Wireshark · Ethereal-dev: Re: [Ethereal-dev] DCOM implementation, first try!

Ethereal-dev: Re: [Ethereal-dev] DCOM implementation, first try!

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Ronnie Sahlberg" <sahlberg@xxxxxxxxxxxxxxxx>

Date: Thu, 29 Aug 2002 20:21:13 +1000

Hi list,

Have anyone looked at this patch yet?
I can look at it and comment on saturday.

Ulf, do you have any example captures using these protocols?

best regards
    ronnie sahlberg


----- Original Message -----
From: "Ulf Lamping"
Subject: [Ethereal-dev] DCOM implementation, first try!


> Hi list!
>
> Here is the first implementation of the DCOM dissection I mentioned
earlier.
>
> All files for DCOM currently called something like: "packet-dcerpc-xy.c"
> (e.g. packet-dcerpc-oxid.c). I have called them "packet-dcom-xy.c",
> as the DCOM dissectors mentioned above are sitting on top of DCOM, not on
top of DCERPC,
> and of course the DCOM implementation itself is not part of DCERPC.
>
> What I have done so far to add DCOM to Ethereal:
>
> Changes in the existing code:
> -----------------------------
> Changes in dcerpc.c/.h:
> new methods dissect_dcerpc_uuid() and similar
> Special uuid registration for DCOM subdissectors (I'm not happy with
this).
>
> Changes in dcerpc-ndr.c:
> added some simple datatypes: float, double, uuid
>
> New code implemented decoding the basic DCOM mechanisms (in WinNt4):
> --------------------------------------------------------------------
> implementation of a lot DCOM datatypes:
> -BYTE,WORD,DWORD,...
> -DATE,FILETIME,BSTR,OBJREF,DUALSTRINGARRAY,...
> -VARIANT (currently not all varianttypes)
> -SAFEARRAY (currently not all data types)
>
> Implementation of the following DCOM-interfaces (still some lesser used
methods missing):
> -IOXIDResolver (now implemented)
> -IRemoteActivation (now implemented)
> -IRemUnknown (newly implemented)
> -IDispatch (newly implemented, not complete)
>
>
> Hint to Check-In the code:
> --------------------------
> 1. add the attached files from zip
> 2. patch existing code using cvs.diff from zip
> 3. Delete the files (packet-dcerpc-oxid.c and packet-dcerpc-remact.c)
>
>
> Conclusion:
> -----------
> I'm currently not satisfied with my implementation of the DCOM
subdissector protocol registration inside packet-dcerpc.c.
>
> I need some more example capture files, as there are still a lot of
ToBeDone's inside the code.
>
> Info: The code has the "ready to use" state, but is maybe not "production
stable".
>
> Regards ULFL
>
>
____________________________________________________________________________
__
> Weniger ist manchmal mehr. Verwalten Sie alle E-Mail-Adressen zentral.
> Mehr Informationen unter: http://freemail.web.de/?mc=021122

References:
- [Ethereal-dev] DCOM implementation, first try!
  - From: Ulf Lamping

Prev by Date: [Ethereal-dev] more verbose IS-IS dissector ...
Next by Date: [Ethereal-dev] Interbase dissecor added
Previous by thread: [Ethereal-dev] DCOM implementation, first try!
Next by thread: Re: [Ethereal-dev] DCOM implementation, first try!
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$