------------------- Bugs -------------------- UH: Some flags wont highlight XH: Connector QM GUID not attached with APIEX SH: SID not formatted - need to format at least raw SID. SH: Sender Id type missing from mqprops. ---------------end bugs ----------------- Sasha: Parse GUID in server ping packet. (3527) Enhanced encryption > 72 size of encrypted key. (currently size = 0 resolves to enhanced) UH: Parse Correlation ID as GUID //----- PROPID_M_SENDERID_TYPE -------------- #define MQMSG_SENDERID_TYPE_NONE 0 #define MQMSG_SENDERID_TYPE_SID 1 // end_mq_h #define MQMSG_SENDERID_TYPE_QM 2 // begin_mq_h Priority2 - parse the certificate. Encrypted Key size : 76 (0x4c) = Basic encryption Draw out wheter Basic Encryption or Enhanced encryption into Security header summary (pending mail from Doron) If extended authentication AND extended security info then, parse the extended auth header From phsecure.h: // // Structure members: // cSubSectionCount - number of subsections. // wSectionLen - overall length of this section, including all subsections. // aData[]- buffer containing all the subsection. // struct _SecuritySectionEx { USHORT cSubSectionCount ; USHORT wSectionLen ; CHAR aData[0] ; } ; aData contains subsection defined in phsecure.h: struct _SecuritySubSectionEx { enum enumSecInfoType eType ; USHORT wSubSectionLen ; union { USHORT wFlags; struct _DefaultFlag { USHORT m_bfDefault : 1; } _DefaultFlags ; struct _UserSigEx { // // This is the structure definitions for subsection type // e_SecInfo_User_Signature_ex. // a 0 mean the relevant field is not included in the enhanced // signature. // USHORT m_bfTargetQueue : 1; USHORT m_bfSourceQMGuid : 1; // // Flags provider by caller to MQSendMessage() // USHORT m_bfUserFlags : 1; USHORT m_bfConnectorType : 1; } _UserSigEx ; } _u ; CHAR aData[0] ; // attach this data as a blob } ; If Extended security present, Scrub bugbugs appspecific=15x, multiple message, alignment error in header of previous messages aborts parsing of second. Body size bug? (Appspecific=10.cap) - Fix highlighting bugs first to simplify illustrating this. appspecific=15x, fried dnshostname lookup. PROPERTY HEADER: Correlation ID = GUID or Message ID AppTag = DWORD Parse Body Type == (for OA sends?) From msq.cpp in \src\activex\mqoa HRESULT CMSMQMessage::get_Body(VARIANT FAR* pvarBody) { // // Serialize access to object from interface methods // CS lock(m_csObj); HRESULT hresult = NOERROR; // // inspect PROPID_M_BODY_TYPE to learn how // to interpret message // if (m_vtBody & VT_ARRAY) { hresult = GetBinBody(pvarBody); } else if (m_vtBody == VT_STREAMED_OBJECT) { hresult = GetStreamedObject(pvarBody); } else if (m_vtBody == VT_STORED_OBJECT) { hresult = GetStoredObject(pvarBody); } else { hresult = GetVarBody(pvarBody); } return CreateErrorHelper(hresult, x_ObjectType); } ------------------- Code Review Items ----------------- Arthur ------ Must compile in UNICODE? Avoid AttachPropertyInstanceEx where possible. Sasha ----- Cannot #include (qm directory) - using private declarations Add calculated expiration as comment where TTL is parsed. Changing debug macro: _DEBUG -> DEBUG exposed link error with _dprintf (added bhsupp.lib) Uri, Erez --------- Use qmpkt.h for parsing headers - simpler. May need to link to MSMQ lib, though. Review internal headers (BH EC CP IH) e.g. Establish Connection as ?? Review Session Header Reveiw Property Header Eitan ----- "Unparsable - too vague. Provide more detail when possible." --------------------- Beta polish ---------------------- Create redistributable EXE. Write usage doc. ------ Cut off point for minimal usefulness - distribute and train -------- Add Tunable Parameters (MSMQ.INI) Security - display SID resolution Property - adjust Label abstract length Handoff ports - may change. They're dynamic. Allow for per capture tuning. Write network operation whitepaper. Restructure files and project to accomodate input from bhdev Add parsing functionality remote read. DC traffic. DS packets. Debug Header Draw out Admin command packets. E.g. MQPing. ------- Experts --------- Delayed Ack Expert. Masking Expert for customer privacy ---------------------------- interface of internal DS api. client side- mqdscli.dll server side- mqdssrv.dll msmq 1.0 interface /* Standard interface: dscomm, ver. 1.0, GUID={0x77df7a80,0xf298,0x11d0,{0x83,0x58,0x00,0xa0,0x24,0xc4,0x80,0xa8}} */ api opnum (decimal) ============================================= S_DSCreateObject 0 S_DSDeleteObject 1 S_DSGetProps 2 S_DSSetProps 3 S_DSGetObjectSecurity 4 S_DSSetObjectSecurity 5 S_DSLookupBegin 6 S_DSLookupNext 7 S_DSLookupEnd 8 S_DSFlush 9 S_DSDeleteObjectGuid 10 S_DSGetPropsGuid 11 S_DSSetPropsGuid 12 S_DSGetObjectSecurityGuid 13 S_DSSetObjectSecurityGuid 14 S_DSDemoteStopWrite 15 S_DSDemotePSC 16 S_DSCheckDemotedPSC 17 S_DSGetUserParams 18 S_DSQMSetMachineProperties 19 S_DSCreateServersCache 20 S_DSQMGetObjectSecurity 21 S_DSValidateServer 22 S_DSCloseServerHandle 23 S_DSMQISStats 24 S_DSDisableWriteOperations 25 S_DSEnableWriteOperations 26 S_DSGetServerPort 27 msmq 2.0 interface (new ds api for msmq2.0) /* Standard interface: dscomm2, ver. 1.0, GUID={0x708cca10,0x9569,0x11d1,{0xb2,0xa5,0x00,0x60,0x97,0x7d,0x81,0x18}} */ api opnum (decimal) ============================================= S_DSGetComputerSites 0 S_DSGetPropsEx 1 S_DSGetPropsGuidEx 2 S_DSBeginDeleteNotification 3 S_DSNotifyDelete 4 S_DSEndDeleteNotification 5 S_DSIsServerGC 6 S_DSUpdateMachineDacl 7 S_DSGetGCListInDomain 8 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ interface between runtime and QM. used by dependent client, use by all for management of private queues, transactions, for remote read, for local send with authentication and for misc other cool things... client side- mqrt.dll server side- mqqm.dll /* Standard interface: qmcomm, ver. 1.0, GUID={0xfdb3a030,0x065f,0x11d1,{0xbb,0x9b,0x00,0xa0,0x24,0xea,0x55,0x25}} */ api opnum (decimal) ============================================= QMOpenQueueInternal 0 QMGetRemoteQueueName 1 QMOpenRemoteQueue 2 QMCloseRemoteQueueContext 3 QMCreateRemoteCursor 4 QMSendMessageInternal 5 QMCreateObjectInternal 6 QMSetObjectSecurityInternal 7 QMGetObjectSecurityInternal 8 QMDeleteObject 9 QMGetObjectProperties 10 QMSetObjectProperties 11 QMObjectPathToObjectFormat 12 QMAttachProcess 13 QMGetTmWhereabouts 14 QMEnlistTransaction 15 QMEnlistInternalTransaction 16 QMCommitTransaction 17 QMAbortTransaction 18 rpc_QMOpenQueueInternal 19 rpc_ACCloseHandle 20 rpc_ACCreateCursor 21 rpc_ACCloseCursor 22 rpc_ACSetCursorProperties 23 rpc_ACSendMessage 24 rpc_ACReceiveMessage 25 rpc_ACHandleToFormatName 26 rpc_ACPurgeQueue 27 QMQueryQMRegistryInternal 28 QMListInternalQueues 29 QMCorrectOutSequence 30 QMGetRTQMServerPort 31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ interface between two QMs. used for remote read. client side- mqqm.dll server side- mqqm.dll /* Standard interface: qm2qm, ver. 1.0, GUID={0x1088a980,0xeae5,0x11d0,{0x8d,0x9b,0x00,0xa0,0x24,0x53,0xc3,0x37}} */ api opnum (decimal) ============================================= RemoteQMStartReceive 0 RemoteQMEndReceive 1 RemoteQMOpenQueue 2 RemoteQMCloseQueue 3 RemoteQMCloseCursor 4 RemoteQMCancelReceive 5 RemoteQMPurgeQueue 6 RemoteQMGetQMQMServerPort 7 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ interface for local admin api. client side- mqrt.dll server side- mqqm.dll /* Standard interface: qmmgmt, ver. 1.0, GUID={0x41208ee0,0xe970,0x11d1,{0x9b,0x9e,0x00,0xe0,0x2c,0x06,0x4c,0x39}} */ api opnum (decimal) ============================================= R_QMMgmtGetInfo 0 R_QMMgmtAction 1 ================================================================================ interface of internal DS api. client side- mqdscli.dll server side- mqdssrv.dll msmq 1.0 interface /* Standard interface: dscomm, ver. 1.0, GUID={0x77df7a80,0xf298,0x11d0,{0x83,0x58,0x00,0xa0,0x24,0xc4,0x80,0xa8}} */ api opnum (decimal) ============================================= S_DSCreateObject 0 S_DSDeleteObject 1 S_DSGetProps 2 S_DSSetProps 3 S_DSGetObjectSecurity 4 S_DSSetObjectSecurity 5 S_DSLookupBegin 6 S_DSLookupNext 7 S_DSLookupEnd 8 S_DSFlush 9 S_DSDeleteObjectGuid 10 S_DSGetPropsGuid 11 S_DSSetPropsGuid 12 S_DSGetObjectSecurityGuid 13 S_DSSetObjectSecurityGuid 14 S_DSDemoteStopWrite 15 S_DSDemotePSC 16 S_DSCheckDemotedPSC 17 S_DSGetUserParams 18 S_DSQMSetMachineProperties 19 S_DSCreateServersCache 20 S_DSQMGetObjectSecurity 21 S_DSValidateServer 22 S_DSCloseServerHandle 23 S_DSMQISStats 24 S_DSDisableWriteOperations 25 S_DSEnableWriteOperations 26 S_DSGetServerPort 27 msmq 2.0 interface (new ds api for msmq2.0) /* Standard interface: dscomm2, ver. 1.0, GUID={0x708cca10,0x9569,0x11d1,{0xb2,0xa5,0x00,0x60,0x97,0x7d,0x81,0x18}} */ api opnum (decimal) ============================================= S_DSGetComputerSites 0 S_DSGetPropsEx 1 S_DSGetPropsGuidEx 2 S_DSBeginDeleteNotification 3 S_DSNotifyDelete 4 S_DSEndDeleteNotification 5 S_DSIsServerGC 6 S_DSUpdateMachineDacl 7 S_DSGetGCListInDomain 8 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ interface between runtime and QM. used by dependent client, use by all for management of private queues, transactions, for remote read, for local send with authentication and for misc other cool things... client side- mqrt.dll server side- mqqm.dll /* Standard interface: qmcomm, ver. 1.0, GUID={0xfdb3a030,0x065f,0x11d1,{0xbb,0x9b,0x00,0xa0,0x24,0xea,0x55,0x25}} */ api opnum (decimal) ============================================= QMOpenQueueInternal 0 QMGetRemoteQueueName 1 QMOpenRemoteQueue 2 QMCloseRemoteQueueContext 3 QMCreateRemoteCursor 4 QMSendMessageInternal 5 QMCreateObjectInternal 6 QMSetObjectSecurityInternal 7 QMGetObjectSecurityInternal 8 QMDeleteObject 9 QMGetObjectProperties 10 QMSetObjectProperties 11 QMObjectPathToObjectFormat 12 QMAttachProcess 13 QMGetTmWhereabouts 14 QMEnlistTransaction 15 QMEnlistInternalTransaction 16 QMCommitTransaction 17 QMAbortTransaction 18 rpc_QMOpenQueueInternal 19 rpc_ACCloseHandle 20 rpc_ACCreateCursor 21 rpc_ACCloseCursor 22 rpc_ACSetCursorProperties 23 rpc_ACSendMessage 24 rpc_ACReceiveMessage 25 rpc_ACHandleToFormatName 26 rpc_ACPurgeQueue 27 QMQueryQMRegistryInternal 28 QMListInternalQueues 29 QMCorrectOutSequence 30 QMGetRTQMServerPort 31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ interface between two QMs. used for remote read. client side- mqqm.dll server side- mqqm.dll /* Standard interface: qm2qm, ver. 1.0, GUID={0x1088a980,0xeae5,0x11d0,{0x8d,0x9b,0x00,0xa0,0x24,0x53,0xc3,0x37}} */ api opnum (decimal) ============================================= RemoteQMStartReceive 0 RemoteQMEndReceive 1 RemoteQMOpenQueue 2 RemoteQMCloseQueue 3 RemoteQMCloseCursor 4 RemoteQMCancelReceive 5 RemoteQMPurgeQueue 6 RemoteQMGetQMQMServerPort 7 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ interface for local admin api. client side- mqrt.dll server side- mqqm.dll /* Standard interface: qmmgmt, ver. 1.0, GUID={0x41208ee0,0xe970,0x11d1,{0x9b,0x9e,0x00,0xe0,0x2c,0x06,0x4c,0x39}} */ api opnum (decimal) ============================================= R_QMMgmtGetInfo 0 R_QMMgmtAction 1