Is MSRPC::DCOM:RemoteCreateInstance Request/Response decoder planned?

0

Hi guys,

Is MSRPC::DCOM:RemoteCreateInstance Request/Response decoder planned? And is this feature on demand?

asked 16 Jul '12, 05:24

ltgao's gravatar image

ltgao
1112
accept rate: 0%

One Answer:
oldestnewestmost voted
0

As Wireshark is Open Source software primarily developed by people in their spare time, there isn't much of a plan.

Anyway, looking through Wireshark's source code I can see that packet-dcom-sysact.c appears to have some code that mentions RemoteCreateInstance so it would appear that Wireshark may already support this. I assume you've tried it and it doesn't work? If so, I'd suggest that you open a bug report and attach a sample capture so someone with some free time can take a look.

link

answered 23 Jul '12, 06:57

JeffMorriss's gravatar image

JeffMorriss ♦
2.3k433
accept rate: 26%

thank you for the feedback, yes, packet-dcom-sysact.c has been added into the wireshark project, but the implementation is not enough. Quite part of the decoder is not coded. I am planning to contribute this part if no other is doing this.

(23 Jul '12, 18:25) ltgao
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×2
×2
×1

Asked: 16 Jul '12, 05:24

Seen: 596 times

Last updated: 23 Jul '12, 18:25

Related questions

RemoteCreateInstance response

DCOM Decode not displaying the UUID in v1.4.3

about | faq | privacy | support | contact

powered by OSQA