2 * Routines for smb packet dissection
3 * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
5 * $Id: packet-smb.c,v 1.78 2001/01/03 16:41:07 gram Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@zing.org>
9 * Copyright 1998 Gerald Combs
11 * Copied from packet-pop.c
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
34 #ifdef HAVE_SYS_TYPES_H
35 # include <sys/types.h>
38 #ifdef HAVE_NETINET_IN_H
39 # include <netinet/in.h>
47 #include "conversation.h"
49 #include "alignment.h"
52 guint32 dissect_mailslot_smb(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info, int, int, int, int, const u_char *, int, int, int, int);
54 guint32 dissect_pipe_smb(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info, int, int, int, int, const u_char *, int, int, int, int);
57 static int proto_smb = -1;
59 static int hf_smb_cmd = -1;
61 static gint ett_smb = -1;
62 static gint ett_smb_fileattributes = -1;
63 static gint ett_smb_capabilities = -1;
64 static gint ett_smb_aflags = -1;
65 static gint ett_smb_dialects = -1;
66 static gint ett_smb_mode = -1;
67 static gint ett_smb_rawmode = -1;
68 static gint ett_smb_flags = -1;
69 static gint ett_smb_flags2 = -1;
70 static gint ett_smb_desiredaccess = -1;
71 static gint ett_smb_search = -1;
72 static gint ett_smb_file = -1;
73 static gint ett_smb_openfunction = -1;
74 static gint ett_smb_filetype = -1;
75 static gint ett_smb_action = -1;
76 static gint ett_smb_writemode = -1;
77 static gint ett_smb_lock_type = -1;
82 * Struct passed to each SMB decode routine of info it may need
85 char *decode_smb_name(unsigned char);
87 int smb_packet_init_count = 200;
89 struct smb_request_key {
95 GHashTable *smb_request_hash = NULL;
96 GMemChunk *smb_request_keys = NULL;
97 GMemChunk *smb_request_vals = NULL;
101 smb_equal(gconstpointer v, gconstpointer w)
103 struct smb_request_key *v1 = (struct smb_request_key *)v;
104 struct smb_request_key *v2 = (struct smb_request_key *)w;
106 #if defined(DEBUG_SMB_HASH)
107 printf("Comparing %08X:%u\n and %08X:%u\n",
108 v1 -> conversation, v1 -> mid,
109 v2 -> conversation, v2 -> mid);
112 if (v1 -> conversation == v2 -> conversation &&
113 v1 -> mid == v2 -> mid) {
123 smb_hash (gconstpointer v)
125 struct smb_request_key *key = (struct smb_request_key *)v;
128 val = key -> conversation + key -> mid;
130 #if defined(DEBUG_SMB_HASH)
131 printf("SMB Hash calculated as %u\n", val);
139 * Free up any state information we've saved, and re-initialize the
140 * tables of state information.
143 smb_init_protocol(void)
145 #if defined(DEBUG_SMB_HASH)
146 printf("Initializing SMB hashtable area\n");
149 if (smb_request_hash)
150 g_hash_table_destroy(smb_request_hash);
151 if (smb_request_keys)
152 g_mem_chunk_destroy(smb_request_keys);
153 if (smb_request_vals)
154 g_mem_chunk_destroy(smb_request_vals);
156 smb_request_hash = g_hash_table_new(smb_hash, smb_equal);
157 smb_request_keys = g_mem_chunk_new("smb_request_keys",
158 sizeof(struct smb_request_key),
159 smb_packet_init_count * sizeof(struct smb_request_key), G_ALLOC_AND_FREE);
160 smb_request_vals = g_mem_chunk_new("smb_request_vals",
161 sizeof(struct smb_request_val),
162 smb_packet_init_count * sizeof(struct smb_request_val), G_ALLOC_AND_FREE);
165 void (*dissect[256])(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info si, int, int, int, int);
167 static const value_string smb_cmd_vals[] = {
168 { 0x00, "SMBcreatedirectory" },
169 { 0x01, "SMBdeletedirectory" },
171 { 0x03, "SMBcreate" },
172 { 0x04, "SMBclose" },
173 { 0x05, "SMBflush" },
174 { 0x06, "SMBunlink" },
176 { 0x08, "SMBgetatr" },
177 { 0x09, "SMBsetatr" },
179 { 0x0B, "SMBwrite" },
181 { 0x0D, "SMBunlock" },
182 { 0x0E, "SMBctemp" },
183 { 0x0F, "SMBmknew" },
184 { 0x10, "SMBchkpth" },
186 { 0x12, "SMBlseek" },
187 { 0x13, "SMBlockread" },
188 { 0x14, "SMBwriteunlock" },
189 { 0x15, "unknown-0x15" },
190 { 0x16, "unknown-0x16" },
191 { 0x17, "unknown-0x17" },
192 { 0x18, "unknown-0x18" },
193 { 0x19, "unknown-0x19" },
194 { 0x1A, "SMBreadBraw" },
195 { 0x1B, "SMBreadBmpx" },
196 { 0x1C, "SMBreadBs" },
197 { 0x1D, "SMBwriteBraw" },
198 { 0x1E, "SMBwriteBmpx" },
199 { 0x1F, "SMBwriteBs" },
200 { 0x20, "SMBwriteC" },
201 { 0x21, "unknown-0x21" },
202 { 0x22, "SMBsetattrE" },
203 { 0x23, "SMBgetattrE" },
204 { 0x24, "SMBlockingX" },
205 { 0x25, "SMBtrans" },
206 { 0x26, "SMBtranss" },
207 { 0x27, "SMBioctl" },
208 { 0x28, "SMBioctls" },
212 { 0x2C, "SMBwriteclose" },
213 { 0x2D, "SMBopenX" },
214 { 0x2E, "SMBreadX" },
215 { 0x2F, "SMBwriteX" },
216 { 0x30, "unknown-0x30" },
217 { 0x31, "SMBcloseandtreedisc" },
218 { 0x32, "SMBtrans2" },
219 { 0x33, "SMBtrans2secondary" },
220 { 0x34, "SMBfindclose2" },
221 { 0x35, "SMBfindnotifyclose" },
222 { 0x36, "unknown-0x36" },
223 { 0x37, "unknown-0x37" },
224 { 0x38, "unknown-0x38" },
225 { 0x39, "unknown-0x39" },
226 { 0x3A, "unknown-0x3A" },
227 { 0x3B, "unknown-0x3B" },
228 { 0x3C, "unknown-0x3C" },
229 { 0x3D, "unknown-0x3D" },
230 { 0x3E, "unknown-0x3E" },
231 { 0x3F, "unknown-0x3F" },
232 { 0x40, "unknown-0x40" },
233 { 0x41, "unknown-0x41" },
234 { 0x42, "unknown-0x42" },
235 { 0x43, "unknown-0x43" },
236 { 0x44, "unknown-0x44" },
237 { 0x45, "unknown-0x45" },
238 { 0x46, "unknown-0x46" },
239 { 0x47, "unknown-0x47" },
240 { 0x48, "unknown-0x48" },
241 { 0x49, "unknown-0x49" },
242 { 0x4A, "unknown-0x4A" },
243 { 0x4B, "unknown-0x4B" },
244 { 0x4C, "unknown-0x4C" },
245 { 0x4D, "unknown-0x4D" },
246 { 0x4E, "unknown-0x4E" },
247 { 0x4F, "unknown-0x4F" },
248 { 0x50, "unknown-0x50" },
249 { 0x51, "unknown-0x51" },
250 { 0x52, "unknown-0x52" },
251 { 0x53, "unknown-0x53" },
252 { 0x54, "unknown-0x54" },
253 { 0x55, "unknown-0x55" },
254 { 0x56, "unknown-0x56" },
255 { 0x57, "unknown-0x57" },
256 { 0x58, "unknown-0x58" },
257 { 0x59, "unknown-0x59" },
258 { 0x5A, "unknown-0x5A" },
259 { 0x5B, "unknown-0x5B" },
260 { 0x5C, "unknown-0x5C" },
261 { 0x5D, "unknown-0x5D" },
262 { 0x5E, "unknown-0x5E" },
263 { 0x5F, "unknown-0x5F" },
264 { 0x60, "unknown-0x60" },
265 { 0x61, "unknown-0x61" },
266 { 0x62, "unknown-0x62" },
267 { 0x63, "unknown-0x63" },
268 { 0x64, "unknown-0x64" },
269 { 0x65, "unknown-0x65" },
270 { 0x66, "unknown-0x66" },
271 { 0x67, "unknown-0x67" },
272 { 0x68, "unknown-0x68" },
273 { 0x69, "unknown-0x69" },
274 { 0x6A, "unknown-0x6A" },
275 { 0x6B, "unknown-0x6B" },
276 { 0x6C, "unknown-0x6C" },
277 { 0x6D, "unknown-0x6D" },
278 { 0x6E, "unknown-0x6E" },
279 { 0x6F, "unknown-0x6F" },
282 { 0x72, "SMBnegprot" },
283 { 0x73, "SMBsesssetupX" },
284 { 0x74, "SMBlogoffX" },
285 { 0x75, "SMBtconX" },
286 { 0x76, "unknown-0x76" },
287 { 0x77, "unknown-0x77" },
288 { 0x78, "unknown-0x78" },
289 { 0x79, "unknown-0x79" },
290 { 0x7A, "unknown-0x7A" },
291 { 0x7B, "unknown-0x7B" },
292 { 0x7C, "unknown-0x7C" },
293 { 0x7D, "unknown-0x7D" },
294 { 0x7E, "unknown-0x7E" },
295 { 0x7F, "unknown-0x7F" },
296 { 0x80, "SMBdskattr" },
297 { 0x81, "SMBsearch" },
298 { 0x82, "SMBffirst" },
299 { 0x83, "SMBfunique" },
300 { 0x84, "SMBfclose" },
301 { 0x85, "unknown-0x85" },
302 { 0x86, "unknown-0x86" },
303 { 0x87, "unknown-0x87" },
304 { 0x88, "unknown-0x88" },
305 { 0x89, "unknown-0x89" },
306 { 0x8A, "unknown-0x8A" },
307 { 0x8B, "unknown-0x8B" },
308 { 0x8C, "unknown-0x8C" },
309 { 0x8D, "unknown-0x8D" },
310 { 0x8E, "unknown-0x8E" },
311 { 0x8F, "unknown-0x8F" },
312 { 0x90, "unknown-0x90" },
313 { 0x91, "unknown-0x91" },
314 { 0x92, "unknown-0x92" },
315 { 0x93, "unknown-0x93" },
316 { 0x94, "unknown-0x94" },
317 { 0x95, "unknown-0x95" },
318 { 0x96, "unknown-0x96" },
319 { 0x97, "unknown-0x97" },
320 { 0x98, "unknown-0x98" },
321 { 0x99, "unknown-0x99" },
322 { 0x9A, "unknown-0x9A" },
323 { 0x9B, "unknown-0x9B" },
324 { 0x9C, "unknown-0x9C" },
325 { 0x9D, "unknown-0x9D" },
326 { 0x9E, "unknown-0x9E" },
327 { 0x9F, "unknown-0x9F" },
328 { 0xA0, "SMBnttransact" },
329 { 0xA1, "SMBnttransactsecondary" },
330 { 0xA2, "SMBntcreateX" },
331 { 0xA3, "unknown-0xA3" },
332 { 0xA4, "SMBntcancel" },
333 { 0xA5, "unknown-0xA5" },
334 { 0xA6, "unknown-0xA6" },
335 { 0xA7, "unknown-0xA7" },
336 { 0xA8, "unknown-0xA8" },
337 { 0xA9, "unknown-0xA9" },
338 { 0xAA, "unknown-0xAA" },
339 { 0xAB, "unknown-0xAB" },
340 { 0xAC, "unknown-0xAC" },
341 { 0xAD, "unknown-0xAD" },
342 { 0xAE, "unknown-0xAE" },
343 { 0xAF, "unknown-0xAF" },
344 { 0xB0, "unknown-0xB0" },
345 { 0xB1, "unknown-0xB1" },
346 { 0xB2, "unknown-0xB2" },
347 { 0xB3, "unknown-0xB3" },
348 { 0xB4, "unknown-0xB4" },
349 { 0xB5, "unknown-0xB5" },
350 { 0xB6, "unknown-0xB6" },
351 { 0xB7, "unknown-0xB7" },
352 { 0xB8, "unknown-0xB8" },
353 { 0xB9, "unknown-0xB9" },
354 { 0xBA, "unknown-0xBA" },
355 { 0xBB, "unknown-0xBB" },
356 { 0xBC, "unknown-0xBC" },
357 { 0xBD, "unknown-0xBD" },
358 { 0xBE, "unknown-0xBE" },
359 { 0xBF, "unknown-0xBF" },
360 { 0xC0, "SMBsplopen" },
361 { 0xC1, "SMBsplwr" },
362 { 0xC2, "SMBsplclose" },
363 { 0xC3, "SMBsplretq" },
364 { 0xC4, "unknown-0xC4" },
365 { 0xC5, "unknown-0xC5" },
366 { 0xC6, "unknown-0xC6" },
367 { 0xC7, "unknown-0xC7" },
368 { 0xC8, "unknown-0xC8" },
369 { 0xC9, "unknown-0xC9" },
370 { 0xCA, "unknown-0xCA" },
371 { 0xCB, "unknown-0xCB" },
372 { 0xCC, "unknown-0xCC" },
373 { 0xCD, "unknown-0xCD" },
374 { 0xCE, "unknown-0xCE" },
375 { 0xCF, "unknown-0xCF" },
376 { 0xD0, "SMBsends" },
377 { 0xD1, "SMBsendb" },
378 { 0xD2, "SMBfwdname" },
379 { 0xD3, "SMBcancelf" },
380 { 0xD4, "SMBgetmac" },
381 { 0xD5, "SMBsendstrt" },
382 { 0xD6, "SMBsendend" },
383 { 0xD7, "SMBsendtxt" },
384 { 0xD8, "SMBreadbulk" },
385 { 0xD9, "SMBwritebulk" },
386 { 0xDA, "SMBwritebulkdata" },
387 { 0xDB, "unknown-0xDB" },
388 { 0xDC, "unknown-0xDC" },
389 { 0xDD, "unknown-0xDD" },
390 { 0xDE, "unknown-0xDE" },
391 { 0xDF, "unknown-0xDF" },
392 { 0xE0, "unknown-0xE0" },
393 { 0xE1, "unknown-0xE1" },
394 { 0xE2, "unknown-0xE2" },
395 { 0xE3, "unknown-0xE3" },
396 { 0xE4, "unknown-0xE4" },
397 { 0xE5, "unknown-0xE5" },
398 { 0xE6, "unknown-0xE6" },
399 { 0xE7, "unknown-0xE7" },
400 { 0xE8, "unknown-0xE8" },
401 { 0xE9, "unknown-0xE9" },
402 { 0xEA, "unknown-0xEA" },
403 { 0xEB, "unknown-0xEB" },
404 { 0xEC, "unknown-0xEC" },
405 { 0xED, "unknown-0xED" },
406 { 0xEE, "unknown-0xEE" },
407 { 0xEF, "unknown-0xEF" },
408 { 0xF0, "unknown-0xF0" },
409 { 0xF1, "unknown-0xF1" },
410 { 0xF2, "unknown-0xF2" },
411 { 0xF3, "unknown-0xF3" },
412 { 0xF4, "unknown-0xF4" },
413 { 0xF5, "unknown-0xF5" },
414 { 0xF6, "unknown-0xF6" },
415 { 0xF7, "unknown-0xF7" },
416 { 0xF8, "unknown-0xF8" },
417 { 0xF9, "unknown-0xF9" },
418 { 0xFA, "unknown-0xFA" },
419 { 0xFB, "unknown-0xFB" },
420 { 0xFC, "unknown-0xFC" },
421 { 0xFD, "unknown-0xFD" },
422 { 0xFE, "SMBinvalid" },
423 { 0xFF, "unknown-0xFF" },
427 char *SMB_names[256] = {
428 "SMBcreatedirectory",
429 "SMBdeletedirectory",
477 "SMBcloseandtreedisc",
479 "SMBtrans2secondary",
481 "SMBfindnotifyclose",
589 "SMBnttransactsecondary",
687 dissect_unknown_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
692 proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Data (%u bytes)",
700 * Dissect a UNIX like date ...
703 struct tm *_gtime; /* Add leading underscore ("_") to prevent symbol
704 conflict with /usr/include/time.h on some NetBSD
708 dissect_smbu_date(guint16 date, guint16 time)
711 static char datebuf[4+2+2+2+1+10];
712 time_t ltime = (date << 16) + time;
714 _gtime = gmtime(<ime);
717 sprintf(datebuf, "%04d-%02d-%02d",
718 1900 + (_gtime -> tm_year), 1 + (_gtime -> tm_mon), _gtime -> tm_mday);
720 sprintf(datebuf, "Bad date format");
730 dissect_smbu_time(guint16 date, guint16 time)
733 static char timebuf[2+2+2+2+1+10];
736 sprintf(timebuf, "%02d:%02d:%02d",
737 _gtime -> tm_hour, _gtime -> tm_min, _gtime -> tm_sec);
739 sprintf(timebuf, "Bad time format");
746 * Dissect a DOS-format date.
749 dissect_dos_date(guint16 date)
751 static char datebuf[4+2+2+1];
753 sprintf(datebuf, "%04d-%02d-%02d",
754 ((date>>9)&0x7F) + 1980, (date>>5)&0x0F, date&0x1F);
759 * Dissect a DOS-format time.
762 dissect_dos_time(guint16 time)
764 static char timebuf[2+2+2+1];
766 sprintf(timebuf, "%02d:%02d:%02d",
767 (time>>11)&0x1F, (time>>5)&0x3F, (time&0x1F)*2);
771 /* Max string length for displaying Unicode strings. */
772 #define MAX_UNICODE_STR_LEN 256
774 /* Turn a little-endian Unicode '\0'-terminated string into a string we
776 XXX - for now, we just handle the ISO 8859-1 characters. */
778 unicode_to_str(const guint8 *us, int *us_lenp) {
779 static gchar str[3][MAX_UNICODE_STR_LEN+3+1];
786 if (cur == &str[0][0]) {
788 } else if (cur == &str[1][0]) {
794 len = MAX_UNICODE_STR_LEN;
796 while (*us != 0 || *(us + 1) != 0) {
806 /* Note that we're not showing the full string. */
817 * Each dissect routine is passed an offset to wct and works from there
821 dissect_flush_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
828 if (dirn == 1) { /* Request(s) dissect code */
830 /* Build display for: Word Count (WCT) */
832 WordCount = GBYTE(pd, offset);
836 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
840 offset += 1; /* Skip Word Count (WCT) */
842 /* Build display for: FID */
844 FID = GSHORT(pd, offset);
848 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
852 offset += 2; /* Skip FID */
854 /* Build display for: Byte Count */
856 ByteCount = GSHORT(pd, offset);
860 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
864 offset += 2; /* Skip Byte Count */
868 if (dirn == 0) { /* Response(s) dissect code */
870 /* Build display for: Word Count (WCT) */
872 WordCount = GBYTE(pd, offset);
876 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
880 offset += 1; /* Skip Word Count (WCT) */
882 /* Build display for: Byte Count (BCC) */
884 ByteCount = GSHORT(pd, offset);
888 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
892 offset += 2; /* Skip Byte Count (BCC) */
899 dissect_get_disk_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
907 guint16 BlocksPerUnit;
910 if (dirn == 1) { /* Request(s) dissect code */
912 /* Build display for: Word Count (WCT) */
914 WordCount = GBYTE(pd, offset);
918 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
922 offset += 1; /* Skip Word Count (WCT) */
924 /* Build display for: Byte Count (BCC) */
926 ByteCount = GSHORT(pd, offset);
930 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
934 offset += 2; /* Skip Byte Count (BCC) */
938 if (dirn == 0) { /* Response(s) dissect code */
940 /* Build display for: Word Count (WCT) */
942 WordCount = GBYTE(pd, offset);
946 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
950 offset += 1; /* Skip Word Count (WCT) */
954 /* Build display for: Total Units */
956 TotalUnits = GSHORT(pd, offset);
960 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Units: %u", TotalUnits);
964 offset += 2; /* Skip Total Units */
966 /* Build display for: Blocks Per Unit */
968 BlocksPerUnit = GSHORT(pd, offset);
972 proto_tree_add_text(tree, NullTVB, offset, 2, "Blocks Per Unit: %u", BlocksPerUnit);
976 offset += 2; /* Skip Blocks Per Unit */
978 /* Build display for: Block Size */
980 BlockSize = GSHORT(pd, offset);
984 proto_tree_add_text(tree, NullTVB, offset, 2, "Block Size: %u", BlockSize);
988 offset += 2; /* Skip Block Size */
990 /* Build display for: Free Units */
992 FreeUnits = GSHORT(pd, offset);
996 proto_tree_add_text(tree, NullTVB, offset, 2, "Free Units: %u", FreeUnits);
1000 offset += 2; /* Skip Free Units */
1002 /* Build display for: Reserved */
1004 Reserved = GSHORT(pd, offset);
1008 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
1012 offset += 2; /* Skip Reserved */
1016 /* Build display for: Byte Count (BCC) */
1018 ByteCount = GSHORT(pd, offset);
1022 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1026 offset += 2; /* Skip Byte Count (BCC) */
1033 dissect_set_file_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1036 proto_tree *Attributes_tree;
1040 guint8 BufferFormat;
1046 guint16 LastWriteTime;
1047 guint16 LastWriteDate;
1049 const char *FileName;
1051 if (dirn == 1) { /* Request(s) dissect code */
1053 /* Build display for: Word Count (WCT) */
1055 WordCount = GBYTE(pd, offset);
1059 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1063 offset += 1; /* Skip Word Count (WCT) */
1065 if (WordCount > 0) {
1067 /* Build display for: Attributes */
1069 Attributes = GSHORT(pd, offset);
1073 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Attributes: 0x%02x", Attributes);
1074 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
1075 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1076 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
1077 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1078 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
1079 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1080 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
1081 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1082 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
1083 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1084 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
1085 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1086 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
1090 offset += 2; /* Skip Attributes */
1092 /* Build display for: Last Write Time */
1094 LastWriteTime = GSHORT(pd, offset);
1098 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_dos_time(LastWriteTime));
1102 offset += 2; /* Skip Last Write Time */
1104 /* Build display for: Last Write Date */
1106 LastWriteDate = GSHORT(pd, offset);
1110 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_dos_date(LastWriteDate));
1114 offset += 2; /* Skip Last Write Date */
1116 /* Build display for: Reserved 1 */
1118 Reserved1 = GSHORT(pd, offset);
1122 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
1126 offset += 2; /* Skip Reserved 1 */
1128 /* Build display for: Reserved 2 */
1130 Reserved2 = GSHORT(pd, offset);
1134 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 2: %u", Reserved2);
1138 offset += 2; /* Skip Reserved 2 */
1140 /* Build display for: Reserved 3 */
1142 Reserved3 = GSHORT(pd, offset);
1146 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 3: %u", Reserved3);
1150 offset += 2; /* Skip Reserved 3 */
1152 /* Build display for: Reserved 4 */
1154 Reserved4 = GSHORT(pd, offset);
1158 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 4: %u", Reserved4);
1162 offset += 2; /* Skip Reserved 4 */
1164 /* Build display for: Reserved 5 */
1166 Reserved5 = GSHORT(pd, offset);
1170 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 5: %u", Reserved5);
1174 offset += 2; /* Skip Reserved 5 */
1178 /* Build display for: Byte Count (BCC) */
1180 ByteCount = GSHORT(pd, offset);
1184 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1188 offset += 2; /* Skip Byte Count (BCC) */
1190 /* Build display for: Buffer Format */
1192 BufferFormat = GBYTE(pd, offset);
1196 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
1200 offset += 1; /* Skip Buffer Format */
1202 /* Build display for: File Name */
1204 FileName = pd + offset;
1208 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
1212 offset += strlen(FileName) + 1; /* Skip File Name */
1216 if (dirn == 0) { /* Response(s) dissect code */
1218 /* Build display for: Word Count (WCT) */
1220 WordCount = GBYTE(pd, offset);
1224 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1228 offset += 1; /* Skip Word Count (WCT) */
1230 /* Build display for: Byte Count (BCC) */
1232 ByteCount = GBYTE(pd, offset);
1236 proto_tree_add_text(tree, NullTVB, offset, 1, "Byte Count (BCC): %u", ByteCount);
1240 offset += 1; /* Skip Byte Count (BCC) */
1247 dissect_write_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1251 guint8 BufferFormat;
1259 if (dirn == 1) { /* Request(s) dissect code */
1261 /* Build display for: Word Count (WCT) */
1263 WordCount = GBYTE(pd, offset);
1267 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1271 offset += 1; /* Skip Word Count (WCT) */
1273 /* Build display for: FID */
1275 FID = GSHORT(pd, offset);
1279 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
1283 offset += 2; /* Skip FID */
1285 /* Build display for: Count */
1287 Count = GSHORT(pd, offset);
1291 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
1295 offset += 2; /* Skip Count */
1297 /* Build display for: Offset */
1299 Offset = GWORD(pd, offset);
1303 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
1307 offset += 4; /* Skip Offset */
1309 /* Build display for: Remaining */
1311 Remaining = GSHORT(pd, offset);
1315 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
1319 offset += 2; /* Skip Remaining */
1321 /* Build display for: Byte Count (BCC) */
1323 ByteCount = GSHORT(pd, offset);
1327 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1331 offset += 2; /* Skip Byte Count (BCC) */
1333 /* Build display for: Buffer Format */
1335 BufferFormat = GBYTE(pd, offset);
1339 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
1343 offset += 1; /* Skip Buffer Format */
1345 /* Build display for: Data Length */
1347 DataLength = GSHORT(pd, offset);
1351 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
1355 offset += 2; /* Skip Data Length */
1357 if (ByteCount > 0 && tree) {
1359 if(END_OF_FRAME >= ByteCount)
1360 proto_tree_add_text(tree, NullTVB, offset, ByteCount, "Data (%u bytes)", ByteCount);
1362 proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Data (first %u bytes)", END_OF_FRAME);
1368 if (dirn == 0) { /* Response(s) dissect code */
1370 /* Build display for: Word Count (WCT) */
1372 WordCount = GBYTE(pd, offset);
1376 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1380 offset += 1; /* Skip Word Count (WCT) */
1382 /* Build display for: Count */
1384 Count = GSHORT(pd, offset);
1388 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
1392 offset += 2; /* Skip Count */
1394 /* Build display for: Byte Count (BCC) */
1396 ByteCount = GSHORT(pd, offset);
1400 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1404 offset += 2; /* Skip Byte Count (BCC) */
1411 dissect_read_mpx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *arent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1425 guint16 DataCompactionMode;
1429 if (dirn == 1) { /* Request(s) dissect code */
1431 /* Build display for: Word Count (WCT) */
1433 WordCount = GBYTE(pd, offset);
1437 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1441 offset += 1; /* Skip Word Count (WCT) */
1443 /* Build display for: FID */
1445 FID = GSHORT(pd, offset);
1449 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
1453 offset += 2; /* Skip FID */
1455 /* Build display for: Offset */
1457 Offset = GWORD(pd, offset);
1461 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
1465 offset += 4; /* Skip Offset */
1467 /* Build display for: Max Count */
1469 MaxCount = GSHORT(pd, offset);
1473 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
1477 offset += 2; /* Skip Max Count */
1479 /* Build display for: Min Count */
1481 MinCount = GSHORT(pd, offset);
1485 proto_tree_add_text(tree, NullTVB, offset, 2, "Min Count: %u", MinCount);
1489 offset += 2; /* Skip Min Count */
1491 /* Build display for: Reserved 1 */
1493 Reserved1 = GWORD(pd, offset);
1497 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved 1: %u", Reserved1);
1501 offset += 4; /* Skip Reserved 1 */
1503 /* Build display for: Reserved 2 */
1505 Reserved2 = GSHORT(pd, offset);
1509 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 2: %u", Reserved2);
1513 offset += 2; /* Skip Reserved 2 */
1515 /* Build display for: Byte Count (BCC) */
1517 ByteCount = GSHORT(pd, offset);
1521 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1525 offset += 2; /* Skip Byte Count (BCC) */
1529 if (dirn == 0) { /* Response(s) dissect code */
1531 /* Build display for: Word Count */
1533 WordCount = GBYTE(pd, offset);
1537 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count: %u", WordCount);
1541 offset += 1; /* Skip Word Count */
1543 if (WordCount > 0) {
1545 /* Build display for: Offset */
1547 Offset = GWORD(pd, offset);
1551 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
1555 offset += 4; /* Skip Offset */
1557 /* Build display for: Count */
1559 Count = GSHORT(pd, offset);
1563 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
1567 offset += 2; /* Skip Count */
1569 /* Build display for: Reserved */
1571 Reserved = GSHORT(pd, offset);
1575 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
1579 offset += 2; /* Skip Reserved */
1581 /* Build display for: Data Compaction Mode */
1583 DataCompactionMode = GSHORT(pd, offset);
1587 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Compaction Mode: %u", DataCompactionMode);
1591 offset += 2; /* Skip Data Compaction Mode */
1593 /* Build display for: Reserved */
1595 Reserved = GSHORT(pd, offset);
1599 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
1603 offset += 2; /* Skip Reserved */
1605 /* Build display for: Data Length */
1607 DataLength = GSHORT(pd, offset);
1611 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
1615 offset += 2; /* Skip Data Length */
1617 /* Build display for: Data Offset */
1619 DataOffset = GSHORT(pd, offset);
1623 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
1627 offset += 2; /* Skip Data Offset */
1631 /* Build display for: Byte Count (BCC) */
1633 ByteCount = GSHORT(pd, offset);
1637 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1641 offset += 2; /* Skip Byte Count (BCC) */
1643 /* Build display for: Pad */
1645 Pad = GBYTE(pd, offset);
1649 proto_tree_add_text(tree, NullTVB, offset, 1, "Pad: %u", Pad);
1653 offset += 1; /* Skip Pad */
1660 dissect_delete_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *paernt, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1664 guint8 BufferFormat;
1665 guint16 SearchAttributes;
1667 const char *FileName;
1669 if (dirn == 1) { /* Request(s) dissect code */
1671 /* Build display for: Word Count (WCT) */
1673 WordCount = GBYTE(pd, offset);
1677 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1681 offset += 1; /* Skip Word Count (WCT) */
1683 /* Build display for: SearchAttributes */
1685 SearchAttributes = GSHORT(pd, offset);
1689 proto_tree_add_text(tree, NullTVB, offset, 2, "Search Attributes: %u", SearchAttributes);
1692 offset += 2; /* Skip SearchAttributes */
1694 /* Build display for: Byte Count (BCC) */
1696 ByteCount = GSHORT(pd, offset);
1700 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1704 offset += 2; /* Skip Byte Count (BCC) */
1706 /* Build display for: Buffer Format */
1708 BufferFormat = GBYTE(pd, offset);
1712 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
1716 offset += 1; /* Skip Buffer Format */
1718 /* Build display for: File Name */
1720 FileName = pd + offset;
1724 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
1728 offset += strlen(FileName) + 1; /* Skip File Name */
1732 if (dirn == 0) { /* Response(s) dissect code */
1734 /* Build display for: Word Count (WCT) */
1736 WordCount = GBYTE(pd, offset);
1740 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1744 offset += 1; /* Skip Word Count (WCT) */
1746 /* Build display for: Byte Count (BCC) */
1748 ByteCount = GSHORT(pd, offset);
1752 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
1756 offset += 2; /* Skip Byte Count (BCC) */
1763 dissect_query_info2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1766 proto_tree *Attributes_tree;
1769 guint32 FileDataSize;
1770 guint32 FileAllocationSize;
1771 guint16 LastWriteTime;
1772 guint16 LastWriteDate;
1773 guint16 LastAccessTime;
1774 guint16 LastAccessDate;
1776 guint16 CreationTime;
1777 guint16 CreationDate;
1781 if (dirn == 1) { /* Request(s) dissect code */
1783 /* Build display for: Word Count (WCT) */
1785 WordCount = GBYTE(pd, offset);
1789 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1793 offset += 1; /* Skip Word Count (WCT) */
1795 /* Build display for: FID */
1797 FID = GSHORT(pd, offset);
1801 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
1805 offset += 2; /* Skip FID */
1807 /* Build display for: Byte Count */
1809 ByteCount = GSHORT(pd, offset);
1813 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
1817 offset += 2; /* Skip Byte Count */
1821 if (dirn == 0) { /* Response(s) dissect code */
1823 /* Build display for: Word Count (WCT) */
1825 WordCount = GBYTE(pd, offset);
1829 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
1833 offset += 1; /* Skip Word Count (WCT) */
1835 if (WordCount > 0) {
1837 /* Build display for: Creation Date */
1839 CreationDate = GSHORT(pd, offset);
1843 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Date: %s", dissect_dos_date(CreationDate));
1847 offset += 2; /* Skip Creation Date */
1849 /* Build display for: Creation Time */
1851 CreationTime = GSHORT(pd, offset);
1855 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Time: %s", dissect_dos_time(CreationTime));
1859 offset += 2; /* Skip Creation Time */
1861 /* Build display for: Last Access Date */
1863 LastAccessDate = GSHORT(pd, offset);
1867 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Access Date: %s", dissect_dos_date(LastAccessDate));
1871 offset += 2; /* Skip Last Access Date */
1873 /* Build display for: Last Access Time */
1875 LastAccessTime = GSHORT(pd, offset);
1879 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Access Time: %s", dissect_dos_time(LastAccessTime));
1883 offset += 2; /* Skip Last Access Time */
1885 /* Build display for: Last Write Date */
1887 LastWriteDate = GSHORT(pd, offset);
1891 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_dos_date(LastWriteDate));
1895 offset += 2; /* Skip Last Write Date */
1897 /* Build display for: Last Write Time */
1899 LastWriteTime = GSHORT(pd, offset);
1903 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_dos_time(LastWriteTime));
1907 offset += 2; /* Skip Last Write Time */
1909 /* Build display for: File Data Size */
1911 FileDataSize = GWORD(pd, offset);
1915 proto_tree_add_text(tree, NullTVB, offset, 4, "File Data Size: %u", FileDataSize);
1919 offset += 4; /* Skip File Data Size */
1921 /* Build display for: File Allocation Size */
1923 FileAllocationSize = GWORD(pd, offset);
1927 proto_tree_add_text(tree, NullTVB, offset, 4, "File Allocation Size: %u", FileAllocationSize);
1931 offset += 4; /* Skip File Allocation Size */
1933 /* Build display for: Attributes */
1935 Attributes = GSHORT(pd, offset);
1939 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Attributes: 0x%02x", Attributes);
1940 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
1941 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1942 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
1943 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1944 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
1945 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1946 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
1947 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1948 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
1949 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1950 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
1951 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
1952 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
1956 offset += 2; /* Skip Attributes */
1960 /* Build display for: Byte Count */
1962 ByteCount = GSHORT(pd, offset);
1966 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
1970 offset += 2; /* Skip Byte Count */
1977 dissect_treecon_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1981 guint8 BufferFormat3;
1982 guint8 BufferFormat2;
1983 guint8 BufferFormat1;
1985 guint16 MaxBufferSize;
1987 const char *SharePath;
1988 const char *Service;
1989 const char *Password;
1991 if (dirn == 1) { /* Request(s) dissect code */
1993 /* Build display for: Word Count (WCT) */
1995 WordCount = GBYTE(pd, offset);
1999 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
2003 offset += 1; /* Skip Word Count (WCT) */
2005 /* Build display for: Byte Count (BCC) */
2007 ByteCount = GSHORT(pd, offset);
2011 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
2015 offset += 2; /* Skip Byte Count (BCC) */
2017 /* Build display for: BufferFormat1 */
2019 BufferFormat1 = GBYTE(pd, offset);
2023 proto_tree_add_text(tree, NullTVB, offset, 1, "BufferFormat1: %u", BufferFormat1);
2027 offset += 1; /* Skip BufferFormat1 */
2029 /* Build display for: Share Path */
2031 SharePath = pd + offset;
2035 proto_tree_add_text(tree, NullTVB, offset, strlen(SharePath) + 1, "Share Path: %s", SharePath);
2039 offset += strlen(SharePath) + 1; /* Skip Share Path */
2041 /* Build display for: BufferFormat2 */
2043 BufferFormat2 = GBYTE(pd, offset);
2047 proto_tree_add_text(tree, NullTVB, offset, 1, "BufferFormat2: %u", BufferFormat2);
2051 offset += 1; /* Skip BufferFormat2 */
2053 /* Build display for: Password */
2055 Password = pd + offset;
2059 proto_tree_add_text(tree, NullTVB, offset, strlen(Password) + 1, "Password: %s", Password);
2063 offset += strlen(Password) + 1; /* Skip Password */
2065 /* Build display for: BufferFormat3 */
2067 BufferFormat3 = GBYTE(pd, offset);
2071 proto_tree_add_text(tree, NullTVB, offset, 1, "BufferFormat3: %u", BufferFormat3);
2075 offset += 1; /* Skip BufferFormat3 */
2077 /* Build display for: Service */
2079 Service = pd + offset;
2083 proto_tree_add_text(tree, NullTVB, offset, strlen(Service) + 1, "Service: %s", Service);
2087 offset += strlen(Service) + 1; /* Skip Service */
2091 if (dirn == 0) { /* Response(s) dissect code */
2093 /* Build display for: Word Count (WCT) */
2095 WordCount = GBYTE(pd, offset);
2099 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
2103 if (errcode != 0) return;
2105 offset += 1; /* Skip Word Count (WCT) */
2107 /* Build display for: Max Buffer Size */
2109 MaxBufferSize = GSHORT(pd, offset);
2113 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Buffer Size: %u", MaxBufferSize);
2117 offset += 2; /* Skip Max Buffer Size */
2119 /* Build display for: TID */
2121 TID = GSHORT(pd, offset);
2125 proto_tree_add_text(tree, NullTVB, offset, 2, "TID: %u", TID);
2129 offset += 2; /* Skip TID */
2131 /* Build display for: Byte Count (BCC) */
2133 ByteCount = GSHORT(pd, offset);
2137 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
2141 offset += 2; /* Skip Byte Count (BCC) */
2147 /* Generated by build-dissect.pl Vesion 0.6 27-Jun-1999, ACT */
2149 dissect_ssetup_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
2152 proto_tree *Capabilities_tree;
2155 guint8 AndXReserved;
2156 guint8 AndXCommand = 0xFF;
2159 guint32 Capabilities;
2161 guint16 UNICODEAccountPasswordLength;
2162 guint16 PasswordLen;
2163 guint16 MaxMpxCount;
2164 guint16 MaxBufferSize;
2166 guint16 AndXOffset = 0;
2168 guint16 ANSIAccountPasswordLength;
2169 const char *UNICODEPassword;
2170 const char *Password;
2171 const char *PrimaryDomain;
2172 const char *NativeOS;
2173 const char *NativeLanManType;
2174 const char *NativeLanMan;
2175 const char *AccountName;
2176 const char *ANSIPassword;
2178 if (dirn == 1) { /* Request(s) dissect code */
2180 WordCount = GBYTE(pd, offset);
2182 switch (WordCount) {
2186 /* Build display for: Word Count (WCT) */
2188 WordCount = GBYTE(pd, offset);
2192 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
2196 offset += 1; /* Skip Word Count (WCT) */
2198 /* Build display for: AndXCommand */
2200 AndXCommand = GBYTE(pd, offset);
2204 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
2205 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
2209 offset += 1; /* Skip AndXCommand */
2211 /* Build display for: AndXReserved */
2213 AndXReserved = GBYTE(pd, offset);
2217 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
2221 offset += 1; /* Skip AndXReserved */
2223 /* Build display for: AndXOffset */
2225 AndXOffset = GSHORT(pd, offset);
2229 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
2233 offset += 2; /* Skip AndXOffset */
2235 /* Build display for: MaxBufferSize */
2237 MaxBufferSize = GSHORT(pd, offset);
2241 proto_tree_add_text(tree, NullTVB, offset, 2, "MaxBufferSize: %u", MaxBufferSize);
2245 offset += 2; /* Skip MaxBufferSize */
2247 /* Build display for: MaxMpxCount */
2249 MaxMpxCount = GSHORT(pd, offset);
2253 proto_tree_add_text(tree, NullTVB, offset, 2, "MaxMpxCount: %u", MaxMpxCount);
2257 offset += 2; /* Skip MaxMpxCount */
2259 /* Build display for: VcNumber */
2261 VcNumber = GSHORT(pd, offset);
2265 proto_tree_add_text(tree, NullTVB, offset, 2, "VcNumber: %u", VcNumber);
2269 offset += 2; /* Skip VcNumber */
2271 /* Build display for: SessionKey */
2273 SessionKey = GWORD(pd, offset);
2277 proto_tree_add_text(tree, NullTVB, offset, 4, "SessionKey: %u", SessionKey);
2281 offset += 4; /* Skip SessionKey */
2283 /* Build display for: PasswordLen */
2285 PasswordLen = GSHORT(pd, offset);
2289 proto_tree_add_text(tree, NullTVB, offset, 2, "PasswordLen: %u", PasswordLen);
2293 offset += 2; /* Skip PasswordLen */
2295 /* Build display for: Reserved */
2297 Reserved = GWORD(pd, offset);
2301 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved: %u", Reserved);
2305 offset += 4; /* Skip Reserved */
2307 /* Build display for: Byte Count (BCC) */
2309 ByteCount = GSHORT(pd, offset);
2313 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
2317 offset += 2; /* Skip Byte Count (BCC) */
2319 if (ByteCount > 0) {
2321 /* Build displat for: Password */
2323 Password = pd + offset;
2327 proto_tree_add_text(tree, NullTVB, offset, strlen(Password) + 1, "Password: %s", Password);
2331 offset += PasswordLen;
2333 /* Build display for: AccountName */
2335 AccountName = pd + offset;
2339 proto_tree_add_text(tree, NullTVB, offset, strlen(AccountName) + 1, "AccountName: %s", AccountName);
2343 offset += strlen(AccountName) + 1; /* Skip AccountName */
2345 /* Build display for: PrimaryDomain */
2347 PrimaryDomain = pd + offset;
2351 proto_tree_add_text(tree, NullTVB, offset, strlen(PrimaryDomain) + 1, "PrimaryDomain: %s", PrimaryDomain);
2355 offset += strlen(PrimaryDomain) + 1; /* Skip PrimaryDomain */
2357 /* Build display for: NativeOS */
2359 NativeOS = pd + offset;
2363 proto_tree_add_text(tree, NullTVB, offset, strlen(NativeOS) + 1, "Native OS: %s", NativeOS);
2367 offset += strlen(NativeOS) + 1; /* Skip NativeOS */
2369 /* Build display for: NativeLanMan */
2371 NativeLanMan = pd + offset;
2375 proto_tree_add_text(tree, NullTVB, offset, strlen(NativeLanMan) + 1, "Native Lan Manager: %s", NativeLanMan);
2379 offset += strlen(NativeLanMan) + 1; /* Skip NativeLanMan */
2387 /* Build display for: Word Count (WCT) */
2389 WordCount = GBYTE(pd, offset);
2393 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
2397 offset += 1; /* Skip Word Count (WCT) */
2399 /* Build display for: AndXCommand */
2401 AndXCommand = GBYTE(pd, offset);
2405 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
2406 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
2410 offset += 1; /* Skip AndXCommand */
2412 /* Build display for: AndXReserved */
2414 AndXReserved = GBYTE(pd, offset);
2418 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
2422 offset += 1; /* Skip AndXReserved */
2424 /* Build display for: AndXOffset */
2426 AndXOffset = GSHORT(pd, offset);
2430 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
2434 offset += 2; /* Skip AndXOffset */
2436 /* Build display for: MaxBufferSize */
2438 MaxBufferSize = GSHORT(pd, offset);
2442 proto_tree_add_text(tree, NullTVB, offset, 2, "MaxBufferSize: %u", MaxBufferSize);
2446 offset += 2; /* Skip MaxBufferSize */
2448 /* Build display for: MaxMpxCount */
2450 MaxMpxCount = GSHORT(pd, offset);
2454 proto_tree_add_text(tree, NullTVB, offset, 2, "MaxMpxCount: %u", MaxMpxCount);
2458 offset += 2; /* Skip MaxMpxCount */
2460 /* Build display for: VcNumber */
2462 VcNumber = GSHORT(pd, offset);
2466 proto_tree_add_text(tree, NullTVB, offset, 2, "VcNumber: %u", VcNumber);
2470 offset += 2; /* Skip VcNumber */
2472 /* Build display for: SessionKey */
2474 SessionKey = GWORD(pd, offset);
2478 proto_tree_add_text(tree, NullTVB, offset, 4, "SessionKey: %u", SessionKey);
2482 offset += 4; /* Skip SessionKey */
2484 /* Build display for: ANSI Account Password Length */
2486 ANSIAccountPasswordLength = GSHORT(pd, offset);
2490 proto_tree_add_text(tree, NullTVB, offset, 2, "ANSI Account Password Length: %u", ANSIAccountPasswordLength);
2494 offset += 2; /* Skip ANSI Account Password Length */
2496 /* Build display for: UNICODE Account Password Length */
2498 UNICODEAccountPasswordLength = GSHORT(pd, offset);
2502 proto_tree_add_text(tree, NullTVB, offset, 2, "UNICODE Account Password Length: %u", UNICODEAccountPasswordLength);
2506 offset += 2; /* Skip UNICODE Account Password Length */
2508 /* Build display for: Reserved */
2510 Reserved = GWORD(pd, offset);
2514 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved: %u", Reserved);
2518 offset += 4; /* Skip Reserved */
2520 /* Build display for: Capabilities */
2522 Capabilities = GWORD(pd, offset);
2526 ti = proto_tree_add_text(tree, NullTVB, offset, 4, "Capabilities: 0x%04x", Capabilities);
2527 Capabilities_tree = proto_item_add_subtree(ti, ett_smb_capabilities);
2528 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2529 decode_boolean_bitfield(Capabilities, 0x0001, 32, " Raw Mode supported", " Raw Mode not supported"));
2530 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2531 decode_boolean_bitfield(Capabilities, 0x0002, 32, " Raw Mode supported", " MPX Mode not supported"));
2532 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2533 decode_boolean_bitfield(Capabilities, 0x0004, 32," Unicode supported", " Unicode not supported"));
2534 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2535 decode_boolean_bitfield(Capabilities, 0x0008, 32, " Large Files supported", " Large Files not supported"));
2536 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2537 decode_boolean_bitfield(Capabilities, 0x0010, 32, " NT LM 0.12 SMBs supported", " NT LM 0.12 SMBs not supported"));
2538 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2539 decode_boolean_bitfield(Capabilities, 0x0020, 32, " RPC Remote APIs supported", " RPC Remote APIs not supported"));
2540 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2541 decode_boolean_bitfield(Capabilities, 0x0040, 32, " NT Status Codes supported", " NT Status Codes not supported"));
2542 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2543 decode_boolean_bitfield(Capabilities, 0x0080, 32, " Level 2 OpLocks supported", " Level 2 OpLocks not supported"));
2544 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2545 decode_boolean_bitfield(Capabilities, 0x0100, 32, " Lock&Read supported", " Lock&Read not supported"));
2546 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2547 decode_boolean_bitfield(Capabilities, 0x0200, 32, " NT Find supported", " NT Find not supported"));
2548 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2549 decode_boolean_bitfield(Capabilities, 0x1000, 32, " DFS supported", " DFS not supported"));
2550 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2551 decode_boolean_bitfield(Capabilities, 0x4000, 32, " Large READX supported", " Large READX not supported"));
2552 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2553 decode_boolean_bitfield(Capabilities, 0x8000, 32, " Large WRITEX supported", " Large WRITEX not supported"));
2554 proto_tree_add_text(Capabilities_tree, NullTVB, offset, 4, "%s",
2555 decode_boolean_bitfield(Capabilities, 0x80000000, 32, " Extended Security Exchanges supported", " Extended Security Exchanges not supported"));
2559 offset += 4; /* Skip Capabilities */
2561 /* Build display for: Byte Count */
2563 ByteCount = GSHORT(pd, offset);
2567 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
2571 offset += 2; /* Skip Byte Count */
2573 if (ByteCount > 0) {
2575 /* Build display for: ANSI Password */
2577 ANSIPassword = pd + offset;
2579 if (ANSIAccountPasswordLength > 0) {
2583 proto_tree_add_text(tree, NullTVB, offset, ANSIAccountPasswordLength, "ANSI Password: %s", format_text(ANSIPassword, ANSIAccountPasswordLength));
2587 offset += ANSIAccountPasswordLength; /* Skip ANSI Password */
2590 /* Build display for: UNICODE Password */
2592 UNICODEPassword = pd + offset;
2594 if (UNICODEAccountPasswordLength > 0) {
2598 proto_tree_add_text(tree, NullTVB, offset, UNICODEAccountPasswordLength, "UNICODE Password: %s", format_text(UNICODEPassword, UNICODEAccountPasswordLength));
2602 offset += UNICODEAccountPasswordLength; /* Skip UNICODE Password */
2606 /* Build display for: Account Name */
2608 AccountName = pd + offset;
2612 proto_tree_add_text(tree, NullTVB, offset, strlen(AccountName) + 1, "Account Name: %s", AccountName);
2616 offset += strlen(AccountName) + 1; /* Skip Account Name */
2618 /* Build display for: Primary Domain */
2620 PrimaryDomain = pd + offset;
2624 proto_tree_add_text(tree, NullTVB, offset, strlen(PrimaryDomain) + 1, "Primary Domain: %s", PrimaryDomain);
2628 offset += strlen(PrimaryDomain) + 1; /* Skip Primary Domain */
2630 /* Build display for: Native OS */
2632 NativeOS = pd + offset;
2636 proto_tree_add_text(tree, NullTVB, offset, strlen(NativeOS) + 1, "Native OS: %s", NativeOS);
2640 offset += strlen(NativeOS) + 1; /* Skip Native OS */
2642 /* Build display for: Native LanMan Type */
2644 NativeLanManType = pd + offset;
2648 proto_tree_add_text(tree, NullTVB, offset, strlen(NativeLanManType) + 1, "Native LanMan Type: %s", NativeLanManType);
2652 offset += strlen(NativeLanManType) + 1; /* Skip Native LanMan Type */
2661 if (AndXCommand != 0xFF) {
2663 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
2669 if (dirn == 0) { /* Response(s) dissect code */
2671 /* Build display for: Word Count (WCT) */
2673 WordCount = GBYTE(pd, offset);
2677 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
2681 offset += 1; /* Skip Word Count (WCT) */
2683 if (WordCount > 0) {
2685 /* Build display for: AndXCommand */
2687 AndXCommand = GBYTE(pd, offset);
2691 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
2692 (AndXCommand == 0xFF ? "No futher commands" : decode_smb_name(AndXCommand)));
2696 offset += 1; /* Skip AndXCommand */
2698 /* Build display for: AndXReserved */
2700 AndXReserved = GBYTE(pd, offset);
2704 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
2708 offset += 1; /* Skip AndXReserved */
2710 /* Build display for: AndXOffset */
2712 AndXOffset = GSHORT(pd, offset);
2716 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
2721 offset += 2; /* Skip AndXOffset */
2723 /* Build display for: Action */
2725 Action = GSHORT(pd, offset);
2729 proto_tree_add_text(tree, NullTVB, offset, 2, "Action: %u", Action);
2733 offset += 2; /* Skip Action */
2737 /* Build display for: Byte Count (BCC) */
2739 ByteCount = GSHORT(pd, offset);
2743 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
2747 if (errcode != 0 && WordCount == 0xFF) return; /* No more here ... */
2749 offset += 2; /* Skip Byte Count (BCC) */
2751 if (ByteCount > 0) {
2753 /* Build display for: NativeOS */
2755 NativeOS = pd + offset;
2759 proto_tree_add_text(tree, NullTVB, offset, strlen(NativeOS) + 1, "NativeOS: %s", NativeOS);
2763 offset += strlen(NativeOS) + 1; /* Skip NativeOS */
2765 /* Build display for: NativeLanMan */
2767 NativeLanMan = pd + offset;
2771 proto_tree_add_text(tree, NullTVB, offset, strlen(NativeLanMan) + 1, "NativeLanMan: %s", NativeLanMan);
2775 offset += strlen(NativeLanMan) + 1; /* Skip NativeLanMan */
2777 /* Build display for: PrimaryDomain */
2779 PrimaryDomain = pd + offset;
2783 proto_tree_add_text(tree, NullTVB, offset, strlen(PrimaryDomain) + 1, "PrimaryDomain: %s", PrimaryDomain);
2787 offset += strlen(PrimaryDomain) + 1; /* Skip PrimaryDomain */
2791 if (AndXCommand != 0xFF) {
2793 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
2802 dissect_tcon_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
2805 guint8 wct, andxcmd = 0xFF;
2806 guint16 andxoffs = 0, flags, passwdlen, bcc, optionsup;
2808 proto_tree *flags_tree;
2813 /* Now figure out what format we are talking about, 2, 3, or 4 response
2817 if (!((dirn == 1) && (wct == 4)) && !((dirn == 0) && (wct == 2)) &&
2818 !((dirn == 0) && (wct == 3)) && !(wct == 0)) {
2822 proto_tree_add_text(tree, NullTVB, offset, 1, "Invalid TCON_ANDX format. WCT should be 0, 2, 3, or 4 ..., not %u", wct);
2824 proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Data");
2834 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", wct);
2842 andxcmd = pd[offset];
2846 proto_tree_add_text(tree, NullTVB, offset, 1, "Next Command: %s",
2847 (andxcmd == 0xFF) ? "No further commands":
2848 decode_smb_name(andxcmd));
2850 proto_tree_add_text(tree, NullTVB, offset + 1, 1, "Reserved (MBZ): %u", pd[offset+1]);
2856 andxoffs = GSHORT(pd, offset);
2860 proto_tree_add_text(tree, NullTVB, offset, 2, "Offset to next command: %u", andxoffs);
2872 bcc = GSHORT(pd, offset);
2876 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
2884 flags = GSHORT(pd, offset);
2888 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Additional Flags: 0x%02x", flags);
2889 flags_tree = proto_item_add_subtree(ti, ett_smb_aflags);
2890 proto_tree_add_text(flags_tree, NullTVB, offset, 2, "%s",
2891 decode_boolean_bitfield(flags, 0x01, 16,
2893 "Don't disconnect TID"));
2899 passwdlen = GSHORT(pd, offset);
2903 proto_tree_add_text(tree, NullTVB, offset, 2, "Password Length: %u", passwdlen);
2909 bcc = GSHORT(pd, offset);
2913 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
2923 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Password: %s", format_text(str, passwdlen));
2927 offset += passwdlen;
2933 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Path: %s", str);
2937 offset += strlen(str) + 1;
2943 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Service: %s", str);
2951 bcc = GSHORT(pd, offset);
2955 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
2965 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Service Type: %s",
2970 offset += strlen(str) + 1;
2976 optionsup = GSHORT(pd, offset);
2978 if (tree) { /* Should break out the bits */
2980 proto_tree_add_text(tree, NullTVB, offset, 2, "Optional Support: 0x%04x",
2987 bcc = GSHORT(pd, offset);
2991 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
3001 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Service: %s", str);
3005 offset += strlen(str) + 1;
3011 proto_tree_add_text(tree, NullTVB, offset, strlen(str) + 1, "Native File System: %s", str);
3015 offset += strlen(str) + 1;
3025 if (andxcmd != 0xFF) /* Process that next command ... ??? */
3027 (dissect[andxcmd])(pd, SMB_offset + andxoffs, fd, parent, tree, si, max_data - offset, SMB_offset, errcode, dirn);
3032 dissect_negprot_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3034 guint8 wct, enckeylen;
3035 guint16 bcc, mode, rawmode, dialect;
3037 proto_tree *dialects = NULL, *mode_tree, *caps_tree, *rawmode_tree;
3043 wct = pd[offset]; /* Should be 0, 1 or 13 or 17, I think */
3045 if (!((wct == 0) && (dirn == 1)) && !((wct == 1) && (dirn == 0)) &&
3046 !((wct == 13) && (dirn == 0)) && !((wct == 17) && (dirn == 0))) {
3049 proto_tree_add_text(tree, NullTVB, offset, 1, "Invalid Negotiate Protocol format. WCT should be zero or 1 or 13 or 17 ..., not %u", wct);
3051 proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Data");
3059 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %d", wct);
3063 if (dirn == 0 && errcode != 0) return; /* No more info ... */
3067 /* Now decode the various formats ... */
3071 case 0: /* A request */
3073 bcc = GSHORT(pd, offset);
3077 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
3085 ti = proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Dialects");
3086 dialects = proto_item_add_subtree(ti, ett_smb_dialects);
3090 while (IS_DATA_IN_FRAME(offset)) {
3095 proto_tree_add_text(dialects, NullTVB, offset, 1, "Dialect Marker: %d", pd[offset]);
3105 proto_tree_add_text(dialects, NullTVB, offset, strlen(str)+1, "Dialect: %s", str);
3109 offset += strlen(str) + 1;
3114 case 1: /* PC NETWORK PROGRAM 1.0 */
3116 dialect = GSHORT(pd, offset);
3118 if (tree) { /* Hmmmm, what if none of the dialects is recognized */
3120 if (dialect == 0xFFFF) { /* Server didn't like them dialects */
3122 proto_tree_add_text(tree, NullTVB, offset, 2, "Supplied dialects not recognized");
3127 proto_tree_add_text(tree, NullTVB, offset, 2, "Dialect Index: %u, PC NETWORK PROTGRAM 1.0", dialect);
3135 bcc = GSHORT(pd, offset);
3139 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
3145 case 13: /* Greater than Core and up to and incl LANMAN2.1 */
3149 proto_tree_add_text(tree, NullTVB, offset, 2, "Dialect Index: %u, Greater than CORE PROTOCOL and up to LANMAN2.1", GSHORT(pd, offset));
3153 /* Much of this is similar to response 17 below */
3157 mode = GSHORT(pd, offset);
3161 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Security Mode: 0x%04x", mode);
3162 mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
3163 proto_tree_add_text(mode_tree, NullTVB, offset, 2, "%s",
3164 decode_boolean_bitfield(mode, 0x0001, 16,
3166 "Security = Share"));
3167 proto_tree_add_text(mode_tree, NullTVB, offset, 2, "%s",
3168 decode_boolean_bitfield(mode, 0x0002, 16,
3169 "Passwords = Encrypted",
3170 "Passwords = Plaintext"));
3178 proto_tree_add_text(tree, NullTVB, offset, 2, "Max buffer size: %u", GSHORT(pd, offset));
3186 proto_tree_add_text(tree, NullTVB, offset, 2, "Max multiplex count: %u", GSHORT(pd, offset));
3194 proto_tree_add_text(tree, NullTVB, offset, 2, "Max vcs: %u", GSHORT(pd, offset));
3200 rawmode = GSHORT(pd, offset);
3204 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Raw Mode: 0x%04x", rawmode);
3205 rawmode_tree = proto_item_add_subtree(ti, ett_smb_rawmode);
3206 proto_tree_add_text(rawmode_tree, NullTVB, offset, 2, "%s",
3207 decode_boolean_bitfield(rawmode, 0x01, 16,
3208 "Read Raw supported",
3209 "Read Raw not supported"));
3210 proto_tree_add_text(rawmode_tree, NullTVB, offset, 2, "%s",
3211 decode_boolean_bitfield(rawmode, 0x02, 16,
3212 "Write Raw supported",
3213 "Write Raw not supported"));
3221 proto_tree_add_text(tree, NullTVB, offset, 4, "Session key: %08x", GWORD(pd, offset));
3227 /* Now the server time, two short parameters ... */
3231 proto_tree_add_text(tree, NullTVB, offset, 2, "Server Time: %s",
3232 dissect_dos_time(GSHORT(pd, offset)));
3233 proto_tree_add_text(tree, NullTVB, offset + 2, 2, "Server Date: %s",
3234 dissect_dos_date(GSHORT(pd, offset + 2)));
3240 /* Server Time Zone, SHORT */
3244 proto_tree_add_text(tree, NullTVB, offset, 2, "Server time zone: %i min from UTC",
3245 (signed)GSSHORT(pd, offset));
3251 /* Challenge Length */
3253 enckeylen = GSHORT(pd, offset);
3257 proto_tree_add_text(tree, NullTVB, offset, 2, "Challenge Length: %u", enckeylen);
3265 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u (MBZ)", GSHORT(pd, offset));
3271 bcc = GSHORT(pd, offset);
3275 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", bcc);
3281 if (enckeylen) { /* only if non-zero key len */
3287 proto_tree_add_text(tree, NullTVB, offset, enckeylen, "Challenge: %s",
3288 bytes_to_str(str, enckeylen));
3291 offset += enckeylen;
3295 /* Primary Domain ... */
3301 proto_tree_add_text(tree, NullTVB, offset, strlen(str)+1, "Primary Domain: %s", str);
3307 case 17: /* Greater than LANMAN2.1 */
3311 proto_tree_add_text(tree, NullTVB, offset, 2, "Dialect Index: %u, Greater than LANMAN2.1", GSHORT(pd, offset));
3317 mode = GBYTE(pd, offset);
3321 ti = proto_tree_add_text(tree, NullTVB, offset, 1, "Security Mode: 0x%02x", mode);
3322 mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
3323 proto_tree_add_text(mode_tree, NullTVB, offset, 1, "%s",
3324 decode_boolean_bitfield(mode, 0x01, 8,
3326 "Security = Share"));
3327 proto_tree_add_text(mode_tree, NullTVB, offset, 1, "%s",
3328 decode_boolean_bitfield(mode, 0x02, 8,
3329 "Passwords = Encrypted",
3330 "Passwords = Plaintext"));
3331 proto_tree_add_text(mode_tree, NullTVB, offset, 1, "%s",
3332 decode_boolean_bitfield(mode, 0x04, 8,
3333 "Security signatures enabled",
3334 "Security signatures not enabled"));
3335 proto_tree_add_text(mode_tree, NullTVB, offset, 1, "%s",
3336 decode_boolean_bitfield(mode, 0x08, 8,
3337 "Security signatures required",
3338 "Security signatures not required"));
3346 proto_tree_add_text(tree, NullTVB, offset, 2, "Max multiplex count: %u", GSHORT(pd, offset));
3354 proto_tree_add_text(tree, NullTVB, offset, 2, "Max vcs: %u", GSHORT(pd, offset));
3362 proto_tree_add_text(tree, NullTVB, offset, 2, "Max buffer size: %u", GWORD(pd, offset));
3370 proto_tree_add_text(tree, NullTVB, offset, 4, "Max raw size: %u", GWORD(pd, offset));
3378 proto_tree_add_text(tree, NullTVB, offset, 4, "Session key: %08x", GWORD(pd, offset));
3384 caps = GWORD(pd, offset);
3388 ti = proto_tree_add_text(tree, NullTVB, offset, 4, "Capabilities: 0x%04x", caps);
3389 caps_tree = proto_item_add_subtree(ti, ett_smb_capabilities);
3390 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3391 decode_boolean_bitfield(caps, 0x0001, 32,
3392 "Raw Mode supported",
3393 "Raw Mode not supported"));
3394 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3395 decode_boolean_bitfield(caps, 0x0002, 32,
3396 "MPX Mode supported",
3397 "MPX Mode not supported"));
3398 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3399 decode_boolean_bitfield(caps, 0x0004, 32,
3400 "Unicode supported",
3401 "Unicode not supported"));
3402 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3403 decode_boolean_bitfield(caps, 0x0008, 32,
3404 "Large files supported",
3405 "Large files not supported"));
3406 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3407 decode_boolean_bitfield(caps, 0x0010, 32,
3408 "NT LM 0.12 SMBs supported",
3409 "NT LM 0.12 SMBs not supported"));
3410 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3411 decode_boolean_bitfield(caps, 0x0020, 32,
3412 "RPC remote APIs supported",
3413 "RPC remote APIs not supported"));
3414 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3415 decode_boolean_bitfield(caps, 0x0040, 32,
3416 "NT status codes supported",
3417 "NT status codes not supported"));
3418 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3419 decode_boolean_bitfield(caps, 0x0080, 32,
3420 "Level 2 OpLocks supported",
3421 "Level 2 OpLocks not supported"));
3422 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3423 decode_boolean_bitfield(caps, 0x0100, 32,
3424 "Lock&Read supported",
3425 "Lock&Read not supported"));
3426 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3427 decode_boolean_bitfield(caps, 0x0200, 32,
3428 "NT Find supported",
3429 "NT Find not supported"));
3430 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3431 decode_boolean_bitfield(caps, 0x1000, 32,
3433 "DFS not supported"));
3434 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3435 decode_boolean_bitfield(caps, 0x4000, 32,
3436 "Large READX supported",
3437 "Large READX not supported"));
3438 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3439 decode_boolean_bitfield(caps, 0x8000, 32,
3440 "Large WRITEX supported",
3441 "Large WRITEX not supported"));
3442 proto_tree_add_text(caps_tree, NullTVB, offset, 4, "%s",
3443 decode_boolean_bitfield(caps, 0x80000000, 32,
3444 "Extended security exchanges supported",
3445 "Extended security exchanges not supported"));
3450 /* Server time, 2 WORDS */
3454 proto_tree_add_text(tree, NullTVB, offset, 4, "System Time Low: 0x%08x", GWORD(pd, offset));
3455 proto_tree_add_text(tree, NullTVB, offset + 4, 4, "System Time High: 0x%08x", GWORD(pd, offset + 4));
3461 /* Server Time Zone, SHORT */
3465 proto_tree_add_text(tree, NullTVB, offset, 2, "Server time zone: %i min from UTC",
3466 (signed)GSSHORT(pd, offset));
3472 /* Encryption key len */
3474 enckeylen = pd[offset];
3478 proto_tree_add_text(tree, NullTVB, offset, 1, "Encryption key len: %u", enckeylen);
3484 bcc = GSHORT(pd, offset);
3488 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte count (BCC): %u", bcc);
3494 if (enckeylen) { /* only if non-zero key len */
3496 /* Encryption challenge key */
3502 proto_tree_add_text(tree, NullTVB, offset, enckeylen, "Challenge encryption key: %s",
3503 bytes_to_str(str, enckeylen));
3507 offset += enckeylen;
3511 /* The domain, a null terminated string; Unicode if "caps" has
3512 the 0x0004 bit set, ASCII (OEM character set) otherwise.
3513 XXX - for now, we just handle the ISO 8859-1 subset of Unicode. */
3519 if (caps & 0x0004) {
3520 ustr = unicode_to_str(str, &ustr_len);
3521 proto_tree_add_text(tree, NullTVB, offset, ustr_len+2, "OEM domain name: %s", ustr);
3523 proto_tree_add_text(tree, NullTVB, offset, strlen(str)+1, "OEM domain name: %s", str);
3530 default: /* Baddd */
3533 proto_tree_add_text(tree, NullTVB, offset, 1, "Bad format, should never get here");
3541 dissect_deletedir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3545 guint8 BufferFormat;
3547 const char *DirectoryName;
3549 if (dirn == 1) { /* Request(s) dissect code */
3551 /* Build display for: Word Count (WCT) */
3553 WordCount = GBYTE(pd, offset);
3557 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3561 offset += 1; /* Skip Word Count (WCT) */
3563 /* Build display for: Byte Count (BCC) */
3565 ByteCount = GSHORT(pd, offset);
3569 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3573 offset += 2; /* Skip Byte Count (BCC) */
3575 /* Build display for: Buffer Format */
3577 BufferFormat = GBYTE(pd, offset);
3581 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
3585 offset += 1; /* Skip Buffer Format */
3587 /* Build display for: Directory Name */
3589 DirectoryName = pd + offset;
3593 proto_tree_add_text(tree, NullTVB, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3597 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3601 if (dirn == 0) { /* Response(s) dissect code */
3603 /* Build display for: Word Count (WCT) */
3605 WordCount = GBYTE(pd, offset);
3609 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3613 offset += 1; /* Skip Word Count (WCT) */
3615 /* Build display for: Byte Count (BCC) */
3617 ByteCount = GSHORT(pd, offset);
3621 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3625 offset += 2; /* Skip Byte Count (BCC) */
3632 dissect_createdir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3636 guint8 BufferFormat;
3638 const char *DirectoryName;
3640 if (dirn == 1) { /* Request(s) dissect code */
3642 /* Build display for: Word Count (WCT) */
3644 WordCount = GBYTE(pd, offset);
3648 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3652 offset += 1; /* Skip Word Count (WCT) */
3654 /* Build display for: Byte Count (BCC) */
3656 ByteCount = GSHORT(pd, offset);
3660 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3664 offset += 2; /* Skip Byte Count (BCC) */
3666 /* Build display for: Buffer Format */
3668 BufferFormat = GBYTE(pd, offset);
3672 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
3676 offset += 1; /* Skip Buffer Format */
3678 /* Build display for: Directory Name */
3680 DirectoryName = pd + offset;
3684 proto_tree_add_text(tree, NullTVB, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3688 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3692 if (dirn == 0) { /* Response(s) dissect code */
3694 /* Build display for: Word Count (WCT) */
3696 WordCount = GBYTE(pd, offset);
3700 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3704 offset += 1; /* Skip Word Count (WCT) */
3706 /* Build display for: Byte Count (BCC) */
3708 ByteCount = GSHORT(pd, offset);
3712 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3716 offset += 2; /* Skip Byte Count (BCC) */
3724 dissect_checkdir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3728 guint8 BufferFormat;
3730 const char *DirectoryName;
3732 if (dirn == 1) { /* Request(s) dissect code */
3734 /* Build display for: Word Count (WCT) */
3736 WordCount = GBYTE(pd, offset);
3740 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3744 offset += 1; /* Skip Word Count (WCT) */
3746 /* Build display for: Byte Count (BCC) */
3748 ByteCount = GSHORT(pd, offset);
3752 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3756 offset += 2; /* Skip Byte Count (BCC) */
3758 /* Build display for: Buffer Format */
3760 BufferFormat = GBYTE(pd, offset);
3764 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
3768 offset += 1; /* Skip Buffer Format */
3770 /* Build display for: Directory Name */
3772 DirectoryName = pd + offset;
3776 proto_tree_add_text(tree, NullTVB, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3780 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3784 if (dirn == 0) { /* Response(s) dissect code */
3786 /* Build display for: Word Count (WCT) */
3788 WordCount = GBYTE(pd, offset);
3792 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3796 offset += 1; /* Skip Word Count (WCT) */
3798 /* Build display for: Byte Count (BCC) */
3800 ByteCount = GSHORT(pd, offset);
3804 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
3808 offset += 2; /* Skip Byte Count (BCC) */
3815 dissect_open_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3818 static const value_string OpenFunction_0x10[] = {
3819 { 0, "Fail if file does not exist"},
3820 { 16, "Create file if it does not exist"},
3823 static const value_string OpenFunction_0x03[] = {
3824 { 0, "Fail if file exists"},
3825 { 1, "Open file if it exists"},
3826 { 2, "Truncate File if it exists"},
3829 static const value_string FileType_0xFFFF[] = {
3830 { 0, "Disk file or directory"},
3831 { 1, "Named pipe in byte mode"},
3832 { 2, "Named pipe in message mode"},
3833 { 3, "Spooled printer"},
3836 static const value_string DesiredAccess_0x70[] = {
3837 { 00, "Compatibility mode"},
3838 { 16, "Deny read/write/execute (exclusive)"},
3839 { 32, "Deny write"},
3840 { 48, "Deny read/execute"},
3844 static const value_string DesiredAccess_0x700[] = {
3845 { 0, "Locality of reference unknown"},
3846 { 256, "Mainly sequential access"},
3847 { 512, "Mainly random access"},
3848 { 768, "Random access with some locality"},
3851 static const value_string DesiredAccess_0x4000[] = {
3852 { 0, "Write through mode disabled"},
3853 { 16384, "Write through mode enabled"},
3856 static const value_string DesiredAccess_0x1000[] = {
3857 { 0, "Normal file (caching permitted)"},
3858 { 4096, "Do not cache this file"},
3861 static const value_string DesiredAccess_0x07[] = {
3862 { 0, "Open for reading"},
3863 { 1, "Open for writing"},
3864 { 2, "Open for reading and writing"},
3865 { 3, "Open for execute"},
3868 static const value_string Action_0x8000[] = {
3869 { 0, "File opened by another user (or mode not supported by server)"},
3870 { 32768, "File is opened only by this user at present"},
3873 static const value_string Action_0x0003[] = {
3874 { 0, "No action taken?"},
3875 { 1, "The file existed and was opened"},
3876 { 2, "The file did not exist but was created"},
3877 { 3, "The file existed and was truncated"},
3880 proto_tree *Search_tree;
3881 proto_tree *OpenFunction_tree;
3882 proto_tree *Flags_tree;
3883 proto_tree *File_tree;
3884 proto_tree *FileType_tree;
3885 proto_tree *FileAttributes_tree;
3886 proto_tree *DesiredAccess_tree;
3887 proto_tree *Action_tree;
3890 guint8 AndXReserved;
3891 guint8 AndXCommand = 0xFF;
3896 guint32 AllocatedSize;
3899 guint16 OpenFunction;
3900 guint16 LastWriteTime;
3901 guint16 LastWriteDate;
3902 guint16 GrantedAccess;
3905 guint16 FileAttributes;
3908 guint16 DeviceState;
3909 guint16 DesiredAccess;
3910 guint16 CreationTime;
3911 guint16 CreationDate;
3913 guint16 AndXOffset = 0;
3915 const char *FileName;
3917 if (dirn == 1) { /* Request(s) dissect code */
3919 /* Build display for: Word Count (WCT) */
3921 WordCount = GBYTE(pd, offset);
3925 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
3929 offset += 1; /* Skip Word Count (WCT) */
3931 /* Build display for: AndXCommand */
3933 AndXCommand = GBYTE(pd, offset);
3937 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
3938 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
3942 offset += 1; /* Skip AndXCommand */
3944 /* Build display for: AndXReserved */
3946 AndXReserved = GBYTE(pd, offset);
3950 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
3954 offset += 1; /* Skip AndXReserved */
3956 /* Build display for: AndXOffset */
3958 AndXOffset = GSHORT(pd, offset);
3962 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
3966 offset += 2; /* Skip AndXOffset */
3968 /* Build display for: Flags */
3970 Flags = GSHORT(pd, offset);
3974 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Flags: 0x%02x", Flags);
3975 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
3976 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
3977 decode_boolean_bitfield(Flags, 0x01, 16, "Dont Return Additional Info", "Return Additional Info"));
3978 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
3979 decode_boolean_bitfield(Flags, 0x02, 16, "Exclusive OpLock not Requested", "Exclusive OpLock Requested"));
3980 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
3981 decode_boolean_bitfield(Flags, 0x04, 16, "Batch OpLock not Requested", "Batch OpLock Requested"));
3985 offset += 2; /* Skip Flags */
3987 /* Build display for: Desired Access */
3989 DesiredAccess = GSHORT(pd, offset);
3993 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Desired Access: 0x%02x", DesiredAccess);
3994 DesiredAccess_tree = proto_item_add_subtree(ti, ett_smb_desiredaccess);
3995 proto_tree_add_text(DesiredAccess_tree, NullTVB, offset, 2, "%s",
3996 decode_enumerated_bitfield(DesiredAccess, 0x07, 16, DesiredAccess_0x07, "%s"));
3997 proto_tree_add_text(DesiredAccess_tree, NullTVB, offset, 2, "%s",
3998 decode_enumerated_bitfield(DesiredAccess, 0x70, 16, DesiredAccess_0x70, "%s"));
3999 proto_tree_add_text(DesiredAccess_tree, NullTVB, offset, 2, "%s",
4000 decode_enumerated_bitfield(DesiredAccess, 0x700, 16, DesiredAccess_0x700, "%s"));
4001 proto_tree_add_text(DesiredAccess_tree, NullTVB, offset, 2, "%s",
4002 decode_enumerated_bitfield(DesiredAccess, 0x1000, 16, DesiredAccess_0x1000, "%s"));
4003 proto_tree_add_text(DesiredAccess_tree, NullTVB, offset, 2, "%s",
4004 decode_enumerated_bitfield(DesiredAccess, 0x4000, 16, DesiredAccess_0x4000, "%s"));
4008 offset += 2; /* Skip Desired Access */
4010 /* Build display for: Search */
4012 Search = GSHORT(pd, offset);
4016 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Search: 0x%02x", Search);
4017 Search_tree = proto_item_add_subtree(ti, ett_smb_search);
4018 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
4019 decode_boolean_bitfield(Search, 0x01, 16, "Read only file", "Not a read only file"));
4020 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
4021 decode_boolean_bitfield(Search, 0x02, 16, "Hidden file", "Not a hidden file"));
4022 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
4023 decode_boolean_bitfield(Search, 0x04, 16, "System file", "Not a system file"));
4024 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
4025 decode_boolean_bitfield(Search, 0x08, 16, " Volume", "Not a volume"));
4026 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
4027 decode_boolean_bitfield(Search, 0x10, 16, " Directory", "Not a directory"));
4028 proto_tree_add_text(Search_tree, NullTVB, offset, 2, "%s",
4029 decode_boolean_bitfield(Search, 0x20, 16, "Archive file", "Do not archive file"));
4033 offset += 2; /* Skip Search */
4035 /* Build display for: File */
4037 File = GSHORT(pd, offset);
4041 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "File: 0x%02x", File);
4042 File_tree = proto_item_add_subtree(ti, ett_smb_file);
4043 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
4044 decode_boolean_bitfield(File, 0x01, 16, "Read only file", "Not a read only file"));
4045 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
4046 decode_boolean_bitfield(File, 0x02, 16, "Hidden file", "Not a hidden file"));
4047 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
4048 decode_boolean_bitfield(File, 0x04, 16, "System file", "Not a system file"));
4049 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
4050 decode_boolean_bitfield(File, 0x08, 16, " Volume", "Not a volume"));
4051 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
4052 decode_boolean_bitfield(File, 0x10, 16, " Directory", "Not a directory"));
4053 proto_tree_add_text(File_tree, NullTVB, offset, 2, "%s",
4054 decode_boolean_bitfield(File, 0x20, 16, "Archive file", "Do not archive file"));
4058 offset += 2; /* Skip File */
4060 /* Build display for: Creation Time */
4062 CreationTime = GSHORT(pd, offset);
4069 offset += 2; /* Skip Creation Time */
4071 /* Build display for: Creation Date */
4073 CreationDate = GSHORT(pd, offset);
4077 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Date: %s", dissect_smbu_date(CreationDate, CreationTime));
4078 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Time: %s", dissect_smbu_time(CreationDate, CreationTime));
4082 offset += 2; /* Skip Creation Date */
4084 /* Build display for: Open Function */
4086 OpenFunction = GSHORT(pd, offset);
4090 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Open Function: 0x%02x", OpenFunction);
4091 OpenFunction_tree = proto_item_add_subtree(ti, ett_smb_openfunction);
4092 proto_tree_add_text(OpenFunction_tree, NullTVB, offset, 2, "%s",
4093 decode_enumerated_bitfield(OpenFunction, 0x10, 16, OpenFunction_0x10, "%s"));
4094 proto_tree_add_text(OpenFunction_tree, NullTVB, offset, 2, "%s",
4095 decode_enumerated_bitfield(OpenFunction, 0x03, 16, OpenFunction_0x03, "%s"));
4099 offset += 2; /* Skip Open Function */
4101 /* Build display for: Allocated Size */
4103 AllocatedSize = GWORD(pd, offset);
4107 proto_tree_add_text(tree, NullTVB, offset, 4, "Allocated Size: %u", AllocatedSize);
4111 offset += 4; /* Skip Allocated Size */
4113 /* Build display for: Reserved1 */
4115 Reserved1 = GWORD(pd, offset);
4119 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved1: %u", Reserved1);
4123 offset += 4; /* Skip Reserved1 */
4125 /* Build display for: Reserved2 */
4127 Reserved2 = GWORD(pd, offset);
4131 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved2: %u", Reserved2);
4135 offset += 4; /* Skip Reserved2 */
4137 /* Build display for: Byte Count */
4139 ByteCount = GSHORT(pd, offset);
4143 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
4147 offset += 2; /* Skip Byte Count */
4149 /* Build display for: File Name */
4151 FileName = pd + offset;
4155 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
4159 offset += strlen(FileName) + 1; /* Skip File Name */
4162 if (AndXCommand != 0xFF) {
4164 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
4170 if (dirn == 0) { /* Response(s) dissect code */
4172 /* Build display for: Word Count (WCT) */
4174 WordCount = GBYTE(pd, offset);
4178 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4182 offset += 1; /* Skip Word Count (WCT) */
4184 if (WordCount > 0) {
4186 /* Build display for: AndXCommand */
4188 AndXCommand = GBYTE(pd, offset);
4192 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
4193 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
4197 offset += 1; /* Skip AndXCommand */
4199 /* Build display for: AndXReserved */
4201 AndXReserved = GBYTE(pd, offset);
4205 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
4209 offset += 1; /* Skip AndXReserved */
4211 /* Build display for: AndXOffset */
4213 AndXOffset = GSHORT(pd, offset);
4217 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
4221 offset += 2; /* Skip AndXOffset */
4223 /* Build display for: FID */
4225 FID = GSHORT(pd, offset);
4229 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
4233 offset += 2; /* Skip FID */
4235 /* Build display for: FileAttributes */
4237 FileAttributes = GSHORT(pd, offset);
4241 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "FileAttributes: 0x%02x", FileAttributes);
4242 FileAttributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
4243 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
4244 decode_boolean_bitfield(FileAttributes, 0x01, 16, "Read only file", "Not a read only file"));
4245 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
4246 decode_boolean_bitfield(FileAttributes, 0x02, 16, "Hidden file", "Not a hidden file"));
4247 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
4248 decode_boolean_bitfield(FileAttributes, 0x04, 16, "System file", "Not a system file"));
4249 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
4250 decode_boolean_bitfield(FileAttributes, 0x08, 16, " Volume", "Not a volume"));
4251 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
4252 decode_boolean_bitfield(FileAttributes, 0x10, 16, " Directory", "Not a directory"));
4253 proto_tree_add_text(FileAttributes_tree, NullTVB, offset, 2, "%s",
4254 decode_boolean_bitfield(FileAttributes, 0x20, 16, "Archive file", "Do not archive file"));
4258 offset += 2; /* Skip FileAttributes */
4260 /* Build display for: Last Write Time */
4262 LastWriteTime = GSHORT(pd, offset);
4268 offset += 2; /* Skip Last Write Time */
4270 /* Build display for: Last Write Date */
4272 LastWriteDate = GSHORT(pd, offset);
4276 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_smbu_date(LastWriteDate, LastWriteTime));
4277 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_smbu_time(LastWriteDate, LastWriteTime));
4282 offset += 2; /* Skip Last Write Date */
4284 /* Build display for: Data Size */
4286 DataSize = GWORD(pd, offset);
4290 proto_tree_add_text(tree, NullTVB, offset, 4, "Data Size: %u", DataSize);
4294 offset += 4; /* Skip Data Size */
4296 /* Build display for: Granted Access */
4298 GrantedAccess = GSHORT(pd, offset);
4302 proto_tree_add_text(tree, NullTVB, offset, 2, "Granted Access: %u", GrantedAccess);
4306 offset += 2; /* Skip Granted Access */
4308 /* Build display for: File Type */
4310 FileType = GSHORT(pd, offset);
4314 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "File Type: 0x%02x", FileType);
4315 FileType_tree = proto_item_add_subtree(ti, ett_smb_filetype);
4316 proto_tree_add_text(FileType_tree, NullTVB, offset, 2, "%s",
4317 decode_enumerated_bitfield(FileType, 0xFFFF, 16, FileType_0xFFFF, "%s"));
4321 offset += 2; /* Skip File Type */
4323 /* Build display for: Device State */
4325 DeviceState = GSHORT(pd, offset);
4329 proto_tree_add_text(tree, NullTVB, offset, 2, "Device State: %u", DeviceState);
4333 offset += 2; /* Skip Device State */
4335 /* Build display for: Action */
4337 Action = GSHORT(pd, offset);
4341 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Action: 0x%02x", Action);
4342 Action_tree = proto_item_add_subtree(ti, ett_smb_action);
4343 proto_tree_add_text(Action_tree, NullTVB, offset, 2, "%s",
4344 decode_enumerated_bitfield(Action, 0x8000, 16, Action_0x8000, "%s"));
4345 proto_tree_add_text(Action_tree, NullTVB, offset, 2, "%s",
4346 decode_enumerated_bitfield(Action, 0x0003, 16, Action_0x0003, "%s"));
4350 offset += 2; /* Skip Action */
4352 /* Build display for: Server FID */
4354 ServerFID = GWORD(pd, offset);
4358 proto_tree_add_text(tree, NullTVB, offset, 4, "Server FID: %u", ServerFID);
4362 offset += 4; /* Skip Server FID */
4364 /* Build display for: Reserved */
4366 Reserved = GSHORT(pd, offset);
4370 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
4374 offset += 2; /* Skip Reserved */
4378 /* Build display for: Byte Count */
4380 ByteCount = GSHORT(pd, offset);
4384 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
4388 offset += 2; /* Skip Byte Count */
4391 if (AndXCommand != 0xFF) {
4393 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
4402 dissect_write_raw_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4405 proto_tree *WriteMode_tree;
4421 if (dirn == 1) { /* Request(s) dissect code */
4423 WordCount = GBYTE(pd, offset);
4425 switch (WordCount) {
4429 /* Build display for: Word Count (WCT) */
4431 WordCount = GBYTE(pd, offset);
4435 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4439 offset += 1; /* Skip Word Count (WCT) */
4441 /* Build display for: FID */
4443 FID = GSHORT(pd, offset);
4447 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
4451 offset += 2; /* Skip FID */
4453 /* Build display for: Count */
4455 Count = GSHORT(pd, offset);
4459 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
4463 offset += 2; /* Skip Count */
4465 /* Build display for: Reserved 1 */
4467 Reserved1 = GSHORT(pd, offset);
4471 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
4475 offset += 2; /* Skip Reserved 1 */
4477 /* Build display for: Offset */
4479 Offset = GWORD(pd, offset);
4483 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
4487 offset += 4; /* Skip Offset */
4489 /* Build display for: Timeout */
4491 Timeout = GWORD(pd, offset);
4495 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
4499 offset += 4; /* Skip Timeout */
4501 /* Build display for: WriteMode */
4503 WriteMode = GSHORT(pd, offset);
4507 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "WriteMode: 0x%02x", WriteMode);
4508 WriteMode_tree = proto_item_add_subtree(ti, ett_smb_writemode);
4509 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
4510 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
4511 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
4512 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining (pipe/dev)", "Dont return Remaining (pipe/dev)"));
4516 offset += 2; /* Skip WriteMode */
4518 /* Build display for: Reserved 2 */
4520 Reserved2 = GWORD(pd, offset);
4524 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved 2: %u", Reserved2);
4528 offset += 4; /* Skip Reserved 2 */
4530 /* Build display for: Data Length */
4532 DataLength = GSHORT(pd, offset);
4536 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
4540 offset += 2; /* Skip Data Length */
4542 /* Build display for: Data Offset */
4544 DataOffset = GSHORT(pd, offset);
4548 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
4552 offset += 2; /* Skip Data Offset */
4554 /* Build display for: Byte Count (BCC) */
4556 ByteCount = GSHORT(pd, offset);
4560 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
4564 offset += 2; /* Skip Byte Count (BCC) */
4566 /* Build display for: Pad */
4568 Pad = GBYTE(pd, offset);
4572 proto_tree_add_text(tree, NullTVB, offset, 1, "Pad: %u", Pad);
4576 offset += 1; /* Skip Pad */
4582 /* Build display for: Word Count (WCT) */
4584 WordCount = GBYTE(pd, offset);
4588 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4592 offset += 1; /* Skip Word Count (WCT) */
4594 /* Build display for: FID */
4596 FID = GSHORT(pd, offset);
4600 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
4604 offset += 2; /* Skip FID */
4606 /* Build display for: Count */
4608 Count = GSHORT(pd, offset);
4612 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
4616 offset += 2; /* Skip Count */
4618 /* Build display for: Reserved 1 */
4620 Reserved1 = GSHORT(pd, offset);
4624 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
4628 offset += 2; /* Skip Reserved 1 */
4630 /* Build display for: Timeout */
4632 Timeout = GWORD(pd, offset);
4636 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
4640 offset += 4; /* Skip Timeout */
4642 /* Build display for: WriteMode */
4644 WriteMode = GSHORT(pd, offset);
4648 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "WriteMode: 0x%02x", WriteMode);
4649 WriteMode_tree = proto_item_add_subtree(ti, ett_smb_writemode);
4650 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
4651 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
4652 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
4653 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining (pipe/dev)", "Dont return Remaining (pipe/dev)"));
4657 offset += 2; /* Skip WriteMode */
4659 /* Build display for: Reserved 2 */
4661 Reserved2 = GWORD(pd, offset);
4665 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved 2: %u", Reserved2);
4669 offset += 4; /* Skip Reserved 2 */
4671 /* Build display for: Data Length */
4673 DataLength = GSHORT(pd, offset);
4677 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
4681 offset += 2; /* Skip Data Length */
4683 /* Build display for: Data Offset */
4685 DataOffset = GSHORT(pd, offset);
4689 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
4693 offset += 2; /* Skip Data Offset */
4695 /* Build display for: Byte Count (BCC) */
4697 ByteCount = GSHORT(pd, offset);
4701 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
4705 offset += 2; /* Skip Byte Count (BCC) */
4707 /* Build display for: Pad */
4709 Pad = GBYTE(pd, offset);
4713 proto_tree_add_text(tree, NullTVB, offset, 1, "Pad: %u", Pad);
4717 offset += 1; /* Skip Pad */
4725 if (dirn == 0) { /* Response(s) dissect code */
4727 /* Build display for: Word Count (WCT) */
4729 WordCount = GBYTE(pd, offset);
4733 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4737 offset += 1; /* Skip Word Count (WCT) */
4739 if (WordCount > 0) {
4741 /* Build display for: Remaining */
4743 Remaining = GSHORT(pd, offset);
4747 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
4751 offset += 2; /* Skip Remaining */
4755 /* Build display for: Byte Count */
4757 ByteCount = GSHORT(pd, offset);
4761 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
4765 offset += 2; /* Skip Byte Count */
4772 dissect_tdis_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4778 if (dirn == 1) { /* Request(s) dissect code */
4780 /* Build display for: Word Count (WCT) */
4782 WordCount = GBYTE(pd, offset);
4786 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4790 offset += 1; /* Skip Word Count (WCT) */
4792 /* Build display for: Byte Count (BCC) */
4794 ByteCount = GSHORT(pd, offset);
4798 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
4802 offset += 2; /* Skip Byte Count (BCC) */
4806 if (dirn == 0) { /* Response(s) dissect code */
4808 /* Build display for: Word Count (WCT) */
4810 WordCount = GBYTE(pd, offset);
4814 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4818 offset += 1; /* Skip Word Count (WCT) */
4820 /* Build display for: Byte Count (BCC) */
4822 ByteCount = GSHORT(pd, offset);
4826 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
4830 offset += 2; /* Skip Byte Count (BCC) */
4837 dissect_move_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4840 static const value_string Flags_0x03[] = {
4841 { 0, "Target must be a file"},
4842 { 1, "Target must be a directory"},
4845 { 4, "Verify all writes"},
4848 proto_tree *Flags_tree;
4851 guint8 ErrorFileFormat;
4853 guint16 OpenFunction;
4857 const char *ErrorFileName;
4859 if (dirn == 1) { /* Request(s) dissect code */
4861 /* Build display for: Word Count (WCT) */
4863 WordCount = GBYTE(pd, offset);
4867 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4871 offset += 1; /* Skip Word Count (WCT) */
4873 /* Build display for: TID2 */
4875 TID2 = GSHORT(pd, offset);
4879 proto_tree_add_text(tree, NullTVB, offset, 2, "TID2: %u", TID2);
4883 offset += 2; /* Skip TID2 */
4885 /* Build display for: Open Function */
4887 OpenFunction = GSHORT(pd, offset);
4891 proto_tree_add_text(tree, NullTVB, offset, 2, "Open Function: %u", OpenFunction);
4895 offset += 2; /* Skip Open Function */
4897 /* Build display for: Flags */
4899 Flags = GSHORT(pd, offset);
4903 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Flags: 0x%02x", Flags);
4904 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
4905 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
4906 decode_enumerated_bitfield(Flags, 0x03, 16, Flags_0x03, "%s"));
4910 offset += 2; /* Skip Flags */
4914 if (dirn == 0) { /* Response(s) dissect code */
4916 /* Build display for: Word Count (WCT) */
4918 WordCount = GBYTE(pd, offset);
4922 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
4926 offset += 1; /* Skip Word Count (WCT) */
4928 if (WordCount > 0) {
4930 /* Build display for: Count */
4932 Count = GSHORT(pd, offset);
4936 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
4940 offset += 2; /* Skip Count */
4944 /* Build display for: Byte Count */
4946 ByteCount = GSHORT(pd, offset);
4950 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
4954 offset += 2; /* Skip Byte Count */
4956 /* Build display for: Error File Format */
4958 ErrorFileFormat = GBYTE(pd, offset);
4962 proto_tree_add_text(tree, NullTVB, offset, 1, "Error File Format: %u", ErrorFileFormat);
4966 offset += 1; /* Skip Error File Format */
4968 /* Build display for: Error File Name */
4970 ErrorFileName = pd + offset;
4974 proto_tree_add_text(tree, NullTVB, offset, strlen(ErrorFileName) + 1, "Error File Name: %s", ErrorFileName);
4978 offset += strlen(ErrorFileName) + 1; /* Skip Error File Name */
4985 dissect_rename_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4989 guint8 BufferFormat2;
4990 guint8 BufferFormat1;
4991 guint16 SearchAttributes;
4993 const char *OldFileName;
4994 const char *NewFileName;
4996 if (dirn == 1) { /* Request(s) dissect code */
4998 /* Build display for: Word Count (WCT) */
5000 WordCount = GBYTE(pd, offset);
5004 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5008 offset += 1; /* Skip Word Count (WCT) */
5010 /* Build display for: Search Attributes */
5012 SearchAttributes = GSHORT(pd, offset);
5016 proto_tree_add_text(tree, NullTVB, offset, 2, "Search Attributes: %u", SearchAttributes);
5020 offset += 2; /* Skip Search Attributes */
5022 /* Build display for: Byte Count */
5024 ByteCount = GSHORT(pd, offset);
5028 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
5032 offset += 2; /* Skip Byte Count */
5034 /* Build display for: Buffer Format 1 */
5036 BufferFormat1 = GBYTE(pd, offset);
5040 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format 1: %u", BufferFormat1);
5044 offset += 1; /* Skip Buffer Format 1 */
5046 /* Build display for: Old File Name */
5048 OldFileName = pd + offset;
5052 proto_tree_add_text(tree, NullTVB, offset, strlen(OldFileName) + 1, "Old File Name: %s", OldFileName);
5056 offset += strlen(OldFileName) + 1; /* Skip Old File Name */
5058 /* Build display for: Buffer Format 2 */
5060 BufferFormat2 = GBYTE(pd, offset);
5064 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format 2: %u", BufferFormat2);
5068 offset += 1; /* Skip Buffer Format 2 */
5070 /* Build display for: New File Name */
5072 NewFileName = pd + offset;
5076 proto_tree_add_text(tree, NullTVB, offset, strlen(NewFileName) + 1, "New File Name: %s", NewFileName);
5080 offset += strlen(NewFileName) + 1; /* Skip New File Name */
5084 if (dirn == 0) { /* Response(s) dissect code */
5086 /* Build display for: Word Count (WCT) */
5088 WordCount = GBYTE(pd, offset);
5092 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5096 offset += 1; /* Skip Word Count (WCT) */
5098 /* Build display for: Byte Count (BCC) */
5100 ByteCount = GSHORT(pd, offset);
5104 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5108 offset += 2; /* Skip Byte Count (BCC) */
5115 dissect_open_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5118 static const value_string Mode_0x03[] = {
5119 { 0, "Text mode (DOS expands TABs)"},
5120 { 1, "Graphics mode"},
5123 proto_tree *Mode_tree;
5126 guint8 BufferFormat;
5127 guint16 SetupLength;
5131 const char *IdentifierString;
5133 if (dirn == 1) { /* Request(s) dissect code */
5135 /* Build display for: Word Count (WCT) */
5137 WordCount = GBYTE(pd, offset);
5141 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5145 offset += 1; /* Skip Word Count (WCT) */
5147 /* Build display for: Setup Length */
5149 SetupLength = GSHORT(pd, offset);
5153 proto_tree_add_text(tree, NullTVB, offset, 2, "Setup Length: %u", SetupLength);
5157 offset += 2; /* Skip Setup Length */
5159 /* Build display for: Mode */
5161 Mode = GSHORT(pd, offset);
5165 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Mode: 0x%02x", Mode);
5166 Mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
5167 proto_tree_add_text(Mode_tree, NullTVB, offset, 2, "%s",
5168 decode_enumerated_bitfield(Mode, 0x03, 16, Mode_0x03, "%s"));
5172 offset += 2; /* Skip Mode */
5174 /* Build display for: Byte Count (BCC) */
5176 ByteCount = GSHORT(pd, offset);
5180 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5184 offset += 2; /* Skip Byte Count (BCC) */
5186 /* Build display for: Buffer Format */
5188 BufferFormat = GBYTE(pd, offset);
5192 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
5196 offset += 1; /* Skip Buffer Format */
5198 /* Build display for: Identifier String */
5200 IdentifierString = pd + offset;
5204 proto_tree_add_text(tree, NullTVB, offset, strlen(IdentifierString) + 1, "Identifier String: %s", IdentifierString);
5208 offset += strlen(IdentifierString) + 1; /* Skip Identifier String */
5212 if (dirn == 0) { /* Response(s) dissect code */
5214 /* Build display for: Word Count (WCT) */
5216 WordCount = GBYTE(pd, offset);
5220 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5224 offset += 1; /* Skip Word Count (WCT) */
5226 /* Build display for: FID */
5228 FID = GSHORT(pd, offset);
5232 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
5236 offset += 2; /* Skip FID */
5238 /* Build display for: Byte Count (BCC) */
5240 ByteCount = GSHORT(pd, offset);
5244 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5248 offset += 2; /* Skip Byte Count (BCC) */
5255 dissect_close_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5262 if (dirn == 1) { /* Request(s) dissect code */
5264 /* Build display for: Word Count (WCT) */
5266 WordCount = GBYTE(pd, offset);
5270 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5274 offset += 1; /* Skip Word Count (WCT) */
5276 /* Build display for: FID */
5278 FID = GSHORT(pd, offset);
5282 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
5286 offset += 2; /* Skip FID */
5288 /* Build display for: Byte Count (BCC) */
5290 ByteCount = GSHORT(pd, offset);
5294 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5298 offset += 2; /* Skip Byte Count (BCC) */
5302 if (dirn == 0) { /* Response(s) dissect code */
5304 /* Build display for: Word Count */
5306 WordCount = GBYTE(pd, offset);
5310 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count: %u", WordCount);
5314 offset += 1; /* Skip Word Count */
5316 /* Build display for: Byte Count (BCC) */
5318 ByteCount = GSHORT(pd, offset);
5322 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5326 offset += 2; /* Skip Byte Count (BCC) */
5333 dissect_read_raw_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5346 if (dirn == 1) { /* Request(s) dissect code */
5348 WordCount = GBYTE(pd, offset);
5350 switch (WordCount) {
5354 /* Build display for: Word Count (WCT) */
5356 WordCount = GBYTE(pd, offset);
5360 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5364 offset += 1; /* Skip Word Count (WCT) */
5366 /* Build display for: FID */
5368 FID = GSHORT(pd, offset);
5372 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
5376 offset += 2; /* Skip FID */
5378 /* Build display for: Offset */
5380 Offset = GWORD(pd, offset);
5384 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
5388 offset += 4; /* Skip Offset */
5390 /* Build display for: Max Count */
5392 MaxCount = GSHORT(pd, offset);
5396 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
5400 offset += 2; /* Skip Max Count */
5402 /* Build display for: Min Count */
5404 MinCount = GSHORT(pd, offset);
5408 proto_tree_add_text(tree, NullTVB, offset, 2, "Min Count: %u", MinCount);
5412 offset += 2; /* Skip Min Count */
5414 /* Build display for: Timeout */
5416 Timeout = GWORD(pd, offset);
5420 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
5424 offset += 4; /* Skip Timeout */
5426 /* Build display for: Reserved */
5428 Reserved = GSHORT(pd, offset);
5432 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
5436 offset += 2; /* Skip Reserved */
5438 /* Build display for: Byte Count (BCC) */
5440 ByteCount = GSHORT(pd, offset);
5444 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5448 offset += 2; /* Skip Byte Count (BCC) */
5454 /* Build display for: Word Count (WCT) */
5456 WordCount = GBYTE(pd, offset);
5460 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5464 offset += 1; /* Skip Word Count (WCT) */
5466 /* Build display for: FID */
5468 FID = GSHORT(pd, offset);
5472 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
5476 offset += 2; /* Skip FID */
5478 /* Build display for: Offset */
5480 Offset = GWORD(pd, offset);
5484 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
5488 offset += 4; /* Skip Offset */
5490 /* Build display for: Max Count */
5492 MaxCount = GSHORT(pd, offset);
5496 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
5500 offset += 2; /* Skip Max Count */
5502 /* Build display for: Min Count */
5504 MinCount = GSHORT(pd, offset);
5508 proto_tree_add_text(tree, NullTVB, offset, 2, "Min Count: %u", MinCount);
5512 offset += 2; /* Skip Min Count */
5514 /* Build display for: Timeout */
5516 Timeout = GWORD(pd, offset);
5520 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
5524 offset += 4; /* Skip Timeout */
5526 /* Build display for: Reserved */
5528 Reserved = GSHORT(pd, offset);
5532 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
5536 offset += 2; /* Skip Reserved */
5538 /* Build display for: Offset High */
5540 OffsetHigh = GWORD(pd, offset);
5544 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset High: %u", OffsetHigh);
5548 offset += 4; /* Skip Offset High */
5550 /* Build display for: Byte Count (BCC) */
5552 ByteCount = GSHORT(pd, offset);
5556 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5560 offset += 2; /* Skip Byte Count (BCC) */
5568 if (dirn == 0) { /* Response(s) dissect code */
5575 dissect_read_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5579 guint8 AndXReserved;
5580 guint8 AndXCommand = 0xFF;
5582 guint16 AndXOffset = 0;
5584 guint16 DataCompactionMode;
5595 if (dirn == 1) { /* Request(s) dissect code */
5597 /* Build display for: Word Count (WCT) */
5599 WordCount = GBYTE(pd, offset);
5603 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5607 offset += 1; /* Skip Word Count (WCT) */
5609 /* Build display for: AndXCommand */
5611 AndXCommand = GBYTE(pd, offset);
5615 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %u", AndXCommand);
5619 offset += 1; /* Skip AndXCommand */
5621 /* Build display for: AndXReserved */
5623 AndXReserved = GBYTE(pd, offset);
5627 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
5631 offset += 1; /* Skip AndXReserved */
5633 /* Build display for: AndXOffset */
5635 AndXOffset = GSHORT(pd, offset);
5639 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
5643 offset += 2; /* Skip AndXOffset */
5645 /* Build display for: FID */
5647 FID = GSHORT(pd, offset);
5651 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
5655 offset += 2; /* Skip FID */
5657 /* Build display for: Offset */
5659 Offset = GWORD(pd, offset);
5663 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
5667 offset += 4; /* Skip Offset */
5669 /* Build display for: Max Count */
5671 MaxCount = GSHORT(pd, offset);
5675 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
5679 offset += 2; /* Skip Max Count */
5681 /* Build display for: Min Count */
5683 MinCount = GSHORT(pd, offset);
5687 proto_tree_add_text(tree, NullTVB, offset, 2, "Min Count: %u", MinCount);
5691 offset += 2; /* Skip Min Count */
5693 /* Build display for: Reserved */
5695 Reserved = GWORD(pd, offset);
5699 proto_tree_add_text(tree, NullTVB, offset, 4, "Reserved: %u", Reserved);
5703 offset += 4; /* Skip Reserved */
5705 /* Build display for: Remaining */
5707 Remaining = GSHORT(pd, offset);
5711 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
5715 offset += 2; /* Skip Remaining */
5717 if (WordCount == 12) {
5719 /* Build display for: Offset High */
5721 OffsetHigh = GWORD(pd, offset);
5725 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset High: %u", OffsetHigh);
5729 offset += 4; /* Skip Offset High */
5732 /* Build display for: Byte Count (BCC) */
5734 ByteCount = GSHORT(pd, offset);
5738 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5742 offset += 2; /* Skip Byte Count (BCC) */
5745 if (AndXCommand != 0xFF) {
5747 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
5753 if (dirn == 0) { /* Response(s) dissect code */
5755 /* Build display for: Word Count (WCT) */
5757 WordCount = GBYTE(pd, offset);
5761 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5765 offset += 1; /* Skip Word Count (WCT) */
5767 /* Build display for: AndXCommand */
5769 AndXCommand = GBYTE(pd, offset);
5773 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %u", AndXCommand);
5777 offset += 1; /* Skip AndXCommand */
5779 /* Build display for: AndXReserved */
5781 AndXReserved = GBYTE(pd, offset);
5785 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
5789 offset += 1; /* Skip AndXReserved */
5791 /* Build display for: AndXOffset */
5793 AndXOffset = GSHORT(pd, offset);
5797 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
5801 offset += 2; /* Skip AndXOffset */
5803 /* Build display for: Remaining */
5805 Remaining = GSHORT(pd, offset);
5809 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
5813 offset += 2; /* Skip Remaining */
5815 /* Build display for: Data Compaction Mode */
5817 DataCompactionMode = GSHORT(pd, offset);
5821 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Compaction Mode: %u", DataCompactionMode);
5825 offset += 2; /* Skip Data Compaction Mode */
5827 /* Build display for: Reserved */
5829 Reserved = GSHORT(pd, offset);
5833 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
5837 offset += 2; /* Skip Reserved */
5839 /* Build display for: Data Length */
5841 DataLength = GSHORT(pd, offset);
5845 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
5849 offset += 2; /* Skip Data Length */
5851 /* Build display for: Data Offset */
5853 DataOffset = GSHORT(pd, offset);
5857 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
5861 offset += 2; /* Skip Data Offset */
5863 /* Build display for: Reserved[5] */
5865 for(i = 1; i <= 5; ++i) {
5867 Reserved = GSHORT(pd, offset);
5871 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved%u: %u", i, Reserved);
5877 /* Build display for: Byte Count (BCC) */
5879 ByteCount = GSHORT(pd, offset);
5883 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5887 offset += 2; /* Skip Byte Count (BCC) */
5889 /* Build display for data */
5893 offset = SMB_offset + DataOffset;
5894 if(END_OF_FRAME >= DataLength)
5895 proto_tree_add_text(tree, NullTVB, offset, DataLength, "Data (%u bytes)", DataLength);
5897 proto_tree_add_text(tree, NullTVB, offset, END_OF_FRAME, "Data (first %u bytes)", END_OF_FRAME);
5901 if (AndXCommand != 0xFF) {
5903 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
5912 dissect_logoff_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5916 guint8 AndXReserved;
5917 guint8 AndXCommand = 0xFF;
5919 guint16 AndXOffset = 0;
5921 if (dirn == 1) { /* Request(s) dissect code */
5923 /* Build display for: Word Count (WCT) */
5925 WordCount = GBYTE(pd, offset);
5929 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
5933 offset += 1; /* Skip Word Count (WCT) */
5935 /* Build display for: AndXCommand */
5937 AndXCommand = GBYTE(pd, offset);
5941 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %u", AndXCommand);
5945 offset += 1; /* Skip AndXCommand */
5947 /* Build display for: AndXReserved */
5949 AndXReserved = GBYTE(pd, offset);
5953 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
5957 offset += 1; /* Skip AndXReserved */
5959 /* Build display for: AndXOffset */
5961 AndXOffset = GSHORT(pd, offset);
5965 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
5969 offset += 2; /* Skip AndXOffset */
5971 /* Build display for: Byte Count (BCC) */
5973 ByteCount = GSHORT(pd, offset);
5977 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
5981 offset += 2; /* Skip Byte Count (BCC) */
5984 if (AndXCommand != 0xFF) {
5986 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
5992 if (dirn == 0) { /* Response(s) dissect code */
5994 /* Build display for: Word Count (WCT) */
5996 WordCount = GBYTE(pd, offset);
6000 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6004 offset += 1; /* Skip Word Count (WCT) */
6006 /* Build display for: AndXCommand */
6008 AndXCommand = GBYTE(pd, offset);
6012 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %u", AndXCommand);
6016 offset += 1; /* Skip AndXCommand */
6018 /* Build display for: AndXReserved */
6020 AndXReserved = GBYTE(pd, offset);
6024 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
6028 offset += 1; /* Skip AndXReserved */
6030 /* Build display for: AndXOffset */
6032 AndXOffset = GSHORT(pd, offset);
6036 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
6040 offset += 2; /* Skip AndXOffset */
6042 /* Build display for: Byte Count (BCC) */
6044 ByteCount = GSHORT(pd, offset);
6048 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6052 offset += 2; /* Skip Byte Count (BCC) */
6055 if (AndXCommand != 0xFF) {
6057 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
6066 dissect_seek_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6069 static const value_string Mode_0x03[] = {
6070 { 0, "Seek from start of file"},
6071 { 1, "Seek from current position"},
6072 { 2, "Seek from end of file"},
6075 proto_tree *Mode_tree;
6083 if (dirn == 1) { /* Request(s) dissect code */
6085 /* Build display for: Word Count (WCT) */
6087 WordCount = GBYTE(pd, offset);
6091 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6095 offset += 1; /* Skip Word Count (WCT) */
6097 /* Build display for: FID */
6099 FID = GSHORT(pd, offset);
6103 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
6107 offset += 2; /* Skip FID */
6109 /* Build display for: Mode */
6111 Mode = GSHORT(pd, offset);
6115 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Mode: 0x%02x", Mode);
6116 Mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
6117 proto_tree_add_text(Mode_tree, NullTVB, offset, 2, "%s",
6118 decode_enumerated_bitfield(Mode, 0x03, 16, Mode_0x03, "%s"));
6122 offset += 2; /* Skip Mode */
6124 /* Build display for: Offset */
6126 Offset = GWORD(pd, offset);
6130 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
6134 offset += 4; /* Skip Offset */
6136 /* Build display for: Byte Count (BCC) */
6138 ByteCount = GSHORT(pd, offset);
6142 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6146 offset += 2; /* Skip Byte Count (BCC) */
6150 if (dirn == 0) { /* Response(s) dissect code */
6152 /* Build display for: Word Count (WCT) */
6154 WordCount = GBYTE(pd, offset);
6158 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6162 offset += 1; /* Skip Word Count (WCT) */
6164 /* Build display for: Offset */
6166 Offset = GWORD(pd, offset);
6170 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
6174 offset += 4; /* Skip Offset */
6176 /* Build display for: Byte Count (BCC) */
6178 ByteCount = GSHORT(pd, offset);
6182 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6186 offset += 2; /* Skip Byte Count (BCC) */
6193 dissect_write_and_unlock_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6197 guint8 BufferFormat;
6205 if (dirn == 1) { /* Request(s) dissect code */
6207 /* Build display for: Word Count (WCT) */
6209 WordCount = GBYTE(pd, offset);
6213 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6217 offset += 1; /* Skip Word Count (WCT) */
6219 /* Build display for: FID */
6221 FID = GSHORT(pd, offset);
6225 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
6229 offset += 2; /* Skip FID */
6231 /* Build display for: Count */
6233 Count = GSHORT(pd, offset);
6237 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
6241 offset += 2; /* Skip Count */
6243 /* Build display for: Offset */
6245 Offset = GWORD(pd, offset);
6249 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
6253 offset += 4; /* Skip Offset */
6255 /* Build display for: Remaining */
6257 Remaining = GSHORT(pd, offset);
6261 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
6265 offset += 2; /* Skip Remaining */
6267 /* Build display for: Byte Count (BCC) */
6269 ByteCount = GSHORT(pd, offset);
6273 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6277 offset += 2; /* Skip Byte Count (BCC) */
6279 /* Build display for: Buffer Format */
6281 BufferFormat = GBYTE(pd, offset);
6285 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
6289 offset += 1; /* Skip Buffer Format */
6291 /* Build display for: Data Length */
6293 DataLength = GSHORT(pd, offset);
6297 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
6301 offset += 2; /* Skip Data Length */
6305 if (dirn == 0) { /* Response(s) dissect code */
6307 /* Build display for: Word Count (WCT) */
6309 WordCount = GBYTE(pd, offset);
6313 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6317 offset += 1; /* Skip Word Count (WCT) */
6319 /* Build display for: Count */
6321 Count = GSHORT(pd, offset);
6325 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
6329 offset += 2; /* Skip Count */
6331 /* Build display for: Byte Count (BCC) */
6333 ByteCount = GSHORT(pd, offset);
6337 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6341 offset += 2; /* Skip Byte Count (BCC) */
6348 dissect_set_info2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6352 guint16 LastWriteTime;
6353 guint16 LastWriteDate;
6354 guint16 LastAccessTime;
6355 guint16 LastAccessDate;
6357 guint16 CreationTime;
6358 guint16 CreationDate;
6361 if (dirn == 1) { /* Request(s) dissect code */
6363 /* Build display for: Word Count */
6365 WordCount = GBYTE(pd, offset);
6369 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count: %u", WordCount);
6373 offset += 1; /* Skip Word Count */
6375 /* Build display for: FID */
6377 FID = GSHORT(pd, offset);
6381 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
6385 offset += 2; /* Skip FID */
6387 /* Build display for: Creation Date */
6389 CreationDate = GSHORT(pd, offset);
6393 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Date: %s", dissect_dos_date(CreationDate));
6397 offset += 2; /* Skip Creation Date */
6399 /* Build display for: Creation Time */
6401 CreationTime = GSHORT(pd, offset);
6405 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Time: %s", dissect_dos_time(CreationTime));
6409 offset += 2; /* Skip Creation Time */
6411 /* Build display for: Last Access Date */
6413 LastAccessDate = GSHORT(pd, offset);
6417 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Access Date: %s", dissect_dos_date(LastAccessDate));
6421 offset += 2; /* Skip Last Access Date */
6423 /* Build display for: Last Access Time */
6425 LastAccessTime = GSHORT(pd, offset);
6429 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Access Time: %s", dissect_dos_time(LastAccessTime));
6433 offset += 2; /* Skip Last Access Time */
6435 /* Build display for: Last Write Date */
6437 LastWriteDate = GSHORT(pd, offset);
6441 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_dos_date(LastWriteDate));
6445 offset += 2; /* Skip Last Write Date */
6447 /* Build display for: Last Write Time */
6449 LastWriteTime = GSHORT(pd, offset);
6453 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_dos_time(LastWriteTime));
6457 offset += 2; /* Skip Last Write Time */
6459 /* Build display for: Byte Count (BCC) */
6461 ByteCount = GSHORT(pd, offset);
6465 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6469 offset += 2; /* Skip Byte Count (BCC) */
6473 if (dirn == 0) { /* Response(s) dissect code */
6475 /* Build display for: Word Count (WCC) */
6477 WordCount = GBYTE(pd, offset);
6481 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCC): %u", WordCount);
6485 offset += 1; /* Skip Word Count (WCC) */
6487 /* Build display for: Byte Count (BCC) */
6489 ByteCount = GSHORT(pd, offset);
6493 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6497 offset += 2; /* Skip Byte Count (BCC) */
6504 dissect_lock_bytes_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6513 if (dirn == 1) { /* Request(s) dissect code */
6515 /* Build display for: Word Count (WCT) */
6517 WordCount = GBYTE(pd, offset);
6521 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6525 offset += 1; /* Skip Word Count (WCT) */
6527 /* Build display for: FID */
6529 FID = GSHORT(pd, offset);
6533 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
6537 offset += 2; /* Skip FID */
6539 /* Build display for: Count */
6541 Count = GWORD(pd, offset);
6545 proto_tree_add_text(tree, NullTVB, offset, 4, "Count: %u", Count);
6549 offset += 4; /* Skip Count */
6551 /* Build display for: Offset */
6553 Offset = GWORD(pd, offset);
6557 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
6561 offset += 4; /* Skip Offset */
6563 /* Build display for: Byte Count (BCC) */
6565 ByteCount = GSHORT(pd, offset);
6569 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6573 offset += 2; /* Skip Byte Count (BCC) */
6577 if (dirn == 0) { /* Response(s) dissect code */
6579 /* Build display for: Word Count (WCT) */
6581 WordCount = GBYTE(pd, offset);
6585 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6589 offset += 1; /* Skip Word Count (WCT) */
6591 /* Build display for: Byte Count (BCC) */
6593 ByteCount = GSHORT(pd, offset);
6597 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6601 offset += 2; /* Skip Byte Count (BCC) */
6608 dissect_get_print_queue_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6612 guint8 BufferFormat;
6614 guint16 RestartIndex;
6620 if (dirn == 1) { /* Request(s) dissect code */
6622 /* Build display for: Word Count */
6624 WordCount = GBYTE(pd, offset);
6628 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count: %u", WordCount);
6632 offset += 1; /* Skip Word Count */
6634 /* Build display for: Max Count */
6636 MaxCount = GSHORT(pd, offset);
6640 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
6644 offset += 2; /* Skip Max Count */
6646 /* Build display for: Start Index */
6648 StartIndex = GSHORT(pd, offset);
6652 proto_tree_add_text(tree, NullTVB, offset, 2, "Start Index: %u", StartIndex);
6656 offset += 2; /* Skip Start Index */
6658 /* Build display for: Byte Count (BCC) */
6660 ByteCount = GSHORT(pd, offset);
6664 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6668 offset += 2; /* Skip Byte Count (BCC) */
6672 if (dirn == 0) { /* Response(s) dissect code */
6674 /* Build display for: Word Count (WCT) */
6676 WordCount = GBYTE(pd, offset);
6680 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6684 offset += 1; /* Skip Word Count (WCT) */
6686 if (WordCount > 0) {
6688 /* Build display for: Count */
6690 Count = GSHORT(pd, offset);
6694 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
6698 offset += 2; /* Skip Count */
6700 /* Build display for: Restart Index */
6702 RestartIndex = GSHORT(pd, offset);
6706 proto_tree_add_text(tree, NullTVB, offset, 2, "Restart Index: %u", RestartIndex);
6710 offset += 2; /* Skip Restart Index */
6712 /* Build display for: Byte Count (BCC) */
6716 ByteCount = GSHORT(pd, offset);
6720 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6724 offset += 2; /* Skip Byte Count (BCC) */
6726 /* Build display for: Buffer Format */
6728 BufferFormat = GBYTE(pd, offset);
6732 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
6736 offset += 1; /* Skip Buffer Format */
6738 /* Build display for: Data Length */
6740 DataLength = GSHORT(pd, offset);
6744 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
6748 offset += 2; /* Skip Data Length */
6755 dissect_locking_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6758 proto_tree *LockType_tree;
6763 guint8 AndXReserved;
6764 guint8 AndXCommand = 0xFF;
6766 guint16 NumberofLocks;
6767 guint16 NumberOfUnlocks;
6771 guint16 AndXOffset = 0;
6773 if (dirn == 1) { /* Request(s) dissect code */
6775 /* Build display for: Word Count (WCT) */
6777 WordCount = GBYTE(pd, offset);
6781 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6785 offset += 1; /* Skip Word Count (WCT) */
6787 /* Build display for: AndXCommand */
6789 AndXCommand = GBYTE(pd, offset);
6793 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %u", AndXCommand);
6797 offset += 1; /* Skip AndXCommand */
6799 /* Build display for: AndXReserved */
6801 AndXReserved = GBYTE(pd, offset);
6805 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
6809 offset += 1; /* Skip AndXReserved */
6811 /* Build display for: AndXOffset */
6813 AndXOffset = GSHORT(pd, offset);
6817 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXOffset: %u", AndXOffset);
6821 offset += 2; /* Skip AndXOffset */
6823 /* Build display for: FID */
6825 FID = GSHORT(pd, offset);
6829 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
6833 offset += 2; /* Skip FID */
6835 /* Build display for: Lock Type */
6837 LockType = GBYTE(pd, offset);
6841 ti = proto_tree_add_text(tree, NullTVB, offset, 1, "Lock Type: 0x%01x", LockType);
6842 LockType_tree = proto_item_add_subtree(ti, ett_smb_lock_type);
6843 proto_tree_add_text(LockType_tree, NullTVB, offset, 1, "%s",
6844 decode_boolean_bitfield(LockType, 0x01, 16, "Read-only lock", "Not a Read-only lock"));
6845 proto_tree_add_text(LockType_tree, NullTVB, offset, 1, "%s",
6846 decode_boolean_bitfield(LockType, 0x02, 16, "Oplock break notification", "Not an Oplock break notification"));
6847 proto_tree_add_text(LockType_tree, NullTVB, offset, 1, "%s",
6848 decode_boolean_bitfield(LockType, 0x04, 16, "Change lock type", "Not a lock type change"));
6849 proto_tree_add_text(LockType_tree, NullTVB, offset, 1, "%s",
6850 decode_boolean_bitfield(LockType, 0x08, 16, "Cancel outstanding request", "Dont cancel outstanding request"));
6851 proto_tree_add_text(LockType_tree, NullTVB, offset, 1, "%s",
6852 decode_boolean_bitfield(LockType, 0x10, 16, "Large file locking format", "Not a large file locking format"));
6856 offset += 1; /* Skip Lock Type */
6858 /* Build display for: OplockLevel */
6860 OplockLevel = GBYTE(pd, offset);
6864 proto_tree_add_text(tree, NullTVB, offset, 1, "OplockLevel: %u", OplockLevel);
6868 offset += 1; /* Skip OplockLevel */
6870 /* Build display for: Timeout */
6872 Timeout = GWORD(pd, offset);
6876 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
6880 offset += 4; /* Skip Timeout */
6882 /* Build display for: Number Of Unlocks */
6884 NumberOfUnlocks = GSHORT(pd, offset);
6888 proto_tree_add_text(tree, NullTVB, offset, 2, "Number Of Unlocks: %u", NumberOfUnlocks);
6892 offset += 2; /* Skip Number Of Unlocks */
6894 /* Build display for: Number of Locks */
6896 NumberofLocks = GSHORT(pd, offset);
6900 proto_tree_add_text(tree, NullTVB, offset, 2, "Number of Locks: %u", NumberofLocks);
6904 offset += 2; /* Skip Number of Locks */
6906 /* Build display for: Byte Count (BCC) */
6908 ByteCount = GSHORT(pd, offset);
6912 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
6916 offset += 2; /* Skip Byte Count (BCC) */
6919 if (AndXCommand != 0xFF) {
6921 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
6927 if (dirn == 0) { /* Response(s) dissect code */
6929 /* Build display for: Word Count (WCT) */
6931 WordCount = GBYTE(pd, offset);
6935 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
6939 offset += 1; /* Skip Word Count (WCT) */
6941 if (WordCount > 0) {
6943 /* Build display for: AndXCommand */
6945 AndXCommand = GBYTE(pd, offset);
6949 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXCommand: %s",
6950 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
6954 offset += 1; /* Skip AndXCommand */
6956 /* Build display for: AndXReserved */
6958 AndXReserved = GBYTE(pd, offset);
6962 proto_tree_add_text(tree, NullTVB, offset, 1, "AndXReserved: %u", AndXReserved);
6966 offset += 1; /* Skip AndXReserved */
6968 /* Build display for: AndXoffset */
6970 AndXoffset = GSHORT(pd, offset);
6974 proto_tree_add_text(tree, NullTVB, offset, 2, "AndXoffset: %u", AndXoffset);
6978 offset += 2; /* Skip AndXoffset */
6982 /* Build display for: Byte Count */
6984 ByteCount = GSHORT(pd, offset);
6988 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count: %u", ByteCount);
6992 offset += 2; /* Skip Byte Count */
6995 if (AndXCommand != 0xFF) {
6997 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
7006 dissect_unlock_bytes_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7015 if (dirn == 1) { /* Request(s) dissect code */
7017 /* Build display for: Word Count (WCT) */
7019 WordCount = GBYTE(pd, offset);
7023 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7027 offset += 1; /* Skip Word Count (WCT) */
7029 /* Build display for: FID */
7031 FID = GSHORT(pd, offset);
7035 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
7039 offset += 2; /* Skip FID */
7041 /* Build display for: Count */
7043 Count = GWORD(pd, offset);
7047 proto_tree_add_text(tree, NullTVB, offset, 4, "Count: %u", Count);
7051 offset += 4; /* Skip Count */
7053 /* Build display for: Offset */
7055 Offset = GWORD(pd, offset);
7059 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
7063 offset += 4; /* Skip Offset */
7065 /* Build display for: Byte Count (BCC) */
7067 ByteCount = GSHORT(pd, offset);
7071 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7075 offset += 2; /* Skip Byte Count (BCC) */
7079 if (dirn == 0) { /* Response(s) dissect code */
7081 /* Build display for: Word Count (WCT) */
7083 WordCount = GBYTE(pd, offset);
7087 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7091 offset += 1; /* Skip Word Count (WCT) */
7093 /* Build display for: Byte Count (BCC) */
7095 ByteCount = GSHORT(pd, offset);
7099 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7103 offset += 2; /* Skip Byte Count (BCC) */
7110 dissect_create_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7113 proto_tree *Attributes_tree;
7116 guint8 BufferFormat;
7118 guint16 CreationTime;
7121 const char *FileName;
7123 if (dirn == 1) { /* Request(s) dissect code */
7125 /* Build display for: Word Count (WCT) */
7127 WordCount = GBYTE(pd, offset);
7131 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7135 offset += 1; /* Skip Word Count (WCT) */
7137 /* Build display for: Attributes */
7139 Attributes = GSHORT(pd, offset);
7143 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Attributes: 0x%02x", Attributes);
7144 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
7145 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7146 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
7147 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7148 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
7149 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7150 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
7151 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7152 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
7153 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7154 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
7155 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
7156 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
7160 offset += 2; /* Skip Attributes */
7162 /* Build display for: Creation Time */
7164 CreationTime = GSHORT(pd, offset);
7168 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Time: %s", dissect_dos_time(CreationTime));
7172 offset += 2; /* Skip Creation Time */
7174 /* Build display for: Byte Count (BCC) */
7176 ByteCount = GSHORT(pd, offset);
7180 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7184 offset += 2; /* Skip Byte Count (BCC) */
7186 /* Build display for: Buffer Format */
7188 BufferFormat = GBYTE(pd, offset);
7192 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
7196 offset += 1; /* Skip Buffer Format */
7198 /* Build display for: File Name */
7200 FileName = pd + offset;
7204 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
7208 offset += strlen(FileName) + 1; /* Skip File Name */
7212 if (dirn == 0) { /* Response(s) dissect code */
7214 /* Build display for: Word Count (WCT) */
7216 WordCount = GBYTE(pd, offset);
7220 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7224 offset += 1; /* Skip Word Count (WCT) */
7226 if (WordCount > 0) {
7228 /* Build display for: FID */
7230 FID = GSHORT(pd, offset);
7234 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
7238 offset += 2; /* Skip FID */
7242 /* Build display for: Byte Count (BCC) */
7244 ByteCount = GSHORT(pd, offset);
7248 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7252 offset += 2; /* Skip Byte Count (BCC) */
7259 dissect_search_dir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7263 guint8 BufferFormat2;
7264 guint8 BufferFormat1;
7265 guint8 BufferFormat;
7266 guint16 SearchAttributes;
7267 guint16 ResumeKeyLength;
7272 const char *FileName;
7274 if (dirn == 1) { /* Request(s) dissect code */
7276 /* Build display for: Word Count (WCT) */
7278 WordCount = GBYTE(pd, offset);
7282 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7286 offset += 1; /* Skip Word Count (WCT) */
7288 /* Build display for: Max Count */
7290 MaxCount = GSHORT(pd, offset);
7294 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Count: %u", MaxCount);
7298 offset += 2; /* Skip Max Count */
7300 /* Build display for: Search Attributes */
7302 SearchAttributes = GSHORT(pd, offset);
7306 proto_tree_add_text(tree, NullTVB, offset, 2, "Search Attributes: %u", SearchAttributes);
7310 offset += 2; /* Skip Search Attributes */
7312 /* Build display for: Byte Count (BCC) */
7314 ByteCount = GSHORT(pd, offset);
7318 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7322 offset += 2; /* Skip Byte Count (BCC) */
7324 /* Build display for: Buffer Format 1 */
7326 BufferFormat1 = GBYTE(pd, offset);
7330 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format 1: %u", BufferFormat1);
7334 offset += 1; /* Skip Buffer Format 1 */
7336 /* Build display for: File Name */
7338 FileName = pd + offset;
7342 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
7346 offset += strlen(FileName) + 1; /* Skip File Name */
7348 /* Build display for: Buffer Format 2 */
7350 BufferFormat2 = GBYTE(pd, offset);
7354 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format 2: %u", BufferFormat2);
7358 offset += 1; /* Skip Buffer Format 2 */
7360 /* Build display for: Resume Key Length */
7362 ResumeKeyLength = GSHORT(pd, offset);
7366 proto_tree_add_text(tree, NullTVB, offset, 2, "Resume Key Length: %u", ResumeKeyLength);
7370 offset += 2; /* Skip Resume Key Length */
7374 if (dirn == 0) { /* Response(s) dissect code */
7376 /* Build display for: Word Count (WCT) */
7378 WordCount = GBYTE(pd, offset);
7382 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7386 offset += 1; /* Skip Word Count (WCT) */
7388 if (WordCount > 0) {
7390 /* Build display for: Count */
7392 Count = GSHORT(pd, offset);
7396 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
7400 offset += 2; /* Skip Count */
7404 /* Build display for: Byte Count (BCC) */
7406 ByteCount = GSHORT(pd, offset);
7410 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7414 offset += 2; /* Skip Byte Count (BCC) */
7416 /* Build display for: Buffer Format */
7418 BufferFormat = GBYTE(pd, offset);
7422 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
7426 offset += 1; /* Skip Buffer Format */
7428 /* Build display for: Data Length */
7430 DataLength = GSHORT(pd, offset);
7434 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
7438 offset += 2; /* Skip Data Length */
7445 dissect_create_temporary_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7449 guint8 BufferFormat;
7452 guint16 CreationTime;
7453 guint16 CreationDate;
7455 const char *FileName;
7456 const char *DirectoryName;
7458 if (dirn == 1) { /* Request(s) dissect code */
7460 /* Build display for: Word Count (WCT) */
7462 WordCount = GBYTE(pd, offset);
7466 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7470 offset += 1; /* Skip Word Count (WCT) */
7472 /* Build display for: Reserved */
7474 Reserved = GSHORT(pd, offset);
7478 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved: %u", Reserved);
7482 offset += 2; /* Skip Reserved */
7484 /* Build display for: Creation Time */
7486 CreationTime = GSHORT(pd, offset);
7490 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Time: %s", dissect_dos_time(CreationTime));
7494 offset += 2; /* Skip Creation Time */
7496 /* Build display for: Creation Date */
7498 CreationDate = GSHORT(pd, offset);
7502 proto_tree_add_text(tree, NullTVB, offset, 2, "Creation Date: %s", dissect_dos_date(CreationDate));
7506 offset += 2; /* Skip Creation Date */
7508 /* Build display for: Byte Count (BCC) */
7510 ByteCount = GSHORT(pd, offset);
7514 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7518 offset += 2; /* Skip Byte Count (BCC) */
7520 /* Build display for: Buffer Format */
7522 BufferFormat = GBYTE(pd, offset);
7526 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
7530 offset += 1; /* Skip Buffer Format */
7532 /* Build display for: Directory Name */
7534 DirectoryName = pd + offset;
7538 proto_tree_add_text(tree, NullTVB, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
7542 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
7546 if (dirn == 0) { /* Response(s) dissect code */
7548 /* Build display for: Word Count (WCT) */
7550 WordCount = GBYTE(pd, offset);
7554 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7558 offset += 1; /* Skip Word Count (WCT) */
7560 if (WordCount > 0) {
7562 /* Build display for: FID */
7564 FID = GSHORT(pd, offset);
7568 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
7572 offset += 2; /* Skip FID */
7576 /* Build display for: Byte Count (BCC) */
7578 ByteCount = GSHORT(pd, offset);
7582 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7586 offset += 2; /* Skip Byte Count (BCC) */
7588 /* Build display for: Buffer Format */
7590 BufferFormat = GBYTE(pd, offset);
7594 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
7598 offset += 1; /* Skip Buffer Format */
7600 /* Build display for: File Name */
7602 FileName = pd + offset;
7606 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
7610 offset += strlen(FileName) + 1; /* Skip File Name */
7617 dissect_close_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7621 guint16 LastWriteTime;
7622 guint16 LastWriteDate;
7626 if (dirn == 1) { /* Request(s) dissect code */
7628 /* Build display for: Word Count (WCT) */
7630 WordCount = GBYTE(pd, offset);
7634 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7638 offset += 1; /* Skip Word Count (WCT) */
7640 /* Build display for: FID */
7642 FID = GSHORT(pd, offset);
7646 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
7650 offset += 2; /* Skip FID */
7652 /* Build display for: Last Write Time */
7654 LastWriteTime = GSHORT(pd, offset);
7658 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Time: %s", dissect_dos_time(LastWriteTime));
7662 offset += 2; /* Skip Last Write Time */
7664 /* Build display for: Last Write Date */
7666 LastWriteDate = GSHORT(pd, offset);
7670 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_dos_date(LastWriteDate));
7674 offset += 2; /* Skip Last Write Date */
7676 /* Build display for: Byte Count (BCC) */
7678 ByteCount = GSHORT(pd, offset);
7682 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7686 offset += 2; /* Skip Byte Count (BCC) */
7690 if (dirn == 0) { /* Response(s) dissect code */
7692 /* Build display for: Word Count (WCT) */
7694 WordCount = GBYTE(pd, offset);
7698 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7702 offset += 1; /* Skip Word Count (WCT) */
7704 /* Build display for: Byte Count (BCC) */
7706 ByteCount = GSHORT(pd, offset);
7710 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7714 offset += 2; /* Skip Byte Count (BCC) */
7721 dissect_write_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7725 guint8 BufferFormat;
7730 if (dirn == 1) { /* Request(s) dissect code */
7732 /* Build display for: Word Count (WCT) */
7734 WordCount = GBYTE(pd, offset);
7738 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7742 offset += 1; /* Skip Word Count (WCT) */
7744 /* Build display for: FID */
7746 FID = GSHORT(pd, offset);
7750 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
7754 offset += 2; /* Skip FID */
7756 /* Build display for: Byte Count (BCC) */
7758 ByteCount = GSHORT(pd, offset);
7762 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7766 offset += 2; /* Skip Byte Count (BCC) */
7768 /* Build display for: Buffer Format */
7770 BufferFormat = GBYTE(pd, offset);
7774 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
7778 offset += 1; /* Skip Buffer Format */
7780 /* Build display for: Data Length */
7782 DataLength = GSHORT(pd, offset);
7786 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
7790 offset += 2; /* Skip Data Length */
7794 if (dirn == 0) { /* Response(s) dissect code */
7796 /* Build display for: Word Count (WCT) */
7798 WordCount = GBYTE(pd, offset);
7802 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7806 offset += 1; /* Skip Word Count (WCT) */
7808 /* Build display for: Byte Count (BCC) */
7810 ByteCount = GSHORT(pd, offset);
7814 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7818 offset += 2; /* Skip Byte Count (BCC) */
7825 dissect_lock_and_read_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7829 guint8 BufferFormat;
7841 if (dirn == 1) { /* Request(s) dissect code */
7843 /* Build display for: Word Count (WCT) */
7845 WordCount = GBYTE(pd, offset);
7849 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7853 offset += 1; /* Skip Word Count (WCT) */
7855 /* Build display for: FID */
7857 FID = GSHORT(pd, offset);
7861 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
7865 offset += 2; /* Skip FID */
7867 /* Build display for: Count */
7869 Count = GSHORT(pd, offset);
7873 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
7877 offset += 2; /* Skip Count */
7879 /* Build display for: Offset */
7881 Offset = GWORD(pd, offset);
7885 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
7889 offset += 4; /* Skip Offset */
7891 /* Build display for: Remaining */
7893 Remaining = GSHORT(pd, offset);
7897 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
7901 offset += 2; /* Skip Remaining */
7903 /* Build display for: Byte Count (BCC) */
7905 ByteCount = GSHORT(pd, offset);
7909 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
7913 offset += 2; /* Skip Byte Count (BCC) */
7917 if (dirn == 0) { /* Response(s) dissect code */
7919 /* Build display for: Word Count (WCT) */
7921 WordCount = GBYTE(pd, offset);
7925 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
7929 offset += 1; /* Skip Word Count (WCT) */
7931 if (WordCount > 0) {
7933 /* Build display for: Count */
7935 Count = GSHORT(pd, offset);
7939 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
7943 offset += 2; /* Skip Count */
7945 /* Build display for: Reserved 1 */
7947 Reserved1 = GSHORT(pd, offset);
7951 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
7955 offset += 2; /* Skip Reserved 1 */
7957 /* Build display for: Reserved 2 */
7959 Reserved2 = GSHORT(pd, offset);
7963 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 2: %u", Reserved2);
7967 offset += 2; /* Skip Reserved 2 */
7969 /* Build display for: Reserved 3 */
7971 Reserved3 = GSHORT(pd, offset);
7975 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 3: %u", Reserved3);
7979 offset += 2; /* Skip Reserved 3 */
7981 /* Build display for: Reserved 4 */
7983 Reserved4 = GSHORT(pd, offset);
7987 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 4: %u", Reserved4);
7991 offset += 2; /* Skip Reserved 4 */
7993 /* Build display for: Byte Count (BCC) */
7995 ByteCount = GSHORT(pd, offset);
7999 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8005 offset += 2; /* Skip Byte Count (BCC) */
8007 /* Build display for: Buffer Format */
8009 BufferFormat = GBYTE(pd, offset);
8013 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
8017 offset += 1; /* Skip Buffer Format */
8019 /* Build display for: Data Length */
8021 DataLength = GSHORT(pd, offset);
8025 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
8029 offset += 2; /* Skip Data Length */
8036 dissect_process_exit_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8042 if (dirn == 1) { /* Request(s) dissect code */
8044 /* Build display for: Word Count (WCT) */
8046 WordCount = GBYTE(pd, offset);
8050 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8054 offset += 1; /* Skip Word Count (WCT) */
8056 /* Build display for: Byte Count (BCC) */
8058 ByteCount = GSHORT(pd, offset);
8062 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8066 offset += 2; /* Skip Byte Count (BCC) */
8070 if (dirn == 0) { /* Response(s) dissect code */
8072 /* Build display for: Word Count (WCT) */
8074 WordCount = GBYTE(pd, offset);
8078 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8082 offset += 1; /* Skip Word Count (WCT) */
8084 /* Build display for: Byte Count (BCC) */
8086 ByteCount = GSHORT(pd, offset);
8090 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8094 offset += 2; /* Skip Byte Count (BCC) */
8101 dissect_get_file_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8104 proto_tree *Attributes_tree;
8107 guint8 BufferFormat;
8114 guint16 LastWriteTime;
8115 guint16 LastWriteDate;
8118 const char *FileName;
8120 if (dirn == 1) { /* Request(s) dissect code */
8122 /* Build display for: Word Count (WCT) */
8124 WordCount = GBYTE(pd, offset);
8128 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8132 offset += 1; /* Skip Word Count (WCT) */
8134 /* Build display for: Byte Count (BCC) */
8136 ByteCount = GSHORT(pd, offset);
8140 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8144 offset += 2; /* Skip Byte Count (BCC) */
8146 /* Build display for: Buffer Format */
8148 BufferFormat = GBYTE(pd, offset);
8152 proto_tree_add_text(tree, NullTVB, offset, 1, "Buffer Format: %u", BufferFormat);
8156 offset += 1; /* Skip Buffer Format */
8158 /* Build display for: File Name */
8160 FileName = pd + offset;
8164 proto_tree_add_text(tree, NullTVB, offset, strlen(FileName) + 1, "File Name: %s", FileName);
8168 offset += strlen(FileName) + 1; /* Skip File Name */
8172 if (dirn == 0) { /* Response(s) dissect code */
8174 /* Build display for: Word Count (WCT) */
8176 WordCount = GBYTE(pd, offset);
8180 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8184 offset += 1; /* Skip Word Count (WCT) */
8186 if (WordCount > 0) {
8188 /* Build display for: Attributes */
8190 Attributes = GSHORT(pd, offset);
8194 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Attributes: 0x%02x", Attributes);
8195 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
8196 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
8197 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
8198 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
8199 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
8200 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
8201 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
8202 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
8203 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
8204 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
8205 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
8206 proto_tree_add_text(Attributes_tree, NullTVB, offset, 2, "%s",
8207 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
8211 offset += 2; /* Skip Attributes */
8213 /* Build display for: Last Write Time */
8215 LastWriteTime = GSHORT(pd, offset);
8221 offset += 2; /* Skip Last Write Time */
8223 /* Build display for: Last Write Date */
8225 LastWriteDate = GSHORT(pd, offset);
8229 proto_tree_add_text(tree, NullTVB, offset, 2, "Last Write Date: %s", dissect_smbu_date(LastWriteDate, LastWriteTime));
8231 proto_tree_add_text(tree, NullTVB, offset - 2, 2, "Last Write Time: %s", dissect_smbu_time(LastWriteDate, LastWriteTime));
8235 offset += 2; /* Skip Last Write Date */
8237 /* Build display for: File Size */
8239 FileSize = GWORD(pd, offset);
8243 proto_tree_add_text(tree, NullTVB, offset, 4, "File Size: %u", FileSize);
8247 offset += 4; /* Skip File Size */
8249 /* Build display for: Reserved 1 */
8251 Reserved1 = GSHORT(pd, offset);
8255 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
8259 offset += 2; /* Skip Reserved 1 */
8261 /* Build display for: Reserved 2 */
8263 Reserved2 = GSHORT(pd, offset);
8267 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 2: %u", Reserved2);
8271 offset += 2; /* Skip Reserved 2 */
8273 /* Build display for: Reserved 3 */
8275 Reserved3 = GSHORT(pd, offset);
8279 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 3: %u", Reserved3);
8283 offset += 2; /* Skip Reserved 3 */
8285 /* Build display for: Reserved 4 */
8287 Reserved4 = GSHORT(pd, offset);
8291 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 4: %u", Reserved4);
8295 offset += 2; /* Skip Reserved 4 */
8297 /* Build display for: Reserved 5 */
8299 Reserved5 = GSHORT(pd, offset);
8303 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 5: %u", Reserved5);
8307 offset += 2; /* Skip Reserved 5 */
8311 /* Build display for: Byte Count (BCC) */
8313 ByteCount = GSHORT(pd, offset);
8317 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8321 offset += 2; /* Skip Byte Count (BCC) */
8328 dissect_read_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8342 guint16 BufferFormat;
8344 if (dirn == 1) { /* Request(s) dissect code */
8346 /* Build display for: Word Count (WCT) */
8348 WordCount = GBYTE(pd, offset);
8352 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8356 offset += 1; /* Skip Word Count (WCT) */
8358 /* Build display for: FID */
8360 FID = GSHORT(pd, offset);
8364 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
8368 offset += 2; /* Skip FID */
8370 /* Build display for: Count */
8372 Count = GSHORT(pd, offset);
8376 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
8380 offset += 2; /* Skip Count */
8382 /* Build display for: Offset */
8384 Offset = GWORD(pd, offset);
8388 proto_tree_add_text(tree, NullTVB, offset, 4, "Offset: %u", Offset);
8392 offset += 4; /* Skip Offset */
8394 /* Build display for: Remaining */
8396 Remaining = GSHORT(pd, offset);
8400 proto_tree_add_text(tree, NullTVB, offset, 2, "Remaining: %u", Remaining);
8404 offset += 2; /* Skip Remaining */
8406 /* Build display for: Byte Count (BCC) */
8408 ByteCount = GSHORT(pd, offset);
8412 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8416 offset += 2; /* Skip Byte Count (BCC) */
8420 if (dirn == 0) { /* Response(s) dissect code */
8422 /* Build display for: Word Count (WCT) */
8424 WordCount = GBYTE(pd, offset);
8428 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8432 offset += 1; /* Skip Word Count (WCT) */
8434 if (WordCount > 0) {
8436 /* Build display for: Count */
8438 Count = GSHORT(pd, offset);
8442 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
8446 offset += 2; /* Skip Count */
8448 /* Build display for: Reserved 1 */
8450 Reserved1 = GSHORT(pd, offset);
8454 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
8458 offset += 2; /* Skip Reserved 1 */
8460 /* Build display for: Reserved 2 */
8462 Reserved2 = GSHORT(pd, offset);
8466 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 2: %u", Reserved2);
8470 offset += 2; /* Skip Reserved 2 */
8472 /* Build display for: Reserved 3 */
8474 Reserved3 = GSHORT(pd, offset);
8478 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 3: %u", Reserved3);
8482 offset += 2; /* Skip Reserved 3 */
8484 /* Build display for: Reserved 4 */
8486 Reserved4 = GSHORT(pd, offset);
8490 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 4: %u", Reserved4);
8494 offset += 2; /* Skip Reserved 4 */
8498 /* Build display for: Byte Count (BCC) */
8500 ByteCount = GSHORT(pd, offset);
8504 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8508 offset += 2; /* Skip Byte Count (BCC) */
8510 /* Build display for: Buffer Format */
8512 BufferFormat = GSHORT(pd, offset);
8516 proto_tree_add_text(tree, NullTVB, offset, 2, "Buffer Format: %u", BufferFormat);
8520 offset += 2; /* Skip Buffer Format */
8522 /* Build display for: Data Length */
8524 DataLength = GSHORT(pd, offset);
8528 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
8532 offset += 2; /* Skip Data Length */
8539 dissect_write_mpx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8542 proto_tree *WriteMode_tree;
8547 guint32 ResponseMask;
8548 guint32 RequestMask;
8557 if (dirn == 1) { /* Request(s) dissect code */
8559 /* Build display for: Word Count (WCT) */
8561 WordCount = GBYTE(pd, offset);
8565 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8569 offset += 1; /* Skip Word Count (WCT) */
8571 /* Build display for: FID */
8573 FID = GSHORT(pd, offset);
8577 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
8581 offset += 2; /* Skip FID */
8583 /* Build display for: Count */
8585 Count = GSHORT(pd, offset);
8589 proto_tree_add_text(tree, NullTVB, offset, 2, "Count: %u", Count);
8593 offset += 2; /* Skip Count */
8595 /* Build display for: Reserved 1 */
8597 Reserved1 = GSHORT(pd, offset);
8601 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved 1: %u", Reserved1);
8605 offset += 2; /* Skip Reserved 1 */
8607 /* Build display for: Timeout */
8609 Timeout = GWORD(pd, offset);
8613 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
8617 offset += 4; /* Skip Timeout */
8619 /* Build display for: WriteMode */
8621 WriteMode = GSHORT(pd, offset);
8625 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "WriteMode: 0x%02x", WriteMode);
8626 WriteMode_tree = proto_item_add_subtree(ti, ett_smb_writemode);
8627 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
8628 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
8629 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
8630 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining", "Dont return Remaining"));
8631 proto_tree_add_text(WriteMode_tree, NullTVB, offset, 2, "%s",
8632 decode_boolean_bitfield(WriteMode, 0x40, 16, "Connectionless mode requested", "Connectionless mode not requested"));
8636 offset += 2; /* Skip WriteMode */
8638 /* Build display for: Request Mask */
8640 RequestMask = GWORD(pd, offset);
8644 proto_tree_add_text(tree, NullTVB, offset, 4, "Request Mask: %u", RequestMask);
8648 offset += 4; /* Skip Request Mask */
8650 /* Build display for: Data Length */
8652 DataLength = GSHORT(pd, offset);
8656 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Length: %u", DataLength);
8660 offset += 2; /* Skip Data Length */
8662 /* Build display for: Data Offset */
8664 DataOffset = GSHORT(pd, offset);
8668 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
8672 offset += 2; /* Skip Data Offset */
8674 /* Build display for: Byte Count (BCC) */
8676 ByteCount = GSHORT(pd, offset);
8680 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8684 offset += 2; /* Skip Byte Count (BCC) */
8686 /* Build display for: Pad */
8688 Pad = GBYTE(pd, offset);
8692 proto_tree_add_text(tree, NullTVB, offset, 1, "Pad: %u", Pad);
8696 offset += 1; /* Skip Pad */
8700 if (dirn == 0) { /* Response(s) dissect code */
8702 /* Build display for: Word Count (WCT) */
8704 WordCount = GBYTE(pd, offset);
8708 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8712 offset += 1; /* Skip Word Count (WCT) */
8714 if (WordCount > 0) {
8716 /* Build display for: Response Mask */
8718 ResponseMask = GWORD(pd, offset);
8722 proto_tree_add_text(tree, NullTVB, offset, 4, "Response Mask: %u", ResponseMask);
8726 offset += 4; /* Skip Response Mask */
8728 /* Build display for: Byte Count (BCC) */
8730 ByteCount = GSHORT(pd, offset);
8734 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8740 offset += 2; /* Skip Byte Count (BCC) */
8747 dissect_find_close2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8754 if (dirn == 1) { /* Request(s) dissect code */
8756 /* Build display for: Word Count (WTC) */
8758 WordCount = GBYTE(pd, offset);
8762 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WTC): %u", WordCount);
8766 offset += 1; /* Skip Word Count (WTC) */
8768 /* Build display for: FID */
8770 FID = GSHORT(pd, offset);
8774 proto_tree_add_text(tree, NullTVB, offset, 2, "FID: %u", FID);
8778 offset += 2; /* Skip FID */
8780 /* Build display for: Byte Count (BCC) */
8782 ByteCount = GSHORT(pd, offset);
8786 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
8790 offset += 2; /* Skip Byte Count (BCC) */
8794 if (dirn == 0) { /* Response(s) dissect code */
8796 /* Build display for: Word Count (WCT) */
8798 WordCount = GBYTE(pd, offset);
8802 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8806 offset += 1; /* Skip Word Count (WCT) */
8808 /* Build display for: Byte Count (BCC) */
8810 ByteCount = GBYTE(pd, offset);
8814 proto_tree_add_text(tree, NullTVB, offset, 1, "Byte Count (BCC): %u", ByteCount);
8818 offset += 1; /* Skip Byte Count (BCC) */
8824 char *trans2_cmd_names[] = {
8826 "TRANS2_FIND_FIRST2",
8827 "TRANS2_FIND_NEXT2",
8828 "TRANS2_QUERY_FS_INFORMATION",
8830 "TRANS2_QUERY_PATH_INFORMATION",
8831 "TRANS2_SET_PATH_INFORMATION",
8832 "TRANS2_QUERY_FILE_INFORMATION",
8833 "TRANS2_SET_FILE_INFORMATION",
8836 "TRANS2_FIND_NOTIFY_FIRST",
8837 "TRANS2_FIND_NOTIFY_NEXT",
8838 "TRANS2_CREATE_DIRECTORY",
8839 "TRANS2_SESSION_SETUP",
8840 "TRANS2_GET_DFS_REFERRAL",
8842 "TRANS2_REPORT_DFS_INCONSISTENCY"};
8844 char *decode_trans2_name(int code)
8847 if (code > 17 || code < 0) {
8849 return("no such command");
8853 return trans2_cmd_names[code];
8859 dissect_transact2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8862 proto_tree *Flags_tree;
8868 guint8 MaxSetupCount;
8871 guint16 TotalParameterCount;
8872 guint16 TotalDataCount;
8875 guint16 ParameterOffset;
8876 guint16 ParameterDisplacement;
8877 guint16 ParameterCount;
8878 guint16 MaxParameterCount;
8879 guint16 MaxDataCount;
8882 guint16 DataDisplacement;
8885 conversation_t *conversation;
8886 struct smb_request_key request_key, *new_request_key;
8887 struct smb_request_val *request_val;
8890 * Find out what conversation this packet is part of.
8891 * XXX - this should really be done by the transport-layer protocol,
8892 * although for connectionless transports, we may not want to do that
8893 * unless we know some higher-level protocol will want it - or we
8894 * may want to do it, so you can say e.g. "show only the packets in
8895 * this UDP 'connection'".
8897 * Note that we don't have to worry about the direction this packet
8898 * was going - the conversation code handles that for us, treating
8899 * packets from A:X to B:Y as being part of the same conversation as
8900 * packets from B:Y to A:X.
8902 conversation = find_conversation(&pi.src, &pi.dst, pi.ptype,
8903 pi.srcport, pi.destport, 0);
8904 if (conversation == NULL) {
8905 /* It's not part of any conversation - create a new one. */
8906 conversation = conversation_new(&pi.src, &pi.dst, pi.ptype,
8907 pi.srcport, pi.destport, NULL, 0);
8910 si.conversation = conversation; /* Save this for later */
8913 * Check for and insert entry in request hash table if does not exist
8915 request_key.conversation = conversation->index;
8916 request_key.mid = si.mid;
8918 request_val = (struct smb_request_val *) g_hash_table_lookup(smb_request_hash, &request_key);
8920 if (!request_val) { /* Create one */
8922 new_request_key = g_mem_chunk_alloc(smb_request_keys);
8923 new_request_key -> conversation = conversation->index;
8924 new_request_key -> mid = si.mid;
8926 request_val = g_mem_chunk_alloc(smb_request_vals);
8927 request_val -> mid = si.mid;
8928 request_val -> last_transact2_command = 0xFFFF;
8930 g_hash_table_insert(smb_request_hash, new_request_key, request_val);
8933 else { /* Update the transact request */
8935 request_val -> mid = si.mid;
8939 si.request_val = request_val; /* Save this for later */
8942 if (dirn == 1) { /* Request(s) dissect code */
8944 /* Build display for: Word Count (WCT) */
8946 WordCount = GBYTE(pd, offset);
8950 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
8954 offset += 1; /* Skip Word Count (WCT) */
8956 /* Build display for: Total Parameter Count */
8958 TotalParameterCount = GSHORT(pd, offset);
8962 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
8966 offset += 2; /* Skip Total Parameter Count */
8968 /* Build display for: Total Data Count */
8970 TotalDataCount = GSHORT(pd, offset);
8974 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Data Count: %u", TotalDataCount);
8978 offset += 2; /* Skip Total Data Count */
8980 /* Build display for: Max Parameter Count */
8982 MaxParameterCount = GSHORT(pd, offset);
8986 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Parameter Count: %u", MaxParameterCount);
8990 offset += 2; /* Skip Max Parameter Count */
8992 /* Build display for: Max Data Count */
8994 MaxDataCount = GSHORT(pd, offset);
8998 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Data Count: %u", MaxDataCount);
9002 offset += 2; /* Skip Max Data Count */
9004 /* Build display for: Max Setup Count */
9006 MaxSetupCount = GBYTE(pd, offset);
9010 proto_tree_add_text(tree, NullTVB, offset, 1, "Max Setup Count: %u", MaxSetupCount);
9014 offset += 1; /* Skip Max Setup Count */
9016 /* Build display for: Reserved1 */
9018 Reserved1 = GBYTE(pd, offset);
9022 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved1: %u", Reserved1);
9026 offset += 1; /* Skip Reserved1 */
9028 /* Build display for: Flags */
9030 Flags = GSHORT(pd, offset);
9034 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Flags: 0x%02x", Flags);
9035 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
9036 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
9037 decode_boolean_bitfield(Flags, 0x01, 16, "Also disconnect TID", "Dont disconnect TID"));
9038 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
9039 decode_boolean_bitfield(Flags, 0x02, 16, "One way transaction", "Two way transaction"));
9043 offset += 2; /* Skip Flags */
9045 /* Build display for: Timeout */
9047 Timeout = GWORD(pd, offset);
9051 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
9055 offset += 4; /* Skip Timeout */
9057 /* Build display for: Reserved2 */
9059 Reserved2 = GSHORT(pd, offset);
9063 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved2: %u", Reserved2);
9067 offset += 2; /* Skip Reserved2 */
9069 /* Build display for: Parameter Count */
9071 ParameterCount = GSHORT(pd, offset);
9075 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Count: %u", ParameterCount);
9079 offset += 2; /* Skip Parameter Count */
9081 /* Build display for: Parameter Offset */
9083 ParameterOffset = GSHORT(pd, offset);
9087 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Offset: %u", ParameterOffset);
9091 offset += 2; /* Skip Parameter Offset */
9093 /* Build display for: Data Count */
9095 DataCount = GSHORT(pd, offset);
9099 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Count: %u", DataCount);
9103 offset += 2; /* Skip Data Count */
9105 /* Build display for: Data Offset */
9107 DataOffset = GSHORT(pd, offset);
9111 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
9115 offset += 2; /* Skip Data Offset */
9117 /* Build display for: Setup Count */
9119 SetupCount = GBYTE(pd, offset);
9123 proto_tree_add_text(tree, NullTVB, offset, 1, "Setup Count: %u", SetupCount);
9127 offset += 1; /* Skip Setup Count */
9129 /* Build display for: Reserved3 */
9131 Reserved3 = GBYTE(pd, offset);
9135 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved3: %u", Reserved3);
9139 offset += 1; /* Skip Reserved3 */
9141 /* Build display for: Setup */
9143 if (SetupCount > 0) {
9147 Setup = GSHORT(pd, offset);
9149 request_val -> last_transact2_command = Setup; /* Save for later */
9151 if (check_col(fd, COL_INFO)) {
9153 col_add_fstr(fd, COL_INFO, "%s %s", decode_trans2_name(Setup), (dirn ? "Request" : "Response"));
9157 for (i = 1; i <= SetupCount; i++) {
9160 Setup1 = GSHORT(pd, offset);
9164 proto_tree_add_text(tree, NullTVB, offset, 2, "Setup%i: %u", i, Setup1);
9168 offset += 2; /* Skip Setup */
9174 /* Build display for: Byte Count (BCC) */
9176 ByteCount = GSHORT(pd, offset);
9180 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
9184 offset += 2; /* Skip Byte Count (BCC) */
9186 /* Build display for: Transact Name */
9190 proto_tree_add_text(tree, NullTVB, offset, 2, "Transact Name: %s", decode_trans2_name(Setup));
9194 if (offset < (SMB_offset + ParameterOffset)) {
9196 int pad1Count = SMB_offset + ParameterOffset - offset;
9198 /* Build display for: Pad1 */
9202 proto_tree_add_text(tree, NullTVB, offset, pad1Count, "Pad1: %s", format_text(pd + offset, pad1Count));
9205 offset += pad1Count; /* Skip Pad1 */
9209 if (ParameterCount > 0) {
9211 /* Build display for: Parameters */
9215 proto_tree_add_text(tree, NullTVB, SMB_offset + ParameterOffset, ParameterCount, "Parameters: %s", format_text(pd + SMB_offset + ParameterOffset, ParameterCount));
9219 offset += ParameterCount; /* Skip Parameters */
9223 if (DataCount > 0 && offset < (SMB_offset + DataOffset)) {
9225 int pad2Count = SMB_offset + DataOffset - offset;
9227 /* Build display for: Pad2 */
9231 proto_tree_add_text(tree, NullTVB, offset, pad2Count, "Pad2: %s", format_text(pd + offset, pad2Count));
9235 offset += pad2Count; /* Skip Pad2 */
9239 if (DataCount > 0) {
9241 /* Build display for: Data */
9243 Data = GBYTE(pd, offset);
9247 proto_tree_add_text(tree, NullTVB, SMB_offset + DataOffset, DataCount, "Data: %s", format_text(&pd[offset], DataCount));
9251 offset += DataCount; /* Skip Data */
9256 if (dirn == 0) { /* Response(s) dissect code */
9258 /* Pick up the last transact2 command and put it in the right places */
9260 if (check_col(fd, COL_INFO)) {
9262 col_add_fstr(fd, COL_INFO, "%s %s", decode_trans2_name(request_val -> last_transact2_command), "response");
9266 /* Build display for: Word Count (WCT) */
9268 WordCount = GBYTE(pd, offset);
9272 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
9276 offset += 1; /* Skip Word Count (WCT) */
9278 /* Build display for: Total Parameter Count */
9280 TotalParameterCount = GSHORT(pd, offset);
9284 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
9288 offset += 2; /* Skip Total Parameter Count */
9290 /* Build display for: Total Data Count */
9292 TotalDataCount = GSHORT(pd, offset);
9296 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Data Count: %u", TotalDataCount);
9300 offset += 2; /* Skip Total Data Count */
9302 /* Build display for: Reserved2 */
9304 Reserved2 = GSHORT(pd, offset);
9308 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved2: %u", Reserved2);
9312 offset += 2; /* Skip Reserved2 */
9314 /* Build display for: Parameter Count */
9316 ParameterCount = GSHORT(pd, offset);
9320 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Count: %u", ParameterCount);
9324 offset += 2; /* Skip Parameter Count */
9326 /* Build display for: Parameter Offset */
9328 ParameterOffset = GSHORT(pd, offset);
9332 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Offset: %u", ParameterOffset);
9336 offset += 2; /* Skip Parameter Offset */
9338 /* Build display for: Parameter Displacement */
9340 ParameterDisplacement = GSHORT(pd, offset);
9344 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Displacement: %u", ParameterDisplacement);
9348 offset += 2; /* Skip Parameter Displacement */
9350 /* Build display for: Data Count */
9352 DataCount = GSHORT(pd, offset);
9356 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Count: %u", DataCount);
9360 offset += 2; /* Skip Data Count */
9362 /* Build display for: Data Offset */
9364 DataOffset = GSHORT(pd, offset);
9368 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
9372 offset += 2; /* Skip Data Offset */
9374 /* Build display for: Data Displacement */
9376 DataDisplacement = GSHORT(pd, offset);
9380 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Displacement: %u", DataDisplacement);
9384 offset += 2; /* Skip Data Displacement */
9386 /* Build display for: Setup Count */
9388 SetupCount = GBYTE(pd, offset);
9392 proto_tree_add_text(tree, NullTVB, offset, 1, "Setup Count: %u", SetupCount);
9396 offset += 1; /* Skip Setup Count */
9398 /* Build display for: Reserved3 */
9400 Reserved3 = GBYTE(pd, offset);
9404 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved3: %u", Reserved3);
9408 offset += 1; /* Skip Reserved3 */
9410 if (SetupCount > 0) {
9414 Setup = GSHORT(pd, offset);
9416 for (i = 1; i <= SetupCount; i++) {
9418 Setup = GSHORT(pd, offset);
9422 proto_tree_add_text(tree, NullTVB, offset, 2, "Setup%i: %u", i, Setup);
9426 offset += 2; /* Skip Setup */
9431 /* Build display for: Byte Count (BCC) */
9433 ByteCount = GSHORT(pd, offset);
9437 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
9441 offset += 2; /* Skip Byte Count (BCC) */
9443 if (offset < (SMB_offset + ParameterOffset)) {
9445 int pad1Count = SMB_offset + ParameterOffset - offset;
9447 /* Build display for: Pad1 */
9451 proto_tree_add_text(tree, NullTVB, offset, pad1Count, "Pad1: %s", format_text(pd + offset, pad1Count));
9454 offset += pad1Count; /* Skip Pad1 */
9458 /* Build display for: Parameter */
9460 if (ParameterCount > 0) {
9464 proto_tree_add_text(tree, NullTVB, offset, ParameterCount, "Parameter: %s", format_text(pd + SMB_offset + ParameterOffset, ParameterCount));
9468 offset += ParameterCount; /* Skip Parameter */
9472 if (DataCount > 0 && offset < (SMB_offset + DataOffset)) {
9474 int pad2Count = SMB_offset + DataOffset - offset;
9476 /* Build display for: Pad2 */
9480 proto_tree_add_text(tree, NullTVB, offset, pad2Count, "Pad2: %s", format_text(pd + offset, pad2Count));
9484 offset += pad2Count; /* Skip Pad2 */
9488 /* Build display for: Data */
9490 if (DataCount > 0) {
9494 proto_tree_add_text(tree, NullTVB, offset, DataCount, "Data: %s", format_text(pd + SMB_offset + DataOffset, DataCount));
9498 offset += DataCount; /* Skip Data */
9508 dissect_transact_params(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn, int DataOffset, int DataCount, int ParameterOffset, int ParameterCount, int SetupAreaOffset, int SetupCount, const char *TransactName)
9510 char *TransactNameCopy;
9511 char *trans_type = NULL, *trans_cmd, *loc_of_slash = NULL;
9518 TransactNameCopy = g_malloc(TransactName ? strlen(TransactName) + 1 : 1);
9520 /* Should check for error here ... */
9522 strcpy(TransactNameCopy, TransactName ? TransactName : "");
9523 if (TransactNameCopy[0] == '\\') {
9524 trans_type = TransactNameCopy + 1; /* Skip the slash */
9525 loc_of_slash = trans_type ? strchr(trans_type, '\\') : NULL;
9529 index = loc_of_slash - trans_type; /* Make it a real index */
9530 trans_cmd = trans_type + index + 1;
9531 trans_type[index] = '\0';
9536 if ((trans_cmd == NULL) ||
9537 (((trans_type == NULL || strcmp(trans_type, "MAILSLOT") != 0) ||
9538 !dissect_mailslot_smb(pd, SetupAreaOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, trans_cmd, SMB_offset + DataOffset, DataCount, SMB_offset + ParameterOffset, ParameterCount)) &&
9539 ((trans_type == NULL || strcmp(trans_type, "PIPE") != 0) ||
9540 !dissect_pipe_smb(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, trans_cmd, DataOffset, DataCount, ParameterOffset, ParameterCount)))) {
9542 if (ParameterCount > 0) {
9544 /* Build display for: Parameters */
9548 proto_tree_add_text(tree, NullTVB, SMB_offset + ParameterOffset, ParameterCount, "Parameters: %s", format_text(pd + SMB_offset + ParameterOffset, ParameterCount));
9552 offset = SMB_offset + ParameterOffset + ParameterCount; /* Skip Parameters */
9556 if (DataCount > 0 && offset < (SMB_offset + DataOffset)) {
9558 int pad2Count = SMB_offset + DataOffset - offset;
9560 /* Build display for: Pad2 */
9564 proto_tree_add_text(tree, NullTVB, offset, pad2Count, "Pad2: %s", format_text(pd + offset, pad2Count));
9568 offset += pad2Count; /* Skip Pad2 */
9572 if (DataCount > 0) {
9574 /* Build display for: Data */
9576 Data = pd + SMB_offset + DataOffset;
9580 proto_tree_add_text(tree, NullTVB, SMB_offset + DataOffset, DataCount, "Data: %s", format_text(pd + SMB_offset + DataOffset, DataCount));
9584 offset += DataCount; /* Skip Data */
9592 dissect_transact_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
9595 proto_tree *Flags_tree;
9601 guint8 MaxSetupCount;
9603 guint16 TotalParameterCount;
9604 guint16 TotalDataCount;
9607 guint16 ParameterOffset;
9608 guint16 ParameterDisplacement;
9609 guint16 ParameterCount;
9610 guint16 MaxParameterCount;
9611 guint16 MaxDataCount;
9614 guint16 DataDisplacement;
9618 const char *TransactName;
9619 conversation_t *conversation;
9620 struct smb_request_key request_key, *new_request_key;
9621 struct smb_request_val *request_val;
9623 guint16 SetupAreaOffset;
9627 * Find out what conversation this packet is part of
9630 conversation = find_conversation(&pi.src, &pi.dst, pi.ptype,
9631 pi.srcport, pi.destport, 0);
9633 if (conversation == NULL) { /* Create a new conversation */
9635 conversation = conversation_new(&pi.src, &pi.dst, pi.ptype,
9636 pi.srcport, pi.destport, NULL, 0);
9640 si.conversation = conversation; /* Save this */
9643 * Check for and insert entry in request hash table if does not exist
9645 request_key.conversation = conversation->index;
9646 request_key.mid = si.mid;
9648 request_val = (struct smb_request_val *) g_hash_table_lookup(smb_request_hash, &request_key);
9650 if (!request_val) { /* Create one */
9652 new_request_key = g_mem_chunk_alloc(smb_request_keys);
9653 new_request_key -> conversation = conversation -> index;
9654 new_request_key -> mid = si.mid;
9656 request_val = g_mem_chunk_alloc(smb_request_vals);
9657 request_val -> mid = si.mid;
9658 request_val -> last_transact_command = NULL;
9659 request_val -> last_param_descrip = NULL;
9660 request_val -> last_data_descrip = NULL;
9662 g_hash_table_insert(smb_request_hash, new_request_key, request_val);
9666 si.request_val = request_val; /* Save this for later */
9668 if (dirn == 1) { /* Request(s) dissect code */
9670 /* Build display for: Word Count (WCT) */
9672 WordCount = GBYTE(pd, offset);
9676 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
9680 offset += 1; /* Skip Word Count (WCT) */
9682 /* Build display for: Total Parameter Count */
9684 TotalParameterCount = GSHORT(pd, offset);
9688 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
9692 offset += 2; /* Skip Total Parameter Count */
9694 /* Build display for: Total Data Count */
9696 TotalDataCount = GSHORT(pd, offset);
9700 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Data Count: %u", TotalDataCount);
9704 offset += 2; /* Skip Total Data Count */
9706 /* Build display for: Max Parameter Count */
9708 MaxParameterCount = GSHORT(pd, offset);
9712 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Parameter Count: %u", MaxParameterCount);
9716 offset += 2; /* Skip Max Parameter Count */
9718 /* Build display for: Max Data Count */
9720 MaxDataCount = GSHORT(pd, offset);
9724 proto_tree_add_text(tree, NullTVB, offset, 2, "Max Data Count: %u", MaxDataCount);
9728 offset += 2; /* Skip Max Data Count */
9730 /* Build display for: Max Setup Count */
9732 MaxSetupCount = GBYTE(pd, offset);
9736 proto_tree_add_text(tree, NullTVB, offset, 1, "Max Setup Count: %u", MaxSetupCount);
9740 offset += 1; /* Skip Max Setup Count */
9742 /* Build display for: Reserved1 */
9744 Reserved1 = GBYTE(pd, offset);
9748 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved1: %u", Reserved1);
9752 offset += 1; /* Skip Reserved1 */
9754 /* Build display for: Flags */
9756 Flags = GSHORT(pd, offset);
9760 ti = proto_tree_add_text(tree, NullTVB, offset, 2, "Flags: 0x%02x", Flags);
9761 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
9762 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
9763 decode_boolean_bitfield(Flags, 0x01, 16, "Also disconnect TID", "Dont disconnect TID"));
9764 proto_tree_add_text(Flags_tree, NullTVB, offset, 2, "%s",
9765 decode_boolean_bitfield(Flags, 0x02, 16, "One way transaction", "Two way transaction"));
9769 offset += 2; /* Skip Flags */
9771 /* Build display for: Timeout */
9773 Timeout = GWORD(pd, offset);
9777 proto_tree_add_text(tree, NullTVB, offset, 4, "Timeout: %u", Timeout);
9781 offset += 4; /* Skip Timeout */
9783 /* Build display for: Reserved2 */
9785 Reserved2 = GSHORT(pd, offset);
9789 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved2: %u", Reserved2);
9793 offset += 2; /* Skip Reserved2 */
9795 /* Build display for: Parameter Count */
9797 ParameterCount = GSHORT(pd, offset);
9801 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Count: %u", ParameterCount);
9805 offset += 2; /* Skip Parameter Count */
9807 /* Build display for: Parameter Offset */
9809 ParameterOffset = GSHORT(pd, offset);
9813 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Offset: %u", ParameterOffset);
9817 offset += 2; /* Skip Parameter Offset */
9819 /* Build display for: Data Count */
9821 DataCount = GSHORT(pd, offset);
9825 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Count: %u", DataCount);
9829 offset += 2; /* Skip Data Count */
9831 /* Build display for: Data Offset */
9833 DataOffset = GSHORT(pd, offset);
9837 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
9841 offset += 2; /* Skip Data Offset */
9843 /* Build display for: Setup Count */
9845 SetupCount = GBYTE(pd, offset);
9849 proto_tree_add_text(tree, NullTVB, offset, 1, "Setup Count: %u", SetupCount);
9853 offset += 1; /* Skip Setup Count */
9855 /* Build display for: Reserved3 */
9857 Reserved3 = GBYTE(pd, offset);
9861 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved3: %u", Reserved3);
9864 offset += 1; /* Skip Reserved3 */
9866 SetupAreaOffset = offset;
9868 /* Build display for: Setup */
9870 if (SetupCount > 0) {
9874 Setup = GSHORT(pd, offset);
9876 for (i = 1; i <= SetupCount; i++) {
9878 Setup = GSHORT(pd, offset);
9882 proto_tree_add_text(tree, NullTVB, offset, 2, "Setup%i: %u", i, Setup);
9886 offset += 2; /* Skip Setup */
9892 /* Build display for: Byte Count (BCC) */
9894 ByteCount = GSHORT(pd, offset);
9898 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
9902 offset += 2; /* Skip Byte Count (BCC) */
9904 /* Build display for: Transact Name */
9906 /* Watch out for Unicode names */
9910 if (offset % 2) offset++; /* Looks like a pad byte there sometimes */
9912 TransactName = unicode_to_str(pd + offset, &TNlen);
9917 TransactName = pd + offset;
9918 TNlen = strlen(TransactName) + 1;
9921 if (request_val -> last_transact_command) g_free(request_val -> last_transact_command);
9923 request_val -> last_transact_command = g_malloc(strlen(TransactName) + 1);
9925 if (request_val -> last_transact_command)
9926 strcpy(request_val -> last_transact_command, TransactName);
9928 if (check_col(fd, COL_INFO)) {
9930 col_add_fstr(fd, COL_INFO, "%s %s", TransactName, (dirn ? "Request" : "Response"));
9936 proto_tree_add_text(tree, NullTVB, offset, TNlen, "Transact Name: %s", TransactName);
9940 offset += TNlen; /* Skip Transact Name */
9941 if (si.unicode) offset += 2; /* There are two more extraneous bytes there*/
9943 if (offset < (SMB_offset + ParameterOffset)) {
9945 int pad1Count = SMB_offset + ParameterOffset - offset;
9947 /* Build display for: Pad1 */
9951 proto_tree_add_text(tree, NullTVB, offset, pad1Count, "Pad1: %s", format_text(pd + offset, pad1Count));
9954 offset += pad1Count; /* Skip Pad1 */
9958 /* Let's see if we can decode this */
9960 dissect_transact_params(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, DataOffset, DataCount, ParameterOffset, ParameterCount, SetupAreaOffset, SetupCount, TransactName);
9964 if (dirn == 0) { /* Response(s) dissect code */
9966 if (check_col(fd, COL_INFO)) {
9967 if ( request_val -> last_transact_command )
9968 col_add_fstr(fd, COL_INFO, "%s %s", request_val -> last_transact_command, "Response");
9969 else col_add_fstr(fd, COL_INFO, "Response to unknown message");
9973 /* Build display for: Word Count (WCT) */
9975 WordCount = GBYTE(pd, offset);
9979 proto_tree_add_text(tree, NullTVB, offset, 1, "Word Count (WCT): %u", WordCount);
9983 offset += 1; /* Skip Word Count (WCT) */
9985 /* Build display for: Total Parameter Count */
9987 TotalParameterCount = GSHORT(pd, offset);
9991 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
9995 offset += 2; /* Skip Total Parameter Count */
9997 /* Build display for: Total Data Count */
9999 TotalDataCount = GSHORT(pd, offset);
10003 proto_tree_add_text(tree, NullTVB, offset, 2, "Total Data Count: %u", TotalDataCount);
10007 offset += 2; /* Skip Total Data Count */
10009 /* Build display for: Reserved2 */
10011 Reserved2 = GSHORT(pd, offset);
10015 proto_tree_add_text(tree, NullTVB, offset, 2, "Reserved2: %u", Reserved2);
10019 offset += 2; /* Skip Reserved2 */
10021 /* Build display for: Parameter Count */
10023 ParameterCount = GSHORT(pd, offset);
10027 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Count: %u", ParameterCount);
10031 offset += 2; /* Skip Parameter Count */
10033 /* Build display for: Parameter Offset */
10035 ParameterOffset = GSHORT(pd, offset);
10039 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Offset: %u", ParameterOffset);
10043 offset += 2; /* Skip Parameter Offset */
10045 /* Build display for: Parameter Displacement */
10047 ParameterDisplacement = GSHORT(pd, offset);
10051 proto_tree_add_text(tree, NullTVB, offset, 2, "Parameter Displacement: %u", ParameterDisplacement);
10055 offset += 2; /* Skip Parameter Displacement */
10057 /* Build display for: Data Count */
10059 DataCount = GSHORT(pd, offset);
10063 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Count: %u", DataCount);
10067 offset += 2; /* Skip Data Count */
10069 /* Build display for: Data Offset */
10071 DataOffset = GSHORT(pd, offset);
10075 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Offset: %u", DataOffset);
10079 offset += 2; /* Skip Data Offset */
10081 /* Build display for: Data Displacement */
10083 DataDisplacement = GSHORT(pd, offset);
10087 proto_tree_add_text(tree, NullTVB, offset, 2, "Data Displacement: %u", DataDisplacement);
10091 offset += 2; /* Skip Data Displacement */
10093 /* Build display for: Setup Count */
10095 SetupCount = GBYTE(pd, offset);
10099 proto_tree_add_text(tree, NullTVB, offset, 1, "Setup Count: %u", SetupCount);
10103 offset += 1; /* Skip Setup Count */
10106 /* Build display for: Reserved3 */
10108 Reserved3 = GBYTE(pd, offset);
10112 proto_tree_add_text(tree, NullTVB, offset, 1, "Reserved3: %u", Reserved3);
10117 offset += 1; /* Skip Reserved3 */
10119 SetupAreaOffset = offset;
10121 /* Build display for: Setup */
10123 if (SetupCount > 0) {
10125 int i = SetupCount;
10127 Setup = GSHORT(pd, offset);
10129 for (i = 1; i <= SetupCount; i++) {
10131 Setup = GSHORT(pd, offset);
10135 proto_tree_add_text(tree, NullTVB, offset, 2, "Setup%i: %u", i, Setup);
10139 offset += 2; /* Skip Setup */
10145 /* Build display for: Byte Count (BCC) */
10147 ByteCount = GSHORT(pd, offset);
10151 proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
10155 offset += 2; /* Skip Byte Count (BCC) */
10157 /* Build display for: Pad1 */
10159 if (offset < (SMB_offset + ParameterOffset)) {
10161 int pad1Count = SMB_offset + ParameterOffset - offset;
10163 /* Build display for: Pad1 */
10167 proto_tree_add_text(tree, NullTVB, offset, pad1Count, "Pad1: %s", format_text(pd + offset, pad1Count));
10170 offset += pad1Count; /* Skip Pad1 */
10174 dissect_transact_params(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, DataOffset, DataCount, ParameterOffset, ParameterCount, SetupAreaOffset, SetupCount, si.request_val -> last_transact_command);
10184 void (*dissect[256])(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info, int, int, int, int) = {
10186 dissect_createdir_smb, /* unknown SMB 0x00 */
10187 dissect_deletedir_smb, /* unknown SMB 0x01 */
10188 dissect_unknown_smb, /* SMBopen open a file */
10189 dissect_create_file_smb, /* SMBcreate create a file */
10190 dissect_close_smb, /* SMBclose close a file */
10191 dissect_flush_file_smb, /* SMBflush flush a file */
10192 dissect_delete_file_smb, /* SMBunlink delete a file */
10193 dissect_rename_file_smb, /* SMBmv rename a file */
10194 dissect_get_file_attr_smb,/* SMBgetatr get file attributes */
10195 dissect_set_file_attr_smb,/* SMBsetatr set file attributes */
10196 dissect_read_file_smb, /* SMBread read from a file */
10197 dissect_write_file_smb, /* SMBwrite write to a file */
10198 dissect_lock_bytes_smb, /* SMBlock lock a byte range */
10199 dissect_unlock_bytes_smb, /* SMBunlock unlock a byte range */
10200 dissect_create_temporary_file_smb,/* SMBctemp create a temporary file */
10201 dissect_unknown_smb, /* SMBmknew make a new file */
10202 dissect_checkdir_smb, /* SMBchkpth check a directory path */
10203 dissect_process_exit_smb, /* SMBexit process exit */
10204 dissect_unknown_smb, /* SMBlseek seek */
10205 dissect_lock_and_read_smb,/* SMBlockread Lock a range and read it */
10206 dissect_write_and_unlock_smb,/* SMBwriteunlock Unlock a range and then write */
10207 dissect_unknown_smb, /* unknown SMB 0x15 */
10208 dissect_unknown_smb, /* unknown SMB 0x16 */
10209 dissect_unknown_smb, /* unknown SMB 0x17 */
10210 dissect_unknown_smb, /* unknown SMB 0x18 */
10211 dissect_unknown_smb, /* unknown SMB 0x19 */
10212 dissect_read_raw_smb, /* SMBreadBraw read block raw */
10213 dissect_read_mpx_smb, /* SMBreadBmpx read block multiplexed */
10214 dissect_unknown_smb, /* SMBreadBs read block (secondary response) */
10215 dissect_write_raw_smb, /* SMBwriteBraw write block raw */
10216 dissect_write_mpx_smb, /* SMBwriteBmpx write block multiplexed */
10217 dissect_unknown_smb, /* SMBwriteBs write block (secondary request) */
10218 dissect_unknown_smb, /* SMBwriteC write complete response */
10219 dissect_unknown_smb, /* unknown SMB 0x21 */
10220 dissect_set_info2_smb, /* SMBsetattrE set file attributes expanded */
10221 dissect_query_info2_smb, /* SMBgetattrE get file attributes expanded */
10222 dissect_locking_andx_smb, /* SMBlockingX lock/unlock byte ranges and X */
10223 dissect_transact_smb, /* SMBtrans transaction - name, bytes in/out */
10224 dissect_unknown_smb, /* SMBtranss transaction (secondary request/response) */
10225 dissect_unknown_smb, /* SMBioctl IOCTL */
10226 dissect_unknown_smb, /* SMBioctls IOCTL (secondary request/response) */
10227 dissect_unknown_smb, /* SMBcopy copy */
10228 dissect_move_smb, /* SMBmove move */
10229 dissect_unknown_smb, /* SMBecho echo */
10230 dissect_unknown_smb, /* SMBwriteclose write a file and then close it */
10231 dissect_open_andx_smb, /* SMBopenX open and X */
10232 dissect_read_andx_smb, /* SMBreadX read and X */
10233 dissect_unknown_smb, /* SMBwriteX write and X */
10234 dissect_unknown_smb, /* unknown SMB 0x30 */
10235 dissect_unknown_smb, /* unknown SMB 0x31 */
10236 dissect_transact2_smb, /* unknown SMB 0x32 */
10237 dissect_unknown_smb, /* unknown SMB 0x33 */
10238 dissect_find_close2_smb, /* unknown SMB 0x34 */
10239 dissect_unknown_smb, /* unknown SMB 0x35 */
10240 dissect_unknown_smb, /* unknown SMB 0x36 */
10241 dissect_unknown_smb, /* unknown SMB 0x37 */
10242 dissect_unknown_smb, /* unknown SMB 0x38 */
10243 dissect_unknown_smb, /* unknown SMB 0x39 */
10244 dissect_unknown_smb, /* unknown SMB 0x3a */
10245 dissect_unknown_smb, /* unknown SMB 0x3b */
10246 dissect_unknown_smb, /* unknown SMB 0x3c */
10247 dissect_unknown_smb, /* unknown SMB 0x3d */
10248 dissect_unknown_smb, /* unknown SMB 0x3e */
10249 dissect_unknown_smb, /* unknown SMB 0x3f */
10250 dissect_unknown_smb, /* unknown SMB 0x40 */
10251 dissect_unknown_smb, /* unknown SMB 0x41 */
10252 dissect_unknown_smb, /* unknown SMB 0x42 */
10253 dissect_unknown_smb, /* unknown SMB 0x43 */
10254 dissect_unknown_smb, /* unknown SMB 0x44 */
10255 dissect_unknown_smb, /* unknown SMB 0x45 */
10256 dissect_unknown_smb, /* unknown SMB 0x46 */
10257 dissect_unknown_smb, /* unknown SMB 0x47 */
10258 dissect_unknown_smb, /* unknown SMB 0x48 */
10259 dissect_unknown_smb, /* unknown SMB 0x49 */
10260 dissect_unknown_smb, /* unknown SMB 0x4a */
10261 dissect_unknown_smb, /* unknown SMB 0x4b */
10262 dissect_unknown_smb, /* unknown SMB 0x4c */
10263 dissect_unknown_smb, /* unknown SMB 0x4d */
10264 dissect_unknown_smb, /* unknown SMB 0x4e */
10265 dissect_unknown_smb, /* unknown SMB 0x4f */
10266 dissect_unknown_smb, /* unknown SMB 0x50 */
10267 dissect_unknown_smb, /* unknown SMB 0x51 */
10268 dissect_unknown_smb, /* unknown SMB 0x52 */
10269 dissect_unknown_smb, /* unknown SMB 0x53 */
10270 dissect_unknown_smb, /* unknown SMB 0x54 */
10271 dissect_unknown_smb, /* unknown SMB 0x55 */
10272 dissect_unknown_smb, /* unknown SMB 0x56 */
10273 dissect_unknown_smb, /* unknown SMB 0x57 */
10274 dissect_unknown_smb, /* unknown SMB 0x58 */
10275 dissect_unknown_smb, /* unknown SMB 0x59 */
10276 dissect_unknown_smb, /* unknown SMB 0x5a */
10277 dissect_unknown_smb, /* unknown SMB 0x5b */
10278 dissect_unknown_smb, /* unknown SMB 0x5c */
10279 dissect_unknown_smb, /* unknown SMB 0x5d */
10280 dissect_unknown_smb, /* unknown SMB 0x5e */
10281 dissect_unknown_smb, /* unknown SMB 0x5f */
10282 dissect_unknown_smb, /* unknown SMB 0x60 */
10283 dissect_unknown_smb, /* unknown SMB 0x61 */
10284 dissect_unknown_smb, /* unknown SMB 0x62 */
10285 dissect_unknown_smb, /* unknown SMB 0x63 */
10286 dissect_unknown_smb, /* unknown SMB 0x64 */
10287 dissect_unknown_smb, /* unknown SMB 0x65 */
10288 dissect_unknown_smb, /* unknown SMB 0x66 */
10289 dissect_unknown_smb, /* unknown SMB 0x67 */
10290 dissect_unknown_smb, /* unknown SMB 0x68 */
10291 dissect_unknown_smb, /* unknown SMB 0x69 */
10292 dissect_unknown_smb, /* unknown SMB 0x6a */
10293 dissect_unknown_smb, /* unknown SMB 0x6b */
10294 dissect_unknown_smb, /* unknown SMB 0x6c */
10295 dissect_unknown_smb, /* unknown SMB 0x6d */
10296 dissect_unknown_smb, /* unknown SMB 0x6e */
10297 dissect_unknown_smb, /* unknown SMB 0x6f */
10298 dissect_treecon_smb, /* SMBtcon tree connect */
10299 dissect_tdis_smb, /* SMBtdis tree disconnect */
10300 dissect_negprot_smb, /* SMBnegprot negotiate a protocol */
10301 dissect_ssetup_andx_smb, /* SMBsesssetupX Session Set Up & X (including User Logon) */
10302 dissect_logoff_andx_smb, /* SMBlogof Logoff & X */
10303 dissect_tcon_andx_smb, /* SMBtconX tree connect and X */
10304 dissect_unknown_smb, /* unknown SMB 0x76 */
10305 dissect_unknown_smb, /* unknown SMB 0x77 */
10306 dissect_unknown_smb, /* unknown SMB 0x78 */
10307 dissect_unknown_smb, /* unknown SMB 0x79 */
10308 dissect_unknown_smb, /* unknown SMB 0x7a */
10309 dissect_unknown_smb, /* unknown SMB 0x7b */
10310 dissect_unknown_smb, /* unknown SMB 0x7c */
10311 dissect_unknown_smb, /* unknown SMB 0x7d */
10312 dissect_unknown_smb, /* unknown SMB 0x7e */
10313 dissect_unknown_smb, /* unknown SMB 0x7f */
10314 dissect_get_disk_attr_smb,/* SMBdskattr get disk attributes */
10315 dissect_search_dir_smb, /* SMBsearch search a directory */
10316 dissect_unknown_smb, /* SMBffirst find first */
10317 dissect_unknown_smb, /* SMBfunique find unique */
10318 dissect_unknown_smb, /* SMBfclose find close */
10319 dissect_unknown_smb, /* unknown SMB 0x85 */
10320 dissect_unknown_smb, /* unknown SMB 0x86 */
10321 dissect_unknown_smb, /* unknown SMB 0x87 */
10322 dissect_unknown_smb, /* unknown SMB 0x88 */
10323 dissect_unknown_smb, /* unknown SMB 0x89 */
10324 dissect_unknown_smb, /* unknown SMB 0x8a */
10325 dissect_unknown_smb, /* unknown SMB 0x8b */
10326 dissect_unknown_smb, /* unknown SMB 0x8c */
10327 dissect_unknown_smb, /* unknown SMB 0x8d */
10328 dissect_unknown_smb, /* unknown SMB 0x8e */
10329 dissect_unknown_smb, /* unknown SMB 0x8f */
10330 dissect_unknown_smb, /* unknown SMB 0x90 */
10331 dissect_unknown_smb, /* unknown SMB 0x91 */
10332 dissect_unknown_smb, /* unknown SMB 0x92 */
10333 dissect_unknown_smb, /* unknown SMB 0x93 */
10334 dissect_unknown_smb, /* unknown SMB 0x94 */
10335 dissect_unknown_smb, /* unknown SMB 0x95 */
10336 dissect_unknown_smb, /* unknown SMB 0x96 */
10337 dissect_unknown_smb, /* unknown SMB 0x97 */
10338 dissect_unknown_smb, /* unknown SMB 0x98 */
10339 dissect_unknown_smb, /* unknown SMB 0x99 */
10340 dissect_unknown_smb, /* unknown SMB 0x9a */
10341 dissect_unknown_smb, /* unknown SMB 0x9b */
10342 dissect_unknown_smb, /* unknown SMB 0x9c */
10343 dissect_unknown_smb, /* unknown SMB 0x9d */
10344 dissect_unknown_smb, /* unknown SMB 0x9e */
10345 dissect_unknown_smb, /* unknown SMB 0x9f */
10346 dissect_unknown_smb, /* unknown SMB 0xa0 */
10347 dissect_unknown_smb, /* unknown SMB 0xa1 */
10348 dissect_unknown_smb, /* unknown SMB 0xa2 */
10349 dissect_unknown_smb, /* unknown SMB 0xa3 */
10350 dissect_unknown_smb, /* unknown SMB 0xa4 */
10351 dissect_unknown_smb, /* unknown SMB 0xa5 */
10352 dissect_unknown_smb, /* unknown SMB 0xa6 */
10353 dissect_unknown_smb, /* unknown SMB 0xa7 */
10354 dissect_unknown_smb, /* unknown SMB 0xa8 */
10355 dissect_unknown_smb, /* unknown SMB 0xa9 */
10356 dissect_unknown_smb, /* unknown SMB 0xaa */
10357 dissect_unknown_smb, /* unknown SMB 0xab */
10358 dissect_unknown_smb, /* unknown SMB 0xac */
10359 dissect_unknown_smb, /* unknown SMB 0xad */
10360 dissect_unknown_smb, /* unknown SMB 0xae */
10361 dissect_unknown_smb, /* unknown SMB 0xaf */
10362 dissect_unknown_smb, /* unknown SMB 0xb0 */
10363 dissect_unknown_smb, /* unknown SMB 0xb1 */
10364 dissect_unknown_smb, /* unknown SMB 0xb2 */
10365 dissect_unknown_smb, /* unknown SMB 0xb3 */
10366 dissect_unknown_smb, /* unknown SMB 0xb4 */
10367 dissect_unknown_smb, /* unknown SMB 0xb5 */
10368 dissect_unknown_smb, /* unknown SMB 0xb6 */
10369 dissect_unknown_smb, /* unknown SMB 0xb7 */
10370 dissect_unknown_smb, /* unknown SMB 0xb8 */
10371 dissect_unknown_smb, /* unknown SMB 0xb9 */
10372 dissect_unknown_smb, /* unknown SMB 0xba */
10373 dissect_unknown_smb, /* unknown SMB 0xbb */
10374 dissect_unknown_smb, /* unknown SMB 0xbc */
10375 dissect_unknown_smb, /* unknown SMB 0xbd */
10376 dissect_unknown_smb, /* unknown SMB 0xbe */
10377 dissect_unknown_smb, /* unknown SMB 0xbf */
10378 dissect_unknown_smb, /* SMBsplopen open a print spool file */
10379 dissect_write_print_file_smb,/* SMBsplwr write to a print spool file */
10380 dissect_close_print_file_smb,/* SMBsplclose close a print spool file */
10381 dissect_get_print_queue_smb, /* SMBsplretq return print queue */
10382 dissect_unknown_smb, /* unknown SMB 0xc4 */
10383 dissect_unknown_smb, /* unknown SMB 0xc5 */
10384 dissect_unknown_smb, /* unknown SMB 0xc6 */
10385 dissect_unknown_smb, /* unknown SMB 0xc7 */
10386 dissect_unknown_smb, /* unknown SMB 0xc8 */
10387 dissect_unknown_smb, /* unknown SMB 0xc9 */
10388 dissect_unknown_smb, /* unknown SMB 0xca */
10389 dissect_unknown_smb, /* unknown SMB 0xcb */
10390 dissect_unknown_smb, /* unknown SMB 0xcc */
10391 dissect_unknown_smb, /* unknown SMB 0xcd */
10392 dissect_unknown_smb, /* unknown SMB 0xce */
10393 dissect_unknown_smb, /* unknown SMB 0xcf */
10394 dissect_unknown_smb, /* SMBsends send a single block message */
10395 dissect_unknown_smb, /* SMBsendb send a broadcast message */
10396 dissect_unknown_smb, /* SMBfwdname forward user name */
10397 dissect_unknown_smb, /* SMBcancelf cancel forward */
10398 dissect_unknown_smb, /* SMBgetmac get a machine name */
10399 dissect_unknown_smb, /* SMBsendstrt send start of multi-block message */
10400 dissect_unknown_smb, /* SMBsendend send end of multi-block message */
10401 dissect_unknown_smb, /* SMBsendtxt send text of multi-block message */
10402 dissect_unknown_smb, /* unknown SMB 0xd8 */
10403 dissect_unknown_smb, /* unknown SMB 0xd9 */
10404 dissect_unknown_smb, /* unknown SMB 0xda */
10405 dissect_unknown_smb, /* unknown SMB 0xdb */
10406 dissect_unknown_smb, /* unknown SMB 0xdc */
10407 dissect_unknown_smb, /* unknown SMB 0xdd */
10408 dissect_unknown_smb, /* unknown SMB 0xde */
10409 dissect_unknown_smb, /* unknown SMB 0xdf */
10410 dissect_unknown_smb, /* unknown SMB 0xe0 */
10411 dissect_unknown_smb, /* unknown SMB 0xe1 */
10412 dissect_unknown_smb, /* unknown SMB 0xe2 */
10413 dissect_unknown_smb, /* unknown SMB 0xe3 */
10414 dissect_unknown_smb, /* unknown SMB 0xe4 */
10415 dissect_unknown_smb, /* unknown SMB 0xe5 */
10416 dissect_unknown_smb, /* unknown SMB 0xe6 */
10417 dissect_unknown_smb, /* unknown SMB 0xe7 */
10418 dissect_unknown_smb, /* unknown SMB 0xe8 */
10419 dissect_unknown_smb, /* unknown SMB 0xe9 */
10420 dissect_unknown_smb, /* unknown SMB 0xea */
10421 dissect_unknown_smb, /* unknown SMB 0xeb */
10422 dissect_unknown_smb, /* unknown SMB 0xec */
10423 dissect_unknown_smb, /* unknown SMB 0xed */
10424 dissect_unknown_smb, /* unknown SMB 0xee */
10425 dissect_unknown_smb, /* unknown SMB 0xef */
10426 dissect_unknown_smb, /* unknown SMB 0xf0 */
10427 dissect_unknown_smb, /* unknown SMB 0xf1 */
10428 dissect_unknown_smb, /* unknown SMB 0xf2 */
10429 dissect_unknown_smb, /* unknown SMB 0xf3 */
10430 dissect_unknown_smb, /* unknown SMB 0xf4 */
10431 dissect_unknown_smb, /* unknown SMB 0xf5 */
10432 dissect_unknown_smb, /* unknown SMB 0xf6 */
10433 dissect_unknown_smb, /* unknown SMB 0xf7 */
10434 dissect_unknown_smb, /* unknown SMB 0xf8 */
10435 dissect_unknown_smb, /* unknown SMB 0xf9 */
10436 dissect_unknown_smb, /* unknown SMB 0xfa */
10437 dissect_unknown_smb, /* unknown SMB 0xfb */
10438 dissect_unknown_smb, /* unknown SMB 0xfc */
10439 dissect_unknown_smb, /* unknown SMB 0xfd */
10440 dissect_unknown_smb, /* SMBinvalid invalid command */
10441 dissect_unknown_smb /* unknown SMB 0xff */
10445 static const value_string errcls_types[] = {
10446 { SMB_SUCCESS, "Success"},
10447 { SMB_ERRDOS, "DOS Error"},
10448 { SMB_ERRSRV, "Server Error"},
10449 { SMB_ERRHRD, "Hardware Error"},
10450 { SMB_ERRCMD, "Command Error - Not an SMB format command"},
10454 char *decode_smb_name(unsigned char cmd)
10457 return(SMB_names[cmd]);
10461 static const value_string DOS_errors[] = {
10462 {SMBE_badfunc, "Invalid function (or system call)"},
10463 {SMBE_badfile, "File not found (pathname error)"},
10464 {SMBE_badpath, "Directory not found"},
10465 {SMBE_nofids, "Too many open files"},
10466 {SMBE_noaccess, "Access denied"},
10467 {SMBE_badfid, "Invalid fid"},
10468 {SMBE_nomem, "Out of memory"},
10469 {SMBE_badmem, "Invalid memory block address"},
10470 {SMBE_badenv, "Invalid environment"},
10471 {SMBE_badaccess, "Invalid open mode"},
10472 {SMBE_baddata, "Invalid data (only from ioctl call)"},
10473 {SMBE_res, "Reserved error code?"},
10474 {SMBE_baddrive, "Invalid drive"},
10475 {SMBE_remcd, "Attempt to delete current directory"},
10476 {SMBE_diffdevice, "Rename/move across different filesystems"},
10477 {SMBE_nofiles, "no more files found in file search"},
10478 {SMBE_badshare, "Share mode on file conflict with open mode"},
10479 {SMBE_lock, "Lock request conflicts with existing lock"},
10480 {SMBE_unsup, "Request unsupported, returned by Win 95"},
10481 {SMBE_filexists, "File in operation already exists"},
10482 {SMBE_cannotopen, "Cannot open the file specified"},
10483 {SMBE_unknownlevel, "Unknown level??"},
10484 {SMBE_badpipe, "Named pipe invalid"},
10485 {SMBE_pipebusy, "All instances of pipe are busy"},
10486 {SMBE_pipeclosing, "Named pipe close in progress"},
10487 {SMBE_notconnected, "No process on other end of named pipe"},
10488 {SMBE_moredata, "More data to be returned"},
10489 {SMBE_baddirectory, "Invalid directory name in a path."},
10490 {SMBE_eas_didnt_fit, "Extended attributes didn't fit"},
10491 {SMBE_eas_nsup, "Extended attributes not supported"},
10492 {SMBE_notify_buf_small, "Buffer too small to return change notify."},
10493 {SMBE_unknownipc, "Unknown IPC Operation"},
10494 {SMBE_noipc, "Don't support ipc"},
10498 /* Error codes for the ERRSRV class */
10500 static const value_string SRV_errors[] = {
10501 {SMBE_error, "Non specific error code"},
10502 {SMBE_badpw, "Bad password"},
10503 {SMBE_badtype, "Reserved"},
10504 {SMBE_access, "No permissions to perform the requested operation"},
10505 {SMBE_invnid, "TID invalid"},
10506 {SMBE_invnetname, "Invalid network name. Service not found"},
10507 {SMBE_invdevice, "Invalid device"},
10508 {SMBE_unknownsmb, "Unknown SMB, from NT 3.5 response"},
10509 {SMBE_qfull, "Print queue full"},
10510 {SMBE_qtoobig, "Queued item too big"},
10511 {SMBE_qeof, "EOF on print queue dump"},
10512 {SMBE_invpfid, "Invalid print file in smb_fid"},
10513 {SMBE_smbcmd, "Unrecognised command"},
10514 {SMBE_srverror, "SMB server internal error"},
10515 {SMBE_filespecs, "Fid and pathname invalid combination"},
10516 {SMBE_badlink, "Bad link in request ???"},
10517 {SMBE_badpermits, "Access specified for a file is not valid"},
10518 {SMBE_badpid, "Bad process id in request"},
10519 {SMBE_setattrmode, "Attribute mode invalid"},
10520 {SMBE_paused, "Message server paused"},
10521 {SMBE_msgoff, "Not receiving messages"},
10522 {SMBE_noroom, "No room for message"},
10523 {SMBE_rmuns, "Too many remote usernames"},
10524 {SMBE_timeout, "Operation timed out"},
10525 {SMBE_noresource, "No resources currently available for request."},
10526 {SMBE_toomanyuids, "Too many userids"},
10527 {SMBE_baduid, "Bad userid"},
10528 {SMBE_useMPX, "Temporarily unable to use raw mode, use MPX mode"},
10529 {SMBE_useSTD, "Temporarily unable to use raw mode, use standard mode"},
10530 {SMBE_contMPX, "Resume MPX mode"},
10531 {SMBE_badPW, "Bad Password???"},
10532 {SMBE_nosupport, "Operation not supported"},
10536 /* Error codes for the ERRHRD class */
10538 static const value_string HRD_errors[] = {
10539 {SMBE_nowrite, "read only media"},
10540 {SMBE_badunit, "Unknown device"},
10541 {SMBE_notready, "Drive not ready"},
10542 {SMBE_badcmd, "Unknown command"},
10543 {SMBE_data, "Data (CRC) error"},
10544 {SMBE_badreq, "Bad request structure length"},
10545 {SMBE_seek, "Seek error???"},
10546 {SMBE_badmedia, "Bad media???"},
10547 {SMBE_badsector, "Bad sector???"},
10548 {SMBE_nopaper, "No paper in printer???"},
10549 {SMBE_write, "Write error???"},
10550 {SMBE_read, "Read error???"},
10551 {SMBE_general, "General error???"},
10552 {SMBE_badshare, "A open conflicts with an existing open"},
10553 {SMBE_lock, "Lock/unlock error"},
10554 {SMBE_wrongdisk, "Wrong disk???"},
10555 {SMBE_FCBunavail, "FCB unavailable???"},
10556 {SMBE_sharebufexc, "Share buffer excluded???"},
10557 {SMBE_diskfull, "Disk full???"},
10561 char *decode_smb_error(guint8 errcls, guint16 errcode)
10568 return("No Error"); /* No error ??? */
10573 return(val_to_str(errcode, DOS_errors, "Unknown DOS error (%x)"));
10578 return(val_to_str(errcode, SRV_errors, "Unknown SRV error (%x)"));
10583 return(val_to_str(errcode, HRD_errors, "Unknown HRD error (%x)"));
10588 return("Unknown error class!");
10594 #define SMB_FLAGS_DIRN 0x80
10597 dissect_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data)
10599 proto_tree *smb_tree = tree, *flags_tree, *flags2_tree;
10600 proto_item *ti, *tf;
10601 guint8 cmd, errcls, errcode1, flags;
10602 guint16 flags2, errcode, tid, pid, uid, mid;
10604 int SMB_offset = offset;
10605 struct smb_info si;
10607 OLD_CHECK_DISPLAY_AS_DATA(proto_smb, pd, offset, fd, tree);
10611 cmd = pd[offset + SMB_hdr_com_offset];
10613 if (check_col(fd, COL_PROTOCOL))
10614 col_set_str(fd, COL_PROTOCOL, "SMB");
10616 /* Hmmm, poor coding here ... Also, should check the type */
10618 if (check_col(fd, COL_INFO)) {
10620 col_add_fstr(fd, COL_INFO, "%s %s", decode_smb_name(cmd), (pi.match_port == pi.destport)? "Request" : "Response");
10626 ti = proto_tree_add_item(tree, proto_smb, NullTVB, offset, END_OF_FRAME, FALSE);
10627 smb_tree = proto_item_add_subtree(ti, ett_smb);
10629 /* 0xFFSMB is actually a 1 byte msg type and 3 byte server
10630 * component ... SMB is only one used
10633 proto_tree_add_text(smb_tree, NullTVB, offset, 1, "Message Type: 0xFF");
10634 proto_tree_add_text(smb_tree, NullTVB, offset+1, 3, "Server Component: SMB");
10638 offset += 4; /* Skip the marker */
10642 proto_tree_add_uint(smb_tree, hf_smb_cmd, NullTVB, offset, 1, cmd);
10648 /* Handle error code */
10650 if (GSHORT(pd, SMB_offset + 10) & 0x4000) {
10652 /* handle NT 32 bit error code */
10653 errcode = 0; /* better than a random number */
10654 status = GWORD(pd, offset);
10658 proto_tree_add_text(smb_tree, NullTVB, offset, 4, "Status: 0x%08x",
10667 /* handle DOS error code & class */
10669 /* Next, look at the error class, SMB_RETCLASS */
10671 errcls = pd[offset];
10675 proto_tree_add_text(smb_tree, NullTVB, offset, 1, "Error Class: %s",
10676 val_to_str((guint8)pd[offset], errcls_types, "Unknown Error Class (%x)"));
10681 /* Error code, SMB_HEINFO ... */
10683 errcode1 = pd[offset];
10687 proto_tree_add_text(smb_tree, NullTVB, offset, 1, "Reserved: %i", errcode1);
10693 errcode = GSHORT(pd, offset);
10697 proto_tree_add_text(smb_tree, NullTVB, offset, 2, "Error Code: %s",
10698 decode_smb_error(errcls, errcode));
10705 /* Now for the flags: Bit 0 = 0 means cmd, 0 = 1 means resp */
10707 flags = pd[offset];
10711 tf = proto_tree_add_text(smb_tree, NullTVB, offset, 1, "Flags: 0x%02x", flags);
10713 flags_tree = proto_item_add_subtree(tf, ett_smb_flags);
10714 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10715 decode_boolean_bitfield(flags, 0x01, 8,
10716 "Lock&Read, Write&Unlock supported",
10717 "Lock&Read, Write&Unlock not supported"));
10718 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10719 decode_boolean_bitfield(flags, 0x02, 8,
10720 "Receive buffer posted",
10721 "Receive buffer not posted"));
10722 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10723 decode_boolean_bitfield(flags, 0x08, 8,
10724 "Path names caseless",
10725 "Path names case sensitive"));
10726 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10727 decode_boolean_bitfield(flags, 0x10, 8,
10728 "Pathnames canonicalized",
10729 "Pathnames not canonicalized"));
10730 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10731 decode_boolean_bitfield(flags, 0x20, 8,
10732 "OpLocks requested/granted",
10733 "OpLocks not requested/granted"));
10734 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10735 decode_boolean_bitfield(flags, 0x40, 8,
10737 "Notify open only"));
10739 proto_tree_add_text(flags_tree, NullTVB, offset, 1, "%s",
10740 decode_boolean_bitfield(flags, SMB_FLAGS_DIRN,
10741 8, "Response to client/redirector", "Request to server"));
10747 flags2 = GSHORT(pd, offset);
10751 tf = proto_tree_add_text(smb_tree, NullTVB, offset, 2, "Flags2: 0x%04x", flags2);
10753 flags2_tree = proto_item_add_subtree(tf, ett_smb_flags2);
10754 proto_tree_add_text(flags2_tree, NullTVB, offset, 2, "%s",
10755 decode_boolean_bitfield(flags2, 0x0001, 16,
10756 "Long file names supported",
10757 "Long file names not supported"));
10758 proto_tree_add_text(flags2_tree, NullTVB, offset, 2, "%s",
10759 decode_boolean_bitfield(flags2, 0x0002, 16,
10760 "Extended attributes supported",
10761 "Extended attributes not supported"));
10762 proto_tree_add_text(flags2_tree, NullTVB, offset, 1, "%s",
10763 decode_boolean_bitfield(flags2, 0x0004, 16,
10764 "Security signatures supported",
10765 "Security signatures not supported"));
10766 proto_tree_add_text(flags2_tree, NullTVB, offset, 2, "%s",
10767 decode_boolean_bitfield(flags2, 0x0800, 16,
10768 "Extended security negotiation supported",
10769 "Extended security negotiation not supported"));
10770 proto_tree_add_text(flags2_tree, NullTVB, offset, 2, "%s",
10771 decode_boolean_bitfield(flags2, 0x1000, 16,
10772 "Resolve pathnames with DFS",
10773 "Don't resolve pathnames with DFS"));
10774 proto_tree_add_text(flags2_tree, NullTVB, offset, 2, "%s",
10775 decode_boolean_bitfield(flags2, 0x2000, 16,
10776 "Permit reads if execute-only",
10777 "Don't permit reads if execute-only"));
10778 proto_tree_add_text(flags2_tree, NullTVB, offset, 2, "%s",
10779 decode_boolean_bitfield(flags2, 0x4000, 16,
10780 "Error codes are NT error codes",
10781 "Error codes are DOS error codes"));
10782 proto_tree_add_text(flags2_tree, NullTVB, offset, 2, "%s",
10783 decode_boolean_bitfield(flags2, 0x8000, 16,
10784 "Strings are Unicode",
10785 "Strings are ASCII"));
10789 if (flags2 & 0x8000) si.unicode = 1; /* Mark them as Unicode */
10795 proto_tree_add_text(smb_tree, NullTVB, offset, 12, "Reserved: 6 WORDS");
10801 /* Now the TID, tree ID */
10803 tid = GSHORT(pd, offset);
10808 proto_tree_add_text(smb_tree, NullTVB, offset, 2, "Network Path/Tree ID (TID): %i (%04x)", tid, tid);
10814 /* Now the PID, Process ID */
10816 pid = GSHORT(pd, offset);
10821 proto_tree_add_text(smb_tree, NullTVB, offset, 2, "Process ID (PID): %i (%04x)", pid, pid);
10827 /* Now the UID, User ID */
10829 uid = GSHORT(pd, offset);
10834 proto_tree_add_text(smb_tree, NullTVB, offset, 2, "User ID (UID): %i (%04x)", uid, uid);
10840 /* Now the MID, Multiplex ID */
10842 mid = GSHORT(pd, offset);
10847 proto_tree_add_text(smb_tree, NullTVB, offset, 2, "Multiplex ID (MID): %i (%04x)", mid, mid);
10853 /* Now vector through the table to dissect them */
10855 (dissect[cmd])(pd, offset, fd, tree, smb_tree, si, max_data, SMB_offset, errcode,
10856 ((flags & 0x80) == 0));
10861 /*** External routines called during the registration process */
10863 extern void register_proto_smb_browse( void);
10864 extern void register_proto_smb_logon( void);
10865 extern void register_proto_smb_mailslot( void);
10866 extern void register_proto_smb_pipe( void);
10867 extern void register_proto_smb_mailslot( void);
10871 proto_register_smb(void)
10873 static hf_register_info hf[] = {
10875 { "SMB Command", "smb.cmd",
10876 FT_UINT8, BASE_HEX, VALS(smb_cmd_vals), 0x0, "" }}
10880 static gint *ett[] = {
10882 &ett_smb_fileattributes,
10883 &ett_smb_capabilities,
10890 &ett_smb_desiredaccess,
10893 &ett_smb_openfunction,
10896 &ett_smb_writemode,
10897 &ett_smb_lock_type,
10900 proto_smb = proto_register_protocol("SMB (Server Message Block Protocol)",
10903 proto_register_subtree_array(ett, array_length(ett));
10904 proto_register_field_array(proto_smb, hf, array_length(hf));
10905 register_init_routine(&smb_init_protocol);
10907 register_proto_smb_browse();
10908 register_proto_smb_logon( );
10909 register_proto_smb_mailslot();
10910 register_proto_smb_pipe();