Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

472 lines
12 KiB

//*****************************************************************************
//
// Name: msrpc.h
//
// Description: MSRPC protocol parser.
//
// History:
// 08/1/93 t-glennc Created.
//
//*****************************************************************************
//*****************************************************************************
//
// Copyright (c) 1993 by Microsoft Corp. All rights reserved.
//
//*****************************************************************************
// MSRPC protocol property database identifiers
#define MSRPC_SUMMARY 0x00
#define MSRPC_VERSION 0x01
#define MSRPC_VERSION_MINOR 0x02
#define MSRPC_PTYPE 0x03
#define MSRPC_PFC_FLAGS1 0x04
#define MSRPC_PFC_FLAGS1_BITS 0x05
#define MSRPC_PACKED_DREP 0x06
#define MSRPC_FRAG_LENGTH 0x07
#define MSRPC_AUTH_LENGTH 0x08
#define MSRPC_CALL_ID 0x09
#define MSRPC_MAX_XMIT_FRAG 0x0A
#define MSRPC_MAX_RECV_FRAG 0x0B
#define MSRPC_ASSOC_GROUP_ID 0x0C
#define MSRPC_P_CONTEXT_SUM 0x0D
#define MSRPC_AUTH_VERIFIER 0x0E
#define MSRPC_SEC_ADDR 0x0F
#define MSRPC_PAD 0x10
#define MSRPC_P_RESULT_LIST 0x11
#define MSRPC_PROVIDER_REJECT_REASON 0x12
#define MSRPC_VERSIONS_SUPPORTED 0x13
#define MSRPC_ALLOC_HINT 0x14
#define MSRPC_PRES_CONTEXT_ID 0x15
#define MSRPC_CANCEL_COUNT 0x16
#define MSRPC_RESERVED 0x17
#define MSRPC_STATUS 0x18
#define MSRPC_RESERVED_2 0x19
#define MSRPC_STUB_DATA 0x1A
#define MSRPC_OPNUM 0x1B
#define MSRPC_OBJECT 0x1C
#define MSRPC_PFC_FLAGS2 0x1D
#define MSRPC_PFC_FLAGS2_BITS 0x1E
#define MSRPC_SERIAL_HI 0x1F
#define MSRPC_OBJECT_ID 0x20
#define MSRPC_INTERFACE_ID 0x21
#define MSRPC_ACTIVITY_ID 0x22
#define MSRPC_SERVER_BOOT_TIME 0x23
#define MSRPC_INTERFACE_VER 0x24
#define MSRPC_SEQ_NUM 0x25
#define MSRPC_INTERFACE_HINT 0x26
#define MSRPC_ACTIVITY_HINT 0x27
#define MSRPC_LEN_OF_PACKET_BODY 0x28
#define MSRPC_FRAG_NUM 0x29
#define MSRPC_AUTH_PROTO_ID 0x2A
#define MSRPC_SERIAL_LO 0x2B
#define MSRPC_CANCEL_ID 0x2C
#define MSRPC_SERVER_IS_ACCEPTING 0x2D
#define MSRPC_STATUS_CODE 0x2E
#define MSRPC_WINDOW_SIZE 0x2F
#define MSRPC_MAX_TPDU 0x30
#define MSRPC_MAX_PATH_TPDU 0x31
#define MSRPC_SERIAL_NUM 0x32
#define MSRPC_SELACK_LEN 0x33
#define MSRPC_SELACK 0x34
#define MSRPC_CANCEL_REQUEST_FMT_VER 0x35
#define MSRPC_SEQ_NUMBER 0x36
#define MSRPC_SEC_ADDR_LENGTH 0x37
#define MSRPC_SEC_ADDR_PORT 0x38
#define MSRPC_N_RESULTS 0x39
#define MSRPC_P_RESULTS 0x3A
#define MSRPC_P_CONT_DEF_RESULT 0x3B
#define MSRPC_P_PROVIDER_REASON 0x3C
#define MSRPC_P_TRANSFER_SYNTAX 0x3D
#define MSRPC_IF_UUID 0x3E
#define MSRPC_IF_VERSION 0x3F
#define MSRPC_P_CONTEXT_ELEM 0x40
#define MSRPC_NUM_TRANSFER_SYNTAX 0x41
#define MSRPC_ABSTRACT_IF_UUID 0x42
#define MSRPC_ABSTRACT_IF_VERSION 0x43
#define MSRPC_TRANSFER_IF_UUID 0x44
#define MSRPC_TRANSFER_IF_VERSION 0x45
#define MSRPC_BIND_FRAME_NUMBER 0x46
// MSRPC PDU TYPES
#define MSRPC_PDU_REQUEST 0
#define MSRPC_PDU_PING 1
#define MSRPC_PDU_RESPONSE 2
#define MSRPC_PDU_FAULT 3
#define MSRPC_PDU_WORKING 4
#define MSRPC_PDU_NOCALL 5
#define MSRPC_PDU_REJECT 6
#define MSRPC_PDU_ACK 7
#define MSRPC_PDU_CL_CANCEL 8
#define MSRPC_PDU_FACK 9
#define MSRPC_PDU_CANCEL_ACK 10
#define MSRPC_PDU_BIND 11
#define MSRPC_PDU_BIND_ACK 12
#define MSRPC_PDU_BIND_NAK 13
#define MSRPC_PDU_ALTER_CONTEXT 14
#define MSRPC_PDU_ALTER_CONTEXT_RESP 15
#define MSRPC_PDU_SHUTDOWN 17
#define MSRPC_PDU_CO_CANCEL 18
#define MSRPC_PDU_ORPHANED 19
// MSRPC PDU FLAGS - 1st Set
#define MSRPC_PDU_FLAG_1_RESERVED_01 0x01
#define MSRPC_PDU_FLAG_1_LASTFRAG 0x02
#define MSRPC_PDU_FLAG_1_FRAG 0x04
#define MSRPC_PDU_FLAG_1_NOFACK 0x08
#define MSRPC_PDU_FLAG_1_MAYBE 0x10
#define MSRPC_PDU_FLAG_1_IDEMPOTENT 0x20
#define MSRPC_PDU_FLAG_1_BROADCAST 0x40
#define MSRPC_PDU_FLAG_1_RESERVED_80 0x80
// MSRPC PDU FLAGS - 2nd Set
#define MSRPC_PDU_FLAG_2_RESERVED_01 0x01
#define MSRPC_PDU_FLAG_2_CANCEL_PEND 0x02
#define MSRPC_PDU_FLAG_2_RESERVED_04 0x04
#define MSRPC_PDU_FLAG_2_RESERVED_08 0x08
#define MSRPC_PDU_FLAG_2_RESERVED_10 0x10
#define MSRPC_PDU_FLAG_2_RESERVED_20 0x20
#define MSRPC_PDU_FLAG_2_RESERVED_40 0x40
#define MSRPC_PDU_FLAG_2_RESERVED_80 0x80
// Data Structures of a MSRPC protocol frame
typedef struct _ALTER_CONTEXT
{
WORD MaxXmitFrag;
WORD MaxRecvFrag;
DWORD AssocGroupId;
BYTE PContextElem[];
} ALTER_CONTEXT;
typedef struct _ALTER_CONTEXT_RESP
{
WORD MaxXmitFrag;
WORD MaxRecvFrag;
DWORD AssocGroupId;
BYTE SecAddr[];
} ALTER_CONTEXT_RESP;
typedef struct _BIND
{
WORD MaxXmitFrag;
WORD MaxRecvFrag;
DWORD AssocGroupId;
BYTE PContextElem[];
} BIND;
typedef struct _BIND_ACK
{
WORD MaxXmitFrag;
WORD MaxRecvFrag;
DWORD AssocGroupId;
BYTE SecAddr[];
} BIND_ACK;
typedef struct _BIND_NAK
{
WORD RejectReason;
BYTE Versions[];
} BIND_NAK;
typedef struct _CO_CANCEL
{
BYTE AuthTrailer[];
} CO_CANCEL;
typedef struct _FAULT
{
union
{
DWORD AllocHint;
DWORD StatusCode;
};
WORD PContId;
BYTE CancelCount;
BYTE Reserved;
DWORD Status;
BYTE Reserved2[4];
BYTE Data[];
} FAULT;
typedef struct _ORPHANED
{
BYTE AuthTrailer[];
} ORPHANED;
typedef struct _REQUEST
{
DWORD AllocHint;
WORD PContId;
WORD OpNum;
BYTE Object[16];
BYTE Data[];
} REQUEST;
typedef struct _RESPONSE
{
DWORD AllocHint;
WORD PContId;
BYTE CancelCount;
BYTE Reserved;
BYTE Data[];
} RESPONSE;
typedef struct _SHUTDOWN
{
BYTE Data[];
} SHUTDOWN;
typedef struct _MSRPCCO
{
BYTE Version;
BYTE VersionMinor;
BYTE PType;
BYTE PFCFlags;
BYTE PackedDrep[4];
WORD FragLength;
WORD AuthLength;
DWORD CallID;
union
{
ALTER_CONTEXT AlterContext;
ALTER_CONTEXT_RESP AlterContextResp;
BIND Bind;
BIND_ACK BindAck;
BIND_NAK BindNak;
CO_CANCEL COCancel;
FAULT Fault;
ORPHANED Orphaned;
REQUEST Request;
RESPONSE Response;
SHUTDOWN Shutdown;
};
} MSRPCCO;
typedef MSRPCCO UNALIGNED * LPMSRPCCO;
typedef struct _CL_REQUEST
{
BYTE Data[];
} CL_REQUEST;
typedef struct _PING
{
BYTE Data[];
} PING;
typedef struct _CL_RESPONSE
{
BYTE Data[];
} CL_RESPONSE;
typedef struct _WORKING
{
BYTE Data[];
} WORKING;
typedef struct _NOCALL
{
BYTE Vers;
BYTE Pad1;
WORD WindowSize;
DWORD MaxTPDU;
DWORD MaxPathTPDU;
WORD SerialNumber;
WORD SelAckLen;
DWORD SelAck[];
} NOCALL;
typedef struct _REJECT
{
DWORD StatusCode;
} REJECT;
typedef struct _ACK
{
BYTE Data[];
} ACK;
typedef struct _CL_CANCEL
{
DWORD Vers;
DWORD CancelId;
} CL_CANCEL;
typedef struct _FACK
{
BYTE Vers;
BYTE Pad1;
WORD WindowSize;
DWORD MaxTPDU;
DWORD MaxPathTPDU;
WORD SerialNumber;
WORD SelAckLen;
DWORD SelAck[];
} FACK;
typedef struct _CANCEL_ACK
{
DWORD Vers;
DWORD CancelId;
DWORD ServerIsAccepting;
} CANCEL_ACK;
typedef struct _MSRPCCL
{
BYTE Version;
BYTE PType;
BYTE PFCFlags1;
BYTE PFCFlags2;
BYTE PackedDrep[3];
BYTE SerialNumHi;
BYTE ObjectId[16];
BYTE InterfaceId[16];
BYTE ActivityId[16];
DWORD ServerBootTime;
DWORD InterfaceVersion;
DWORD SeqNum;
WORD OpNum;
WORD InterfaceHint;
WORD ActivityHint;
WORD Length;
WORD FragNum;
BYTE AuthProtoId;
BYTE SerialNumLo;
union
{
CL_REQUEST Request;
PING Ping;
CL_RESPONSE Response;
FAULT Fault;
WORKING Working;
NOCALL NoCall;
REJECT Reject;
ACK Ack;
CL_CANCEL CLCancel;
FACK Fack;
CANCEL_ACK CancelAck;
};
} MSRPCCL;
typedef MSRPCCL UNALIGNED * LPMSRPCCL;
typedef unsigned short p_context_id_t;
typedef struct
{
GUID if_uuid;
unsigned long if_version;
} p_syntax_id_t;
typedef struct
{
p_context_id_t p_cont_id;
unsigned char n_transfer_syn;
unsigned char reserved;
p_syntax_id_t abstract_syntax;
p_syntax_id_t transfer_syntaxes[1];
} p_cont_elem_t;
// Table for tracking IIDs
typedef struct _IID_HANDOFF
{
union
{
BYTE ByteRep[16];
DWORD DwordRep[4];
};
HPROTOCOL hNext;
} IID_HANDOFF;
// We are going to store the BIND frames in a database so that at attach time, we
// can point to who is the BIND frame on requests and responses. CCHeapAlloc routines
// will be used to store the data.
enum BINDTABLESTATE
{
UNINITED,
NORMAL,
FULL
};
typedef struct _BINDENTRY
{
DWORD nFrame;
HFRAME hBindFrame;
} BINDENTRY;
typedef BINDENTRY * LPBINDENTRY;
typedef struct _BINDTABLE
{
DWORD nEntries;
DWORD nAllocated;
DWORD State;
BOOL fCurrentlyLookingBack;
BINDENTRY BindEntry[1];
} BINDTABLE;
typedef BINDTABLE * LPBINDTABLE;
#define BINDTABLEHEADERSIZE (sizeof(BINDTABLE)-sizeof(BINDENTRY))
// Defintions for MSRPC protocol parser entry point functions
VOID WINAPI MSRPC_Register( HPROTOCOL hMSRPC );
VOID WINAPI MSRPC_Deregister( HPROTOCOL hMSRPC );
LPBYTE WINAPI MSRPC_RecognizeFrame( HFRAME hFrame,
LPBYTE lpStartFrame,
LPBYTE lpStartMSRPC,
DWORD MacType,
DWORD BytesLeft,
HPROTOCOL hPreviousProtocol,
DWORD nPreviousProtocolOffset,
LPDWORD ProtocolStatusCode,
LPHPROTOCOL hNextProtocol,
LPDWORD lpInstData );
LPBYTE WINAPI MSRPC_AttachProperties( HFRAME hFrame,
LPBYTE lpStartFrame,
LPBYTE lpStartMSRPC,
DWORD MacType,
DWORD BytesLeft,
HPROTOCOL hPreviousProtocol,
DWORD nPreviousProtocolOffset,
DWORD InstData );
DWORD WINAPI MSRPC_FormatProperties( HFRAME hFrame,
LPBYTE MacFrame,
LPBYTE ProtocolFrame,
DWORD nPropertyInsts,
LPPROPERTYINST p );
VOID WINAPIV MSRPC_FmtSummary( LPPROPERTYINST lpPropertyInst );