2006-09-22 00:01:38 +00:00
/* DO NOT EDIT
This filter was automatically generated
from eventlog . idl and eventlog . cnf .
Pidl is a perl based IDL compiler for DCE / RPC idl files .
It is maintained by the Samba team , not the Wireshark team .
Instructions on how to download and install Pidl can be
found at http : //wiki.wireshark.org/Pidl
*/
2004-07-13 05:29:23 +00:00
# ifdef HAVE_CONFIG_H
# include "config.h"
# endif
2007-03-29 02:09:48 +00:00
# ifdef _MSC_VER
# pragma warning(disable:4005)
# pragma warning(disable:4013)
2007-03-29 02:22:23 +00:00
# pragma warning(disable:4018)
# pragma warning(disable:4101)
2007-03-29 02:09:48 +00:00
# endif
2004-07-13 05:29:23 +00:00
# include <glib.h>
2006-09-22 00:01:38 +00:00
# include <string.h>
2004-07-13 05:29:23 +00:00
# include <epan/packet.h>
2006-09-22 00:01:38 +00:00
2004-07-13 05:29:23 +00:00
# include "packet-dcerpc.h"
# include "packet-dcerpc-nt.h"
2004-08-03 02:28:49 +00:00
# include "packet-windows-common.h"
2006-09-22 00:01:38 +00:00
# include "packet-dcerpc-eventlog.h"
/* Ett declarations */
static gint ett_dcerpc_eventlog = - 1 ;
static gint ett_eventlog_eventlogReadFlags = - 1 ;
static gint ett_eventlog_eventlogEventTypes = - 1 ;
static gint ett_eventlog_eventlog_OpenUnknown0 = - 1 ;
static gint ett_eventlog_eventlog_Record = - 1 ;
static gint ett_eventlog_eventlog_ChangeUnknown0 = - 1 ;
/* Header field declarations */
static gint hf_eventlog_eventlog_ReadEventLogW_offset = - 1 ;
static gint hf_eventlog_eventlog_ChangeNotify_unknown2 = - 1 ;
static gint hf_eventlog_eventlog_ChangeNotify_unknown3 = - 1 ;
static gint hf_eventlog_eventlog_Record_data_offset = - 1 ;
static gint hf_eventlog_eventlog_Record_sid_length = - 1 ;
static gint hf_eventlog_eventlog_RegisterEventSourceW_handle = - 1 ;
static gint hf_eventlog_eventlog_BackupEventLogW_backupfilename = - 1 ;
static gint hf_eventlog_eventlog_ChangeUnknown0_unknown0 = - 1 ;
static gint hf_eventlog_eventlog_Record_computer_name = - 1 ;
static gint hf_eventlog_eventlogEventTypes_EVENTLOG_SUCCESS = - 1 ;
static gint hf_eventlog_eventlog_ChangeUnknown0_unknown1 = - 1 ;
static gint hf_eventlog_eventlog_Record_strings = - 1 ;
static gint hf_eventlog_eventlog_GetLogIntormation_cbBytesNeeded = - 1 ;
static gint hf_eventlog_eventlog_GetNumRecords_handle = - 1 ;
static gint hf_eventlog_status = - 1 ;
static gint hf_eventlog_eventlog_Record_sid_offset = - 1 ;
static gint hf_eventlog_eventlog_OpenBackupEventLogW_logname = - 1 ;
static gint hf_eventlog_eventlog_Record_source_name = - 1 ;
static gint hf_eventlog_eventlog_ReadEventLogW_handle = - 1 ;
static gint hf_eventlog_eventlog_ClearEventLogW_backupfilename = - 1 ;
2006-09-22 07:43:29 +00:00
static gint hf_eventlog_Record_string = - 1 ;
2006-09-22 00:01:38 +00:00
static gint hf_eventlog_eventlog_OpenEventLogW_servername = - 1 ;
static gint hf_eventlog_eventlog_Record_event_type = - 1 ;
static gint hf_eventlog_eventlog_ReadEventLogW_real_size = - 1 ;
static gint hf_eventlog_eventlog_CloseEventLog_handle = - 1 ;
static gint hf_eventlog_eventlogEventTypes_EVENTLOG_AUDIT_SUCCESS = - 1 ;
static gint hf_eventlog_eventlog_RegisterEventSourceW_logname = - 1 ;
static gint hf_eventlog_eventlog_Record_num_of_strings = - 1 ;
static gint hf_eventlog_eventlog_Record_time_written = - 1 ;
static gint hf_eventlog_eventlog_ReadEventLogW_flags = - 1 ;
static gint hf_eventlog_eventlog_Record_size = - 1 ;
static gint hf_eventlog_eventlog_Record_record_number = - 1 ;
static gint hf_eventlog_eventlog_GetLogIntormation_cbBufSize = - 1 ;
static gint hf_eventlog_eventlog_GetLogIntormation_handle = - 1 ;
static gint hf_eventlog_eventlog_ReadEventLogW_number_of_bytes = - 1 ;
static gint hf_eventlog_eventlog_RegisterEventSourceW_servername = - 1 ;
static gint hf_eventlog_eventlog_Record_reserved = - 1 ;
static gint hf_eventlog_eventlogEventTypes_EVENTLOG_AUDIT_FAILURE = - 1 ;
2006-09-22 01:40:23 +00:00
static gint hf_eventlog_eventlog_Record_raw_data = - 1 ;
2006-09-22 00:01:38 +00:00
static gint hf_eventlog_eventlog_ChangeNotify_handle = - 1 ;
static gint hf_eventlog_eventlogEventTypes_EVENTLOG_WARNING_TYPE = - 1 ;
static gint hf_eventlog_eventlog_OpenUnknown0_unknown0 = - 1 ;
static gint hf_eventlog_eventlog_OpenUnknown0_unknown1 = - 1 ;
static gint hf_eventlog_Record_length = - 1 ;
static gint hf_eventlog_eventlogReadFlags_EVENTLOG_SEEK_READ = - 1 ;
static gint hf_eventlog_eventlogReadFlags_EVENTLOG_BACKWARDS_READ = - 1 ;
static gint hf_eventlog_eventlog_ReadEventLogW_data = - 1 ;
static gint hf_eventlog_eventlog_Record_event_category = - 1 ;
static gint hf_eventlog_eventlog_DeregisterEventSource_handle = - 1 ;
static gint hf_eventlog_eventlogEventTypes_EVENTLOG_ERROR_TYPE = - 1 ;
2006-09-22 01:40:23 +00:00
static gint hf_eventlog_Record_source_name = - 1 ;
2006-09-22 00:01:38 +00:00
static gint hf_eventlog_eventlog_ReadEventLogW_sent_size = - 1 ;
static gint hf_eventlog_eventlogEventTypes_EVENTLOG_INFORMATION_TYPE = - 1 ;
static gint hf_eventlog_opnum = - 1 ;
static gint hf_eventlog_eventlog_Record_time_generated = - 1 ;
static gint hf_eventlog_eventlog_Record_stringoffset = - 1 ;
2006-09-22 01:40:23 +00:00
static gint hf_eventlog_Record_computer_name = - 1 ;
2006-09-22 00:01:38 +00:00
static gint hf_eventlog_eventlog_OpenBackupEventLogW_unknown0 = - 1 ;
2006-09-22 01:40:23 +00:00
static gint hf_eventlog_eventlogReadFlags_EVENTLOG_FORWARDS_READ = - 1 ;
2006-09-22 00:01:38 +00:00
static gint hf_eventlog_eventlog_OpenBackupEventLogW_unknown2 = - 1 ;
static gint hf_eventlog_eventlog_OpenBackupEventLogW_unknown3 = - 1 ;
static gint hf_eventlog_eventlog_Record_event_id = - 1 ;
static gint hf_eventlog_eventlog_GetNumRecords_number = - 1 ;
static gint hf_eventlog_eventlog_OpenEventLogW_unknown0 = - 1 ;
static gint hf_eventlog_eventlog_GetLogIntormation_dwInfoLevel = - 1 ;
static gint hf_eventlog_eventlog_OpenEventLogW_unknown2 = - 1 ;
static gint hf_eventlog_eventlog_OpenEventLogW_unknown3 = - 1 ;
static gint hf_eventlog_eventlog_Record_reserved_flags = - 1 ;
static gint hf_eventlog_eventlog_OpenEventLogW_logname = - 1 ;
static gint hf_eventlog_eventlog_GetLogIntormation_lpBuffer = - 1 ;
static gint hf_eventlog_eventlogReadFlags_EVENTLOG_SEQUENTIAL_READ = - 1 ;
static gint hf_eventlog_eventlog_FlushEventLog_handle = - 1 ;
static gint hf_eventlog_eventlog_GetOldestRecord_oldest = - 1 ;
static gint hf_eventlog_eventlog_RegisterEventSourceW_unknown0 = - 1 ;
static gint hf_eventlog_eventlog_BackupEventLogW_handle = - 1 ;
static gint hf_eventlog_eventlog_OpenEventLogW_handle = - 1 ;
static gint hf_eventlog_eventlog_RegisterEventSourceW_unknown2 = - 1 ;
static gint hf_eventlog_eventlog_Record_data_length = - 1 ;
static gint hf_eventlog_eventlog_GetOldestRecord_handle = - 1 ;
static gint hf_eventlog_eventlog_RegisterEventSourceW_unknown3 = - 1 ;
static gint hf_eventlog_eventlog_ClearEventLogW_handle = - 1 ;
2006-09-22 01:40:23 +00:00
static gint hf_eventlog_Record = - 1 ;
2006-09-22 00:01:38 +00:00
static gint hf_eventlog_eventlog_Record_closing_record_number = - 1 ;
static gint hf_eventlog_eventlog_OpenBackupEventLogW_handle = - 1 ;
static gint proto_dcerpc_eventlog = - 1 ;
/* Version information */
static e_uuid_t uuid_dcerpc_eventlog = {
0x82273fdc , 0xe32a , 0x18c3 ,
{ 0x3f , 0x78 , 0x82 , 0x79 , 0x29 , 0xdc , 0x23 , 0xea }
} ;
static guint16 ver_dcerpc_eventlog = 0 ;
static const true_false_string eventlogReadFlags_EVENTLOG_SEQUENTIAL_READ_tfs = {
" EVENTLOG_SEQUENTIAL_READ is SET " ,
" EVENTLOG_SEQUENTIAL_READ is NOT SET " ,
} ;
static const true_false_string eventlogReadFlags_EVENTLOG_SEEK_READ_tfs = {
" EVENTLOG_SEEK_READ is SET " ,
" EVENTLOG_SEEK_READ is NOT SET " ,
} ;
static const true_false_string eventlogReadFlags_EVENTLOG_FORWARDS_READ_tfs = {
" EVENTLOG_FORWARDS_READ is SET " ,
" EVENTLOG_FORWARDS_READ is NOT SET " ,
} ;
static const true_false_string eventlogReadFlags_EVENTLOG_BACKWARDS_READ_tfs = {
" EVENTLOG_BACKWARDS_READ is SET " ,
" EVENTLOG_BACKWARDS_READ is NOT SET " ,
} ;
static const true_false_string eventlogEventTypes_EVENTLOG_SUCCESS_tfs = {
" EVENTLOG_SUCCESS is SET " ,
" EVENTLOG_SUCCESS is NOT SET " ,
} ;
static const true_false_string eventlogEventTypes_EVENTLOG_ERROR_TYPE_tfs = {
" EVENTLOG_ERROR_TYPE is SET " ,
" EVENTLOG_ERROR_TYPE is NOT SET " ,
} ;
static const true_false_string eventlogEventTypes_EVENTLOG_WARNING_TYPE_tfs = {
" EVENTLOG_WARNING_TYPE is SET " ,
" EVENTLOG_WARNING_TYPE is NOT SET " ,
} ;
static const true_false_string eventlogEventTypes_EVENTLOG_INFORMATION_TYPE_tfs = {
" EVENTLOG_INFORMATION_TYPE is SET " ,
" EVENTLOG_INFORMATION_TYPE is NOT SET " ,
} ;
static const true_false_string eventlogEventTypes_EVENTLOG_AUDIT_SUCCESS_tfs = {
" EVENTLOG_AUDIT_SUCCESS is SET " ,
" EVENTLOG_AUDIT_SUCCESS is NOT SET " ,
} ;
static const true_false_string eventlogEventTypes_EVENTLOG_AUDIT_FAILURE_tfs = {
" EVENTLOG_AUDIT_FAILURE is SET " ,
" EVENTLOG_AUDIT_FAILURE is NOT SET " ,
} ;
2007-03-22 08:45:01 +00:00
static int eventlog_dissect_element_OpenUnknown0_unknown0 ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_OpenUnknown0_unknown1 ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_Record_size ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_Record_reserved ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_Record_record_number ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_Record_time_generated ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_Record_time_written ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_Record_event_id ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_Record_event_type ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_Record_num_of_strings ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_Record_event_category ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_Record_reserved_flags ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_Record_closing_record_number ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_Record_stringoffset ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_Record_sid_length ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_Record_sid_offset ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_Record_data_length ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_Record_data_offset ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_Record_source_name ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_Record_computer_name ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_Record_strings ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_Record_strings_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_Record_raw_data ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_ChangeUnknown0_unknown0 ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_ChangeUnknown0_unknown1 ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_ClearEventLogW_handle ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_ClearEventLogW_handle_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_ClearEventLogW_backupfilename ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_ClearEventLogW_backupfilename_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_BackupEventLogW_handle ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_BackupEventLogW_handle_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_BackupEventLogW_backupfilename ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_BackupEventLogW_backupfilename_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_CloseEventLog_handle ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_CloseEventLog_handle_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_DeregisterEventSource_handle ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_DeregisterEventSource_handle_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_GetNumRecords_handle ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_GetNumRecords_handle_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_GetNumRecords_number ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
2007-03-29 02:09:48 +00:00
static int eventlog_dissect_element_GetNumRecords_number_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
2007-03-22 08:45:01 +00:00
static int eventlog_dissect_element_GetOldestRecord_handle ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_GetOldestRecord_handle_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_GetOldestRecord_oldest ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
2007-03-29 02:09:48 +00:00
static int eventlog_dissect_element_GetOldestRecord_oldest_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
2007-03-22 08:45:01 +00:00
static int eventlog_dissect_element_ChangeNotify_handle ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_ChangeNotify_handle_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_ChangeNotify_unknown2 ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_ChangeNotify_unknown2_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_ChangeNotify_unknown3 ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_OpenEventLogW_unknown0 ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_OpenEventLogW_unknown0_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_OpenEventLogW_logname ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_OpenEventLogW_servername ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_OpenEventLogW_unknown2 ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_OpenEventLogW_unknown3 ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_OpenEventLogW_handle ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_OpenEventLogW_handle_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_RegisterEventSourceW_unknown0 ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_RegisterEventSourceW_unknown0_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_RegisterEventSourceW_logname ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_RegisterEventSourceW_servername ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_RegisterEventSourceW_unknown2 ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_RegisterEventSourceW_unknown3 ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_RegisterEventSourceW_handle ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_RegisterEventSourceW_handle_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_OpenBackupEventLogW_unknown0 ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_OpenBackupEventLogW_unknown0_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_OpenBackupEventLogW_logname ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_OpenBackupEventLogW_unknown2 ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_OpenBackupEventLogW_unknown3 ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_OpenBackupEventLogW_handle ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_OpenBackupEventLogW_handle_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_ReadEventLogW_handle ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_ReadEventLogW_handle_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_ReadEventLogW_flags ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_ReadEventLogW_offset ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_ReadEventLogW_number_of_bytes ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_ReadEventLogW_data ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_ReadEventLogW_data_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_ReadEventLogW_sent_size ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
2007-03-29 02:09:48 +00:00
static int eventlog_dissect_element_ReadEventLogW_sent_size_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
2007-03-22 08:45:01 +00:00
static int eventlog_dissect_element_ReadEventLogW_real_size ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
2007-03-29 02:09:48 +00:00
static int eventlog_dissect_element_ReadEventLogW_real_size_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
2007-03-22 08:45:01 +00:00
static int eventlog_dissect_element_GetLogIntormation_handle ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_GetLogIntormation_handle_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_GetLogIntormation_dwInfoLevel ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_GetLogIntormation_lpBuffer ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_GetLogIntormation_lpBuffer_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_GetLogIntormation_cbBufSize ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_GetLogIntormation_cbBytesNeeded ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
2007-03-29 02:09:48 +00:00
static int eventlog_dissect_element_GetLogIntormation_cbBytesNeeded_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
2007-03-22 08:45:01 +00:00
static int eventlog_dissect_element_FlushEventLog_handle ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
static int eventlog_dissect_element_FlushEventLog_handle_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ ) ;
2006-09-22 00:01:38 +00:00
/* Add this one manually until we can compile LSA */
static int
2006-11-05 05:21:33 +00:00
eventlog_dissect_struct_lsa_String ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , guint8 * drep , int hf_index , int notused _U_ )
2006-09-22 00:01:38 +00:00
{
dcerpc_info * di ;
di = pinfo - > private_data ;
if ( di - > conformant_run ) {
/*just a run to handle conformant arrays, nothing to dissect */
return offset ;
}
offset = dissect_ndr_counted_string ( tvb , offset , pinfo , tree , drep ,
hf_index , 0 ) ;
return offset ;
}
static int
eventlog_dissect_element_ReadEventLogW_data_ ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , guint8 * drep )
{
guint32 len ;
dcerpc_info * di ;
2006-09-22 01:40:23 +00:00
tvbuff_t * record_tvb ;
2006-09-22 00:01:38 +00:00
di = pinfo - > private_data ;
if ( di - > conformant_run ) {
/*just a run to handle conformant arrays, nothing to dissect */
return offset ;
}
offset = dissect_ndr_uint32 ( tvb , offset , pinfo , tree , drep ,
hf_eventlog_Record_length , & len ) ;
2006-09-22 01:40:23 +00:00
/* Create a new tvb so that we know that offset==0 is the beginning
* of the record . We need to know this since the data is not really
* NDR encoded at all and there are byte offsets into this buffer
* encoded therein .
*/
2007-03-29 02:09:48 +00:00
record_tvb = tvb_new_subset ( tvb , offset , MIN ( ( gint ) len , tvb_length_remaining ( tvb , offset ) ) , len ) ;
2006-09-22 01:40:23 +00:00
eventlog_dissect_struct_Record ( record_tvb , 0 , pinfo , tree , drep , hf_eventlog_Record , 0 ) ;
offset + = len ;
return offset ;
}
/* sid_length and sid_offset handled by manual code since this is not NDR
and we want to dissect the sid from the data blob */
static guint32 sid_length ;
static int
eventlog_dissect_element_Record_sid_length ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , guint8 * drep )
{
sid_length = 0 ;
offset = dissect_ndr_uint32 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_Record_sid_length , & sid_length ) ;
return offset ;
}
static int
eventlog_dissect_element_Record_sid_offset ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , guint8 * drep )
{
guint32 sid_offset = 0 ;
offset = dissect_ndr_uint32 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_Record_sid_offset , & sid_offset ) ;
if ( sid_offset & & sid_length ) {
tvbuff_t * sid_tvb ;
/* this blob contains an NT SID.
* tvb starts at the beginning of the record .
*/
2007-03-29 02:09:48 +00:00
sid_tvb = tvb_new_subset ( tvb , sid_offset , MIN ( ( gint ) sid_length , tvb_length_remaining ( tvb , offset ) ) , sid_length ) ;
2006-09-22 01:40:23 +00:00
dissect_nt_sid ( sid_tvb , 0 , tree , " SID " , NULL , - 1 ) ;
}
return offset ;
}
static int
eventlog_get_unicode_string_length ( tvbuff_t * tvb , int offset )
{
int len ;
len = 0 ;
while ( 1 ) {
if ( ! tvb_get_ntohs ( tvb , offset + len * 2 ) ) {
len + + ;
break ;
}
len + + ;
}
return len ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_Record_source_name ( tvbuff_t * tvb , int offset , packet_info * pinfo _U_ , proto_tree * tree , guint8 * drep _U_ )
2006-09-22 01:40:23 +00:00
{
char * str ;
int len ;
len = eventlog_get_unicode_string_length ( tvb , offset ) ;
str = tvb_get_ephemeral_faked_unicode ( tvb , offset , len , TRUE ) ;
proto_tree_add_string_format ( tree , hf_eventlog_Record_source_name , tvb , offset , len * 2 , str , " source_name: %s " , str ) ;
offset + = len * 2 ;
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_Record_computer_name ( tvbuff_t * tvb , int offset , packet_info * pinfo _U_ , proto_tree * tree , guint8 * drep _U_ )
2006-09-22 01:40:23 +00:00
{
char * str ;
int len ;
len = eventlog_get_unicode_string_length ( tvb , offset ) ;
str = tvb_get_ephemeral_faked_unicode ( tvb , offset , len , TRUE ) ;
proto_tree_add_string_format ( tree , hf_eventlog_Record_computer_name , tvb , offset , len * 2 , str , " computer_name: %s " , str ) ;
offset + = len * 2 ;
2006-09-22 00:01:38 +00:00
return offset ;
}
2006-09-24 20:31:02 +00:00
static guint16 num_of_strings ;
2006-09-22 07:43:29 +00:00
static int
eventlog_dissect_element_Record_num_of_strings ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , guint8 * drep )
{
num_of_strings = 0 ;
offset = dissect_ndr_uint16 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_Record_num_of_strings , & num_of_strings ) ;
return offset ;
}
2006-09-22 07:56:18 +00:00
static guint32 string_offset ;
2006-09-22 07:43:29 +00:00
static int
eventlog_dissect_element_Record_stringoffset ( tvbuff_t * tvb , int offset , packet_info * pinfo , proto_tree * tree , guint8 * drep )
{
string_offset = 0 ;
offset = dissect_ndr_uint32 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_Record_stringoffset , & string_offset ) ;
2006-09-22 07:56:18 +00:00
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_Record_strings ( tvbuff_t * tvb , int offset , packet_info * pinfo _U_ , proto_tree * tree , guint8 * drep _U_ )
2006-09-22 07:56:18 +00:00
{
2006-09-22 07:43:29 +00:00
while ( string_offset & & num_of_strings ) {
char * str ;
int len ;
len = eventlog_get_unicode_string_length ( tvb , string_offset ) ;
str = tvb_get_ephemeral_faked_unicode ( tvb , string_offset , len , TRUE ) ;
proto_tree_add_string_format ( tree , hf_eventlog_Record_string , tvb , string_offset , len * 2 , str , " string: %s " , str ) ;
string_offset + = len * 2 ;
num_of_strings - - ;
}
return offset ;
}
2006-09-22 00:01:38 +00:00
2007-02-24 21:34:29 +00:00
/* IDL: bitmap { */
2006-09-22 00:01:38 +00:00
/* IDL: EVENTLOG_SEQUENTIAL_READ = 0x0001 , */
/* IDL: EVENTLOG_SEEK_READ = 0x0002 , */
/* IDL: EVENTLOG_FORWARDS_READ = 0x0004 , */
/* IDL: EVENTLOG_BACKWARDS_READ = 0x0008 , */
2007-02-24 21:34:29 +00:00
/* IDL: } */
2006-09-22 00:01:38 +00:00
int
2007-03-22 08:45:01 +00:00
eventlog_dissect_bitmap_eventlogReadFlags ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * parent_tree _U_ , guint8 * drep _U_ , int hf_index _U_ , guint32 param _U_ )
2006-09-22 00:01:38 +00:00
{
proto_item * item = NULL ;
proto_tree * tree = NULL ;
guint32 flags ;
ALIGN_TO_4_BYTES ;
if ( parent_tree ) {
item = proto_tree_add_item ( parent_tree , hf_index , tvb , offset , 4 , TRUE ) ;
tree = proto_item_add_subtree ( item , ett_eventlog_eventlogReadFlags ) ;
}
offset = dissect_ndr_uint32 ( tvb , offset , pinfo , NULL , drep , - 1 , & flags ) ;
proto_item_append_text ( item , " : " ) ;
if ( ! flags )
proto_item_append_text ( item , " (No values set) " ) ;
proto_tree_add_boolean ( tree , hf_eventlog_eventlogReadFlags_EVENTLOG_SEQUENTIAL_READ , tvb , offset - 4 , 4 , flags ) ;
if ( flags & ( 0x0001 ) ) {
proto_item_append_text ( item , " EVENTLOG_SEQUENTIAL_READ " ) ;
if ( flags & ( ~ ( 0x0001 ) ) )
proto_item_append_text ( item , " , " ) ;
}
flags & = ( ~ ( 0x0001 ) ) ;
proto_tree_add_boolean ( tree , hf_eventlog_eventlogReadFlags_EVENTLOG_SEEK_READ , tvb , offset - 4 , 4 , flags ) ;
if ( flags & ( 0x0002 ) ) {
proto_item_append_text ( item , " EVENTLOG_SEEK_READ " ) ;
if ( flags & ( ~ ( 0x0002 ) ) )
proto_item_append_text ( item , " , " ) ;
}
flags & = ( ~ ( 0x0002 ) ) ;
proto_tree_add_boolean ( tree , hf_eventlog_eventlogReadFlags_EVENTLOG_FORWARDS_READ , tvb , offset - 4 , 4 , flags ) ;
if ( flags & ( 0x0004 ) ) {
proto_item_append_text ( item , " EVENTLOG_FORWARDS_READ " ) ;
if ( flags & ( ~ ( 0x0004 ) ) )
proto_item_append_text ( item , " , " ) ;
}
flags & = ( ~ ( 0x0004 ) ) ;
proto_tree_add_boolean ( tree , hf_eventlog_eventlogReadFlags_EVENTLOG_BACKWARDS_READ , tvb , offset - 4 , 4 , flags ) ;
if ( flags & ( 0x0008 ) ) {
proto_item_append_text ( item , " EVENTLOG_BACKWARDS_READ " ) ;
if ( flags & ( ~ ( 0x0008 ) ) )
proto_item_append_text ( item , " , " ) ;
}
flags & = ( ~ ( 0x0008 ) ) ;
if ( flags ) {
proto_item_append_text ( item , " Unknown bitmap value 0x%x " , flags ) ;
}
return offset ;
}
2007-02-24 21:34:29 +00:00
/* IDL: bitmap { */
2006-09-22 00:01:38 +00:00
/* IDL: EVENTLOG_SUCCESS = 0x0000 , */
/* IDL: EVENTLOG_ERROR_TYPE = 0x0001 , */
/* IDL: EVENTLOG_WARNING_TYPE = 0x0002 , */
/* IDL: EVENTLOG_INFORMATION_TYPE = 0x0004 , */
/* IDL: EVENTLOG_AUDIT_SUCCESS = 0x0008 , */
/* IDL: EVENTLOG_AUDIT_FAILURE = 0x0010 , */
2007-02-24 21:34:29 +00:00
/* IDL: } */
2006-09-22 00:01:38 +00:00
int
2007-03-22 08:45:01 +00:00
eventlog_dissect_bitmap_eventlogEventTypes ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * parent_tree _U_ , guint8 * drep _U_ , int hf_index _U_ , guint32 param _U_ )
2006-09-22 00:01:38 +00:00
{
proto_item * item = NULL ;
proto_tree * tree = NULL ;
guint32 flags ;
ALIGN_TO_4_BYTES ;
if ( parent_tree ) {
item = proto_tree_add_item ( parent_tree , hf_index , tvb , offset , 4 , TRUE ) ;
tree = proto_item_add_subtree ( item , ett_eventlog_eventlogEventTypes ) ;
}
offset = dissect_ndr_uint32 ( tvb , offset , pinfo , NULL , drep , - 1 , & flags ) ;
proto_item_append_text ( item , " : " ) ;
if ( ! flags )
proto_item_append_text ( item , " (No values set) " ) ;
proto_tree_add_boolean ( tree , hf_eventlog_eventlogEventTypes_EVENTLOG_SUCCESS , tvb , offset - 4 , 4 , flags ) ;
if ( flags & ( 0x0000 ) ) {
proto_item_append_text ( item , " EVENTLOG_SUCCESS " ) ;
if ( flags & ( ~ ( 0x0000 ) ) )
proto_item_append_text ( item , " , " ) ;
}
flags & = ( ~ ( 0x0000 ) ) ;
proto_tree_add_boolean ( tree , hf_eventlog_eventlogEventTypes_EVENTLOG_ERROR_TYPE , tvb , offset - 4 , 4 , flags ) ;
if ( flags & ( 0x0001 ) ) {
proto_item_append_text ( item , " EVENTLOG_ERROR_TYPE " ) ;
if ( flags & ( ~ ( 0x0001 ) ) )
proto_item_append_text ( item , " , " ) ;
}
flags & = ( ~ ( 0x0001 ) ) ;
proto_tree_add_boolean ( tree , hf_eventlog_eventlogEventTypes_EVENTLOG_WARNING_TYPE , tvb , offset - 4 , 4 , flags ) ;
if ( flags & ( 0x0002 ) ) {
proto_item_append_text ( item , " EVENTLOG_WARNING_TYPE " ) ;
if ( flags & ( ~ ( 0x0002 ) ) )
proto_item_append_text ( item , " , " ) ;
}
flags & = ( ~ ( 0x0002 ) ) ;
proto_tree_add_boolean ( tree , hf_eventlog_eventlogEventTypes_EVENTLOG_INFORMATION_TYPE , tvb , offset - 4 , 4 , flags ) ;
if ( flags & ( 0x0004 ) ) {
proto_item_append_text ( item , " EVENTLOG_INFORMATION_TYPE " ) ;
if ( flags & ( ~ ( 0x0004 ) ) )
proto_item_append_text ( item , " , " ) ;
}
flags & = ( ~ ( 0x0004 ) ) ;
proto_tree_add_boolean ( tree , hf_eventlog_eventlogEventTypes_EVENTLOG_AUDIT_SUCCESS , tvb , offset - 4 , 4 , flags ) ;
if ( flags & ( 0x0008 ) ) {
proto_item_append_text ( item , " EVENTLOG_AUDIT_SUCCESS " ) ;
if ( flags & ( ~ ( 0x0008 ) ) )
proto_item_append_text ( item , " , " ) ;
}
flags & = ( ~ ( 0x0008 ) ) ;
proto_tree_add_boolean ( tree , hf_eventlog_eventlogEventTypes_EVENTLOG_AUDIT_FAILURE , tvb , offset - 4 , 4 , flags ) ;
if ( flags & ( 0x0010 ) ) {
proto_item_append_text ( item , " EVENTLOG_AUDIT_FAILURE " ) ;
if ( flags & ( ~ ( 0x0010 ) ) )
proto_item_append_text ( item , " , " ) ;
}
flags & = ( ~ ( 0x0010 ) ) ;
if ( flags ) {
proto_item_append_text ( item , " Unknown bitmap value 0x%x " , flags ) ;
}
return offset ;
}
2007-02-24 21:34:29 +00:00
/* IDL: struct { */
2006-09-22 00:01:38 +00:00
/* IDL: uint16 unknown0; */
/* IDL: uint16 unknown1; */
2007-02-24 21:34:29 +00:00
/* IDL: } */
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_OpenUnknown0_unknown0 ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint16 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_OpenUnknown0_unknown0 , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_OpenUnknown0_unknown1 ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint16 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_OpenUnknown0_unknown1 , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
int
2007-03-22 08:45:01 +00:00
eventlog_dissect_struct_OpenUnknown0 ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * parent_tree _U_ , guint8 * drep _U_ , int hf_index _U_ , guint32 param _U_ )
2006-09-22 00:01:38 +00:00
{
proto_item * item = NULL ;
proto_tree * tree = NULL ;
int old_offset ;
ALIGN_TO_2_BYTES ;
old_offset = offset ;
if ( parent_tree ) {
item = proto_tree_add_item ( parent_tree , hf_index , tvb , offset , - 1 , TRUE ) ;
tree = proto_item_add_subtree ( item , ett_eventlog_eventlog_OpenUnknown0 ) ;
}
offset = eventlog_dissect_element_OpenUnknown0_unknown0 ( tvb , offset , pinfo , tree , drep ) ;
offset = eventlog_dissect_element_OpenUnknown0_unknown1 ( tvb , offset , pinfo , tree , drep ) ;
proto_item_set_len ( item , offset - old_offset ) ;
return offset ;
}
2007-02-24 21:34:29 +00:00
/* IDL: struct { */
2006-09-22 00:01:38 +00:00
/* IDL: uint32 size; */
/* IDL: uint32 reserved; */
/* IDL: uint32 record_number; */
/* IDL: uint32 time_generated; */
/* IDL: uint32 time_written; */
/* IDL: uint32 event_id; */
/* IDL: uint16 event_type; */
/* IDL: uint16 num_of_strings; */
/* IDL: uint16 event_category; */
/* IDL: uint16 reserved_flags; */
/* IDL: uint32 closing_record_number; */
/* IDL: uint32 stringoffset; */
/* IDL: uint32 sid_length; */
/* IDL: uint32 sid_offset; */
/* IDL: uint32 data_length; */
/* IDL: uint32 data_offset; */
/* IDL: [flag(LIBNDR_FLAG_STR_NULLTERM)] string source_name; */
/* IDL: [flag(LIBNDR_FLAG_STR_NULLTERM)] string computer_name; */
/* IDL: [flag(LIBNDR_FLAG_STR_NULLTERM)] string strings[num_of_strings]; */
/* IDL: [flag(LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM)] string raw_data; */
2007-02-24 21:34:29 +00:00
/* IDL: } */
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_Record_size ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint32 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_Record_size , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_Record_reserved ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint32 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_Record_reserved , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_Record_record_number ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint32 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_Record_record_number , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_Record_time_generated ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint32 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_Record_time_generated , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_Record_time_written ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint32 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_Record_time_written , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_Record_event_id ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint32 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_Record_event_id , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_Record_event_type ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint16 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_Record_event_type , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_Record_event_category ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint16 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_Record_event_category , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_Record_reserved_flags ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint16 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_Record_reserved_flags , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_Record_closing_record_number ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint32 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_Record_closing_record_number , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_Record_data_length ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint32 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_Record_data_length , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_Record_data_offset ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint32 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_Record_data_offset , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_Record_strings_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_Record_raw_data ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
return offset ;
}
int
2007-03-22 08:45:01 +00:00
eventlog_dissect_struct_Record ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * parent_tree _U_ , guint8 * drep _U_ , int hf_index _U_ , guint32 param _U_ )
2006-09-22 00:01:38 +00:00
{
proto_item * item = NULL ;
proto_tree * tree = NULL ;
int old_offset ;
ALIGN_TO_4_BYTES ;
old_offset = offset ;
if ( parent_tree ) {
item = proto_tree_add_item ( parent_tree , hf_index , tvb , offset , - 1 , TRUE ) ;
tree = proto_item_add_subtree ( item , ett_eventlog_eventlog_Record ) ;
}
offset = eventlog_dissect_element_Record_size ( tvb , offset , pinfo , tree , drep ) ;
offset = eventlog_dissect_element_Record_reserved ( tvb , offset , pinfo , tree , drep ) ;
offset = eventlog_dissect_element_Record_record_number ( tvb , offset , pinfo , tree , drep ) ;
offset = eventlog_dissect_element_Record_time_generated ( tvb , offset , pinfo , tree , drep ) ;
offset = eventlog_dissect_element_Record_time_written ( tvb , offset , pinfo , tree , drep ) ;
offset = eventlog_dissect_element_Record_event_id ( tvb , offset , pinfo , tree , drep ) ;
offset = eventlog_dissect_element_Record_event_type ( tvb , offset , pinfo , tree , drep ) ;
offset = eventlog_dissect_element_Record_num_of_strings ( tvb , offset , pinfo , tree , drep ) ;
offset = eventlog_dissect_element_Record_event_category ( tvb , offset , pinfo , tree , drep ) ;
offset = eventlog_dissect_element_Record_reserved_flags ( tvb , offset , pinfo , tree , drep ) ;
offset = eventlog_dissect_element_Record_closing_record_number ( tvb , offset , pinfo , tree , drep ) ;
offset = eventlog_dissect_element_Record_stringoffset ( tvb , offset , pinfo , tree , drep ) ;
offset = eventlog_dissect_element_Record_sid_length ( tvb , offset , pinfo , tree , drep ) ;
offset = eventlog_dissect_element_Record_sid_offset ( tvb , offset , pinfo , tree , drep ) ;
offset = eventlog_dissect_element_Record_data_length ( tvb , offset , pinfo , tree , drep ) ;
offset = eventlog_dissect_element_Record_data_offset ( tvb , offset , pinfo , tree , drep ) ;
offset = eventlog_dissect_element_Record_source_name ( tvb , offset , pinfo , tree , drep ) ;
offset = eventlog_dissect_element_Record_computer_name ( tvb , offset , pinfo , tree , drep ) ;
offset = eventlog_dissect_element_Record_strings ( tvb , offset , pinfo , tree , drep ) ;
offset = eventlog_dissect_element_Record_raw_data ( tvb , offset , pinfo , tree , drep ) ;
proto_item_set_len ( item , offset - old_offset ) ;
return offset ;
}
2007-02-24 21:34:29 +00:00
/* IDL: struct { */
2006-09-22 00:01:38 +00:00
/* IDL: uint32 unknown0; */
/* IDL: uint32 unknown1; */
2007-02-24 21:34:29 +00:00
/* IDL: } */
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_ChangeUnknown0_unknown0 ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint32 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_ChangeUnknown0_unknown0 , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_ChangeUnknown0_unknown1 ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint32 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_ChangeUnknown0_unknown1 , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
int
2007-03-22 08:45:01 +00:00
eventlog_dissect_struct_ChangeUnknown0 ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * parent_tree _U_ , guint8 * drep _U_ , int hf_index _U_ , guint32 param _U_ )
2006-09-22 00:01:38 +00:00
{
proto_item * item = NULL ;
proto_tree * tree = NULL ;
int old_offset ;
ALIGN_TO_4_BYTES ;
old_offset = offset ;
if ( parent_tree ) {
item = proto_tree_add_item ( parent_tree , hf_index , tvb , offset , - 1 , TRUE ) ;
tree = proto_item_add_subtree ( item , ett_eventlog_eventlog_ChangeUnknown0 ) ;
}
offset = eventlog_dissect_element_ChangeUnknown0_unknown0 ( tvb , offset , pinfo , tree , drep ) ;
offset = eventlog_dissect_element_ChangeUnknown0_unknown1 ( tvb , offset , pinfo , tree , drep ) ;
proto_item_set_len ( item , offset - old_offset ) ;
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_ClearEventLogW_handle ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
offset = dissect_ndr_toplevel_pointer ( tvb , offset , pinfo , tree , drep , eventlog_dissect_element_ClearEventLogW_handle_ , NDR_POINTER_REF , " Pointer to Handle (policy_handle) " , hf_eventlog_eventlog_ClearEventLogW_handle ) ;
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_ClearEventLogW_handle_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-02-24 21:34:29 +00:00
offset = PIDL_dissect_policy_hnd ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_ClearEventLogW_handle , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_ClearEventLogW_backupfilename ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
offset = dissect_ndr_toplevel_pointer ( tvb , offset , pinfo , tree , drep , eventlog_dissect_element_ClearEventLogW_backupfilename_ , NDR_POINTER_UNIQUE , " Pointer to Backupfilename (lsa_String) " , hf_eventlog_eventlog_ClearEventLogW_backupfilename ) ;
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_ClearEventLogW_backupfilename_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2006-11-05 05:21:33 +00:00
offset = eventlog_dissect_struct_lsa_String ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_ClearEventLogW_backupfilename , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
/* IDL: NTSTATUS eventlog_ClearEventLogW( */
/* IDL: [in] [ref] policy_handle *handle, */
/* IDL: [in] [unique(1)] lsa_String *backupfilename */
/* IDL: ); */
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_ClearEventLogW_response ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
guint32 status ;
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " ClearEventLogW " ;
2006-09-22 00:01:38 +00:00
offset = dissect_ntstatus ( tvb , offset , pinfo , tree , drep , hf_eventlog_status , & status ) ;
if ( status ! = 0 & & check_col ( pinfo - > cinfo , COL_INFO ) )
col_append_fstr ( pinfo - > cinfo , COL_INFO , " , Error: %s " , val_to_str ( status , NT_errors , " Unknown NT status 0x%08x " ) ) ;
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_ClearEventLogW_request ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " ClearEventLogW " ;
2006-09-22 00:01:38 +00:00
offset = eventlog_dissect_element_ClearEventLogW_handle ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
offset = eventlog_dissect_element_ClearEventLogW_backupfilename ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_BackupEventLogW_handle ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
offset = dissect_ndr_toplevel_pointer ( tvb , offset , pinfo , tree , drep , eventlog_dissect_element_BackupEventLogW_handle_ , NDR_POINTER_REF , " Pointer to Handle (policy_handle) " , hf_eventlog_eventlog_BackupEventLogW_handle ) ;
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_BackupEventLogW_handle_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-02-24 21:34:29 +00:00
offset = PIDL_dissect_policy_hnd ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_BackupEventLogW_handle , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_BackupEventLogW_backupfilename ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
offset = dissect_ndr_toplevel_pointer ( tvb , offset , pinfo , tree , drep , eventlog_dissect_element_BackupEventLogW_backupfilename_ , NDR_POINTER_UNIQUE , " Pointer to Backupfilename (lsa_String) " , hf_eventlog_eventlog_BackupEventLogW_backupfilename ) ;
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_BackupEventLogW_backupfilename_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2006-11-05 05:21:33 +00:00
offset = eventlog_dissect_struct_lsa_String ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_BackupEventLogW_backupfilename , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
/* IDL: NTSTATUS eventlog_BackupEventLogW( */
/* IDL: [in] [ref] policy_handle *handle, */
/* IDL: [in] [unique(1)] lsa_String *backupfilename */
/* IDL: ); */
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_BackupEventLogW_response ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
guint32 status ;
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " BackupEventLogW " ;
2006-09-22 00:01:38 +00:00
offset = dissect_ntstatus ( tvb , offset , pinfo , tree , drep , hf_eventlog_status , & status ) ;
if ( status ! = 0 & & check_col ( pinfo - > cinfo , COL_INFO ) )
col_append_fstr ( pinfo - > cinfo , COL_INFO , " , Error: %s " , val_to_str ( status , NT_errors , " Unknown NT status 0x%08x " ) ) ;
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_BackupEventLogW_request ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " BackupEventLogW " ;
2006-09-22 00:01:38 +00:00
offset = eventlog_dissect_element_BackupEventLogW_handle ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
offset = eventlog_dissect_element_BackupEventLogW_backupfilename ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_CloseEventLog_handle ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
offset = dissect_ndr_toplevel_pointer ( tvb , offset , pinfo , tree , drep , eventlog_dissect_element_CloseEventLog_handle_ , NDR_POINTER_REF , " Pointer to Handle (policy_handle) " , hf_eventlog_eventlog_CloseEventLog_handle ) ;
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_CloseEventLog_handle_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-02-24 21:34:29 +00:00
offset = PIDL_dissect_policy_hnd ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_CloseEventLog_handle , PIDL_POLHND_CLOSE ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
/* IDL: NTSTATUS eventlog_CloseEventLog( */
/* IDL: [out] [in] [ref] policy_handle *handle */
/* IDL: ); */
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_CloseEventLog_response ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
guint32 status ;
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " CloseEventLog " ;
2006-09-22 00:01:38 +00:00
offset = eventlog_dissect_element_CloseEventLog_handle ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
offset = dissect_ntstatus ( tvb , offset , pinfo , tree , drep , hf_eventlog_status , & status ) ;
if ( status ! = 0 & & check_col ( pinfo - > cinfo , COL_INFO ) )
col_append_fstr ( pinfo - > cinfo , COL_INFO , " , Error: %s " , val_to_str ( status , NT_errors , " Unknown NT status 0x%08x " ) ) ;
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_CloseEventLog_request ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " CloseEventLog " ;
2006-09-22 00:01:38 +00:00
offset = eventlog_dissect_element_CloseEventLog_handle ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_DeregisterEventSource_handle ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
offset = dissect_ndr_toplevel_pointer ( tvb , offset , pinfo , tree , drep , eventlog_dissect_element_DeregisterEventSource_handle_ , NDR_POINTER_REF , " Pointer to Handle (policy_handle) " , hf_eventlog_eventlog_DeregisterEventSource_handle ) ;
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_DeregisterEventSource_handle_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-02-24 21:34:29 +00:00
offset = PIDL_dissect_policy_hnd ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_DeregisterEventSource_handle , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
/* IDL: NTSTATUS eventlog_DeregisterEventSource( */
/* IDL: [out] [in] [ref] policy_handle *handle */
/* IDL: ); */
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_DeregisterEventSource_response ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
guint32 status ;
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " DeregisterEventSource " ;
2006-09-22 00:01:38 +00:00
offset = eventlog_dissect_element_DeregisterEventSource_handle ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
offset = dissect_ntstatus ( tvb , offset , pinfo , tree , drep , hf_eventlog_status , & status ) ;
if ( status ! = 0 & & check_col ( pinfo - > cinfo , COL_INFO ) )
col_append_fstr ( pinfo - > cinfo , COL_INFO , " , Error: %s " , val_to_str ( status , NT_errors , " Unknown NT status 0x%08x " ) ) ;
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_DeregisterEventSource_request ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " DeregisterEventSource " ;
2006-09-22 00:01:38 +00:00
offset = eventlog_dissect_element_DeregisterEventSource_handle ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_GetNumRecords_handle ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
offset = dissect_ndr_toplevel_pointer ( tvb , offset , pinfo , tree , drep , eventlog_dissect_element_GetNumRecords_handle_ , NDR_POINTER_REF , " Pointer to Handle (policy_handle) " , hf_eventlog_eventlog_GetNumRecords_handle ) ;
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_GetNumRecords_handle_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-02-24 21:34:29 +00:00
offset = PIDL_dissect_policy_hnd ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_GetNumRecords_handle , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_GetNumRecords_number ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2007-03-29 02:09:48 +00:00
{
offset = dissect_ndr_toplevel_pointer ( tvb , offset , pinfo , tree , drep , eventlog_dissect_element_GetNumRecords_number_ , NDR_POINTER_REF , " Pointer to Number (uint32) " , hf_eventlog_eventlog_GetNumRecords_number ) ;
return offset ;
}
static int
eventlog_dissect_element_GetNumRecords_number_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint32 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_GetNumRecords_number , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
/* IDL: NTSTATUS eventlog_GetNumRecords( */
/* IDL: [in] [ref] policy_handle *handle, */
2007-03-29 02:09:48 +00:00
/* IDL: [out] [ref] uint32 *number */
2006-09-22 00:01:38 +00:00
/* IDL: ); */
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_GetNumRecords_response ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
guint32 status ;
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " GetNumRecords " ;
2006-09-22 00:01:38 +00:00
offset = eventlog_dissect_element_GetNumRecords_number ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
offset = dissect_ntstatus ( tvb , offset , pinfo , tree , drep , hf_eventlog_status , & status ) ;
if ( status ! = 0 & & check_col ( pinfo - > cinfo , COL_INFO ) )
col_append_fstr ( pinfo - > cinfo , COL_INFO , " , Error: %s " , val_to_str ( status , NT_errors , " Unknown NT status 0x%08x " ) ) ;
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_GetNumRecords_request ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " GetNumRecords " ;
2006-09-22 00:01:38 +00:00
offset = eventlog_dissect_element_GetNumRecords_handle ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_GetOldestRecord_handle ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
offset = dissect_ndr_toplevel_pointer ( tvb , offset , pinfo , tree , drep , eventlog_dissect_element_GetOldestRecord_handle_ , NDR_POINTER_REF , " Pointer to Handle (policy_handle) " , hf_eventlog_eventlog_GetOldestRecord_handle ) ;
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_GetOldestRecord_handle_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-02-24 21:34:29 +00:00
offset = PIDL_dissect_policy_hnd ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_GetOldestRecord_handle , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_GetOldestRecord_oldest ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2007-03-29 02:09:48 +00:00
{
offset = dissect_ndr_toplevel_pointer ( tvb , offset , pinfo , tree , drep , eventlog_dissect_element_GetOldestRecord_oldest_ , NDR_POINTER_REF , " Pointer to Oldest (uint32) " , hf_eventlog_eventlog_GetOldestRecord_oldest ) ;
return offset ;
}
static int
eventlog_dissect_element_GetOldestRecord_oldest_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint32 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_GetOldestRecord_oldest , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
/* IDL: NTSTATUS eventlog_GetOldestRecord( */
/* IDL: [in] [ref] policy_handle *handle, */
2007-03-29 02:09:48 +00:00
/* IDL: [out] [ref] uint32 *oldest */
2006-09-22 00:01:38 +00:00
/* IDL: ); */
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_GetOldestRecord_response ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
guint32 status ;
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " GetOldestRecord " ;
2006-09-22 00:01:38 +00:00
offset = eventlog_dissect_element_GetOldestRecord_oldest ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
offset = dissect_ntstatus ( tvb , offset , pinfo , tree , drep , hf_eventlog_status , & status ) ;
if ( status ! = 0 & & check_col ( pinfo - > cinfo , COL_INFO ) )
col_append_fstr ( pinfo - > cinfo , COL_INFO , " , Error: %s " , val_to_str ( status , NT_errors , " Unknown NT status 0x%08x " ) ) ;
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_GetOldestRecord_request ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " GetOldestRecord " ;
2006-09-22 00:01:38 +00:00
offset = eventlog_dissect_element_GetOldestRecord_handle ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_ChangeNotify_handle ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
offset = dissect_ndr_toplevel_pointer ( tvb , offset , pinfo , tree , drep , eventlog_dissect_element_ChangeNotify_handle_ , NDR_POINTER_REF , " Pointer to Handle (policy_handle) " , hf_eventlog_eventlog_ChangeNotify_handle ) ;
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_ChangeNotify_handle_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-02-24 21:34:29 +00:00
offset = PIDL_dissect_policy_hnd ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_ChangeNotify_handle , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_ChangeNotify_unknown2 ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
offset = dissect_ndr_toplevel_pointer ( tvb , offset , pinfo , tree , drep , eventlog_dissect_element_ChangeNotify_unknown2_ , NDR_POINTER_REF , " Pointer to Unknown2 (eventlog_ChangeUnknown0) " , hf_eventlog_eventlog_ChangeNotify_unknown2 ) ;
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_ChangeNotify_unknown2_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
offset = eventlog_dissect_struct_ChangeUnknown0 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_ChangeNotify_unknown2 , 0 ) ;
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_ChangeNotify_unknown3 ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint32 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_ChangeNotify_unknown3 , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
/* IDL: NTSTATUS eventlog_ChangeNotify( */
/* IDL: [in] [ref] policy_handle *handle, */
/* IDL: [in] [ref] eventlog_ChangeUnknown0 *unknown2, */
/* IDL: [in] uint32 unknown3 */
/* IDL: ); */
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_ChangeNotify_response ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
guint32 status ;
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " ChangeNotify " ;
2006-09-22 00:01:38 +00:00
offset = dissect_ntstatus ( tvb , offset , pinfo , tree , drep , hf_eventlog_status , & status ) ;
if ( status ! = 0 & & check_col ( pinfo - > cinfo , COL_INFO ) )
col_append_fstr ( pinfo - > cinfo , COL_INFO , " , Error: %s " , val_to_str ( status , NT_errors , " Unknown NT status 0x%08x " ) ) ;
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_ChangeNotify_request ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " ChangeNotify " ;
2006-09-22 00:01:38 +00:00
offset = eventlog_dissect_element_ChangeNotify_handle ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
offset = eventlog_dissect_element_ChangeNotify_unknown2 ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
offset = eventlog_dissect_element_ChangeNotify_unknown3 ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_OpenEventLogW_unknown0 ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
offset = dissect_ndr_toplevel_pointer ( tvb , offset , pinfo , tree , drep , eventlog_dissect_element_OpenEventLogW_unknown0_ , NDR_POINTER_UNIQUE , " Pointer to Unknown0 (eventlog_OpenUnknown0) " , hf_eventlog_eventlog_OpenEventLogW_unknown0 ) ;
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_OpenEventLogW_unknown0_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
offset = eventlog_dissect_struct_OpenUnknown0 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_OpenEventLogW_unknown0 , 0 ) ;
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_OpenEventLogW_logname ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2006-11-05 05:21:33 +00:00
offset = eventlog_dissect_struct_lsa_String ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_OpenEventLogW_logname , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_OpenEventLogW_servername ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2006-11-05 05:21:33 +00:00
offset = eventlog_dissect_struct_lsa_String ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_OpenEventLogW_servername , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_OpenEventLogW_unknown2 ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint32 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_OpenEventLogW_unknown2 , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_OpenEventLogW_unknown3 ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint32 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_OpenEventLogW_unknown3 , 0 ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_OpenEventLogW_handle ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
offset = dissect_ndr_toplevel_pointer ( tvb , offset , pinfo , tree , drep , eventlog_dissect_element_OpenEventLogW_handle_ , NDR_POINTER_REF , " Pointer to Handle (policy_handle) " , hf_eventlog_eventlog_OpenEventLogW_handle ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_OpenEventLogW_handle_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-02-24 21:34:29 +00:00
offset = PIDL_dissect_policy_hnd ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_OpenEventLogW_handle , PIDL_POLHND_OPEN ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
/* IDL: NTSTATUS eventlog_OpenEventLogW( */
/* IDL: [in] [unique(1)] eventlog_OpenUnknown0 *unknown0, */
/* IDL: [in] lsa_String logname, */
/* IDL: [in] lsa_String servername, */
/* IDL: [in] uint32 unknown2, */
/* IDL: [in] uint32 unknown3, */
/* IDL: [out] [ref] policy_handle *handle */
/* IDL: ); */
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_OpenEventLogW_response ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
guint32 status ;
2004-07-13 05:29:23 +00:00
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " OpenEventLogW " ;
2006-09-22 00:01:38 +00:00
offset = eventlog_dissect_element_OpenEventLogW_handle ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
offset = dissect_ntstatus ( tvb , offset , pinfo , tree , drep , hf_eventlog_status , & status ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
if ( status ! = 0 & & check_col ( pinfo - > cinfo , COL_INFO ) )
col_append_fstr ( pinfo - > cinfo , COL_INFO , " , Error: %s " , val_to_str ( status , NT_errors , " Unknown NT status 0x%08x " ) ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_OpenEventLogW_request ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " OpenEventLogW " ;
2006-09-22 00:01:38 +00:00
offset = eventlog_dissect_element_OpenEventLogW_unknown0 ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
offset = eventlog_dissect_element_OpenEventLogW_logname ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
offset = eventlog_dissect_element_OpenEventLogW_servername ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
offset = eventlog_dissect_element_OpenEventLogW_unknown2 ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
offset = eventlog_dissect_element_OpenEventLogW_unknown3 ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
return offset ;
}
2004-07-13 05:29:23 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_RegisterEventSourceW_unknown0 ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2004-07-13 05:29:23 +00:00
{
2006-09-22 00:01:38 +00:00
offset = dissect_ndr_toplevel_pointer ( tvb , offset , pinfo , tree , drep , eventlog_dissect_element_RegisterEventSourceW_unknown0_ , NDR_POINTER_UNIQUE , " Pointer to Unknown0 (eventlog_OpenUnknown0) " , hf_eventlog_eventlog_RegisterEventSourceW_unknown0 ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_RegisterEventSourceW_unknown0_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
offset = eventlog_dissect_struct_OpenUnknown0 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_RegisterEventSourceW_unknown0 , 0 ) ;
2004-07-13 05:29:23 +00:00
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_RegisterEventSourceW_logname ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2004-07-13 05:29:23 +00:00
{
2006-11-05 05:21:33 +00:00
offset = eventlog_dissect_struct_lsa_String ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_RegisterEventSourceW_logname , 0 ) ;
2004-07-13 05:29:23 +00:00
return offset ;
}
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_RegisterEventSourceW_servername ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2006-11-05 05:21:33 +00:00
offset = eventlog_dissect_struct_lsa_String ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_RegisterEventSourceW_servername , 0 ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_RegisterEventSourceW_unknown2 ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2004-07-13 05:29:23 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint32 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_RegisterEventSourceW_unknown2 , 0 ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_RegisterEventSourceW_unknown3 ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint32 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_RegisterEventSourceW_unknown3 , 0 ) ;
2004-07-13 05:29:23 +00:00
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_RegisterEventSourceW_handle ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2004-07-13 05:29:23 +00:00
{
2006-09-22 00:01:38 +00:00
offset = dissect_ndr_toplevel_pointer ( tvb , offset , pinfo , tree , drep , eventlog_dissect_element_RegisterEventSourceW_handle_ , NDR_POINTER_REF , " Pointer to Handle (policy_handle) " , hf_eventlog_eventlog_RegisterEventSourceW_handle ) ;
2004-07-13 05:29:23 +00:00
return offset ;
}
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_RegisterEventSourceW_handle_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-02-24 21:34:29 +00:00
offset = PIDL_dissect_policy_hnd ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_RegisterEventSourceW_handle , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
/* IDL: NTSTATUS eventlog_RegisterEventSourceW( */
/* IDL: [in] [unique(1)] eventlog_OpenUnknown0 *unknown0, */
/* IDL: [in] lsa_String logname, */
/* IDL: [in] lsa_String servername, */
/* IDL: [in] uint32 unknown2, */
/* IDL: [in] uint32 unknown3, */
/* IDL: [out] [ref] policy_handle *handle */
/* IDL: ); */
2004-07-13 05:29:23 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_RegisterEventSourceW_response ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2004-07-13 05:29:23 +00:00
{
2006-09-22 00:01:38 +00:00
guint32 status ;
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " RegisterEventSourceW " ;
2006-09-22 00:01:38 +00:00
offset = eventlog_dissect_element_RegisterEventSourceW_handle ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
offset = dissect_ntstatus ( tvb , offset , pinfo , tree , drep , hf_eventlog_status , & status ) ;
if ( status ! = 0 & & check_col ( pinfo - > cinfo , COL_INFO ) )
col_append_fstr ( pinfo - > cinfo , COL_INFO , " , Error: %s " , val_to_str ( status , NT_errors , " Unknown NT status 0x%08x " ) ) ;
2004-07-13 05:29:23 +00:00
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_RegisterEventSourceW_request ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2004-07-13 05:29:23 +00:00
{
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " RegisterEventSourceW " ;
2006-09-22 00:01:38 +00:00
offset = eventlog_dissect_element_RegisterEventSourceW_unknown0 ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
offset = eventlog_dissect_element_RegisterEventSourceW_logname ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
offset = eventlog_dissect_element_RegisterEventSourceW_servername ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
offset = eventlog_dissect_element_RegisterEventSourceW_unknown2 ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
offset = eventlog_dissect_element_RegisterEventSourceW_unknown3 ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_OpenBackupEventLogW_unknown0 ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
offset = dissect_ndr_toplevel_pointer ( tvb , offset , pinfo , tree , drep , eventlog_dissect_element_OpenBackupEventLogW_unknown0_ , NDR_POINTER_UNIQUE , " Pointer to Unknown0 (eventlog_OpenUnknown0) " , hf_eventlog_eventlog_OpenBackupEventLogW_unknown0 ) ;
2004-07-13 05:29:23 +00:00
return offset ;
}
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_OpenBackupEventLogW_unknown0_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
offset = eventlog_dissect_struct_OpenUnknown0 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_OpenBackupEventLogW_unknown0 , 0 ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_OpenBackupEventLogW_logname ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2004-07-13 05:29:23 +00:00
{
2006-11-05 05:21:33 +00:00
offset = eventlog_dissect_struct_lsa_String ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_OpenBackupEventLogW_logname , 0 ) ;
2004-07-13 05:29:23 +00:00
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_OpenBackupEventLogW_unknown2 ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2004-07-13 05:29:23 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint32 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_OpenBackupEventLogW_unknown2 , 0 ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_OpenBackupEventLogW_unknown3 ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint32 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_OpenBackupEventLogW_unknown3 , 0 ) ;
2004-07-13 05:29:23 +00:00
return offset ;
}
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_OpenBackupEventLogW_handle ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
offset = dissect_ndr_toplevel_pointer ( tvb , offset , pinfo , tree , drep , eventlog_dissect_element_OpenBackupEventLogW_handle_ , NDR_POINTER_REF , " Pointer to Handle (policy_handle) " , hf_eventlog_eventlog_OpenBackupEventLogW_handle ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_OpenBackupEventLogW_handle_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2004-07-13 05:29:23 +00:00
{
2007-02-24 21:34:29 +00:00
offset = PIDL_dissect_policy_hnd ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_OpenBackupEventLogW_handle , PIDL_POLHND_OPEN ) ;
2004-07-13 05:29:23 +00:00
return offset ;
}
2006-09-22 00:01:38 +00:00
/* IDL: NTSTATUS eventlog_OpenBackupEventLogW( */
/* IDL: [in] [unique(1)] eventlog_OpenUnknown0 *unknown0, */
/* IDL: [in] lsa_String logname, */
/* IDL: [in] uint32 unknown2, */
/* IDL: [in] uint32 unknown3, */
/* IDL: [out] [ref] policy_handle *handle */
/* IDL: ); */
2004-07-13 05:29:23 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_OpenBackupEventLogW_response ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2004-07-13 05:29:23 +00:00
{
2006-09-22 00:01:38 +00:00
guint32 status ;
2004-07-13 05:29:23 +00:00
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " OpenBackupEventLogW " ;
2006-09-22 00:01:38 +00:00
offset = eventlog_dissect_element_OpenBackupEventLogW_handle ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
offset = dissect_ntstatus ( tvb , offset , pinfo , tree , drep , hf_eventlog_status , & status ) ;
if ( status ! = 0 & & check_col ( pinfo - > cinfo , COL_INFO ) )
col_append_fstr ( pinfo - > cinfo , COL_INFO , " , Error: %s " , val_to_str ( status , NT_errors , " Unknown NT status 0x%08x " ) ) ;
2004-07-13 05:29:23 +00:00
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_OpenBackupEventLogW_request ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2004-07-13 05:29:23 +00:00
{
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " OpenBackupEventLogW " ;
2006-09-22 00:01:38 +00:00
offset = eventlog_dissect_element_OpenBackupEventLogW_unknown0 ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
offset = eventlog_dissect_element_OpenBackupEventLogW_logname ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
offset = eventlog_dissect_element_OpenBackupEventLogW_unknown2 ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
offset = eventlog_dissect_element_OpenBackupEventLogW_unknown3 ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_ReadEventLogW_handle ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
offset = dissect_ndr_toplevel_pointer ( tvb , offset , pinfo , tree , drep , eventlog_dissect_element_ReadEventLogW_handle_ , NDR_POINTER_REF , " Pointer to Handle (policy_handle) " , hf_eventlog_eventlog_ReadEventLogW_handle ) ;
2004-07-13 05:29:23 +00:00
return offset ;
}
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_ReadEventLogW_handle_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-02-24 21:34:29 +00:00
offset = PIDL_dissect_policy_hnd ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_ReadEventLogW_handle , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_ReadEventLogW_flags ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2004-07-13 05:29:23 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint32 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_ReadEventLogW_flags , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_ReadEventLogW_offset ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint32 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_ReadEventLogW_offset , 0 ) ;
2004-07-13 05:29:23 +00:00
return offset ;
}
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_ReadEventLogW_number_of_bytes ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint32 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_ReadEventLogW_number_of_bytes , 0 ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_ReadEventLogW_data ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2004-07-13 05:29:23 +00:00
{
2006-09-22 00:01:38 +00:00
offset = dissect_ndr_toplevel_pointer ( tvb , offset , pinfo , tree , drep , eventlog_dissect_element_ReadEventLogW_data_ , NDR_POINTER_REF , " Pointer to Data (uint8) " , hf_eventlog_eventlog_ReadEventLogW_data ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_ReadEventLogW_sent_size ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2007-03-29 02:09:48 +00:00
{
offset = dissect_ndr_toplevel_pointer ( tvb , offset , pinfo , tree , drep , eventlog_dissect_element_ReadEventLogW_sent_size_ , NDR_POINTER_REF , " Pointer to Sent Size (uint32) " , hf_eventlog_eventlog_ReadEventLogW_sent_size ) ;
return offset ;
}
static int
eventlog_dissect_element_ReadEventLogW_sent_size_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint32 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_ReadEventLogW_sent_size , 0 ) ;
2004-07-13 05:29:23 +00:00
return offset ;
}
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_ReadEventLogW_real_size ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2007-03-29 02:09:48 +00:00
{
offset = dissect_ndr_toplevel_pointer ( tvb , offset , pinfo , tree , drep , eventlog_dissect_element_ReadEventLogW_real_size_ , NDR_POINTER_REF , " Pointer to Real Size (uint32) " , hf_eventlog_eventlog_ReadEventLogW_real_size ) ;
return offset ;
}
static int
eventlog_dissect_element_ReadEventLogW_real_size_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint32 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_ReadEventLogW_real_size , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
/* IDL: NTSTATUS eventlog_ReadEventLogW( */
/* IDL: [in] [ref] policy_handle *handle, */
/* IDL: [in] uint32 flags, */
/* IDL: [in] uint32 offset, */
/* IDL: [in] uint32 number_of_bytes, */
/* IDL: [size_is(number_of_bytes)] [out] [ref] uint8 *data, */
2007-03-29 02:09:48 +00:00
/* IDL: [out] [ref] uint32 *sent_size, */
/* IDL: [out] [ref] uint32 *real_size */
2006-09-22 00:01:38 +00:00
/* IDL: ); */
2004-07-13 05:29:23 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_ReadEventLogW_response ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2004-07-13 05:29:23 +00:00
{
2006-09-22 00:01:38 +00:00
guint32 status ;
2004-07-13 05:29:23 +00:00
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " ReadEventLogW " ;
2006-09-22 00:01:38 +00:00
offset = eventlog_dissect_element_ReadEventLogW_data ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
offset = eventlog_dissect_element_ReadEventLogW_sent_size ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
offset = eventlog_dissect_element_ReadEventLogW_real_size ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
offset = dissect_ntstatus ( tvb , offset , pinfo , tree , drep , hf_eventlog_status , & status ) ;
if ( status ! = 0 & & check_col ( pinfo - > cinfo , COL_INFO ) )
col_append_fstr ( pinfo - > cinfo , COL_INFO , " , Error: %s " , val_to_str ( status , NT_errors , " Unknown NT status 0x%08x " ) ) ;
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_ReadEventLogW_request ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " ReadEventLogW " ;
2006-09-22 00:01:38 +00:00
offset = eventlog_dissect_element_ReadEventLogW_handle ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
offset = eventlog_dissect_element_ReadEventLogW_flags ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
offset = eventlog_dissect_element_ReadEventLogW_offset ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
offset = eventlog_dissect_element_ReadEventLogW_number_of_bytes ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
2004-07-13 05:29:23 +00:00
return offset ;
}
2006-09-22 00:01:38 +00:00
/* IDL: NTSTATUS eventlog_ReportEventW( */
/* IDL: */
/* IDL: ); */
2004-07-13 05:29:23 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_ReportEventW_response ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2004-07-13 05:29:23 +00:00
{
2006-09-22 00:01:38 +00:00
guint32 status ;
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " ReportEventW " ;
2006-09-22 00:01:38 +00:00
offset = dissect_ntstatus ( tvb , offset , pinfo , tree , drep , hf_eventlog_status , & status ) ;
if ( status ! = 0 & & check_col ( pinfo - > cinfo , COL_INFO ) )
col_append_fstr ( pinfo - > cinfo , COL_INFO , " , Error: %s " , val_to_str ( status , NT_errors , " Unknown NT status 0x%08x " ) ) ;
2004-07-13 05:29:23 +00:00
return offset ;
}
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_ReportEventW_request ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " ReportEventW " ;
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
/* IDL: NTSTATUS eventlog_ClearEventLogA( */
/* IDL: */
/* IDL: ); */
2004-07-13 05:29:23 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_ClearEventLogA_response ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2004-07-13 05:29:23 +00:00
{
2006-09-22 00:01:38 +00:00
guint32 status ;
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " ClearEventLogA " ;
2006-09-22 00:01:38 +00:00
offset = dissect_ntstatus ( tvb , offset , pinfo , tree , drep , hf_eventlog_status , & status ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
if ( status ! = 0 & & check_col ( pinfo - > cinfo , COL_INFO ) )
col_append_fstr ( pinfo - > cinfo , COL_INFO , " , Error: %s " , val_to_str ( status , NT_errors , " Unknown NT status 0x%08x " ) ) ;
2004-07-13 05:29:23 +00:00
return offset ;
}
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_ClearEventLogA_request ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " ClearEventLogA " ;
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
/* IDL: NTSTATUS eventlog_BackupEventLogA( */
/* IDL: */
/* IDL: ); */
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_BackupEventLogA_response ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2004-07-13 05:29:23 +00:00
{
2006-09-22 00:01:38 +00:00
guint32 status ;
2004-07-13 05:29:23 +00:00
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " BackupEventLogA " ;
2006-09-22 00:01:38 +00:00
offset = dissect_ntstatus ( tvb , offset , pinfo , tree , drep , hf_eventlog_status , & status ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
if ( status ! = 0 & & check_col ( pinfo - > cinfo , COL_INFO ) )
col_append_fstr ( pinfo - > cinfo , COL_INFO , " , Error: %s " , val_to_str ( status , NT_errors , " Unknown NT status 0x%08x " ) ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_BackupEventLogA_request ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " BackupEventLogA " ;
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
/* IDL: NTSTATUS eventlog_OpenEventLogA( */
/* IDL: */
/* IDL: ); */
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_OpenEventLogA_response ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
guint32 status ;
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " OpenEventLogA " ;
2006-09-22 00:01:38 +00:00
offset = dissect_ntstatus ( tvb , offset , pinfo , tree , drep , hf_eventlog_status , & status ) ;
if ( status ! = 0 & & check_col ( pinfo - > cinfo , COL_INFO ) )
col_append_fstr ( pinfo - > cinfo , COL_INFO , " , Error: %s " , val_to_str ( status , NT_errors , " Unknown NT status 0x%08x " ) ) ;
2004-07-13 05:29:23 +00:00
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_OpenEventLogA_request ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2004-07-13 05:29:23 +00:00
{
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " OpenEventLogA " ;
2006-09-22 00:01:38 +00:00
return offset ;
}
/* IDL: NTSTATUS eventlog_RegisterEventSourceA( */
/* IDL: */
/* IDL: ); */
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_RegisterEventSourceA_response ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
guint32 status ;
2004-07-13 05:29:23 +00:00
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " RegisterEventSourceA " ;
2006-09-22 00:01:38 +00:00
offset = dissect_ntstatus ( tvb , offset , pinfo , tree , drep , hf_eventlog_status , & status ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
if ( status ! = 0 & & check_col ( pinfo - > cinfo , COL_INFO ) )
col_append_fstr ( pinfo - > cinfo , COL_INFO , " , Error: %s " , val_to_str ( status , NT_errors , " Unknown NT status 0x%08x " ) ) ;
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_RegisterEventSourceA_request ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " RegisterEventSourceA " ;
2004-07-13 05:29:23 +00:00
return offset ;
}
2006-09-22 00:01:38 +00:00
/* IDL: NTSTATUS eventlog_OpenBackupEventLogA( */
/* IDL: */
/* IDL: ); */
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_OpenBackupEventLogA_response ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2004-07-13 05:29:23 +00:00
{
2006-09-22 00:01:38 +00:00
guint32 status ;
2004-07-13 05:29:23 +00:00
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " OpenBackupEventLogA " ;
2006-09-22 00:01:38 +00:00
offset = dissect_ntstatus ( tvb , offset , pinfo , tree , drep , hf_eventlog_status , & status ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
if ( status ! = 0 & & check_col ( pinfo - > cinfo , COL_INFO ) )
col_append_fstr ( pinfo - > cinfo , COL_INFO , " , Error: %s " , val_to_str ( status , NT_errors , " Unknown NT status 0x%08x " ) ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_OpenBackupEventLogA_request ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " OpenBackupEventLogA " ;
2006-09-22 00:01:38 +00:00
return offset ;
}
/* IDL: NTSTATUS eventlog_ReadEventLogA( */
/* IDL: */
/* IDL: ); */
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_ReadEventLogA_response ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
guint32 status ;
2004-07-13 05:29:23 +00:00
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " ReadEventLogA " ;
2006-09-22 00:01:38 +00:00
offset = dissect_ntstatus ( tvb , offset , pinfo , tree , drep , hf_eventlog_status , & status ) ;
if ( status ! = 0 & & check_col ( pinfo - > cinfo , COL_INFO ) )
col_append_fstr ( pinfo - > cinfo , COL_INFO , " , Error: %s " , val_to_str ( status , NT_errors , " Unknown NT status 0x%08x " ) ) ;
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_ReadEventLogA_request ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " ReadEventLogA " ;
2004-07-13 05:29:23 +00:00
return offset ;
}
2006-09-22 00:01:38 +00:00
/* IDL: NTSTATUS eventlog_ReportEventA( */
/* IDL: */
/* IDL: ); */
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_ReportEventA_response ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2004-07-13 05:29:23 +00:00
{
2006-09-22 00:01:38 +00:00
guint32 status ;
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " ReportEventA " ;
2006-09-22 00:01:38 +00:00
offset = dissect_ntstatus ( tvb , offset , pinfo , tree , drep , hf_eventlog_status , & status ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
if ( status ! = 0 & & check_col ( pinfo - > cinfo , COL_INFO ) )
col_append_fstr ( pinfo - > cinfo , COL_INFO , " , Error: %s " , val_to_str ( status , NT_errors , " Unknown NT status 0x%08x " ) ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_ReportEventA_request ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " ReportEventA " ;
2004-07-13 05:29:23 +00:00
return offset ;
}
2006-09-22 00:01:38 +00:00
/* IDL: NTSTATUS eventlog_RegisterClusterSvc( */
/* IDL: */
/* IDL: ); */
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_RegisterClusterSvc_response ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2004-07-13 05:29:23 +00:00
{
2006-09-22 00:01:38 +00:00
guint32 status ;
2004-07-13 05:29:23 +00:00
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " RegisterClusterSvc " ;
2006-09-22 00:01:38 +00:00
offset = dissect_ntstatus ( tvb , offset , pinfo , tree , drep , hf_eventlog_status , & status ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
if ( status ! = 0 & & check_col ( pinfo - > cinfo , COL_INFO ) )
col_append_fstr ( pinfo - > cinfo , COL_INFO , " , Error: %s " , val_to_str ( status , NT_errors , " Unknown NT status 0x%08x " ) ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_RegisterClusterSvc_request ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " RegisterClusterSvc " ;
2004-07-13 05:29:23 +00:00
return offset ;
}
2006-09-22 00:01:38 +00:00
/* IDL: NTSTATUS eventlog_DeregisterClusterSvc( */
/* IDL: */
/* IDL: ); */
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_DeregisterClusterSvc_response ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2004-07-13 05:29:23 +00:00
{
2006-09-22 00:01:38 +00:00
guint32 status ;
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " DeregisterClusterSvc " ;
2006-09-22 00:01:38 +00:00
offset = dissect_ntstatus ( tvb , offset , pinfo , tree , drep , hf_eventlog_status , & status ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
if ( status ! = 0 & & check_col ( pinfo - > cinfo , COL_INFO ) )
col_append_fstr ( pinfo - > cinfo , COL_INFO , " , Error: %s " , val_to_str ( status , NT_errors , " Unknown NT status 0x%08x " ) ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_DeregisterClusterSvc_request ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " DeregisterClusterSvc " ;
2004-07-13 05:29:23 +00:00
return offset ;
}
2006-09-22 00:01:38 +00:00
/* IDL: NTSTATUS eventlog_WriteClusterEvents( */
/* IDL: */
/* IDL: ); */
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_WriteClusterEvents_response ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2004-07-13 05:29:23 +00:00
{
2006-09-22 00:01:38 +00:00
guint32 status ;
2004-07-13 05:29:23 +00:00
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " WriteClusterEvents " ;
2006-09-22 00:01:38 +00:00
offset = dissect_ntstatus ( tvb , offset , pinfo , tree , drep , hf_eventlog_status , & status ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
if ( status ! = 0 & & check_col ( pinfo - > cinfo , COL_INFO ) )
col_append_fstr ( pinfo - > cinfo , COL_INFO , " , Error: %s " , val_to_str ( status , NT_errors , " Unknown NT status 0x%08x " ) ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_WriteClusterEvents_request ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " WriteClusterEvents " ;
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_GetLogIntormation_handle ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
offset = dissect_ndr_toplevel_pointer ( tvb , offset , pinfo , tree , drep , eventlog_dissect_element_GetLogIntormation_handle_ , NDR_POINTER_REF , " Pointer to Handle (policy_handle) " , hf_eventlog_eventlog_GetLogIntormation_handle ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_GetLogIntormation_handle_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2004-07-13 05:29:23 +00:00
{
2007-02-24 21:34:29 +00:00
offset = PIDL_dissect_policy_hnd ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_GetLogIntormation_handle , 0 ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_GetLogIntormation_dwInfoLevel ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint32 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_GetLogIntormation_dwInfoLevel , 0 ) ;
2006-09-22 00:01:38 +00:00
return offset ;
}
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_GetLogIntormation_lpBuffer ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
offset = dissect_ndr_ucarray ( tvb , offset , pinfo , tree , drep , eventlog_dissect_element_GetLogIntormation_lpBuffer_ ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_GetLogIntormation_lpBuffer_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2004-07-13 05:29:23 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint8 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_GetLogIntormation_lpBuffer , 0 ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_GetLogIntormation_cbBufSize ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint32 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_GetLogIntormation_cbBufSize , 0 ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_GetLogIntormation_cbBytesNeeded ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2007-03-29 02:09:48 +00:00
{
offset = dissect_ndr_toplevel_pointer ( tvb , offset , pinfo , tree , drep , eventlog_dissect_element_GetLogIntormation_cbBytesNeeded_ , NDR_POINTER_REF , " Pointer to Cbbytesneeded (int32) " , hf_eventlog_eventlog_GetLogIntormation_cbBytesNeeded ) ;
return offset ;
}
static int
eventlog_dissect_element_GetLogIntormation_cbBytesNeeded_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-03-22 08:45:01 +00:00
offset = PIDL_dissect_uint32 ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_GetLogIntormation_cbBytesNeeded , 0 ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
/* IDL: NTSTATUS eventlog_GetLogIntormation( */
/* IDL: [in] [ref] policy_handle *handle, */
/* IDL: [in] uint32 dwInfoLevel, */
/* IDL: [size_is(cbBufSize)] [out] uint8 lpBuffer[*], */
/* IDL: [in] uint32 cbBufSize, */
2007-03-29 02:09:48 +00:00
/* IDL: [out] [ref] int32 *cbBytesNeeded */
2006-09-22 00:01:38 +00:00
/* IDL: ); */
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_GetLogIntormation_response ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
guint32 status ;
2004-07-13 05:29:23 +00:00
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " GetLogIntormation " ;
2006-09-22 00:01:38 +00:00
offset = eventlog_dissect_element_GetLogIntormation_lpBuffer ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
offset = eventlog_dissect_element_GetLogIntormation_cbBytesNeeded ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
offset = dissect_ntstatus ( tvb , offset , pinfo , tree , drep , hf_eventlog_status , & status ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
if ( status ! = 0 & & check_col ( pinfo - > cinfo , COL_INFO ) )
col_append_fstr ( pinfo - > cinfo , COL_INFO , " , Error: %s " , val_to_str ( status , NT_errors , " Unknown NT status 0x%08x " ) ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_GetLogIntormation_request ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " GetLogIntormation " ;
2006-09-22 00:01:38 +00:00
offset = eventlog_dissect_element_GetLogIntormation_handle ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
offset = eventlog_dissect_element_GetLogIntormation_dwInfoLevel ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
offset = eventlog_dissect_element_GetLogIntormation_cbBufSize ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_FlushEventLog_handle ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
offset = dissect_ndr_toplevel_pointer ( tvb , offset , pinfo , tree , drep , eventlog_dissect_element_FlushEventLog_handle_ , NDR_POINTER_REF , " Pointer to Handle (policy_handle) " , hf_eventlog_eventlog_FlushEventLog_handle ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_element_FlushEventLog_handle_ ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-02-24 21:34:29 +00:00
offset = PIDL_dissect_policy_hnd ( tvb , offset , pinfo , tree , drep , hf_eventlog_eventlog_FlushEventLog_handle , 0 ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
/* IDL: NTSTATUS eventlog_FlushEventLog( */
/* IDL: [in] [ref] policy_handle *handle */
/* IDL: ); */
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_FlushEventLog_response ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
guint32 status ;
2004-07-13 05:29:23 +00:00
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " FlushEventLog " ;
2006-09-22 00:01:38 +00:00
offset = dissect_ntstatus ( tvb , offset , pinfo , tree , drep , hf_eventlog_status , & status ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
if ( status ! = 0 & & check_col ( pinfo - > cinfo , COL_INFO ) )
col_append_fstr ( pinfo - > cinfo , COL_INFO , " , Error: %s " , val_to_str ( status , NT_errors , " Unknown NT status 0x%08x " ) ) ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
return offset ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static int
2007-03-22 08:45:01 +00:00
eventlog_dissect_FlushEventLog_request ( tvbuff_t * tvb _U_ , int offset _U_ , packet_info * pinfo _U_ , proto_tree * tree _U_ , guint8 * drep _U_ )
2006-09-22 00:01:38 +00:00
{
2007-02-24 21:34:29 +00:00
pinfo - > dcerpc_procedure_name = " FlushEventLog " ;
2006-09-22 00:01:38 +00:00
offset = eventlog_dissect_element_FlushEventLog_handle ( tvb , offset , pinfo , tree , drep ) ;
offset = dissect_deferred_pointers ( pinfo , tvb , offset , drep ) ;
return offset ;
2004-07-13 05:29:23 +00:00
}
2006-09-22 00:01:38 +00:00
static dcerpc_sub_dissector eventlog_dissectors [ ] = {
{ 0 , " ClearEventLogW " ,
eventlog_dissect_ClearEventLogW_request , eventlog_dissect_ClearEventLogW_response } ,
{ 1 , " BackupEventLogW " ,
eventlog_dissect_BackupEventLogW_request , eventlog_dissect_BackupEventLogW_response } ,
{ 2 , " CloseEventLog " ,
eventlog_dissect_CloseEventLog_request , eventlog_dissect_CloseEventLog_response } ,
{ 3 , " DeregisterEventSource " ,
eventlog_dissect_DeregisterEventSource_request , eventlog_dissect_DeregisterEventSource_response } ,
{ 4 , " GetNumRecords " ,
eventlog_dissect_GetNumRecords_request , eventlog_dissect_GetNumRecords_response } ,
{ 5 , " GetOldestRecord " ,
eventlog_dissect_GetOldestRecord_request , eventlog_dissect_GetOldestRecord_response } ,
{ 6 , " ChangeNotify " ,
eventlog_dissect_ChangeNotify_request , eventlog_dissect_ChangeNotify_response } ,
{ 7 , " OpenEventLogW " ,
eventlog_dissect_OpenEventLogW_request , eventlog_dissect_OpenEventLogW_response } ,
{ 8 , " RegisterEventSourceW " ,
eventlog_dissect_RegisterEventSourceW_request , eventlog_dissect_RegisterEventSourceW_response } ,
{ 9 , " OpenBackupEventLogW " ,
eventlog_dissect_OpenBackupEventLogW_request , eventlog_dissect_OpenBackupEventLogW_response } ,
{ 10 , " ReadEventLogW " ,
eventlog_dissect_ReadEventLogW_request , eventlog_dissect_ReadEventLogW_response } ,
{ 11 , " ReportEventW " ,
eventlog_dissect_ReportEventW_request , eventlog_dissect_ReportEventW_response } ,
{ 12 , " ClearEventLogA " ,
eventlog_dissect_ClearEventLogA_request , eventlog_dissect_ClearEventLogA_response } ,
{ 13 , " BackupEventLogA " ,
eventlog_dissect_BackupEventLogA_request , eventlog_dissect_BackupEventLogA_response } ,
{ 14 , " OpenEventLogA " ,
eventlog_dissect_OpenEventLogA_request , eventlog_dissect_OpenEventLogA_response } ,
{ 15 , " RegisterEventSourceA " ,
eventlog_dissect_RegisterEventSourceA_request , eventlog_dissect_RegisterEventSourceA_response } ,
{ 16 , " OpenBackupEventLogA " ,
eventlog_dissect_OpenBackupEventLogA_request , eventlog_dissect_OpenBackupEventLogA_response } ,
{ 17 , " ReadEventLogA " ,
eventlog_dissect_ReadEventLogA_request , eventlog_dissect_ReadEventLogA_response } ,
{ 18 , " ReportEventA " ,
eventlog_dissect_ReportEventA_request , eventlog_dissect_ReportEventA_response } ,
{ 19 , " RegisterClusterSvc " ,
eventlog_dissect_RegisterClusterSvc_request , eventlog_dissect_RegisterClusterSvc_response } ,
{ 20 , " DeregisterClusterSvc " ,
eventlog_dissect_DeregisterClusterSvc_request , eventlog_dissect_DeregisterClusterSvc_response } ,
{ 21 , " WriteClusterEvents " ,
eventlog_dissect_WriteClusterEvents_request , eventlog_dissect_WriteClusterEvents_response } ,
{ 22 , " GetLogIntormation " ,
eventlog_dissect_GetLogIntormation_request , eventlog_dissect_GetLogIntormation_response } ,
{ 23 , " FlushEventLog " ,
eventlog_dissect_FlushEventLog_request , eventlog_dissect_FlushEventLog_response } ,
{ 0 , NULL , NULL , NULL }
} ;
void proto_register_dcerpc_eventlog ( void )
2004-07-13 05:29:23 +00:00
{
2006-09-22 00:01:38 +00:00
static hf_register_info hf [ ] = {
{ & hf_eventlog_eventlog_ReadEventLogW_offset ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Offset " , " eventlog.eventlog_ReadEventLogW.offset " , FT_UINT32 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_ChangeNotify_unknown2 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Unknown2 " , " eventlog.eventlog_ChangeNotify.unknown2 " , FT_NONE , BASE_NONE , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_ChangeNotify_unknown3 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Unknown3 " , " eventlog.eventlog_ChangeNotify.unknown3 " , FT_UINT32 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_Record_data_offset ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Data Offset " , " eventlog.eventlog_Record.data_offset " , FT_UINT32 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_Record_sid_length ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Sid Length " , " eventlog.eventlog_Record.sid_length " , FT_UINT32 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_RegisterEventSourceW_handle ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Handle " , " eventlog.eventlog_RegisterEventSourceW.handle " , FT_BYTES , BASE_NONE , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_BackupEventLogW_backupfilename ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Backupfilename " , " eventlog.eventlog_BackupEventLogW.backupfilename " , FT_NONE , BASE_NONE , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_ChangeUnknown0_unknown0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Unknown0 " , " eventlog.eventlog_ChangeUnknown0.unknown0 " , FT_UINT32 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_Record_computer_name ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Computer Name " , " eventlog.eventlog_Record.computer_name " , FT_NONE , BASE_NONE , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlogEventTypes_EVENTLOG_SUCCESS ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Eventlog Success " , " eventlog.eventlogEventTypes.EVENTLOG_SUCCESS " , FT_BOOLEAN , BASE_NONE , TFS ( & eventlogEventTypes_EVENTLOG_SUCCESS_tfs ) , ( 0x0 ) , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_ChangeUnknown0_unknown1 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Unknown1 " , " eventlog.eventlog_ChangeUnknown0.unknown1 " , FT_UINT32 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_Record_strings ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Strings " , " eventlog.eventlog_Record.strings " , FT_NONE , BASE_NONE , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_GetLogIntormation_cbBytesNeeded ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Cbbytesneeded " , " eventlog.eventlog_GetLogIntormation.cbBytesNeeded " , FT_INT32 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_GetNumRecords_handle ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Handle " , " eventlog.eventlog_GetNumRecords.handle " , FT_BYTES , BASE_NONE , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_status ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " NT Error " , " eventlog.status " , FT_UINT32 , BASE_HEX , VALS ( NT_errors ) , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_Record_sid_offset ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Sid Offset " , " eventlog.eventlog_Record.sid_offset " , FT_UINT32 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_OpenBackupEventLogW_logname ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Logname " , " eventlog.eventlog_OpenBackupEventLogW.logname " , FT_NONE , BASE_NONE , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_Record_source_name ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Source Name " , " eventlog.eventlog_Record.source_name " , FT_NONE , BASE_NONE , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_ReadEventLogW_handle ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Handle " , " eventlog.eventlog_ReadEventLogW.handle " , FT_BYTES , BASE_NONE , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_ClearEventLogW_backupfilename ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Backupfilename " , " eventlog.eventlog_ClearEventLogW.backupfilename " , FT_NONE , BASE_NONE , NULL , 0 , NULL , HFILL } } ,
2006-09-22 07:43:29 +00:00
{ & hf_eventlog_Record_string ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " string " , " eventlog.Record.string " , FT_STRING , BASE_NONE , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_OpenEventLogW_servername ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Servername " , " eventlog.eventlog_OpenEventLogW.servername " , FT_NONE , BASE_NONE , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_Record_event_type ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Event Type " , " eventlog.eventlog_Record.event_type " , FT_UINT16 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_ReadEventLogW_real_size ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Real Size " , " eventlog.eventlog_ReadEventLogW.real_size " , FT_UINT32 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_CloseEventLog_handle ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Handle " , " eventlog.eventlog_CloseEventLog.handle " , FT_BYTES , BASE_NONE , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlogEventTypes_EVENTLOG_AUDIT_SUCCESS ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Eventlog Audit Success " , " eventlog.eventlogEventTypes.EVENTLOG_AUDIT_SUCCESS " , FT_BOOLEAN , 32 , TFS ( & eventlogEventTypes_EVENTLOG_AUDIT_SUCCESS_tfs ) , ( 0x0008 ) , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_RegisterEventSourceW_logname ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Logname " , " eventlog.eventlog_RegisterEventSourceW.logname " , FT_NONE , BASE_NONE , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_Record_num_of_strings ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Num Of Strings " , " eventlog.eventlog_Record.num_of_strings " , FT_UINT16 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_Record_time_written ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Time Written " , " eventlog.eventlog_Record.time_written " , FT_UINT32 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_ReadEventLogW_flags ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Flags " , " eventlog.eventlog_ReadEventLogW.flags " , FT_UINT32 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_Record_size ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Size " , " eventlog.eventlog_Record.size " , FT_UINT32 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_Record_record_number ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Record Number " , " eventlog.eventlog_Record.record_number " , FT_UINT32 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_GetLogIntormation_cbBufSize ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Cbbufsize " , " eventlog.eventlog_GetLogIntormation.cbBufSize " , FT_UINT32 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_GetLogIntormation_handle ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Handle " , " eventlog.eventlog_GetLogIntormation.handle " , FT_BYTES , BASE_NONE , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_ReadEventLogW_number_of_bytes ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Number Of Bytes " , " eventlog.eventlog_ReadEventLogW.number_of_bytes " , FT_UINT32 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_RegisterEventSourceW_servername ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Servername " , " eventlog.eventlog_RegisterEventSourceW.servername " , FT_NONE , BASE_NONE , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_Record_reserved ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Reserved " , " eventlog.eventlog_Record.reserved " , FT_UINT32 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlogEventTypes_EVENTLOG_AUDIT_FAILURE ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Eventlog Audit Failure " , " eventlog.eventlogEventTypes.EVENTLOG_AUDIT_FAILURE " , FT_BOOLEAN , 32 , TFS ( & eventlogEventTypes_EVENTLOG_AUDIT_FAILURE_tfs ) , ( 0x0010 ) , NULL , HFILL } } ,
2006-09-22 01:40:23 +00:00
{ & hf_eventlog_eventlog_Record_raw_data ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Raw Data " , " eventlog.eventlog_Record.raw_data " , FT_NONE , BASE_NONE , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_ChangeNotify_handle ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Handle " , " eventlog.eventlog_ChangeNotify.handle " , FT_BYTES , BASE_NONE , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlogEventTypes_EVENTLOG_WARNING_TYPE ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Eventlog Warning Type " , " eventlog.eventlogEventTypes.EVENTLOG_WARNING_TYPE " , FT_BOOLEAN , 32 , TFS ( & eventlogEventTypes_EVENTLOG_WARNING_TYPE_tfs ) , ( 0x0002 ) , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_OpenUnknown0_unknown0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Unknown0 " , " eventlog.eventlog_OpenUnknown0.unknown0 " , FT_UINT16 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_OpenUnknown0_unknown1 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Unknown1 " , " eventlog.eventlog_OpenUnknown0.unknown1 " , FT_UINT16 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_Record_length ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Record Length " , " eventlog.Record.length " , FT_UINT32 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlogReadFlags_EVENTLOG_SEEK_READ ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Eventlog Seek Read " , " eventlog.eventlogReadFlags.EVENTLOG_SEEK_READ " , FT_BOOLEAN , 32 , TFS ( & eventlogReadFlags_EVENTLOG_SEEK_READ_tfs ) , ( 0x0002 ) , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlogReadFlags_EVENTLOG_BACKWARDS_READ ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Eventlog Backwards Read " , " eventlog.eventlogReadFlags.EVENTLOG_BACKWARDS_READ " , FT_BOOLEAN , 32 , TFS ( & eventlogReadFlags_EVENTLOG_BACKWARDS_READ_tfs ) , ( 0x0008 ) , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_ReadEventLogW_data ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Data " , " eventlog.eventlog_ReadEventLogW.data " , FT_UINT8 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_Record_event_category ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Event Category " , " eventlog.eventlog_Record.event_category " , FT_UINT16 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_DeregisterEventSource_handle ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Handle " , " eventlog.eventlog_DeregisterEventSource.handle " , FT_BYTES , BASE_NONE , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlogEventTypes_EVENTLOG_ERROR_TYPE ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Eventlog Error Type " , " eventlog.eventlogEventTypes.EVENTLOG_ERROR_TYPE " , FT_BOOLEAN , 32 , TFS ( & eventlogEventTypes_EVENTLOG_ERROR_TYPE_tfs ) , ( 0x0001 ) , NULL , HFILL } } ,
2006-09-22 01:40:23 +00:00
{ & hf_eventlog_Record_source_name ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Source Name " , " eventlog.Record.source_name " , FT_STRING , BASE_NONE , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_ReadEventLogW_sent_size ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Sent Size " , " eventlog.eventlog_ReadEventLogW.sent_size " , FT_UINT32 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlogEventTypes_EVENTLOG_INFORMATION_TYPE ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Eventlog Information Type " , " eventlog.eventlogEventTypes.EVENTLOG_INFORMATION_TYPE " , FT_BOOLEAN , 32 , TFS ( & eventlogEventTypes_EVENTLOG_INFORMATION_TYPE_tfs ) , ( 0x0004 ) , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_opnum ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Operation " , " eventlog.opnum " , FT_UINT16 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_Record_time_generated ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Time Generated " , " eventlog.eventlog_Record.time_generated " , FT_UINT32 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_Record_stringoffset ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Stringoffset " , " eventlog.eventlog_Record.stringoffset " , FT_UINT32 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 01:40:23 +00:00
{ & hf_eventlog_Record_computer_name ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Computer Name " , " eventlog.Record.computer_name " , FT_STRING , BASE_NONE , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_OpenBackupEventLogW_unknown0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Unknown0 " , " eventlog.eventlog_OpenBackupEventLogW.unknown0 " , FT_NONE , BASE_NONE , NULL , 0 , NULL , HFILL } } ,
2006-09-22 01:40:23 +00:00
{ & hf_eventlog_eventlogReadFlags_EVENTLOG_FORWARDS_READ ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Eventlog Forwards Read " , " eventlog.eventlogReadFlags.EVENTLOG_FORWARDS_READ " , FT_BOOLEAN , 32 , TFS ( & eventlogReadFlags_EVENTLOG_FORWARDS_READ_tfs ) , ( 0x0004 ) , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_OpenBackupEventLogW_unknown2 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Unknown2 " , " eventlog.eventlog_OpenBackupEventLogW.unknown2 " , FT_UINT32 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_OpenBackupEventLogW_unknown3 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Unknown3 " , " eventlog.eventlog_OpenBackupEventLogW.unknown3 " , FT_UINT32 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_Record_event_id ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Event Id " , " eventlog.eventlog_Record.event_id " , FT_UINT32 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_GetNumRecords_number ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Number " , " eventlog.eventlog_GetNumRecords.number " , FT_UINT32 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_OpenEventLogW_unknown0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Unknown0 " , " eventlog.eventlog_OpenEventLogW.unknown0 " , FT_NONE , BASE_NONE , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_GetLogIntormation_dwInfoLevel ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Dwinfolevel " , " eventlog.eventlog_GetLogIntormation.dwInfoLevel " , FT_UINT32 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_OpenEventLogW_unknown2 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Unknown2 " , " eventlog.eventlog_OpenEventLogW.unknown2 " , FT_UINT32 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_OpenEventLogW_unknown3 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Unknown3 " , " eventlog.eventlog_OpenEventLogW.unknown3 " , FT_UINT32 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_Record_reserved_flags ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Reserved Flags " , " eventlog.eventlog_Record.reserved_flags " , FT_UINT16 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_OpenEventLogW_logname ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Logname " , " eventlog.eventlog_OpenEventLogW.logname " , FT_NONE , BASE_NONE , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_GetLogIntormation_lpBuffer ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Lpbuffer " , " eventlog.eventlog_GetLogIntormation.lpBuffer " , FT_UINT8 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlogReadFlags_EVENTLOG_SEQUENTIAL_READ ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Eventlog Sequential Read " , " eventlog.eventlogReadFlags.EVENTLOG_SEQUENTIAL_READ " , FT_BOOLEAN , 32 , TFS ( & eventlogReadFlags_EVENTLOG_SEQUENTIAL_READ_tfs ) , ( 0x0001 ) , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_FlushEventLog_handle ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Handle " , " eventlog.eventlog_FlushEventLog.handle " , FT_BYTES , BASE_NONE , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_GetOldestRecord_oldest ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Oldest " , " eventlog.eventlog_GetOldestRecord.oldest " , FT_UINT32 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_RegisterEventSourceW_unknown0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Unknown0 " , " eventlog.eventlog_RegisterEventSourceW.unknown0 " , FT_NONE , BASE_NONE , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_BackupEventLogW_handle ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Handle " , " eventlog.eventlog_BackupEventLogW.handle " , FT_BYTES , BASE_NONE , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_OpenEventLogW_handle ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Handle " , " eventlog.eventlog_OpenEventLogW.handle " , FT_BYTES , BASE_NONE , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_RegisterEventSourceW_unknown2 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Unknown2 " , " eventlog.eventlog_RegisterEventSourceW.unknown2 " , FT_UINT32 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_Record_data_length ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Data Length " , " eventlog.eventlog_Record.data_length " , FT_UINT32 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_GetOldestRecord_handle ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Handle " , " eventlog.eventlog_GetOldestRecord.handle " , FT_BYTES , BASE_NONE , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_RegisterEventSourceW_unknown3 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Unknown3 " , " eventlog.eventlog_RegisterEventSourceW.unknown3 " , FT_UINT32 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_ClearEventLogW_handle ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Handle " , " eventlog.eventlog_ClearEventLogW.handle " , FT_BYTES , BASE_NONE , NULL , 0 , NULL , HFILL } } ,
2006-09-22 01:40:23 +00:00
{ & hf_eventlog_Record ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Record " , " eventlog.Record " , FT_NONE , BASE_NONE , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_Record_closing_record_number ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Closing Record Number " , " eventlog.eventlog_Record.closing_record_number " , FT_UINT32 , BASE_DEC , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
{ & hf_eventlog_eventlog_OpenBackupEventLogW_handle ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " Handle " , " eventlog.eventlog_OpenBackupEventLogW.handle " , FT_BYTES , BASE_NONE , NULL , 0 , NULL , HFILL } } ,
2006-09-22 00:01:38 +00:00
} ;
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
static gint * ett [ ] = {
& ett_dcerpc_eventlog ,
& ett_eventlog_eventlogReadFlags ,
& ett_eventlog_eventlogEventTypes ,
& ett_eventlog_eventlog_OpenUnknown0 ,
& ett_eventlog_eventlog_Record ,
& ett_eventlog_eventlog_ChangeUnknown0 ,
} ;
proto_dcerpc_eventlog = proto_register_protocol ( " Event Logger " , " EVENTLOG " , " eventlog " ) ;
proto_register_field_array ( proto_dcerpc_eventlog , hf , array_length ( hf ) ) ;
proto_register_subtree_array ( ett , array_length ( ett ) ) ;
}
2004-07-13 05:29:23 +00:00
2006-09-22 00:01:38 +00:00
void proto_reg_handoff_dcerpc_eventlog ( void )
{
dcerpc_init_uuid ( proto_dcerpc_eventlog , ett_dcerpc_eventlog ,
& uuid_dcerpc_eventlog , ver_dcerpc_eventlog ,
eventlog_dissectors , hf_eventlog_opnum ) ;
2004-07-13 05:29:23 +00:00
}