2 * Routines for smb packet dissection
3 * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
5 * $Id: packet-smb.c,v 1.60 2000/01/22 02:00:24 guy Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@zing.org>
9 * Copyright 1998 Gerald Combs
11 * Copied from packet-pop.c
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
34 #ifdef HAVE_SYS_TYPES_H
35 # include <sys/types.h>
38 #ifdef HAVE_NETINET_IN_H
39 # include <netinet/in.h>
47 #include "conversation.h"
49 #include "alignment.h"
51 static int proto_smb = -1;
53 static gint ett_smb = -1;
54 static gint ett_smb_fileattributes = -1;
55 static gint ett_smb_capabilities = -1;
56 static gint ett_smb_aflags = -1;
57 static gint ett_smb_dialects = -1;
58 static gint ett_smb_mode = -1;
59 static gint ett_smb_rawmode = -1;
60 static gint ett_smb_flags = -1;
61 static gint ett_smb_flags2 = -1;
62 static gint ett_smb_desiredaccess = -1;
63 static gint ett_smb_search = -1;
64 static gint ett_smb_file = -1;
65 static gint ett_smb_openfunction = -1;
66 static gint ett_smb_filetype = -1;
67 static gint ett_smb_action = -1;
68 static gint ett_smb_writemode = -1;
69 static gint ett_smb_lock_type = -1;
71 static int proto_browse = -1;
73 static gint ett_browse = -1;
74 static gint ett_browse_flags = -1;
75 static gint ett_browse_election_criteria = -1;
76 static gint ett_browse_election_os = -1;
77 static gint ett_browse_election_desire = -1;
79 static int proto_lanman = -1;
81 static gint ett_lanman = -1;
82 static gint ett_lanman_servers = -1;
83 static gint ett_lanman_server = -1;
84 static gint ett_lanman_shares = -1;
85 static gint ett_lanman_share = -1;
88 * Struct passed to each SMB decode routine of info it may need
91 char *decode_smb_name(unsigned char);
93 int smb_packet_init_count = 200;
95 struct smb_request_key {
100 struct smb_request_val {
101 guint16 last_transact2_command;
102 gchar *last_transact_command;
104 guint16 last_lanman_cmd;
105 gchar *last_param_descrip; /* Keep these descriptors around */
106 gchar *last_data_descrip;
107 guint16 trans_response_seen;
108 guint16 last_level; /* Last level in request */
112 int tid, uid, mid, pid; /* Any more? */
113 conversation_t *conversation;
114 struct smb_request_val *request_val;
118 GHashTable *smb_request_hash = NULL;
119 GMemChunk *smb_request_keys = NULL;
120 GMemChunk *smb_request_vals = NULL;
124 smb_equal(gconstpointer v, gconstpointer w)
126 struct smb_request_key *v1 = (struct smb_request_key *)v;
127 struct smb_request_key *v2 = (struct smb_request_key *)w;
129 #if defined(DEBUG_SMB_HASH)
130 printf("Comparing %08X:%u\n and %08X:%u\n",
131 v1 -> conversation, v1 -> mid,
132 v2 -> conversation, v2 -> mid);
135 if (v1 -> conversation == v2 -> conversation &&
136 v1 -> mid == v2 -> mid) {
146 smb_hash (gconstpointer v)
148 struct smb_request_key *key = (struct smb_request_key *)v;
151 val = key -> conversation + key -> mid;
153 #if defined(DEBUG_SMB_HASH)
154 printf("SMB Hash calculated as %u\n", val);
162 * Free up any state information we've saved, and re-initialize the
163 * tables of state information.
166 smb_init_protocol(void)
168 #if defined(DEBUG_SMB_HASH)
169 printf("Initializing SMB hashtable area\n");
172 if (smb_request_hash)
173 g_hash_table_destroy(smb_request_hash);
174 if (smb_request_keys)
175 g_mem_chunk_destroy(smb_request_keys);
176 if (smb_request_vals)
177 g_mem_chunk_destroy(smb_request_vals);
179 smb_request_hash = g_hash_table_new(smb_hash, smb_equal);
180 smb_request_keys = g_mem_chunk_new("smb_request_keys",
181 sizeof(struct smb_request_key),
182 smb_packet_init_count * sizeof(struct smb_request_key), G_ALLOC_AND_FREE);
183 smb_request_vals = g_mem_chunk_new("smb_request_vals",
184 sizeof(struct smb_request_val),
185 smb_packet_init_count * sizeof(struct smb_request_val), G_ALLOC_AND_FREE);
188 void (*dissect[256])(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info si, int, int, int, int);
190 char *SMB_names[256] = {
191 "SMBcreatedirectory",
192 "SMBdeletedirectory",
240 "SMBcloseandtreedisc",
242 "SMBtrans2secondary",
244 "SMBfindnotifyclose",
352 "SMBnttransactsecondary",
450 dissect_unknown_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
455 proto_tree_add_text(tree, offset, END_OF_FRAME, "Data (%u bytes)",
463 * Dissect a UNIX like date ...
466 struct tm *_gtime; /* Add leading underscore ("_") to prevent symbol
467 conflict with /usr/include/time.h on some NetBSD
471 dissect_smbu_date(guint16 date, guint16 time)
474 static char datebuf[4+2+2+2+1];
475 time_t ltime = (date << 16) + time;
477 _gtime = gmtime(<ime);
478 sprintf(datebuf, "%04d-%02d-%02d",
479 1900 + (_gtime -> tm_year), 1 + (_gtime -> tm_mon), _gtime -> tm_mday);
489 dissect_smbu_time(guint16 date, guint16 time)
492 static char timebuf[2+2+2+2+1];
494 sprintf(timebuf, "%02d:%02d:%02d",
495 _gtime -> tm_hour, _gtime -> tm_min, _gtime -> tm_sec);
502 * Dissect a DOS-format date.
505 dissect_dos_date(guint16 date)
507 static char datebuf[4+2+2+1];
509 sprintf(datebuf, "%04d-%02d-%02d",
510 ((date>>9)&0x7F) + 1980, (date>>5)&0x0F, date&0x1F);
515 * Dissect a DOS-format time.
518 dissect_dos_time(guint16 time)
520 static char timebuf[2+2+2+1];
522 sprintf(timebuf, "%02d:%02d:%02d",
523 (time>>11)&0x1F, (time>>5)&0x3F, (time&0x1F)*2);
527 /* Max string length for displaying Unicode strings. */
528 #define MAX_UNICODE_STR_LEN 256
530 /* Turn a little-endian Unicode '\0'-terminated string into a string we
532 XXX - for now, we just handle the ISO 8859-1 characters. */
534 unicode_to_str(const guint8 *us, int *us_lenp) {
535 static gchar str[3][MAX_UNICODE_STR_LEN+3+1];
542 if (cur == &str[0][0]) {
544 } else if (cur == &str[1][0]) {
550 len = MAX_UNICODE_STR_LEN;
552 while (*us != 0 || *(us + 1) != 0) {
562 /* Note that we're not showing the full string. */
573 * Each dissect routine is passed an offset to wct and works from there
577 dissect_flush_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
584 if (dirn == 1) { /* Request(s) dissect code */
586 /* Build display for: Word Count (WCT) */
588 WordCount = GBYTE(pd, offset);
592 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
596 offset += 1; /* Skip Word Count (WCT) */
598 /* Build display for: FID */
600 FID = GSHORT(pd, offset);
604 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
608 offset += 2; /* Skip FID */
610 /* Build display for: Byte Count */
612 ByteCount = GSHORT(pd, offset);
616 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
620 offset += 2; /* Skip Byte Count */
624 if (dirn == 0) { /* Response(s) dissect code */
626 /* Build display for: Word Count (WCT) */
628 WordCount = GBYTE(pd, offset);
632 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
636 offset += 1; /* Skip Word Count (WCT) */
638 /* Build display for: Byte Count (BCC) */
640 ByteCount = GSHORT(pd, offset);
644 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
648 offset += 2; /* Skip Byte Count (BCC) */
655 dissect_get_disk_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
663 guint16 BlocksPerUnit;
666 if (dirn == 1) { /* Request(s) dissect code */
668 /* Build display for: Word Count (WCT) */
670 WordCount = GBYTE(pd, offset);
674 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
678 offset += 1; /* Skip Word Count (WCT) */
680 /* Build display for: Byte Count (BCC) */
682 ByteCount = GSHORT(pd, offset);
686 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
690 offset += 2; /* Skip Byte Count (BCC) */
694 if (dirn == 0) { /* Response(s) dissect code */
696 /* Build display for: Word Count (WCT) */
698 WordCount = GBYTE(pd, offset);
702 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
706 offset += 1; /* Skip Word Count (WCT) */
710 /* Build display for: Total Units */
712 TotalUnits = GSHORT(pd, offset);
716 proto_tree_add_text(tree, offset, 2, "Total Units: %u", TotalUnits);
720 offset += 2; /* Skip Total Units */
722 /* Build display for: Blocks Per Unit */
724 BlocksPerUnit = GSHORT(pd, offset);
728 proto_tree_add_text(tree, offset, 2, "Blocks Per Unit: %u", BlocksPerUnit);
732 offset += 2; /* Skip Blocks Per Unit */
734 /* Build display for: Block Size */
736 BlockSize = GSHORT(pd, offset);
740 proto_tree_add_text(tree, offset, 2, "Block Size: %u", BlockSize);
744 offset += 2; /* Skip Block Size */
746 /* Build display for: Free Units */
748 FreeUnits = GSHORT(pd, offset);
752 proto_tree_add_text(tree, offset, 2, "Free Units: %u", FreeUnits);
756 offset += 2; /* Skip Free Units */
758 /* Build display for: Reserved */
760 Reserved = GSHORT(pd, offset);
764 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
768 offset += 2; /* Skip Reserved */
772 /* Build display for: Byte Count (BCC) */
774 ByteCount = GSHORT(pd, offset);
778 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
782 offset += 2; /* Skip Byte Count (BCC) */
789 dissect_set_file_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
792 proto_tree *Attributes_tree;
802 guint16 LastWriteTime;
803 guint16 LastWriteDate;
805 const char *FileName;
807 if (dirn == 1) { /* Request(s) dissect code */
809 /* Build display for: Word Count (WCT) */
811 WordCount = GBYTE(pd, offset);
815 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
819 offset += 1; /* Skip Word Count (WCT) */
823 /* Build display for: Attributes */
825 Attributes = GSHORT(pd, offset);
829 ti = proto_tree_add_text(tree, offset, 2, "Attributes: 0x%02x", Attributes);
830 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
831 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
832 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
833 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
834 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
835 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
836 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
837 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
838 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
839 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
840 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
841 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
842 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
846 offset += 2; /* Skip Attributes */
848 /* Build display for: Last Write Time */
850 LastWriteTime = GSHORT(pd, offset);
854 proto_tree_add_text(tree, offset, 2, "Last Write Time: %u", dissect_dos_time(LastWriteTime));
858 offset += 2; /* Skip Last Write Time */
860 /* Build display for: Last Write Date */
862 LastWriteDate = GSHORT(pd, offset);
866 proto_tree_add_text(tree, offset, 2, "Last Write Date: %u", dissect_dos_date(LastWriteDate));
870 offset += 2; /* Skip Last Write Date */
872 /* Build display for: Reserved 1 */
874 Reserved1 = GSHORT(pd, offset);
878 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
882 offset += 2; /* Skip Reserved 1 */
884 /* Build display for: Reserved 2 */
886 Reserved2 = GSHORT(pd, offset);
890 proto_tree_add_text(tree, offset, 2, "Reserved 2: %u", Reserved2);
894 offset += 2; /* Skip Reserved 2 */
896 /* Build display for: Reserved 3 */
898 Reserved3 = GSHORT(pd, offset);
902 proto_tree_add_text(tree, offset, 2, "Reserved 3: %u", Reserved3);
906 offset += 2; /* Skip Reserved 3 */
908 /* Build display for: Reserved 4 */
910 Reserved4 = GSHORT(pd, offset);
914 proto_tree_add_text(tree, offset, 2, "Reserved 4: %u", Reserved4);
918 offset += 2; /* Skip Reserved 4 */
920 /* Build display for: Reserved 5 */
922 Reserved5 = GSHORT(pd, offset);
926 proto_tree_add_text(tree, offset, 2, "Reserved 5: %u", Reserved5);
930 offset += 2; /* Skip Reserved 5 */
934 /* Build display for: Byte Count (BCC) */
936 ByteCount = GSHORT(pd, offset);
940 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
944 offset += 2; /* Skip Byte Count (BCC) */
946 /* Build display for: Buffer Format */
948 BufferFormat = GBYTE(pd, offset);
952 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
956 offset += 1; /* Skip Buffer Format */
958 /* Build display for: File Name */
960 FileName = pd + offset;
964 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
968 offset += strlen(FileName) + 1; /* Skip File Name */
972 if (dirn == 0) { /* Response(s) dissect code */
974 /* Build display for: Word Count (WCT) */
976 WordCount = GBYTE(pd, offset);
980 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
984 offset += 1; /* Skip Word Count (WCT) */
986 /* Build display for: Byte Count (BCC) */
988 ByteCount = GBYTE(pd, offset);
992 proto_tree_add_text(tree, offset, 1, "Byte Count (BCC): %u", ByteCount);
996 offset += 1; /* Skip Byte Count (BCC) */
1003 dissect_write_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1007 guint8 BufferFormat;
1015 if (dirn == 1) { /* Request(s) dissect code */
1017 /* Build display for: Word Count (WCT) */
1019 WordCount = GBYTE(pd, offset);
1023 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1027 offset += 1; /* Skip Word Count (WCT) */
1029 /* Build display for: FID */
1031 FID = GSHORT(pd, offset);
1035 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
1039 offset += 2; /* Skip FID */
1041 /* Build display for: Count */
1043 Count = GSHORT(pd, offset);
1047 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
1051 offset += 2; /* Skip Count */
1053 /* Build display for: Offset */
1055 Offset = GWORD(pd, offset);
1059 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
1063 offset += 4; /* Skip Offset */
1065 /* Build display for: Remaining */
1067 Remaining = GSHORT(pd, offset);
1071 proto_tree_add_text(tree, offset, 2, "Remaining: %u", Remaining);
1075 offset += 2; /* Skip Remaining */
1077 /* Build display for: Byte Count (BCC) */
1079 ByteCount = GSHORT(pd, offset);
1083 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1087 offset += 2; /* Skip Byte Count (BCC) */
1089 /* Build display for: Buffer Format */
1091 BufferFormat = GBYTE(pd, offset);
1095 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
1099 offset += 1; /* Skip Buffer Format */
1101 /* Build display for: Data Length */
1103 DataLength = GSHORT(pd, offset);
1107 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
1111 offset += 2; /* Skip Data Length */
1115 if (dirn == 0) { /* Response(s) dissect code */
1117 /* Build display for: Word Count (WCT) */
1119 WordCount = GBYTE(pd, offset);
1123 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1127 offset += 1; /* Skip Word Count (WCT) */
1129 /* Build display for: Count */
1131 Count = GSHORT(pd, offset);
1135 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
1139 offset += 2; /* Skip Count */
1141 /* Build display for: Byte Count (BCC) */
1143 ByteCount = GSHORT(pd, offset);
1147 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1151 offset += 2; /* Skip Byte Count (BCC) */
1158 dissect_read_mpx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *arent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1172 guint16 DataCompactionMode;
1176 if (dirn == 1) { /* Request(s) dissect code */
1178 /* Build display for: Word Count (WCT) */
1180 WordCount = GBYTE(pd, offset);
1184 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1188 offset += 1; /* Skip Word Count (WCT) */
1190 /* Build display for: FID */
1192 FID = GSHORT(pd, offset);
1196 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
1200 offset += 2; /* Skip FID */
1202 /* Build display for: Offset */
1204 Offset = GWORD(pd, offset);
1208 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
1212 offset += 4; /* Skip Offset */
1214 /* Build display for: Max Count */
1216 MaxCount = GSHORT(pd, offset);
1220 proto_tree_add_text(tree, offset, 2, "Max Count: %u", MaxCount);
1224 offset += 2; /* Skip Max Count */
1226 /* Build display for: Min Count */
1228 MinCount = GSHORT(pd, offset);
1232 proto_tree_add_text(tree, offset, 2, "Min Count: %u", MinCount);
1236 offset += 2; /* Skip Min Count */
1238 /* Build display for: Reserved 1 */
1240 Reserved1 = GWORD(pd, offset);
1244 proto_tree_add_text(tree, offset, 4, "Reserved 1: %u", Reserved1);
1248 offset += 4; /* Skip Reserved 1 */
1250 /* Build display for: Reserved 2 */
1252 Reserved2 = GSHORT(pd, offset);
1256 proto_tree_add_text(tree, offset, 2, "Reserved 2: %u", Reserved2);
1260 offset += 2; /* Skip Reserved 2 */
1262 /* Build display for: Byte Count (BCC) */
1264 ByteCount = GSHORT(pd, offset);
1268 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1272 offset += 2; /* Skip Byte Count (BCC) */
1276 if (dirn == 0) { /* Response(s) dissect code */
1278 /* Build display for: Word Count */
1280 WordCount = GBYTE(pd, offset);
1284 proto_tree_add_text(tree, offset, 1, "Word Count: %u", WordCount);
1288 offset += 1; /* Skip Word Count */
1290 if (WordCount > 0) {
1292 /* Build display for: Offset */
1294 Offset = GWORD(pd, offset);
1298 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
1302 offset += 4; /* Skip Offset */
1304 /* Build display for: Count */
1306 Count = GSHORT(pd, offset);
1310 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
1314 offset += 2; /* Skip Count */
1316 /* Build display for: Reserved */
1318 Reserved = GSHORT(pd, offset);
1322 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
1326 offset += 2; /* Skip Reserved */
1328 /* Build display for: Data Compaction Mode */
1330 DataCompactionMode = GSHORT(pd, offset);
1334 proto_tree_add_text(tree, offset, 2, "Data Compaction Mode: %u", DataCompactionMode);
1338 offset += 2; /* Skip Data Compaction Mode */
1340 /* Build display for: Reserved */
1342 Reserved = GSHORT(pd, offset);
1346 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
1350 offset += 2; /* Skip Reserved */
1352 /* Build display for: Data Length */
1354 DataLength = GSHORT(pd, offset);
1358 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
1362 offset += 2; /* Skip Data Length */
1364 /* Build display for: Data Offset */
1366 DataOffset = GSHORT(pd, offset);
1370 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
1374 offset += 2; /* Skip Data Offset */
1378 /* Build display for: Byte Count (BCC) */
1380 ByteCount = GSHORT(pd, offset);
1384 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1388 offset += 2; /* Skip Byte Count (BCC) */
1390 /* Build display for: Pad */
1392 Pad = GBYTE(pd, offset);
1396 proto_tree_add_text(tree, offset, 1, "Pad: %u", Pad);
1400 offset += 1; /* Skip Pad */
1407 dissect_delete_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *paernt, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1411 guint8 BufferFormat;
1413 const char *FileName;
1415 if (dirn == 1) { /* Request(s) dissect code */
1417 /* Build display for: Word Count (WCT) */
1419 WordCount = GBYTE(pd, offset);
1423 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1427 offset += 1; /* Skip Word Count (WCT) */
1429 /* Build display for: Byte Count (BCC) */
1431 ByteCount = GSHORT(pd, offset);
1435 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1439 offset += 2; /* Skip Byte Count (BCC) */
1441 /* Build display for: Buffer Format */
1443 BufferFormat = GBYTE(pd, offset);
1447 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
1451 offset += 1; /* Skip Buffer Format */
1453 /* Build display for: File Name */
1455 FileName = pd + offset;
1459 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
1463 offset += strlen(FileName) + 1; /* Skip File Name */
1467 if (dirn == 0) { /* Response(s) dissect code */
1469 /* Build display for: Word Count (WCT) */
1471 WordCount = GBYTE(pd, offset);
1475 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1479 offset += 1; /* Skip Word Count (WCT) */
1481 /* Build display for: Byte Count (BCC) */
1483 ByteCount = GSHORT(pd, offset);
1487 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1491 offset += 2; /* Skip Byte Count (BCC) */
1498 dissect_query_info2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1501 proto_tree *Attributes_tree;
1504 guint32 FileDataSize;
1505 guint32 FileAllocationSize;
1506 guint16 LastWriteTime;
1507 guint16 LastWriteDate;
1508 guint16 LastAccessTime;
1509 guint16 LastAccessDate;
1511 guint16 CreationTime;
1512 guint16 CreationDate;
1516 if (dirn == 1) { /* Request(s) dissect code */
1518 /* Build display for: Word Count (WCT) */
1520 WordCount = GBYTE(pd, offset);
1524 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1528 offset += 1; /* Skip Word Count (WCT) */
1530 /* Build display for: FID */
1532 FID = GSHORT(pd, offset);
1536 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
1540 offset += 2; /* Skip FID */
1542 /* Build display for: Byte Count */
1544 ByteCount = GSHORT(pd, offset);
1548 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
1552 offset += 2; /* Skip Byte Count */
1556 if (dirn == 0) { /* Response(s) dissect code */
1558 /* Build display for: Word Count (WCT) */
1560 WordCount = GBYTE(pd, offset);
1564 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1568 offset += 1; /* Skip Word Count (WCT) */
1570 if (WordCount > 0) {
1572 /* Build display for: Creation Date */
1574 CreationDate = GSHORT(pd, offset);
1578 proto_tree_add_text(tree, offset, 2, "Creation Date: %u", dissect_dos_date(CreationDate));
1582 offset += 2; /* Skip Creation Date */
1584 /* Build display for: Creation Time */
1586 CreationTime = GSHORT(pd, offset);
1590 proto_tree_add_text(tree, offset, 2, "Creation Time: %u", dissect_dos_time(CreationTime));
1594 offset += 2; /* Skip Creation Time */
1596 /* Build display for: Last Access Date */
1598 LastAccessDate = GSHORT(pd, offset);
1602 proto_tree_add_text(tree, offset, 2, "Last Access Date: %u", dissect_dos_date(LastAccessDate));
1606 offset += 2; /* Skip Last Access Date */
1608 /* Build display for: Last Access Time */
1610 LastAccessTime = GSHORT(pd, offset);
1614 proto_tree_add_text(tree, offset, 2, "Last Access Time: %u", dissect_dos_time(LastAccessTime));
1618 offset += 2; /* Skip Last Access Time */
1620 /* Build display for: Last Write Date */
1622 LastWriteDate = GSHORT(pd, offset);
1626 proto_tree_add_text(tree, offset, 2, "Last Write Date: %u", dissect_dos_date(LastWriteDate));
1630 offset += 2; /* Skip Last Write Date */
1632 /* Build display for: Last Write Time */
1634 LastWriteTime = GSHORT(pd, offset);
1638 proto_tree_add_text(tree, offset, 2, "Last Write Time: %u", dissect_dos_time(LastWriteTime));
1642 offset += 2; /* Skip Last Write Time */
1644 /* Build display for: File Data Size */
1646 FileDataSize = GWORD(pd, offset);
1650 proto_tree_add_text(tree, offset, 4, "File Data Size: %u", FileDataSize);
1654 offset += 4; /* Skip File Data Size */
1656 /* Build display for: File Allocation Size */
1658 FileAllocationSize = GWORD(pd, offset);
1662 proto_tree_add_text(tree, offset, 4, "File Allocation Size: %u", FileAllocationSize);
1666 offset += 4; /* Skip File Allocation Size */
1668 /* Build display for: Attributes */
1670 Attributes = GSHORT(pd, offset);
1674 ti = proto_tree_add_text(tree, offset, 2, "Attributes: 0x%02x", Attributes);
1675 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
1676 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1677 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
1678 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1679 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
1680 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1681 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
1682 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1683 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
1684 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1685 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
1686 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1687 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
1691 offset += 2; /* Skip Attributes */
1695 /* Build display for: Byte Count */
1697 ByteCount = GSHORT(pd, offset);
1701 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
1705 offset += 2; /* Skip Byte Count */
1712 dissect_treecon_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1716 guint8 BufferFormat3;
1717 guint8 BufferFormat2;
1718 guint8 BufferFormat1;
1720 guint16 MaxBufferSize;
1722 const char *SharePath;
1723 const char *Service;
1724 const char *Password;
1726 if (dirn == 1) { /* Request(s) dissect code */
1728 /* Build display for: Word Count (WCT) */
1730 WordCount = GBYTE(pd, offset);
1734 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1738 offset += 1; /* Skip Word Count (WCT) */
1740 /* Build display for: Byte Count (BCC) */
1742 ByteCount = GSHORT(pd, offset);
1746 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1750 offset += 2; /* Skip Byte Count (BCC) */
1752 /* Build display for: BufferFormat1 */
1754 BufferFormat1 = GBYTE(pd, offset);
1758 proto_tree_add_text(tree, offset, 1, "BufferFormat1: %u", BufferFormat1);
1762 offset += 1; /* Skip BufferFormat1 */
1764 /* Build display for: Share Path */
1766 SharePath = pd + offset;
1770 proto_tree_add_text(tree, offset, strlen(SharePath) + 1, "Share Path: %s", SharePath);
1774 offset += strlen(SharePath) + 1; /* Skip Share Path */
1776 /* Build display for: BufferFormat2 */
1778 BufferFormat2 = GBYTE(pd, offset);
1782 proto_tree_add_text(tree, offset, 1, "BufferFormat2: %u", BufferFormat2);
1786 offset += 1; /* Skip BufferFormat2 */
1788 /* Build display for: Password */
1790 Password = pd + offset;
1794 proto_tree_add_text(tree, offset, strlen(Password) + 1, "Password: %s", Password);
1798 offset += strlen(Password) + 1; /* Skip Password */
1800 /* Build display for: BufferFormat3 */
1802 BufferFormat3 = GBYTE(pd, offset);
1806 proto_tree_add_text(tree, offset, 1, "BufferFormat3: %u", BufferFormat3);
1810 offset += 1; /* Skip BufferFormat3 */
1812 /* Build display for: Service */
1814 Service = pd + offset;
1818 proto_tree_add_text(tree, offset, strlen(Service) + 1, "Service: %s", Service);
1822 offset += strlen(Service) + 1; /* Skip Service */
1826 if (dirn == 0) { /* Response(s) dissect code */
1828 /* Build display for: Word Count (WCT) */
1830 WordCount = GBYTE(pd, offset);
1834 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1838 if (errcode != 0) return;
1840 offset += 1; /* Skip Word Count (WCT) */
1842 /* Build display for: Max Buffer Size */
1844 MaxBufferSize = GSHORT(pd, offset);
1848 proto_tree_add_text(tree, offset, 2, "Max Buffer Size: %u", MaxBufferSize);
1852 offset += 2; /* Skip Max Buffer Size */
1854 /* Build display for: TID */
1856 TID = GSHORT(pd, offset);
1860 proto_tree_add_text(tree, offset, 2, "TID: %u", TID);
1864 offset += 2; /* Skip TID */
1866 /* Build display for: Byte Count (BCC) */
1868 ByteCount = GSHORT(pd, offset);
1872 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1876 offset += 2; /* Skip Byte Count (BCC) */
1882 /* Generated by build-dissect.pl Vesion 0.6 27-Jun-1999, ACT */
1884 dissect_ssetup_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1887 proto_tree *Capabilities_tree;
1890 guint8 AndXReserved;
1891 guint8 AndXCommand = 0xFF;
1894 guint32 Capabilities;
1896 guint16 UNICODEAccountPasswordLength;
1897 guint16 PasswordLen;
1898 guint16 MaxMpxCount;
1899 guint16 MaxBufferSize;
1901 guint16 AndXOffset = 0;
1903 guint16 ANSIAccountPasswordLength;
1904 const char *UNICODEPassword;
1905 const char *Password;
1906 const char *PrimaryDomain;
1907 const char *NativeOS;
1908 const char *NativeLanManType;
1909 const char *NativeLanMan;
1910 const char *AccountName;
1911 const char *ANSIPassword;
1913 if (dirn == 1) { /* Request(s) dissect code */
1915 WordCount = GBYTE(pd, offset);
1917 switch (WordCount) {
1921 /* Build display for: Word Count (WCT) */
1923 WordCount = GBYTE(pd, offset);
1927 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1931 offset += 1; /* Skip Word Count (WCT) */
1933 /* Build display for: AndXCommand */
1935 AndXCommand = GBYTE(pd, offset);
1939 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
1940 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
1944 offset += 1; /* Skip AndXCommand */
1946 /* Build display for: AndXReserved */
1948 AndXReserved = GBYTE(pd, offset);
1952 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
1956 offset += 1; /* Skip AndXReserved */
1958 /* Build display for: AndXOffset */
1960 AndXOffset = GSHORT(pd, offset);
1964 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
1968 offset += 2; /* Skip AndXOffset */
1970 /* Build display for: MaxBufferSize */
1972 MaxBufferSize = GSHORT(pd, offset);
1976 proto_tree_add_text(tree, offset, 2, "MaxBufferSize: %u", MaxBufferSize);
1980 offset += 2; /* Skip MaxBufferSize */
1982 /* Build display for: MaxMpxCount */
1984 MaxMpxCount = GSHORT(pd, offset);
1988 proto_tree_add_text(tree, offset, 2, "MaxMpxCount: %u", MaxMpxCount);
1992 offset += 2; /* Skip MaxMpxCount */
1994 /* Build display for: VcNumber */
1996 VcNumber = GSHORT(pd, offset);
2000 proto_tree_add_text(tree, offset, 2, "VcNumber: %u", VcNumber);
2004 offset += 2; /* Skip VcNumber */
2006 /* Build display for: SessionKey */
2008 SessionKey = GWORD(pd, offset);
2012 proto_tree_add_text(tree, offset, 4, "SessionKey: %u", SessionKey);
2016 offset += 4; /* Skip SessionKey */
2018 /* Build display for: PasswordLen */
2020 PasswordLen = GSHORT(pd, offset);
2024 proto_tree_add_text(tree, offset, 2, "PasswordLen: %u", PasswordLen);
2028 offset += 2; /* Skip PasswordLen */
2030 /* Build display for: Reserved */
2032 Reserved = GWORD(pd, offset);
2036 proto_tree_add_text(tree, offset, 4, "Reserved: %u", Reserved);
2040 offset += 4; /* Skip Reserved */
2042 /* Build display for: Byte Count (BCC) */
2044 ByteCount = GSHORT(pd, offset);
2048 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
2052 offset += 2; /* Skip Byte Count (BCC) */
2054 if (ByteCount > 0) {
2056 /* Build displat for: Password */
2058 Password = pd + offset;
2062 proto_tree_add_text(tree, offset, strlen(Password) + 1, "Password: %s", Password);
2066 offset += PasswordLen;
2068 /* Build display for: AccountName */
2070 AccountName = pd + offset;
2074 proto_tree_add_text(tree, offset, strlen(AccountName) + 1, "AccountName: %s", AccountName);
2078 offset += strlen(AccountName) + 1; /* Skip AccountName */
2080 /* Build display for: PrimaryDomain */
2082 PrimaryDomain = pd + offset;
2086 proto_tree_add_text(tree, offset, strlen(PrimaryDomain) + 1, "PrimaryDomain: %s", PrimaryDomain);
2090 offset += strlen(PrimaryDomain) + 1; /* Skip PrimaryDomain */
2092 /* Build display for: NativeOS */
2094 NativeOS = pd + offset;
2098 proto_tree_add_text(tree, offset, strlen(NativeOS) + 1, "Native OS: %s", NativeOS);
2102 offset += strlen(NativeOS) + 1; /* Skip NativeOS */
2104 /* Build display for: NativeLanMan */
2106 NativeLanMan = pd + offset;
2110 proto_tree_add_text(tree, offset, strlen(NativeLanMan) + 1, "Native Lan Manager: %s", NativeLanMan);
2114 offset += strlen(NativeLanMan) + 1; /* Skip NativeLanMan */
2122 /* Build display for: Word Count (WCT) */
2124 WordCount = GBYTE(pd, offset);
2128 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
2132 offset += 1; /* Skip Word Count (WCT) */
2134 /* Build display for: AndXCommand */
2136 AndXCommand = GBYTE(pd, offset);
2140 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
2141 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
2145 offset += 1; /* Skip AndXCommand */
2147 /* Build display for: AndXReserved */
2149 AndXReserved = GBYTE(pd, offset);
2153 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
2157 offset += 1; /* Skip AndXReserved */
2159 /* Build display for: AndXOffset */
2161 AndXOffset = GSHORT(pd, offset);
2165 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
2169 offset += 2; /* Skip AndXOffset */
2171 /* Build display for: MaxBufferSize */
2173 MaxBufferSize = GSHORT(pd, offset);
2177 proto_tree_add_text(tree, offset, 2, "MaxBufferSize: %u", MaxBufferSize);
2181 offset += 2; /* Skip MaxBufferSize */
2183 /* Build display for: MaxMpxCount */
2185 MaxMpxCount = GSHORT(pd, offset);
2189 proto_tree_add_text(tree, offset, 2, "MaxMpxCount: %u", MaxMpxCount);
2193 offset += 2; /* Skip MaxMpxCount */
2195 /* Build display for: VcNumber */
2197 VcNumber = GSHORT(pd, offset);
2201 proto_tree_add_text(tree, offset, 2, "VcNumber: %u", VcNumber);
2205 offset += 2; /* Skip VcNumber */
2207 /* Build display for: SessionKey */
2209 SessionKey = GWORD(pd, offset);
2213 proto_tree_add_text(tree, offset, 4, "SessionKey: %u", SessionKey);
2217 offset += 4; /* Skip SessionKey */
2219 /* Build display for: ANSI Account Password Length */
2221 ANSIAccountPasswordLength = GSHORT(pd, offset);
2225 proto_tree_add_text(tree, offset, 2, "ANSI Account Password Length: %u", ANSIAccountPasswordLength);
2229 offset += 2; /* Skip ANSI Account Password Length */
2231 /* Build display for: UNICODE Account Password Length */
2233 UNICODEAccountPasswordLength = GSHORT(pd, offset);
2237 proto_tree_add_text(tree, offset, 2, "UNICODE Account Password Length: %u", UNICODEAccountPasswordLength);
2241 offset += 2; /* Skip UNICODE Account Password Length */
2243 /* Build display for: Reserved */
2245 Reserved = GWORD(pd, offset);
2249 proto_tree_add_text(tree, offset, 4, "Reserved: %u", Reserved);
2253 offset += 4; /* Skip Reserved */
2255 /* Build display for: Capabilities */
2257 Capabilities = GWORD(pd, offset);
2261 ti = proto_tree_add_text(tree, offset, 4, "Capabilities: 0x%04x", Capabilities);
2262 Capabilities_tree = proto_item_add_subtree(ti, ett_smb_capabilities);
2263 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2264 decode_boolean_bitfield(Capabilities, 0x0001, 32, " Raw Mode supported", " Raw Mode not supported"));
2265 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2266 decode_boolean_bitfield(Capabilities, 0x0002, 32, " Raw Mode supported", " MPX Mode not supported"));
2267 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2268 decode_boolean_bitfield(Capabilities, 0x0004, 32," Unicode supported", " Unicode not supported"));
2269 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2270 decode_boolean_bitfield(Capabilities, 0x0008, 32, " Large Files supported", " Large Files not supported"));
2271 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2272 decode_boolean_bitfield(Capabilities, 0x0010, 32, " NT LM 0.12 SMBs supported", " NT LM 0.12 SMBs not supported"));
2273 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2274 decode_boolean_bitfield(Capabilities, 0x0020, 32, " RPC Remote APIs supported", " RPC Remote APIs not supported"));
2275 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2276 decode_boolean_bitfield(Capabilities, 0x0040, 32, " NT Status Codes supported", " NT Status Codes not supported"));
2277 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2278 decode_boolean_bitfield(Capabilities, 0x0080, 32, " Level 2 OpLocks supported", " Level 2 OpLocks not supported"));
2279 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2280 decode_boolean_bitfield(Capabilities, 0x0100, 32, " Lock&Read supported", " Lock&Read not supported"));
2281 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2282 decode_boolean_bitfield(Capabilities, 0x0200, 32, " NT Find supported", " NT Find not supported"));
2283 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2284 decode_boolean_bitfield(Capabilities, 0x1000, 32, " DFS supported", " DFS not supported"));
2285 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2286 decode_boolean_bitfield(Capabilities, 0x4000, 32, " Large READX supported", " Large READX not supported"));
2287 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2288 decode_boolean_bitfield(Capabilities, 0x8000, 32, " Large WRITEX supported", " Large WRITEX not supported"));
2289 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2290 decode_boolean_bitfield(Capabilities, 0x80000000, 32, " Extended Security Exchanges supported", " Extended Security Exchanges not supported"));
2294 offset += 4; /* Skip Capabilities */
2296 /* Build display for: Byte Count */
2298 ByteCount = GSHORT(pd, offset);
2302 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
2306 offset += 2; /* Skip Byte Count */
2308 if (ByteCount > 0) {
2310 /* Build display for: ANSI Password */
2312 ANSIPassword = pd + offset;
2316 proto_tree_add_text(tree, offset, ANSIAccountPasswordLength, "ANSI Password: %s", format_text(ANSIPassword, ANSIAccountPasswordLength));
2320 offset += ANSIAccountPasswordLength; /* Skip ANSI Password */
2321 if (ANSIAccountPasswordLength == 0) offset++; /* Add 1 */
2323 /* Build display for: UNICODE Password */
2325 UNICODEPassword = pd + offset;
2327 if (UNICODEAccountPasswordLength > 0) {
2331 proto_tree_add_text(tree, offset, UNICODEAccountPasswordLength, "UNICODE Password: %s", format_text(UNICODEPassword, UNICODEAccountPasswordLength));
2335 offset += UNICODEAccountPasswordLength; /* Skip UNICODE Password */
2339 /* Build display for: Account Name */
2341 AccountName = pd + offset;
2345 proto_tree_add_text(tree, offset, strlen(AccountName) + 1, "Account Name: %s", AccountName);
2349 offset += strlen(AccountName) + 1; /* Skip Account Name */
2351 /* Build display for: Primary Domain */
2353 PrimaryDomain = pd + offset;
2357 proto_tree_add_text(tree, offset, strlen(PrimaryDomain) + 1, "Primary Domain: %s", PrimaryDomain);
2361 offset += strlen(PrimaryDomain) + 1; /* Skip Primary Domain */
2363 /* Build display for: Native OS */
2365 NativeOS = pd + offset;
2369 proto_tree_add_text(tree, offset, strlen(NativeOS) + 1, "Native OS: %s", NativeOS);
2373 offset += strlen(NativeOS) + 1; /* Skip Native OS */
2375 /* Build display for: Native LanMan Type */
2377 NativeLanManType = pd + offset;
2381 proto_tree_add_text(tree, offset, strlen(NativeLanManType) + 1, "Native LanMan Type: %s", NativeLanManType);
2385 offset += strlen(NativeLanManType) + 1; /* Skip Native LanMan Type */
2394 if (AndXCommand != 0xFF) {
2396 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
2402 if (dirn == 0) { /* Response(s) dissect code */
2404 /* Build display for: Word Count (WCT) */
2406 WordCount = GBYTE(pd, offset);
2410 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
2414 offset += 1; /* Skip Word Count (WCT) */
2416 if (WordCount > 0) {
2418 /* Build display for: AndXCommand */
2420 AndXCommand = GBYTE(pd, offset);
2424 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
2425 (AndXCommand == 0xFF ? "No futher commands" : decode_smb_name(AndXCommand)));
2429 offset += 1; /* Skip AndXCommand */
2431 /* Build display for: AndXReserved */
2433 AndXReserved = GBYTE(pd, offset);
2437 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
2441 offset += 1; /* Skip AndXReserved */
2443 /* Build display for: AndXOffset */
2445 AndXOffset = GSHORT(pd, offset);
2449 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
2454 offset += 2; /* Skip AndXOffset */
2456 /* Build display for: Action */
2458 Action = GSHORT(pd, offset);
2462 proto_tree_add_text(tree, offset, 2, "Action: %u", Action);
2466 offset += 2; /* Skip Action */
2470 /* Build display for: Byte Count (BCC) */
2472 ByteCount = GSHORT(pd, offset);
2476 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
2480 if (errcode != 0 && WordCount == 0xFF) return; /* No more here ... */
2482 offset += 2; /* Skip Byte Count (BCC) */
2484 if (ByteCount > 0) {
2486 /* Build display for: NativeOS */
2488 NativeOS = pd + offset;
2492 proto_tree_add_text(tree, offset, strlen(NativeOS) + 1, "NativeOS: %s", NativeOS);
2496 offset += strlen(NativeOS) + 1; /* Skip NativeOS */
2498 /* Build display for: NativeLanMan */
2500 NativeLanMan = pd + offset;
2504 proto_tree_add_text(tree, offset, strlen(NativeLanMan) + 1, "NativeLanMan: %s", NativeLanMan);
2508 offset += strlen(NativeLanMan) + 1; /* Skip NativeLanMan */
2510 /* Build display for: PrimaryDomain */
2512 PrimaryDomain = pd + offset;
2516 proto_tree_add_text(tree, offset, strlen(PrimaryDomain) + 1, "PrimaryDomain: %s", PrimaryDomain);
2520 offset += strlen(PrimaryDomain) + 1; /* Skip PrimaryDomain */
2524 if (AndXCommand != 0xFF) {
2526 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
2535 dissect_tcon_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
2538 guint8 wct, andxcmd = 0xFF;
2539 guint16 andxoffs = 0, flags, passwdlen, bcc, optionsup;
2541 proto_tree *flags_tree;
2546 /* Now figure out what format we are talking about, 2, 3, or 4 response
2550 if (!((dirn == 1) && (wct == 4)) && !((dirn == 0) && (wct == 2)) &&
2551 !((dirn == 0) && (wct == 3)) && !(wct == 0)) {
2555 proto_tree_add_text(tree, offset, 1, "Invalid TCON_ANDX format. WCT should be 0, 2, 3, or 4 ..., not %u", wct);
2557 proto_tree_add_text(tree, offset, END_OF_FRAME, "Data");
2567 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", wct);
2575 andxcmd = pd[offset];
2579 proto_tree_add_text(tree, offset, 1, "Next Command: %s",
2580 (andxcmd == 0xFF) ? "No further commands":
2581 decode_smb_name(andxcmd));
2583 proto_tree_add_text(tree, offset + 1, 1, "Reserved (MBZ): %u", pd[offset+1]);
2589 andxoffs = GSHORT(pd, offset);
2593 proto_tree_add_text(tree, offset, 2, "Offset to next command: %u", andxoffs);
2605 bcc = GSHORT(pd, offset);
2609 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2617 flags = GSHORT(pd, offset);
2621 ti = proto_tree_add_text(tree, offset, 2, "Additional Flags: 0x%02x", flags);
2622 flags_tree = proto_item_add_subtree(ti, ett_smb_aflags);
2623 proto_tree_add_text(flags_tree, offset, 2, "%s",
2624 decode_boolean_bitfield(flags, 0x01, 16,
2626 "Don't disconnect TID"));
2632 passwdlen = GSHORT(pd, offset);
2636 proto_tree_add_text(tree, offset, 2, "Password Length: %u", passwdlen);
2642 bcc = GSHORT(pd, offset);
2646 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2656 proto_tree_add_text(tree, offset, strlen(str) + 1, "Password: %s", format_text(str, passwdlen));
2660 offset += passwdlen;
2666 proto_tree_add_text(tree, offset, strlen(str) + 1, "Path: %s", str);
2670 offset += strlen(str) + 1;
2676 proto_tree_add_text(tree, offset, strlen(str) + 1, "Service: %s", str);
2684 bcc = GSHORT(pd, offset);
2688 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2698 proto_tree_add_text(tree, offset, strlen(str) + 1, "Service Type: %s",
2703 offset += strlen(str) + 1;
2709 optionsup = GSHORT(pd, offset);
2711 if (tree) { /* Should break out the bits */
2713 proto_tree_add_text(tree, offset, 2, "Optional Support: 0x%04x",
2720 bcc = GSHORT(pd, offset);
2724 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2734 proto_tree_add_text(tree, offset, strlen(str) + 1, "Service: %s", str);
2738 offset += strlen(str) + 1;
2744 proto_tree_add_text(tree, offset, strlen(str) + 1, "Native File System: %s", str);
2748 offset += strlen(str) + 1;
2758 if (andxcmd != 0xFF) /* Process that next command ... ??? */
2760 (dissect[andxcmd])(pd, SMB_offset + andxoffs, fd, parent, tree, si, max_data - offset, SMB_offset, errcode, dirn);
2765 dissect_negprot_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
2767 guint8 wct, enckeylen;
2768 guint16 bcc, mode, rawmode, dialect;
2770 proto_tree *dialects = NULL, *mode_tree, *caps_tree, *rawmode_tree;
2776 wct = pd[offset]; /* Should be 0, 1 or 13 or 17, I think */
2778 if (!((wct == 0) && (dirn == 1)) && !((wct == 1) && (dirn == 0)) &&
2779 !((wct == 13) && (dirn == 0)) && !((wct == 17) && (dirn == 0))) {
2782 proto_tree_add_text(tree, offset, 1, "Invalid Negotiate Protocol format. WCT should be zero or 1 or 13 or 17 ..., not %u", wct);
2784 proto_tree_add_text(tree, offset, END_OF_FRAME, "Data");
2792 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %d", wct);
2796 if (dirn == 0 && errcode != 0) return; /* No more info ... */
2800 /* Now decode the various formats ... */
2804 case 0: /* A request */
2806 bcc = GSHORT(pd, offset);
2810 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2818 ti = proto_tree_add_text(tree, offset, END_OF_FRAME, "Dialects");
2819 dialects = proto_item_add_subtree(ti, ett_smb_dialects);
2823 while (IS_DATA_IN_FRAME(offset)) {
2828 proto_tree_add_text(dialects, offset, 1, "Dialect Marker: %d", pd[offset]);
2838 proto_tree_add_text(dialects, offset, strlen(str)+1, "Dialect: %s", str);
2842 offset += strlen(str) + 1;
2847 case 1: /* PC NETWORK PROGRAM 1.0 */
2849 dialect = GSHORT(pd, offset);
2851 if (tree) { /* Hmmmm, what if none of the dialects is recognized */
2853 if (dialect == 0xFFFF) { /* Server didn't like them dialects */
2855 proto_tree_add_text(tree, offset, 2, "Supplied dialects not recognized");
2860 proto_tree_add_text(tree, offset, 2, "Dialect Index: %u, PC NETWORK PROTGRAM 1.0", dialect);
2868 bcc = GSHORT(pd, offset);
2872 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2878 case 13: /* Greater than Core and up to and incl LANMAN2.1 */
2882 proto_tree_add_text(tree, offset, 2, "Dialect Index: %u, Greater than CORE PROTOCOL and up to LANMAN2.1", GSHORT(pd, offset));
2886 /* Much of this is similar to response 17 below */
2890 mode = GSHORT(pd, offset);
2894 ti = proto_tree_add_text(tree, offset, 2, "Security Mode: 0x%04x", mode);
2895 mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
2896 proto_tree_add_text(mode_tree, offset, 2, "%s",
2897 decode_boolean_bitfield(mode, 0x0001, 16,
2899 "Security = Share"));
2900 proto_tree_add_text(mode_tree, offset, 2, "%s",
2901 decode_boolean_bitfield(mode, 0x0002, 16,
2902 "Passwords = Encrypted",
2903 "Passwords = Plaintext"));
2911 proto_tree_add_text(tree, offset, 2, "Max buffer size: %u", GSHORT(pd, offset));
2919 proto_tree_add_text(tree, offset, 2, "Max multiplex count: %u", GSHORT(pd, offset));
2927 proto_tree_add_text(tree, offset, 2, "Max vcs: %u", GSHORT(pd, offset));
2933 rawmode = GSHORT(pd, offset);
2937 ti = proto_tree_add_text(tree, offset, 2, "Raw Mode: 0x%04x", rawmode);
2938 rawmode_tree = proto_item_add_subtree(ti, ett_smb_rawmode);
2939 proto_tree_add_text(rawmode_tree, offset, 2, "%s",
2940 decode_boolean_bitfield(rawmode, 0x01, 16,
2941 "Read Raw supported",
2942 "Read Raw not supported"));
2943 proto_tree_add_text(rawmode_tree, offset, 2, "%s",
2944 decode_boolean_bitfield(rawmode, 0x02, 16,
2945 "Write Raw supported",
2946 "Write Raw not supported"));
2954 proto_tree_add_text(tree, offset, 4, "Session key: %08x", GWORD(pd, offset));
2960 /* Now the server time, two short parameters ... */
2964 proto_tree_add_text(tree, offset, 2, "Server Time: %s",
2965 dissect_dos_time(GSHORT(pd, offset)));
2966 proto_tree_add_text(tree, offset + 2, 2, "Server Date: %s",
2967 dissect_dos_date(GSHORT(pd, offset + 2)));
2973 /* Server Time Zone, SHORT */
2977 proto_tree_add_text(tree, offset, 2, "Server time zone: %i min from UTC",
2978 (signed)GSSHORT(pd, offset));
2984 /* Challenge Length */
2986 enckeylen = GSHORT(pd, offset);
2990 proto_tree_add_text(tree, offset, 2, "Challenge Length: %u", enckeylen);
2998 proto_tree_add_text(tree, offset, 2, "Reserved: %u (MBZ)", GSHORT(pd, offset));
3004 bcc = GSHORT(pd, offset);
3008 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
3014 if (enckeylen) { /* only if non-zero key len */
3020 proto_tree_add_text(tree, offset, enckeylen, "Challenge: %s",
3021 bytes_to_str(str, enckeylen));
3024 offset += enckeylen;
3028 /* Primary Domain ... */
3034 proto_tree_add_text(tree, offset, strlen(str)+1, "Primary Domain: %s", str);
3040 case 17: /* Greater than LANMAN2.1 */
3044 proto_tree_add_text(tree, offset, 2, "Dialect Index: %u, Greater than LANMAN2.1", GSHORT(pd, offset));
3050 mode = GBYTE(pd, offset);
3054 ti = proto_tree_add_text(tree, offset, 1, "Security Mode: 0x%02x", mode);
3055 mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
3056 proto_tree_add_text(mode_tree, offset, 1, "%s",
3057 decode_boolean_bitfield(mode, 0x01, 8,
3059 "Security = Share"));
3060 proto_tree_add_text(mode_tree, offset, 1, "%s",
3061 decode_boolean_bitfield(mode, 0x02, 8,
3062 "Passwords = Encrypted",
3063 "Passwords = Plaintext"));
3064 proto_tree_add_text(mode_tree, offset, 1, "%s",
3065 decode_boolean_bitfield(mode, 0x04, 8,
3066 "Security signatures enabled",
3067 "Security signatures not enabled"));
3068 proto_tree_add_text(mode_tree, offset, 1, "%s",
3069 decode_boolean_bitfield(mode, 0x08, 8,
3070 "Security signatures required",
3071 "Security signatures not required"));
3079 proto_tree_add_text(tree, offset, 2, "Max multiplex count: %u", GSHORT(pd, offset));
3087 proto_tree_add_text(tree, offset, 2, "Max vcs: %u", GSHORT(pd, offset));
3095 proto_tree_add_text(tree, offset, 2, "Max buffer size: %u", GWORD(pd, offset));
3103 proto_tree_add_text(tree, offset, 4, "Max raw size: %u", GWORD(pd, offset));
3111 proto_tree_add_text(tree, offset, 4, "Session key: %08x", GWORD(pd, offset));
3117 caps = GWORD(pd, offset);
3121 ti = proto_tree_add_text(tree, offset, 4, "Capabilities: 0x%04x", caps);
3122 caps_tree = proto_item_add_subtree(ti, ett_smb_capabilities);
3123 proto_tree_add_text(caps_tree, offset, 4, "%s",
3124 decode_boolean_bitfield(caps, 0x0001, 32,
3125 "Raw Mode supported",
3126 "Raw Mode not supported"));
3127 proto_tree_add_text(caps_tree, offset, 4, "%s",
3128 decode_boolean_bitfield(caps, 0x0002, 32,
3129 "MPX Mode supported",
3130 "MPX Mode not supported"));
3131 proto_tree_add_text(caps_tree, offset, 4, "%s",
3132 decode_boolean_bitfield(caps, 0x0004, 32,
3133 "Unicode supported",
3134 "Unicode not supported"));
3135 proto_tree_add_text(caps_tree, offset, 4, "%s",
3136 decode_boolean_bitfield(caps, 0x0008, 32,
3137 "Large files supported",
3138 "Large files not supported"));
3139 proto_tree_add_text(caps_tree, offset, 4, "%s",
3140 decode_boolean_bitfield(caps, 0x0010, 32,
3141 "NT LM 0.12 SMBs supported",
3142 "NT LM 0.12 SMBs not supported"));
3143 proto_tree_add_text(caps_tree, offset, 4, "%s",
3144 decode_boolean_bitfield(caps, 0x0020, 32,
3145 "RPC remote APIs supported",
3146 "RPC remote APIs not supported"));
3147 proto_tree_add_text(caps_tree, offset, 4, "%s",
3148 decode_boolean_bitfield(caps, 0x0040, 32,
3149 "NT status codes supported",
3150 "NT status codes not supported"));
3151 proto_tree_add_text(caps_tree, offset, 4, "%s",
3152 decode_boolean_bitfield(caps, 0x0080, 32,
3153 "Level 2 OpLocks supported",
3154 "Level 2 OpLocks not supported"));
3155 proto_tree_add_text(caps_tree, offset, 4, "%s",
3156 decode_boolean_bitfield(caps, 0x0100, 32,
3157 "Lock&Read supported",
3158 "Lock&Read not supported"));
3159 proto_tree_add_text(caps_tree, offset, 4, "%s",
3160 decode_boolean_bitfield(caps, 0x0200, 32,
3161 "NT Find supported",
3162 "NT Find not supported"));
3163 proto_tree_add_text(caps_tree, offset, 4, "%s",
3164 decode_boolean_bitfield(caps, 0x1000, 32,
3166 "DFS not supported"));
3167 proto_tree_add_text(caps_tree, offset, 4, "%s",
3168 decode_boolean_bitfield(caps, 0x4000, 32,
3169 "Large READX supported",
3170 "Large READX not supported"));
3171 proto_tree_add_text(caps_tree, offset, 4, "%s",
3172 decode_boolean_bitfield(caps, 0x8000, 32,
3173 "Large WRITEX supported",
3174 "Large WRITEX not supported"));
3175 proto_tree_add_text(caps_tree, offset, 4, "%s",
3176 decode_boolean_bitfield(caps, 0x80000000, 32,
3177 "Extended security exchanges supported",
3178 "Extended security exchanges not supported"));
3183 /* Server time, 2 WORDS */
3187 proto_tree_add_text(tree, offset, 4, "System Time Low: 0x%08x", GWORD(pd, offset));
3188 proto_tree_add_text(tree, offset + 4, 4, "System Time High: 0x%08x", GWORD(pd, offset + 4));
3194 /* Server Time Zone, SHORT */
3198 proto_tree_add_text(tree, offset, 2, "Server time zone: %i min from UTC",
3199 (signed)GSSHORT(pd, offset));
3205 /* Encryption key len */
3207 enckeylen = pd[offset];
3211 proto_tree_add_text(tree, offset, 1, "Encryption key len: %u", enckeylen);
3217 bcc = GSHORT(pd, offset);
3221 proto_tree_add_text(tree, offset, 2, "Byte count (BCC): %u", bcc);
3227 if (enckeylen) { /* only if non-zero key len */
3229 /* Encryption challenge key */
3235 proto_tree_add_text(tree, offset, enckeylen, "Challenge encryption key: %s",
3236 bytes_to_str(str, enckeylen));
3240 offset += enckeylen;
3244 /* The domain, a null terminated string; Unicode if "caps" has
3245 the 0x0004 bit set, ASCII (OEM character set) otherwise.
3246 XXX - for now, we just handle the ISO 8859-1 subset of Unicode. */
3252 if (caps & 0x0004) {
3253 ustr = unicode_to_str(str, &ustr_len);
3254 proto_tree_add_text(tree, offset, ustr_len+2, "OEM domain name: %s", ustr);
3256 proto_tree_add_text(tree, offset, strlen(str)+1, "OEM domain name: %s", str);
3263 default: /* Baddd */
3266 proto_tree_add_text(tree, offset, 1, "Bad format, should never get here");
3274 dissect_deletedir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3278 guint8 BufferFormat;
3280 const char *DirectoryName;
3282 if (dirn == 1) { /* Request(s) dissect code */
3284 /* Build display for: Word Count (WCT) */
3286 WordCount = GBYTE(pd, offset);
3290 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3294 offset += 1; /* Skip Word Count (WCT) */
3296 /* Build display for: Byte Count (BCC) */
3298 ByteCount = GSHORT(pd, offset);
3302 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3306 offset += 2; /* Skip Byte Count (BCC) */
3308 /* Build display for: Buffer Format */
3310 BufferFormat = GBYTE(pd, offset);
3314 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
3318 offset += 1; /* Skip Buffer Format */
3320 /* Build display for: Directory Name */
3322 DirectoryName = pd + offset;
3326 proto_tree_add_text(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3330 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3334 if (dirn == 0) { /* Response(s) dissect code */
3336 /* Build display for: Word Count (WCT) */
3338 WordCount = GBYTE(pd, offset);
3342 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3346 offset += 1; /* Skip Word Count (WCT) */
3348 /* Build display for: Byte Count (BCC) */
3350 ByteCount = GSHORT(pd, offset);
3354 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3358 offset += 2; /* Skip Byte Count (BCC) */
3365 dissect_createdir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3369 guint8 BufferFormat;
3371 const char *DirectoryName;
3373 if (dirn == 1) { /* Request(s) dissect code */
3375 /* Build display for: Word Count (WCT) */
3377 WordCount = GBYTE(pd, offset);
3381 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3385 offset += 1; /* Skip Word Count (WCT) */
3387 /* Build display for: Byte Count (BCC) */
3389 ByteCount = GSHORT(pd, offset);
3393 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3397 offset += 2; /* Skip Byte Count (BCC) */
3399 /* Build display for: Buffer Format */
3401 BufferFormat = GBYTE(pd, offset);
3405 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
3409 offset += 1; /* Skip Buffer Format */
3411 /* Build display for: Directory Name */
3413 DirectoryName = pd + offset;
3417 proto_tree_add_text(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3421 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3425 if (dirn == 0) { /* Response(s) dissect code */
3427 /* Build display for: Word Count (WCT) */
3429 WordCount = GBYTE(pd, offset);
3433 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3437 offset += 1; /* Skip Word Count (WCT) */
3439 /* Build display for: Byte Count (BCC) */
3441 ByteCount = GSHORT(pd, offset);
3445 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3449 offset += 2; /* Skip Byte Count (BCC) */
3456 dissect_checkdir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3460 guint8 BufferFormat;
3462 const char *DirectoryName;
3464 if (dirn == 1) { /* Request(s) dissect code */
3466 /* Build display for: Word Count (WCT) */
3468 WordCount = GBYTE(pd, offset);
3472 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3476 offset += 1; /* Skip Word Count (WCT) */
3478 /* Build display for: Byte Count (BCC) */
3480 ByteCount = GSHORT(pd, offset);
3484 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3488 offset += 2; /* Skip Byte Count (BCC) */
3490 /* Build display for: Buffer Format */
3492 BufferFormat = GBYTE(pd, offset);
3496 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
3500 offset += 1; /* Skip Buffer Format */
3502 /* Build display for: Directory Name */
3504 DirectoryName = pd + offset;
3508 proto_tree_add_text(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3512 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3516 if (dirn == 0) { /* Response(s) dissect code */
3518 /* Build display for: Word Count (WCT) */
3520 WordCount = GBYTE(pd, offset);
3524 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3528 offset += 1; /* Skip Word Count (WCT) */
3530 /* Build display for: Byte Count (BCC) */
3532 ByteCount = GSHORT(pd, offset);
3536 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3540 offset += 2; /* Skip Byte Count (BCC) */
3547 dissect_open_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3550 static const value_string OpenFunction_0x10[] = {
3551 { 0, "Fail if file does not exist"},
3552 { 16, "Create file if it does not exist"},
3555 static const value_string OpenFunction_0x03[] = {
3556 { 0, "Fail if file exists"},
3557 { 1, "Open file if it exists"},
3558 { 2, "Truncate File if it exists"},
3561 static const value_string FileType_0xFFFF[] = {
3562 { 0, "Disk file or directory"},
3563 { 1, "Named pipe in byte mode"},
3564 { 2, "Named pipe in message mode"},
3565 { 3, "Spooled printer"},
3568 static const value_string DesiredAccess_0x70[] = {
3569 { 00, "Compatibility mode"},
3570 { 16, "Deny read/write/execute (exclusive)"},
3571 { 32, "Deny write"},
3572 { 48, "Deny read/execute"},
3576 static const value_string DesiredAccess_0x700[] = {
3577 { 0, "Locality of reference unknown"},
3578 { 256, "Mainly sequential access"},
3579 { 512, "Mainly random access"},
3580 { 768, "Random access with some locality"},
3583 static const value_string DesiredAccess_0x4000[] = {
3584 { 0, "Write through mode disabled"},
3585 { 16384, "Write through mode enabled"},
3588 static const value_string DesiredAccess_0x1000[] = {
3589 { 0, "Normal file (caching permitted)"},
3590 { 4096, "Do not cache this file"},
3593 static const value_string DesiredAccess_0x07[] = {
3594 { 0, "Open for reading"},
3595 { 1, "Open for writing"},
3596 { 2, "Open for reading and writing"},
3597 { 3, "Open for execute"},
3600 static const value_string Action_0x8000[] = {
3601 { 0, "File opened by another user (or mode not supported by server)"},
3602 { 32768, "File is opened only by this user at present"},
3605 static const value_string Action_0x0003[] = {
3606 { 0, "No action taken?"},
3607 { 1, "The file existed and was opened"},
3608 { 2, "The file did not exist but was created"},
3609 { 3, "The file existed and was truncated"},
3612 proto_tree *Search_tree;
3613 proto_tree *OpenFunction_tree;
3614 proto_tree *Flags_tree;
3615 proto_tree *File_tree;
3616 proto_tree *FileType_tree;
3617 proto_tree *FileAttributes_tree;
3618 proto_tree *DesiredAccess_tree;
3619 proto_tree *Action_tree;
3622 guint8 AndXReserved;
3623 guint8 AndXCommand = 0xFF;
3628 guint32 AllocatedSize;
3631 guint16 OpenFunction;
3632 guint16 LastWriteTime;
3633 guint16 LastWriteDate;
3634 guint16 GrantedAccess;
3637 guint16 FileAttributes;
3640 guint16 DeviceState;
3641 guint16 DesiredAccess;
3642 guint16 CreationTime;
3643 guint16 CreationDate;
3645 guint16 AndXOffset = 0;
3647 const char *FileName;
3649 if (dirn == 1) { /* Request(s) dissect code */
3651 /* Build display for: Word Count (WCT) */
3653 WordCount = GBYTE(pd, offset);
3657 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3661 offset += 1; /* Skip Word Count (WCT) */
3663 /* Build display for: AndXCommand */
3665 AndXCommand = GBYTE(pd, offset);
3669 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
3670 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
3674 offset += 1; /* Skip AndXCommand */
3676 /* Build display for: AndXReserved */
3678 AndXReserved = GBYTE(pd, offset);
3682 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
3686 offset += 1; /* Skip AndXReserved */
3688 /* Build display for: AndXOffset */
3690 AndXOffset = GSHORT(pd, offset);
3694 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
3698 offset += 2; /* Skip AndXOffset */
3700 /* Build display for: Flags */
3702 Flags = GSHORT(pd, offset);
3706 ti = proto_tree_add_text(tree, offset, 2, "Flags: 0x%02x", Flags);
3707 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
3708 proto_tree_add_text(Flags_tree, offset, 2, "%s",
3709 decode_boolean_bitfield(Flags, 0x01, 16, "Dont Return Additional Info", "Return Additional Info"));
3710 proto_tree_add_text(Flags_tree, offset, 2, "%s",
3711 decode_boolean_bitfield(Flags, 0x02, 16, "Exclusive OpLock not Requested", "Exclusive OpLock Requested"));
3712 proto_tree_add_text(Flags_tree, offset, 2, "%s",
3713 decode_boolean_bitfield(Flags, 0x04, 16, "Batch OpLock not Requested", "Batch OpLock Requested"));
3717 offset += 2; /* Skip Flags */
3719 /* Build display for: Desired Access */
3721 DesiredAccess = GSHORT(pd, offset);
3725 ti = proto_tree_add_text(tree, offset, 2, "Desired Access: 0x%02x", DesiredAccess);
3726 DesiredAccess_tree = proto_item_add_subtree(ti, ett_smb_desiredaccess);
3727 proto_tree_add_text(DesiredAccess_tree, offset, 2, "%s",
3728 decode_enumerated_bitfield(DesiredAccess, 0x07, 16, DesiredAccess_0x07, "%s"));
3729 proto_tree_add_text(DesiredAccess_tree, offset, 2, "%s",
3730 decode_enumerated_bitfield(DesiredAccess, 0x70, 16, DesiredAccess_0x70, "%s"));
3731 proto_tree_add_text(DesiredAccess_tree, offset, 2, "%s",
3732 decode_enumerated_bitfield(DesiredAccess, 0x700, 16, DesiredAccess_0x700, "%s"));
3733 proto_tree_add_text(DesiredAccess_tree, offset, 2, "%s",
3734 decode_enumerated_bitfield(DesiredAccess, 0x1000, 16, DesiredAccess_0x1000, "%s"));
3735 proto_tree_add_text(DesiredAccess_tree, offset, 2, "%s",
3736 decode_enumerated_bitfield(DesiredAccess, 0x4000, 16, DesiredAccess_0x4000, "%s"));
3740 offset += 2; /* Skip Desired Access */
3742 /* Build display for: Search */
3744 Search = GSHORT(pd, offset);
3748 ti = proto_tree_add_text(tree, offset, 2, "Search: 0x%02x", Search);
3749 Search_tree = proto_item_add_subtree(ti, ett_smb_search);
3750 proto_tree_add_text(Search_tree, offset, 2, "%s",
3751 decode_boolean_bitfield(Search, 0x01, 16, "Read only file", "Not a read only file"));
3752 proto_tree_add_text(Search_tree, offset, 2, "%s",
3753 decode_boolean_bitfield(Search, 0x02, 16, "Hidden file", "Not a hidden file"));
3754 proto_tree_add_text(Search_tree, offset, 2, "%s",
3755 decode_boolean_bitfield(Search, 0x04, 16, "System file", "Not a system file"));
3756 proto_tree_add_text(Search_tree, offset, 2, "%s",
3757 decode_boolean_bitfield(Search, 0x08, 16, " Volume", "Not a volume"));
3758 proto_tree_add_text(Search_tree, offset, 2, "%s",
3759 decode_boolean_bitfield(Search, 0x10, 16, " Directory", "Not a directory"));
3760 proto_tree_add_text(Search_tree, offset, 2, "%s",
3761 decode_boolean_bitfield(Search, 0x20, 16, "Archive file", "Do not archive file"));
3765 offset += 2; /* Skip Search */
3767 /* Build display for: File */
3769 File = GSHORT(pd, offset);
3773 ti = proto_tree_add_text(tree, offset, 2, "File: 0x%02x", File);
3774 File_tree = proto_item_add_subtree(ti, ett_smb_file);
3775 proto_tree_add_text(File_tree, offset, 2, "%s",
3776 decode_boolean_bitfield(File, 0x01, 16, "Read only file", "Not a read only file"));
3777 proto_tree_add_text(File_tree, offset, 2, "%s",
3778 decode_boolean_bitfield(File, 0x02, 16, "Hidden file", "Not a hidden file"));
3779 proto_tree_add_text(File_tree, offset, 2, "%s",
3780 decode_boolean_bitfield(File, 0x04, 16, "System file", "Not a system file"));
3781 proto_tree_add_text(File_tree, offset, 2, "%s",
3782 decode_boolean_bitfield(File, 0x08, 16, " Volume", "Not a volume"));
3783 proto_tree_add_text(File_tree, offset, 2, "%s",
3784 decode_boolean_bitfield(File, 0x10, 16, " Directory", "Not a directory"));
3785 proto_tree_add_text(File_tree, offset, 2, "%s",
3786 decode_boolean_bitfield(File, 0x20, 16, "Archive file", "Do not archive file"));
3790 offset += 2; /* Skip File */
3792 /* Build display for: Creation Time */
3794 CreationTime = GSHORT(pd, offset);
3801 offset += 2; /* Skip Creation Time */
3803 /* Build display for: Creation Date */
3805 CreationDate = GSHORT(pd, offset);
3809 proto_tree_add_text(tree, offset, 2, "Creation Date: %s", dissect_smbu_date(CreationDate, CreationTime));
3810 proto_tree_add_text(tree, offset, 2, "Creation Time: %s", dissect_smbu_time(CreationDate, CreationTime));
3814 offset += 2; /* Skip Creation Date */
3816 /* Build display for: Open Function */
3818 OpenFunction = GSHORT(pd, offset);
3822 ti = proto_tree_add_text(tree, offset, 2, "Open Function: 0x%02x", OpenFunction);
3823 OpenFunction_tree = proto_item_add_subtree(ti, ett_smb_openfunction);
3824 proto_tree_add_text(OpenFunction_tree, offset, 2, "%s",
3825 decode_enumerated_bitfield(OpenFunction, 0x10, 16, OpenFunction_0x10, "%s"));
3826 proto_tree_add_text(OpenFunction_tree, offset, 2, "%s",
3827 decode_enumerated_bitfield(OpenFunction, 0x03, 16, OpenFunction_0x03, "%s"));
3831 offset += 2; /* Skip Open Function */
3833 /* Build display for: Allocated Size */
3835 AllocatedSize = GWORD(pd, offset);
3839 proto_tree_add_text(tree, offset, 4, "Allocated Size: %u", AllocatedSize);
3843 offset += 4; /* Skip Allocated Size */
3845 /* Build display for: Reserved1 */
3847 Reserved1 = GWORD(pd, offset);
3851 proto_tree_add_text(tree, offset, 4, "Reserved1: %u", Reserved1);
3855 offset += 4; /* Skip Reserved1 */
3857 /* Build display for: Reserved2 */
3859 Reserved2 = GWORD(pd, offset);
3863 proto_tree_add_text(tree, offset, 4, "Reserved2: %u", Reserved2);
3867 offset += 4; /* Skip Reserved2 */
3869 /* Build display for: Byte Count */
3871 ByteCount = GSHORT(pd, offset);
3875 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
3879 offset += 2; /* Skip Byte Count */
3881 /* Build display for: File Name */
3883 FileName = pd + offset;
3887 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
3891 offset += strlen(FileName) + 1; /* Skip File Name */
3894 if (AndXCommand != 0xFF) {
3896 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
3902 if (dirn == 0) { /* Response(s) dissect code */
3904 /* Build display for: Word Count (WCT) */
3906 WordCount = GBYTE(pd, offset);
3910 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3914 offset += 1; /* Skip Word Count (WCT) */
3916 if (WordCount > 0) {
3918 /* Build display for: AndXCommand */
3920 AndXCommand = GBYTE(pd, offset);
3924 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
3925 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
3929 offset += 1; /* Skip AndXCommand */
3931 /* Build display for: AndXReserved */
3933 AndXReserved = GBYTE(pd, offset);
3937 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
3941 offset += 1; /* Skip AndXReserved */
3943 /* Build display for: AndXOffset */
3945 AndXOffset = GSHORT(pd, offset);
3949 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
3953 offset += 2; /* Skip AndXOffset */
3955 /* Build display for: FID */
3957 FID = GSHORT(pd, offset);
3961 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
3965 offset += 2; /* Skip FID */
3967 /* Build display for: FileAttributes */
3969 FileAttributes = GSHORT(pd, offset);
3973 ti = proto_tree_add_text(tree, offset, 2, "FileAttributes: 0x%02x", FileAttributes);
3974 FileAttributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
3975 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3976 decode_boolean_bitfield(FileAttributes, 0x01, 16, "Read only file", "Not a read only file"));
3977 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3978 decode_boolean_bitfield(FileAttributes, 0x02, 16, "Hidden file", "Not a hidden file"));
3979 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3980 decode_boolean_bitfield(FileAttributes, 0x04, 16, "System file", "Not a system file"));
3981 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3982 decode_boolean_bitfield(FileAttributes, 0x08, 16, " Volume", "Not a volume"));
3983 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3984 decode_boolean_bitfield(FileAttributes, 0x10, 16, " Directory", "Not a directory"));
3985 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3986 decode_boolean_bitfield(FileAttributes, 0x20, 16, "Archive file", "Do not archive file"));
3990 offset += 2; /* Skip FileAttributes */
3992 /* Build display for: Last Write Time */
3994 LastWriteTime = GSHORT(pd, offset);
4000 offset += 2; /* Skip Last Write Time */
4002 /* Build display for: Last Write Date */
4004 LastWriteDate = GSHORT(pd, offset);
4008 proto_tree_add_text(tree, offset, 2, "Last Write Date: %s", dissect_smbu_date(LastWriteDate, LastWriteTime));
4009 proto_tree_add_text(tree, offset, 2, "Last Write Time: %s", dissect_smbu_time(LastWriteDate, LastWriteTime));
4014 offset += 2; /* Skip Last Write Date */
4016 /* Build display for: Data Size */
4018 DataSize = GWORD(pd, offset);
4022 proto_tree_add_text(tree, offset, 4, "Data Size: %u", DataSize);
4026 offset += 4; /* Skip Data Size */
4028 /* Build display for: Granted Access */
4030 GrantedAccess = GSHORT(pd, offset);
4034 proto_tree_add_text(tree, offset, 2, "Granted Access: %u", GrantedAccess);
4038 offset += 2; /* Skip Granted Access */
4040 /* Build display for: File Type */
4042 FileType = GSHORT(pd, offset);
4046 ti = proto_tree_add_text(tree, offset, 2, "File Type: 0x%02x", FileType);
4047 FileType_tree = proto_item_add_subtree(ti, ett_smb_filetype);
4048 proto_tree_add_text(FileType_tree, offset, 2, "%s",
4049 decode_enumerated_bitfield(FileType, 0xFFFF, 16, FileType_0xFFFF, "%s"));
4053 offset += 2; /* Skip File Type */
4055 /* Build display for: Device State */
4057 DeviceState = GSHORT(pd, offset);
4061 proto_tree_add_text(tree, offset, 2, "Device State: %u", DeviceState);
4065 offset += 2; /* Skip Device State */
4067 /* Build display for: Action */
4069 Action = GSHORT(pd, offset);
4073 ti = proto_tree_add_text(tree, offset, 2, "Action: 0x%02x", Action);
4074 Action_tree = proto_item_add_subtree(ti, ett_smb_action);
4075 proto_tree_add_text(Action_tree, offset, 2, "%s",
4076 decode_enumerated_bitfield(Action, 0x8000, 16, Action_0x8000, "%s"));
4077 proto_tree_add_text(Action_tree, offset, 2, "%s",
4078 decode_enumerated_bitfield(Action, 0x0003, 16, Action_0x0003, "%s"));
4082 offset += 2; /* Skip Action */
4084 /* Build display for: Server FID */
4086 ServerFID = GWORD(pd, offset);
4090 proto_tree_add_text(tree, offset, 4, "Server FID: %u", ServerFID);
4094 offset += 4; /* Skip Server FID */
4096 /* Build display for: Reserved */
4098 Reserved = GSHORT(pd, offset);
4102 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
4106 offset += 2; /* Skip Reserved */
4110 /* Build display for: Byte Count */
4112 ByteCount = GSHORT(pd, offset);
4116 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
4120 offset += 2; /* Skip Byte Count */
4123 if (AndXCommand != 0xFF) {
4125 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
4134 dissect_write_raw_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4137 proto_tree *WriteMode_tree;
4153 if (dirn == 1) { /* Request(s) dissect code */
4155 WordCount = GBYTE(pd, offset);
4157 switch (WordCount) {
4161 /* Build display for: Word Count (WCT) */
4163 WordCount = GBYTE(pd, offset);
4167 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4171 offset += 1; /* Skip Word Count (WCT) */
4173 /* Build display for: FID */
4175 FID = GSHORT(pd, offset);
4179 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
4183 offset += 2; /* Skip FID */
4185 /* Build display for: Count */
4187 Count = GSHORT(pd, offset);
4191 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
4195 offset += 2; /* Skip Count */
4197 /* Build display for: Reserved 1 */
4199 Reserved1 = GSHORT(pd, offset);
4203 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
4207 offset += 2; /* Skip Reserved 1 */
4209 /* Build display for: Offset */
4211 Offset = GWORD(pd, offset);
4215 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
4219 offset += 4; /* Skip Offset */
4221 /* Build display for: Timeout */
4223 Timeout = GWORD(pd, offset);
4227 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
4231 offset += 4; /* Skip Timeout */
4233 /* Build display for: WriteMode */
4235 WriteMode = GSHORT(pd, offset);
4239 ti = proto_tree_add_text(tree, offset, 2, "WriteMode: 0x%02x", WriteMode);
4240 WriteMode_tree = proto_item_add_subtree(ti, ett_smb_writemode);
4241 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
4242 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
4243 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
4244 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining (pipe/dev)", "Dont return Remaining (pipe/dev)"));
4248 offset += 2; /* Skip WriteMode */
4250 /* Build display for: Reserved 2 */
4252 Reserved2 = GWORD(pd, offset);
4256 proto_tree_add_text(tree, offset, 4, "Reserved 2: %u", Reserved2);
4260 offset += 4; /* Skip Reserved 2 */
4262 /* Build display for: Data Length */
4264 DataLength = GSHORT(pd, offset);
4268 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
4272 offset += 2; /* Skip Data Length */
4274 /* Build display for: Data Offset */
4276 DataOffset = GSHORT(pd, offset);
4280 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
4284 offset += 2; /* Skip Data Offset */
4286 /* Build display for: Byte Count (BCC) */
4288 ByteCount = GSHORT(pd, offset);
4292 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4296 offset += 2; /* Skip Byte Count (BCC) */
4298 /* Build display for: Pad */
4300 Pad = GBYTE(pd, offset);
4304 proto_tree_add_text(tree, offset, 1, "Pad: %u", Pad);
4308 offset += 1; /* Skip Pad */
4314 /* Build display for: Word Count (WCT) */
4316 WordCount = GBYTE(pd, offset);
4320 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4324 offset += 1; /* Skip Word Count (WCT) */
4326 /* Build display for: FID */
4328 FID = GSHORT(pd, offset);
4332 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
4336 offset += 2; /* Skip FID */
4338 /* Build display for: Count */
4340 Count = GSHORT(pd, offset);
4344 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
4348 offset += 2; /* Skip Count */
4350 /* Build display for: Reserved 1 */
4352 Reserved1 = GSHORT(pd, offset);
4356 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
4360 offset += 2; /* Skip Reserved 1 */
4362 /* Build display for: Timeout */
4364 Timeout = GWORD(pd, offset);
4368 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
4372 offset += 4; /* Skip Timeout */
4374 /* Build display for: WriteMode */
4376 WriteMode = GSHORT(pd, offset);
4380 ti = proto_tree_add_text(tree, offset, 2, "WriteMode: 0x%02x", WriteMode);
4381 WriteMode_tree = proto_item_add_subtree(ti, ett_smb_writemode);
4382 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
4383 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
4384 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
4385 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining (pipe/dev)", "Dont return Remaining (pipe/dev)"));
4389 offset += 2; /* Skip WriteMode */
4391 /* Build display for: Reserved 2 */
4393 Reserved2 = GWORD(pd, offset);
4397 proto_tree_add_text(tree, offset, 4, "Reserved 2: %u", Reserved2);
4401 offset += 4; /* Skip Reserved 2 */
4403 /* Build display for: Data Length */
4405 DataLength = GSHORT(pd, offset);
4409 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
4413 offset += 2; /* Skip Data Length */
4415 /* Build display for: Data Offset */
4417 DataOffset = GSHORT(pd, offset);
4421 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
4425 offset += 2; /* Skip Data Offset */
4427 /* Build display for: Byte Count (BCC) */
4429 ByteCount = GSHORT(pd, offset);
4433 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4437 offset += 2; /* Skip Byte Count (BCC) */
4439 /* Build display for: Pad */
4441 Pad = GBYTE(pd, offset);
4445 proto_tree_add_text(tree, offset, 1, "Pad: %u", Pad);
4449 offset += 1; /* Skip Pad */
4457 if (dirn == 0) { /* Response(s) dissect code */
4459 /* Build display for: Word Count (WCT) */
4461 WordCount = GBYTE(pd, offset);
4465 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4469 offset += 1; /* Skip Word Count (WCT) */
4471 if (WordCount > 0) {
4473 /* Build display for: Remaining */
4475 Remaining = GSHORT(pd, offset);
4479 proto_tree_add_text(tree, offset, 2, "Remaining: %u", Remaining);
4483 offset += 2; /* Skip Remaining */
4487 /* Build display for: Byte Count */
4489 ByteCount = GSHORT(pd, offset);
4493 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
4497 offset += 2; /* Skip Byte Count */
4504 dissect_tdis_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4510 if (dirn == 1) { /* Request(s) dissect code */
4512 /* Build display for: Word Count (WCT) */
4514 WordCount = GBYTE(pd, offset);
4518 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4522 offset += 1; /* Skip Word Count (WCT) */
4524 /* Build display for: Byte Count (BCC) */
4526 ByteCount = GSHORT(pd, offset);
4530 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4534 offset += 2; /* Skip Byte Count (BCC) */
4538 if (dirn == 0) { /* Response(s) dissect code */
4540 /* Build display for: Word Count (WCT) */
4542 WordCount = GBYTE(pd, offset);
4546 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4550 offset += 1; /* Skip Word Count (WCT) */
4552 /* Build display for: Byte Count (BCC) */
4554 ByteCount = GSHORT(pd, offset);
4558 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4562 offset += 2; /* Skip Byte Count (BCC) */
4569 dissect_move_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4572 static const value_string Flags_0x03[] = {
4573 { 0, "Target must be a file"},
4574 { 1, "Target must be a directory"},
4577 { 4, "Verify all writes"},
4580 proto_tree *Flags_tree;
4583 guint8 ErrorFileFormat;
4585 guint16 OpenFunction;
4589 const char *ErrorFileName;
4591 if (dirn == 1) { /* Request(s) dissect code */
4593 /* Build display for: Word Count (WCT) */
4595 WordCount = GBYTE(pd, offset);
4599 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4603 offset += 1; /* Skip Word Count (WCT) */
4605 /* Build display for: TID2 */
4607 TID2 = GSHORT(pd, offset);
4611 proto_tree_add_text(tree, offset, 2, "TID2: %u", TID2);
4615 offset += 2; /* Skip TID2 */
4617 /* Build display for: Open Function */
4619 OpenFunction = GSHORT(pd, offset);
4623 proto_tree_add_text(tree, offset, 2, "Open Function: %u", OpenFunction);
4627 offset += 2; /* Skip Open Function */
4629 /* Build display for: Flags */
4631 Flags = GSHORT(pd, offset);
4635 ti = proto_tree_add_text(tree, offset, 2, "Flags: 0x%02x", Flags);
4636 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
4637 proto_tree_add_text(Flags_tree, offset, 2, "%s",
4638 decode_enumerated_bitfield(Flags, 0x03, 16, Flags_0x03, "%s"));
4642 offset += 2; /* Skip Flags */
4646 if (dirn == 0) { /* Response(s) dissect code */
4648 /* Build display for: Word Count (WCT) */
4650 WordCount = GBYTE(pd, offset);
4654 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4658 offset += 1; /* Skip Word Count (WCT) */
4660 if (WordCount > 0) {
4662 /* Build display for: Count */
4664 Count = GSHORT(pd, offset);
4668 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
4672 offset += 2; /* Skip Count */
4676 /* Build display for: Byte Count */
4678 ByteCount = GSHORT(pd, offset);
4682 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
4686 offset += 2; /* Skip Byte Count */
4688 /* Build display for: Error File Format */
4690 ErrorFileFormat = GBYTE(pd, offset);
4694 proto_tree_add_text(tree, offset, 1, "Error File Format: %u", ErrorFileFormat);
4698 offset += 1; /* Skip Error File Format */
4700 /* Build display for: Error File Name */
4702 ErrorFileName = pd + offset;
4706 proto_tree_add_text(tree, offset, strlen(ErrorFileName) + 1, "Error File Name: %s", ErrorFileName);
4710 offset += strlen(ErrorFileName) + 1; /* Skip Error File Name */
4717 dissect_rename_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4721 guint8 BufferFormat2;
4722 guint8 BufferFormat1;
4723 guint16 SearchAttributes;
4725 const char *OldFileName;
4726 const char *NewFileName;
4728 if (dirn == 1) { /* Request(s) dissect code */
4730 /* Build display for: Word Count (WCT) */
4732 WordCount = GBYTE(pd, offset);
4736 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4740 offset += 1; /* Skip Word Count (WCT) */
4742 /* Build display for: Search Attributes */
4744 SearchAttributes = GSHORT(pd, offset);
4748 proto_tree_add_text(tree, offset, 2, "Search Attributes: %u", SearchAttributes);
4752 offset += 2; /* Skip Search Attributes */
4754 /* Build display for: Byte Count */
4756 ByteCount = GSHORT(pd, offset);
4760 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
4764 offset += 2; /* Skip Byte Count */
4766 /* Build display for: Buffer Format 1 */
4768 BufferFormat1 = GBYTE(pd, offset);
4772 proto_tree_add_text(tree, offset, 1, "Buffer Format 1: %u", BufferFormat1);
4776 offset += 1; /* Skip Buffer Format 1 */
4778 /* Build display for: Old File Name */
4780 OldFileName = pd + offset;
4784 proto_tree_add_text(tree, offset, strlen(OldFileName) + 1, "Old File Name: %s", OldFileName);
4788 offset += strlen(OldFileName) + 1; /* Skip Old File Name */
4790 /* Build display for: Buffer Format 2 */
4792 BufferFormat2 = GBYTE(pd, offset);
4796 proto_tree_add_text(tree, offset, 1, "Buffer Format 2: %u", BufferFormat2);
4800 offset += 1; /* Skip Buffer Format 2 */
4802 /* Build display for: New File Name */
4804 NewFileName = pd + offset;
4808 proto_tree_add_text(tree, offset, strlen(NewFileName) + 1, "New File Name: %s", NewFileName);
4812 offset += strlen(NewFileName) + 1; /* Skip New File Name */
4816 if (dirn == 0) { /* Response(s) dissect code */
4818 /* Build display for: Word Count (WCT) */
4820 WordCount = GBYTE(pd, offset);
4824 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4828 offset += 1; /* Skip Word Count (WCT) */
4830 /* Build display for: Byte Count (BCC) */
4832 ByteCount = GSHORT(pd, offset);
4836 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4840 offset += 2; /* Skip Byte Count (BCC) */
4847 dissect_open_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4850 static const value_string Mode_0x03[] = {
4851 { 0, "Text mode (DOS expands TABs)"},
4852 { 1, "Graphics mode"},
4855 proto_tree *Mode_tree;
4858 guint8 BufferFormat;
4859 guint16 SetupLength;
4863 const char *IdentifierString;
4865 if (dirn == 1) { /* Request(s) dissect code */
4867 /* Build display for: Word Count (WCT) */
4869 WordCount = GBYTE(pd, offset);
4873 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4877 offset += 1; /* Skip Word Count (WCT) */
4879 /* Build display for: Setup Length */
4881 SetupLength = GSHORT(pd, offset);
4885 proto_tree_add_text(tree, offset, 2, "Setup Length: %u", SetupLength);
4889 offset += 2; /* Skip Setup Length */
4891 /* Build display for: Mode */
4893 Mode = GSHORT(pd, offset);
4897 ti = proto_tree_add_text(tree, offset, 2, "Mode: 0x%02x", Mode);
4898 Mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
4899 proto_tree_add_text(Mode_tree, offset, 2, "%s",
4900 decode_enumerated_bitfield(Mode, 0x03, 16, Mode_0x03, "%s"));
4904 offset += 2; /* Skip Mode */
4906 /* Build display for: Byte Count (BCC) */
4908 ByteCount = GSHORT(pd, offset);
4912 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4916 offset += 2; /* Skip Byte Count (BCC) */
4918 /* Build display for: Buffer Format */
4920 BufferFormat = GBYTE(pd, offset);
4924 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
4928 offset += 1; /* Skip Buffer Format */
4930 /* Build display for: Identifier String */
4932 IdentifierString = pd + offset;
4936 proto_tree_add_text(tree, offset, strlen(IdentifierString) + 1, "Identifier String: %s", IdentifierString);
4940 offset += strlen(IdentifierString) + 1; /* Skip Identifier String */
4944 if (dirn == 0) { /* Response(s) dissect code */
4946 /* Build display for: Word Count (WCT) */
4948 WordCount = GBYTE(pd, offset);
4952 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4956 offset += 1; /* Skip Word Count (WCT) */
4958 /* Build display for: FID */
4960 FID = GSHORT(pd, offset);
4964 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
4968 offset += 2; /* Skip FID */
4970 /* Build display for: Byte Count (BCC) */
4972 ByteCount = GSHORT(pd, offset);
4976 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4980 offset += 2; /* Skip Byte Count (BCC) */
4987 dissect_close_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4994 if (dirn == 1) { /* Request(s) dissect code */
4996 /* Build display for: Word Count (WCT) */
4998 WordCount = GBYTE(pd, offset);
5002 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5006 offset += 1; /* Skip Word Count (WCT) */
5008 /* Build display for: FID */
5010 FID = GSHORT(pd, offset);
5014 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5018 offset += 2; /* Skip FID */
5020 /* Build display for: Byte Count (BCC) */
5022 ByteCount = GSHORT(pd, offset);
5026 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5030 offset += 2; /* Skip Byte Count (BCC) */
5034 if (dirn == 0) { /* Response(s) dissect code */
5036 /* Build display for: Word Count */
5038 WordCount = GBYTE(pd, offset);
5042 proto_tree_add_text(tree, offset, 1, "Word Count: %u", WordCount);
5046 offset += 1; /* Skip Word Count */
5048 /* Build display for: Byte Count (BCC) */
5050 ByteCount = GSHORT(pd, offset);
5054 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5058 offset += 2; /* Skip Byte Count (BCC) */
5065 dissect_read_raw_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5078 if (dirn == 1) { /* Request(s) dissect code */
5080 WordCount = GBYTE(pd, offset);
5082 switch (WordCount) {
5086 /* Build display for: Word Count (WCT) */
5088 WordCount = GBYTE(pd, offset);
5092 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5096 offset += 1; /* Skip Word Count (WCT) */
5098 /* Build display for: FID */
5100 FID = GSHORT(pd, offset);
5104 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5108 offset += 2; /* Skip FID */
5110 /* Build display for: Offset */
5112 Offset = GWORD(pd, offset);
5116 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5120 offset += 4; /* Skip Offset */
5122 /* Build display for: Max Count */
5124 MaxCount = GSHORT(pd, offset);
5128 proto_tree_add_text(tree, offset, 2, "Max Count: %u", MaxCount);
5132 offset += 2; /* Skip Max Count */
5134 /* Build display for: Min Count */
5136 MinCount = GSHORT(pd, offset);
5140 proto_tree_add_text(tree, offset, 2, "Min Count: %u", MinCount);
5144 offset += 2; /* Skip Min Count */
5146 /* Build display for: Timeout */
5148 Timeout = GWORD(pd, offset);
5152 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
5156 offset += 4; /* Skip Timeout */
5158 /* Build display for: Reserved */
5160 Reserved = GSHORT(pd, offset);
5164 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
5168 offset += 2; /* Skip Reserved */
5170 /* Build display for: Byte Count (BCC) */
5172 ByteCount = GSHORT(pd, offset);
5176 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5180 offset += 2; /* Skip Byte Count (BCC) */
5186 /* Build display for: Word Count (WCT) */
5188 WordCount = GBYTE(pd, offset);
5192 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5196 offset += 1; /* Skip Word Count (WCT) */
5198 /* Build display for: FID */
5200 FID = GSHORT(pd, offset);
5204 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5208 offset += 2; /* Skip FID */
5210 /* Build display for: Offset */
5212 Offset = GWORD(pd, offset);
5216 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5220 offset += 4; /* Skip Offset */
5222 /* Build display for: Max Count */
5224 MaxCount = GSHORT(pd, offset);
5228 proto_tree_add_text(tree, offset, 2, "Max Count: %u", MaxCount);
5232 offset += 2; /* Skip Max Count */
5234 /* Build display for: Min Count */
5236 MinCount = GSHORT(pd, offset);
5240 proto_tree_add_text(tree, offset, 2, "Min Count: %u", MinCount);
5244 offset += 2; /* Skip Min Count */
5246 /* Build display for: Timeout */
5248 Timeout = GWORD(pd, offset);
5252 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
5256 offset += 4; /* Skip Timeout */
5258 /* Build display for: Reserved */
5260 Reserved = GSHORT(pd, offset);
5264 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
5268 offset += 2; /* Skip Reserved */
5270 /* Build display for: Offset High */
5272 OffsetHigh = GWORD(pd, offset);
5276 proto_tree_add_text(tree, offset, 4, "Offset High: %u", OffsetHigh);
5280 offset += 4; /* Skip Offset High */
5282 /* Build display for: Byte Count (BCC) */
5284 ByteCount = GSHORT(pd, offset);
5288 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5292 offset += 2; /* Skip Byte Count (BCC) */
5300 if (dirn == 0) { /* Response(s) dissect code */
5307 dissect_logoff_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5311 guint8 AndXReserved;
5312 guint8 AndXCommand = 0xFF;
5314 guint16 AndXOffset = 0;
5316 if (dirn == 1) { /* Request(s) dissect code */
5318 /* Build display for: Word Count (WCT) */
5320 WordCount = GBYTE(pd, offset);
5324 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5328 offset += 1; /* Skip Word Count (WCT) */
5330 /* Build display for: AndXCommand */
5332 AndXCommand = GBYTE(pd, offset);
5336 proto_tree_add_text(tree, offset, 1, "AndXCommand: %u", AndXCommand);
5340 offset += 1; /* Skip AndXCommand */
5342 /* Build display for: AndXReserved */
5344 AndXReserved = GBYTE(pd, offset);
5348 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
5352 offset += 1; /* Skip AndXReserved */
5354 /* Build display for: AndXOffset */
5356 AndXOffset = GSHORT(pd, offset);
5360 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
5364 offset += 2; /* Skip AndXOffset */
5366 /* Build display for: Byte Count (BCC) */
5368 ByteCount = GSHORT(pd, offset);
5372 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5376 offset += 2; /* Skip Byte Count (BCC) */
5379 if (AndXCommand != 0xFF) {
5381 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
5387 if (dirn == 0) { /* Response(s) dissect code */
5389 /* Build display for: Word Count (WCT) */
5391 WordCount = GBYTE(pd, offset);
5395 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5399 offset += 1; /* Skip Word Count (WCT) */
5401 /* Build display for: AndXCommand */
5403 AndXCommand = GBYTE(pd, offset);
5407 proto_tree_add_text(tree, offset, 1, "AndXCommand: %u", AndXCommand);
5411 offset += 1; /* Skip AndXCommand */
5413 /* Build display for: AndXReserved */
5415 AndXReserved = GBYTE(pd, offset);
5419 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
5423 offset += 1; /* Skip AndXReserved */
5425 /* Build display for: AndXOffset */
5427 AndXOffset = GSHORT(pd, offset);
5431 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
5435 offset += 2; /* Skip AndXOffset */
5437 /* Build display for: Byte Count (BCC) */
5439 ByteCount = GSHORT(pd, offset);
5443 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5447 offset += 2; /* Skip Byte Count (BCC) */
5450 if (AndXCommand != 0xFF) {
5452 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
5461 dissect_seek_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5464 static const value_string Mode_0x03[] = {
5465 { 0, "Seek from start of file"},
5466 { 1, "Seek from current position"},
5467 { 2, "Seek from end of file"},
5470 proto_tree *Mode_tree;
5478 if (dirn == 1) { /* Request(s) dissect code */
5480 /* Build display for: Word Count (WCT) */
5482 WordCount = GBYTE(pd, offset);
5486 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5490 offset += 1; /* Skip Word Count (WCT) */
5492 /* Build display for: FID */
5494 FID = GSHORT(pd, offset);
5498 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5502 offset += 2; /* Skip FID */
5504 /* Build display for: Mode */
5506 Mode = GSHORT(pd, offset);
5510 ti = proto_tree_add_text(tree, offset, 2, "Mode: 0x%02x", Mode);
5511 Mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
5512 proto_tree_add_text(Mode_tree, offset, 2, "%s",
5513 decode_enumerated_bitfield(Mode, 0x03, 16, Mode_0x03, "%s"));
5517 offset += 2; /* Skip Mode */
5519 /* Build display for: Offset */
5521 Offset = GWORD(pd, offset);
5525 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5529 offset += 4; /* Skip Offset */
5531 /* Build display for: Byte Count (BCC) */
5533 ByteCount = GSHORT(pd, offset);
5537 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5541 offset += 2; /* Skip Byte Count (BCC) */
5545 if (dirn == 0) { /* Response(s) dissect code */
5547 /* Build display for: Word Count (WCT) */
5549 WordCount = GBYTE(pd, offset);
5553 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5557 offset += 1; /* Skip Word Count (WCT) */
5559 /* Build display for: Offset */
5561 Offset = GWORD(pd, offset);
5565 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5569 offset += 4; /* Skip Offset */
5571 /* Build display for: Byte Count (BCC) */
5573 ByteCount = GSHORT(pd, offset);
5577 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5581 offset += 2; /* Skip Byte Count (BCC) */
5588 dissect_write_and_unlock_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5592 guint8 BufferFormat;
5600 if (dirn == 1) { /* Request(s) dissect code */
5602 /* Build display for: Word Count (WCT) */
5604 WordCount = GBYTE(pd, offset);
5608 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5612 offset += 1; /* Skip Word Count (WCT) */
5614 /* Build display for: FID */
5616 FID = GSHORT(pd, offset);
5620 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5624 offset += 2; /* Skip FID */
5626 /* Build display for: Count */
5628 Count = GSHORT(pd, offset);
5632 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
5636 offset += 2; /* Skip Count */
5638 /* Build display for: Offset */
5640 Offset = GWORD(pd, offset);
5644 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5648 offset += 4; /* Skip Offset */
5650 /* Build display for: Remaining */
5652 Remaining = GSHORT(pd, offset);
5656 proto_tree_add_text(tree, offset, 2, "Remaining: %u", Remaining);
5660 offset += 2; /* Skip Remaining */
5662 /* Build display for: Byte Count (BCC) */
5664 ByteCount = GSHORT(pd, offset);
5668 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5672 offset += 2; /* Skip Byte Count (BCC) */
5674 /* Build display for: Buffer Format */
5676 BufferFormat = GBYTE(pd, offset);
5680 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
5684 offset += 1; /* Skip Buffer Format */
5686 /* Build display for: Data Length */
5688 DataLength = GSHORT(pd, offset);
5692 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
5696 offset += 2; /* Skip Data Length */
5700 if (dirn == 0) { /* Response(s) dissect code */
5702 /* Build display for: Word Count (WCT) */
5704 WordCount = GBYTE(pd, offset);
5708 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5712 offset += 1; /* Skip Word Count (WCT) */
5714 /* Build display for: Count */
5716 Count = GSHORT(pd, offset);
5720 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
5724 offset += 2; /* Skip Count */
5726 /* Build display for: Byte Count (BCC) */
5728 ByteCount = GSHORT(pd, offset);
5732 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5736 offset += 2; /* Skip Byte Count (BCC) */
5743 dissect_set_info2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5747 guint16 LastWriteTime;
5748 guint16 LastWriteDate;
5749 guint16 LastAccessTime;
5750 guint16 LastAccessDate;
5752 guint16 CreationTime;
5753 guint16 CreationDate;
5756 if (dirn == 1) { /* Request(s) dissect code */
5758 /* Build display for: Word Count */
5760 WordCount = GBYTE(pd, offset);
5764 proto_tree_add_text(tree, offset, 1, "Word Count: %u", WordCount);
5768 offset += 1; /* Skip Word Count */
5770 /* Build display for: FID */
5772 FID = GSHORT(pd, offset);
5776 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5780 offset += 2; /* Skip FID */
5782 /* Build display for: Creation Date */
5784 CreationDate = GSHORT(pd, offset);
5788 proto_tree_add_text(tree, offset, 2, "Creation Date: %u", dissect_dos_date(CreationDate));
5792 offset += 2; /* Skip Creation Date */
5794 /* Build display for: Creation Time */
5796 CreationTime = GSHORT(pd, offset);
5800 proto_tree_add_text(tree, offset, 2, "Creation Time: %u", dissect_dos_time(CreationTime));
5804 offset += 2; /* Skip Creation Time */
5806 /* Build display for: Last Access Date */
5808 LastAccessDate = GSHORT(pd, offset);
5812 proto_tree_add_text(tree, offset, 2, "Last Access Date: %u", dissect_dos_date(LastAccessDate));
5816 offset += 2; /* Skip Last Access Date */
5818 /* Build display for: Last Access Time */
5820 LastAccessTime = GSHORT(pd, offset);
5824 proto_tree_add_text(tree, offset, 2, "Last Access Time: %u", dissect_dos_time(LastAccessTime));
5828 offset += 2; /* Skip Last Access Time */
5830 /* Build display for: Last Write Date */
5832 LastWriteDate = GSHORT(pd, offset);
5836 proto_tree_add_text(tree, offset, 2, "Last Write Date: %u", dissect_dos_date(LastWriteDate));
5840 offset += 2; /* Skip Last Write Date */
5842 /* Build display for: Last Write Time */
5844 LastWriteTime = GSHORT(pd, offset);
5848 proto_tree_add_text(tree, offset, 2, "Last Write Time: %u", dissect_dos_time(LastWriteTime));
5852 offset += 2; /* Skip Last Write Time */
5854 /* Build display for: Byte Count (BCC) */
5856 ByteCount = GSHORT(pd, offset);
5860 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5864 offset += 2; /* Skip Byte Count (BCC) */
5868 if (dirn == 0) { /* Response(s) dissect code */
5870 /* Build display for: Word Count (WCC) */
5872 WordCount = GBYTE(pd, offset);
5876 proto_tree_add_text(tree, offset, 1, "Word Count (WCC): %u", WordCount);
5880 offset += 1; /* Skip Word Count (WCC) */
5882 /* Build display for: Byte Count (BCC) */
5884 ByteCount = GSHORT(pd, offset);
5888 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5892 offset += 2; /* Skip Byte Count (BCC) */
5899 dissect_lock_bytes_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5908 if (dirn == 1) { /* Request(s) dissect code */
5910 /* Build display for: Word Count (WCT) */
5912 WordCount = GBYTE(pd, offset);
5916 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5920 offset += 1; /* Skip Word Count (WCT) */
5922 /* Build display for: FID */
5924 FID = GSHORT(pd, offset);
5928 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5932 offset += 2; /* Skip FID */
5934 /* Build display for: Count */
5936 Count = GWORD(pd, offset);
5940 proto_tree_add_text(tree, offset, 4, "Count: %u", Count);
5944 offset += 4; /* Skip Count */
5946 /* Build display for: Offset */
5948 Offset = GWORD(pd, offset);
5952 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5956 offset += 4; /* Skip Offset */
5958 /* Build display for: Byte Count (BCC) */
5960 ByteCount = GSHORT(pd, offset);
5964 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5968 offset += 2; /* Skip Byte Count (BCC) */
5972 if (dirn == 0) { /* Response(s) dissect code */
5974 /* Build display for: Word Count (WCT) */
5976 WordCount = GBYTE(pd, offset);
5980 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5984 offset += 1; /* Skip Word Count (WCT) */
5986 /* Build display for: Byte Count (BCC) */
5988 ByteCount = GSHORT(pd, offset);
5992 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5996 offset += 2; /* Skip Byte Count (BCC) */
6003 dissect_get_print_queue_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6007 guint8 BufferFormat;
6009 guint16 RestartIndex;
6015 if (dirn == 1) { /* Request(s) dissect code */
6017 /* Build display for: Word Count */
6019 WordCount = GBYTE(pd, offset);
6023 proto_tree_add_text(tree, offset, 1, "Word Count: %u", WordCount);
6027 offset += 1; /* Skip Word Count */
6029 /* Build display for: Max Count */
6031 MaxCount = GSHORT(pd, offset);
6035 proto_tree_add_text(tree, offset, 2, "Max Count: %u", MaxCount);
6039 offset += 2; /* Skip Max Count */
6041 /* Build display for: Start Index */
6043 StartIndex = GSHORT(pd, offset);
6047 proto_tree_add_text(tree, offset, 2, "Start Index: %u", StartIndex);
6051 offset += 2; /* Skip Start Index */
6053 /* Build display for: Byte Count (BCC) */
6055 ByteCount = GSHORT(pd, offset);
6059 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6063 offset += 2; /* Skip Byte Count (BCC) */
6067 if (dirn == 0) { /* Response(s) dissect code */
6069 /* Build display for: Word Count (WCT) */
6071 WordCount = GBYTE(pd, offset);
6075 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6079 offset += 1; /* Skip Word Count (WCT) */
6081 if (WordCount > 0) {
6083 /* Build display for: Count */
6085 Count = GSHORT(pd, offset);
6089 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
6093 offset += 2; /* Skip Count */
6095 /* Build display for: Restart Index */
6097 RestartIndex = GSHORT(pd, offset);
6101 proto_tree_add_text(tree, offset, 2, "Restart Index: %u", RestartIndex);
6105 offset += 2; /* Skip Restart Index */
6107 /* Build display for: Byte Count (BCC) */
6111 ByteCount = GSHORT(pd, offset);
6115 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6119 offset += 2; /* Skip Byte Count (BCC) */
6121 /* Build display for: Buffer Format */
6123 BufferFormat = GBYTE(pd, offset);
6127 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
6131 offset += 1; /* Skip Buffer Format */
6133 /* Build display for: Data Length */
6135 DataLength = GSHORT(pd, offset);
6139 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
6143 offset += 2; /* Skip Data Length */
6150 dissect_locking_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6153 proto_tree *LockType_tree;
6158 guint8 AndXReserved;
6159 guint8 AndXCommand = 0xFF;
6161 guint16 NumberofLocks;
6162 guint16 NumberOfUnlocks;
6166 guint16 AndXOffset = 0;
6168 if (dirn == 1) { /* Request(s) dissect code */
6170 /* Build display for: Word Count (WCT) */
6172 WordCount = GBYTE(pd, offset);
6176 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6180 offset += 1; /* Skip Word Count (WCT) */
6182 /* Build display for: AndXCommand */
6184 AndXCommand = GBYTE(pd, offset);
6188 proto_tree_add_text(tree, offset, 1, "AndXCommand: %u", AndXCommand);
6192 offset += 1; /* Skip AndXCommand */
6194 /* Build display for: AndXReserved */
6196 AndXReserved = GBYTE(pd, offset);
6200 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
6204 offset += 1; /* Skip AndXReserved */
6206 /* Build display for: AndXOffset */
6208 AndXOffset = GSHORT(pd, offset);
6212 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
6216 offset += 2; /* Skip AndXOffset */
6218 /* Build display for: FID */
6220 FID = GSHORT(pd, offset);
6224 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
6228 offset += 2; /* Skip FID */
6230 /* Build display for: Lock Type */
6232 LockType = GBYTE(pd, offset);
6236 ti = proto_tree_add_text(tree, offset, 1, "Lock Type: 0x%01x", LockType);
6237 LockType_tree = proto_item_add_subtree(ti, ett_smb_lock_type);
6238 proto_tree_add_text(LockType_tree, offset, 1, "%s",
6239 decode_boolean_bitfield(LockType, 0x01, 16, "Read-only lock", "Not a Read-only lock"));
6240 proto_tree_add_text(LockType_tree, offset, 1, "%s",
6241 decode_boolean_bitfield(LockType, 0x02, 16, "Oplock break notification", "Not an Oplock break notification"));
6242 proto_tree_add_text(LockType_tree, offset, 1, "%s",
6243 decode_boolean_bitfield(LockType, 0x04, 16, "Change lock type", "Not a lock type change"));
6244 proto_tree_add_text(LockType_tree, offset, 1, "%s",
6245 decode_boolean_bitfield(LockType, 0x08, 16, "Cancel outstanding request", "Dont cancel outstanding request"));
6246 proto_tree_add_text(LockType_tree, offset, 1, "%s",
6247 decode_boolean_bitfield(LockType, 0x10, 16, "Large file locking format", "Not a large file locking format"));
6251 offset += 1; /* Skip Lock Type */
6253 /* Build display for: OplockLevel */
6255 OplockLevel = GBYTE(pd, offset);
6259 proto_tree_add_text(tree, offset, 1, "OplockLevel: %u", OplockLevel);
6263 offset += 1; /* Skip OplockLevel */
6265 /* Build display for: Timeout */
6267 Timeout = GWORD(pd, offset);
6271 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
6275 offset += 4; /* Skip Timeout */
6277 /* Build display for: Number Of Unlocks */
6279 NumberOfUnlocks = GSHORT(pd, offset);
6283 proto_tree_add_text(tree, offset, 2, "Number Of Unlocks: %u", NumberOfUnlocks);
6287 offset += 2; /* Skip Number Of Unlocks */
6289 /* Build display for: Number of Locks */
6291 NumberofLocks = GSHORT(pd, offset);
6295 proto_tree_add_text(tree, offset, 2, "Number of Locks: %u", NumberofLocks);
6299 offset += 2; /* Skip Number of Locks */
6301 /* Build display for: Byte Count (BCC) */
6303 ByteCount = GSHORT(pd, offset);
6307 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6311 offset += 2; /* Skip Byte Count (BCC) */
6314 if (AndXCommand != 0xFF) {
6316 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
6322 if (dirn == 0) { /* Response(s) dissect code */
6324 /* Build display for: Word Count (WCT) */
6326 WordCount = GBYTE(pd, offset);
6330 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6334 offset += 1; /* Skip Word Count (WCT) */
6336 if (WordCount > 0) {
6338 /* Build display for: AndXCommand */
6340 AndXCommand = GBYTE(pd, offset);
6344 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
6345 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
6349 offset += 1; /* Skip AndXCommand */
6351 /* Build display for: AndXReserved */
6353 AndXReserved = GBYTE(pd, offset);
6357 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
6361 offset += 1; /* Skip AndXReserved */
6363 /* Build display for: AndXoffset */
6365 AndXoffset = GSHORT(pd, offset);
6369 proto_tree_add_text(tree, offset, 2, "AndXoffset: %u", AndXoffset);
6373 offset += 2; /* Skip AndXoffset */
6377 /* Build display for: Byte Count */
6379 ByteCount = GSHORT(pd, offset);
6383 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
6387 offset += 2; /* Skip Byte Count */
6390 if (AndXCommand != 0xFF) {
6392 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
6401 dissect_unlock_bytes_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6410 if (dirn == 1) { /* Request(s) dissect code */
6412 /* Build display for: Word Count (WCT) */
6414 WordCount = GBYTE(pd, offset);
6418 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6422 offset += 1; /* Skip Word Count (WCT) */
6424 /* Build display for: FID */
6426 FID = GSHORT(pd, offset);
6430 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
6434 offset += 2; /* Skip FID */
6436 /* Build display for: Count */
6438 Count = GWORD(pd, offset);
6442 proto_tree_add_text(tree, offset, 4, "Count: %u", Count);
6446 offset += 4; /* Skip Count */
6448 /* Build display for: Offset */
6450 Offset = GWORD(pd, offset);
6454 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
6458 offset += 4; /* Skip Offset */
6460 /* Build display for: Byte Count (BCC) */
6462 ByteCount = GSHORT(pd, offset);
6466 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6470 offset += 2; /* Skip Byte Count (BCC) */
6474 if (dirn == 0) { /* Response(s) dissect code */
6476 /* Build display for: Word Count (WCT) */
6478 WordCount = GBYTE(pd, offset);
6482 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6486 offset += 1; /* Skip Word Count (WCT) */
6488 /* Build display for: Byte Count (BCC) */
6490 ByteCount = GSHORT(pd, offset);
6494 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6498 offset += 2; /* Skip Byte Count (BCC) */
6505 dissect_create_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6508 proto_tree *Attributes_tree;
6511 guint8 BufferFormat;
6513 guint16 CreationTime;
6516 const char *FileName;
6518 if (dirn == 1) { /* Request(s) dissect code */
6520 /* Build display for: Word Count (WCT) */
6522 WordCount = GBYTE(pd, offset);
6526 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6530 offset += 1; /* Skip Word Count (WCT) */
6532 /* Build display for: Attributes */
6534 Attributes = GSHORT(pd, offset);
6538 ti = proto_tree_add_text(tree, offset, 2, "Attributes: 0x%02x", Attributes);
6539 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
6540 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6541 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
6542 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6543 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
6544 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6545 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
6546 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6547 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
6548 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6549 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
6550 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6551 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
6555 offset += 2; /* Skip Attributes */
6557 /* Build display for: Creation Time */
6559 CreationTime = GSHORT(pd, offset);
6563 proto_tree_add_text(tree, offset, 2, "Creation Time: %u", dissect_dos_time(CreationTime));
6567 offset += 2; /* Skip Creation Time */
6569 /* Build display for: Byte Count (BCC) */
6571 ByteCount = GSHORT(pd, offset);
6575 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6579 offset += 2; /* Skip Byte Count (BCC) */
6581 /* Build display for: Buffer Format */
6583 BufferFormat = GBYTE(pd, offset);
6587 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
6591 offset += 1; /* Skip Buffer Format */
6593 /* Build display for: File Name */
6595 FileName = pd + offset;
6599 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
6603 offset += strlen(FileName) + 1; /* Skip File Name */
6607 if (dirn == 0) { /* Response(s) dissect code */
6609 /* Build display for: Word Count (WCT) */
6611 WordCount = GBYTE(pd, offset);
6615 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6619 offset += 1; /* Skip Word Count (WCT) */
6621 if (WordCount > 0) {
6623 /* Build display for: FID */
6625 FID = GSHORT(pd, offset);
6629 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
6633 offset += 2; /* Skip FID */
6637 /* Build display for: Byte Count (BCC) */
6639 ByteCount = GSHORT(pd, offset);
6643 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6647 offset += 2; /* Skip Byte Count (BCC) */
6654 dissect_search_dir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6658 guint8 BufferFormat2;
6659 guint8 BufferFormat1;
6660 guint8 BufferFormat;
6661 guint16 SearchAttributes;
6662 guint16 ResumeKeyLength;
6667 const char *FileName;
6669 if (dirn == 1) { /* Request(s) dissect code */
6671 /* Build display for: Word Count (WCT) */
6673 WordCount = GBYTE(pd, offset);
6677 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6681 offset += 1; /* Skip Word Count (WCT) */
6683 /* Build display for: Max Count */
6685 MaxCount = GSHORT(pd, offset);
6689 proto_tree_add_text(tree, offset, 2, "Max Count: %u", MaxCount);
6693 offset += 2; /* Skip Max Count */
6695 /* Build display for: Search Attributes */
6697 SearchAttributes = GSHORT(pd, offset);
6701 proto_tree_add_text(tree, offset, 2, "Search Attributes: %u", SearchAttributes);
6705 offset += 2; /* Skip Search Attributes */
6707 /* Build display for: Byte Count (BCC) */
6709 ByteCount = GSHORT(pd, offset);
6713 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6717 offset += 2; /* Skip Byte Count (BCC) */
6719 /* Build display for: Buffer Format 1 */
6721 BufferFormat1 = GBYTE(pd, offset);
6725 proto_tree_add_text(tree, offset, 1, "Buffer Format 1: %u", BufferFormat1);
6729 offset += 1; /* Skip Buffer Format 1 */
6731 /* Build display for: File Name */
6733 FileName = pd + offset;
6737 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
6741 offset += strlen(FileName) + 1; /* Skip File Name */
6743 /* Build display for: Buffer Format 2 */
6745 BufferFormat2 = GBYTE(pd, offset);
6749 proto_tree_add_text(tree, offset, 1, "Buffer Format 2: %u", BufferFormat2);
6753 offset += 1; /* Skip Buffer Format 2 */
6755 /* Build display for: Resume Key Length */
6757 ResumeKeyLength = GSHORT(pd, offset);
6761 proto_tree_add_text(tree, offset, 2, "Resume Key Length: %u", ResumeKeyLength);
6765 offset += 2; /* Skip Resume Key Length */
6769 if (dirn == 0) { /* Response(s) dissect code */
6771 /* Build display for: Word Count (WCT) */
6773 WordCount = GBYTE(pd, offset);
6777 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6781 offset += 1; /* Skip Word Count (WCT) */
6783 if (WordCount > 0) {
6785 /* Build display for: Count */
6787 Count = GSHORT(pd, offset);
6791 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
6795 offset += 2; /* Skip Count */
6799 /* Build display for: Byte Count (BCC) */
6801 ByteCount = GSHORT(pd, offset);
6805 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6809 offset += 2; /* Skip Byte Count (BCC) */
6811 /* Build display for: Buffer Format */
6813 BufferFormat = GBYTE(pd, offset);
6817 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
6821 offset += 1; /* Skip Buffer Format */
6823 /* Build display for: Data Length */
6825 DataLength = GSHORT(pd, offset);
6829 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
6833 offset += 2; /* Skip Data Length */
6840 dissect_create_temporary_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6844 guint8 BufferFormat;
6847 guint16 CreationTime;
6848 guint16 CreationDate;
6850 const char *FileName;
6851 const char *DirectoryName;
6853 if (dirn == 1) { /* Request(s) dissect code */
6855 /* Build display for: Word Count (WCT) */
6857 WordCount = GBYTE(pd, offset);
6861 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6865 offset += 1; /* Skip Word Count (WCT) */
6867 /* Build display for: Reserved */
6869 Reserved = GSHORT(pd, offset);
6873 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
6877 offset += 2; /* Skip Reserved */
6879 /* Build display for: Creation Time */
6881 CreationTime = GSHORT(pd, offset);
6885 proto_tree_add_text(tree, offset, 2, "Creation Time: %u", dissect_dos_time(CreationTime));
6889 offset += 2; /* Skip Creation Time */
6891 /* Build display for: Creation Date */
6893 CreationDate = GSHORT(pd, offset);
6897 proto_tree_add_text(tree, offset, 2, "Creation Date: %u", dissect_dos_date(CreationDate));
6901 offset += 2; /* Skip Creation Date */
6903 /* Build display for: Byte Count (BCC) */
6905 ByteCount = GSHORT(pd, offset);
6909 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6913 offset += 2; /* Skip Byte Count (BCC) */
6915 /* Build display for: Buffer Format */
6917 BufferFormat = GBYTE(pd, offset);
6921 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
6925 offset += 1; /* Skip Buffer Format */
6927 /* Build display for: Directory Name */
6929 DirectoryName = pd + offset;
6933 proto_tree_add_text(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
6937 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
6941 if (dirn == 0) { /* Response(s) dissect code */
6943 /* Build display for: Word Count (WCT) */
6945 WordCount = GBYTE(pd, offset);
6949 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6953 offset += 1; /* Skip Word Count (WCT) */
6955 if (WordCount > 0) {
6957 /* Build display for: FID */
6959 FID = GSHORT(pd, offset);
6963 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
6967 offset += 2; /* Skip FID */
6971 /* Build display for: Byte Count (BCC) */
6973 ByteCount = GSHORT(pd, offset);
6977 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6981 offset += 2; /* Skip Byte Count (BCC) */
6983 /* Build display for: Buffer Format */
6985 BufferFormat = GBYTE(pd, offset);
6989 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
6993 offset += 1; /* Skip Buffer Format */
6995 /* Build display for: File Name */
6997 FileName = pd + offset;
7001 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
7005 offset += strlen(FileName) + 1; /* Skip File Name */
7012 dissect_close_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7016 guint16 LastWriteTime;
7017 guint16 LastWriteDate;
7021 if (dirn == 1) { /* Request(s) dissect code */
7023 /* Build display for: Word Count (WCT) */
7025 WordCount = GBYTE(pd, offset);
7029 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7033 offset += 1; /* Skip Word Count (WCT) */
7035 /* Build display for: FID */
7037 FID = GSHORT(pd, offset);
7041 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
7045 offset += 2; /* Skip FID */
7047 /* Build display for: Last Write Time */
7049 LastWriteTime = GSHORT(pd, offset);
7053 proto_tree_add_text(tree, offset, 2, "Last Write Time: %u", dissect_dos_time(LastWriteTime));
7057 offset += 2; /* Skip Last Write Time */
7059 /* Build display for: Last Write Date */
7061 LastWriteDate = GSHORT(pd, offset);
7065 proto_tree_add_text(tree, offset, 2, "Last Write Date: %u", dissect_dos_date(LastWriteDate));
7069 offset += 2; /* Skip Last Write Date */
7071 /* Build display for: Byte Count (BCC) */
7073 ByteCount = GSHORT(pd, offset);
7077 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7081 offset += 2; /* Skip Byte Count (BCC) */
7085 if (dirn == 0) { /* Response(s) dissect code */
7087 /* Build display for: Word Count (WCT) */
7089 WordCount = GBYTE(pd, offset);
7093 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7097 offset += 1; /* Skip Word Count (WCT) */
7099 /* Build display for: Byte Count (BCC) */
7101 ByteCount = GSHORT(pd, offset);
7105 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7109 offset += 2; /* Skip Byte Count (BCC) */
7116 dissect_write_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7120 guint8 BufferFormat;
7125 if (dirn == 1) { /* Request(s) dissect code */
7127 /* Build display for: Word Count (WCT) */
7129 WordCount = GBYTE(pd, offset);
7133 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7137 offset += 1; /* Skip Word Count (WCT) */
7139 /* Build display for: FID */
7141 FID = GSHORT(pd, offset);
7145 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
7149 offset += 2; /* Skip FID */
7151 /* Build display for: Byte Count (BCC) */
7153 ByteCount = GSHORT(pd, offset);
7157 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7161 offset += 2; /* Skip Byte Count (BCC) */
7163 /* Build display for: Buffer Format */
7165 BufferFormat = GBYTE(pd, offset);
7169 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
7173 offset += 1; /* Skip Buffer Format */
7175 /* Build display for: Data Length */
7177 DataLength = GSHORT(pd, offset);
7181 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
7185 offset += 2; /* Skip Data Length */
7189 if (dirn == 0) { /* Response(s) dissect code */
7191 /* Build display for: Word Count (WCT) */
7193 WordCount = GBYTE(pd, offset);
7197 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7201 offset += 1; /* Skip Word Count (WCT) */
7203 /* Build display for: Byte Count (BCC) */
7205 ByteCount = GSHORT(pd, offset);
7209 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7213 offset += 2; /* Skip Byte Count (BCC) */
7220 dissect_lock_and_read_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7224 guint8 BufferFormat;
7236 if (dirn == 1) { /* Request(s) dissect code */
7238 /* Build display for: Word Count (WCT) */
7240 WordCount = GBYTE(pd, offset);
7244 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7248 offset += 1; /* Skip Word Count (WCT) */
7250 /* Build display for: FID */
7252 FID = GSHORT(pd, offset);
7256 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
7260 offset += 2; /* Skip FID */
7262 /* Build display for: Count */
7264 Count = GSHORT(pd, offset);
7268 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
7272 offset += 2; /* Skip Count */
7274 /* Build display for: Offset */
7276 Offset = GWORD(pd, offset);
7280 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
7284 offset += 4; /* Skip Offset */
7286 /* Build display for: Remaining */
7288 Remaining = GSHORT(pd, offset);
7292 proto_tree_add_text(tree, offset, 2, "Remaining: %u", Remaining);
7296 offset += 2; /* Skip Remaining */
7298 /* Build display for: Byte Count (BCC) */
7300 ByteCount = GSHORT(pd, offset);
7304 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7308 offset += 2; /* Skip Byte Count (BCC) */
7312 if (dirn == 0) { /* Response(s) dissect code */
7314 /* Build display for: Word Count (WCT) */
7316 WordCount = GBYTE(pd, offset);
7320 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7324 offset += 1; /* Skip Word Count (WCT) */
7326 if (WordCount > 0) {
7328 /* Build display for: Count */
7330 Count = GSHORT(pd, offset);
7334 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
7338 offset += 2; /* Skip Count */
7340 /* Build display for: Reserved 1 */
7342 Reserved1 = GSHORT(pd, offset);
7346 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
7350 offset += 2; /* Skip Reserved 1 */
7352 /* Build display for: Reserved 2 */
7354 Reserved2 = GSHORT(pd, offset);
7358 proto_tree_add_text(tree, offset, 2, "Reserved 2: %u", Reserved2);
7362 offset += 2; /* Skip Reserved 2 */
7364 /* Build display for: Reserved 3 */
7366 Reserved3 = GSHORT(pd, offset);
7370 proto_tree_add_text(tree, offset, 2, "Reserved 3: %u", Reserved3);
7374 offset += 2; /* Skip Reserved 3 */
7376 /* Build display for: Reserved 4 */
7378 Reserved4 = GSHORT(pd, offset);
7382 proto_tree_add_text(tree, offset, 2, "Reserved 4: %u", Reserved4);
7386 offset += 2; /* Skip Reserved 4 */
7388 /* Build display for: Byte Count (BCC) */
7390 ByteCount = GSHORT(pd, offset);
7394 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7400 offset += 2; /* Skip Byte Count (BCC) */
7402 /* Build display for: Buffer Format */
7404 BufferFormat = GBYTE(pd, offset);
7408 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
7412 offset += 1; /* Skip Buffer Format */
7414 /* Build display for: Data Length */
7416 DataLength = GSHORT(pd, offset);
7420 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
7424 offset += 2; /* Skip Data Length */
7431 dissect_process_exit_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7437 if (dirn == 1) { /* Request(s) dissect code */
7439 /* Build display for: Word Count (WCT) */
7441 WordCount = GBYTE(pd, offset);
7445 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7449 offset += 1; /* Skip Word Count (WCT) */
7451 /* Build display for: Byte Count (BCC) */
7453 ByteCount = GSHORT(pd, offset);
7457 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7461 offset += 2; /* Skip Byte Count (BCC) */
7465 if (dirn == 0) { /* Response(s) dissect code */
7467 /* Build display for: Word Count (WCT) */
7469 WordCount = GBYTE(pd, offset);
7473 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7477 offset += 1; /* Skip Word Count (WCT) */
7479 /* Build display for: Byte Count (BCC) */
7481 ByteCount = GSHORT(pd, offset);
7485 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7489 offset += 2; /* Skip Byte Count (BCC) */
7496 dissect_get_file_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7499 proto_tree *Attributes_tree;
7502 guint8 BufferFormat;
7509 guint16 LastWriteTime;
7510 guint16 LastWriteDate;
7513 const char *FileName;
7515 if (dirn == 1) { /* Request(s) dissect code */
7517 /* Build display for: Word Count (WCT) */
7519 WordCount = GBYTE(pd, offset);
7523 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7527 offset += 1; /* Skip Word Count (WCT) */
7529 /* Build display for: Byte Count (BCC) */
7531 ByteCount = GSHORT(pd, offset);
7535 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7539 offset += 2; /* Skip Byte Count (BCC) */
7541 /* Build display for: Buffer Format */
7543 BufferFormat = GBYTE(pd, offset);
7547 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
7551 offset += 1; /* Skip Buffer Format */
7553 /* Build display for: File Name */
7555 FileName = pd + offset;
7559 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
7563 offset += strlen(FileName) + 1; /* Skip File Name */
7567 if (dirn == 0) { /* Response(s) dissect code */
7569 /* Build display for: Word Count (WCT) */
7571 WordCount = GBYTE(pd, offset);
7575 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7579 offset += 1; /* Skip Word Count (WCT) */
7581 if (WordCount > 0) {
7583 /* Build display for: Attributes */
7585 Attributes = GSHORT(pd, offset);
7589 ti = proto_tree_add_text(tree, offset, 2, "Attributes: 0x%02x", Attributes);
7590 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
7591 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7592 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
7593 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7594 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
7595 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7596 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
7597 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7598 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
7599 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7600 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
7601 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7602 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
7606 offset += 2; /* Skip Attributes */
7608 /* Build display for: Last Write Time */
7610 LastWriteTime = GSHORT(pd, offset);
7616 offset += 2; /* Skip Last Write Time */
7618 /* Build display for: Last Write Date */
7620 LastWriteDate = GSHORT(pd, offset);
7624 proto_tree_add_text(tree, offset, 2, "Last Write Date: %s", dissect_smbu_date(LastWriteDate, LastWriteTime));
7626 proto_tree_add_text(tree, offset, 2, "Last Write Time: %s", dissect_smbu_time(LastWriteDate, LastWriteTime));
7630 offset += 2; /* Skip Last Write Date */
7632 /* Build display for: File Size */
7634 FileSize = GWORD(pd, offset);
7638 proto_tree_add_text(tree, offset, 4, "File Size: %u", FileSize);
7642 offset += 4; /* Skip File Size */
7644 /* Build display for: Reserved 1 */
7646 Reserved1 = GSHORT(pd, offset);
7650 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
7654 offset += 2; /* Skip Reserved 1 */
7656 /* Build display for: Reserved 2 */
7658 Reserved2 = GSHORT(pd, offset);
7662 proto_tree_add_text(tree, offset, 2, "Reserved 2: %u", Reserved2);
7666 offset += 2; /* Skip Reserved 2 */
7668 /* Build display for: Reserved 3 */
7670 Reserved3 = GSHORT(pd, offset);
7674 proto_tree_add_text(tree, offset, 2, "Reserved 3: %u", Reserved3);
7678 offset += 2; /* Skip Reserved 3 */
7680 /* Build display for: Reserved 4 */
7682 Reserved4 = GSHORT(pd, offset);
7686 proto_tree_add_text(tree, offset, 2, "Reserved 4: %u", Reserved4);
7690 offset += 2; /* Skip Reserved 4 */
7692 /* Build display for: Reserved 5 */
7694 Reserved5 = GSHORT(pd, offset);
7698 proto_tree_add_text(tree, offset, 2, "Reserved 5: %u", Reserved5);
7702 offset += 2; /* Skip Reserved 5 */
7706 /* Build display for: Byte Count (BCC) */
7708 ByteCount = GSHORT(pd, offset);
7712 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7716 offset += 2; /* Skip Byte Count (BCC) */
7723 dissect_read_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7737 guint16 BufferFormat;
7739 if (dirn == 1) { /* Request(s) dissect code */
7741 /* Build display for: Word Count (WCT) */
7743 WordCount = GBYTE(pd, offset);
7747 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7751 offset += 1; /* Skip Word Count (WCT) */
7753 /* Build display for: FID */
7755 FID = GSHORT(pd, offset);
7759 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
7763 offset += 2; /* Skip FID */
7765 /* Build display for: Count */
7767 Count = GSHORT(pd, offset);
7771 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
7775 offset += 2; /* Skip Count */
7777 /* Build display for: Offset */
7779 Offset = GWORD(pd, offset);
7783 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
7787 offset += 4; /* Skip Offset */
7789 /* Build display for: Remaining */
7791 Remaining = GSHORT(pd, offset);
7795 proto_tree_add_text(tree, offset, 2, "Remaining: %u", Remaining);
7799 offset += 2; /* Skip Remaining */
7801 /* Build display for: Byte Count (BCC) */
7803 ByteCount = GSHORT(pd, offset);
7807 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7811 offset += 2; /* Skip Byte Count (BCC) */
7815 if (dirn == 0) { /* Response(s) dissect code */
7817 /* Build display for: Word Count (WCT) */
7819 WordCount = GBYTE(pd, offset);
7823 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7827 offset += 1; /* Skip Word Count (WCT) */
7829 if (WordCount > 0) {
7831 /* Build display for: Count */
7833 Count = GSHORT(pd, offset);
7837 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
7841 offset += 2; /* Skip Count */
7843 /* Build display for: Reserved 1 */
7845 Reserved1 = GSHORT(pd, offset);
7849 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
7853 offset += 2; /* Skip Reserved 1 */
7855 /* Build display for: Reserved 2 */
7857 Reserved2 = GSHORT(pd, offset);
7861 proto_tree_add_text(tree, offset, 2, "Reserved 2: %u", Reserved2);
7865 offset += 2; /* Skip Reserved 2 */
7867 /* Build display for: Reserved 3 */
7869 Reserved3 = GSHORT(pd, offset);
7873 proto_tree_add_text(tree, offset, 2, "Reserved 3: %u", Reserved3);
7877 offset += 2; /* Skip Reserved 3 */
7879 /* Build display for: Reserved 4 */
7881 Reserved4 = GSHORT(pd, offset);
7885 proto_tree_add_text(tree, offset, 2, "Reserved 4: %u", Reserved4);
7889 offset += 2; /* Skip Reserved 4 */
7893 /* Build display for: Byte Count (BCC) */
7895 ByteCount = GSHORT(pd, offset);
7899 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7903 offset += 2; /* Skip Byte Count (BCC) */
7905 /* Build display for: Buffer Format */
7907 BufferFormat = GSHORT(pd, offset);
7911 proto_tree_add_text(tree, offset, 2, "Buffer Format: %u", BufferFormat);
7915 offset += 2; /* Skip Buffer Format */
7917 /* Build display for: Data Length */
7919 DataLength = GSHORT(pd, offset);
7923 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
7927 offset += 2; /* Skip Data Length */
7934 dissect_write_mpx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7937 proto_tree *WriteMode_tree;
7942 guint32 ResponseMask;
7943 guint32 RequestMask;
7952 if (dirn == 1) { /* Request(s) dissect code */
7954 /* Build display for: Word Count (WCT) */
7956 WordCount = GBYTE(pd, offset);
7960 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7964 offset += 1; /* Skip Word Count (WCT) */
7966 /* Build display for: FID */
7968 FID = GSHORT(pd, offset);
7972 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
7976 offset += 2; /* Skip FID */
7978 /* Build display for: Count */
7980 Count = GSHORT(pd, offset);
7984 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
7988 offset += 2; /* Skip Count */
7990 /* Build display for: Reserved 1 */
7992 Reserved1 = GSHORT(pd, offset);
7996 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
8000 offset += 2; /* Skip Reserved 1 */
8002 /* Build display for: Timeout */
8004 Timeout = GWORD(pd, offset);
8008 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
8012 offset += 4; /* Skip Timeout */
8014 /* Build display for: WriteMode */
8016 WriteMode = GSHORT(pd, offset);
8020 ti = proto_tree_add_text(tree, offset, 2, "WriteMode: 0x%02x", WriteMode);
8021 WriteMode_tree = proto_item_add_subtree(ti, ett_smb_writemode);
8022 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
8023 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
8024 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
8025 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining", "Dont return Remaining"));
8026 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
8027 decode_boolean_bitfield(WriteMode, 0x40, 16, "Connectionless mode requested", "Connectionless mode not requested"));
8031 offset += 2; /* Skip WriteMode */
8033 /* Build display for: Request Mask */
8035 RequestMask = GWORD(pd, offset);
8039 proto_tree_add_text(tree, offset, 4, "Request Mask: %u", RequestMask);
8043 offset += 4; /* Skip Request Mask */
8045 /* Build display for: Data Length */
8047 DataLength = GSHORT(pd, offset);
8051 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
8055 offset += 2; /* Skip Data Length */
8057 /* Build display for: Data Offset */
8059 DataOffset = GSHORT(pd, offset);
8063 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
8067 offset += 2; /* Skip Data Offset */
8069 /* Build display for: Byte Count (BCC) */
8071 ByteCount = GSHORT(pd, offset);
8075 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
8079 offset += 2; /* Skip Byte Count (BCC) */
8081 /* Build display for: Pad */
8083 Pad = GBYTE(pd, offset);
8087 proto_tree_add_text(tree, offset, 1, "Pad: %u", Pad);
8091 offset += 1; /* Skip Pad */
8095 if (dirn == 0) { /* Response(s) dissect code */
8097 /* Build display for: Word Count (WCT) */
8099 WordCount = GBYTE(pd, offset);
8103 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
8107 offset += 1; /* Skip Word Count (WCT) */
8109 if (WordCount > 0) {
8111 /* Build display for: Response Mask */
8113 ResponseMask = GWORD(pd, offset);
8117 proto_tree_add_text(tree, offset, 4, "Response Mask: %u", ResponseMask);
8121 offset += 4; /* Skip Response Mask */
8123 /* Build display for: Byte Count (BCC) */
8125 ByteCount = GSHORT(pd, offset);
8129 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
8135 offset += 2; /* Skip Byte Count (BCC) */
8142 dissect_find_close2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8149 if (dirn == 1) { /* Request(s) dissect code */
8151 /* Build display for: Word Count (WTC) */
8153 WordCount = GBYTE(pd, offset);
8157 proto_tree_add_text(tree, offset, 1, "Word Count (WTC): %u", WordCount);
8161 offset += 1; /* Skip Word Count (WTC) */
8163 /* Build display for: FID */
8165 FID = GSHORT(pd, offset);
8169 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
8173 offset += 2; /* Skip FID */
8175 /* Build display for: Byte Count (BCC) */
8177 ByteCount = GSHORT(pd, offset);
8181 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
8185 offset += 2; /* Skip Byte Count (BCC) */
8189 if (dirn == 0) { /* Response(s) dissect code */
8191 /* Build display for: Word Count (WCT) */
8193 WordCount = GBYTE(pd, offset);
8197 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
8201 offset += 1; /* Skip Word Count (WCT) */
8203 /* Build display for: Byte Count (BCC) */
8205 ByteCount = GBYTE(pd, offset);
8209 proto_tree_add_text(tree, offset, 1, "Byte Count (BCC): %u", ByteCount);
8213 offset += 1; /* Skip Byte Count (BCC) */
8219 char *trans2_cmd_names[] = {
8221 "TRANS2_FIND_FIRST2",
8222 "TRANS2_FIND_NEXT2",
8223 "TRANS2_QUERY_FS_INFORMATION",
8224 "TRANS2_QUERY_PATH_INFORMATION",
8225 "TRANS2_SET_PATH_INFORMATION",
8226 "TRANS2_QUERY_FILE_INFORMATION",
8227 "TRANS2_SET_FILE_INFORMATION",
8230 "TRANS2_FIND_NOTIFY_FIRST",
8231 "TRANS2_FIND_NOTIFY_NEXT",
8232 "TRANS2_CREATE_DIRECTORY",
8233 "TRANS2_SESSION_SETUP",
8234 "TRANS2_GET_DFS_REFERRAL",
8236 "TRANS2_REPORT_DFS_INCONSISTENCY"};
8238 char *decode_trans2_name(int code)
8241 if (code > 17 || code < 0) {
8243 return("no such command");
8247 return trans2_cmd_names[code];
8251 guint32 dissect_mailslot_smb(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info, int, int, int, int, const u_char *, int, int, int, int);
8253 guint32 dissect_pipe_smb(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info, int, int, int, int, const u_char *, int, int, int, int);
8256 dissect_transact2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8259 proto_tree *Flags_tree;
8267 guint8 MaxSetupCount;
8270 guint16 TotalParameterCount;
8271 guint16 TotalDataCount;
8274 guint16 ParameterOffset;
8275 guint16 ParameterDisplacement;
8276 guint16 ParameterCount;
8277 guint16 MaxParameterCount;
8278 guint16 MaxDataCount;
8281 guint16 DataDisplacement;
8284 conversation_t *conversation;
8285 struct smb_request_key request_key, *new_request_key;
8286 struct smb_request_val *request_val;
8289 * Find out what conversation this packet is part of.
8290 * XXX - this should really be done by the transport-layer protocol,
8291 * although for connectionless transports, we may not want to do that
8292 * unless we know some higher-level protocol will want it - or we
8293 * may want to do it, so you can say e.g. "show only the packets in
8294 * this UDP 'connection'".
8296 * Note that we don't have to worry about the direction this packet
8297 * was going - the conversation code handles that for us, treating
8298 * packets from A:X to B:Y as being part of the same conversation as
8299 * packets from B:Y to A:X.
8301 conversation = find_conversation(&pi.src, &pi.dst, pi.ptype,
8302 pi.srcport, pi.destport);
8303 if (conversation == NULL) {
8304 /* It's not part of any conversation - create a new one. */
8305 conversation = conversation_new(&pi.src, &pi.dst, pi.ptype,
8306 pi.srcport, pi.destport, NULL);
8309 si.conversation = conversation; /* Save this for later */
8312 * Check for and insert entry in request hash table if does not exist
8314 request_key.conversation = conversation->index;
8315 request_key.mid = si.mid;
8317 request_val = (struct smb_request_val *) g_hash_table_lookup(smb_request_hash, &request_key);
8319 if (!request_val) { /* Create one */
8321 new_request_key = g_mem_chunk_alloc(smb_request_keys);
8322 new_request_key -> conversation = conversation->index;
8323 new_request_key -> mid = si.mid;
8325 request_val = g_mem_chunk_alloc(smb_request_vals);
8326 request_val -> mid = si.mid;
8327 request_val -> last_transact2_command = 0xFFFF;
8329 g_hash_table_insert(smb_request_hash, new_request_key, request_val);
8332 else { /* Update the transact request */
8334 request_val -> mid = si.mid;
8338 si.request_val = request_val; /* Save this for later */
8341 if (dirn == 1) { /* Request(s) dissect code */
8343 /* Build display for: Word Count (WCT) */
8345 WordCount = GBYTE(pd, offset);
8349 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
8353 offset += 1; /* Skip Word Count (WCT) */
8355 /* Build display for: Total Parameter Count */
8357 TotalParameterCount = GSHORT(pd, offset);
8361 proto_tree_add_text(tree, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
8365 offset += 2; /* Skip Total Parameter Count */
8367 /* Build display for: Total Data Count */
8369 TotalDataCount = GSHORT(pd, offset);
8373 proto_tree_add_text(tree, offset, 2, "Total Data Count: %u", TotalDataCount);
8377 offset += 2; /* Skip Total Data Count */
8379 /* Build display for: Max Parameter Count */
8381 MaxParameterCount = GSHORT(pd, offset);
8385 proto_tree_add_text(tree, offset, 2, "Max Parameter Count: %u", MaxParameterCount);
8389 offset += 2; /* Skip Max Parameter Count */
8391 /* Build display for: Max Data Count */
8393 MaxDataCount = GSHORT(pd, offset);
8397 proto_tree_add_text(tree, offset, 2, "Max Data Count: %u", MaxDataCount);
8401 offset += 2; /* Skip Max Data Count */
8403 /* Build display for: Max Setup Count */
8405 MaxSetupCount = GBYTE(pd, offset);
8409 proto_tree_add_text(tree, offset, 1, "Max Setup Count: %u", MaxSetupCount);
8413 offset += 1; /* Skip Max Setup Count */
8415 /* Build display for: Reserved1 */
8417 Reserved1 = GBYTE(pd, offset);
8421 proto_tree_add_text(tree, offset, 1, "Reserved1: %u", Reserved1);
8425 offset += 1; /* Skip Reserved1 */
8427 /* Build display for: Flags */
8429 Flags = GSHORT(pd, offset);
8433 ti = proto_tree_add_text(tree, offset, 2, "Flags: 0x%02x", Flags);
8434 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
8435 proto_tree_add_text(Flags_tree, offset, 2, "%s",
8436 decode_boolean_bitfield(Flags, 0x01, 16, "Also disconnect TID", "Dont disconnect TID"));
8437 proto_tree_add_text(Flags_tree, offset, 2, "%s",
8438 decode_boolean_bitfield(Flags, 0x02, 16, "One way transaction", "Two way transaction"));
8442 offset += 2; /* Skip Flags */
8444 /* Build display for: Timeout */
8446 Timeout = GWORD(pd, offset);
8450 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
8454 offset += 4; /* Skip Timeout */
8456 /* Build display for: Reserved2 */
8458 Reserved2 = GSHORT(pd, offset);
8462 proto_tree_add_text(tree, offset, 2, "Reserved2: %u", Reserved2);
8466 offset += 2; /* Skip Reserved2 */
8468 /* Build display for: Parameter Count */
8470 ParameterCount = GSHORT(pd, offset);
8474 proto_tree_add_text(tree, offset, 2, "Parameter Count: %u", ParameterCount);
8478 offset += 2; /* Skip Parameter Count */
8480 /* Build display for: Parameter Offset */
8482 ParameterOffset = GSHORT(pd, offset);
8486 proto_tree_add_text(tree, offset, 2, "Parameter Offset: %u", ParameterOffset);
8490 offset += 2; /* Skip Parameter Offset */
8492 /* Build display for: Data Count */
8494 DataCount = GSHORT(pd, offset);
8498 proto_tree_add_text(tree, offset, 2, "Data Count: %u", DataCount);
8502 offset += 2; /* Skip Data Count */
8504 /* Build display for: Data Offset */
8506 DataOffset = GSHORT(pd, offset);
8510 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
8514 offset += 2; /* Skip Data Offset */
8516 /* Build display for: Setup Count */
8518 SetupCount = GBYTE(pd, offset);
8522 proto_tree_add_text(tree, offset, 1, "Setup Count: %u", SetupCount);
8526 offset += 1; /* Skip Setup Count */
8528 /* Build display for: Reserved3 */
8530 Reserved3 = GBYTE(pd, offset);
8534 proto_tree_add_text(tree, offset, 1, "Reserved3: %u", Reserved3);
8538 offset += 1; /* Skip Reserved3 */
8540 /* Build display for: Setup */
8542 if (SetupCount > 0) {
8546 Setup = GSHORT(pd, offset);
8548 request_val -> last_transact2_command = Setup; /* Save for later */
8550 if (check_col(fd, COL_INFO)) {
8552 col_add_fstr(fd, COL_INFO, "%s %s", decode_trans2_name(Setup), (dirn ? "Request" : "Response"));
8556 for (i = 1; i <= SetupCount; i++) {
8559 Setup1 = GSHORT(pd, offset);
8563 proto_tree_add_text(tree, offset, 2, "Setup%i: %u", i, Setup1);
8567 offset += 2; /* Skip Setup */
8573 /* Build display for: Byte Count (BCC) */
8575 ByteCount = GSHORT(pd, offset);
8579 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
8583 offset += 2; /* Skip Byte Count (BCC) */
8585 /* Build display for: Transact Name */
8589 proto_tree_add_text(tree, offset, 2, "Transact Name: %s", decode_trans2_name(Setup));
8595 /* Build display for: Pad1 */
8597 Pad1 = GBYTE(pd, offset);
8601 proto_tree_add_text(tree, offset, 1, "Pad1: %u", Pad1);
8605 offset += 1; /* Skip Pad1 */
8609 if (ParameterCount > 0) {
8611 /* Build display for: Parameters */
8615 proto_tree_add_text(tree, SMB_offset + ParameterOffset, ParameterCount, "Parameters: %s", format_text(pd + SMB_offset + ParameterOffset, ParameterCount));
8619 offset += ParameterCount; /* Skip Parameters */
8625 /* Build display for: Pad2 */
8627 Pad2 = GBYTE(pd, offset);
8631 proto_tree_add_text(tree, offset, 1, "Pad2: %u", Pad2);
8635 offset += 1; /* Skip Pad2 */
8639 if (DataCount > 0) {
8641 /* Build display for: Data */
8643 Data = GBYTE(pd, offset);
8647 proto_tree_add_text(tree, SMB_offset + DataOffset, DataCount, "Data: %s", format_text(&pd[offset], DataCount));
8651 offset += DataCount; /* Skip Data */
8656 if (dirn == 0) { /* Response(s) dissect code */
8658 /* Pick up the last transact2 command and put it in the right places */
8660 if (check_col(fd, COL_INFO)) {
8662 col_add_fstr(fd, COL_INFO, "%s %s", decode_trans2_name(request_val -> last_transact2_command), "response");
8666 /* Build display for: Word Count (WCT) */
8668 WordCount = GBYTE(pd, offset);
8672 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
8676 offset += 1; /* Skip Word Count (WCT) */
8678 /* Build display for: Total Parameter Count */
8680 TotalParameterCount = GSHORT(pd, offset);
8684 proto_tree_add_text(tree, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
8688 offset += 2; /* Skip Total Parameter Count */
8690 /* Build display for: Total Data Count */
8692 TotalDataCount = GSHORT(pd, offset);
8696 proto_tree_add_text(tree, offset, 2, "Total Data Count: %u", TotalDataCount);
8700 offset += 2; /* Skip Total Data Count */
8702 /* Build display for: Reserved2 */
8704 Reserved2 = GSHORT(pd, offset);
8708 proto_tree_add_text(tree, offset, 2, "Reserved2: %u", Reserved2);
8712 offset += 2; /* Skip Reserved2 */
8714 /* Build display for: Parameter Count */
8716 ParameterCount = GSHORT(pd, offset);
8720 proto_tree_add_text(tree, offset, 2, "Parameter Count: %u", ParameterCount);
8724 offset += 2; /* Skip Parameter Count */
8726 /* Build display for: Parameter Offset */
8728 ParameterOffset = GSHORT(pd, offset);
8732 proto_tree_add_text(tree, offset, 2, "Parameter Offset: %u", ParameterOffset);
8736 offset += 2; /* Skip Parameter Offset */
8738 /* Build display for: Parameter Displacement */
8740 ParameterDisplacement = GSHORT(pd, offset);
8744 proto_tree_add_text(tree, offset, 2, "Parameter Displacement: %u", ParameterDisplacement);
8748 offset += 2; /* Skip Parameter Displacement */
8750 /* Build display for: Data Count */
8752 DataCount = GSHORT(pd, offset);
8756 proto_tree_add_text(tree, offset, 2, "Data Count: %u", DataCount);
8760 offset += 2; /* Skip Data Count */
8762 /* Build display for: Data Offset */
8764 DataOffset = GSHORT(pd, offset);
8768 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
8772 offset += 2; /* Skip Data Offset */
8774 /* Build display for: Data Displacement */
8776 DataDisplacement = GSHORT(pd, offset);
8780 proto_tree_add_text(tree, offset, 2, "Data Displacement: %u", DataDisplacement);
8784 offset += 2; /* Skip Data Displacement */
8786 /* Build display for: Setup Count */
8788 SetupCount = GBYTE(pd, offset);
8792 proto_tree_add_text(tree, offset, 1, "Setup Count: %u", SetupCount);
8796 offset += 1; /* Skip Setup Count */
8798 /* Build display for: Reserved3 */
8800 Reserved3 = GBYTE(pd, offset);
8804 proto_tree_add_text(tree, offset, 1, "Reserved3: %u", Reserved3);
8808 offset += 1; /* Skip Reserved3 */
8810 /* Build display for: Setup */
8812 Setup = GSHORT(pd, offset);
8816 proto_tree_add_text(tree, offset, 2, "Setup: %u", Setup);
8820 offset += 2; /* Skip Setup */
8822 /* Build display for: Byte Count (BCC) */
8824 ByteCount = GSHORT(pd, offset);
8828 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
8832 offset += 2; /* Skip Byte Count (BCC) */
8834 /* Build display for: Pad1 */
8836 Pad1 = GBYTE(pd, offset);
8840 proto_tree_add_text(tree, offset, 1, "Pad1: %u", Pad1);
8844 offset += 1; /* Skip Pad1 */
8846 /* Build display for: Parameter */
8848 if (ParameterCount > 0) {
8852 proto_tree_add_text(tree, offset, ParameterCount, "Parameter: %s", format_text(pd + SMB_offset + ParameterOffset, ParameterCount));
8856 offset += ParameterCount; /* Skip Parameter */
8860 /* Build display for: Pad2 */
8862 Pad2 = GBYTE(pd, offset);
8866 proto_tree_add_text(tree, offset, 1, "Pad2: %u", Pad2);
8870 offset += 1; /* Skip Pad2 */
8872 /* Build display for: Data */
8874 if (DataCount > 0) {
8878 proto_tree_add_text(tree, offset, DataCount, "Data: %s", format_text(pd + SMB_offset + DataOffset, DataCount));
8882 offset += DataCount; /* Skip Data */
8890 static char *p_desc = NULL, *d_desc = NULL, *data = NULL, *params = NULL;
8891 static int p_count, d_count, p_offset, d_offset, d_current = 0, p_current = 0;
8892 static int pd_p_current = 0, pd_d_current = 0, in_params = 0, need_data = 0;
8893 static int lm_ent_count = 0, lm_act_count = 0;
8895 /* Initialize the various data structure */
8897 dissect_transact_engine_init(const u_char *pd, const char *param_desc, const char *data_desc, int SMB_offset, int ParameterOffset, int ParameterCount, int DataOffset, int DataCount)
8900 d_count = DataCount;
8901 p_count = ParameterCount;
8906 lm_ent_count = lm_act_count = 0;
8907 pd_d_current = DataOffset;
8908 pd_p_current = ParameterOffset;
8909 in_params = need_data = 0;
8911 if (p_desc) g_free(p_desc);
8912 p_desc = g_malloc(strlen(param_desc) + 1);
8913 strcpy(p_desc, param_desc);
8915 if (d_desc) g_free(d_desc);
8916 d_desc= g_malloc(strlen(data_desc) + 1);
8917 strcpy(d_desc, data_desc);
8919 if (params) g_free(params);
8920 params = g_malloc(p_count);
8921 memcpy(params, pd + ParameterOffset, ParameterCount);
8923 if (data) g_free(data);
8924 data = g_malloc(d_count);
8925 memcpy(data, pd + DataOffset, DataCount);
8932 return lm_ent_count;
8939 return lm_act_count;
8943 int get_byte_count(const u_char *p_data)
8946 int count = 0, off = 0;
8948 while (p_data[off] && isdigit(p_data[off])) {
8950 count = (count * 10) + (int)p_data[off++] - (int)'0';
8957 /* Dissect the next item, if Name is null, call it by its data type */
8958 /* We pull out the next item in the appropriate place and display it */
8959 /* We display the parameters first, then the data, then any auxilliary data */
8961 int dissect_transact_next(const u_char *pd, char *Name, int dirn, proto_tree *tree)
8963 /* guint8 BParam; */
8966 const char /**Bytes,*/ *AsciiZ = NULL;
8971 if (p_desc[p_offset] == 0) return 0; /* No more ... */
8973 switch (in_params) {
8975 case 0: /* We are in the params area ... */
8977 switch (p_desc[p_offset++]) {
8981 if (dirn == 0) { /* We need to process the data ... */
8989 case 'h': /* A WORD parameter received */
8993 WParam = GSHORT(pd, pd_p_current);
8995 proto_tree_add_text(tree, pd_p_current, 2, "%s: %u (%04X)", (Name) ? Name : "Returned Word", WParam, WParam);
8999 lm_act_count = WParam;
9007 case 'e': /* An ent count .. */
9009 if (dirn == 0) { /* Only relevant in a response */
9011 WParam = GSHORT(pd, pd_p_current);
9013 proto_tree_add_text(tree, pd_p_current, 2, "%s: (%04X)", (Name) ? Name : "Entry Count", WParam, WParam);
9017 lm_ent_count = WParam; /* Save this for later retrieval */
9025 case 'W': /* Word Parameter */
9027 if (dirn == 1) { /* A request ... */
9029 /* Insert a word param */
9031 WParam = GSHORT(pd, pd_p_current);
9033 proto_tree_add_text(tree, pd_p_current, 2, "%s: %u (%04X)", (Name) ? Name : "Word Param", WParam, WParam);
9037 return 1; /* That's it here ... we have dissected a param */
9043 case 'i': /* A long word is returned */
9047 LParam = GWORD(pd, pd_p_current);
9049 proto_tree_add_text(tree, pd_p_current, 4, "%s: %u (0x%08X)", (Name) ? Name : "Returned Long Word", LParam, LParam);
9059 case 'D': /* Double Word parameter */
9063 LParam = GWORD(pd, pd_p_current);
9065 proto_tree_add_text(tree, pd_p_current, 4, "%s: %u (0x%08X)", (Name) ? Name : "DWord Param", LParam, LParam);
9069 return 1; /* That's it here */
9075 case 'g': /* A byte or series of bytes is returned */
9079 bc = get_byte_count(p_desc + p_offset);
9081 proto_tree_add_text(tree, pd_p_current, bc, "%s%u: %s", (Name) ? Name : "B", (bc) ? bc : 1, format_text( pd + pd_p_current, (bc) ? bc : 1));
9083 pd_p_current += (bc) ? bc : 1;
9091 case 'b': /* A byte or series of bytes */
9095 bc = get_byte_count(p_desc + p_offset); /* This is not clean */
9097 /*Bytes = g_malloc(bc + 1); / * Is this needed ? */
9099 proto_tree_add_text(tree, pd_p_current, bc, "%s%u: %s", (Name) ? Name : "B", (bc) ? bc : 1, format_text(pd + pd_p_current, (bc) ? bc : 1));
9101 pd_p_current += (bc) ? bc : 1;
9103 return 1; /* That's it here ... */
9109 case 'O': /* A null pointer */
9113 proto_tree_add_text(tree, pd_p_current, 0, "%s: Null Pointer", (Name) ? Name : "Unknown");
9115 return 1; /* That's it here */
9121 case 'z': /* An AsciiZ string */
9125 AsciiZ = pd + pd_p_current;
9127 proto_tree_add_text(tree, pd_p_current, strlen(AsciiZ) + 1, "%s: %s", (Name) ? Name : "AsciiZ", AsciiZ);
9129 pd_p_current += strlen(AsciiZ) + 1;
9131 return 1; /* That's it here ... */
9137 case 'F': /* One or more pad bytes */
9141 bc = get_byte_count(pd);
9143 proto_tree_add_text(tree, pd_p_current, bc, "%s%u: %s", (Name) ? Name : "Pad", bc, format_text(pd + pd_p_current, bc));
9147 return 1; /* That's it here */
9153 case 'L': /* Receive buffer len: Short */
9157 WParam = GSHORT(pd, pd_p_current);
9159 proto_tree_add_text(tree, pd_p_current, 2, "%s: %u (0x%04X)", (Name) ? Name : "Receive Buffer Len", WParam, WParam);
9163 return 1; /* That's it here ... */
9169 case 's': /* Send buf ... */
9175 LParam = GWORD(pd, pd_p_current);
9177 proto_tree_add_text(tree, pd_p_current, 4, "%s: %u", (Name) ? Name : "Send Buffer Ptr", LParam);
9181 return 1; /* That's it here ... */
9191 WParam = GSHORT(pd, pd_p_current);
9193 proto_tree_add_text(tree, pd_p_current, 2, "%s: %u", (Name) ? Name : "Send Buffer Len", WParam);
9211 case 1: /* We are in the data area ... */
9224 dissect_transact_params(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn, int DataOffset, int DataCount, int ParameterOffset, int ParameterCount, const char *TransactName)
9226 char *TransactNameCopy;
9227 char *trans_type = NULL, *trans_cmd, *loc_of_slash = NULL;
9235 TransactNameCopy = g_malloc(strlen(TransactName) + 1);
9237 /* Should check for error here ... */
9239 strcpy(TransactNameCopy, TransactName);
9240 if (TransactNameCopy[0] == '\\') {
9241 trans_type = TransactNameCopy + 1; /* Skip the slash */
9242 loc_of_slash = strchr(trans_type, '\\');
9246 index = loc_of_slash - trans_type; /* Make it a real index */
9247 trans_cmd = trans_type + index + 1;
9248 trans_type[index] = '\0';
9253 if ((trans_cmd == NULL) ||
9254 (((strcmp(trans_type, "MAILSLOT") != 0) ||
9255 !dissect_mailslot_smb(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, trans_cmd, SMB_offset + DataOffset, DataCount, SMB_offset + ParameterOffset, ParameterCount)) &&
9256 ((strcmp(trans_type, "PIPE") != 0) ||
9257 !dissect_pipe_smb(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, trans_cmd, DataOffset, DataCount, ParameterOffset, ParameterCount)))) {
9259 if (ParameterCount > 0) {
9261 /* Build display for: Parameters */
9265 proto_tree_add_text(tree, SMB_offset + ParameterOffset, ParameterCount, "Parameters: %s", format_text(pd + SMB_offset + ParameterOffset, ParameterCount));
9269 offset = SMB_offset + ParameterOffset + ParameterCount; /* Skip Parameters */
9275 /* Build display for: Pad2 */
9277 Pad2 = GBYTE(pd, offset);
9281 proto_tree_add_text(tree, offset, 1, "Pad2: %u: %u", Pad2, offset);
9285 offset += 1; /* Skip Pad2 */
9289 if (DataCount > 0) {
9291 /* Build display for: Data */
9293 Data = pd + SMB_offset + DataOffset;
9297 proto_tree_add_text(tree, SMB_offset + DataOffset, DataCount, "Data: %s", format_text(pd + SMB_offset + DataOffset, DataCount));
9301 offset += DataCount; /* Skip Data */
9309 dissect_transact_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
9312 proto_tree *Flags_tree;
9319 guint8 MaxSetupCount;
9321 guint16 TotalParameterCount;
9322 guint16 TotalDataCount;
9325 guint16 ParameterOffset;
9326 guint16 ParameterDisplacement;
9327 guint16 ParameterCount;
9328 guint16 MaxParameterCount;
9329 guint16 MaxDataCount;
9332 guint16 DataDisplacement;
9336 const char *TransactName;
9337 conversation_t *conversation;
9338 struct smb_request_key request_key, *new_request_key;
9339 struct smb_request_val *request_val;
9342 * Find out what conversation this packet is part of
9345 conversation = find_conversation(&pi.src, &pi.dst, pi.ptype,
9346 pi.srcport, pi.destport);
9348 if (conversation == NULL) { /* Create a new conversation */
9350 conversation = conversation_new(&pi.src, &pi.dst, pi.ptype,
9351 pi.srcport, pi.destport, NULL);
9355 si.conversation = conversation; /* Save this */
9358 * Check for and insert entry in request hash table if does not exist
9360 request_key.conversation = conversation->index;
9361 request_key.mid = si.mid;
9363 request_val = (struct smb_request_val *) g_hash_table_lookup(smb_request_hash, &request_key);
9365 if (!request_val) { /* Create one */
9367 new_request_key = g_mem_chunk_alloc(smb_request_keys);
9368 new_request_key -> conversation = conversation -> index;
9369 new_request_key -> mid = si.mid;
9371 request_val = g_mem_chunk_alloc(smb_request_vals);
9372 request_val -> mid = si.mid;
9373 request_val -> last_transact_command = NULL;
9374 request_val -> last_param_descrip = NULL;
9375 request_val -> last_data_descrip = NULL;
9377 g_hash_table_insert(smb_request_hash, new_request_key, request_val);
9381 si.request_val = request_val; /* Save this for later */
9383 if (dirn == 1) { /* Request(s) dissect code */
9385 /* Build display for: Word Count (WCT) */
9387 WordCount = GBYTE(pd, offset);
9391 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
9395 offset += 1; /* Skip Word Count (WCT) */
9397 /* Build display for: Total Parameter Count */
9399 TotalParameterCount = GSHORT(pd, offset);
9403 proto_tree_add_text(tree, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
9407 offset += 2; /* Skip Total Parameter Count */
9409 /* Build display for: Total Data Count */
9411 TotalDataCount = GSHORT(pd, offset);
9415 proto_tree_add_text(tree, offset, 2, "Total Data Count: %u", TotalDataCount);
9419 offset += 2; /* Skip Total Data Count */
9421 /* Build display for: Max Parameter Count */
9423 MaxParameterCount = GSHORT(pd, offset);
9427 proto_tree_add_text(tree, offset, 2, "Max Parameter Count: %u", MaxParameterCount);
9431 offset += 2; /* Skip Max Parameter Count */
9433 /* Build display for: Max Data Count */
9435 MaxDataCount = GSHORT(pd, offset);
9439 proto_tree_add_text(tree, offset, 2, "Max Data Count: %u", MaxDataCount);
9443 offset += 2; /* Skip Max Data Count */
9445 /* Build display for: Max Setup Count */
9447 MaxSetupCount = GBYTE(pd, offset);
9451 proto_tree_add_text(tree, offset, 1, "Max Setup Count: %u", MaxSetupCount);
9455 offset += 1; /* Skip Max Setup Count */
9457 /* Build display for: Reserved1 */
9459 Reserved1 = GBYTE(pd, offset);
9463 proto_tree_add_text(tree, offset, 1, "Reserved1: %u", Reserved1);
9467 offset += 1; /* Skip Reserved1 */
9469 /* Build display for: Flags */
9471 Flags = GSHORT(pd, offset);
9475 ti = proto_tree_add_text(tree, offset, 2, "Flags: 0x%02x", Flags);
9476 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
9477 proto_tree_add_text(Flags_tree, offset, 2, "%s",
9478 decode_boolean_bitfield(Flags, 0x01, 16, "Also disconnect TID", "Dont disconnect TID"));
9479 proto_tree_add_text(Flags_tree, offset, 2, "%s",
9480 decode_boolean_bitfield(Flags, 0x02, 16, "One way transaction", "Two way transaction"));
9484 offset += 2; /* Skip Flags */
9486 /* Build display for: Timeout */
9488 Timeout = GWORD(pd, offset);
9492 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
9496 offset += 4; /* Skip Timeout */
9498 /* Build display for: Reserved2 */
9500 Reserved2 = GSHORT(pd, offset);
9504 proto_tree_add_text(tree, offset, 2, "Reserved2: %u", Reserved2);
9508 offset += 2; /* Skip Reserved2 */
9510 /* Build display for: Parameter Count */
9512 ParameterCount = GSHORT(pd, offset);
9516 proto_tree_add_text(tree, offset, 2, "Parameter Count: %u", ParameterCount);
9520 offset += 2; /* Skip Parameter Count */
9522 /* Build display for: Parameter Offset */
9524 ParameterOffset = GSHORT(pd, offset);
9528 proto_tree_add_text(tree, offset, 2, "Parameter Offset: %u", ParameterOffset);
9532 offset += 2; /* Skip Parameter Offset */
9534 /* Build display for: Data Count */
9536 DataCount = GSHORT(pd, offset);
9540 proto_tree_add_text(tree, offset, 2, "Data Count: %u", DataCount);
9544 offset += 2; /* Skip Data Count */
9546 /* Build display for: Data Offset */
9548 DataOffset = GSHORT(pd, offset);
9552 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
9556 offset += 2; /* Skip Data Offset */
9558 /* Build display for: Setup Count */
9560 SetupCount = GBYTE(pd, offset);
9564 proto_tree_add_text(tree, offset, 1, "Setup Count: %u", SetupCount);
9568 offset += 1; /* Skip Setup Count */
9570 /* Build display for: Reserved3 */
9572 Reserved3 = GBYTE(pd, offset);
9576 proto_tree_add_text(tree, offset, 1, "Reserved3: %u", Reserved3);
9580 offset += 1; /* Skip Reserved3 */
9582 /* Build display for: Setup */
9584 if (SetupCount > 0) {
9588 Setup = GSHORT(pd, offset);
9590 for (i = 1; i <= SetupCount; i++) {
9592 Setup = GSHORT(pd, offset);
9596 proto_tree_add_text(tree, offset, 2, "Setup%i: %u", i, Setup);
9600 offset += 2; /* Skip Setup */
9606 /* Build display for: Byte Count (BCC) */
9608 ByteCount = GSHORT(pd, offset);
9612 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
9616 offset += 2; /* Skip Byte Count (BCC) */
9618 /* Build display for: Transact Name */
9620 /* Watch out for Unicode names */
9624 if (offset % 2) offset++; /* Looks like a pad byte there sometimes */
9626 TransactName = unicode_to_str(pd + offset, &TNlen);
9631 TransactName = pd + offset;
9632 TNlen = strlen(TransactName) + 1;
9635 if (request_val -> last_transact_command) g_free(request_val -> last_transact_command);
9637 request_val -> last_transact_command = g_malloc(strlen(TransactName) + 1);
9639 if (request_val -> last_transact_command)
9640 strcpy(request_val -> last_transact_command, TransactName);
9642 if (check_col(fd, COL_INFO)) {
9644 col_add_fstr(fd, COL_INFO, "%s %s", TransactName, (dirn ? "Request" : "Response"));
9650 proto_tree_add_text(tree, offset, TNlen, "Transact Name: %s", TransactName);
9654 offset += TNlen; /* Skip Transact Name */
9655 if (si.unicode) offset += 2; /* There are two more extraneous bytes there*/
9659 /* Build display for: Pad1 */
9661 Pad1 = GBYTE(pd, offset);
9665 proto_tree_add_text(tree, offset, 1, "Pad1: %u", Pad1);
9669 offset += 1; /* Skip Pad1 */
9673 /* Let's see if we can decode this */
9675 dissect_transact_params(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, DataOffset, DataCount, ParameterOffset, ParameterCount, TransactName);
9679 if (dirn == 0) { /* Response(s) dissect code */
9681 if (check_col(fd, COL_INFO)) {
9683 col_add_fstr(fd, COL_INFO, "%s %s", request_val -> last_transact_command, "Response");
9687 /* Build display for: Word Count (WCT) */
9689 WordCount = GBYTE(pd, offset);
9693 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
9697 offset += 1; /* Skip Word Count (WCT) */
9699 /* Build display for: Total Parameter Count */
9701 TotalParameterCount = GSHORT(pd, offset);
9705 proto_tree_add_text(tree, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
9709 offset += 2; /* Skip Total Parameter Count */
9711 /* Build display for: Total Data Count */
9713 TotalDataCount = GSHORT(pd, offset);
9717 proto_tree_add_text(tree, offset, 2, "Total Data Count: %u", TotalDataCount);
9721 offset += 2; /* Skip Total Data Count */
9723 /* Build display for: Reserved2 */
9725 Reserved2 = GSHORT(pd, offset);
9729 proto_tree_add_text(tree, offset, 2, "Reserved2: %u", Reserved2);
9733 offset += 2; /* Skip Reserved2 */
9735 /* Build display for: Parameter Count */
9737 ParameterCount = GSHORT(pd, offset);
9741 proto_tree_add_text(tree, offset, 2, "Parameter Count: %u", ParameterCount);
9745 offset += 2; /* Skip Parameter Count */
9747 /* Build display for: Parameter Offset */
9749 ParameterOffset = GSHORT(pd, offset);
9753 proto_tree_add_text(tree, offset, 2, "Parameter Offset: %u", ParameterOffset);
9757 offset += 2; /* Skip Parameter Offset */
9759 /* Build display for: Parameter Displacement */
9761 ParameterDisplacement = GSHORT(pd, offset);
9765 proto_tree_add_text(tree, offset, 2, "Parameter Displacement: %u", ParameterDisplacement);
9769 offset += 2; /* Skip Parameter Displacement */
9771 /* Build display for: Data Count */
9773 DataCount = GSHORT(pd, offset);
9777 proto_tree_add_text(tree, offset, 2, "Data Count: %u", DataCount);
9781 offset += 2; /* Skip Data Count */
9783 /* Build display for: Data Offset */
9785 DataOffset = GSHORT(pd, offset);
9789 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
9793 offset += 2; /* Skip Data Offset */
9795 /* Build display for: Data Displacement */
9797 DataDisplacement = GSHORT(pd, offset);
9801 proto_tree_add_text(tree, offset, 2, "Data Displacement: %u", DataDisplacement);
9805 offset += 2; /* Skip Data Displacement */
9807 /* Build display for: Setup Count */
9809 SetupCount = GBYTE(pd, offset);
9813 proto_tree_add_text(tree, offset, 1, "Setup Count: %u", SetupCount);
9817 offset += 1; /* Skip Setup Count */
9819 /* Build display for: Reserved3 */
9821 Reserved3 = GBYTE(pd, offset);
9825 proto_tree_add_text(tree, offset, 1, "Reserved3: %u", Reserved3);
9829 offset += 1; /* Skip Reserved3 */
9831 /* Build display for: Setup */
9833 if (SetupCount > 0) {
9835 /* Hmmm, should code for all setup words ... */
9837 Setup = GSHORT(pd, offset);
9841 proto_tree_add_text(tree, offset, 2, "Setup: %u", Setup);
9845 offset += 2; /* Skip Setup */
9849 /* Build display for: Byte Count (BCC) */
9851 ByteCount = GSHORT(pd, offset);
9855 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
9859 offset += 2; /* Skip Byte Count (BCC) */
9861 /* Build display for: Pad1 */
9865 Pad1 = GBYTE(pd, offset);
9869 proto_tree_add_text(tree, offset, 1, "Pad1: %u", Pad1);
9873 offset += 1; /* Skip Pad1 */
9877 dissect_transact_params(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, DataOffset, DataCount, ParameterOffset, ParameterCount, si.request_val -> last_transact_command);
9884 * The routines for mailslot and pipe dissecting should be migrated to another
9888 #define NETSHAREENUM 0x00 /* 00 */
9889 #define NETSERVERENUM2 0x68 /* 104 */
9891 void dissect_server_flags(proto_tree *tree, int offset, int length, int flags)
9893 proto_tree_add_text(tree, offset, length, "%s",
9894 decode_boolean_bitfield(flags, 0x0001, length*8, "Workstation", "Not Workstation"));
9895 proto_tree_add_text(tree, offset, length, "%s",
9896 decode_boolean_bitfield(flags, 0x0002, length*8, "Server", "Not Server"));
9897 proto_tree_add_text(tree, offset, length, "%s",
9898 decode_boolean_bitfield(flags, 0x0004, length*8, "SQL Server", "Not SQL Server"));
9899 proto_tree_add_text(tree, offset, length, "%s",
9900 decode_boolean_bitfield(flags, 0x0008, length*8, "Domain Controller", "Not Domain Controller"));
9901 proto_tree_add_text(tree, offset, length, "%s",
9902 decode_boolean_bitfield(flags, 0x0010, length*8, "Backup Controller", "Not Backup Controller"));
9903 proto_tree_add_text(tree, offset, 4, "%s",
9904 decode_boolean_bitfield(flags, 0x0020, length*8, "Time Source", "Not Time Source"));
9905 proto_tree_add_text(tree, offset, length, "%s",
9906 decode_boolean_bitfield(flags, 0x0040, length*8, "Apple Server", "Not Apple Server"));
9907 proto_tree_add_text(tree, offset, length, "%s",
9908 decode_boolean_bitfield(flags, 0x0080, length*8, "Novell Server", "Not Novell Server"));
9909 proto_tree_add_text(tree, offset, length, "%s",
9910 decode_boolean_bitfield(flags, 0x0100, length*8, "Domain Member Server", "Not Domain Member Server"));
9911 proto_tree_add_text(tree, offset, length, "%s",
9912 decode_boolean_bitfield(flags, 0x0200, length*8, "Print Queue Server", "Not Print Queue Server"));
9913 proto_tree_add_text(tree, offset, length, "%s",
9914 decode_boolean_bitfield(flags, 0x0400, length*8, "Dialin Server", "Not Dialin Server"));
9915 proto_tree_add_text(tree, offset, length, "%s",
9916 decode_boolean_bitfield(flags, 0x0800, length*8, "Xenix Server", "Not Xenix Server"));
9917 proto_tree_add_text(tree, offset, length, "%s",
9918 decode_boolean_bitfield(flags, 0x1000, length*8, "NT Workstation", "Not NT Workstation"));
9919 proto_tree_add_text(tree, offset, length, "%s",
9920 decode_boolean_bitfield(flags, 0x2000, length*8, "Windows for Workgroups", "Not Windows for Workgroups"));
9921 proto_tree_add_text(tree, offset, length, "%s",
9922 decode_boolean_bitfield(flags, 0x8000, length*8, "NT Server", "Not NT Server"));
9923 proto_tree_add_text(tree, offset, length, "%s",
9924 decode_boolean_bitfield(flags, 0x10000, length*8, "Potential Browser", "Not Potential Browser"));
9925 proto_tree_add_text(tree, offset, length, "%s",
9926 decode_boolean_bitfield(flags, 0x20000, length*8, "Backup Browser", "Not Backup Browser"));
9927 proto_tree_add_text(tree, offset, length, "%s",
9928 decode_boolean_bitfield(flags, 0x40000, length*8, "Master Browser", "Not Master Browser"));
9929 proto_tree_add_text(tree, offset, length, "%s",
9930 decode_boolean_bitfield(flags, 0x80000, length*8, "Domain Master Browser", "Not Domain Master Browser"));
9931 proto_tree_add_text(tree, offset, length, "%s",
9932 decode_boolean_bitfield(flags, 0x100000, length*8, "OSF", "Not OSF"));
9933 proto_tree_add_text(tree, offset, length, "%s",
9934 decode_boolean_bitfield(flags, 0x200000, length*8, "VMS", "Not VMS"));
9935 proto_tree_add_text(tree, offset, length, "%s",
9936 decode_boolean_bitfield(flags, 0x400000, length*8, "Windows 95 or above", "Not Windows 95 or above"));
9937 proto_tree_add_text(tree, offset, length, "%s",
9938 decode_boolean_bitfield(flags, 0x40000000, length*8, "Local List Only", "Not Local List Only"));
9939 proto_tree_add_text(tree, offset, length, "%s",
9940 decode_boolean_bitfield(flags, 0x80000000, length*8, "Domain Enum", "Not Domain Enum"));
9945 * The following data structure describes the LANMAN requests we understand
9947 * Simply fill in the number, name, and parameter names if you know them
9948 * Try to keep them in order
9950 * We will extend this data structure as we try to decode more ...
9953 struct lanman_desc {
9957 char **req_data; /* Hmmm, not flexible enough */
9962 static char *lm_params_req_0[] = {"Detail Level", "Return Buffer Size", NULL};
9963 static char *lm_params_req_1[] = {"Share Name", "Detail Level", "Receive Buffer Size", NULL};
9964 static char *lm_params_resp_1[] = {"Returned Data Len", NULL};
9965 static char *lm_params_req_13[] = {"Detail Level", "Receive Buffer Size", NULL};
9966 static char *lm_params_req_56[] = {"User Name", "Detail Level", "Receive Buffer Size", NULL};
9967 static char *lm_params_req_104[] = {"Detail Level", "Return Buffer Size", "Server Type", "Domain", NULL};
9968 static char *lm_params_req_132[] = {"Reserved1", "Reserved2", "Detail Level", "UserInfoStruct?", "Length of UStruct", "Receive Buffer Size", NULL};
9969 static char *lm_params_req_133[] = {"Reserved1", "Reserved2", "Detail Level", "UserInfoStruct?", "Length of UStruct", "Receive Buffer Size", NULL};
9971 static char *lm_null_params[] = {NULL};
9973 struct lanman_desc lmd[] = {
9974 {0, "NetShareEnum", lm_params_req_0, lm_null_params, lm_null_params, lm_null_params},
9975 {1, "NetShareGetInfo", lm_params_req_1, lm_null_params, lm_params_resp_1, lm_null_params},
9976 {13, "NetServerGetInfo", lm_params_req_13, lm_null_params, lm_null_params, lm_null_params},
9977 {56, "NetGroupGetUser", lm_null_params, lm_null_params, lm_null_params, lm_null_params},
9978 {56, "NetUserGetInfo", lm_params_req_56, lm_null_params, lm_null_params, lm_null_params},
9979 {59, "NetUserGetGroups", lm_null_params, lm_null_params, lm_null_params, lm_null_params},
9980 {63, "NetWkstaGetInfo", lm_null_params, lm_null_params, lm_null_params, lm_null_params},
9981 {69, "DOSPrintQEnum", lm_null_params, lm_null_params, lm_null_params, lm_null_params},
9982 {70, "DOSPrintQGetInfo", lm_null_params, lm_null_params, lm_null_params, lm_null_params},
9983 {74, "WPrintQueuePause", lm_null_params, lm_null_params, lm_null_params, lm_null_params},
9984 {75, "WPrintQueueResume", lm_null_params, lm_null_params, lm_null_params, lm_null_params},
9985 {76, "WPrintJobEnumerate", lm_null_params, lm_null_params, lm_null_params, lm_null_params},
9986 {77, "WPrintJobGetInfo", lm_null_params, lm_null_params, lm_null_params, lm_null_params},
9987 {81, "RDOSPrintJobDel", lm_null_params, lm_null_params, lm_null_params, lm_null_params},
9988 {82, "RDOSPrintJobPause", lm_null_params, lm_null_params, lm_null_params, lm_null_params},
9989 {83, "RDOSPrintJobResume", lm_null_params, lm_null_params, lm_null_params, lm_null_params},
9990 {84, "WPrintDestEnum", lm_null_params, lm_null_params, lm_null_params, lm_null_params},
9991 {85, "WPrintDestGetInfo", lm_null_params, lm_null_params, lm_null_params, lm_null_params},
9992 {91, "NetRemoteTOD", lm_null_params, lm_null_params, lm_null_params, lm_null_params},
9993 {103, "WPrintQueuePurge", lm_null_params, lm_null_params, lm_null_params, lm_null_params},
9994 {104, "NetServerEnum2", lm_params_req_104, lm_null_params, lm_null_params, lm_null_params},
9995 {105, "WAccessGetUserPerms", lm_null_params, lm_null_params, lm_null_params, lm_null_params},
9996 {115, "SetUserPassword", lm_null_params, lm_null_params, lm_null_params, lm_null_params},
9997 {132, "NetWkstaUserLogon", lm_params_req_132, lm_null_params, lm_null_params, lm_null_params},
9998 {133, "NetWkstaUserLogoff", lm_params_req_133, lm_null_params, lm_null_params, lm_null_params},
9999 {147, "PrintJobInfo", lm_null_params, lm_null_params, lm_null_params, lm_null_params},
10000 {205, "WPrintDriverEnum", lm_null_params, lm_null_params, lm_null_params, lm_null_params},
10001 {206, "WPrintQProcEnum", lm_null_params, lm_null_params, lm_null_params, lm_null_params},
10002 {207, "WPrintPortEnum", lm_null_params, lm_null_params, lm_null_params, lm_null_params},
10003 {214, "SamOEMChangePassword", lm_null_params, lm_null_params, lm_null_params, lm_null_params},
10004 {-1, NULL, NULL,NULL, NULL, NULL}
10007 struct lanman_desc *
10008 find_lanman(int lanman_num)
10012 /* FIXME, This could be more efficient */
10014 while (lmd[i].lanman_num != -1) {
10016 if (lmd[i].lanman_num == lanman_num) {
10031 dissect_pipe_lanman(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn, const u_char *command, int DataOffset, int DataCount, int ParameterOffset, int ParameterCount)
10033 guint32 loc_offset = SMB_offset + ParameterOffset;
10034 guint16 FunctionCode;
10036 guint16 RecvBufLen;
10038 const char *ParameterDescriptor;
10039 const char *ReturnDescriptor;
10040 proto_tree *lanman_tree = NULL, *flags_tree = NULL;
10042 struct lanman_desc *lanman;
10044 if (check_col(fd, COL_PROTOCOL))
10045 col_add_fstr(fd, COL_PROTOCOL, "LANMAN");
10047 if (dirn == 1) { /* The request side */
10049 FunctionCode = GSHORT(pd, loc_offset);
10051 si.request_val -> last_lanman_cmd = FunctionCode;
10053 switch (FunctionCode) {
10055 case NETSHAREENUM: /* Never decode this at the moment ... */
10057 if (check_col(fd, COL_INFO)) {
10059 col_add_fstr(fd, COL_INFO, "NetShareEnum Request");
10065 ti = proto_tree_add_item(parent, proto_lanman, SMB_offset + ParameterOffset, ParameterCount, NULL);
10066 lanman_tree = proto_item_add_subtree(ti, ett_lanman);
10068 proto_tree_add_text(lanman_tree, loc_offset, 2, "Function Code: NetShareEnum");
10074 ParameterDescriptor = pd + loc_offset;
10076 si.request_val -> trans_response_seen = 0;
10078 if (si.request_val -> last_param_descrip) g_free(si.request_val -> last_param_descrip);
10079 si.request_val -> last_param_descrip = g_malloc(strlen(ParameterDescriptor) + 1);
10080 if (si.request_val -> last_param_descrip)
10081 strcpy(si.request_val -> last_param_descrip, ParameterDescriptor);
10085 proto_tree_add_text(lanman_tree, loc_offset, strlen(ParameterDescriptor) + 1, "Parameter Descriptor: %s", ParameterDescriptor);
10089 loc_offset += strlen(ParameterDescriptor) + 1;
10091 ReturnDescriptor = pd + loc_offset;
10093 if (si.request_val -> last_data_descrip) g_free(si.request_val -> last_data_descrip);
10094 si.request_val -> last_data_descrip = g_malloc(strlen(ReturnDescriptor) + 1);
10095 if (si.request_val -> last_data_descrip)
10096 strcpy(si.request_val -> last_data_descrip, ReturnDescriptor);
10100 proto_tree_add_text(lanman_tree, loc_offset, strlen(ReturnDescriptor) + 1, "Return Descriptor: %s", ReturnDescriptor);
10104 loc_offset += strlen(ReturnDescriptor) + 1;
10106 Level = GSHORT(pd, loc_offset);
10110 proto_tree_add_text(lanman_tree, loc_offset, 2, "Detail Level: %u", Level);
10116 RecvBufLen = GSHORT(pd, loc_offset);
10120 proto_tree_add_text(lanman_tree, loc_offset, 2, "Receive Buffer Length: %u", RecvBufLen);
10128 case NETSERVERENUM2: /* Process a NetServerEnum2 */
10130 if (check_col(fd, COL_INFO)) {
10132 col_add_fstr(fd, COL_INFO, "NetServerEnum2 %s", dirn ? "Request" : "Response");
10138 ti = proto_tree_add_item(parent, proto_lanman, SMB_offset + ParameterOffset, ParameterCount, NULL);
10139 lanman_tree = proto_item_add_subtree(ti, ett_lanman);
10141 proto_tree_add_text(lanman_tree, loc_offset, 2, "Function Code: NetServerEnum2");
10147 ParameterDescriptor = pd + loc_offset;
10149 /* Now, save these for later */
10151 si.request_val -> trans_response_seen = 0;
10153 if (si.request_val -> last_param_descrip) g_free(si.request_val -> last_param_descrip);
10154 si.request_val -> last_param_descrip = g_malloc(strlen(ParameterDescriptor) + 1);
10155 if (si.request_val -> last_param_descrip)
10156 strcpy(si.request_val -> last_param_descrip, ParameterDescriptor);
10160 proto_tree_add_text(lanman_tree, loc_offset, strlen(ParameterDescriptor) + 1, "Parameter Descriptor: %s", ParameterDescriptor);
10164 loc_offset += strlen(ParameterDescriptor) + 1;
10166 ReturnDescriptor = pd + loc_offset;
10168 if (si.request_val -> last_data_descrip) g_free(si.request_val -> last_data_descrip);
10170 si.request_val -> last_data_descrip = g_malloc(strlen(ReturnDescriptor) + 1);
10171 if (si.request_val -> last_data_descrip)
10172 strcpy(si.request_val -> last_data_descrip, ReturnDescriptor);
10176 proto_tree_add_text(lanman_tree, loc_offset, strlen(ReturnDescriptor) + 1, "Return Descriptor: %s", ReturnDescriptor);
10180 loc_offset += strlen(ReturnDescriptor) + 1;
10182 Level = GSHORT(pd, loc_offset);
10183 si.request_val -> last_level = Level;
10187 proto_tree_add_text(lanman_tree, loc_offset, 2, "Info Detail Level: %u", Level);
10193 RecvBufLen = GSHORT(pd, loc_offset);
10197 proto_tree_add_text(lanman_tree, loc_offset, 2, "Receive Buffer Length: %u", RecvBufLen);
10203 Flags = GWORD(pd, loc_offset);
10207 ti = proto_tree_add_text(lanman_tree, loc_offset, 4, "Server Types Required: 0x%08X", Flags);
10208 flags_tree = proto_item_add_subtree(ti, ett_browse_flags);
10209 dissect_server_flags(flags_tree, loc_offset, 4, Flags);
10218 default: /* Just try to handle what is there ... */
10220 lanman = find_lanman(FunctionCode);
10222 if (check_col(fd, COL_INFO)) {
10225 col_add_fstr(fd, COL_INFO, "%s Request", lanman -> lanman_name);
10228 col_add_fstr(fd, COL_INFO, "Unknown LANMAN Request: %u", FunctionCode);
10234 ti = proto_tree_add_item(parent, proto_lanman, SMB_offset + ParameterOffset, ParameterCount, NULL);
10235 lanman_tree = proto_item_add_subtree(ti, ett_lanman);
10238 proto_tree_add_text(lanman_tree, loc_offset, 2, "%s Request", lanman -> lanman_name);
10241 proto_tree_add_text(lanman_tree, loc_offset, 2, "Function Code: Unknown LANMAN Request: %u", FunctionCode);
10248 ParameterDescriptor = pd + loc_offset;
10250 si.request_val -> trans_response_seen = 0;
10252 if (si.request_val -> last_param_descrip) g_free(si.request_val -> last_param_descrip);
10253 si.request_val -> last_param_descrip = g_malloc(strlen(ParameterDescriptor) + 1);
10254 if (si.request_val -> last_param_descrip)
10255 strcpy(si.request_val -> last_param_descrip, ParameterDescriptor);
10259 proto_tree_add_text(lanman_tree, loc_offset, strlen(ParameterDescriptor) + 1, "Parameter Descriptor: %s", ParameterDescriptor);
10263 loc_offset += strlen(ParameterDescriptor) + 1;
10265 ReturnDescriptor = pd + loc_offset;
10267 if (si.request_val -> last_data_descrip) g_free(si.request_val -> last_data_descrip);
10268 si.request_val -> last_data_descrip = g_malloc(strlen(ReturnDescriptor) + 1);
10269 if (si.request_val -> last_data_descrip)
10270 strcpy(si.request_val -> last_data_descrip, ReturnDescriptor);
10274 proto_tree_add_text(lanman_tree, loc_offset, strlen(ReturnDescriptor) + 1, "Return Descriptor: %s", ReturnDescriptor);
10278 loc_offset += strlen(ReturnDescriptor) + 1;
10282 int i = 0; /* Counter for names below */
10285 dissect_transact_engine_init(pd, ParameterDescriptor, ReturnDescriptor,SMB_offset, loc_offset, ParameterCount, DataOffset, DataCount);
10287 if (lanman) name = lanman -> req[i]; /* Must be OK ... */
10289 while (dissect_transact_next(pd, name, dirn, lanman_tree))
10290 if (name) name = lanman -> req[++i];
10297 else { /* Dirn == 0, response */
10301 guint16 AvailCount;
10302 guint32 loc_offset = 0;
10304 proto_tree *server_tree = NULL, *flags_tree = NULL, *share_tree = NULL;
10306 FunctionCode = si.request_val -> last_lanman_cmd;
10309 * If we have already seen the response to this transact, simply
10310 * record it as a continuation ...
10313 printf("TransResponseSeen = %u\n", si.request_val -> trans_response_seen);
10315 if (si.request_val -> trans_response_seen == 1) {
10317 if (check_col(fd, COL_INFO)) {
10318 col_add_fstr(fd, COL_INFO, "Transact Continuation");
10323 ti = proto_tree_add_item(parent, proto_lanman, SMB_offset + DataOffset, END_OF_FRAME, NULL);
10325 lanman_tree = proto_item_add_subtree(ti, ett_lanman);
10327 proto_tree_add_text(lanman_tree, loc_offset, END_OF_FRAME, "Payload: %s", format_text(pd + SMB_offset + DataOffset, END_OF_FRAME));
10336 si.request_val -> trans_response_seen = 1;
10338 switch (FunctionCode) {
10342 if (check_col(fd, COL_INFO)) {
10344 col_add_fstr(fd, COL_INFO, "NetShareEnum Response");
10350 ti = proto_tree_add_item(parent, proto_lanman, SMB_offset + ParameterOffset, END_OF_FRAME, NULL);
10351 lanman_tree = proto_item_add_subtree(ti, ett_lanman);
10353 proto_tree_add_text(lanman_tree, loc_offset, 0, "Function Code: NetShareEnum");
10357 si.request_val -> trans_response_seen = 1;
10359 loc_offset = SMB_offset + ParameterOffset;
10361 Status = GSHORT(pd, loc_offset);
10365 proto_tree_add_text(lanman_tree, loc_offset, 2, "Status: %u", Status);
10371 Convert = GSHORT(pd, loc_offset);
10375 proto_tree_add_text(lanman_tree, loc_offset, 2, "Convert: %u", Convert);
10381 EntCount = GSHORT(pd, loc_offset);
10385 proto_tree_add_text(lanman_tree, loc_offset, 2, "Entry Count: %u", EntCount);
10391 AvailCount = GSHORT(pd, loc_offset);
10395 proto_tree_add_text(lanman_tree, loc_offset, 2, "Available Entries: %u", AvailCount);
10403 ti = proto_tree_add_text(lanman_tree, loc_offset, AvailCount * 20, "Available Shares", NULL);
10405 share_tree = proto_item_add_subtree(ti, ett_lanman_shares);
10409 for (i = 1; i <= EntCount; i++) {
10410 const gchar *Share = pd + loc_offset;
10412 const gchar *Comment;
10413 proto_tree *share = NULL;
10414 proto_item *ti = NULL;
10418 ti = proto_tree_add_text(share_tree, loc_offset, 20, "Share %s", Share);
10419 share = proto_item_add_subtree(ti, ett_lanman_share);
10426 proto_tree_add_text(share, loc_offset, 13, "Share Name: %s", Share);
10432 while (loc_offset % 4)
10433 loc_offset += 1; /* Align to a word boundary ... */
10435 Flags = GSHORT(pd, loc_offset);
10439 proto_tree_add_text(share, loc_offset, 2, "Share Type: %u", Flags);
10445 Comment = pd + SMB_offset + DataOffset + (GWORD(pd, loc_offset) & 0xFFFF) - Convert;
10449 proto_tree_add_text(share, loc_offset, 4, "Share Comment: %s", Comment);
10459 case NETSERVERENUM2:
10461 if (check_col(fd, COL_INFO)) {
10463 col_add_fstr(fd, COL_INFO, "NetServerEnum2 %s", dirn ? "Request" : "Response");
10469 ti = proto_tree_add_item(parent, proto_lanman, SMB_offset + ParameterOffset, END_OF_FRAME, NULL);
10470 lanman_tree = proto_item_add_subtree(ti, ett_lanman);
10472 proto_tree_add_text(lanman_tree, loc_offset, 2, "Function Code: NetServerEnum2");
10476 loc_offset = SMB_offset + ParameterOffset;
10477 Status = GSHORT(pd, loc_offset);
10481 proto_tree_add_text(lanman_tree, loc_offset, 2, "Status: %u", Status);
10487 Convert = GSHORT(pd, loc_offset);
10491 proto_tree_add_text(lanman_tree, loc_offset, 2, "Convert: %u", Convert);
10497 EntCount = GSHORT(pd, loc_offset);
10501 proto_tree_add_text(lanman_tree, loc_offset, 2, "Entry Count: %u", EntCount);
10507 AvailCount = GSHORT(pd, loc_offset);
10511 proto_tree_add_text(lanman_tree, loc_offset, 2, "Available Entries: %u", AvailCount);
10519 ti = proto_tree_add_text(lanman_tree, loc_offset, 26 * AvailCount, "Servers");
10522 printf("Null value returned from proto_tree_add_text\n");
10527 server_tree = proto_item_add_subtree(ti, ett_lanman_servers);
10531 /* Make sure we don't go past the end of the capture buffer */
10533 for (i = 1; (i <= EntCount) && ((pi.captured_len - loc_offset) > 16); i++) {
10534 const gchar *Server = pd + loc_offset;
10537 guint32 ServerFlags;
10538 const gchar *Comment;
10539 proto_tree *server = NULL;
10544 ti = proto_tree_add_text(server_tree, loc_offset,
10545 (si.request_val -> last_level) ? 26 : 16,
10546 "Server %s", Server);
10547 server = proto_item_add_subtree(ti, ett_lanman_server);
10554 proto_tree_add_text(server, loc_offset, 16, "Server Name: %s", Server);
10560 if (si.request_val -> last_level) { /* Print out the rest of the info */
10562 ServerMajor = GBYTE(pd, loc_offset);
10566 proto_tree_add_text(server, loc_offset, 1, "Major Version: %u", ServerMajor);
10572 ServerMinor = GBYTE(pd, loc_offset);
10576 proto_tree_add_text(server, loc_offset, 1, "Minor Version: %u", ServerMinor);
10582 ServerFlags = GWORD(pd, loc_offset);
10586 ti = proto_tree_add_text(server, loc_offset, 4, "Server Type: 0x%08X", ServerFlags);
10587 flags_tree = proto_item_add_subtree(ti, ett_browse_flags);
10588 dissect_server_flags(flags_tree, loc_offset, 4, ServerFlags);
10594 Comment = pd + SMB_offset + DataOffset + (GWORD(pd, loc_offset) & 0xFFFF) - Convert;
10598 proto_tree_add_text(server, loc_offset, 4, "Server Comment: %s", Comment);
10612 lanman = find_lanman(si.request_val -> last_lanman_cmd);
10614 if (check_col(fd, COL_INFO)) {
10617 col_add_fstr(fd, COL_INFO, "%s Response", lanman -> lanman_name);
10620 col_add_fstr(fd, COL_INFO, "Unknown LANMAN Response: %u", FunctionCode);
10626 ti = proto_tree_add_item(parent, proto_lanman, SMB_offset + ParameterOffset, END_OF_FRAME, NULL);
10627 lanman_tree = proto_item_add_subtree(ti, ett_lanman);
10629 proto_tree_add_text(lanman_tree, 0, 0, "%s Response", lanman -> lanman_name);
10632 proto_tree_add_text(lanman_tree, loc_offset, 0, "Function Code: Unknown LANMAN Response: %u", FunctionCode);
10636 loc_offset = SMB_offset + ParameterOffset;
10638 Status = GSHORT(pd, loc_offset);
10642 proto_tree_add_text(lanman_tree, loc_offset, 2, "Status: %u", Status);
10648 Convert = GSHORT(pd, loc_offset);
10652 proto_tree_add_text(lanman_tree, loc_offset, 2, "Convert: %u", Convert);
10663 dissect_transact_engine_init(pd, si.request_val -> last_param_descrip, si.request_val -> last_data_descrip, SMB_offset, loc_offset, ParameterCount, DataOffset, DataCount);
10665 if (lanman) name = lanman -> resp[i];
10667 while (dissect_transact_next(pd, name, dirn, lanman_tree))
10668 if (name) name = lanman -> resp[++i];
10684 dissect_pipe_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn, const u_char *command, int DataOffset, int DataCount, int ParameterOffset, int ParameterCount)
10687 if (strcmp(command, "LANMAN") == 0) { /* Try to decode a LANMAN */
10689 return dissect_pipe_lanman(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, command, DataOffset, DataCount, ParameterOffset, ParameterCount);
10697 char *browse_commands[] =
10698 { "Error, No such command!", /* Value 0 */
10699 "Host Announcement", /* Value 1 */
10700 "Request Announcement", /* Value 2 */
10701 "Error, No such command!", /* Value 3 */
10702 "Error, No such command!", /* Value 4 */
10703 "Error, No such command!", /* Value 5 */
10704 "Error, No such command!", /* Value 6 */
10705 "Error, No such command!", /* Value 7 */
10706 "Browser Election Request", /* Value 8 */
10707 "Get Backup List Request", /* Value 9 */
10708 "Get Backup List Response", /* Value 10 */
10709 "Become Backup Browser", /* Value 11 */
10710 "Domain/Workgroup Announcement", /* Value 12 */
10711 "Master Announcement", /* Value 13 */
10712 "Error! No such command", /* Value 14 */
10713 "Local Master Announcement" /* Value 15 */
10716 #define HOST_ANNOUNCE 1
10717 #define REQUEST_ANNOUNCE 2
10718 #define BROWSER_ELECTION 8
10719 #define GETBACKUPLISTREQ 9
10720 #define GETBACKUPLISTRESP 10
10721 #define BECOMEBACKUPBROWSER 11
10722 #define DOMAINANNOUNCEMENT 12
10723 #define MASTERANNOUNCEMENT 13
10724 #define LOCALMASTERANNOUNC 15
10726 char *svr_types[32] = {
10730 "Domain Controller",
10731 "Backup Controller",
10735 "Domain Member Server",
10736 "Print Queue Server",
10740 "Windows for Workgroups",
10741 "Unknown Server - FIXME",
10743 "Potential Browser",
10746 "Domain Master Browser",
10749 "Windows 95 or above",
10762 dissect_mailslot_browse(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn, const u_char *command, int DataOffset, int DataCount)
10765 guint8 UpdateCount;
10766 guint8 VersionMajor;
10767 guint8 VersionMinor;
10768 guint32 Periodicity;
10769 guint32 ServerType;
10770 guint16 SigConstant;
10772 guint8 BackupServerCount;
10775 guint8 ElectionVersion;
10776 guint32 ElectionCriteria;
10778 guint8 ElectionDesire;
10779 guint16 ElectionRevision;
10780 guint32 ServerUpTime;
10781 const char *ServerName;
10782 const char *ServerComment;
10783 proto_tree *browse_tree = NULL, *flags_tree = NULL,
10784 *OSflags = NULL, *DesireFlags = NULL;
10785 proto_item *ti, *ec;
10786 guint32 loc_offset = DataOffset, count = 0;
10789 if (check_col(fd, COL_PROTOCOL))
10790 col_add_str(fd, COL_PROTOCOL, "BROWSER");
10792 if (check_col(fd, COL_INFO)) /* Put in something, and replace it later */
10793 col_add_str(fd, COL_INFO, "Browse Announcement");
10796 * Now, decode the browse request
10799 OpCode = GBYTE(pd, loc_offset);
10801 if (check_col(fd, COL_INFO))
10802 col_add_fstr(fd, COL_INFO, (OpCode > (sizeof(browse_commands)/sizeof(char *))) ? "Error, No Such Command:%u" : browse_commands[OpCode], OpCode);
10804 if (tree) { /* Add the browse tree */
10806 ti = proto_tree_add_item(parent, proto_browse, DataOffset, DataCount, NULL);
10807 browse_tree = proto_item_add_subtree(ti, ett_browse);
10809 proto_tree_add_text(browse_tree, loc_offset, 1, "OpCode: %s", (OpCode > (sizeof(browse_commands)/sizeof(char *))) ? "Error, No Such Command" : browse_commands[OpCode]);
10813 loc_offset += 1; /* Skip the OpCode */
10817 case DOMAINANNOUNCEMENT:
10818 case LOCALMASTERANNOUNC:
10819 case HOST_ANNOUNCE:
10821 UpdateCount = GBYTE(pd, loc_offset);
10825 proto_tree_add_text(browse_tree, loc_offset, 1, "Update Count: %u", UpdateCount);
10829 loc_offset += 1; /* Skip the Update Count */
10831 Periodicity = GWORD(pd, loc_offset);
10835 proto_tree_add_text(browse_tree, loc_offset, 4, "Update Periodicity: %u Sec", Periodicity/1000 );
10841 ServerName = pd + loc_offset;
10843 if (check_col(fd, COL_INFO)) {
10845 col_append_fstr(fd, COL_INFO, " %s", ServerName);
10851 proto_tree_add_text(browse_tree, loc_offset, 16, (OpCode == DOMAINANNOUNCEMENT) ? "Domain/WorkGroup: %s": "Host Name: %s", ServerName);
10857 VersionMajor = GBYTE(pd, loc_offset);
10861 proto_tree_add_text(browse_tree, loc_offset, 1, "Major Version: %u", VersionMajor);
10867 VersionMinor = GBYTE(pd, loc_offset);
10871 proto_tree_add_text(browse_tree, loc_offset, 1, "Minor Version: %u", VersionMinor);
10877 ServerType = GWORD(pd, loc_offset);
10879 if (check_col(fd, COL_INFO)) {
10881 /* Append the type(s) of the system to the COL_INFO line ... */
10883 for (i = 1; i <= 32; i++) {
10885 if (ServerType & (1 << (i - 1)) && (strcmp("Unused", svr_types[i]) != 0))
10886 col_append_fstr(fd, COL_INFO, ", %s", svr_types[i - 1]);
10894 ti = proto_tree_add_text(browse_tree, loc_offset, 4, "Server Type: 0x%04x", ServerType);
10895 flags_tree = proto_item_add_subtree(ti, ett_browse_flags);
10896 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10897 decode_boolean_bitfield(ServerType, 0x0001, 32, "Workstation", "Not Workstation"));
10898 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10899 decode_boolean_bitfield(ServerType, 0x0002, 32, "Server", "Not Server"));
10900 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10901 decode_boolean_bitfield(ServerType, 0x0004, 32, "SQL Server", "Not SQL Server"));
10902 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10903 decode_boolean_bitfield(ServerType, 0x0008, 32, "Domain Controller", "Not Domain Controller"));
10904 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10905 decode_boolean_bitfield(ServerType, 0x0010, 32, "Backup Controller", "Not Backup Controller"));
10906 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10907 decode_boolean_bitfield(ServerType, 0x0020, 32, "Time Source", "Not Time Source"));
10908 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10909 decode_boolean_bitfield(ServerType, 0x0040, 32, "Apple Server", "Not Apple Server"));
10910 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10911 decode_boolean_bitfield(ServerType, 0x0080, 32, "Novell Server", "Not Novell Server"));
10912 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10913 decode_boolean_bitfield(ServerType, 0x0100, 32, "Domain Member Server", "Not Domain Member Server"));
10914 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10915 decode_boolean_bitfield(ServerType, 0x0200, 32, "Print Queue Server", "Not Print Queue Server"));
10916 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10917 decode_boolean_bitfield(ServerType, 0x0400, 32, "Dialin Server", "Not Dialin Server"));
10918 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10919 decode_boolean_bitfield(ServerType, 0x0800, 32, "Xenix Server", "Not Xenix Server"));
10920 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10921 decode_boolean_bitfield(ServerType, 0x1000, 32, "NT Workstation", "Not NT Workstation"));
10922 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10923 decode_boolean_bitfield(ServerType, 0x2000, 32, "Windows for Workgroups", "Not Windows for Workgroups"));
10924 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10925 decode_boolean_bitfield(ServerType, 0x8000, 32, "NT Server", "Not NT Server"));
10926 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10927 decode_boolean_bitfield(ServerType, 0x10000, 32, "Potential Browser", "Not Potential Browser"));
10928 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10929 decode_boolean_bitfield(ServerType, 0x20000, 32, "Backup Browser", "Not Backup Browser"));
10930 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10931 decode_boolean_bitfield(ServerType, 0x40000, 32, "Master Browser", "Not Master Browser"));
10932 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10933 decode_boolean_bitfield(ServerType, 0x80000, 32, "Domain Master Browser", "Not Domain Master Browser"));
10934 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10935 decode_boolean_bitfield(ServerType, 0x100000, 32, "OSF", "Not OSF"));
10936 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10937 decode_boolean_bitfield(ServerType, 0x200000, 32, "VMS", "Not VMS"));
10938 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10939 decode_boolean_bitfield(ServerType, 0x400000, 32, "Windows 95 or above", "Not Windows 95 or above"));
10940 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10941 decode_boolean_bitfield(ServerType, 0x40000000, 32, "Local List Only", "Not Local List Only"));
10942 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
10943 decode_boolean_bitfield(ServerType, 0x80000000, 32, "Domain Enum", "Not Domain Enum"));
10947 ElectionVersion = GSHORT(pd, loc_offset);
10951 proto_tree_add_text(browse_tree, loc_offset, 2, "Election Version: %u", ElectionVersion);
10957 SigConstant = GSHORT(pd, loc_offset);
10961 proto_tree_add_text(browse_tree, loc_offset, 2, "Signature: %u (0x%04X)", SigConstant, SigConstant);
10967 ServerComment = pd + loc_offset;
10971 proto_tree_add_text(browse_tree, loc_offset, strlen(ServerComment) + 1, "Host Comment: %s", ServerComment);
10977 case REQUEST_ANNOUNCE:
10979 Flags = GBYTE(pd, loc_offset);
10983 proto_tree_add_text(browse_tree, loc_offset, 1, "Unused Flags: %u", Flags);
10989 ServerName = pd + loc_offset;
10993 proto_tree_add_text(browse_tree, loc_offset, strlen(ServerName) + 1, "Send List To: %s", ServerName);
10999 case BROWSER_ELECTION:
11001 ElectionVersion = GBYTE(pd, loc_offset);
11005 proto_tree_add_text(browse_tree, loc_offset, 1, "Election Version = %u", ElectionVersion);
11011 ElectionCriteria = GWORD(pd, loc_offset);
11012 ElectionOS = GBYTE(pd, loc_offset + 3);
11013 ElectionRevision = GSHORT(pd, loc_offset + 1);
11014 ElectionDesire = GBYTE(pd, loc_offset);
11018 ti = proto_tree_add_text(browse_tree, loc_offset, 4, "Election Criteria = %u (0x%08X)", ElectionCriteria, ElectionCriteria);
11020 ec = proto_item_add_subtree(ti, ett_browse_election_criteria);
11022 ti = proto_tree_add_text(ec, loc_offset + 3, 1, "Election OS Summary: %u (0x%02X)", ElectionOS, ElectionOS);
11024 OSflags = proto_item_add_subtree(ti, ett_browse_election_os);
11026 proto_tree_add_text(OSflags, loc_offset + 3, 1, "%s",
11027 decode_boolean_bitfield(ElectionOS, 0x01, 8, "Windows for Workgroups", "Not Windows for Workgroups"));
11029 proto_tree_add_text(OSflags, loc_offset + 3, 1, "%s",
11030 decode_boolean_bitfield(ElectionOS, 0x02, 8, "Unknown", "Not used"));
11032 proto_tree_add_text(OSflags, loc_offset + 3, 1, "%s",
11033 decode_boolean_bitfield(ElectionOS, 0x04, 8, "Unknown", "Not used"));
11035 proto_tree_add_text(OSflags, loc_offset + 3, 1, "%s",
11036 decode_boolean_bitfield(ElectionOS, 0x08, 8, "Unknown", "Not used"));
11038 proto_tree_add_text(OSflags, loc_offset + 3, 1, "%s",
11039 decode_boolean_bitfield(ElectionOS, 0x10, 8, "Windows NT Workstation", "Not Windows NT Workstation"));
11041 proto_tree_add_text(OSflags, loc_offset + 3, 1, "%s",
11042 decode_boolean_bitfield(ElectionOS, 0x20, 8, "Windows NT Server", "Not Windows NT Server"));
11044 proto_tree_add_text(OSflags, loc_offset + 3, 1, "%s",
11045 decode_boolean_bitfield(ElectionOS, 0x40, 8, "Unknown", "Not used"));
11047 proto_tree_add_text(OSflags, loc_offset + 3, 1, "%s",
11048 decode_boolean_bitfield(ElectionOS, 0x80, 8, "Unknown", "Not used"));
11050 proto_tree_add_text(ec, loc_offset + 1, 2, "Election Revision: %u (0x%04X)", ElectionRevision, ElectionRevision);
11052 ti = proto_tree_add_text(ec, loc_offset, 1, "Election Desire Summary: %u (0x%02X)", ElectionDesire, ElectionDesire);
11054 DesireFlags = proto_item_add_subtree(ti, ett_browse_election_desire);
11056 proto_tree_add_text(DesireFlags, loc_offset, 1, "%s",
11057 decode_boolean_bitfield(ElectionDesire, 0x01, 8, "Backup Browse Server", "Not Backup Browse Server"));
11059 proto_tree_add_text(DesireFlags, loc_offset, 1, "%s",
11060 decode_boolean_bitfield(ElectionDesire, 0x02, 8, "Standby Browse Server", "Not Standby Browse Server"));
11062 proto_tree_add_text(DesireFlags, loc_offset, 1, "%s",
11063 decode_boolean_bitfield(ElectionDesire, 0x04, 8, "Master Browser", "Not Master Browser"));
11065 proto_tree_add_text(DesireFlags, loc_offset, 1, "%s",
11066 decode_boolean_bitfield(ElectionDesire, 0x08, 8, "Domain Master Browse Server", "Not Domain Master Browse Server"));
11068 proto_tree_add_text(DesireFlags, loc_offset, 1, "%s",
11069 decode_boolean_bitfield(ElectionDesire, 0x10, 8, "Unknown", "Not used"));
11071 proto_tree_add_text(DesireFlags, loc_offset, 1, "%s",
11072 decode_boolean_bitfield(ElectionDesire, 0x20, 8, "WINS Client", "Not WINS Client"));
11074 proto_tree_add_text(DesireFlags, loc_offset, 1, "%s",
11075 decode_boolean_bitfield(ElectionDesire, 0x40, 8, "Unknown", "Not used"));
11077 proto_tree_add_text(DesireFlags, loc_offset, 1, "%s",
11078 decode_boolean_bitfield(ElectionDesire, 0x80, 8, "Windows NT Advanced Server", "Not Windows NT Advanced Server"));
11084 ServerUpTime = GWORD(pd, loc_offset);
11088 proto_tree_add_text(browse_tree, loc_offset, 4, "Server Up Time: %u Sec", ServerUpTime/1000);
11094 MBZ = GWORD(pd, loc_offset);
11098 ServerName = pd + loc_offset;
11102 proto_tree_add_text(browse_tree, loc_offset, strlen(ServerName) + 1, "Election Server Name: %s", ServerName);
11108 case GETBACKUPLISTREQ:
11110 BackupServerCount = GBYTE(pd, loc_offset);
11114 proto_tree_add_text(browse_tree, loc_offset, 1, "Backup List Requested Count: %u", BackupServerCount);
11120 Token = GWORD(pd, loc_offset);
11124 proto_tree_add_text(browse_tree, loc_offset, 4, "Backup Request Token: %u", Token);
11130 case GETBACKUPLISTRESP:
11132 BackupServerCount = GBYTE(pd, loc_offset);
11136 proto_tree_add_text(browse_tree, loc_offset, 1, "Backup Server Count: %u", BackupServerCount);
11142 Token = GWORD(pd, loc_offset);
11146 proto_tree_add_text(browse_tree, loc_offset, 4, "Backup Response Token: %u", Token);
11152 ServerName = pd + loc_offset;
11154 for (count = 1; count <= BackupServerCount; count++) {
11158 proto_tree_add_text(browse_tree, loc_offset, strlen(ServerName) + 1, "Backup Server: %s", ServerName);
11162 loc_offset += strlen(ServerName) + 1;
11164 ServerName = pd + loc_offset;
11170 case BECOMEBACKUPBROWSER:
11172 ServerName = pd + loc_offset;
11176 proto_tree_add_text(browse_tree, loc_offset, strlen(ServerName) + 1, "Browser to Promote: %s", ServerName);
11182 case MASTERANNOUNCEMENT:
11184 ServerName = pd + loc_offset;
11188 proto_tree_add_text(browse_tree, loc_offset, strlen(ServerName) + 1, "Server Name: %s", ServerName);
11198 return 1; /* Success */
11203 dissect_mailslot_net(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn, const u_char *command, int DataOffset, int DataCount)
11211 dissect_mailslot_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn, const u_char *command, int DataOffset, int DataCount, int ParameterOffset, int ParameterCount)
11214 if (strcmp(command, "BROWSE") == 0) { /* Decode a browse */
11216 return dissect_mailslot_browse(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, command, DataOffset, DataCount);
11219 else if (strcmp(command, "LANMAN") == 0) {
11221 return dissect_pipe_lanman(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, command, DataOffset, DataCount, ParameterOffset, ParameterCount);
11228 void (*dissect[256])(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info, int, int, int, int) = {
11230 dissect_unknown_smb, /* unknown SMB 0x00 */
11231 dissect_unknown_smb, /* unknown SMB 0x01 */
11232 dissect_unknown_smb, /* SMBopen open a file */
11233 dissect_create_file_smb, /* SMBcreate create a file */
11234 dissect_close_smb, /* SMBclose close a file */
11235 dissect_flush_file_smb, /* SMBflush flush a file */
11236 dissect_delete_file_smb, /* SMBunlink delete a file */
11237 dissect_rename_file_smb, /* SMBmv rename a file */
11238 dissect_get_file_attr_smb,/* SMBgetatr get file attributes */
11239 dissect_set_file_attr_smb,/* SMBsetatr set file attributes */
11240 dissect_read_file_smb, /* SMBread read from a file */
11241 dissect_write_file_smb, /* SMBwrite write to a file */
11242 dissect_lock_bytes_smb, /* SMBlock lock a byte range */
11243 dissect_unlock_bytes_smb, /* SMBunlock unlock a byte range */
11244 dissect_create_temporary_file_smb,/* SMBctemp create a temporary file */
11245 dissect_unknown_smb, /* SMBmknew make a new file */
11246 dissect_checkdir_smb, /* SMBchkpth check a directory path */
11247 dissect_process_exit_smb, /* SMBexit process exit */
11248 dissect_unknown_smb, /* SMBlseek seek */
11249 dissect_lock_and_read_smb,/* SMBlockread Lock a range and read it */
11250 dissect_write_and_unlock_smb,/* SMBwriteunlock Unlock a range and then write */
11251 dissect_unknown_smb, /* unknown SMB 0x15 */
11252 dissect_unknown_smb, /* unknown SMB 0x16 */
11253 dissect_unknown_smb, /* unknown SMB 0x17 */
11254 dissect_unknown_smb, /* unknown SMB 0x18 */
11255 dissect_unknown_smb, /* unknown SMB 0x19 */
11256 dissect_read_raw_smb, /* SMBreadBraw read block raw */
11257 dissect_read_mpx_smb, /* SMBreadBmpx read block multiplexed */
11258 dissect_unknown_smb, /* SMBreadBs read block (secondary response) */
11259 dissect_write_raw_smb, /* SMBwriteBraw write block raw */
11260 dissect_write_mpx_smb, /* SMBwriteBmpx write block multiplexed */
11261 dissect_unknown_smb, /* SMBwriteBs write block (secondary request) */
11262 dissect_unknown_smb, /* SMBwriteC write complete response */
11263 dissect_unknown_smb, /* unknown SMB 0x21 */
11264 dissect_set_info2_smb, /* SMBsetattrE set file attributes expanded */
11265 dissect_query_info2_smb, /* SMBgetattrE get file attributes expanded */
11266 dissect_locking_andx_smb, /* SMBlockingX lock/unlock byte ranges and X */
11267 dissect_transact_smb, /* SMBtrans transaction - name, bytes in/out */
11268 dissect_unknown_smb, /* SMBtranss transaction (secondary request/response) */
11269 dissect_unknown_smb, /* SMBioctl IOCTL */
11270 dissect_unknown_smb, /* SMBioctls IOCTL (secondary request/response) */
11271 dissect_unknown_smb, /* SMBcopy copy */
11272 dissect_move_smb, /* SMBmove move */
11273 dissect_unknown_smb, /* SMBecho echo */
11274 dissect_unknown_smb, /* SMBwriteclose write a file and then close it */
11275 dissect_open_andx_smb, /* SMBopenX open and X */
11276 dissect_unknown_smb, /* SMBreadX read and X */
11277 dissect_unknown_smb, /* SMBwriteX write and X */
11278 dissect_unknown_smb, /* unknown SMB 0x30 */
11279 dissect_unknown_smb, /* unknown SMB 0x31 */
11280 dissect_transact2_smb, /* unknown SMB 0x32 */
11281 dissect_unknown_smb, /* unknown SMB 0x33 */
11282 dissect_find_close2_smb, /* unknown SMB 0x34 */
11283 dissect_unknown_smb, /* unknown SMB 0x35 */
11284 dissect_unknown_smb, /* unknown SMB 0x36 */
11285 dissect_unknown_smb, /* unknown SMB 0x37 */
11286 dissect_unknown_smb, /* unknown SMB 0x38 */
11287 dissect_unknown_smb, /* unknown SMB 0x39 */
11288 dissect_unknown_smb, /* unknown SMB 0x3a */
11289 dissect_unknown_smb, /* unknown SMB 0x3b */
11290 dissect_unknown_smb, /* unknown SMB 0x3c */
11291 dissect_unknown_smb, /* unknown SMB 0x3d */
11292 dissect_unknown_smb, /* unknown SMB 0x3e */
11293 dissect_unknown_smb, /* unknown SMB 0x3f */
11294 dissect_unknown_smb, /* unknown SMB 0x40 */
11295 dissect_unknown_smb, /* unknown SMB 0x41 */
11296 dissect_unknown_smb, /* unknown SMB 0x42 */
11297 dissect_unknown_smb, /* unknown SMB 0x43 */
11298 dissect_unknown_smb, /* unknown SMB 0x44 */
11299 dissect_unknown_smb, /* unknown SMB 0x45 */
11300 dissect_unknown_smb, /* unknown SMB 0x46 */
11301 dissect_unknown_smb, /* unknown SMB 0x47 */
11302 dissect_unknown_smb, /* unknown SMB 0x48 */
11303 dissect_unknown_smb, /* unknown SMB 0x49 */
11304 dissect_unknown_smb, /* unknown SMB 0x4a */
11305 dissect_unknown_smb, /* unknown SMB 0x4b */
11306 dissect_unknown_smb, /* unknown SMB 0x4c */
11307 dissect_unknown_smb, /* unknown SMB 0x4d */
11308 dissect_unknown_smb, /* unknown SMB 0x4e */
11309 dissect_unknown_smb, /* unknown SMB 0x4f */
11310 dissect_unknown_smb, /* unknown SMB 0x50 */
11311 dissect_unknown_smb, /* unknown SMB 0x51 */
11312 dissect_unknown_smb, /* unknown SMB 0x52 */
11313 dissect_unknown_smb, /* unknown SMB 0x53 */
11314 dissect_unknown_smb, /* unknown SMB 0x54 */
11315 dissect_unknown_smb, /* unknown SMB 0x55 */
11316 dissect_unknown_smb, /* unknown SMB 0x56 */
11317 dissect_unknown_smb, /* unknown SMB 0x57 */
11318 dissect_unknown_smb, /* unknown SMB 0x58 */
11319 dissect_unknown_smb, /* unknown SMB 0x59 */
11320 dissect_unknown_smb, /* unknown SMB 0x5a */
11321 dissect_unknown_smb, /* unknown SMB 0x5b */
11322 dissect_unknown_smb, /* unknown SMB 0x5c */
11323 dissect_unknown_smb, /* unknown SMB 0x5d */
11324 dissect_unknown_smb, /* unknown SMB 0x5e */
11325 dissect_unknown_smb, /* unknown SMB 0x5f */
11326 dissect_unknown_smb, /* unknown SMB 0x60 */
11327 dissect_unknown_smb, /* unknown SMB 0x61 */
11328 dissect_unknown_smb, /* unknown SMB 0x62 */
11329 dissect_unknown_smb, /* unknown SMB 0x63 */
11330 dissect_unknown_smb, /* unknown SMB 0x64 */
11331 dissect_unknown_smb, /* unknown SMB 0x65 */
11332 dissect_unknown_smb, /* unknown SMB 0x66 */
11333 dissect_unknown_smb, /* unknown SMB 0x67 */
11334 dissect_unknown_smb, /* unknown SMB 0x68 */
11335 dissect_unknown_smb, /* unknown SMB 0x69 */
11336 dissect_unknown_smb, /* unknown SMB 0x6a */
11337 dissect_unknown_smb, /* unknown SMB 0x6b */
11338 dissect_unknown_smb, /* unknown SMB 0x6c */
11339 dissect_unknown_smb, /* unknown SMB 0x6d */
11340 dissect_unknown_smb, /* unknown SMB 0x6e */
11341 dissect_unknown_smb, /* unknown SMB 0x6f */
11342 dissect_treecon_smb, /* SMBtcon tree connect */
11343 dissect_tdis_smb, /* SMBtdis tree disconnect */
11344 dissect_negprot_smb, /* SMBnegprot negotiate a protocol */
11345 dissect_ssetup_andx_smb, /* SMBsesssetupX Session Set Up & X (including User Logon) */
11346 dissect_logoff_andx_smb, /* SMBlogof Logoff & X */
11347 dissect_tcon_andx_smb, /* SMBtconX tree connect and X */
11348 dissect_unknown_smb, /* unknown SMB 0x76 */
11349 dissect_unknown_smb, /* unknown SMB 0x77 */
11350 dissect_unknown_smb, /* unknown SMB 0x78 */
11351 dissect_unknown_smb, /* unknown SMB 0x79 */
11352 dissect_unknown_smb, /* unknown SMB 0x7a */
11353 dissect_unknown_smb, /* unknown SMB 0x7b */
11354 dissect_unknown_smb, /* unknown SMB 0x7c */
11355 dissect_unknown_smb, /* unknown SMB 0x7d */
11356 dissect_unknown_smb, /* unknown SMB 0x7e */
11357 dissect_unknown_smb, /* unknown SMB 0x7f */
11358 dissect_get_disk_attr_smb,/* SMBdskattr get disk attributes */
11359 dissect_search_dir_smb, /* SMBsearch search a directory */
11360 dissect_unknown_smb, /* SMBffirst find first */
11361 dissect_unknown_smb, /* SMBfunique find unique */
11362 dissect_unknown_smb, /* SMBfclose find close */
11363 dissect_unknown_smb, /* unknown SMB 0x85 */
11364 dissect_unknown_smb, /* unknown SMB 0x86 */
11365 dissect_unknown_smb, /* unknown SMB 0x87 */
11366 dissect_unknown_smb, /* unknown SMB 0x88 */
11367 dissect_unknown_smb, /* unknown SMB 0x89 */
11368 dissect_unknown_smb, /* unknown SMB 0x8a */
11369 dissect_unknown_smb, /* unknown SMB 0x8b */
11370 dissect_unknown_smb, /* unknown SMB 0x8c */
11371 dissect_unknown_smb, /* unknown SMB 0x8d */
11372 dissect_unknown_smb, /* unknown SMB 0x8e */
11373 dissect_unknown_smb, /* unknown SMB 0x8f */
11374 dissect_unknown_smb, /* unknown SMB 0x90 */
11375 dissect_unknown_smb, /* unknown SMB 0x91 */
11376 dissect_unknown_smb, /* unknown SMB 0x92 */
11377 dissect_unknown_smb, /* unknown SMB 0x93 */
11378 dissect_unknown_smb, /* unknown SMB 0x94 */
11379 dissect_unknown_smb, /* unknown SMB 0x95 */
11380 dissect_unknown_smb, /* unknown SMB 0x96 */
11381 dissect_unknown_smb, /* unknown SMB 0x97 */
11382 dissect_unknown_smb, /* unknown SMB 0x98 */
11383 dissect_unknown_smb, /* unknown SMB 0x99 */
11384 dissect_unknown_smb, /* unknown SMB 0x9a */
11385 dissect_unknown_smb, /* unknown SMB 0x9b */
11386 dissect_unknown_smb, /* unknown SMB 0x9c */
11387 dissect_unknown_smb, /* unknown SMB 0x9d */
11388 dissect_unknown_smb, /* unknown SMB 0x9e */
11389 dissect_unknown_smb, /* unknown SMB 0x9f */
11390 dissect_unknown_smb, /* unknown SMB 0xa0 */
11391 dissect_unknown_smb, /* unknown SMB 0xa1 */
11392 dissect_unknown_smb, /* unknown SMB 0xa2 */
11393 dissect_unknown_smb, /* unknown SMB 0xa3 */
11394 dissect_unknown_smb, /* unknown SMB 0xa4 */
11395 dissect_unknown_smb, /* unknown SMB 0xa5 */
11396 dissect_unknown_smb, /* unknown SMB 0xa6 */
11397 dissect_unknown_smb, /* unknown SMB 0xa7 */
11398 dissect_unknown_smb, /* unknown SMB 0xa8 */
11399 dissect_unknown_smb, /* unknown SMB 0xa9 */
11400 dissect_unknown_smb, /* unknown SMB 0xaa */
11401 dissect_unknown_smb, /* unknown SMB 0xab */
11402 dissect_unknown_smb, /* unknown SMB 0xac */
11403 dissect_unknown_smb, /* unknown SMB 0xad */
11404 dissect_unknown_smb, /* unknown SMB 0xae */
11405 dissect_unknown_smb, /* unknown SMB 0xaf */
11406 dissect_unknown_smb, /* unknown SMB 0xb0 */
11407 dissect_unknown_smb, /* unknown SMB 0xb1 */
11408 dissect_unknown_smb, /* unknown SMB 0xb2 */
11409 dissect_unknown_smb, /* unknown SMB 0xb3 */
11410 dissect_unknown_smb, /* unknown SMB 0xb4 */
11411 dissect_unknown_smb, /* unknown SMB 0xb5 */
11412 dissect_unknown_smb, /* unknown SMB 0xb6 */
11413 dissect_unknown_smb, /* unknown SMB 0xb7 */
11414 dissect_unknown_smb, /* unknown SMB 0xb8 */
11415 dissect_unknown_smb, /* unknown SMB 0xb9 */
11416 dissect_unknown_smb, /* unknown SMB 0xba */
11417 dissect_unknown_smb, /* unknown SMB 0xbb */
11418 dissect_unknown_smb, /* unknown SMB 0xbc */
11419 dissect_unknown_smb, /* unknown SMB 0xbd */
11420 dissect_unknown_smb, /* unknown SMB 0xbe */
11421 dissect_unknown_smb, /* unknown SMB 0xbf */
11422 dissect_unknown_smb, /* SMBsplopen open a print spool file */
11423 dissect_write_print_file_smb,/* SMBsplwr write to a print spool file */
11424 dissect_close_print_file_smb,/* SMBsplclose close a print spool file */
11425 dissect_get_print_queue_smb, /* SMBsplretq return print queue */
11426 dissect_unknown_smb, /* unknown SMB 0xc4 */
11427 dissect_unknown_smb, /* unknown SMB 0xc5 */
11428 dissect_unknown_smb, /* unknown SMB 0xc6 */
11429 dissect_unknown_smb, /* unknown SMB 0xc7 */
11430 dissect_unknown_smb, /* unknown SMB 0xc8 */
11431 dissect_unknown_smb, /* unknown SMB 0xc9 */
11432 dissect_unknown_smb, /* unknown SMB 0xca */
11433 dissect_unknown_smb, /* unknown SMB 0xcb */
11434 dissect_unknown_smb, /* unknown SMB 0xcc */
11435 dissect_unknown_smb, /* unknown SMB 0xcd */
11436 dissect_unknown_smb, /* unknown SMB 0xce */
11437 dissect_unknown_smb, /* unknown SMB 0xcf */
11438 dissect_unknown_smb, /* SMBsends send a single block message */
11439 dissect_unknown_smb, /* SMBsendb send a broadcast message */
11440 dissect_unknown_smb, /* SMBfwdname forward user name */
11441 dissect_unknown_smb, /* SMBcancelf cancel forward */
11442 dissect_unknown_smb, /* SMBgetmac get a machine name */
11443 dissect_unknown_smb, /* SMBsendstrt send start of multi-block message */
11444 dissect_unknown_smb, /* SMBsendend send end of multi-block message */
11445 dissect_unknown_smb, /* SMBsendtxt send text of multi-block message */
11446 dissect_unknown_smb, /* unknown SMB 0xd8 */
11447 dissect_unknown_smb, /* unknown SMB 0xd9 */
11448 dissect_unknown_smb, /* unknown SMB 0xda */
11449 dissect_unknown_smb, /* unknown SMB 0xdb */
11450 dissect_unknown_smb, /* unknown SMB 0xdc */
11451 dissect_unknown_smb, /* unknown SMB 0xdd */
11452 dissect_unknown_smb, /* unknown SMB 0xde */
11453 dissect_unknown_smb, /* unknown SMB 0xdf */
11454 dissect_unknown_smb, /* unknown SMB 0xe0 */
11455 dissect_unknown_smb, /* unknown SMB 0xe1 */
11456 dissect_unknown_smb, /* unknown SMB 0xe2 */
11457 dissect_unknown_smb, /* unknown SMB 0xe3 */
11458 dissect_unknown_smb, /* unknown SMB 0xe4 */
11459 dissect_unknown_smb, /* unknown SMB 0xe5 */
11460 dissect_unknown_smb, /* unknown SMB 0xe6 */
11461 dissect_unknown_smb, /* unknown SMB 0xe7 */
11462 dissect_unknown_smb, /* unknown SMB 0xe8 */
11463 dissect_unknown_smb, /* unknown SMB 0xe9 */
11464 dissect_unknown_smb, /* unknown SMB 0xea */
11465 dissect_unknown_smb, /* unknown SMB 0xeb */
11466 dissect_unknown_smb, /* unknown SMB 0xec */
11467 dissect_unknown_smb, /* unknown SMB 0xed */
11468 dissect_unknown_smb, /* unknown SMB 0xee */
11469 dissect_unknown_smb, /* unknown SMB 0xef */
11470 dissect_unknown_smb, /* unknown SMB 0xf0 */
11471 dissect_unknown_smb, /* unknown SMB 0xf1 */
11472 dissect_unknown_smb, /* unknown SMB 0xf2 */
11473 dissect_unknown_smb, /* unknown SMB 0xf3 */
11474 dissect_unknown_smb, /* unknown SMB 0xf4 */
11475 dissect_unknown_smb, /* unknown SMB 0xf5 */
11476 dissect_unknown_smb, /* unknown SMB 0xf6 */
11477 dissect_unknown_smb, /* unknown SMB 0xf7 */
11478 dissect_unknown_smb, /* unknown SMB 0xf8 */
11479 dissect_unknown_smb, /* unknown SMB 0xf9 */
11480 dissect_unknown_smb, /* unknown SMB 0xfa */
11481 dissect_unknown_smb, /* unknown SMB 0xfb */
11482 dissect_unknown_smb, /* unknown SMB 0xfc */
11483 dissect_unknown_smb, /* unknown SMB 0xfd */
11484 dissect_unknown_smb, /* SMBinvalid invalid command */
11485 dissect_unknown_smb /* unknown SMB 0xff */
11489 static const value_string errcls_types[] = {
11490 { SMB_SUCCESS, "Success"},
11491 { SMB_ERRDOS, "DOS Error"},
11492 { SMB_ERRSRV, "Server Error"},
11493 { SMB_ERRHRD, "Hardware Error"},
11494 { SMB_ERRCMD, "Command Error - Not an SMB format command"},
11498 char *decode_smb_name(unsigned char cmd)
11501 return(SMB_names[cmd]);
11505 static const value_string DOS_errors[] = {
11506 {SMBE_badfunc, "Invalid function (or system call)"},
11507 {SMBE_badfile, "File not found (pathname error)"},
11508 {SMBE_badpath, "Directory not found"},
11509 {SMBE_nofids, "Too many open files"},
11510 {SMBE_noaccess, "Access denied"},
11511 {SMBE_badfid, "Invalid fid"},
11512 {SMBE_nomem, "Out of memory"},
11513 {SMBE_badmem, "Invalid memory block address"},
11514 {SMBE_badenv, "Invalid environment"},
11515 {SMBE_badaccess, "Invalid open mode"},
11516 {SMBE_baddata, "Invalid data (only from ioctl call)"},
11517 {SMBE_res, "Reserved error code?"},
11518 {SMBE_baddrive, "Invalid drive"},
11519 {SMBE_remcd, "Attempt to delete current directory"},
11520 {SMBE_diffdevice, "Rename/move across different filesystems"},
11521 {SMBE_nofiles, "no more files found in file search"},
11522 {SMBE_badshare, "Share mode on file conflict with open mode"},
11523 {SMBE_lock, "Lock request conflicts with existing lock"},
11524 {SMBE_unsup, "Request unsupported, returned by Win 95"},
11525 {SMBE_filexists, "File in operation already exists"},
11526 {SMBE_cannotopen, "Cannot open the file specified"},
11527 {SMBE_unknownlevel, "Unknown level??"},
11528 {SMBE_badpipe, "Named pipe invalid"},
11529 {SMBE_pipebusy, "All instances of pipe are busy"},
11530 {SMBE_pipeclosing, "Named pipe close in progress"},
11531 {SMBE_notconnected, "No process on other end of named pipe"},
11532 {SMBE_moredata, "More data to be returned"},
11533 {SMBE_baddirectory, "Invalid directory name in a path."},
11534 {SMBE_eas_didnt_fit, "Extended attributes didn't fit"},
11535 {SMBE_eas_nsup, "Extended attributes not supported"},
11536 {SMBE_notify_buf_small, "Buffer too small to return change notify."},
11537 {SMBE_unknownipc, "Unknown IPC Operation"},
11538 {SMBE_noipc, "Don't support ipc"},
11542 /* Error codes for the ERRSRV class */
11544 static const value_string SRV_errors[] = {
11545 {SMBE_error, "Non specific error code"},
11546 {SMBE_badpw, "Bad password"},
11547 {SMBE_badtype, "Reserved"},
11548 {SMBE_access, "No permissions to perform the requested operation"},
11549 {SMBE_invnid, "TID invalid"},
11550 {SMBE_invnetname, "Invalid network name. Service not found"},
11551 {SMBE_invdevice, "Invalid device"},
11552 {SMBE_unknownsmb, "Unknown SMB, from NT 3.5 response"},
11553 {SMBE_qfull, "Print queue full"},
11554 {SMBE_qtoobig, "Queued item too big"},
11555 {SMBE_qeof, "EOF on print queue dump"},
11556 {SMBE_invpfid, "Invalid print file in smb_fid"},
11557 {SMBE_smbcmd, "Unrecognised command"},
11558 {SMBE_srverror, "SMB server internal error"},
11559 {SMBE_filespecs, "Fid and pathname invalid combination"},
11560 {SMBE_badlink, "Bad link in request ???"},
11561 {SMBE_badpermits, "Access specified for a file is not valid"},
11562 {SMBE_badpid, "Bad process id in request"},
11563 {SMBE_setattrmode, "Attribute mode invalid"},
11564 {SMBE_paused, "Message server paused"},
11565 {SMBE_msgoff, "Not receiving messages"},
11566 {SMBE_noroom, "No room for message"},
11567 {SMBE_rmuns, "Too many remote usernames"},
11568 {SMBE_timeout, "Operation timed out"},
11569 {SMBE_noresource, "No resources currently available for request."},
11570 {SMBE_toomanyuids, "Too many userids"},
11571 {SMBE_baduid, "Bad userid"},
11572 {SMBE_useMPX, "Temporarily unable to use raw mode, use MPX mode"},
11573 {SMBE_useSTD, "Temporarily unable to use raw mode, use standard mode"},
11574 {SMBE_contMPX, "Resume MPX mode"},
11575 {SMBE_badPW, "Bad Password???"},
11576 {SMBE_nosupport, "Operation not supported???"},
11580 /* Error codes for the ERRHRD class */
11582 static const value_string HRD_errors[] = {
11583 {SMBE_nowrite, "read only media"},
11584 {SMBE_badunit, "Unknown device"},
11585 {SMBE_notready, "Drive not ready"},
11586 {SMBE_badcmd, "Unknown command"},
11587 {SMBE_data, "Data (CRC) error"},
11588 {SMBE_badreq, "Bad request structure length"},
11589 {SMBE_seek, "Seek error???"},
11590 {SMBE_badmedia, "Bad media???"},
11591 {SMBE_badsector, "Bad sector???"},
11592 {SMBE_nopaper, "No paper in printer???"},
11593 {SMBE_write, "Write error???"},
11594 {SMBE_read, "Read error???"},
11595 {SMBE_general, "General error???"},
11596 {SMBE_badshare, "A open conflicts with an existing open"},
11597 {SMBE_lock, "Lock/unlock error"},
11598 {SMBE_wrongdisk, "Wrong disk???"},
11599 {SMBE_FCBunavail, "FCB unavailable???"},
11600 {SMBE_sharebufexc, "Share buffer excluded???"},
11601 {SMBE_diskfull, "Disk full???"},
11605 char *decode_smb_error(guint8 errcls, guint8 errcode)
11612 return("No Error"); /* No error ??? */
11617 return(val_to_str(errcode, DOS_errors, "Unknown DOS error (%x)"));
11622 return(val_to_str(errcode, SRV_errors, "Unknown SRV error (%x)"));
11627 return(val_to_str(errcode, HRD_errors, "Unknown HRD error (%x)"));
11632 return("Unknown error class!");
11638 #define SMB_FLAGS_DIRN 0x80
11641 dissect_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data)
11643 proto_tree *smb_tree = tree, *flags_tree, *flags2_tree;
11644 proto_item *ti, *tf;
11645 guint8 cmd, errcls, errcode1, flags;
11646 guint16 flags2, errcode, tid, pid, uid, mid;
11647 int SMB_offset = offset;
11648 struct smb_info si;
11652 cmd = pd[offset + SMB_hdr_com_offset];
11654 if (check_col(fd, COL_PROTOCOL))
11655 col_add_str(fd, COL_PROTOCOL, "SMB");
11657 /* Hmmm, poor coding here ... Also, should check the type */
11659 if (check_col(fd, COL_INFO)) {
11661 col_add_fstr(fd, COL_INFO, "%s %s", decode_smb_name(cmd), (pi.match_port == pi.destport)? "Request" : "Response");
11667 ti = proto_tree_add_item(tree, proto_smb, offset, END_OF_FRAME, NULL);
11668 smb_tree = proto_item_add_subtree(ti, ett_smb);
11670 /* 0xFFSMB is actually a 1 byte msg type and 3 byte server
11671 * component ... SMB is only one used
11674 proto_tree_add_text(smb_tree, offset, 1, "Message Type: 0xFF");
11675 proto_tree_add_text(smb_tree, offset+1, 3, "Server Component: SMB");
11679 offset += 4; /* Skip the marker */
11683 proto_tree_add_text(smb_tree, offset, 1, "Command: %s", decode_smb_name(cmd));
11689 /* Next, look at the error class, SMB_RETCLASS */
11691 errcls = pd[offset];
11695 proto_tree_add_text(smb_tree, offset, 1, "Error Class: %s",
11696 val_to_str((guint8)pd[offset], errcls_types, "Unknown Error Class (%x)"));
11701 /* Error code, SMB_HEINFO ... */
11703 errcode1 = pd[offset];
11707 proto_tree_add_text(smb_tree, offset, 1, "Reserved: %i", errcode1);
11713 errcode = GSHORT(pd, offset);
11717 proto_tree_add_text(smb_tree, offset, 2, "Error Code: %s",
11718 decode_smb_error(errcls, errcode));
11724 /* Now for the flags: Bit 0 = 0 means cmd, 0 = 1 means resp */
11726 flags = pd[offset];
11730 tf = proto_tree_add_text(smb_tree, offset, 1, "Flags: 0x%02x", flags);
11732 flags_tree = proto_item_add_subtree(tf, ett_smb_flags);
11733 proto_tree_add_text(flags_tree, offset, 1, "%s",
11734 decode_boolean_bitfield(flags, 0x01, 8,
11735 "Lock&Read, Write&Unlock supported",
11736 "Lock&Read, Write&Unlock not supported"));
11737 proto_tree_add_text(flags_tree, offset, 1, "%s",
11738 decode_boolean_bitfield(flags, 0x02, 8,
11739 "Receive buffer posted",
11740 "Receive buffer not posted"));
11741 proto_tree_add_text(flags_tree, offset, 1, "%s",
11742 decode_boolean_bitfield(flags, 0x08, 8,
11743 "Path names caseless",
11744 "Path names case sensitive"));
11745 proto_tree_add_text(flags_tree, offset, 1, "%s",
11746 decode_boolean_bitfield(flags, 0x10, 8,
11747 "Pathnames canonicalized",
11748 "Pathnames not canonicalized"));
11749 proto_tree_add_text(flags_tree, offset, 1, "%s",
11750 decode_boolean_bitfield(flags, 0x20, 8,
11751 "OpLocks requested/granted",
11752 "OpLocks not requested/granted"));
11753 proto_tree_add_text(flags_tree, offset, 1, "%s",
11754 decode_boolean_bitfield(flags, 0x40, 8,
11756 "Notify open only"));
11758 proto_tree_add_text(flags_tree, offset, 1, "%s",
11759 decode_boolean_bitfield(flags, SMB_FLAGS_DIRN,
11760 8, "Response to client/redirector", "Request to server"));
11766 flags2 = GSHORT(pd, offset);
11770 tf = proto_tree_add_text(smb_tree, offset, 1, "Flags2: 0x%04x", flags2);
11772 flags2_tree = proto_item_add_subtree(tf, ett_smb_flags2);
11773 proto_tree_add_text(flags2_tree, offset, 1, "%s",
11774 decode_boolean_bitfield(flags2, 0x0001, 16,
11775 "Long file names supported",
11776 "Long file names not supported"));
11777 proto_tree_add_text(flags2_tree, offset, 1, "%s",
11778 decode_boolean_bitfield(flags2, 0x0002, 16,
11779 "Extended attributes supported",
11780 "Extended attributes not supported"));
11781 proto_tree_add_text(flags2_tree, offset, 1, "%s",
11782 decode_boolean_bitfield(flags2, 0x0004, 16,
11783 "Security signatures supported",
11784 "Security signatures not supported"));
11785 proto_tree_add_text(flags2_tree, offset, 1, "%s",
11786 decode_boolean_bitfield(flags2, 0x0800, 16,
11787 "Extended security negotiation supported",
11788 "Extended security negotiation not supported"));
11789 proto_tree_add_text(flags2_tree, offset, 1, "%s",
11790 decode_boolean_bitfield(flags2, 0x1000, 16,
11791 "Resolve pathnames with DFS",
11792 "Don't resolve pathnames with DFS"));
11793 proto_tree_add_text(flags2_tree, offset, 1, "%s",
11794 decode_boolean_bitfield(flags2, 0x2000, 16,
11795 "Permit reads if execute-only",
11796 "Don't permit reads if execute-only"));
11797 proto_tree_add_text(flags2_tree, offset, 1, "%s",
11798 decode_boolean_bitfield(flags2, 0x4000, 16,
11799 "Error codes are NT error codes",
11800 "Error codes are DOS error codes"));
11801 proto_tree_add_text(flags2_tree, offset, 1, "%s",
11802 decode_boolean_bitfield(flags2, 0x8000, 16,
11803 "Strings are Unicode",
11804 "Strings are ASCII"));
11808 if (flags2 & 0x8000) si.unicode = 1; /* Mark them as Unicode */
11814 proto_tree_add_text(smb_tree, offset, 12, "Reserved: 6 WORDS");
11820 /* Now the TID, tree ID */
11822 tid = GSHORT(pd, offset);
11827 proto_tree_add_text(smb_tree, offset, 2, "Network Path/Tree ID (TID): %i (%04x)", tid, tid);
11833 /* Now the PID, Process ID */
11835 pid = GSHORT(pd, offset);
11840 proto_tree_add_text(smb_tree, offset, 2, "Process ID (PID): %i (%04x)", pid, pid);
11846 /* Now the UID, User ID */
11848 uid = GSHORT(pd, offset);
11853 proto_tree_add_text(smb_tree, offset, 2, "User ID (UID): %i (%04x)", uid, uid);
11859 /* Now the MID, Multiplex ID */
11861 mid = GSHORT(pd, offset);
11866 proto_tree_add_text(smb_tree, offset, 2, "Multiplex ID (MID): %i (%04x)", mid, mid);
11872 /* Now vector through the table to dissect them */
11874 (dissect[cmd])(pd, offset, fd, tree, smb_tree, si, max_data, SMB_offset, errcode,
11875 ((flags & 0x80) == 0));
11881 proto_register_smb(void)
11883 /* static hf_register_info hf[] = {
11885 { "Name", "smb.abbreviation", TYPE, VALS_POINTER }},
11887 static gint *ett[] = {
11889 &ett_smb_fileattributes,
11890 &ett_smb_capabilities,
11897 &ett_smb_desiredaccess,
11900 &ett_smb_openfunction,
11903 &ett_smb_writemode,
11904 &ett_smb_lock_type,
11907 &ett_browse_election_criteria,
11908 &ett_browse_election_os,
11909 &ett_browse_election_desire,
11911 &ett_lanman_servers,
11912 &ett_lanman_server,
11913 &ett_lanman_shares,
11917 proto_smb = proto_register_protocol("Server Message Block Protocol", "smb");
11918 proto_browse = proto_register_protocol("Microsoft Windows Browser Protocol", "browser");
11919 proto_lanman = proto_register_protocol("Microsoft Windows LanMan Protocol", "lanman");
11920 /* proto_register_field_array(proto_smb, hf, array_length(hf));*/
11921 proto_register_subtree_array(ett, array_length(ett));
11922 register_init_routine(&smb_init_protocol);