Wireshark · Ethereal-dev: Re: [Ethereal-dev] packet-smb.c:11327

Ethereal-dev: Re: [Ethereal-dev] packet-smb.c:11327 - si->info_level = t2i->info_level

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>

Date: Mon, 18 Feb 2002 23:31:05 -0800

On Tue, Feb 19, 2002 at 08:26:10AM +0100, Marcin Gryszkalis wrote:
> > What are the values of "si" and "t2i"?
> 
> (gdb) print si
> $4 = (smb_info_t *) 0xbfbfe79c
> (gdb) print t2i
> $5 = (smb_transact2_info_t *) 0x800a
> (gdb) print *si
> $6 = {cmd = 50, unicode = 1, request = 0, unidir = 0, info_level = -1, 
> info_count = -1, sip = 0xe7df048,
>    ct = 0xe7a99a4}
> (gdb) print *t2i
> Cannot access memory at address 0x800a.

That's probably a file ID.  The "extra_info" field of an
"smb_saved_info_t" structure is usually a pointer to a
SMB-message-type-specific data structure, but sometimes it's used to
hold a numerical file ID instead.

It looks as if a file ID was put there, but the code is assuming that
it's not a file ID.

Follow-Ups:
- Re: [Ethereal-dev] packet-smb.c:11327 - si->info_level = t2i->info_level
  - From: Ronnie Sahlberg
- Re: [Ethereal-dev] packet-smb.c:11327 - si->info_level = t2i->info_level
  - From: Ronnie Sahlberg

References:
- [Ethereal-dev] packet-smb.c:11327 - si->info_level = t2i->info_level
  - From: Marcin Gryszkalis
- Re: [Ethereal-dev] packet-smb.c:11327 - si->info_level = t2i->info_level
  - From: Guy Harris
- Re: [Ethereal-dev] packet-smb.c:11327 - si->info_level = t2i->info_level
  - From: Marcin Gryszkalis

Prev by Date: Re: [Ethereal-dev] packet-smb.c:11327 - si->info_level = t2i->info_level
Next by Date: [Ethereal-dev] Re: [Ethereal-users] H.323? is there a version for Windows?
Previous by thread: Re: [Ethereal-dev] packet-smb.c:11327 - si->info_level = t2i->info_level
Next by thread: Re: [Ethereal-dev] packet-smb.c:11327 - si->info_level = t2i->info_level
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$