1 #!/usr/sbin/dtrace -s 2 /* 3 * CDDL HEADER START 4 * 5 * The contents of this file are subject to the terms of the 6 * Common Development and Distribution License (the "License"). 7 * You may not use this file except in compliance with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* 28 * Usage: ./msrpc.d -p `pgrep smbd` 29 * 30 * On multi-processor systems, it may be easier to follow the output 31 * if run on a single processor: see psradm. For example, to disable 32 * the second processor on a dual-processor system: psradm -f 1 33 * 34 * This script can be used to trace NDR operations and MSRPC requests. 35 * In order to put these operations in context, SMB session and tree 36 * requests are also traced. 37 * 38 * Output formatting is as follows: 39 * 40 * UI 03 ... rpc_vers get 1@0 = 5 {05} 41 * UI 03 ... rpc_vers_minor get 1@1 = 0 {00} 42 * 43 * U Marshalling flag (M=marshal, U=unmarshal) 44 * I Direction flag (I=in, O=out) 45 * ... Field name 46 * get PDU operation (get or put) 47 * 1@0 Bytes @ offset (i.e. 1 byte at offset 0) 48 * {05} Value 49 * 50 * The value formatting is limited to 10 bytes, after which an ellipsis 51 * will be inserted before the closing brace. If the value is 1 or 2 52 * bytes, an attempt will be made to present an ASCII value but this may 53 * or may not be relevent. 54 * 55 * The following example shows the header from a bind response: 56 * 57 * trace:entry MO 03 ... rpc_vers put 1@0 = 5 {05} 58 * trace:entry MO 03 ... rpc_vers_minor put 1@1 = 0 {00} 59 * trace:entry MO 03 ... ptype put 1@2 = 12 {0c} 60 * trace:entry MO 03 ... pfc_flags put 1@3 = 3 {03} 61 * trace:entry MO 04 .... intg_char_rep put 1@4 = 16 {10} 62 * trace:entry MO 04 .... float_rep put 1@5 = 0 {00} 63 * trace:entry MO 04 .... _spare[0] put 1@6 = 0 {00} 64 * trace:entry MO 04 .... _spare[1] put 1@7 = 0 {00} 65 * trace:entry MO 03 ... frag_length put 2@8 = 68 {44 00} D 66 * trace:entry MO 03 ... auth_length put 2@10 = 0 {00 00} 67 * trace:entry MO 03 ... call_id put 4@12 = 1 {01 00 00 00} 68 * trace:entry MO 02 .. max_xmit_frag put 2@16 = 4280 {b8 10} 69 * trace:entry MO 02 .. max_recv_frag put 2@18 = 4280 {b8 10} 70 * trace:entry MO 02 .. assoc_group_id put 4@20 = 1192620711 {a7 f2 15 47} 71 * trace:entry MO 02 .. sec_addr.length put 2@24 = 12 {0c 00} 72 * trace:entry MO 02 .. sec_addr.port_spec[0] put 1@26 = 92 {5c} \ 73 * trace:entry MO 02 .. sec_addr.port_spec[1] put 1@27 = 80 {50} P 74 * trace:entry MO 02 .. sec_addr.port_spec[2] put 1@28 = 73 {49} I 75 * trace:entry MO 02 .. sec_addr.port_spec[3] put 1@29 = 80 {50} P 76 * trace:entry MO 02 .. sec_addr.port_spec[4] put 1@30 = 69 {45} E 77 * trace:entry MO 02 .. sec_addr.port_spec[5] put 1@31 = 92 {5c} \ 78 * trace:entry MO 02 .. sec_addr.port_spec[6] put 1@32 = 108 {6c} l 79 * trace:entry MO 02 .. sec_addr.port_spec[7] put 1@33 = 115 {73} s 80 * trace:entry MO 02 .. sec_addr.port_spec[8] put 1@34 = 97 {61} a 81 * trace:entry MO 02 .. sec_addr.port_spec[9] put 1@35 = 115 {73} s 82 * trace:entry MO 02 .. sec_addr.port_spec[10] put 1@36 = 115 {73} s 83 * trace:entry MO 02 .. sec_addr.port_spec[11] put 1@37 = 0 {00} 84 */ 85 86 BEGIN 87 { 88 printf("MSRPC Trace Started"); 89 printf("\n\n"); 90 } 91 92 END 93 { 94 printf("MSRPC Trace Ended"); 95 printf("\n\n"); 96 } 97 98 /* 99 * SmbSessionSetupX, SmbLogoffX 100 * SmbTreeConnect, SmbTreeDisconnect 101 */ 102 smb_tree*:entry, 103 smb_com_*:entry, 104 smb_com_*:return, 105 smb_com_session_setup_andx:entry, 106 smb_com_logoff_andx:entry, 107 smb_tree_connect:return, 108 smb_tree_disconnect:entry, 109 smb_tree_disconnect:return, 110 smb_opipe_open:entry, 111 smb_opipe_door_call:entry, 112 smb_opipe_door_upcall:entry, 113 door_ki_upcall:entry 114 { 115 } 116 117 smb_com_session_setup_andx:return, 118 smb_user*:return, 119 smb_tree*:return, 120 smb_opipe_open:return, 121 smb_opipe_door_call:return, 122 smb_opipe_door_upcall:return, 123 door_ki_upcall:return 124 { 125 printf("rc=0x%08x", arg1); 126 } 127 128 sdt:smbsrv::smb-sessionsetup-clntinfo 129 { 130 clnt = (netr_client_t *)arg0; 131 132 printf("domain\\username=%s\\%s\n\n", 133 stringof(clnt->domain), 134 stringof(clnt->username)); 135 } 136 137 smb_tree_connect:entry 138 { 139 sr = (smb_request_t *)arg0; 140 141 printf("share=%s service=%s", 142 stringof(sr->arg.tcon.path), 143 stringof(sr->arg.tcon.service)); 144 } 145 146 smb_com_logoff_andx:return 147 { 148 } 149 150 /* 151 * Raise error functions (no return). 152 */ 153 smbsr_error:entry 154 { 155 printf("status=0x%08x class=%d, code=%d", arg1, arg2, arg3); 156 } 157 158 smbsr_errno:entry 159 { 160 printf("errno=%d", arg1); 161 } 162 163 smbsr_error:return, 164 smbsr_errno:return 165 { 166 } 167 168 /* 169 * MSRPC activity. 170 */ 171 pid$target::ndr_svc_bind:entry, 172 pid$target::ndr_svc_bind:return, 173 pid$target::ndr_svc_request:entry, 174 pid$target::ndr_svc_request:return 175 { 176 } 177 178 pid$target::smb_trace:entry, 179 pid$target::ndo_trace:entry 180 { 181 printf("%s", copyinstr(arg0)); 182 } 183 184 /* 185 * LSARPC 186 */ 187 pid$target::lsarpc_s_CloseHandle:entry, 188 pid$target::lsarpc_s_QuerySecurityObject:entry, 189 pid$target::lsarpc_s_EnumAccounts:entry, 190 pid$target::lsarpc_s_EnumTrustedDomain:entry, 191 pid$target::lsarpc_s_OpenAccount:entry, 192 pid$target::lsarpc_s_EnumPrivsAccount:entry, 193 pid$target::lsarpc_s_LookupPrivValue:entry, 194 pid$target::lsarpc_s_LookupPrivName:entry, 195 pid$target::lsarpc_s_LookupPrivDisplayName:entry, 196 pid$target::lsarpc_s_QueryInfoPolicy:entry, 197 pid$target::lsarpc_s_OpenDomainHandle:entry, 198 pid$target::lsarpc_s_OpenDomainHandle:entry, 199 pid$target::lsarpc_s_LookupSids:entry, 200 pid$target::lsarpc_s_LookupNames:entry, 201 pid$target::lsarpc_s_GetConnectedUser:entry, 202 pid$target::lsarpc_s_LookupSids2:entry, 203 pid$target::lsarpc_s_LookupNames2:entry 204 { 205 } 206 207 pid$target::lsarpc_s_CloseHandle:return, 208 pid$target::lsarpc_s_QuerySecurityObject:return, 209 pid$target::lsarpc_s_EnumAccounts:return, 210 pid$target::lsarpc_s_EnumTrustedDomain:return, 211 pid$target::lsarpc_s_OpenAccount:return, 212 pid$target::lsarpc_s_EnumPrivsAccount:return, 213 pid$target::lsarpc_s_LookupPrivValue:return, 214 pid$target::lsarpc_s_LookupPrivName:return, 215 pid$target::lsarpc_s_LookupPrivDisplayName:return, 216 pid$target::lsarpc_s_QueryInfoPolicy:return, 217 pid$target::lsarpc_s_OpenDomainHandle:return, 218 pid$target::lsarpc_s_OpenDomainHandle:return, 219 pid$target::lsarpc_s_LookupSids:return, 220 pid$target::lsarpc_s_LookupNames:return, 221 pid$target::lsarpc_s_GetConnectedUser:return, 222 pid$target::lsarpc_s_LookupSids2:return, 223 pid$target::lsarpc_s_LookupNames2:return 224 { 225 } 226 227 pid$target::lsar_lookup_names:entry 228 { 229 printf("%s", copyinstr(arg1)); 230 } 231 232 pid$target::lsar_lookup_*:entry 233 { 234 } 235 236 pid$target::lsar_lookup_*:return 237 { 238 printf("0x%08x", arg1); 239 } 240 241 pid$target::lsar_*:entry 242 { 243 } 244 245 pid$target::lsar_*:return 246 { 247 printf("0x%08x", arg1); 248 } 249 250 /* 251 * NetLogon 252 */ 253 pid$target::netr_*:entry 254 { 255 } 256 257 pid$target::netr_*:return 258 { 259 printf("0x%08x", arg1); 260 } 261 262 /* 263 * SAMR 264 */ 265 pid$target::samr_s_ConnectAnon:entry, 266 pid$target::samr_s_CloseHandle:entry, 267 pid$target::samr_s_LookupDomain:entry, 268 pid$target::samr_s_EnumLocalDomains:entry, 269 pid$target::samr_s_OpenDomain:entry, 270 pid$target::samr_s_QueryDomainInfo:entry, 271 pid$target::samr_s_QueryInfoDomain2:entry, 272 pid$target::samr_s_LookupNames:entry, 273 pid$target::samr_s_OpenUser:entry, 274 pid$target::samr_s_DeleteUser:entry, 275 pid$target::samr_s_QueryUserInfo:entry, 276 pid$target::samr_s_QueryUserGroups:entry, 277 pid$target::samr_s_OpenGroup:entry, 278 pid$target::samr_s_Connect:entry, 279 pid$target::samr_s_GetUserPwInfo:entry, 280 pid$target::samr_s_CreateUser:entry, 281 pid$target::samr_s_ChangeUserPasswd:entry, 282 pid$target::samr_s_GetDomainPwInfo:entry, 283 pid$target::samr_s_SetUserInfo:entry, 284 pid$target::samr_s_Connect3:entry, 285 pid$target::samr_s_Connect4:entry, 286 pid$target::samr_s_QueryDispInfo:entry, 287 pid$target::samr_s_OpenAlias:entry, 288 pid$target::samr_s_CreateDomainAlias:entry, 289 pid$target::samr_s_SetAliasInfo:entry, 290 pid$target::samr_s_QueryAliasInfo:entry, 291 pid$target::samr_s_DeleteDomainAlias:entry, 292 pid$target::samr_s_EnumDomainAliases:entry, 293 pid$target::samr_s_EnumDomainGroups:entry 294 { 295 } 296 297 pid$target::samr_s_ConnectAnon:return, 298 pid$target::samr_s_CloseHandle:return, 299 pid$target::samr_s_LookupDomain:return, 300 pid$target::samr_s_EnumLocalDomains:return, 301 pid$target::samr_s_OpenDomain:return, 302 pid$target::samr_s_QueryDomainInfo:return, 303 pid$target::samr_s_QueryInfoDomain2:return, 304 pid$target::samr_s_LookupNames:return, 305 pid$target::samr_s_OpenUser:return, 306 pid$target::samr_s_DeleteUser:return, 307 pid$target::samr_s_QueryUserInfo:return, 308 pid$target::samr_s_QueryUserGroups:return, 309 pid$target::samr_s_OpenGroup:return, 310 pid$target::samr_s_Connect:return, 311 pid$target::samr_s_GetUserPwInfo:return, 312 pid$target::samr_s_CreateUser:return, 313 pid$target::samr_s_ChangeUserPasswd:return, 314 pid$target::samr_s_GetDomainPwInfo:return, 315 pid$target::samr_s_SetUserInfo:return, 316 pid$target::samr_s_Connect3:return, 317 pid$target::samr_s_Connect4:return, 318 pid$target::samr_s_QueryDispInfo:return, 319 pid$target::samr_s_OpenAlias:return, 320 pid$target::samr_s_CreateDomainAlias:return, 321 pid$target::samr_s_SetAliasInfo:return, 322 pid$target::samr_s_QueryAliasInfo:return, 323 pid$target::samr_s_DeleteDomainAlias:return, 324 pid$target::samr_s_EnumDomainAliases:return, 325 pid$target::samr_s_EnumDomainGroups:return 326 { 327 } 328 329 /* 330 * SVCCTL 331 */ 332 pid$target::svcctl_s_*:entry, 333 pid$target::svcctl_s_*:return 334 { 335 } 336 337 /* 338 * SRVSVC 339 */ 340 pid$target::srvsvc_s_NetConnectEnum:entry, 341 pid$target::srvsvc_s_NetFileEnum:entry, 342 pid$target::srvsvc_s_NetFileClose:entry, 343 pid$target::srvsvc_s_NetShareGetInfo:entry, 344 pid$target::srvsvc_s_NetShareSetInfo:entry, 345 pid$target::srvsvc_s_NetSessionEnum:entry, 346 pid$target::srvsvc_s_NetSessionDel:entry, 347 pid$target::srvsvc_s_NetServerGetInfo:entry, 348 pid$target::srvsvc_s_NetRemoteTOD:entry, 349 pid$target::srvsvc_s_NetNameValidate:entry, 350 pid$target::srvsvc_s_NetShareAdd:entry, 351 pid$target::srvsvc_s_NetShareDel:entry, 352 pid$target::srvsvc_s_NetShareEnum:entry, 353 pid$target::srvsvc_s_NetShareEnumSticky:entry, 354 pid$target::srvsvc_s_NetGetFileSecurity:entry, 355 pid$target::srvsvc_s_NetSetFileSecurity:entry 356 { 357 } 358 359 pid$target::srvsvc_s_NetConnectEnum:return, 360 pid$target::srvsvc_s_NetFileEnum:return, 361 pid$target::srvsvc_s_NetFileClose:return, 362 pid$target::srvsvc_s_NetShareGetInfo:return, 363 pid$target::srvsvc_s_NetShareSetInfo:return, 364 pid$target::srvsvc_s_NetSessionEnum:return, 365 pid$target::srvsvc_s_NetSessionDel:return, 366 pid$target::srvsvc_s_NetServerGetInfo:return, 367 pid$target::srvsvc_s_NetRemoteTOD:return, 368 pid$target::srvsvc_s_NetNameValidate:return, 369 pid$target::srvsvc_s_NetShareAdd:return, 370 pid$target::srvsvc_s_NetShareDel:return, 371 pid$target::srvsvc_s_NetShareEnum:return, 372 pid$target::srvsvc_s_NetShareEnumSticky:return, 373 pid$target::srvsvc_s_NetGetFileSecurity:return, 374 pid$target::srvsvc_s_NetSetFileSecurity:return 375 { 376 } 377 378 /* 379 * WinReg 380 */ 381 pid$target::winreg_s_*:entry, 382 pid$target::winreg_s_*:return 383 { 384 } 385 386 /* 387 * Workstation 388 */ 389 pid$target::wkssvc_s_*:entry, 390 pid$target::wkssvc_s_*:return 391 { 392 } 393 394 /* 395 * SMBRDR 396 */ 397 pid$target::smbrdr_tree_connect:entry 398 { 399 printf("%s %s %s", 400 copyinstr(arg0), 401 copyinstr(arg1), 402 copyinstr(arg2)); 403 } 404 405 pid$target::smbrdr_open_pipe:entry 406 { 407 printf("%s %s %s %s", 408 copyinstr(arg0), 409 copyinstr(arg1), 410 copyinstr(arg2), 411 copyinstr(arg3)); 412 } 413 414 pid$target::smbrdr_tree_disconnect:entry, 415 pid$target::smbrdr_close_pipe:entry, 416 pid$target::smbrdr_ntcreatex:entry, 417 pid$target::smbrdr_transact:entry, 418 pid$target::smbrdr_readx*:entry 419 { 420 } 421 422 pid$target::smbrdr_tree_connect:return, 423 pid$target::smbrdr_tree_disconnect:return, 424 pid$target::smbrdr_open_pipe:return, 425 pid$target::smbrdr_close_pipe:return, 426 pid$target::smbrdr_ntcreatex:return, 427 pid$target::smbrdr_transact:return, 428 pid$target::smbrdr_readx*:return 429 { 430 printf("%d", arg1); 431 } 432 433 pid$target::ndr_clnt_get_frags:entry, 434 pid$target::ndr_clnt_get_frag:entry 435 { 436 } 437 438 pid$target::ndr_clnt_get_frags:return, 439 pid$target::ndr_clnt_get_frag:return 440 { 441 printf("%d", arg1); 442 } 443
Indexes created Wed Feb 10 05:58:14 UTC 2010
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Site Map |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
© 2010, Oracle Corporation and/or its affiliates
