msrpc.d revision c8ec8eea9849cac239663c46be8a7f5d2ba7ca00
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "@(#)msrpc.d 1.5 08/08/07 SMI"
/*
* Usage: ./msrpc.d -p `pgrep smbd`
*
* On multi-processor systems, it may be easier to follow the output
* if run on a single processor: see psradm. For example, to disable
* the second processor on a dual-processor system: psradm -f 1
*
* This script can be used to trace NDR operations and MSRPC requests.
* In order to put these operations in context, SMB session and tree
* requests are also traced.
*
* Output formatting is as follows:
*
* UI 03 ... rpc_vers get 1@0 = 5 {05}
* UI 03 ... rpc_vers_minor get 1@1 = 0 {00}
*
* U Marshalling flag (M=marshal, U=unmarshal)
* I Direction flag (I=in, O=out)
* ... Field name
* get PDU operation (get or put)
* 1@0 Bytes @ offset (i.e. 1 byte at offset 0)
* {05} Value
*
* The value formatting is limited to 10 bytes, after which an ellipsis
* will be inserted before the closing brace. If the value is 1 or 2
* bytes, an attempt will be made to present an ASCII value but this may
* or may not be relevent.
*
* The following example shows the header from a bind response:
*
* trace:entry MO 03 ... rpc_vers put 1@0 = 5 {05}
* trace:entry MO 03 ... rpc_vers_minor put 1@1 = 0 {00}
* trace:entry MO 03 ... ptype put 1@2 = 12 {0c}
* trace:entry MO 03 ... pfc_flags put 1@3 = 3 {03}
* trace:entry MO 04 .... intg_char_rep put 1@4 = 16 {10}
* trace:entry MO 04 .... float_rep put 1@5 = 0 {00}
* trace:entry MO 04 .... _spare[0] put 1@6 = 0 {00}
* trace:entry MO 04 .... _spare[1] put 1@7 = 0 {00}
* trace:entry MO 03 ... frag_length put 2@8 = 68 {44 00} D
* trace:entry MO 03 ... auth_length put 2@10 = 0 {00 00}
* trace:entry MO 03 ... call_id put 4@12 = 1 {01 00 00 00}
* trace:entry MO 02 .. max_xmit_frag put 2@16 = 4280 {b8 10}
* trace:entry MO 02 .. max_recv_frag put 2@18 = 4280 {b8 10}
* trace:entry MO 02 .. assoc_group_id put 4@20 = 1192620711 {a7 f2 15 47}
* trace:entry MO 02 .. sec_addr.length put 2@24 = 12 {0c 00}
* trace:entry MO 02 .. sec_addr.port_spec[0] put 1@26 = 92 {5c} \
* trace:entry MO 02 .. sec_addr.port_spec[1] put 1@27 = 80 {50} P
* trace:entry MO 02 .. sec_addr.port_spec[2] put 1@28 = 73 {49} I
* trace:entry MO 02 .. sec_addr.port_spec[3] put 1@29 = 80 {50} P
* trace:entry MO 02 .. sec_addr.port_spec[4] put 1@30 = 69 {45} E
* trace:entry MO 02 .. sec_addr.port_spec[5] put 1@31 = 92 {5c} \
* trace:entry MO 02 .. sec_addr.port_spec[6] put 1@32 = 108 {6c} l
* trace:entry MO 02 .. sec_addr.port_spec[7] put 1@33 = 115 {73} s
* trace:entry MO 02 .. sec_addr.port_spec[8] put 1@34 = 97 {61} a
* trace:entry MO 02 .. sec_addr.port_spec[9] put 1@35 = 115 {73} s
* trace:entry MO 02 .. sec_addr.port_spec[10] put 1@36 = 115 {73} s
* trace:entry MO 02 .. sec_addr.port_spec[11] put 1@37 = 0 {00}
*/
{
printf("MSRPC Trace Started");
printf("\n\n");
}
{
printf("MSRPC Trace Ended");
printf("\n\n");
}
/*
* SmbSessionSetupX, SmbLogoffX
* SmbTreeConnect, SmbTreeDisconnect
*/
smb_com_*:return,
smb_tree_connect:return,
smb_tree_disconnect:return,
{
}
smb_com_session_setup_andx:return,
smb_session*:return,
smb_user*:return,
smb_tree*:return,
smb_opipe_open:return,
smb_opipe_door_call:return,
smb_opipe_door_upcall:return,
door_ki_upcall:return
{
}
{
}
{
printf("share=%s service=%s",
}
smb_com_logoff_andx:return
{
exit(0);
}
/*
* Raise error functions (no return).
*/
{
}
{
}
smbsr_error:return,
smbsr_errno:return
{
}
/*
* MSRPC activity.
*/
{
}
{
}
/*
* LSARPC
*/
{
}
{
}
/*
* NetLogon
*/
{
}
/*
* SAMR
*/
{
}
{
}
/*
* SVCCTL
*/
{
}
/*
* SRVSVC
*/
{
}
{
}
/*
* WinReg
*/
{
}
/*
* Workstation
*/
{
}
/*
* SMBRDR
*/
{
}
{
printf("%s %s %s",
}
{
printf("%s %s %s %s",
}
{
}
{
}