PIDL, ethereal, etc.
kmorank
kmorank at yahoo.com
Tue Dec 28 03:17:28 GMT 2004
I notice that the default dissectors for ethereal are not as chatty as perhaps they should be when looking at DCE traffic -- for example, RegQueryValueEx isn't as correct as it could be.
The PIDL manpage says I should be able to
perl ../../build/pidl/pidl.pl --output foo.c --parse --eparser winreg.idl
and sure enough,
packet-dcerpc-proto.h
packet-dcerpc-proto-winreg.h
packet-dcerpc-winreg.c
show up..however when plopped into the ethereal tree for a "go" doesn't exactly compile. "eparser.h" is called for, which doesn't exist in either the ethereal or samba tree; perhaps it should be replaced by "packet-dcerpc-proto.h", which includes ndr_winreg.h? Changing that, putting those files, into my ethereal dissector build directory, symlinking the librpc directory so it's accessible as I build the new dissector still yields a bunch of errors.
How out of sync is the --eparser flag with the current sources and ethereal?
thanks,
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the samba-technical
mailing list