Ethereal-dev: [Ethereal-dev] Re: Partial patch to packet-dcerpc-remact.c - call for assistance
> Date: Mon, 22 Sep 2003 23:20:46 -0400
> From: Todd Sabin <tsabin@xxxxxxxxxxxxx>
> Subject: Re: [Ethereal-dev] Partial patch to packet-dcerpc-remact.c -
> call for assistance
> To: Yaniv Kaul <ykaul@xxxxxxxxxxxx>
> Cc: ethereal-dev <ethereal-dev@xxxxxxxxxxxx>
> Message-ID: <m3zngw2nsh.fsf@xxxxxxxxxxxxxx>
> Content-Type: text/plain; charset=us-ascii
>
> Yaniv Kaul <ykaul@xxxxxxxxxxxx> writes:
>
> > <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
> > <html>
> > <head>
>
> Please don't send html email. (That may be why no one else has
> replied to you, yet.)
>
> > With all the noise around DCOM over
> > DCE-RPC, no one bothered to dissect it properly.
> > I've began adding proper dissection to it.
> > However, due to lack of time, lack of GOOD (read: not exploits) traffic
> > captures, and lack of normal documentation of this protocol, I'm unable
> > to complete the dissector properly.
> > I'll be happy if someone can pick it up and finish it or help me a bit.
> > Once this is done, it'll be trivial to do SystemActivator over DCE-RPC.
>
> Actually, Ulf Lamping did quite a lot of work on DCOM (including the
> REMACT interface) over a year ago, but it has yet to make in into
> ethereal. That's most likely my fault, as I asked him to break his
> work up into several patches, and then had no time to look at them.
> (Sorry, Ulf!)
>
> > Attached please find my uncomplete patch. (Do NOT check in). Pay
> > attention to the FIXME notes in it.
>
> Haven't looked at it, yet, but I'll try to go over that and Ulf's
> older stuff in the near future. Of course, I may find that I don't
> have the time again, in which case I'd suggest that Guy (or someone)
> just apply Ulf's stuff as it stands (though the patch is probably
> stale by now).
>
> --
> Todd Sabin <tsabin@xxxxxxxxxxxxx>
>
>
Hi Todd, hi Yaniv!
The last time I tried to submit patches to this topic, I ran "out of spirit", as I couldn't get any patches checked in.
I'm using my DCOM dissection for over a year now, it's working quite well for me and others.
As I have also made a lot of other changes compared to the CVS tree, my diff file is getting larger and larger (about 50kB right now + other seperate files), and submitting patches is now even more complicated for me than a year ago. But my tree is still in sync with latest CVS :-)
Regards, ULFL
______________________________________________________________________________
Die Besten ihrer Klasse! WEB.DE FreeMail (1,7) und WEB.DE Club (1,9) -
bei der Stiftung Warentest - ein Doppelsieg! http://f.web.de/?mc=021184