# handle
HF_FIELD hf_mapi_handle "Handle" "mapi.handle" FT_BYTES BASE_NONE NULL 0 NULL HFILL
HF_RENAME hf_mapi_EcDoConnect_handle hf_mapi_handle
HF_RENAME hf_mapi_EcDoDisconnect_handle hf_mapi_handle
HF_RENAME hf_mapi_EcDoRpc_handle hf_mapi_handle
HF_RENAME hf_mapi_EcRRegisterPushNotification_handle hf_mapi_handle
HF_RENAME hf_mapi_EcRUnregisterPushNotification_handle hf_mapi_handle

#
# policyhandle tracking
# This block is to specify where a policyhandle is opened and where it is
# closed so that policyhandles when dissected contain nice info such as
# [opened in xxx] [closed in yyy]
#
# Policyhandles are opened in these functions (open == 0x0001)
PARAM_VALUE mapi_dissect_element_EcDoConnect_handle_ 0x0001
# Policyhandles are closed in these functions (close == 0x0002)
PARAM_VALUE mapi_dissect_element_EcDoDisconnect_handle_ 0x0002

HF_FIELD hf_mapi_property_types "Value" "mapi.SPropValue.value" FT_UINT32 BASE_HEX VALS(mapi_property_types_vals) 0 NULL HFILL
HF_RENAME hf_mapi_SPropValue_value hf_mapi_property_types

HF_FIELD hf_mapi_recipient_type "Recipient Type" "mapi.recipients_headers.type" FT_UINT16 BASE_HEX VALS(mapi_OM_recipient_type_vals) 0 NULL HFILL
HF_RENAME hf_mapi_recipients_headers_type hf_mapi_recipient_type

HF_FIELD hf_mapi_MAPI_OPNUM "Opnum" "mapi.EcDoRpc_MAPI_REQ.opnum" FT_UINT8 BASE_HEX VALS(mapi_MAPI_OPNUM_vals) 0 NULL HFILL
HF_RENAME hf_mapi_EcDoRpc_MAPI_REQ_opnum hf_mapi_MAPI_OPNUM

HF_FIELD hf_mapi_pdu_len "Length" "mapi.pdu.len" FT_UINT16 BASE_HEX NULL 0x0 "Size of the command PDU" HFILL
HF_FIELD hf_mapi_decrypted_data "Decrypted data" "mapi.decrypted.data" FT_BYTES BASE_NONE NULL 0 NULL HFILL
HF_FIELD hf_mapi_MAPI_handle "MAPI handle" "mapi.mapi_handle" FT_UINT32 BASE_HEX NULL 0 NULL HFILL

NOEMIT SBinary_short
NOEMIT MV_LONG_STRUCT
NOEMIT SLPSTRArray
NOEMIT SBinaryArray
NOEMIT SGuidArray
NOEMIT SPropValue_array
NOEMIT SPropTagArray
NOEMIT SRowList

NOEMIT OpenMessage_repl
NOEMIT GetPropList_repl
NOEMIT DeleteProps_req
NOEMIT ModifyRecipients_req
NOEMIT SetColumns_req

NOEMIT SSortOrderSet
NOEMIT SAndRestriction
NOEMIT SOrRestriction
NOEMIT SNotRestriction
NOEMIT SSubRestriction
NOEMIT SCommentRestriction

NOEMIT DeleteMessages_req
NOEMIT SetSearchCriteria_req
NOEMIT GetSearchCriteria_repl
NOEMIT CopyMessages_req
NOEMIT QueryColumns_repl
NOEMIT AddressTypes_repl
NOEMIT GetNamesFromIDs_repl
NOEMIT GetIDsFromNames_req
NOEMIT GetIDsFromNames_repl
NOEMIT QueryNamesFromIDs_repl
NOEMIT GetReceiveFolderTable_repl

NOEMIT NOTIFKEY

TYPE hyper "offset=cnf_dissect_hyper(tvb, offset, pinfo, tree, di, drep, @PARAM@, @HF@);" FT_UINT64 BASE_DEC 0 NULL 8


CODE START

static int
cnf_dissect_hyper(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, guint8 *drep, guint32 param _U_, int hfindex)
{
	offset = dissect_ndr_uint64(tvb, offset, pinfo, tree, di, drep, hfindex, NULL);

	return offset;
}


/**
 * Analyze mapi_request MAPI Handles
 */
static int mapi_dissect_element_request_handles_cnf(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
{
	gint		reported_len;
	gint		i;
	gint		handles_cnt = 0;
	guint32		value;
	proto_tree	*tr = NULL;

	reported_len = tvb_reported_length_remaining(tvb, offset);

	handles_cnt = reported_len / 4;

	tr = proto_tree_add_subtree_format(tree, tvb, offset, reported_len, ett_mapi_mapi_request, NULL, "MAPI Handles: %d", handles_cnt);

	for (i = 0; i < handles_cnt; i++) {
		value = tvb_get_letohl(tvb, offset);
		proto_tree_add_uint_format(tr, hf_mapi_MAPI_handle, tvb, offset, 4, value, "[%.2d] MAPI handle: 0x%.8x", i, value);
		offset += 4;
	}

	return offset;
}

CODE END

#
# MAPI Request and Response
#
INCLUDE request.cnf.c
INCLUDE response.cnf.c