2 * Routines for smb packet dissection
3 * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
5 * $Id: packet-smb.c,v 1.32 1999/10/24 07:27:20 guy Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@unicom.net>
9 * Copyright 1998 Gerald Combs
11 * Copied from packet-pop.c
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
34 #ifdef HAVE_SYS_TYPES_H
35 # include <sys/types.h>
38 #ifdef HAVE_NETINET_IN_H
39 # include <netinet/in.h>
45 #include "conversation.h"
47 #include "alignment.h"
49 static int proto_smb = -1;
52 * Struct passed to each SMB decode routine of info it may need
56 int tid, uid, mid, pid; /* Any more? */
59 char *decode_smb_name(unsigned char);
61 int smb_packet_init_count = 200;
63 struct smb_request_key {
68 struct smb_request_val {
69 guint16 last_transact2_command;
73 GHashTable *smb_request_hash = NULL;
74 GMemChunk *smb_request_keys = NULL;
75 GMemChunk *smb_request_vals = NULL;
79 smb_equal(gconstpointer v, gconstpointer w)
81 struct smb_request_key *v1 = (struct smb_request_key *)v;
82 struct smb_request_key *v2 = (struct smb_request_key *)w;
84 #if defined(DEBUG_SMB_HASH)
85 printf("Comparing %08X:%u\n and %08X:%u\n",
86 v1 -> conversation, v1 -> mid,
87 v2 -> conversation, v2 -> mid);
90 if (v1 -> conversation == v2 -> conversation &&
91 v1 -> mid == v2 -> mid) {
101 smb_hash (gconstpointer v)
103 struct smb_request_key *key = (struct smb_request_key *)v;
106 val = key -> conversation + key -> mid;
108 #if defined(DEBUG_SMB_HASH)
109 printf("SMB Hash calculated as %u\n", val);
117 * Initialize some variables every time a file is loaded or re-loaded
121 smb_init_protocol(void)
123 #if defined(DEBUG_SMB_HASH)
124 printf("Initializing SMB hashtable area\n");
127 if (smb_request_hash)
128 g_hash_table_destroy(smb_request_hash);
129 if (smb_request_keys)
130 g_mem_chunk_destroy(smb_request_keys);
131 if (smb_request_vals)
132 g_mem_chunk_destroy(smb_request_vals);
134 smb_request_hash = g_hash_table_new(smb_hash, smb_equal);
135 smb_request_keys = g_mem_chunk_new("smb_request_keys",
136 sizeof(struct smb_request_key),
137 smb_packet_init_count * sizeof(struct smb_request_key), G_ALLOC_AND_FREE);
138 smb_request_vals = g_mem_chunk_new("smb_request_vals",
139 sizeof(struct smb_request_val),
140 smb_packet_init_count * sizeof(struct smb_request_val), G_ALLOC_AND_FREE);
143 void (*dissect[256])(const u_char *, int, frame_data *, proto_tree *, struct smb_info si, int, int, int, int);
145 char *SMB_names[256] = {
146 "SMBcreatedirectory",
147 "SMBdeletedirectory",
195 "SMBcloseandtreedisc",
197 "SMBtrans2secondary",
199 "SMBfindnotifyclose",
307 "SMBnttransactsecondary",
405 dissect_unknown_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
410 proto_tree_add_text(tree, offset, END_OF_FRAME, "Data (%u bytes)",
418 * Dissect a UNIX like date ...
424 dissect_smbu_date(guint16 date, guint16 time)
427 static char datebuf[4+2+2+2+1];
428 time_t ltime = (date << 16) + time;
430 gtime = gmtime(<ime);
431 sprintf(datebuf, "%04d-%02d-%02d",
432 1900 + (gtime -> tm_year), gtime -> tm_mon, gtime -> tm_mday);
442 dissect_smbu_time(guint16 date, guint16 time)
445 static char timebuf[2+2+2+2+1];
447 sprintf(timebuf, "%02d:%02d:%02d",
448 gtime -> tm_hour, gtime -> tm_min, gtime -> tm_sec);
455 * Dissect a DOS-format date.
458 dissect_dos_date(guint16 date)
460 static char datebuf[4+2+2+1];
462 sprintf(datebuf, "%04d-%02d-%02d",
463 ((date>>9)&0x7F) + 1980, (date>>5)&0x0F, date&0x1F);
468 * Dissect a DOS-format time.
471 dissect_dos_time(guint16 time)
473 static char timebuf[2+2+2+1];
475 sprintf(timebuf, "%02d:%02d:%02d",
476 (time>>11)&0x1F, (time>>5)&0x3F, (time&0x1F)*2);
480 /* Max string length for displaying Unicode strings. */
481 #define MAX_UNICODE_STR_LEN 256
483 /* Turn a little-endian Unicode '\0'-terminated string into a string we
485 XXX - for now, we just handle the ISO 8859-1 characters. */
487 unicode_to_str(const guint8 *us, int *us_lenp) {
488 static gchar str[3][MAX_UNICODE_STR_LEN+3+1];
495 if (cur == &str[0][0]) {
497 } else if (cur == &str[1][0]) {
503 len = MAX_UNICODE_STR_LEN;
505 while (*us != 0 || *(us + 1) != 0) {
515 /* Note that we're not showing the full string. */
526 * Each dissect routine is passed an offset to wct and works from there
530 dissect_flush_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
537 if (dirn == 1) { /* Request(s) dissect code */
539 /* Build display for: Word Count (WCT) */
541 WordCount = GBYTE(pd, offset);
545 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
549 offset += 1; /* Skip Word Count (WCT) */
551 /* Build display for: FID */
553 FID = GSHORT(pd, offset);
557 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
561 offset += 2; /* Skip FID */
563 /* Build display for: Byte Count */
565 ByteCount = GSHORT(pd, offset);
569 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
573 offset += 2; /* Skip Byte Count */
577 if (dirn == 0) { /* Response(s) dissect code */
579 /* Build display for: Word Count (WCT) */
581 WordCount = GBYTE(pd, offset);
585 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
589 offset += 1; /* Skip Word Count (WCT) */
591 /* Build display for: Byte Count (BCC) */
593 ByteCount = GSHORT(pd, offset);
597 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
601 offset += 2; /* Skip Byte Count (BCC) */
608 dissect_get_disk_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
616 guint16 BlocksPerUnit;
619 if (dirn == 1) { /* Request(s) dissect code */
621 /* Build display for: Word Count (WCT) */
623 WordCount = GBYTE(pd, offset);
627 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
631 offset += 1; /* Skip Word Count (WCT) */
633 /* Build display for: Byte Count (BCC) */
635 ByteCount = GSHORT(pd, offset);
639 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
643 offset += 2; /* Skip Byte Count (BCC) */
647 if (dirn == 0) { /* Response(s) dissect code */
649 /* Build display for: Word Count (WCT) */
651 WordCount = GBYTE(pd, offset);
655 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
659 offset += 1; /* Skip Word Count (WCT) */
663 /* Build display for: Total Units */
665 TotalUnits = GSHORT(pd, offset);
669 proto_tree_add_text(tree, offset, 2, "Total Units: %u", TotalUnits);
673 offset += 2; /* Skip Total Units */
675 /* Build display for: Blocks Per Unit */
677 BlocksPerUnit = GSHORT(pd, offset);
681 proto_tree_add_text(tree, offset, 2, "Blocks Per Unit: %u", BlocksPerUnit);
685 offset += 2; /* Skip Blocks Per Unit */
687 /* Build display for: Block Size */
689 BlockSize = GSHORT(pd, offset);
693 proto_tree_add_text(tree, offset, 2, "Block Size: %u", BlockSize);
697 offset += 2; /* Skip Block Size */
699 /* Build display for: Free Units */
701 FreeUnits = GSHORT(pd, offset);
705 proto_tree_add_text(tree, offset, 2, "Free Units: %u", FreeUnits);
709 offset += 2; /* Skip Free Units */
711 /* Build display for: Reserved */
713 Reserved = GSHORT(pd, offset);
717 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
721 offset += 2; /* Skip Reserved */
725 /* Build display for: Byte Count (BCC) */
727 ByteCount = GSHORT(pd, offset);
731 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
735 offset += 2; /* Skip Byte Count (BCC) */
742 dissect_set_file_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
745 proto_tree *Attributes_tree;
755 guint16 LastWriteTime;
756 guint16 LastWriteDate;
758 const char *FileName;
760 if (dirn == 1) { /* Request(s) dissect code */
762 /* Build display for: Word Count (WCT) */
764 WordCount = GBYTE(pd, offset);
768 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
772 offset += 1; /* Skip Word Count (WCT) */
776 /* Build display for: Attributes */
778 Attributes = GSHORT(pd, offset);
782 ti = proto_tree_add_text(tree, offset, 2, "Attributes: 0x%02x", Attributes);
783 Attributes_tree = proto_item_add_subtree(ti, ETT_SMB_FILEATTRIBUTES);
784 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
785 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
786 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
787 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
788 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
789 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
790 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
791 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
792 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
793 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
794 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
795 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
799 offset += 2; /* Skip Attributes */
801 /* Build display for: Last Write Time */
803 LastWriteTime = GSHORT(pd, offset);
807 proto_tree_add_text(tree, offset, 2, "Last Write Time: %u", dissect_dos_time(LastWriteTime));
811 offset += 2; /* Skip Last Write Time */
813 /* Build display for: Last Write Date */
815 LastWriteDate = GSHORT(pd, offset);
819 proto_tree_add_text(tree, offset, 2, "Last Write Date: %u", dissect_dos_date(LastWriteDate));
823 offset += 2; /* Skip Last Write Date */
825 /* Build display for: Reserved 1 */
827 Reserved1 = GSHORT(pd, offset);
831 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
835 offset += 2; /* Skip Reserved 1 */
837 /* Build display for: Reserved 2 */
839 Reserved2 = GSHORT(pd, offset);
843 proto_tree_add_text(tree, offset, 2, "Reserved 2: %u", Reserved2);
847 offset += 2; /* Skip Reserved 2 */
849 /* Build display for: Reserved 3 */
851 Reserved3 = GSHORT(pd, offset);
855 proto_tree_add_text(tree, offset, 2, "Reserved 3: %u", Reserved3);
859 offset += 2; /* Skip Reserved 3 */
861 /* Build display for: Reserved 4 */
863 Reserved4 = GSHORT(pd, offset);
867 proto_tree_add_text(tree, offset, 2, "Reserved 4: %u", Reserved4);
871 offset += 2; /* Skip Reserved 4 */
873 /* Build display for: Reserved 5 */
875 Reserved5 = GSHORT(pd, offset);
879 proto_tree_add_text(tree, offset, 2, "Reserved 5: %u", Reserved5);
883 offset += 2; /* Skip Reserved 5 */
887 /* Build display for: Byte Count (BCC) */
889 ByteCount = GSHORT(pd, offset);
893 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
897 offset += 2; /* Skip Byte Count (BCC) */
899 /* Build display for: Buffer Format */
901 BufferFormat = GBYTE(pd, offset);
905 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
909 offset += 1; /* Skip Buffer Format */
911 /* Build display for: File Name */
913 FileName = pd + offset;
917 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
921 offset += strlen(FileName) + 1; /* Skip File Name */
925 if (dirn == 0) { /* Response(s) dissect code */
927 /* Build display for: Word Count (WCT) */
929 WordCount = GBYTE(pd, offset);
933 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
937 offset += 1; /* Skip Word Count (WCT) */
939 /* Build display for: Byte Count (BCC) */
941 ByteCount = GBYTE(pd, offset);
945 proto_tree_add_text(tree, offset, 1, "Byte Count (BCC): %u", ByteCount);
949 offset += 1; /* Skip Byte Count (BCC) */
956 dissect_write_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
968 if (dirn == 1) { /* Request(s) dissect code */
970 /* Build display for: Word Count (WCT) */
972 WordCount = GBYTE(pd, offset);
976 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
980 offset += 1; /* Skip Word Count (WCT) */
982 /* Build display for: FID */
984 FID = GSHORT(pd, offset);
988 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
992 offset += 2; /* Skip FID */
994 /* Build display for: Count */
996 Count = GSHORT(pd, offset);
1000 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
1004 offset += 2; /* Skip Count */
1006 /* Build display for: Offset */
1008 Offset = GWORD(pd, offset);
1012 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
1016 offset += 4; /* Skip Offset */
1018 /* Build display for: Remaining */
1020 Remaining = GSHORT(pd, offset);
1024 proto_tree_add_text(tree, offset, 2, "Remaining: %u", Remaining);
1028 offset += 2; /* Skip Remaining */
1030 /* Build display for: Byte Count (BCC) */
1032 ByteCount = GSHORT(pd, offset);
1036 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1040 offset += 2; /* Skip Byte Count (BCC) */
1042 /* Build display for: Buffer Format */
1044 BufferFormat = GBYTE(pd, offset);
1048 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
1052 offset += 1; /* Skip Buffer Format */
1054 /* Build display for: Data Length */
1056 DataLength = GSHORT(pd, offset);
1060 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
1064 offset += 2; /* Skip Data Length */
1068 if (dirn == 0) { /* Response(s) dissect code */
1070 /* Build display for: Word Count (WCT) */
1072 WordCount = GBYTE(pd, offset);
1076 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1080 offset += 1; /* Skip Word Count (WCT) */
1082 /* Build display for: Count */
1084 Count = GSHORT(pd, offset);
1088 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
1092 offset += 2; /* Skip Count */
1094 /* Build display for: Byte Count (BCC) */
1096 ByteCount = GSHORT(pd, offset);
1100 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1104 offset += 2; /* Skip Byte Count (BCC) */
1111 dissect_read_mpx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1125 guint16 DataCompactionMode;
1129 if (dirn == 1) { /* Request(s) dissect code */
1131 /* Build display for: Word Count (WCT) */
1133 WordCount = GBYTE(pd, offset);
1137 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1141 offset += 1; /* Skip Word Count (WCT) */
1143 /* Build display for: FID */
1145 FID = GSHORT(pd, offset);
1149 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
1153 offset += 2; /* Skip FID */
1155 /* Build display for: Offset */
1157 Offset = GWORD(pd, offset);
1161 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
1165 offset += 4; /* Skip Offset */
1167 /* Build display for: Max Count */
1169 MaxCount = GSHORT(pd, offset);
1173 proto_tree_add_text(tree, offset, 2, "Max Count: %u", MaxCount);
1177 offset += 2; /* Skip Max Count */
1179 /* Build display for: Min Count */
1181 MinCount = GSHORT(pd, offset);
1185 proto_tree_add_text(tree, offset, 2, "Min Count: %u", MinCount);
1189 offset += 2; /* Skip Min Count */
1191 /* Build display for: Reserved 1 */
1193 Reserved1 = GWORD(pd, offset);
1197 proto_tree_add_text(tree, offset, 4, "Reserved 1: %u", Reserved1);
1201 offset += 4; /* Skip Reserved 1 */
1203 /* Build display for: Reserved 2 */
1205 Reserved2 = GSHORT(pd, offset);
1209 proto_tree_add_text(tree, offset, 2, "Reserved 2: %u", Reserved2);
1213 offset += 2; /* Skip Reserved 2 */
1215 /* Build display for: Byte Count (BCC) */
1217 ByteCount = GSHORT(pd, offset);
1221 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1225 offset += 2; /* Skip Byte Count (BCC) */
1229 if (dirn == 0) { /* Response(s) dissect code */
1231 /* Build display for: Word Count */
1233 WordCount = GBYTE(pd, offset);
1237 proto_tree_add_text(tree, offset, 1, "Word Count: %u", WordCount);
1241 offset += 1; /* Skip Word Count */
1243 if (WordCount > 0) {
1245 /* Build display for: Offset */
1247 Offset = GWORD(pd, offset);
1251 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
1255 offset += 4; /* Skip Offset */
1257 /* Build display for: Count */
1259 Count = GSHORT(pd, offset);
1263 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
1267 offset += 2; /* Skip Count */
1269 /* Build display for: Reserved */
1271 Reserved = GSHORT(pd, offset);
1275 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
1279 offset += 2; /* Skip Reserved */
1281 /* Build display for: Data Compaction Mode */
1283 DataCompactionMode = GSHORT(pd, offset);
1287 proto_tree_add_text(tree, offset, 2, "Data Compaction Mode: %u", DataCompactionMode);
1291 offset += 2; /* Skip Data Compaction Mode */
1293 /* Build display for: Reserved */
1295 Reserved = GSHORT(pd, offset);
1299 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
1303 offset += 2; /* Skip Reserved */
1305 /* Build display for: Data Length */
1307 DataLength = GSHORT(pd, offset);
1311 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
1315 offset += 2; /* Skip Data Length */
1317 /* Build display for: Data Offset */
1319 DataOffset = GSHORT(pd, offset);
1323 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
1327 offset += 2; /* Skip Data Offset */
1331 /* Build display for: Byte Count (BCC) */
1333 ByteCount = GSHORT(pd, offset);
1337 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1341 offset += 2; /* Skip Byte Count (BCC) */
1343 /* Build display for: Pad */
1345 Pad = GBYTE(pd, offset);
1349 proto_tree_add_text(tree, offset, 1, "Pad: %u", Pad);
1353 offset += 1; /* Skip Pad */
1360 dissect_delete_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1364 guint8 BufferFormat;
1366 const char *FileName;
1368 if (dirn == 1) { /* Request(s) dissect code */
1370 /* Build display for: Word Count (WCT) */
1372 WordCount = GBYTE(pd, offset);
1376 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1380 offset += 1; /* Skip Word Count (WCT) */
1382 /* Build display for: Byte Count (BCC) */
1384 ByteCount = GSHORT(pd, offset);
1388 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1392 offset += 2; /* Skip Byte Count (BCC) */
1394 /* Build display for: Buffer Format */
1396 BufferFormat = GBYTE(pd, offset);
1400 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
1404 offset += 1; /* Skip Buffer Format */
1406 /* Build display for: File Name */
1408 FileName = pd + offset;
1412 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
1416 offset += strlen(FileName) + 1; /* Skip File Name */
1420 if (dirn == 0) { /* Response(s) dissect code */
1422 /* Build display for: Word Count (WCT) */
1424 WordCount = GBYTE(pd, offset);
1428 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1432 offset += 1; /* Skip Word Count (WCT) */
1434 /* Build display for: Byte Count (BCC) */
1436 ByteCount = GSHORT(pd, offset);
1440 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1444 offset += 2; /* Skip Byte Count (BCC) */
1451 dissect_query_info2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1454 proto_tree *Attributes_tree;
1457 guint32 FileDataSize;
1458 guint32 FileAllocationSize;
1459 guint16 LastWriteTime;
1460 guint16 LastWriteDate;
1461 guint16 LastAccessTime;
1462 guint16 LastAccessDate;
1464 guint16 CreationTime;
1465 guint16 CreationDate;
1469 if (dirn == 1) { /* Request(s) dissect code */
1471 /* Build display for: Word Count (WCT) */
1473 WordCount = GBYTE(pd, offset);
1477 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1481 offset += 1; /* Skip Word Count (WCT) */
1483 /* Build display for: FID */
1485 FID = GSHORT(pd, offset);
1489 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
1493 offset += 2; /* Skip FID */
1495 /* Build display for: Byte Count */
1497 ByteCount = GSHORT(pd, offset);
1501 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
1505 offset += 2; /* Skip Byte Count */
1509 if (dirn == 0) { /* Response(s) dissect code */
1511 /* Build display for: Word Count (WCT) */
1513 WordCount = GBYTE(pd, offset);
1517 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1521 offset += 1; /* Skip Word Count (WCT) */
1523 if (WordCount > 0) {
1525 /* Build display for: Creation Date */
1527 CreationDate = GSHORT(pd, offset);
1531 proto_tree_add_text(tree, offset, 2, "Creation Date: %u", dissect_dos_date(CreationDate));
1535 offset += 2; /* Skip Creation Date */
1537 /* Build display for: Creation Time */
1539 CreationTime = GSHORT(pd, offset);
1543 proto_tree_add_text(tree, offset, 2, "Creation Time: %u", dissect_dos_time(CreationTime));
1547 offset += 2; /* Skip Creation Time */
1549 /* Build display for: Last Access Date */
1551 LastAccessDate = GSHORT(pd, offset);
1555 proto_tree_add_text(tree, offset, 2, "Last Access Date: %u", dissect_dos_date(LastAccessDate));
1559 offset += 2; /* Skip Last Access Date */
1561 /* Build display for: Last Access Time */
1563 LastAccessTime = GSHORT(pd, offset);
1567 proto_tree_add_text(tree, offset, 2, "Last Access Time: %u", dissect_dos_time(LastAccessTime));
1571 offset += 2; /* Skip Last Access Time */
1573 /* Build display for: Last Write Date */
1575 LastWriteDate = GSHORT(pd, offset);
1579 proto_tree_add_text(tree, offset, 2, "Last Write Date: %u", dissect_dos_date(LastWriteDate));
1583 offset += 2; /* Skip Last Write Date */
1585 /* Build display for: Last Write Time */
1587 LastWriteTime = GSHORT(pd, offset);
1591 proto_tree_add_text(tree, offset, 2, "Last Write Time: %u", dissect_dos_time(LastWriteTime));
1595 offset += 2; /* Skip Last Write Time */
1597 /* Build display for: File Data Size */
1599 FileDataSize = GWORD(pd, offset);
1603 proto_tree_add_text(tree, offset, 4, "File Data Size: %u", FileDataSize);
1607 offset += 4; /* Skip File Data Size */
1609 /* Build display for: File Allocation Size */
1611 FileAllocationSize = GWORD(pd, offset);
1615 proto_tree_add_text(tree, offset, 4, "File Allocation Size: %u", FileAllocationSize);
1619 offset += 4; /* Skip File Allocation Size */
1621 /* Build display for: Attributes */
1623 Attributes = GSHORT(pd, offset);
1627 ti = proto_tree_add_text(tree, offset, 2, "Attributes: 0x%02x", Attributes);
1628 Attributes_tree = proto_item_add_subtree(ti, ETT_SMB_FILEATTRIBUTES);
1629 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1630 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
1631 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1632 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
1633 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1634 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
1635 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1636 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
1637 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1638 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
1639 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
1640 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
1644 offset += 2; /* Skip Attributes */
1648 /* Build display for: Byte Count */
1650 ByteCount = GSHORT(pd, offset);
1654 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
1658 offset += 2; /* Skip Byte Count */
1665 dissect_treecon_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1669 guint8 BufferFormat3;
1670 guint8 BufferFormat2;
1671 guint8 BufferFormat1;
1673 guint16 MaxBufferSize;
1675 const char *SharePath;
1676 const char *Service;
1677 const char *Password;
1679 if (dirn == 1) { /* Request(s) dissect code */
1681 /* Build display for: Word Count (WCT) */
1683 WordCount = GBYTE(pd, offset);
1687 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1691 offset += 1; /* Skip Word Count (WCT) */
1693 /* Build display for: Byte Count (BCC) */
1695 ByteCount = GSHORT(pd, offset);
1699 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1703 offset += 2; /* Skip Byte Count (BCC) */
1705 /* Build display for: BufferFormat1 */
1707 BufferFormat1 = GBYTE(pd, offset);
1711 proto_tree_add_text(tree, offset, 1, "BufferFormat1: %u", BufferFormat1);
1715 offset += 1; /* Skip BufferFormat1 */
1717 /* Build display for: Share Path */
1719 SharePath = pd + offset;
1723 proto_tree_add_text(tree, offset, strlen(SharePath) + 1, "Share Path: %s", SharePath);
1727 offset += strlen(SharePath) + 1; /* Skip Share Path */
1729 /* Build display for: BufferFormat2 */
1731 BufferFormat2 = GBYTE(pd, offset);
1735 proto_tree_add_text(tree, offset, 1, "BufferFormat2: %u", BufferFormat2);
1739 offset += 1; /* Skip BufferFormat2 */
1741 /* Build display for: Password */
1743 Password = pd + offset;
1747 proto_tree_add_text(tree, offset, strlen(Password) + 1, "Password: %s", Password);
1751 offset += strlen(Password) + 1; /* Skip Password */
1753 /* Build display for: BufferFormat3 */
1755 BufferFormat3 = GBYTE(pd, offset);
1759 proto_tree_add_text(tree, offset, 1, "BufferFormat3: %u", BufferFormat3);
1763 offset += 1; /* Skip BufferFormat3 */
1765 /* Build display for: Service */
1767 Service = pd + offset;
1771 proto_tree_add_text(tree, offset, strlen(Service) + 1, "Service: %s", Service);
1775 offset += strlen(Service) + 1; /* Skip Service */
1779 if (dirn == 0) { /* Response(s) dissect code */
1781 /* Build display for: Word Count (WCT) */
1783 WordCount = GBYTE(pd, offset);
1787 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1791 if (errcode != 0) return;
1793 offset += 1; /* Skip Word Count (WCT) */
1795 /* Build display for: Max Buffer Size */
1797 MaxBufferSize = GSHORT(pd, offset);
1801 proto_tree_add_text(tree, offset, 2, "Max Buffer Size: %u", MaxBufferSize);
1805 offset += 2; /* Skip Max Buffer Size */
1807 /* Build display for: TID */
1809 TID = GSHORT(pd, offset);
1813 proto_tree_add_text(tree, offset, 2, "TID: %u", TID);
1817 offset += 2; /* Skip TID */
1819 /* Build display for: Byte Count (BCC) */
1821 ByteCount = GSHORT(pd, offset);
1825 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
1829 offset += 2; /* Skip Byte Count (BCC) */
1835 /* Generated by build-dissect.pl Vesion 0.6 27-Jun-1999, ACT */
1837 dissect_ssetup_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
1840 proto_tree *Capabilities_tree;
1843 guint8 AndXReserved;
1844 guint8 AndXCommand = 0xFF;
1847 guint32 Capabilities;
1849 guint16 UNICODEAccountPasswordLength;
1850 guint16 PasswordLen;
1851 guint16 MaxMpxCount;
1852 guint16 MaxBufferSize;
1856 guint16 ANSIAccountPasswordLength;
1857 const char *UNICODEPassword;
1858 const char *PrimaryDomain;
1859 const char *NativeOS;
1860 const char *NativeLanManType;
1861 const char *NativeLanMan;
1862 const char *AccountName;
1863 const char *ANSIPassword;
1865 if (dirn == 1) { /* Request(s) dissect code */
1867 WordCount = GBYTE(pd, offset);
1869 switch (WordCount) {
1873 /* Build display for: Word Count (WCT) */
1875 WordCount = GBYTE(pd, offset);
1879 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
1883 offset += 1; /* Skip Word Count (WCT) */
1885 /* Build display for: AndXCommand */
1887 AndXCommand = GBYTE(pd, offset);
1891 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
1892 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
1896 offset += 1; /* Skip AndXCommand */
1898 /* Build display for: AndXReserved */
1900 AndXReserved = GBYTE(pd, offset);
1904 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
1908 offset += 1; /* Skip AndXReserved */
1910 /* Build display for: AndXOffset */
1912 AndXOffset = GSHORT(pd, offset);
1916 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
1920 offset += 2; /* Skip AndXOffset */
1922 /* Build display for: MaxBufferSize */
1924 MaxBufferSize = GSHORT(pd, offset);
1928 proto_tree_add_text(tree, offset, 2, "MaxBufferSize: %u", MaxBufferSize);
1932 offset += 2; /* Skip MaxBufferSize */
1934 /* Build display for: MaxMpxCount */
1936 MaxMpxCount = GSHORT(pd, offset);
1940 proto_tree_add_text(tree, offset, 2, "MaxMpxCount: %u", MaxMpxCount);
1944 offset += 2; /* Skip MaxMpxCount */
1946 /* Build display for: VcNumber */
1948 VcNumber = GSHORT(pd, offset);
1952 proto_tree_add_text(tree, offset, 2, "VcNumber: %u", VcNumber);
1956 offset += 2; /* Skip VcNumber */
1958 /* Build display for: SessionKey */
1960 SessionKey = GWORD(pd, offset);
1964 proto_tree_add_text(tree, offset, 4, "SessionKey: %u", SessionKey);
1968 offset += 4; /* Skip SessionKey */
1970 /* Build display for: PasswordLen */
1972 PasswordLen = GSHORT(pd, offset);
1976 proto_tree_add_text(tree, offset, 2, "PasswordLen: %u", PasswordLen);
1980 offset += 2; /* Skip PasswordLen */
1982 /* Build display for: Reserved */
1984 Reserved = GWORD(pd, offset);
1988 proto_tree_add_text(tree, offset, 4, "Reserved: %u", Reserved);
1992 offset += 4; /* Skip Reserved */
1994 /* Build display for: Byte Count (BCC) */
1996 ByteCount = GSHORT(pd, offset);
2000 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
2004 offset += 2; /* Skip Byte Count (BCC) */
2006 if (ByteCount > 0) {
2008 /* Build display for: AccountName */
2010 AccountName = pd + offset;
2014 proto_tree_add_text(tree, offset, strlen(AccountName) + 1, "AccountName: %s", AccountName);
2018 offset += strlen(AccountName) + 1; /* Skip AccountName */
2020 /* Build display for: PrimaryDomain */
2022 PrimaryDomain = pd + offset;
2026 proto_tree_add_text(tree, offset, strlen(PrimaryDomain) + 1, "PrimaryDomain: %s", PrimaryDomain);
2030 offset += strlen(PrimaryDomain) + 1; /* Skip PrimaryDomain */
2032 /* Build display for: NativeOS */
2034 NativeOS = pd + offset;
2038 proto_tree_add_text(tree, offset, strlen(NativeOS) + 1, "NativeOS: %s", NativeOS);
2042 offset += strlen(NativeOS) + 1; /* Skip NativeOS */
2050 /* Build display for: Word Count (WCT) */
2052 WordCount = GBYTE(pd, offset);
2056 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
2060 offset += 1; /* Skip Word Count (WCT) */
2062 /* Build display for: AndXCommand */
2064 AndXCommand = GBYTE(pd, offset);
2068 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
2069 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
2073 offset += 1; /* Skip AndXCommand */
2075 /* Build display for: AndXReserved */
2077 AndXReserved = GBYTE(pd, offset);
2081 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
2085 offset += 1; /* Skip AndXReserved */
2087 /* Build display for: AndXOffset */
2089 AndXOffset = GSHORT(pd, offset);
2093 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
2097 offset += 2; /* Skip AndXOffset */
2099 /* Build display for: MaxBufferSize */
2101 MaxBufferSize = GSHORT(pd, offset);
2105 proto_tree_add_text(tree, offset, 2, "MaxBufferSize: %u", MaxBufferSize);
2109 offset += 2; /* Skip MaxBufferSize */
2111 /* Build display for: MaxMpxCount */
2113 MaxMpxCount = GSHORT(pd, offset);
2117 proto_tree_add_text(tree, offset, 2, "MaxMpxCount: %u", MaxMpxCount);
2121 offset += 2; /* Skip MaxMpxCount */
2123 /* Build display for: VcNumber */
2125 VcNumber = GSHORT(pd, offset);
2129 proto_tree_add_text(tree, offset, 2, "VcNumber: %u", VcNumber);
2133 offset += 2; /* Skip VcNumber */
2135 /* Build display for: SessionKey */
2137 SessionKey = GWORD(pd, offset);
2141 proto_tree_add_text(tree, offset, 4, "SessionKey: %u", SessionKey);
2145 offset += 4; /* Skip SessionKey */
2147 /* Build display for: ANSI Account Password Length */
2149 ANSIAccountPasswordLength = GSHORT(pd, offset);
2153 proto_tree_add_text(tree, offset, 2, "ANSI Account Password Length: %u", ANSIAccountPasswordLength);
2157 offset += 2; /* Skip ANSI Account Password Length */
2159 /* Build display for: UNICODE Account Password Length */
2161 UNICODEAccountPasswordLength = GSHORT(pd, offset);
2165 proto_tree_add_text(tree, offset, 2, "UNICODE Account Password Length: %u", UNICODEAccountPasswordLength);
2169 offset += 2; /* Skip UNICODE Account Password Length */
2171 /* Build display for: Reserved */
2173 Reserved = GWORD(pd, offset);
2177 proto_tree_add_text(tree, offset, 4, "Reserved: %u", Reserved);
2181 offset += 4; /* Skip Reserved */
2183 /* Build display for: Capabilities */
2185 Capabilities = GWORD(pd, offset);
2189 ti = proto_tree_add_text(tree, offset, 4, "Capabilities: 0x%04x", Capabilities);
2190 Capabilities_tree = proto_item_add_subtree(ti, ETT_SMB_CAPABILITIES);
2191 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2192 decode_boolean_bitfield(Capabilities, 0x0001, 32, " Raw Mode supported", " Raw Mode not supported"));
2193 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2194 decode_boolean_bitfield(Capabilities, 0x0002, 32, " Raw Mode supported", " MPX Mode not supported"));
2195 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2196 decode_boolean_bitfield(Capabilities, 0x0004, 32," Unicode supported", " Unicode not supported"));
2197 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2198 decode_boolean_bitfield(Capabilities, 0x0008, 32, " Large Files supported", " Large Files not supported"));
2199 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2200 decode_boolean_bitfield(Capabilities, 0x0010, 32, " NT LM 0.12 SMBs supported", " NT LM 0.12 SMBs not supported"));
2201 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2202 decode_boolean_bitfield(Capabilities, 0x0020, 32, " RPC Remote APIs supported", " RPC Remote APIs not supported"));
2203 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2204 decode_boolean_bitfield(Capabilities, 0x0040, 32, " NT Status Codes supported", " NT Status Codes not supported"));
2205 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2206 decode_boolean_bitfield(Capabilities, 0x0080, 32, " Level 2 OpLocks supported", " Level 2 OpLocks not supported"));
2207 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2208 decode_boolean_bitfield(Capabilities, 0x0100, 32, " Lock&Read supported", " Lock&Read not supported"));
2209 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2210 decode_boolean_bitfield(Capabilities, 0x0200, 32, " NT Find supported", " NT Find not supported"));
2211 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2212 decode_boolean_bitfield(Capabilities, 0x1000, 32, " DFS supported", " DFS not supported"));
2213 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2214 decode_boolean_bitfield(Capabilities, 0x4000, 32, " Large READX supported", " Large READX not supported"));
2215 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2216 decode_boolean_bitfield(Capabilities, 0x8000, 32, " Large WRITEX supported", " Large WRITEX not supported"));
2217 proto_tree_add_text(Capabilities_tree, offset, 4, "%s",
2218 decode_boolean_bitfield(Capabilities, 0x80000000, 32, " Extended Security Exchanges supported", " Extended Security Exchanges not supported"));
2222 offset += 4; /* Skip Capabilities */
2224 /* Build display for: Byte Count */
2226 ByteCount = GSHORT(pd, offset);
2230 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
2234 offset += 2; /* Skip Byte Count */
2236 if (ByteCount > 0) {
2238 /* Build display for: ANSI Password */
2240 ANSIPassword = pd + offset;
2244 proto_tree_add_text(tree, offset, strlen(ANSIPassword) + 1, "ANSI Password: %s", ANSIPassword);
2248 offset += ANSIAccountPasswordLength; /* Skip ANSI Password */
2250 /* Build display for: UNICODE Password */
2252 UNICODEPassword = pd + offset;
2254 if (UNICODEAccountPasswordLength > 0) {
2258 proto_tree_add_text(tree, offset, strlen(UNICODEPassword) + 1, "UNICODE Password: %s", UNICODEPassword);
2262 offset += strlen(UNICODEPassword) + 1; /* Skip UNICODE Password */
2266 /* Build display for: Account Name */
2268 AccountName = pd + offset;
2272 proto_tree_add_text(tree, offset, strlen(AccountName) + 1, "Account Name: %s", AccountName);
2276 offset += strlen(AccountName) + 1; /* Skip Account Name */
2278 /* Build display for: Primary Domain */
2280 PrimaryDomain = pd + offset;
2284 proto_tree_add_text(tree, offset, strlen(PrimaryDomain) + 1, "Primary Domain: %s", PrimaryDomain);
2288 offset += strlen(PrimaryDomain) + 1; /* Skip Primary Domain */
2290 /* Build display for: Native OS */
2292 NativeOS = pd + offset;
2296 proto_tree_add_text(tree, offset, strlen(NativeOS) + 1, "Native OS: %s", NativeOS);
2300 offset += strlen(NativeOS) + 1; /* Skip Native OS */
2302 /* Build display for: Native LanMan Type */
2304 NativeLanManType = pd + offset;
2308 proto_tree_add_text(tree, offset, strlen(NativeLanManType) + 1, "Native LanMan Type: %s", NativeLanManType);
2312 offset += strlen(NativeLanManType) + 1; /* Skip Native LanMan Type */
2321 if (AndXCommand != 0xFF) {
2323 (dissect[AndXCommand])(pd, offset, fd, tree, si, max_data, SMB_offset, errcode, dirn);
2329 if (dirn == 0) { /* Response(s) dissect code */
2331 /* Build display for: Word Count (WCT) */
2333 WordCount = GBYTE(pd, offset);
2337 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
2341 offset += 1; /* Skip Word Count (WCT) */
2343 if (WordCount > 0) {
2345 /* Build display for: AndXCommand */
2347 AndXCommand = GBYTE(pd, offset);
2351 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
2352 (AndXCommand == 0xFF ? "No futher commands" : decode_smb_name(AndXCommand)));
2356 offset += 1; /* Skip AndXCommand */
2358 /* Build display for: AndXReserved */
2360 AndXReserved = GBYTE(pd, offset);
2364 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
2368 offset += 1; /* Skip AndXReserved */
2370 /* Build display for: AndXOffset */
2372 AndXOffset = GSHORT(pd, offset);
2376 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
2381 offset += 2; /* Skip AndXOffset */
2383 /* Build display for: Action */
2385 Action = GSHORT(pd, offset);
2389 proto_tree_add_text(tree, offset, 2, "Action: %u", Action);
2393 offset += 2; /* Skip Action */
2397 /* Build display for: Byte Count (BCC) */
2399 ByteCount = GSHORT(pd, offset);
2403 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
2407 if (errcode != 0 && WordCount == 0xFF) return; /* No more here ... */
2409 offset += 2; /* Skip Byte Count (BCC) */
2411 if (ByteCount > 0) {
2413 /* Build display for: NativeOS */
2415 NativeOS = pd + offset;
2419 proto_tree_add_text(tree, offset, strlen(NativeOS) + 1, "NativeOS: %s", NativeOS);
2423 offset += strlen(NativeOS) + 1; /* Skip NativeOS */
2425 /* Build display for: NativeLanMan */
2427 NativeLanMan = pd + offset;
2431 proto_tree_add_text(tree, offset, strlen(NativeLanMan) + 1, "NativeLanMan: %s", NativeLanMan);
2435 offset += strlen(NativeLanMan) + 1; /* Skip NativeLanMan */
2437 /* Build display for: PrimaryDomain */
2439 PrimaryDomain = pd + offset;
2443 proto_tree_add_text(tree, offset, strlen(PrimaryDomain) + 1, "PrimaryDomain: %s", PrimaryDomain);
2447 offset += strlen(PrimaryDomain) + 1; /* Skip PrimaryDomain */
2451 if (AndXCommand != 0xFF) {
2453 (dissect[AndXCommand])(pd, offset, fd, tree, si, max_data, SMB_offset, errcode, dirn);
2462 dissect_tcon_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
2465 guint8 wct, andxcmd;
2466 guint16 andxoffs, flags, passwdlen, bcc, optionsup;
2468 proto_tree *flags_tree;
2473 /* Now figure out what format we are talking about, 2, 3, or 4 response
2477 if (!((dirn == 1) && (wct == 4)) && !((dirn == 0) && (wct == 2)) &&
2478 !((dirn == 0) && (wct == 3)) && !(wct == 0)) {
2482 proto_tree_add_text(tree, offset, 1, "Invalid TCON_ANDX format. WCT should be 0, 2, 3, or 4 ..., not %u", wct);
2484 proto_tree_add_text(tree, offset, END_OF_FRAME, "Data");
2494 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", wct);
2502 andxcmd = pd[offset];
2506 proto_tree_add_text(tree, offset, 1, "Next Command: %s",
2507 (andxcmd == 0xFF) ? "No further commands":
2508 decode_smb_name(andxcmd));
2510 proto_tree_add_text(tree, offset + 1, 1, "Reserved (MBZ): %u", pd[offset+1]);
2516 andxoffs = GSHORT(pd, offset);
2520 proto_tree_add_text(tree, offset, 2, "Offset to next command: %u", andxoffs);
2532 bcc = GSHORT(pd, offset);
2536 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2544 flags = GSHORT(pd, offset);
2548 ti = proto_tree_add_text(tree, offset, 2, "Additional Flags: 0x%02x", flags);
2549 flags_tree = proto_item_add_subtree(ti, ETT_SMB_AFLAGS);
2550 proto_tree_add_text(flags_tree, offset, 2, "%s",
2551 decode_boolean_bitfield(flags, 0x01, 16,
2553 "Don't disconnect TID"));
2559 passwdlen = GSHORT(pd, offset);
2563 proto_tree_add_text(tree, offset, 2, "Password Length: %u", passwdlen);
2569 bcc = GSHORT(pd, offset);
2573 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2583 proto_tree_add_text(tree, offset, strlen(str) + 1, "Password: %s", format_text(str, passwdlen));
2587 offset += passwdlen;
2593 proto_tree_add_text(tree, offset, strlen(str) + 1, "Path: %s", str);
2597 offset += strlen(str) + 1;
2603 proto_tree_add_text(tree, offset, strlen(str) + 1, "Service: %s", str);
2611 bcc = GSHORT(pd, offset);
2615 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2625 proto_tree_add_text(tree, offset, strlen(str) + 1, "Service Type: %s",
2630 offset += strlen(str) + 1;
2636 optionsup = GSHORT(pd, offset);
2638 if (tree) { /* Should break out the bits */
2640 proto_tree_add_text(tree, offset, 2, "Optional Support: 0x%04x",
2647 bcc = GSHORT(pd, offset);
2651 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2661 proto_tree_add_text(tree, offset, strlen(str) + 1, "Service: %s", str);
2665 offset += strlen(str) + 1;
2671 proto_tree_add_text(tree, offset, strlen(str) + 1, "Native File System: %s", str);
2675 offset += strlen(str) + 1;
2685 if (andxcmd != 0xFF) /* Process that next command ... ??? */
2687 (dissect[andxcmd])(pd, offset, fd, tree, si, max_data - offset, SMB_offset, errcode, dirn);
2692 dissect_negprot_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
2694 guint8 wct, enckeylen;
2695 guint16 bcc, mode, rawmode, dialect;
2697 proto_tree *dialects = NULL, *mode_tree, *caps_tree, *rawmode_tree;
2703 wct = pd[offset]; /* Should be 0, 1 or 13 or 17, I think */
2705 if (!((wct == 0) && (dirn == 1)) && !((wct == 1) && (dirn == 0)) &&
2706 !((wct == 13) && (dirn == 0)) && !((wct == 17) && (dirn == 0))) {
2709 proto_tree_add_text(tree, offset, 1, "Invalid Negotiate Protocol format. WCT should be zero or 1 or 13 or 17 ..., not %u", wct);
2711 proto_tree_add_text(tree, offset, END_OF_FRAME, "Data");
2719 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %d", wct);
2723 if (dirn == 0 && errcode != 0) return; /* No more info ... */
2727 /* Now decode the various formats ... */
2731 case 0: /* A request */
2733 bcc = GSHORT(pd, offset);
2737 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2745 ti = proto_tree_add_text(tree, offset, END_OF_FRAME, "Dialects");
2746 dialects = proto_item_add_subtree(ti, ETT_SMB_DIALECTS);
2750 while (IS_DATA_IN_FRAME(offset)) {
2755 proto_tree_add_text(dialects, offset, 1, "Dialect Marker: %d", pd[offset]);
2765 proto_tree_add_text(dialects, offset, strlen(str)+1, "Dialect: %s", str);
2769 offset += strlen(str) + 1;
2774 case 1: /* PC NETWORK PROGRAM 1.0 */
2776 dialect = GSHORT(pd, offset);
2778 if (tree) { /* Hmmmm, what if none of the dialects is recognized */
2780 if (dialect == 0xFFFF) { /* Server didn't like them dialects */
2782 proto_tree_add_text(tree, offset, 2, "Supplied dialects not recognized");
2787 proto_tree_add_text(tree, offset, 2, "Dialect Index: %u, PC NETWORK PROTGRAM 1.0", dialect);
2795 bcc = GSHORT(pd, offset);
2799 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2805 case 13: /* Greater than Core and up to and incl LANMAN2.1 */
2809 proto_tree_add_text(tree, offset, 2, "Dialect Index: %u, Greater than CORE PROTOCOL and up to LANMAN2.1", GSHORT(pd, offset));
2813 /* Much of this is similar to response 17 below */
2817 mode = GSHORT(pd, offset);
2821 ti = proto_tree_add_text(tree, offset, 2, "Security Mode: 0x%04x", mode);
2822 mode_tree = proto_item_add_subtree(ti, ETT_SMB_MODE);
2823 proto_tree_add_text(mode_tree, offset, 2, "%s",
2824 decode_boolean_bitfield(mode, 0x0001, 16,
2826 "Security = Share"));
2827 proto_tree_add_text(mode_tree, offset, 2, "%s",
2828 decode_boolean_bitfield(mode, 0x0002, 16,
2829 "Passwords = Encrypted",
2830 "Passwords = Plaintext"));
2838 proto_tree_add_text(tree, offset, 2, "Max buffer size: %u", GSHORT(pd, offset));
2846 proto_tree_add_text(tree, offset, 2, "Max multiplex count: %u", GSHORT(pd, offset));
2854 proto_tree_add_text(tree, offset, 2, "Max vcs: %u", GSHORT(pd, offset));
2860 rawmode = GSHORT(pd, offset);
2864 ti = proto_tree_add_text(tree, offset, 2, "Raw Mode: 0x%04x", rawmode);
2865 rawmode_tree = proto_item_add_subtree(ti, ETT_SMB_RAWMODE);
2866 proto_tree_add_text(rawmode_tree, offset, 2, "%s",
2867 decode_boolean_bitfield(rawmode, 0x01, 16,
2868 "Read Raw supported",
2869 "Read Raw not supported"));
2870 proto_tree_add_text(rawmode_tree, offset, 2, "%s",
2871 decode_boolean_bitfield(rawmode, 0x02, 16,
2872 "Write Raw supported",
2873 "Write Raw not supported"));
2881 proto_tree_add_text(tree, offset, 4, "Session key: %08x", GWORD(pd, offset));
2887 /* Now the server time, two short parameters ... */
2891 proto_tree_add_text(tree, offset, 2, "Server Time: %s",
2892 dissect_dos_time(GSHORT(pd, offset)));
2893 proto_tree_add_text(tree, offset + 2, 2, "Server Date: %s",
2894 dissect_dos_date(GSHORT(pd, offset + 2)));
2900 /* Server Time Zone, SHORT */
2904 proto_tree_add_text(tree, offset, 2, "Server time zone: %i min from UTC",
2905 (signed)GSSHORT(pd, offset));
2911 /* Challenge Length */
2913 enckeylen = GSHORT(pd, offset);
2917 proto_tree_add_text(tree, offset, 2, "Challenge Length: %u", enckeylen);
2925 proto_tree_add_text(tree, offset, 2, "Reserved: %u (MBZ)", GSHORT(pd, offset));
2931 bcc = GSHORT(pd, offset);
2935 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", bcc);
2941 if (enckeylen) { /* only if non-zero key len */
2947 proto_tree_add_text(tree, offset, enckeylen, "Challenge: %s",
2948 bytes_to_str(str, enckeylen));
2951 offset += enckeylen;
2955 /* Primary Domain ... */
2961 proto_tree_add_text(tree, offset, strlen(str)+1, "Primary Domain: %s", str);
2967 case 17: /* Greater than LANMAN2.1 */
2971 proto_tree_add_text(tree, offset, 2, "Dialect Index: %u, Greater than LANMAN2.1", GSHORT(pd, offset));
2977 mode = GBYTE(pd, offset);
2981 ti = proto_tree_add_text(tree, offset, 1, "Security Mode: 0x%02x", mode);
2982 mode_tree = proto_item_add_subtree(ti, ETT_SMB_MODE);
2983 proto_tree_add_text(mode_tree, offset, 1, "%s",
2984 decode_boolean_bitfield(mode, 0x01, 8,
2986 "Security = Share"));
2987 proto_tree_add_text(mode_tree, offset, 1, "%s",
2988 decode_boolean_bitfield(mode, 0x02, 8,
2989 "Passwords = Encrypted",
2990 "Passwords = Plaintext"));
2991 proto_tree_add_text(mode_tree, offset, 1, "%s",
2992 decode_boolean_bitfield(mode, 0x04, 8,
2993 "Security signatures enabled",
2994 "Security signatures not enabled"));
2995 proto_tree_add_text(mode_tree, offset, 1, "%s",
2996 decode_boolean_bitfield(mode, 0x08, 8,
2997 "Security signatures required",
2998 "Security signatures not required"));
3006 proto_tree_add_text(tree, offset, 2, "Max multiplex count: %u", GSHORT(pd, offset));
3014 proto_tree_add_text(tree, offset, 2, "Max vcs: %u", GSHORT(pd, offset));
3022 proto_tree_add_text(tree, offset, 2, "Max buffer size: %u", GWORD(pd, offset));
3030 proto_tree_add_text(tree, offset, 4, "Max raw size: %u", GWORD(pd, offset));
3038 proto_tree_add_text(tree, offset, 4, "Session key: %08x", GWORD(pd, offset));
3044 caps = GWORD(pd, offset);
3048 ti = proto_tree_add_text(tree, offset, 4, "Capabilities: 0x%04x", caps);
3049 caps_tree = proto_item_add_subtree(ti, ETT_SMB_CAPABILITIES);
3050 proto_tree_add_text(caps_tree, offset, 4, "%s",
3051 decode_boolean_bitfield(caps, 0x0001, 32,
3052 "Raw Mode supported",
3053 "Raw Mode not supported"));
3054 proto_tree_add_text(caps_tree, offset, 4, "%s",
3055 decode_boolean_bitfield(caps, 0x0002, 32,
3056 "MPX Mode supported",
3057 "MPX Mode not supported"));
3058 proto_tree_add_text(caps_tree, offset, 4, "%s",
3059 decode_boolean_bitfield(caps, 0x0004, 32,
3060 "Unicode supported",
3061 "Unicode not supported"));
3062 proto_tree_add_text(caps_tree, offset, 4, "%s",
3063 decode_boolean_bitfield(caps, 0x0008, 32,
3064 "Large files supported",
3065 "Large files not supported"));
3066 proto_tree_add_text(caps_tree, offset, 4, "%s",
3067 decode_boolean_bitfield(caps, 0x0010, 32,
3068 "NT LM 0.12 SMBs supported",
3069 "NT LM 0.12 SMBs not supported"));
3070 proto_tree_add_text(caps_tree, offset, 4, "%s",
3071 decode_boolean_bitfield(caps, 0x0020, 32,
3072 "RPC remote APIs supported",
3073 "RPC remote APIs not supported"));
3074 proto_tree_add_text(caps_tree, offset, 4, "%s",
3075 decode_boolean_bitfield(caps, 0x0040, 32,
3076 "NT status codes supported",
3077 "NT status codes not supported"));
3078 proto_tree_add_text(caps_tree, offset, 4, "%s",
3079 decode_boolean_bitfield(caps, 0x0080, 32,
3080 "Level 2 OpLocks supported",
3081 "Level 2 OpLocks not supported"));
3082 proto_tree_add_text(caps_tree, offset, 4, "%s",
3083 decode_boolean_bitfield(caps, 0x0100, 32,
3084 "Lock&Read supported",
3085 "Lock&Read not supported"));
3086 proto_tree_add_text(caps_tree, offset, 4, "%s",
3087 decode_boolean_bitfield(caps, 0x0200, 32,
3088 "NT Find supported",
3089 "NT Find not supported"));
3090 proto_tree_add_text(caps_tree, offset, 4, "%s",
3091 decode_boolean_bitfield(caps, 0x1000, 32,
3093 "DFS not supported"));
3094 proto_tree_add_text(caps_tree, offset, 4, "%s",
3095 decode_boolean_bitfield(caps, 0x4000, 32,
3096 "Large READX supported",
3097 "Large READX not supported"));
3098 proto_tree_add_text(caps_tree, offset, 4, "%s",
3099 decode_boolean_bitfield(caps, 0x8000, 32,
3100 "Large WRITEX supported",
3101 "Large WRITEX not supported"));
3102 proto_tree_add_text(caps_tree, offset, 4, "%s",
3103 decode_boolean_bitfield(caps, 0x80000000, 32,
3104 "Extended security exchanges supported",
3105 "Extended security exchanges not supported"));
3110 /* Server time, 2 WORDS */
3114 proto_tree_add_text(tree, offset, 4, "System Time Low: 0x%08x", GWORD(pd, offset));
3115 proto_tree_add_text(tree, offset + 4, 4, "System Time High: 0x%08x", GWORD(pd, offset + 4));
3121 /* Server Time Zone, SHORT */
3125 proto_tree_add_text(tree, offset, 2, "Server time zone: %i min from UTC",
3126 (signed)GSSHORT(pd, offset));
3132 /* Encryption key len */
3134 enckeylen = pd[offset];
3138 proto_tree_add_text(tree, offset, 1, "Encryption key len: %u", enckeylen);
3144 bcc = GSHORT(pd, offset);
3148 proto_tree_add_text(tree, offset, 2, "Byte count (BCC): %u", bcc);
3154 if (enckeylen) { /* only if non-zero key len */
3156 /* Encryption challenge key */
3162 proto_tree_add_text(tree, offset, enckeylen, "Challenge encryption key: %s",
3163 bytes_to_str(str, enckeylen));
3167 offset += enckeylen;
3171 /* The domain, a null terminated string; Unicode if "caps" has
3172 the 0x0004 bit set, ASCII (OEM character set) otherwise.
3173 XXX - for now, we just handle the ISO 8859-1 subset of Unicode. */
3179 if (caps & 0x0004) {
3180 ustr = unicode_to_str(str, &ustr_len);
3181 proto_tree_add_text(tree, offset, ustr_len+2, "OEM domain name: %s", ustr);
3183 proto_tree_add_text(tree, offset, strlen(str)+1, "OEM domain name: %s", str);
3190 default: /* Baddd */
3193 proto_tree_add_text(tree, offset, 1, "Bad format, should never get here");
3201 dissect_deletedir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3205 guint8 BufferFormat;
3207 const char *DirectoryName;
3209 if (dirn == 1) { /* Request(s) dissect code */
3211 /* Build display for: Word Count (WCT) */
3213 WordCount = GBYTE(pd, offset);
3217 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3221 offset += 1; /* Skip Word Count (WCT) */
3223 /* Build display for: Byte Count (BCC) */
3225 ByteCount = GSHORT(pd, offset);
3229 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3233 offset += 2; /* Skip Byte Count (BCC) */
3235 /* Build display for: Buffer Format */
3237 BufferFormat = GBYTE(pd, offset);
3241 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
3245 offset += 1; /* Skip Buffer Format */
3247 /* Build display for: Directory Name */
3249 DirectoryName = pd + offset;
3253 proto_tree_add_text(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3257 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3261 if (dirn == 0) { /* Response(s) dissect code */
3263 /* Build display for: Word Count (WCT) */
3265 WordCount = GBYTE(pd, offset);
3269 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3273 offset += 1; /* Skip Word Count (WCT) */
3275 /* Build display for: Byte Count (BCC) */
3277 ByteCount = GSHORT(pd, offset);
3281 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3285 offset += 2; /* Skip Byte Count (BCC) */
3292 dissect_createdir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3296 guint8 BufferFormat;
3298 const char *DirectoryName;
3300 if (dirn == 1) { /* Request(s) dissect code */
3302 /* Build display for: Word Count (WCT) */
3304 WordCount = GBYTE(pd, offset);
3308 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3312 offset += 1; /* Skip Word Count (WCT) */
3314 /* Build display for: Byte Count (BCC) */
3316 ByteCount = GSHORT(pd, offset);
3320 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3324 offset += 2; /* Skip Byte Count (BCC) */
3326 /* Build display for: Buffer Format */
3328 BufferFormat = GBYTE(pd, offset);
3332 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
3336 offset += 1; /* Skip Buffer Format */
3338 /* Build display for: Directory Name */
3340 DirectoryName = pd + offset;
3344 proto_tree_add_text(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3348 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3352 if (dirn == 0) { /* Response(s) dissect code */
3354 /* Build display for: Word Count (WCT) */
3356 WordCount = GBYTE(pd, offset);
3360 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3364 offset += 1; /* Skip Word Count (WCT) */
3366 /* Build display for: Byte Count (BCC) */
3368 ByteCount = GSHORT(pd, offset);
3372 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3376 offset += 2; /* Skip Byte Count (BCC) */
3383 dissect_checkdir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3387 guint8 BufferFormat;
3389 const char *DirectoryName;
3391 if (dirn == 1) { /* Request(s) dissect code */
3393 /* Build display for: Word Count (WCT) */
3395 WordCount = GBYTE(pd, offset);
3399 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3403 offset += 1; /* Skip Word Count (WCT) */
3405 /* Build display for: Byte Count (BCC) */
3407 ByteCount = GSHORT(pd, offset);
3411 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3415 offset += 2; /* Skip Byte Count (BCC) */
3417 /* Build display for: Buffer Format */
3419 BufferFormat = GBYTE(pd, offset);
3423 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
3427 offset += 1; /* Skip Buffer Format */
3429 /* Build display for: Directory Name */
3431 DirectoryName = pd + offset;
3435 proto_tree_add_text(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
3439 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
3443 if (dirn == 0) { /* Response(s) dissect code */
3445 /* Build display for: Word Count (WCT) */
3447 WordCount = GBYTE(pd, offset);
3451 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3455 offset += 1; /* Skip Word Count (WCT) */
3457 /* Build display for: Byte Count (BCC) */
3459 ByteCount = GSHORT(pd, offset);
3463 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
3467 offset += 2; /* Skip Byte Count (BCC) */
3474 dissect_open_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
3477 static const value_string OpenFunction_0x10[] = {
3478 { 0, "Fail if file does not exist"},
3479 { 16, "Create file if it does not exist"},
3482 static const value_string OpenFunction_0x03[] = {
3483 { 0, "Fail if file exists"},
3484 { 1, "Open file if it exists"},
3485 { 2, "Truncate File if it exists"},
3488 static const value_string FileType_0xFFFF[] = {
3489 { 0, "Disk file or directory"},
3490 { 1, "Named pipe in byte mode"},
3491 { 2, "Named pipe in message mode"},
3492 { 3, "Spooled printer"},
3495 static const value_string DesiredAccess_0x70[] = {
3496 { 00, "Compatibility mode"},
3497 { 16, "Deny read/write/execute (exclusive)"},
3498 { 32, "Deny write"},
3499 { 48, "Deny read/execute"},
3503 static const value_string DesiredAccess_0x700[] = {
3504 { 0, "Locality of reference unknown"},
3505 { 256, "Mainly sequential access"},
3506 { 512, "Mainly random access"},
3507 { 768, "Random access with some locality"},
3510 static const value_string DesiredAccess_0x4000[] = {
3511 { 0, "Write through mode disabled"},
3512 { 16384, "Write through mode enabled"},
3515 static const value_string DesiredAccess_0x1000[] = {
3516 { 0, "Normal file (caching permitted)"},
3517 { 4096, "Do not cache this file"},
3520 static const value_string DesiredAccess_0x07[] = {
3521 { 0, "Open for reading"},
3522 { 1, "Open for writing"},
3523 { 2, "Open for reading and writing"},
3524 { 3, "Open for execute"},
3527 static const value_string Action_0x8000[] = {
3528 { 0, "File opened by another user (or mode not supported by server)"},
3529 { 32768, "File is opened only by this user at present"},
3532 static const value_string Action_0x0003[] = {
3533 { 0, "No action taken?"},
3534 { 1, "The file existed and was opened"},
3535 { 2, "The file did not exist but was created"},
3536 { 3, "The file existed and was truncated"},
3539 proto_tree *Search_tree;
3540 proto_tree *OpenFunction_tree;
3541 proto_tree *Flags_tree;
3542 proto_tree *File_tree;
3543 proto_tree *FileType_tree;
3544 proto_tree *FileAttributes_tree;
3545 proto_tree *DesiredAccess_tree;
3546 proto_tree *Action_tree;
3549 guint8 BufferFormat;
3550 guint8 AndXReserved;
3551 guint8 AndXCommand = 0xFF;
3556 guint32 AllocatedSize;
3559 guint16 OpenFunction;
3560 guint16 LastWriteTime;
3561 guint16 LastWriteDate;
3562 guint16 GrantedAccess;
3565 guint16 FileAttributes;
3568 guint16 DeviceState;
3569 guint16 DesiredAccess;
3570 guint16 CreationTime;
3571 guint16 CreationDate;
3575 const char *FileName;
3577 if (dirn == 1) { /* Request(s) dissect code */
3579 /* Build display for: Word Count (WCT) */
3581 WordCount = GBYTE(pd, offset);
3585 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3589 offset += 1; /* Skip Word Count (WCT) */
3591 /* Build display for: AndXCommand */
3593 AndXCommand = GBYTE(pd, offset);
3597 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
3598 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
3602 offset += 1; /* Skip AndXCommand */
3604 /* Build display for: AndXReserved */
3606 AndXReserved = GBYTE(pd, offset);
3610 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
3614 offset += 1; /* Skip AndXReserved */
3616 /* Build display for: AndXOffset */
3618 AndXOffset = GSHORT(pd, offset);
3622 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
3626 offset += 2; /* Skip AndXOffset */
3628 /* Build display for: Flags */
3630 Flags = GSHORT(pd, offset);
3634 ti = proto_tree_add_text(tree, offset, 2, "Flags: 0x%02x", Flags);
3635 Flags_tree = proto_item_add_subtree(ti, ETT_SMB_FLAGS);
3636 proto_tree_add_text(Flags_tree, offset, 2, "%s",
3637 decode_boolean_bitfield(Flags, 0x01, 16, "Dont Return Additional Info", "Return Additional Info"));
3638 proto_tree_add_text(Flags_tree, offset, 2, "%s",
3639 decode_boolean_bitfield(Flags, 0x02, 16, "Exclusive OpLock not Requested", "Exclusive OpLock Requested"));
3640 proto_tree_add_text(Flags_tree, offset, 2, "%s",
3641 decode_boolean_bitfield(Flags, 0x04, 16, "Batch OpLock not Requested", "Batch OpLock Requested"));
3645 offset += 2; /* Skip Flags */
3647 /* Build display for: Desired Access */
3649 DesiredAccess = GSHORT(pd, offset);
3653 ti = proto_tree_add_text(tree, offset, 2, "Desired Access: 0x%02x", DesiredAccess);
3654 DesiredAccess_tree = proto_item_add_subtree(ti, ETT_SMB_DESIREDACCESS);
3655 proto_tree_add_text(DesiredAccess_tree, offset, 2, "%s",
3656 decode_enumerated_bitfield(DesiredAccess, 0x07, 16, DesiredAccess_0x07, "%s"));
3657 proto_tree_add_text(DesiredAccess_tree, offset, 2, "%s",
3658 decode_enumerated_bitfield(DesiredAccess, 0x70, 16, DesiredAccess_0x70, "%s"));
3659 proto_tree_add_text(DesiredAccess_tree, offset, 2, "%s",
3660 decode_enumerated_bitfield(DesiredAccess, 0x700, 16, DesiredAccess_0x700, "%s"));
3661 proto_tree_add_text(DesiredAccess_tree, offset, 2, "%s",
3662 decode_enumerated_bitfield(DesiredAccess, 0x1000, 16, DesiredAccess_0x1000, "%s"));
3663 proto_tree_add_text(DesiredAccess_tree, offset, 2, "%s",
3664 decode_enumerated_bitfield(DesiredAccess, 0x4000, 16, DesiredAccess_0x4000, "%s"));
3668 offset += 2; /* Skip Desired Access */
3670 /* Build display for: Search */
3672 Search = GSHORT(pd, offset);
3676 ti = proto_tree_add_text(tree, offset, 2, "Search: 0x%02x", Search);
3677 Search_tree = proto_item_add_subtree(ti, ETT_SMB_SEARCH);
3678 proto_tree_add_text(Search_tree, offset, 2, "%s",
3679 decode_boolean_bitfield(Search, 0x01, 16, "Read only file", "Not a read only file"));
3680 proto_tree_add_text(Search_tree, offset, 2, "%s",
3681 decode_boolean_bitfield(Search, 0x02, 16, "Hidden file", "Not a hidden file"));
3682 proto_tree_add_text(Search_tree, offset, 2, "%s",
3683 decode_boolean_bitfield(Search, 0x04, 16, "System file", "Not a system file"));
3684 proto_tree_add_text(Search_tree, offset, 2, "%s",
3685 decode_boolean_bitfield(Search, 0x08, 16, " Volume", "Not a volume"));
3686 proto_tree_add_text(Search_tree, offset, 2, "%s",
3687 decode_boolean_bitfield(Search, 0x10, 16, " Directory", "Not a directory"));
3688 proto_tree_add_text(Search_tree, offset, 2, "%s",
3689 decode_boolean_bitfield(Search, 0x20, 16, "Archive file", "Do not archive file"));
3693 offset += 2; /* Skip Search */
3695 /* Build display for: File */
3697 File = GSHORT(pd, offset);
3701 ti = proto_tree_add_text(tree, offset, 2, "File: 0x%02x", File);
3702 File_tree = proto_item_add_subtree(ti, ETT_SMB_FILE);
3703 proto_tree_add_text(File_tree, offset, 2, "%s",
3704 decode_boolean_bitfield(File, 0x01, 16, "Read only file", "Not a read only file"));
3705 proto_tree_add_text(File_tree, offset, 2, "%s",
3706 decode_boolean_bitfield(File, 0x02, 16, "Hidden file", "Not a hidden file"));
3707 proto_tree_add_text(File_tree, offset, 2, "%s",
3708 decode_boolean_bitfield(File, 0x04, 16, "System file", "Not a system file"));
3709 proto_tree_add_text(File_tree, offset, 2, "%s",
3710 decode_boolean_bitfield(File, 0x08, 16, " Volume", "Not a volume"));
3711 proto_tree_add_text(File_tree, offset, 2, "%s",
3712 decode_boolean_bitfield(File, 0x10, 16, " Directory", "Not a directory"));
3713 proto_tree_add_text(File_tree, offset, 2, "%s",
3714 decode_boolean_bitfield(File, 0x20, 16, "Archive file", "Do not archive file"));
3718 offset += 2; /* Skip File */
3720 /* Build display for: Creation Time */
3722 CreationTime = GSHORT(pd, offset);
3729 offset += 2; /* Skip Creation Time */
3731 /* Build display for: Creation Date */
3733 CreationDate = GSHORT(pd, offset);
3737 proto_tree_add_text(tree, offset, 2, "Creation Date: %s", dissect_smbu_date(CreationDate, CreationTime));
3738 proto_tree_add_text(tree, offset, 2, "Creation Time: %s", dissect_smbu_time(CreationDate, CreationTime));
3742 offset += 2; /* Skip Creation Date */
3744 /* Build display for: Open Function */
3746 OpenFunction = GSHORT(pd, offset);
3750 ti = proto_tree_add_text(tree, offset, 2, "Open Function: 0x%02x", OpenFunction);
3751 OpenFunction_tree = proto_item_add_subtree(ti, ETT_SMB_OPENFUNCTION);
3752 proto_tree_add_text(OpenFunction_tree, offset, 2, "%s",
3753 decode_enumerated_bitfield(OpenFunction, 0x10, 16, OpenFunction_0x10, "%s"));
3754 proto_tree_add_text(OpenFunction_tree, offset, 2, "%s",
3755 decode_enumerated_bitfield(OpenFunction, 0x03, 16, OpenFunction_0x03, "%s"));
3759 offset += 2; /* Skip Open Function */
3761 /* Build display for: Allocated Size */
3763 AllocatedSize = GWORD(pd, offset);
3767 proto_tree_add_text(tree, offset, 4, "Allocated Size: %u", AllocatedSize);
3771 offset += 4; /* Skip Allocated Size */
3773 /* Build display for: Reserved1 */
3775 Reserved1 = GWORD(pd, offset);
3779 proto_tree_add_text(tree, offset, 4, "Reserved1: %u", Reserved1);
3783 offset += 4; /* Skip Reserved1 */
3785 /* Build display for: Reserved2 */
3787 Reserved2 = GWORD(pd, offset);
3791 proto_tree_add_text(tree, offset, 4, "Reserved2: %u", Reserved2);
3795 offset += 4; /* Skip Reserved2 */
3797 /* Build display for: Byte Count */
3799 ByteCount = GSHORT(pd, offset);
3803 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
3807 offset += 2; /* Skip Byte Count */
3809 /* Build display for: File Name */
3811 FileName = pd + offset;
3815 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
3819 offset += strlen(FileName) + 1; /* Skip File Name */
3822 if (AndXCommand != 0xFF) {
3824 (dissect[AndXCommand])(pd, offset, fd, tree, si, max_data, SMB_offset, errcode, dirn);
3830 if (dirn == 0) { /* Response(s) dissect code */
3832 /* Build display for: Word Count (WCT) */
3834 WordCount = GBYTE(pd, offset);
3838 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
3842 offset += 1; /* Skip Word Count (WCT) */
3844 if (WordCount > 0) {
3846 /* Build display for: AndXCommand */
3848 AndXCommand = GBYTE(pd, offset);
3852 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
3853 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
3857 offset += 1; /* Skip AndXCommand */
3859 /* Build display for: AndXReserved */
3861 AndXReserved = GBYTE(pd, offset);
3865 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
3869 offset += 1; /* Skip AndXReserved */
3871 /* Build display for: AndXOffset */
3873 AndXOffset = GSHORT(pd, offset);
3877 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
3881 offset += 2; /* Skip AndXOffset */
3883 /* Build display for: FID */
3885 FID = GSHORT(pd, offset);
3889 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
3893 offset += 2; /* Skip FID */
3895 /* Build display for: FileAttributes */
3897 FileAttributes = GSHORT(pd, offset);
3901 ti = proto_tree_add_text(tree, offset, 2, "FileAttributes: 0x%02x", FileAttributes);
3902 FileAttributes_tree = proto_item_add_subtree(ti, ETT_SMB_FILEATTRIBUTES);
3903 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3904 decode_boolean_bitfield(FileAttributes, 0x01, 16, "Read only file", "Not a read only file"));
3905 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3906 decode_boolean_bitfield(FileAttributes, 0x02, 16, "Hidden file", "Not a hidden file"));
3907 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3908 decode_boolean_bitfield(FileAttributes, 0x04, 16, "System file", "Not a system file"));
3909 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3910 decode_boolean_bitfield(FileAttributes, 0x08, 16, " Volume", "Not a volume"));
3911 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3912 decode_boolean_bitfield(FileAttributes, 0x10, 16, " Directory", "Not a directory"));
3913 proto_tree_add_text(FileAttributes_tree, offset, 2, "%s",
3914 decode_boolean_bitfield(FileAttributes, 0x20, 16, "Archive file", "Do not archive file"));
3918 offset += 2; /* Skip FileAttributes */
3920 /* Build display for: Last Write Time */
3922 LastWriteTime = GSHORT(pd, offset);
3928 offset += 2; /* Skip Last Write Time */
3930 /* Build display for: Last Write Date */
3932 LastWriteDate = GSHORT(pd, offset);
3936 proto_tree_add_text(tree, offset, 2, "Last Write Date: %s", dissect_smbu_date(LastWriteDate, LastWriteTime));
3937 proto_tree_add_text(tree, offset, 2, "Last Write Time: %s", dissect_smbu_time(LastWriteDate, LastWriteTime));
3942 offset += 2; /* Skip Last Write Date */
3944 /* Build display for: Data Size */
3946 DataSize = GWORD(pd, offset);
3950 proto_tree_add_text(tree, offset, 4, "Data Size: %u", DataSize);
3954 offset += 4; /* Skip Data Size */
3956 /* Build display for: Granted Access */
3958 GrantedAccess = GSHORT(pd, offset);
3962 proto_tree_add_text(tree, offset, 2, "Granted Access: %u", GrantedAccess);
3966 offset += 2; /* Skip Granted Access */
3968 /* Build display for: File Type */
3970 FileType = GSHORT(pd, offset);
3974 ti = proto_tree_add_text(tree, offset, 2, "File Type: 0x%02x", FileType);
3975 FileType_tree = proto_item_add_subtree(ti, ETT_SMB_FILETYPE);
3976 proto_tree_add_text(FileType_tree, offset, 2, "%s",
3977 decode_enumerated_bitfield(FileType, 0xFFFF, 16, FileType_0xFFFF, "%s"));
3981 offset += 2; /* Skip File Type */
3983 /* Build display for: Device State */
3985 DeviceState = GSHORT(pd, offset);
3989 proto_tree_add_text(tree, offset, 2, "Device State: %u", DeviceState);
3993 offset += 2; /* Skip Device State */
3995 /* Build display for: Action */
3997 Action = GSHORT(pd, offset);
4001 ti = proto_tree_add_text(tree, offset, 2, "Action: 0x%02x", Action);
4002 Action_tree = proto_item_add_subtree(ti, ETT_SMB_ACTION);
4003 proto_tree_add_text(Action_tree, offset, 2, "%s",
4004 decode_enumerated_bitfield(Action, 0x8000, 16, Action_0x8000, "%s"));
4005 proto_tree_add_text(Action_tree, offset, 2, "%s",
4006 decode_enumerated_bitfield(Action, 0x0003, 16, Action_0x0003, "%s"));
4010 offset += 2; /* Skip Action */
4012 /* Build display for: Server FID */
4014 ServerFID = GWORD(pd, offset);
4018 proto_tree_add_text(tree, offset, 4, "Server FID: %u", ServerFID);
4022 offset += 4; /* Skip Server FID */
4024 /* Build display for: Reserved */
4026 Reserved = GSHORT(pd, offset);
4030 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
4034 offset += 2; /* Skip Reserved */
4038 /* Build display for: Byte Count */
4040 ByteCount = GSHORT(pd, offset);
4044 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
4048 offset += 2; /* Skip Byte Count */
4051 if (AndXCommand != 0xFF) {
4053 (dissect[AndXCommand])(pd, offset, fd, tree, si, max_data, SMB_offset, errcode, dirn);
4062 dissect_write_raw_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4065 proto_tree *WriteMode_tree;
4081 if (dirn == 1) { /* Request(s) dissect code */
4083 WordCount = GBYTE(pd, offset);
4085 switch (WordCount) {
4089 /* Build display for: Word Count (WCT) */
4091 WordCount = GBYTE(pd, offset);
4095 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4099 offset += 1; /* Skip Word Count (WCT) */
4101 /* Build display for: FID */
4103 FID = GSHORT(pd, offset);
4107 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
4111 offset += 2; /* Skip FID */
4113 /* Build display for: Count */
4115 Count = GSHORT(pd, offset);
4119 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
4123 offset += 2; /* Skip Count */
4125 /* Build display for: Reserved 1 */
4127 Reserved1 = GSHORT(pd, offset);
4131 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
4135 offset += 2; /* Skip Reserved 1 */
4137 /* Build display for: Offset */
4139 Offset = GWORD(pd, offset);
4143 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
4147 offset += 4; /* Skip Offset */
4149 /* Build display for: Timeout */
4151 Timeout = GWORD(pd, offset);
4155 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
4159 offset += 4; /* Skip Timeout */
4161 /* Build display for: WriteMode */
4163 WriteMode = GSHORT(pd, offset);
4167 ti = proto_tree_add_text(tree, offset, 2, "WriteMode: 0x%02x", WriteMode);
4168 WriteMode_tree = proto_item_add_subtree(ti, ETT_SMB_WRITEMODE);
4169 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
4170 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
4171 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
4172 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining (pipe/dev)", "Dont return Remaining (pipe/dev)"));
4176 offset += 2; /* Skip WriteMode */
4178 /* Build display for: Reserved 2 */
4180 Reserved2 = GWORD(pd, offset);
4184 proto_tree_add_text(tree, offset, 4, "Reserved 2: %u", Reserved2);
4188 offset += 4; /* Skip Reserved 2 */
4190 /* Build display for: Data Length */
4192 DataLength = GSHORT(pd, offset);
4196 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
4200 offset += 2; /* Skip Data Length */
4202 /* Build display for: Data Offset */
4204 DataOffset = GSHORT(pd, offset);
4208 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
4212 offset += 2; /* Skip Data Offset */
4214 /* Build display for: Byte Count (BCC) */
4216 ByteCount = GSHORT(pd, offset);
4220 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4224 offset += 2; /* Skip Byte Count (BCC) */
4226 /* Build display for: Pad */
4228 Pad = GBYTE(pd, offset);
4232 proto_tree_add_text(tree, offset, 1, "Pad: %u", Pad);
4236 offset += 1; /* Skip Pad */
4242 /* Build display for: Word Count (WCT) */
4244 WordCount = GBYTE(pd, offset);
4248 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4252 offset += 1; /* Skip Word Count (WCT) */
4254 /* Build display for: FID */
4256 FID = GSHORT(pd, offset);
4260 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
4264 offset += 2; /* Skip FID */
4266 /* Build display for: Count */
4268 Count = GSHORT(pd, offset);
4272 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
4276 offset += 2; /* Skip Count */
4278 /* Build display for: Reserved 1 */
4280 Reserved1 = GSHORT(pd, offset);
4284 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
4288 offset += 2; /* Skip Reserved 1 */
4290 /* Build display for: Timeout */
4292 Timeout = GWORD(pd, offset);
4296 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
4300 offset += 4; /* Skip Timeout */
4302 /* Build display for: WriteMode */
4304 WriteMode = GSHORT(pd, offset);
4308 ti = proto_tree_add_text(tree, offset, 2, "WriteMode: 0x%02x", WriteMode);
4309 WriteMode_tree = proto_item_add_subtree(ti, ETT_SMB_WRITEMODE);
4310 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
4311 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
4312 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
4313 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining (pipe/dev)", "Dont return Remaining (pipe/dev)"));
4317 offset += 2; /* Skip WriteMode */
4319 /* Build display for: Reserved 2 */
4321 Reserved2 = GWORD(pd, offset);
4325 proto_tree_add_text(tree, offset, 4, "Reserved 2: %u", Reserved2);
4329 offset += 4; /* Skip Reserved 2 */
4331 /* Build display for: Data Length */
4333 DataLength = GSHORT(pd, offset);
4337 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
4341 offset += 2; /* Skip Data Length */
4343 /* Build display for: Data Offset */
4345 DataOffset = GSHORT(pd, offset);
4349 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
4353 offset += 2; /* Skip Data Offset */
4355 /* Build display for: Byte Count (BCC) */
4357 ByteCount = GSHORT(pd, offset);
4361 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4365 offset += 2; /* Skip Byte Count (BCC) */
4367 /* Build display for: Pad */
4369 Pad = GBYTE(pd, offset);
4373 proto_tree_add_text(tree, offset, 1, "Pad: %u", Pad);
4377 offset += 1; /* Skip Pad */
4385 if (dirn == 0) { /* Response(s) dissect code */
4387 /* Build display for: Word Count (WCT) */
4389 WordCount = GBYTE(pd, offset);
4393 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4397 offset += 1; /* Skip Word Count (WCT) */
4399 if (WordCount > 0) {
4401 /* Build display for: Remaining */
4403 Remaining = GSHORT(pd, offset);
4407 proto_tree_add_text(tree, offset, 2, "Remaining: %u", Remaining);
4411 offset += 2; /* Skip Remaining */
4415 /* Build display for: Byte Count */
4417 ByteCount = GSHORT(pd, offset);
4421 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
4425 offset += 2; /* Skip Byte Count */
4432 dissect_tdis_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4438 if (dirn == 1) { /* Request(s) dissect code */
4440 /* Build display for: Word Count (WCT) */
4442 WordCount = GBYTE(pd, offset);
4446 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4450 offset += 1; /* Skip Word Count (WCT) */
4452 /* Build display for: Byte Count (BCC) */
4454 ByteCount = GSHORT(pd, offset);
4458 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4462 offset += 2; /* Skip Byte Count (BCC) */
4466 if (dirn == 0) { /* Response(s) dissect code */
4468 /* Build display for: Word Count (WCT) */
4470 WordCount = GBYTE(pd, offset);
4474 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4478 offset += 1; /* Skip Word Count (WCT) */
4480 /* Build display for: Byte Count (BCC) */
4482 ByteCount = GSHORT(pd, offset);
4486 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4490 offset += 2; /* Skip Byte Count (BCC) */
4497 dissect_move_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4500 static const value_string Flags_0x03[] = {
4501 { 0, "Target must be a file"},
4502 { 1, "Target must be a directory"},
4505 { 4, "Verify all writes"},
4508 proto_tree *Flags_tree;
4511 guint8 ErrorFileFormat;
4513 guint16 OpenFunction;
4517 const char *ErrorFileName;
4519 if (dirn == 1) { /* Request(s) dissect code */
4521 /* Build display for: Word Count (WCT) */
4523 WordCount = GBYTE(pd, offset);
4527 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4531 offset += 1; /* Skip Word Count (WCT) */
4533 /* Build display for: TID2 */
4535 TID2 = GSHORT(pd, offset);
4539 proto_tree_add_text(tree, offset, 2, "TID2: %u", TID2);
4543 offset += 2; /* Skip TID2 */
4545 /* Build display for: Open Function */
4547 OpenFunction = GSHORT(pd, offset);
4551 proto_tree_add_text(tree, offset, 2, "Open Function: %u", OpenFunction);
4555 offset += 2; /* Skip Open Function */
4557 /* Build display for: Flags */
4559 Flags = GSHORT(pd, offset);
4563 ti = proto_tree_add_text(tree, offset, 2, "Flags: 0x%02x", Flags);
4564 Flags_tree = proto_item_add_subtree(ti, ETT_SMB_FLAGS);
4565 proto_tree_add_text(Flags_tree, offset, 2, "%s",
4566 decode_enumerated_bitfield(Flags, 0x03, 16, Flags_0x03, "%s"));
4570 offset += 2; /* Skip Flags */
4574 if (dirn == 0) { /* Response(s) dissect code */
4576 /* Build display for: Word Count (WCT) */
4578 WordCount = GBYTE(pd, offset);
4582 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4586 offset += 1; /* Skip Word Count (WCT) */
4588 if (WordCount > 0) {
4590 /* Build display for: Count */
4592 Count = GSHORT(pd, offset);
4596 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
4600 offset += 2; /* Skip Count */
4604 /* Build display for: Byte Count */
4606 ByteCount = GSHORT(pd, offset);
4610 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
4614 offset += 2; /* Skip Byte Count */
4616 /* Build display for: Error File Format */
4618 ErrorFileFormat = GBYTE(pd, offset);
4622 proto_tree_add_text(tree, offset, 1, "Error File Format: %u", ErrorFileFormat);
4626 offset += 1; /* Skip Error File Format */
4628 /* Build display for: Error File Name */
4630 ErrorFileName = pd + offset;
4634 proto_tree_add_text(tree, offset, strlen(ErrorFileName) + 1, "Error File Name: %s", ErrorFileName);
4638 offset += strlen(ErrorFileName) + 1; /* Skip Error File Name */
4645 dissect_rename_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4649 guint8 BufferFormat2;
4650 guint8 BufferFormat1;
4651 guint16 SearchAttributes;
4653 const char *OldFileName;
4654 const char *NewFileName;
4656 if (dirn == 1) { /* Request(s) dissect code */
4658 /* Build display for: Word Count (WCT) */
4660 WordCount = GBYTE(pd, offset);
4664 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4668 offset += 1; /* Skip Word Count (WCT) */
4670 /* Build display for: Search Attributes */
4672 SearchAttributes = GSHORT(pd, offset);
4676 proto_tree_add_text(tree, offset, 2, "Search Attributes: %u", SearchAttributes);
4680 offset += 2; /* Skip Search Attributes */
4682 /* Build display for: Byte Count */
4684 ByteCount = GSHORT(pd, offset);
4688 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
4692 offset += 2; /* Skip Byte Count */
4694 /* Build display for: Buffer Format 1 */
4696 BufferFormat1 = GBYTE(pd, offset);
4700 proto_tree_add_text(tree, offset, 1, "Buffer Format 1: %u", BufferFormat1);
4704 offset += 1; /* Skip Buffer Format 1 */
4706 /* Build display for: Old File Name */
4708 OldFileName = pd + offset;
4712 proto_tree_add_text(tree, offset, strlen(OldFileName) + 1, "Old File Name: %s", OldFileName);
4716 offset += strlen(OldFileName) + 1; /* Skip Old File Name */
4718 /* Build display for: Buffer Format 2 */
4720 BufferFormat2 = GBYTE(pd, offset);
4724 proto_tree_add_text(tree, offset, 1, "Buffer Format 2: %u", BufferFormat2);
4728 offset += 1; /* Skip Buffer Format 2 */
4730 /* Build display for: New File Name */
4732 NewFileName = pd + offset;
4736 proto_tree_add_text(tree, offset, strlen(NewFileName) + 1, "New File Name: %s", NewFileName);
4740 offset += strlen(NewFileName) + 1; /* Skip New File Name */
4744 if (dirn == 0) { /* Response(s) dissect code */
4746 /* Build display for: Word Count (WCT) */
4748 WordCount = GBYTE(pd, offset);
4752 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4756 offset += 1; /* Skip Word Count (WCT) */
4758 /* Build display for: Byte Count (BCC) */
4760 ByteCount = GSHORT(pd, offset);
4764 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4768 offset += 2; /* Skip Byte Count (BCC) */
4775 dissect_open_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4778 static const value_string Mode_0x03[] = {
4779 { 0, "Text mode (DOS expands TABs)"},
4780 { 1, "Graphics mode"},
4783 proto_tree *Mode_tree;
4786 guint8 BufferFormat;
4787 guint16 SetupLength;
4791 const char *IdentifierString;
4793 if (dirn == 1) { /* Request(s) dissect code */
4795 /* Build display for: Word Count (WCT) */
4797 WordCount = GBYTE(pd, offset);
4801 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4805 offset += 1; /* Skip Word Count (WCT) */
4807 /* Build display for: Setup Length */
4809 SetupLength = GSHORT(pd, offset);
4813 proto_tree_add_text(tree, offset, 2, "Setup Length: %u", SetupLength);
4817 offset += 2; /* Skip Setup Length */
4819 /* Build display for: Mode */
4821 Mode = GSHORT(pd, offset);
4825 ti = proto_tree_add_text(tree, offset, 2, "Mode: 0x%02x", Mode);
4826 Mode_tree = proto_item_add_subtree(ti, ETT_SMB_MODE);
4827 proto_tree_add_text(Mode_tree, offset, 2, "%s",
4828 decode_enumerated_bitfield(Mode, 0x03, 16, Mode_0x03, "%s"));
4832 offset += 2; /* Skip Mode */
4834 /* Build display for: Byte Count (BCC) */
4836 ByteCount = GSHORT(pd, offset);
4840 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4844 offset += 2; /* Skip Byte Count (BCC) */
4846 /* Build display for: Buffer Format */
4848 BufferFormat = GBYTE(pd, offset);
4852 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
4856 offset += 1; /* Skip Buffer Format */
4858 /* Build display for: Identifier String */
4860 IdentifierString = pd + offset;
4864 proto_tree_add_text(tree, offset, strlen(IdentifierString) + 1, "Identifier String: %s", IdentifierString);
4868 offset += strlen(IdentifierString) + 1; /* Skip Identifier String */
4872 if (dirn == 0) { /* Response(s) dissect code */
4874 /* Build display for: Word Count (WCT) */
4876 WordCount = GBYTE(pd, offset);
4880 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4884 offset += 1; /* Skip Word Count (WCT) */
4886 /* Build display for: FID */
4888 FID = GSHORT(pd, offset);
4892 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
4896 offset += 2; /* Skip FID */
4898 /* Build display for: Byte Count (BCC) */
4900 ByteCount = GSHORT(pd, offset);
4904 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4908 offset += 2; /* Skip Byte Count (BCC) */
4915 dissect_close_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
4922 if (dirn == 1) { /* Request(s) dissect code */
4924 /* Build display for: Word Count (WCT) */
4926 WordCount = GBYTE(pd, offset);
4930 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
4934 offset += 1; /* Skip Word Count (WCT) */
4936 /* Build display for: FID */
4938 FID = GSHORT(pd, offset);
4942 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
4946 offset += 2; /* Skip FID */
4948 /* Build display for: Byte Count (BCC) */
4950 ByteCount = GSHORT(pd, offset);
4954 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4958 offset += 2; /* Skip Byte Count (BCC) */
4962 if (dirn == 0) { /* Response(s) dissect code */
4964 /* Build display for: Word Count */
4966 WordCount = GBYTE(pd, offset);
4970 proto_tree_add_text(tree, offset, 1, "Word Count: %u", WordCount);
4974 offset += 1; /* Skip Word Count */
4976 /* Build display for: Byte Count (BCC) */
4978 ByteCount = GSHORT(pd, offset);
4982 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
4986 offset += 2; /* Skip Byte Count (BCC) */
4993 dissect_read_raw_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5006 if (dirn == 1) { /* Request(s) dissect code */
5008 WordCount = GBYTE(pd, offset);
5010 switch (WordCount) {
5014 /* Build display for: Word Count (WCT) */
5016 WordCount = GBYTE(pd, offset);
5020 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5024 offset += 1; /* Skip Word Count (WCT) */
5026 /* Build display for: FID */
5028 FID = GSHORT(pd, offset);
5032 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5036 offset += 2; /* Skip FID */
5038 /* Build display for: Offset */
5040 Offset = GWORD(pd, offset);
5044 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5048 offset += 4; /* Skip Offset */
5050 /* Build display for: Max Count */
5052 MaxCount = GSHORT(pd, offset);
5056 proto_tree_add_text(tree, offset, 2, "Max Count: %u", MaxCount);
5060 offset += 2; /* Skip Max Count */
5062 /* Build display for: Min Count */
5064 MinCount = GSHORT(pd, offset);
5068 proto_tree_add_text(tree, offset, 2, "Min Count: %u", MinCount);
5072 offset += 2; /* Skip Min Count */
5074 /* Build display for: Timeout */
5076 Timeout = GWORD(pd, offset);
5080 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
5084 offset += 4; /* Skip Timeout */
5086 /* Build display for: Reserved */
5088 Reserved = GSHORT(pd, offset);
5092 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
5096 offset += 2; /* Skip Reserved */
5098 /* Build display for: Byte Count (BCC) */
5100 ByteCount = GSHORT(pd, offset);
5104 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5108 offset += 2; /* Skip Byte Count (BCC) */
5114 /* Build display for: Word Count (WCT) */
5116 WordCount = GBYTE(pd, offset);
5120 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5124 offset += 1; /* Skip Word Count (WCT) */
5126 /* Build display for: FID */
5128 FID = GSHORT(pd, offset);
5132 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5136 offset += 2; /* Skip FID */
5138 /* Build display for: Offset */
5140 Offset = GWORD(pd, offset);
5144 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5148 offset += 4; /* Skip Offset */
5150 /* Build display for: Max Count */
5152 MaxCount = GSHORT(pd, offset);
5156 proto_tree_add_text(tree, offset, 2, "Max Count: %u", MaxCount);
5160 offset += 2; /* Skip Max Count */
5162 /* Build display for: Min Count */
5164 MinCount = GSHORT(pd, offset);
5168 proto_tree_add_text(tree, offset, 2, "Min Count: %u", MinCount);
5172 offset += 2; /* Skip Min Count */
5174 /* Build display for: Timeout */
5176 Timeout = GWORD(pd, offset);
5180 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
5184 offset += 4; /* Skip Timeout */
5186 /* Build display for: Reserved */
5188 Reserved = GSHORT(pd, offset);
5192 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
5196 offset += 2; /* Skip Reserved */
5198 /* Build display for: Offset High */
5200 OffsetHigh = GWORD(pd, offset);
5204 proto_tree_add_text(tree, offset, 4, "Offset High: %u", OffsetHigh);
5208 offset += 4; /* Skip Offset High */
5210 /* Build display for: Byte Count (BCC) */
5212 ByteCount = GSHORT(pd, offset);
5216 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5220 offset += 2; /* Skip Byte Count (BCC) */
5228 if (dirn == 0) { /* Response(s) dissect code */
5235 dissect_logoff_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5239 guint8 AndXReserved;
5240 guint8 AndXCommand = 0xFF;
5244 if (dirn == 1) { /* Request(s) dissect code */
5246 /* Build display for: Word Count (WCT) */
5248 WordCount = GBYTE(pd, offset);
5252 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5256 offset += 1; /* Skip Word Count (WCT) */
5258 /* Build display for: AndXCommand */
5260 AndXCommand = GBYTE(pd, offset);
5264 proto_tree_add_text(tree, offset, 1, "AndXCommand: %u", AndXCommand);
5268 offset += 1; /* Skip AndXCommand */
5270 /* Build display for: AndXReserved */
5272 AndXReserved = GBYTE(pd, offset);
5276 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
5280 offset += 1; /* Skip AndXReserved */
5282 /* Build display for: AndXOffset */
5284 AndXOffset = GSHORT(pd, offset);
5288 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
5292 offset += 2; /* Skip AndXOffset */
5294 /* Build display for: Byte Count (BCC) */
5296 ByteCount = GSHORT(pd, offset);
5300 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5304 offset += 2; /* Skip Byte Count (BCC) */
5307 if (AndXCommand != 0xFF) {
5309 (dissect[AndXCommand])(pd, offset, fd, tree, si, max_data, SMB_offset, errcode, dirn);
5315 if (dirn == 0) { /* Response(s) dissect code */
5317 /* Build display for: Word Count (WCT) */
5319 WordCount = GBYTE(pd, offset);
5323 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5327 offset += 1; /* Skip Word Count (WCT) */
5329 /* Build display for: AndXCommand */
5331 AndXCommand = GBYTE(pd, offset);
5335 proto_tree_add_text(tree, offset, 1, "AndXCommand: %u", AndXCommand);
5339 offset += 1; /* Skip AndXCommand */
5341 /* Build display for: AndXReserved */
5343 AndXReserved = GBYTE(pd, offset);
5347 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
5351 offset += 1; /* Skip AndXReserved */
5353 /* Build display for: AndXOffset */
5355 AndXOffset = GSHORT(pd, offset);
5359 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
5363 offset += 2; /* Skip AndXOffset */
5365 /* Build display for: Byte Count (BCC) */
5367 ByteCount = GSHORT(pd, offset);
5371 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5375 offset += 2; /* Skip Byte Count (BCC) */
5378 if (AndXCommand != 0xFF) {
5380 (dissect[AndXCommand])(pd, offset, fd, tree, si, max_data, SMB_offset, errcode, dirn);
5389 dissect_seek_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5392 static const value_string Mode_0x03[] = {
5393 { 0, "Seek from start of file"},
5394 { 1, "Seek from current position"},
5395 { 2, "Seek from end of file"},
5398 proto_tree *Mode_tree;
5406 if (dirn == 1) { /* Request(s) dissect code */
5408 /* Build display for: Word Count (WCT) */
5410 WordCount = GBYTE(pd, offset);
5414 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5418 offset += 1; /* Skip Word Count (WCT) */
5420 /* Build display for: FID */
5422 FID = GSHORT(pd, offset);
5426 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5430 offset += 2; /* Skip FID */
5432 /* Build display for: Mode */
5434 Mode = GSHORT(pd, offset);
5438 ti = proto_tree_add_text(tree, offset, 2, "Mode: 0x%02x", Mode);
5439 Mode_tree = proto_item_add_subtree(ti, ETT_SMB_MODE);
5440 proto_tree_add_text(Mode_tree, offset, 2, "%s",
5441 decode_enumerated_bitfield(Mode, 0x03, 16, Mode_0x03, "%s"));
5445 offset += 2; /* Skip Mode */
5447 /* Build display for: Offset */
5449 Offset = GWORD(pd, offset);
5453 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5457 offset += 4; /* Skip Offset */
5459 /* Build display for: Byte Count (BCC) */
5461 ByteCount = GSHORT(pd, offset);
5465 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5469 offset += 2; /* Skip Byte Count (BCC) */
5473 if (dirn == 0) { /* Response(s) dissect code */
5475 /* Build display for: Word Count (WCT) */
5477 WordCount = GBYTE(pd, offset);
5481 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5485 offset += 1; /* Skip Word Count (WCT) */
5487 /* Build display for: Offset */
5489 Offset = GWORD(pd, offset);
5493 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5497 offset += 4; /* Skip Offset */
5499 /* Build display for: Byte Count (BCC) */
5501 ByteCount = GSHORT(pd, offset);
5505 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5509 offset += 2; /* Skip Byte Count (BCC) */
5516 dissect_write_and_unlock_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5520 guint8 BufferFormat;
5528 if (dirn == 1) { /* Request(s) dissect code */
5530 /* Build display for: Word Count (WCT) */
5532 WordCount = GBYTE(pd, offset);
5536 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5540 offset += 1; /* Skip Word Count (WCT) */
5542 /* Build display for: FID */
5544 FID = GSHORT(pd, offset);
5548 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5552 offset += 2; /* Skip FID */
5554 /* Build display for: Count */
5556 Count = GSHORT(pd, offset);
5560 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
5564 offset += 2; /* Skip Count */
5566 /* Build display for: Offset */
5568 Offset = GWORD(pd, offset);
5572 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5576 offset += 4; /* Skip Offset */
5578 /* Build display for: Remaining */
5580 Remaining = GSHORT(pd, offset);
5584 proto_tree_add_text(tree, offset, 2, "Remaining: %u", Remaining);
5588 offset += 2; /* Skip Remaining */
5590 /* Build display for: Byte Count (BCC) */
5592 ByteCount = GSHORT(pd, offset);
5596 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5600 offset += 2; /* Skip Byte Count (BCC) */
5602 /* Build display for: Buffer Format */
5604 BufferFormat = GBYTE(pd, offset);
5608 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
5612 offset += 1; /* Skip Buffer Format */
5614 /* Build display for: Data Length */
5616 DataLength = GSHORT(pd, offset);
5620 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
5624 offset += 2; /* Skip Data Length */
5628 if (dirn == 0) { /* Response(s) dissect code */
5630 /* Build display for: Word Count (WCT) */
5632 WordCount = GBYTE(pd, offset);
5636 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5640 offset += 1; /* Skip Word Count (WCT) */
5642 /* Build display for: Count */
5644 Count = GSHORT(pd, offset);
5648 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
5652 offset += 2; /* Skip Count */
5654 /* Build display for: Byte Count (BCC) */
5656 ByteCount = GSHORT(pd, offset);
5660 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5664 offset += 2; /* Skip Byte Count (BCC) */
5671 dissect_set_info2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5675 guint16 LastWriteTime;
5676 guint16 LastWriteDate;
5677 guint16 LastAccessTime;
5678 guint16 LastAccessDate;
5680 guint16 CreationTime;
5681 guint16 CreationDate;
5684 if (dirn == 1) { /* Request(s) dissect code */
5686 /* Build display for: Word Count */
5688 WordCount = GBYTE(pd, offset);
5692 proto_tree_add_text(tree, offset, 1, "Word Count: %u", WordCount);
5696 offset += 1; /* Skip Word Count */
5698 /* Build display for: FID */
5700 FID = GSHORT(pd, offset);
5704 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5708 offset += 2; /* Skip FID */
5710 /* Build display for: Creation Date */
5712 CreationDate = GSHORT(pd, offset);
5716 proto_tree_add_text(tree, offset, 2, "Creation Date: %u", dissect_dos_date(CreationDate));
5720 offset += 2; /* Skip Creation Date */
5722 /* Build display for: Creation Time */
5724 CreationTime = GSHORT(pd, offset);
5728 proto_tree_add_text(tree, offset, 2, "Creation Time: %u", dissect_dos_time(CreationTime));
5732 offset += 2; /* Skip Creation Time */
5734 /* Build display for: Last Access Date */
5736 LastAccessDate = GSHORT(pd, offset);
5740 proto_tree_add_text(tree, offset, 2, "Last Access Date: %u", dissect_dos_date(LastAccessDate));
5744 offset += 2; /* Skip Last Access Date */
5746 /* Build display for: Last Access Time */
5748 LastAccessTime = GSHORT(pd, offset);
5752 proto_tree_add_text(tree, offset, 2, "Last Access Time: %u", dissect_dos_time(LastAccessTime));
5756 offset += 2; /* Skip Last Access Time */
5758 /* Build display for: Last Write Date */
5760 LastWriteDate = GSHORT(pd, offset);
5764 proto_tree_add_text(tree, offset, 2, "Last Write Date: %u", dissect_dos_date(LastWriteDate));
5768 offset += 2; /* Skip Last Write Date */
5770 /* Build display for: Last Write Time */
5772 LastWriteTime = GSHORT(pd, offset);
5776 proto_tree_add_text(tree, offset, 2, "Last Write Time: %u", dissect_dos_time(LastWriteTime));
5780 offset += 2; /* Skip Last Write Time */
5782 /* Build display for: Byte Count (BCC) */
5784 ByteCount = GSHORT(pd, offset);
5788 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5792 offset += 2; /* Skip Byte Count (BCC) */
5796 if (dirn == 0) { /* Response(s) dissect code */
5798 /* Build display for: Word Count (WCC) */
5800 WordCount = GBYTE(pd, offset);
5804 proto_tree_add_text(tree, offset, 1, "Word Count (WCC): %u", WordCount);
5808 offset += 1; /* Skip Word Count (WCC) */
5810 /* Build display for: Byte Count (BCC) */
5812 ByteCount = GSHORT(pd, offset);
5816 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5820 offset += 2; /* Skip Byte Count (BCC) */
5827 dissect_lock_bytes_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5836 if (dirn == 1) { /* Request(s) dissect code */
5838 /* Build display for: Word Count (WCT) */
5840 WordCount = GBYTE(pd, offset);
5844 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5848 offset += 1; /* Skip Word Count (WCT) */
5850 /* Build display for: FID */
5852 FID = GSHORT(pd, offset);
5856 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
5860 offset += 2; /* Skip FID */
5862 /* Build display for: Count */
5864 Count = GWORD(pd, offset);
5868 proto_tree_add_text(tree, offset, 4, "Count: %u", Count);
5872 offset += 4; /* Skip Count */
5874 /* Build display for: Offset */
5876 Offset = GWORD(pd, offset);
5880 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
5884 offset += 4; /* Skip Offset */
5886 /* Build display for: Byte Count (BCC) */
5888 ByteCount = GSHORT(pd, offset);
5892 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5896 offset += 2; /* Skip Byte Count (BCC) */
5900 if (dirn == 0) { /* Response(s) dissect code */
5902 /* Build display for: Word Count (WCT) */
5904 WordCount = GBYTE(pd, offset);
5908 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
5912 offset += 1; /* Skip Word Count (WCT) */
5914 /* Build display for: Byte Count (BCC) */
5916 ByteCount = GSHORT(pd, offset);
5920 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5924 offset += 2; /* Skip Byte Count (BCC) */
5931 dissect_get_print_queue_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
5935 guint8 BufferFormat;
5937 guint16 RestartIndex;
5943 if (dirn == 1) { /* Request(s) dissect code */
5945 /* Build display for: Word Count */
5947 WordCount = GBYTE(pd, offset);
5951 proto_tree_add_text(tree, offset, 1, "Word Count: %u", WordCount);
5955 offset += 1; /* Skip Word Count */
5957 /* Build display for: Max Count */
5959 MaxCount = GSHORT(pd, offset);
5963 proto_tree_add_text(tree, offset, 2, "Max Count: %u", MaxCount);
5967 offset += 2; /* Skip Max Count */
5969 /* Build display for: Start Index */
5971 StartIndex = GSHORT(pd, offset);
5975 proto_tree_add_text(tree, offset, 2, "Start Index: %u", StartIndex);
5979 offset += 2; /* Skip Start Index */
5981 /* Build display for: Byte Count (BCC) */
5983 ByteCount = GSHORT(pd, offset);
5987 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
5991 offset += 2; /* Skip Byte Count (BCC) */
5995 if (dirn == 0) { /* Response(s) dissect code */
5997 /* Build display for: Word Count (WCT) */
5999 WordCount = GBYTE(pd, offset);
6003 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6007 offset += 1; /* Skip Word Count (WCT) */
6009 if (WordCount > 0) {
6011 /* Build display for: Count */
6013 Count = GSHORT(pd, offset);
6017 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
6021 offset += 2; /* Skip Count */
6023 /* Build display for: Restart Index */
6025 RestartIndex = GSHORT(pd, offset);
6029 proto_tree_add_text(tree, offset, 2, "Restart Index: %u", RestartIndex);
6033 offset += 2; /* Skip Restart Index */
6035 /* Build display for: Byte Count (BCC) */
6039 ByteCount = GSHORT(pd, offset);
6043 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6047 offset += 2; /* Skip Byte Count (BCC) */
6049 /* Build display for: Buffer Format */
6051 BufferFormat = GBYTE(pd, offset);
6055 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
6059 offset += 1; /* Skip Buffer Format */
6061 /* Build display for: Data Length */
6063 DataLength = GSHORT(pd, offset);
6067 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
6071 offset += 2; /* Skip Data Length */
6078 dissect_locking_andx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6081 proto_tree *LockType_tree;
6086 guint8 AndXReserved;
6087 guint8 AndXCommand = 0xFF;
6089 guint16 NumberofLocks;
6090 guint16 NumberOfUnlocks;
6096 if (dirn == 1) { /* Request(s) dissect code */
6098 /* Build display for: Word Count (WCT) */
6100 WordCount = GBYTE(pd, offset);
6104 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6108 offset += 1; /* Skip Word Count (WCT) */
6110 /* Build display for: AndXCommand */
6112 AndXCommand = GBYTE(pd, offset);
6116 proto_tree_add_text(tree, offset, 1, "AndXCommand: %u", AndXCommand);
6120 offset += 1; /* Skip AndXCommand */
6122 /* Build display for: AndXReserved */
6124 AndXReserved = GBYTE(pd, offset);
6128 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
6132 offset += 1; /* Skip AndXReserved */
6134 /* Build display for: AndXOffset */
6136 AndXOffset = GSHORT(pd, offset);
6140 proto_tree_add_text(tree, offset, 2, "AndXOffset: %u", AndXOffset);
6144 offset += 2; /* Skip AndXOffset */
6146 /* Build display for: FID */
6148 FID = GSHORT(pd, offset);
6152 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
6156 offset += 2; /* Skip FID */
6158 /* Build display for: Lock Type */
6160 LockType = GBYTE(pd, offset);
6164 ti = proto_tree_add_text(tree, offset, 1, "Lock Type: 0x%01x", LockType);
6165 LockType_tree = proto_item_add_subtree(ti, ETT_SMB_LOCK_TYPE);
6166 proto_tree_add_text(LockType_tree, offset, 1, "%s",
6167 decode_boolean_bitfield(LockType, 0x01, 16, "Read-only lock", "Not a Read-only lock"));
6168 proto_tree_add_text(LockType_tree, offset, 1, "%s",
6169 decode_boolean_bitfield(LockType, 0x02, 16, "Oplock break notification", "Not an Oplock break notification"));
6170 proto_tree_add_text(LockType_tree, offset, 1, "%s",
6171 decode_boolean_bitfield(LockType, 0x04, 16, "Change lock type", "Not a lock type change"));
6172 proto_tree_add_text(LockType_tree, offset, 1, "%s",
6173 decode_boolean_bitfield(LockType, 0x08, 16, "Cancel outstanding request", "Dont cancel outstanding request"));
6174 proto_tree_add_text(LockType_tree, offset, 1, "%s",
6175 decode_boolean_bitfield(LockType, 0x10, 16, "Large file locking format", "Not a large file locking format"));
6179 offset += 1; /* Skip Lock Type */
6181 /* Build display for: OplockLevel */
6183 OplockLevel = GBYTE(pd, offset);
6187 proto_tree_add_text(tree, offset, 1, "OplockLevel: %u", OplockLevel);
6191 offset += 1; /* Skip OplockLevel */
6193 /* Build display for: Timeout */
6195 Timeout = GWORD(pd, offset);
6199 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
6203 offset += 4; /* Skip Timeout */
6205 /* Build display for: Number Of Unlocks */
6207 NumberOfUnlocks = GSHORT(pd, offset);
6211 proto_tree_add_text(tree, offset, 2, "Number Of Unlocks: %u", NumberOfUnlocks);
6215 offset += 2; /* Skip Number Of Unlocks */
6217 /* Build display for: Number of Locks */
6219 NumberofLocks = GSHORT(pd, offset);
6223 proto_tree_add_text(tree, offset, 2, "Number of Locks: %u", NumberofLocks);
6227 offset += 2; /* Skip Number of Locks */
6229 /* Build display for: Byte Count (BCC) */
6231 ByteCount = GSHORT(pd, offset);
6235 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6239 offset += 2; /* Skip Byte Count (BCC) */
6242 if (AndXCommand != 0xFF) {
6244 (dissect[AndXCommand])(pd, offset, fd, tree, si, max_data, SMB_offset, errcode, dirn);
6250 if (dirn == 0) { /* Response(s) dissect code */
6252 /* Build display for: Word Count (WCT) */
6254 WordCount = GBYTE(pd, offset);
6258 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6262 offset += 1; /* Skip Word Count (WCT) */
6264 if (WordCount > 0) {
6266 /* Build display for: AndXCommand */
6268 AndXCommand = GBYTE(pd, offset);
6272 proto_tree_add_text(tree, offset, 1, "AndXCommand: %s",
6273 (AndXCommand == 0xFF ? "No further commands" : decode_smb_name(AndXCommand)));
6277 offset += 1; /* Skip AndXCommand */
6279 /* Build display for: AndXReserved */
6281 AndXReserved = GBYTE(pd, offset);
6285 proto_tree_add_text(tree, offset, 1, "AndXReserved: %u", AndXReserved);
6289 offset += 1; /* Skip AndXReserved */
6291 /* Build display for: AndXoffset */
6293 AndXoffset = GSHORT(pd, offset);
6297 proto_tree_add_text(tree, offset, 2, "AndXoffset: %u", AndXoffset);
6301 offset += 2; /* Skip AndXoffset */
6305 /* Build display for: Byte Count */
6307 ByteCount = GSHORT(pd, offset);
6311 proto_tree_add_text(tree, offset, 2, "Byte Count: %u", ByteCount);
6315 offset += 2; /* Skip Byte Count */
6318 if (AndXCommand != 0xFF) {
6320 (dissect[AndXCommand])(pd, offset, fd, tree, si, max_data, SMB_offset, errcode, dirn);
6329 dissect_unlock_bytes_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6338 if (dirn == 1) { /* Request(s) dissect code */
6340 /* Build display for: Word Count (WCT) */
6342 WordCount = GBYTE(pd, offset);
6346 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6350 offset += 1; /* Skip Word Count (WCT) */
6352 /* Build display for: FID */
6354 FID = GSHORT(pd, offset);
6358 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
6362 offset += 2; /* Skip FID */
6364 /* Build display for: Count */
6366 Count = GWORD(pd, offset);
6370 proto_tree_add_text(tree, offset, 4, "Count: %u", Count);
6374 offset += 4; /* Skip Count */
6376 /* Build display for: Offset */
6378 Offset = GWORD(pd, offset);
6382 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
6386 offset += 4; /* Skip Offset */
6388 /* Build display for: Byte Count (BCC) */
6390 ByteCount = GSHORT(pd, offset);
6394 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6398 offset += 2; /* Skip Byte Count (BCC) */
6402 if (dirn == 0) { /* Response(s) dissect code */
6404 /* Build display for: Word Count (WCT) */
6406 WordCount = GBYTE(pd, offset);
6410 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6414 offset += 1; /* Skip Word Count (WCT) */
6416 /* Build display for: Byte Count (BCC) */
6418 ByteCount = GSHORT(pd, offset);
6422 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6426 offset += 2; /* Skip Byte Count (BCC) */
6433 dissect_create_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6436 proto_tree *Attributes_tree;
6439 guint8 BufferFormat;
6441 guint16 CreationTime;
6444 const char *FileName;
6446 if (dirn == 1) { /* Request(s) dissect code */
6448 /* Build display for: Word Count (WCT) */
6450 WordCount = GBYTE(pd, offset);
6454 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6458 offset += 1; /* Skip Word Count (WCT) */
6460 /* Build display for: Attributes */
6462 Attributes = GSHORT(pd, offset);
6466 ti = proto_tree_add_text(tree, offset, 2, "Attributes: 0x%02x", Attributes);
6467 Attributes_tree = proto_item_add_subtree(ti, ETT_SMB_FILEATTRIBUTES);
6468 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6469 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
6470 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6471 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
6472 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6473 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
6474 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6475 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
6476 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6477 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
6478 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
6479 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
6483 offset += 2; /* Skip Attributes */
6485 /* Build display for: Creation Time */
6487 CreationTime = GSHORT(pd, offset);
6491 proto_tree_add_text(tree, offset, 2, "Creation Time: %u", dissect_dos_time(CreationTime));
6495 offset += 2; /* Skip Creation Time */
6497 /* Build display for: Byte Count (BCC) */
6499 ByteCount = GSHORT(pd, offset);
6503 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6507 offset += 2; /* Skip Byte Count (BCC) */
6509 /* Build display for: Buffer Format */
6511 BufferFormat = GBYTE(pd, offset);
6515 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
6519 offset += 1; /* Skip Buffer Format */
6521 /* Build display for: File Name */
6523 FileName = pd + offset;
6527 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
6531 offset += strlen(FileName) + 1; /* Skip File Name */
6535 if (dirn == 0) { /* Response(s) dissect code */
6537 /* Build display for: Word Count (WCT) */
6539 WordCount = GBYTE(pd, offset);
6543 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6547 offset += 1; /* Skip Word Count (WCT) */
6549 if (WordCount > 0) {
6551 /* Build display for: FID */
6553 FID = GSHORT(pd, offset);
6557 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
6561 offset += 2; /* Skip FID */
6565 /* Build display for: Byte Count (BCC) */
6567 ByteCount = GSHORT(pd, offset);
6571 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6575 offset += 2; /* Skip Byte Count (BCC) */
6582 dissect_search_dir_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6586 guint8 BufferFormat2;
6587 guint8 BufferFormat1;
6588 guint8 BufferFormat;
6589 guint16 SearchAttributes;
6590 guint16 ResumeKeyLength;
6595 const char *FileName;
6597 if (dirn == 1) { /* Request(s) dissect code */
6599 /* Build display for: Word Count (WCT) */
6601 WordCount = GBYTE(pd, offset);
6605 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6609 offset += 1; /* Skip Word Count (WCT) */
6611 /* Build display for: Max Count */
6613 MaxCount = GSHORT(pd, offset);
6617 proto_tree_add_text(tree, offset, 2, "Max Count: %u", MaxCount);
6621 offset += 2; /* Skip Max Count */
6623 /* Build display for: Search Attributes */
6625 SearchAttributes = GSHORT(pd, offset);
6629 proto_tree_add_text(tree, offset, 2, "Search Attributes: %u", SearchAttributes);
6633 offset += 2; /* Skip Search Attributes */
6635 /* Build display for: Byte Count (BCC) */
6637 ByteCount = GSHORT(pd, offset);
6641 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6645 offset += 2; /* Skip Byte Count (BCC) */
6647 /* Build display for: Buffer Format 1 */
6649 BufferFormat1 = GBYTE(pd, offset);
6653 proto_tree_add_text(tree, offset, 1, "Buffer Format 1: %u", BufferFormat1);
6657 offset += 1; /* Skip Buffer Format 1 */
6659 /* Build display for: File Name */
6661 FileName = pd + offset;
6665 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
6669 offset += strlen(FileName) + 1; /* Skip File Name */
6671 /* Build display for: Buffer Format 2 */
6673 BufferFormat2 = GBYTE(pd, offset);
6677 proto_tree_add_text(tree, offset, 1, "Buffer Format 2: %u", BufferFormat2);
6681 offset += 1; /* Skip Buffer Format 2 */
6683 /* Build display for: Resume Key Length */
6685 ResumeKeyLength = GSHORT(pd, offset);
6689 proto_tree_add_text(tree, offset, 2, "Resume Key Length: %u", ResumeKeyLength);
6693 offset += 2; /* Skip Resume Key Length */
6697 if (dirn == 0) { /* Response(s) dissect code */
6699 /* Build display for: Word Count (WCT) */
6701 WordCount = GBYTE(pd, offset);
6705 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6709 offset += 1; /* Skip Word Count (WCT) */
6711 if (WordCount > 0) {
6713 /* Build display for: Count */
6715 Count = GSHORT(pd, offset);
6719 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
6723 offset += 2; /* Skip Count */
6727 /* Build display for: Byte Count (BCC) */
6729 ByteCount = GSHORT(pd, offset);
6733 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6737 offset += 2; /* Skip Byte Count (BCC) */
6739 /* Build display for: Buffer Format */
6741 BufferFormat = GBYTE(pd, offset);
6745 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
6749 offset += 1; /* Skip Buffer Format */
6751 /* Build display for: Data Length */
6753 DataLength = GSHORT(pd, offset);
6757 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
6761 offset += 2; /* Skip Data Length */
6768 dissect_create_temporary_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6772 guint8 BufferFormat;
6775 guint16 CreationTime;
6776 guint16 CreationDate;
6778 const char *FileName;
6779 const char *DirectoryName;
6781 if (dirn == 1) { /* Request(s) dissect code */
6783 /* Build display for: Word Count (WCT) */
6785 WordCount = GBYTE(pd, offset);
6789 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6793 offset += 1; /* Skip Word Count (WCT) */
6795 /* Build display for: Reserved */
6797 Reserved = GSHORT(pd, offset);
6801 proto_tree_add_text(tree, offset, 2, "Reserved: %u", Reserved);
6805 offset += 2; /* Skip Reserved */
6807 /* Build display for: Creation Time */
6809 CreationTime = GSHORT(pd, offset);
6813 proto_tree_add_text(tree, offset, 2, "Creation Time: %u", dissect_dos_time(CreationTime));
6817 offset += 2; /* Skip Creation Time */
6819 /* Build display for: Creation Date */
6821 CreationDate = GSHORT(pd, offset);
6825 proto_tree_add_text(tree, offset, 2, "Creation Date: %u", dissect_dos_date(CreationDate));
6829 offset += 2; /* Skip Creation Date */
6831 /* Build display for: Byte Count (BCC) */
6833 ByteCount = GSHORT(pd, offset);
6837 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6841 offset += 2; /* Skip Byte Count (BCC) */
6843 /* Build display for: Buffer Format */
6845 BufferFormat = GBYTE(pd, offset);
6849 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
6853 offset += 1; /* Skip Buffer Format */
6855 /* Build display for: Directory Name */
6857 DirectoryName = pd + offset;
6861 proto_tree_add_text(tree, offset, strlen(DirectoryName) + 1, "Directory Name: %s", DirectoryName);
6865 offset += strlen(DirectoryName) + 1; /* Skip Directory Name */
6869 if (dirn == 0) { /* Response(s) dissect code */
6871 /* Build display for: Word Count (WCT) */
6873 WordCount = GBYTE(pd, offset);
6877 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6881 offset += 1; /* Skip Word Count (WCT) */
6883 if (WordCount > 0) {
6885 /* Build display for: FID */
6887 FID = GSHORT(pd, offset);
6891 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
6895 offset += 2; /* Skip FID */
6899 /* Build display for: Byte Count (BCC) */
6901 ByteCount = GSHORT(pd, offset);
6905 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
6909 offset += 2; /* Skip Byte Count (BCC) */
6911 /* Build display for: Buffer Format */
6913 BufferFormat = GBYTE(pd, offset);
6917 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
6921 offset += 1; /* Skip Buffer Format */
6923 /* Build display for: File Name */
6925 FileName = pd + offset;
6929 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
6933 offset += strlen(FileName) + 1; /* Skip File Name */
6940 dissect_close_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
6944 guint16 LastWriteTime;
6945 guint16 LastWriteDate;
6949 if (dirn == 1) { /* Request(s) dissect code */
6951 /* Build display for: Word Count (WCT) */
6953 WordCount = GBYTE(pd, offset);
6957 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
6961 offset += 1; /* Skip Word Count (WCT) */
6963 /* Build display for: FID */
6965 FID = GSHORT(pd, offset);
6969 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
6973 offset += 2; /* Skip FID */
6975 /* Build display for: Last Write Time */
6977 LastWriteTime = GSHORT(pd, offset);
6981 proto_tree_add_text(tree, offset, 2, "Last Write Time: %u", dissect_dos_time(LastWriteTime));
6985 offset += 2; /* Skip Last Write Time */
6987 /* Build display for: Last Write Date */
6989 LastWriteDate = GSHORT(pd, offset);
6993 proto_tree_add_text(tree, offset, 2, "Last Write Date: %u", dissect_dos_date(LastWriteDate));
6997 offset += 2; /* Skip Last Write Date */
6999 /* Build display for: Byte Count (BCC) */
7001 ByteCount = GSHORT(pd, offset);
7005 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7009 offset += 2; /* Skip Byte Count (BCC) */
7013 if (dirn == 0) { /* Response(s) dissect code */
7015 /* Build display for: Word Count (WCT) */
7017 WordCount = GBYTE(pd, offset);
7021 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7025 offset += 1; /* Skip Word Count (WCT) */
7027 /* Build display for: Byte Count (BCC) */
7029 ByteCount = GSHORT(pd, offset);
7033 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7037 offset += 2; /* Skip Byte Count (BCC) */
7044 dissect_write_print_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7048 guint8 BufferFormat;
7053 if (dirn == 1) { /* Request(s) dissect code */
7055 /* Build display for: Word Count (WCT) */
7057 WordCount = GBYTE(pd, offset);
7061 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7065 offset += 1; /* Skip Word Count (WCT) */
7067 /* Build display for: FID */
7069 FID = GSHORT(pd, offset);
7073 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
7077 offset += 2; /* Skip FID */
7079 /* Build display for: Byte Count (BCC) */
7081 ByteCount = GSHORT(pd, offset);
7085 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7089 offset += 2; /* Skip Byte Count (BCC) */
7091 /* Build display for: Buffer Format */
7093 BufferFormat = GBYTE(pd, offset);
7097 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
7101 offset += 1; /* Skip Buffer Format */
7103 /* Build display for: Data Length */
7105 DataLength = GSHORT(pd, offset);
7109 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
7113 offset += 2; /* Skip Data Length */
7117 if (dirn == 0) { /* Response(s) dissect code */
7119 /* Build display for: Word Count (WCT) */
7121 WordCount = GBYTE(pd, offset);
7125 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7129 offset += 1; /* Skip Word Count (WCT) */
7131 /* Build display for: Byte Count (BCC) */
7133 ByteCount = GSHORT(pd, offset);
7137 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7141 offset += 2; /* Skip Byte Count (BCC) */
7148 dissect_lock_and_read_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7152 guint8 BufferFormat;
7164 if (dirn == 1) { /* Request(s) dissect code */
7166 /* Build display for: Word Count (WCT) */
7168 WordCount = GBYTE(pd, offset);
7172 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7176 offset += 1; /* Skip Word Count (WCT) */
7178 /* Build display for: FID */
7180 FID = GSHORT(pd, offset);
7184 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
7188 offset += 2; /* Skip FID */
7190 /* Build display for: Count */
7192 Count = GSHORT(pd, offset);
7196 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
7200 offset += 2; /* Skip Count */
7202 /* Build display for: Offset */
7204 Offset = GWORD(pd, offset);
7208 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
7212 offset += 4; /* Skip Offset */
7214 /* Build display for: Remaining */
7216 Remaining = GSHORT(pd, offset);
7220 proto_tree_add_text(tree, offset, 2, "Remaining: %u", Remaining);
7224 offset += 2; /* Skip Remaining */
7226 /* Build display for: Byte Count (BCC) */
7228 ByteCount = GSHORT(pd, offset);
7232 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7236 offset += 2; /* Skip Byte Count (BCC) */
7240 if (dirn == 0) { /* Response(s) dissect code */
7242 /* Build display for: Word Count (WCT) */
7244 WordCount = GBYTE(pd, offset);
7248 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7252 offset += 1; /* Skip Word Count (WCT) */
7254 if (WordCount > 0) {
7256 /* Build display for: Count */
7258 Count = GSHORT(pd, offset);
7262 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
7266 offset += 2; /* Skip Count */
7268 /* Build display for: Reserved 1 */
7270 Reserved1 = GSHORT(pd, offset);
7274 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
7278 offset += 2; /* Skip Reserved 1 */
7280 /* Build display for: Reserved 2 */
7282 Reserved2 = GSHORT(pd, offset);
7286 proto_tree_add_text(tree, offset, 2, "Reserved 2: %u", Reserved2);
7290 offset += 2; /* Skip Reserved 2 */
7292 /* Build display for: Reserved 3 */
7294 Reserved3 = GSHORT(pd, offset);
7298 proto_tree_add_text(tree, offset, 2, "Reserved 3: %u", Reserved3);
7302 offset += 2; /* Skip Reserved 3 */
7304 /* Build display for: Reserved 4 */
7306 Reserved4 = GSHORT(pd, offset);
7310 proto_tree_add_text(tree, offset, 2, "Reserved 4: %u", Reserved4);
7314 offset += 2; /* Skip Reserved 4 */
7316 /* Build display for: Byte Count (BCC) */
7318 ByteCount = GSHORT(pd, offset);
7322 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7328 offset += 2; /* Skip Byte Count (BCC) */
7330 /* Build display for: Buffer Format */
7332 BufferFormat = GBYTE(pd, offset);
7336 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
7340 offset += 1; /* Skip Buffer Format */
7342 /* Build display for: Data Length */
7344 DataLength = GSHORT(pd, offset);
7348 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
7352 offset += 2; /* Skip Data Length */
7359 dissect_process_exit_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7365 if (dirn == 1) { /* Request(s) dissect code */
7367 /* Build display for: Word Count (WCT) */
7369 WordCount = GBYTE(pd, offset);
7373 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7377 offset += 1; /* Skip Word Count (WCT) */
7379 /* Build display for: Byte Count (BCC) */
7381 ByteCount = GSHORT(pd, offset);
7385 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7389 offset += 2; /* Skip Byte Count (BCC) */
7393 if (dirn == 0) { /* Response(s) dissect code */
7395 /* Build display for: Word Count (WCT) */
7397 WordCount = GBYTE(pd, offset);
7401 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7405 offset += 1; /* Skip Word Count (WCT) */
7407 /* Build display for: Byte Count (BCC) */
7409 ByteCount = GSHORT(pd, offset);
7413 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7417 offset += 2; /* Skip Byte Count (BCC) */
7424 dissect_get_file_attr_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7427 proto_tree *Attributes_tree;
7430 guint8 BufferFormat;
7437 guint16 LastWriteTime;
7438 guint16 LastWriteDate;
7441 const char *FileName;
7443 if (dirn == 1) { /* Request(s) dissect code */
7445 /* Build display for: Word Count (WCT) */
7447 WordCount = GBYTE(pd, offset);
7451 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7455 offset += 1; /* Skip Word Count (WCT) */
7457 /* Build display for: Byte Count (BCC) */
7459 ByteCount = GSHORT(pd, offset);
7463 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7467 offset += 2; /* Skip Byte Count (BCC) */
7469 /* Build display for: Buffer Format */
7471 BufferFormat = GBYTE(pd, offset);
7475 proto_tree_add_text(tree, offset, 1, "Buffer Format: %u", BufferFormat);
7479 offset += 1; /* Skip Buffer Format */
7481 /* Build display for: File Name */
7483 FileName = pd + offset;
7487 proto_tree_add_text(tree, offset, strlen(FileName) + 1, "File Name: %s", FileName);
7491 offset += strlen(FileName) + 1; /* Skip File Name */
7495 if (dirn == 0) { /* Response(s) dissect code */
7497 /* Build display for: Word Count (WCT) */
7499 WordCount = GBYTE(pd, offset);
7503 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7507 offset += 1; /* Skip Word Count (WCT) */
7509 if (WordCount > 0) {
7511 /* Build display for: Attributes */
7513 Attributes = GSHORT(pd, offset);
7517 ti = proto_tree_add_text(tree, offset, 2, "Attributes: 0x%02x", Attributes);
7518 Attributes_tree = proto_item_add_subtree(ti, ETT_SMB_FILEATTRIBUTES);
7519 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7520 decode_boolean_bitfield(Attributes, 0x01, 16, "Read-only file", "Not a read-only file"));
7521 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7522 decode_boolean_bitfield(Attributes, 0x02, 16, "Hidden file", "Not a hidden file"));
7523 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7524 decode_boolean_bitfield(Attributes, 0x04, 16, "System file", "Not a system file"));
7525 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7526 decode_boolean_bitfield(Attributes, 0x08, 16, " Volume", "Not a volume"));
7527 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7528 decode_boolean_bitfield(Attributes, 0x10, 16, " Directory", "Not a directory"));
7529 proto_tree_add_text(Attributes_tree, offset, 2, "%s",
7530 decode_boolean_bitfield(Attributes, 0x20, 16, " Archived", "Not archived"));
7534 offset += 2; /* Skip Attributes */
7536 /* Build display for: Last Write Time */
7538 LastWriteTime = GSHORT(pd, offset);
7544 offset += 2; /* Skip Last Write Time */
7546 /* Build display for: Last Write Date */
7548 LastWriteDate = GSHORT(pd, offset);
7552 proto_tree_add_text(tree, offset, 2, "Last Write Date: %s", dissect_smbu_date(LastWriteDate, LastWriteTime));
7554 proto_tree_add_text(tree, offset, 2, "Last Write Time: %s", dissect_smbu_time(LastWriteDate, LastWriteTime));
7558 offset += 2; /* Skip Last Write Date */
7560 /* Build display for: File Size */
7562 FileSize = GWORD(pd, offset);
7566 proto_tree_add_text(tree, offset, 4, "File Size: %u", FileSize);
7570 offset += 4; /* Skip File Size */
7572 /* Build display for: Reserved 1 */
7574 Reserved1 = GSHORT(pd, offset);
7578 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
7582 offset += 2; /* Skip Reserved 1 */
7584 /* Build display for: Reserved 2 */
7586 Reserved2 = GSHORT(pd, offset);
7590 proto_tree_add_text(tree, offset, 2, "Reserved 2: %u", Reserved2);
7594 offset += 2; /* Skip Reserved 2 */
7596 /* Build display for: Reserved 3 */
7598 Reserved3 = GSHORT(pd, offset);
7602 proto_tree_add_text(tree, offset, 2, "Reserved 3: %u", Reserved3);
7606 offset += 2; /* Skip Reserved 3 */
7608 /* Build display for: Reserved 4 */
7610 Reserved4 = GSHORT(pd, offset);
7614 proto_tree_add_text(tree, offset, 2, "Reserved 4: %u", Reserved4);
7618 offset += 2; /* Skip Reserved 4 */
7620 /* Build display for: Reserved 5 */
7622 Reserved5 = GSHORT(pd, offset);
7626 proto_tree_add_text(tree, offset, 2, "Reserved 5: %u", Reserved5);
7630 offset += 2; /* Skip Reserved 5 */
7634 /* Build display for: Byte Count (BCC) */
7636 ByteCount = GSHORT(pd, offset);
7640 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7644 offset += 2; /* Skip Byte Count (BCC) */
7651 dissect_read_file_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7665 guint16 BufferFormat;
7667 if (dirn == 1) { /* Request(s) dissect code */
7669 /* Build display for: Word Count (WCT) */
7671 WordCount = GBYTE(pd, offset);
7675 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7679 offset += 1; /* Skip Word Count (WCT) */
7681 /* Build display for: FID */
7683 FID = GSHORT(pd, offset);
7687 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
7691 offset += 2; /* Skip FID */
7693 /* Build display for: Count */
7695 Count = GSHORT(pd, offset);
7699 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
7703 offset += 2; /* Skip Count */
7705 /* Build display for: Offset */
7707 Offset = GWORD(pd, offset);
7711 proto_tree_add_text(tree, offset, 4, "Offset: %u", Offset);
7715 offset += 4; /* Skip Offset */
7717 /* Build display for: Remaining */
7719 Remaining = GSHORT(pd, offset);
7723 proto_tree_add_text(tree, offset, 2, "Remaining: %u", Remaining);
7727 offset += 2; /* Skip Remaining */
7729 /* Build display for: Byte Count (BCC) */
7731 ByteCount = GSHORT(pd, offset);
7735 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7739 offset += 2; /* Skip Byte Count (BCC) */
7743 if (dirn == 0) { /* Response(s) dissect code */
7745 /* Build display for: Word Count (WCT) */
7747 WordCount = GBYTE(pd, offset);
7751 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7755 offset += 1; /* Skip Word Count (WCT) */
7757 if (WordCount > 0) {
7759 /* Build display for: Count */
7761 Count = GSHORT(pd, offset);
7765 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
7769 offset += 2; /* Skip Count */
7771 /* Build display for: Reserved 1 */
7773 Reserved1 = GSHORT(pd, offset);
7777 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
7781 offset += 2; /* Skip Reserved 1 */
7783 /* Build display for: Reserved 2 */
7785 Reserved2 = GSHORT(pd, offset);
7789 proto_tree_add_text(tree, offset, 2, "Reserved 2: %u", Reserved2);
7793 offset += 2; /* Skip Reserved 2 */
7795 /* Build display for: Reserved 3 */
7797 Reserved3 = GSHORT(pd, offset);
7801 proto_tree_add_text(tree, offset, 2, "Reserved 3: %u", Reserved3);
7805 offset += 2; /* Skip Reserved 3 */
7807 /* Build display for: Reserved 4 */
7809 Reserved4 = GSHORT(pd, offset);
7813 proto_tree_add_text(tree, offset, 2, "Reserved 4: %u", Reserved4);
7817 offset += 2; /* Skip Reserved 4 */
7821 /* Build display for: Byte Count (BCC) */
7823 ByteCount = GSHORT(pd, offset);
7827 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
7831 offset += 2; /* Skip Byte Count (BCC) */
7833 /* Build display for: Buffer Format */
7835 BufferFormat = GSHORT(pd, offset);
7839 proto_tree_add_text(tree, offset, 2, "Buffer Format: %u", BufferFormat);
7843 offset += 2; /* Skip Buffer Format */
7845 /* Build display for: Data Length */
7847 DataLength = GSHORT(pd, offset);
7851 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
7855 offset += 2; /* Skip Data Length */
7862 dissect_write_mpx_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
7865 proto_tree *WriteMode_tree;
7870 guint32 ResponseMask;
7871 guint32 RequestMask;
7880 if (dirn == 1) { /* Request(s) dissect code */
7882 /* Build display for: Word Count (WCT) */
7884 WordCount = GBYTE(pd, offset);
7888 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
7892 offset += 1; /* Skip Word Count (WCT) */
7894 /* Build display for: FID */
7896 FID = GSHORT(pd, offset);
7900 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
7904 offset += 2; /* Skip FID */
7906 /* Build display for: Count */
7908 Count = GSHORT(pd, offset);
7912 proto_tree_add_text(tree, offset, 2, "Count: %u", Count);
7916 offset += 2; /* Skip Count */
7918 /* Build display for: Reserved 1 */
7920 Reserved1 = GSHORT(pd, offset);
7924 proto_tree_add_text(tree, offset, 2, "Reserved 1: %u", Reserved1);
7928 offset += 2; /* Skip Reserved 1 */
7930 /* Build display for: Timeout */
7932 Timeout = GWORD(pd, offset);
7936 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
7940 offset += 4; /* Skip Timeout */
7942 /* Build display for: WriteMode */
7944 WriteMode = GSHORT(pd, offset);
7948 ti = proto_tree_add_text(tree, offset, 2, "WriteMode: 0x%02x", WriteMode);
7949 WriteMode_tree = proto_item_add_subtree(ti, ETT_SMB_WRITEMODE);
7950 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
7951 decode_boolean_bitfield(WriteMode, 0x01, 16, "Write through requested", "Write through not requested"));
7952 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
7953 decode_boolean_bitfield(WriteMode, 0x02, 16, "Return Remaining", "Dont return Remaining"));
7954 proto_tree_add_text(WriteMode_tree, offset, 2, "%s",
7955 decode_boolean_bitfield(WriteMode, 0x40, 16, "Connectionless mode requested", "Connectionless mode not requested"));
7959 offset += 2; /* Skip WriteMode */
7961 /* Build display for: Request Mask */
7963 RequestMask = GWORD(pd, offset);
7967 proto_tree_add_text(tree, offset, 4, "Request Mask: %u", RequestMask);
7971 offset += 4; /* Skip Request Mask */
7973 /* Build display for: Data Length */
7975 DataLength = GSHORT(pd, offset);
7979 proto_tree_add_text(tree, offset, 2, "Data Length: %u", DataLength);
7983 offset += 2; /* Skip Data Length */
7985 /* Build display for: Data Offset */
7987 DataOffset = GSHORT(pd, offset);
7991 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
7995 offset += 2; /* Skip Data Offset */
7997 /* Build display for: Byte Count (BCC) */
7999 ByteCount = GSHORT(pd, offset);
8003 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
8007 offset += 2; /* Skip Byte Count (BCC) */
8009 /* Build display for: Pad */
8011 Pad = GBYTE(pd, offset);
8015 proto_tree_add_text(tree, offset, 1, "Pad: %u", Pad);
8019 offset += 1; /* Skip Pad */
8023 if (dirn == 0) { /* Response(s) dissect code */
8025 /* Build display for: Word Count (WCT) */
8027 WordCount = GBYTE(pd, offset);
8031 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
8035 offset += 1; /* Skip Word Count (WCT) */
8037 if (WordCount > 0) {
8039 /* Build display for: Response Mask */
8041 ResponseMask = GWORD(pd, offset);
8045 proto_tree_add_text(tree, offset, 4, "Response Mask: %u", ResponseMask);
8049 offset += 4; /* Skip Response Mask */
8051 /* Build display for: Byte Count (BCC) */
8053 ByteCount = GSHORT(pd, offset);
8057 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
8063 offset += 2; /* Skip Byte Count (BCC) */
8070 dissect_find_close2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8077 if (dirn == 1) { /* Request(s) dissect code */
8079 /* Build display for: Word Count (WTC) */
8081 WordCount = GBYTE(pd, offset);
8085 proto_tree_add_text(tree, offset, 1, "Word Count (WTC): %u", WordCount);
8089 offset += 1; /* Skip Word Count (WTC) */
8091 /* Build display for: FID */
8093 FID = GSHORT(pd, offset);
8097 proto_tree_add_text(tree, offset, 2, "FID: %u", FID);
8101 offset += 2; /* Skip FID */
8103 /* Build display for: Byte Count (BCC) */
8105 ByteCount = GSHORT(pd, offset);
8109 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
8113 offset += 2; /* Skip Byte Count (BCC) */
8117 if (dirn == 0) { /* Response(s) dissect code */
8119 /* Build display for: Word Count (WCT) */
8121 WordCount = GBYTE(pd, offset);
8125 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
8129 offset += 1; /* Skip Word Count (WCT) */
8131 /* Build display for: Byte Count (BCC) */
8133 ByteCount = GBYTE(pd, offset);
8137 proto_tree_add_text(tree, offset, 1, "Byte Count (BCC): %u", ByteCount);
8141 offset += 1; /* Skip Byte Count (BCC) */
8147 char *trans2_cmd_names[] = {
8149 "TRANS2_FIND_FIRST2",
8150 "TRANS2_FIND_NEXT2",
8151 "TRANS2_QUERY_FS_INFORMATION",
8152 "TRANS2_QUERY_PATH_INFORMATION",
8153 "TRANS2_SET_PATH_INFORMATION",
8154 "TRANS2_QUERY_FILE_INFORMATION",
8155 "TRANS2_SET_FILE_INFORMATION",
8158 "TRANS2_FIND_NOTIFY_FIRST",
8159 "TRANS2_FIND_NOTIFY_NEXT",
8160 "TRANS2_CREATE_DIRECTORY",
8161 "TRANS2_SESSION_SETUP",
8162 "TRANS2_GET_DFS_REFERRAL",
8164 "TRANS2_REPORT_DFS_INCONSISTENCY"};
8166 char *decode_trans2_name(int code)
8169 if (code > 17 || code < 0) {
8171 return("no such command");
8175 return trans2_cmd_names[code];
8180 dissect_transact2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8183 proto_tree *Flags_tree;
8193 guint8 MaxSetupCount;
8196 guint16 TotalParameterCount;
8197 guint16 TotalDataCount;
8200 guint16 ParameterOffset;
8201 guint16 ParameterDisplacement;
8202 guint16 ParameterCount;
8203 guint16 MaxParameterCount;
8204 guint16 MaxDataCount;
8207 guint16 DataDisplacement;
8210 const char *TransactName;
8211 conversation_t *conversation;
8212 struct smb_request_key request_key, *new_request_key;
8213 struct smb_request_val *request_val;
8216 * Find out what conversation this packet is part of.
8217 * XXX - this should really be done by the transport-layer protocol,
8218 * although for connectionless transports, we may not want to do that
8219 * unless we know some higher-level protocol will want it - or we
8220 * may want to do it, so you can say e.g. "show only the packets in
8221 * this UDP 'connection'".
8223 * Note that we don't have to worry about the direction this packet
8224 * was going - the conversation code handles that for us, treating
8225 * packets from A:X to B:Y as being part of the same conversation as
8226 * packets from B:Y to A:X.
8228 conversation = find_conversation(&pi.src, &pi.dst, pi.ptype,
8229 pi.srcport, pi.destport);
8230 if (conversation == NULL) {
8231 /* It's not part of any conversation - create a new one. */
8232 conversation = conversation_new(&pi.src, &pi.dst, pi.ptype,
8233 pi.srcport, pi.destport, NULL);
8237 * Check for and insert entry in request hash table if does not exist
8239 request_key.conversation = conversation->index;
8240 request_key.mid = si.mid;
8242 request_val = (struct smb_request_val *) g_hash_table_lookup(smb_request_hash, &request_key);
8244 if (!request_val) { /* Create one */
8246 new_request_key = g_mem_chunk_alloc(smb_request_keys);
8247 new_request_key -> conversation = conversation->index;
8248 new_request_key -> mid = si.mid;
8250 request_val = g_mem_chunk_alloc(smb_request_vals);
8251 request_val -> mid = si.mid;
8252 request_val -> last_transact2_command = 0xFFFF;
8254 g_hash_table_insert(smb_request_hash, new_request_key, request_val);
8257 else { /* Update the transact request */
8259 request_val -> mid = si.mid;
8264 if (dirn == 1) { /* Request(s) dissect code */
8266 /* Build display for: Word Count (WCT) */
8268 WordCount = GBYTE(pd, offset);
8272 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
8276 offset += 1; /* Skip Word Count (WCT) */
8278 /* Build display for: Total Parameter Count */
8280 TotalParameterCount = GSHORT(pd, offset);
8284 proto_tree_add_text(tree, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
8288 offset += 2; /* Skip Total Parameter Count */
8290 /* Build display for: Total Data Count */
8292 TotalDataCount = GSHORT(pd, offset);
8296 proto_tree_add_text(tree, offset, 2, "Total Data Count: %u", TotalDataCount);
8300 offset += 2; /* Skip Total Data Count */
8302 /* Build display for: Max Parameter Count */
8304 MaxParameterCount = GSHORT(pd, offset);
8308 proto_tree_add_text(tree, offset, 2, "Max Parameter Count: %u", MaxParameterCount);
8312 offset += 2; /* Skip Max Parameter Count */
8314 /* Build display for: Max Data Count */
8316 MaxDataCount = GSHORT(pd, offset);
8320 proto_tree_add_text(tree, offset, 2, "Max Data Count: %u", MaxDataCount);
8324 offset += 2; /* Skip Max Data Count */
8326 /* Build display for: Max Setup Count */
8328 MaxSetupCount = GBYTE(pd, offset);
8332 proto_tree_add_text(tree, offset, 1, "Max Setup Count: %u", MaxSetupCount);
8336 offset += 1; /* Skip Max Setup Count */
8338 /* Build display for: Reserved1 */
8340 Reserved1 = GBYTE(pd, offset);
8344 proto_tree_add_text(tree, offset, 1, "Reserved1: %u", Reserved1);
8348 offset += 1; /* Skip Reserved1 */
8350 /* Build display for: Flags */
8352 Flags = GSHORT(pd, offset);
8356 ti = proto_tree_add_text(tree, offset, 2, "Flags: 0x%02x", Flags);
8357 Flags_tree = proto_item_add_subtree(ti, ETT_SMB_FLAGS);
8358 proto_tree_add_text(Flags_tree, offset, 2, "%s",
8359 decode_boolean_bitfield(Flags, 0x01, 16, "Also disconnect TID", "Dont disconnect TID"));
8360 proto_tree_add_text(Flags_tree, offset, 2, "%s",
8361 decode_boolean_bitfield(Flags, 0x02, 16, "One way transaction", "Two way transaction"));
8365 offset += 2; /* Skip Flags */
8367 /* Build display for: Timeout */
8369 Timeout = GWORD(pd, offset);
8373 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
8377 offset += 4; /* Skip Timeout */
8379 /* Build display for: Reserved2 */
8381 Reserved2 = GSHORT(pd, offset);
8385 proto_tree_add_text(tree, offset, 2, "Reserved2: %u", Reserved2);
8389 offset += 2; /* Skip Reserved2 */
8391 /* Build display for: Parameter Count */
8393 ParameterCount = GSHORT(pd, offset);
8397 proto_tree_add_text(tree, offset, 2, "Parameter Count: %u", ParameterCount);
8401 offset += 2; /* Skip Parameter Count */
8403 /* Build display for: Parameter Offset */
8405 ParameterOffset = GSHORT(pd, offset);
8409 proto_tree_add_text(tree, offset, 2, "Parameter Offset: %u", ParameterOffset);
8413 offset += 2; /* Skip Parameter Offset */
8415 /* Build display for: Data Count */
8417 DataCount = GSHORT(pd, offset);
8421 proto_tree_add_text(tree, offset, 2, "Data Count: %u", DataCount);
8425 offset += 2; /* Skip Data Count */
8427 /* Build display for: Data Offset */
8429 DataOffset = GSHORT(pd, offset);
8433 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
8437 offset += 2; /* Skip Data Offset */
8439 /* Build display for: Setup Count */
8441 SetupCount = GBYTE(pd, offset);
8445 proto_tree_add_text(tree, offset, 1, "Setup Count: %u", SetupCount);
8449 offset += 1; /* Skip Setup Count */
8451 /* Build display for: Reserved3 */
8453 Reserved3 = GBYTE(pd, offset);
8457 proto_tree_add_text(tree, offset, 1, "Reserved3: %u", Reserved3);
8461 offset += 1; /* Skip Reserved3 */
8463 /* Build display for: Setup */
8465 if (SetupCount > 0) {
8469 Setup = GSHORT(pd, offset);
8471 request_val -> last_transact2_command = Setup; /* Save for later */
8473 if (check_col(fd, COL_INFO)) {
8475 col_add_fstr(fd, COL_INFO, "%s %s", decode_trans2_name(Setup), (dirn ? "Request" : "Response"));
8479 for (i = 1; i <= SetupCount; i++) {
8482 Setup1 = GSHORT(pd, offset);
8486 proto_tree_add_text(tree, offset, 2, "Setup%i: %u", i, Setup1);
8490 offset += 2; /* Skip Setup */
8496 /* Build display for: Byte Count (BCC) */
8498 ByteCount = GSHORT(pd, offset);
8502 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
8506 offset += 2; /* Skip Byte Count (BCC) */
8508 /* Build display for: Transact Name */
8510 TransactName = pd + offset;
8514 proto_tree_add_text(tree, offset, strlen(TransactName) + 1, "Transact Name: %s", decode_trans2_name(Setup));
8518 offset += strlen(TransactName) + 1; /* Skip Transact Name */
8522 /* Build display for: Pad1 */
8524 Pad1 = GBYTE(pd, offset);
8528 proto_tree_add_text(tree, offset, 1, "Pad1: %u", Pad1);
8532 offset += 1; /* Skip Pad1 */
8536 if (ParameterCount > 0) {
8538 /* Build display for: Parameters */
8542 proto_tree_add_text(tree, SMB_offset + ParameterOffset, ParameterCount, "Parameters: %S: %d", format_text(&pd[SMB_offset + ParameterOffset], ParameterCount), SMB_offset + ParameterOffset);
8546 offset += ParameterCount; /* Skip Parameters */
8552 /* Build display for: Pad2 */
8554 Pad2 = GBYTE(pd, offset);
8558 proto_tree_add_text(tree, offset, 1, "Pad2: %u", Pad2);
8562 offset += 1; /* Skip Pad2 */
8566 if (DataCount > 0) {
8568 /* Build display for: Data */
8570 Data = GBYTE(pd, offset);
8574 proto_tree_add_text(tree, SMB_offset + DataOffset, DataCount, "Data: %s", format_text(&pd[offset], DataCount));
8578 offset += DataCount; /* Skip Data */
8584 if (dirn == 0) { /* Response(s) dissect code */
8586 /* Pick up the last transact2 command and put it in the right places */
8588 if (check_col(fd, COL_INFO)) {
8590 col_add_fstr(fd, COL_INFO, "%s %s", decode_trans2_name(request_val -> last_transact2_command), "response");
8594 /* Build display for: Word Count (WCT) */
8596 WordCount = GBYTE(pd, offset);
8600 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
8604 offset += 1; /* Skip Word Count (WCT) */
8606 /* Build display for: Total Parameter Count */
8608 TotalParameterCount = GSHORT(pd, offset);
8612 proto_tree_add_text(tree, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
8616 offset += 2; /* Skip Total Parameter Count */
8618 /* Build display for: Total Data Count */
8620 TotalDataCount = GSHORT(pd, offset);
8624 proto_tree_add_text(tree, offset, 2, "Total Data Count: %u", TotalDataCount);
8628 offset += 2; /* Skip Total Data Count */
8630 /* Build display for: Reserved2 */
8632 Reserved2 = GSHORT(pd, offset);
8636 proto_tree_add_text(tree, offset, 2, "Reserved2: %u", Reserved2);
8640 offset += 2; /* Skip Reserved2 */
8642 /* Build display for: Parameter Count */
8644 ParameterCount = GSHORT(pd, offset);
8648 proto_tree_add_text(tree, offset, 2, "Parameter Count: %u", ParameterCount);
8652 offset += 2; /* Skip Parameter Count */
8654 /* Build display for: Parameter Offset */
8656 ParameterOffset = GSHORT(pd, offset);
8660 proto_tree_add_text(tree, offset, 2, "Parameter Offset: %u", ParameterOffset);
8664 offset += 2; /* Skip Parameter Offset */
8666 /* Build display for: Parameter Displacement */
8668 ParameterDisplacement = GSHORT(pd, offset);
8672 proto_tree_add_text(tree, offset, 2, "Parameter Displacement: %u", ParameterDisplacement);
8676 offset += 2; /* Skip Parameter Displacement */
8678 /* Build display for: Data Count */
8680 DataCount = GSHORT(pd, offset);
8684 proto_tree_add_text(tree, offset, 2, "Data Count: %u", DataCount);
8688 offset += 2; /* Skip Data Count */
8690 /* Build display for: Data Offset */
8692 DataOffset = GSHORT(pd, offset);
8696 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
8700 offset += 2; /* Skip Data Offset */
8702 /* Build display for: Data Displacement */
8704 DataDisplacement = GSHORT(pd, offset);
8708 proto_tree_add_text(tree, offset, 2, "Data Displacement: %u", DataDisplacement);
8712 offset += 2; /* Skip Data Displacement */
8714 /* Build display for: Setup Count */
8716 SetupCount = GBYTE(pd, offset);
8720 proto_tree_add_text(tree, offset, 1, "Setup Count: %u", SetupCount);
8724 offset += 1; /* Skip Setup Count */
8726 /* Build display for: Reserved3 */
8728 Reserved3 = GBYTE(pd, offset);
8732 proto_tree_add_text(tree, offset, 1, "Reserved3: %u", Reserved3);
8736 offset += 1; /* Skip Reserved3 */
8738 /* Build display for: Setup */
8740 Setup = GSHORT(pd, offset);
8744 proto_tree_add_text(tree, offset, 2, "Setup: %u", Setup);
8748 offset += 2; /* Skip Setup */
8750 /* Build display for: Byte Count (BCC) */
8752 ByteCount = GSHORT(pd, offset);
8756 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
8760 offset += 2; /* Skip Byte Count (BCC) */
8762 /* Build display for: Pad1 */
8764 Pad1 = GBYTE(pd, offset);
8768 proto_tree_add_text(tree, offset, 1, "Pad1: %u", Pad1);
8772 offset += 1; /* Skip Pad1 */
8774 /* Build display for: Parameter */
8776 Parameter = GBYTE(pd, offset);
8780 proto_tree_add_text(tree, offset, 1, "Parameter: %u", Parameter);
8784 offset += 1; /* Skip Parameter */
8786 /* Build display for: Pad2 */
8788 Pad2 = GBYTE(pd, offset);
8792 proto_tree_add_text(tree, offset, 1, "Pad2: %u", Pad2);
8796 offset += 1; /* Skip Pad2 */
8798 /* Build display for: Data */
8800 Data = GBYTE(pd, offset);
8804 proto_tree_add_text(tree, offset, 1, "Data: %u", Data);
8808 offset += 1; /* Skip Data */
8815 dissect_transact_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, struct smb_info si, int max_data, int SMB_offset, int errcode, int dirn)
8818 proto_tree *Flags_tree;
8828 guint8 MaxSetupCount;
8831 guint16 TotalParameterCount;
8832 guint16 TotalDataCount;
8835 guint16 ParameterOffset;
8836 guint16 ParameterDisplacement;
8837 guint16 ParameterCount;
8838 guint16 MaxParameterCount;
8839 guint16 MaxDataCount;
8842 guint16 DataDisplacement;
8845 const char *TransactName;
8847 if (dirn == 1) { /* Request(s) dissect code */
8849 /* Build display for: Word Count (WCT) */
8851 WordCount = GBYTE(pd, offset);
8855 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
8859 offset += 1; /* Skip Word Count (WCT) */
8861 /* Build display for: Total Parameter Count */
8863 TotalParameterCount = GSHORT(pd, offset);
8867 proto_tree_add_text(tree, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
8871 offset += 2; /* Skip Total Parameter Count */
8873 /* Build display for: Total Data Count */
8875 TotalDataCount = GSHORT(pd, offset);
8879 proto_tree_add_text(tree, offset, 2, "Total Data Count: %u", TotalDataCount);
8883 offset += 2; /* Skip Total Data Count */
8885 /* Build display for: Max Parameter Count */
8887 MaxParameterCount = GSHORT(pd, offset);
8891 proto_tree_add_text(tree, offset, 2, "Max Parameter Count: %u", MaxParameterCount);
8895 offset += 2; /* Skip Max Parameter Count */
8897 /* Build display for: Max Data Count */
8899 MaxDataCount = GSHORT(pd, offset);
8903 proto_tree_add_text(tree, offset, 2, "Max Data Count: %u", MaxDataCount);
8907 offset += 2; /* Skip Max Data Count */
8909 /* Build display for: Max Setup Count */
8911 MaxSetupCount = GBYTE(pd, offset);
8915 proto_tree_add_text(tree, offset, 1, "Max Setup Count: %u", MaxSetupCount);
8919 offset += 1; /* Skip Max Setup Count */
8921 /* Build display for: Reserved1 */
8923 Reserved1 = GBYTE(pd, offset);
8927 proto_tree_add_text(tree, offset, 1, "Reserved1: %u", Reserved1);
8931 offset += 1; /* Skip Reserved1 */
8933 /* Build display for: Flags */
8935 Flags = GSHORT(pd, offset);
8939 ti = proto_tree_add_text(tree, offset, 2, "Flags: 0x%02x", Flags);
8940 Flags_tree = proto_item_add_subtree(ti, ETT_SMB_FLAGS);
8941 proto_tree_add_text(Flags_tree, offset, 2, "%s",
8942 decode_boolean_bitfield(Flags, 0x01, 16, "Also disconnect TID", "Dont disconnect TID"));
8943 proto_tree_add_text(Flags_tree, offset, 2, "%s",
8944 decode_boolean_bitfield(Flags, 0x02, 16, "One way transaction", "Two way transaction"));
8948 offset += 2; /* Skip Flags */
8950 /* Build display for: Timeout */
8952 Timeout = GWORD(pd, offset);
8956 proto_tree_add_text(tree, offset, 4, "Timeout: %u", Timeout);
8960 offset += 4; /* Skip Timeout */
8962 /* Build display for: Reserved2 */
8964 Reserved2 = GSHORT(pd, offset);
8968 proto_tree_add_text(tree, offset, 2, "Reserved2: %u", Reserved2);
8972 offset += 2; /* Skip Reserved2 */
8974 /* Build display for: Parameter Count */
8976 ParameterCount = GSHORT(pd, offset);
8980 proto_tree_add_text(tree, offset, 2, "Parameter Count: %u", ParameterCount);
8984 offset += 2; /* Skip Parameter Count */
8986 /* Build display for: Parameter Offset */
8988 ParameterOffset = GSHORT(pd, offset);
8992 proto_tree_add_text(tree, offset, 2, "Parameter Offset: %u", ParameterOffset);
8996 offset += 2; /* Skip Parameter Offset */
8998 /* Build display for: Data Count */
9000 DataCount = GSHORT(pd, offset);
9004 proto_tree_add_text(tree, offset, 2, "Data Count: %u", DataCount);
9008 offset += 2; /* Skip Data Count */
9010 /* Build display for: Data Offset */
9012 DataOffset = GSHORT(pd, offset);
9016 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
9020 offset += 2; /* Skip Data Offset */
9022 /* Build display for: Setup Count */
9024 SetupCount = GBYTE(pd, offset);
9028 proto_tree_add_text(tree, offset, 1, "Setup Count: %u", SetupCount);
9032 offset += 1; /* Skip Setup Count */
9034 /* Build display for: Reserved3 */
9036 Reserved3 = GBYTE(pd, offset);
9040 proto_tree_add_text(tree, offset, 1, "Reserved3: %u", Reserved3);
9044 offset += 1; /* Skip Reserved3 */
9046 /* Build display for: Setup */
9048 if (SetupCount > 0) {
9052 Setup = GSHORT(pd, offset);
9054 for (i = 1; i <= SetupCount; i++) {
9056 Setup = GSHORT(pd, offset);
9060 proto_tree_add_text(tree, offset, 2, "Setup%i: %u", i, Setup);
9064 offset += 2; /* Skip Setup */
9070 /* Build display for: Byte Count (BCC) */
9072 ByteCount = GSHORT(pd, offset);
9076 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
9080 offset += 2; /* Skip Byte Count (BCC) */
9082 /* Build display for: Transact Name */
9084 TransactName = pd + offset;
9088 proto_tree_add_text(tree, offset, strlen(TransactName) + 1, "Transact Name: %s", TransactName);
9092 offset += strlen(TransactName) + 1; /* Skip Transact Name */
9096 /* Build display for: Pad1 */
9098 Pad1 = GBYTE(pd, offset);
9102 proto_tree_add_text(tree, offset, 1, "Pad1: %u", Pad1);
9106 offset += 1; /* Skip Pad1 */
9110 if (ParameterCount > 0) {
9112 /* Build display for: Parameters */
9116 proto_tree_add_text(tree, SMB_offset + ParameterOffset, ParameterCount, "Parameters: %S: %d", format_text(&pd[SMB_offset + ParameterOffset], ParameterCount), SMB_offset + ParameterOffset);
9120 offset += ParameterCount; /* Skip Parameters */
9126 /* Build display for: Pad2 */
9128 Pad2 = GBYTE(pd, offset);
9132 proto_tree_add_text(tree, offset, 1, "Pad2: %u", Pad2);
9136 offset += 1; /* Skip Pad2 */
9140 if (DataCount > 0) {
9142 /* Build display for: Data */
9144 Data = GBYTE(pd, offset);
9148 proto_tree_add_text(tree, SMB_offset + DataOffset, DataCount, "Data: %s", format_text(&pd[offset], DataCount));
9152 offset += DataCount; /* Skip Data */
9158 if (dirn == 0) { /* Response(s) dissect code */
9160 /* Build display for: Word Count (WCT) */
9162 WordCount = GBYTE(pd, offset);
9166 proto_tree_add_text(tree, offset, 1, "Word Count (WCT): %u", WordCount);
9170 offset += 1; /* Skip Word Count (WCT) */
9172 /* Build display for: Total Parameter Count */
9174 TotalParameterCount = GSHORT(pd, offset);
9178 proto_tree_add_text(tree, offset, 2, "Total Parameter Count: %u", TotalParameterCount);
9182 offset += 2; /* Skip Total Parameter Count */
9184 /* Build display for: Total Data Count */
9186 TotalDataCount = GSHORT(pd, offset);
9190 proto_tree_add_text(tree, offset, 2, "Total Data Count: %u", TotalDataCount);
9194 offset += 2; /* Skip Total Data Count */
9196 /* Build display for: Reserved2 */
9198 Reserved2 = GSHORT(pd, offset);
9202 proto_tree_add_text(tree, offset, 2, "Reserved2: %u", Reserved2);
9206 offset += 2; /* Skip Reserved2 */
9208 /* Build display for: Parameter Count */
9210 ParameterCount = GSHORT(pd, offset);
9214 proto_tree_add_text(tree, offset, 2, "Parameter Count: %u", ParameterCount);
9218 offset += 2; /* Skip Parameter Count */
9220 /* Build display for: Parameter Offset */
9222 ParameterOffset = GSHORT(pd, offset);
9226 proto_tree_add_text(tree, offset, 2, "Parameter Offset: %u", ParameterOffset);
9230 offset += 2; /* Skip Parameter Offset */
9232 /* Build display for: Parameter Displacement */
9234 ParameterDisplacement = GSHORT(pd, offset);
9238 proto_tree_add_text(tree, offset, 2, "Parameter Displacement: %u", ParameterDisplacement);
9242 offset += 2; /* Skip Parameter Displacement */
9244 /* Build display for: Data Count */
9246 DataCount = GSHORT(pd, offset);
9250 proto_tree_add_text(tree, offset, 2, "Data Count: %u", DataCount);
9254 offset += 2; /* Skip Data Count */
9256 /* Build display for: Data Offset */
9258 DataOffset = GSHORT(pd, offset);
9262 proto_tree_add_text(tree, offset, 2, "Data Offset: %u", DataOffset);
9266 offset += 2; /* Skip Data Offset */
9268 /* Build display for: Data Displacement */
9270 DataDisplacement = GSHORT(pd, offset);
9274 proto_tree_add_text(tree, offset, 2, "Data Displacement: %u", DataDisplacement);
9278 offset += 2; /* Skip Data Displacement */
9280 /* Build display for: Setup Count */
9282 SetupCount = GBYTE(pd, offset);
9286 proto_tree_add_text(tree, offset, 1, "Setup Count: %u", SetupCount);
9290 offset += 1; /* Skip Setup Count */
9292 /* Build display for: Reserved3 */
9294 Reserved3 = GBYTE(pd, offset);
9298 proto_tree_add_text(tree, offset, 1, "Reserved3: %u", Reserved3);
9302 offset += 1; /* Skip Reserved3 */
9304 /* Build display for: Setup */
9306 Setup = GSHORT(pd, offset);
9310 proto_tree_add_text(tree, offset, 2, "Setup: %u", Setup);
9314 offset += 2; /* Skip Setup */
9316 /* Build display for: Byte Count (BCC) */
9318 ByteCount = GSHORT(pd, offset);
9322 proto_tree_add_text(tree, offset, 2, "Byte Count (BCC): %u", ByteCount);
9326 offset += 2; /* Skip Byte Count (BCC) */
9328 /* Build display for: Pad1 */
9330 Pad1 = GBYTE(pd, offset);
9334 proto_tree_add_text(tree, offset, 1, "Pad1: %u", Pad1);
9338 offset += 1; /* Skip Pad1 */
9340 /* Build display for: Parameter */
9342 Parameter = GBYTE(pd, offset);
9346 proto_tree_add_text(tree, offset, 1, "Parameter: %u", Parameter);
9350 offset += 1; /* Skip Parameter */
9352 /* Build display for: Pad2 */
9354 Pad2 = GBYTE(pd, offset);
9358 proto_tree_add_text(tree, offset, 1, "Pad2: %u", Pad2);
9362 offset += 1; /* Skip Pad2 */
9364 /* Build display for: Data */
9366 Data = GBYTE(pd, offset);
9370 proto_tree_add_text(tree, offset, 1, "Data: %u", Data);
9374 offset += 1; /* Skip Data */
9380 void (*dissect[256])(const u_char *, int, frame_data *, proto_tree *, struct smb_info, int, int, int, int) = {
9382 dissect_unknown_smb, /* unknown SMB 0x00 */
9383 dissect_unknown_smb, /* unknown SMB 0x01 */
9384 dissect_unknown_smb, /* SMBopen open a file */
9385 dissect_create_file_smb, /* SMBcreate create a file */
9386 dissect_close_smb, /* SMBclose close a file */
9387 dissect_flush_file_smb, /* SMBflush flush a file */
9388 dissect_delete_file_smb, /* SMBunlink delete a file */
9389 dissect_rename_file_smb, /* SMBmv rename a file */
9390 dissect_get_file_attr_smb,/* SMBgetatr get file attributes */
9391 dissect_set_file_attr_smb,/* SMBsetatr set file attributes */
9392 dissect_read_file_smb, /* SMBread read from a file */
9393 dissect_write_file_smb, /* SMBwrite write to a file */
9394 dissect_lock_bytes_smb, /* SMBlock lock a byte range */
9395 dissect_unlock_bytes_smb, /* SMBunlock unlock a byte range */
9396 dissect_create_temporary_file_smb,/* SMBctemp create a temporary file */
9397 dissect_unknown_smb, /* SMBmknew make a new file */
9398 dissect_checkdir_smb, /* SMBchkpth check a directory path */
9399 dissect_process_exit_smb, /* SMBexit process exit */
9400 dissect_unknown_smb, /* SMBlseek seek */
9401 dissect_lock_and_read_smb,/* SMBlockread Lock a range and read it */
9402 dissect_write_and_unlock_smb,/* SMBwriteunlock Unlock a range and then write */
9403 dissect_unknown_smb, /* unknown SMB 0x15 */
9404 dissect_unknown_smb, /* unknown SMB 0x16 */
9405 dissect_unknown_smb, /* unknown SMB 0x17 */
9406 dissect_unknown_smb, /* unknown SMB 0x18 */
9407 dissect_unknown_smb, /* unknown SMB 0x19 */
9408 dissect_read_raw_smb, /* SMBreadBraw read block raw */
9409 dissect_read_mpx_smb, /* SMBreadBmpx read block multiplexed */
9410 dissect_unknown_smb, /* SMBreadBs read block (secondary response) */
9411 dissect_write_raw_smb, /* SMBwriteBraw write block raw */
9412 dissect_write_mpx_smb, /* SMBwriteBmpx write block multiplexed */
9413 dissect_unknown_smb, /* SMBwriteBs write block (secondary request) */
9414 dissect_unknown_smb, /* SMBwriteC write complete response */
9415 dissect_unknown_smb, /* unknown SMB 0x21 */
9416 dissect_set_info2_smb, /* SMBsetattrE set file attributes expanded */
9417 dissect_query_info2_smb, /* SMBgetattrE get file attributes expanded */
9418 dissect_locking_andx_smb, /* SMBlockingX lock/unlock byte ranges and X */
9419 dissect_transact_smb, /* SMBtrans transaction - name, bytes in/out */
9420 dissect_unknown_smb, /* SMBtranss transaction (secondary request/response) */
9421 dissect_unknown_smb, /* SMBioctl IOCTL */
9422 dissect_unknown_smb, /* SMBioctls IOCTL (secondary request/response) */
9423 dissect_unknown_smb, /* SMBcopy copy */
9424 dissect_move_smb, /* SMBmove move */
9425 dissect_unknown_smb, /* SMBecho echo */
9426 dissect_unknown_smb, /* SMBwriteclose write a file and then close it */
9427 dissect_open_andx_smb, /* SMBopenX open and X */
9428 dissect_unknown_smb, /* SMBreadX read and X */
9429 dissect_unknown_smb, /* SMBwriteX write and X */
9430 dissect_unknown_smb, /* unknown SMB 0x30 */
9431 dissect_unknown_smb, /* unknown SMB 0x31 */
9432 dissect_transact2_smb, /* unknown SMB 0x32 */
9433 dissect_unknown_smb, /* unknown SMB 0x33 */
9434 dissect_find_close2_smb, /* unknown SMB 0x34 */
9435 dissect_unknown_smb, /* unknown SMB 0x35 */
9436 dissect_unknown_smb, /* unknown SMB 0x36 */
9437 dissect_unknown_smb, /* unknown SMB 0x37 */
9438 dissect_unknown_smb, /* unknown SMB 0x38 */
9439 dissect_unknown_smb, /* unknown SMB 0x39 */
9440 dissect_unknown_smb, /* unknown SMB 0x3a */
9441 dissect_unknown_smb, /* unknown SMB 0x3b */
9442 dissect_unknown_smb, /* unknown SMB 0x3c */
9443 dissect_unknown_smb, /* unknown SMB 0x3d */
9444 dissect_unknown_smb, /* unknown SMB 0x3e */
9445 dissect_unknown_smb, /* unknown SMB 0x3f */
9446 dissect_unknown_smb, /* unknown SMB 0x40 */
9447 dissect_unknown_smb, /* unknown SMB 0x41 */
9448 dissect_unknown_smb, /* unknown SMB 0x42 */
9449 dissect_unknown_smb, /* unknown SMB 0x43 */
9450 dissect_unknown_smb, /* unknown SMB 0x44 */
9451 dissect_unknown_smb, /* unknown SMB 0x45 */
9452 dissect_unknown_smb, /* unknown SMB 0x46 */
9453 dissect_unknown_smb, /* unknown SMB 0x47 */
9454 dissect_unknown_smb, /* unknown SMB 0x48 */
9455 dissect_unknown_smb, /* unknown SMB 0x49 */
9456 dissect_unknown_smb, /* unknown SMB 0x4a */
9457 dissect_unknown_smb, /* unknown SMB 0x4b */
9458 dissect_unknown_smb, /* unknown SMB 0x4c */
9459 dissect_unknown_smb, /* unknown SMB 0x4d */
9460 dissect_unknown_smb, /* unknown SMB 0x4e */
9461 dissect_unknown_smb, /* unknown SMB 0x4f */
9462 dissect_unknown_smb, /* unknown SMB 0x50 */
9463 dissect_unknown_smb, /* unknown SMB 0x51 */
9464 dissect_unknown_smb, /* unknown SMB 0x52 */
9465 dissect_unknown_smb, /* unknown SMB 0x53 */
9466 dissect_unknown_smb, /* unknown SMB 0x54 */
9467 dissect_unknown_smb, /* unknown SMB 0x55 */
9468 dissect_unknown_smb, /* unknown SMB 0x56 */
9469 dissect_unknown_smb, /* unknown SMB 0x57 */
9470 dissect_unknown_smb, /* unknown SMB 0x58 */
9471 dissect_unknown_smb, /* unknown SMB 0x59 */
9472 dissect_unknown_smb, /* unknown SMB 0x5a */
9473 dissect_unknown_smb, /* unknown SMB 0x5b */
9474 dissect_unknown_smb, /* unknown SMB 0x5c */
9475 dissect_unknown_smb, /* unknown SMB 0x5d */
9476 dissect_unknown_smb, /* unknown SMB 0x5e */
9477 dissect_unknown_smb, /* unknown SMB 0x5f */
9478 dissect_unknown_smb, /* unknown SMB 0x60 */
9479 dissect_unknown_smb, /* unknown SMB 0x61 */
9480 dissect_unknown_smb, /* unknown SMB 0x62 */
9481 dissect_unknown_smb, /* unknown SMB 0x63 */
9482 dissect_unknown_smb, /* unknown SMB 0x64 */
9483 dissect_unknown_smb, /* unknown SMB 0x65 */
9484 dissect_unknown_smb, /* unknown SMB 0x66 */
9485 dissect_unknown_smb, /* unknown SMB 0x67 */
9486 dissect_unknown_smb, /* unknown SMB 0x68 */
9487 dissect_unknown_smb, /* unknown SMB 0x69 */
9488 dissect_unknown_smb, /* unknown SMB 0x6a */
9489 dissect_unknown_smb, /* unknown SMB 0x6b */
9490 dissect_unknown_smb, /* unknown SMB 0x6c */
9491 dissect_unknown_smb, /* unknown SMB 0x6d */
9492 dissect_unknown_smb, /* unknown SMB 0x6e */
9493 dissect_unknown_smb, /* unknown SMB 0x6f */
9494 dissect_treecon_smb, /* SMBtcon tree connect */
9495 dissect_tdis_smb, /* SMBtdis tree disconnect */
9496 dissect_negprot_smb, /* SMBnegprot negotiate a protocol */
9497 dissect_ssetup_andx_smb, /* SMBsesssetupX Session Set Up & X (including User Logon) */
9498 dissect_logoff_andx_smb, /* SMBlogof Logoff & X */
9499 dissect_tcon_andx_smb, /* SMBtconX tree connect and X */
9500 dissect_unknown_smb, /* unknown SMB 0x76 */
9501 dissect_unknown_smb, /* unknown SMB 0x77 */
9502 dissect_unknown_smb, /* unknown SMB 0x78 */
9503 dissect_unknown_smb, /* unknown SMB 0x79 */
9504 dissect_unknown_smb, /* unknown SMB 0x7a */
9505 dissect_unknown_smb, /* unknown SMB 0x7b */
9506 dissect_unknown_smb, /* unknown SMB 0x7c */
9507 dissect_unknown_smb, /* unknown SMB 0x7d */
9508 dissect_unknown_smb, /* unknown SMB 0x7e */
9509 dissect_unknown_smb, /* unknown SMB 0x7f */
9510 dissect_get_disk_attr_smb,/* SMBdskattr get disk attributes */
9511 dissect_search_dir_smb, /* SMBsearch search a directory */
9512 dissect_unknown_smb, /* SMBffirst find first */
9513 dissect_unknown_smb, /* SMBfunique find unique */
9514 dissect_unknown_smb, /* SMBfclose find close */
9515 dissect_unknown_smb, /* unknown SMB 0x85 */
9516 dissect_unknown_smb, /* unknown SMB 0x86 */
9517 dissect_unknown_smb, /* unknown SMB 0x87 */
9518 dissect_unknown_smb, /* unknown SMB 0x88 */
9519 dissect_unknown_smb, /* unknown SMB 0x89 */
9520 dissect_unknown_smb, /* unknown SMB 0x8a */
9521 dissect_unknown_smb, /* unknown SMB 0x8b */
9522 dissect_unknown_smb, /* unknown SMB 0x8c */
9523 dissect_unknown_smb, /* unknown SMB 0x8d */
9524 dissect_unknown_smb, /* unknown SMB 0x8e */
9525 dissect_unknown_smb, /* unknown SMB 0x8f */
9526 dissect_unknown_smb, /* unknown SMB 0x90 */
9527 dissect_unknown_smb, /* unknown SMB 0x91 */
9528 dissect_unknown_smb, /* unknown SMB 0x92 */
9529 dissect_unknown_smb, /* unknown SMB 0x93 */
9530 dissect_unknown_smb, /* unknown SMB 0x94 */
9531 dissect_unknown_smb, /* unknown SMB 0x95 */
9532 dissect_unknown_smb, /* unknown SMB 0x96 */
9533 dissect_unknown_smb, /* unknown SMB 0x97 */
9534 dissect_unknown_smb, /* unknown SMB 0x98 */
9535 dissect_unknown_smb, /* unknown SMB 0x99 */
9536 dissect_unknown_smb, /* unknown SMB 0x9a */
9537 dissect_unknown_smb, /* unknown SMB 0x9b */
9538 dissect_unknown_smb, /* unknown SMB 0x9c */
9539 dissect_unknown_smb, /* unknown SMB 0x9d */
9540 dissect_unknown_smb, /* unknown SMB 0x9e */
9541 dissect_unknown_smb, /* unknown SMB 0x9f */
9542 dissect_unknown_smb, /* unknown SMB 0xa0 */
9543 dissect_unknown_smb, /* unknown SMB 0xa1 */
9544 dissect_unknown_smb, /* unknown SMB 0xa2 */
9545 dissect_unknown_smb, /* unknown SMB 0xa3 */
9546 dissect_unknown_smb, /* unknown SMB 0xa4 */
9547 dissect_unknown_smb, /* unknown SMB 0xa5 */
9548 dissect_unknown_smb, /* unknown SMB 0xa6 */
9549 dissect_unknown_smb, /* unknown SMB 0xa7 */
9550 dissect_unknown_smb, /* unknown SMB 0xa8 */
9551 dissect_unknown_smb, /* unknown SMB 0xa9 */
9552 dissect_unknown_smb, /* unknown SMB 0xaa */
9553 dissect_unknown_smb, /* unknown SMB 0xab */
9554 dissect_unknown_smb, /* unknown SMB 0xac */
9555 dissect_unknown_smb, /* unknown SMB 0xad */
9556 dissect_unknown_smb, /* unknown SMB 0xae */
9557 dissect_unknown_smb, /* unknown SMB 0xaf */
9558 dissect_unknown_smb, /* unknown SMB 0xb0 */
9559 dissect_unknown_smb, /* unknown SMB 0xb1 */
9560 dissect_unknown_smb, /* unknown SMB 0xb2 */
9561 dissect_unknown_smb, /* unknown SMB 0xb3 */
9562 dissect_unknown_smb, /* unknown SMB 0xb4 */
9563 dissect_unknown_smb, /* unknown SMB 0xb5 */
9564 dissect_unknown_smb, /* unknown SMB 0xb6 */
9565 dissect_unknown_smb, /* unknown SMB 0xb7 */
9566 dissect_unknown_smb, /* unknown SMB 0xb8 */
9567 dissect_unknown_smb, /* unknown SMB 0xb9 */
9568 dissect_unknown_smb, /* unknown SMB 0xba */
9569 dissect_unknown_smb, /* unknown SMB 0xbb */
9570 dissect_unknown_smb, /* unknown SMB 0xbc */
9571 dissect_unknown_smb, /* unknown SMB 0xbd */
9572 dissect_unknown_smb, /* unknown SMB 0xbe */
9573 dissect_unknown_smb, /* unknown SMB 0xbf */
9574 dissect_unknown_smb, /* SMBsplopen open a print spool file */
9575 dissect_write_print_file_smb,/* SMBsplwr write to a print spool file */
9576 dissect_close_print_file_smb,/* SMBsplclose close a print spool file */
9577 dissect_get_print_queue_smb, /* SMBsplretq return print queue */
9578 dissect_unknown_smb, /* unknown SMB 0xc4 */
9579 dissect_unknown_smb, /* unknown SMB 0xc5 */
9580 dissect_unknown_smb, /* unknown SMB 0xc6 */
9581 dissect_unknown_smb, /* unknown SMB 0xc7 */
9582 dissect_unknown_smb, /* unknown SMB 0xc8 */
9583 dissect_unknown_smb, /* unknown SMB 0xc9 */
9584 dissect_unknown_smb, /* unknown SMB 0xca */
9585 dissect_unknown_smb, /* unknown SMB 0xcb */
9586 dissect_unknown_smb, /* unknown SMB 0xcc */
9587 dissect_unknown_smb, /* unknown SMB 0xcd */
9588 dissect_unknown_smb, /* unknown SMB 0xce */
9589 dissect_unknown_smb, /* unknown SMB 0xcf */
9590 dissect_unknown_smb, /* SMBsends send a single block message */
9591 dissect_unknown_smb, /* SMBsendb send a broadcast message */
9592 dissect_unknown_smb, /* SMBfwdname forward user name */
9593 dissect_unknown_smb, /* SMBcancelf cancel forward */
9594 dissect_unknown_smb, /* SMBgetmac get a machine name */
9595 dissect_unknown_smb, /* SMBsendstrt send start of multi-block message */
9596 dissect_unknown_smb, /* SMBsendend send end of multi-block message */
9597 dissect_unknown_smb, /* SMBsendtxt send text of multi-block message */
9598 dissect_unknown_smb, /* unknown SMB 0xd8 */
9599 dissect_unknown_smb, /* unknown SMB 0xd9 */
9600 dissect_unknown_smb, /* unknown SMB 0xda */
9601 dissect_unknown_smb, /* unknown SMB 0xdb */
9602 dissect_unknown_smb, /* unknown SMB 0xdc */
9603 dissect_unknown_smb, /* unknown SMB 0xdd */
9604 dissect_unknown_smb, /* unknown SMB 0xde */
9605 dissect_unknown_smb, /* unknown SMB 0xdf */
9606 dissect_unknown_smb, /* unknown SMB 0xe0 */
9607 dissect_unknown_smb, /* unknown SMB 0xe1 */
9608 dissect_unknown_smb, /* unknown SMB 0xe2 */
9609 dissect_unknown_smb, /* unknown SMB 0xe3 */
9610 dissect_unknown_smb, /* unknown SMB 0xe4 */
9611 dissect_unknown_smb, /* unknown SMB 0xe5 */
9612 dissect_unknown_smb, /* unknown SMB 0xe6 */
9613 dissect_unknown_smb, /* unknown SMB 0xe7 */
9614 dissect_unknown_smb, /* unknown SMB 0xe8 */
9615 dissect_unknown_smb, /* unknown SMB 0xe9 */
9616 dissect_unknown_smb, /* unknown SMB 0xea */
9617 dissect_unknown_smb, /* unknown SMB 0xeb */
9618 dissect_unknown_smb, /* unknown SMB 0xec */
9619 dissect_unknown_smb, /* unknown SMB 0xed */
9620 dissect_unknown_smb, /* unknown SMB 0xee */
9621 dissect_unknown_smb, /* unknown SMB 0xef */
9622 dissect_unknown_smb, /* unknown SMB 0xf0 */
9623 dissect_unknown_smb, /* unknown SMB 0xf1 */
9624 dissect_unknown_smb, /* unknown SMB 0xf2 */
9625 dissect_unknown_smb, /* unknown SMB 0xf3 */
9626 dissect_unknown_smb, /* unknown SMB 0xf4 */
9627 dissect_unknown_smb, /* unknown SMB 0xf5 */
9628 dissect_unknown_smb, /* unknown SMB 0xf6 */
9629 dissect_unknown_smb, /* unknown SMB 0xf7 */
9630 dissect_unknown_smb, /* unknown SMB 0xf8 */
9631 dissect_unknown_smb, /* unknown SMB 0xf9 */
9632 dissect_unknown_smb, /* unknown SMB 0xfa */
9633 dissect_unknown_smb, /* unknown SMB 0xfb */
9634 dissect_unknown_smb, /* unknown SMB 0xfc */
9635 dissect_unknown_smb, /* unknown SMB 0xfd */
9636 dissect_unknown_smb, /* SMBinvalid invalid command */
9637 dissect_unknown_smb /* unknown SMB 0xff */
9641 static const value_string errcls_types[] = {
9642 { SMB_SUCCESS, "Success"},
9643 { SMB_ERRDOS, "DOS Error"},
9644 { SMB_ERRSRV, "Server Error"},
9645 { SMB_ERRHRD, "Hardware Error"},
9646 { SMB_ERRCMD, "Command Error - Not an SMB format command"},
9650 char *decode_smb_name(unsigned char cmd)
9653 return(SMB_names[cmd]);
9657 static const value_string DOS_errors[] = {
9658 {SMBE_badfunc, "Invalid function (or system call)"},
9659 {SMBE_badfile, "File not found (pathname error)"},
9660 {SMBE_badpath, "Directory not found"},
9661 {SMBE_nofids, "Too many open files"},
9662 {SMBE_noaccess, "Access denied"},
9663 {SMBE_badfid, "Invalid fid"},
9664 {SMBE_nomem, "Out of memory"},
9665 {SMBE_badmem, "Invalid memory block address"},
9666 {SMBE_badenv, "Invalid environment"},
9667 {SMBE_badaccess, "Invalid open mode"},
9668 {SMBE_baddata, "Invalid data (only from ioctl call)"},
9669 {SMBE_res, "Reserved error code?"},
9670 {SMBE_baddrive, "Invalid drive"},
9671 {SMBE_remcd, "Attempt to delete current directory"},
9672 {SMBE_diffdevice, "Rename/move across different filesystems"},
9673 {SMBE_nofiles, "no more files found in file search"},
9674 {SMBE_badshare, "Share mode on file conflict with open mode"},
9675 {SMBE_lock, "Lock request conflicts with existing lock"},
9676 {SMBE_unsup, "Request unsupported, returned by Win 95"},
9677 {SMBE_filexists, "File in operation already exists"},
9678 {SMBE_cannotopen, "Cannot open the file specified"},
9679 {SMBE_unknownlevel, "Unknown level??"},
9680 {SMBE_badpipe, "Named pipe invalid"},
9681 {SMBE_pipebusy, "All instances of pipe are busy"},
9682 {SMBE_pipeclosing, "Named pipe close in progress"},
9683 {SMBE_notconnected, "No process on other end of named pipe"},
9684 {SMBE_moredata, "More data to be returned"},
9685 {SMBE_baddirectory, "Invalid directory name in a path."},
9686 {SMBE_eas_didnt_fit, "Extended attributes didn't fit"},
9687 {SMBE_eas_nsup, "Extended attributes not supported"},
9688 {SMBE_notify_buf_small, "Buffer too small to return change notify."},
9689 {SMBE_unknownipc, "Unknown IPC Operation"},
9690 {SMBE_noipc, "Don't support ipc"},
9694 /* Error codes for the ERRSRV class */
9696 static const value_string SRV_errors[] = {
9697 {SMBE_error, "Non specific error code"},
9698 {SMBE_badpw, "Bad password"},
9699 {SMBE_badtype, "Reserved"},
9700 {SMBE_access, "No permissions to perform the requested operation"},
9701 {SMBE_invnid, "TID invalid"},
9702 {SMBE_invnetname, "Invalid network name. Service not found"},
9703 {SMBE_invdevice, "Invalid device"},
9704 {SMBE_unknownsmb, "Unknown SMB, from NT 3.5 response"},
9705 {SMBE_qfull, "Print queue full"},
9706 {SMBE_qtoobig, "Queued item too big"},
9707 {SMBE_qeof, "EOF on print queue dump"},
9708 {SMBE_invpfid, "Invalid print file in smb_fid"},
9709 {SMBE_smbcmd, "Unrecognised command"},
9710 {SMBE_srverror, "SMB server internal error"},
9711 {SMBE_filespecs, "Fid and pathname invalid combination"},
9712 {SMBE_badlink, "Bad link in request ???"},
9713 {SMBE_badpermits, "Access specified for a file is not valid"},
9714 {SMBE_badpid, "Bad process id in request"},
9715 {SMBE_setattrmode, "Attribute mode invalid"},
9716 {SMBE_paused, "Message server paused"},
9717 {SMBE_msgoff, "Not receiving messages"},
9718 {SMBE_noroom, "No room for message"},
9719 {SMBE_rmuns, "Too many remote usernames"},
9720 {SMBE_timeout, "Operation timed out"},
9721 {SMBE_noresource, "No resources currently available for request."},
9722 {SMBE_toomanyuids, "Too many userids"},
9723 {SMBE_baduid, "Bad userid"},
9724 {SMBE_useMPX, "Temporarily unable to use raw mode, use MPX mode"},
9725 {SMBE_useSTD, "Temporarily unable to use raw mode, use standard mode"},
9726 {SMBE_contMPX, "Resume MPX mode"},
9727 {SMBE_badPW, "Bad Password???"},
9728 {SMBE_nosupport, "Operation not supported???"},
9732 /* Error codes for the ERRHRD class */
9734 static const value_string HRD_errors[] = {
9735 {SMBE_nowrite, "read only media"},
9736 {SMBE_badunit, "Unknown device"},
9737 {SMBE_notready, "Drive not ready"},
9738 {SMBE_badcmd, "Unknown command"},
9739 {SMBE_data, "Data (CRC) error"},
9740 {SMBE_badreq, "Bad request structure length"},
9741 {SMBE_seek, "Seek error???"},
9742 {SMBE_badmedia, "Bad media???"},
9743 {SMBE_badsector, "Bad sector???"},
9744 {SMBE_nopaper, "No paper in printer???"},
9745 {SMBE_write, "Write error???"},
9746 {SMBE_read, "Read error???"},
9747 {SMBE_general, "General error???"},
9748 {SMBE_badshare, "A open conflicts with an existing open"},
9749 {SMBE_lock, "Lock/unlock error"},
9750 {SMBE_wrongdisk, "Wrong disk???"},
9751 {SMBE_FCBunavail, "FCB unavailable???"},
9752 {SMBE_sharebufexc, "Share buffer excluded???"},
9753 {SMBE_diskfull, "Disk full???"},
9757 char *decode_smb_error(guint8 errcls, guint8 errcode)
9764 return("No Error"); /* No error ??? */
9769 return(val_to_str(errcode, DOS_errors, "Unknown DOS error (%x)"));
9774 return(val_to_str(errcode, SRV_errors, "Unknown SRV error (%x)"));
9779 return(val_to_str(errcode, HRD_errors, "Unknown HRD error (%x)"));
9784 return("Unknown error class!");
9790 #define SMB_FLAGS_DIRN 0x80
9793 dissect_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data)
9795 proto_tree *smb_tree = tree, *flags_tree, *flags2_tree;
9796 proto_item *ti, *tf;
9797 guint8 cmd, errcls, errcode1, flags;
9798 guint16 flags2, errcode, tid, pid, uid, mid;
9799 int SMB_offset = offset;
9802 cmd = pd[offset + SMB_hdr_com_offset];
9804 if (check_col(fd, COL_PROTOCOL))
9805 col_add_str(fd, COL_PROTOCOL, "SMB");
9807 /* Hmmm, poor coding here ... Also, should check the type */
9809 if (check_col(fd, COL_INFO)) {
9811 col_add_fstr(fd, COL_INFO, "%s %s", decode_smb_name(cmd), (pi.match_port == pi.destport)? "Request" : "Response");
9817 ti = proto_tree_add_item(tree, proto_smb, offset, END_OF_FRAME, NULL);
9818 smb_tree = proto_item_add_subtree(ti, ETT_SMB);
9820 /* 0xFFSMB is actually a 1 byte msg type and 3 byte server
9821 * component ... SMB is only one used
9824 proto_tree_add_text(smb_tree, offset, 1, "Message Type: 0xFF");
9825 proto_tree_add_text(smb_tree, offset+1, 3, "Server Component: SMB");
9829 offset += 4; /* Skip the marker */
9833 proto_tree_add_text(smb_tree, offset, 1, "Command: %s", decode_smb_name(cmd));
9839 /* Next, look at the error class, SMB_RETCLASS */
9841 errcls = pd[offset];
9845 proto_tree_add_text(smb_tree, offset, 1, "Error Class: %s",
9846 val_to_str((guint8)pd[offset], errcls_types, "Unknown Error Class (%x)"));
9851 /* Error code, SMB_HEINFO ... */
9853 errcode1 = pd[offset];
9857 proto_tree_add_text(smb_tree, offset, 1, "Reserved: %i", errcode1);
9863 errcode = GSHORT(pd, offset);
9867 proto_tree_add_text(smb_tree, offset, 2, "Error Code: %s",
9868 decode_smb_error(errcls, errcode));
9874 /* Now for the flags: Bit 0 = 0 means cmd, 0 = 1 means resp */
9880 tf = proto_tree_add_text(smb_tree, offset, 1, "Flags: 0x%02x", flags);
9882 flags_tree = proto_item_add_subtree(tf, ETT_SMB_FLAGS);
9883 proto_tree_add_text(flags_tree, offset, 1, "%s",
9884 decode_boolean_bitfield(flags, 0x01, 8,
9885 "Lock&Read, Write&Unlock supported",
9886 "Lock&Read, Write&Unlock not supported"));
9887 proto_tree_add_text(flags_tree, offset, 1, "%s",
9888 decode_boolean_bitfield(flags, 0x02, 8,
9889 "Receive buffer posted",
9890 "Receive buffer not posted"));
9891 proto_tree_add_text(flags_tree, offset, 1, "%s",
9892 decode_boolean_bitfield(flags, 0x08, 8,
9893 "Path names caseless",
9894 "Path names case sensitive"));
9895 proto_tree_add_text(flags_tree, offset, 1, "%s",
9896 decode_boolean_bitfield(flags, 0x10, 8,
9897 "Pathnames canonicalized",
9898 "Pathnames not canonicalized"));
9899 proto_tree_add_text(flags_tree, offset, 1, "%s",
9900 decode_boolean_bitfield(flags, 0x20, 8,
9901 "OpLocks requested/granted",
9902 "OpLocks not requested/granted"));
9903 proto_tree_add_text(flags_tree, offset, 1, "%s",
9904 decode_boolean_bitfield(flags, 0x40, 8,
9906 "Notify open only"));
9908 proto_tree_add_text(flags_tree, offset, 1, "%s",
9909 decode_boolean_bitfield(flags, SMB_FLAGS_DIRN,
9910 8, "Response to client/redirector", "Request to server"));
9916 flags2 = GSHORT(pd, offset);
9920 tf = proto_tree_add_text(smb_tree, offset, 1, "Flags2: 0x%04x", flags2);
9922 flags2_tree = proto_item_add_subtree(tf, ETT_SMB_FLAGS2);
9923 proto_tree_add_text(flags2_tree, offset, 1, "%s",
9924 decode_boolean_bitfield(flags2, 0x0001, 16,
9925 "Long file names supported",
9926 "Long file names not supported"));
9927 proto_tree_add_text(flags2_tree, offset, 1, "%s",
9928 decode_boolean_bitfield(flags2, 0x0002, 16,
9929 "Extended attributes supported",
9930 "Extended attributes not supported"));
9931 proto_tree_add_text(flags2_tree, offset, 1, "%s",
9932 decode_boolean_bitfield(flags2, 0x0004, 16,
9933 "Security signatures supported",
9934 "Security signatures not supported"));
9935 proto_tree_add_text(flags2_tree, offset, 1, "%s",
9936 decode_boolean_bitfield(flags2, 0x0800, 16,
9937 "Extended security negotiation supported",
9938 "Extended security negotiation not supported"));
9939 proto_tree_add_text(flags2_tree, offset, 1, "%s",
9940 decode_boolean_bitfield(flags2, 0x1000, 16,
9941 "Resolve pathnames with DFS",
9942 "Don't resolve pathnames with DFS"));
9943 proto_tree_add_text(flags2_tree, offset, 1, "%s",
9944 decode_boolean_bitfield(flags2, 0x2000, 16,
9945 "Permit reads if execute-only",
9946 "Don't permit reads if execute-only"));
9947 proto_tree_add_text(flags2_tree, offset, 1, "%s",
9948 decode_boolean_bitfield(flags2, 0x4000, 16,
9949 "Error codes are NT error codes",
9950 "Error codes are DOS error codes"));
9951 proto_tree_add_text(flags2_tree, offset, 1, "%s",
9952 decode_boolean_bitfield(flags2, 0x8000, 16,
9953 "Strings are Unicode",
9954 "Strings are ASCII"));
9962 proto_tree_add_text(smb_tree, offset, 12, "Reserved: 6 WORDS");
9968 /* Now the TID, tree ID */
9970 tid = GSHORT(pd, offset);
9975 proto_tree_add_text(smb_tree, offset, 2, "Network Path/Tree ID (TID): %i (%04x)", tid, tid);
9981 /* Now the PID, Process ID */
9983 pid = GSHORT(pd, offset);
9988 proto_tree_add_text(smb_tree, offset, 2, "Process ID (PID): %i (%04x)", pid, pid);
9994 /* Now the UID, User ID */
9996 uid = GSHORT(pd, offset);
10001 proto_tree_add_text(smb_tree, offset, 2, "User ID (UID): %i (%04x)", uid, uid);
10007 /* Now the MID, Multiplex ID */
10009 mid = GSHORT(pd, offset);
10014 proto_tree_add_text(smb_tree, offset, 2, "Multiplex ID (MID): %i (%04x)", mid, mid);
10020 /* Now vector through the table to dissect them */
10022 (dissect[cmd])(pd, offset, fd, smb_tree, si, max_data, SMB_offset, errcode,
10023 ((flags & 0x80) == 0));
10029 proto_register_smb(void)
10031 /* static hf_register_info hf[] = {
10033 { "Name", "smb.abbreviation", TYPE, VALS_POINTER }},
10036 proto_smb = proto_register_protocol("Server Message Block Protocol", "smb");
10037 /* proto_register_field_array(proto_smb, hf, array_length(hf));*/
git.samba.org / obnox / wireshark / wip.git / blob