Bug Summary

File:epan/dissectors/packet-rdp_dr.c
Warning:line 730, column 27
Access to field 'ioControlCode' results in a dereference of a null pointer (loaded from variable 'ioReq')

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name packet-rdp_dr.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 2 -fhalf-no-semantic-interposition -fno-delete-null-pointer-checks -mframe-pointer=all -relaxed-aliasing -fmath-errno -ffp-contract=on -fno-rounding-math -ffloat16-excess-precision=fast -fbfloat16-excess-precision=fast -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/builds/wireshark/wireshark/build -fcoverage-compilation-dir=/builds/wireshark/wireshark/build -resource-dir /usr/lib/llvm-21/lib/clang/21 -isystem /usr/include/glib-2.0 -isystem /usr/lib/x86_64-linux-gnu/glib-2.0/include -isystem /builds/wireshark/wireshark/epan/dissectors -isystem /builds/wireshark/wireshark/build/epan/dissectors -isystem /usr/include/mit-krb5 -isystem /usr/include/libxml2 -isystem /builds/wireshark/wireshark/epan -D G_DISABLE_DEPRECATED -D G_DISABLE_SINGLE_INCLUDES -D WS_BUILD_DLL -D WS_DEBUG -D WS_DEBUG_UTF_8 -I /builds/wireshark/wireshark/build -I /builds/wireshark/wireshark -I /builds/wireshark/wireshark/include -D _GLIBCXX_ASSERTIONS -internal-isystem /usr/lib/llvm-21/lib/clang/21/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/14/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -fmacro-prefix-map=/builds/wireshark/wireshark/= -fmacro-prefix-map=/builds/wireshark/wireshark/build/= -fmacro-prefix-map=../= -Wno-format-nonliteral -Wno-pointer-sign -std=gnu11 -ferror-limit 19 -fvisibility=hidden -fwrapv -fwrapv-pointer -fstrict-flex-arrays=3 -stack-protector 2 -fstack-clash-protection -fcf-protection=full -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -fexceptions -fcolor-diagnostics -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /builds/wireshark/wireshark/sbout/2025-11-28-100311-3593-1 -x c /builds/wireshark/wireshark/epan/dissectors/packet-rdp_dr.c
1/* Packet-rdp_dr.c
2 * Routines for the DR RDP channel
3 * Copyright 2025, David Fort <contact@hardening-consulting.com>
4 *
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 1998 Gerald Combs
8 *
9 * SPDX-License-Identifier: GPL-2.0-or-later
10 */
11
12/*
13 * See: "[MS-RDPEFS] "
14 */
15
16#include "config.h"
17
18#include <epan/packet.h>
19#include <epan/prefs.h>
20#include <epan/conversation.h>
21#include <epan/expert.h>
22
23#include "packet-rdp.h"
24#include "packet-rdpudp.h"
25#include "packet-dcerpc.h"
26#include "packet-dcerpc-rdpdr_smartcard.h"
27
28
29#define PNAME"RDP disk redirection virtual channel Protocol" "RDP disk redirection virtual channel Protocol"
30#define PSNAME"RDPDR" "RDPDR"
31#define PFNAME"rdpdr" "rdpdr"
32
33void proto_register_rdpdr(void);
34void proto_reg_handoff_rdpdr(void);
35
36
37static int proto_rdpdr;
38
39static int hf_rdpdr_component;
40static int hf_rdpdr_packetid;
41static int hf_rdpdr_deviceCount;
42static int hf_rdpdr_deviceType;
43static int hf_rdpdr_deviceId;
44static int hf_rdpdr_dosName;
45static int hf_rdpdr_deviceDataLen;
46static int hf_rdpdr_deviceData;
47static int hf_rdpdr_numCapabilities;
48static int hf_rdpdr_padding;
49static int hf_rdpdr_capaType;
50static int hf_rdpdr_capaLen;
51static int hf_rdpdr_capaVersion;
52static int hf_rdpdr_capa_gen_osType;
53static int hf_rdpdr_capa_gen_osVersion;
54static int hf_rdpdr_capa_gen_protocolMajor;
55static int hf_rdpdr_capa_gen_protocolMinor;
56static int hf_rdpdr_capa_gen_ioCode1;
57static int hf_rdpdr_capa_gen_ioCode2;
58static int hf_rdpdr_capa_gen_extendedPdu;
59static int hf_rdpdr_capa_gen_extraFlags1;
60static int hf_rdpdr_capa_gen_extraFlags2;
61static int hf_rdpdr_capa_gen_specialTypeDeviceCap;
62static int hf_rdpdr_fileId;
63static int hf_rdpdr_completionId;
64static int hf_rdpdr_ioreq_dr_majorFunction;
65static int hf_rdpdr_ioreq_dr_minorFunction;
66static int hf_rdpdr_ioreq_sc_majorFunction;
67static int hf_rdpdr_ioreq_sc_minorFunction;
68static int hf_rdpdr_ioreq_sc_command;
69static int hf_rdpdr_ioreq_sc_returnCode;
70static int hf_rdpdr_printer_cacheEvent;
71static int hf_rdpdr_pnpNameLength;
72static int hf_rdpdr_pnpName;
73static int hf_rdpdr_driverNameLength;
74static int hf_rdpdr_driverName;
75static int hf_rdpdr_printerNameLength;
76static int hf_rdpdr_printerName;
77static int hf_rdpdr_cachedFieldsLength;
78static int hf_rdpdr_cachedFields;
79static int hf_rdpdr_resultCode;
80static int hf_rdpdr_ioStatus;
81static int hf_rdpdr_io_request_control_outputBufLen;
82static int hf_rdpdr_io_request_control_inputBufLen;
83static int hf_rdpdr_io_request_control_ioControlCode;
84static int hf_rdpdr_io_request_control_padding;
85static int hf_rdpdr_io_request_frame;
86static int hf_rdpdr_io_result_frame;
87static int hf_rdpdr_create_info;
88static int hf_rdpdr_device_name;
89
90
91static int ett_rdpdr;
92static int ett_rdpdr_device;
93static int ett_rdpdr_capabilities;
94
95enum {
96 RDPDR_CTYP_CORE = 0x4472,
97 RDPDR_CTYP_PRN = 0x5052,
98};
99
100enum {
101 PAKID_CORE_SERVER_ANNOUNCE = 0x496E,
102 PAKID_CORE_CLIENTID_CONFIRM = 0x4343,
103 PAKID_CORE_CLIENT_NAME = 0x434E,
104 PAKID_CORE_DEVICELIST_ANNOUNCE = 0x4441,
105 PAKID_CORE_DEVICE_REPLY = 0x6472,
106 PAKID_CORE_DEVICE_IOREQUEST = 0x4952,
107 PAKID_CORE_DEVICE_IOCOMPLETION = 0x4943,
108 PAKID_CORE_SERVER_CAPABILITY = 0x5350,
109 PAKID_CORE_CLIENT_CAPABILITY = 0x4350,
110 PAKID_CORE_DEVICELIST_REMOVE = 0x444D,
111 PAKID_PRN_CACHE_DATA = 0x5043,
112 PAKID_CORE_USER_LOGGEDON = 0x554C,
113 PAKID_PRN_USING_XPS = 0x5543,
114};
115
116enum {
117 RDPDR_DTYP_SERIAL = 0x01,
118 RDPDR_DTYP_PARALLEL = 0x02,
119 RDPDR_DTYP_PRINT = 0x04,
120 RDPDR_DTYP_FILESYSTEM = 0x08,
121 RDPDR_DTYP_SMARTCARD = 0x20,
122};
123
124enum {
125 CAP_GENERAL_TYPE = 0x0001,
126 CAP_PRINTER_TYPE = 0x0002,
127 CAP_PORT_TYPE = 0x0003,
128 CAP_DRIVE_TYPE = 0x0004,
129 CAP_SMARTCARD_TYPE = 0x0005
130};
131
132static const value_string rdpdr_capaType_vals[] = {
133 { CAP_GENERAL_TYPE, "General" },
134 { CAP_PRINTER_TYPE, "Printer" },
135 { CAP_PORT_TYPE, "Port" },
136 { CAP_DRIVE_TYPE, "Drive" },
137 { CAP_SMARTCARD_TYPE, "Smartcard" },
138 { 0x0, NULL((void*)0)},
139};
140
141enum {
142 IRP_MJ_CREATE = 0x00000000,
143 IRP_MJ_CLOSE = 0x00000002,
144 IRP_MJ_READ = 0x00000003,
145 IRP_MJ_WRITE = 0x00000004,
146 IRP_MJ_DEVICE_CONTROL = 0x0000000E,
147 IRP_MJ_QUERY_VOLUME_INFORMATION = 0x0000000A,
148 IRP_MJ_SET_VOLUME_INFORMATION = 0x0000000B,
149 IRP_MJ_QUERY_INFORMATION = 0x00000005,
150 IRP_MJ_SET_INFORMATION = 0x00000006,
151 IRP_MJ_DIRECTORY_CONTROL = 0x0000000C,
152 IRP_MJ_LOCK_CONTROL = 0x00000011,
153
154 IRP_MN_QUERY_DIRECTORY = 0x00000001,
155 IRP_MN_NOTIFY_CHANGE_DIRECTORY = 0x00000002,
156};
157
158enum {
159 FILE_SUPERSEDED = 0x00000000,
160 FILE_OPENED = 0x00000001,
161 FILE_OVERWRITTEN = 0x00000003,
162};
163
164static const value_string rdpdr_component_vals[] = {
165 { RDPDR_CTYP_CORE, "RDPDR_CTYP_CORE"},
166 { RDPDR_CTYP_PRN, "RDPDR_CTYP_PRN"},
167 { 0x0, NULL((void*)0)},
168};
169
170static const value_string rdpdr_packetid_vals[] = {
171 { PAKID_CORE_SERVER_ANNOUNCE, "PAKID_CORE_SERVER_ANNOUNCE" },
172 { PAKID_CORE_CLIENTID_CONFIRM, "PAKID_CORE_CLIENTID_CONFIRM" },
173 { PAKID_CORE_CLIENT_NAME, "PAKID_CORE_CLIENT_NAME" },
174 { PAKID_CORE_DEVICELIST_ANNOUNCE, "PAKID_CORE_DEVICELIST_ANNOUNCE"},
175 { PAKID_CORE_DEVICE_REPLY, "PAKID_CORE_DEVICE_REPLY"},
176 { PAKID_CORE_DEVICE_IOREQUEST, "PAKID_CORE_DEVICE_IOREQUEST"},
177 { PAKID_CORE_DEVICE_IOCOMPLETION, "PAKID_CORE_DEVICE_IOCOMPLETION"},
178 { PAKID_CORE_SERVER_CAPABILITY, "PAKID_CORE_SERVER_CAPABILITY"},
179 { PAKID_CORE_CLIENT_CAPABILITY, "PAKID_CORE_CLIENT_CAPABILITY"},
180 { PAKID_CORE_DEVICELIST_REMOVE, "PAKID_CORE_DEVICELIST_REMOVE"},
181 { PAKID_PRN_CACHE_DATA, "PAKID_PRN_CACHE_DATA"},
182 { PAKID_CORE_USER_LOGGEDON, "PAKID_CORE_USER_LOGGEDON"},
183 { PAKID_PRN_USING_XPS, "PAKID_PRN_USING_XPS"},
184 { 0x0, NULL((void*)0)},
185};
186
187static const value_string rdpdr_deviceType_vals[] = {
188 { RDPDR_DTYP_SERIAL, "RDPDR_DTYP_SERIAL"},
189 { RDPDR_DTYP_PARALLEL, "RDPDR_DTYP_PARALLEL"},
190 { RDPDR_DTYP_PRINT, "RDPDR_DTYP_PRINT"},
191 { RDPDR_DTYP_FILESYSTEM, "RDPDR_DTYP_FILESYSTEM"},
192 { RDPDR_DTYP_SMARTCARD, "RDPDR_DTYP_SMARTCARD"},
193 { 0x0, NULL((void*)0)},
194};
195
196static const value_string rdpdr_dr_majorF_vals[] = {
197 { IRP_MJ_CREATE, "IRP_MJ_CREATE" },
198 { IRP_MJ_CLOSE, "IRP_MJ_CLOSE" },
199 { IRP_MJ_READ, "IRP_MJ_READ" },
200 { IRP_MJ_WRITE, "IRP_MJ_WRITE" },
201 { IRP_MJ_DEVICE_CONTROL, "IRP_MJ_DEVICE_CONTROL" },
202 { IRP_MJ_QUERY_VOLUME_INFORMATION, "IRP_MJ_QUERY_VOLUME_INFORMATION" },
203 { IRP_MJ_SET_VOLUME_INFORMATION, "IRP_MJ_SET_VOLUME_INFORMATION" },
204 { IRP_MJ_QUERY_INFORMATION, "IRP_MJ_QUERY_INFORMATION" },
205 { IRP_MJ_SET_INFORMATION, "IRP_MJ_SET_INFORMATION" },
206 { IRP_MJ_DIRECTORY_CONTROL, "IRP_MJ_DIRECTORY_CONTROL" },
207 { IRP_MJ_LOCK_CONTROL, "IRP_MJ_LOCK_CONTROL" },
208 { 0x0, NULL((void*)0)},
209};
210
211static const value_string rdpdr_dr_minorF_vals[] = {
212 { IRP_MN_QUERY_DIRECTORY, "IRP_MN_QUERY_DIRECTORY" },
213 { IRP_MN_NOTIFY_CHANGE_DIRECTORY, "IRP_MN_NOTIFY_CHANGE_DIRECTORY" },
214 { 0x0, NULL((void*)0)},
215};
216
217static const value_string rdpdr_dr_createinfo_vals[] = {
218 { FILE_SUPERSEDED, "FILE_SUPERSEDED" },
219 { FILE_OPENED, "FILE_OPENED" },
220 { FILE_OVERWRITTEN, "FILE_OVERWRITTEN" },
221 { 0x0, NULL((void*)0)},
222};
223
224enum {
225 SCARD_IOCTL_ESTABLISHCONTEXT = 0x00090014,
226 SCARD_IOCTL_RELEASECONTEXT = 0x00090018,
227 SCARD_IOCTL_ISVALIDCONTEXT = 0x0009001C,
228 SCARD_IOCTL_LISTREADERGROUPSA = 0x00090020,
229 SCARD_IOCTL_LISTREADERGROUPSW = 0x00090024,
230 SCARD_IOCTL_LISTREADERSA = 0x00090028,
231 SCARD_IOCTL_LISTREADERSW = 0x0009002C,
232 SCARD_IOCTL_INTRODUCEREADERGROUPA = 0x00090050,
233 SCARD_IOCTL_INTRODUCEREADERGROUPW = 0x00090054,
234 SCARD_IOCTL_FORGETREADERGROUPA = 0x00090058,
235 SCARD_IOCTL_FORGETREADERGROUPW = 0x0009005C,
236 SCARD_IOCTL_INTRODUCEREADERA = 0x00090060,
237 SCARD_IOCTL_INTRODUCEREADERW = 0x00090064,
238 SCARD_IOCTL_FORGETREADERA = 0x00090068,
239 SCARD_IOCTL_FORGETREADERW = 0x0009006C,
240 SCARD_IOCTL_ADDREADERTOGROUPA = 0x00090070,
241 SCARD_IOCTL_ADDREADERTOGROUPW = 0x00090074,
242 SCARD_IOCTL_REMOVEREADERFROMGROUPA = 0x00090078,
243 SCARD_IOCTL_REMOVEREADERFROMGROUPW = 0x0009007C,
244 SCARD_IOCTL_LOCATECARDSA = 0x00090098,
245 SCARD_IOCTL_LOCATECARDSW = 0x0009009C,
246 SCARD_IOCTL_GETSTATUSCHANGEA = 0x000900A0,
247 SCARD_IOCTL_GETSTATUSCHANGEW = 0x000900A4,
248 SCARD_IOCTL_CANCEL = 0x000900A8,
249 SCARD_IOCTL_CONNECTA = 0x000900AC,
250 SCARD_IOCTL_CONNECTW = 0x000900B0,
251 SCARD_IOCTL_RECONNECT = 0x000900B4,
252 SCARD_IOCTL_DISCONNECT = 0x000900B8,
253 SCARD_IOCTL_BEGINTRANSACTION = 0x000900BC,
254 SCARD_IOCTL_ENDTRANSACTION = 0x000900C0,
255 SCARD_IOCTL_STATE = 0x000900C4,
256 SCARD_IOCTL_STATUSA = 0x000900C8,
257 SCARD_IOCTL_STATUSW = 0x000900CC,
258 SCARD_IOCTL_TRANSMIT = 0x000900D0,
259 SCARD_IOCTL_CONTROL = 0x000900D4,
260 SCARD_IOCTL_GETATTRIB = 0x000900D8,
261 SCARD_IOCTL_SETATTRIB = 0x000900DC,
262 SCARD_IOCTL_ACCESSSTARTEDEVENT = 0x000900E0,
263 SCARD_IOCTL_LOCATECARDSBYATRA = 0x000900E8,
264 SCARD_IOCTL_LOCATECARDSBYATRW = 0x000900EC,
265 SCARD_IOCTL_READCACHEA = 0x000900F0,
266 SCARD_IOCTL_READCACHEW = 0x000900F4,
267 SCARD_IOCTL_WRITECACHEA = 0x000900F8,
268 SCARD_IOCTL_WRITECACHEW = 0x000900FC,
269 SCARD_IOCTL_GETTRANSMITCOUNT = 0x00090100,
270 SCARD_IOCTL_RELEASETARTEDEVENT = 0x000900E4,
271 SCARD_IOCTL_GETREADERICON = 0x00090104,
272 SCARD_IOCTL_GETDEVICETYPEID = 0x00090108,
273};
274
275enum {
276 RDPDR_ADD_PRINTER_EVENT = 0x00000001,
277 RDPDR_UPDATE_PRINTER_EVENT = 0x00000002,
278 RDPDR_DELETE_PRINTER_EVENT = 0x00000003,
279 RDPDR_RENAME_PRINTER_EVENT = 0x00000004,
280};
281
282#define STR_VALUE(v) { v, #v }
283static const value_string rdpdr_dr_ioControlCode_vals[] = {
284 STR_VALUE(SCARD_IOCTL_ESTABLISHCONTEXT),
285 STR_VALUE(SCARD_IOCTL_RELEASECONTEXT),
286 STR_VALUE(SCARD_IOCTL_ISVALIDCONTEXT),
287 STR_VALUE(SCARD_IOCTL_LISTREADERGROUPSA),
288 STR_VALUE(SCARD_IOCTL_LISTREADERGROUPSW),
289 STR_VALUE(SCARD_IOCTL_LISTREADERSA),
290 STR_VALUE(SCARD_IOCTL_LISTREADERSW),
291 STR_VALUE(SCARD_IOCTL_INTRODUCEREADERGROUPA),
292 STR_VALUE(SCARD_IOCTL_INTRODUCEREADERGROUPW),
293 STR_VALUE(SCARD_IOCTL_FORGETREADERGROUPA),
294 STR_VALUE(SCARD_IOCTL_FORGETREADERGROUPW),
295 STR_VALUE(SCARD_IOCTL_INTRODUCEREADERA),
296 STR_VALUE(SCARD_IOCTL_INTRODUCEREADERW),
297 STR_VALUE(SCARD_IOCTL_FORGETREADERA),
298 STR_VALUE(SCARD_IOCTL_FORGETREADERW),
299 STR_VALUE(SCARD_IOCTL_ADDREADERTOGROUPA),
300 STR_VALUE(SCARD_IOCTL_ADDREADERTOGROUPW),
301 STR_VALUE(SCARD_IOCTL_REMOVEREADERFROMGROUPA),
302 STR_VALUE(SCARD_IOCTL_REMOVEREADERFROMGROUPW),
303 STR_VALUE(SCARD_IOCTL_LOCATECARDSA),
304 STR_VALUE(SCARD_IOCTL_LOCATECARDSW),
305 STR_VALUE(SCARD_IOCTL_GETSTATUSCHANGEA),
306 STR_VALUE(SCARD_IOCTL_GETSTATUSCHANGEW),
307 STR_VALUE(SCARD_IOCTL_CANCEL),
308 STR_VALUE(SCARD_IOCTL_CONNECTA),
309 STR_VALUE(SCARD_IOCTL_CONNECTW),
310 STR_VALUE(SCARD_IOCTL_RECONNECT),
311 STR_VALUE(SCARD_IOCTL_DISCONNECT),
312 STR_VALUE(SCARD_IOCTL_BEGINTRANSACTION),
313 STR_VALUE(SCARD_IOCTL_ENDTRANSACTION),
314 STR_VALUE(SCARD_IOCTL_STATE),
315 STR_VALUE(SCARD_IOCTL_STATUSA),
316 STR_VALUE(SCARD_IOCTL_STATUSW),
317 STR_VALUE(SCARD_IOCTL_TRANSMIT),
318 STR_VALUE(SCARD_IOCTL_CONTROL),
319 STR_VALUE(SCARD_IOCTL_GETATTRIB),
320 STR_VALUE(SCARD_IOCTL_SETATTRIB),
321 STR_VALUE(SCARD_IOCTL_ACCESSSTARTEDEVENT),
322 STR_VALUE(SCARD_IOCTL_LOCATECARDSBYATRA),
323 STR_VALUE(SCARD_IOCTL_LOCATECARDSBYATRW),
324 STR_VALUE(SCARD_IOCTL_READCACHEA),
325 STR_VALUE(SCARD_IOCTL_READCACHEW),
326 STR_VALUE(SCARD_IOCTL_WRITECACHEA),
327 STR_VALUE(SCARD_IOCTL_WRITECACHEW),
328 STR_VALUE(SCARD_IOCTL_GETTRANSMITCOUNT),
329 STR_VALUE(SCARD_IOCTL_RELEASETARTEDEVENT),
330 STR_VALUE(SCARD_IOCTL_GETREADERICON),
331 STR_VALUE(SCARD_IOCTL_GETDEVICETYPEID),
332 { 0x0, NULL((void*)0)},
333};
334
335static const value_string rdpdr_printer_cacheEvent_vals[] = {
336 STR_VALUE(RDPDR_ADD_PRINTER_EVENT),
337 STR_VALUE(RDPDR_UPDATE_PRINTER_EVENT),
338 STR_VALUE(RDPDR_DELETE_PRINTER_EVENT),
339 STR_VALUE(RDPDR_RENAME_PRINTER_EVENT),
340 { 0x0, NULL((void*)0)},
341};
342
343#undef STR_VALUE
344
345typedef struct {
346 uint32_t completionId;
347 uint32_t reqFrame;
348 uint32_t resFrame;
349 uint32_t majorFn;
350 uint32_t minorFn;
351 uint32_t ioControlCode;
352} DrIoRequest;
353
354typedef struct {
355 uint32_t deviceType;
356 uint32_t deviceId;
357 char name[9];
358 wmem_multimap_t *ioRequests;
359} DrDevice;
360
361typedef struct {
362 wmem_multimap_t *channels;
363} rdpdr_conv_info_t;
364
365static unsigned idptr_hashFunc(const void *key) {
366 uint32_t *intPtr = (uint32_t *)key;
367
368 return *intPtr;
369}
370
371static gboolean idptr_equalFunc(const void *a, const void *b) {
372 uint32_t *aPtr = (uint32_t *)a;
373 uint32_t *bPtr = (uint32_t *)b;
374
375 return (*aPtr == *bPtr);
376}
377
378
379static rdpdr_conv_info_t *
380rdpdr_get_conversation_data(packet_info *pinfo)
381{
382 conversation_t *conversation, *conversation_tcp;
383 rdpdr_conv_info_t *info;
384
385 conversation = find_or_create_conversation(pinfo);
386
387 info = (rdpdr_conv_info_t *)conversation_get_proto_data(conversation, proto_rdpdr);
388 if (!info) {
389 conversation_tcp = rdp_find_tcp_conversation_from_udp(conversation);
390 if (conversation_tcp)
391 info = (rdpdr_conv_info_t *)conversation_get_proto_data(conversation_tcp, proto_rdpdr);
392 }
393
394 if (info == NULL((void*)0)) {
395 info = wmem_new0(wmem_file_scope(), rdpdr_conv_info_t)((rdpdr_conv_info_t*)wmem_alloc0((wmem_file_scope()), sizeof(
rdpdr_conv_info_t)));
396 info->channels = wmem_multimap_new(wmem_file_scope(), idptr_hashFunc, idptr_equalFunc);
397 conversation_add_proto_data(conversation, proto_rdpdr, info);
398 }
399
400 return info;
401}
402
403static int
404dissect_smartcard_req(tvbuff_t *in_tvb, int in_offset, packet_info *pinfo, proto_tree *tree, uint32_t ioControlCode)
405{
406 col_append_sep_fstr(pinfo->cinfo, COL_INFO, ",", "%s req", val_to_str_const(ioControlCode, rdpdr_dr_ioControlCode_vals, "<unknown>"));
407 if (ioControlCode == SCARD_IOCTL_ACCESSSTARTEDEVENT)
408 return in_offset + 4;
409
410 dcerpc_info di = { 0 };
411 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00};
412
413 dcerpc_call_value call_data = { 0 };
414 di.conformant_run = 0;
415 di.call_data = &call_data;
416 init_ndr_pointer_list(&di);
417
418 int offset = 16;
419 tvbuff_t *tvb = tvb_new_subset_remaining(in_tvb, in_offset);
420
421 switch (ioControlCode) {
422 case SCARD_IOCTL_ESTABLISHCONTEXT:
423 offset = scard_pack_dissect_struct_EstablishContext_Call(tvb, offset, pinfo, tree, &di, drep, hf_rdpdr_ioreq_sc_command, 0);
424 break;
425 case SCARD_IOCTL_ISVALIDCONTEXT:
426 case SCARD_IOCTL_RELEASECONTEXT:
427 case SCARD_IOCTL_CANCEL:
428 offset = scard_pack_dissect_struct_Context_Call(tvb, offset, pinfo, tree, &di, drep, hf_rdpdr_ioreq_sc_command, 0);
429 break;
430 case SCARD_IOCTL_LISTREADERSA:
431 offset = scard_pack_dissect_struct_ListReadersA_Call(tvb, offset, pinfo, tree, &di, drep, hf_rdpdr_ioreq_sc_command, 0);
432 break;
433 case SCARD_IOCTL_LISTREADERSW:
434 offset = scard_pack_dissect_struct_ListReadersW_Call(tvb, offset, pinfo, tree, &di, drep, hf_rdpdr_ioreq_sc_command, 0);
435 break;
436 case SCARD_IOCTL_GETDEVICETYPEID:
437 offset = scard_pack_dissect_struct_GetDeviceTypeId_Call(tvb, offset, pinfo, tree, &di, drep, hf_rdpdr_ioreq_sc_command, 0);
438 break;
439 case SCARD_IOCTL_GETSTATUSCHANGEA:
440 offset = scard_pack_dissect_struct_GetStatusChangeA_Call(tvb, offset, pinfo, tree, &di, drep, hf_rdpdr_ioreq_sc_command, 0);
441 break;
442 case SCARD_IOCTL_GETSTATUSCHANGEW:
443 offset = scard_pack_dissect_struct_GetStatusChangeW_Call(tvb, offset, pinfo, tree, &di, drep, hf_rdpdr_ioreq_sc_command, 0);
444 break;
445 case SCARD_IOCTL_CONNECTA:
446 offset = scard_pack_dissect_struct_ConnectA_Call(tvb, offset, pinfo, tree, &di, drep, hf_rdpdr_ioreq_sc_command, 0);
447 break;
448 case SCARD_IOCTL_CONNECTW:
449 offset = scard_pack_dissect_struct_ConnectW_Call(tvb, offset, pinfo, tree, &di, drep, hf_rdpdr_ioreq_sc_command, 0);
450 break;
451 case SCARD_IOCTL_DISCONNECT:
452 case SCARD_IOCTL_BEGINTRANSACTION:
453 case SCARD_IOCTL_ENDTRANSACTION:
454 offset = scard_pack_dissect_struct_HCardAndDisposition_Call(tvb, offset, pinfo, tree, &di, drep, hf_rdpdr_ioreq_sc_command, 0);
455 break;
456 case SCARD_IOCTL_STATE:
457 offset = scard_pack_dissect_struct_State_Call(tvb, offset, pinfo, tree, &di, drep, hf_rdpdr_ioreq_sc_command, 0);
458 break;
459 case SCARD_IOCTL_STATUSA:
460 case SCARD_IOCTL_STATUSW:
461 offset = scard_pack_dissect_struct_Status_Call(tvb, offset, pinfo, tree, &di, drep, hf_rdpdr_ioreq_sc_command, 0);
462 break;
463 case SCARD_IOCTL_TRANSMIT:
464 offset = scard_pack_dissect_struct_Transmit_Call(tvb, offset, pinfo, tree, &di, drep, hf_rdpdr_ioreq_sc_command, 0);
465 break;
466 case SCARD_IOCTL_READCACHEA:
467 offset = scard_pack_dissect_struct_ReadCacheA_Call(tvb, offset, pinfo, tree, &di, drep, hf_rdpdr_ioreq_sc_command, 0);
468 break;
469 case SCARD_IOCTL_READCACHEW:
470 offset = scard_pack_dissect_struct_ReadCacheW_Call(tvb, offset, pinfo, tree, &di, drep, hf_rdpdr_ioreq_sc_command, 0);
471 break;
472 case SCARD_IOCTL_WRITECACHEA:
473 offset = scard_pack_dissect_struct_WriteCacheA_Call(tvb, offset, pinfo, tree, &di, drep, hf_rdpdr_ioreq_sc_command, 0);
474 break;
475 case SCARD_IOCTL_WRITECACHEW:
476 offset = scard_pack_dissect_struct_WriteCacheW_Call(tvb, offset, pinfo, tree, &di, drep, hf_rdpdr_ioreq_sc_command, 0);
477 break;
478 case SCARD_IOCTL_GETATTRIB:
479 offset = scard_pack_dissect_struct_GetAttrib_Call(tvb, offset, pinfo, tree, &di, drep, hf_rdpdr_ioreq_sc_command, 0);
480 break;
481 case SCARD_IOCTL_RECONNECT:
482 offset = scard_pack_dissect_struct_Reconnect_Call(tvb, offset, pinfo, tree, &di, drep, hf_rdpdr_ioreq_sc_command, 0);
483 break;
484 default:
485 return in_offset;
486 }
487 return in_offset + dissect_deferred_pointers(pinfo, tvb, offset, &di, drep);
488}
489
490static int
491dissect_smartcard_resp(tvbuff_t *in_tvb, int in_offset, packet_info *pinfo, proto_tree *tree, uint32_t ioControlCode)
492{
493 col_append_sep_fstr(pinfo->cinfo, COL_INFO, ",", "%s resp", val_to_str_const(ioControlCode, rdpdr_dr_ioControlCode_vals, "<unknown>"));
494
495 dcerpc_info di = { 0 };
496 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00};
497
498 dcerpc_call_value call_data = { 0 };
499 di.conformant_run = 0;
500 di.call_data = &call_data;
501 init_ndr_pointer_list(&di);
502
503 int offset = 16;
504 proto_tree_add_item(tree, hf_rdpdr_ioreq_sc_returnCode, in_tvb, in_offset + 16, 4, ENC_LITTLE_ENDIAN0x80000000);
505 offset += 4;
506 tvbuff_t *tvb = tvb_new_subset_remaining(in_tvb, in_offset);
507
508 switch (ioControlCode) {
509 case SCARD_IOCTL_ESTABLISHCONTEXT:
510 offset = scard_pack_dissect_struct_EstablishContext_Return(tvb, offset, pinfo, tree, &di, drep, hf_rdpdr_ioreq_sc_command, 0);
511 break;
512 case SCARD_IOCTL_ACCESSSTARTEDEVENT:
513 case SCARD_IOCTL_ISVALIDCONTEXT:
514 case SCARD_IOCTL_RELEASECONTEXT:
515 case SCARD_IOCTL_DISCONNECT:
516 case SCARD_IOCTL_CANCEL:
517 case SCARD_IOCTL_BEGINTRANSACTION:
518 case SCARD_IOCTL_ENDTRANSACTION:
519 case SCARD_IOCTL_WRITECACHEA:
520 case SCARD_IOCTL_WRITECACHEW:
521 case SCARD_IOCTL_SETATTRIB:
522 case SCARD_IOCTL_INTRODUCEREADERGROUPA:
523 case SCARD_IOCTL_INTRODUCEREADERGROUPW:
524 case SCARD_IOCTL_FORGETREADERGROUPA:
525 case SCARD_IOCTL_FORGETREADERGROUPW:
526 case SCARD_IOCTL_INTRODUCEREADERA:
527 case SCARD_IOCTL_INTRODUCEREADERW:
528 case SCARD_IOCTL_FORGETREADERA:
529 case SCARD_IOCTL_FORGETREADERW:
530 case SCARD_IOCTL_ADDREADERTOGROUPA:
531 case SCARD_IOCTL_ADDREADERTOGROUPW:
532 case SCARD_IOCTL_REMOVEREADERFROMGROUPA:
533 case SCARD_IOCTL_REMOVEREADERFROMGROUPW:
534 offset = scard_pack_dissect_struct_long_Return(tvb, offset, pinfo, tree, &di, drep, hf_rdpdr_ioreq_sc_command, 0);
535 break;
536 case SCARD_IOCTL_LISTREADERSA:
537 case SCARD_IOCTL_LISTREADERSW:
538 offset = scard_pack_dissect_struct_ListReaders_Return(tvb, offset, pinfo, tree, &di, drep, hf_rdpdr_ioreq_sc_command, 0);
539 break;
540 case SCARD_IOCTL_GETDEVICETYPEID:
541 offset = scard_pack_dissect_struct_GetDeviceTypeId_Return(tvb, offset, pinfo, tree, &di, drep, hf_rdpdr_ioreq_sc_command, 0);
542 break;
543 case SCARD_IOCTL_GETSTATUSCHANGEA:
544 case SCARD_IOCTL_GETSTATUSCHANGEW:
545 offset = scard_pack_dissect_struct_GetStatusChange_Return(tvb, offset, pinfo, tree, &di, drep, hf_rdpdr_ioreq_sc_command, 0);
546 break;
547 case SCARD_IOCTL_CONNECTA:
548 case SCARD_IOCTL_CONNECTW:
549 offset = scard_pack_dissect_struct_Connect_Return(tvb, offset, pinfo, tree, &di, drep, hf_rdpdr_ioreq_sc_command, 0);
550 break;
551 case SCARD_IOCTL_RECONNECT:
552 offset = scard_pack_dissect_struct_Reconnect_Return(tvb, offset, pinfo, tree, &di, drep, hf_rdpdr_ioreq_sc_command, 0);
553 break;
554 case SCARD_IOCTL_STATUSA:
555 case SCARD_IOCTL_STATUSW:
556 offset = scard_pack_dissect_struct_Status_Return(tvb, offset, pinfo, tree, &di, drep, hf_rdpdr_ioreq_sc_command, 0);
557 break;
558 case SCARD_IOCTL_TRANSMIT:
559 offset = scard_pack_dissect_struct_Transmit_Return(tvb, offset, pinfo, tree, &di, drep, hf_rdpdr_ioreq_sc_command, 0);
560 break;
561 case SCARD_IOCTL_READCACHEA:
562 case SCARD_IOCTL_READCACHEW:
563 offset = scard_pack_dissect_struct_ReadCache_Return(tvb, offset, pinfo, tree, &di, drep, hf_rdpdr_ioreq_sc_command, 0);
564 break;
565 case SCARD_IOCTL_GETATTRIB:
566 offset = scard_pack_dissect_struct_GetAttrib_Return(tvb, offset, pinfo, tree, &di, drep, hf_rdpdr_ioreq_sc_command, 0);
567 break;
568 default:
569 return in_offset;
570 }
571
572 return in_offset + dissect_deferred_pointers(pinfo, tvb, offset, &di, drep);
573}
574
575
576static int
577dissect_rdpdr(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree _U___attribute__((unused)), void *data _U___attribute__((unused)))
578{
579 proto_item *item;
580 int offset = 0;
581 proto_tree *tree;
582 //bool packetToServer = rdp_isServerAddressTarget(pinfo);
583
584 parent_tree = proto_tree_get_root(parent_tree);
585 item = proto_tree_add_item(parent_tree, proto_rdpdr, tvb, 0, -1, ENC_NA0x00000000);
586 tree = proto_item_add_subtree(item, ett_rdpdr);
587
588 col_set_str(pinfo->cinfo, COL_PROTOCOL, "RDPDR");
589 col_clear(pinfo->cinfo, COL_INFO);
590
591 uint32_t component, packetId;
592 proto_tree_add_item_ret_uint(tree, hf_rdpdr_component, tvb, offset, 2, ENC_LITTLE_ENDIAN0x80000000, &component);
593 offset += 2;
594 proto_tree_add_item_ret_uint(tree, hf_rdpdr_packetid, tvb, offset, 2, ENC_LITTLE_ENDIAN0x80000000, &packetId);
595 offset += 2;
596
597 rdpdr_conv_info_t *info = rdpdr_get_conversation_data(pinfo);
598 uint32_t deviceId;
599
600 if (component == RDPDR_CTYP_CORE) {
1
Assuming 'component' is equal to RDPDR_CTYP_CORE
2
Taking true branch
601 switch(packetId) {
3
Control jumps to 'case PAKID_CORE_DEVICE_IOREQUEST:' at line 643
602 case PAKID_CORE_SERVER_ANNOUNCE:
603 col_append_sep_str(pinfo->cinfo, COL_INFO, ",", "Server announce");
604 break;
605 case PAKID_CORE_DEVICELIST_ANNOUNCE: {
606 col_append_sep_str(pinfo->cinfo, COL_INFO, ",", "Device list announce");
607 uint32_t deviceCount;
608 proto_tree_add_item_ret_uint(tree, hf_rdpdr_deviceCount, tvb, offset, 4, ENC_LITTLE_ENDIAN0x80000000, &deviceCount);
609 offset += 4;
610
611 for (uint32_t i = 0; i < deviceCount; i++) {
612 uint32_t deviceDataLen = tvb_get_uint32(tvb, offset + 16, ENC_LITTLE_ENDIAN0x80000000);
613 char dosName[8];
614 tvb_get_raw_bytes_as_string(tvb, offset + 8, dosName, 8);
615
616 proto_tree *dev_tree = proto_tree_add_subtree(tree, tvb, offset, 16 + deviceDataLen, ett_rdpdr_device, NULL((void*)0), dosName);
617
618 uint32_t deviceType;
619 proto_tree_add_item_ret_uint(dev_tree, hf_rdpdr_deviceType, tvb, offset, 4, ENC_LITTLE_ENDIAN0x80000000, &deviceType);
620 offset += 4;
621 proto_tree_add_item_ret_uint(dev_tree, hf_rdpdr_deviceId, tvb, offset, 4, ENC_LITTLE_ENDIAN0x80000000, &deviceId);
622 offset += 4;
623 proto_tree_add_item(dev_tree, hf_rdpdr_dosName, tvb, offset, 8, ENC_ASCII0x00000000);
624 offset += 8;
625 proto_tree_add_item(dev_tree, hf_rdpdr_deviceDataLen, tvb, offset, 4, ENC_LITTLE_ENDIAN0x80000000);
626 offset += 4;
627 proto_tree_add_item(dev_tree, hf_rdpdr_deviceData, tvb, offset, deviceDataLen, ENC_NA0x00000000);
628 offset += deviceDataLen;
629
630 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
631 DrDevice *device = wmem_alloc(wmem_file_scope(), sizeof(*device));
632 device->deviceId = deviceId;
633 device->deviceType = deviceType;
634 memcpy(device->name, dosName, 8);
635 device->name[8] = 0;
636 device->ioRequests = wmem_multimap_new(wmem_file_scope(), idptr_hashFunc, idptr_equalFunc);
637
638 wmem_multimap_insert32(info->channels, &device->deviceId, pinfo->num, device);
639 }
640 }
641 break;
642 }
643 case PAKID_CORE_DEVICE_IOREQUEST: {
644 proto_tree_add_item_ret_uint(tree, hf_rdpdr_deviceId, tvb, offset, 4, ENC_LITTLE_ENDIAN0x80000000, &deviceId);
645 offset += 4;
646
647 DrDevice *device = wmem_multimap_lookup32_le(info->channels, &deviceId, pinfo->num);
648
649 uint32_t dtype = RDPDR_DTYP_FILESYSTEM;
650 if (device)
4
Assuming 'device' is null
5
Taking false branch
651 dtype = device->deviceType;
652
653 int majorFnIdx;
654 int minorFnIdx;
655 switch(dtype) {
6
Control jumps to 'case RDPDR_DTYP_FILESYSTEM:' at line 660
656 case RDPDR_DTYP_SMARTCARD:
657 majorFnIdx = hf_rdpdr_ioreq_sc_majorFunction;
658 minorFnIdx = hf_rdpdr_ioreq_sc_minorFunction;
659 break;
660 case RDPDR_DTYP_FILESYSTEM:
661 default:
662 majorFnIdx = hf_rdpdr_ioreq_dr_majorFunction;
663 minorFnIdx = hf_rdpdr_ioreq_dr_minorFunction;
664 break;
7
 Execution continues on line 667
665 }
666
667 uint32_t fileId, completionId;
668 proto_tree_add_item_ret_uint(tree, hf_rdpdr_fileId, tvb, offset, 4, ENC_LITTLE_ENDIAN0x80000000, &fileId);
669 offset += 4;
670
671 proto_tree_add_item_ret_uint(tree, hf_rdpdr_completionId, tvb, offset, 4, ENC_LITTLE_ENDIAN0x80000000, &completionId);
672 offset += 4;
673
674 uint32_t majorFn;
675 proto_tree_add_item_ret_uint(tree, majorFnIdx, tvb, offset, 4, ENC_LITTLE_ENDIAN0x80000000, &majorFn);
676 offset += 4;
677
678 uint32_t minorFn;
679 proto_tree_add_item_ret_uint(tree, minorFnIdx, tvb, offset, 4, ENC_LITTLE_ENDIAN0x80000000, &minorFn);
680 offset += 4;
681
682 DrIoRequest *ioReq = NULL((void*)0);
8
'ioReq' initialized to a null pointer value
683 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) {
9
Assuming field 'visited' is 0
10
Taking true branch
684 if (device
10.1
'device' is null
) {
11
Taking false branch
685 ioReq = wmem_alloc(wmem_file_scope(), sizeof(*ioReq));
686
687 ioReq->completionId = completionId;
688 ioReq->majorFn = majorFn;
689 ioReq->minorFn = minorFn;
690 ioReq->reqFrame = pinfo->num;
691 ioReq->resFrame = 0;
692
693 wmem_multimap_insert32(device->ioRequests, &ioReq->completionId, pinfo->num, ioReq);
694 }
695 } else {
696 if (device)
697 ioReq = wmem_multimap_lookup32_le(device->ioRequests, &completionId, pinfo->num);
698 }
699
700 switch(majorFn) {
12
Control jumps to 'case IRP_MJ_DEVICE_CONTROL:' at line 713
701 case IRP_MJ_CREATE:
702 col_append_sep_str(pinfo->cinfo, COL_INFO, ",", "FS IRP_MJ_CREATE");
703 break;
704 case IRP_MJ_CLOSE:
705 col_append_sep_str(pinfo->cinfo, COL_INFO, ",", "FS IRP_MJ_CLOSE");
706 break;
707 case IRP_MJ_READ:
708 col_append_sep_str(pinfo->cinfo, COL_INFO, ",", "FS IRP_MJ_READ");
709 break;
710 case IRP_MJ_WRITE:
711 col_append_sep_str(pinfo->cinfo, COL_INFO, ",", "FS IRP_MJ_WRITE");
712 break;
713 case IRP_MJ_DEVICE_CONTROL: {
714 uint32_t inputBufLen;
715 uint32_t ioControlCode;
716 //col_append_sep_str(pinfo->cinfo, COL_INFO, ",", "FS IRP_MJ_DEVICE_CONTROL");
717 proto_tree_add_item(tree, hf_rdpdr_io_request_control_outputBufLen, tvb, offset, 4, ENC_LITTLE_ENDIAN0x80000000);
718 offset += 4;
719
720 proto_tree_add_item_ret_uint(tree, hf_rdpdr_io_request_control_inputBufLen, tvb, offset, 4, ENC_LITTLE_ENDIAN0x80000000, &inputBufLen);
721 offset += 4;
722
723 proto_tree_add_item_ret_uint(tree, hf_rdpdr_io_request_control_ioControlCode, tvb, offset, 4, ENC_LITTLE_ENDIAN0x80000000, &ioControlCode);
724 offset += 4;
725
726 proto_tree_add_item(tree, hf_rdpdr_io_request_control_padding, tvb, offset, 20, ENC_NA0x00000000);
727 offset += 20;
728
729 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited))
13
Taking true branch
730 ioReq->ioControlCode = ioControlCode;
14
Access to field 'ioControlCode' results in a dereference of a null pointer (loaded from variable 'ioReq')
731
732 if (device && device->deviceType == RDPDR_DTYP_SMARTCARD)
733 dissect_smartcard_req(tvb, offset, pinfo, tree, ioControlCode);
734 break;
735 }
736 case IRP_MJ_QUERY_VOLUME_INFORMATION:
737 col_append_sep_str(pinfo->cinfo, COL_INFO, ",", "FS IRP_MJ_QUERY_VOLUME_INFORMATION");
738 break;
739 case IRP_MJ_SET_VOLUME_INFORMATION:
740 col_append_sep_str(pinfo->cinfo, COL_INFO, ",", "FS IRP_MJ_SET_VOLUME_INFORMATION");
741 break;
742 case IRP_MJ_QUERY_INFORMATION:
743 col_append_sep_str(pinfo->cinfo, COL_INFO, ",", "FS IRP_MJ_QUERY_INFORMATION");
744 break;
745 case IRP_MJ_SET_INFORMATION:
746 col_append_sep_str(pinfo->cinfo, COL_INFO, ",", "FS IRP_MJ_SET_INFORMATION");
747 break;
748 case IRP_MJ_DIRECTORY_CONTROL:
749 col_append_sep_str(pinfo->cinfo, COL_INFO, ",", "FS IRP_MJ_DIRECTORY_CONTROL");
750 break;
751 case IRP_MJ_LOCK_CONTROL:
752 col_append_sep_str(pinfo->cinfo, COL_INFO, ",", "FS IRP_MJ_LOCK_CONTROL");
753 break;
754 default:
755 col_append_sep_str(pinfo->cinfo, COL_INFO, ",", "FS unhandled");
756 break;
757 }
758
759 if (ioReq) {
760 if (ioReq->resFrame) {
761 proto_item_set_generated(
762 proto_tree_add_uint(tree, hf_rdpdr_io_result_frame, tvb, 0, 0, ioReq->resFrame)
763 );
764 }
765 }
766 break;
767 }
768 case PAKID_CORE_DEVICE_REPLY: {
769 uint32_t statusCode;
770 proto_tree_add_item_ret_uint(tree, hf_rdpdr_deviceId, tvb, offset, 4, ENC_LITTLE_ENDIAN0x80000000, &deviceId);
771 offset += 4;
772
773 proto_tree_add_item_ret_uint(tree, hf_rdpdr_resultCode, tvb, offset, 4, ENC_LITTLE_ENDIAN0x80000000, &statusCode);
774 offset += 4;
775
776 DrDevice *device = wmem_multimap_lookup32_le(info->channels, &deviceId, pinfo->num);
777 if (device)
778 col_append_sep_fstr(pinfo->cinfo, COL_INFO, ",", "%s, status=0x%x", device->name, statusCode);
779 break;
780 }
781 case PAKID_CORE_DEVICE_IOCOMPLETION: {
782 uint32_t statusCode, completionId;
783 proto_tree_add_item_ret_uint(tree, hf_rdpdr_deviceId, tvb, offset, 4, ENC_LITTLE_ENDIAN0x80000000, &deviceId);
784 offset += 4;
785
786 proto_tree_add_item_ret_uint(tree, hf_rdpdr_completionId, tvb, offset, 4, ENC_LITTLE_ENDIAN0x80000000, &completionId);
787 offset += 4;
788
789 proto_tree_add_item_ret_uint(tree, hf_rdpdr_ioStatus, tvb, offset, 4, ENC_LITTLE_ENDIAN0x80000000, &statusCode);
790 offset += 4;
791
792 //const char *name = NULL;
793 DrIoRequest *ioReq = NULL((void*)0);
794 DrDevice *device = wmem_multimap_lookup32_le(info->channels, &deviceId, pinfo->num);
795 if (device) {
796 //name = device->name;
797 ioReq = wmem_multimap_lookup32_le(device->ioRequests, &completionId, pinfo->num);
798 if (ioReq) {
799 if (!PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited))
800 ioReq->resFrame = pinfo->num;
801 }
802 }
803
804 if (ioReq) {
805 proto_item_set_generated(
806 proto_tree_add_uint(tree, hf_rdpdr_io_request_frame, tvb, 0, 0, ioReq->reqFrame)
807 );
808
809 if (device->deviceType == RDPDR_DTYP_FILESYSTEM) {
810 switch(ioReq->majorFn) {
811 case IRP_MJ_CREATE:
812 if (tvb_captured_length_remaining(tvb, offset)) {
813 proto_tree_add_item(tree, hf_rdpdr_create_info, tvb, offset, 1, ENC_LITTLE_ENDIAN0x80000000);
814 }
815 break;
816 }
817 } else if (device->deviceType == RDPDR_DTYP_SMARTCARD) {
818 if (ioReq->majorFn == IRP_MJ_DEVICE_CONTROL)
819 return dissect_smartcard_resp(tvb, offset, pinfo, tree, ioReq->ioControlCode);
820 }
821 }
822 //col_append_sep_fstr(pinfo->cinfo, COL_INFO, ",", "%s%sIO completion completionId=0x%x status=0x%x", name ? name : "", name ? " " : "", completionId, statusCode);
823 break;
824 }
825
826 case PAKID_CORE_CLIENT_CAPABILITY:
827 case PAKID_CORE_SERVER_CAPABILITY: {
828 col_append_sep_fstr(pinfo->cinfo, COL_INFO, ",", "%s", val_to_str_const(packetId, rdpdr_packetid_vals, "<unknown command>"));
829
830 uint32_t ncapa;
831 proto_tree_add_item_ret_uint(tree, hf_rdpdr_numCapabilities, tvb, offset, 2, ENC_LITTLE_ENDIAN0x80000000, &ncapa);
832 offset += 2;
833
834 proto_tree_add_item(tree, hf_rdpdr_padding, tvb, offset, 2, ENC_LITTLE_ENDIAN0x80000000);
835 offset += 2;
836
837
838 for (uint32_t i = 0; i < ncapa; i++) {
839 uint32_t capaType = tvb_get_uint16(tvb, offset, ENC_LITTLE_ENDIAN0x80000000);
840 uint32_t capaLen = tvb_get_uint16(tvb, offset + 2, ENC_LITTLE_ENDIAN0x80000000);
841
842
843 tvbuff_t *capaTvb = tvb_new_subset_length(tvb, offset, capaLen);
844 offset += capaLen;
845
846 int subOffset = 0;
847 proto_tree *subtree = proto_tree_add_subtree(tree, capaTvb, 0, capaLen, ett_rdpdr_capabilities, NULL((void*)0), val_to_str_const(capaType, rdpdr_capaType_vals, "<unknown>"));
848 proto_tree_add_item(subtree, hf_rdpdr_capaType, capaTvb, subOffset, 2, ENC_LITTLE_ENDIAN0x80000000);
849 subOffset += 2;
850
851 proto_tree_add_item(subtree, hf_rdpdr_capaLen, capaTvb, subOffset, 2, ENC_LITTLE_ENDIAN0x80000000);
852 subOffset += 2;
853
854 uint32_t capaVersion;
855 proto_tree_add_item_ret_uint(subtree, hf_rdpdr_capaVersion, capaTvb, subOffset, 4, ENC_LITTLE_ENDIAN0x80000000, &capaVersion);
856 subOffset += 4;
857
858 switch (capaType) {
859 case CAP_GENERAL_TYPE:
860 proto_tree_add_item(subtree, hf_rdpdr_capa_gen_osType, capaTvb, subOffset, 4, ENC_LITTLE_ENDIAN0x80000000);
861 subOffset += 4;
862
863 proto_tree_add_item(subtree, hf_rdpdr_capa_gen_osVersion, capaTvb, subOffset, 4, ENC_LITTLE_ENDIAN0x80000000);
864 subOffset += 4;
865
866 proto_tree_add_item(subtree, hf_rdpdr_capa_gen_protocolMajor, capaTvb, subOffset, 2, ENC_LITTLE_ENDIAN0x80000000);
867 subOffset += 2;
868
869 proto_tree_add_item(subtree, hf_rdpdr_capa_gen_protocolMinor, capaTvb, subOffset, 2, ENC_LITTLE_ENDIAN0x80000000);
870 subOffset += 2;
871
872 proto_tree_add_item(subtree, hf_rdpdr_capa_gen_ioCode1, capaTvb, subOffset, 4, ENC_LITTLE_ENDIAN0x80000000);
873 subOffset += 4;
874
875 proto_tree_add_item(subtree, hf_rdpdr_capa_gen_ioCode2, capaTvb, subOffset, 4, ENC_LITTLE_ENDIAN0x80000000);
876 subOffset += 4;
877
878 proto_tree_add_item(subtree, hf_rdpdr_capa_gen_extendedPdu, capaTvb, subOffset, 4, ENC_LITTLE_ENDIAN0x80000000);
879 subOffset += 4;
880
881 proto_tree_add_item(subtree, hf_rdpdr_capa_gen_extraFlags1, capaTvb, subOffset, 4, ENC_LITTLE_ENDIAN0x80000000);
882 subOffset += 4;
883
884 proto_tree_add_item(subtree, hf_rdpdr_capa_gen_extraFlags2, capaTvb, subOffset, 4, ENC_LITTLE_ENDIAN0x80000000);
885 subOffset += 4;
886
887 if (capaVersion == 0x00000002)
888 proto_tree_add_item(subtree, hf_rdpdr_capa_gen_specialTypeDeviceCap, capaTvb, subOffset, 4, ENC_LITTLE_ENDIAN0x80000000);
889 break;
890
891 case CAP_PRINTER_TYPE:
892 case CAP_SMARTCARD_TYPE:
893 case CAP_PORT_TYPE:
894 case CAP_DRIVE_TYPE:
895 break;
896 }
897 }
898 break;
899 }
900 default:
901 col_append_sep_fstr(pinfo->cinfo, COL_INFO, ",", "%s", val_to_str_const(packetId, rdpdr_packetid_vals, "<unknown command>"));
902 break;
903 }
904 } else if (component == RDPDR_CTYP_PRN) {
905 switch (packetId) {
906 case PAKID_PRN_USING_XPS: {
907 proto_tree_add_item_ret_uint(tree, hf_rdpdr_deviceId, tvb, offset, 4, ENC_LITTLE_ENDIAN0x80000000, &deviceId);
908 offset += 4;
909
910 DrDevice *device = wmem_multimap_lookup32_le(info->channels, &deviceId, pinfo->num);
911 if (device) {
912 proto_item_set_generated(
913 proto_tree_add_string(tree, hf_rdpdr_device_name, tvb, 0, 0, device->name)
914 );
915
916 col_append_sep_fstr(pinfo->cinfo, COL_INFO, ",", "PAKID_PRN_USING_XPS %s", device->name);
917 } else {
918 col_append_sep_str(pinfo->cinfo, COL_INFO, ",", "PAKID_PRN_USING_XPS");
919 }
920 break;
921 }
922 case PAKID_PRN_CACHE_DATA: {
923 uint32_t eventId;
924 proto_tree_add_item_ret_uint(tree, hf_rdpdr_printer_cacheEvent, tvb, offset, 4, ENC_LITTLE_ENDIAN0x80000000, &eventId);
925 offset += 4;
926
927 col_append_sep_fstr(pinfo->cinfo, COL_INFO, ",", "%s", val_to_str_const(eventId, rdpdr_printer_cacheEvent_vals, "<unknown command>"));
928 switch (eventId) {
929 case RDPDR_ADD_PRINTER_EVENT: {
930 uint32_t pnpNameLength, driveNameLength, printerNameLength, cachedFieldsLength;
931
932 proto_tree_add_item(tree, hf_rdpdr_dosName, tvb, offset, 8, ENC_ASCII0x00000000);
933 offset += 8;
934
935 proto_tree_add_item_ret_uint(tree, hf_rdpdr_pnpNameLength, tvb, offset, 4, ENC_LITTLE_ENDIAN0x80000000, &pnpNameLength);
936 offset += 4;
937
938 proto_tree_add_item_ret_uint(tree, hf_rdpdr_driverNameLength, tvb, offset, 4, ENC_LITTLE_ENDIAN0x80000000, &driveNameLength);
939 offset += 4;
940
941 proto_tree_add_item_ret_uint(tree, hf_rdpdr_printerNameLength, tvb, offset, 4, ENC_LITTLE_ENDIAN0x80000000, &printerNameLength);
942 offset += 4;
943
944 proto_tree_add_item_ret_uint(tree, hf_rdpdr_cachedFieldsLength, tvb, offset, 4, ENC_LITTLE_ENDIAN0x80000000, &cachedFieldsLength);
945 offset += 4;
946
947 proto_tree_add_item(tree, hf_rdpdr_pnpName, tvb, offset, pnpNameLength, ENC_UTF_160x00000004|ENC_LITTLE_ENDIAN0x80000000);
948 offset += pnpNameLength;
949
950 proto_tree_add_item(tree, hf_rdpdr_driverName, tvb, offset, driveNameLength, ENC_UTF_160x00000004|ENC_LITTLE_ENDIAN0x80000000);
951 offset += driveNameLength;
952
953 proto_tree_add_item(tree, hf_rdpdr_printerName, tvb, offset, printerNameLength, ENC_UTF_160x00000004|ENC_LITTLE_ENDIAN0x80000000);
954 offset += printerNameLength;
955
956 proto_tree_add_item(tree, hf_rdpdr_cachedFields, tvb, offset, cachedFieldsLength, ENC_NA0x00000000);
957 break;
958 }
959 case RDPDR_UPDATE_PRINTER_EVENT:
960 break;
961 case RDPDR_DELETE_PRINTER_EVENT:
962 break;
963 case RDPDR_RENAME_PRINTER_EVENT:
964 break;
965 default:
966 break;
967 }
968 break;
969 }
970 default:
971 break;
972 }
973
974 }
975
976 return offset;
977}
978
979
980void proto_register_rdpdr(void) {
981 static hf_register_info hf[] = {
982 { &hf_rdpdr_component,
983 { "Component", "rdpdr.component",
984 FT_UINT16, BASE_HEX, VALS(rdpdr_component_vals)((0 ? (const struct _value_string*)0 : ((rdpdr_component_vals
)))), 0x0,
985 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
986 },
987 { &hf_rdpdr_packetid,
988 { "PacketId", "rdpdr.packetid",
989 FT_UINT16, BASE_HEX, VALS(rdpdr_packetid_vals)((0 ? (const struct _value_string*)0 : ((rdpdr_packetid_vals)
))), 0x0,
990 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
991 },
992 { &hf_rdpdr_deviceCount,
993 { "Device count", "rdpdr.devicecount",
994 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
995 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
996 },
997 { &hf_rdpdr_deviceType,
998 { "Device type", "rdpdr.devicetype",
999 FT_UINT32, BASE_HEX, VALS(rdpdr_deviceType_vals)((0 ? (const struct _value_string*)0 : ((rdpdr_deviceType_vals
)))), 0x0,
1000 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1001 },
1002 { &hf_rdpdr_deviceId,
1003 { "Device id", "rdpdr.deviceid",
1004 FT_UINT32, BASE_HEX, NULL((void*)0), 0x0,
1005 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1006 },
1007 { &hf_rdpdr_dosName,
1008 { "DOS name", "rdpdr.dosname",
1009 FT_STRINGZ, BASE_NONE, NULL((void*)0), 0x0,
1010 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1011 },
1012 { &hf_rdpdr_deviceDataLen,
1013 { "Device data length", "rdpdr.devicedatalen",
1014 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
1015 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1016 },
1017 { &hf_rdpdr_deviceData,
1018 { "Device data", "rdpdr.devicedata",
1019 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
1020 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1021 },
1022 { &hf_rdpdr_fileId,
1023 { "File id", "rdpdr.fileid",
1024 FT_UINT32, BASE_HEX, NULL((void*)0), 0x0,
1025 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1026 },
1027 { &hf_rdpdr_completionId,
1028 { "Completion id", "rdpdr.completionid",
1029 FT_UINT32, BASE_HEX, NULL((void*)0), 0x0,
1030 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1031 },
1032 { &hf_rdpdr_ioreq_dr_majorFunction,
1033 { "Major function", "rdpdr.majorfunction",
1034 FT_UINT32, BASE_HEX, VALS(rdpdr_dr_majorF_vals)((0 ? (const struct _value_string*)0 : ((rdpdr_dr_majorF_vals
)))), 0x0,
1035 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1036 },
1037 { &hf_rdpdr_ioreq_dr_minorFunction,
1038 { "Minor function", "rdpdr.minorfunction",
1039 FT_UINT32, BASE_HEX, VALS(rdpdr_dr_minorF_vals)((0 ? (const struct _value_string*)0 : ((rdpdr_dr_minorF_vals
)))), 0x0,
1040 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1041 },
1042 { &hf_rdpdr_ioreq_sc_majorFunction,
1043 { "Major function", "rdpdr.majorfunction",
1044 FT_UINT32, BASE_HEX, NULL((void*)0), 0x0,
1045 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1046 },
1047 { &hf_rdpdr_ioreq_sc_minorFunction,
1048 { "Minor function", "rdpdr.minorfunction",
1049 FT_UINT32, BASE_HEX, NULL((void*)0), 0x0,
1050 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1051 },
1052 { &hf_rdpdr_resultCode,
1053 { "Result code", "rdpdr.resultcode",
1054 FT_UINT32, BASE_HEX, NULL((void*)0), 0x0,
1055 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1056 },
1057 { &hf_rdpdr_ioStatus,
1058 { "IoStatus", "rdpdr.iostatus",
1059 FT_UINT32, BASE_HEX, NULL((void*)0), 0x0,
1060 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1061 },
1062 { &hf_rdpdr_io_request_control_outputBufLen,
1063 { "OutputBufferLen", "rdpdr.outputbuflen",
1064 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
1065 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1066 },
1067 { &hf_rdpdr_io_request_control_inputBufLen,
1068 { "InputBufferLen", "rdpdr.inputbuflen",
1069 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
1070 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1071 },
1072 { &hf_rdpdr_io_request_control_ioControlCode,
1073 { "IoControlCode", "rdpdr.iocontrolcode",
1074 FT_UINT32, BASE_HEX, VALS(rdpdr_dr_ioControlCode_vals)((0 ? (const struct _value_string*)0 : ((rdpdr_dr_ioControlCode_vals
)))), 0x0,
1075 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1076 },
1077 { &hf_rdpdr_io_request_control_padding,
1078 { "Padding", "rdpdr.padding20",
1079 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
1080 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1081 },
1082 { &hf_rdpdr_io_request_frame,
1083 { "Request in frame", "rdpdr.iorequestframe",
1084 FT_FRAMENUM, BASE_NONE, FRAMENUM_TYPE(FT_FRAMENUM_REQUEST)((gpointer) (glong) (FT_FRAMENUM_REQUEST)), 0x0,
1085 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1086 },
1087 { &hf_rdpdr_io_result_frame,
1088 { "IO result in frame", "rdpdr.ioresultframe",
1089 FT_FRAMENUM, BASE_NONE, FRAMENUM_TYPE(FT_FRAMENUM_RESPONSE)((gpointer) (glong) (FT_FRAMENUM_RESPONSE)), 0x0,
1090 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1091 },
1092 { &hf_rdpdr_create_info,
1093 { "Information", "rdpdr.dr.create.info",
1094 FT_UINT8, BASE_HEX, VALS(rdpdr_dr_createinfo_vals)((0 ? (const struct _value_string*)0 : ((rdpdr_dr_createinfo_vals
)))), 0x0,
1095 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1096 },
1097 { &hf_rdpdr_numCapabilities,
1098 { "numCapabilities", "rdpdr.numcapabilities",
1099 FT_UINT16, BASE_DEC, NULL((void*)0), 0x0,
1100 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1101 },
1102 { &hf_rdpdr_padding,
1103 { "Padding", "rdpdr.padding",
1104 FT_UINT16, BASE_DEC, NULL((void*)0), 0x0,
1105 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1106 },
1107 { &hf_rdpdr_capaType,
1108 { "Type", "rdpdr.capa.type",
1109 FT_UINT16, BASE_HEX, VALS(rdpdr_capaType_vals)((0 ? (const struct _value_string*)0 : ((rdpdr_capaType_vals)
))), 0x0,
1110 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1111 },
1112 { &hf_rdpdr_capaLen,
1113 { "Length", "rdpdr.capa.length",
1114 FT_UINT16, BASE_DEC, NULL((void*)0), 0x0,
1115 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1116 },
1117 { &hf_rdpdr_capaVersion,
1118 { "Version", "rdpdr.capa.version",
1119 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
1120 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1121 },
1122 { &hf_rdpdr_capa_gen_osType,
1123 { "osType", "rdpdr.capa.gen.ostype",
1124 FT_UINT32, BASE_HEX, NULL((void*)0), 0x0,
1125 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1126 },
1127 { &hf_rdpdr_capa_gen_osVersion,
1128 { "osVersion", "rdpdr.capa.gen.osversion",
1129 FT_UINT32, BASE_HEX, NULL((void*)0), 0x0,
1130 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1131 },
1132 { &hf_rdpdr_capa_gen_protocolMajor,
1133 { "protocolMajorVersion", "rdpdr.capa.gen.protocolmajor",
1134 FT_UINT16, BASE_HEX, NULL((void*)0), 0x0,
1135 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1136 },
1137 { &hf_rdpdr_capa_gen_protocolMinor,
1138 { "protocolMinorVersion", "rdpdr.capa.gen.protocolminor",
1139 FT_UINT16, BASE_HEX, NULL((void*)0), 0x0,
1140 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1141 },
1142 { &hf_rdpdr_capa_gen_ioCode1,
1143 { "ioCode1", "rdpdr.capa.gen.iocode1",
1144 FT_UINT32, BASE_HEX, NULL((void*)0), 0x0,
1145 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1146 },
1147 { &hf_rdpdr_capa_gen_ioCode2,
1148 { "ioCode2", "rdpdr.capa.gen.iocode2",
1149 FT_UINT32, BASE_HEX, NULL((void*)0), 0x0,
1150 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1151 },
1152 { &hf_rdpdr_capa_gen_extendedPdu,
1153 { "extendedPDU", "rdpdr.capa.gen.extendedpdu",
1154 FT_UINT32, BASE_HEX, NULL((void*)0), 0x0,
1155 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1156 },
1157 { &hf_rdpdr_capa_gen_extraFlags1,
1158 { "extraFlags1", "rdpdr.capa.gen.extraflags1",
1159 FT_UINT32, BASE_HEX, NULL((void*)0), 0x0,
1160 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1161 },
1162 { &hf_rdpdr_capa_gen_extraFlags2,
1163 { "extraFlags2", "rdpdr.capa.gen.extraflags2",
1164 FT_UINT32, BASE_HEX, NULL((void*)0), 0x0,
1165 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1166 },
1167 { &hf_rdpdr_capa_gen_specialTypeDeviceCap,
1168 { "specialTypeDeviceCap", "rdpdr.capa.gen.specialtypedevicecap",
1169 FT_UINT32, BASE_HEX, NULL((void*)0), 0x0,
1170 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1171 },
1172 { &hf_rdpdr_ioreq_sc_command,
1173 { "Command", "rdpdr.sc.command",
1174 FT_BYTES, BASE_NONE, NULL((void*)0), 0,
1175 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1176 },
1177 { &hf_rdpdr_ioreq_sc_returnCode,
1178 { "ReturnCode", "rdpdr.sc.returnCode",
1179 FT_UINT32, BASE_HEX, NULL((void*)0), 0x0,
1180 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1181 },
1182
1183 { &hf_rdpdr_device_name,
1184 { "Device", "rdpdr.device",
1185 FT_STRINGZ, BASE_NONE, NULL((void*)0), 0x0,
1186 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1187 },
1188 { &hf_rdpdr_printer_cacheEvent,
1189 { "EventId", "rdpdr.printer.eventid",
1190 FT_UINT32, BASE_HEX, VALS(rdpdr_printer_cacheEvent_vals)((0 ? (const struct _value_string*)0 : ((rdpdr_printer_cacheEvent_vals
)))), 0x0,
1191 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1192 },
1193 { &hf_rdpdr_pnpNameLength,
1194 { "PnPNameLen", "rdpdr.printer.pnpnamelen",
1195 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
1196 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1197 },
1198 { &hf_rdpdr_pnpName,
1199 { "PnPName", "rdpdr.printer.pnpname",
1200 FT_STRINGZ, BASE_NONE, NULL((void*)0), 0x0,
1201 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1202 },
1203 { &hf_rdpdr_driverNameLength,
1204 { "DriverNameLen", "rdpdr.printer.drivernamelen",
1205 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
1206 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1207 },
1208 { &hf_rdpdr_driverName,
1209 { "DriverName", "rdpdr.printer.drivername",
1210 FT_STRINGZ, BASE_NONE, NULL((void*)0), 0x0,
1211 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1212 },
1213 { &hf_rdpdr_printerNameLength,
1214 { "PrintNameLen", "rdpdr.printer.printnamelen",
1215 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
1216 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1217 },
1218 { &hf_rdpdr_printerName,
1219 { "PrinterName", "rdpdr.printer.printername",
1220 FT_STRINGZ, BASE_NONE, NULL((void*)0), 0x0,
1221 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1222 },
1223 { &hf_rdpdr_cachedFieldsLength,
1224 { "CacheFieldsLen", "rdpdr.printer.cachefieldslen",
1225 FT_UINT32, BASE_DEC, NULL((void*)0), 0x0,
1226 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1227 },
1228 { &hf_rdpdr_cachedFields,
1229 { "CacheFields", "rdpdr.printer.cachefields",
1230 FT_BYTES, BASE_NONE, NULL((void*)0), 0x0,
1231 NULL((void*)0), HFILL-1, 0, HF_REF_TYPE_NONE, -1, ((void*)0) }
1232 },
1233 };
1234
1235 static int *ett[] = {
1236 &ett_rdpdr,
1237 &ett_rdpdr_device,
1238 &ett_rdpdr_capabilities,
1239 };
1240
1241 proto_rdpdr = proto_register_protocol(PNAME"RDP disk redirection virtual channel Protocol", PSNAME"RDPDR", PFNAME"rdpdr");
1242
1243 /* Register fields and subtrees */
1244 proto_register_field_array(proto_rdpdr, hf, array_length(hf)(sizeof (hf) / sizeof (hf)[0]));
1245 proto_register_subtree_array(ett, array_length(ett)(sizeof (ett) / sizeof (ett)[0]));
1246
1247 register_dissector(PFNAME"rdpdr", dissect_rdpdr, proto_rdpdr);
1248}
1249
1250void proto_reg_handoff_rdpdr(void) {
1251}