Re: ASN1: How to display an octet-string as UTF16 LE

[Isaac Boukris <iboukris () gmail com>]

On Wed, Jun 16, 2021 at 2:48 PM Anders Broman via Wireshark-dev
<wireshark-dev () wireshark org> wrote:
> -----Original Message-----
> From: Wireshark-dev <wireshark-dev-bounces () wireshark org> On Behalf Of Isaac Boukris
> Sent: den 16 juni 2021 12:52
> To: wireshark-dev () wireshark org
> Subject: [Wireshark-dev] ASN1: How to display an octet-string as UTF16 LE
>
> Hello,
>
> I'd like to add the following asn1 struct to the credssp dissector (following MR 3020):
> TSRemoteGuardPackageCred ::= SEQUENCE {
>         packageName     [0] OCTET STRING,
>         credBuffer      [1] OCTET STRING
> }
>
> It gets displayed like this:
> logonCred
>     packageName: 4b00650072006200650072006f007300
>     credBuffer:
> 0a000000020000007304000018050000200000000000000093040000000000006182046f…
>
> Now, the package name is a UTF16 LE string (Kerberos), and I wonder if there is an easy way to make it display it as 
> a string instead of HEX
> - thoughts?
>
> Thanks!
>
> Hi,
> If it's always an UTF16 string you will have to do .cnf magic and add something like
> proto_tree_add_item(tree, hf_krb_pac_upn_upn_name, tvb, upn_offset, upn_len, ENC_UTF_16|ENC_LITTLE_ENDIAN);

Thanks, replacing the DEFAULT_BODY along with setting TYPE_ATTR did
the trick. I wonder if it could be better generalized but anyway that
would be for another day.

Regards
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe