2 * Routines for smb packet dissection
3 * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
5 * $Id: packet-smb.c,v 1.40 1999/11/16 17:03:36 gram Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@unicom.net>
9 * Copyright 1998 Gerald Combs
11 * Copied from packet-pop.c
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
34 #ifdef HAVE_SYS_TYPES_H
35 # include <sys/types.h>
38 #ifdef HAVE_NETINET_IN_H
39 # include <netinet/in.h>
46 #include "conversation.h"
48 #include "alignment.h"
50 static int proto_smb = -1;
52 static gint ett_smb = -1;
53 static gint ett_smb_fileattributes = -1;
54 static gint ett_smb_capabilities = -1;
55 static gint ett_smb_aflags = -1;
56 static gint ett_smb_dialects = -1;
57 static gint ett_smb_mode = -1;
58 static gint ett_smb_rawmode = -1;
59 static gint ett_smb_flags = -1;
60 static gint ett_smb_flags2 = -1;
61 static gint ett_smb_desiredaccess = -1;
62 static gint ett_smb_search = -1;
63 static gint ett_smb_file = -1;
64 static gint ett_smb_openfunction = -1;
65 static gint ett_smb_filetype = -1;
66 static gint ett_smb_action = -1;
67 static gint ett_smb_writemode = -1;
68 static gint ett_smb_lock_type = -1;
70 static int proto_browse = -1;
72 static gint ett_browse = -1;
73 static gint ett_browse_flags = -1;
76 * Struct passed to each SMB decode routine of info it may need
80 int tid, uid, mid, pid; /* Any more? */
83 char *decode_smb_name(unsigned char);
85 int smb_packet_init_count = 200;
87 struct smb_request_key {
92 struct smb_request_val {
93 guint16 last_transact2_command;
94 gchar *last_transact_command;
98 GHashTable *smb_request_hash = NULL;
99 GMemChunk *smb_request_keys = NULL;
100 GMemChunk *smb_request_vals = NULL;
104 smb_equal(gconstpointer v, gconstpointer w)
106 struct smb_request_key *v1 = (struct smb_request_key *)v;
107 struct smb_request_key *v2 = (struct smb_request_key *)w;
109 #if defined(DEBUG_SMB_HASH)
110 printf("Comparing %08X:%u\n and %08X:%u\n",
111 v1 -> conversation, v1 -> mid,
112 v2 -> conversation, v2 -> mid);
115 if (v1 -> conversation == v2 -> conversation &&
116 v1 -> mid == v2 -> mid) {
126 smb_hash (gconstpointer v)
128 struct smb_request_key *key = (struct smb_request_key *)v;
131 val = key -> conversation + key -> mid;
133 #if defined(DEBUG_SMB_HASH)
134 printf("SMB Hash calculated as %u\n", val);
142 * Initialize some variables every time a file is loaded or re-loaded
146 smb_init_protocol(void)
148 #if defined(DEBUG_SMB_HASH)
149 printf("Initializing SMB hashtable area\n");
152 if (smb_request_hash)
153 g_hash_table_destroy(smb_request_hash);
154 if (smb_request_keys)
155 g_mem_chunk_destroy(smb_request_keys);
156 if (smb_request_vals)
157 g_mem_chunk_destroy(smb_request_vals);
159 smb_request_hash = g_hash_table_new(smb_hash, smb_equal);
160 smb_request_keys = g_mem_chunk_new("smb_request_keys",
161 sizeof(struct smb_request_key),
162 smb_packet_init_count * sizeof(struct smb_request_key), G_ALLOC_AND_FREE);
163 smb_request_vals = g_mem_chunk_new("smb_request_vals",
164 sizeof(struct smb_request_val),
165 smb_packet_init_count * sizeof(struct smb_request_val), G_ALLOC_AND_FREE);
168 void (*dissect[256])(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info si, int, int, int, int);
170 char *SMB_names[256] = {
171 "SMBcreatedirectory",
172 "SMBdeletedirectory",
220 "SMBcloseandtreedisc",
222 "SMBtrans2secondary",
224 "SMBfindnotifyclose",
332 "SMBnttransactsecondary",
430 dissect_unknown_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
435 proto_tree_add_text(tree, offset, END_OF_FRAME, "Data (%u bytes)",
443 * Dissect a UNIX like date ...
449 dissect_smbu_date(guint16 date, guint16 time)
452 static char datebuf[4+2+2+2+1];
453 time_t ltime = (date << 16) + time;
455 gtime = gmtime(<ime);
456 sprintf(datebuf, "%04d-%02d-%02d",
457 1900 + (gtime -> tm_year), gtime -> tm_mon, gtime -> tm_mday);
467 dissect_smbu_time(guint16 date, guint16 time)
470 static char timebuf[2+2+2+2+1];
472 sprintf(timebuf, "%02d:%02d:%02d",
473 gtime -> tm_hour, gtime -> tm_min, gtime -> tm_sec);
480 * Dissect a DOS-format date.
483 dissect_dos_date(guint16 date)
485 static char datebuf[4+2+2+1];
487 sprintf(datebuf, "%04d-%02d-%02d",
488 ((date>>9)&0x7F) + 1980, (date>>5)&0x0F, date&0x1F);
493 * Dissect a DOS-format time.
496 dissect_dos_time(guint16 time)
498 static char timebuf[2+2+2+1];
500 sprintf(timebuf, "%02d:%02d:%02d",
501 (time>>11)&0x1F, (time>>5)&0x3F, (time&0x1F)*2);
505 /* Max string length for displaying Unicode strings. */
506 #define MAX_UNICODE_STR_LEN 256
508 /* Turn a little-endian Unicode '\0'-terminated string into a string we
510 XXX - for now, we just handle the ISO 8859-1 characters. */
512 unicode_to_str(const guint8 *us, int *us_lenp) {
513 static gchar str[3][MAX_UNICODE_STR_LEN+3+1];
520 if (cur == &str[0][0]) {
522 } else if (cur == &str[1][0]) {
528 len = MAX_UNICODE_STR_LEN;
530 while (*us != 0 || *(us + 1) != 0) {
540 /* Note that we're not showing the full string. */
551 * Each dissect routine is passed an offset to wct and works from there
555 dissect_flush_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
562 if (dirn == 1) { /* Request(s) dissect code */
564 /* Build display for: Word Count (WCT) */
566 WordCount = GBYTE(pd, offset);
570 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
574 offset += 1; /* Skip Word Count (WCT) */
576 /* Build display for: FID */
578 FID = GSHORT(pd, offset);
582 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
586 offset += 2; /* Skip FID */
588 /* Build display for: Byte Count */
590 ByteCount = GSHORT(pd, offset);
594 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
598 offset += 2; /* Skip Byte Count */
602 if (dirn == 0) { /* Response(s) dissect code */
604 /* Build display for: Word Count (WCT) */
606 WordCount = GBYTE(pd, offset);
610 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
614 offset += 1; /* Skip Word Count (WCT) */
616 /* Build display for: Byte Count (BCC) */
618 ByteCount = GSHORT(pd, offset);
622 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
626 offset += 2; /* Skip Byte Count (BCC) */
633 dissect_get_disk_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
641 guint16 BlocksPerUnit;
644 if (dirn == 1) { /* Request(s) dissect code */
646 /* Build display for: Word Count (WCT) */
648 WordCount = GBYTE(pd, offset);
652 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
656 offset += 1; /* Skip Word Count (WCT) */
658 /* Build display for: Byte Count (BCC) */
660 ByteCount = GSHORT(pd, offset);
664 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
668 offset += 2; /* Skip Byte Count (BCC) */
672 if (dirn == 0) { /* Response(s) dissect code */
674 /* Build display for: Word Count (WCT) */
676 WordCount = GBYTE(pd, offset);
680 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
684 offset += 1; /* Skip Word Count (WCT) */
688 /* Build display for: Total Units */
690 TotalUnits = GSHORT(pd, offset);
694 proto_tree_add_text(tree, offset, 2, "Total Units: %u", TotalUnits);
698 offset += 2; /* Skip Total Units */
700 /* Build display for: Blocks Per Unit */
702 BlocksPerUnit = GSHORT(pd, offset);
706 proto_tree_add_text(tree, offset, 2, "Blocks Per Unit: %u", BlocksPerUnit);
710 offset += 2; /* Skip Blocks Per Unit */
712 /* Build display for: Block Size */
714 BlockSize = GSHORT(pd, offset);
718 proto_tree_add_text(tree, offset, 2, "Block Size: %u", BlockSize);
722 offset += 2; /* Skip Block Size */
724 /* Build display for: Free Units */
726 FreeUnits = GSHORT(pd, offset);
730 proto_tree_add_text(tree, offset, 2, "Free Units: %u", FreeUnits);
734 offset += 2; /* Skip Free Units */
736 /* Build display for: Reserved */
738 Reserved = GSHORT(pd, offset);
742 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
746 offset += 2; /* Skip Reserved */
750 /* Build display for: Byte Count (BCC) */
752 ByteCount = GSHORT(pd, offset);
756 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
760 offset += 2; /* Skip Byte Count (BCC) */
767 dissect_set_file_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
770 proto_tree *Attributes_tree;
780 guint16 LastWriteTime;
781 guint16 LastWriteDate;
783 const char *FileName;
785 if (dirn == 1) { /* Request(s) dissect code */
787 /* Build display for: Word Count (WCT) */
789 WordCount = GBYTE(pd, offset);
793 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
797 offset += 1; /* Skip Word Count (WCT) */
801 /* Build display for: Attributes */
803 Attributes = GSHORT(pd, offset);
807 ti = proto_tree_add_text(tree, offset, 2, "Attributes: 0x%02x", Attributes);
808 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
809 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
810 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
811 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
812 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
813 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
814 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
815 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
816 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
817 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
818 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
819 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
820 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
824 offset += 2; /* Skip Attributes */
826 /* Build display for: Last Write Time */
828 LastWriteTime = GSHORT(pd, offset);
832 proto_tree_add_text(tree, offset, 2, "Last Write Time: %u", dissect_dos_time(LastWriteTime));
836 offset += 2; /* Skip Last Write Time */
838 /* Build display for: Last Write Date */
840 LastWriteDate = GSHORT(pd, offset);
844 proto_tree_add_text(tree, offset, 2, "Last Write Date: %u", dissect_dos_date(LastWriteDate));
848 offset += 2; /* Skip Last Write Date */
850 /* Build display for: Reserved 1 */
852 Reserved1 = GSHORT(pd, offset);
856 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
860 offset += 2; /* Skip Reserved 1 */
862 /* Build display for: Reserved 2 */
864 Reserved2 = GSHORT(pd, offset);
868 proto_tree_add_text(tree, offset, 2, "Reserved 2: %u", Reserved2);
872 offset += 2; /* Skip Reserved 2 */
874 /* Build display for: Reserved 3 */
876 Reserved3 = GSHORT(pd, offset);
880 proto_tree_add_text(tree, offset, 2, "Reserved 3: %u", Reserved3);
884 offset += 2; /* Skip Reserved 3 */
886 /* Build display for: Reserved 4 */
888 Reserved4 = GSHORT(pd, offset);
892 proto_tree_add_text(tree, offset, 2, "Reserved 4: %u", Reserved4);
896 offset += 2; /* Skip Reserved 4 */
898 /* Build display for: Reserved 5 */
900 Reserved5 = GSHORT(pd, offset);
904 proto_tree_add_text(tree, offset, 2, "Reserved 5: %u", Reserved5);
908 offset += 2; /* Skip Reserved 5 */
912 /* Build display for: Byte Count (BCC) */
914 ByteCount = GSHORT(pd, offset);
918 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
922 offset += 2; /* Skip Byte Count (BCC) */
924 /* Build display for: Buffer Format */
926 BufferFormat = GBYTE(pd, offset);
930 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
934 offset += 1; /* Skip Buffer Format */
936 /* Build display for: File Name */
938 FileName = pd + offset;
942 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
946 offset += strlen(FileName) + 1; /* Skip File Name */
950 if (dirn == 0) { /* Response(s) dissect code */
952 /* Build display for: Word Count (WCT) */
954 WordCount = GBYTE(pd, offset);
958 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
962 offset += 1; /* Skip Word Count (WCT) */
964 /* Build display for: Byte Count (BCC) */
966 ByteCount = GBYTE(pd, offset);
970 proto_tree_add_text(tree, offset, 1, "Byte Count (BCC): %u", ByteCount);
974 offset += 1; /* Skip Byte Count (BCC) */
981 dissect_write_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
993 if (dirn == 1) { /* Request(s) dissect code */
995 /* Build display for: Word Count (WCT) */
997 WordCount = GBYTE(pd, offset);
1001 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1005 offset += 1; /* Skip Word Count (WCT) */
1007 /* Build display for: FID */
1009 FID = GSHORT(pd, offset);
1013 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
1017 offset += 2; /* Skip FID */
1019 /* Build display for: Count */
1021 Count = GSHORT(pd, offset);
1025 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
1029 offset += 2; /* Skip Count */
1031 /* Build display for: Offset */
1033 Offset = GWORD(pd, offset);
1037 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
1041 offset += 4; /* Skip Offset */
1043 /* Build display for: Remaining */
1045 Remaining = GSHORT(pd, offset);
1049 proto_tree_add_text(tree, offset, 2, "Remaining: %u", Remaining);
1053 offset += 2; /* Skip Remaining */
1055 /* Build display for: Byte Count (BCC) */
1057 ByteCount = GSHORT(pd, offset);
1061 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1065 offset += 2; /* Skip Byte Count (BCC) */
1067 /* Build display for: Buffer Format */
1069 BufferFormat = GBYTE(pd, offset);
1073 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
1077 offset += 1; /* Skip Buffer Format */
1079 /* Build display for: Data Length */
1081 DataLength = GSHORT(pd, offset);
1085 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
1089 offset += 2; /* Skip Data Length */
1093 if (dirn == 0) { /* Response(s) dissect code */
1095 /* Build display for: Word Count (WCT) */
1097 WordCount = GBYTE(pd, offset);
1101 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1105 offset += 1; /* Skip Word Count (WCT) */
1107 /* Build display for: Count */
1109 Count = GSHORT(pd, offset);
1113 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
1117 offset += 2; /* Skip Count */
1119 /* Build display for: Byte Count (BCC) */
1121 ByteCount = GSHORT(pd, offset);
1125 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1129 offset += 2; /* Skip Byte Count (BCC) */
1136 dissect_read_mpx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *arent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1150 guint16 DataCompactionMode;
1154 if (dirn == 1) { /* Request(s) dissect code */
1156 /* Build display for: Word Count (WCT) */
1158 WordCount = GBYTE(pd, offset);
1162 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1166 offset += 1; /* Skip Word Count (WCT) */
1168 /* Build display for: FID */
1170 FID = GSHORT(pd, offset);
1174 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
1178 offset += 2; /* Skip FID */
1180 /* Build display for: Offset */
1182 Offset = GWORD(pd, offset);
1186 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
1190 offset += 4; /* Skip Offset */
1192 /* Build display for: Max Count */
1194 MaxCount = GSHORT(pd, offset);
1198 proto_tree_add_text(tree, offset, 2, "Max Count: %u", MaxCount);
1202 offset += 2; /* Skip Max Count */
1204 /* Build display for: Min Count */
1206 MinCount = GSHORT(pd, offset);
1210 proto_tree_add_text(tree, offset, 2, "Min Count: %u", MinCount);
1214 offset += 2; /* Skip Min Count */
1216 /* Build display for: Reserved 1 */
1218 Reserved1 = GWORD(pd, offset);
1222 proto_tree_add_text(tree, offset, 4, "Reserved 1: %u", Reserved1);
1226 offset += 4; /* Skip Reserved 1 */
1228 /* Build display for: Reserved 2 */
1230 Reserved2 = GSHORT(pd, offset);
1234 proto_tree_add_text(tree, offset, 2, "Reserved 2: %u", Reserved2);
1238 offset += 2; /* Skip Reserved 2 */
1240 /* Build display for: Byte Count (BCC) */
1242 ByteCount = GSHORT(pd, offset);
1246 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1250 offset += 2; /* Skip Byte Count (BCC) */
1254 if (dirn == 0) { /* Response(s) dissect code */
1256 /* Build display for: Word Count */
1258 WordCount = GBYTE(pd, offset);
1262 proto_tree_add_text(tree, offset, 1, "Word Count: %u", WordCount);
1266 offset += 1; /* Skip Word Count */
1268 if (WordCount > 0) {
1270 /* Build display for: Offset */
1272 Offset = GWORD(pd, offset);
1276 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
1280 offset += 4; /* Skip Offset */
1282 /* Build display for: Count */
1284 Count = GSHORT(pd, offset);
1288 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
1292 offset += 2; /* Skip Count */
1294 /* Build display for: Reserved */
1296 Reserved = GSHORT(pd, offset);
1300 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
1304 offset += 2; /* Skip Reserved */
1306 /* Build display for: Data Compaction Mode */
1308 DataCompactionMode = GSHORT(pd, offset);
1312 proto_tree_add_text(tree, offset, 2, "Data Compaction Mode: %u", DataCompactionMode);
1316 offset += 2; /* Skip Data Compaction Mode */
1318 /* Build display for: Reserved */
1320 Reserved = GSHORT(pd, offset);
1324 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
1328 offset += 2; /* Skip Reserved */
1330 /* Build display for: Data Length */
1332 DataLength = GSHORT(pd, offset);
1336 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
1340 offset += 2; /* Skip Data Length */
1342 /* Build display for: Data Offset */
1344 DataOffset = GSHORT(pd, offset);
1348 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
1352 offset += 2; /* Skip Data Offset */
1356 /* Build display for: Byte Count (BCC) */
1358 ByteCount = GSHORT(pd, offset);
1362 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1366 offset += 2; /* Skip Byte Count (BCC) */
1368 /* Build display for: Pad */
1370 Pad = GBYTE(pd, offset);
1374 proto_tree_add_text(tree, offset, 1, "Pad: %u", Pad);
1378 offset += 1; /* Skip Pad */
1385 dissect_delete_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *paernt, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1389 guint8 BufferFormat;
1391 const char *FileName;
1393 if (dirn == 1) { /* Request(s) dissect code */
1395 /* Build display for: Word Count (WCT) */
1397 WordCount = GBYTE(pd, offset);
1401 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1405 offset += 1; /* Skip Word Count (WCT) */
1407 /* Build display for: Byte Count (BCC) */
1409 ByteCount = GSHORT(pd, offset);
1413 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1417 offset += 2; /* Skip Byte Count (BCC) */
1419 /* Build display for: Buffer Format */
1421 BufferFormat = GBYTE(pd, offset);
1425 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
1429 offset += 1; /* Skip Buffer Format */
1431 /* Build display for: File Name */
1433 FileName = pd + offset;
1437 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
1441 offset += strlen(FileName) + 1; /* Skip File Name */
1445 if (dirn == 0) { /* Response(s) dissect code */
1447 /* Build display for: Word Count (WCT) */
1449 WordCount = GBYTE(pd, offset);
1453 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1457 offset += 1; /* Skip Word Count (WCT) */
1459 /* Build display for: Byte Count (BCC) */
1461 ByteCount = GSHORT(pd, offset);
1465 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1469 offset += 2; /* Skip Byte Count (BCC) */
1476 dissect_query_info2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1479 proto_tree *Attributes_tree;
1482 guint32 FileDataSize;
1483 guint32 FileAllocationSize;
1484 guint16 LastWriteTime;
1485 guint16 LastWriteDate;
1486 guint16 LastAccessTime;
1487 guint16 LastAccessDate;
1489 guint16 CreationTime;
1490 guint16 CreationDate;
1494 if (dirn == 1) { /* Request(s) dissect code */
1496 /* Build display for: Word Count (WCT) */
1498 WordCount = GBYTE(pd, offset);
1502 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1506 offset += 1; /* Skip Word Count (WCT) */
1508 /* Build display for: FID */
1510 FID = GSHORT(pd, offset);
1514 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
1518 offset += 2; /* Skip FID */
1520 /* Build display for: Byte Count */
1522 ByteCount = GSHORT(pd, offset);
1526 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
1530 offset += 2; /* Skip Byte Count */
1534 if (dirn == 0) { /* Response(s) dissect code */
1536 /* Build display for: Word Count (WCT) */
1538 WordCount = GBYTE(pd, offset);
1542 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1546 offset += 1; /* Skip Word Count (WCT) */
1548 if (WordCount > 0) {
1550 /* Build display for: Creation Date */
1552 CreationDate = GSHORT(pd, offset);
1556 proto_tree_add_text(tree, offset, 2, "Creation Date: %u", dissect_dos_date(CreationDate));
1560 offset += 2; /* Skip Creation Date */
1562 /* Build display for: Creation Time */
1564 CreationTime = GSHORT(pd, offset);
1568 proto_tree_add_text(tree, offset, 2, "Creation Time: %u", dissect_dos_time(CreationTime));
1572 offset += 2; /* Skip Creation Time */
1574 /* Build display for: Last Access Date */
1576 LastAccessDate = GSHORT(pd, offset);
1580 proto_tree_add_text(tree, offset, 2, "Last Access Date: %u", dissect_dos_date(LastAccessDate));
1584 offset += 2; /* Skip Last Access Date */
1586 /* Build display for: Last Access Time */
1588 LastAccessTime = GSHORT(pd, offset);
1592 proto_tree_add_text(tree, offset, 2, "Last Access Time: %u", dissect_dos_time(LastAccessTime));
1596 offset += 2; /* Skip Last Access Time */
1598 /* Build display for: Last Write Date */
1600 LastWriteDate = GSHORT(pd, offset);
1604 proto_tree_add_text(tree, offset, 2, "Last Write Date: %u", dissect_dos_date(LastWriteDate));
1608 offset += 2; /* Skip Last Write Date */
1610 /* Build display for: Last Write Time */
1612 LastWriteTime = GSHORT(pd, offset);
1616 proto_tree_add_text(tree, offset, 2, "Last Write Time: %u", dissect_dos_time(LastWriteTime));
1620 offset += 2; /* Skip Last Write Time */
1622 /* Build display for: File Data Size */
1624 FileDataSize = GWORD(pd, offset);
1628 proto_tree_add_text(tree, offset, 4, "File Data Size: %u", FileDataSize);
1632 offset += 4; /* Skip File Data Size */
1634 /* Build display for: File Allocation Size */
1636 FileAllocationSize = GWORD(pd, offset);
1640 proto_tree_add_text(tree, offset, 4, "File Allocation Size: %u", FileAllocationSize);
1644 offset += 4; /* Skip File Allocation Size */
1646 /* Build display for: Attributes */
1648 Attributes = GSHORT(pd, offset);
1652 ti = proto_tree_add_text(tree, offset, 2, "Attributes: 0x%02x", Attributes);
1653 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
1654 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1655 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
1656 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1657 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
1658 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1659 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
1660 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1661 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
1662 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1663 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
1664 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1665 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
1669 offset += 2; /* Skip Attributes */
1673 /* Build display for: Byte Count */
1675 ByteCount = GSHORT(pd, offset);
1679 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
1683 offset += 2; /* Skip Byte Count */
1690 dissect_treecon_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1694 guint8 BufferFormat3;
1695 guint8 BufferFormat2;
1696 guint8 BufferFormat1;
1698 guint16 MaxBufferSize;
1700 const char *SharePath;
1701 const char *Service;
1702 const char *Password;
1704 if (dirn == 1) { /* Request(s) dissect code */
1706 /* Build display for: Word Count (WCT) */
1708 WordCount = GBYTE(pd, offset);
1712 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1716 offset += 1; /* Skip Word Count (WCT) */
1718 /* Build display for: Byte Count (BCC) */
1720 ByteCount = GSHORT(pd, offset);
1724 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1728 offset += 2; /* Skip Byte Count (BCC) */
1730 /* Build display for: BufferFormat1 */
1732 BufferFormat1 = GBYTE(pd, offset);
1736 proto_tree_add_text(tree, offset, 1, "BufferFormat1: %u", BufferFormat1);
1740 offset += 1; /* Skip BufferFormat1 */
1742 /* Build display for: Share Path */
1744 SharePath = pd + offset;
1748 proto_tree_add_text(tree, offset, strlen(SharePath) + 1, "Share Path: %s", SharePath);
1752 offset += strlen(SharePath) + 1; /* Skip Share Path */
1754 /* Build display for: BufferFormat2 */
1756 BufferFormat2 = GBYTE(pd, offset);
1760 proto_tree_add_text(tree, offset, 1, "BufferFormat2: %u", BufferFormat2);
1764 offset += 1; /* Skip BufferFormat2 */
1766 /* Build display for: Password */
1768 Password = pd + offset;
1772 proto_tree_add_text(tree, offset, strlen(Password) + 1, "Password: %s", Password);
1776 offset += strlen(Password) + 1; /* Skip Password */
1778 /* Build display for: BufferFormat3 */
1780 BufferFormat3 = GBYTE(pd, offset);
1784 proto_tree_add_text(tree, offset, 1, "BufferFormat3: %u", BufferFormat3);
1788 offset += 1; /* Skip BufferFormat3 */
1790 /* Build display for: Service */
1792 Service = pd + offset;
1796 proto_tree_add_text(tree, offset, strlen(Service) + 1, "Service: %s", Service);
1800 offset += strlen(Service) + 1; /* Skip Service */
1804 if (dirn == 0) { /* Response(s) dissect code */
1806 /* Build display for: Word Count (WCT) */
1808 WordCount = GBYTE(pd, offset);
1812 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1816 if (errcode != 0) return;
1818 offset += 1; /* Skip Word Count (WCT) */
1820 /* Build display for: Max Buffer Size */
1822 MaxBufferSize = GSHORT(pd, offset);
1826 proto_tree_add_text(tree, offset, 2, "Max Buffer Size: %u", MaxBufferSize);
1830 offset += 2; /* Skip Max Buffer Size */
1832 /* Build display for: TID */
1834 TID = GSHORT(pd, offset);
1838 proto_tree_add_text(tree, offset, 2, "TID: %u", TID);
1842 offset += 2; /* Skip TID */
1844 /* Build display for: Byte Count (BCC) */
1846 ByteCount = GSHORT(pd, offset);
1850 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1854 offset += 2; /* Skip Byte Count (BCC) */
1860 /* Generated by build-dissect.pl Vesion 0.6 27-Jun-1999, ACT */
1862 dissect_ssetup_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1865 proto_tree *Capabilities_tree;
1868 guint8 AndXReserved;
1869 guint8 AndXCommand = 0xFF;
1872 guint32 Capabilities;
1874 guint16 UNICODEAccountPasswordLength;
1875 guint16 PasswordLen;
1876 guint16 MaxMpxCount;
1877 guint16 MaxBufferSize;
1879 guint16 AndXOffset = 0;
1881 guint16 ANSIAccountPasswordLength;
1882 const char *UNICODEPassword;
1883 const char *Password;
1884 const char *PrimaryDomain;
1885 const char *NativeOS;
1886 const char *NativeLanManType;
1887 const char *NativeLanMan;
1888 const char *AccountName;
1889 const char *ANSIPassword;
1891 if (dirn == 1) { /* Request(s) dissect code */
1893 WordCount = GBYTE(pd, offset);
1895 switch (WordCount) {
1899 /* Build display for: Word Count (WCT) */
1901 WordCount = GBYTE(pd, offset);
1905 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1909 offset += 1; /* Skip Word Count (WCT) */
1911 /* Build display for: AndXCommand */
1913 AndXCommand = GBYTE(pd, offset);
1917 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
1918 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
1922 offset += 1; /* Skip AndXCommand */
1924 /* Build display for: AndXReserved */
1926 AndXReserved = GBYTE(pd, offset);
1930 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
1934 offset += 1; /* Skip AndXReserved */
1936 /* Build display for: AndXOffset */
1938 AndXOffset = GSHORT(pd, offset);
1942 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
1946 offset += 2; /* Skip AndXOffset */
1948 /* Build display for: MaxBufferSize */
1950 MaxBufferSize = GSHORT(pd, offset);
1954 proto_tree_add_text(tree, offset, 2, "MaxBufferSize: %u", MaxBufferSize);
1958 offset += 2; /* Skip MaxBufferSize */
1960 /* Build display for: MaxMpxCount */
1962 MaxMpxCount = GSHORT(pd, offset);
1966 proto_tree_add_text(tree, offset, 2, "MaxMpxCount: %u", MaxMpxCount);
1970 offset += 2; /* Skip MaxMpxCount */
1972 /* Build display for: VcNumber */
1974 VcNumber = GSHORT(pd, offset);
1978 proto_tree_add_text(tree, offset, 2, "VcNumber: %u", VcNumber);
1982 offset += 2; /* Skip VcNumber */
1984 /* Build display for: SessionKey */
1986 SessionKey = GWORD(pd, offset);
1990 proto_tree_add_text(tree, offset, 4, "SessionKey: %u", SessionKey);
1994 offset += 4; /* Skip SessionKey */
1996 /* Build display for: PasswordLen */
1998 PasswordLen = GSHORT(pd, offset);
2002 proto_tree_add_text(tree, offset, 2, "PasswordLen: %u", PasswordLen);
2006 offset += 2; /* Skip PasswordLen */
2008 /* Build display for: Reserved */
2010 Reserved = GWORD(pd, offset);
2014 proto_tree_add_text(tree, offset, 4, "Reserved: %u", Reserved);
2018 offset += 4; /* Skip Reserved */
2020 /* Build display for: Byte Count (BCC) */
2022 ByteCount = GSHORT(pd, offset);
2026 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
2030 offset += 2; /* Skip Byte Count (BCC) */
2032 if (ByteCount > 0) {
2034 /* Build displat for: Password */
2036 Password = pd + offset;
2040 proto_tree_add_text(tree, offset, strlen(Password) + 1, "Password: %s", Password);
2044 offset += PasswordLen;
2046 /* Build display for: AccountName */
2048 AccountName = pd + offset;
2052 proto_tree_add_text(tree, offset, strlen(AccountName) + 1, "AccountName: %s", AccountName);
2056 offset += strlen(AccountName) + 1; /* Skip AccountName */
2058 /* Build display for: PrimaryDomain */
2060 PrimaryDomain = pd + offset;
2064 proto_tree_add_text(tree, offset, strlen(PrimaryDomain) + 1, "PrimaryDomain: %s", PrimaryDomain);
2068 offset += strlen(PrimaryDomain) + 1; /* Skip PrimaryDomain */
2070 /* Build display for: NativeOS */
2072 NativeOS = pd + offset;
2076 proto_tree_add_text(tree, offset, strlen(NativeOS) + 1, "Native OS: %s", NativeOS);
2080 offset += strlen(NativeOS) + 1; /* Skip NativeOS */
2082 /* Build display for: NativeLanMan */
2084 NativeLanMan = pd + offset;
2088 proto_tree_add_text(tree, offset, strlen(NativeLanMan) + 1, "Native Lan Manager: %s", NativeLanMan);
2092 offset += strlen(NativeLanMan) + 1; /* Skip NativeLanMan */
2100 /* Build display for: Word Count (WCT) */
2102 WordCount = GBYTE(pd, offset);
2106 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
2110 offset += 1; /* Skip Word Count (WCT) */
2112 /* Build display for: AndXCommand */
2114 AndXCommand = GBYTE(pd, offset);
2118 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
2119 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
2123 offset += 1; /* Skip AndXCommand */
2125 /* Build display for: AndXReserved */
2127 AndXReserved = GBYTE(pd, offset);
2131 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
2135 offset += 1; /* Skip AndXReserved */
2137 /* Build display for: AndXOffset */
2139 AndXOffset = GSHORT(pd, offset);
2143 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
2147 offset += 2; /* Skip AndXOffset */
2149 /* Build display for: MaxBufferSize */
2151 MaxBufferSize = GSHORT(pd, offset);
2155 proto_tree_add_text(tree, offset, 2, "MaxBufferSize: %u", MaxBufferSize);
2159 offset += 2; /* Skip MaxBufferSize */
2161 /* Build display for: MaxMpxCount */
2163 MaxMpxCount = GSHORT(pd, offset);
2167 proto_tree_add_text(tree, offset, 2, "MaxMpxCount: %u", MaxMpxCount);
2171 offset += 2; /* Skip MaxMpxCount */
2173 /* Build display for: VcNumber */
2175 VcNumber = GSHORT(pd, offset);
2179 proto_tree_add_text(tree, offset, 2, "VcNumber: %u", VcNumber);
2183 offset += 2; /* Skip VcNumber */
2185 /* Build display for: SessionKey */
2187 SessionKey = GWORD(pd, offset);
2191 proto_tree_add_text(tree, offset, 4, "SessionKey: %u", SessionKey);
2195 offset += 4; /* Skip SessionKey */
2197 /* Build display for: ANSI Account Password Length */
2199 ANSIAccountPasswordLength = GSHORT(pd, offset);
2203 proto_tree_add_text(tree, offset, 2, "ANSI Account Password Length: %u", ANSIAccountPasswordLength);
2207 offset += 2; /* Skip ANSI Account Password Length */
2209 /* Build display for: UNICODE Account Password Length */
2211 UNICODEAccountPasswordLength = GSHORT(pd, offset);
2215 proto_tree_add_text(tree, offset, 2, "UNICODE Account Password Length: %u", UNICODEAccountPasswordLength);
2219 offset += 2; /* Skip UNICODE Account Password Length */
2221 /* Build display for: Reserved */
2223 Reserved = GWORD(pd, offset);
2227 proto_tree_add_text(tree, offset, 4, "Reserved: %u", Reserved);
2231 offset += 4; /* Skip Reserved */
2233 /* Build display for: Capabilities */
2235 Capabilities = GWORD(pd, offset);
2239 ti = proto_tree_add_text(tree, offset, 4, "Capabilities: 0x%04x", Capabilities);
2240 Capabilities_tree = proto_item_add_subtree(ti, ett_smb_capabilities);
2241 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2242 decode_boolean_bitfield(Capabilities, 0x0001, 32, " Raw Mode supported", " Raw Mode not supported"));
2243 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2244 decode_boolean_bitfield(Capabilities, 0x0002, 32, " Raw Mode supported", " MPX Mode not supported"));
2245 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2246 decode_boolean_bitfield(Capabilities, 0x0004, 32," Unicode supported", " Unicode not supported"));
2247 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2248 decode_boolean_bitfield(Capabilities, 0x0008, 32, " Large Files supported", " Large Files not supported"));
2249 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2250 decode_boolean_bitfield(Capabilities, 0x0010, 32, " NT LM 0.12 SMBs supported", " NT LM 0.12 SMBs not supported"));
2251 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2252 decode_boolean_bitfield(Capabilities, 0x0020, 32, " RPC Remote APIs supported", " RPC Remote APIs not supported"));
2253 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2254 decode_boolean_bitfield(Capabilities, 0x0040, 32, " NT Status Codes supported", " NT Status Codes not supported"));
2255 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2256 decode_boolean_bitfield(Capabilities, 0x0080, 32, " Level 2 OpLocks supported", " Level 2 OpLocks not supported"));
2257 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2258 decode_boolean_bitfield(Capabilities, 0x0100, 32, " Lock&Read supported", " Lock&Read not supported"));
2259 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2260 decode_boolean_bitfield(Capabilities, 0x0200, 32, " NT Find supported", " NT Find not supported"));
2261 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2262 decode_boolean_bitfield(Capabilities, 0x1000, 32, " DFS supported", " DFS not supported"));
2263 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2264 decode_boolean_bitfield(Capabilities, 0x4000, 32, " Large READX supported", " Large READX not supported"));
2265 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2266 decode_boolean_bitfield(Capabilities, 0x8000, 32, " Large WRITEX supported", " Large WRITEX not supported"));
2267 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2268 decode_boolean_bitfield(Capabilities, 0x80000000, 32, " Extended Security Exchanges supported", " Extended Security Exchanges not supported"));
2272 offset += 4; /* Skip Capabilities */
2274 /* Build display for: Byte Count */
2276 ByteCount = GSHORT(pd, offset);
2280 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
2284 offset += 2; /* Skip Byte Count */
2286 if (ByteCount > 0) {
2288 /* Build display for: ANSI Password */
2290 ANSIPassword = pd + offset;
2294 proto_tree_add_text(tree, offset, strlen(ANSIPassword) + 1, "ANSI Password: %s", ANSIPassword);
2298 offset += ANSIAccountPasswordLength; /* Skip ANSI Password */
2299 if (ANSIAccountPasswordLength == 0) offset++; /* Add 1 */
2301 /* Build display for: UNICODE Password */
2303 UNICODEPassword = pd + offset;
2305 if (UNICODEAccountPasswordLength > 0) {
2309 proto_tree_add_text(tree, offset, strlen(UNICODEPassword) + 1, "UNICODE Password: %s", UNICODEPassword);
2313 offset += strlen(UNICODEPassword) + 1; /* Skip UNICODE Password */
2317 /* Build display for: Account Name */
2319 AccountName = pd + offset;
2323 proto_tree_add_text(tree, offset, strlen(AccountName) + 1, "Account Name: %s", AccountName);
2327 offset += strlen(AccountName) + 1; /* Skip Account Name */
2329 /* Build display for: Primary Domain */
2331 PrimaryDomain = pd + offset;
2335 proto_tree_add_text(tree, offset, strlen(PrimaryDomain) + 1, "Primary Domain: %s", PrimaryDomain);
2339 offset += strlen(PrimaryDomain) + 1; /* Skip Primary Domain */
2341 /* Build display for: Native OS */
2343 NativeOS = pd + offset;
2347 proto_tree_add_text(tree, offset, strlen(NativeOS) + 1, "Native OS: %s", NativeOS);
2351 offset += strlen(NativeOS) + 1; /* Skip Native OS */
2353 /* Build display for: Native LanMan Type */
2355 NativeLanManType = pd + offset;
2359 proto_tree_add_text(tree, offset, strlen(NativeLanManType) + 1, "Native LanMan Type: %s", NativeLanManType);
2363 offset += strlen(NativeLanManType) + 1; /* Skip Native LanMan Type */
2372 if (AndXCommand != 0xFF) {
2374 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
2380 if (dirn == 0) { /* Response(s) dissect code */
2382 /* Build display for: Word Count (WCT) */
2384 WordCount = GBYTE(pd, offset);
2388 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
2392 offset += 1; /* Skip Word Count (WCT) */
2394 if (WordCount > 0) {
2396 /* Build display for: AndXCommand */
2398 AndXCommand = GBYTE(pd, offset);
2402 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
2403 (AndXCommand == 0xFF ? "No futher commands" : decode_smb_name(AndXCommand)));
2407 offset += 1; /* Skip AndXCommand */
2409 /* Build display for: AndXReserved */
2411 AndXReserved = GBYTE(pd, offset);
2415 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
2419 offset += 1; /* Skip AndXReserved */
2421 /* Build display for: AndXOffset */
2423 AndXOffset = GSHORT(pd, offset);
2427 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
2432 offset += 2; /* Skip AndXOffset */
2434 /* Build display for: Action */
2436 Action = GSHORT(pd, offset);
2440 proto_tree_add_text(tree, offset, 2, "Action: %u", Action);
2444 offset += 2; /* Skip Action */
2448 /* Build display for: Byte Count (BCC) */
2450 ByteCount = GSHORT(pd, offset);
2454 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
2458 if (errcode != 0 && WordCount == 0xFF) return; /* No more here ... */
2460 offset += 2; /* Skip Byte Count (BCC) */
2462 if (ByteCount > 0) {
2464 /* Build display for: NativeOS */
2466 NativeOS = pd + offset;
2470 proto_tree_add_text(tree, offset, strlen(NativeOS) + 1, "NativeOS: %s", NativeOS);
2474 offset += strlen(NativeOS) + 1; /* Skip NativeOS */
2476 /* Build display for: NativeLanMan */
2478 NativeLanMan = pd + offset;
2482 proto_tree_add_text(tree, offset, strlen(NativeLanMan) + 1, "NativeLanMan: %s", NativeLanMan);
2486 offset += strlen(NativeLanMan) + 1; /* Skip NativeLanMan */
2488 /* Build display for: PrimaryDomain */
2490 PrimaryDomain = pd + offset;
2494 proto_tree_add_text(tree, offset, strlen(PrimaryDomain) + 1, "PrimaryDomain: %s", PrimaryDomain);
2498 offset += strlen(PrimaryDomain) + 1; /* Skip PrimaryDomain */
2502 if (AndXCommand != 0xFF) {
2504 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
2513 dissect_tcon_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
2516 guint8 wct, andxcmd = 0xFF;
2517 guint16 andxoffs = 0, flags, passwdlen, bcc, optionsup;
2519 proto_tree *flags_tree;
2524 /* Now figure out what format we are talking about, 2, 3, or 4 response
2528 if (!((dirn == 1) && (wct == 4)) && !((dirn == 0) && (wct == 2)) &&
2529 !((dirn == 0) && (wct == 3)) && !(wct == 0)) {
2533 proto_tree_add_text(tree, offset, 1, "Invalid TCON_ANDX format. WCT should be 0, 2, 3, or 4 ..., not %u", wct);
2535 proto_tree_add_text(tree, offset, END_OF_FRAME, "Data");
2545 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", wct);
2553 andxcmd = pd[offset];
2557 proto_tree_add_text(tree, offset, 1, "Next Command: %s",
2558 (andxcmd == 0xFF) ? "No further commands":
2559 decode_smb_name(andxcmd));
2561 proto_tree_add_text(tree, offset + 1, 1, "Reserved (MBZ): %u", pd[offset+1]);
2567 andxoffs = GSHORT(pd, offset);
2571 proto_tree_add_text(tree, offset, 2, "Offset to next command: %u", andxoffs);
2583 bcc = GSHORT(pd, offset);
2587 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2595 flags = GSHORT(pd, offset);
2599 ti = proto_tree_add_text(tree, offset, 2, "Additional Flags: 0x%02x", flags);
2600 flags_tree = proto_item_add_subtree(ti, ett_smb_aflags);
2601 proto_tree_add_text(flags_tree, offset, 2, "%s",
2602 decode_boolean_bitfield(flags, 0x01, 16,
2604 "Don't disconnect TID"));
2610 passwdlen = GSHORT(pd, offset);
2614 proto_tree_add_text(tree, offset, 2, "Password Length: %u", passwdlen);
2620 bcc = GSHORT(pd, offset);
2624 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2634 proto_tree_add_text(tree, offset, strlen(str) + 1, "Password: %s", format_text(str, passwdlen));
2638 offset += passwdlen;
2644 proto_tree_add_text(tree, offset, strlen(str) + 1, "Path: %s", str);
2648 offset += strlen(str) + 1;
2654 proto_tree_add_text(tree, offset, strlen(str) + 1, "Service: %s", str);
2662 bcc = GSHORT(pd, offset);
2666 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2676 proto_tree_add_text(tree, offset, strlen(str) + 1, "Service Type: %s",
2681 offset += strlen(str) + 1;
2687 optionsup = GSHORT(pd, offset);
2689 if (tree) { /* Should break out the bits */
2691 proto_tree_add_text(tree, offset, 2, "Optional Support: 0x%04x",
2698 bcc = GSHORT(pd, offset);
2702 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2712 proto_tree_add_text(tree, offset, strlen(str) + 1, "Service: %s", str);
2716 offset += strlen(str) + 1;
2722 proto_tree_add_text(tree, offset, strlen(str) + 1, "Native File System: %s", str);
2726 offset += strlen(str) + 1;
2736 if (andxcmd != 0xFF) /* Process that next command ... ??? */
2738 (dissect[andxcmd])(pd, SMB_offset + andxoffs, fd, parent, tree, si, max_data - offset, SMB_offset, errcode, dirn);
2743 dissect_negprot_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
2745 guint8 wct, enckeylen;
2746 guint16 bcc, mode, rawmode, dialect;
2748 proto_tree *dialects = NULL, *mode_tree, *caps_tree, *rawmode_tree;
2754 wct = pd[offset]; /* Should be 0, 1 or 13 or 17, I think */
2756 if (!((wct == 0) && (dirn == 1)) && !((wct == 1) && (dirn == 0)) &&
2757 !((wct == 13) && (dirn == 0)) && !((wct == 17) && (dirn == 0))) {
2760 proto_tree_add_text(tree, offset, 1, "Invalid Negotiate Protocol format. WCT should be zero or 1 or 13 or 17 ..., not %u", wct);
2762 proto_tree_add_text(tree, offset, END_OF_FRAME, "Data");
2770 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %d", wct);
2774 if (dirn == 0 && errcode != 0) return; /* No more info ... */
2778 /* Now decode the various formats ... */
2782 case 0: /* A request */
2784 bcc = GSHORT(pd, offset);
2788 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2796 ti = proto_tree_add_text(tree, offset, END_OF_FRAME, "Dialects");
2797 dialects = proto_item_add_subtree(ti, ett_smb_dialects);
2801 while (IS_DATA_IN_FRAME(offset)) {
2806 proto_tree_add_text(dialects, offset, 1, "Dialect Marker: %d", pd[offset]);
2816 proto_tree_add_text(dialects, offset, strlen(str)+1, "Dialect: %s", str);
2820 offset += strlen(str) + 1;
2825 case 1: /* PC NETWORK PROGRAM 1.0 */
2827 dialect = GSHORT(pd, offset);
2829 if (tree) { /* Hmmmm, what if none of the dialects is recognized */
2831 if (dialect == 0xFFFF) { /* Server didn't like them dialects */
2833 proto_tree_add_text(tree, offset, 2, "Supplied dialects not recognized");
2838 proto_tree_add_text(tree, offset, 2, "Dialect Index: %u, PC NETWORK PROTGRAM 1.0", dialect);
2846 bcc = GSHORT(pd, offset);
2850 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2856 case 13: /* Greater than Core and up to and incl LANMAN2.1 */
2860 proto_tree_add_text(tree, offset, 2, "Dialect Index: %u, Greater than CORE PROTOCOL and up to LANMAN2.1", GSHORT(pd, offset));
2864 /* Much of this is similar to response 17 below */
2868 mode = GSHORT(pd, offset);
2872 ti = proto_tree_add_text(tree, offset, 2, "Security Mode: 0x%04x", mode);
2873 mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
2874 proto_tree_add_text(mode_tree, offset, 2, "%s",
2875 decode_boolean_bitfield(mode, 0x0001, 16,
2877 "Security = Share"));
2878 proto_tree_add_text(mode_tree, offset, 2, "%s",
2879 decode_boolean_bitfield(mode, 0x0002, 16,
2880 "Passwords = Encrypted",
2881 "Passwords = Plaintext"));
2889 proto_tree_add_text(tree, offset, 2, "Max buffer size: %u", GSHORT(pd, offset));
2897 proto_tree_add_text(tree, offset, 2, "Max multiplex count: %u", GSHORT(pd, offset));
2905 proto_tree_add_text(tree, offset, 2, "Max vcs: %u", GSHORT(pd, offset));
2911 rawmode = GSHORT(pd, offset);
2915 ti = proto_tree_add_text(tree, offset, 2, "Raw Mode: 0x%04x", rawmode);
2916 rawmode_tree = proto_item_add_subtree(ti, ett_smb_rawmode);
2917 proto_tree_add_text(rawmode_tree, offset, 2, "%s",
2918 decode_boolean_bitfield(rawmode, 0x01, 16,
2919 "Read Raw supported",
2920 "Read Raw not supported"));
2921 proto_tree_add_text(rawmode_tree, offset, 2, "%s",
2922 decode_boolean_bitfield(rawmode, 0x02, 16,
2923 "Write Raw supported",
2924 "Write Raw not supported"));
2932 proto_tree_add_text(tree, offset, 4, "Session key: %08x", GWORD(pd, offset));
2938 /* Now the server time, two short parameters ... */
2942 proto_tree_add_text(tree, offset, 2, "Server Time: %s",
2943 dissect_dos_time(GSHORT(pd, offset)));
2944 proto_tree_add_text(tree, offset + 2, 2, "Server Date: %s",
2945 dissect_dos_date(GSHORT(pd, offset + 2)));
2951 /* Server Time Zone, SHORT */
2955 proto_tree_add_text(tree, offset, 2, "Server time zone: %i min from UTC",
2956 (signed)GSSHORT(pd, offset));
2962 /* Challenge Length */
2964 enckeylen = GSHORT(pd, offset);
2968 proto_tree_add_text(tree, offset, 2, "Challenge Length: %u", enckeylen);
2976 proto_tree_add_text(tree, offset, 2, "Reserved: %u (MBZ)", GSHORT(pd, offset));
2982 bcc = GSHORT(pd, offset);
2986 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2992 if (enckeylen) { /* only if non-zero key len */
2998 proto_tree_add_text(tree, offset, enckeylen, "Challenge: %s",
2999 bytes_to_str(str, enckeylen));
3002 offset += enckeylen;
3006 /* Primary Domain ... */
3012 proto_tree_add_text(tree, offset, strlen(str)+1, "Primary Domain: %s", str);
3018 case 17: /* Greater than LANMAN2.1 */
3022 proto_tree_add_text(tree, offset, 2, "Dialect Index: %u, Greater than LANMAN2.1", GSHORT(pd, offset));
3028 mode = GBYTE(pd, offset);
3032 ti = proto_tree_add_text(tree, offset, 1, "Security Mode: 0x%02x", mode);
3033 mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
3034 proto_tree_add_text(mode_tree, offset, 1, "%s",
3035 decode_boolean_bitfield(mode, 0x01, 8,
3037 "Security = Share"));
3038 proto_tree_add_text(mode_tree, offset, 1, "%s",
3039 decode_boolean_bitfield(mode, 0x02, 8,
3040 "Passwords = Encrypted",
3041 "Passwords = Plaintext"));
3042 proto_tree_add_text(mode_tree, offset, 1, "%s",
3043 decode_boolean_bitfield(mode, 0x04, 8,
3044 "Security signatures enabled",
3045 "Security signatures not enabled"));
3046 proto_tree_add_text(mode_tree, offset, 1, "%s",
3047 decode_boolean_bitfield(mode, 0x08, 8,
3048 "Security signatures required",
3049 "Security signatures not required"));
3057 proto_tree_add_text(tree, offset, 2, "Max multiplex count: %u", GSHORT(pd, offset));
3065 proto_tree_add_text(tree, offset, 2, "Max vcs: %u", GSHORT(pd, offset));
3073 proto_tree_add_text(tree, offset, 2, "Max buffer size: %u", GWORD(pd, offset));
3081 proto_tree_add_text(tree, offset, 4, "Max raw size: %u", GWORD(pd, offset));
3089 proto_tree_add_text(tree, offset, 4, "Session key: %08x", GWORD(pd, offset));
3095 caps = GWORD(pd, offset);
3099 ti = proto_tree_add_text(tree, offset, 4, "Capabilities: 0x%04x", caps);
3100 caps_tree = proto_item_add_subtree(ti, ett_smb_capabilities);
3101 proto_tree_add_text(caps_tree, offset, 4, "%s",
3102 decode_boolean_bitfield(caps, 0x0001, 32,
3103 "Raw Mode supported",
3104 "Raw Mode not supported"));
3105 proto_tree_add_text(caps_tree, offset, 4, "%s",
3106 decode_boolean_bitfield(caps, 0x0002, 32,
3107 "MPX Mode supported",
3108 "MPX Mode not supported"));
3109 proto_tree_add_text(caps_tree, offset, 4, "%s",
3110 decode_boolean_bitfield(caps, 0x0004, 32,
3111 "Unicode supported",
3112 "Unicode not supported"));
3113 proto_tree_add_text(caps_tree, offset, 4, "%s",
3114 decode_boolean_bitfield(caps, 0x0008, 32,
3115 "Large files supported",
3116 "Large files not supported"));
3117 proto_tree_add_text(caps_tree, offset, 4, "%s",
3118 decode_boolean_bitfield(caps, 0x0010, 32,
3119 "NT LM 0.12 SMBs supported",
3120 "NT LM 0.12 SMBs not supported"));
3121 proto_tree_add_text(caps_tree, offset, 4, "%s",
3122 decode_boolean_bitfield(caps, 0x0020, 32,
3123 "RPC remote APIs supported",
3124 "RPC remote APIs not supported"));
3125 proto_tree_add_text(caps_tree, offset, 4, "%s",
3126 decode_boolean_bitfield(caps, 0x0040, 32,
3127 "NT status codes supported",
3128 "NT status codes not supported"));
3129 proto_tree_add_text(caps_tree, offset, 4, "%s",
3130 decode_boolean_bitfield(caps, 0x0080, 32,
3131 "Level 2 OpLocks supported",
3132 "Level 2 OpLocks not supported"));
3133 proto_tree_add_text(caps_tree, offset, 4, "%s",
3134 decode_boolean_bitfield(caps, 0x0100, 32,
3135 "Lock&Read supported",
3136 "Lock&Read not supported"));
3137 proto_tree_add_text(caps_tree, offset, 4, "%s",
3138 decode_boolean_bitfield(caps, 0x0200, 32,
3139 "NT Find supported",
3140 "NT Find not supported"));
3141 proto_tree_add_text(caps_tree, offset, 4, "%s",
3142 decode_boolean_bitfield(caps, 0x1000, 32,
3144 "DFS not supported"));
3145 proto_tree_add_text(caps_tree, offset, 4, "%s",
3146 decode_boolean_bitfield(caps, 0x4000, 32,
3147 "Large READX supported",
3148 "Large READX not supported"));
3149 proto_tree_add_text(caps_tree, offset, 4, "%s",
3150 decode_boolean_bitfield(caps, 0x8000, 32,
3151 "Large WRITEX supported",
3152 "Large WRITEX not supported"));
3153 proto_tree_add_text(caps_tree, offset, 4, "%s",
3154 decode_boolean_bitfield(caps, 0x80000000, 32,
3155 "Extended security exchanges supported",
3156 "Extended security exchanges not supported"));
3161 /* Server time, 2 WORDS */
3165 proto_tree_add_text(tree, offset, 4, "System Time Low: 0x%08x", GWORD(pd, offset));
3166 proto_tree_add_text(tree, offset + 4, 4, "System Time High: 0x%08x", GWORD(pd, offset + 4));
3172 /* Server Time Zone, SHORT */
3176 proto_tree_add_text(tree, offset, 2, "Server time zone: %i min from UTC",
3177 (signed)GSSHORT(pd, offset));
3183 /* Encryption key len */
3185 enckeylen = pd[offset];
3189 proto_tree_add_text(tree, offset, 1, "Encryption key len: %u", enckeylen);
3195 bcc = GSHORT(pd, offset);
3199 proto_tree_add_text(tree, offset, 2, "Byte count (BCC): %u", bcc);
3205 if (enckeylen) { /* only if non-zero key len */
3207 /* Encryption challenge key */
3213 proto_tree_add_text(tree, offset, enckeylen, "Challenge encryption key: %s",
3214 bytes_to_str(str, enckeylen));
3218 offset += enckeylen;
3222 /* The domain, a null terminated string; Unicode if "caps" has
3223 the 0x0004 bit set, ASCII (OEM character set) otherwise.
3224 XXX - for now, we just handle the ISO 8859-1 subset of Unicode. */
3230 if (caps & 0x0004) {
3231 ustr = unicode_to_str(str, &ustr_len);
3232 proto_tree_add_text(tree, offset, ustr_len+2, "OEM domain name: %s", ustr);
3234 proto_tree_add_text(tree, offset, strlen(str)+1, "OEM domain name: %s", str);
3241 default: /* Baddd */
3244 proto_tree_add_text(tree, offset, 1, "Bad format, should never get here");
3252 dissect_deletedir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3256 guint8 BufferFormat;
3258 const char *DirectoryName;
3260 if (dirn == 1) { /* Request(s) dissect code */
3262 /* Build display for: Word Count (WCT) */
3264 WordCount = GBYTE(pd, offset);
3268 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3272 offset += 1; /* Skip Word Count (WCT) */
3274 /* Build display for: Byte Count (BCC) */
3276 ByteCount = GSHORT(pd, offset);
3280 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3284 offset += 2; /* Skip Byte Count (BCC) */
3286 /* Build display for: Buffer Format */
3288 BufferFormat = GBYTE(pd, offset);
3292 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
3296 offset += 1; /* Skip Buffer Format */
3298 /* Build display for: Directory Name */
3300 DirectoryName = pd + offset;
3304 proto_tree_add_text(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3308 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3312 if (dirn == 0) { /* Response(s) dissect code */
3314 /* Build display for: Word Count (WCT) */
3316 WordCount = GBYTE(pd, offset);
3320 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3324 offset += 1; /* Skip Word Count (WCT) */
3326 /* Build display for: Byte Count (BCC) */
3328 ByteCount = GSHORT(pd, offset);
3332 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3336 offset += 2; /* Skip Byte Count (BCC) */
3343 dissect_createdir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3347 guint8 BufferFormat;
3349 const char *DirectoryName;
3351 if (dirn == 1) { /* Request(s) dissect code */
3353 /* Build display for: Word Count (WCT) */
3355 WordCount = GBYTE(pd, offset);
3359 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3363 offset += 1; /* Skip Word Count (WCT) */
3365 /* Build display for: Byte Count (BCC) */
3367 ByteCount = GSHORT(pd, offset);
3371 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3375 offset += 2; /* Skip Byte Count (BCC) */
3377 /* Build display for: Buffer Format */
3379 BufferFormat = GBYTE(pd, offset);
3383 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
3387 offset += 1; /* Skip Buffer Format */
3389 /* Build display for: Directory Name */
3391 DirectoryName = pd + offset;
3395 proto_tree_add_text(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3399 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3403 if (dirn == 0) { /* Response(s) dissect code */
3405 /* Build display for: Word Count (WCT) */
3407 WordCount = GBYTE(pd, offset);
3411 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3415 offset += 1; /* Skip Word Count (WCT) */
3417 /* Build display for: Byte Count (BCC) */
3419 ByteCount = GSHORT(pd, offset);
3423 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3427 offset += 2; /* Skip Byte Count (BCC) */
3434 dissect_checkdir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3438 guint8 BufferFormat;
3440 const char *DirectoryName;
3442 if (dirn == 1) { /* Request(s) dissect code */
3444 /* Build display for: Word Count (WCT) */
3446 WordCount = GBYTE(pd, offset);
3450 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3454 offset += 1; /* Skip Word Count (WCT) */
3456 /* Build display for: Byte Count (BCC) */
3458 ByteCount = GSHORT(pd, offset);
3462 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3466 offset += 2; /* Skip Byte Count (BCC) */
3468 /* Build display for: Buffer Format */
3470 BufferFormat = GBYTE(pd, offset);
3474 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
3478 offset += 1; /* Skip Buffer Format */
3480 /* Build display for: Directory Name */
3482 DirectoryName = pd + offset;
3486 proto_tree_add_text(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3490 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3494 if (dirn == 0) { /* Response(s) dissect code */
3496 /* Build display for: Word Count (WCT) */
3498 WordCount = GBYTE(pd, offset);
3502 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3506 offset += 1; /* Skip Word Count (WCT) */
3508 /* Build display for: Byte Count (BCC) */
3510 ByteCount = GSHORT(pd, offset);
3514 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3518 offset += 2; /* Skip Byte Count (BCC) */
3525 dissect_open_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3528 static const value_string OpenFunction_0x10[] = {
3529 { 0, "Fail if file does not exist"},
3530 { 16, "Create file if it does not exist"},
3533 static const value_string OpenFunction_0x03[] = {
3534 { 0, "Fail if file exists"},
3535 { 1, "Open file if it exists"},
3536 { 2, "Truncate File if it exists"},
3539 static const value_string FileType_0xFFFF[] = {
3540 { 0, "Disk file or directory"},
3541 { 1, "Named pipe in byte mode"},
3542 { 2, "Named pipe in message mode"},
3543 { 3, "Spooled printer"},
3546 static const value_string DesiredAccess_0x70[] = {
3547 { 00, "Compatibility mode"},
3548 { 16, "Deny read/write/execute (exclusive)"},
3549 { 32, "Deny write"},
3550 { 48, "Deny read/execute"},
3554 static const value_string DesiredAccess_0x700[] = {
3555 { 0, "Locality of reference unknown"},
3556 { 256, "Mainly sequential access"},
3557 { 512, "Mainly random access"},
3558 { 768, "Random access with some locality"},
3561 static const value_string DesiredAccess_0x4000[] = {
3562 { 0, "Write through mode disabled"},
3563 { 16384, "Write through mode enabled"},
3566 static const value_string DesiredAccess_0x1000[] = {
3567 { 0, "Normal file (caching permitted)"},
3568 { 4096, "Do not cache this file"},
3571 static const value_string DesiredAccess_0x07[] = {
3572 { 0, "Open for reading"},
3573 { 1, "Open for writing"},
3574 { 2, "Open for reading and writing"},
3575 { 3, "Open for execute"},
3578 static const value_string Action_0x8000[] = {
3579 { 0, "File opened by another user (or mode not supported by server)"},
3580 { 32768, "File is opened only by this user at present"},
3583 static const value_string Action_0x0003[] = {
3584 { 0, "No action taken?"},
3585 { 1, "The file existed and was opened"},
3586 { 2, "The file did not exist but was created"},
3587 { 3, "The file existed and was truncated"},
3590 proto_tree *Search_tree;
3591 proto_tree *OpenFunction_tree;
3592 proto_tree *Flags_tree;
3593 proto_tree *File_tree;
3594 proto_tree *FileType_tree;
3595 proto_tree *FileAttributes_tree;
3596 proto_tree *DesiredAccess_tree;
3597 proto_tree *Action_tree;
3600 guint8 AndXReserved;
3601 guint8 AndXCommand = 0xFF;
3606 guint32 AllocatedSize;
3609 guint16 OpenFunction;
3610 guint16 LastWriteTime;
3611 guint16 LastWriteDate;
3612 guint16 GrantedAccess;
3615 guint16 FileAttributes;
3618 guint16 DeviceState;
3619 guint16 DesiredAccess;
3620 guint16 CreationTime;
3621 guint16 CreationDate;
3623 guint16 AndXOffset = 0;
3625 const char *FileName;
3627 if (dirn == 1) { /* Request(s) dissect code */
3629 /* Build display for: Word Count (WCT) */
3631 WordCount = GBYTE(pd, offset);
3635 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3639 offset += 1; /* Skip Word Count (WCT) */
3641 /* Build display for: AndXCommand */
3643 AndXCommand = GBYTE(pd, offset);
3647 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
3648 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
3652 offset += 1; /* Skip AndXCommand */
3654 /* Build display for: AndXReserved */
3656 AndXReserved = GBYTE(pd, offset);
3660 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
3664 offset += 1; /* Skip AndXReserved */
3666 /* Build display for: AndXOffset */
3668 AndXOffset = GSHORT(pd, offset);
3672 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
3676 offset += 2; /* Skip AndXOffset */
3678 /* Build display for: Flags */
3680 Flags = GSHORT(pd, offset);
3684 ti = proto_tree_add_text(tree, offset, 2, "Flags: 0x%02x", Flags);
3685 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
3686 proto_tree_add_text(Flags_tree, offset, 2, "%s",
3687 decode_boolean_bitfield(Flags, 0x01, 16, "Dont Return Additional Info", "Return Additional Info"));
3688 proto_tree_add_text(Flags_tree, offset, 2, "%s",
3689 decode_boolean_bitfield(Flags, 0x02, 16, "Exclusive OpLock not Requested", "Exclusive OpLock Requested"));
3690 proto_tree_add_text(Flags_tree, offset, 2, "%s",
3691 decode_boolean_bitfield(Flags, 0x04, 16, "Batch OpLock not Requested", "Batch OpLock Requested"));
3695 offset += 2; /* Skip Flags */
3697 /* Build display for: Desired Access */
3699 DesiredAccess = GSHORT(pd, offset);
3703 ti = proto_tree_add_text(tree, offset, 2, "Desired Access: 0x%02x", DesiredAccess);
3704 DesiredAccess_tree = proto_item_add_subtree(ti, ett_smb_desiredaccess);
3705 proto_tree_add_text(DesiredAccess_tree, offset, 2, "%s",
3706 decode_enumerated_bitfield(DesiredAccess, 0x07, 16, DesiredAccess_0x07, "%s"));
3707 proto_tree_add_text(DesiredAccess_tree, offset, 2, "%s",
3708 decode_enumerated_bitfield(DesiredAccess, 0x70, 16, DesiredAccess_0x70, "%s"));
3709 proto_tree_add_text(DesiredAccess_tree, offset, 2, "%s",
3710 decode_enumerated_bitfield(DesiredAccess, 0x700, 16, DesiredAccess_0x700, "%s"));
3711 proto_tree_add_text(DesiredAccess_tree, offset, 2, "%s",
3712 decode_enumerated_bitfield(DesiredAccess, 0x1000, 16, DesiredAccess_0x1000, "%s"));
3713 proto_tree_add_text(DesiredAccess_tree, offset, 2, "%s",
3714 decode_enumerated_bitfield(DesiredAccess, 0x4000, 16, DesiredAccess_0x4000, "%s"));
3718 offset += 2; /* Skip Desired Access */
3720 /* Build display for: Search */
3722 Search = GSHORT(pd, offset);
3726 ti = proto_tree_add_text(tree, offset, 2, "Search: 0x%02x", Search);
3727 Search_tree = proto_item_add_subtree(ti, ett_smb_search);
3728 proto_tree_add_text(Search_tree, offset, 2, "%s",
3729 decode_boolean_bitfield(Search, 0x01, 16, "Read only file", "Not a read only file"));
3730 proto_tree_add_text(Search_tree, offset, 2, "%s",
3731 decode_boolean_bitfield(Search, 0x02, 16, "Hidden file", "Not a hidden file"));
3732 proto_tree_add_text(Search_tree, offset, 2, "%s",
3733 decode_boolean_bitfield(Search, 0x04, 16, "System file", "Not a system file"));
3734 proto_tree_add_text(Search_tree, offset, 2, "%s",
3735 decode_boolean_bitfield(Search, 0x08, 16, " Volume", "Not a volume"));
3736 proto_tree_add_text(Search_tree, offset, 2, "%s",
3737 decode_boolean_bitfield(Search, 0x10, 16, " Directory", "Not a directory"));
3738 proto_tree_add_text(Search_tree, offset, 2, "%s",
3739 decode_boolean_bitfield(Search, 0x20, 16, "Archive file", "Do not archive file"));
3743 offset += 2; /* Skip Search */
3745 /* Build display for: File */
3747 File = GSHORT(pd, offset);
3751 ti = proto_tree_add_text(tree, offset, 2, "File: 0x%02x", File);
3752 File_tree = proto_item_add_subtree(ti, ett_smb_file);
3753 proto_tree_add_text(File_tree, offset, 2, "%s",
3754 decode_boolean_bitfield(File, 0x01, 16, "Read only file", "Not a read only file"));
3755 proto_tree_add_text(File_tree, offset, 2, "%s",
3756 decode_boolean_bitfield(File, 0x02, 16, "Hidden file", "Not a hidden file"));
3757 proto_tree_add_text(File_tree, offset, 2, "%s",
3758 decode_boolean_bitfield(File, 0x04, 16, "System file", "Not a system file"));
3759 proto_tree_add_text(File_tree, offset, 2, "%s",
3760 decode_boolean_bitfield(File, 0x08, 16, " Volume", "Not a volume"));
3761 proto_tree_add_text(File_tree, offset, 2, "%s",
3762 decode_boolean_bitfield(File, 0x10, 16, " Directory", "Not a directory"));
3763 proto_tree_add_text(File_tree, offset, 2, "%s",
3764 decode_boolean_bitfield(File, 0x20, 16, "Archive file", "Do not archive file"));
3768 offset += 2; /* Skip File */
3770 /* Build display for: Creation Time */
3772 CreationTime = GSHORT(pd, offset);
3779 offset += 2; /* Skip Creation Time */
3781 /* Build display for: Creation Date */
3783 CreationDate = GSHORT(pd, offset);
3787 proto_tree_add_text(tree, offset, 2, "Creation Date: %s", dissect_smbu_date(CreationDate, CreationTime));
3788 proto_tree_add_text(tree, offset, 2, "Creation Time: %s", dissect_smbu_time(CreationDate, CreationTime));
3792 offset += 2; /* Skip Creation Date */
3794 /* Build display for: Open Function */
3796 OpenFunction = GSHORT(pd, offset);
3800 ti = proto_tree_add_text(tree, offset, 2, "Open Function: 0x%02x", OpenFunction);
3801 OpenFunction_tree = proto_item_add_subtree(ti, ett_smb_openfunction);
3802 proto_tree_add_text(OpenFunction_tree, offset, 2, "%s",
3803 decode_enumerated_bitfield(OpenFunction, 0x10, 16, OpenFunction_0x10, "%s"));
3804 proto_tree_add_text(OpenFunction_tree, offset, 2, "%s",
3805 decode_enumerated_bitfield(OpenFunction, 0x03, 16, OpenFunction_0x03, "%s"));
3809 offset += 2; /* Skip Open Function */
3811 /* Build display for: Allocated Size */
3813 AllocatedSize = GWORD(pd, offset);
3817 proto_tree_add_text(tree, offset, 4, "Allocated Size: %u", AllocatedSize);
3821 offset += 4; /* Skip Allocated Size */
3823 /* Build display for: Reserved1 */
3825 Reserved1 = GWORD(pd, offset);
3829 proto_tree_add_text(tree, offset, 4, "Reserved1: %u", Reserved1);
3833 offset += 4; /* Skip Reserved1 */
3835 /* Build display for: Reserved2 */
3837 Reserved2 = GWORD(pd, offset);
3841 proto_tree_add_text(tree, offset, 4, "Reserved2: %u", Reserved2);
3845 offset += 4; /* Skip Reserved2 */
3847 /* Build display for: Byte Count */
3849 ByteCount = GSHORT(pd, offset);
3853 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
3857 offset += 2; /* Skip Byte Count */
3859 /* Build display for: File Name */
3861 FileName = pd + offset;
3865 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
3869 offset += strlen(FileName) + 1; /* Skip File Name */
3872 if (AndXCommand != 0xFF) {
3874 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
3880 if (dirn == 0) { /* Response(s) dissect code */
3882 /* Build display for: Word Count (WCT) */
3884 WordCount = GBYTE(pd, offset);
3888 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3892 offset += 1; /* Skip Word Count (WCT) */
3894 if (WordCount > 0) {
3896 /* Build display for: AndXCommand */
3898 AndXCommand = GBYTE(pd, offset);
3902 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
3903 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
3907 offset += 1; /* Skip AndXCommand */
3909 /* Build display for: AndXReserved */
3911 AndXReserved = GBYTE(pd, offset);
3915 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
3919 offset += 1; /* Skip AndXReserved */
3921 /* Build display for: AndXOffset */
3923 AndXOffset = GSHORT(pd, offset);
3927 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
3931 offset += 2; /* Skip AndXOffset */
3933 /* Build display for: FID */
3935 FID = GSHORT(pd, offset);
3939 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
3943 offset += 2; /* Skip FID */
3945 /* Build display for: FileAttributes */
3947 FileAttributes = GSHORT(pd, offset);
3951 ti = proto_tree_add_text(tree, offset, 2, "FileAttributes: 0x%02x", FileAttributes);
3952 FileAttributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
3953 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3954 decode_boolean_bitfield(FileAttributes, 0x01, 16, "Read only file", "Not a read only file"));
3955 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3956 decode_boolean_bitfield(FileAttributes, 0x02, 16, "Hidden file", "Not a hidden file"));
3957 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3958 decode_boolean_bitfield(FileAttributes, 0x04, 16, "System file", "Not a system file"));
3959 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3960 decode_boolean_bitfield(FileAttributes, 0x08, 16, " Volume", "Not a volume"));
3961 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3962 decode_boolean_bitfield(FileAttributes, 0x10, 16, " Directory", "Not a directory"));
3963 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3964 decode_boolean_bitfield(FileAttributes, 0x20, 16, "Archive file", "Do not archive file"));
3968 offset += 2; /* Skip FileAttributes */
3970 /* Build display for: Last Write Time */
3972 LastWriteTime = GSHORT(pd, offset);
3978 offset += 2; /* Skip Last Write Time */
3980 /* Build display for: Last Write Date */
3982 LastWriteDate = GSHORT(pd, offset);
3986 proto_tree_add_text(tree, offset, 2, "Last Write Date: %s", dissect_smbu_date(LastWriteDate, LastWriteTime));
3987 proto_tree_add_text(tree, offset, 2, "Last Write Time: %s", dissect_smbu_time(LastWriteDate, LastWriteTime));
3992 offset += 2; /* Skip Last Write Date */
3994 /* Build display for: Data Size */
3996 DataSize = GWORD(pd, offset);
4000 proto_tree_add_text(tree, offset, 4, "Data Size: %u", DataSize);
4004 offset += 4; /* Skip Data Size */
4006 /* Build display for: Granted Access */
4008 GrantedAccess = GSHORT(pd, offset);
4012 proto_tree_add_text(tree, offset, 2, "Granted Access: %u", GrantedAccess);
4016 offset += 2; /* Skip Granted Access */
4018 /* Build display for: File Type */
4020 FileType = GSHORT(pd, offset);
4024 ti = proto_tree_add_text(tree, offset, 2, "File Type: 0x%02x", FileType);
4025 FileType_tree = proto_item_add_subtree(ti, ett_smb_filetype);
4026 proto_tree_add_text(FileType_tree, offset, 2, "%s",
4027 decode_enumerated_bitfield(FileType, 0xFFFF, 16, FileType_0xFFFF, "%s"));
4031 offset += 2; /* Skip File Type */
4033 /* Build display for: Device State */
4035 DeviceState = GSHORT(pd, offset);
4039 proto_tree_add_text(tree, offset, 2, "Device State: %u", DeviceState);
4043 offset += 2; /* Skip Device State */
4045 /* Build display for: Action */
4047 Action = GSHORT(pd, offset);
4051 ti = proto_tree_add_text(tree, offset, 2, "Action: 0x%02x", Action);
4052 Action_tree = proto_item_add_subtree(ti, ett_smb_action);
4053 proto_tree_add_text(Action_tree, offset, 2, "%s",
4054 decode_enumerated_bitfield(Action, 0x8000, 16, Action_0x8000, "%s"));
4055 proto_tree_add_text(Action_tree, offset, 2, "%s",
4056 decode_enumerated_bitfield(Action, 0x0003, 16, Action_0x0003, "%s"));
4060 offset += 2; /* Skip Action */
4062 /* Build display for: Server FID */
4064 ServerFID = GWORD(pd, offset);
4068 proto_tree_add_text(tree, offset, 4, "Server FID: %u", ServerFID);
4072 offset += 4; /* Skip Server FID */
4074 /* Build display for: Reserved */
4076 Reserved = GSHORT(pd, offset);
4080 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
4084 offset += 2; /* Skip Reserved */
4088 /* Build display for: Byte Count */
4090 ByteCount = GSHORT(pd, offset);
4094 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
4098 offset += 2; /* Skip Byte Count */
4101 if (AndXCommand != 0xFF) {
4103 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
4112 dissect_write_raw_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4115 proto_tree *WriteMode_tree;
4131 if (dirn == 1) { /* Request(s) dissect code */
4133 WordCount = GBYTE(pd, offset);
4135 switch (WordCount) {
4139 /* Build display for: Word Count (WCT) */
4141 WordCount = GBYTE(pd, offset);
4145 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4149 offset += 1; /* Skip Word Count (WCT) */
4151 /* Build display for: FID */
4153 FID = GSHORT(pd, offset);
4157 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
4161 offset += 2; /* Skip FID */
4163 /* Build display for: Count */
4165 Count = GSHORT(pd, offset);
4169 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
4173 offset += 2; /* Skip Count */
4175 /* Build display for: Reserved 1 */
4177 Reserved1 = GSHORT(pd, offset);
4181 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
4185 offset += 2; /* Skip Reserved 1 */
4187 /* Build display for: Offset */
4189 Offset = GWORD(pd, offset);
4193 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
4197 offset += 4; /* Skip Offset */
4199 /* Build display for: Timeout */
4201 Timeout = GWORD(pd, offset);
4205 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
4209 offset += 4; /* Skip Timeout */
4211 /* Build display for: WriteMode */
4213 WriteMode = GSHORT(pd, offset);
4217 ti = proto_tree_add_text(tree, offset, 2, "WriteMode: 0x%02x", WriteMode);
4218 WriteMode_tree = proto_item_add_subtree(ti, ett_smb_writemode);
4219 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
4220 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
4221 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
4222 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining (pipe/dev)", "Dont return Remaining (pipe/dev)"));
4226 offset += 2; /* Skip WriteMode */
4228 /* Build display for: Reserved 2 */
4230 Reserved2 = GWORD(pd, offset);
4234 proto_tree_add_text(tree, offset, 4, "Reserved 2: %u", Reserved2);
4238 offset += 4; /* Skip Reserved 2 */
4240 /* Build display for: Data Length */
4242 DataLength = GSHORT(pd, offset);
4246 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
4250 offset += 2; /* Skip Data Length */
4252 /* Build display for: Data Offset */
4254 DataOffset = GSHORT(pd, offset);
4258 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
4262 offset += 2; /* Skip Data Offset */
4264 /* Build display for: Byte Count (BCC) */
4266 ByteCount = GSHORT(pd, offset);
4270 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4274 offset += 2; /* Skip Byte Count (BCC) */
4276 /* Build display for: Pad */
4278 Pad = GBYTE(pd, offset);
4282 proto_tree_add_text(tree, offset, 1, "Pad: %u", Pad);
4286 offset += 1; /* Skip Pad */
4292 /* Build display for: Word Count (WCT) */
4294 WordCount = GBYTE(pd, offset);
4298 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4302 offset += 1; /* Skip Word Count (WCT) */
4304 /* Build display for: FID */
4306 FID = GSHORT(pd, offset);
4310 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
4314 offset += 2; /* Skip FID */
4316 /* Build display for: Count */
4318 Count = GSHORT(pd, offset);
4322 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
4326 offset += 2; /* Skip Count */
4328 /* Build display for: Reserved 1 */
4330 Reserved1 = GSHORT(pd, offset);
4334 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
4338 offset += 2; /* Skip Reserved 1 */
4340 /* Build display for: Timeout */
4342 Timeout = GWORD(pd, offset);
4346 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
4350 offset += 4; /* Skip Timeout */
4352 /* Build display for: WriteMode */
4354 WriteMode = GSHORT(pd, offset);
4358 ti = proto_tree_add_text(tree, offset, 2, "WriteMode: 0x%02x", WriteMode);
4359 WriteMode_tree = proto_item_add_subtree(ti, ett_smb_writemode);
4360 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
4361 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
4362 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
4363 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining (pipe/dev)", "Dont return Remaining (pipe/dev)"));
4367 offset += 2; /* Skip WriteMode */
4369 /* Build display for: Reserved 2 */
4371 Reserved2 = GWORD(pd, offset);
4375 proto_tree_add_text(tree, offset, 4, "Reserved 2: %u", Reserved2);
4379 offset += 4; /* Skip Reserved 2 */
4381 /* Build display for: Data Length */
4383 DataLength = GSHORT(pd, offset);
4387 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
4391 offset += 2; /* Skip Data Length */
4393 /* Build display for: Data Offset */
4395 DataOffset = GSHORT(pd, offset);
4399 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
4403 offset += 2; /* Skip Data Offset */
4405 /* Build display for: Byte Count (BCC) */
4407 ByteCount = GSHORT(pd, offset);
4411 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4415 offset += 2; /* Skip Byte Count (BCC) */
4417 /* Build display for: Pad */
4419 Pad = GBYTE(pd, offset);
4423 proto_tree_add_text(tree, offset, 1, "Pad: %u", Pad);
4427 offset += 1; /* Skip Pad */
4435 if (dirn == 0) { /* Response(s) dissect code */
4437 /* Build display for: Word Count (WCT) */
4439 WordCount = GBYTE(pd, offset);
4443 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4447 offset += 1; /* Skip Word Count (WCT) */
4449 if (WordCount > 0) {
4451 /* Build display for: Remaining */
4453 Remaining = GSHORT(pd, offset);
4457 proto_tree_add_text(tree, offset, 2, "Remaining: %u", Remaining);
4461 offset += 2; /* Skip Remaining */
4465 /* Build display for: Byte Count */
4467 ByteCount = GSHORT(pd, offset);
4471 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
4475 offset += 2; /* Skip Byte Count */
4482 dissect_tdis_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4488 if (dirn == 1) { /* Request(s) dissect code */
4490 /* Build display for: Word Count (WCT) */
4492 WordCount = GBYTE(pd, offset);
4496 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4500 offset += 1; /* Skip Word Count (WCT) */
4502 /* Build display for: Byte Count (BCC) */
4504 ByteCount = GSHORT(pd, offset);
4508 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4512 offset += 2; /* Skip Byte Count (BCC) */
4516 if (dirn == 0) { /* Response(s) dissect code */
4518 /* Build display for: Word Count (WCT) */
4520 WordCount = GBYTE(pd, offset);
4524 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4528 offset += 1; /* Skip Word Count (WCT) */
4530 /* Build display for: Byte Count (BCC) */
4532 ByteCount = GSHORT(pd, offset);
4536 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4540 offset += 2; /* Skip Byte Count (BCC) */
4547 dissect_move_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4550 static const value_string Flags_0x03[] = {
4551 { 0, "Target must be a file"},
4552 { 1, "Target must be a directory"},
4555 { 4, "Verify all writes"},
4558 proto_tree *Flags_tree;
4561 guint8 ErrorFileFormat;
4563 guint16 OpenFunction;
4567 const char *ErrorFileName;
4569 if (dirn == 1) { /* Request(s) dissect code */
4571 /* Build display for: Word Count (WCT) */
4573 WordCount = GBYTE(pd, offset);
4577 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4581 offset += 1; /* Skip Word Count (WCT) */
4583 /* Build display for: TID2 */
4585 TID2 = GSHORT(pd, offset);
4589 proto_tree_add_text(tree, offset, 2, "TID2: %u", TID2);
4593 offset += 2; /* Skip TID2 */
4595 /* Build display for: Open Function */
4597 OpenFunction = GSHORT(pd, offset);
4601 proto_tree_add_text(tree, offset, 2, "Open Function: %u", OpenFunction);
4605 offset += 2; /* Skip Open Function */
4607 /* Build display for: Flags */
4609 Flags = GSHORT(pd, offset);
4613 ti = proto_tree_add_text(tree, offset, 2, "Flags: 0x%02x", Flags);
4614 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
4615 proto_tree_add_text(Flags_tree, offset, 2, "%s",
4616 decode_enumerated_bitfield(Flags, 0x03, 16, Flags_0x03, "%s"));
4620 offset += 2; /* Skip Flags */
4624 if (dirn == 0) { /* Response(s) dissect code */
4626 /* Build display for: Word Count (WCT) */
4628 WordCount = GBYTE(pd, offset);
4632 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4636 offset += 1; /* Skip Word Count (WCT) */
4638 if (WordCount > 0) {
4640 /* Build display for: Count */
4642 Count = GSHORT(pd, offset);
4646 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
4650 offset += 2; /* Skip Count */
4654 /* Build display for: Byte Count */
4656 ByteCount = GSHORT(pd, offset);
4660 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
4664 offset += 2; /* Skip Byte Count */
4666 /* Build display for: Error File Format */
4668 ErrorFileFormat = GBYTE(pd, offset);
4672 proto_tree_add_text(tree, offset, 1, "Error File Format: %u", ErrorFileFormat);
4676 offset += 1; /* Skip Error File Format */
4678 /* Build display for: Error File Name */
4680 ErrorFileName = pd + offset;
4684 proto_tree_add_text(tree, offset, strlen(ErrorFileName) + 1, "Error File Name: %s", ErrorFileName);
4688 offset += strlen(ErrorFileName) + 1; /* Skip Error File Name */
4695 dissect_rename_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4699 guint8 BufferFormat2;
4700 guint8 BufferFormat1;
4701 guint16 SearchAttributes;
4703 const char *OldFileName;
4704 const char *NewFileName;
4706 if (dirn == 1) { /* Request(s) dissect code */
4708 /* Build display for: Word Count (WCT) */
4710 WordCount = GBYTE(pd, offset);
4714 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4718 offset += 1; /* Skip Word Count (WCT) */
4720 /* Build display for: Search Attributes */
4722 SearchAttributes = GSHORT(pd, offset);
4726 proto_tree_add_text(tree, offset, 2, "Search Attributes: %u", SearchAttributes);
4730 offset += 2; /* Skip Search Attributes */
4732 /* Build display for: Byte Count */
4734 ByteCount = GSHORT(pd, offset);
4738 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
4742 offset += 2; /* Skip Byte Count */
4744 /* Build display for: Buffer Format 1 */
4746 BufferFormat1 = GBYTE(pd, offset);
4750 proto_tree_add_text(tree, offset, 1, "Buffer Format 1: %u", BufferFormat1);
4754 offset += 1; /* Skip Buffer Format 1 */
4756 /* Build display for: Old File Name */
4758 OldFileName = pd + offset;
4762 proto_tree_add_text(tree, offset, strlen(OldFileName) + 1, "Old File Name: %s", OldFileName);
4766 offset += strlen(OldFileName) + 1; /* Skip Old File Name */
4768 /* Build display for: Buffer Format 2 */
4770 BufferFormat2 = GBYTE(pd, offset);
4774 proto_tree_add_text(tree, offset, 1, "Buffer Format 2: %u", BufferFormat2);
4778 offset += 1; /* Skip Buffer Format 2 */
4780 /* Build display for: New File Name */
4782 NewFileName = pd + offset;
4786 proto_tree_add_text(tree, offset, strlen(NewFileName) + 1, "New File Name: %s", NewFileName);
4790 offset += strlen(NewFileName) + 1; /* Skip New File Name */
4794 if (dirn == 0) { /* Response(s) dissect code */
4796 /* Build display for: Word Count (WCT) */
4798 WordCount = GBYTE(pd, offset);
4802 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4806 offset += 1; /* Skip Word Count (WCT) */
4808 /* Build display for: Byte Count (BCC) */
4810 ByteCount = GSHORT(pd, offset);
4814 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4818 offset += 2; /* Skip Byte Count (BCC) */
4825 dissect_open_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4828 static const value_string Mode_0x03[] = {
4829 { 0, "Text mode (DOS expands TABs)"},
4830 { 1, "Graphics mode"},
4833 proto_tree *Mode_tree;
4836 guint8 BufferFormat;
4837 guint16 SetupLength;
4841 const char *IdentifierString;
4843 if (dirn == 1) { /* Request(s) dissect code */
4845 /* Build display for: Word Count (WCT) */
4847 WordCount = GBYTE(pd, offset);
4851 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4855 offset += 1; /* Skip Word Count (WCT) */
4857 /* Build display for: Setup Length */
4859 SetupLength = GSHORT(pd, offset);
4863 proto_tree_add_text(tree, offset, 2, "Setup Length: %u", SetupLength);
4867 offset += 2; /* Skip Setup Length */
4869 /* Build display for: Mode */
4871 Mode = GSHORT(pd, offset);
4875 ti = proto_tree_add_text(tree, offset, 2, "Mode: 0x%02x", Mode);
4876 Mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
4877 proto_tree_add_text(Mode_tree, offset, 2, "%s",
4878 decode_enumerated_bitfield(Mode, 0x03, 16, Mode_0x03, "%s"));
4882 offset += 2; /* Skip Mode */
4884 /* Build display for: Byte Count (BCC) */
4886 ByteCount = GSHORT(pd, offset);
4890 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4894 offset += 2; /* Skip Byte Count (BCC) */
4896 /* Build display for: Buffer Format */
4898 BufferFormat = GBYTE(pd, offset);
4902 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
4906 offset += 1; /* Skip Buffer Format */
4908 /* Build display for: Identifier String */
4910 IdentifierString = pd + offset;
4914 proto_tree_add_text(tree, offset, strlen(IdentifierString) + 1, "Identifier String: %s", IdentifierString);
4918 offset += strlen(IdentifierString) + 1; /* Skip Identifier String */
4922 if (dirn == 0) { /* Response(s) dissect code */
4924 /* Build display for: Word Count (WCT) */
4926 WordCount = GBYTE(pd, offset);
4930 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4934 offset += 1; /* Skip Word Count (WCT) */
4936 /* Build display for: FID */
4938 FID = GSHORT(pd, offset);
4942 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
4946 offset += 2; /* Skip FID */
4948 /* Build display for: Byte Count (BCC) */
4950 ByteCount = GSHORT(pd, offset);
4954 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4958 offset += 2; /* Skip Byte Count (BCC) */
4965 dissect_close_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4972 if (dirn == 1) { /* Request(s) dissect code */
4974 /* Build display for: Word Count (WCT) */
4976 WordCount = GBYTE(pd, offset);
4980 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4984 offset += 1; /* Skip Word Count (WCT) */
4986 /* Build display for: FID */
4988 FID = GSHORT(pd, offset);
4992 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
4996 offset += 2; /* Skip FID */
4998 /* Build display for: Byte Count (BCC) */
5000 ByteCount = GSHORT(pd, offset);
5004 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5008 offset += 2; /* Skip Byte Count (BCC) */
5012 if (dirn == 0) { /* Response(s) dissect code */
5014 /* Build display for: Word Count */
5016 WordCount = GBYTE(pd, offset);
5020 proto_tree_add_text(tree, offset, 1, "Word Count: %u", WordCount);
5024 offset += 1; /* Skip Word Count */
5026 /* Build display for: Byte Count (BCC) */
5028 ByteCount = GSHORT(pd, offset);
5032 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5036 offset += 2; /* Skip Byte Count (BCC) */
5043 dissect_read_raw_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5056 if (dirn == 1) { /* Request(s) dissect code */
5058 WordCount = GBYTE(pd, offset);
5060 switch (WordCount) {
5064 /* Build display for: Word Count (WCT) */
5066 WordCount = GBYTE(pd, offset);
5070 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5074 offset += 1; /* Skip Word Count (WCT) */
5076 /* Build display for: FID */
5078 FID = GSHORT(pd, offset);
5082 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5086 offset += 2; /* Skip FID */
5088 /* Build display for: Offset */
5090 Offset = GWORD(pd, offset);
5094 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5098 offset += 4; /* Skip Offset */
5100 /* Build display for: Max Count */
5102 MaxCount = GSHORT(pd, offset);
5106 proto_tree_add_text(tree, offset, 2, "Max Count: %u", MaxCount);
5110 offset += 2; /* Skip Max Count */
5112 /* Build display for: Min Count */
5114 MinCount = GSHORT(pd, offset);
5118 proto_tree_add_text(tree, offset, 2, "Min Count: %u", MinCount);
5122 offset += 2; /* Skip Min Count */
5124 /* Build display for: Timeout */
5126 Timeout = GWORD(pd, offset);
5130 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
5134 offset += 4; /* Skip Timeout */
5136 /* Build display for: Reserved */
5138 Reserved = GSHORT(pd, offset);
5142 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
5146 offset += 2; /* Skip Reserved */
5148 /* Build display for: Byte Count (BCC) */
5150 ByteCount = GSHORT(pd, offset);
5154 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5158 offset += 2; /* Skip Byte Count (BCC) */
5164 /* Build display for: Word Count (WCT) */
5166 WordCount = GBYTE(pd, offset);
5170 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5174 offset += 1; /* Skip Word Count (WCT) */
5176 /* Build display for: FID */
5178 FID = GSHORT(pd, offset);
5182 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5186 offset += 2; /* Skip FID */
5188 /* Build display for: Offset */
5190 Offset = GWORD(pd, offset);
5194 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5198 offset += 4; /* Skip Offset */
5200 /* Build display for: Max Count */
5202 MaxCount = GSHORT(pd, offset);
5206 proto_tree_add_text(tree, offset, 2, "Max Count: %u", MaxCount);
5210 offset += 2; /* Skip Max Count */
5212 /* Build display for: Min Count */
5214 MinCount = GSHORT(pd, offset);
5218 proto_tree_add_text(tree, offset, 2, "Min Count: %u", MinCount);
5222 offset += 2; /* Skip Min Count */
5224 /* Build display for: Timeout */
5226 Timeout = GWORD(pd, offset);
5230 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
5234 offset += 4; /* Skip Timeout */
5236 /* Build display for: Reserved */
5238 Reserved = GSHORT(pd, offset);
5242 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
5246 offset += 2; /* Skip Reserved */
5248 /* Build display for: Offset High */
5250 OffsetHigh = GWORD(pd, offset);
5254 proto_tree_add_text(tree, offset, 4, "Offset High: %u", OffsetHigh);
5258 offset += 4; /* Skip Offset High */
5260 /* Build display for: Byte Count (BCC) */
5262 ByteCount = GSHORT(pd, offset);
5266 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5270 offset += 2; /* Skip Byte Count (BCC) */
5278 if (dirn == 0) { /* Response(s) dissect code */
5285 dissect_logoff_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5289 guint8 AndXReserved;
5290 guint8 AndXCommand = 0xFF;
5292 guint16 AndXOffset = 0;
5294 if (dirn == 1) { /* Request(s) dissect code */
5296 /* Build display for: Word Count (WCT) */
5298 WordCount = GBYTE(pd, offset);
5302 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5306 offset += 1; /* Skip Word Count (WCT) */
5308 /* Build display for: AndXCommand */
5310 AndXCommand = GBYTE(pd, offset);
5314 proto_tree_add_text(tree, offset, 1, "AndXCommand: %u", AndXCommand);
5318 offset += 1; /* Skip AndXCommand */
5320 /* Build display for: AndXReserved */
5322 AndXReserved = GBYTE(pd, offset);
5326 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
5330 offset += 1; /* Skip AndXReserved */
5332 /* Build display for: AndXOffset */
5334 AndXOffset = GSHORT(pd, offset);
5338 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
5342 offset += 2; /* Skip AndXOffset */
5344 /* Build display for: Byte Count (BCC) */
5346 ByteCount = GSHORT(pd, offset);
5350 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5354 offset += 2; /* Skip Byte Count (BCC) */
5357 if (AndXCommand != 0xFF) {
5359 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
5365 if (dirn == 0) { /* Response(s) dissect code */
5367 /* Build display for: Word Count (WCT) */
5369 WordCount = GBYTE(pd, offset);
5373 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5377 offset += 1; /* Skip Word Count (WCT) */
5379 /* Build display for: AndXCommand */
5381 AndXCommand = GBYTE(pd, offset);
5385 proto_tree_add_text(tree, offset, 1, "AndXCommand: %u", AndXCommand);
5389 offset += 1; /* Skip AndXCommand */
5391 /* Build display for: AndXReserved */
5393 AndXReserved = GBYTE(pd, offset);
5397 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
5401 offset += 1; /* Skip AndXReserved */
5403 /* Build display for: AndXOffset */
5405 AndXOffset = GSHORT(pd, offset);
5409 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
5413 offset += 2; /* Skip AndXOffset */
5415 /* Build display for: Byte Count (BCC) */
5417 ByteCount = GSHORT(pd, offset);
5421 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5425 offset += 2; /* Skip Byte Count (BCC) */
5428 if (AndXCommand != 0xFF) {
5430 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
5439 dissect_seek_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5442 static const value_string Mode_0x03[] = {
5443 { 0, "Seek from start of file"},
5444 { 1, "Seek from current position"},
5445 { 2, "Seek from end of file"},
5448 proto_tree *Mode_tree;
5456 if (dirn == 1) { /* Request(s) dissect code */
5458 /* Build display for: Word Count (WCT) */
5460 WordCount = GBYTE(pd, offset);
5464 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5468 offset += 1; /* Skip Word Count (WCT) */
5470 /* Build display for: FID */
5472 FID = GSHORT(pd, offset);
5476 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5480 offset += 2; /* Skip FID */
5482 /* Build display for: Mode */
5484 Mode = GSHORT(pd, offset);
5488 ti = proto_tree_add_text(tree, offset, 2, "Mode: 0x%02x", Mode);
5489 Mode_tree = proto_item_add_subtree(ti, ett_smb_mode);
5490 proto_tree_add_text(Mode_tree, offset, 2, "%s",
5491 decode_enumerated_bitfield(Mode, 0x03, 16, Mode_0x03, "%s"));
5495 offset += 2; /* Skip Mode */
5497 /* Build display for: Offset */
5499 Offset = GWORD(pd, offset);
5503 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5507 offset += 4; /* Skip Offset */
5509 /* Build display for: Byte Count (BCC) */
5511 ByteCount = GSHORT(pd, offset);
5515 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5519 offset += 2; /* Skip Byte Count (BCC) */
5523 if (dirn == 0) { /* Response(s) dissect code */
5525 /* Build display for: Word Count (WCT) */
5527 WordCount = GBYTE(pd, offset);
5531 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5535 offset += 1; /* Skip Word Count (WCT) */
5537 /* Build display for: Offset */
5539 Offset = GWORD(pd, offset);
5543 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5547 offset += 4; /* Skip Offset */
5549 /* Build display for: Byte Count (BCC) */
5551 ByteCount = GSHORT(pd, offset);
5555 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5559 offset += 2; /* Skip Byte Count (BCC) */
5566 dissect_write_and_unlock_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5570 guint8 BufferFormat;
5578 if (dirn == 1) { /* Request(s) dissect code */
5580 /* Build display for: Word Count (WCT) */
5582 WordCount = GBYTE(pd, offset);
5586 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5590 offset += 1; /* Skip Word Count (WCT) */
5592 /* Build display for: FID */
5594 FID = GSHORT(pd, offset);
5598 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5602 offset += 2; /* Skip FID */
5604 /* Build display for: Count */
5606 Count = GSHORT(pd, offset);
5610 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
5614 offset += 2; /* Skip Count */
5616 /* Build display for: Offset */
5618 Offset = GWORD(pd, offset);
5622 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5626 offset += 4; /* Skip Offset */
5628 /* Build display for: Remaining */
5630 Remaining = GSHORT(pd, offset);
5634 proto_tree_add_text(tree, offset, 2, "Remaining: %u", Remaining);
5638 offset += 2; /* Skip Remaining */
5640 /* Build display for: Byte Count (BCC) */
5642 ByteCount = GSHORT(pd, offset);
5646 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5650 offset += 2; /* Skip Byte Count (BCC) */
5652 /* Build display for: Buffer Format */
5654 BufferFormat = GBYTE(pd, offset);
5658 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
5662 offset += 1; /* Skip Buffer Format */
5664 /* Build display for: Data Length */
5666 DataLength = GSHORT(pd, offset);
5670 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
5674 offset += 2; /* Skip Data Length */
5678 if (dirn == 0) { /* Response(s) dissect code */
5680 /* Build display for: Word Count (WCT) */
5682 WordCount = GBYTE(pd, offset);
5686 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5690 offset += 1; /* Skip Word Count (WCT) */
5692 /* Build display for: Count */
5694 Count = GSHORT(pd, offset);
5698 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
5702 offset += 2; /* Skip Count */
5704 /* Build display for: Byte Count (BCC) */
5706 ByteCount = GSHORT(pd, offset);
5710 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5714 offset += 2; /* Skip Byte Count (BCC) */
5721 dissect_set_info2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5725 guint16 LastWriteTime;
5726 guint16 LastWriteDate;
5727 guint16 LastAccessTime;
5728 guint16 LastAccessDate;
5730 guint16 CreationTime;
5731 guint16 CreationDate;
5734 if (dirn == 1) { /* Request(s) dissect code */
5736 /* Build display for: Word Count */
5738 WordCount = GBYTE(pd, offset);
5742 proto_tree_add_text(tree, offset, 1, "Word Count: %u", WordCount);
5746 offset += 1; /* Skip Word Count */
5748 /* Build display for: FID */
5750 FID = GSHORT(pd, offset);
5754 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5758 offset += 2; /* Skip FID */
5760 /* Build display for: Creation Date */
5762 CreationDate = GSHORT(pd, offset);
5766 proto_tree_add_text(tree, offset, 2, "Creation Date: %u", dissect_dos_date(CreationDate));
5770 offset += 2; /* Skip Creation Date */
5772 /* Build display for: Creation Time */
5774 CreationTime = GSHORT(pd, offset);
5778 proto_tree_add_text(tree, offset, 2, "Creation Time: %u", dissect_dos_time(CreationTime));
5782 offset += 2; /* Skip Creation Time */
5784 /* Build display for: Last Access Date */
5786 LastAccessDate = GSHORT(pd, offset);
5790 proto_tree_add_text(tree, offset, 2, "Last Access Date: %u", dissect_dos_date(LastAccessDate));
5794 offset += 2; /* Skip Last Access Date */
5796 /* Build display for: Last Access Time */
5798 LastAccessTime = GSHORT(pd, offset);
5802 proto_tree_add_text(tree, offset, 2, "Last Access Time: %u", dissect_dos_time(LastAccessTime));
5806 offset += 2; /* Skip Last Access Time */
5808 /* Build display for: Last Write Date */
5810 LastWriteDate = GSHORT(pd, offset);
5814 proto_tree_add_text(tree, offset, 2, "Last Write Date: %u", dissect_dos_date(LastWriteDate));
5818 offset += 2; /* Skip Last Write Date */
5820 /* Build display for: Last Write Time */
5822 LastWriteTime = GSHORT(pd, offset);
5826 proto_tree_add_text(tree, offset, 2, "Last Write Time: %u", dissect_dos_time(LastWriteTime));
5830 offset += 2; /* Skip Last Write Time */
5832 /* Build display for: Byte Count (BCC) */
5834 ByteCount = GSHORT(pd, offset);
5838 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5842 offset += 2; /* Skip Byte Count (BCC) */
5846 if (dirn == 0) { /* Response(s) dissect code */
5848 /* Build display for: Word Count (WCC) */
5850 WordCount = GBYTE(pd, offset);
5854 proto_tree_add_text(tree, offset, 1, "Word Count (WCC): %u", WordCount);
5858 offset += 1; /* Skip Word Count (WCC) */
5860 /* Build display for: Byte Count (BCC) */
5862 ByteCount = GSHORT(pd, offset);
5866 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5870 offset += 2; /* Skip Byte Count (BCC) */
5877 dissect_lock_bytes_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5886 if (dirn == 1) { /* Request(s) dissect code */
5888 /* Build display for: Word Count (WCT) */
5890 WordCount = GBYTE(pd, offset);
5894 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5898 offset += 1; /* Skip Word Count (WCT) */
5900 /* Build display for: FID */
5902 FID = GSHORT(pd, offset);
5906 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5910 offset += 2; /* Skip FID */
5912 /* Build display for: Count */
5914 Count = GWORD(pd, offset);
5918 proto_tree_add_text(tree, offset, 4, "Count: %u", Count);
5922 offset += 4; /* Skip Count */
5924 /* Build display for: Offset */
5926 Offset = GWORD(pd, offset);
5930 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5934 offset += 4; /* Skip Offset */
5936 /* Build display for: Byte Count (BCC) */
5938 ByteCount = GSHORT(pd, offset);
5942 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5946 offset += 2; /* Skip Byte Count (BCC) */
5950 if (dirn == 0) { /* Response(s) dissect code */
5952 /* Build display for: Word Count (WCT) */
5954 WordCount = GBYTE(pd, offset);
5958 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5962 offset += 1; /* Skip Word Count (WCT) */
5964 /* Build display for: Byte Count (BCC) */
5966 ByteCount = GSHORT(pd, offset);
5970 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5974 offset += 2; /* Skip Byte Count (BCC) */
5981 dissect_get_print_queue_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5985 guint8 BufferFormat;
5987 guint16 RestartIndex;
5993 if (dirn == 1) { /* Request(s) dissect code */
5995 /* Build display for: Word Count */
5997 WordCount = GBYTE(pd, offset);
6001 proto_tree_add_text(tree, offset, 1, "Word Count: %u", WordCount);
6005 offset += 1; /* Skip Word Count */
6007 /* Build display for: Max Count */
6009 MaxCount = GSHORT(pd, offset);
6013 proto_tree_add_text(tree, offset, 2, "Max Count: %u", MaxCount);
6017 offset += 2; /* Skip Max Count */
6019 /* Build display for: Start Index */
6021 StartIndex = GSHORT(pd, offset);
6025 proto_tree_add_text(tree, offset, 2, "Start Index: %u", StartIndex);
6029 offset += 2; /* Skip Start Index */
6031 /* Build display for: Byte Count (BCC) */
6033 ByteCount = GSHORT(pd, offset);
6037 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6041 offset += 2; /* Skip Byte Count (BCC) */
6045 if (dirn == 0) { /* Response(s) dissect code */
6047 /* Build display for: Word Count (WCT) */
6049 WordCount = GBYTE(pd, offset);
6053 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6057 offset += 1; /* Skip Word Count (WCT) */
6059 if (WordCount > 0) {
6061 /* Build display for: Count */
6063 Count = GSHORT(pd, offset);
6067 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
6071 offset += 2; /* Skip Count */
6073 /* Build display for: Restart Index */
6075 RestartIndex = GSHORT(pd, offset);
6079 proto_tree_add_text(tree, offset, 2, "Restart Index: %u", RestartIndex);
6083 offset += 2; /* Skip Restart Index */
6085 /* Build display for: Byte Count (BCC) */
6089 ByteCount = GSHORT(pd, offset);
6093 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6097 offset += 2; /* Skip Byte Count (BCC) */
6099 /* Build display for: Buffer Format */
6101 BufferFormat = GBYTE(pd, offset);
6105 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
6109 offset += 1; /* Skip Buffer Format */
6111 /* Build display for: Data Length */
6113 DataLength = GSHORT(pd, offset);
6117 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
6121 offset += 2; /* Skip Data Length */
6128 dissect_locking_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6131 proto_tree *LockType_tree;
6136 guint8 AndXReserved;
6137 guint8 AndXCommand = 0xFF;
6139 guint16 NumberofLocks;
6140 guint16 NumberOfUnlocks;
6144 guint16 AndXOffset = 0;
6146 if (dirn == 1) { /* Request(s) dissect code */
6148 /* Build display for: Word Count (WCT) */
6150 WordCount = GBYTE(pd, offset);
6154 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6158 offset += 1; /* Skip Word Count (WCT) */
6160 /* Build display for: AndXCommand */
6162 AndXCommand = GBYTE(pd, offset);
6166 proto_tree_add_text(tree, offset, 1, "AndXCommand: %u", AndXCommand);
6170 offset += 1; /* Skip AndXCommand */
6172 /* Build display for: AndXReserved */
6174 AndXReserved = GBYTE(pd, offset);
6178 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
6182 offset += 1; /* Skip AndXReserved */
6184 /* Build display for: AndXOffset */
6186 AndXOffset = GSHORT(pd, offset);
6190 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
6194 offset += 2; /* Skip AndXOffset */
6196 /* Build display for: FID */
6198 FID = GSHORT(pd, offset);
6202 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
6206 offset += 2; /* Skip FID */
6208 /* Build display for: Lock Type */
6210 LockType = GBYTE(pd, offset);
6214 ti = proto_tree_add_text(tree, offset, 1, "Lock Type: 0x%01x", LockType);
6215 LockType_tree = proto_item_add_subtree(ti, ett_smb_lock_type);
6216 proto_tree_add_text(LockType_tree, offset, 1, "%s",
6217 decode_boolean_bitfield(LockType, 0x01, 16, "Read-only lock", "Not a Read-only lock"));
6218 proto_tree_add_text(LockType_tree, offset, 1, "%s",
6219 decode_boolean_bitfield(LockType, 0x02, 16, "Oplock break notification", "Not an Oplock break notification"));
6220 proto_tree_add_text(LockType_tree, offset, 1, "%s",
6221 decode_boolean_bitfield(LockType, 0x04, 16, "Change lock type", "Not a lock type change"));
6222 proto_tree_add_text(LockType_tree, offset, 1, "%s",
6223 decode_boolean_bitfield(LockType, 0x08, 16, "Cancel outstanding request", "Dont cancel outstanding request"));
6224 proto_tree_add_text(LockType_tree, offset, 1, "%s",
6225 decode_boolean_bitfield(LockType, 0x10, 16, "Large file locking format", "Not a large file locking format"));
6229 offset += 1; /* Skip Lock Type */
6231 /* Build display for: OplockLevel */
6233 OplockLevel = GBYTE(pd, offset);
6237 proto_tree_add_text(tree, offset, 1, "OplockLevel: %u", OplockLevel);
6241 offset += 1; /* Skip OplockLevel */
6243 /* Build display for: Timeout */
6245 Timeout = GWORD(pd, offset);
6249 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
6253 offset += 4; /* Skip Timeout */
6255 /* Build display for: Number Of Unlocks */
6257 NumberOfUnlocks = GSHORT(pd, offset);
6261 proto_tree_add_text(tree, offset, 2, "Number Of Unlocks: %u", NumberOfUnlocks);
6265 offset += 2; /* Skip Number Of Unlocks */
6267 /* Build display for: Number of Locks */
6269 NumberofLocks = GSHORT(pd, offset);
6273 proto_tree_add_text(tree, offset, 2, "Number of Locks: %u", NumberofLocks);
6277 offset += 2; /* Skip Number of Locks */
6279 /* Build display for: Byte Count (BCC) */
6281 ByteCount = GSHORT(pd, offset);
6285 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6289 offset += 2; /* Skip Byte Count (BCC) */
6292 if (AndXCommand != 0xFF) {
6294 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
6300 if (dirn == 0) { /* Response(s) dissect code */
6302 /* Build display for: Word Count (WCT) */
6304 WordCount = GBYTE(pd, offset);
6308 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6312 offset += 1; /* Skip Word Count (WCT) */
6314 if (WordCount > 0) {
6316 /* Build display for: AndXCommand */
6318 AndXCommand = GBYTE(pd, offset);
6322 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
6323 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
6327 offset += 1; /* Skip AndXCommand */
6329 /* Build display for: AndXReserved */
6331 AndXReserved = GBYTE(pd, offset);
6335 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
6339 offset += 1; /* Skip AndXReserved */
6341 /* Build display for: AndXoffset */
6343 AndXoffset = GSHORT(pd, offset);
6347 proto_tree_add_text(tree, offset, 2, "AndXoffset: %u", AndXoffset);
6351 offset += 2; /* Skip AndXoffset */
6355 /* Build display for: Byte Count */
6357 ByteCount = GSHORT(pd, offset);
6361 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
6365 offset += 2; /* Skip Byte Count */
6368 if (AndXCommand != 0xFF) {
6370 (dissect[AndXCommand])(pd, SMB_offset + AndXOffset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn);
6379 dissect_unlock_bytes_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6388 if (dirn == 1) { /* Request(s) dissect code */
6390 /* Build display for: Word Count (WCT) */
6392 WordCount = GBYTE(pd, offset);
6396 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6400 offset += 1; /* Skip Word Count (WCT) */
6402 /* Build display for: FID */
6404 FID = GSHORT(pd, offset);
6408 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
6412 offset += 2; /* Skip FID */
6414 /* Build display for: Count */
6416 Count = GWORD(pd, offset);
6420 proto_tree_add_text(tree, offset, 4, "Count: %u", Count);
6424 offset += 4; /* Skip Count */
6426 /* Build display for: Offset */
6428 Offset = GWORD(pd, offset);
6432 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
6436 offset += 4; /* Skip Offset */
6438 /* Build display for: Byte Count (BCC) */
6440 ByteCount = GSHORT(pd, offset);
6444 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6448 offset += 2; /* Skip Byte Count (BCC) */
6452 if (dirn == 0) { /* Response(s) dissect code */
6454 /* Build display for: Word Count (WCT) */
6456 WordCount = GBYTE(pd, offset);
6460 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6464 offset += 1; /* Skip Word Count (WCT) */
6466 /* Build display for: Byte Count (BCC) */
6468 ByteCount = GSHORT(pd, offset);
6472 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6476 offset += 2; /* Skip Byte Count (BCC) */
6483 dissect_create_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6486 proto_tree *Attributes_tree;
6489 guint8 BufferFormat;
6491 guint16 CreationTime;
6494 const char *FileName;
6496 if (dirn == 1) { /* Request(s) dissect code */
6498 /* Build display for: Word Count (WCT) */
6500 WordCount = GBYTE(pd, offset);
6504 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6508 offset += 1; /* Skip Word Count (WCT) */
6510 /* Build display for: Attributes */
6512 Attributes = GSHORT(pd, offset);
6516 ti = proto_tree_add_text(tree, offset, 2, "Attributes: 0x%02x", Attributes);
6517 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
6518 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6519 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
6520 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6521 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
6522 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6523 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
6524 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6525 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
6526 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6527 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
6528 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6529 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
6533 offset += 2; /* Skip Attributes */
6535 /* Build display for: Creation Time */
6537 CreationTime = GSHORT(pd, offset);
6541 proto_tree_add_text(tree, offset, 2, "Creation Time: %u", dissect_dos_time(CreationTime));
6545 offset += 2; /* Skip Creation Time */
6547 /* Build display for: Byte Count (BCC) */
6549 ByteCount = GSHORT(pd, offset);
6553 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6557 offset += 2; /* Skip Byte Count (BCC) */
6559 /* Build display for: Buffer Format */
6561 BufferFormat = GBYTE(pd, offset);
6565 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
6569 offset += 1; /* Skip Buffer Format */
6571 /* Build display for: File Name */
6573 FileName = pd + offset;
6577 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
6581 offset += strlen(FileName) + 1; /* Skip File Name */
6585 if (dirn == 0) { /* Response(s) dissect code */
6587 /* Build display for: Word Count (WCT) */
6589 WordCount = GBYTE(pd, offset);
6593 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6597 offset += 1; /* Skip Word Count (WCT) */
6599 if (WordCount > 0) {
6601 /* Build display for: FID */
6603 FID = GSHORT(pd, offset);
6607 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
6611 offset += 2; /* Skip FID */
6615 /* Build display for: Byte Count (BCC) */
6617 ByteCount = GSHORT(pd, offset);
6621 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6625 offset += 2; /* Skip Byte Count (BCC) */
6632 dissect_search_dir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6636 guint8 BufferFormat2;
6637 guint8 BufferFormat1;
6638 guint8 BufferFormat;
6639 guint16 SearchAttributes;
6640 guint16 ResumeKeyLength;
6645 const char *FileName;
6647 if (dirn == 1) { /* Request(s) dissect code */
6649 /* Build display for: Word Count (WCT) */
6651 WordCount = GBYTE(pd, offset);
6655 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6659 offset += 1; /* Skip Word Count (WCT) */
6661 /* Build display for: Max Count */
6663 MaxCount = GSHORT(pd, offset);
6667 proto_tree_add_text(tree, offset, 2, "Max Count: %u", MaxCount);
6671 offset += 2; /* Skip Max Count */
6673 /* Build display for: Search Attributes */
6675 SearchAttributes = GSHORT(pd, offset);
6679 proto_tree_add_text(tree, offset, 2, "Search Attributes: %u", SearchAttributes);
6683 offset += 2; /* Skip Search Attributes */
6685 /* Build display for: Byte Count (BCC) */
6687 ByteCount = GSHORT(pd, offset);
6691 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6695 offset += 2; /* Skip Byte Count (BCC) */
6697 /* Build display for: Buffer Format 1 */
6699 BufferFormat1 = GBYTE(pd, offset);
6703 proto_tree_add_text(tree, offset, 1, "Buffer Format 1: %u", BufferFormat1);
6707 offset += 1; /* Skip Buffer Format 1 */
6709 /* Build display for: File Name */
6711 FileName = pd + offset;
6715 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
6719 offset += strlen(FileName) + 1; /* Skip File Name */
6721 /* Build display for: Buffer Format 2 */
6723 BufferFormat2 = GBYTE(pd, offset);
6727 proto_tree_add_text(tree, offset, 1, "Buffer Format 2: %u", BufferFormat2);
6731 offset += 1; /* Skip Buffer Format 2 */
6733 /* Build display for: Resume Key Length */
6735 ResumeKeyLength = GSHORT(pd, offset);
6739 proto_tree_add_text(tree, offset, 2, "Resume Key Length: %u", ResumeKeyLength);
6743 offset += 2; /* Skip Resume Key Length */
6747 if (dirn == 0) { /* Response(s) dissect code */
6749 /* Build display for: Word Count (WCT) */
6751 WordCount = GBYTE(pd, offset);
6755 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6759 offset += 1; /* Skip Word Count (WCT) */
6761 if (WordCount > 0) {
6763 /* Build display for: Count */
6765 Count = GSHORT(pd, offset);
6769 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
6773 offset += 2; /* Skip Count */
6777 /* Build display for: Byte Count (BCC) */
6779 ByteCount = GSHORT(pd, offset);
6783 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6787 offset += 2; /* Skip Byte Count (BCC) */
6789 /* Build display for: Buffer Format */
6791 BufferFormat = GBYTE(pd, offset);
6795 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
6799 offset += 1; /* Skip Buffer Format */
6801 /* Build display for: Data Length */
6803 DataLength = GSHORT(pd, offset);
6807 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
6811 offset += 2; /* Skip Data Length */
6818 dissect_create_temporary_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6822 guint8 BufferFormat;
6825 guint16 CreationTime;
6826 guint16 CreationDate;
6828 const char *FileName;
6829 const char *DirectoryName;
6831 if (dirn == 1) { /* Request(s) dissect code */
6833 /* Build display for: Word Count (WCT) */
6835 WordCount = GBYTE(pd, offset);
6839 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6843 offset += 1; /* Skip Word Count (WCT) */
6845 /* Build display for: Reserved */
6847 Reserved = GSHORT(pd, offset);
6851 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
6855 offset += 2; /* Skip Reserved */
6857 /* Build display for: Creation Time */
6859 CreationTime = GSHORT(pd, offset);
6863 proto_tree_add_text(tree, offset, 2, "Creation Time: %u", dissect_dos_time(CreationTime));
6867 offset += 2; /* Skip Creation Time */
6869 /* Build display for: Creation Date */
6871 CreationDate = GSHORT(pd, offset);
6875 proto_tree_add_text(tree, offset, 2, "Creation Date: %u", dissect_dos_date(CreationDate));
6879 offset += 2; /* Skip Creation Date */
6881 /* Build display for: Byte Count (BCC) */
6883 ByteCount = GSHORT(pd, offset);
6887 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6891 offset += 2; /* Skip Byte Count (BCC) */
6893 /* Build display for: Buffer Format */
6895 BufferFormat = GBYTE(pd, offset);
6899 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
6903 offset += 1; /* Skip Buffer Format */
6905 /* Build display for: Directory Name */
6907 DirectoryName = pd + offset;
6911 proto_tree_add_text(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
6915 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
6919 if (dirn == 0) { /* Response(s) dissect code */
6921 /* Build display for: Word Count (WCT) */
6923 WordCount = GBYTE(pd, offset);
6927 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6931 offset += 1; /* Skip Word Count (WCT) */
6933 if (WordCount > 0) {
6935 /* Build display for: FID */
6937 FID = GSHORT(pd, offset);
6941 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
6945 offset += 2; /* Skip FID */
6949 /* Build display for: Byte Count (BCC) */
6951 ByteCount = GSHORT(pd, offset);
6955 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6959 offset += 2; /* Skip Byte Count (BCC) */
6961 /* Build display for: Buffer Format */
6963 BufferFormat = GBYTE(pd, offset);
6967 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
6971 offset += 1; /* Skip Buffer Format */
6973 /* Build display for: File Name */
6975 FileName = pd + offset;
6979 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
6983 offset += strlen(FileName) + 1; /* Skip File Name */
6990 dissect_close_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6994 guint16 LastWriteTime;
6995 guint16 LastWriteDate;
6999 if (dirn == 1) { /* Request(s) dissect code */
7001 /* Build display for: Word Count (WCT) */
7003 WordCount = GBYTE(pd, offset);
7007 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7011 offset += 1; /* Skip Word Count (WCT) */
7013 /* Build display for: FID */
7015 FID = GSHORT(pd, offset);
7019 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
7023 offset += 2; /* Skip FID */
7025 /* Build display for: Last Write Time */
7027 LastWriteTime = GSHORT(pd, offset);
7031 proto_tree_add_text(tree, offset, 2, "Last Write Time: %u", dissect_dos_time(LastWriteTime));
7035 offset += 2; /* Skip Last Write Time */
7037 /* Build display for: Last Write Date */
7039 LastWriteDate = GSHORT(pd, offset);
7043 proto_tree_add_text(tree, offset, 2, "Last Write Date: %u", dissect_dos_date(LastWriteDate));
7047 offset += 2; /* Skip Last Write Date */
7049 /* Build display for: Byte Count (BCC) */
7051 ByteCount = GSHORT(pd, offset);
7055 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7059 offset += 2; /* Skip Byte Count (BCC) */
7063 if (dirn == 0) { /* Response(s) dissect code */
7065 /* Build display for: Word Count (WCT) */
7067 WordCount = GBYTE(pd, offset);
7071 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7075 offset += 1; /* Skip Word Count (WCT) */
7077 /* Build display for: Byte Count (BCC) */
7079 ByteCount = GSHORT(pd, offset);
7083 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7087 offset += 2; /* Skip Byte Count (BCC) */
7094 dissect_write_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7098 guint8 BufferFormat;
7103 if (dirn == 1) { /* Request(s) dissect code */
7105 /* Build display for: Word Count (WCT) */
7107 WordCount = GBYTE(pd, offset);
7111 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7115 offset += 1; /* Skip Word Count (WCT) */
7117 /* Build display for: FID */
7119 FID = GSHORT(pd, offset);
7123 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
7127 offset += 2; /* Skip FID */
7129 /* Build display for: Byte Count (BCC) */
7131 ByteCount = GSHORT(pd, offset);
7135 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7139 offset += 2; /* Skip Byte Count (BCC) */
7141 /* Build display for: Buffer Format */
7143 BufferFormat = GBYTE(pd, offset);
7147 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
7151 offset += 1; /* Skip Buffer Format */
7153 /* Build display for: Data Length */
7155 DataLength = GSHORT(pd, offset);
7159 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
7163 offset += 2; /* Skip Data Length */
7167 if (dirn == 0) { /* Response(s) dissect code */
7169 /* Build display for: Word Count (WCT) */
7171 WordCount = GBYTE(pd, offset);
7175 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7179 offset += 1; /* Skip Word Count (WCT) */
7181 /* Build display for: Byte Count (BCC) */
7183 ByteCount = GSHORT(pd, offset);
7187 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7191 offset += 2; /* Skip Byte Count (BCC) */
7198 dissect_lock_and_read_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7202 guint8 BufferFormat;
7214 if (dirn == 1) { /* Request(s) dissect code */
7216 /* Build display for: Word Count (WCT) */
7218 WordCount = GBYTE(pd, offset);
7222 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7226 offset += 1; /* Skip Word Count (WCT) */
7228 /* Build display for: FID */
7230 FID = GSHORT(pd, offset);
7234 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
7238 offset += 2; /* Skip FID */
7240 /* Build display for: Count */
7242 Count = GSHORT(pd, offset);
7246 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
7250 offset += 2; /* Skip Count */
7252 /* Build display for: Offset */
7254 Offset = GWORD(pd, offset);
7258 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
7262 offset += 4; /* Skip Offset */
7264 /* Build display for: Remaining */
7266 Remaining = GSHORT(pd, offset);
7270 proto_tree_add_text(tree, offset, 2, "Remaining: %u", Remaining);
7274 offset += 2; /* Skip Remaining */
7276 /* Build display for: Byte Count (BCC) */
7278 ByteCount = GSHORT(pd, offset);
7282 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7286 offset += 2; /* Skip Byte Count (BCC) */
7290 if (dirn == 0) { /* Response(s) dissect code */
7292 /* Build display for: Word Count (WCT) */
7294 WordCount = GBYTE(pd, offset);
7298 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7302 offset += 1; /* Skip Word Count (WCT) */
7304 if (WordCount > 0) {
7306 /* Build display for: Count */
7308 Count = GSHORT(pd, offset);
7312 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
7316 offset += 2; /* Skip Count */
7318 /* Build display for: Reserved 1 */
7320 Reserved1 = GSHORT(pd, offset);
7324 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
7328 offset += 2; /* Skip Reserved 1 */
7330 /* Build display for: Reserved 2 */
7332 Reserved2 = GSHORT(pd, offset);
7336 proto_tree_add_text(tree, offset, 2, "Reserved 2: %u", Reserved2);
7340 offset += 2; /* Skip Reserved 2 */
7342 /* Build display for: Reserved 3 */
7344 Reserved3 = GSHORT(pd, offset);
7348 proto_tree_add_text(tree, offset, 2, "Reserved 3: %u", Reserved3);
7352 offset += 2; /* Skip Reserved 3 */
7354 /* Build display for: Reserved 4 */
7356 Reserved4 = GSHORT(pd, offset);
7360 proto_tree_add_text(tree, offset, 2, "Reserved 4: %u", Reserved4);
7364 offset += 2; /* Skip Reserved 4 */
7366 /* Build display for: Byte Count (BCC) */
7368 ByteCount = GSHORT(pd, offset);
7372 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7378 offset += 2; /* Skip Byte Count (BCC) */
7380 /* Build display for: Buffer Format */
7382 BufferFormat = GBYTE(pd, offset);
7386 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
7390 offset += 1; /* Skip Buffer Format */
7392 /* Build display for: Data Length */
7394 DataLength = GSHORT(pd, offset);
7398 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
7402 offset += 2; /* Skip Data Length */
7409 dissect_process_exit_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7415 if (dirn == 1) { /* Request(s) dissect code */
7417 /* Build display for: Word Count (WCT) */
7419 WordCount = GBYTE(pd, offset);
7423 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7427 offset += 1; /* Skip Word Count (WCT) */
7429 /* Build display for: Byte Count (BCC) */
7431 ByteCount = GSHORT(pd, offset);
7435 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7439 offset += 2; /* Skip Byte Count (BCC) */
7443 if (dirn == 0) { /* Response(s) dissect code */
7445 /* Build display for: Word Count (WCT) */
7447 WordCount = GBYTE(pd, offset);
7451 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7455 offset += 1; /* Skip Word Count (WCT) */
7457 /* Build display for: Byte Count (BCC) */
7459 ByteCount = GSHORT(pd, offset);
7463 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7467 offset += 2; /* Skip Byte Count (BCC) */
7474 dissect_get_file_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7477 proto_tree *Attributes_tree;
7480 guint8 BufferFormat;
7487 guint16 LastWriteTime;
7488 guint16 LastWriteDate;
7491 const char *FileName;
7493 if (dirn == 1) { /* Request(s) dissect code */
7495 /* Build display for: Word Count (WCT) */
7497 WordCount = GBYTE(pd, offset);
7501 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7505 offset += 1; /* Skip Word Count (WCT) */
7507 /* Build display for: Byte Count (BCC) */
7509 ByteCount = GSHORT(pd, offset);
7513 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7517 offset += 2; /* Skip Byte Count (BCC) */
7519 /* Build display for: Buffer Format */
7521 BufferFormat = GBYTE(pd, offset);
7525 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
7529 offset += 1; /* Skip Buffer Format */
7531 /* Build display for: File Name */
7533 FileName = pd + offset;
7537 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
7541 offset += strlen(FileName) + 1; /* Skip File Name */
7545 if (dirn == 0) { /* Response(s) dissect code */
7547 /* Build display for: Word Count (WCT) */
7549 WordCount = GBYTE(pd, offset);
7553 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7557 offset += 1; /* Skip Word Count (WCT) */
7559 if (WordCount > 0) {
7561 /* Build display for: Attributes */
7563 Attributes = GSHORT(pd, offset);
7567 ti = proto_tree_add_text(tree, offset, 2, "Attributes: 0x%02x", Attributes);
7568 Attributes_tree = proto_item_add_subtree(ti, ett_smb_fileattributes);
7569 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7570 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
7571 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7572 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
7573 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7574 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
7575 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7576 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
7577 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7578 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
7579 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7580 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
7584 offset += 2; /* Skip Attributes */
7586 /* Build display for: Last Write Time */
7588 LastWriteTime = GSHORT(pd, offset);
7594 offset += 2; /* Skip Last Write Time */
7596 /* Build display for: Last Write Date */
7598 LastWriteDate = GSHORT(pd, offset);
7602 proto_tree_add_text(tree, offset, 2, "Last Write Date: %s", dissect_smbu_date(LastWriteDate, LastWriteTime));
7604 proto_tree_add_text(tree, offset, 2, "Last Write Time: %s", dissect_smbu_time(LastWriteDate, LastWriteTime));
7608 offset += 2; /* Skip Last Write Date */
7610 /* Build display for: File Size */
7612 FileSize = GWORD(pd, offset);
7616 proto_tree_add_text(tree, offset, 4, "File Size: %u", FileSize);
7620 offset += 4; /* Skip File Size */
7622 /* Build display for: Reserved 1 */
7624 Reserved1 = GSHORT(pd, offset);
7628 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
7632 offset += 2; /* Skip Reserved 1 */
7634 /* Build display for: Reserved 2 */
7636 Reserved2 = GSHORT(pd, offset);
7640 proto_tree_add_text(tree, offset, 2, "Reserved 2: %u", Reserved2);
7644 offset += 2; /* Skip Reserved 2 */
7646 /* Build display for: Reserved 3 */
7648 Reserved3 = GSHORT(pd, offset);
7652 proto_tree_add_text(tree, offset, 2, "Reserved 3: %u", Reserved3);
7656 offset += 2; /* Skip Reserved 3 */
7658 /* Build display for: Reserved 4 */
7660 Reserved4 = GSHORT(pd, offset);
7664 proto_tree_add_text(tree, offset, 2, "Reserved 4: %u", Reserved4);
7668 offset += 2; /* Skip Reserved 4 */
7670 /* Build display for: Reserved 5 */
7672 Reserved5 = GSHORT(pd, offset);
7676 proto_tree_add_text(tree, offset, 2, "Reserved 5: %u", Reserved5);
7680 offset += 2; /* Skip Reserved 5 */
7684 /* Build display for: Byte Count (BCC) */
7686 ByteCount = GSHORT(pd, offset);
7690 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7694 offset += 2; /* Skip Byte Count (BCC) */
7701 dissect_read_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7715 guint16 BufferFormat;
7717 if (dirn == 1) { /* Request(s) dissect code */
7719 /* Build display for: Word Count (WCT) */
7721 WordCount = GBYTE(pd, offset);
7725 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7729 offset += 1; /* Skip Word Count (WCT) */
7731 /* Build display for: FID */
7733 FID = GSHORT(pd, offset);
7737 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
7741 offset += 2; /* Skip FID */
7743 /* Build display for: Count */
7745 Count = GSHORT(pd, offset);
7749 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
7753 offset += 2; /* Skip Count */
7755 /* Build display for: Offset */
7757 Offset = GWORD(pd, offset);
7761 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
7765 offset += 4; /* Skip Offset */
7767 /* Build display for: Remaining */
7769 Remaining = GSHORT(pd, offset);
7773 proto_tree_add_text(tree, offset, 2, "Remaining: %u", Remaining);
7777 offset += 2; /* Skip Remaining */
7779 /* Build display for: Byte Count (BCC) */
7781 ByteCount = GSHORT(pd, offset);
7785 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7789 offset += 2; /* Skip Byte Count (BCC) */
7793 if (dirn == 0) { /* Response(s) dissect code */
7795 /* Build display for: Word Count (WCT) */
7797 WordCount = GBYTE(pd, offset);
7801 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7805 offset += 1; /* Skip Word Count (WCT) */
7807 if (WordCount > 0) {
7809 /* Build display for: Count */
7811 Count = GSHORT(pd, offset);
7815 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
7819 offset += 2; /* Skip Count */
7821 /* Build display for: Reserved 1 */
7823 Reserved1 = GSHORT(pd, offset);
7827 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
7831 offset += 2; /* Skip Reserved 1 */
7833 /* Build display for: Reserved 2 */
7835 Reserved2 = GSHORT(pd, offset);
7839 proto_tree_add_text(tree, offset, 2, "Reserved 2: %u", Reserved2);
7843 offset += 2; /* Skip Reserved 2 */
7845 /* Build display for: Reserved 3 */
7847 Reserved3 = GSHORT(pd, offset);
7851 proto_tree_add_text(tree, offset, 2, "Reserved 3: %u", Reserved3);
7855 offset += 2; /* Skip Reserved 3 */
7857 /* Build display for: Reserved 4 */
7859 Reserved4 = GSHORT(pd, offset);
7863 proto_tree_add_text(tree, offset, 2, "Reserved 4: %u", Reserved4);
7867 offset += 2; /* Skip Reserved 4 */
7871 /* Build display for: Byte Count (BCC) */
7873 ByteCount = GSHORT(pd, offset);
7877 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7881 offset += 2; /* Skip Byte Count (BCC) */
7883 /* Build display for: Buffer Format */
7885 BufferFormat = GSHORT(pd, offset);
7889 proto_tree_add_text(tree, offset, 2, "Buffer Format: %u", BufferFormat);
7893 offset += 2; /* Skip Buffer Format */
7895 /* Build display for: Data Length */
7897 DataLength = GSHORT(pd, offset);
7901 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
7905 offset += 2; /* Skip Data Length */
7912 dissect_write_mpx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7915 proto_tree *WriteMode_tree;
7920 guint32 ResponseMask;
7921 guint32 RequestMask;
7930 if (dirn == 1) { /* Request(s) dissect code */
7932 /* Build display for: Word Count (WCT) */
7934 WordCount = GBYTE(pd, offset);
7938 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7942 offset += 1; /* Skip Word Count (WCT) */
7944 /* Build display for: FID */
7946 FID = GSHORT(pd, offset);
7950 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
7954 offset += 2; /* Skip FID */
7956 /* Build display for: Count */
7958 Count = GSHORT(pd, offset);
7962 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
7966 offset += 2; /* Skip Count */
7968 /* Build display for: Reserved 1 */
7970 Reserved1 = GSHORT(pd, offset);
7974 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
7978 offset += 2; /* Skip Reserved 1 */
7980 /* Build display for: Timeout */
7982 Timeout = GWORD(pd, offset);
7986 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
7990 offset += 4; /* Skip Timeout */
7992 /* Build display for: WriteMode */
7994 WriteMode = GSHORT(pd, offset);
7998 ti = proto_tree_add_text(tree, offset, 2, "WriteMode: 0x%02x", WriteMode);
7999 WriteMode_tree = proto_item_add_subtree(ti, ett_smb_writemode);
8000 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
8001 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
8002 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
8003 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining", "Dont return Remaining"));
8004 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
8005 decode_boolean_bitfield(WriteMode, 0x40, 16, "Connectionless mode requested", "Connectionless mode not requested"));
8009 offset += 2; /* Skip WriteMode */
8011 /* Build display for: Request Mask */
8013 RequestMask = GWORD(pd, offset);
8017 proto_tree_add_text(tree, offset, 4, "Request Mask: %u", RequestMask);
8021 offset += 4; /* Skip Request Mask */
8023 /* Build display for: Data Length */
8025 DataLength = GSHORT(pd, offset);
8029 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
8033 offset += 2; /* Skip Data Length */
8035 /* Build display for: Data Offset */
8037 DataOffset = GSHORT(pd, offset);
8041 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
8045 offset += 2; /* Skip Data Offset */
8047 /* Build display for: Byte Count (BCC) */
8049 ByteCount = GSHORT(pd, offset);
8053 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
8057 offset += 2; /* Skip Byte Count (BCC) */
8059 /* Build display for: Pad */
8061 Pad = GBYTE(pd, offset);
8065 proto_tree_add_text(tree, offset, 1, "Pad: %u", Pad);
8069 offset += 1; /* Skip Pad */
8073 if (dirn == 0) { /* Response(s) dissect code */
8075 /* Build display for: Word Count (WCT) */
8077 WordCount = GBYTE(pd, offset);
8081 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
8085 offset += 1; /* Skip Word Count (WCT) */
8087 if (WordCount > 0) {
8089 /* Build display for: Response Mask */
8091 ResponseMask = GWORD(pd, offset);
8095 proto_tree_add_text(tree, offset, 4, "Response Mask: %u", ResponseMask);
8099 offset += 4; /* Skip Response Mask */
8101 /* Build display for: Byte Count (BCC) */
8103 ByteCount = GSHORT(pd, offset);
8107 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
8113 offset += 2; /* Skip Byte Count (BCC) */
8120 dissect_find_close2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8127 if (dirn == 1) { /* Request(s) dissect code */
8129 /* Build display for: Word Count (WTC) */
8131 WordCount = GBYTE(pd, offset);
8135 proto_tree_add_text(tree, offset, 1, "Word Count (WTC): %u", WordCount);
8139 offset += 1; /* Skip Word Count (WTC) */
8141 /* Build display for: FID */
8143 FID = GSHORT(pd, offset);
8147 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
8151 offset += 2; /* Skip FID */
8153 /* Build display for: Byte Count (BCC) */
8155 ByteCount = GSHORT(pd, offset);
8159 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
8163 offset += 2; /* Skip Byte Count (BCC) */
8167 if (dirn == 0) { /* Response(s) dissect code */
8169 /* Build display for: Word Count (WCT) */
8171 WordCount = GBYTE(pd, offset);
8175 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
8179 offset += 1; /* Skip Word Count (WCT) */
8181 /* Build display for: Byte Count (BCC) */
8183 ByteCount = GBYTE(pd, offset);
8187 proto_tree_add_text(tree, offset, 1, "Byte Count (BCC): %u", ByteCount);
8191 offset += 1; /* Skip Byte Count (BCC) */
8197 char *trans2_cmd_names[] = {
8199 "TRANS2_FIND_FIRST2",
8200 "TRANS2_FIND_NEXT2",
8201 "TRANS2_QUERY_FS_INFORMATION",
8202 "TRANS2_QUERY_PATH_INFORMATION",
8203 "TRANS2_SET_PATH_INFORMATION",
8204 "TRANS2_QUERY_FILE_INFORMATION",
8205 "TRANS2_SET_FILE_INFORMATION",
8208 "TRANS2_FIND_NOTIFY_FIRST",
8209 "TRANS2_FIND_NOTIFY_NEXT",
8210 "TRANS2_CREATE_DIRECTORY",
8211 "TRANS2_SESSION_SETUP",
8212 "TRANS2_GET_DFS_REFERRAL",
8214 "TRANS2_REPORT_DFS_INCONSISTENCY"};
8216 char *decode_trans2_name(int code)
8219 if (code > 17 || code < 0) {
8221 return("no such command");
8225 return trans2_cmd_names[code];
8229 guint32 dissect_mailslot_smb(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info, int, int, int, int, const u_char *, int, int);
8232 dissect_transact2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8235 proto_tree *Flags_tree;
8243 guint8 MaxSetupCount;
8246 guint16 TotalParameterCount;
8247 guint16 TotalDataCount;
8250 guint16 ParameterOffset;
8251 guint16 ParameterDisplacement;
8252 guint16 ParameterCount;
8253 guint16 MaxParameterCount;
8254 guint16 MaxDataCount;
8257 guint16 DataDisplacement;
8260 conversation_t *conversation;
8261 struct smb_request_key request_key, *new_request_key;
8262 struct smb_request_val *request_val;
8265 * Find out what conversation this packet is part of.
8266 * XXX - this should really be done by the transport-layer protocol,
8267 * although for connectionless transports, we may not want to do that
8268 * unless we know some higher-level protocol will want it - or we
8269 * may want to do it, so you can say e.g. "show only the packets in
8270 * this UDP 'connection'".
8272 * Note that we don't have to worry about the direction this packet
8273 * was going - the conversation code handles that for us, treating
8274 * packets from A:X to B:Y as being part of the same conversation as
8275 * packets from B:Y to A:X.
8277 conversation = find_conversation(&pi.src, &pi.dst, pi.ptype,
8278 pi.srcport, pi.destport);
8279 if (conversation == NULL) {
8280 /* It's not part of any conversation - create a new one. */
8281 conversation = conversation_new(&pi.src, &pi.dst, pi.ptype,
8282 pi.srcport, pi.destport, NULL);
8286 * Check for and insert entry in request hash table if does not exist
8288 request_key.conversation = conversation->index;
8289 request_key.mid = si.mid;
8291 request_val = (struct smb_request_val *) g_hash_table_lookup(smb_request_hash, &request_key);
8293 if (!request_val) { /* Create one */
8295 new_request_key = g_mem_chunk_alloc(smb_request_keys);
8296 new_request_key -> conversation = conversation->index;
8297 new_request_key -> mid = si.mid;
8299 request_val = g_mem_chunk_alloc(smb_request_vals);
8300 request_val -> mid = si.mid;
8301 request_val -> last_transact2_command = 0xFFFF;
8303 g_hash_table_insert(smb_request_hash, new_request_key, request_val);
8306 else { /* Update the transact request */
8308 request_val -> mid = si.mid;
8313 if (dirn == 1) { /* Request(s) dissect code */
8315 /* Build display for: Word Count (WCT) */
8317 WordCount = GBYTE(pd, offset);
8321 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
8325 offset += 1; /* Skip Word Count (WCT) */
8327 /* Build display for: Total Parameter Count */
8329 TotalParameterCount = GSHORT(pd, offset);
8333 proto_tree_add_text(tree, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
8337 offset += 2; /* Skip Total Parameter Count */
8339 /* Build display for: Total Data Count */
8341 TotalDataCount = GSHORT(pd, offset);
8345 proto_tree_add_text(tree, offset, 2, "Total Data Count: %u", TotalDataCount);
8349 offset += 2; /* Skip Total Data Count */
8351 /* Build display for: Max Parameter Count */
8353 MaxParameterCount = GSHORT(pd, offset);
8357 proto_tree_add_text(tree, offset, 2, "Max Parameter Count: %u", MaxParameterCount);
8361 offset += 2; /* Skip Max Parameter Count */
8363 /* Build display for: Max Data Count */
8365 MaxDataCount = GSHORT(pd, offset);
8369 proto_tree_add_text(tree, offset, 2, "Max Data Count: %u", MaxDataCount);
8373 offset += 2; /* Skip Max Data Count */
8375 /* Build display for: Max Setup Count */
8377 MaxSetupCount = GBYTE(pd, offset);
8381 proto_tree_add_text(tree, offset, 1, "Max Setup Count: %u", MaxSetupCount);
8385 offset += 1; /* Skip Max Setup Count */
8387 /* Build display for: Reserved1 */
8389 Reserved1 = GBYTE(pd, offset);
8393 proto_tree_add_text(tree, offset, 1, "Reserved1: %u", Reserved1);
8397 offset += 1; /* Skip Reserved1 */
8399 /* Build display for: Flags */
8401 Flags = GSHORT(pd, offset);
8405 ti = proto_tree_add_text(tree, offset, 2, "Flags: 0x%02x", Flags);
8406 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
8407 proto_tree_add_text(Flags_tree, offset, 2, "%s",
8408 decode_boolean_bitfield(Flags, 0x01, 16, "Also disconnect TID", "Dont disconnect TID"));
8409 proto_tree_add_text(Flags_tree, offset, 2, "%s",
8410 decode_boolean_bitfield(Flags, 0x02, 16, "One way transaction", "Two way transaction"));
8414 offset += 2; /* Skip Flags */
8416 /* Build display for: Timeout */
8418 Timeout = GWORD(pd, offset);
8422 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
8426 offset += 4; /* Skip Timeout */
8428 /* Build display for: Reserved2 */
8430 Reserved2 = GSHORT(pd, offset);
8434 proto_tree_add_text(tree, offset, 2, "Reserved2: %u", Reserved2);
8438 offset += 2; /* Skip Reserved2 */
8440 /* Build display for: Parameter Count */
8442 ParameterCount = GSHORT(pd, offset);
8446 proto_tree_add_text(tree, offset, 2, "Parameter Count: %u", ParameterCount);
8450 offset += 2; /* Skip Parameter Count */
8452 /* Build display for: Parameter Offset */
8454 ParameterOffset = GSHORT(pd, offset);
8458 proto_tree_add_text(tree, offset, 2, "Parameter Offset: %u", ParameterOffset);
8462 offset += 2; /* Skip Parameter Offset */
8464 /* Build display for: Data Count */
8466 DataCount = GSHORT(pd, offset);
8470 proto_tree_add_text(tree, offset, 2, "Data Count: %u", DataCount);
8474 offset += 2; /* Skip Data Count */
8476 /* Build display for: Data Offset */
8478 DataOffset = GSHORT(pd, offset);
8482 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
8486 offset += 2; /* Skip Data Offset */
8488 /* Build display for: Setup Count */
8490 SetupCount = GBYTE(pd, offset);
8494 proto_tree_add_text(tree, offset, 1, "Setup Count: %u", SetupCount);
8498 offset += 1; /* Skip Setup Count */
8500 /* Build display for: Reserved3 */
8502 Reserved3 = GBYTE(pd, offset);
8506 proto_tree_add_text(tree, offset, 1, "Reserved3: %u", Reserved3);
8510 offset += 1; /* Skip Reserved3 */
8512 /* Build display for: Setup */
8514 if (SetupCount > 0) {
8518 Setup = GSHORT(pd, offset);
8520 request_val -> last_transact2_command = Setup; /* Save for later */
8522 if (check_col(fd, COL_INFO)) {
8524 col_add_fstr(fd, COL_INFO, "%s %s", decode_trans2_name(Setup), (dirn ? "Request" : "Response"));
8528 for (i = 1; i <= SetupCount; i++) {
8531 Setup1 = GSHORT(pd, offset);
8535 proto_tree_add_text(tree, offset, 2, "Setup%i: %u", i, Setup1);
8539 offset += 2; /* Skip Setup */
8545 /* Build display for: Byte Count (BCC) */
8547 ByteCount = GSHORT(pd, offset);
8551 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
8555 offset += 2; /* Skip Byte Count (BCC) */
8557 /* Build display for: Transact Name */
8561 proto_tree_add_text(tree, offset, 2, "Transact Name: %s", decode_trans2_name(Setup));
8567 /* Build display for: Pad1 */
8569 Pad1 = GBYTE(pd, offset);
8573 proto_tree_add_text(tree, offset, 1, "Pad1: %u", Pad1);
8577 offset += 1; /* Skip Pad1 */
8581 if (ParameterCount > 0) {
8583 /* Build display for: Parameters */
8587 proto_tree_add_text(tree, SMB_offset + ParameterOffset, ParameterCount, "Parameters: %s", format_text(pd + SMB_offset + ParameterOffset, ParameterCount));
8591 offset += ParameterCount; /* Skip Parameters */
8597 /* Build display for: Pad2 */
8599 Pad2 = GBYTE(pd, offset);
8603 proto_tree_add_text(tree, offset, 1, "Pad2: %u", Pad2);
8607 offset += 1; /* Skip Pad2 */
8611 if (DataCount > 0) {
8613 /* Build display for: Data */
8615 Data = GBYTE(pd, offset);
8619 proto_tree_add_text(tree, SMB_offset + DataOffset, DataCount, "Data: %s", format_text(&pd[offset], DataCount));
8623 offset += DataCount; /* Skip Data */
8628 if (dirn == 0) { /* Response(s) dissect code */
8630 /* Pick up the last transact2 command and put it in the right places */
8632 if (check_col(fd, COL_INFO)) {
8634 col_add_fstr(fd, COL_INFO, "%s %s", decode_trans2_name(request_val -> last_transact2_command), "response");
8638 /* Build display for: Word Count (WCT) */
8640 WordCount = GBYTE(pd, offset);
8644 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
8648 offset += 1; /* Skip Word Count (WCT) */
8650 /* Build display for: Total Parameter Count */
8652 TotalParameterCount = GSHORT(pd, offset);
8656 proto_tree_add_text(tree, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
8660 offset += 2; /* Skip Total Parameter Count */
8662 /* Build display for: Total Data Count */
8664 TotalDataCount = GSHORT(pd, offset);
8668 proto_tree_add_text(tree, offset, 2, "Total Data Count: %u", TotalDataCount);
8672 offset += 2; /* Skip Total Data Count */
8674 /* Build display for: Reserved2 */
8676 Reserved2 = GSHORT(pd, offset);
8680 proto_tree_add_text(tree, offset, 2, "Reserved2: %u", Reserved2);
8684 offset += 2; /* Skip Reserved2 */
8686 /* Build display for: Parameter Count */
8688 ParameterCount = GSHORT(pd, offset);
8692 proto_tree_add_text(tree, offset, 2, "Parameter Count: %u", ParameterCount);
8696 offset += 2; /* Skip Parameter Count */
8698 /* Build display for: Parameter Offset */
8700 ParameterOffset = GSHORT(pd, offset);
8704 proto_tree_add_text(tree, offset, 2, "Parameter Offset: %u", ParameterOffset);
8708 offset += 2; /* Skip Parameter Offset */
8710 /* Build display for: Parameter Displacement */
8712 ParameterDisplacement = GSHORT(pd, offset);
8716 proto_tree_add_text(tree, offset, 2, "Parameter Displacement: %u", ParameterDisplacement);
8720 offset += 2; /* Skip Parameter Displacement */
8722 /* Build display for: Data Count */
8724 DataCount = GSHORT(pd, offset);
8728 proto_tree_add_text(tree, offset, 2, "Data Count: %u", DataCount);
8732 offset += 2; /* Skip Data Count */
8734 /* Build display for: Data Offset */
8736 DataOffset = GSHORT(pd, offset);
8740 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
8744 offset += 2; /* Skip Data Offset */
8746 /* Build display for: Data Displacement */
8748 DataDisplacement = GSHORT(pd, offset);
8752 proto_tree_add_text(tree, offset, 2, "Data Displacement: %u", DataDisplacement);
8756 offset += 2; /* Skip Data Displacement */
8758 /* Build display for: Setup Count */
8760 SetupCount = GBYTE(pd, offset);
8764 proto_tree_add_text(tree, offset, 1, "Setup Count: %u", SetupCount);
8768 offset += 1; /* Skip Setup Count */
8770 /* Build display for: Reserved3 */
8772 Reserved3 = GBYTE(pd, offset);
8776 proto_tree_add_text(tree, offset, 1, "Reserved3: %u", Reserved3);
8780 offset += 1; /* Skip Reserved3 */
8782 /* Build display for: Setup */
8784 Setup = GSHORT(pd, offset);
8788 proto_tree_add_text(tree, offset, 2, "Setup: %u", Setup);
8792 offset += 2; /* Skip Setup */
8794 /* Build display for: Byte Count (BCC) */
8796 ByteCount = GSHORT(pd, offset);
8800 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
8804 offset += 2; /* Skip Byte Count (BCC) */
8806 /* Build display for: Pad1 */
8808 Pad1 = GBYTE(pd, offset);
8812 proto_tree_add_text(tree, offset, 1, "Pad1: %u", Pad1);
8816 offset += 1; /* Skip Pad1 */
8818 /* Build display for: Parameter */
8820 if (ParameterCount > 0) {
8824 proto_tree_add_text(tree, offset, ParameterCount, "Parameter: %s", format_text(pd + SMB_offset + ParameterOffset, ParameterCount));
8828 offset += ParameterCount; /* Skip Parameter */
8832 /* Build display for: Pad2 */
8834 Pad2 = GBYTE(pd, offset);
8838 proto_tree_add_text(tree, offset, 1, "Pad2: %u", Pad2);
8842 offset += 1; /* Skip Pad2 */
8844 /* Build display for: Data */
8846 if (DataCount > 0) {
8850 proto_tree_add_text(tree, offset, DataCount, "Data: %s", format_text(pd + SMB_offset + DataOffset, DataCount));
8854 offset += DataCount; /* Skip Data */
8863 dissect_transact_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8866 proto_tree *Flags_tree;
8875 guint8 MaxSetupCount;
8878 guint16 TotalParameterCount;
8879 guint16 TotalDataCount;
8882 guint16 ParameterOffset;
8883 guint16 ParameterDisplacement;
8884 guint16 ParameterCount;
8885 guint16 MaxParameterCount;
8886 guint16 MaxDataCount;
8889 guint16 DataDisplacement;
8892 const char *TransactName;
8893 char *TransactNameCopy;
8895 char *trans_cmd, *loc_of_slash;
8897 conversation_t *conversation;
8898 struct smb_request_key request_key, *new_request_key;
8899 struct smb_request_val *request_val;
8902 * Find out what conversation this packet is part of
8905 conversation = find_conversation(&pi.src, &pi.dst, pi.ptype,
8906 pi.srcport, pi.destport);
8908 if (conversation == NULL) { /* Create a new conversation */
8910 conversation = conversation_new(&pi.src, &pi.dst, pi.ptype,
8911 pi.srcport, pi.destport, NULL);
8916 * Check for and insert entry in request hash table if does not exist
8918 request_key.conversation = conversation->index;
8919 request_key.mid = si.mid;
8921 request_val = (struct smb_request_val *) g_hash_table_lookup(smb_request_hash, &request_key);
8923 if (!request_val) { /* Create one */
8925 new_request_key = g_mem_chunk_alloc(smb_request_keys);
8926 new_request_key -> conversation = conversation -> index;
8927 new_request_key -> mid = si.mid;
8929 request_val = g_mem_chunk_alloc(smb_request_vals);
8930 request_val -> mid = si.mid;
8931 request_val -> last_transact_command = NULL;
8933 g_hash_table_insert(smb_request_hash, new_request_key, request_val);
8937 if (dirn == 1) { /* Request(s) dissect code */
8939 /* Build display for: Word Count (WCT) */
8941 WordCount = GBYTE(pd, offset);
8945 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
8949 offset += 1; /* Skip Word Count (WCT) */
8951 /* Build display for: Total Parameter Count */
8953 TotalParameterCount = GSHORT(pd, offset);
8957 proto_tree_add_text(tree, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
8961 offset += 2; /* Skip Total Parameter Count */
8963 /* Build display for: Total Data Count */
8965 TotalDataCount = GSHORT(pd, offset);
8969 proto_tree_add_text(tree, offset, 2, "Total Data Count: %u", TotalDataCount);
8973 offset += 2; /* Skip Total Data Count */
8975 /* Build display for: Max Parameter Count */
8977 MaxParameterCount = GSHORT(pd, offset);
8981 proto_tree_add_text(tree, offset, 2, "Max Parameter Count: %u", MaxParameterCount);
8985 offset += 2; /* Skip Max Parameter Count */
8987 /* Build display for: Max Data Count */
8989 MaxDataCount = GSHORT(pd, offset);
8993 proto_tree_add_text(tree, offset, 2, "Max Data Count: %u", MaxDataCount);
8997 offset += 2; /* Skip Max Data Count */
8999 /* Build display for: Max Setup Count */
9001 MaxSetupCount = GBYTE(pd, offset);
9005 proto_tree_add_text(tree, offset, 1, "Max Setup Count: %u", MaxSetupCount);
9009 offset += 1; /* Skip Max Setup Count */
9011 /* Build display for: Reserved1 */
9013 Reserved1 = GBYTE(pd, offset);
9017 proto_tree_add_text(tree, offset, 1, "Reserved1: %u", Reserved1);
9021 offset += 1; /* Skip Reserved1 */
9023 /* Build display for: Flags */
9025 Flags = GSHORT(pd, offset);
9029 ti = proto_tree_add_text(tree, offset, 2, "Flags: 0x%02x", Flags);
9030 Flags_tree = proto_item_add_subtree(ti, ett_smb_flags);
9031 proto_tree_add_text(Flags_tree, offset, 2, "%s",
9032 decode_boolean_bitfield(Flags, 0x01, 16, "Also disconnect TID", "Dont disconnect TID"));
9033 proto_tree_add_text(Flags_tree, offset, 2, "%s",
9034 decode_boolean_bitfield(Flags, 0x02, 16, "One way transaction", "Two way transaction"));
9038 offset += 2; /* Skip Flags */
9040 /* Build display for: Timeout */
9042 Timeout = GWORD(pd, offset);
9046 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
9050 offset += 4; /* Skip Timeout */
9052 /* Build display for: Reserved2 */
9054 Reserved2 = GSHORT(pd, offset);
9058 proto_tree_add_text(tree, offset, 2, "Reserved2: %u", Reserved2);
9062 offset += 2; /* Skip Reserved2 */
9064 /* Build display for: Parameter Count */
9066 ParameterCount = GSHORT(pd, offset);
9070 proto_tree_add_text(tree, offset, 2, "Parameter Count: %u", ParameterCount);
9074 offset += 2; /* Skip Parameter Count */
9076 /* Build display for: Parameter Offset */
9078 ParameterOffset = GSHORT(pd, offset);
9082 proto_tree_add_text(tree, offset, 2, "Parameter Offset: %u", ParameterOffset);
9086 offset += 2; /* Skip Parameter Offset */
9088 /* Build display for: Data Count */
9090 DataCount = GSHORT(pd, offset);
9094 proto_tree_add_text(tree, offset, 2, "Data Count: %u", DataCount);
9098 offset += 2; /* Skip Data Count */
9100 /* Build display for: Data Offset */
9102 DataOffset = GSHORT(pd, offset);
9106 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
9110 offset += 2; /* Skip Data Offset */
9112 /* Build display for: Setup Count */
9114 SetupCount = GBYTE(pd, offset);
9118 proto_tree_add_text(tree, offset, 1, "Setup Count: %u", SetupCount);
9122 offset += 1; /* Skip Setup Count */
9124 /* Build display for: Reserved3 */
9126 Reserved3 = GBYTE(pd, offset);
9130 proto_tree_add_text(tree, offset, 1, "Reserved3: %u", Reserved3);
9134 offset += 1; /* Skip Reserved3 */
9136 /* Build display for: Setup */
9138 if (SetupCount > 0) {
9142 Setup = GSHORT(pd, offset);
9144 for (i = 1; i <= SetupCount; i++) {
9146 Setup = GSHORT(pd, offset);
9150 proto_tree_add_text(tree, offset, 2, "Setup%i: %u", i, Setup);
9154 offset += 2; /* Skip Setup */
9160 /* Build display for: Byte Count (BCC) */
9162 ByteCount = GSHORT(pd, offset);
9166 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
9170 offset += 2; /* Skip Byte Count (BCC) */
9172 /* Build display for: Transact Name */
9174 TransactName = pd + offset;
9176 if (request_val -> last_transact_command) g_free(request_val -> last_transact_command);
9178 request_val -> last_transact_command = g_malloc(strlen(TransactName) + 1);
9180 if (request_val -> last_transact_command)
9181 strcpy(request_val -> last_transact_command, TransactName);
9183 if (check_col(fd, COL_INFO)) {
9185 col_add_fstr(fd, COL_INFO, "%s %s", TransactName, (dirn ? "Request" : "Response"));
9191 proto_tree_add_text(tree, offset, strlen(TransactName) + 1, "Transact Name: %s", TransactName);
9195 offset += strlen(TransactName) + 1; /* Skip Transact Name */
9199 /* Build display for: Pad1 */
9201 Pad1 = GBYTE(pd, offset);
9205 proto_tree_add_text(tree, offset, 1, "Pad1: %u", Pad1);
9209 offset += 1; /* Skip Pad1 */
9213 /* Let's see if we can decode this */
9215 TransactNameCopy = g_malloc(strlen(TransactName) + 1);
9217 /* Bad, check for error? */
9219 strcpy(TransactNameCopy, TransactName);
9220 trans_type = TransactNameCopy + 1; /* Skip the slash */
9221 loc_of_slash = strchr(trans_type, '\\');
9223 index = loc_of_slash - trans_type; /* Make it a real index */
9224 trans_cmd = trans_type + index + 1;
9225 trans_type[index] = '\0';
9230 if (!strcmp(trans_type, "MAILSLOT") &&
9231 !dissect_mailslot_smb(pd, offset, fd, parent, tree, si, max_data, SMB_offset, errcode, dirn, trans_cmd, SMB_offset + DataOffset, DataCount)) {
9233 if (ParameterCount > 0) {
9235 /* Build display for: Parameters */
9239 proto_tree_add_text(tree, SMB_offset + ParameterOffset, ParameterCount, "Parameters: %s", format_text(pd + SMB_offset + ParameterOffset, ParameterCount));
9243 offset += ParameterCount; /* Skip Parameters */
9249 /* Build display for: Pad2 */
9251 Pad2 = GBYTE(pd, offset);
9255 proto_tree_add_text(tree, offset, 1, "Pad2: %u", Pad2);
9259 offset += 1; /* Skip Pad2 */
9263 if (DataCount > 0) {
9265 /* Build display for: Data */
9267 Data = GBYTE(pd, offset);
9271 proto_tree_add_text(tree, SMB_offset + DataOffset, DataCount, "Data: %s", format_text(pd + SMB_offset + DataOffset, DataCount));
9275 offset += DataCount; /* Skip Data */
9281 if (dirn == 0) { /* Response(s) dissect code */
9283 if (check_col(fd, COL_INFO)) {
9285 col_add_fstr(fd, COL_INFO, "%s %s", request_val -> last_transact_command, "Response");
9289 /* Build display for: Word Count (WCT) */
9291 WordCount = GBYTE(pd, offset);
9295 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
9299 offset += 1; /* Skip Word Count (WCT) */
9301 /* Build display for: Total Parameter Count */
9303 TotalParameterCount = GSHORT(pd, offset);
9307 proto_tree_add_text(tree, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
9311 offset += 2; /* Skip Total Parameter Count */
9313 /* Build display for: Total Data Count */
9315 TotalDataCount = GSHORT(pd, offset);
9319 proto_tree_add_text(tree, offset, 2, "Total Data Count: %u", TotalDataCount);
9323 offset += 2; /* Skip Total Data Count */
9325 /* Build display for: Reserved2 */
9327 Reserved2 = GSHORT(pd, offset);
9331 proto_tree_add_text(tree, offset, 2, "Reserved2: %u", Reserved2);
9335 offset += 2; /* Skip Reserved2 */
9337 /* Build display for: Parameter Count */
9339 ParameterCount = GSHORT(pd, offset);
9343 proto_tree_add_text(tree, offset, 2, "Parameter Count: %u", ParameterCount);
9347 offset += 2; /* Skip Parameter Count */
9349 /* Build display for: Parameter Offset */
9351 ParameterOffset = GSHORT(pd, offset);
9355 proto_tree_add_text(tree, offset, 2, "Parameter Offset: %u", ParameterOffset);
9359 offset += 2; /* Skip Parameter Offset */
9361 /* Build display for: Parameter Displacement */
9363 ParameterDisplacement = GSHORT(pd, offset);
9367 proto_tree_add_text(tree, offset, 2, "Parameter Displacement: %u", ParameterDisplacement);
9371 offset += 2; /* Skip Parameter Displacement */
9373 /* Build display for: Data Count */
9375 DataCount = GSHORT(pd, offset);
9379 proto_tree_add_text(tree, offset, 2, "Data Count: %u", DataCount);
9383 offset += 2; /* Skip Data Count */
9385 /* Build display for: Data Offset */
9387 DataOffset = GSHORT(pd, offset);
9391 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
9395 offset += 2; /* Skip Data Offset */
9397 /* Build display for: Data Displacement */
9399 DataDisplacement = GSHORT(pd, offset);
9403 proto_tree_add_text(tree, offset, 2, "Data Displacement: %u", DataDisplacement);
9407 offset += 2; /* Skip Data Displacement */
9409 /* Build display for: Setup Count */
9411 SetupCount = GBYTE(pd, offset);
9415 proto_tree_add_text(tree, offset, 1, "Setup Count: %u", SetupCount);
9419 offset += 1; /* Skip Setup Count */
9421 /* Build display for: Reserved3 */
9423 Reserved3 = GBYTE(pd, offset);
9427 proto_tree_add_text(tree, offset, 1, "Reserved3: %u", Reserved3);
9431 offset += 1; /* Skip Reserved3 */
9433 /* Build display for: Setup */
9435 if (SetupCount > 0) {
9437 /* Hmmm, should code for all setup words ... */
9439 Setup = GSHORT(pd, offset);
9443 proto_tree_add_text(tree, offset, 2, "Setup: %u", Setup);
9447 offset += 2; /* Skip Setup */
9451 /* Build display for: Byte Count (BCC) */
9453 ByteCount = GSHORT(pd, offset);
9457 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
9461 offset += 2; /* Skip Byte Count (BCC) */
9463 /* Build display for: Pad1 */
9465 Pad1 = GBYTE(pd, offset);
9469 proto_tree_add_text(tree, offset, 1, "Pad1: %u", Pad1);
9473 offset += 1; /* Skip Pad1 */
9475 /* Build display for: Parameter */
9477 Parameter = GBYTE(pd, offset);
9481 proto_tree_add_text(tree, offset, ParameterCount, "Parameters: %s", format_text(pd + SMB_offset + ParameterOffset, ParameterCount));
9485 offset += 1; /* Skip Parameter */
9487 /* Build display for: Pad2 */
9489 Pad2 = GBYTE(pd, offset);
9493 proto_tree_add_text(tree, offset, 1, "Pad2: %u", Pad2);
9497 offset += 1; /* Skip Pad2 */
9499 /* Build display for: Data */
9501 if (DataCount > 0) {
9505 proto_tree_add_text(tree, offset, DataCount, "Data: %s", format_text(pd + SMB_offset + DataOffset, DataCount));
9509 offset += DataCount; /* Skip Data */
9518 * The routines for mailslot and pipe dissecting should be migrated to another
9522 char *browse_commands[] =
9523 { "Error, No such command!", /* Value 0 */
9524 "Host Announcement", /* Value 1 */
9525 "Request Announcement", /* Value 2 */
9526 "Error, No such command!", /* Value 3 */
9527 "Error, No such command!", /* Value 4 */
9528 "Error, No such command!", /* Value 5 */
9529 "Error, No such command!", /* Value 6 */
9530 "Error, No such command!", /* Value 7 */
9531 "Browser Election Request", /* Value 8 */
9532 "Get Backup List Request", /* Value 9 */
9533 "Get Backup List Response", /* Value 10 */
9534 "Become Backup Browser", /* Value 11 */
9535 "Domain/Workgroup Announcement", /* Value 12 */
9536 "Master Announcement", /* Value 13 */
9537 "Error! No such command", /* Value 14 */
9538 "Local Master Announcement" /* Value 15 */
9541 #define HOST_ANNOUNCE 1
9542 #define REQUEST_ANNOUNCE 2
9543 #define BROWSER_ELECTION 8
9544 #define GETBACKUPLISTREQ 9
9545 #define GETBACKUPLISTRESP 10
9546 #define BECOMEBACKUPBROWSER 11
9547 #define DOMAINANNOUNCEMENT 12
9548 #define MASTERANNOUNCEMENT 13
9549 #define LOCALMASTERANNOUNC 15
9551 char *svr_types[32] = {
9555 "Domain Controller",
9556 "Backup Controller",
9560 "Domain Member Server",
9561 "Print Queue Server",
9565 "Windows for Workgroups",
9566 "Unknown Server - FIXME",
9568 "Potential Browser",
9571 "Domain Master Browser",
9574 "Windows 95 or above",
9587 dissect_mailslot_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *parent, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn, const u_char *command, int DataOffset, int DataCount)
9591 guint8 VersionMajor;
9592 guint8 VersionMinor;
9593 guint32 Periodicity;
9595 guint16 SigConstant;
9597 guint8 BackupServerCount;
9600 guint8 ElectionVersion;
9601 guint32 ElectionCriteria;
9602 guint32 ServerUpTime;
9603 const char *ServerName;
9604 const char *ServerComment;
9605 proto_tree *browse_tree = NULL, *flags_tree = NULL;
9607 guint32 loc_offset = DataOffset, count = 0;
9609 if (strcmp(command, "BROWSE") == 0) { /* Decode a browse */
9611 if (check_col(fd, COL_PROTOCOL))
9612 col_add_str(fd, COL_PROTOCOL, "BROWSER");
9614 if (check_col(fd, COL_INFO)) /* Put in something, and replace it later */
9615 col_add_str(fd, COL_INFO, "Browse Announcement");
9618 * Now, decode the browse request
9621 OpCode = GBYTE(pd, loc_offset);
9623 if (check_col(fd, COL_INFO))
9624 col_add_fstr(fd, COL_INFO, (OpCode > (sizeof(browse_commands)/sizeof(char *))) ? "Error, No Such Command:%u" : browse_commands[OpCode], OpCode);
9626 if (tree) { /* Add the browse tree */
9628 ti = proto_tree_add_item(parent, proto_browse, DataOffset, DataCount, NULL);
9629 browse_tree = proto_item_add_subtree(ti, ett_browse);
9631 proto_tree_add_text(browse_tree, loc_offset, 1, "OpCode: %s", (OpCode > (sizeof(browse_commands)/sizeof(char *))) ? "Error, No Such Command" : browse_commands[OpCode]);
9635 loc_offset += 1; /* Skip the OpCode */
9639 case DOMAINANNOUNCEMENT:
9640 case LOCALMASTERANNOUNC:
9643 UpdateCount = GBYTE(pd, loc_offset);
9647 proto_tree_add_text(browse_tree, loc_offset, 1, "Update Count: %u", UpdateCount);
9651 loc_offset += 1; /* Skip the Update Count */
9653 Periodicity = GWORD(pd, loc_offset + 2);
9657 proto_tree_add_text(browse_tree, loc_offset, 4, "Update Periodicity: %u mSec", Periodicity >> 16);
9663 ServerName = pd + loc_offset;
9667 proto_tree_add_text(browse_tree, loc_offset, 16, (OpCode == DOMAINANNOUNCEMENT) ? "Domain/WorkGroup: %s": "Host Name: %s", ServerName);
9673 VersionMajor = GBYTE(pd, loc_offset);
9677 proto_tree_add_text(browse_tree, loc_offset, 1, "Major Version: %u", VersionMajor);
9683 VersionMinor = GBYTE(pd, loc_offset);
9687 proto_tree_add_text(browse_tree, loc_offset, 1, "Minor Version: %u", VersionMinor);
9693 ServerType = GWORD(pd, loc_offset);
9697 ti = proto_tree_add_text(browse_tree, loc_offset, 4, "Server Type: 0x%04x", ServerType);
9698 flags_tree = proto_item_add_subtree(ti, ett_browse_flags);
9699 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9700 decode_boolean_bitfield(ServerType, 0x0001, 32, "Workstation", "Not Workstation"));
9701 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9702 decode_boolean_bitfield(ServerType, 0x0002, 32, "Server", "Not Server"));
9703 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9704 decode_boolean_bitfield(ServerType, 0x0004, 32, "SQL Server", "Not SQL Server"));
9705 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9706 decode_boolean_bitfield(ServerType, 0x0008, 32, "Domain Controller", "Not Domain Controller"));
9707 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9708 decode_boolean_bitfield(ServerType, 0x0010, 32, "Backup Controller", "Not Backup Controller"));
9709 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9710 decode_boolean_bitfield(ServerType, 0x0020, 32, "Time Source", "Not Time Source"));
9711 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9712 decode_boolean_bitfield(ServerType, 0x0040, 32, "Apple Server", "Not Apple Server"));
9713 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9714 decode_boolean_bitfield(ServerType, 0x0080, 32, "Novell Server", "Not Novell Server"));
9715 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9716 decode_boolean_bitfield(ServerType, 0x0100, 32, "Domain Member Server", "Not Domain Member Server"));
9717 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9718 decode_boolean_bitfield(ServerType, 0x0200, 32, "Print Queue Server", "Not Print Queue Server"));
9719 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9720 decode_boolean_bitfield(ServerType, 0x0400, 32, "Dialin Server", "Not Dialin Server"));
9721 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9722 decode_boolean_bitfield(ServerType, 0x0800, 32, "Xenix Server", "Not Xenix Server"));
9723 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9724 decode_boolean_bitfield(ServerType, 0x1000, 32, "NT Workstation", "Not NT Workstation"));
9725 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9726 decode_boolean_bitfield(ServerType, 0x2000, 32, "Windows for Workgroups", "Not Windows for Workgroups"));
9727 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9728 decode_boolean_bitfield(ServerType, 0x8000, 32, "NT Server", "Not NT Server"));
9729 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9730 decode_boolean_bitfield(ServerType, 0x10000, 32, "Potential Browser", "Not Potential Browser"));
9731 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9732 decode_boolean_bitfield(ServerType, 0x20000, 32, "Backup Browser", "Not Backup Browser"));
9733 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9734 decode_boolean_bitfield(ServerType, 0x40000, 32, "Master Browser", "Not Master Browser"));
9735 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9736 decode_boolean_bitfield(ServerType, 0x80000, 32, "Domain Master Browser", "Not Domain Master Browser"));
9737 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9738 decode_boolean_bitfield(ServerType, 0x100000, 32, "OSF", "Not OSF"));
9739 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9740 decode_boolean_bitfield(ServerType, 0x200000, 32, "VMS", "Not VMS"));
9741 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9742 decode_boolean_bitfield(ServerType, 0x400000, 32, "Windows 95 or above", "Not Windows 95 or above"));
9743 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9744 decode_boolean_bitfield(ServerType, 0x40000000, 32, "Local List Only", "Not Local List Only"));
9745 proto_tree_add_text(flags_tree, loc_offset, 4, "%s",
9746 decode_boolean_bitfield(ServerType, 0x80000000, 32, "Domain Enum", "Not Domain Enum"));
9750 ElectionVersion = GSHORT(pd, loc_offset);
9754 proto_tree_add_text(browse_tree, loc_offset, 2, "Election Version: %u", ElectionVersion);
9760 SigConstant = GSHORT(pd, loc_offset);
9764 proto_tree_add_text(browse_tree, loc_offset, 2, "Signature: %u (0x%04X)", SigConstant, SigConstant);
9770 ServerComment = pd + loc_offset;
9774 proto_tree_add_text(browse_tree, loc_offset, strlen(ServerComment) + 1, "Host Comment: %s", ServerComment);
9780 case REQUEST_ANNOUNCE:
9782 Flags = GBYTE(pd, loc_offset);
9786 proto_tree_add_text(browse_tree, loc_offset, 1, "Unused Flags: %u", Flags);
9792 ServerName = pd + loc_offset;
9796 proto_tree_add_text(browse_tree, loc_offset, strlen(ServerName) + 1, "Send List To: %s", ServerName);
9802 case BROWSER_ELECTION:
9804 ElectionVersion = GBYTE(pd, loc_offset);
9808 proto_tree_add_text(browse_tree, loc_offset, 1, "Election Version = %u", ElectionVersion);
9814 ElectionCriteria = GWORD(pd, loc_offset);
9818 proto_tree_add_text(browse_tree, loc_offset, 4, "Election Criteria = %u (0x%08X)", ElectionCriteria, ElectionCriteria);
9826 ServerUpTime = GWORD(pd, loc_offset);
9830 proto_tree_add_text(browse_tree, loc_offset, 4, "Server Up Time: %u Sec", ServerUpTime);
9836 MBZ = GWORD(pd, loc_offset);
9840 ServerName = pd + loc_offset;
9844 proto_tree_add_text(browse_tree, loc_offset, strlen(ServerName) + 1, "Election Server Name: %s", ServerName);
9850 case GETBACKUPLISTREQ:
9852 BackupServerCount = GBYTE(pd, loc_offset);
9856 proto_tree_add_text(browse_tree, loc_offset, 1, "Backup List Requested Count: %u", BackupServerCount);
9862 Token = GWORD(pd, loc_offset);
9866 proto_tree_add_text(browse_tree, loc_offset, 4, "Backup Request Token: %u", Token);
9872 case GETBACKUPLISTRESP:
9874 BackupServerCount = GBYTE(pd, loc_offset);
9878 proto_tree_add_text(browse_tree, loc_offset, 1, "Backup Server Count: %u", BackupServerCount);
9884 Token = GWORD(pd, loc_offset);
9888 proto_tree_add_text(browse_tree, loc_offset, 4, "Backup Response Token: %u", Token);
9894 ServerName = pd + loc_offset;
9896 for (count = 1; count <= BackupServerCount; count++) {
9900 proto_tree_add_text(browse_tree, loc_offset, strlen(ServerName) + 1, "Backup Server: %s", ServerName);
9904 loc_offset += strlen(ServerName) + 1;
9906 ServerName = pd + loc_offset;
9912 case BECOMEBACKUPBROWSER:
9914 ServerName = pd + loc_offset;
9918 proto_tree_add_text(browse_tree, loc_offset, strlen(ServerName) + 1, "Browser to Promote: %s", ServerName);
9924 case MASTERANNOUNCEMENT:
9926 ServerName = pd + loc_offset;
9930 proto_tree_add_text(browse_tree, loc_offset, strlen(ServerName) + 1, "Server Name: %s", ServerName);
9939 return 1; /* Success */
9946 void (*dissect[256])(const u_char *, int, frame_data *, proto_tree *, proto_tree *, struct smb_info, int, int, int, int) = {
9948 dissect_unknown_smb, /* unknown SMB 0x00 */
9949 dissect_unknown_smb, /* unknown SMB 0x01 */
9950 dissect_unknown_smb, /* SMBopen open a file */
9951 dissect_create_file_smb, /* SMBcreate create a file */
9952 dissect_close_smb, /* SMBclose close a file */
9953 dissect_flush_file_smb, /* SMBflush flush a file */
9954 dissect_delete_file_smb, /* SMBunlink delete a file */
9955 dissect_rename_file_smb, /* SMBmv rename a file */
9956 dissect_get_file_attr_smb,/* SMBgetatr get file attributes */
9957 dissect_set_file_attr_smb,/* SMBsetatr set file attributes */
9958 dissect_read_file_smb, /* SMBread read from a file */
9959 dissect_write_file_smb, /* SMBwrite write to a file */
9960 dissect_lock_bytes_smb, /* SMBlock lock a byte range */
9961 dissect_unlock_bytes_smb, /* SMBunlock unlock a byte range */
9962 dissect_create_temporary_file_smb,/* SMBctemp create a temporary file */
9963 dissect_unknown_smb, /* SMBmknew make a new file */
9964 dissect_checkdir_smb, /* SMBchkpth check a directory path */
9965 dissect_process_exit_smb, /* SMBexit process exit */
9966 dissect_unknown_smb, /* SMBlseek seek */
9967 dissect_lock_and_read_smb,/* SMBlockread Lock a range and read it */
9968 dissect_write_and_unlock_smb,/* SMBwriteunlock Unlock a range and then write */
9969 dissect_unknown_smb, /* unknown SMB 0x15 */
9970 dissect_unknown_smb, /* unknown SMB 0x16 */
9971 dissect_unknown_smb, /* unknown SMB 0x17 */
9972 dissect_unknown_smb, /* unknown SMB 0x18 */
9973 dissect_unknown_smb, /* unknown SMB 0x19 */
9974 dissect_read_raw_smb, /* SMBreadBraw read block raw */
9975 dissect_read_mpx_smb, /* SMBreadBmpx read block multiplexed */
9976 dissect_unknown_smb, /* SMBreadBs read block (secondary response) */
9977 dissect_write_raw_smb, /* SMBwriteBraw write block raw */
9978 dissect_write_mpx_smb, /* SMBwriteBmpx write block multiplexed */
9979 dissect_unknown_smb, /* SMBwriteBs write block (secondary request) */
9980 dissect_unknown_smb, /* SMBwriteC write complete response */
9981 dissect_unknown_smb, /* unknown SMB 0x21 */
9982 dissect_set_info2_smb, /* SMBsetattrE set file attributes expanded */
9983 dissect_query_info2_smb, /* SMBgetattrE get file attributes expanded */
9984 dissect_locking_andx_smb, /* SMBlockingX lock/unlock byte ranges and X */
9985 dissect_transact_smb, /* SMBtrans transaction - name, bytes in/out */
9986 dissect_unknown_smb, /* SMBtranss transaction (secondary request/response) */
9987 dissect_unknown_smb, /* SMBioctl IOCTL */
9988 dissect_unknown_smb, /* SMBioctls IOCTL (secondary request/response) */
9989 dissect_unknown_smb, /* SMBcopy copy */
9990 dissect_move_smb, /* SMBmove move */
9991 dissect_unknown_smb, /* SMBecho echo */
9992 dissect_unknown_smb, /* SMBwriteclose write a file and then close it */
9993 dissect_open_andx_smb, /* SMBopenX open and X */
9994 dissect_unknown_smb, /* SMBreadX read and X */
9995 dissect_unknown_smb, /* SMBwriteX write and X */
9996 dissect_unknown_smb, /* unknown SMB 0x30 */
9997 dissect_unknown_smb, /* unknown SMB 0x31 */
9998 dissect_transact2_smb, /* unknown SMB 0x32 */
9999 dissect_unknown_smb, /* unknown SMB 0x33 */
10000 dissect_find_close2_smb, /* unknown SMB 0x34 */
10001 dissect_unknown_smb, /* unknown SMB 0x35 */
10002 dissect_unknown_smb, /* unknown SMB 0x36 */
10003 dissect_unknown_smb, /* unknown SMB 0x37 */
10004 dissect_unknown_smb, /* unknown SMB 0x38 */
10005 dissect_unknown_smb, /* unknown SMB 0x39 */
10006 dissect_unknown_smb, /* unknown SMB 0x3a */
10007 dissect_unknown_smb, /* unknown SMB 0x3b */
10008 dissect_unknown_smb, /* unknown SMB 0x3c */
10009 dissect_unknown_smb, /* unknown SMB 0x3d */
10010 dissect_unknown_smb, /* unknown SMB 0x3e */
10011 dissect_unknown_smb, /* unknown SMB 0x3f */
10012 dissect_unknown_smb, /* unknown SMB 0x40 */
10013 dissect_unknown_smb, /* unknown SMB 0x41 */
10014 dissect_unknown_smb, /* unknown SMB 0x42 */
10015 dissect_unknown_smb, /* unknown SMB 0x43 */
10016 dissect_unknown_smb, /* unknown SMB 0x44 */
10017 dissect_unknown_smb, /* unknown SMB 0x45 */
10018 dissect_unknown_smb, /* unknown SMB 0x46 */
10019 dissect_unknown_smb, /* unknown SMB 0x47 */
10020 dissect_unknown_smb, /* unknown SMB 0x48 */
10021 dissect_unknown_smb, /* unknown SMB 0x49 */
10022 dissect_unknown_smb, /* unknown SMB 0x4a */
10023 dissect_unknown_smb, /* unknown SMB 0x4b */
10024 dissect_unknown_smb, /* unknown SMB 0x4c */
10025 dissect_unknown_smb, /* unknown SMB 0x4d */
10026 dissect_unknown_smb, /* unknown SMB 0x4e */
10027 dissect_unknown_smb, /* unknown SMB 0x4f */
10028 dissect_unknown_smb, /* unknown SMB 0x50 */
10029 dissect_unknown_smb, /* unknown SMB 0x51 */
10030 dissect_unknown_smb, /* unknown SMB 0x52 */
10031 dissect_unknown_smb, /* unknown SMB 0x53 */
10032 dissect_unknown_smb, /* unknown SMB 0x54 */
10033 dissect_unknown_smb, /* unknown SMB 0x55 */
10034 dissect_unknown_smb, /* unknown SMB 0x56 */
10035 dissect_unknown_smb, /* unknown SMB 0x57 */
10036 dissect_unknown_smb, /* unknown SMB 0x58 */
10037 dissect_unknown_smb, /* unknown SMB 0x59 */
10038 dissect_unknown_smb, /* unknown SMB 0x5a */
10039 dissect_unknown_smb, /* unknown SMB 0x5b */
10040 dissect_unknown_smb, /* unknown SMB 0x5c */
10041 dissect_unknown_smb, /* unknown SMB 0x5d */
10042 dissect_unknown_smb, /* unknown SMB 0x5e */
10043 dissect_unknown_smb, /* unknown SMB 0x5f */
10044 dissect_unknown_smb, /* unknown SMB 0x60 */
10045 dissect_unknown_smb, /* unknown SMB 0x61 */
10046 dissect_unknown_smb, /* unknown SMB 0x62 */
10047 dissect_unknown_smb, /* unknown SMB 0x63 */
10048 dissect_unknown_smb, /* unknown SMB 0x64 */
10049 dissect_unknown_smb, /* unknown SMB 0x65 */
10050 dissect_unknown_smb, /* unknown SMB 0x66 */
10051 dissect_unknown_smb, /* unknown SMB 0x67 */
10052 dissect_unknown_smb, /* unknown SMB 0x68 */
10053 dissect_unknown_smb, /* unknown SMB 0x69 */
10054 dissect_unknown_smb, /* unknown SMB 0x6a */
10055 dissect_unknown_smb, /* unknown SMB 0x6b */
10056 dissect_unknown_smb, /* unknown SMB 0x6c */
10057 dissect_unknown_smb, /* unknown SMB 0x6d */
10058 dissect_unknown_smb, /* unknown SMB 0x6e */
10059 dissect_unknown_smb, /* unknown SMB 0x6f */
10060 dissect_treecon_smb, /* SMBtcon tree connect */
10061 dissect_tdis_smb, /* SMBtdis tree disconnect */
10062 dissect_negprot_smb, /* SMBnegprot negotiate a protocol */
10063 dissect_ssetup_andx_smb, /* SMBsesssetupX Session Set Up & X (including User Logon) */
10064 dissect_logoff_andx_smb, /* SMBlogof Logoff & X */
10065 dissect_tcon_andx_smb, /* SMBtconX tree connect and X */
10066 dissect_unknown_smb, /* unknown SMB 0x76 */
10067 dissect_unknown_smb, /* unknown SMB 0x77 */
10068 dissect_unknown_smb, /* unknown SMB 0x78 */
10069 dissect_unknown_smb, /* unknown SMB 0x79 */
10070 dissect_unknown_smb, /* unknown SMB 0x7a */
10071 dissect_unknown_smb, /* unknown SMB 0x7b */
10072 dissect_unknown_smb, /* unknown SMB 0x7c */
10073 dissect_unknown_smb, /* unknown SMB 0x7d */
10074 dissect_unknown_smb, /* unknown SMB 0x7e */
10075 dissect_unknown_smb, /* unknown SMB 0x7f */
10076 dissect_get_disk_attr_smb,/* SMBdskattr get disk attributes */
10077 dissect_search_dir_smb, /* SMBsearch search a directory */
10078 dissect_unknown_smb, /* SMBffirst find first */
10079 dissect_unknown_smb, /* SMBfunique find unique */
10080 dissect_unknown_smb, /* SMBfclose find close */
10081 dissect_unknown_smb, /* unknown SMB 0x85 */
10082 dissect_unknown_smb, /* unknown SMB 0x86 */
10083 dissect_unknown_smb, /* unknown SMB 0x87 */
10084 dissect_unknown_smb, /* unknown SMB 0x88 */
10085 dissect_unknown_smb, /* unknown SMB 0x89 */
10086 dissect_unknown_smb, /* unknown SMB 0x8a */
10087 dissect_unknown_smb, /* unknown SMB 0x8b */
10088 dissect_unknown_smb, /* unknown SMB 0x8c */
10089 dissect_unknown_smb, /* unknown SMB 0x8d */
10090 dissect_unknown_smb, /* unknown SMB 0x8e */
10091 dissect_unknown_smb, /* unknown SMB 0x8f */
10092 dissect_unknown_smb, /* unknown SMB 0x90 */
10093 dissect_unknown_smb, /* unknown SMB 0x91 */
10094 dissect_unknown_smb, /* unknown SMB 0x92 */
10095 dissect_unknown_smb, /* unknown SMB 0x93 */
10096 dissect_unknown_smb, /* unknown SMB 0x94 */
10097 dissect_unknown_smb, /* unknown SMB 0x95 */
10098 dissect_unknown_smb, /* unknown SMB 0x96 */
10099 dissect_unknown_smb, /* unknown SMB 0x97 */
10100 dissect_unknown_smb, /* unknown SMB 0x98 */
10101 dissect_unknown_smb, /* unknown SMB 0x99 */
10102 dissect_unknown_smb, /* unknown SMB 0x9a */
10103 dissect_unknown_smb, /* unknown SMB 0x9b */
10104 dissect_unknown_smb, /* unknown SMB 0x9c */
10105 dissect_unknown_smb, /* unknown SMB 0x9d */
10106 dissect_unknown_smb, /* unknown SMB 0x9e */
10107 dissect_unknown_smb, /* unknown SMB 0x9f */
10108 dissect_unknown_smb, /* unknown SMB 0xa0 */
10109 dissect_unknown_smb, /* unknown SMB 0xa1 */
10110 dissect_unknown_smb, /* unknown SMB 0xa2 */
10111 dissect_unknown_smb, /* unknown SMB 0xa3 */
10112 dissect_unknown_smb, /* unknown SMB 0xa4 */
10113 dissect_unknown_smb, /* unknown SMB 0xa5 */
10114 dissect_unknown_smb, /* unknown SMB 0xa6 */
10115 dissect_unknown_smb, /* unknown SMB 0xa7 */
10116 dissect_unknown_smb, /* unknown SMB 0xa8 */
10117 dissect_unknown_smb, /* unknown SMB 0xa9 */
10118 dissect_unknown_smb, /* unknown SMB 0xaa */
10119 dissect_unknown_smb, /* unknown SMB 0xab */
10120 dissect_unknown_smb, /* unknown SMB 0xac */
10121 dissect_unknown_smb, /* unknown SMB 0xad */
10122 dissect_unknown_smb, /* unknown SMB 0xae */
10123 dissect_unknown_smb, /* unknown SMB 0xaf */
10124 dissect_unknown_smb, /* unknown SMB 0xb0 */
10125 dissect_unknown_smb, /* unknown SMB 0xb1 */
10126 dissect_unknown_smb, /* unknown SMB 0xb2 */
10127 dissect_unknown_smb, /* unknown SMB 0xb3 */
10128 dissect_unknown_smb, /* unknown SMB 0xb4 */
10129 dissect_unknown_smb, /* unknown SMB 0xb5 */
10130 dissect_unknown_smb, /* unknown SMB 0xb6 */
10131 dissect_unknown_smb, /* unknown SMB 0xb7 */
10132 dissect_unknown_smb, /* unknown SMB 0xb8 */
10133 dissect_unknown_smb, /* unknown SMB 0xb9 */
10134 dissect_unknown_smb, /* unknown SMB 0xba */
10135 dissect_unknown_smb, /* unknown SMB 0xbb */
10136 dissect_unknown_smb, /* unknown SMB 0xbc */
10137 dissect_unknown_smb, /* unknown SMB 0xbd */
10138 dissect_unknown_smb, /* unknown SMB 0xbe */
10139 dissect_unknown_smb, /* unknown SMB 0xbf */
10140 dissect_unknown_smb, /* SMBsplopen open a print spool file */
10141 dissect_write_print_file_smb,/* SMBsplwr write to a print spool file */
10142 dissect_close_print_file_smb,/* SMBsplclose close a print spool file */
10143 dissect_get_print_queue_smb, /* SMBsplretq return print queue */
10144 dissect_unknown_smb, /* unknown SMB 0xc4 */
10145 dissect_unknown_smb, /* unknown SMB 0xc5 */
10146 dissect_unknown_smb, /* unknown SMB 0xc6 */
10147 dissect_unknown_smb, /* unknown SMB 0xc7 */
10148 dissect_unknown_smb, /* unknown SMB 0xc8 */
10149 dissect_unknown_smb, /* unknown SMB 0xc9 */
10150 dissect_unknown_smb, /* unknown SMB 0xca */
10151 dissect_unknown_smb, /* unknown SMB 0xcb */
10152 dissect_unknown_smb, /* unknown SMB 0xcc */
10153 dissect_unknown_smb, /* unknown SMB 0xcd */
10154 dissect_unknown_smb, /* unknown SMB 0xce */
10155 dissect_unknown_smb, /* unknown SMB 0xcf */
10156 dissect_unknown_smb, /* SMBsends send a single block message */
10157 dissect_unknown_smb, /* SMBsendb send a broadcast message */
10158 dissect_unknown_smb, /* SMBfwdname forward user name */
10159 dissect_unknown_smb, /* SMBcancelf cancel forward */
10160 dissect_unknown_smb, /* SMBgetmac get a machine name */
10161 dissect_unknown_smb, /* SMBsendstrt send start of multi-block message */
10162 dissect_unknown_smb, /* SMBsendend send end of multi-block message */
10163 dissect_unknown_smb, /* SMBsendtxt send text of multi-block message */
10164 dissect_unknown_smb, /* unknown SMB 0xd8 */
10165 dissect_unknown_smb, /* unknown SMB 0xd9 */
10166 dissect_unknown_smb, /* unknown SMB 0xda */
10167 dissect_unknown_smb, /* unknown SMB 0xdb */
10168 dissect_unknown_smb, /* unknown SMB 0xdc */
10169 dissect_unknown_smb, /* unknown SMB 0xdd */
10170 dissect_unknown_smb, /* unknown SMB 0xde */
10171 dissect_unknown_smb, /* unknown SMB 0xdf */
10172 dissect_unknown_smb, /* unknown SMB 0xe0 */
10173 dissect_unknown_smb, /* unknown SMB 0xe1 */
10174 dissect_unknown_smb, /* unknown SMB 0xe2 */
10175 dissect_unknown_smb, /* unknown SMB 0xe3 */
10176 dissect_unknown_smb, /* unknown SMB 0xe4 */
10177 dissect_unknown_smb, /* unknown SMB 0xe5 */
10178 dissect_unknown_smb, /* unknown SMB 0xe6 */
10179 dissect_unknown_smb, /* unknown SMB 0xe7 */
10180 dissect_unknown_smb, /* unknown SMB 0xe8 */
10181 dissect_unknown_smb, /* unknown SMB 0xe9 */
10182 dissect_unknown_smb, /* unknown SMB 0xea */
10183 dissect_unknown_smb, /* unknown SMB 0xeb */
10184 dissect_unknown_smb, /* unknown SMB 0xec */
10185 dissect_unknown_smb, /* unknown SMB 0xed */
10186 dissect_unknown_smb, /* unknown SMB 0xee */
10187 dissect_unknown_smb, /* unknown SMB 0xef */
10188 dissect_unknown_smb, /* unknown SMB 0xf0 */
10189 dissect_unknown_smb, /* unknown SMB 0xf1 */
10190 dissect_unknown_smb, /* unknown SMB 0xf2 */
10191 dissect_unknown_smb, /* unknown SMB 0xf3 */
10192 dissect_unknown_smb, /* unknown SMB 0xf4 */
10193 dissect_unknown_smb, /* unknown SMB 0xf5 */
10194 dissect_unknown_smb, /* unknown SMB 0xf6 */
10195 dissect_unknown_smb, /* unknown SMB 0xf7 */
10196 dissect_unknown_smb, /* unknown SMB 0xf8 */
10197 dissect_unknown_smb, /* unknown SMB 0xf9 */
10198 dissect_unknown_smb, /* unknown SMB 0xfa */
10199 dissect_unknown_smb, /* unknown SMB 0xfb */
10200 dissect_unknown_smb, /* unknown SMB 0xfc */
10201 dissect_unknown_smb, /* unknown SMB 0xfd */
10202 dissect_unknown_smb, /* SMBinvalid invalid command */
10203 dissect_unknown_smb /* unknown SMB 0xff */
10207 static const value_string errcls_types[] = {
10208 { SMB_SUCCESS, "Success"},
10209 { SMB_ERRDOS, "DOS Error"},
10210 { SMB_ERRSRV, "Server Error"},
10211 { SMB_ERRHRD, "Hardware Error"},
10212 { SMB_ERRCMD, "Command Error - Not an SMB format command"},
10216 char *decode_smb_name(unsigned char cmd)
10219 return(SMB_names[cmd]);
10223 static const value_string DOS_errors[] = {
10224 {SMBE_badfunc, "Invalid function (or system call)"},
10225 {SMBE_badfile, "File not found (pathname error)"},
10226 {SMBE_badpath, "Directory not found"},
10227 {SMBE_nofids, "Too many open files"},
10228 {SMBE_noaccess, "Access denied"},
10229 {SMBE_badfid, "Invalid fid"},
10230 {SMBE_nomem, "Out of memory"},
10231 {SMBE_badmem, "Invalid memory block address"},
10232 {SMBE_badenv, "Invalid environment"},
10233 {SMBE_badaccess, "Invalid open mode"},
10234 {SMBE_baddata, "Invalid data (only from ioctl call)"},
10235 {SMBE_res, "Reserved error code?"},
10236 {SMBE_baddrive, "Invalid drive"},
10237 {SMBE_remcd, "Attempt to delete current directory"},
10238 {SMBE_diffdevice, "Rename/move across different filesystems"},
10239 {SMBE_nofiles, "no more files found in file search"},
10240 {SMBE_badshare, "Share mode on file conflict with open mode"},
10241 {SMBE_lock, "Lock request conflicts with existing lock"},
10242 {SMBE_unsup, "Request unsupported, returned by Win 95"},
10243 {SMBE_filexists, "File in operation already exists"},
10244 {SMBE_cannotopen, "Cannot open the file specified"},
10245 {SMBE_unknownlevel, "Unknown level??"},
10246 {SMBE_badpipe, "Named pipe invalid"},
10247 {SMBE_pipebusy, "All instances of pipe are busy"},
10248 {SMBE_pipeclosing, "Named pipe close in progress"},
10249 {SMBE_notconnected, "No process on other end of named pipe"},
10250 {SMBE_moredata, "More data to be returned"},
10251 {SMBE_baddirectory, "Invalid directory name in a path."},
10252 {SMBE_eas_didnt_fit, "Extended attributes didn't fit"},
10253 {SMBE_eas_nsup, "Extended attributes not supported"},
10254 {SMBE_notify_buf_small, "Buffer too small to return change notify."},
10255 {SMBE_unknownipc, "Unknown IPC Operation"},
10256 {SMBE_noipc, "Don't support ipc"},
10260 /* Error codes for the ERRSRV class */
10262 static const value_string SRV_errors[] = {
10263 {SMBE_error, "Non specific error code"},
10264 {SMBE_badpw, "Bad password"},
10265 {SMBE_badtype, "Reserved"},
10266 {SMBE_access, "No permissions to perform the requested operation"},
10267 {SMBE_invnid, "TID invalid"},
10268 {SMBE_invnetname, "Invalid network name. Service not found"},
10269 {SMBE_invdevice, "Invalid device"},
10270 {SMBE_unknownsmb, "Unknown SMB, from NT 3.5 response"},
10271 {SMBE_qfull, "Print queue full"},
10272 {SMBE_qtoobig, "Queued item too big"},
10273 {SMBE_qeof, "EOF on print queue dump"},
10274 {SMBE_invpfid, "Invalid print file in smb_fid"},
10275 {SMBE_smbcmd, "Unrecognised command"},
10276 {SMBE_srverror, "SMB server internal error"},
10277 {SMBE_filespecs, "Fid and pathname invalid combination"},
10278 {SMBE_badlink, "Bad link in request ???"},
10279 {SMBE_badpermits, "Access specified for a file is not valid"},
10280 {SMBE_badpid, "Bad process id in request"},
10281 {SMBE_setattrmode, "Attribute mode invalid"},
10282 {SMBE_paused, "Message server paused"},
10283 {SMBE_msgoff, "Not receiving messages"},
10284 {SMBE_noroom, "No room for message"},
10285 {SMBE_rmuns, "Too many remote usernames"},
10286 {SMBE_timeout, "Operation timed out"},
10287 {SMBE_noresource, "No resources currently available for request."},
10288 {SMBE_toomanyuids, "Too many userids"},
10289 {SMBE_baduid, "Bad userid"},
10290 {SMBE_useMPX, "Temporarily unable to use raw mode, use MPX mode"},
10291 {SMBE_useSTD, "Temporarily unable to use raw mode, use standard mode"},
10292 {SMBE_contMPX, "Resume MPX mode"},
10293 {SMBE_badPW, "Bad Password???"},
10294 {SMBE_nosupport, "Operation not supported???"},
10298 /* Error codes for the ERRHRD class */
10300 static const value_string HRD_errors[] = {
10301 {SMBE_nowrite, "read only media"},
10302 {SMBE_badunit, "Unknown device"},
10303 {SMBE_notready, "Drive not ready"},
10304 {SMBE_badcmd, "Unknown command"},
10305 {SMBE_data, "Data (CRC) error"},
10306 {SMBE_badreq, "Bad request structure length"},
10307 {SMBE_seek, "Seek error???"},
10308 {SMBE_badmedia, "Bad media???"},
10309 {SMBE_badsector, "Bad sector???"},
10310 {SMBE_nopaper, "No paper in printer???"},
10311 {SMBE_write, "Write error???"},
10312 {SMBE_read, "Read error???"},
10313 {SMBE_general, "General error???"},
10314 {SMBE_badshare, "A open conflicts with an existing open"},
10315 {SMBE_lock, "Lock/unlock error"},
10316 {SMBE_wrongdisk, "Wrong disk???"},
10317 {SMBE_FCBunavail, "FCB unavailable???"},
10318 {SMBE_sharebufexc, "Share buffer excluded???"},
10319 {SMBE_diskfull, "Disk full???"},
10323 char *decode_smb_error(guint8 errcls, guint8 errcode)
10330 return("No Error"); /* No error ??? */
10335 return(val_to_str(errcode, DOS_errors, "Unknown DOS error (%x)"));
10340 return(val_to_str(errcode, SRV_errors, "Unknown SRV error (%x)"));
10345 return(val_to_str(errcode, HRD_errors, "Unknown HRD error (%x)"));
10350 return("Unknown error class!");
10356 #define SMB_FLAGS_DIRN 0x80
10359 dissect_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data)
10361 proto_tree *smb_tree = tree, *flags_tree, *flags2_tree;
10362 proto_item *ti, *tf;
10363 guint8 cmd, errcls, errcode1, flags;
10364 guint16 flags2, errcode, tid, pid, uid, mid;
10365 int SMB_offset = offset;
10366 struct smb_info si;
10368 cmd = pd[offset + SMB_hdr_com_offset];
10370 if (check_col(fd, COL_PROTOCOL))
10371 col_add_str(fd, COL_PROTOCOL, "SMB");
10373 /* Hmmm, poor coding here ... Also, should check the type */
10375 if (check_col(fd, COL_INFO)) {
10377 col_add_fstr(fd, COL_INFO, "%s %s", decode_smb_name(cmd), (pi.match_port == pi.destport)? "Request" : "Response");
10383 ti = proto_tree_add_item(tree, proto_smb, offset, END_OF_FRAME, NULL);
10384 smb_tree = proto_item_add_subtree(ti, ett_smb);
10386 /* 0xFFSMB is actually a 1 byte msg type and 3 byte server
10387 * component ... SMB is only one used
10390 proto_tree_add_text(smb_tree, offset, 1, "Message Type: 0xFF");
10391 proto_tree_add_text(smb_tree, offset+1, 3, "Server Component: SMB");
10395 offset += 4; /* Skip the marker */
10399 proto_tree_add_text(smb_tree, offset, 1, "Command: %s", decode_smb_name(cmd));
10405 /* Next, look at the error class, SMB_RETCLASS */
10407 errcls = pd[offset];
10411 proto_tree_add_text(smb_tree, offset, 1, "Error Class: %s",
10412 val_to_str((guint8)pd[offset], errcls_types, "Unknown Error Class (%x)"));
10417 /* Error code, SMB_HEINFO ... */
10419 errcode1 = pd[offset];
10423 proto_tree_add_text(smb_tree, offset, 1, "Reserved: %i", errcode1);
10429 errcode = GSHORT(pd, offset);
10433 proto_tree_add_text(smb_tree, offset, 2, "Error Code: %s",
10434 decode_smb_error(errcls, errcode));
10440 /* Now for the flags: Bit 0 = 0 means cmd, 0 = 1 means resp */
10442 flags = pd[offset];
10446 tf = proto_tree_add_text(smb_tree, offset, 1, "Flags: 0x%02x", flags);
10448 flags_tree = proto_item_add_subtree(tf, ett_smb_flags);
10449 proto_tree_add_text(flags_tree, offset, 1, "%s",
10450 decode_boolean_bitfield(flags, 0x01, 8,
10451 "Lock&Read, Write&Unlock supported",
10452 "Lock&Read, Write&Unlock not supported"));
10453 proto_tree_add_text(flags_tree, offset, 1, "%s",
10454 decode_boolean_bitfield(flags, 0x02, 8,
10455 "Receive buffer posted",
10456 "Receive buffer not posted"));
10457 proto_tree_add_text(flags_tree, offset, 1, "%s",
10458 decode_boolean_bitfield(flags, 0x08, 8,
10459 "Path names caseless",
10460 "Path names case sensitive"));
10461 proto_tree_add_text(flags_tree, offset, 1, "%s",
10462 decode_boolean_bitfield(flags, 0x10, 8,
10463 "Pathnames canonicalized",
10464 "Pathnames not canonicalized"));
10465 proto_tree_add_text(flags_tree, offset, 1, "%s",
10466 decode_boolean_bitfield(flags, 0x20, 8,
10467 "OpLocks requested/granted",
10468 "OpLocks not requested/granted"));
10469 proto_tree_add_text(flags_tree, offset, 1, "%s",
10470 decode_boolean_bitfield(flags, 0x40, 8,
10472 "Notify open only"));
10474 proto_tree_add_text(flags_tree, offset, 1, "%s",
10475 decode_boolean_bitfield(flags, SMB_FLAGS_DIRN,
10476 8, "Response to client/redirector", "Request to server"));
10482 flags2 = GSHORT(pd, offset);
10486 tf = proto_tree_add_text(smb_tree, offset, 1, "Flags2: 0x%04x", flags2);
10488 flags2_tree = proto_item_add_subtree(tf, ett_smb_flags2);
10489 proto_tree_add_text(flags2_tree, offset, 1, "%s",
10490 decode_boolean_bitfield(flags2, 0x0001, 16,
10491 "Long file names supported",
10492 "Long file names not supported"));
10493 proto_tree_add_text(flags2_tree, offset, 1, "%s",
10494 decode_boolean_bitfield(flags2, 0x0002, 16,
10495 "Extended attributes supported",
10496 "Extended attributes not supported"));
10497 proto_tree_add_text(flags2_tree, offset, 1, "%s",
10498 decode_boolean_bitfield(flags2, 0x0004, 16,
10499 "Security signatures supported",
10500 "Security signatures not supported"));
10501 proto_tree_add_text(flags2_tree, offset, 1, "%s",
10502 decode_boolean_bitfield(flags2, 0x0800, 16,
10503 "Extended security negotiation supported",
10504 "Extended security negotiation not supported"));
10505 proto_tree_add_text(flags2_tree, offset, 1, "%s",
10506 decode_boolean_bitfield(flags2, 0x1000, 16,
10507 "Resolve pathnames with DFS",
10508 "Don't resolve pathnames with DFS"));
10509 proto_tree_add_text(flags2_tree, offset, 1, "%s",
10510 decode_boolean_bitfield(flags2, 0x2000, 16,
10511 "Permit reads if execute-only",
10512 "Don't permit reads if execute-only"));
10513 proto_tree_add_text(flags2_tree, offset, 1, "%s",
10514 decode_boolean_bitfield(flags2, 0x4000, 16,
10515 "Error codes are NT error codes",
10516 "Error codes are DOS error codes"));
10517 proto_tree_add_text(flags2_tree, offset, 1, "%s",
10518 decode_boolean_bitfield(flags2, 0x8000, 16,
10519 "Strings are Unicode",
10520 "Strings are ASCII"));
10528 proto_tree_add_text(smb_tree, offset, 12, "Reserved: 6 WORDS");
10534 /* Now the TID, tree ID */
10536 tid = GSHORT(pd, offset);
10541 proto_tree_add_text(smb_tree, offset, 2, "Network Path/Tree ID (TID): %i (%04x)", tid, tid);
10547 /* Now the PID, Process ID */
10549 pid = GSHORT(pd, offset);
10554 proto_tree_add_text(smb_tree, offset, 2, "Process ID (PID): %i (%04x)", pid, pid);
10560 /* Now the UID, User ID */
10562 uid = GSHORT(pd, offset);
10567 proto_tree_add_text(smb_tree, offset, 2, "User ID (UID): %i (%04x)", uid, uid);
10573 /* Now the MID, Multiplex ID */
10575 mid = GSHORT(pd, offset);
10580 proto_tree_add_text(smb_tree, offset, 2, "Multiplex ID (MID): %i (%04x)", mid, mid);
10586 /* Now vector through the table to dissect them */
10588 (dissect[cmd])(pd, offset, fd, tree, smb_tree, si, max_data, SMB_offset, errcode,
10589 ((flags & 0x80) == 0));
10595 proto_register_smb(void)
10597 /* static hf_register_info hf[] = {
10599 { "Name", "smb.abbreviation", TYPE, VALS_POINTER }},
10601 static gint *ett[] = {
10603 &ett_smb_fileattributes,
10604 &ett_smb_capabilities,
10611 &ett_smb_desiredaccess,
10614 &ett_smb_openfunction,
10617 &ett_smb_writemode,
10618 &ett_smb_lock_type,
10623 proto_smb = proto_register_protocol("Server Message Block Protocol", "smb");
10624 proto_browse = proto_register_protocol("Microsoft Windows Browser Protocol", "browser");
10625 /* proto_register_field_array(proto_smb, hf, array_length(hf));*/
10626 proto_register_subtree_array(ett, array_length(ett));