Depending if it's nul terminated or not. I have some examples in the other dcerpc code such as packet-dcerpc-cds_clerkxxx.c
--- dheitmueller <[EMAIL PROTECTED]> wrote: > > I am looking at the dissection routine for the > GetDomainPasswordInfo, and it fails to properly > dissect the request. > > Looking at the source code (packet-dcerpc-samr.c > line 2011), the domain field is using > dissect_ndr_pointer. However, when I look at the > payload, it would appear that we are dealing with a > straight UNICODE string. > > xx xx xx xx xx xx xx xx 08 00 00 00 5c 00 5c 00 > ........ ....\.\. > 70 00 61 00 75 00 6c 00 32 00 30 00 > p.a.u.l. 2.0. > > It looks like there is just a length, an offset, > then the string. > > I am trying to figure out the NDR routines for > dissecting strings, and do not see one that handles > this format. If I recall, I had the same issue with > the NTLMSSP dissector, and ended up decoding it into > three separate fields (length, offset, string) using > get_unicode_or_ascii_string. > > So here's the question. Is there a more standard > function for decoding this string type. Also, does > anyone have a packet capture for this request that > DOES properly dissect the request? The last thing I > want to do is break someone elses dissector. > > Devin Heitmueller > Senior Software Engineer > Netilla Networks Inc > > _______________________________________________ > Ethereal-dev mailing list > [EMAIL PROTECTED] > http://www.ethereal.com/mailman/listinfo/ethereal-dev ===== Jaime Fournier __________________________________________________ Do you Yahoo!? U2 on LAUNCH - Exclusive greatest hits videos http://launch.yahoo.com/u2
