2 * Routines for smb packet dissection
3 * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
5 * $Id: packet-smb.c,v 1.71 2000/08/13 14:08:50 deniel Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@zing.org>
9 * Copyright 1998 Gerald Combs
11 * Copied from packet-pop.c
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
34 #ifdef HAVE_SYS_TYPES_H
35 # include <sys/types.h>
38 #ifdef HAVE_NETINET_IN_H
39 # include <netinet/in.h>
47 #include "conversation.h"
49 #include "alignment.h"
51 guint32 dissect_mailslot_smb(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info, int, int, int, int, const u_char *, int, int, int, int);
53 guint32 dissect_pipe_smb(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info, int, int, int, int, const u_char *, int, int, int, int);
56 static int proto_smb = -1;
58 static int hf_smb_cmd = -1;
60 static gint ett_smb = -1;
61 static gint ett_smb_fileattributes = -1;
62 static gint ett_smb_capabilities = -1;
63 static gint ett_smb_aflags = -1;
64 static gint ett_smb_dialects = -1;
65 static gint ett_smb_mode = -1;
66 static gint ett_smb_rawmode = -1;
67 static gint ett_smb_flags = -1;
68 static gint ett_smb_flags2 = -1;
69 static gint ett_smb_desiredaccess = -1;
70 static gint ett_smb_search = -1;
71 static gint ett_smb_file = -1;
72 static gint ett_smb_openfunction = -1;
73 static gint ett_smb_filetype = -1;
74 static gint ett_smb_action = -1;
75 static gint ett_smb_writemode = -1;
76 static gint ett_smb_lock_type = -1;
81 * Struct passed to each SMB decode routine of info it may need
84 char *decode_smb_name(unsigned char);
86 int smb_packet_init_count = 200;
88 struct smb_request_key {
94 GHashTable *smb_request_hash = NULL;
95 GMemChunk *smb_request_keys = NULL;
96 GMemChunk *smb_request_vals = NULL;
100 smb_equal(gconstpointer v, gconstpointer w)
102 struct smb_request_key *v1 = (struct smb_request_key *)v;
103 struct smb_request_key *v2 = (struct smb_request_key *)w;
105 #if defined(DEBUG_SMB_HASH)
106 printf("Comparing %08X:%u\n and %08X:%u\n",
107 v1 -> conversation, v1 -> mid,
108 v2 -> conversation, v2 -> mid);
111 if (v1 -> conversation == v2 -> conversation &&
112 v1 -> mid == v2 -> mid) {
122 smb_hash (gconstpointer v)
124 struct smb_request_key *key = (struct smb_request_key *)v;
127 val = key -> conversation + key -> mid;
129 #if defined(DEBUG_SMB_HASH)
130 printf("SMB Hash calculated as %u\n", val);
138 * Free up any state information we've saved, and re-initialize the
139 * tables of state information.
142 smb_init_protocol(void)
144 #if defined(DEBUG_SMB_HASH)
145 printf("Initializing SMB hashtable area\n");
148 if (smb_request_hash)
149 g_hash_table_destroy(smb_request_hash);
150 if (smb_request_keys)
151 g_mem_chunk_destroy(smb_request_keys);
152 if (smb_request_vals)
153 g_mem_chunk_destroy(smb_request_vals);
155 smb_request_hash = g_hash_table_new(smb_hash, smb_equal);
156 smb_request_keys = g_mem_chunk_new("smb_request_keys",
157 sizeof(struct smb_request_key),
158 smb_packet_init_count * sizeof(struct smb_request_key), G_ALLOC_AND_FREE);
159 smb_request_vals = g_mem_chunk_new("smb_request_vals",
160 sizeof(struct smb_request_val),
161 smb_packet_init_count * sizeof(struct smb_request_val), G_ALLOC_AND_FREE);
164 void (*dissect[256])(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info si, int, int, int, int);
166 static const value_string smb_cmd_vals[] = {
167 { 0x00, "SMBcreatedirectory" },
168 { 0x01, "SMBdeletedirectory" },
170 { 0x03, "SMBcreate" },
171 { 0x04, "SMBclose" },
172 { 0x05, "SMBflush" },
173 { 0x06, "SMBunlink" },
175 { 0x08, "SMBgetatr" },
176 { 0x09, "SMBsetatr" },
178 { 0x0B, "SMBwrite" },
180 { 0x0D, "SMBunlock" },
181 { 0x0E, "SMBctemp" },
182 { 0x0F, "SMBmknew" },
183 { 0x10, "SMBchkpth" },
185 { 0x12, "SMBlseek" },
186 { 0x13, "SMBlockread" },
187 { 0x14, "SMBwriteunlock" },
188 { 0x15, "unknown-0x15" },
189 { 0x16, "unknown-0x16" },
190 { 0x17, "unknown-0x17" },
191 { 0x18, "unknown-0x18" },
192 { 0x19, "unknown-0x19" },
193 { 0x1A, "SMBreadBraw" },
194 { 0x1B, "SMBreadBmpx" },
195 { 0x1C, "SMBreadBs" },
196 { 0x1D, "SMBwriteBraw" },
197 { 0x1E, "SMBwriteBmpx" },
198 { 0x1F, "SMBwriteBs" },
199 { 0x20, "SMBwriteC" },
200 { 0x21, "unknown-0x21" },
201 { 0x22, "SMBsetattrE" },
202 { 0x23, "SMBgetattrE" },
203 { 0x24, "SMBlockingX" },
204 { 0x25, "SMBtrans" },
205 { 0x26, "SMBtranss" },
206 { 0x27, "SMBioctl" },
207 { 0x28, "SMBioctls" },
211 { 0x2C, "SMBwriteclose" },
212 { 0x2D, "SMBopenX" },
213 { 0x2E, "SMBreadX" },
214 { 0x2F, "SMBwriteX" },
215 { 0x30, "unknown-0x30" },
216 { 0x31, "SMBcloseandtreedisc" },
217 { 0x32, "SMBtrans2" },
218 { 0x33, "SMBtrans2secondary" },
219 { 0x34, "SMBfindclose2" },
220 { 0x35, "SMBfindnotifyclose" },
221 { 0x36, "unknown-0x36" },
222 { 0x37, "unknown-0x37" },
223 { 0x38, "unknown-0x38" },
224 { 0x39, "unknown-0x39" },
225 { 0x3A, "unknown-0x3A" },
226 { 0x3B, "unknown-0x3B" },
227 { 0x3C, "unknown-0x3C" },
228 { 0x3D, "unknown-0x3D" },
229 { 0x3E, "unknown-0x3E" },
230 { 0x3F, "unknown-0x3F" },
231 { 0x40, "unknown-0x40" },
232 { 0x41, "unknown-0x41" },
233 { 0x42, "unknown-0x42" },
234 { 0x43, "unknown-0x43" },
235 { 0x44, "unknown-0x44" },
236 { 0x45, "unknown-0x45" },
237 { 0x46, "unknown-0x46" },
238 { 0x47, "unknown-0x47" },
239 { 0x48, "unknown-0x48" },
240 { 0x49, "unknown-0x49" },
241 { 0x4A, "unknown-0x4A" },
242 { 0x4B, "unknown-0x4B" },
243 { 0x4C, "unknown-0x4C" },
244 { 0x4D, "unknown-0x4D" },
245 { 0x4E, "unknown-0x4E" },
246 { 0x4F, "unknown-0x4F" },
247 { 0x50, "unknown-0x50" },
248 { 0x51, "unknown-0x51" },
249 { 0x52, "unknown-0x52" },
250 { 0x53, "unknown-0x53" },
251 { 0x54, "unknown-0x54" },
252 { 0x55, "unknown-0x55" },
253 { 0x56, "unknown-0x56" },
254 { 0x57, "unknown-0x57" },
255 { 0x58, "unknown-0x58" },
256 { 0x59, "unknown-0x59" },
257 { 0x5A, "unknown-0x5A" },
258 { 0x5B, "unknown-0x5B" },
259 { 0x5C, "unknown-0x5C" },
260 { 0x5D, "unknown-0x5D" },
261 { 0x5E, "unknown-0x5E" },
262 { 0x5F, "unknown-0x5F" },
263 { 0x60, "unknown-0x60" },
264 { 0x61, "unknown-0x61" },
265 { 0x62, "unknown-0x62" },
266 { 0x63, "unknown-0x63" },
267 { 0x64, "unknown-0x64" },
268 { 0x65, "unknown-0x65" },
269 { 0x66, "unknown-0x66" },
270 { 0x67, "unknown-0x67" },
271 { 0x68, "unknown-0x68" },
272 { 0x69, "unknown-0x69" },
273 { 0x6A, "unknown-0x6A" },
274 { 0x6B, "unknown-0x6B" },
275 { 0x6C, "unknown-0x6C" },
276 { 0x6D, "unknown-0x6D" },
277 { 0x6E, "unknown-0x6E" },
278 { 0x6F, "unknown-0x6F" },
281 { 0x72, "SMBnegprot" },
282 { 0x73, "SMBsesssetupX" },
283 { 0x74, "SMBlogoffX" },
284 { 0x75, "SMBtconX" },
285 { 0x76, "unknown-0x76" },
286 { 0x77, "unknown-0x77" },
287 { 0x78, "unknown-0x78" },
288 { 0x79, "unknown-0x79" },
289 { 0x7A, "unknown-0x7A" },
290 { 0x7B, "unknown-0x7B" },
291 { 0x7C, "unknown-0x7C" },
292 { 0x7D, "unknown-0x7D" },
293 { 0x7E, "unknown-0x7E" },
294 { 0x7F, "unknown-0x7F" },
295 { 0x80, "SMBdskattr" },
296 { 0x81, "SMBsearch" },
297 { 0x82, "SMBffirst" },
298 { 0x83, "SMBfunique" },
299 { 0x84, "SMBfclose" },
300 { 0x85, "unknown-0x85" },
301 { 0x86, "unknown-0x86" },
302 { 0x87, "unknown-0x87" },
303 { 0x88, "unknown-0x88" },
304 { 0x89, "unknown-0x89" },
305 { 0x8A, "unknown-0x8A" },
306 { 0x8B, "unknown-0x8B" },
307 { 0x8C, "unknown-0x8C" },
308 { 0x8D, "unknown-0x8D" },
309 { 0x8E, "unknown-0x8E" },
310 { 0x8F, "unknown-0x8F" },
311 { 0x90, "unknown-0x90" },
312 { 0x91, "unknown-0x91" },
313 { 0x92, "unknown-0x92" },
314 { 0x93, "unknown-0x93" },
315 { 0x94, "unknown-0x94" },
316 { 0x95, "unknown-0x95" },
317 { 0x96, "unknown-0x96" },
318 { 0x97, "unknown-0x97" },
319 { 0x98, "unknown-0x98" },
320 { 0x99, "unknown-0x99" },
321 { 0x9A, "unknown-0x9A" },
322 { 0x9B, "unknown-0x9B" },
323 { 0x9C, "unknown-0x9C" },
324 { 0x9D, "unknown-0x9D" },
325 { 0x9E, "unknown-0x9E" },
326 { 0x9F, "unknown-0x9F" },
327 { 0xA0, "SMBnttransact" },
328 { 0xA1, "SMBnttransactsecondary" },
329 { 0xA2, "SMBntcreateX" },
330 { 0xA3, "unknown-0xA3" },
331 { 0xA4, "SMBntcancel" },
332 { 0xA5, "unknown-0xA5" },
333 { 0xA6, "unknown-0xA6" },
334 { 0xA7, "unknown-0xA7" },
335 { 0xA8, "unknown-0xA8" },
336 { 0xA9, "unknown-0xA9" },
337 { 0xAA, "unknown-0xAA" },
338 { 0xAB, "unknown-0xAB" },
339 { 0xAC, "unknown-0xAC" },
340 { 0xAD, "unknown-0xAD" },
341 { 0xAE, "unknown-0xAE" },
342 { 0xAF, "unknown-0xAF" },
343 { 0xB0, "unknown-0xB0" },
344 { 0xB1, "unknown-0xB1" },
345 { 0xB2, "unknown-0xB2" },
346 { 0xB3, "unknown-0xB3" },
347 { 0xB4, "unknown-0xB4" },
348 { 0xB5, "unknown-0xB5" },
349 { 0xB6, "unknown-0xB6" },
350 { 0xB7, "unknown-0xB7" },
351 { 0xB8, "unknown-0xB8" },
352 { 0xB9, "unknown-0xB9" },
353 { 0xBA, "unknown-0xBA" },
354 { 0xBB, "unknown-0xBB" },
355 { 0xBC, "unknown-0xBC" },
356 { 0xBD, "unknown-0xBD" },
357 { 0xBE, "unknown-0xBE" },
358 { 0xBF, "unknown-0xBF" },
359 { 0xC0, "SMBsplopen" },
360 { 0xC1, "SMBsplwr" },
361 { 0xC2, "SMBsplclose" },
362 { 0xC3, "SMBsplretq" },
363 { 0xC4, "unknown-0xC4" },
364 { 0xC5, "unknown-0xC5" },
365 { 0xC6, "unknown-0xC6" },
366 { 0xC7, "unknown-0xC7" },
367 { 0xC8, "unknown-0xC8" },
368 { 0xC9, "unknown-0xC9" },
369 { 0xCA, "unknown-0xCA" },
370 { 0xCB, "unknown-0xCB" },
371 { 0xCC, "unknown-0xCC" },
372 { 0xCD, "unknown-0xCD" },
373 { 0xCE, "unknown-0xCE" },
374 { 0xCF, "unknown-0xCF" },
375 { 0xD0, "SMBsends" },
376 { 0xD1, "SMBsendb" },
377 { 0xD2, "SMBfwdname" },
378 { 0xD3, "SMBcancelf" },
379 { 0xD4, "SMBgetmac" },
380 { 0xD5, "SMBsendstrt" },
381 { 0xD6, "SMBsendend" },
382 { 0xD7, "SMBsendtxt" },
383 { 0xD8, "SMBreadbulk" },
384 { 0xD9, "SMBwritebulk" },
385 { 0xDA, "SMBwritebulkdata" },
386 { 0xDB, "unknown-0xDB" },
387 { 0xDC, "unknown-0xDC" },
388 { 0xDD, "unknown-0xDD" },
389 { 0xDE, "unknown-0xDE" },
390 { 0xDF, "unknown-0xDF" },
391 { 0xE0, "unknown-0xE0" },
392 { 0xE1, "unknown-0xE1" },
393 { 0xE2, "unknown-0xE2" },
394 { 0xE3, "unknown-0xE3" },
395 { 0xE4, "unknown-0xE4" },
396 { 0xE5, "unknown-0xE5" },
397 { 0xE6, "unknown-0xE6" },
398 { 0xE7, "unknown-0xE7" },
399 { 0xE8, "unknown-0xE8" },
400 { 0xE9, "unknown-0xE9" },
401 { 0xEA, "unknown-0xEA" },
402 { 0xEB, "unknown-0xEB" },
403 { 0xEC, "unknown-0xEC" },
404 { 0xED, "unknown-0xED" },
405 { 0xEE, "unknown-0xEE" },
406 { 0xEF, "unknown-0xEF" },
407 { 0xF0, "unknown-0xF0" },
408 { 0xF1, "unknown-0xF1" },
409 { 0xF2, "unknown-0xF2" },
410 { 0xF3, "unknown-0xF3" },
411 { 0xF4, "unknown-0xF4" },
412 { 0xF5, "unknown-0xF5" },
413 { 0xF6, "unknown-0xF6" },
414 { 0xF7, "unknown-0xF7" },
415 { 0xF8, "unknown-0xF8" },
416 { 0xF9, "unknown-0xF9" },
417 { 0xFA, "unknown-0xFA" },
418 { 0xFB, "unknown-0xFB" },
419 { 0xFC, "unknown-0xFC" },
420 { 0xFD, "unknown-0xFD" },
421 { 0xFE, "SMBinvalid" },
422 { 0xFF, "unknown-0xFF" },
425 char *SMB_names[256] = {
426 "SMBcreatedirectory",
427 "SMBdeletedirectory",
475 "SMBcloseandtreedisc",
477 "SMBtrans2secondary",
479 "SMBfindnotifyclose",
587 "SMBnttransactsecondary",
685 dissect_unknown_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
690 proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Data (%u bytes)",
698 * Dissect a UNIX like date ...
701 struct tm *_gtime; /* Add leading underscore ("_") to prevent symbol
702 conflict with /usr/include/time.h on some NetBSD
706 dissect_smbu_date(guint16 date, guint16 time)
709 static char datebuf[4+2+2+2+1];
710 time_t ltime = (date << 16) + time;
712 _gtime = gmtime(<ime);
713 sprintf(datebuf, "%04d-%02d-%02d",
714 1900 + (_gtime -> tm_year), 1 + (_gtime -> tm_mon), _gtime -> tm_mday);
724 dissect_smbu_time(guint16 date, guint16 time)
727 static char timebuf[2+2+2+2+1];
729 sprintf(timebuf, "%02d:%02d:%02d",
730 _gtime -> tm_hour, _gtime -> tm_min, _gtime -> tm_sec);
737 * Dissect a DOS-format date.
740 dissect_dos_date(guint16 date)
742 static char datebuf[4+2+2+1];
744 sprintf(datebuf, "%04d-%02d-%02d",
745 ((date>>9)&0x7F) + 1980, (date>>5)&0x0F, date&0x1F);
750 * Dissect a DOS-format time.
753 dissect_dos_time(guint16 time)
755 static char timebuf[2+2+2+1];
757 sprintf(timebuf, "%02d:%02d:%02d",
758 (time>>11)&0x1F, (time>>5)&0x3F, (time&0x1F)*2);
762 /* Max string length for displaying Unicode strings. */
763 #define MAX_UNICODE_STR_LEN 256
765 /* Turn a little-endian Unicode '\0'-terminated string into a string we
767 XXX - for now, we just handle the ISO 8859-1 characters. */
769 unicode_to_str(const guint8 *us, int *us_lenp) {
770 static gchar str[3][MAX_UNICODE_STR_LEN+3+1];
777 if (cur == &str[0][0]) {
779 } else if (cur == &str[1][0]) {
785 len = MAX_UNICODE_STR_LEN;
787 while (*us != 0 || *(us + 1) != 0) {
797 /* Note that we're not showing the full string. */
808 * Each dissect routine is passed an offset to wct and works from there
812 dissect_flush_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
819 if (dirn == 1) { /* Request(s) dissect code */
821 /* Build display for: Word Count (WCT) */
823 WordCount = GBYTE(pd, offset);
827 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
831 offset += 1; /* Skip Word Count (WCT) */
833 /* Build display for: FID */
835 FID = GSHORT(pd, offset);
839 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
843 offset += 2; /* Skip FID */
845 /* Build display for: Byte Count */
847 ByteCount = GSHORT(pd, offset);
851 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
855 offset += 2; /* Skip Byte Count */
859 if (dirn == 0) { /* Response(s) dissect code */
861 /* Build display for: Word Count (WCT) */
863 WordCount = GBYTE(pd, offset);
867 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
871 offset += 1; /* Skip Word Count (WCT) */
873 /* Build display for: Byte Count (BCC) */
875 ByteCount = GSHORT(pd, offset);
879 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
883 offset += 2; /* Skip Byte Count (BCC) */
890 dissect_get_disk_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
898 guint16 BlocksPerUnit;
901 if (dirn == 1) { /* Request(s) dissect code */
903 /* Build display for: Word Count (WCT) */
905 WordCount = GBYTE(pd, offset);
909 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
913 offset += 1; /* Skip Word Count (WCT) */
915 /* Build display for: Byte Count (BCC) */
917 ByteCount = GSHORT(pd, offset);
921 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
925 offset += 2; /* Skip Byte Count (BCC) */
929 if (dirn == 0) { /* Response(s) dissect code */
931 /* Build display for: Word Count (WCT) */
933 WordCount = GBYTE(pd, offset);
937 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
941 offset += 1; /* Skip Word Count (WCT) */
945 /* Build display for: Total Units */
947 TotalUnits = GSHORT(pd, offset);
951 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Units: %u", TotalUnits);
955 offset += 2; /* Skip Total Units */
957 /* Build display for: Blocks Per Unit */
959 BlocksPerUnit = GSHORT(pd, offset);
963 proto_tree_add_text(tree, NullTVB, offset, 2, "Blocks Per Unit: %u", BlocksPerUnit);
967 offset += 2; /* Skip Blocks Per Unit */
969 /* Build display for: Block Size */
971 BlockSize = GSHORT(pd, offset);
975 proto_tree_add_text(tree, NullTVB, offset, 2, "Block Size: %u", BlockSize);
979 offset += 2; /* Skip Block Size */
981 /* Build display for: Free Units */
983 FreeUnits = GSHORT(pd, offset);
987 proto_tree_add_text(tree, NullTVB, offset, 2, "Free Units: %u", FreeUnits);
991 offset += 2; /* Skip Free Units */
993 /* Build display for: Reserved */
995 Reserved = GSHORT(pd, offset);
999 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
1003 offset += 2; /* Skip Reserved */
1007 /* Build display for: Byte Count (BCC) */
1009 ByteCount = GSHORT(pd, offset);
1013 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1017 offset += 2; /* Skip Byte Count (BCC) */
1024 dissect_set_file_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1027 proto_tree *Attributes_tree;
1031 guint8 BufferFormat;
1037 guint16 LastWriteTime;
1038 guint16 LastWriteDate;
1040 const char *FileName;
1042 if (dirn == 1) { /* Request(s) dissect code */
1044 /* Build display for: Word Count (WCT) */
1046 WordCount = GBYTE(pd, offset);
1050 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1054 offset += 1; /* Skip Word Count (WCT) */
1056 if (WordCount > 0) {
1058 /* Build display for: Attributes */
1060 Attributes = GSHORT(pd, offset);
1064 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Attributes: 0x%02x", Attributes);
1065 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
1066 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1067 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
1068 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1069 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
1070 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1071 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
1072 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1073 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
1074 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1075 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
1076 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1077 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
1081 offset += 2; /* Skip Attributes */
1083 /* Build display for: Last Write Time */
1085 LastWriteTime = GSHORT(pd, offset);
1089 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_dos_time(LastWriteTime));
1093 offset += 2; /* Skip Last Write Time */
1095 /* Build display for: Last Write Date */
1097 LastWriteDate = GSHORT(pd, offset);
1101 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_dos_date(LastWriteDate));
1105 offset += 2; /* Skip Last Write Date */
1107 /* Build display for: Reserved 1 */
1109 Reserved1 = GSHORT(pd, offset);
1113 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
1117 offset += 2; /* Skip Reserved 1 */
1119 /* Build display for: Reserved 2 */
1121 Reserved2 = GSHORT(pd, offset);
1125 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 2: %u", Reserved2);
1129 offset += 2; /* Skip Reserved 2 */
1131 /* Build display for: Reserved 3 */
1133 Reserved3 = GSHORT(pd, offset);
1137 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 3: %u", Reserved3);
1141 offset += 2; /* Skip Reserved 3 */
1143 /* Build display for: Reserved 4 */
1145 Reserved4 = GSHORT(pd, offset);
1149 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 4: %u", Reserved4);
1153 offset += 2; /* Skip Reserved 4 */
1155 /* Build display for: Reserved 5 */
1157 Reserved5 = GSHORT(pd, offset);
1161 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 5: %u", Reserved5);
1165 offset += 2; /* Skip Reserved 5 */
1169 /* Build display for: Byte Count (BCC) */
1171 ByteCount = GSHORT(pd, offset);
1175 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1179 offset += 2; /* Skip Byte Count (BCC) */
1181 /* Build display for: Buffer Format */
1183 BufferFormat = GBYTE(pd, offset);
1187 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
1191 offset += 1; /* Skip Buffer Format */
1193 /* Build display for: File Name */
1195 FileName = pd + offset;
1199 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
1203 offset += strlen(FileName) + 1; /* Skip File Name */
1207 if (dirn == 0) { /* Response(s) dissect code */
1209 /* Build display for: Word Count (WCT) */
1211 WordCount = GBYTE(pd, offset);
1215 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1219 offset += 1; /* Skip Word Count (WCT) */
1221 /* Build display for: Byte Count (BCC) */
1223 ByteCount = GBYTE(pd, offset);
1227 proto_tree_add_text(tree, NullTVB, offset, 1, "Byte Count (BCC): %u", ByteCount);
1231 offset += 1; /* Skip Byte Count (BCC) */
1238 dissect_write_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1242 guint8 BufferFormat;
1250 if (dirn == 1) { /* Request(s) dissect code */
1252 /* Build display for: Word Count (WCT) */
1254 WordCount = GBYTE(pd, offset);
1258 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1262 offset += 1; /* Skip Word Count (WCT) */
1264 /* Build display for: FID */
1266 FID = GSHORT(pd, offset);
1270 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
1274 offset += 2; /* Skip FID */
1276 /* Build display for: Count */
1278 Count = GSHORT(pd, offset);
1282 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
1286 offset += 2; /* Skip Count */
1288 /* Build display for: Offset */
1290 Offset = GWORD(pd, offset);
1294 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
1298 offset += 4; /* Skip Offset */
1300 /* Build display for: Remaining */
1302 Remaining = GSHORT(pd, offset);
1306 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
1310 offset += 2; /* Skip Remaining */
1312 /* Build display for: Byte Count (BCC) */
1314 ByteCount = GSHORT(pd, offset);
1318 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1322 offset += 2; /* Skip Byte Count (BCC) */
1324 /* Build display for: Buffer Format */
1326 BufferFormat = GBYTE(pd, offset);
1330 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
1334 offset += 1; /* Skip Buffer Format */
1336 /* Build display for: Data Length */
1338 DataLength = GSHORT(pd, offset);
1342 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
1346 offset += 2; /* Skip Data Length */
1348 if (ByteCount > 0 && tree) {
1350 if(END_OF_FRAME >= ByteCount)
1351 proto_tree_add_text(tree, NullTVB, offset, ByteCount, "Data (%u bytes)", ByteCount);
1353 proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Data (first %u bytes)", END_OF_FRAME);
1359 if (dirn == 0) { /* Response(s) dissect code */
1361 /* Build display for: Word Count (WCT) */
1363 WordCount = GBYTE(pd, offset);
1367 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1371 offset += 1; /* Skip Word Count (WCT) */
1373 /* Build display for: Count */
1375 Count = GSHORT(pd, offset);
1379 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
1383 offset += 2; /* Skip Count */
1385 /* Build display for: Byte Count (BCC) */
1387 ByteCount = GSHORT(pd, offset);
1391 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1395 offset += 2; /* Skip Byte Count (BCC) */
1402 dissect_read_mpx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *arent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1416 guint16 DataCompactionMode;
1420 if (dirn == 1) { /* Request(s) dissect code */
1422 /* Build display for: Word Count (WCT) */
1424 WordCount = GBYTE(pd, offset);
1428 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1432 offset += 1; /* Skip Word Count (WCT) */
1434 /* Build display for: FID */
1436 FID = GSHORT(pd, offset);
1440 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
1444 offset += 2; /* Skip FID */
1446 /* Build display for: Offset */
1448 Offset = GWORD(pd, offset);
1452 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
1456 offset += 4; /* Skip Offset */
1458 /* Build display for: Max Count */
1460 MaxCount = GSHORT(pd, offset);
1464 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
1468 offset += 2; /* Skip Max Count */
1470 /* Build display for: Min Count */
1472 MinCount = GSHORT(pd, offset);
1476 proto_tree_add_text(tree, NullTVB, offset, 2, "Min Count: %u", MinCount);
1480 offset += 2; /* Skip Min Count */
1482 /* Build display for: Reserved 1 */
1484 Reserved1 = GWORD(pd, offset);
1488 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved 1: %u", Reserved1);
1492 offset += 4; /* Skip Reserved 1 */
1494 /* Build display for: Reserved 2 */
1496 Reserved2 = GSHORT(pd, offset);
1500 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 2: %u", Reserved2);
1504 offset += 2; /* Skip Reserved 2 */
1506 /* Build display for: Byte Count (BCC) */
1508 ByteCount = GSHORT(pd, offset);
1512 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1516 offset += 2; /* Skip Byte Count (BCC) */
1520 if (dirn == 0) { /* Response(s) dissect code */
1522 /* Build display for: Word Count */
1524 WordCount = GBYTE(pd, offset);
1528 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count: %u", WordCount);
1532 offset += 1; /* Skip Word Count */
1534 if (WordCount > 0) {
1536 /* Build display for: Offset */
1538 Offset = GWORD(pd, offset);
1542 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
1546 offset += 4; /* Skip Offset */
1548 /* Build display for: Count */
1550 Count = GSHORT(pd, offset);
1554 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
1558 offset += 2; /* Skip Count */
1560 /* Build display for: Reserved */
1562 Reserved = GSHORT(pd, offset);
1566 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
1570 offset += 2; /* Skip Reserved */
1572 /* Build display for: Data Compaction Mode */
1574 DataCompactionMode = GSHORT(pd, offset);
1578 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Compaction Mode: %u", DataCompactionMode);
1582 offset += 2; /* Skip Data Compaction Mode */
1584 /* Build display for: Reserved */
1586 Reserved = GSHORT(pd, offset);
1590 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
1594 offset += 2; /* Skip Reserved */
1596 /* Build display for: Data Length */
1598 DataLength = GSHORT(pd, offset);
1602 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
1606 offset += 2; /* Skip Data Length */
1608 /* Build display for: Data Offset */
1610 DataOffset = GSHORT(pd, offset);
1614 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
1618 offset += 2; /* Skip Data Offset */
1622 /* Build display for: Byte Count (BCC) */
1624 ByteCount = GSHORT(pd, offset);
1628 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1632 offset += 2; /* Skip Byte Count (BCC) */
1634 /* Build display for: Pad */
1636 Pad = GBYTE(pd, offset);
1640 proto_tree_add_text(tree, NullTVB, offset, 1, "Pad: %u", Pad);
1644 offset += 1; /* Skip Pad */
1651 dissect_delete_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *paernt, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1655 guint8 BufferFormat;
1656 guint16 SearchAttributes;
1658 const char *FileName;
1660 if (dirn == 1) { /* Request(s) dissect code */
1662 /* Build display for: Word Count (WCT) */
1664 WordCount = GBYTE(pd, offset);
1668 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1672 offset += 1; /* Skip Word Count (WCT) */
1674 /* Build display for: SearchAttributes */
1676 SearchAttributes = GSHORT(pd, offset);
1680 proto_tree_add_text(tree, NullTVB, offset, 2, "Search Attributes: %u", SearchAttributes);
1683 offset += 2; /* Skip SearchAttributes */
1685 /* Build display for: Byte Count (BCC) */
1687 ByteCount = GSHORT(pd, offset);
1691 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1695 offset += 2; /* Skip Byte Count (BCC) */
1697 /* Build display for: Buffer Format */
1699 BufferFormat = GBYTE(pd, offset);
1703 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
1707 offset += 1; /* Skip Buffer Format */
1709 /* Build display for: File Name */
1711 FileName = pd + offset;
1715 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
1719 offset += strlen(FileName) + 1; /* Skip File Name */
1723 if (dirn == 0) { /* Response(s) dissect code */
1725 /* Build display for: Word Count (WCT) */
1727 WordCount = GBYTE(pd, offset);
1731 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1735 offset += 1; /* Skip Word Count (WCT) */
1737 /* Build display for: Byte Count (BCC) */
1739 ByteCount = GSHORT(pd, offset);
1743 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1747 offset += 2; /* Skip Byte Count (BCC) */
1754 dissect_query_info2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1757 proto_tree *Attributes_tree;
1760 guint32 FileDataSize;
1761 guint32 FileAllocationSize;
1762 guint16 LastWriteTime;
1763 guint16 LastWriteDate;
1764 guint16 LastAccessTime;
1765 guint16 LastAccessDate;
1767 guint16 CreationTime;
1768 guint16 CreationDate;
1772 if (dirn == 1) { /* Request(s) dissect code */
1774 /* Build display for: Word Count (WCT) */
1776 WordCount = GBYTE(pd, offset);
1780 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1784 offset += 1; /* Skip Word Count (WCT) */
1786 /* Build display for: FID */
1788 FID = GSHORT(pd, offset);
1792 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
1796 offset += 2; /* Skip FID */
1798 /* Build display for: Byte Count */
1800 ByteCount = GSHORT(pd, offset);
1804 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
1808 offset += 2; /* Skip Byte Count */
1812 if (dirn == 0) { /* Response(s) dissect code */
1814 /* Build display for: Word Count (WCT) */
1816 WordCount = GBYTE(pd, offset);
1820 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1824 offset += 1; /* Skip Word Count (WCT) */
1826 if (WordCount > 0) {
1828 /* Build display for: Creation Date */
1830 CreationDate = GSHORT(pd, offset);
1834 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Date: %s", dissect_dos_date(CreationDate));
1838 offset += 2; /* Skip Creation Date */
1840 /* Build display for: Creation Time */
1842 CreationTime = GSHORT(pd, offset);
1846 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Time: %s", dissect_dos_time(CreationTime));
1850 offset += 2; /* Skip Creation Time */
1852 /* Build display for: Last Access Date */
1854 LastAccessDate = GSHORT(pd, offset);
1858 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Access Date: %s", dissect_dos_date(LastAccessDate));
1862 offset += 2; /* Skip Last Access Date */
1864 /* Build display for: Last Access Time */
1866 LastAccessTime = GSHORT(pd, offset);
1870 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Access Time: %s", dissect_dos_time(LastAccessTime));
1874 offset += 2; /* Skip Last Access Time */
1876 /* Build display for: Last Write Date */
1878 LastWriteDate = GSHORT(pd, offset);
1882 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_dos_date(LastWriteDate));
1886 offset += 2; /* Skip Last Write Date */
1888 /* Build display for: Last Write Time */
1890 LastWriteTime = GSHORT(pd, offset);
1894 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_dos_time(LastWriteTime));
1898 offset += 2; /* Skip Last Write Time */
1900 /* Build display for: File Data Size */
1902 FileDataSize = GWORD(pd, offset);
1906 proto_tree_add_text(tree, NullTVB, offset, 4, "File Data Size: %u", FileDataSize);
1910 offset += 4; /* Skip File Data Size */
1912 /* Build display for: File Allocation Size */
1914 FileAllocationSize = GWORD(pd, offset);
1918 proto_tree_add_text(tree, NullTVB, offset, 4, "File Allocation Size: %u", FileAllocationSize);
1922 offset += 4; /* Skip File Allocation Size */
1924 /* Build display for: Attributes */
1926 Attributes = GSHORT(pd, offset);
1930 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Attributes: 0x%02x", Attributes);
1931 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
1932 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1933 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
1934 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1935 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
1936 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1937 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
1938 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1939 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
1940 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1941 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
1942 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1943 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
1947 offset += 2; /* Skip Attributes */
1951 /* Build display for: Byte Count */
1953 ByteCount = GSHORT(pd, offset);
1957 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
1961 offset += 2; /* Skip Byte Count */
1968 dissect_treecon_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1972 guint8 BufferFormat3;
1973 guint8 BufferFormat2;
1974 guint8 BufferFormat1;
1976 guint16 MaxBufferSize;
1978 const char *SharePath;
1979 const char *Service;
1980 const char *Password;
1982 if (dirn == 1) { /* Request(s) dissect code */
1984 /* Build display for: Word Count (WCT) */
1986 WordCount = GBYTE(pd, offset);
1990 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1994 offset += 1; /* Skip Word Count (WCT) */
1996 /* Build display for: Byte Count (BCC) */
1998 ByteCount = GSHORT(pd, offset);
2002 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
2006 offset += 2; /* Skip Byte Count (BCC) */
2008 /* Build display for: BufferFormat1 */
2010 BufferFormat1 = GBYTE(pd, offset);
2014 proto_tree_add_text(tree, NullTVB, offset, 1, "BufferFormat1: %u", BufferFormat1);
2018 offset += 1; /* Skip BufferFormat1 */
2020 /* Build display for: Share Path */
2022 SharePath = pd + offset;
2026 proto_tree_add_text(tree, NullTVB, offset, strlen(SharePath) + 1, "Share Path: %s", SharePath);
2030 offset += strlen(SharePath) + 1; /* Skip Share Path */
2032 /* Build display for: BufferFormat2 */
2034 BufferFormat2 = GBYTE(pd, offset);
2038 proto_tree_add_text(tree, NullTVB, offset, 1, "BufferFormat2: %u", BufferFormat2);
2042 offset += 1; /* Skip BufferFormat2 */
2044 /* Build display for: Password */
2046 Password = pd + offset;
2050 proto_tree_add_text(tree, NullTVB, offset, strlen(Password) + 1, "Password: %s", Password);
2054 offset += strlen(Password) + 1; /* Skip Password */
2056 /* Build display for: BufferFormat3 */
2058 BufferFormat3 = GBYTE(pd, offset);
2062 proto_tree_add_text(tree, NullTVB, offset, 1, "BufferFormat3: %u", BufferFormat3);
2066 offset += 1; /* Skip BufferFormat3 */
2068 /* Build display for: Service */
2070 Service = pd + offset;
2074 proto_tree_add_text(tree, NullTVB, offset, strlen(Service) + 1, "Service: %s", Service);
2078 offset += strlen(Service) + 1; /* Skip Service */
2082 if (dirn == 0) { /* Response(s) dissect code */
2084 /* Build display for: Word Count (WCT) */
2086 WordCount = GBYTE(pd, offset);
2090 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
2094 if (errcode != 0) return;
2096 offset += 1; /* Skip Word Count (WCT) */
2098 /* Build display for: Max Buffer Size */
2100 MaxBufferSize = GSHORT(pd, offset);
2104 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Buffer Size: %u", MaxBufferSize);
2108 offset += 2; /* Skip Max Buffer Size */
2110 /* Build display for: TID */
2112 TID = GSHORT(pd, offset);
2116 proto_tree_add_text(tree, NullTVB, offset, 2, "TID: %u", TID);
2120 offset += 2; /* Skip TID */
2122 /* Build display for: Byte Count (BCC) */
2124 ByteCount = GSHORT(pd, offset);
2128 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
2132 offset += 2; /* Skip Byte Count (BCC) */
2138 /* Generated by build-dissect.pl Vesion 0.6 27-Jun-1999, ACT */
2140 dissect_ssetup_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
2143 proto_tree *Capabilities_tree;
2146 guint8 AndXReserved;
2147 guint8 AndXCommand = 0xFF;
2150 guint32 Capabilities;
2152 guint16 UNICODEAccountPasswordLength;
2153 guint16 PasswordLen;
2154 guint16 MaxMpxCount;
2155 guint16 MaxBufferSize;
2157 guint16 AndXOffset = 0;
2159 guint16 ANSIAccountPasswordLength;
2160 const char *UNICODEPassword;
2161 const char *Password;
2162 const char *PrimaryDomain;
2163 const char *NativeOS;
2164 const char *NativeLanManType;
2165 const char *NativeLanMan;
2166 const char *AccountName;
2167 const char *ANSIPassword;
2169 if (dirn == 1) { /* Request(s) dissect code */
2171 WordCount = GBYTE(pd, offset);
2173 switch (WordCount) {
2177 /* Build display for: Word Count (WCT) */
2179 WordCount = GBYTE(pd, offset);
2183 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
2187 offset += 1; /* Skip Word Count (WCT) */
2189 /* Build display for: AndXCommand */
2191 AndXCommand = GBYTE(pd, offset);
2195 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
2196 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
2200 offset += 1; /* Skip AndXCommand */
2202 /* Build display for: AndXReserved */
2204 AndXReserved = GBYTE(pd, offset);
2208 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
2212 offset += 1; /* Skip AndXReserved */
2214 /* Build display for: AndXOffset */
2216 AndXOffset = GSHORT(pd, offset);
2220 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
2224 offset += 2; /* Skip AndXOffset */
2226 /* Build display for: MaxBufferSize */
2228 MaxBufferSize = GSHORT(pd, offset);
2232 proto_tree_add_text(tree, NullTVB, offset, 2, "MaxBufferSize: %u", MaxBufferSize);
2236 offset += 2; /* Skip MaxBufferSize */
2238 /* Build display for: MaxMpxCount */
2240 MaxMpxCount = GSHORT(pd, offset);
2244 proto_tree_add_text(tree, NullTVB, offset, 2, "MaxMpxCount: %u", MaxMpxCount);
2248 offset += 2; /* Skip MaxMpxCount */
2250 /* Build display for: VcNumber */
2252 VcNumber = GSHORT(pd, offset);
2256 proto_tree_add_text(tree, NullTVB, offset, 2, "VcNumber: %u", VcNumber);
2260 offset += 2; /* Skip VcNumber */
2262 /* Build display for: SessionKey */
2264 SessionKey = GWORD(pd, offset);
2268 proto_tree_add_text(tree, NullTVB, offset, 4, "SessionKey: %u", SessionKey);
2272 offset += 4; /* Skip SessionKey */
2274 /* Build display for: PasswordLen */
2276 PasswordLen = GSHORT(pd, offset);
2280 proto_tree_add_text(tree, NullTVB, offset, 2, "PasswordLen: %u", PasswordLen);
2284 offset += 2; /* Skip PasswordLen */
2286 /* Build display for: Reserved */
2288 Reserved = GWORD(pd, offset);
2292 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved: %u", Reserved);
2296 offset += 4; /* Skip Reserved */
2298 /* Build display for: Byte Count (BCC) */
2300 ByteCount = GSHORT(pd, offset);
2304 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
2308 offset += 2; /* Skip Byte Count (BCC) */
2310 if (ByteCount > 0) {
2312 /* Build displat for: Password */
2314 Password = pd + offset;
2318 proto_tree_add_text(tree, NullTVB, offset, strlen(Password) + 1, "Password: %s", Password);
2322 offset += PasswordLen;
2324 /* Build display for: AccountName */
2326 AccountName = pd + offset;
2330 proto_tree_add_text(tree, NullTVB, offset, strlen(AccountName) + 1, "AccountName: %s", AccountName);
2334 offset += strlen(AccountName) + 1; /* Skip AccountName */
2336 /* Build display for: PrimaryDomain */
2338 PrimaryDomain = pd + offset;
2342 proto_tree_add_text(tree, NullTVB, offset, strlen(PrimaryDomain) + 1, "PrimaryDomain: %s", PrimaryDomain);
2346 offset += strlen(PrimaryDomain) + 1; /* Skip PrimaryDomain */
2348 /* Build display for: NativeOS */
2350 NativeOS = pd + offset;
2354 proto_tree_add_text(tree, NullTVB, offset, strlen(NativeOS) + 1, "Native OS: %s", NativeOS);
2358 offset += strlen(NativeOS) + 1; /* Skip NativeOS */
2360 /* Build display for: NativeLanMan */
2362 NativeLanMan = pd + offset;
2366 proto_tree_add_text(tree, NullTVB, offset, strlen(NativeLanMan) + 1, "Native Lan Manager: %s", NativeLanMan);
2370 offset += strlen(NativeLanMan) + 1; /* Skip NativeLanMan */
2378 /* Build display for: Word Count (WCT) */
2380 WordCount = GBYTE(pd, offset);
2384 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
2388 offset += 1; /* Skip Word Count (WCT) */
2390 /* Build display for: AndXCommand */
2392 AndXCommand = GBYTE(pd, offset);
2396 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
2397 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
2401 offset += 1; /* Skip AndXCommand */
2403 /* Build display for: AndXReserved */
2405 AndXReserved = GBYTE(pd, offset);
2409 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
2413 offset += 1; /* Skip AndXReserved */
2415 /* Build display for: AndXOffset */
2417 AndXOffset = GSHORT(pd, offset);
2421 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
2425 offset += 2; /* Skip AndXOffset */
2427 /* Build display for: MaxBufferSize */
2429 MaxBufferSize = GSHORT(pd, offset);
2433 proto_tree_add_text(tree, NullTVB, offset, 2, "MaxBufferSize: %u", MaxBufferSize);
2437 offset += 2; /* Skip MaxBufferSize */
2439 /* Build display for: MaxMpxCount */
2441 MaxMpxCount = GSHORT(pd, offset);
2445 proto_tree_add_text(tree, NullTVB, offset, 2, "MaxMpxCount: %u", MaxMpxCount);
2449 offset += 2; /* Skip MaxMpxCount */
2451 /* Build display for: VcNumber */
2453 VcNumber = GSHORT(pd, offset);
2457 proto_tree_add_text(tree, NullTVB, offset, 2, "VcNumber: %u", VcNumber);
2461 offset += 2; /* Skip VcNumber */
2463 /* Build display for: SessionKey */
2465 SessionKey = GWORD(pd, offset);
2469 proto_tree_add_text(tree, NullTVB, offset, 4, "SessionKey: %u", SessionKey);
2473 offset += 4; /* Skip SessionKey */
2475 /* Build display for: ANSI Account Password Length */
2477 ANSIAccountPasswordLength = GSHORT(pd, offset);
2481 proto_tree_add_text(tree, NullTVB, offset, 2, "ANSI Account Password Length: %u", ANSIAccountPasswordLength);
2485 offset += 2; /* Skip ANSI Account Password Length */
2487 /* Build display for: UNICODE Account Password Length */
2489 UNICODEAccountPasswordLength = GSHORT(pd, offset);
2493 proto_tree_add_text(tree, NullTVB, offset, 2, "UNICODE Account Password Length: %u", UNICODEAccountPasswordLength);
2497 offset += 2; /* Skip UNICODE Account Password Length */
2499 /* Build display for: Reserved */
2501 Reserved = GWORD(pd, offset);
2505 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved: %u", Reserved);
2509 offset += 4; /* Skip Reserved */
2511 /* Build display for: Capabilities */
2513 Capabilities = GWORD(pd, offset);
2517 ti = proto_tree_add_text(tree, NullTVB, offset, 4, "Capabilities: 0x%04x", Capabilities);
2518 Capabilities_tree = proto_item_add_subtree(ti, ett_smb_capabilities);
2519 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2520 decode_boolean_bitfield(Capabilities, 0x0001, 32, " Raw Mode supported", " Raw Mode not supported"));
2521 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2522 decode_boolean_bitfield(Capabilities, 0x0002, 32, " Raw Mode supported", " MPX Mode not supported"));
2523 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2524 decode_boolean_bitfield(Capabilities, 0x0004, 32," Unicode supported", " Unicode not supported"));
2525 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2526 decode_boolean_bitfield(Capabilities, 0x0008, 32, " Large Files supported", " Large Files not supported"));
2527 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2528 decode_boolean_bitfield(Capabilities, 0x0010, 32, " NT LM 0.12 SMBs supported", " NT LM 0.12 SMBs not supported"));
2529 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2530 decode_boolean_bitfield(Capabilities, 0x0020, 32, " RPC Remote APIs supported", " RPC Remote APIs not supported"));
2531 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2532 decode_boolean_bitfield(Capabilities, 0x0040, 32, " NT Status Codes supported", " NT Status Codes not supported"));
2533 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2534 decode_boolean_bitfield(Capabilities, 0x0080, 32, " Level 2 OpLocks supported", " Level 2 OpLocks not supported"));
2535 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2536 decode_boolean_bitfield(Capabilities, 0x0100, 32, " Lock&Read supported", " Lock&Read not supported"));
2537 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2538 decode_boolean_bitfield(Capabilities, 0x0200, 32, " NT Find supported", " NT Find not supported"));
2539 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2540 decode_boolean_bitfield(Capabilities, 0x1000, 32, " DFS supported", " DFS not supported"));
2541 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2542 decode_boolean_bitfield(Capabilities, 0x4000, 32, " Large READX supported", " Large READX not supported"));
2543 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2544 decode_boolean_bitfield(Capabilities, 0x8000, 32, " Large WRITEX supported", " Large WRITEX not supported"));
2545 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2546 decode_boolean_bitfield(Capabilities, 0x80000000, 32, " Extended Security Exchanges supported", " Extended Security Exchanges not supported"));
2550 offset += 4; /* Skip Capabilities */
2552 /* Build display for: Byte Count */
2554 ByteCount = GSHORT(pd, offset);
2558 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
2562 offset += 2; /* Skip Byte Count */
2564 if (ByteCount > 0) {
2566 /* Build display for: ANSI Password */
2568 ANSIPassword = pd + offset;
2570 if (ANSIAccountPasswordLength > 0) {
2574 proto_tree_add_text(tree, NullTVB, offset, ANSIAccountPasswordLength, "ANSI Password: %s", format_text(ANSIPassword, ANSIAccountPasswordLength));
2578 offset += ANSIAccountPasswordLength; /* Skip ANSI Password */
2581 /* Build display for: UNICODE Password */
2583 UNICODEPassword = pd + offset;
2585 if (UNICODEAccountPasswordLength > 0) {
2589 proto_tree_add_text(tree, NullTVB, offset, UNICODEAccountPasswordLength, "UNICODE Password: %s", format_text(UNICODEPassword, UNICODEAccountPasswordLength));
2593 offset += UNICODEAccountPasswordLength; /* Skip UNICODE Password */
2597 /* Build display for: Account Name */
2599 AccountName = pd + offset;
2603 proto_tree_add_text(tree, NullTVB, offset, strlen(AccountName) + 1, "Account Name: %s", AccountName);
2607 offset += strlen(AccountName) + 1; /* Skip Account Name */
2609 /* Build display for: Primary Domain */
2611 PrimaryDomain = pd + offset;
2615 proto_tree_add_text(tree, NullTVB, offset, strlen(PrimaryDomain) + 1, "Primary Domain: %s", PrimaryDomain);
2619 offset += strlen(PrimaryDomain) + 1; /* Skip Primary Domain */
2621 /* Build display for: Native OS */
2623 NativeOS = pd + offset;
2627 proto_tree_add_text(tree, NullTVB, offset, strlen(NativeOS) + 1, "Native OS: %s", NativeOS);
2631 offset += strlen(NativeOS) + 1; /* Skip Native OS */
2633 /* Build display for: Native LanMan Type */
2635 NativeLanManType = pd + offset;
2639 proto_tree_add_text(tree, NullTVB, offset, strlen(NativeLanManType) + 1, "Native LanMan Type: %s", NativeLanManType);
2643 offset += strlen(NativeLanManType) + 1; /* Skip Native LanMan Type */
2652 if (AndXCommand != 0xFF) {
2654 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
2660 if (dirn == 0) { /* Response(s) dissect code */
2662 /* Build display for: Word Count (WCT) */
2664 WordCount = GBYTE(pd, offset);
2668 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
2672 offset += 1; /* Skip Word Count (WCT) */
2674 if (WordCount > 0) {
2676 /* Build display for: AndXCommand */
2678 AndXCommand = GBYTE(pd, offset);
2682 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
2683 (AndXCommand == 0xFF ? "No futher commands" : decode_smb_name(AndXCommand)));
2687 offset += 1; /* Skip AndXCommand */
2689 /* Build display for: AndXReserved */
2691 AndXReserved = GBYTE(pd, offset);
2695 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
2699 offset += 1; /* Skip AndXReserved */
2701 /* Build display for: AndXOffset */
2703 AndXOffset = GSHORT(pd, offset);
2707 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
2712 offset += 2; /* Skip AndXOffset */
2714 /* Build display for: Action */
2716 Action = GSHORT(pd, offset);
2720 proto_tree_add_text(tree, NullTVB, offset, 2, "Action: %u", Action);
2724 offset += 2; /* Skip Action */
2728 /* Build display for: Byte Count (BCC) */
2730 ByteCount = GSHORT(pd, offset);
2734 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
2738 if (errcode != 0 && WordCount == 0xFF) return; /* No more here ... */
2740 offset += 2; /* Skip Byte Count (BCC) */
2742 if (ByteCount > 0) {
2744 /* Build display for: NativeOS */
2746 NativeOS = pd + offset;
2750 proto_tree_add_text(tree, NullTVB, offset, strlen(NativeOS) + 1, "NativeOS: %s", NativeOS);
2754 offset += strlen(NativeOS) + 1; /* Skip NativeOS */
2756 /* Build display for: NativeLanMan */
2758 NativeLanMan = pd + offset;
2762 proto_tree_add_text(tree, NullTVB, offset, strlen(NativeLanMan) + 1, "NativeLanMan: %s", NativeLanMan);
2766 offset += strlen(NativeLanMan) + 1; /* Skip NativeLanMan */
2768 /* Build display for: PrimaryDomain */
2770 PrimaryDomain = pd + offset;
2774 proto_tree_add_text(tree, NullTVB, offset, strlen(PrimaryDomain) + 1, "PrimaryDomain: %s", PrimaryDomain);
2778 offset += strlen(PrimaryDomain) + 1; /* Skip PrimaryDomain */
2782 if (AndXCommand != 0xFF) {
2784 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
2793 dissect_tcon_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
2796 guint8 wct, andxcmd = 0xFF;
2797 guint16 andxoffs = 0, flags, passwdlen, bcc, optionsup;
2799 proto_tree *flags_tree;
2804 /* Now figure out what format we are talking about, 2, 3, or 4 response
2808 if (!((dirn == 1) && (wct == 4)) && !((dirn == 0) && (wct == 2)) &&
2809 !((dirn == 0) && (wct == 3)) && !(wct == 0)) {
2813 proto_tree_add_text(tree, NullTVB, offset, 1, "Invalid TCON_ANDX format. WCT should be 0, 2, 3, or 4 ..., not %u", wct);
2815 proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Data");
2825 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", wct);
2833 andxcmd = pd[offset];
2837 proto_tree_add_text(tree, NullTVB, offset, 1, "Next Command: %s",
2838 (andxcmd == 0xFF) ? "No further commands":
2839 decode_smb_name(andxcmd));
2841 proto_tree_add_text(tree, NullTVB, offset + 1, 1, "Reserved (MBZ): %u", pd[offset+1]);
2847 andxoffs = GSHORT(pd, offset);
2851 proto_tree_add_text(tree, NullTVB, offset, 2, "Offset to next command: %u", andxoffs);
2863 bcc = GSHORT(pd, offset);
2867 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
2875 flags = GSHORT(pd, offset);
2879 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Additional Flags: 0x%02x", flags);
2880 flags_tree = proto_item_add_subtree(ti, ett_smb_aflags);
2881 proto_tree_add_text(flags_tree, NullTVB, offset, 2, "%s",
2882 decode_boolean_bitfield(flags, 0x01, 16,
2884 "Don't disconnect TID"));
2890 passwdlen = GSHORT(pd, offset);
2894 proto_tree_add_text(tree, NullTVB, offset, 2, "Password Length: %u", passwdlen);
2900 bcc = GSHORT(pd, offset);
2904 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
2914 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Password: %s", format_text(str, passwdlen));
2918 offset += passwdlen;
2924 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Path: %s", str);
2928 offset += strlen(str) + 1;
2934 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Service: %s", str);
2942 bcc = GSHORT(pd, offset);
2946 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
2956 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Service Type: %s",
2961 offset += strlen(str) + 1;
2967 optionsup = GSHORT(pd, offset);
2969 if (tree) { /* Should break out the bits */
2971 proto_tree_add_text(tree, NullTVB, offset, 2, "Optional Support: 0x%04x",
2978 bcc = GSHORT(pd, offset);
2982 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
2992 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Service: %s", str);
2996 offset += strlen(str) + 1;
3002 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Native File System: %s", str);
3006 offset += strlen(str) + 1;
3016 if (andxcmd != 0xFF) /* Process that next command ... ??? */
3018 (dissect[andxcmd])(pd, SMB_offset + andxoffs, fd, parent, tree, si, max_data - offset, SMB_offset, errcode, dirn);
3023 dissect_negprot_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3025 guint8 wct, enckeylen;
3026 guint16 bcc, mode, rawmode, dialect;
3028 proto_tree *dialects = NULL, *mode_tree, *caps_tree, *rawmode_tree;
3034 wct = pd[offset]; /* Should be 0, 1 or 13 or 17, I think */
3036 if (!((wct == 0) && (dirn == 1)) && !((wct == 1) && (dirn == 0)) &&
3037 !((wct == 13) && (dirn == 0)) && !((wct == 17) && (dirn == 0))) {
3040 proto_tree_add_text(tree, NullTVB, offset, 1, "Invalid Negotiate Protocol format. WCT should be zero or 1 or 13 or 17 ..., not %u", wct);
3042 proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Data");
3050 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %d", wct);
3054 if (dirn == 0 && errcode != 0) return; /* No more info ... */
3058 /* Now decode the various formats ... */
3062 case 0: /* A request */
3064 bcc = GSHORT(pd, offset);
3068 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
3076 ti = proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Dialects");
3077 dialects = proto_item_add_subtree(ti, ett_smb_dialects);
3081 while (IS_DATA_IN_FRAME(offset)) {
3086 proto_tree_add_text(dialects, NullTVB, offset, 1, "Dialect Marker: %d", pd[offset]);
3096 proto_tree_add_text(dialects, NullTVB, offset, strlen(str)+1, "Dialect: %s", str);
3100 offset += strlen(str) + 1;
3105 case 1: /* PC NETWORK PROGRAM 1.0 */
3107 dialect = GSHORT(pd, offset);
3109 if (tree) { /* Hmmmm, what if none of the dialects is recognized */
3111 if (dialect == 0xFFFF) { /* Server didn't like them dialects */
3113 proto_tree_add_text(tree, NullTVB, offset, 2, "Supplied dialects not recognized");
3118 proto_tree_add_text(tree, NullTVB, offset, 2, "Dialect Index: %u, PC NETWORK PROTGRAM 1.0", dialect);
3126 bcc = GSHORT(pd, offset);
3130 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
3136 case 13: /* Greater than Core and up to and incl LANMAN2.1 */
3140 proto_tree_add_text(tree, NullTVB, offset, 2, "Dialect Index: %u, Greater than CORE PROTOCOL and up to LANMAN2.1", GSHORT(pd, offset));
3144 /* Much of this is similar to response 17 below */
3148 mode = GSHORT(pd, offset);
3152 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Security Mode: 0x%04x", mode);
3153 mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
3154 proto_tree_add_text(mode_tree, NullTVB, offset, 2, "%s",
3155 decode_boolean_bitfield(mode, 0x0001, 16,
3157 "Security = Share"));
3158 proto_tree_add_text(mode_tree, NullTVB, offset, 2, "%s",
3159 decode_boolean_bitfield(mode, 0x0002, 16,
3160 "Passwords = Encrypted",
3161 "Passwords = Plaintext"));
3169 proto_tree_add_text(tree, NullTVB, offset, 2, "Max buffer size: %u", GSHORT(pd, offset));
3177 proto_tree_add_text(tree, NullTVB, offset, 2, "Max multiplex count: %u", GSHORT(pd, offset));
3185 proto_tree_add_text(tree, NullTVB, offset, 2, "Max vcs: %u", GSHORT(pd, offset));
3191 rawmode = GSHORT(pd, offset);
3195 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Raw Mode: 0x%04x", rawmode);
3196 rawmode_tree = proto_item_add_subtree(ti, ett_smb_rawmode);
3197 proto_tree_add_text(rawmode_tree, NullTVB, offset, 2, "%s",
3198 decode_boolean_bitfield(rawmode, 0x01, 16,
3199 "Read Raw supported",
3200 "Read Raw not supported"));
3201 proto_tree_add_text(rawmode_tree, NullTVB, offset, 2, "%s",
3202 decode_boolean_bitfield(rawmode, 0x02, 16,
3203 "Write Raw supported",
3204 "Write Raw not supported"));
3212 proto_tree_add_text(tree, NullTVB, offset, 4, "Session key: %08x", GWORD(pd, offset));
3218 /* Now the server time, two short parameters ... */
3222 proto_tree_add_text(tree, NullTVB, offset, 2, "Server Time: %s",
3223 dissect_dos_time(GSHORT(pd, offset)));
3224 proto_tree_add_text(tree, NullTVB, offset + 2, 2, "Server Date: %s",
3225 dissect_dos_date(GSHORT(pd, offset + 2)));
3231 /* Server Time Zone, SHORT */
3235 proto_tree_add_text(tree, NullTVB, offset, 2, "Server time zone: %i min from UTC",
3236 (signed)GSSHORT(pd, offset));
3242 /* Challenge Length */
3244 enckeylen = GSHORT(pd, offset);
3248 proto_tree_add_text(tree, NullTVB, offset, 2, "Challenge Length: %u", enckeylen);
3256 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u (MBZ)", GSHORT(pd, offset));
3262 bcc = GSHORT(pd, offset);
3266 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
3272 if (enckeylen) { /* only if non-zero key len */
3278 proto_tree_add_text(tree, NullTVB, offset, enckeylen, "Challenge: %s",
3279 bytes_to_str(str, enckeylen));
3282 offset += enckeylen;
3286 /* Primary Domain ... */
3292 proto_tree_add_text(tree, NullTVB, offset, strlen(str)+1, "Primary Domain: %s", str);
3298 case 17: /* Greater than LANMAN2.1 */
3302 proto_tree_add_text(tree, NullTVB, offset, 2, "Dialect Index: %u, Greater than LANMAN2.1", GSHORT(pd, offset));
3308 mode = GBYTE(pd, offset);
3312 ti = proto_tree_add_text(tree, NullTVB, offset, 1, "Security Mode: 0x%02x", mode);
3313 mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
3314 proto_tree_add_text(mode_tree, NullTVB, offset, 1, "%s",
3315 decode_boolean_bitfield(mode, 0x01, 8,
3317 "Security = Share"));
3318 proto_tree_add_text(mode_tree, NullTVB, offset, 1, "%s",
3319 decode_boolean_bitfield(mode, 0x02, 8,
3320 "Passwords = Encrypted",
3321 "Passwords = Plaintext"));
3322 proto_tree_add_text(mode_tree, NullTVB, offset, 1, "%s",
3323 decode_boolean_bitfield(mode, 0x04, 8,
3324 "Security signatures enabled",
3325 "Security signatures not enabled"));
3326 proto_tree_add_text(mode_tree, NullTVB, offset, 1, "%s",
3327 decode_boolean_bitfield(mode, 0x08, 8,
3328 "Security signatures required",
3329 "Security signatures not required"));
3337 proto_tree_add_text(tree, NullTVB, offset, 2, "Max multiplex count: %u", GSHORT(pd, offset));
3345 proto_tree_add_text(tree, NullTVB, offset, 2, "Max vcs: %u", GSHORT(pd, offset));
3353 proto_tree_add_text(tree, NullTVB, offset, 2, "Max buffer size: %u", GWORD(pd, offset));
3361 proto_tree_add_text(tree, NullTVB, offset, 4, "Max raw size: %u", GWORD(pd, offset));
3369 proto_tree_add_text(tree, NullTVB, offset, 4, "Session key: %08x", GWORD(pd, offset));
3375 caps = GWORD(pd, offset);
3379 ti = proto_tree_add_text(tree, NullTVB, offset, 4, "Capabilities: 0x%04x", caps);
3380 caps_tree = proto_item_add_subtree(ti, ett_smb_capabilities);
3381 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3382 decode_boolean_bitfield(caps, 0x0001, 32,
3383 "Raw Mode supported",
3384 "Raw Mode not supported"));
3385 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3386 decode_boolean_bitfield(caps, 0x0002, 32,
3387 "MPX Mode supported",
3388 "MPX Mode not supported"));
3389 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3390 decode_boolean_bitfield(caps, 0x0004, 32,
3391 "Unicode supported",
3392 "Unicode not supported"));
3393 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3394 decode_boolean_bitfield(caps, 0x0008, 32,
3395 "Large files supported",
3396 "Large files not supported"));
3397 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3398 decode_boolean_bitfield(caps, 0x0010, 32,
3399 "NT LM 0.12 SMBs supported",
3400 "NT LM 0.12 SMBs not supported"));
3401 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3402 decode_boolean_bitfield(caps, 0x0020, 32,
3403 "RPC remote APIs supported",
3404 "RPC remote APIs not supported"));
3405 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3406 decode_boolean_bitfield(caps, 0x0040, 32,
3407 "NT status codes supported",
3408 "NT status codes not supported"));
3409 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3410 decode_boolean_bitfield(caps, 0x0080, 32,
3411 "Level 2 OpLocks supported",
3412 "Level 2 OpLocks not supported"));
3413 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3414 decode_boolean_bitfield(caps, 0x0100, 32,
3415 "Lock&Read supported",
3416 "Lock&Read not supported"));
3417 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3418 decode_boolean_bitfield(caps, 0x0200, 32,
3419 "NT Find supported",
3420 "NT Find not supported"));
3421 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3422 decode_boolean_bitfield(caps, 0x1000, 32,
3424 "DFS not supported"));
3425 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3426 decode_boolean_bitfield(caps, 0x4000, 32,
3427 "Large READX supported",
3428 "Large READX not supported"));
3429 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3430 decode_boolean_bitfield(caps, 0x8000, 32,
3431 "Large WRITEX supported",
3432 "Large WRITEX not supported"));
3433 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3434 decode_boolean_bitfield(caps, 0x80000000, 32,
3435 "Extended security exchanges supported",
3436 "Extended security exchanges not supported"));
3441 /* Server time, 2 WORDS */
3445 proto_tree_add_text(tree, NullTVB, offset, 4, "System Time Low: 0x%08x", GWORD(pd, offset));
3446 proto_tree_add_text(tree, NullTVB, offset + 4, 4, "System Time High: 0x%08x", GWORD(pd, offset + 4));
3452 /* Server Time Zone, SHORT */
3456 proto_tree_add_text(tree, NullTVB, offset, 2, "Server time zone: %i min from UTC",
3457 (signed)GSSHORT(pd, offset));
3463 /* Encryption key len */
3465 enckeylen = pd[offset];
3469 proto_tree_add_text(tree, NullTVB, offset, 1, "Encryption key len: %u", enckeylen);
3475 bcc = GSHORT(pd, offset);
3479 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte count (BCC): %u", bcc);
3485 if (enckeylen) { /* only if non-zero key len */
3487 /* Encryption challenge key */
3493 proto_tree_add_text(tree, NullTVB, offset, enckeylen, "Challenge encryption key: %s",
3494 bytes_to_str(str, enckeylen));
3498 offset += enckeylen;
3502 /* The domain, a null terminated string; Unicode if "caps" has
3503 the 0x0004 bit set, ASCII (OEM character set) otherwise.
3504 XXX - for now, we just handle the ISO 8859-1 subset of Unicode. */
3510 if (caps & 0x0004) {
3511 ustr = unicode_to_str(str, &ustr_len);
3512 proto_tree_add_text(tree, NullTVB, offset, ustr_len+2, "OEM domain name: %s", ustr);
3514 proto_tree_add_text(tree, NullTVB, offset, strlen(str)+1, "OEM domain name: %s", str);
3521 default: /* Baddd */
3524 proto_tree_add_text(tree, NullTVB, offset, 1, "Bad format, should never get here");
3532 dissect_deletedir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3536 guint8 BufferFormat;
3538 const char *DirectoryName;
3540 if (dirn == 1) { /* Request(s) dissect code */
3542 /* Build display for: Word Count (WCT) */
3544 WordCount = GBYTE(pd, offset);
3548 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3552 offset += 1; /* Skip Word Count (WCT) */
3554 /* Build display for: Byte Count (BCC) */
3556 ByteCount = GSHORT(pd, offset);
3560 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3564 offset += 2; /* Skip Byte Count (BCC) */
3566 /* Build display for: Buffer Format */
3568 BufferFormat = GBYTE(pd, offset);
3572 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
3576 offset += 1; /* Skip Buffer Format */
3578 /* Build display for: Directory Name */
3580 DirectoryName = pd + offset;
3584 proto_tree_add_text(tree, NullTVB, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3588 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3592 if (dirn == 0) { /* Response(s) dissect code */
3594 /* Build display for: Word Count (WCT) */
3596 WordCount = GBYTE(pd, offset);
3600 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3604 offset += 1; /* Skip Word Count (WCT) */
3606 /* Build display for: Byte Count (BCC) */
3608 ByteCount = GSHORT(pd, offset);
3612 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3616 offset += 2; /* Skip Byte Count (BCC) */
3623 dissect_createdir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3627 guint8 BufferFormat;
3629 const char *DirectoryName;
3631 if (dirn == 1) { /* Request(s) dissect code */
3633 /* Build display for: Word Count (WCT) */
3635 WordCount = GBYTE(pd, offset);
3639 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3643 offset += 1; /* Skip Word Count (WCT) */
3645 /* Build display for: Byte Count (BCC) */
3647 ByteCount = GSHORT(pd, offset);
3651 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3655 offset += 2; /* Skip Byte Count (BCC) */
3657 /* Build display for: Buffer Format */
3659 BufferFormat = GBYTE(pd, offset);
3663 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
3667 offset += 1; /* Skip Buffer Format */
3669 /* Build display for: Directory Name */
3671 DirectoryName = pd + offset;
3675 proto_tree_add_text(tree, NullTVB, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3679 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3683 if (dirn == 0) { /* Response(s) dissect code */
3685 /* Build display for: Word Count (WCT) */
3687 WordCount = GBYTE(pd, offset);
3691 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3695 offset += 1; /* Skip Word Count (WCT) */
3697 /* Build display for: Byte Count (BCC) */
3699 ByteCount = GSHORT(pd, offset);
3703 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3707 offset += 2; /* Skip Byte Count (BCC) */
3715 dissect_checkdir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3719 guint8 BufferFormat;
3721 const char *DirectoryName;
3723 if (dirn == 1) { /* Request(s) dissect code */
3725 /* Build display for: Word Count (WCT) */
3727 WordCount = GBYTE(pd, offset);
3731 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3735 offset += 1; /* Skip Word Count (WCT) */
3737 /* Build display for: Byte Count (BCC) */
3739 ByteCount = GSHORT(pd, offset);
3743 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3747 offset += 2; /* Skip Byte Count (BCC) */
3749 /* Build display for: Buffer Format */
3751 BufferFormat = GBYTE(pd, offset);
3755 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
3759 offset += 1; /* Skip Buffer Format */
3761 /* Build display for: Directory Name */
3763 DirectoryName = pd + offset;
3767 proto_tree_add_text(tree, NullTVB, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3771 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3775 if (dirn == 0) { /* Response(s) dissect code */
3777 /* Build display for: Word Count (WCT) */
3779 WordCount = GBYTE(pd, offset);
3783 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3787 offset += 1; /* Skip Word Count (WCT) */
3789 /* Build display for: Byte Count (BCC) */
3791 ByteCount = GSHORT(pd, offset);
3795 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3799 offset += 2; /* Skip Byte Count (BCC) */
3806 dissect_open_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3809 static const value_string OpenFunction_0x10[] = {
3810 { 0, "Fail if file does not exist"},
3811 { 16, "Create file if it does not exist"},
3814 static const value_string OpenFunction_0x03[] = {
3815 { 0, "Fail if file exists"},
3816 { 1, "Open file if it exists"},
3817 { 2, "Truncate File if it exists"},
3820 static const value_string FileType_0xFFFF[] = {
3821 { 0, "Disk file or directory"},
3822 { 1, "Named pipe in byte mode"},
3823 { 2, "Named pipe in message mode"},
3824 { 3, "Spooled printer"},
3827 static const value_string DesiredAccess_0x70[] = {
3828 { 00, "Compatibility mode"},
3829 { 16, "Deny read/write/execute (exclusive)"},
3830 { 32, "Deny write"},
3831 { 48, "Deny read/execute"},
3835 static const value_string DesiredAccess_0x700[] = {
3836 { 0, "Locality of reference unknown"},
3837 { 256, "Mainly sequential access"},
3838 { 512, "Mainly random access"},
3839 { 768, "Random access with some locality"},
3842 static const value_string DesiredAccess_0x4000[] = {
3843 { 0, "Write through mode disabled"},
3844 { 16384, "Write through mode enabled"},
3847 static const value_string DesiredAccess_0x1000[] = {
3848 { 0, "Normal file (caching permitted)"},
3849 { 4096, "Do not cache this file"},
3852 static const value_string DesiredAccess_0x07[] = {
3853 { 0, "Open for reading"},
3854 { 1, "Open for writing"},
3855 { 2, "Open for reading and writing"},
3856 { 3, "Open for execute"},
3859 static const value_string Action_0x8000[] = {
3860 { 0, "File opened by another user (or mode not supported by server)"},
3861 { 32768, "File is opened only by this user at present"},
3864 static const value_string Action_0x0003[] = {
3865 { 0, "No action taken?"},
3866 { 1, "The file existed and was opened"},
3867 { 2, "The file did not exist but was created"},
3868 { 3, "The file existed and was truncated"},
3871 proto_tree *Search_tree;
3872 proto_tree *OpenFunction_tree;
3873 proto_tree *Flags_tree;
3874 proto_tree *File_tree;
3875 proto_tree *FileType_tree;
3876 proto_tree *FileAttributes_tree;
3877 proto_tree *DesiredAccess_tree;
3878 proto_tree *Action_tree;
3881 guint8 AndXReserved;
3882 guint8 AndXCommand = 0xFF;
3887 guint32 AllocatedSize;
3890 guint16 OpenFunction;
3891 guint16 LastWriteTime;
3892 guint16 LastWriteDate;
3893 guint16 GrantedAccess;
3896 guint16 FileAttributes;
3899 guint16 DeviceState;
3900 guint16 DesiredAccess;
3901 guint16 CreationTime;
3902 guint16 CreationDate;
3904 guint16 AndXOffset = 0;
3906 const char *FileName;
3908 if (dirn == 1) { /* Request(s) dissect code */
3910 /* Build display for: Word Count (WCT) */
3912 WordCount = GBYTE(pd, offset);
3916 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3920 offset += 1; /* Skip Word Count (WCT) */
3922 /* Build display for: AndXCommand */
3924 AndXCommand = GBYTE(pd, offset);
3928 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
3929 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
3933 offset += 1; /* Skip AndXCommand */
3935 /* Build display for: AndXReserved */
3937 AndXReserved = GBYTE(pd, offset);
3941 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
3945 offset += 1; /* Skip AndXReserved */
3947 /* Build display for: AndXOffset */
3949 AndXOffset = GSHORT(pd, offset);
3953 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
3957 offset += 2; /* Skip AndXOffset */
3959 /* Build display for: Flags */
3961 Flags = GSHORT(pd, offset);
3965 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Flags: 0x%02x", Flags);
3966 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
3967 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
3968 decode_boolean_bitfield(Flags, 0x01, 16, "Dont Return Additional Info", "Return Additional Info"));
3969 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
3970 decode_boolean_bitfield(Flags, 0x02, 16, "Exclusive OpLock not Requested", "Exclusive OpLock Requested"));
3971 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
3972 decode_boolean_bitfield(Flags, 0x04, 16, "Batch OpLock not Requested", "Batch OpLock Requested"));
3976 offset += 2; /* Skip Flags */
3978 /* Build display for: Desired Access */
3980 DesiredAccess = GSHORT(pd, offset);
3984 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Desired Access: 0x%02x", DesiredAccess);
3985 DesiredAccess_tree = proto_item_add_subtree(ti, ett_smb_desiredaccess);
3986 proto_tree_add_text(DesiredAccess_tree, NullTVB, offset, 2, "%s",
3987 decode_enumerated_bitfield(DesiredAccess, 0x07, 16, DesiredAccess_0x07, "%s"));
3988 proto_tree_add_text(DesiredAccess_tree, NullTVB, offset, 2, "%s",
3989 decode_enumerated_bitfield(DesiredAccess, 0x70, 16, DesiredAccess_0x70, "%s"));
3990 proto_tree_add_text(DesiredAccess_tree, NullTVB, offset, 2, "%s",
3991 decode_enumerated_bitfield(DesiredAccess, 0x700, 16, DesiredAccess_0x700, "%s"));
3992 proto_tree_add_text(DesiredAccess_tree, NullTVB, offset, 2, "%s",
3993 decode_enumerated_bitfield(DesiredAccess, 0x1000, 16, DesiredAccess_0x1000, "%s"));
3994 proto_tree_add_text(DesiredAccess_tree, NullTVB, offset, 2, "%s",
3995 decode_enumerated_bitfield(DesiredAccess, 0x4000, 16, DesiredAccess_0x4000, "%s"));
3999 offset += 2; /* Skip Desired Access */
4001 /* Build display for: Search */
4003 Search = GSHORT(pd, offset);
4007 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Search: 0x%02x", Search);
4008 Search_tree = proto_item_add_subtree(ti, ett_smb_search);
4009 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
4010 decode_boolean_bitfield(Search, 0x01, 16, "Read only file", "Not a read only file"));
4011 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
4012 decode_boolean_bitfield(Search, 0x02, 16, "Hidden file", "Not a hidden file"));
4013 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
4014 decode_boolean_bitfield(Search, 0x04, 16, "System file", "Not a system file"));
4015 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
4016 decode_boolean_bitfield(Search, 0x08, 16, " Volume", "Not a volume"));
4017 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
4018 decode_boolean_bitfield(Search, 0x10, 16, " Directory", "Not a directory"));
4019 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
4020 decode_boolean_bitfield(Search, 0x20, 16, "Archive file", "Do not archive file"));
4024 offset += 2; /* Skip Search */
4026 /* Build display for: File */
4028 File = GSHORT(pd, offset);
4032 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "File: 0x%02x", File);
4033 File_tree = proto_item_add_subtree(ti, ett_smb_file);
4034 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
4035 decode_boolean_bitfield(File, 0x01, 16, "Read only file", "Not a read only file"));
4036 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
4037 decode_boolean_bitfield(File, 0x02, 16, "Hidden file", "Not a hidden file"));
4038 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
4039 decode_boolean_bitfield(File, 0x04, 16, "System file", "Not a system file"));
4040 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
4041 decode_boolean_bitfield(File, 0x08, 16, " Volume", "Not a volume"));
4042 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
4043 decode_boolean_bitfield(File, 0x10, 16, " Directory", "Not a directory"));
4044 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
4045 decode_boolean_bitfield(File, 0x20, 16, "Archive file", "Do not archive file"));
4049 offset += 2; /* Skip File */
4051 /* Build display for: Creation Time */
4053 CreationTime = GSHORT(pd, offset);
4060 offset += 2; /* Skip Creation Time */
4062 /* Build display for: Creation Date */
4064 CreationDate = GSHORT(pd, offset);
4068 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Date: %s", dissect_smbu_date(CreationDate, CreationTime));
4069 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Time: %s", dissect_smbu_time(CreationDate, CreationTime));
4073 offset += 2; /* Skip Creation Date */
4075 /* Build display for: Open Function */
4077 OpenFunction = GSHORT(pd, offset);
4081 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Open Function: 0x%02x", OpenFunction);
4082 OpenFunction_tree = proto_item_add_subtree(ti, ett_smb_openfunction);
4083 proto_tree_add_text(OpenFunction_tree, NullTVB, offset, 2, "%s",
4084 decode_enumerated_bitfield(OpenFunction, 0x10, 16, OpenFunction_0x10, "%s"));
4085 proto_tree_add_text(OpenFunction_tree, NullTVB, offset, 2, "%s",
4086 decode_enumerated_bitfield(OpenFunction, 0x03, 16, OpenFunction_0x03, "%s"));
4090 offset += 2; /* Skip Open Function */
4092 /* Build display for: Allocated Size */
4094 AllocatedSize = GWORD(pd, offset);
4098 proto_tree_add_text(tree, NullTVB, offset, 4, "Allocated Size: %u", AllocatedSize);
4102 offset += 4; /* Skip Allocated Size */
4104 /* Build display for: Reserved1 */
4106 Reserved1 = GWORD(pd, offset);
4110 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved1: %u", Reserved1);
4114 offset += 4; /* Skip Reserved1 */
4116 /* Build display for: Reserved2 */
4118 Reserved2 = GWORD(pd, offset);
4122 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved2: %u", Reserved2);
4126 offset += 4; /* Skip Reserved2 */
4128 /* Build display for: Byte Count */
4130 ByteCount = GSHORT(pd, offset);
4134 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
4138 offset += 2; /* Skip Byte Count */
4140 /* Build display for: File Name */
4142 FileName = pd + offset;
4146 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
4150 offset += strlen(FileName) + 1; /* Skip File Name */
4153 if (AndXCommand != 0xFF) {
4155 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
4161 if (dirn == 0) { /* Response(s) dissect code */
4163 /* Build display for: Word Count (WCT) */
4165 WordCount = GBYTE(pd, offset);
4169 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4173 offset += 1; /* Skip Word Count (WCT) */
4175 if (WordCount > 0) {
4177 /* Build display for: AndXCommand */
4179 AndXCommand = GBYTE(pd, offset);
4183 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
4184 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
4188 offset += 1; /* Skip AndXCommand */
4190 /* Build display for: AndXReserved */
4192 AndXReserved = GBYTE(pd, offset);
4196 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
4200 offset += 1; /* Skip AndXReserved */
4202 /* Build display for: AndXOffset */
4204 AndXOffset = GSHORT(pd, offset);
4208 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
4212 offset += 2; /* Skip AndXOffset */
4214 /* Build display for: FID */
4216 FID = GSHORT(pd, offset);
4220 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
4224 offset += 2; /* Skip FID */
4226 /* Build display for: FileAttributes */
4228 FileAttributes = GSHORT(pd, offset);
4232 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "FileAttributes: 0x%02x", FileAttributes);
4233 FileAttributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
4234 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
4235 decode_boolean_bitfield(FileAttributes, 0x01, 16, "Read only file", "Not a read only file"));
4236 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
4237 decode_boolean_bitfield(FileAttributes, 0x02, 16, "Hidden file", "Not a hidden file"));
4238 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
4239 decode_boolean_bitfield(FileAttributes, 0x04, 16, "System file", "Not a system file"));
4240 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
4241 decode_boolean_bitfield(FileAttributes, 0x08, 16, " Volume", "Not a volume"));
4242 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
4243 decode_boolean_bitfield(FileAttributes, 0x10, 16, " Directory", "Not a directory"));
4244 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
4245 decode_boolean_bitfield(FileAttributes, 0x20, 16, "Archive file", "Do not archive file"));
4249 offset += 2; /* Skip FileAttributes */
4251 /* Build display for: Last Write Time */
4253 LastWriteTime = GSHORT(pd, offset);
4259 offset += 2; /* Skip Last Write Time */
4261 /* Build display for: Last Write Date */
4263 LastWriteDate = GSHORT(pd, offset);
4267 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_smbu_date(LastWriteDate, LastWriteTime));
4268 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_smbu_time(LastWriteDate, LastWriteTime));
4273 offset += 2; /* Skip Last Write Date */
4275 /* Build display for: Data Size */
4277 DataSize = GWORD(pd, offset);
4281 proto_tree_add_text(tree, NullTVB, offset, 4, "Data Size: %u", DataSize);
4285 offset += 4; /* Skip Data Size */
4287 /* Build display for: Granted Access */
4289 GrantedAccess = GSHORT(pd, offset);
4293 proto_tree_add_text(tree, NullTVB, offset, 2, "Granted Access: %u", GrantedAccess);
4297 offset += 2; /* Skip Granted Access */
4299 /* Build display for: File Type */
4301 FileType = GSHORT(pd, offset);
4305 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "File Type: 0x%02x", FileType);
4306 FileType_tree = proto_item_add_subtree(ti, ett_smb_filetype);
4307 proto_tree_add_text(FileType_tree, NullTVB, offset, 2, "%s",
4308 decode_enumerated_bitfield(FileType, 0xFFFF, 16, FileType_0xFFFF, "%s"));
4312 offset += 2; /* Skip File Type */
4314 /* Build display for: Device State */
4316 DeviceState = GSHORT(pd, offset);
4320 proto_tree_add_text(tree, NullTVB, offset, 2, "Device State: %u", DeviceState);
4324 offset += 2; /* Skip Device State */
4326 /* Build display for: Action */
4328 Action = GSHORT(pd, offset);
4332 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Action: 0x%02x", Action);
4333 Action_tree = proto_item_add_subtree(ti, ett_smb_action);
4334 proto_tree_add_text(Action_tree, NullTVB, offset, 2, "%s",
4335 decode_enumerated_bitfield(Action, 0x8000, 16, Action_0x8000, "%s"));
4336 proto_tree_add_text(Action_tree, NullTVB, offset, 2, "%s",
4337 decode_enumerated_bitfield(Action, 0x0003, 16, Action_0x0003, "%s"));
4341 offset += 2; /* Skip Action */
4343 /* Build display for: Server FID */
4345 ServerFID = GWORD(pd, offset);
4349 proto_tree_add_text(tree, NullTVB, offset, 4, "Server FID: %u", ServerFID);
4353 offset += 4; /* Skip Server FID */
4355 /* Build display for: Reserved */
4357 Reserved = GSHORT(pd, offset);
4361 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
4365 offset += 2; /* Skip Reserved */
4369 /* Build display for: Byte Count */
4371 ByteCount = GSHORT(pd, offset);
4375 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
4379 offset += 2; /* Skip Byte Count */
4382 if (AndXCommand != 0xFF) {
4384 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
4393 dissect_write_raw_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4396 proto_tree *WriteMode_tree;
4412 if (dirn == 1) { /* Request(s) dissect code */
4414 WordCount = GBYTE(pd, offset);
4416 switch (WordCount) {
4420 /* Build display for: Word Count (WCT) */
4422 WordCount = GBYTE(pd, offset);
4426 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4430 offset += 1; /* Skip Word Count (WCT) */
4432 /* Build display for: FID */
4434 FID = GSHORT(pd, offset);
4438 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
4442 offset += 2; /* Skip FID */
4444 /* Build display for: Count */
4446 Count = GSHORT(pd, offset);
4450 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
4454 offset += 2; /* Skip Count */
4456 /* Build display for: Reserved 1 */
4458 Reserved1 = GSHORT(pd, offset);
4462 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
4466 offset += 2; /* Skip Reserved 1 */
4468 /* Build display for: Offset */
4470 Offset = GWORD(pd, offset);
4474 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
4478 offset += 4; /* Skip Offset */
4480 /* Build display for: Timeout */
4482 Timeout = GWORD(pd, offset);
4486 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
4490 offset += 4; /* Skip Timeout */
4492 /* Build display for: WriteMode */
4494 WriteMode = GSHORT(pd, offset);
4498 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "WriteMode: 0x%02x", WriteMode);
4499 WriteMode_tree = proto_item_add_subtree(ti, ett_smb_writemode);
4500 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
4501 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
4502 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
4503 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining (pipe/dev)", "Dont return Remaining (pipe/dev)"));
4507 offset += 2; /* Skip WriteMode */
4509 /* Build display for: Reserved 2 */
4511 Reserved2 = GWORD(pd, offset);
4515 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved 2: %u", Reserved2);
4519 offset += 4; /* Skip Reserved 2 */
4521 /* Build display for: Data Length */
4523 DataLength = GSHORT(pd, offset);
4527 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
4531 offset += 2; /* Skip Data Length */
4533 /* Build display for: Data Offset */
4535 DataOffset = GSHORT(pd, offset);
4539 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
4543 offset += 2; /* Skip Data Offset */
4545 /* Build display for: Byte Count (BCC) */
4547 ByteCount = GSHORT(pd, offset);
4551 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
4555 offset += 2; /* Skip Byte Count (BCC) */
4557 /* Build display for: Pad */
4559 Pad = GBYTE(pd, offset);
4563 proto_tree_add_text(tree, NullTVB, offset, 1, "Pad: %u", Pad);
4567 offset += 1; /* Skip Pad */
4573 /* Build display for: Word Count (WCT) */
4575 WordCount = GBYTE(pd, offset);
4579 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4583 offset += 1; /* Skip Word Count (WCT) */
4585 /* Build display for: FID */
4587 FID = GSHORT(pd, offset);
4591 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
4595 offset += 2; /* Skip FID */
4597 /* Build display for: Count */
4599 Count = GSHORT(pd, offset);
4603 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
4607 offset += 2; /* Skip Count */
4609 /* Build display for: Reserved 1 */
4611 Reserved1 = GSHORT(pd, offset);
4615 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
4619 offset += 2; /* Skip Reserved 1 */
4621 /* Build display for: Timeout */
4623 Timeout = GWORD(pd, offset);
4627 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
4631 offset += 4; /* Skip Timeout */
4633 /* Build display for: WriteMode */
4635 WriteMode = GSHORT(pd, offset);
4639 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "WriteMode: 0x%02x", WriteMode);
4640 WriteMode_tree = proto_item_add_subtree(ti, ett_smb_writemode);
4641 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
4642 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
4643 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
4644 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining (pipe/dev)", "Dont return Remaining (pipe/dev)"));
4648 offset += 2; /* Skip WriteMode */
4650 /* Build display for: Reserved 2 */
4652 Reserved2 = GWORD(pd, offset);
4656 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved 2: %u", Reserved2);
4660 offset += 4; /* Skip Reserved 2 */
4662 /* Build display for: Data Length */
4664 DataLength = GSHORT(pd, offset);
4668 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
4672 offset += 2; /* Skip Data Length */
4674 /* Build display for: Data Offset */
4676 DataOffset = GSHORT(pd, offset);
4680 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
4684 offset += 2; /* Skip Data Offset */
4686 /* Build display for: Byte Count (BCC) */
4688 ByteCount = GSHORT(pd, offset);
4692 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
4696 offset += 2; /* Skip Byte Count (BCC) */
4698 /* Build display for: Pad */
4700 Pad = GBYTE(pd, offset);
4704 proto_tree_add_text(tree, NullTVB, offset, 1, "Pad: %u", Pad);
4708 offset += 1; /* Skip Pad */
4716 if (dirn == 0) { /* Response(s) dissect code */
4718 /* Build display for: Word Count (WCT) */
4720 WordCount = GBYTE(pd, offset);
4724 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4728 offset += 1; /* Skip Word Count (WCT) */
4730 if (WordCount > 0) {
4732 /* Build display for: Remaining */
4734 Remaining = GSHORT(pd, offset);
4738 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
4742 offset += 2; /* Skip Remaining */
4746 /* Build display for: Byte Count */
4748 ByteCount = GSHORT(pd, offset);
4752 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
4756 offset += 2; /* Skip Byte Count */
4763 dissect_tdis_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4769 if (dirn == 1) { /* Request(s) dissect code */
4771 /* Build display for: Word Count (WCT) */
4773 WordCount = GBYTE(pd, offset);
4777 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4781 offset += 1; /* Skip Word Count (WCT) */
4783 /* Build display for: Byte Count (BCC) */
4785 ByteCount = GSHORT(pd, offset);
4789 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
4793 offset += 2; /* Skip Byte Count (BCC) */
4797 if (dirn == 0) { /* Response(s) dissect code */
4799 /* Build display for: Word Count (WCT) */
4801 WordCount = GBYTE(pd, offset);
4805 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4809 offset += 1; /* Skip Word Count (WCT) */
4811 /* Build display for: Byte Count (BCC) */
4813 ByteCount = GSHORT(pd, offset);
4817 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
4821 offset += 2; /* Skip Byte Count (BCC) */
4828 dissect_move_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4831 static const value_string Flags_0x03[] = {
4832 { 0, "Target must be a file"},
4833 { 1, "Target must be a directory"},
4836 { 4, "Verify all writes"},
4839 proto_tree *Flags_tree;
4842 guint8 ErrorFileFormat;
4844 guint16 OpenFunction;
4848 const char *ErrorFileName;
4850 if (dirn == 1) { /* Request(s) dissect code */
4852 /* Build display for: Word Count (WCT) */
4854 WordCount = GBYTE(pd, offset);
4858 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4862 offset += 1; /* Skip Word Count (WCT) */
4864 /* Build display for: TID2 */
4866 TID2 = GSHORT(pd, offset);
4870 proto_tree_add_text(tree, NullTVB, offset, 2, "TID2: %u", TID2);
4874 offset += 2; /* Skip TID2 */
4876 /* Build display for: Open Function */
4878 OpenFunction = GSHORT(pd, offset);
4882 proto_tree_add_text(tree, NullTVB, offset, 2, "Open Function: %u", OpenFunction);
4886 offset += 2; /* Skip Open Function */
4888 /* Build display for: Flags */
4890 Flags = GSHORT(pd, offset);
4894 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Flags: 0x%02x", Flags);
4895 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
4896 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
4897 decode_enumerated_bitfield(Flags, 0x03, 16, Flags_0x03, "%s"));
4901 offset += 2; /* Skip Flags */
4905 if (dirn == 0) { /* Response(s) dissect code */
4907 /* Build display for: Word Count (WCT) */
4909 WordCount = GBYTE(pd, offset);
4913 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4917 offset += 1; /* Skip Word Count (WCT) */
4919 if (WordCount > 0) {
4921 /* Build display for: Count */
4923 Count = GSHORT(pd, offset);
4927 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
4931 offset += 2; /* Skip Count */
4935 /* Build display for: Byte Count */
4937 ByteCount = GSHORT(pd, offset);
4941 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
4945 offset += 2; /* Skip Byte Count */
4947 /* Build display for: Error File Format */
4949 ErrorFileFormat = GBYTE(pd, offset);
4953 proto_tree_add_text(tree, NullTVB, offset, 1, "Error File Format: %u", ErrorFileFormat);
4957 offset += 1; /* Skip Error File Format */
4959 /* Build display for: Error File Name */
4961 ErrorFileName = pd + offset;
4965 proto_tree_add_text(tree, NullTVB, offset, strlen(ErrorFileName) + 1, "Error File Name: %s", ErrorFileName);
4969 offset += strlen(ErrorFileName) + 1; /* Skip Error File Name */
4976 dissect_rename_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4980 guint8 BufferFormat2;
4981 guint8 BufferFormat1;
4982 guint16 SearchAttributes;
4984 const char *OldFileName;
4985 const char *NewFileName;
4987 if (dirn == 1) { /* Request(s) dissect code */
4989 /* Build display for: Word Count (WCT) */
4991 WordCount = GBYTE(pd, offset);
4995 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4999 offset += 1; /* Skip Word Count (WCT) */
5001 /* Build display for: Search Attributes */
5003 SearchAttributes = GSHORT(pd, offset);
5007 proto_tree_add_text(tree, NullTVB, offset, 2, "Search Attributes: %u", SearchAttributes);
5011 offset += 2; /* Skip Search Attributes */
5013 /* Build display for: Byte Count */
5015 ByteCount = GSHORT(pd, offset);
5019 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
5023 offset += 2; /* Skip Byte Count */
5025 /* Build display for: Buffer Format 1 */
5027 BufferFormat1 = GBYTE(pd, offset);
5031 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format 1: %u", BufferFormat1);
5035 offset += 1; /* Skip Buffer Format 1 */
5037 /* Build display for: Old File Name */
5039 OldFileName = pd + offset;
5043 proto_tree_add_text(tree, NullTVB, offset, strlen(OldFileName) + 1, "Old File Name: %s", OldFileName);
5047 offset += strlen(OldFileName) + 1; /* Skip Old File Name */
5049 /* Build display for: Buffer Format 2 */
5051 BufferFormat2 = GBYTE(pd, offset);
5055 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format 2: %u", BufferFormat2);
5059 offset += 1; /* Skip Buffer Format 2 */
5061 /* Build display for: New File Name */
5063 NewFileName = pd + offset;
5067 proto_tree_add_text(tree, NullTVB, offset, strlen(NewFileName) + 1, "New File Name: %s", NewFileName);
5071 offset += strlen(NewFileName) + 1; /* Skip New File Name */
5075 if (dirn == 0) { /* Response(s) dissect code */
5077 /* Build display for: Word Count (WCT) */
5079 WordCount = GBYTE(pd, offset);
5083 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5087 offset += 1; /* Skip Word Count (WCT) */
5089 /* Build display for: Byte Count (BCC) */
5091 ByteCount = GSHORT(pd, offset);
5095 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5099 offset += 2; /* Skip Byte Count (BCC) */
5106 dissect_open_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5109 static const value_string Mode_0x03[] = {
5110 { 0, "Text mode (DOS expands TABs)"},
5111 { 1, "Graphics mode"},
5114 proto_tree *Mode_tree;
5117 guint8 BufferFormat;
5118 guint16 SetupLength;
5122 const char *IdentifierString;
5124 if (dirn == 1) { /* Request(s) dissect code */
5126 /* Build display for: Word Count (WCT) */
5128 WordCount = GBYTE(pd, offset);
5132 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5136 offset += 1; /* Skip Word Count (WCT) */
5138 /* Build display for: Setup Length */
5140 SetupLength = GSHORT(pd, offset);
5144 proto_tree_add_text(tree, NullTVB, offset, 2, "Setup Length: %u", SetupLength);
5148 offset += 2; /* Skip Setup Length */
5150 /* Build display for: Mode */
5152 Mode = GSHORT(pd, offset);
5156 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Mode: 0x%02x", Mode);
5157 Mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
5158 proto_tree_add_text(Mode_tree, NullTVB, offset, 2, "%s",
5159 decode_enumerated_bitfield(Mode, 0x03, 16, Mode_0x03, "%s"));
5163 offset += 2; /* Skip Mode */
5165 /* Build display for: Byte Count (BCC) */
5167 ByteCount = GSHORT(pd, offset);
5171 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5175 offset += 2; /* Skip Byte Count (BCC) */
5177 /* Build display for: Buffer Format */
5179 BufferFormat = GBYTE(pd, offset);
5183 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
5187 offset += 1; /* Skip Buffer Format */
5189 /* Build display for: Identifier String */
5191 IdentifierString = pd + offset;
5195 proto_tree_add_text(tree, NullTVB, offset, strlen(IdentifierString) + 1, "Identifier String: %s", IdentifierString);
5199 offset += strlen(IdentifierString) + 1; /* Skip Identifier String */
5203 if (dirn == 0) { /* Response(s) dissect code */
5205 /* Build display for: Word Count (WCT) */
5207 WordCount = GBYTE(pd, offset);
5211 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5215 offset += 1; /* Skip Word Count (WCT) */
5217 /* Build display for: FID */
5219 FID = GSHORT(pd, offset);
5223 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
5227 offset += 2; /* Skip FID */
5229 /* Build display for: Byte Count (BCC) */
5231 ByteCount = GSHORT(pd, offset);
5235 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5239 offset += 2; /* Skip Byte Count (BCC) */
5246 dissect_close_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5253 if (dirn == 1) { /* Request(s) dissect code */
5255 /* Build display for: Word Count (WCT) */
5257 WordCount = GBYTE(pd, offset);
5261 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5265 offset += 1; /* Skip Word Count (WCT) */
5267 /* Build display for: FID */
5269 FID = GSHORT(pd, offset);
5273 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
5277 offset += 2; /* Skip FID */
5279 /* Build display for: Byte Count (BCC) */
5281 ByteCount = GSHORT(pd, offset);
5285 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5289 offset += 2; /* Skip Byte Count (BCC) */
5293 if (dirn == 0) { /* Response(s) dissect code */
5295 /* Build display for: Word Count */
5297 WordCount = GBYTE(pd, offset);
5301 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count: %u", WordCount);
5305 offset += 1; /* Skip Word Count */
5307 /* Build display for: Byte Count (BCC) */
5309 ByteCount = GSHORT(pd, offset);
5313 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5317 offset += 2; /* Skip Byte Count (BCC) */
5324 dissect_read_raw_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5337 if (dirn == 1) { /* Request(s) dissect code */
5339 WordCount = GBYTE(pd, offset);
5341 switch (WordCount) {
5345 /* Build display for: Word Count (WCT) */
5347 WordCount = GBYTE(pd, offset);
5351 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5355 offset += 1; /* Skip Word Count (WCT) */
5357 /* Build display for: FID */
5359 FID = GSHORT(pd, offset);
5363 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
5367 offset += 2; /* Skip FID */
5369 /* Build display for: Offset */
5371 Offset = GWORD(pd, offset);
5375 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
5379 offset += 4; /* Skip Offset */
5381 /* Build display for: Max Count */
5383 MaxCount = GSHORT(pd, offset);
5387 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
5391 offset += 2; /* Skip Max Count */
5393 /* Build display for: Min Count */
5395 MinCount = GSHORT(pd, offset);
5399 proto_tree_add_text(tree, NullTVB, offset, 2, "Min Count: %u", MinCount);
5403 offset += 2; /* Skip Min Count */
5405 /* Build display for: Timeout */
5407 Timeout = GWORD(pd, offset);
5411 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
5415 offset += 4; /* Skip Timeout */
5417 /* Build display for: Reserved */
5419 Reserved = GSHORT(pd, offset);
5423 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
5427 offset += 2; /* Skip Reserved */
5429 /* Build display for: Byte Count (BCC) */
5431 ByteCount = GSHORT(pd, offset);
5435 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5439 offset += 2; /* Skip Byte Count (BCC) */
5445 /* Build display for: Word Count (WCT) */
5447 WordCount = GBYTE(pd, offset);
5451 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5455 offset += 1; /* Skip Word Count (WCT) */
5457 /* Build display for: FID */
5459 FID = GSHORT(pd, offset);
5463 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
5467 offset += 2; /* Skip FID */
5469 /* Build display for: Offset */
5471 Offset = GWORD(pd, offset);
5475 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
5479 offset += 4; /* Skip Offset */
5481 /* Build display for: Max Count */
5483 MaxCount = GSHORT(pd, offset);
5487 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
5491 offset += 2; /* Skip Max Count */
5493 /* Build display for: Min Count */
5495 MinCount = GSHORT(pd, offset);
5499 proto_tree_add_text(tree, NullTVB, offset, 2, "Min Count: %u", MinCount);
5503 offset += 2; /* Skip Min Count */
5505 /* Build display for: Timeout */
5507 Timeout = GWORD(pd, offset);
5511 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
5515 offset += 4; /* Skip Timeout */
5517 /* Build display for: Reserved */
5519 Reserved = GSHORT(pd, offset);
5523 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
5527 offset += 2; /* Skip Reserved */
5529 /* Build display for: Offset High */
5531 OffsetHigh = GWORD(pd, offset);
5535 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset High: %u", OffsetHigh);
5539 offset += 4; /* Skip Offset High */
5541 /* Build display for: Byte Count (BCC) */
5543 ByteCount = GSHORT(pd, offset);
5547 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5551 offset += 2; /* Skip Byte Count (BCC) */
5559 if (dirn == 0) { /* Response(s) dissect code */
5566 dissect_read_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5570 guint8 AndXReserved;
5571 guint8 AndXCommand = 0xFF;
5573 guint16 AndXOffset = 0;
5575 guint16 DataCompactionMode;
5586 if (dirn == 1) { /* Request(s) dissect code */
5588 /* Build display for: Word Count (WCT) */
5590 WordCount = GBYTE(pd, offset);
5594 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5598 offset += 1; /* Skip Word Count (WCT) */
5600 /* Build display for: AndXCommand */
5602 AndXCommand = GBYTE(pd, offset);
5606 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %u", AndXCommand);
5610 offset += 1; /* Skip AndXCommand */
5612 /* Build display for: AndXReserved */
5614 AndXReserved = GBYTE(pd, offset);
5618 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
5622 offset += 1; /* Skip AndXReserved */
5624 /* Build display for: AndXOffset */
5626 AndXOffset = GSHORT(pd, offset);
5630 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
5634 offset += 2; /* Skip AndXOffset */
5636 /* Build display for: FID */
5638 FID = GSHORT(pd, offset);
5642 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
5646 offset += 2; /* Skip FID */
5648 /* Build display for: Offset */
5650 Offset = GWORD(pd, offset);
5654 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
5658 offset += 4; /* Skip Offset */
5660 /* Build display for: Max Count */
5662 MaxCount = GSHORT(pd, offset);
5666 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
5670 offset += 2; /* Skip Max Count */
5672 /* Build display for: Min Count */
5674 MinCount = GSHORT(pd, offset);
5678 proto_tree_add_text(tree, NullTVB, offset, 2, "Min Count: %u", MinCount);
5682 offset += 2; /* Skip Min Count */
5684 /* Build display for: Reserved */
5686 Reserved = GWORD(pd, offset);
5690 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved: %u", Reserved);
5694 offset += 4; /* Skip Reserved */
5696 /* Build display for: Remaining */
5698 Remaining = GSHORT(pd, offset);
5702 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
5706 offset += 2; /* Skip Remaining */
5708 if (WordCount == 12) {
5710 /* Build display for: Offset High */
5712 OffsetHigh = GWORD(pd, offset);
5716 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset High: %u", OffsetHigh);
5720 offset += 4; /* Skip Offset High */
5723 /* Build display for: Byte Count (BCC) */
5725 ByteCount = GSHORT(pd, offset);
5729 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5733 offset += 2; /* Skip Byte Count (BCC) */
5736 if (AndXCommand != 0xFF) {
5738 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
5744 if (dirn == 0) { /* Response(s) dissect code */
5746 /* Build display for: Word Count (WCT) */
5748 WordCount = GBYTE(pd, offset);
5752 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5756 offset += 1; /* Skip Word Count (WCT) */
5758 /* Build display for: AndXCommand */
5760 AndXCommand = GBYTE(pd, offset);
5764 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %u", AndXCommand);
5768 offset += 1; /* Skip AndXCommand */
5770 /* Build display for: AndXReserved */
5772 AndXReserved = GBYTE(pd, offset);
5776 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
5780 offset += 1; /* Skip AndXReserved */
5782 /* Build display for: AndXOffset */
5784 AndXOffset = GSHORT(pd, offset);
5788 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
5792 offset += 2; /* Skip AndXOffset */
5794 /* Build display for: Remaining */
5796 Remaining = GSHORT(pd, offset);
5800 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
5804 offset += 2; /* Skip Remaining */
5806 /* Build display for: Data Compaction Mode */
5808 DataCompactionMode = GSHORT(pd, offset);
5812 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Compaction Mode: %u", DataCompactionMode);
5816 offset += 2; /* Skip Data Compaction Mode */
5818 /* Build display for: Reserved */
5820 Reserved = GSHORT(pd, offset);
5824 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
5828 offset += 2; /* Skip Reserved */
5830 /* Build display for: Data Length */
5832 DataLength = GSHORT(pd, offset);
5836 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
5840 offset += 2; /* Skip Data Length */
5842 /* Build display for: Data Offset */
5844 DataOffset = GSHORT(pd, offset);
5848 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
5852 offset += 2; /* Skip Data Offset */
5854 /* Build display for: Reserved[5] */
5856 for(i = 1; i <= 5; ++i) {
5858 Reserved = GSHORT(pd, offset);
5862 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved%u: %u", i, Reserved);
5868 /* Build display for: Byte Count (BCC) */
5870 ByteCount = GSHORT(pd, offset);
5874 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5878 offset += 2; /* Skip Byte Count (BCC) */
5880 /* Build display for data */
5884 offset = SMB_offset + DataOffset;
5885 if(END_OF_FRAME >= DataLength)
5886 proto_tree_add_text(tree, NullTVB, offset, DataLength, "Data (%u bytes)", DataLength);
5888 proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Data (first %u bytes)", END_OF_FRAME);
5892 if (AndXCommand != 0xFF) {
5894 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
5903 dissect_logoff_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5907 guint8 AndXReserved;
5908 guint8 AndXCommand = 0xFF;
5910 guint16 AndXOffset = 0;
5912 if (dirn == 1) { /* Request(s) dissect code */
5914 /* Build display for: Word Count (WCT) */
5916 WordCount = GBYTE(pd, offset);
5920 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5924 offset += 1; /* Skip Word Count (WCT) */
5926 /* Build display for: AndXCommand */
5928 AndXCommand = GBYTE(pd, offset);
5932 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %u", AndXCommand);
5936 offset += 1; /* Skip AndXCommand */
5938 /* Build display for: AndXReserved */
5940 AndXReserved = GBYTE(pd, offset);
5944 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
5948 offset += 1; /* Skip AndXReserved */
5950 /* Build display for: AndXOffset */
5952 AndXOffset = GSHORT(pd, offset);
5956 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
5960 offset += 2; /* Skip AndXOffset */
5962 /* Build display for: Byte Count (BCC) */
5964 ByteCount = GSHORT(pd, offset);
5968 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5972 offset += 2; /* Skip Byte Count (BCC) */
5975 if (AndXCommand != 0xFF) {
5977 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
5983 if (dirn == 0) { /* Response(s) dissect code */
5985 /* Build display for: Word Count (WCT) */
5987 WordCount = GBYTE(pd, offset);
5991 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5995 offset += 1; /* Skip Word Count (WCT) */
5997 /* Build display for: AndXCommand */
5999 AndXCommand = GBYTE(pd, offset);
6003 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %u", AndXCommand);
6007 offset += 1; /* Skip AndXCommand */
6009 /* Build display for: AndXReserved */
6011 AndXReserved = GBYTE(pd, offset);
6015 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
6019 offset += 1; /* Skip AndXReserved */
6021 /* Build display for: AndXOffset */
6023 AndXOffset = GSHORT(pd, offset);
6027 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
6031 offset += 2; /* Skip AndXOffset */
6033 /* Build display for: Byte Count (BCC) */
6035 ByteCount = GSHORT(pd, offset);
6039 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6043 offset += 2; /* Skip Byte Count (BCC) */
6046 if (AndXCommand != 0xFF) {
6048 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
6057 dissect_seek_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6060 static const value_string Mode_0x03[] = {
6061 { 0, "Seek from start of file"},
6062 { 1, "Seek from current position"},
6063 { 2, "Seek from end of file"},
6066 proto_tree *Mode_tree;
6074 if (dirn == 1) { /* Request(s) dissect code */
6076 /* Build display for: Word Count (WCT) */
6078 WordCount = GBYTE(pd, offset);
6082 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6086 offset += 1; /* Skip Word Count (WCT) */
6088 /* Build display for: FID */
6090 FID = GSHORT(pd, offset);
6094 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
6098 offset += 2; /* Skip FID */
6100 /* Build display for: Mode */
6102 Mode = GSHORT(pd, offset);
6106 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Mode: 0x%02x", Mode);
6107 Mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
6108 proto_tree_add_text(Mode_tree, NullTVB, offset, 2, "%s",
6109 decode_enumerated_bitfield(Mode, 0x03, 16, Mode_0x03, "%s"));
6113 offset += 2; /* Skip Mode */
6115 /* Build display for: Offset */
6117 Offset = GWORD(pd, offset);
6121 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
6125 offset += 4; /* Skip Offset */
6127 /* Build display for: Byte Count (BCC) */
6129 ByteCount = GSHORT(pd, offset);
6133 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6137 offset += 2; /* Skip Byte Count (BCC) */
6141 if (dirn == 0) { /* Response(s) dissect code */
6143 /* Build display for: Word Count (WCT) */
6145 WordCount = GBYTE(pd, offset);
6149 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6153 offset += 1; /* Skip Word Count (WCT) */
6155 /* Build display for: Offset */
6157 Offset = GWORD(pd, offset);
6161 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
6165 offset += 4; /* Skip Offset */
6167 /* Build display for: Byte Count (BCC) */
6169 ByteCount = GSHORT(pd, offset);
6173 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6177 offset += 2; /* Skip Byte Count (BCC) */
6184 dissect_write_and_unlock_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6188 guint8 BufferFormat;
6196 if (dirn == 1) { /* Request(s) dissect code */
6198 /* Build display for: Word Count (WCT) */
6200 WordCount = GBYTE(pd, offset);
6204 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6208 offset += 1; /* Skip Word Count (WCT) */
6210 /* Build display for: FID */
6212 FID = GSHORT(pd, offset);
6216 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
6220 offset += 2; /* Skip FID */
6222 /* Build display for: Count */
6224 Count = GSHORT(pd, offset);
6228 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
6232 offset += 2; /* Skip Count */
6234 /* Build display for: Offset */
6236 Offset = GWORD(pd, offset);
6240 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
6244 offset += 4; /* Skip Offset */
6246 /* Build display for: Remaining */
6248 Remaining = GSHORT(pd, offset);
6252 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
6256 offset += 2; /* Skip Remaining */
6258 /* Build display for: Byte Count (BCC) */
6260 ByteCount = GSHORT(pd, offset);
6264 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6268 offset += 2; /* Skip Byte Count (BCC) */
6270 /* Build display for: Buffer Format */
6272 BufferFormat = GBYTE(pd, offset);
6276 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
6280 offset += 1; /* Skip Buffer Format */
6282 /* Build display for: Data Length */
6284 DataLength = GSHORT(pd, offset);
6288 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
6292 offset += 2; /* Skip Data Length */
6296 if (dirn == 0) { /* Response(s) dissect code */
6298 /* Build display for: Word Count (WCT) */
6300 WordCount = GBYTE(pd, offset);
6304 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6308 offset += 1; /* Skip Word Count (WCT) */
6310 /* Build display for: Count */
6312 Count = GSHORT(pd, offset);
6316 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
6320 offset += 2; /* Skip Count */
6322 /* Build display for: Byte Count (BCC) */
6324 ByteCount = GSHORT(pd, offset);
6328 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6332 offset += 2; /* Skip Byte Count (BCC) */
6339 dissect_set_info2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6343 guint16 LastWriteTime;
6344 guint16 LastWriteDate;
6345 guint16 LastAccessTime;
6346 guint16 LastAccessDate;
6348 guint16 CreationTime;
6349 guint16 CreationDate;
6352 if (dirn == 1) { /* Request(s) dissect code */
6354 /* Build display for: Word Count */
6356 WordCount = GBYTE(pd, offset);
6360 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count: %u", WordCount);
6364 offset += 1; /* Skip Word Count */
6366 /* Build display for: FID */
6368 FID = GSHORT(pd, offset);
6372 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
6376 offset += 2; /* Skip FID */
6378 /* Build display for: Creation Date */
6380 CreationDate = GSHORT(pd, offset);
6384 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Date: %s", dissect_dos_date(CreationDate));
6388 offset += 2; /* Skip Creation Date */
6390 /* Build display for: Creation Time */
6392 CreationTime = GSHORT(pd, offset);
6396 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Time: %s", dissect_dos_time(CreationTime));
6400 offset += 2; /* Skip Creation Time */
6402 /* Build display for: Last Access Date */
6404 LastAccessDate = GSHORT(pd, offset);
6408 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Access Date: %s", dissect_dos_date(LastAccessDate));
6412 offset += 2; /* Skip Last Access Date */
6414 /* Build display for: Last Access Time */
6416 LastAccessTime = GSHORT(pd, offset);
6420 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Access Time: %s", dissect_dos_time(LastAccessTime));
6424 offset += 2; /* Skip Last Access Time */
6426 /* Build display for: Last Write Date */
6428 LastWriteDate = GSHORT(pd, offset);
6432 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_dos_date(LastWriteDate));
6436 offset += 2; /* Skip Last Write Date */
6438 /* Build display for: Last Write Time */
6440 LastWriteTime = GSHORT(pd, offset);
6444 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_dos_time(LastWriteTime));
6448 offset += 2; /* Skip Last Write Time */
6450 /* Build display for: Byte Count (BCC) */
6452 ByteCount = GSHORT(pd, offset);
6456 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6460 offset += 2; /* Skip Byte Count (BCC) */
6464 if (dirn == 0) { /* Response(s) dissect code */
6466 /* Build display for: Word Count (WCC) */
6468 WordCount = GBYTE(pd, offset);
6472 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCC): %u", WordCount);
6476 offset += 1; /* Skip Word Count (WCC) */
6478 /* Build display for: Byte Count (BCC) */
6480 ByteCount = GSHORT(pd, offset);
6484 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6488 offset += 2; /* Skip Byte Count (BCC) */
6495 dissect_lock_bytes_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6504 if (dirn == 1) { /* Request(s) dissect code */
6506 /* Build display for: Word Count (WCT) */
6508 WordCount = GBYTE(pd, offset);
6512 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6516 offset += 1; /* Skip Word Count (WCT) */
6518 /* Build display for: FID */
6520 FID = GSHORT(pd, offset);
6524 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
6528 offset += 2; /* Skip FID */
6530 /* Build display for: Count */
6532 Count = GWORD(pd, offset);
6536 proto_tree_add_text(tree, NullTVB, offset, 4, "Count: %u", Count);
6540 offset += 4; /* Skip Count */
6542 /* Build display for: Offset */
6544 Offset = GWORD(pd, offset);
6548 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
6552 offset += 4; /* Skip Offset */
6554 /* Build display for: Byte Count (BCC) */
6556 ByteCount = GSHORT(pd, offset);
6560 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6564 offset += 2; /* Skip Byte Count (BCC) */
6568 if (dirn == 0) { /* Response(s) dissect code */
6570 /* Build display for: Word Count (WCT) */
6572 WordCount = GBYTE(pd, offset);
6576 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6580 offset += 1; /* Skip Word Count (WCT) */
6582 /* Build display for: Byte Count (BCC) */
6584 ByteCount = GSHORT(pd, offset);
6588 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6592 offset += 2; /* Skip Byte Count (BCC) */
6599 dissect_get_print_queue_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6603 guint8 BufferFormat;
6605 guint16 RestartIndex;
6611 if (dirn == 1) { /* Request(s) dissect code */
6613 /* Build display for: Word Count */
6615 WordCount = GBYTE(pd, offset);
6619 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count: %u", WordCount);
6623 offset += 1; /* Skip Word Count */
6625 /* Build display for: Max Count */
6627 MaxCount = GSHORT(pd, offset);
6631 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
6635 offset += 2; /* Skip Max Count */
6637 /* Build display for: Start Index */
6639 StartIndex = GSHORT(pd, offset);
6643 proto_tree_add_text(tree, NullTVB, offset, 2, "Start Index: %u", StartIndex);
6647 offset += 2; /* Skip Start Index */
6649 /* Build display for: Byte Count (BCC) */
6651 ByteCount = GSHORT(pd, offset);
6655 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6659 offset += 2; /* Skip Byte Count (BCC) */
6663 if (dirn == 0) { /* Response(s) dissect code */
6665 /* Build display for: Word Count (WCT) */
6667 WordCount = GBYTE(pd, offset);
6671 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6675 offset += 1; /* Skip Word Count (WCT) */
6677 if (WordCount > 0) {
6679 /* Build display for: Count */
6681 Count = GSHORT(pd, offset);
6685 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
6689 offset += 2; /* Skip Count */
6691 /* Build display for: Restart Index */
6693 RestartIndex = GSHORT(pd, offset);
6697 proto_tree_add_text(tree, NullTVB, offset, 2, "Restart Index: %u", RestartIndex);
6701 offset += 2; /* Skip Restart Index */
6703 /* Build display for: Byte Count (BCC) */
6707 ByteCount = GSHORT(pd, offset);
6711 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6715 offset += 2; /* Skip Byte Count (BCC) */
6717 /* Build display for: Buffer Format */
6719 BufferFormat = GBYTE(pd, offset);
6723 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
6727 offset += 1; /* Skip Buffer Format */
6729 /* Build display for: Data Length */
6731 DataLength = GSHORT(pd, offset);
6735 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
6739 offset += 2; /* Skip Data Length */
6746 dissect_locking_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6749 proto_tree *LockType_tree;
6754 guint8 AndXReserved;
6755 guint8 AndXCommand = 0xFF;
6757 guint16 NumberofLocks;
6758 guint16 NumberOfUnlocks;
6762 guint16 AndXOffset = 0;
6764 if (dirn == 1) { /* Request(s) dissect code */
6766 /* Build display for: Word Count (WCT) */
6768 WordCount = GBYTE(pd, offset);
6772 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6776 offset += 1; /* Skip Word Count (WCT) */
6778 /* Build display for: AndXCommand */
6780 AndXCommand = GBYTE(pd, offset);
6784 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %u", AndXCommand);
6788 offset += 1; /* Skip AndXCommand */
6790 /* Build display for: AndXReserved */
6792 AndXReserved = GBYTE(pd, offset);
6796 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
6800 offset += 1; /* Skip AndXReserved */
6802 /* Build display for: AndXOffset */
6804 AndXOffset = GSHORT(pd, offset);
6808 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
6812 offset += 2; /* Skip AndXOffset */
6814 /* Build display for: FID */
6816 FID = GSHORT(pd, offset);
6820 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
6824 offset += 2; /* Skip FID */
6826 /* Build display for: Lock Type */
6828 LockType = GBYTE(pd, offset);
6832 ti = proto_tree_add_text(tree, NullTVB, offset, 1, "Lock Type: 0x%01x", LockType);
6833 LockType_tree = proto_item_add_subtree(ti, ett_smb_lock_type);
6834 proto_tree_add_text(LockType_tree, NullTVB, offset, 1, "%s",
6835 decode_boolean_bitfield(LockType, 0x01, 16, "Read-only lock", "Not a Read-only lock"));
6836 proto_tree_add_text(LockType_tree, NullTVB, offset, 1, "%s",
6837 decode_boolean_bitfield(LockType, 0x02, 16, "Oplock break notification", "Not an Oplock break notification"));
6838 proto_tree_add_text(LockType_tree, NullTVB, offset, 1, "%s",
6839 decode_boolean_bitfield(LockType, 0x04, 16, "Change lock type", "Not a lock type change"));
6840 proto_tree_add_text(LockType_tree, NullTVB, offset, 1, "%s",
6841 decode_boolean_bitfield(LockType, 0x08, 16, "Cancel outstanding request", "Dont cancel outstanding request"));
6842 proto_tree_add_text(LockType_tree, NullTVB, offset, 1, "%s",
6843 decode_boolean_bitfield(LockType, 0x10, 16, "Large file locking format", "Not a large file locking format"));
6847 offset += 1; /* Skip Lock Type */
6849 /* Build display for: OplockLevel */
6851 OplockLevel = GBYTE(pd, offset);
6855 proto_tree_add_text(tree, NullTVB, offset, 1, "OplockLevel: %u", OplockLevel);
6859 offset += 1; /* Skip OplockLevel */
6861 /* Build display for: Timeout */
6863 Timeout = GWORD(pd, offset);
6867 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
6871 offset += 4; /* Skip Timeout */
6873 /* Build display for: Number Of Unlocks */
6875 NumberOfUnlocks = GSHORT(pd, offset);
6879 proto_tree_add_text(tree, NullTVB, offset, 2, "Number Of Unlocks: %u", NumberOfUnlocks);
6883 offset += 2; /* Skip Number Of Unlocks */
6885 /* Build display for: Number of Locks */
6887 NumberofLocks = GSHORT(pd, offset);
6891 proto_tree_add_text(tree, NullTVB, offset, 2, "Number of Locks: %u", NumberofLocks);
6895 offset += 2; /* Skip Number of Locks */
6897 /* Build display for: Byte Count (BCC) */
6899 ByteCount = GSHORT(pd, offset);
6903 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6907 offset += 2; /* Skip Byte Count (BCC) */
6910 if (AndXCommand != 0xFF) {
6912 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
6918 if (dirn == 0) { /* Response(s) dissect code */
6920 /* Build display for: Word Count (WCT) */
6922 WordCount = GBYTE(pd, offset);
6926 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6930 offset += 1; /* Skip Word Count (WCT) */
6932 if (WordCount > 0) {
6934 /* Build display for: AndXCommand */
6936 AndXCommand = GBYTE(pd, offset);
6940 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
6941 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
6945 offset += 1; /* Skip AndXCommand */
6947 /* Build display for: AndXReserved */
6949 AndXReserved = GBYTE(pd, offset);
6953 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
6957 offset += 1; /* Skip AndXReserved */
6959 /* Build display for: AndXoffset */
6961 AndXoffset = GSHORT(pd, offset);
6965 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXoffset: %u", AndXoffset);
6969 offset += 2; /* Skip AndXoffset */
6973 /* Build display for: Byte Count */
6975 ByteCount = GSHORT(pd, offset);
6979 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
6983 offset += 2; /* Skip Byte Count */
6986 if (AndXCommand != 0xFF) {
6988 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
6997 dissect_unlock_bytes_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7006 if (dirn == 1) { /* Request(s) dissect code */
7008 /* Build display for: Word Count (WCT) */
7010 WordCount = GBYTE(pd, offset);
7014 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7018 offset += 1; /* Skip Word Count (WCT) */
7020 /* Build display for: FID */
7022 FID = GSHORT(pd, offset);
7026 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
7030 offset += 2; /* Skip FID */
7032 /* Build display for: Count */
7034 Count = GWORD(pd, offset);
7038 proto_tree_add_text(tree, NullTVB, offset, 4, "Count: %u", Count);
7042 offset += 4; /* Skip Count */
7044 /* Build display for: Offset */
7046 Offset = GWORD(pd, offset);
7050 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
7054 offset += 4; /* Skip Offset */
7056 /* Build display for: Byte Count (BCC) */
7058 ByteCount = GSHORT(pd, offset);
7062 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7066 offset += 2; /* Skip Byte Count (BCC) */
7070 if (dirn == 0) { /* Response(s) dissect code */
7072 /* Build display for: Word Count (WCT) */
7074 WordCount = GBYTE(pd, offset);
7078 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7082 offset += 1; /* Skip Word Count (WCT) */
7084 /* Build display for: Byte Count (BCC) */
7086 ByteCount = GSHORT(pd, offset);
7090 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7094 offset += 2; /* Skip Byte Count (BCC) */
7101 dissect_create_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7104 proto_tree *Attributes_tree;
7107 guint8 BufferFormat;
7109 guint16 CreationTime;
7112 const char *FileName;
7114 if (dirn == 1) { /* Request(s) dissect code */
7116 /* Build display for: Word Count (WCT) */
7118 WordCount = GBYTE(pd, offset);
7122 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7126 offset += 1; /* Skip Word Count (WCT) */
7128 /* Build display for: Attributes */
7130 Attributes = GSHORT(pd, offset);
7134 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Attributes: 0x%02x", Attributes);
7135 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
7136 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7137 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
7138 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7139 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
7140 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7141 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
7142 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7143 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
7144 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7145 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
7146 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7147 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
7151 offset += 2; /* Skip Attributes */
7153 /* Build display for: Creation Time */
7155 CreationTime = GSHORT(pd, offset);
7159 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Time: %s", dissect_dos_time(CreationTime));
7163 offset += 2; /* Skip Creation Time */
7165 /* Build display for: Byte Count (BCC) */
7167 ByteCount = GSHORT(pd, offset);
7171 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7175 offset += 2; /* Skip Byte Count (BCC) */
7177 /* Build display for: Buffer Format */
7179 BufferFormat = GBYTE(pd, offset);
7183 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
7187 offset += 1; /* Skip Buffer Format */
7189 /* Build display for: File Name */
7191 FileName = pd + offset;
7195 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
7199 offset += strlen(FileName) + 1; /* Skip File Name */
7203 if (dirn == 0) { /* Response(s) dissect code */
7205 /* Build display for: Word Count (WCT) */
7207 WordCount = GBYTE(pd, offset);
7211 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7215 offset += 1; /* Skip Word Count (WCT) */
7217 if (WordCount > 0) {
7219 /* Build display for: FID */
7221 FID = GSHORT(pd, offset);
7225 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
7229 offset += 2; /* Skip FID */
7233 /* Build display for: Byte Count (BCC) */
7235 ByteCount = GSHORT(pd, offset);
7239 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7243 offset += 2; /* Skip Byte Count (BCC) */
7250 dissect_search_dir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7254 guint8 BufferFormat2;
7255 guint8 BufferFormat1;
7256 guint8 BufferFormat;
7257 guint16 SearchAttributes;
7258 guint16 ResumeKeyLength;
7263 const char *FileName;
7265 if (dirn == 1) { /* Request(s) dissect code */
7267 /* Build display for: Word Count (WCT) */
7269 WordCount = GBYTE(pd, offset);
7273 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7277 offset += 1; /* Skip Word Count (WCT) */
7279 /* Build display for: Max Count */
7281 MaxCount = GSHORT(pd, offset);
7285 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
7289 offset += 2; /* Skip Max Count */
7291 /* Build display for: Search Attributes */
7293 SearchAttributes = GSHORT(pd, offset);
7297 proto_tree_add_text(tree, NullTVB, offset, 2, "Search Attributes: %u", SearchAttributes);
7301 offset += 2; /* Skip Search Attributes */
7303 /* Build display for: Byte Count (BCC) */
7305 ByteCount = GSHORT(pd, offset);
7309 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7313 offset += 2; /* Skip Byte Count (BCC) */
7315 /* Build display for: Buffer Format 1 */
7317 BufferFormat1 = GBYTE(pd, offset);
7321 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format 1: %u", BufferFormat1);
7325 offset += 1; /* Skip Buffer Format 1 */
7327 /* Build display for: File Name */
7329 FileName = pd + offset;
7333 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
7337 offset += strlen(FileName) + 1; /* Skip File Name */
7339 /* Build display for: Buffer Format 2 */
7341 BufferFormat2 = GBYTE(pd, offset);
7345 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format 2: %u", BufferFormat2);
7349 offset += 1; /* Skip Buffer Format 2 */
7351 /* Build display for: Resume Key Length */
7353 ResumeKeyLength = GSHORT(pd, offset);
7357 proto_tree_add_text(tree, NullTVB, offset, 2, "Resume Key Length: %u", ResumeKeyLength);
7361 offset += 2; /* Skip Resume Key Length */
7365 if (dirn == 0) { /* Response(s) dissect code */
7367 /* Build display for: Word Count (WCT) */
7369 WordCount = GBYTE(pd, offset);
7373 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7377 offset += 1; /* Skip Word Count (WCT) */
7379 if (WordCount > 0) {
7381 /* Build display for: Count */
7383 Count = GSHORT(pd, offset);
7387 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
7391 offset += 2; /* Skip Count */
7395 /* Build display for: Byte Count (BCC) */
7397 ByteCount = GSHORT(pd, offset);
7401 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7405 offset += 2; /* Skip Byte Count (BCC) */
7407 /* Build display for: Buffer Format */
7409 BufferFormat = GBYTE(pd, offset);
7413 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
7417 offset += 1; /* Skip Buffer Format */
7419 /* Build display for: Data Length */
7421 DataLength = GSHORT(pd, offset);
7425 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
7429 offset += 2; /* Skip Data Length */
7436 dissect_create_temporary_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7440 guint8 BufferFormat;
7443 guint16 CreationTime;
7444 guint16 CreationDate;
7446 const char *FileName;
7447 const char *DirectoryName;
7449 if (dirn == 1) { /* Request(s) dissect code */
7451 /* Build display for: Word Count (WCT) */
7453 WordCount = GBYTE(pd, offset);
7457 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7461 offset += 1; /* Skip Word Count (WCT) */
7463 /* Build display for: Reserved */
7465 Reserved = GSHORT(pd, offset);
7469 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
7473 offset += 2; /* Skip Reserved */
7475 /* Build display for: Creation Time */
7477 CreationTime = GSHORT(pd, offset);
7481 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Time: %s", dissect_dos_time(CreationTime));
7485 offset += 2; /* Skip Creation Time */
7487 /* Build display for: Creation Date */
7489 CreationDate = GSHORT(pd, offset);
7493 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Date: %s", dissect_dos_date(CreationDate));
7497 offset += 2; /* Skip Creation Date */
7499 /* Build display for: Byte Count (BCC) */
7501 ByteCount = GSHORT(pd, offset);
7505 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7509 offset += 2; /* Skip Byte Count (BCC) */
7511 /* Build display for: Buffer Format */
7513 BufferFormat = GBYTE(pd, offset);
7517 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
7521 offset += 1; /* Skip Buffer Format */
7523 /* Build display for: Directory Name */
7525 DirectoryName = pd + offset;
7529 proto_tree_add_text(tree, NullTVB, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
7533 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
7537 if (dirn == 0) { /* Response(s) dissect code */
7539 /* Build display for: Word Count (WCT) */
7541 WordCount = GBYTE(pd, offset);
7545 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7549 offset += 1; /* Skip Word Count (WCT) */
7551 if (WordCount > 0) {
7553 /* Build display for: FID */
7555 FID = GSHORT(pd, offset);
7559 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
7563 offset += 2; /* Skip FID */
7567 /* Build display for: Byte Count (BCC) */
7569 ByteCount = GSHORT(pd, offset);
7573 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7577 offset += 2; /* Skip Byte Count (BCC) */
7579 /* Build display for: Buffer Format */
7581 BufferFormat = GBYTE(pd, offset);
7585 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
7589 offset += 1; /* Skip Buffer Format */
7591 /* Build display for: File Name */
7593 FileName = pd + offset;
7597 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
7601 offset += strlen(FileName) + 1; /* Skip File Name */
7608 dissect_close_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7612 guint16 LastWriteTime;
7613 guint16 LastWriteDate;
7617 if (dirn == 1) { /* Request(s) dissect code */
7619 /* Build display for: Word Count (WCT) */
7621 WordCount = GBYTE(pd, offset);
7625 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7629 offset += 1; /* Skip Word Count (WCT) */
7631 /* Build display for: FID */
7633 FID = GSHORT(pd, offset);
7637 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
7641 offset += 2; /* Skip FID */
7643 /* Build display for: Last Write Time */
7645 LastWriteTime = GSHORT(pd, offset);
7649 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_dos_time(LastWriteTime));
7653 offset += 2; /* Skip Last Write Time */
7655 /* Build display for: Last Write Date */
7657 LastWriteDate = GSHORT(pd, offset);
7661 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_dos_date(LastWriteDate));
7665 offset += 2; /* Skip Last Write Date */
7667 /* Build display for: Byte Count (BCC) */
7669 ByteCount = GSHORT(pd, offset);
7673 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7677 offset += 2; /* Skip Byte Count (BCC) */
7681 if (dirn == 0) { /* Response(s) dissect code */
7683 /* Build display for: Word Count (WCT) */
7685 WordCount = GBYTE(pd, offset);
7689 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7693 offset += 1; /* Skip Word Count (WCT) */
7695 /* Build display for: Byte Count (BCC) */
7697 ByteCount = GSHORT(pd, offset);
7701 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7705 offset += 2; /* Skip Byte Count (BCC) */
7712 dissect_write_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7716 guint8 BufferFormat;
7721 if (dirn == 1) { /* Request(s) dissect code */
7723 /* Build display for: Word Count (WCT) */
7725 WordCount = GBYTE(pd, offset);
7729 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7733 offset += 1; /* Skip Word Count (WCT) */
7735 /* Build display for: FID */
7737 FID = GSHORT(pd, offset);
7741 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
7745 offset += 2; /* Skip FID */
7747 /* Build display for: Byte Count (BCC) */
7749 ByteCount = GSHORT(pd, offset);
7753 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7757 offset += 2; /* Skip Byte Count (BCC) */
7759 /* Build display for: Buffer Format */
7761 BufferFormat = GBYTE(pd, offset);
7765 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
7769 offset += 1; /* Skip Buffer Format */
7771 /* Build display for: Data Length */
7773 DataLength = GSHORT(pd, offset);
7777 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
7781 offset += 2; /* Skip Data Length */
7785 if (dirn == 0) { /* Response(s) dissect code */
7787 /* Build display for: Word Count (WCT) */
7789 WordCount = GBYTE(pd, offset);
7793 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7797 offset += 1; /* Skip Word Count (WCT) */
7799 /* Build display for: Byte Count (BCC) */
7801 ByteCount = GSHORT(pd, offset);
7805 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7809 offset += 2; /* Skip Byte Count (BCC) */
7816 dissect_lock_and_read_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7820 guint8 BufferFormat;
7832 if (dirn == 1) { /* Request(s) dissect code */
7834 /* Build display for: Word Count (WCT) */
7836 WordCount = GBYTE(pd, offset);
7840 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7844 offset += 1; /* Skip Word Count (WCT) */
7846 /* Build display for: FID */
7848 FID = GSHORT(pd, offset);
7852 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
7856 offset += 2; /* Skip FID */
7858 /* Build display for: Count */
7860 Count = GSHORT(pd, offset);
7864 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
7868 offset += 2; /* Skip Count */
7870 /* Build display for: Offset */
7872 Offset = GWORD(pd, offset);
7876 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
7880 offset += 4; /* Skip Offset */
7882 /* Build display for: Remaining */
7884 Remaining = GSHORT(pd, offset);
7888 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
7892 offset += 2; /* Skip Remaining */
7894 /* Build display for: Byte Count (BCC) */
7896 ByteCount = GSHORT(pd, offset);
7900 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7904 offset += 2; /* Skip Byte Count (BCC) */
7908 if (dirn == 0) { /* Response(s) dissect code */
7910 /* Build display for: Word Count (WCT) */
7912 WordCount = GBYTE(pd, offset);
7916 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7920 offset += 1; /* Skip Word Count (WCT) */
7922 if (WordCount > 0) {
7924 /* Build display for: Count */
7926 Count = GSHORT(pd, offset);
7930 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
7934 offset += 2; /* Skip Count */
7936 /* Build display for: Reserved 1 */
7938 Reserved1 = GSHORT(pd, offset);
7942 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
7946 offset += 2; /* Skip Reserved 1 */
7948 /* Build display for: Reserved 2 */
7950 Reserved2 = GSHORT(pd, offset);
7954 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 2: %u", Reserved2);
7958 offset += 2; /* Skip Reserved 2 */
7960 /* Build display for: Reserved 3 */
7962 Reserved3 = GSHORT(pd, offset);
7966 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 3: %u", Reserved3);
7970 offset += 2; /* Skip Reserved 3 */
7972 /* Build display for: Reserved 4 */
7974 Reserved4 = GSHORT(pd, offset);
7978 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 4: %u", Reserved4);
7982 offset += 2; /* Skip Reserved 4 */
7984 /* Build display for: Byte Count (BCC) */
7986 ByteCount = GSHORT(pd, offset);
7990 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7996 offset += 2; /* Skip Byte Count (BCC) */
7998 /* Build display for: Buffer Format */
8000 BufferFormat = GBYTE(pd, offset);
8004 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
8008 offset += 1; /* Skip Buffer Format */
8010 /* Build display for: Data Length */
8012 DataLength = GSHORT(pd, offset);
8016 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
8020 offset += 2; /* Skip Data Length */
8027 dissect_process_exit_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8033 if (dirn == 1) { /* Request(s) dissect code */
8035 /* Build display for: Word Count (WCT) */
8037 WordCount = GBYTE(pd, offset);
8041 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8045 offset += 1; /* Skip Word Count (WCT) */
8047 /* Build display for: Byte Count (BCC) */
8049 ByteCount = GSHORT(pd, offset);
8053 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8057 offset += 2; /* Skip Byte Count (BCC) */
8061 if (dirn == 0) { /* Response(s) dissect code */
8063 /* Build display for: Word Count (WCT) */
8065 WordCount = GBYTE(pd, offset);
8069 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8073 offset += 1; /* Skip Word Count (WCT) */
8075 /* Build display for: Byte Count (BCC) */
8077 ByteCount = GSHORT(pd, offset);
8081 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8085 offset += 2; /* Skip Byte Count (BCC) */
8092 dissect_get_file_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8095 proto_tree *Attributes_tree;
8098 guint8 BufferFormat;
8105 guint16 LastWriteTime;
8106 guint16 LastWriteDate;
8109 const char *FileName;
8111 if (dirn == 1) { /* Request(s) dissect code */
8113 /* Build display for: Word Count (WCT) */
8115 WordCount = GBYTE(pd, offset);
8119 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8123 offset += 1; /* Skip Word Count (WCT) */
8125 /* Build display for: Byte Count (BCC) */
8127 ByteCount = GSHORT(pd, offset);
8131 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8135 offset += 2; /* Skip Byte Count (BCC) */
8137 /* Build display for: Buffer Format */
8139 BufferFormat = GBYTE(pd, offset);
8143 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
8147 offset += 1; /* Skip Buffer Format */
8149 /* Build display for: File Name */
8151 FileName = pd + offset;
8155 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
8159 offset += strlen(FileName) + 1; /* Skip File Name */
8163 if (dirn == 0) { /* Response(s) dissect code */
8165 /* Build display for: Word Count (WCT) */
8167 WordCount = GBYTE(pd, offset);
8171 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8175 offset += 1; /* Skip Word Count (WCT) */
8177 if (WordCount > 0) {
8179 /* Build display for: Attributes */
8181 Attributes = GSHORT(pd, offset);
8185 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Attributes: 0x%02x", Attributes);
8186 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
8187 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
8188 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
8189 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
8190 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
8191 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
8192 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
8193 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
8194 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
8195 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
8196 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
8197 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
8198 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
8202 offset += 2; /* Skip Attributes */
8204 /* Build display for: Last Write Time */
8206 LastWriteTime = GSHORT(pd, offset);
8212 offset += 2; /* Skip Last Write Time */
8214 /* Build display for: Last Write Date */
8216 LastWriteDate = GSHORT(pd, offset);
8220 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_smbu_date(LastWriteDate, LastWriteTime));
8222 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_smbu_time(LastWriteDate, LastWriteTime));
8226 offset += 2; /* Skip Last Write Date */
8228 /* Build display for: File Size */
8230 FileSize = GWORD(pd, offset);
8234 proto_tree_add_text(tree, NullTVB, offset, 4, "File Size: %u", FileSize);
8238 offset += 4; /* Skip File Size */
8240 /* Build display for: Reserved 1 */
8242 Reserved1 = GSHORT(pd, offset);
8246 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
8250 offset += 2; /* Skip Reserved 1 */
8252 /* Build display for: Reserved 2 */
8254 Reserved2 = GSHORT(pd, offset);
8258 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 2: %u", Reserved2);
8262 offset += 2; /* Skip Reserved 2 */
8264 /* Build display for: Reserved 3 */
8266 Reserved3 = GSHORT(pd, offset);
8270 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 3: %u", Reserved3);
8274 offset += 2; /* Skip Reserved 3 */
8276 /* Build display for: Reserved 4 */
8278 Reserved4 = GSHORT(pd, offset);
8282 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 4: %u", Reserved4);
8286 offset += 2; /* Skip Reserved 4 */
8288 /* Build display for: Reserved 5 */
8290 Reserved5 = GSHORT(pd, offset);
8294 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 5: %u", Reserved5);
8298 offset += 2; /* Skip Reserved 5 */
8302 /* Build display for: Byte Count (BCC) */
8304 ByteCount = GSHORT(pd, offset);
8308 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8312 offset += 2; /* Skip Byte Count (BCC) */
8319 dissect_read_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8333 guint16 BufferFormat;
8335 if (dirn == 1) { /* Request(s) dissect code */
8337 /* Build display for: Word Count (WCT) */
8339 WordCount = GBYTE(pd, offset);
8343 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8347 offset += 1; /* Skip Word Count (WCT) */
8349 /* Build display for: FID */
8351 FID = GSHORT(pd, offset);
8355 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
8359 offset += 2; /* Skip FID */
8361 /* Build display for: Count */
8363 Count = GSHORT(pd, offset);
8367 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
8371 offset += 2; /* Skip Count */
8373 /* Build display for: Offset */
8375 Offset = GWORD(pd, offset);
8379 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
8383 offset += 4; /* Skip Offset */
8385 /* Build display for: Remaining */
8387 Remaining = GSHORT(pd, offset);
8391 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
8395 offset += 2; /* Skip Remaining */
8397 /* Build display for: Byte Count (BCC) */
8399 ByteCount = GSHORT(pd, offset);
8403 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8407 offset += 2; /* Skip Byte Count (BCC) */
8411 if (dirn == 0) { /* Response(s) dissect code */
8413 /* Build display for: Word Count (WCT) */
8415 WordCount = GBYTE(pd, offset);
8419 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8423 offset += 1; /* Skip Word Count (WCT) */
8425 if (WordCount > 0) {
8427 /* Build display for: Count */
8429 Count = GSHORT(pd, offset);
8433 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
8437 offset += 2; /* Skip Count */
8439 /* Build display for: Reserved 1 */
8441 Reserved1 = GSHORT(pd, offset);
8445 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
8449 offset += 2; /* Skip Reserved 1 */
8451 /* Build display for: Reserved 2 */
8453 Reserved2 = GSHORT(pd, offset);
8457 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 2: %u", Reserved2);
8461 offset += 2; /* Skip Reserved 2 */
8463 /* Build display for: Reserved 3 */
8465 Reserved3 = GSHORT(pd, offset);
8469 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 3: %u", Reserved3);
8473 offset += 2; /* Skip Reserved 3 */
8475 /* Build display for: Reserved 4 */
8477 Reserved4 = GSHORT(pd, offset);
8481 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 4: %u", Reserved4);
8485 offset += 2; /* Skip Reserved 4 */
8489 /* Build display for: Byte Count (BCC) */
8491 ByteCount = GSHORT(pd, offset);
8495 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8499 offset += 2; /* Skip Byte Count (BCC) */
8501 /* Build display for: Buffer Format */
8503 BufferFormat = GSHORT(pd, offset);
8507 proto_tree_add_text(tree, NullTVB, offset, 2, "Buffer Format: %u", BufferFormat);
8511 offset += 2; /* Skip Buffer Format */
8513 /* Build display for: Data Length */
8515 DataLength = GSHORT(pd, offset);
8519 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
8523 offset += 2; /* Skip Data Length */
8530 dissect_write_mpx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8533 proto_tree *WriteMode_tree;
8538 guint32 ResponseMask;
8539 guint32 RequestMask;
8548 if (dirn == 1) { /* Request(s) dissect code */
8550 /* Build display for: Word Count (WCT) */
8552 WordCount = GBYTE(pd, offset);
8556 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8560 offset += 1; /* Skip Word Count (WCT) */
8562 /* Build display for: FID */
8564 FID = GSHORT(pd, offset);
8568 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
8572 offset += 2; /* Skip FID */
8574 /* Build display for: Count */
8576 Count = GSHORT(pd, offset);
8580 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
8584 offset += 2; /* Skip Count */
8586 /* Build display for: Reserved 1 */
8588 Reserved1 = GSHORT(pd, offset);
8592 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
8596 offset += 2; /* Skip Reserved 1 */
8598 /* Build display for: Timeout */
8600 Timeout = GWORD(pd, offset);
8604 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
8608 offset += 4; /* Skip Timeout */
8610 /* Build display for: WriteMode */
8612 WriteMode = GSHORT(pd, offset);
8616 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "WriteMode: 0x%02x", WriteMode);
8617 WriteMode_tree = proto_item_add_subtree(ti, ett_smb_writemode);
8618 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
8619 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
8620 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
8621 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining", "Dont return Remaining"));
8622 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
8623 decode_boolean_bitfield(WriteMode, 0x40, 16, "Connectionless mode requested", "Connectionless mode not requested"));
8627 offset += 2; /* Skip WriteMode */
8629 /* Build display for: Request Mask */
8631 RequestMask = GWORD(pd, offset);
8635 proto_tree_add_text(tree, NullTVB, offset, 4, "Request Mask: %u", RequestMask);
8639 offset += 4; /* Skip Request Mask */
8641 /* Build display for: Data Length */
8643 DataLength = GSHORT(pd, offset);
8647 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
8651 offset += 2; /* Skip Data Length */
8653 /* Build display for: Data Offset */
8655 DataOffset = GSHORT(pd, offset);
8659 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
8663 offset += 2; /* Skip Data Offset */
8665 /* Build display for: Byte Count (BCC) */
8667 ByteCount = GSHORT(pd, offset);
8671 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8675 offset += 2; /* Skip Byte Count (BCC) */
8677 /* Build display for: Pad */
8679 Pad = GBYTE(pd, offset);
8683 proto_tree_add_text(tree, NullTVB, offset, 1, "Pad: %u", Pad);
8687 offset += 1; /* Skip Pad */
8691 if (dirn == 0) { /* Response(s) dissect code */
8693 /* Build display for: Word Count (WCT) */
8695 WordCount = GBYTE(pd, offset);
8699 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8703 offset += 1; /* Skip Word Count (WCT) */
8705 if (WordCount > 0) {
8707 /* Build display for: Response Mask */
8709 ResponseMask = GWORD(pd, offset);
8713 proto_tree_add_text(tree, NullTVB, offset, 4, "Response Mask: %u", ResponseMask);
8717 offset += 4; /* Skip Response Mask */
8719 /* Build display for: Byte Count (BCC) */
8721 ByteCount = GSHORT(pd, offset);
8725 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8731 offset += 2; /* Skip Byte Count (BCC) */
8738 dissect_find_close2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8745 if (dirn == 1) { /* Request(s) dissect code */
8747 /* Build display for: Word Count (WTC) */
8749 WordCount = GBYTE(pd, offset);
8753 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WTC): %u", WordCount);
8757 offset += 1; /* Skip Word Count (WTC) */
8759 /* Build display for: FID */
8761 FID = GSHORT(pd, offset);
8765 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
8769 offset += 2; /* Skip FID */
8771 /* Build display for: Byte Count (BCC) */
8773 ByteCount = GSHORT(pd, offset);
8777 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8781 offset += 2; /* Skip Byte Count (BCC) */
8785 if (dirn == 0) { /* Response(s) dissect code */
8787 /* Build display for: Word Count (WCT) */
8789 WordCount = GBYTE(pd, offset);
8793 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8797 offset += 1; /* Skip Word Count (WCT) */
8799 /* Build display for: Byte Count (BCC) */
8801 ByteCount = GBYTE(pd, offset);
8805 proto_tree_add_text(tree, NullTVB, offset, 1, "Byte Count (BCC): %u", ByteCount);
8809 offset += 1; /* Skip Byte Count (BCC) */
8815 char *trans2_cmd_names[] = {
8817 "TRANS2_FIND_FIRST2",
8818 "TRANS2_FIND_NEXT2",
8819 "TRANS2_QUERY_FS_INFORMATION",
8821 "TRANS2_QUERY_PATH_INFORMATION",
8822 "TRANS2_SET_PATH_INFORMATION",
8823 "TRANS2_QUERY_FILE_INFORMATION",
8824 "TRANS2_SET_FILE_INFORMATION",
8827 "TRANS2_FIND_NOTIFY_FIRST",
8828 "TRANS2_FIND_NOTIFY_NEXT",
8829 "TRANS2_CREATE_DIRECTORY",
8830 "TRANS2_SESSION_SETUP",
8831 "TRANS2_GET_DFS_REFERRAL",
8833 "TRANS2_REPORT_DFS_INCONSISTENCY"};
8835 char *decode_trans2_name(int code)
8838 if (code > 17 || code < 0) {
8840 return("no such command");
8844 return trans2_cmd_names[code];
8850 dissect_transact2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8853 proto_tree *Flags_tree;
8859 guint8 MaxSetupCount;
8862 guint16 TotalParameterCount;
8863 guint16 TotalDataCount;
8866 guint16 ParameterOffset;
8867 guint16 ParameterDisplacement;
8868 guint16 ParameterCount;
8869 guint16 MaxParameterCount;
8870 guint16 MaxDataCount;
8873 guint16 DataDisplacement;
8876 conversation_t *conversation;
8877 struct smb_request_key request_key, *new_request_key;
8878 struct smb_request_val *request_val;
8881 * Find out what conversation this packet is part of.
8882 * XXX - this should really be done by the transport-layer protocol,
8883 * although for connectionless transports, we may not want to do that
8884 * unless we know some higher-level protocol will want it - or we
8885 * may want to do it, so you can say e.g. "show only the packets in
8886 * this UDP 'connection'".
8888 * Note that we don't have to worry about the direction this packet
8889 * was going - the conversation code handles that for us, treating
8890 * packets from A:X to B:Y as being part of the same conversation as
8891 * packets from B:Y to A:X.
8893 conversation = find_conversation(&pi.src, &pi.dst, pi.ptype,
8894 pi.srcport, pi.destport);
8895 if (conversation == NULL) {
8896 /* It's not part of any conversation - create a new one. */
8897 conversation = conversation_new(&pi.src, &pi.dst, pi.ptype,
8898 pi.srcport, pi.destport, NULL);
8901 si.conversation = conversation; /* Save this for later */
8904 * Check for and insert entry in request hash table if does not exist
8906 request_key.conversation = conversation->index;
8907 request_key.mid = si.mid;
8909 request_val = (struct smb_request_val *) g_hash_table_lookup(smb_request_hash, &request_key);
8911 if (!request_val) { /* Create one */
8913 new_request_key = g_mem_chunk_alloc(smb_request_keys);
8914 new_request_key -> conversation = conversation->index;
8915 new_request_key -> mid = si.mid;
8917 request_val = g_mem_chunk_alloc(smb_request_vals);
8918 request_val -> mid = si.mid;
8919 request_val -> last_transact2_command = 0xFFFF;
8921 g_hash_table_insert(smb_request_hash, new_request_key, request_val);
8924 else { /* Update the transact request */
8926 request_val -> mid = si.mid;
8930 si.request_val = request_val; /* Save this for later */
8933 if (dirn == 1) { /* Request(s) dissect code */
8935 /* Build display for: Word Count (WCT) */
8937 WordCount = GBYTE(pd, offset);
8941 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8945 offset += 1; /* Skip Word Count (WCT) */
8947 /* Build display for: Total Parameter Count */
8949 TotalParameterCount = GSHORT(pd, offset);
8953 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
8957 offset += 2; /* Skip Total Parameter Count */
8959 /* Build display for: Total Data Count */
8961 TotalDataCount = GSHORT(pd, offset);
8965 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Data Count: %u", TotalDataCount);
8969 offset += 2; /* Skip Total Data Count */
8971 /* Build display for: Max Parameter Count */
8973 MaxParameterCount = GSHORT(pd, offset);
8977 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Parameter Count: %u", MaxParameterCount);
8981 offset += 2; /* Skip Max Parameter Count */
8983 /* Build display for: Max Data Count */
8985 MaxDataCount = GSHORT(pd, offset);
8989 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Data Count: %u", MaxDataCount);
8993 offset += 2; /* Skip Max Data Count */
8995 /* Build display for: Max Setup Count */
8997 MaxSetupCount = GBYTE(pd, offset);
9001 proto_tree_add_text(tree, NullTVB, offset, 1, "Max Setup Count: %u", MaxSetupCount);
9005 offset += 1; /* Skip Max Setup Count */
9007 /* Build display for: Reserved1 */
9009 Reserved1 = GBYTE(pd, offset);
9013 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved1: %u", Reserved1);
9017 offset += 1; /* Skip Reserved1 */
9019 /* Build display for: Flags */
9021 Flags = GSHORT(pd, offset);
9025 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Flags: 0x%02x", Flags);
9026 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
9027 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
9028 decode_boolean_bitfield(Flags, 0x01, 16, "Also disconnect TID", "Dont disconnect TID"));
9029 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
9030 decode_boolean_bitfield(Flags, 0x02, 16, "One way transaction", "Two way transaction"));
9034 offset += 2; /* Skip Flags */
9036 /* Build display for: Timeout */
9038 Timeout = GWORD(pd, offset);
9042 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
9046 offset += 4; /* Skip Timeout */
9048 /* Build display for: Reserved2 */
9050 Reserved2 = GSHORT(pd, offset);
9054 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved2: %u", Reserved2);
9058 offset += 2; /* Skip Reserved2 */
9060 /* Build display for: Parameter Count */
9062 ParameterCount = GSHORT(pd, offset);
9066 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Count: %u", ParameterCount);
9070 offset += 2; /* Skip Parameter Count */
9072 /* Build display for: Parameter Offset */
9074 ParameterOffset = GSHORT(pd, offset);
9078 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Offset: %u", ParameterOffset);
9082 offset += 2; /* Skip Parameter Offset */
9084 /* Build display for: Data Count */
9086 DataCount = GSHORT(pd, offset);
9090 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Count: %u", DataCount);
9094 offset += 2; /* Skip Data Count */
9096 /* Build display for: Data Offset */
9098 DataOffset = GSHORT(pd, offset);
9102 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
9106 offset += 2; /* Skip Data Offset */
9108 /* Build display for: Setup Count */
9110 SetupCount = GBYTE(pd, offset);
9114 proto_tree_add_text(tree, NullTVB, offset, 1, "Setup Count: %u", SetupCount);
9118 offset += 1; /* Skip Setup Count */
9120 /* Build display for: Reserved3 */
9122 Reserved3 = GBYTE(pd, offset);
9126 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved3: %u", Reserved3);
9130 offset += 1; /* Skip Reserved3 */
9132 /* Build display for: Setup */
9134 if (SetupCount > 0) {
9138 Setup = GSHORT(pd, offset);
9140 request_val -> last_transact2_command = Setup; /* Save for later */
9142 if (check_col(fd, COL_INFO)) {
9144 col_add_fstr(fd, COL_INFO, "%s %s", decode_trans2_name(Setup), (dirn ? "Request" : "Response"));
9148 for (i = 1; i <= SetupCount; i++) {
9151 Setup1 = GSHORT(pd, offset);
9155 proto_tree_add_text(tree, NullTVB, offset, 2, "Setup%i: %u", i, Setup1);
9159 offset += 2; /* Skip Setup */
9165 /* Build display for: Byte Count (BCC) */
9167 ByteCount = GSHORT(pd, offset);
9171 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
9175 offset += 2; /* Skip Byte Count (BCC) */
9177 /* Build display for: Transact Name */
9181 proto_tree_add_text(tree, NullTVB, offset, 2, "Transact Name: %s", decode_trans2_name(Setup));
9185 if (offset < (SMB_offset + ParameterOffset)) {
9187 int pad1Count = SMB_offset + ParameterOffset - offset;
9189 /* Build display for: Pad1 */
9193 proto_tree_add_text(tree, NullTVB, offset, pad1Count, "Pad1: %s", format_text(pd + offset, pad1Count));
9196 offset += pad1Count; /* Skip Pad1 */
9200 if (ParameterCount > 0) {
9202 /* Build display for: Parameters */
9206 proto_tree_add_text(tree, NullTVB, SMB_offset + ParameterOffset, ParameterCount, "Parameters: %s", format_text(pd + SMB_offset + ParameterOffset, ParameterCount));
9210 offset += ParameterCount; /* Skip Parameters */
9214 if (DataCount > 0 && offset < (SMB_offset + DataOffset)) {
9216 int pad2Count = SMB_offset + DataOffset - offset;
9218 /* Build display for: Pad2 */
9222 proto_tree_add_text(tree, NullTVB, offset, pad2Count, "Pad2: %s", format_text(pd + offset, pad2Count));
9226 offset += pad2Count; /* Skip Pad2 */
9230 if (DataCount > 0) {
9232 /* Build display for: Data */
9234 Data = GBYTE(pd, offset);
9238 proto_tree_add_text(tree, NullTVB, SMB_offset + DataOffset, DataCount, "Data: %s", format_text(&pd[offset], DataCount));
9242 offset += DataCount; /* Skip Data */
9247 if (dirn == 0) { /* Response(s) dissect code */
9249 /* Pick up the last transact2 command and put it in the right places */
9251 if (check_col(fd, COL_INFO)) {
9253 col_add_fstr(fd, COL_INFO, "%s %s", decode_trans2_name(request_val -> last_transact2_command), "response");
9257 /* Build display for: Word Count (WCT) */
9259 WordCount = GBYTE(pd, offset);
9263 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
9267 offset += 1; /* Skip Word Count (WCT) */
9269 /* Build display for: Total Parameter Count */
9271 TotalParameterCount = GSHORT(pd, offset);
9275 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
9279 offset += 2; /* Skip Total Parameter Count */
9281 /* Build display for: Total Data Count */
9283 TotalDataCount = GSHORT(pd, offset);
9287 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Data Count: %u", TotalDataCount);
9291 offset += 2; /* Skip Total Data Count */
9293 /* Build display for: Reserved2 */
9295 Reserved2 = GSHORT(pd, offset);
9299 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved2: %u", Reserved2);
9303 offset += 2; /* Skip Reserved2 */
9305 /* Build display for: Parameter Count */
9307 ParameterCount = GSHORT(pd, offset);
9311 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Count: %u", ParameterCount);
9315 offset += 2; /* Skip Parameter Count */
9317 /* Build display for: Parameter Offset */
9319 ParameterOffset = GSHORT(pd, offset);
9323 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Offset: %u", ParameterOffset);
9327 offset += 2; /* Skip Parameter Offset */
9329 /* Build display for: Parameter Displacement */
9331 ParameterDisplacement = GSHORT(pd, offset);
9335 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Displacement: %u", ParameterDisplacement);
9339 offset += 2; /* Skip Parameter Displacement */
9341 /* Build display for: Data Count */
9343 DataCount = GSHORT(pd, offset);
9347 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Count: %u", DataCount);
9351 offset += 2; /* Skip Data Count */
9353 /* Build display for: Data Offset */
9355 DataOffset = GSHORT(pd, offset);
9359 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
9363 offset += 2; /* Skip Data Offset */
9365 /* Build display for: Data Displacement */
9367 DataDisplacement = GSHORT(pd, offset);
9371 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Displacement: %u", DataDisplacement);
9375 offset += 2; /* Skip Data Displacement */
9377 /* Build display for: Setup Count */
9379 SetupCount = GBYTE(pd, offset);
9383 proto_tree_add_text(tree, NullTVB, offset, 1, "Setup Count: %u", SetupCount);
9387 offset += 1; /* Skip Setup Count */
9389 /* Build display for: Reserved3 */
9391 Reserved3 = GBYTE(pd, offset);
9395 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved3: %u", Reserved3);
9399 offset += 1; /* Skip Reserved3 */
9401 if (SetupCount > 0) {
9405 Setup = GSHORT(pd, offset);
9407 for (i = 1; i <= SetupCount; i++) {
9409 Setup = GSHORT(pd, offset);
9413 proto_tree_add_text(tree, NullTVB, offset, 2, "Setup%i: %u", i, Setup);
9417 offset += 2; /* Skip Setup */
9422 /* Build display for: Byte Count (BCC) */
9424 ByteCount = GSHORT(pd, offset);
9428 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
9432 offset += 2; /* Skip Byte Count (BCC) */
9434 if (offset < (SMB_offset + ParameterOffset)) {
9436 int pad1Count = SMB_offset + ParameterOffset - offset;
9438 /* Build display for: Pad1 */
9442 proto_tree_add_text(tree, NullTVB, offset, pad1Count, "Pad1: %s", format_text(pd + offset, pad1Count));
9445 offset += pad1Count; /* Skip Pad1 */
9449 /* Build display for: Parameter */
9451 if (ParameterCount > 0) {
9455 proto_tree_add_text(tree, NullTVB, offset, ParameterCount, "Parameter: %s", format_text(pd + SMB_offset + ParameterOffset, ParameterCount));
9459 offset += ParameterCount; /* Skip Parameter */
9463 if (DataCount > 0 && offset < (SMB_offset + DataOffset)) {
9465 int pad2Count = SMB_offset + DataOffset - offset;
9467 /* Build display for: Pad2 */
9471 proto_tree_add_text(tree, NullTVB, offset, pad2Count, "Pad2: %s", format_text(pd + offset, pad2Count));
9475 offset += pad2Count; /* Skip Pad2 */
9479 /* Build display for: Data */
9481 if (DataCount > 0) {
9485 proto_tree_add_text(tree, NullTVB, offset, DataCount, "Data: %s", format_text(pd + SMB_offset + DataOffset, DataCount));
9489 offset += DataCount; /* Skip Data */
9499 dissect_transact_params(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn, int DataOffset, int DataCount, int ParameterOffset, int ParameterCount, int SetupAreaOffset, int SetupCount, const char *TransactName)
9501 char *TransactNameCopy;
9502 char *trans_type = NULL, *trans_cmd, *loc_of_slash = NULL;
9509 TransactNameCopy = g_malloc(strlen(TransactName) + 1);
9511 /* Should check for error here ... */
9513 strcpy(TransactNameCopy, TransactName);
9514 if (TransactNameCopy[0] == '\\') {
9515 trans_type = TransactNameCopy + 1; /* Skip the slash */
9516 loc_of_slash = strchr(trans_type, '\\');
9520 index = loc_of_slash - trans_type; /* Make it a real index */
9521 trans_cmd = trans_type + index + 1;
9522 trans_type[index] = '\0';
9527 if ((trans_cmd == NULL) ||
9528 (((strcmp(trans_type, "MAILSLOT") != 0) ||
9529 !dissect_mailslot_smb(pd, SetupAreaOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, trans_cmd, SMB_offset + DataOffset, DataCount, SMB_offset + ParameterOffset, ParameterCount)) &&
9530 ((strcmp(trans_type, "PIPE") != 0) ||
9531 !dissect_pipe_smb(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, trans_cmd, DataOffset, DataCount, ParameterOffset, ParameterCount)))) {
9533 if (ParameterCount > 0) {
9535 /* Build display for: Parameters */
9539 proto_tree_add_text(tree, NullTVB, SMB_offset + ParameterOffset, ParameterCount, "Parameters: %s", format_text(pd + SMB_offset + ParameterOffset, ParameterCount));
9543 offset = SMB_offset + ParameterOffset + ParameterCount; /* Skip Parameters */
9547 if (DataCount > 0 && offset < (SMB_offset + DataOffset)) {
9549 int pad2Count = SMB_offset + DataOffset - offset;
9551 /* Build display for: Pad2 */
9555 proto_tree_add_text(tree, NullTVB, offset, pad2Count, "Pad2: %s", format_text(pd + offset, pad2Count));
9559 offset += pad2Count; /* Skip Pad2 */
9563 if (DataCount > 0) {
9565 /* Build display for: Data */
9567 Data = pd + SMB_offset + DataOffset;
9571 proto_tree_add_text(tree, NullTVB, SMB_offset + DataOffset, DataCount, "Data: %s", format_text(pd + SMB_offset + DataOffset, DataCount));
9575 offset += DataCount; /* Skip Data */
9583 dissect_transact_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
9586 proto_tree *Flags_tree;
9592 guint8 MaxSetupCount;
9594 guint16 TotalParameterCount;
9595 guint16 TotalDataCount;
9598 guint16 ParameterOffset;
9599 guint16 ParameterDisplacement;
9600 guint16 ParameterCount;
9601 guint16 MaxParameterCount;
9602 guint16 MaxDataCount;
9605 guint16 DataDisplacement;
9609 const char *TransactName;
9610 conversation_t *conversation;
9611 struct smb_request_key request_key, *new_request_key;
9612 struct smb_request_val *request_val;
9614 guint16 SetupAreaOffset;
9618 * Find out what conversation this packet is part of
9621 conversation = find_conversation(&pi.src, &pi.dst, pi.ptype,
9622 pi.srcport, pi.destport);
9624 if (conversation == NULL) { /* Create a new conversation */
9626 conversation = conversation_new(&pi.src, &pi.dst, pi.ptype,
9627 pi.srcport, pi.destport, NULL);
9631 si.conversation = conversation; /* Save this */
9634 * Check for and insert entry in request hash table if does not exist
9636 request_key.conversation = conversation->index;
9637 request_key.mid = si.mid;
9639 request_val = (struct smb_request_val *) g_hash_table_lookup(smb_request_hash, &request_key);
9641 if (!request_val) { /* Create one */
9643 new_request_key = g_mem_chunk_alloc(smb_request_keys);
9644 new_request_key -> conversation = conversation -> index;
9645 new_request_key -> mid = si.mid;
9647 request_val = g_mem_chunk_alloc(smb_request_vals);
9648 request_val -> mid = si.mid;
9649 request_val -> last_transact_command = NULL;
9650 request_val -> last_param_descrip = NULL;
9651 request_val -> last_data_descrip = NULL;
9653 g_hash_table_insert(smb_request_hash, new_request_key, request_val);
9657 si.request_val = request_val; /* Save this for later */
9659 if (dirn == 1) { /* Request(s) dissect code */
9661 /* Build display for: Word Count (WCT) */
9663 WordCount = GBYTE(pd, offset);
9667 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
9671 offset += 1; /* Skip Word Count (WCT) */
9673 /* Build display for: Total Parameter Count */
9675 TotalParameterCount = GSHORT(pd, offset);
9679 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
9683 offset += 2; /* Skip Total Parameter Count */
9685 /* Build display for: Total Data Count */
9687 TotalDataCount = GSHORT(pd, offset);
9691 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Data Count: %u", TotalDataCount);
9695 offset += 2; /* Skip Total Data Count */
9697 /* Build display for: Max Parameter Count */
9699 MaxParameterCount = GSHORT(pd, offset);
9703 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Parameter Count: %u", MaxParameterCount);
9707 offset += 2; /* Skip Max Parameter Count */
9709 /* Build display for: Max Data Count */
9711 MaxDataCount = GSHORT(pd, offset);
9715 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Data Count: %u", MaxDataCount);
9719 offset += 2; /* Skip Max Data Count */
9721 /* Build display for: Max Setup Count */
9723 MaxSetupCount = GBYTE(pd, offset);
9727 proto_tree_add_text(tree, NullTVB, offset, 1, "Max Setup Count: %u", MaxSetupCount);
9731 offset += 1; /* Skip Max Setup Count */
9733 /* Build display for: Reserved1 */
9735 Reserved1 = GBYTE(pd, offset);
9739 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved1: %u", Reserved1);
9743 offset += 1; /* Skip Reserved1 */
9745 /* Build display for: Flags */
9747 Flags = GSHORT(pd, offset);
9751 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Flags: 0x%02x", Flags);
9752 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
9753 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
9754 decode_boolean_bitfield(Flags, 0x01, 16, "Also disconnect TID", "Dont disconnect TID"));
9755 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
9756 decode_boolean_bitfield(Flags, 0x02, 16, "One way transaction", "Two way transaction"));
9760 offset += 2; /* Skip Flags */
9762 /* Build display for: Timeout */
9764 Timeout = GWORD(pd, offset);
9768 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
9772 offset += 4; /* Skip Timeout */
9774 /* Build display for: Reserved2 */
9776 Reserved2 = GSHORT(pd, offset);
9780 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved2: %u", Reserved2);
9784 offset += 2; /* Skip Reserved2 */
9786 /* Build display for: Parameter Count */
9788 ParameterCount = GSHORT(pd, offset);
9792 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Count: %u", ParameterCount);
9796 offset += 2; /* Skip Parameter Count */
9798 /* Build display for: Parameter Offset */
9800 ParameterOffset = GSHORT(pd, offset);
9804 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Offset: %u", ParameterOffset);
9808 offset += 2; /* Skip Parameter Offset */
9810 /* Build display for: Data Count */
9812 DataCount = GSHORT(pd, offset);
9816 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Count: %u", DataCount);
9820 offset += 2; /* Skip Data Count */
9822 /* Build display for: Data Offset */
9824 DataOffset = GSHORT(pd, offset);
9828 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
9832 offset += 2; /* Skip Data Offset */
9834 /* Build display for: Setup Count */
9836 SetupCount = GBYTE(pd, offset);
9840 proto_tree_add_text(tree, NullTVB, offset, 1, "Setup Count: %u", SetupCount);
9844 offset += 1; /* Skip Setup Count */
9846 /* Build display for: Reserved3 */
9848 Reserved3 = GBYTE(pd, offset);
9852 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved3: %u", Reserved3);
9855 offset += 1; /* Skip Reserved3 */
9857 SetupAreaOffset = offset;
9859 /* Build display for: Setup */
9861 if (SetupCount > 0) {
9865 Setup = GSHORT(pd, offset);
9867 for (i = 1; i <= SetupCount; i++) {
9869 Setup = GSHORT(pd, offset);
9873 proto_tree_add_text(tree, NullTVB, offset, 2, "Setup%i: %u", i, Setup);
9877 offset += 2; /* Skip Setup */
9883 /* Build display for: Byte Count (BCC) */
9885 ByteCount = GSHORT(pd, offset);
9889 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
9893 offset += 2; /* Skip Byte Count (BCC) */
9895 /* Build display for: Transact Name */
9897 /* Watch out for Unicode names */
9901 if (offset % 2) offset++; /* Looks like a pad byte there sometimes */
9903 TransactName = unicode_to_str(pd + offset, &TNlen);
9908 TransactName = pd + offset;
9909 TNlen = strlen(TransactName) + 1;
9912 if (request_val -> last_transact_command) g_free(request_val -> last_transact_command);
9914 request_val -> last_transact_command = g_malloc(strlen(TransactName) + 1);
9916 if (request_val -> last_transact_command)
9917 strcpy(request_val -> last_transact_command, TransactName);
9919 if (check_col(fd, COL_INFO)) {
9921 col_add_fstr(fd, COL_INFO, "%s %s", TransactName, (dirn ? "Request" : "Response"));
9927 proto_tree_add_text(tree, NullTVB, offset, TNlen, "Transact Name: %s", TransactName);
9931 offset += TNlen; /* Skip Transact Name */
9932 if (si.unicode) offset += 2; /* There are two more extraneous bytes there*/
9934 if (offset < (SMB_offset + ParameterOffset)) {
9936 int pad1Count = SMB_offset + ParameterOffset - offset;
9938 /* Build display for: Pad1 */
9942 proto_tree_add_text(tree, NullTVB, offset, pad1Count, "Pad1: %s", format_text(pd + offset, pad1Count));
9945 offset += pad1Count; /* Skip Pad1 */
9949 /* Let's see if we can decode this */
9951 dissect_transact_params(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, DataOffset, DataCount, ParameterOffset, ParameterCount, SetupAreaOffset, SetupCount, TransactName);
9955 if (dirn == 0) { /* Response(s) dissect code */
9957 if (check_col(fd, COL_INFO)) {
9958 if ( request_val -> last_transact_command )
9959 col_add_fstr(fd, COL_INFO, "%s %s", request_val -> last_transact_command, "Response");
9960 else col_add_fstr(fd, COL_INFO, "Response to unknown message");
9964 /* Build display for: Word Count (WCT) */
9966 WordCount = GBYTE(pd, offset);
9970 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
9974 offset += 1; /* Skip Word Count (WCT) */
9976 /* Build display for: Total Parameter Count */
9978 TotalParameterCount = GSHORT(pd, offset);
9982 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
9986 offset += 2; /* Skip Total Parameter Count */
9988 /* Build display for: Total Data Count */
9990 TotalDataCount = GSHORT(pd, offset);
9994 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Data Count: %u", TotalDataCount);
9998 offset += 2; /* Skip Total Data Count */
10000 /* Build display for: Reserved2 */
10002 Reserved2 = GSHORT(pd, offset);
10006 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved2: %u", Reserved2);
10010 offset += 2; /* Skip Reserved2 */
10012 /* Build display for: Parameter Count */
10014 ParameterCount = GSHORT(pd, offset);
10018 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Count: %u", ParameterCount);
10022 offset += 2; /* Skip Parameter Count */
10024 /* Build display for: Parameter Offset */
10026 ParameterOffset = GSHORT(pd, offset);
10030 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Offset: %u", ParameterOffset);
10034 offset += 2; /* Skip Parameter Offset */
10036 /* Build display for: Parameter Displacement */
10038 ParameterDisplacement = GSHORT(pd, offset);
10042 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Displacement: %u", ParameterDisplacement);
10046 offset += 2; /* Skip Parameter Displacement */
10048 /* Build display for: Data Count */
10050 DataCount = GSHORT(pd, offset);
10054 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Count: %u", DataCount);
10058 offset += 2; /* Skip Data Count */
10060 /* Build display for: Data Offset */
10062 DataOffset = GSHORT(pd, offset);
10066 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
10070 offset += 2; /* Skip Data Offset */
10072 /* Build display for: Data Displacement */
10074 DataDisplacement = GSHORT(pd, offset);
10078 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Displacement: %u", DataDisplacement);
10082 offset += 2; /* Skip Data Displacement */
10084 /* Build display for: Setup Count */
10086 SetupCount = GBYTE(pd, offset);
10090 proto_tree_add_text(tree, NullTVB, offset, 1, "Setup Count: %u", SetupCount);
10094 offset += 1; /* Skip Setup Count */
10097 /* Build display for: Reserved3 */
10099 Reserved3 = GBYTE(pd, offset);
10103 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved3: %u", Reserved3);
10108 offset += 1; /* Skip Reserved3 */
10110 SetupAreaOffset = offset;
10112 /* Build display for: Setup */
10114 if (SetupCount > 0) {
10116 int i = SetupCount;
10118 Setup = GSHORT(pd, offset);
10120 for (i = 1; i <= SetupCount; i++) {
10122 Setup = GSHORT(pd, offset);
10126 proto_tree_add_text(tree, NullTVB, offset, 2, "Setup%i: %u", i, Setup);
10130 offset += 2; /* Skip Setup */
10136 /* Build display for: Byte Count (BCC) */
10138 ByteCount = GSHORT(pd, offset);
10142 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
10146 offset += 2; /* Skip Byte Count (BCC) */
10148 /* Build display for: Pad1 */
10150 if (offset < (SMB_offset + ParameterOffset)) {
10152 int pad1Count = SMB_offset + ParameterOffset - offset;
10154 /* Build display for: Pad1 */
10158 proto_tree_add_text(tree, NullTVB, offset, pad1Count, "Pad1: %s", format_text(pd + offset, pad1Count));
10161 offset += pad1Count; /* Skip Pad1 */
10165 dissect_transact_params(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, DataOffset, DataCount, ParameterOffset, ParameterCount, SetupAreaOffset, SetupCount, si.request_val -> last_transact_command);
10175 void (*dissect[256])(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info, int, int, int, int) = {
10177 dissect_createdir_smb, /* unknown SMB 0x00 */
10178 dissect_deletedir_smb, /* unknown SMB 0x01 */
10179 dissect_unknown_smb, /* SMBopen open a file */
10180 dissect_create_file_smb, /* SMBcreate create a file */
10181 dissect_close_smb, /* SMBclose close a file */
10182 dissect_flush_file_smb, /* SMBflush flush a file */
10183 dissect_delete_file_smb, /* SMBunlink delete a file */
10184 dissect_rename_file_smb, /* SMBmv rename a file */
10185 dissect_get_file_attr_smb,/* SMBgetatr get file attributes */
10186 dissect_set_file_attr_smb,/* SMBsetatr set file attributes */
10187 dissect_read_file_smb, /* SMBread read from a file */
10188 dissect_write_file_smb, /* SMBwrite write to a file */
10189 dissect_lock_bytes_smb, /* SMBlock lock a byte range */
10190 dissect_unlock_bytes_smb, /* SMBunlock unlock a byte range */
10191 dissect_create_temporary_file_smb,/* SMBctemp create a temporary file */
10192 dissect_unknown_smb, /* SMBmknew make a new file */
10193 dissect_checkdir_smb, /* SMBchkpth check a directory path */
10194 dissect_process_exit_smb, /* SMBexit process exit */
10195 dissect_unknown_smb, /* SMBlseek seek */
10196 dissect_lock_and_read_smb,/* SMBlockread Lock a range and read it */
10197 dissect_write_and_unlock_smb,/* SMBwriteunlock Unlock a range and then write */
10198 dissect_unknown_smb, /* unknown SMB 0x15 */
10199 dissect_unknown_smb, /* unknown SMB 0x16 */
10200 dissect_unknown_smb, /* unknown SMB 0x17 */
10201 dissect_unknown_smb, /* unknown SMB 0x18 */
10202 dissect_unknown_smb, /* unknown SMB 0x19 */
10203 dissect_read_raw_smb, /* SMBreadBraw read block raw */
10204 dissect_read_mpx_smb, /* SMBreadBmpx read block multiplexed */
10205 dissect_unknown_smb, /* SMBreadBs read block (secondary response) */
10206 dissect_write_raw_smb, /* SMBwriteBraw write block raw */
10207 dissect_write_mpx_smb, /* SMBwriteBmpx write block multiplexed */
10208 dissect_unknown_smb, /* SMBwriteBs write block (secondary request) */
10209 dissect_unknown_smb, /* SMBwriteC write complete response */
10210 dissect_unknown_smb, /* unknown SMB 0x21 */
10211 dissect_set_info2_smb, /* SMBsetattrE set file attributes expanded */
10212 dissect_query_info2_smb, /* SMBgetattrE get file attributes expanded */
10213 dissect_locking_andx_smb, /* SMBlockingX lock/unlock byte ranges and X */
10214 dissect_transact_smb, /* SMBtrans transaction - name, bytes in/out */
10215 dissect_unknown_smb, /* SMBtranss transaction (secondary request/response) */
10216 dissect_unknown_smb, /* SMBioctl IOCTL */
10217 dissect_unknown_smb, /* SMBioctls IOCTL (secondary request/response) */
10218 dissect_unknown_smb, /* SMBcopy copy */
10219 dissect_move_smb, /* SMBmove move */
10220 dissect_unknown_smb, /* SMBecho echo */
10221 dissect_unknown_smb, /* SMBwriteclose write a file and then close it */
10222 dissect_open_andx_smb, /* SMBopenX open and X */
10223 dissect_read_andx_smb, /* SMBreadX read and X */
10224 dissect_unknown_smb, /* SMBwriteX write and X */
10225 dissect_unknown_smb, /* unknown SMB 0x30 */
10226 dissect_unknown_smb, /* unknown SMB 0x31 */
10227 dissect_transact2_smb, /* unknown SMB 0x32 */
10228 dissect_unknown_smb, /* unknown SMB 0x33 */
10229 dissect_find_close2_smb, /* unknown SMB 0x34 */
10230 dissect_unknown_smb, /* unknown SMB 0x35 */
10231 dissect_unknown_smb, /* unknown SMB 0x36 */
10232 dissect_unknown_smb, /* unknown SMB 0x37 */
10233 dissect_unknown_smb, /* unknown SMB 0x38 */
10234 dissect_unknown_smb, /* unknown SMB 0x39 */
10235 dissect_unknown_smb, /* unknown SMB 0x3a */
10236 dissect_unknown_smb, /* unknown SMB 0x3b */
10237 dissect_unknown_smb, /* unknown SMB 0x3c */
10238 dissect_unknown_smb, /* unknown SMB 0x3d */
10239 dissect_unknown_smb, /* unknown SMB 0x3e */
10240 dissect_unknown_smb, /* unknown SMB 0x3f */
10241 dissect_unknown_smb, /* unknown SMB 0x40 */
10242 dissect_unknown_smb, /* unknown SMB 0x41 */
10243 dissect_unknown_smb, /* unknown SMB 0x42 */
10244 dissect_unknown_smb, /* unknown SMB 0x43 */
10245 dissect_unknown_smb, /* unknown SMB 0x44 */
10246 dissect_unknown_smb, /* unknown SMB 0x45 */
10247 dissect_unknown_smb, /* unknown SMB 0x46 */
10248 dissect_unknown_smb, /* unknown SMB 0x47 */
10249 dissect_unknown_smb, /* unknown SMB 0x48 */
10250 dissect_unknown_smb, /* unknown SMB 0x49 */
10251 dissect_unknown_smb, /* unknown SMB 0x4a */
10252 dissect_unknown_smb, /* unknown SMB 0x4b */
10253 dissect_unknown_smb, /* unknown SMB 0x4c */
10254 dissect_unknown_smb, /* unknown SMB 0x4d */
10255 dissect_unknown_smb, /* unknown SMB 0x4e */
10256 dissect_unknown_smb, /* unknown SMB 0x4f */
10257 dissect_unknown_smb, /* unknown SMB 0x50 */
10258 dissect_unknown_smb, /* unknown SMB 0x51 */
10259 dissect_unknown_smb, /* unknown SMB 0x52 */
10260 dissect_unknown_smb, /* unknown SMB 0x53 */
10261 dissect_unknown_smb, /* unknown SMB 0x54 */
10262 dissect_unknown_smb, /* unknown SMB 0x55 */
10263 dissect_unknown_smb, /* unknown SMB 0x56 */
10264 dissect_unknown_smb, /* unknown SMB 0x57 */
10265 dissect_unknown_smb, /* unknown SMB 0x58 */
10266 dissect_unknown_smb, /* unknown SMB 0x59 */
10267 dissect_unknown_smb, /* unknown SMB 0x5a */
10268 dissect_unknown_smb, /* unknown SMB 0x5b */
10269 dissect_unknown_smb, /* unknown SMB 0x5c */
10270 dissect_unknown_smb, /* unknown SMB 0x5d */
10271 dissect_unknown_smb, /* unknown SMB 0x5e */
10272 dissect_unknown_smb, /* unknown SMB 0x5f */
10273 dissect_unknown_smb, /* unknown SMB 0x60 */
10274 dissect_unknown_smb, /* unknown SMB 0x61 */
10275 dissect_unknown_smb, /* unknown SMB 0x62 */
10276 dissect_unknown_smb, /* unknown SMB 0x63 */
10277 dissect_unknown_smb, /* unknown SMB 0x64 */
10278 dissect_unknown_smb, /* unknown SMB 0x65 */
10279 dissect_unknown_smb, /* unknown SMB 0x66 */
10280 dissect_unknown_smb, /* unknown SMB 0x67 */
10281 dissect_unknown_smb, /* unknown SMB 0x68 */
10282 dissect_unknown_smb, /* unknown SMB 0x69 */
10283 dissect_unknown_smb, /* unknown SMB 0x6a */
10284 dissect_unknown_smb, /* unknown SMB 0x6b */
10285 dissect_unknown_smb, /* unknown SMB 0x6c */
10286 dissect_unknown_smb, /* unknown SMB 0x6d */
10287 dissect_unknown_smb, /* unknown SMB 0x6e */
10288 dissect_unknown_smb, /* unknown SMB 0x6f */
10289 dissect_treecon_smb, /* SMBtcon tree connect */
10290 dissect_tdis_smb, /* SMBtdis tree disconnect */
10291 dissect_negprot_smb, /* SMBnegprot negotiate a protocol */
10292 dissect_ssetup_andx_smb, /* SMBsesssetupX Session Set Up & X (including User Logon) */
10293 dissect_logoff_andx_smb, /* SMBlogof Logoff & X */
10294 dissect_tcon_andx_smb, /* SMBtconX tree connect and X */
10295 dissect_unknown_smb, /* unknown SMB 0x76 */
10296 dissect_unknown_smb, /* unknown SMB 0x77 */
10297 dissect_unknown_smb, /* unknown SMB 0x78 */
10298 dissect_unknown_smb, /* unknown SMB 0x79 */
10299 dissect_unknown_smb, /* unknown SMB 0x7a */
10300 dissect_unknown_smb, /* unknown SMB 0x7b */
10301 dissect_unknown_smb, /* unknown SMB 0x7c */
10302 dissect_unknown_smb, /* unknown SMB 0x7d */
10303 dissect_unknown_smb, /* unknown SMB 0x7e */
10304 dissect_unknown_smb, /* unknown SMB 0x7f */
10305 dissect_get_disk_attr_smb,/* SMBdskattr get disk attributes */
10306 dissect_search_dir_smb, /* SMBsearch search a directory */
10307 dissect_unknown_smb, /* SMBffirst find first */
10308 dissect_unknown_smb, /* SMBfunique find unique */
10309 dissect_unknown_smb, /* SMBfclose find close */
10310 dissect_unknown_smb, /* unknown SMB 0x85 */
10311 dissect_unknown_smb, /* unknown SMB 0x86 */
10312 dissect_unknown_smb, /* unknown SMB 0x87 */
10313 dissect_unknown_smb, /* unknown SMB 0x88 */
10314 dissect_unknown_smb, /* unknown SMB 0x89 */
10315 dissect_unknown_smb, /* unknown SMB 0x8a */
10316 dissect_unknown_smb, /* unknown SMB 0x8b */
10317 dissect_unknown_smb, /* unknown SMB 0x8c */
10318 dissect_unknown_smb, /* unknown SMB 0x8d */
10319 dissect_unknown_smb, /* unknown SMB 0x8e */
10320 dissect_unknown_smb, /* unknown SMB 0x8f */
10321 dissect_unknown_smb, /* unknown SMB 0x90 */
10322 dissect_unknown_smb, /* unknown SMB 0x91 */
10323 dissect_unknown_smb, /* unknown SMB 0x92 */
10324 dissect_unknown_smb, /* unknown SMB 0x93 */
10325 dissect_unknown_smb, /* unknown SMB 0x94 */
10326 dissect_unknown_smb, /* unknown SMB 0x95 */
10327 dissect_unknown_smb, /* unknown SMB 0x96 */
10328 dissect_unknown_smb, /* unknown SMB 0x97 */
10329 dissect_unknown_smb, /* unknown SMB 0x98 */
10330 dissect_unknown_smb, /* unknown SMB 0x99 */
10331 dissect_unknown_smb, /* unknown SMB 0x9a */
10332 dissect_unknown_smb, /* unknown SMB 0x9b */
10333 dissect_unknown_smb, /* unknown SMB 0x9c */
10334 dissect_unknown_smb, /* unknown SMB 0x9d */
10335 dissect_unknown_smb, /* unknown SMB 0x9e */
10336 dissect_unknown_smb, /* unknown SMB 0x9f */
10337 dissect_unknown_smb, /* unknown SMB 0xa0 */
10338 dissect_unknown_smb, /* unknown SMB 0xa1 */
10339 dissect_unknown_smb, /* unknown SMB 0xa2 */
10340 dissect_unknown_smb, /* unknown SMB 0xa3 */
10341 dissect_unknown_smb, /* unknown SMB 0xa4 */
10342 dissect_unknown_smb, /* unknown SMB 0xa5 */
10343 dissect_unknown_smb, /* unknown SMB 0xa6 */
10344 dissect_unknown_smb, /* unknown SMB 0xa7 */
10345 dissect_unknown_smb, /* unknown SMB 0xa8 */
10346 dissect_unknown_smb, /* unknown SMB 0xa9 */
10347 dissect_unknown_smb, /* unknown SMB 0xaa */
10348 dissect_unknown_smb, /* unknown SMB 0xab */
10349 dissect_unknown_smb, /* unknown SMB 0xac */
10350 dissect_unknown_smb, /* unknown SMB 0xad */
10351 dissect_unknown_smb, /* unknown SMB 0xae */
10352 dissect_unknown_smb, /* unknown SMB 0xaf */
10353 dissect_unknown_smb, /* unknown SMB 0xb0 */
10354 dissect_unknown_smb, /* unknown SMB 0xb1 */
10355 dissect_unknown_smb, /* unknown SMB 0xb2 */
10356 dissect_unknown_smb, /* unknown SMB 0xb3 */
10357 dissect_unknown_smb, /* unknown SMB 0xb4 */
10358 dissect_unknown_smb, /* unknown SMB 0xb5 */
10359 dissect_unknown_smb, /* unknown SMB 0xb6 */
10360 dissect_unknown_smb, /* unknown SMB 0xb7 */
10361 dissect_unknown_smb, /* unknown SMB 0xb8 */
10362 dissect_unknown_smb, /* unknown SMB 0xb9 */
10363 dissect_unknown_smb, /* unknown SMB 0xba */
10364 dissect_unknown_smb, /* unknown SMB 0xbb */
10365 dissect_unknown_smb, /* unknown SMB 0xbc */
10366 dissect_unknown_smb, /* unknown SMB 0xbd */
10367 dissect_unknown_smb, /* unknown SMB 0xbe */
10368 dissect_unknown_smb, /* unknown SMB 0xbf */
10369 dissect_unknown_smb, /* SMBsplopen open a print spool file */
10370 dissect_write_print_file_smb,/* SMBsplwr write to a print spool file */
10371 dissect_close_print_file_smb,/* SMBsplclose close a print spool file */
10372 dissect_get_print_queue_smb, /* SMBsplretq return print queue */
10373 dissect_unknown_smb, /* unknown SMB 0xc4 */
10374 dissect_unknown_smb, /* unknown SMB 0xc5 */
10375 dissect_unknown_smb, /* unknown SMB 0xc6 */
10376 dissect_unknown_smb, /* unknown SMB 0xc7 */
10377 dissect_unknown_smb, /* unknown SMB 0xc8 */
10378 dissect_unknown_smb, /* unknown SMB 0xc9 */
10379 dissect_unknown_smb, /* unknown SMB 0xca */
10380 dissect_unknown_smb, /* unknown SMB 0xcb */
10381 dissect_unknown_smb, /* unknown SMB 0xcc */
10382 dissect_unknown_smb, /* unknown SMB 0xcd */
10383 dissect_unknown_smb, /* unknown SMB 0xce */
10384 dissect_unknown_smb, /* unknown SMB 0xcf */
10385 dissect_unknown_smb, /* SMBsends send a single block message */
10386 dissect_unknown_smb, /* SMBsendb send a broadcast message */
10387 dissect_unknown_smb, /* SMBfwdname forward user name */
10388 dissect_unknown_smb, /* SMBcancelf cancel forward */
10389 dissect_unknown_smb, /* SMBgetmac get a machine name */
10390 dissect_unknown_smb, /* SMBsendstrt send start of multi-block message */
10391 dissect_unknown_smb, /* SMBsendend send end of multi-block message */
10392 dissect_unknown_smb, /* SMBsendtxt send text of multi-block message */
10393 dissect_unknown_smb, /* unknown SMB 0xd8 */
10394 dissect_unknown_smb, /* unknown SMB 0xd9 */
10395 dissect_unknown_smb, /* unknown SMB 0xda */
10396 dissect_unknown_smb, /* unknown SMB 0xdb */
10397 dissect_unknown_smb, /* unknown SMB 0xdc */
10398 dissect_unknown_smb, /* unknown SMB 0xdd */
10399 dissect_unknown_smb, /* unknown SMB 0xde */
10400 dissect_unknown_smb, /* unknown SMB 0xdf */
10401 dissect_unknown_smb, /* unknown SMB 0xe0 */
10402 dissect_unknown_smb, /* unknown SMB 0xe1 */
10403 dissect_unknown_smb, /* unknown SMB 0xe2 */
10404 dissect_unknown_smb, /* unknown SMB 0xe3 */
10405 dissect_unknown_smb, /* unknown SMB 0xe4 */
10406 dissect_unknown_smb, /* unknown SMB 0xe5 */
10407 dissect_unknown_smb, /* unknown SMB 0xe6 */
10408 dissect_unknown_smb, /* unknown SMB 0xe7 */
10409 dissect_unknown_smb, /* unknown SMB 0xe8 */
10410 dissect_unknown_smb, /* unknown SMB 0xe9 */
10411 dissect_unknown_smb, /* unknown SMB 0xea */
10412 dissect_unknown_smb, /* unknown SMB 0xeb */
10413 dissect_unknown_smb, /* unknown SMB 0xec */
10414 dissect_unknown_smb, /* unknown SMB 0xed */
10415 dissect_unknown_smb, /* unknown SMB 0xee */
10416 dissect_unknown_smb, /* unknown SMB 0xef */
10417 dissect_unknown_smb, /* unknown SMB 0xf0 */
10418 dissect_unknown_smb, /* unknown SMB 0xf1 */
10419 dissect_unknown_smb, /* unknown SMB 0xf2 */
10420 dissect_unknown_smb, /* unknown SMB 0xf3 */
10421 dissect_unknown_smb, /* unknown SMB 0xf4 */
10422 dissect_unknown_smb, /* unknown SMB 0xf5 */
10423 dissect_unknown_smb, /* unknown SMB 0xf6 */
10424 dissect_unknown_smb, /* unknown SMB 0xf7 */
10425 dissect_unknown_smb, /* unknown SMB 0xf8 */
10426 dissect_unknown_smb, /* unknown SMB 0xf9 */
10427 dissect_unknown_smb, /* unknown SMB 0xfa */
10428 dissect_unknown_smb, /* unknown SMB 0xfb */
10429 dissect_unknown_smb, /* unknown SMB 0xfc */
10430 dissect_unknown_smb, /* unknown SMB 0xfd */
10431 dissect_unknown_smb, /* SMBinvalid invalid command */
10432 dissect_unknown_smb /* unknown SMB 0xff */
10436 static const value_string errcls_types[] = {
10437 { SMB_SUCCESS, "Success"},
10438 { SMB_ERRDOS, "DOS Error"},
10439 { SMB_ERRSRV, "Server Error"},
10440 { SMB_ERRHRD, "Hardware Error"},
10441 { SMB_ERRCMD, "Command Error - Not an SMB format command"},
10445 char *decode_smb_name(unsigned char cmd)
10448 return(SMB_names[cmd]);
10452 static const value_string DOS_errors[] = {
10453 {SMBE_badfunc, "Invalid function (or system call)"},
10454 {SMBE_badfile, "File not found (pathname error)"},
10455 {SMBE_badpath, "Directory not found"},
10456 {SMBE_nofids, "Too many open files"},
10457 {SMBE_noaccess, "Access denied"},
10458 {SMBE_badfid, "Invalid fid"},
10459 {SMBE_nomem, "Out of memory"},
10460 {SMBE_badmem, "Invalid memory block address"},
10461 {SMBE_badenv, "Invalid environment"},
10462 {SMBE_badaccess, "Invalid open mode"},
10463 {SMBE_baddata, "Invalid data (only from ioctl call)"},
10464 {SMBE_res, "Reserved error code?"},
10465 {SMBE_baddrive, "Invalid drive"},
10466 {SMBE_remcd, "Attempt to delete current directory"},
10467 {SMBE_diffdevice, "Rename/move across different filesystems"},
10468 {SMBE_nofiles, "no more files found in file search"},
10469 {SMBE_badshare, "Share mode on file conflict with open mode"},
10470 {SMBE_lock, "Lock request conflicts with existing lock"},
10471 {SMBE_unsup, "Request unsupported, returned by Win 95"},
10472 {SMBE_filexists, "File in operation already exists"},
10473 {SMBE_cannotopen, "Cannot open the file specified"},
10474 {SMBE_unknownlevel, "Unknown level??"},
10475 {SMBE_badpipe, "Named pipe invalid"},
10476 {SMBE_pipebusy, "All instances of pipe are busy"},
10477 {SMBE_pipeclosing, "Named pipe close in progress"},
10478 {SMBE_notconnected, "No process on other end of named pipe"},
10479 {SMBE_moredata, "More data to be returned"},
10480 {SMBE_baddirectory, "Invalid directory name in a path."},
10481 {SMBE_eas_didnt_fit, "Extended attributes didn't fit"},
10482 {SMBE_eas_nsup, "Extended attributes not supported"},
10483 {SMBE_notify_buf_small, "Buffer too small to return change notify."},
10484 {SMBE_unknownipc, "Unknown IPC Operation"},
10485 {SMBE_noipc, "Don't support ipc"},
10489 /* Error codes for the ERRSRV class */
10491 static const value_string SRV_errors[] = {
10492 {SMBE_error, "Non specific error code"},
10493 {SMBE_badpw, "Bad password"},
10494 {SMBE_badtype, "Reserved"},
10495 {SMBE_access, "No permissions to perform the requested operation"},
10496 {SMBE_invnid, "TID invalid"},
10497 {SMBE_invnetname, "Invalid network name. Service not found"},
10498 {SMBE_invdevice, "Invalid device"},
10499 {SMBE_unknownsmb, "Unknown SMB, from NT 3.5 response"},
10500 {SMBE_qfull, "Print queue full"},
10501 {SMBE_qtoobig, "Queued item too big"},
10502 {SMBE_qeof, "EOF on print queue dump"},
10503 {SMBE_invpfid, "Invalid print file in smb_fid"},
10504 {SMBE_smbcmd, "Unrecognised command"},
10505 {SMBE_srverror, "SMB server internal error"},
10506 {SMBE_filespecs, "Fid and pathname invalid combination"},
10507 {SMBE_badlink, "Bad link in request ???"},
10508 {SMBE_badpermits, "Access specified for a file is not valid"},
10509 {SMBE_badpid, "Bad process id in request"},
10510 {SMBE_setattrmode, "Attribute mode invalid"},
10511 {SMBE_paused, "Message server paused"},
10512 {SMBE_msgoff, "Not receiving messages"},
10513 {SMBE_noroom, "No room for message"},
10514 {SMBE_rmuns, "Too many remote usernames"},
10515 {SMBE_timeout, "Operation timed out"},
10516 {SMBE_noresource, "No resources currently available for request."},
10517 {SMBE_toomanyuids, "Too many userids"},
10518 {SMBE_baduid, "Bad userid"},
10519 {SMBE_useMPX, "Temporarily unable to use raw mode, use MPX mode"},
10520 {SMBE_useSTD, "Temporarily unable to use raw mode, use standard mode"},
10521 {SMBE_contMPX, "Resume MPX mode"},
10522 {SMBE_badPW, "Bad Password???"},
10523 {SMBE_nosupport, "Operation not supported"},
10527 /* Error codes for the ERRHRD class */
10529 static const value_string HRD_errors[] = {
10530 {SMBE_nowrite, "read only media"},
10531 {SMBE_badunit, "Unknown device"},
10532 {SMBE_notready, "Drive not ready"},
10533 {SMBE_badcmd, "Unknown command"},
10534 {SMBE_data, "Data (CRC) error"},
10535 {SMBE_badreq, "Bad request structure length"},
10536 {SMBE_seek, "Seek error???"},
10537 {SMBE_badmedia, "Bad media???"},
10538 {SMBE_badsector, "Bad sector???"},
10539 {SMBE_nopaper, "No paper in printer???"},
10540 {SMBE_write, "Write error???"},
10541 {SMBE_read, "Read error???"},
10542 {SMBE_general, "General error???"},
10543 {SMBE_badshare, "A open conflicts with an existing open"},
10544 {SMBE_lock, "Lock/unlock error"},
10545 {SMBE_wrongdisk, "Wrong disk???"},
10546 {SMBE_FCBunavail, "FCB unavailable???"},
10547 {SMBE_sharebufexc, "Share buffer excluded???"},
10548 {SMBE_diskfull, "Disk full???"},
10552 char *decode_smb_error(guint8 errcls, guint16 errcode)
10559 return("No Error"); /* No error ??? */
10564 return(val_to_str(errcode, DOS_errors, "Unknown DOS error (%x)"));
10569 return(val_to_str(errcode, SRV_errors, "Unknown SRV error (%x)"));
10574 return(val_to_str(errcode, HRD_errors, "Unknown HRD error (%x)"));
10579 return("Unknown error class!");
10585 #define SMB_FLAGS_DIRN 0x80
10588 dissect_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data)
10590 proto_tree *smb_tree = tree, *flags_tree, *flags2_tree;
10591 proto_item *ti, *tf;
10592 guint8 cmd, errcls, errcode1, flags;
10593 guint16 flags2, errcode, tid, pid, uid, mid;
10595 int SMB_offset = offset;
10596 struct smb_info si;
10598 OLD_CHECK_DISPLAY_AS_DATA(proto_smb, pd, offset, fd, tree);
10602 cmd = pd[offset + SMB_hdr_com_offset];
10604 if (check_col(fd, COL_PROTOCOL))
10605 col_add_str(fd, COL_PROTOCOL, "SMB");
10607 /* Hmmm, poor coding here ... Also, should check the type */
10609 if (check_col(fd, COL_INFO)) {
10611 col_add_fstr(fd, COL_INFO, "%s %s", decode_smb_name(cmd), (pi.match_port == pi.destport)? "Request" : "Response");
10617 ti = proto_tree_add_item(tree, proto_smb, NullTVB, offset, END_OF_FRAME, FALSE);
10618 smb_tree = proto_item_add_subtree(ti, ett_smb);
10620 /* 0xFFSMB is actually a 1 byte msg type and 3 byte server
10621 * component ... SMB is only one used
10624 proto_tree_add_text(smb_tree, NullTVB, offset, 1, "Message Type: 0xFF");
10625 proto_tree_add_text(smb_tree, NullTVB, offset+1, 3, "Server Component: SMB");
10629 offset += 4; /* Skip the marker */
10633 proto_tree_add_uint(smb_tree, hf_smb_cmd, NullTVB, offset, 1, cmd);
10639 /* Handle error code */
10641 if (GSHORT(pd, SMB_offset + 10) & 0x4000) {
10643 /* handle NT 32 bit error code */
10644 errcode = 0; /* better than a random number */
10645 status = GWORD(pd, offset);
10649 proto_tree_add_text(smb_tree, NullTVB, offset, 4, "Status: 0x%08x",
10658 /* handle DOS error code & class */
10660 /* Next, look at the error class, SMB_RETCLASS */
10662 errcls = pd[offset];
10666 proto_tree_add_text(smb_tree, NullTVB, offset, 1, "Error Class: %s",
10667 val_to_str((guint8)pd[offset], errcls_types, "Unknown Error Class (%x)"));
10672 /* Error code, SMB_HEINFO ... */
10674 errcode1 = pd[offset];
10678 proto_tree_add_text(smb_tree, NullTVB, offset, 1, "Reserved: %i", errcode1);
10684 errcode = GSHORT(pd, offset);
10688 proto_tree_add_text(smb_tree, NullTVB, offset, 2, "Error Code: %s",
10689 decode_smb_error(errcls, errcode));
10696 /* Now for the flags: Bit 0 = 0 means cmd, 0 = 1 means resp */
10698 flags = pd[offset];
10702 tf = proto_tree_add_text(smb_tree, NullTVB, offset, 1, "Flags: 0x%02x", flags);
10704 flags_tree = proto_item_add_subtree(tf, ett_smb_flags);
10705 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10706 decode_boolean_bitfield(flags, 0x01, 8,
10707 "Lock&Read, Write&Unlock supported",
10708 "Lock&Read, Write&Unlock not supported"));
10709 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10710 decode_boolean_bitfield(flags, 0x02, 8,
10711 "Receive buffer posted",
10712 "Receive buffer not posted"));
10713 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10714 decode_boolean_bitfield(flags, 0x08, 8,
10715 "Path names caseless",
10716 "Path names case sensitive"));
10717 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10718 decode_boolean_bitfield(flags, 0x10, 8,
10719 "Pathnames canonicalized",
10720 "Pathnames not canonicalized"));
10721 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10722 decode_boolean_bitfield(flags, 0x20, 8,
10723 "OpLocks requested/granted",
10724 "OpLocks not requested/granted"));
10725 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10726 decode_boolean_bitfield(flags, 0x40, 8,
10728 "Notify open only"));
10730 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10731 decode_boolean_bitfield(flags, SMB_FLAGS_DIRN,
10732 8, "Response to client/redirector", "Request to server"));
10738 flags2 = GSHORT(pd, offset);
10742 tf = proto_tree_add_text(smb_tree, NullTVB, offset, 2, "Flags2: 0x%04x", flags2);
10744 flags2_tree = proto_item_add_subtree(tf, ett_smb_flags2);
10745 proto_tree_add_text(flags2_tree, NullTVB, offset, 2, "%s",
10746 decode_boolean_bitfield(flags2, 0x0001, 16,
10747 "Long file names supported",
10748 "Long file names not supported"));
10749 proto_tree_add_text(flags2_tree, NullTVB, offset, 2, "%s",
10750 decode_boolean_bitfield(flags2, 0x0002, 16,
10751 "Extended attributes supported",
10752 "Extended attributes not supported"));
10753 proto_tree_add_text(flags2_tree, NullTVB, offset, 1, "%s",
10754 decode_boolean_bitfield(flags2, 0x0004, 16,
10755 "Security signatures supported",
10756 "Security signatures not supported"));
10757 proto_tree_add_text(flags2_tree, NullTVB, offset, 2, "%s",
10758 decode_boolean_bitfield(flags2, 0x0800, 16,
10759 "Extended security negotiation supported",
10760 "Extended security negotiation not supported"));
10761 proto_tree_add_text(flags2_tree, NullTVB, offset, 2, "%s",
10762 decode_boolean_bitfield(flags2, 0x1000, 16,
10763 "Resolve pathnames with DFS",
10764 "Don't resolve pathnames with DFS"));
10765 proto_tree_add_text(flags2_tree, NullTVB, offset, 2, "%s",
10766 decode_boolean_bitfield(flags2, 0x2000, 16,
10767 "Permit reads if execute-only",
10768 "Don't permit reads if execute-only"));
10769 proto_tree_add_text(flags2_tree, NullTVB, offset, 2, "%s",
10770 decode_boolean_bitfield(flags2, 0x4000, 16,
10771 "Error codes are NT error codes",
10772 "Error codes are DOS error codes"));
10773 proto_tree_add_text(flags2_tree, NullTVB, offset, 2, "%s",
10774 decode_boolean_bitfield(flags2, 0x8000, 16,
10775 "Strings are Unicode",
10776 "Strings are ASCII"));
10780 if (flags2 & 0x8000) si.unicode = 1; /* Mark them as Unicode */
10786 proto_tree_add_text(smb_tree, NullTVB, offset, 12, "Reserved: 6 WORDS");
10792 /* Now the TID, tree ID */
10794 tid = GSHORT(pd, offset);
10799 proto_tree_add_text(smb_tree, NullTVB, offset, 2, "Network Path/Tree ID (TID): %i (%04x)", tid, tid);
10805 /* Now the PID, Process ID */
10807 pid = GSHORT(pd, offset);
10812 proto_tree_add_text(smb_tree, NullTVB, offset, 2, "Process ID (PID): %i (%04x)", pid, pid);
10818 /* Now the UID, User ID */
10820 uid = GSHORT(pd, offset);
10825 proto_tree_add_text(smb_tree, NullTVB, offset, 2, "User ID (UID): %i (%04x)", uid, uid);
10831 /* Now the MID, Multiplex ID */
10833 mid = GSHORT(pd, offset);
10838 proto_tree_add_text(smb_tree, NullTVB, offset, 2, "Multiplex ID (MID): %i (%04x)", mid, mid);
10844 /* Now vector through the table to dissect them */
10846 (dissect[cmd])(pd, offset, fd, tree, smb_tree, si, max_data, SMB_offset, errcode,
10847 ((flags & 0x80) == 0));
10852 /*** External routines called during the registration process */
10854 extern void register_proto_smb_browse( void);
10855 extern void register_proto_smb_logon( void);
10856 extern void register_proto_smb_mailslot( void);
10857 extern void register_proto_smb_pipe( void);
10858 extern void register_proto_smb_mailslot( void);
10862 proto_register_smb(void)
10864 static hf_register_info hf[] = {
10866 { "SMB Command", "smb.cmd",
10867 FT_UINT8, BASE_HEX, VALS(smb_cmd_vals), 0x0, "" }}
10871 static gint *ett[] = {
10873 &ett_smb_fileattributes,
10874 &ett_smb_capabilities,
10881 &ett_smb_desiredaccess,
10884 &ett_smb_openfunction,
10887 &ett_smb_writemode,
10888 &ett_smb_lock_type,
10891 proto_smb = proto_register_protocol("SMB (Server Message Block Protocol)", "smb");
10893 proto_register_subtree_array(ett, array_length(ett));
10894 proto_register_field_array(proto_smb, hf, array_length(hf));
10895 register_init_routine(&smb_init_protocol);
10897 register_proto_smb_browse();
10898 register_proto_smb_logon( );
10899 register_proto_smb_mailslot();
10900 register_proto_smb_pipe();
git.samba.org / obnox / wireshark / wip.git / blob