* Skip Byte Count (BCC) */
7587 /* Build display for: Buffer Format */
7589 BufferFormat = GBYTE(pd, offset);
7593 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
7597 offset += 1; /* Skip Buffer Format */
7599 /* Build display for: File Name */
7601 FileName = pd + offset;
7605 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
7609 offset += strlen(FileName) + 1; /* Skip File Name */
7616 dissect_close_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7620 guint16 LastWriteTime;
7621 guint16 LastWriteDate;
7625 if (dirn == 1) { /* Request(s) dissect code */
7627 /* Build display for: Word Count (WCT) */
7629 WordCount = GBYTE(pd, offset);
7633 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7637 offset += 1; /* Skip Word Count (WCT) */
7639 /* Build display for: FID */
7641 FID = GSHORT(pd, offset);
7645 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
7649 offset += 2; /* Skip FID */
7651 /* Build display for: Last Write Time */
7653 LastWriteTime = GSHORT(pd, offset);
7657 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_dos_time(LastWriteTime));
7661 offset += 2; /* Skip Last Write Time */
7663 /* Build display for: Last Write Date */
7665 LastWriteDate = GSHORT(pd, offset);
7669 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_dos_date(LastWriteDate));
7673 offset += 2; /* Skip Last Write Date */
7675 /* Build display for: Byte Count (BCC) */
7677 ByteCount = GSHORT(pd, offset);
7681 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7685 offset += 2; /* Skip Byte Count (BCC) */
7689 if (dirn == 0) { /* Response(s) dissect code */
7691 /* Build display for: Word Count (WCT) */
7693 WordCount = GBYTE(pd, offset);
7697 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7701 offset += 1; /* Skip Word Count (WCT) */
7703 /* Build display for: Byte Count (BCC) */
7705 ByteCount = GSHORT(pd, offset);
7709 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7713 offset += 2; /* Skip Byte Count (BCC) */
7720 dissect_write_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7724 guint8 BufferFormat;
7729 if (dirn == 1) { /* Request(s) dissect code */
7731 /* Build display for: Word Count (WCT) */
7733 WordCount = GBYTE(pd, offset);
7737 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7741 offset += 1; /* Skip Word Count (WCT) */
7743 /* Build display for: FID */
7745 FID = GSHORT(pd, offset);
7749 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
7753 offset += 2; /* Skip FID */
7755 /* Build display for: Byte Count (BCC) */
7757 ByteCount = GSHORT(pd, offset);
7761 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7765 offset += 2; /* Skip Byte Count (BCC) */
7767 /* Build display for: Buffer Format */
7769 BufferFormat = GBYTE(pd, offset);
7773 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
7777 offset += 1; /* Skip Buffer Format */
7779 /* Build display for: Data Length */
7781 DataLength = GSHORT(pd, offset);
7785 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
7789 offset += 2; /* Skip Data Length */
7793 if (dirn == 0) { /* Response(s) dissect code */
7795 /* Build display for: Word Count (WCT) */
7797 WordCount = GBYTE(pd, offset);
7801 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7805 offset += 1; /* Skip Word Count (WCT) */
7807 /* Build display for: Byte Count (BCC) */
7809 ByteCount = GSHORT(pd, offset);
7813 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7817 offset += 2; /* Skip Byte Count (BCC) */
7824 dissect_lock_and_read_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7828 guint8 BufferFormat;
7840 if (dirn == 1) { /* Request(s) dissect code */
7842 /* Build display for: Word Count (WCT) */
7844 WordCount = GBYTE(pd, offset);
7848 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7852 offset += 1; /* Skip Word Count (WCT) */
7854 /* Build display for: FID */
7856 FID = GSHORT(pd, offset);
7860 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
7864 offset += 2; /* Skip FID */
7866 /* Build display for: Count */
7868 Count = GSHORT(pd, offset);
7872 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
7876 offset += 2; /* Skip Count */
7878 /* Build display for: Offset */
7880 Offset = GWORD(pd, offset);
7884 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
7888 offset += 4; /* Skip Offset */
7890 /* Build display for: Remaining */
7892 Remaining = GSHORT(pd, offset);
7896 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
7900 offset += 2; /* Skip Remaining */
7902 /* Build display for: Byte Count (BCC) */
7904 ByteCount = GSHORT(pd, offset);
7908 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7912 offset += 2; /* Skip Byte Count (BCC) */
7916 if (dirn == 0) { /* Response(s) dissect code */
7918 /* Build display for: Word Count (WCT) */
7920 WordCount = GBYTE(pd, offset);
7924 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7928 offset += 1; /* Skip Word Count (WCT) */
7930 if (WordCount > 0) {
7932 /* Build display for: Count */
7934 Count = GSHORT(pd, offset);
7938 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
7942 offset += 2; /* Skip Count */
7944 /* Build display for: Reserved 1 */
7946 Reserved1 = GSHORT(pd, offset);
7950 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
7954 offset += 2; /* Skip Reserved 1 */
7956 /* Build display for: Reserved 2 */
7958 Reserved2 = GSHORT(pd, offset);
7962 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 2: %u", Reserved2);
7966 offset += 2; /* Skip Reserved 2 */
7968 /* Build display for: Reserved 3 */
7970 Reserved3 = GSHORT(pd, offset);
7974 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 3: %u", Reserved3);
7978 offset += 2; /* Skip Reserved 3 */
7980 /* Build display for: Reserved 4 */
7982 Reserved4 = GSHORT(pd, offset);
7986 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 4: %u", Reserved4);
7990 offset += 2; /* Skip Reserved 4 */
7992 /* Build display for: Byte Count (BCC) */
7994 ByteCount = GSHORT(pd, offset);
7998 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8004 offset += 2; /* Skip Byte Count (BCC) */
8006 /* Build display for: Buffer Format */
8008 BufferFormat = GBYTE(pd, offset);
8012 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
8016 offset += 1; /* Skip Buffer Format */
8018 /* Build display for: Data Length */
8020 DataLength = GSHORT(pd, offset);
8024 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
8028 offset += 2; /* Skip Data Length */
8035 dissect_process_exit_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8041 if (dirn == 1) { /* Request(s) dissect code */
8043 /* Build display for: Word Count (WCT) */
8045 WordCount = GBYTE(pd, offset);
8049 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8053 offset += 1; /* Skip Word Count (WCT) */
8055 /* Build display for: Byte Count (BCC) */
8057 ByteCount = GSHORT(pd, offset);
8061 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8065 offset += 2; /* Skip Byte Count (BCC) */
8069 if (dirn == 0) { /* Response(s) dissect code */
8071 /* Build display for: Word Count (WCT) */
8073 WordCount = GBYTE(pd, offset);
8077 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8081 offset += 1; /* Skip Word Count (WCT) */
8083 /* Build display for: Byte Count (BCC) */
8085 ByteCount = GSHORT(pd, offset);
8089 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8093 offset += 2; /* Skip Byte Count (BCC) */
8100 dissect_get_file_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8103 proto_tree *Attributes_tree;
8106 guint8 BufferFormat;
8113 guint16 LastWriteTime;
8114 guint16 LastWriteDate;
8117 const char *FileName;
8119 if (dirn == 1) { /* Request(s) dissect code */
8121 /* Build display for: Word Count (WCT) */
8123 WordCount = GBYTE(pd, offset);
8127 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8131 offset += 1; /* Skip Word Count (WCT) */
8133 /* Build display for: Byte Count (BCC) */
8135 ByteCount = GSHORT(pd, offset);
8139 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8143 offset += 2; /* Skip Byte Count (BCC) */
8145 /* Build display for: Buffer Format */
8147 BufferFormat = GBYTE(pd, offset);
8151 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
8155 offset += 1; /* Skip Buffer Format */
8157 /* Build display for: File Name */
8159 FileName = pd + offset;
8163 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
8167 offset += strlen(FileName) + 1; /* Skip File Name */
8171 if (dirn == 0) { /* Response(s) dissect code */
8173 /* Build display for: Word Count (WCT) */
8175 WordCount = GBYTE(pd, offset);
8179 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8183 offset += 1; /* Skip Word Count (WCT) */
8185 if (WordCount > 0) {
8187 /* Build display for: Attributes */
8189 Attributes = GSHORT(pd, offset);
8193 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Attributes: 0x%02x", Attributes);
8194 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
8195 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
8196 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
8197 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
8198 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
8199 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
8200 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
8201 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
8202 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
8203 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
8204 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
8205 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
8206 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
8210 offset += 2; /* Skip Attributes */
8212 /* Build display for: Last Write Time */
8214 LastWriteTime = GSHORT(pd, offset);
8220 offset += 2; /* Skip Last Write Time */
8222 /* Build display for: Last Write Date */
8224 LastWriteDate = GSHORT(pd, offset);
8228 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_smbu_date(LastWriteDate, LastWriteTime));
8230 proto_tree_add_text(tree, NullTVB, offset - 2, 2, "Last Write Time: %s", dissect_smbu_time(LastWriteDate, LastWriteTime));
8234 offset += 2; /* Skip Last Write Date */
8236 /* Build display for: File Size */
8238 FileSize = GWORD(pd, offset);
8242 proto_tree_add_text(tree, NullTVB, offset, 4, "File Size: %u", FileSize);
8246 offset += 4; /* Skip File Size */
8248 /* Build display for: Reserved 1 */
8250 Reserved1 = GSHORT(pd, offset);
8254 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
8258 offset += 2; /* Skip Reserved 1 */
8260 /* Build display for: Reserved 2 */
8262 Reserved2 = GSHORT(pd, offset);
8266 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 2: %u", Reserved2);
8270 offset += 2; /* Skip Reserved 2 */
8272 /* Build display for: Reserved 3 */
8274 Reserved3 = GSHORT(pd, offset);
8278 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 3: %u", Reserved3);
8282 offset += 2; /* Skip Reserved 3 */
8284 /* Build display for: Reserved 4 */
8286 Reserved4 = GSHORT(pd, offset);
8290 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 4: %u", Reserved4);
8294 offset += 2; /* Skip Reserved 4 */
8296 /* Build display for: Reserved 5 */
8298 Reserved5 = GSHORT(pd, offset);
8302 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 5: %u", Reserved5);
8306 offset += 2; /* Skip Reserved 5 */
8310 /* Build display for: Byte Count (BCC) */
8312 ByteCount = GSHORT(pd, offset);
8316 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8320 offset += 2; /* Skip Byte Count (BCC) */
8327 dissect_read_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8341 guint16 BufferFormat;
8343 if (dirn == 1) { /* Request(s) dissect code */
8345 /* Build display for: Word Count (WCT) */
8347 WordCount = GBYTE(pd, offset);
8351 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8355 offset += 1; /* Skip Word Count (WCT) */
8357 /* Build display for: FID */
8359 FID = GSHORT(pd, offset);
8363 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
8367 offset += 2; /* Skip FID */
8369 /* Build display for: Count */
8371 Count = GSHORT(pd, offset);
8375 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
8379 offset += 2; /* Skip Count */
8381 /* Build display for: Offset */
8383 Offset = GWORD(pd, offset);
8387 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
8391 offset += 4; /* Skip Offset */
8393 /* Build display for: Remaining */
8395 Remaining = GSHORT(pd, offset);
8399 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
8403 offset += 2; /* Skip Remaining */
8405 /* Build display for: Byte Count (BCC) */
8407 ByteCount = GSHORT(pd, offset);
8411 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8415 offset += 2; /* Skip Byte Count (BCC) */
8419 if (dirn == 0) { /* Response(s) dissect code */
8421 /* Build display for: Word Count (WCT) */
8423 WordCount = GBYTE(pd, offset);
8427 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8431 offset += 1; /* Skip Word Count (WCT) */
8433 if (WordCount > 0) {
8435 /* Build display for: Count */
8437 Count = GSHORT(pd, offset);
8441 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
8445 offset += 2; /* Skip Count */
8447 /* Build display for: Reserved 1 */
8449 Reserved1 = GSHORT(pd, offset);
8453 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
8457 offset += 2; /* Skip Reserved 1 */
8459 /* Build display for: Reserved 2 */
8461 Reserved2 = GSHORT(pd, offset);
8465 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 2: %u", Reserved2);
8469 offset += 2; /* Skip Reserved 2 */
8471 /* Build display for: Reserved 3 */
8473 Reserved3 = GSHORT(pd, offset);
8477 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 3: %u", Reserved3);
8481 offset += 2; /* Skip Reserved 3 */
8483 /* Build display for: Reserved 4 */
8485 Reserved4 = GSHORT(pd, offset);
8489 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 4: %u", Reserved4);
8493 offset += 2; /* Skip Reserved 4 */
8497 /* Build display for: Byte Count (BCC) */
8499 ByteCount = GSHORT(pd, offset);
8503 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8507 offset += 2; /* Skip Byte Count (BCC) */
8509 /* Build display for: Buffer Format */
8511 BufferFormat = GSHORT(pd, offset);
8515 proto_tree_add_text(tree, NullTVB, offset, 2, "Buffer Format: %u", BufferFormat);
8519 offset += 2; /* Skip Buffer Format */
8521 /* Build display for: Data Length */
8523 DataLength = GSHORT(pd, offset);
8527 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
8531 offset += 2; /* Skip Data Length */
8538 dissect_write_mpx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8541 proto_tree *WriteMode_tree;
8546 guint32 ResponseMask;
8547 guint32 RequestMask;
8556 if (dirn == 1) { /* Request(s) dissect code */
8558 /* Build display for: Word Count (WCT) */
8560 WordCount = GBYTE(pd, offset);
8564 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8568 offset += 1; /* Skip Word Count (WCT) */
8570 /* Build display for: FID */
8572 FID = GSHORT(pd, offset);
8576 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
8580 offset += 2; /* Skip FID */
8582 /* Build display for: Count */
8584 Count = GSHORT(pd, offset);
8588 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
8592 offset += 2; /* Skip Count */
8594 /* Build display for: Reserved 1 */
8596 Reserved1 = GSHORT(pd, offset);
8600 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
8604 offset += 2; /* Skip Reserved 1 */
8606 /* Build display for: Timeout */
8608 Timeout = GWORD(pd, offset);
8612 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
8616 offset += 4; /* Skip Timeout */
8618 /* Build display for: WriteMode */
8620 WriteMode = GSHORT(pd, offset);
8624 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "WriteMode: 0x%02x", WriteMode);
8625 WriteMode_tree = proto_item_add_subtree(ti, ett_smb_writemode);
8626 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
8627 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
8628 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
8629 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining", "Dont return Remaining"));
8630 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
8631 decode_boolean_bitfield(WriteMode, 0x40, 16, "Connectionless mode requested", "Connectionless mode not requested"));
8635 offset += 2; /* Skip WriteMode */
8637 /* Build display for: Request Mask */
8639 RequestMask = GWORD(pd, offset);
8643 proto_tree_add_text(tree, NullTVB, offset, 4, "Request Mask: %u", RequestMask);
8647 offset += 4; /* Skip Request Mask */
8649 /* Build display for: Data Length */
8651 DataLength = GSHORT(pd, offset);
8655 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
8659 offset += 2; /* Skip Data Length */
8661 /* Build display for: Data Offset */
8663 DataOffset = GSHORT(pd, offset);
8667 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
8671 offset += 2; /* Skip Data Offset */
8673 /* Build display for: Byte Count (BCC) */
8675 ByteCount = GSHORT(pd, offset);
8679 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8683 offset += 2; /* Skip Byte Count (BCC) */
8685 /* Build display for: Pad */
8687 Pad = GBYTE(pd, offset);
8691 proto_tree_add_text(tree, NullTVB, offset, 1, "Pad: %u", Pad);
8695 offset += 1; /* Skip Pad */
8699 if (dirn == 0) { /* Response(s) dissect code */
8701 /* Build display for: Word Count (WCT) */
8703 WordCount = GBYTE(pd, offset);
8707 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8711 offset += 1; /* Skip Word Count (WCT) */
8713 if (WordCount > 0) {
8715 /* Build display for: Response Mask */
8717 ResponseMask = GWORD(pd, offset);
8721 proto_tree_add_text(tree, NullTVB, offset, 4, "Response Mask: %u", ResponseMask);
8725 offset += 4; /* Skip Response Mask */
8727 /* Build display for: Byte Count (BCC) */
8729 ByteCount = GSHORT(pd, offset);
8733 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8739 offset += 2; /* Skip Byte Count (BCC) */
8746 dissect_find_close2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8753 if (dirn == 1) { /* Request(s) dissect code */
8755 /* Build display for: Word Count (WTC) */
8757 WordCount = GBYTE(pd, offset);
8761 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WTC): %u", WordCount);
8765 offset += 1; /* Skip Word Count (WTC) */
8767 /* Build display for: FID */
8769 FID = GSHORT(pd, offset);
8773 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
8777 offset += 2; /* Skip FID */
8779 /* Build display for: Byte Count (BCC) */
8781 ByteCount = GSHORT(pd, offset);
8785 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8789 offset += 2; /* Skip Byte Count (BCC) */
8793 if (dirn == 0) { /* Response(s) dissect code */
8795 /* Build display for: Word Count (WCT) */
8797 WordCount = GBYTE(pd, offset);
8801 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8805 offset += 1; /* Skip Word Count (WCT) */
8807 /* Build display for: Byte Count (BCC) */
8809 ByteCount = GBYTE(pd, offset);
8813 proto_tree_add_text(tree, NullTVB, offset, 1, "Byte Count (BCC): %u", ByteCount);
8817 offset += 1; /* Skip Byte Count (BCC) */
8823 char *trans2_cmd_names[] = {
8825 "TRANS2_FIND_FIRST2",
8826 "TRANS2_FIND_NEXT2",
8827 "TRANS2_QUERY_FS_INFORMATION",
8829 "TRANS2_QUERY_PATH_INFORMATION",
8830 "TRANS2_SET_PATH_INFORMATION",
8831 "TRANS2_QUERY_FILE_INFORMATION",
8832 "TRANS2_SET_FILE_INFORMATION",
8835 "TRANS2_FIND_NOTIFY_FIRST",
8836 "TRANS2_FIND_NOTIFY_NEXT",
8837 "TRANS2_CREATE_DIRECTORY",
8838 "TRANS2_SESSION_SETUP",
8839 "TRANS2_GET_DFS_REFERRAL",
8841 "TRANS2_REPORT_DFS_INCONSISTENCY"};
8843 char *decode_trans2_name(int code)
8846 if (code > 17 || code < 0) {
8848 return("no such command");
8852 return trans2_cmd_names[code];
8858 dissect_transact2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8861 proto_tree *Flags_tree;
8867 guint8 MaxSetupCount;
8870 guint16 TotalParameterCount;
8871 guint16 TotalDataCount;
8874 guint16 ParameterOffset;
8875 guint16 ParameterDisplacement;
8876 guint16 ParameterCount;
8877 guint16 MaxParameterCount;
8878 guint16 MaxDataCount;
8881 guint16 DataDisplacement;
8884 conversation_t *conversation;
8885 struct smb_request_key request_key, *new_request_key;
8886 struct smb_request_val *request_val;
8889 * Find out what conversation this packet is part of.
8890 * XXX - this should really be done by the transport-layer protocol,
8891 * although for connectionless transports, we may not want to do that
8892 * unless we know some higher-level protocol will want it - or we
8893 * may want to do it, so you can say e.g. "show only the packets in
8894 * this UDP 'connection'".
8896 * Note that we don't have to worry about the direction this packet
8897 * was going - the conversation code handles that for us, treating
8898 * packets from A:X to B:Y as being part of the same conversation as
8899 * packets from B:Y to A:X.
8901 conversation = find_conversation(&pi.src, &pi.dst, pi.ptype,
8902 pi.srcport, pi.destport, 0);
8903 if (conversation == NULL) {
8904 /* It's not part of any conversation - create a new one. */
8905 conversation = conversation_new(&pi.src, &pi.dst, pi.ptype,
8906 pi.srcport, pi.destport, NULL, 0);
8909 si.conversation = conversation; /* Save this for later */
8912 * Check for and insert entry in request hash table if does not exist
8914 request_key.conversation = conversation->index;
8915 request_key.mid = si.mid;
8917 request_val = (struct smb_request_val *) g_hash_table_lookup(smb_request_hash, &request_key);
8919 if (!request_val) { /* Create one */
8921 new_request_key = g_mem_chunk_alloc(smb_request_keys);
8922 new_request_key -> conversation = conversation->index;
8923 new_request_key -> mid = si.mid;
8925 request_val = g_mem_chunk_alloc(smb_request_vals);
8926 request_val -> mid = si.mid;
8927 request_val -> last_transact2_command = 0xFFFF;
8929 g_hash_table_insert(smb_request_hash, new_request_key, request_val);
8932 else { /* Update the transact request */
8934 request_val -> mid = si.mid;
8938 si.request_val = request_val; /* Save this for later */
8941 if (dirn == 1) { /* Request(s) dissect code */
8943 /* Build display for: Word Count (WCT) */
8945 WordCount = GBYTE(pd, offset);
8949 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8953 offset += 1; /* Skip Word Count (WCT) */
8955 /* Build display for: Total Parameter Count */
8957 TotalParameterCount = GSHORT(pd, offset);
8961 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
8965 offset += 2; /* Skip Total Parameter Count */
8967 /* Build display for: Total Data Count */
8969 TotalDataCount = GSHORT(pd, offset);
8973 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Data Count: %u", TotalDataCount);
8977 offset += 2; /* Skip Total Data Count */
8979 /* Build display for: Max Parameter Count */
8981 MaxParameterCount = GSHORT(pd, offset);
8985 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Parameter Count: %u", MaxParameterCount);
8989 offset += 2; /* Skip Max Parameter Count */
8991 /* Build display for: Max Data Count */
8993 MaxDataCount = GSHORT(pd, offset);
8997 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Data Count: %u", MaxDataCount);
9001 offset += 2; /* Skip Max Data Count */
9003 /* Build display for: Max Setup Count */
9005 MaxSetupCount = GBYTE(pd, offset);
9009 proto_tree_add_text(tree, NullTVB, offset, 1, "Max Setup Count: %u", MaxSetupCount);
9013 offset += 1; /* Skip Max Setup Count */
9015 /* Build display for: Reserved1 */
9017 Reserved1 = GBYTE(pd, offset);
9021 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved1: %u", Reserved1);
9025 offset += 1; /* Skip Reserved1 */
9027 /* Build display for: Flags */
9029 Flags = GSHORT(pd, offset);
9033 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Flags: 0x%02x", Flags);
9034 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
9035 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
9036 decode_boolean_bitfield(Flags, 0x01, 16, "Also disconnect TID", "Dont disconnect TID"));
9037 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
9038 decode_boolean_bitfield(Flags, 0x02, 16, "One way transaction", "Two way transaction"));
9042 offset += 2; /* Skip Flags */
9044 /* Build display for: Timeout */
9046 Timeout = GWORD(pd, offset);
9050 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
9054 offset += 4; /* Skip Timeout */
9056 /* Build display for: Reserved2 */
9058 Reserved2 = GSHORT(pd, offset);
9062 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved2: %u", Reserved2);
9066 offset += 2; /* Skip Reserved2 */
9068 /* Build display for: Parameter Count */
9070 ParameterCount = GSHORT(pd, offset);
9074 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Count: %u", ParameterCount);
9078 offset += 2; /* Skip Parameter Count */
9080 /* Build display for: Parameter Offset */
9082 ParameterOffset = GSHORT(pd, offset);
9086 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Offset: %u", ParameterOffset);
9090 offset += 2; /* Skip Parameter Offset */
9092 /* Build display for: Data Count */
9094 DataCount = GSHORT(pd, offset);
9098 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Count: %u", DataCount);
9102 offset += 2; /* Skip Data Count */
9104 /* Build display for: Data Offset */
9106 DataOffset = GSHORT(pd, offset);
9110 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
9114 offset += 2; /* Skip Data Offset */
9116 /* Build display for: Setup Count */
9118 SetupCount = GBYTE(pd, offset);
9122 proto_tree_add_text(tree, NullTVB, offset, 1, "Setup Count: %u", SetupCount);
9126 offset += 1; /* Skip Setup Count */
9128 /* Build display for: Reserved3 */
9130 Reserved3 = GBYTE(pd, offset);
9134 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved3: %u", Reserved3);
9138 offset += 1; /* Skip Reserved3 */
9140 /* Build display for: Setup */
9142 if (SetupCount > 0) {
9146 Setup = GSHORT(pd, offset);
9148 request_val -> last_transact2_command = Setup; /* Save for later */
9150 if (check_col(fd, COL_INFO)) {
9152 col_add_fstr(fd, COL_INFO, "%s %s", decode_trans2_name(Setup), (dirn ? "Request" : "Response"));
9156 for (i = 1; i <= SetupCount; i++) {
9159 Setup1 = GSHORT(pd, offset);
9163 proto_tree_add_text(tree, NullTVB, offset, 2, "Setup%i: %u", i, Setup1);
9167 offset += 2; /* Skip Setup */
9173 /* Build display for: Byte Count (BCC) */
9175 ByteCount = GSHORT(pd, offset);
9179 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
9183 offset += 2; /* Skip Byte Count (BCC) */
9185 /* Build display for: Transact Name */
9189 proto_tree_add_text(tree, NullTVB, offset, 2, "Transact Name: %s", decode_trans2_name(Setup));
9193 if (offset < (SMB_offset + ParameterOffset)) {
9195 int pad1Count = SMB_offset + ParameterOffset - offset;
9197 /* Build display for: Pad1 */
9201 proto_tree_add_text(tree, NullTVB, offset, pad1Count, "Pad1: %s", format_text(pd + offset, pad1Count));
9204 offset += pad1Count; /* Skip Pad1 */
9208 if (ParameterCount > 0) {
9210 /* Build display for: Parameters */
9214 proto_tree_add_text(tree, NullTVB, SMB_offset + ParameterOffset, ParameterCount, "Parameters: %s", format_text(pd + SMB_offset + ParameterOffset, ParameterCount));
9218 offset += ParameterCount; /* Skip Parameters */
9222 if (DataCount > 0 && offset < (SMB_offset + DataOffset)) {
9224 int pad2Count = SMB_offset + DataOffset - offset;
9226 /* Build display for: Pad2 */
9230 proto_tree_add_text(tree, NullTVB, offset, pad2Count, "Pad2: %s", format_text(pd + offset, pad2Count));
9234 offset += pad2Count; /* Skip Pad2 */
9238 if (DataCount > 0) {
9240 /* Build display for: Data */
9242 Data = GBYTE(pd, offset);
9246 proto_tree_add_text(tree, NullTVB, SMB_offset + DataOffset, DataCount, "Data: %s", format_text(&pd[offset], DataCount));
9250 offset += DataCount; /* Skip Data */
9255 if (dirn == 0) { /* Response(s) dissect code */
9257 /* Pick up the last transact2 command and put it in the right places */
9259 if (check_col(fd, COL_INFO)) {
9261 col_add_fstr(fd, COL_INFO, "%s %s", decode_trans2_name(request_val -> last_transact2_command), "response");
9265 /* Build display for: Word Count (WCT) */
9267 WordCount = GBYTE(pd, offset);
9271 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
9275 offset += 1; /* Skip Word Count (WCT) */
9277 /* Build display for: Total Parameter Count */
9279 TotalParameterCount = GSHORT(pd, offset);
9283 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
9287 offset += 2; /* Skip Total Parameter Count */
9289 /* Build display for: Total Data Count */
9291 TotalDataCount = GSHORT(pd, offset);
9295 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Data Count: %u", TotalDataCount);
9299 offset += 2; /* Skip Total Data Count */
9301 /* Build display for: Reserved2 */
9303 Reserved2 = GSHORT(pd, offset);
9307 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved2: %u", Reserved2);
9311 offset += 2; /* Skip Reserved2 */
9313 /* Build display for: Parameter Count */
9315 ParameterCount = GSHORT(pd, offset);
9319 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Count: %u", ParameterCount);
9323 offset += 2; /* Skip Parameter Count */
9325 /* Build display for: Parameter Offset */
9327 ParameterOffset = GSHORT(pd, offset);
9331 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Offset: %u", ParameterOffset);
9335 offset += 2; /* Skip Parameter Offset */
9337 /* Build display for: Parameter Displacement */
9339 ParameterDisplacement = GSHORT(pd, offset);
9343 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Displacement: %u", ParameterDisplacement);
9347 offset += 2; /* Skip Parameter Displacement */
9349 /* Build display for: Data Count */
9351 DataCount = GSHORT(pd, offset);
9355 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Count: %u", DataCount);
9359 offset += 2; /* Skip Data Count */
9361 /* Build display for: Data Offset */
9363 DataOffset = GSHORT(pd, offset);
9367 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
9371 offset += 2; /* Skip Data Offset */
9373 /* Build display for: Data Displacement */
9375 DataDisplacement = GSHORT(pd, offset);
9379 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Displacement: %u", DataDisplacement);
9383 offset += 2; /* Skip Data Displacement */
9385 /* Build display for: Setup Count */
9387 SetupCount = GBYTE(pd, offset);
9391 proto_tree_add_text(tree, NullTVB, offset, 1, "Setup Count: %u", SetupCount);
9395 offset += 1; /* Skip Setup Count */
9397 /* Build display for: Reserved3 */
9399 Reserved3 = GBYTE(pd, offset);
9403 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved3: %u", Reserved3);
9407 offset += 1; /* Skip Reserved3 */
9409 if (SetupCount > 0) {
9413 Setup = GSHORT(pd, offset);
9415 for (i = 1; i <= SetupCount; i++) {
9417 Setup = GSHORT(pd, offset);
9421 proto_tree_add_text(tree, NullTVB, offset, 2, "Setup%i: %u", i, Setup);
9425 offset += 2; /* Skip Setup */
9430 /* Build display for: Byte Count (BCC) */
9432 ByteCount = GSHORT(pd, offset);
9436 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
9440 offset += 2; /* Skip Byte Count (BCC) */
9442 if (offset < (SMB_offset + ParameterOffset)) {
9444 int pad1Count = SMB_offset + ParameterOffset - offset;
9446 /* Build display for: Pad1 */
9450 proto_tree_add_text(tree, NullTVB, offset, pad1Count, "Pad1: %s", format_text(pd + offset, pad1Count));
9453 offset += pad1Count; /* Skip Pad1 */
9457 /* Build display for: Parameter */
9459 if (ParameterCount > 0) {
9463 proto_tree_add_text(tree, NullTVB, offset, ParameterCount, "Parameter: %s", format_text(pd + SMB_offset + ParameterOffset, ParameterCount));
9467 offset += ParameterCount; /* Skip Parameter */
9471 if (DataCount > 0 && offset < (SMB_offset + DataOffset)) {
9473 int pad2Count = SMB_offset + DataOffset - offset;
9475 /* Build display for: Pad2 */
9479 proto_tree_add_text(tree, NullTVB, offset, pad2Count, "Pad2: %s", format_text(pd + offset, pad2Count));
9483 offset += pad2Count; /* Skip Pad2 */
9487 /* Build display for: Data */
9489 if (DataCount > 0) {
9493 proto_tree_add_text(tree, NullTVB, offset, DataCount, "Data: %s", format_text(pd + SMB_offset + DataOffset, DataCount));
9497 offset += DataCount; /* Skip Data */
9507 dissect_transact_params(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn, int DataOffset, int DataCount, int ParameterOffset, int ParameterCount, int SetupAreaOffset, int SetupCount, const char *TransactName)
9509 char *TransactNameCopy;
9510 char *trans_type = NULL, *trans_cmd, *loc_of_slash = NULL;
9517 TransactNameCopy = g_malloc(TransactName ? strlen(TransactName) + 1 : 1);
9519 /* Should check for error here ... */
9521 strcpy(TransactNameCopy, TransactName ? TransactName : "");
9522 if (TransactNameCopy[0] == '\\') {
9523 trans_type = TransactNameCopy + 1; /* Skip the slash */
9524 loc_of_slash = trans_type ? strchr(trans_type, '\\') : NULL;
9528 index = loc_of_slash - trans_type; /* Make it a real index */
9529 trans_cmd = trans_type + index + 1;
9530 trans_type[index] = '\0';
9535 if ((trans_cmd == NULL) ||
9536 (((trans_type == NULL || strcmp(trans_type, "MAILSLOT") != 0) ||
9537 !dissect_mailslot_smb(pd, SetupAreaOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, trans_cmd, SMB_offset + DataOffset, DataCount, SMB_offset + ParameterOffset, ParameterCount)) &&
9538 ((trans_type == NULL || strcmp(trans_type, "PIPE") != 0) ||
9539 !dissect_pipe_smb(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, trans_cmd, DataOffset, DataCount, ParameterOffset, ParameterCount)))) {
9541 if (ParameterCount > 0) {
9543 /* Build display for: Parameters */
9547 proto_tree_add_text(tree, NullTVB, SMB_offset + ParameterOffset, ParameterCount, "Parameters: %s", format_text(pd + SMB_offset + ParameterOffset, ParameterCount));
9551 offset = SMB_offset + ParameterOffset + ParameterCount; /* Skip Parameters */
9555 if (DataCount > 0 && offset < (SMB_offset + DataOffset)) {
9557 int pad2Count = SMB_offset + DataOffset - offset;
9559 /* Build display for: Pad2 */
9563 proto_tree_add_text(tree, NullTVB, offset, pad2Count, "Pad2: %s", format_text(pd + offset, pad2Count));
9567 offset += pad2Count; /* Skip Pad2 */
9571 if (DataCount > 0) {
9573 /* Build display for: Data */
9575 Data = pd + SMB_offset + DataOffset;
9579 proto_tree_add_text(tree, NullTVB, SMB_offset + DataOffset, DataCount, "Data: %s", format_text(pd + SMB_offset + DataOffset, DataCount));
9583 offset += DataCount; /* Skip Data */
9591 dissect_transact_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
9594 proto_tree *Flags_tree;
9600 guint8 MaxSetupCount;
9602 guint16 TotalParameterCount;
9603 guint16 TotalDataCount;
9606 guint16 ParameterOffset;
9607 guint16 ParameterDisplacement;
9608 guint16 ParameterCount;
9609 guint16 MaxParameterCount;
9610 guint16 MaxDataCount;
9613 guint16 DataDisplacement;
9617 const char *TransactName;
9618 conversation_t *conversation;
9619 struct smb_request_key request_key, *new_request_key;
9620 struct smb_request_val *request_val;
9622 guint16 SetupAreaOffset;
9626 * Find out what conversation this packet is part of
9629 conversation = find_conversation(&pi.src, &pi.dst, pi.ptype,
9630 pi.srcport, pi.destport, 0);
9632 if (conversation == NULL) { /* Create a new conversation */
9634 conversation = conversation_new(&pi.src, &pi.dst, pi.ptype,
9635 pi.srcport, pi.destport, NULL, 0);
9639 si.conversation = conversation; /* Save this */
9642 * Check for and insert entry in request hash table if does not exist
9644 request_key.conversation = conversation->index;
9645 request_key.mid = si.mid;
9647 request_val = (struct smb_request_val *) g_hash_table_lookup(smb_request_hash, &request_key);
9649 if (!request_val) { /* Create one */
9651 new_request_key = g_mem_chunk_alloc(smb_request_keys);
9652 new_request_key -> conversation = conversation -> index;
9653 new_request_key -> mid = si.mid;
9655 request_val = g_mem_chunk_alloc(smb_request_vals);
9656 request_val -> mid = si.mid;
9657 request_val -> last_transact_command = NULL;
9658 request_val -> last_param_descrip = NULL;
9659 request_val -> last_data_descrip = NULL;
9661 g_hash_table_insert(smb_request_hash, new_request_key, request_val);
9665 si.request_val = request_val; /* Save this for later */
9667 if (dirn == 1) { /* Request(s) dissect code */
9669 /* Build display for: Word Count (WCT) */
9671 WordCount = GBYTE(pd, offset);
9675 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
9679 offset += 1; /* Skip Word Count (WCT) */
9681 /* Build display for: Total Parameter Count */
9683 TotalParameterCount = GSHORT(pd, offset);
9687 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
9691 offset += 2; /* Skip Total Parameter Count */
9693 /* Build display for: Total Data Count */
9695 TotalDataCount = GSHORT(pd, offset);
9699 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Data Count: %u", TotalDataCount);
9703 offset += 2; /* Skip Total Data Count */
9705 /* Build display for: Max Parameter Count */
9707 MaxParameterCount = GSHORT(pd, offset);
9711 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Parameter Count: %u", MaxParameterCount);
9715 offset += 2; /* Skip Max Parameter Count */
9717 /* Build display for: Max Data Count */
9719 MaxDataCount = GSHORT(pd, offset);
9723 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Data Count: %u", MaxDataCount);
9727 offset += 2; /* Skip Max Data Count */
9729 /* Build display for: Max Setup Count */
9731 MaxSetupCount = GBYTE(pd, offset);
9735 proto_tree_add_text(tree, NullTVB, offset, 1, "Max Setup Count: %u", MaxSetupCount);
9739 offset += 1; /* Skip Max Setup Count */
9741 /* Build display for: Reserved1 */
9743 Reserved1 = GBYTE(pd, offset);
9747 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved1: %u", Reserved1);
9751 offset += 1; /* Skip Reserved1 */
9753 /* Build display for: Flags */
9755 Flags = GSHORT(pd, offset);
9759 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Flags: 0x%02x", Flags);
9760 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
9761 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
9762 decode_boolean_bitfield(Flags, 0x01, 16, "Also disconnect TID", "Dont disconnect TID"));
9763 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
9764 decode_boolean_bitfield(Flags, 0x02, 16, "One way transaction", "Two way transaction"));
9768 offset += 2; /* Skip Flags */
9770 /* Build display for: Timeout */
9772 Timeout = GWORD(pd, offset);
9776 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
9780 offset += 4; /* Skip Timeout */
9782 /* Build display for: Reserved2 */
9784 Reserved2 = GSHORT(pd, offset);
9788 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved2: %u", Reserved2);
9792 offset += 2; /* Skip Reserved2 */
9794 /* Build display for: Parameter Count */
9796 ParameterCount = GSHORT(pd, offset);
9800 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Count: %u", ParameterCount);
9804 offset += 2; /* Skip Parameter Count */
9806 /* Build display for: Parameter Offset */
9808 ParameterOffset = GSHORT(pd, offset);
9812 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Offset: %u", ParameterOffset);
9816 offset += 2; /* Skip Parameter Offset */
9818 /* Build display for: Data Count */
9820 DataCount = GSHORT(pd, offset);
9824 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Count: %u", DataCount);
9828 offset += 2; /* Skip Data Count */
9830 /* Build display for: Data Offset */
9832 DataOffset = GSHORT(pd, offset);
9836 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
9840 offset += 2; /* Skip Data Offset */
9842 /* Build display for: Setup Count */
9844 SetupCount = GBYTE(pd, offset);
9848 proto_tree_add_text(tree, NullTVB, offset, 1, "Setup Count: %u", SetupCount);
9852 offset += 1; /* Skip Setup Count */
9854 /* Build display for: Reserved3 */
9856 Reserved3 = GBYTE(pd, offset);
9860 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved3: %u", Reserved3);
9863 offset += 1; /* Skip Reserved3 */
9865 SetupAreaOffset = offset;
9867 /* Build display for: Setup */
9869 if (SetupCount > 0) {
9873 Setup = GSHORT(pd, offset);
9875 for (i = 1; i <= SetupCount; i++) {
9877 Setup = GSHORT(pd, offset);
9881 proto_tree_add_text(tree, NullTVB, offset, 2, "Setup%i: %u", i, Setup);
9885 offset += 2; /* Skip Setup */
9891 /* Build display for: Byte Count (BCC) */
9893 ByteCount = GSHORT(pd, offset);
9897 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
9901 offset += 2; /* Skip Byte Count (BCC) */
9903 /* Build display for: Transact Name */
9905 /* Watch out for Unicode names */
9909 if (offset % 2) offset++; /* Looks like a pad byte there sometimes */
9911 TransactName = unicode_to_str(pd + offset, &TNlen);
9916 TransactName = pd + offset;
9917 TNlen = strlen(TransactName) + 1;
9920 if (request_val -> last_transact_command) g_free(request_val -> last_transact_command);
9922 request_val -> last_transact_command = g_malloc(strlen(TransactName) + 1);
9924 if (request_val -> last_transact_command)
9925 strcpy(request_val -> last_transact_command, TransactName);
9927 if (check_col(fd, COL_INFO)) {
9929 col_add_fstr(fd, COL_INFO, "%s %s", TransactName, (dirn ? "Request" : "Response"));
9935 proto_tree_add_text(tree, NullTVB, offset, TNlen, "Transact Name: %s", TransactName);
9939 offset += TNlen; /* Skip Transact Name */
9940 if (si.unicode) offset += 2; /* There are two more extraneous bytes there*/
9942 if (offset < (SMB_offset + ParameterOffset)) {
9944 int pad1Count = SMB_offset + ParameterOffset - offset;
9946 /* Build display for: Pad1 */
9950 proto_tree_add_text(tree, NullTVB, offset, pad1Count, "Pad1: %s", format_text(pd + offset, pad1Count));
9953 offset += pad1Count; /* Skip Pad1 */
9957 /* Let's see if we can decode this */
9959 dissect_transact_params(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, DataOffset, DataCount, ParameterOffset, ParameterCount, SetupAreaOffset, SetupCount, TransactName);
9963 if (dirn == 0) { /* Response(s) dissect code */
9965 if (check_col(fd, COL_INFO)) {
9966 if ( request_val -> last_transact_command )
9967 col_add_fstr(fd, COL_INFO, "%s %s", request_val -> last_transact_command, "Response");
9968 else col_add_fstr(fd, COL_INFO, "Response to unknown message");
9972 /* Build display for: Word Count (WCT) */
9974 WordCount = GBYTE(pd, offset);
9978 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
9982 offset += 1; /* Skip Word Count (WCT) */
9984 /* Build display for: Total Parameter Count */
9986 TotalParameterCount = GSHORT(pd, offset);
9990 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
9994 offset += 2; /* Skip Total Parameter Count */
9996 /* Build display for: Total Data Count */
9998 TotalDataCount = GSHORT(pd, offset);
10002 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Data Count: %u", TotalDataCount);
10006 offset += 2; /* Skip Total Data Count */
10008 /* Build display for: Reserved2 */
10010 Reserved2 = GSHORT(pd, offset);
10014 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved2: %u", Reserved2);
10018 offset += 2; /* Skip Reserved2 */
10020 /* Build display for: Parameter Count */
10022 ParameterCount = GSHORT(pd, offset);
10026 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Count: %u", ParameterCount);
10030 offset += 2; /* Skip Parameter Count */
10032 /* Build display for: Parameter Offset */
10034 ParameterOffset = GSHORT(pd, offset);
10038 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Offset: %u", ParameterOffset);
10042 offset += 2; /* Skip Parameter Offset */
10044 /* Build display for: Parameter Displacement */
10046 ParameterDisplacement = GSHORT(pd, offset);
10050 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Displacement: %u", ParameterDisplacement);
10054 offset += 2; /* Skip Parameter Displacement */
10056 /* Build display for: Data Count */
10058 DataCount = GSHORT(pd, offset);
10062 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Count: %u", DataCount);
10066 offset += 2; /* Skip Data Count */
10068 /* Build display for: Data Offset */
10070 DataOffset = GSHORT(pd, offset);
10074 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
10078 offset += 2; /* Skip Data Offset */
10080 /* Build display for: Data Displacement */
10082 DataDisplacement = GSHORT(pd, offset);
10086 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Displacement: %u", DataDisplacement);
10090 offset += 2; /* Skip Data Displacement */
10092 /* Build display for: Setup Count */
10094 SetupCount = GBYTE(pd, offset);
10098 proto_tree_add_text(tree, NullTVB, offset, 1, "Setup Count: %u", SetupCount);
10102 offset += 1; /* Skip Setup Count */
10105 /* Build display for: Reserved3 */
10107 Reserved3 = GBYTE(pd, offset);
10111 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved3: %u", Reserved3);
10116 offset += 1; /* Skip Reserved3 */
10118 SetupAreaOffset = offset;
10120 /* Build display for: Setup */
10122 if (SetupCount > 0) {
10124 int i = SetupCount;
10126 Setup = GSHORT(pd, offset);
10128 for (i = 1; i <= SetupCount; i++) {
10130 Setup = GSHORT(pd, offset);
10134 proto_tree_add_text(tree, NullTVB, offset, 2, "Setup%i: %u", i, Setup);
10138 offset += 2; /* Skip Setup */
10144 /* Build display for: Byte Count (BCC) */
10146 ByteCount = GSHORT(pd, offset);
10150 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
10154 offset += 2; /* Skip Byte Count (BCC) */
10156 /* Build display for: Pad1 */
10158 if (offset < (SMB_offset + ParameterOffset)) {
10160 int pad1Count = SMB_offset + ParameterOffset - offset;
10162 /* Build display for: Pad1 */
10166 proto_tree_add_text(tree, NullTVB, offset, pad1Count, "Pad1: %s", format_text(pd + offset, pad1Count));
10169 offset += pad1Count; /* Skip Pad1 */
10173 dissect_transact_params(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, DataOffset, DataCount, ParameterOffset, ParameterCount, SetupAreaOffset, SetupCount, si.request_val -> last_transact_command);
10183 void (*dissect[256])(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info, int, int, int, int) = {
10185 dissect_createdir_smb, /* unknown SMB 0x00 */
10186 dissect_deletedir_smb, /* unknown SMB 0x01 */
10187 dissect_unknown_smb, /* SMBopen open a file */
10188 dissect_create_file_smb, /* SMBcreate create a file */
10189 dissect_close_smb, /* SMBclose close a file */
10190 dissect_flush_file_smb, /* SMBflush flush a file */
10191 dissect_delete_file_smb, /* SMBunlink delete a file */
10192 dissect_rename_file_smb, /* SMBmv rename a file */
10193 dissect_get_file_attr_smb,/* SMBgetatr get file attributes */
10194 dissect_set_file_attr_smb,/* SMBsetatr set file attributes */
10195 dissect_read_file_smb, /* SMBread read from a file */
10196 dissect_write_file_smb, /* SMBwrite write to a file */
10197 dissect_lock_bytes_smb, /* SMBlock lock a byte range */
10198 dissect_unlock_bytes_smb, /* SMBunlock unlock a byte range */
10199 dissect_create_temporary_file_smb,/* SMBctemp create a temporary file */
10200 dissect_unknown_smb, /* SMBmknew make a new file */
10201 dissect_checkdir_smb, /* SMBchkpth check a directory path */
10202 dissect_process_exit_smb, /* SMBexit process exit */
10203 dissect_unknown_smb, /* SMBlseek seek */
10204 dissect_lock_and_read_smb,/* SMBlockread Lock a range and read it */
10205 dissect_write_and_unlock_smb,/* SMBwriteunlock Unlock a range and then write */
10206 dissect_unknown_smb, /* unknown SMB 0x15 */
10207 dissect_unknown_smb, /* unknown SMB 0x16 */
10208 dissect_unknown_smb, /* unknown SMB 0x17 */
10209 dissect_unknown_smb, /* unknown SMB 0x18 */
10210 dissect_unknown_smb, /* unknown SMB 0x19 */
10211 dissect_read_raw_smb, /* SMBreadBraw read block raw */
10212 dissect_read_mpx_smb, /* SMBreadBmpx read block multiplexed */
10213 dissect_unknown_smb, /* SMBreadBs read block (secondary response) */
10214 dissect_write_raw_smb, /* SMBwriteBraw write block raw */
10215 dissect_write_mpx_smb, /* SMBwriteBmpx write block multiplexed */
10216 dissect_unknown_smb, /* SMBwriteBs write block (secondary request) */
10217 dissect_unknown_smb, /* SMBwriteC write complete response */
10218 dissect_unknown_smb, /* unknown SMB 0x21 */
10219 dissect_set_info2_smb, /* SMBsetattrE set file attributes expanded */
10220 dissect_query_info2_smb, /* SMBgetattrE get file attributes expanded */
10221 dissect_locking_andx_smb, /* SMBlockingX lock/unlock byte ranges and X */
10222 dissect_transact_smb, /* SMBtrans transaction - name, bytes in/out */
10223 dissect_unknown_smb, /* SMBtranss transaction (secondary request/response) */
10224 dissect_unknown_smb, /* SMBioctl IOCTL */
10225 dissect_unknown_smb, /* SMBioctls IOCTL (secondary request/response) */
10226 dissect_unknown_smb, /* SMBcopy copy */
10227 dissect_move_smb, /* SMBmove move */
10228 dissect_unknown_smb, /* SMBecho echo */
10229 dissect_unknown_smb, /* SMBwriteclose write a file and then close it */
10230 dissect_open_andx_smb, /* SMBopenX open and X */
10231 dissect_read_andx_smb, /* SMBreadX read and X */
10232 dissect_unknown_smb, /* SMBwriteX write and X */
10233 dissect_unknown_smb, /* unknown SMB 0x30 */
10234 dissect_unknown_smb, /* unknown SMB 0x31 */
10235 dissect_transact2_smb, /* unknown SMB 0x32 */
10236 dissect_unknown_smb, /* unknown SMB 0x33 */
10237 dissect_find_close2_smb, /* unknown SMB 0x34 */
10238 dissect_unknown_smb, /* unknown SMB 0x35 */
10239 dissect_unknown_smb, /* unknown SMB 0x36 */
10240 dissect_unknown_smb, /* unknown SMB 0x37 */
10241 dissect_unknown_smb, /* unknown SMB 0x38 */
10242 dissect_unknown_smb, /* unknown SMB 0x39 */
10243 dissect_unknown_smb, /* unknown SMB 0x3a */
10244 dissect_unknown_smb, /* unknown SMB 0x3b */
10245 dissect_unknown_smb, /* unknown SMB 0x3c */
10246 dissect_unknown_smb, /* unknown SMB 0x3d */
10247 dissect_unknown_smb, /* unknown SMB 0x3e */
10248 dissect_unknown_smb, /* unknown SMB 0x3f */
10249 dissect_unknown_smb, /* unknown SMB 0x40 */
10250 dissect_unknown_smb, /* unknown SMB 0x41 */
10251 dissect_unknown_smb, /* unknown SMB 0x42 */
10252 dissect_unknown_smb, /* unknown SMB 0x43 */
10253 dissect_unknown_smb, /* unknown SMB 0x44 */
10254 dissect_unknown_smb, /* unknown SMB 0x45 */
10255 dissect_unknown_smb, /* unknown SMB 0x46 */
10256 dissect_unknown_smb, /* unknown SMB 0x47 */
10257 dissect_unknown_smb, /* unknown SMB 0x48 */
10258 dissect_unknown_smb, /* unknown SMB 0x49 */
10259 dissect_unknown_smb, /* unknown SMB 0x4a */
10260 dissect_unknown_smb, /* unknown SMB 0x4b */
10261 dissect_unknown_smb, /* unknown SMB 0x4c */
10262 dissect_unknown_smb, /* unknown SMB 0x4d */
10263 dissect_unknown_smb, /* unknown SMB 0x4e */
10264 dissect_unknown_smb, /* unknown SMB 0x4f */
10265 dissect_unknown_smb, /* unknown SMB 0x50 */
10266 dissect_unknown_smb, /* unknown SMB 0x51 */
10267 dissect_unknown_smb, /* unknown SMB 0x52 */
10268 dissect_unknown_smb, /* unknown SMB 0x53 */
10269 dissect_unknown_smb, /* unknown SMB 0x54 */
10270 dissect_unknown_smb, /* unknown SMB 0x55 */
10271 dissect_unknown_smb, /* unknown SMB 0x56 */
10272 dissect_unknown_smb, /* unknown SMB 0x57 */
10273 dissect_unknown_smb, /* unknown SMB 0x58 */
10274 dissect_unknown_smb, /* unknown SMB 0x59 */
10275 dissect_unknown_smb, /* unknown SMB 0x5a */
10276 dissect_unknown_smb, /* unknown SMB 0x5b */
10277 dissect_unknown_smb, /* unknown SMB 0x5c */
10278 dissect_unknown_smb, /* unknown SMB 0x5d */
10279 dissect_unknown_smb, /* unknown SMB 0x5e */
10280 dissect_unknown_smb, /* unknown SMB 0x5f */
10281 dissect_unknown_smb, /* unknown SMB 0x60 */
10282 dissect_unknown_smb, /* unknown SMB 0x61 */
10283 dissect_unknown_smb, /* unknown SMB 0x62 */
10284 dissect_unknown_smb, /* unknown SMB 0x63 */
10285 dissect_unknown_smb, /* unknown SMB 0x64 */
10286 dissect_unknown_smb, /* unknown SMB 0x65 */
10287 dissect_unknown_smb, /* unknown SMB 0x66 */
10288 dissect_unknown_smb, /* unknown SMB 0x67 */
10289 dissect_unknown_smb, /* unknown SMB 0x68 */
10290 dissect_unknown_smb, /* unknown SMB 0x69 */
10291 dissect_unknown_smb, /* unknown SMB 0x6a */
10292 dissect_unknown_smb, /* unknown SMB 0x6b */
10293 dissect_unknown_smb, /* unknown SMB 0x6c */
10294 dissect_unknown_smb, /* unknown SMB 0x6d */
10295 dissect_unknown_smb, /* unknown SMB 0x6e */
10296 dissect_unknown_smb, /* unknown SMB 0x6f */
10297 dissect_treecon_smb, /* SMBtcon tree connect */
10298 dissect_tdis_smb, /* SMBtdis tree disconnect */
10299 dissect_negprot_smb, /* SMBnegprot negotiate a protocol */
10300 dissect_ssetup_andx_smb, /* SMBsesssetupX Session Set Up & X (including User Logon) */
10301 dissect_logoff_andx_smb, /* SMBlogof Logoff & X */
10302 dissect_tcon_andx_smb, /* SMBtconX tree connect and X */
10303 dissect_unknown_smb, /* unknown SMB 0x76 */
10304 dissect_unknown_smb, /* unknown SMB 0x77 */
10305 dissect_unknown_smb, /* unknown SMB 0x78 */
10306 dissect_unknown_smb, /* unknown SMB 0x79 */
10307 dissect_unknown_smb, /* unknown SMB 0x7a */
10308 dissect_unknown_smb, /* unknown SMB 0x7b */
10309 dissect_unknown_smb, /* unknown SMB 0x7c */
10310 dissect_unknown_smb, /* unknown SMB 0x7d */
10311 dissect_unknown_smb, /* unknown SMB 0x7e */
10312 dissect_unknown_smb, /* unknown SMB 0x7f */
10313 dissect_get_disk_attr_smb,/* SMBdskattr get disk attributes */
10314 dissect_search_dir_smb, /* SMBsearch search a directory */
10315 dissect_unknown_smb, /* SMBffirst find first */
10316 dissect_unknown_smb, /* SMBfunique find unique */
10317 dissect_unknown_smb, /* SMBfclose find close */
10318 dissect_unknown_smb, /* unknown SMB 0x85 */
10319 dissect_unknown_smb, /* unknown SMB 0x86 */
10320 dissect_unknown_smb, /* unknown SMB 0x87 */
10321 dissect_unknown_smb, /* unknown SMB 0x88 */
10322 dissect_unknown_smb, /* unknown SMB 0x89 */
10323 dissect_unknown_smb, /* unknown SMB 0x8a */
10324 dissect_unknown_smb, /* unknown SMB 0x8b */
10325 dissect_unknown_smb, /* unknown SMB 0x8c */
10326 dissect_unknown_smb, /* unknown SMB 0x8d */
10327 dissect_unknown_smb, /* unknown SMB 0x8e */
10328 dissect_unknown_smb, /* unknown SMB 0x8f */
10329 dissect_unknown_smb, /* unknown SMB 0x90 */
10330 dissect_unknown_smb, /* unknown SMB 0x91 */
10331 dissect_unknown_smb, /* unknown SMB 0x92 */
10332 dissect_unknown_smb, /* unknown SMB 0x93 */
10333 dissect_unknown_smb, /* unknown SMB 0x94 */
10334 dissect_unknown_smb, /* unknown SMB 0x95 */
10335 dissect_unknown_smb, /* unknown SMB 0x96 */
10336 dissect_unknown_smb, /* unknown SMB 0x97 */
10337 dissect_unknown_smb, /* unknown SMB 0x98 */
10338 dissect_unknown_smb, /* unknown SMB 0x99 */
10339 dissect_unknown_smb, /* unknown SMB 0x9a */
10340 dissect_unknown_smb, /* unknown SMB 0x9b */
10341 dissect_unknown_smb, /* unknown SMB 0x9c */
10342 dissect_unknown_smb, /* unknown SMB 0x9d */
10343 dissect_unknown_smb, /* unknown SMB 0x9e */
10344 dissect_unknown_smb, /* unknown SMB 0x9f */
10345 dissect_unknown_smb, /* unknown SMB 0xa0 */
10346 dissect_unknown_smb, /* unknown SMB 0xa1 */
10347 dissect_unknown_smb, /* unknown SMB 0xa2 */
10348 dissect_unknown_smb, /* unknown SMB 0xa3 */
10349 dissect_unknown_smb, /* unknown SMB 0xa4 */
10350 dissect_unknown_smb, /* unknown SMB 0xa5 */
10351 dissect_unknown_smb, /* unknown SMB 0xa6 */
10352 dissect_unknown_smb, /* unknown SMB 0xa7 */
10353 dissect_unknown_smb, /* unknown SMB 0xa8 */
10354 dissect_unknown_smb, /* unknown SMB 0xa9 */
10355 dissect_unknown_smb, /* unknown SMB 0xaa */
10356 dissect_unknown_smb, /* unknown SMB 0xab */
10357 dissect_unknown_smb, /* unknown SMB 0xac */
10358 dissect_unknown_smb, /* unknown SMB 0xad */
10359 dissect_unknown_smb, /* unknown SMB 0xae */
10360 dissect_unknown_smb, /* unknown SMB 0xaf */
10361 dissect_unknown_smb, /* unknown SMB 0xb0 */
10362 dissect_unknown_smb, /* unknown SMB 0xb1 */
10363 dissect_unknown_smb, /* unknown SMB 0xb2 */
10364 dissect_unknown_smb, /* unknown SMB 0xb3 */
10365 dissect_unknown_smb, /* unknown SMB 0xb4 */
10366 dissect_unknown_smb, /* unknown SMB 0xb5 */
10367 dissect_unknown_smb, /* unknown SMB 0xb6 */
10368 dissect_unknown_smb, /* unknown SMB 0xb7 */
10369 dissect_unknown_smb, /* unknown SMB 0xb8 */
10370 dissect_unknown_smb, /* unknown SMB 0xb9 */
10371 dissect_unknown_smb, /* unknown SMB 0xba */
10372 dissect_unknown_smb, /* unknown SMB 0xbb */
10373 dissect_unknown_smb, /* unknown SMB 0xbc */
10374 dissect_unknown_smb, /* unknown SMB 0xbd */
10375 dissect_unknown_smb, /* unknown SMB 0xbe */
10376 dissect_unknown_smb, /* unknown SMB 0xbf */
10377 dissect_unknown_smb, /* SMBsplopen open a print spool file */
10378 dissect_write_print_file_smb,/* SMBsplwr write to a print spool file */
10379 dissect_close_print_file_smb,/* SMBsplclose close a print spool file */
10380 dissect_get_print_queue_smb, /* SMBsplretq return print queue */
10381 dissect_unknown_smb, /* unknown SMB 0xc4 */
10382 dissect_unknown_smb, /* unknown SMB 0xc5 */
10383 dissect_unknown_smb, /* unknown SMB 0xc6 */
10384 dissect_unknown_smb, /* unknown SMB 0xc7 */
10385 dissect_unknown_smb, /* unknown SMB 0xc8 */
10386 dissect_unknown_smb, /* unknown SMB 0xc9 */
10387 dissect_unknown_smb, /* unknown SMB 0xca */
10388 dissect_unknown_smb, /* unknown SMB 0xcb */
10389 dissect_unknown_smb, /* unknown SMB 0xcc */
10390 dissect_unknown_smb, /* unknown SMB 0xcd */
10391 dissect_unknown_smb, /* unknown SMB 0xce */
10392 dissect_unknown_smb, /* unknown SMB 0xcf */
10393 dissect_unknown_smb, /* SMBsends send a single block message */
10394 dissect_unknown_smb, /* SMBsendb send a broadcast message */
10395 dissect_unknown_smb, /* SMBfwdname forward user name */
10396 dissect_unknown_smb, /* SMBcancelf cancel forward */
10397 dissect_unknown_smb, /* SMBgetmac get a machine name */
10398 dissect_unknown_smb, /* SMBsendstrt send start of multi-block message */
10399 dissect_unknown_smb, /* SMBsendend send end of multi-block message */
10400 dissect_unknown_smb, /* SMBsendtxt send text of multi-block message */
10401 dissect_unknown_smb, /* unknown SMB 0xd8 */
10402 dissect_unknown_smb, /* unknown SMB 0xd9 */
10403 dissect_unknown_smb, /* unknown SMB 0xda */
10404 dissect_unknown_smb, /* unknown SMB 0xdb */
10405 dissect_unknown_smb, /* unknown SMB 0xdc */
10406 dissect_unknown_smb, /* unknown SMB 0xdd */
10407 dissect_unknown_smb, /* unknown SMB 0xde */
10408 dissect_unknown_smb, /* unknown SMB 0xdf */
10409 dissect_unknown_smb, /* unknown SMB 0xe0 */
10410 dissect_unknown_smb, /* unknown SMB 0xe1 */
10411 dissect_unknown_smb, /* unknown SMB 0xe2 */
10412 dissect_unknown_smb, /* unknown SMB 0xe3 */
10413 dissect_unknown_smb, /* unknown SMB 0xe4 */
10414 dissect_unknown_smb, /* unknown SMB 0xe5 */
10415 dissect_unknown_smb, /* unknown SMB 0xe6 */
10416 dissect_unknown_smb, /* unknown SMB 0xe7 */
10417 dissect_unknown_smb, /* unknown SMB 0xe8 */
10418 dissect_unknown_smb, /* unknown SMB 0xe9 */
10419 dissect_unknown_smb, /* unknown SMB 0xea */
10420 dissect_unknown_smb, /* unknown SMB 0xeb */
10421 dissect_unknown_smb, /* unknown SMB 0xec */
10422 dissect_unknown_smb, /* unknown SMB 0xed */
10423 dissect_unknown_smb, /* unknown SMB 0xee */
10424 dissect_unknown_smb, /* unknown SMB 0xef */
10425 dissect_unknown_smb, /* unknown SMB 0xf0 */
10426 dissect_unknown_smb, /* unknown SMB 0xf1 */
10427 dissect_unknown_smb, /* unknown SMB 0xf2 */
10428 dissect_unknown_smb, /* unknown SMB 0xf3 */
10429 dissect_unknown_smb, /* unknown SMB 0xf4 */
10430 dissect_unknown_smb, /* unknown SMB 0xf5 */
10431 dissect_unknown_smb, /* unknown SMB 0xf6 */
10432 dissect_unknown_smb, /* unknown SMB 0xf7 */
10433 dissect_unknown_smb, /* unknown SMB 0xf8 */
10434 dissect_unknown_smb, /* unknown SMB 0xf9 */
10435 dissect_unknown_smb, /* unknown SMB 0xfa */
10436 dissect_unknown_smb, /* unknown SMB 0xfb */
10437 dissect_unknown_smb, /* unknown SMB 0xfc */
10438 dissect_unknown_smb, /* unknown SMB 0xfd */
10439 dissect_unknown_smb, /* SMBinvalid invalid command */
10440 dissect_unknown_smb /* unknown SMB 0xff */
10444 static const value_string errcls_types[] = {
10445 { SMB_SUCCESS, "Success"},
10446 { SMB_ERRDOS, "DOS Error"},
10447 { SMB_ERRSRV, "Server Error"},
10448 { SMB_ERRHRD, "Hardware Error"},
10449 { SMB_ERRCMD, "Command Error - Not an SMB format command"},
10453 char *decode_smb_name(unsigned char cmd)
10456 return(SMB_names[cmd]);
10460 static const value_string DOS_errors[] = {
10461 {SMBE_badfunc, "Invalid function (or system call)"},
10462 {SMBE_badfile, "File not found (pathname error)"},
10463 {SMBE_badpath, "Directory not found"},
10464 {SMBE_nofids, "Too many open files"},
10465 {SMBE_noaccess, "Access denied"},
10466 {SMBE_badfid, "Invalid fid"},
10467 {SMBE_nomem, "Out of memory"},
10468 {SMBE_badmem, "Invalid memory block address"},
10469 {SMBE_badenv, "Invalid environment"},
10470 {SMBE_badaccess, "Invalid open mode"},
10471 {SMBE_baddata, "Invalid data (only from ioctl call)"},
10472 {SMBE_res, "Reserved error code?"},
10473 {SMBE_baddrive, "Invalid drive"},
10474 {SMBE_remcd, "Attempt to delete current directory"},
10475 {SMBE_diffdevice, "Rename/move across different filesystems"},
10476 {SMBE_nofiles, "no more files found in file search"},
10477 {SMBE_badshare, "Share mode on file conflict with open mode"},
10478 {SMBE_lock, "Lock request conflicts with existing lock"},
10479 {SMBE_unsup, "Request unsupported, returned by Win 95"},
10480 {SMBE_filexists, "File in operation already exists"},
10481 {SMBE_cannotopen, "Cannot open the file specified"},
10482 {SMBE_unknownlevel, "Unknown level??"},
10483 {SMBE_badpipe, "Named pipe invalid"},
10484 {SMBE_pipebusy, "All instances of pipe are busy"},
10485 {SMBE_pipeclosing, "Named pipe close in progress"},
10486 {SMBE_notconnected, "No process on other end of named pipe"},
10487 {SMBE_moredata, "More data to be returned"},
10488 {SMBE_baddirectory, "Invalid directory name in a path."},
10489 {SMBE_eas_didnt_fit, "Extended attributes didn't fit"},
10490 {SMBE_eas_nsup, "Extended attributes not supported"},
10491 {SMBE_notify_buf_small, "Buffer too small to return change notify."},
10492 {SMBE_unknownipc, "Unknown IPC Operation"},
10493 {SMBE_noipc, "Don't support ipc"},
10497 /* Error codes for the ERRSRV class */
10499 static const value_string SRV_errors[] = {
10500 {SMBE_error, "Non specific error code"},
10501 {SMBE_badpw, "Bad password"},
10502 {SMBE_badtype, "Reserved"},
10503 {SMBE_access, "No permissions to perform the requested operation"},
10504 {SMBE_invnid, "TID invalid"},
10505 {SMBE_invnetname, "Invalid network name. Service not found"},
10506 {SMBE_invdevice, "Invalid device"},
10507 {SMBE_unknownsmb, "Unknown SMB, from NT 3.5 response"},
10508 {SMBE_qfull, "Print queue full"},
10509 {SMBE_qtoobig, "Queued item too big"},
10510 {SMBE_qeof, "EOF on print queue dump"},
10511 {SMBE_invpfid, "Invalid print file in smb_fid"},
10512 {SMBE_smbcmd, "Unrecognised command"},
10513 {SMBE_srverror, "SMB server internal error"},
10514 {SMBE_filespecs, "Fid and pathname invalid combination"},
10515 {SMBE_badlink, "Bad link in request ???"},
10516 {SMBE_badpermits, "Access specified for a file is not valid"},
10517 {SMBE_badpid, "Bad process id in request"},
10518 {SMBE_setattrmode, "Attribute mode invalid"},
10519 {SMBE_paused, "Message server paused"},
10520 {SMBE_msgoff, "Not receiving messages"},
10521 {SMBE_noroom, "No room for message"},
10522 {SMBE_rmuns, "Too many remote usernames"},
10523 {SMBE_timeout, "Operation timed out"},
10524 {SMBE_noresource, "No resources currently available for request."},
10525 {SMBE_toomanyuids, "Too many userids"},
10526 {SMBE_baduid, "Bad userid"},
10527 {SMBE_useMPX, "Temporarily unable to use raw mode, use MPX mode"},
10528 {SMBE_useSTD, "Temporarily unable to use raw mode, use standard mode"},
10529 {SMBE_contMPX, "Resume MPX mode"},
10530 {SMBE_badPW, "Bad Password???"},
10531 {SMBE_nosupport, "Operation not supported"},
10535 /* Error codes for the ERRHRD class */
10537 static const value_string HRD_errors[] = {
10538 {SMBE_nowrite, "read only media"},
10539 {SMBE_badunit, "Unknown device"},
10540 {SMBE_notready, "Drive not ready"},
10541 {SMBE_badcmd, "Unknown command"},
10542 {SMBE_data, "Data (CRC) error"},
10543 {SMBE_badreq, "Bad request structure length"},
10544 {SMBE_seek, "Seek error???"},
10545 {SMBE_badmedia, "Bad media???"},
10546 {SMBE_badsector, "Bad sector???"},
10547 {SMBE_nopaper, "No paper in printer???"},
10548 {SMBE_write, "Write error???"},
10549 {SMBE_read, "Read error???"},
10550 {SMBE_general, "General error???"},
10551 {SMBE_badshare, "A open conflicts with an existing open"},
10552 {SMBE_lock, "Lock/unlock error"},
10553 {SMBE_wrongdisk, "Wrong disk???"},
10554 {SMBE_FCBunavail, "FCB unavailable???"},
10555 {SMBE_sharebufexc, "Share buffer excluded???"},
10556 {SMBE_diskfull, "Disk full???"},
10560 char *decode_smb_error(guint8 errcls, guint16 errcode)
10567 return("No Error"); /* No error ??? */
10572 return(val_to_str(errcode, DOS_errors, "Unknown DOS error (%x)"));
10577 return(val_to_str(errcode, SRV_errors, "Unknown SRV error (%x)"));
10582 return(val_to_str(errcode, HRD_errors, "Unknown HRD error (%x)"));
10587 return("Unknown error class!");
10593 #define SMB_FLAGS_DIRN 0x80
10596 dissect_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data)
10598 proto_tree *smb_tree = tree, *flags_tree, *flags2_tree;
10599 proto_item *ti, *tf;
10600 guint8 cmd, errcls, errcode1, flags;
10601 guint16 flags2, errcode, tid, pid, uid, mid;
10603 int SMB_offset = offset;
10604 struct smb_info si;
10606 OLD_CHECK_DISPLAY_AS_DATA(proto_smb, pd, offset, fd, tree);
10610 cmd = pd[offset + SMB_hdr_com_offset];
10612 if (check_col(fd, COL_PROTOCOL))
10613 col_set_str(fd, COL_PROTOCOL, "SMB");
10615 /* Hmmm, poor coding here ... Also, should check the type */
10617 if (check_col(fd, COL_INFO)) {
10619 col_add_fstr(fd, COL_INFO, "%s %s", decode_smb_name(cmd), (pi.match_port == pi.destport)? "Request" : "Response");
10625 ti = proto_tree_add_item(tree, proto_smb, NullTVB, offset, END_OF_FRAME, FALSE);
10626 smb_tree = proto_item_add_subtree(ti, ett_smb);
10628 /* 0xFFSMB is actually a 1 byte msg type and 3 byte server
10629 * component ... SMB is only one used
10632 proto_tree_add_text(smb_tree, NullTVB, offset, 1, "Message Type: 0xFF");
10633 proto_tree_add_text(smb_tree, NullTVB, offset+1, 3, "Server Component: SMB");
10637 offset += 4; /* Skip the marker */
10641 proto_tree_add_uint(smb_tree, hf_smb_cmd, NullTVB, offset, 1, cmd);
10647 /* Handle error code */
10649 if (GSHORT(pd, SMB_offset + 10) & 0x4000) {
10651 /* handle NT 32 bit error code */
10652 errcode = 0; /* better than a random number */
10653 status = GWORD(pd, offset);
10657 proto_tree_add_text(smb_tree, NullTVB, offset, 4, "Status: 0x%08x",
10666 /* handle DOS error code & class */
10668 /* Next, look at the error class, SMB_RETCLASS */
10670 errcls = pd[offset];
10674 proto_tree_add_text(smb_tree, NullTVB, offset, 1, "Error Class: %s",
10675 val_to_str((guint8)pd[offset], errcls_types, "Unknown Error Class (%x)"));
10680 /* Error code, SMB_HEINFO ... */
10682 errcode1 = pd[offset];
10686 proto_tree_add_text(smb_tree, NullTVB, offset, 1, "Reserved: %i", errcode1);
10692 errcode = GSHORT(pd, offset);
10696 proto_tree_add_text(smb_tree, NullTVB, offset, 2, "Error Code: %s",
10697 decode_smb_error(errcls, errcode));
10704 /* Now for the flags: Bit 0 = 0 means cmd, 0 = 1 means resp */
10706 flags = pd[offset];
10710 tf = proto_tree_add_text(smb_tree, NullTVB, offset, 1, "Flags: 0x%02x", flags);
10712 flags_tree = proto_item_add_subtree(tf, ett_smb_flags);
10713 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10714 decode_boolean_bitfield(flags, 0x01, 8,
10715 "Lock&Read, Write&Unlock supported",
10716 "Lock&Read, Write&Unlock not supported"));
10717 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10718 decode_boolean_bitfield(flags, 0x02, 8,
10719 "Receive buffer posted",
10720 "Receive buffer not posted"));
10721 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10722 decode_boolean_bitfield(flags, 0x08, 8,
10723 "Path names caseless",
10724 "Path names case sensitive"));
10725 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10726 decode_boolean_bitfield(flags, 0x10, 8,
10727 "Pathnames canonicalized",
10728 "Pathnames not canonicalized"));
10729 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10730 decode_boolean_bitfield(flags, 0x20, 8,
10731 "OpLocks requested/granted",
10732 "OpLocks not requested/granted"));
10733 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10734 decode_boolean_bitfield(flags, 0x40, 8,
10736 "Notify open only"));
10738 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10739 decode_boolean_bitfield(flags, SMB_FLAGS_DIRN,
10740 8, "Response to client/redirector", "Request to server"));
10746 flags2 = GSHORT(pd, offset);
10750 tf = proto_tree_add_text(smb_tree, NullTVB, offset, 2, "Flags2: 0x%04x", flags2);
10752 flags2_tree = proto_item_add_subtree(tf, ett_smb_flags2);
10753 proto_tree_add_text(flags2_tree, NullTVB, offset, 2, "%s",
10754 decode_boolean_bitfield(flags2, 0x0001, 16,
10755 "Long file names supported",
10756 "Long file names not supported"));
10757 proto_tree_add_text(flags2_tree, NullTVB, offset, 2, "%s",
10758 decode_boolean_bitfield(flags2, 0x0002, 16,
10759 "Extended attributes supported",
10760 "Extended attributes not supported"));
10761 proto_tree_add_text(flags2_tree, NullTVB, offset, 1, "%s",
10762 decode_boolean_bitfield(flags2, 0x0004, 16,
10763 "Security signatures supported",
10764 "Security signatures not supported"));
10765 proto_tree_add_text(flags2_tree, NullTVB, offset, 2, "%s",
10766 decode_boolean_bitfield(flags2, 0x0800, 16,
10767 "Extended security negotiation supported",
10768 "Extended security negotiation not supported"));
10769 proto_tree_add_text(flags2_tree, NullTVB, offset, 2, "%s",
10770 decode_boolean_bitfield(flags2, 0x1000, 16,
10771 "Resolve pathnames with DFS",
10772 "Don't resolve pathnames with DFS"));
10773 proto_tree_add_text(flags2_tree, NullTVB, offset, 2, "%s",
10774 decode_boolean_bitfield(flags2, 0x2000, 16,
10775 "Permit reads if execute-only",
10776 "Don't permit reads if execute-only"));
10777 proto_tree_add_text(flags2_tree, NullTVB, offset, 2, "%s",
10778 decode_boolean_bitfield(flags2, 0x4000, 16,
10779 "Error codes are NT error codes",
10780 "Error codes are DOS error codes"));
10781 proto_tree_add_text(flags2_tree, NullTVB, offset, 2, "%s",
10782 decode_boolean_bitfield(flags2, 0x8000, 16,
10783 "Strings are Unicode",
10784 "Strings are ASCII"));
10788 if (flags2 & 0x8000) si.unicode = 1; /* Mark them as Unicode */
10794 proto_tree_add_text(smb_tree, NullTVB, offset, 12, "Reserved: 6 WORDS");
10800 /* Now the TID, tree ID */
10802 tid = GSHORT(pd, offset);
10807 proto_tree_add_text(smb_tree, NullTVB, offset, 2, "Network Path/Tree ID (TID): %i (%04x)", tid, tid);
10813 /* Now the PID, Process ID */
10815 pid = GSHORT(pd, offset);
10820 proto_tree_add_text(smb_tree, NullTVB, offset, 2, "Process ID (PID): %i (%04x)", pid, pid);
10826 /* Now the UID, User ID */
10828 uid = GSHORT(pd, offset);
10833 proto_tree_add_text(smb_tree, NullTVB, offset, 2, "User ID (UID): %i (%04x)", uid, uid);
10839 /* Now the MID, Multiplex ID */
10841 mid = GSHORT(pd, offset);
10846 proto_tree_add_text(smb_tree, NullTVB, offset, 2, "Multiplex ID (MID): %i (%04x)", mid, mid);
10852 /* Now vector through the table to dissect them */
10854 (dissect[cmd])(pd, offset, fd, tree, smb_tree, si, max_data, SMB_offset, errcode,
10855 ((flags & 0x80) == 0));
10860 /*** External routines called during the registration process */
10862 extern void register_proto_smb_browse( void);
10863 extern void register_proto_smb_logon( void);
10864 extern void register_proto_smb_mailslot( void);
10865 extern void register_proto_smb_pipe( void);
10866 extern void register_proto_smb_mailslot( void);
10870 proto_register_smb(void)
10872 static hf_register_info hf[] = {
10874 { "SMB Command", "smb.cmd",
10875 FT_UINT8, BASE_HEX, VALS(smb_cmd_vals), 0x0, "" }}
10879 static gint *ett[] = {
10881 &ett_smb_fileattributes,
10882 &ett_smb_capabilities,
10889 &ett_smb_desiredaccess,
10892 &ett_smb_openfunction,
10895 &ett_smb_writemode,
10896 &ett_smb_lock_type,
10899 proto_smb = proto_register_protocol("SMB (Server Message Block Protocol)", "smb");
10901 proto_register_subtree_array(ett, array_length(ett));
10902 proto_register_field_array(proto_smb, hf, array_length(hf));
10903 register_init_routine(&smb_init_protocol);
10905 register_proto_smb_browse();
10906 register_proto_smb_logon( );
10907 register_proto_smb_mailslot();
10908 register_proto_smb_pipe();
git.samba.org / obnox / wireshark / wip.git / blob