2017-08-29 01:40:31 +00:00
/* packet-netmon.c
* Routines for Network Monitor capture dissection
*
* Wireshark - Network traffic analyzer
* By Gerald Combs < gerald @ wireshark . org >
* Copyright 1998 Gerald Combs
*
2018-02-12 11:23:27 +00:00
* SPDX - License - Identifier : GPL - 2.0 - or - later
2017-08-29 01:40:31 +00:00
*
* Network Event Tracing event taken from :
*
2019-07-27 22:53:22 +00:00
* https : //docs.microsoft.com/en-us/windows/win32/api/evntcons/ns-evntcons-event_header
2017-08-29 01:40:31 +00:00
*/
# include "config.h"
# include <epan/packet.h>
2017-09-04 21:32:23 +00:00
# include <epan/to_str.h>
2017-09-07 20:16:52 +00:00
# include <epan/expert.h>
2017-08-29 01:40:31 +00:00
# include <wiretap/wtap.h>
2017-09-03 14:36:40 +00:00
# include "packet-netmon.h"
2017-08-29 01:40:31 +00:00
void proto_register_netmon ( void ) ;
void proto_reg_handoff_netmon ( void ) ;
# define EVENT_HEADER_PROPERTY_XML 0x0001
# define EVENT_HEADER_PROPERTY_FORWARDED_XML 0x0002
# define EVENT_HEADER_PROPERTY_LEGACY_EVENTLOG 0x0004
static const value_string event_level_vals [ ] = {
{ 0 , " Log Always " } ,
{ 1 , " Critical " } ,
{ 2 , " Error " } ,
{ 3 , " Warning " } ,
{ 4 , " Info " } ,
{ 5 , " Verbose " } ,
{ 6 , " Reserved " } ,
{ 7 , " Reserved " } ,
{ 8 , " Reserved " } ,
{ 9 , " Reserved " } ,
{ 10 , " Reserved " } ,
{ 11 , " Reserved " } ,
{ 12 , " Reserved " } ,
{ 13 , " Reserved " } ,
{ 14 , " Reserved " } ,
{ 15 , " Reserved " } ,
{ 0 , NULL }
} ;
2017-09-03 14:36:40 +00:00
static const value_string opcode_vals [ ] = {
{ 0 , " Info " } ,
{ 1 , " Start " } ,
{ 2 , " Stop " } ,
{ 3 , " DC Start " } ,
{ 4 , " DC Stop " } ,
{ 5 , " Extension " } ,
{ 6 , " Reply " } ,
{ 7 , " Resume " } ,
{ 8 , " Suspend " } ,
{ 9 , " Transfer " } ,
{ 0 , NULL }
} ;
2017-08-31 16:45:46 +00:00
static const range_string filter_types [ ] = {
{ 0 , 0 , " Display Filter " } ,
{ 1 , 1 , " Capture Filter " } ,
{ 2 , 0xFFFFFFFF , " Display Filter " } ,
{ 0 , 0 , NULL }
} ;
2017-09-03 14:36:40 +00:00
static dissector_table_t provider_id_table ;
2017-08-29 01:40:31 +00:00
/* Initialize the protocol and registered fields */
2017-08-25 19:29:17 +00:00
static int proto_netmon_header = - 1 ;
2017-08-29 01:40:31 +00:00
static int proto_netmon_event = - 1 ;
2017-08-31 16:45:46 +00:00
static int proto_netmon_filter = - 1 ;
static int proto_netmon_network_info = - 1 ;
2017-09-05 00:36:00 +00:00
static int proto_netmon_system_trace = - 1 ;
2017-09-07 20:16:52 +00:00
static int proto_netmon_system_config = - 1 ;
static int proto_netmon_process = - 1 ;
2017-08-29 01:40:31 +00:00
2017-08-25 19:29:17 +00:00
static int hf_netmon_header_title_comment = - 1 ;
static int hf_netmon_header_description_comment = - 1 ;
2017-08-29 01:40:31 +00:00
static int hf_netmon_event_size = - 1 ;
static int hf_netmon_event_header_type = - 1 ;
static int hf_netmon_event_flags = - 1 ;
static int hf_netmon_event_flags_extended_info = - 1 ;
static int hf_netmon_event_flags_private_session = - 1 ;
static int hf_netmon_event_flags_string_only = - 1 ;
static int hf_netmon_event_flags_trace_message = - 1 ;
static int hf_netmon_event_flags_no_cputime = - 1 ;
static int hf_netmon_event_flags_32bit_header = - 1 ;
static int hf_netmon_event_flags_64bit_header = - 1 ;
static int hf_netmon_event_flags_classic_header = - 1 ;
static int hf_netmon_event_event_property = - 1 ;
static int hf_netmon_event_event_property_xml = - 1 ;
static int hf_netmon_event_event_property_forwarded_xml = - 1 ;
static int hf_netmon_event_event_property_legacy_eventlog = - 1 ;
static int hf_netmon_event_thread_id = - 1 ;
static int hf_netmon_event_process_id = - 1 ;
static int hf_netmon_event_timestamp = - 1 ;
static int hf_netmon_event_provider_id = - 1 ;
static int hf_netmon_event_event_desc_id = - 1 ;
static int hf_netmon_event_event_desc_version = - 1 ;
static int hf_netmon_event_event_desc_channel = - 1 ;
static int hf_netmon_event_event_desc_level = - 1 ;
static int hf_netmon_event_event_desc_opcode = - 1 ;
static int hf_netmon_event_event_desc_task = - 1 ;
static int hf_netmon_event_event_desc_keyword = - 1 ;
static int hf_netmon_event_kernel_time = - 1 ;
static int hf_netmon_event_user_time = - 1 ;
static int hf_netmon_event_processor_time = - 1 ;
static int hf_netmon_event_activity_id = - 1 ;
static int hf_netmon_event_processor_number = - 1 ;
static int hf_netmon_event_alignment = - 1 ;
static int hf_netmon_event_logger_id = - 1 ;
static int hf_netmon_event_extended_data_count = - 1 ;
static int hf_netmon_event_user_data_length = - 1 ;
2017-09-03 14:36:40 +00:00
static int hf_netmon_event_reassembled = - 1 ;
2017-08-29 01:40:31 +00:00
static int hf_netmon_event_extended_data_reserved = - 1 ;
static int hf_netmon_event_extended_data_type = - 1 ;
static int hf_netmon_event_extended_data_linkage = - 1 ;
static int hf_netmon_event_extended_data_reserved2 = - 1 ;
static int hf_netmon_event_extended_data_size = - 1 ;
static int hf_netmon_event_extended_data = - 1 ;
static int hf_netmon_event_user_data = - 1 ;
2017-08-31 16:45:46 +00:00
static int hf_netmon_filter_version = - 1 ;
static int hf_netmon_filter_type = - 1 ;
static int hf_netmon_filter_app_major_version = - 1 ;
static int hf_netmon_filter_app_minor_version = - 1 ;
static int hf_netmon_filter_app_name = - 1 ;
static int hf_netmon_filter_filter = - 1 ;
static int hf_netmon_network_info_version = - 1 ;
static int hf_netmon_network_info_adapter_count = - 1 ;
static int hf_netmon_network_info_computer_name = - 1 ;
static int hf_netmon_network_info_friendly_name = - 1 ;
static int hf_netmon_network_info_description = - 1 ;
static int hf_netmon_network_info_miniport_guid = - 1 ;
static int hf_netmon_network_info_media_type = - 1 ;
static int hf_netmon_network_info_mtu = - 1 ;
static int hf_netmon_network_info_link_speed = - 1 ;
static int hf_netmon_network_info_mac_address = - 1 ;
static int hf_netmon_network_info_ipv4_count = - 1 ;
static int hf_netmon_network_info_ipv6_count = - 1 ;
static int hf_netmon_network_info_gateway_count = - 1 ;
static int hf_netmon_network_info_dhcp_server_count = - 1 ;
static int hf_netmon_network_info_dns_ipv4_count = - 1 ;
static int hf_netmon_network_info_dns_ipv6_count = - 1 ;
static int hf_netmon_network_info_ipv4 = - 1 ;
static int hf_netmon_network_info_subnet = - 1 ;
static int hf_netmon_network_info_ipv6 = - 1 ;
static int hf_netmon_network_info_gateway = - 1 ;
static int hf_netmon_network_info_dhcp_server = - 1 ;
static int hf_netmon_network_info_dns_ipv4 = - 1 ;
static int hf_netmon_network_info_dns_ipv6 = - 1 ;
2017-08-29 01:40:31 +00:00
2017-09-05 00:36:00 +00:00
static int hf_netmon_system_trace_buffer_size = - 1 ;
static int hf_netmon_system_trace_version = - 1 ;
static int hf_netmon_system_trace_provider_version = - 1 ;
static int hf_netmon_system_trace_num_processors = - 1 ;
static int hf_netmon_system_trace_end_time = - 1 ;
static int hf_netmon_system_trace_timer_resolution = - 1 ;
static int hf_netmon_system_trace_max_file_size = - 1 ;
static int hf_netmon_system_trace_log_file_mode = - 1 ;
static int hf_netmon_system_trace_buffers_written = - 1 ;
static int hf_netmon_system_trace_start_buffers = - 1 ;
static int hf_netmon_system_trace_pointers_size = - 1 ;
static int hf_netmon_system_trace_events_lost = - 1 ;
static int hf_netmon_system_trace_cpu_speed = - 1 ;
static int hf_netmon_system_trace_logger_name = - 1 ;
static int hf_netmon_system_trace_log_file_name_ptr = - 1 ;
static int hf_netmon_system_trace_time_zone_info = - 1 ;
static int hf_netmon_system_trace_boot_time = - 1 ;
static int hf_netmon_system_trace_perf_freq = - 1 ;
static int hf_netmon_system_trace_start_time = - 1 ;
static int hf_netmon_system_trace_reserved_flags = - 1 ;
static int hf_netmon_system_trace_buffers_lost = - 1 ;
static int hf_netmon_system_trace_session_name = - 1 ;
static int hf_netmon_system_trace_log_file_name = - 1 ;
static int hf_netmon_system_trace_group_mask1 = - 1 ;
static int hf_netmon_system_trace_group_mask2 = - 1 ;
static int hf_netmon_system_trace_group_mask3 = - 1 ;
static int hf_netmon_system_trace_group_mask4 = - 1 ;
static int hf_netmon_system_trace_group_mask5 = - 1 ;
static int hf_netmon_system_trace_group_mask6 = - 1 ;
static int hf_netmon_system_trace_group_mask7 = - 1 ;
static int hf_netmon_system_trace_group_mask8 = - 1 ;
static int hf_netmon_system_trace_kernel_event_version = - 1 ;
2017-09-07 20:16:52 +00:00
static int hf_netmon_system_config_mhz = - 1 ;
static int hf_netmon_system_config_num_processors = - 1 ;
static int hf_netmon_system_config_mem_size = - 1 ;
static int hf_netmon_system_config_page_size = - 1 ;
static int hf_netmon_system_config_allocation_granularity = - 1 ;
static int hf_netmon_system_config_computer_name = - 1 ;
static int hf_netmon_system_config_domain_name = - 1 ;
static int hf_netmon_system_config_hyper_threading_flag = - 1 ;
static int hf_netmon_system_config_disk_number = - 1 ;
static int hf_netmon_system_config_bytes_per_sector = - 1 ;
static int hf_netmon_system_config_sectors_per_track = - 1 ;
static int hf_netmon_system_config_tracks_per_cylinder = - 1 ;
static int hf_netmon_system_config_cylinders = - 1 ;
static int hf_netmon_system_config_scsi_port = - 1 ;
static int hf_netmon_system_config_scsi_path = - 1 ;
static int hf_netmon_system_config_scsi_target = - 1 ;
static int hf_netmon_system_config_scsi_lun = - 1 ;
static int hf_netmon_system_config_manufacturer = - 1 ;
static int hf_netmon_system_config_partition_count = - 1 ;
static int hf_netmon_system_config_write_cache_enabled = - 1 ;
static int hf_netmon_system_config_pad = - 1 ;
static int hf_netmon_system_config_boot_drive_letter = - 1 ;
static int hf_netmon_system_config_spare = - 1 ;
static int hf_netmon_system_config_start_offset = - 1 ;
static int hf_netmon_system_config_partition_size = - 1 ;
static int hf_netmon_system_config_size = - 1 ;
static int hf_netmon_system_config_drive_type = - 1 ;
static int hf_netmon_system_config_drive_letter = - 1 ;
static int hf_netmon_system_config_partition_number = - 1 ;
static int hf_netmon_system_config_sectors_per_cluster = - 1 ;
static int hf_netmon_system_config_num_free_clusters = - 1 ;
static int hf_netmon_system_config_total_num_clusters = - 1 ;
static int hf_netmon_system_config_file_system = - 1 ;
static int hf_netmon_system_config_volume_ext = - 1 ;
static int hf_netmon_system_config_physical_addr = - 1 ;
static int hf_netmon_system_config_physical_addr_len = - 1 ;
static int hf_netmon_system_config_ipv4_index = - 1 ;
static int hf_netmon_system_config_ipv6_index = - 1 ;
static int hf_netmon_system_config_nic_description = - 1 ;
static int hf_netmon_system_config_ipaddresses = - 1 ;
static int hf_netmon_system_config_dns_server_addresses = - 1 ;
static int hf_netmon_system_config_memory_size = - 1 ;
static int hf_netmon_system_config_x_resolution = - 1 ;
static int hf_netmon_system_config_y_resolution = - 1 ;
static int hf_netmon_system_config_bits_per_pixel = - 1 ;
static int hf_netmon_system_config_vrefresh = - 1 ;
static int hf_netmon_system_config_chip_type = - 1 ;
static int hf_netmon_system_config_dac_type = - 1 ;
static int hf_netmon_system_config_adapter_string = - 1 ;
static int hf_netmon_system_config_bios_string = - 1 ;
static int hf_netmon_system_config_device_id = - 1 ;
static int hf_netmon_system_config_state_flags = - 1 ;
static int hf_netmon_system_config_process_id = - 1 ;
static int hf_netmon_system_config_service_state = - 1 ;
static int hf_netmon_system_config_sub_process_tag = - 1 ;
static int hf_netmon_system_config_service_name = - 1 ;
static int hf_netmon_system_config_display_name = - 1 ;
static int hf_netmon_system_config_process_name = - 1 ;
static int hf_netmon_system_config_s1 = - 1 ;
static int hf_netmon_system_config_s2 = - 1 ;
static int hf_netmon_system_config_s3 = - 1 ;
static int hf_netmon_system_config_s4 = - 1 ;
static int hf_netmon_system_config_s5 = - 1 ;
static int hf_netmon_system_config_tcb_table_partitions = - 1 ;
static int hf_netmon_system_config_max_hash_table_size = - 1 ;
static int hf_netmon_system_config_max_user_port = - 1 ;
static int hf_netmon_system_config_tcp_timed_wait_delay = - 1 ;
static int hf_netmon_system_config_irq_affinity = - 1 ;
static int hf_netmon_system_config_irq_num = - 1 ;
static int hf_netmon_system_config_device_desc_len = - 1 ;
static int hf_netmon_system_config_device_desc = - 1 ;
static int hf_netmon_system_config_device_id_len = - 1 ;
static int hf_netmon_system_config_friendly_name_len = - 1 ;
static int hf_netmon_system_config_friendly_name = - 1 ;
static int hf_netmon_system_config_target_id = - 1 ;
static int hf_netmon_system_config_device_type = - 1 ;
static int hf_netmon_system_config_device_timing_mode = - 1 ;
static int hf_netmon_system_config_location_information_len = - 1 ;
static int hf_netmon_system_config_location_information = - 1 ;
static int hf_netmon_system_config_system_manufacturer = - 1 ;
static int hf_netmon_system_config_system_product_name = - 1 ;
static int hf_netmon_system_config_bios_date = - 1 ;
static int hf_netmon_system_config_bios_version = - 1 ;
static int hf_netmon_system_config_load_order_group = - 1 ;
static int hf_netmon_system_config_svc_host_group = - 1 ;
static int hf_netmon_system_config_irq_group = - 1 ;
static int hf_netmon_system_config_pdo_name = - 1 ;
static int hf_netmon_system_config_nic_name = - 1 ;
static int hf_netmon_system_config_index = - 1 ;
static int hf_netmon_system_config_physical_addr_str = - 1 ;
static int hf_netmon_system_config_ip_address = - 1 ;
static int hf_netmon_system_config_subnet_mask = - 1 ;
static int hf_netmon_system_config_dhcp_server = - 1 ;
static int hf_netmon_system_config_gateway = - 1 ;
static int hf_netmon_system_config_primary_wins_server = - 1 ;
static int hf_netmon_system_config_secondary_wins_server = - 1 ;
static int hf_netmon_system_config_dns_server1 = - 1 ;
static int hf_netmon_system_config_dns_server2 = - 1 ;
static int hf_netmon_system_config_dns_server3 = - 1 ;
static int hf_netmon_system_config_dns_server4 = - 1 ;
static int hf_netmon_system_config_data = - 1 ;
static int hf_netmon_process_unique_process_key = - 1 ;
static int hf_netmon_process_process_id = - 1 ;
static int hf_netmon_process_parent_id = - 1 ;
static int hf_netmon_process_session_id = - 1 ;
static int hf_netmon_process_exit_status = - 1 ;
static int hf_netmon_process_directory_table_base = - 1 ;
static int hf_netmon_process_unknown = - 1 ;
static int hf_netmon_process_user_sid_revision = - 1 ;
static int hf_netmon_process_user_sid_subauth_count = - 1 ;
static int hf_netmon_process_user_sid_id = - 1 ;
static int hf_netmon_process_user_sid_authority = - 1 ;
static int hf_netmon_process_image_file_name = - 1 ;
static int hf_netmon_process_command_line = - 1 ;
static int hf_netmon_process_page_directory_base = - 1 ;
static int hf_netmon_process_page_fault_count = - 1 ;
static int hf_netmon_process_handle_count = - 1 ;
static int hf_netmon_process_reserved = - 1 ;
static int hf_netmon_process_peak_virtual_size = - 1 ;
static int hf_netmon_process_peak_working_set_size = - 1 ;
static int hf_netmon_process_peak_page_file_usage = - 1 ;
static int hf_netmon_process_quota_peak_paged_pool_usage = - 1 ;
static int hf_netmon_process_quota_peak_non_paged_pool_usage = - 1 ;
static int hf_netmon_process_virtual_size = - 1 ;
static int hf_netmon_process_workingset_size = - 1 ;
static int hf_netmon_process_pagefile_usage = - 1 ;
static int hf_netmon_process_quota_paged_pool_usage = - 1 ;
static int hf_netmon_process_quota_non_paged_pool_usage = - 1 ;
static int hf_netmon_process_private_page_count = - 1 ;
static int hf_netmon_process_directory_table_base32 = - 1 ;
2017-08-25 19:29:17 +00:00
static gint ett_netmon_header = - 1 ;
2017-08-29 01:40:31 +00:00
static gint ett_netmon_event = - 1 ;
static gint ett_netmon_event_desc = - 1 ;
static gint ett_netmon_event_flags = - 1 ;
static gint ett_netmon_event_property = - 1 ;
static gint ett_netmon_event_extended_data = - 1 ;
2017-08-31 16:45:46 +00:00
static gint ett_netmon_filter = - 1 ;
static gint ett_netmon_network_info = - 1 ;
static gint ett_netmon_network_info_list = - 1 ;
static gint ett_netmon_network_info_adapter = - 1 ;
2017-09-05 00:36:00 +00:00
static gint ett_netmon_system_trace = - 1 ;
2017-09-05 21:04:33 +00:00
static gint ett_netmon_event_buffer_context = - 1 ;
2017-09-07 20:16:52 +00:00
static gint ett_netmon_process = - 1 ;
static gint ett_netmon_sid = - 1 ;
static gint ett_netmon_system_config = - 1 ;
static expert_field ei_netmon_process_user_sid = EI_INIT ;
2017-08-29 01:40:31 +00:00
2017-08-25 19:29:17 +00:00
static dissector_table_t wtap_encap_table ;
2017-09-05 00:36:00 +00:00
void
netmon_etl_field ( proto_tree * tree , tvbuff_t * tvb , int * offset , int hf , guint16 flags )
{
if ( flags & EVENT_HEADER_FLAG_64_BIT_HEADER ) {
/* XXX - This seems to be how values are displayed in Network Monitor */
guint64 value = tvb_get_letoh64 ( tvb , * offset ) & 0xFFFFFFFF ;
proto_tree_add_uint64 ( tree , hf , tvb , * offset , 8 , value ) ;
( * offset ) + = 8 ;
} else {
proto_tree_add_item ( tree , hf , tvb , * offset , 4 , ENC_LITTLE_ENDIAN ) ;
( * offset ) + = 4 ;
}
}
2017-09-07 20:16:52 +00:00
void
netmon_sid_field ( proto_tree * tree , tvbuff_t * tvb , int * offset , packet_info * pinfo ,
int hf_revision , int hf_subauthority_count , int hf_sid_id , int hf_sid_authority , expert_field * invalid_sid , gboolean conformant _U_ )
{
proto_item * ti , * sid_item ;
proto_tree * sid_tree ;
int start_offset = * offset ;
guint32 i , revision , count ;
sid_tree = proto_tree_add_subtree ( tree , tvb , * offset , 2 , ett_netmon_sid , & sid_item , " SID " ) ;
ti = proto_tree_add_item_ret_uint ( sid_tree , hf_revision , tvb , * offset , 1 , ENC_LITTLE_ENDIAN , & revision ) ;
( * offset ) + = 1 ;
if ( revision ! = 1 )
{
expert_add_info ( pinfo , ti , invalid_sid ) ;
}
proto_tree_add_item_ret_uint ( sid_tree , hf_subauthority_count , tvb , * offset , 1 , ENC_LITTLE_ENDIAN , & count ) ;
( * offset ) + = 1 ;
if ( count > 15 )
{
expert_add_info ( pinfo , ti , invalid_sid ) ;
}
proto_tree_add_item ( sid_tree , hf_sid_id , tvb , * offset , 6 , ENC_NA ) ;
( * offset ) + = 6 ;
for ( i = 0 ; i < count ; i + + )
{
proto_tree_add_item ( sid_tree , hf_sid_authority , tvb , * offset , 4 , ENC_LITTLE_ENDIAN ) ;
( * offset ) + = 4 ;
}
proto_item_set_len ( sid_item , ( * offset ) - start_offset ) ;
}
2017-08-29 01:40:31 +00:00
/* Code to actually dissect the packets */
2017-08-25 19:29:17 +00:00
static int
dissect_netmon_header ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * tree , void * data _U_ )
{
proto_item * ti ;
proto_tree * header_tree ;
union wtap_pseudo_header temp_header ;
gchar * comment ;
ti = proto_tree_add_item ( tree , proto_netmon_header , tvb , 0 , 0 , ENC_NA ) ;
header_tree = proto_item_add_subtree ( ti , ett_netmon_header ) ;
if ( pinfo - > pseudo_header - > netmon . title ! = NULL ) {
2018-06-15 01:21:16 +00:00
ti = proto_tree_add_string ( header_tree , hf_netmon_header_title_comment , tvb , 0 , 0 , pinfo - > pseudo_header - > netmon . title ) ;
2019-04-03 21:32:30 +00:00
proto_item_set_generated ( ti ) ;
2017-08-25 19:29:17 +00:00
}
if ( pinfo - > pseudo_header - > netmon . description ! = NULL ) {
2018-06-15 01:21:16 +00:00
/* Description comment is only ASCII. However, it's
* RTF , not raw text .
*/
2017-08-25 19:29:17 +00:00
/* Ensure string termination */
comment = wmem_strndup ( wmem_packet_scope ( ) , pinfo - > pseudo_header - > netmon . description , pinfo - > pseudo_header - > netmon . descLength ) ;
ti = proto_tree_add_string ( header_tree , hf_netmon_header_description_comment , tvb , 0 , 0 , comment ) ;
2019-04-03 21:32:30 +00:00
proto_item_set_generated ( ti ) ;
2017-08-25 19:29:17 +00:00
}
/* Save the pseudo header data to a temp variable before it's copied to
* real pseudo header
*/
switch ( pinfo - > pseudo_header - > netmon . sub_encap )
{
case WTAP_ENCAP_ATM_PDUS :
memcpy ( & temp_header . atm , & pinfo - > pseudo_header - > netmon . subheader . atm , sizeof ( temp_header . atm ) ) ;
memcpy ( & pinfo - > pseudo_header - > atm , & temp_header . atm , sizeof ( temp_header . atm ) ) ;
break ;
case WTAP_ENCAP_ETHERNET :
memcpy ( & temp_header . eth , & pinfo - > pseudo_header - > netmon . subheader . eth , sizeof ( temp_header . eth ) ) ;
memcpy ( & pinfo - > pseudo_header - > eth , & temp_header . eth , sizeof ( temp_header . eth ) ) ;
break ;
case WTAP_ENCAP_IEEE_802_11_NETMON :
memcpy ( & temp_header . ieee_802_11 , & pinfo - > pseudo_header - > netmon . subheader . ieee_802_11 , sizeof ( temp_header . ieee_802_11 ) ) ;
memcpy ( & pinfo - > pseudo_header - > ieee_802_11 , & temp_header . ieee_802_11 , sizeof ( temp_header . ieee_802_11 ) ) ;
break ;
}
if ( ! dissector_try_uint_new ( wtap_encap_table ,
pinfo - > pseudo_header - > netmon . sub_encap , tvb , pinfo , tree , TRUE ,
( void * ) pinfo - > pseudo_header ) ) {
call_data_dissector ( tvb , pinfo , tree ) ;
}
return tvb_captured_length ( tvb ) ;
}
2017-08-29 01:40:31 +00:00
static int
dissect_netmon_event ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * tree , void * data _U_ )
{
proto_item * ti , * extended_data_item ;
2017-09-05 21:04:33 +00:00
proto_tree * event_tree , * event_desc_tree , * extended_data_tree , * buffer_context_tree ;
2017-08-29 01:40:31 +00:00
int offset = 0 , extended_data_count_offset ;
guint32 i , thread_id , process_id , extended_data_count , extended_data_size , user_data_size ;
nstime_t timestamp ;
2017-09-03 14:36:40 +00:00
tvbuff_t * provider_id_tvb ;
guid_key provider_guid ;
struct netmon_provider_id_data provider_id_data ;
2020-06-19 01:14:46 +00:00
static int * const event_flags [ ] = {
2017-08-29 01:40:31 +00:00
& hf_netmon_event_flags_extended_info ,
& hf_netmon_event_flags_private_session ,
& hf_netmon_event_flags_string_only ,
& hf_netmon_event_flags_trace_message ,
& hf_netmon_event_flags_no_cputime ,
& hf_netmon_event_flags_32bit_header ,
& hf_netmon_event_flags_64bit_header ,
& hf_netmon_event_flags_classic_header ,
NULL
} ;
2020-06-19 01:14:46 +00:00
static int * const event_property [ ] = {
2017-08-29 01:40:31 +00:00
& hf_netmon_event_event_property_xml ,
& hf_netmon_event_event_property_forwarded_xml ,
& hf_netmon_event_event_property_legacy_eventlog ,
NULL
} ;
col_set_str ( pinfo - > cinfo , COL_PROTOCOL , " NetMon Event " ) ;
/* Clear out stuff in the info column */
col_clear ( pinfo - > cinfo , COL_INFO ) ;
2017-09-03 14:36:40 +00:00
memset ( & provider_id_data , 0 , sizeof ( provider_id_data ) ) ;
2017-08-29 01:40:31 +00:00
ti = proto_tree_add_item ( tree , proto_netmon_event , tvb , offset , - 1 , ENC_NA ) ;
event_tree = proto_item_add_subtree ( ti , ett_netmon_event ) ;
proto_tree_add_item ( event_tree , hf_netmon_event_size , tvb , offset , 2 , ENC_LITTLE_ENDIAN ) ;
offset + = 2 ;
proto_tree_add_item ( event_tree , hf_netmon_event_header_type , tvb , offset , 2 , ENC_LITTLE_ENDIAN ) ;
offset + = 2 ;
2017-09-03 14:36:40 +00:00
provider_id_data . event_flags = tvb_get_letohs ( tvb , offset ) ;
2017-08-29 01:40:31 +00:00
proto_tree_add_bitmask ( event_tree , tvb , offset , hf_netmon_event_flags , ett_netmon_event_flags , event_flags , ENC_LITTLE_ENDIAN ) ;
offset + = 2 ;
proto_tree_add_bitmask ( event_tree , tvb , offset , hf_netmon_event_event_property , ett_netmon_event_property , event_property , ENC_LITTLE_ENDIAN ) ;
offset + = 2 ;
proto_tree_add_item_ret_uint ( event_tree , hf_netmon_event_thread_id , tvb , offset , 4 , ENC_LITTLE_ENDIAN , & thread_id ) ;
offset + = 4 ;
proto_tree_add_item_ret_uint ( event_tree , hf_netmon_event_process_id , tvb , offset , 4 , ENC_LITTLE_ENDIAN , & process_id ) ;
offset + = 4 ;
timestamp . secs = 0 ;
timestamp . nsecs = 0 ;
filetime_to_nstime ( & timestamp , tvb_get_letoh64 ( tvb , offset ) ) ;
proto_tree_add_time ( event_tree , hf_netmon_event_timestamp , tvb , offset , 8 , & timestamp ) ;
offset + = 8 ;
proto_tree_add_item ( event_tree , hf_netmon_event_provider_id , tvb , offset , 16 , ENC_LITTLE_ENDIAN ) ;
2017-09-03 14:36:40 +00:00
/* Save the GUID to use in dissector table */
tvb_memcpy ( tvb , & provider_guid . guid , offset , 16 ) ;
provider_guid . ver = 0 ; //version field not used
2017-08-29 01:40:31 +00:00
offset + = 16 ;
2017-09-04 21:32:23 +00:00
col_add_fstr ( pinfo - > cinfo , COL_INFO , " Thread ID: %d, Process ID: %d, Provider ID: %s " ,
thread_id , process_id , guid_to_str ( wmem_packet_scope ( ) , & provider_guid . guid ) ) ;
2017-08-29 01:40:31 +00:00
event_desc_tree = proto_tree_add_subtree ( event_tree , tvb , offset , 16 , ett_netmon_event_desc , NULL , " Event Descriptor " ) ;
2017-09-03 14:36:40 +00:00
proto_tree_add_item_ret_uint ( event_desc_tree , hf_netmon_event_event_desc_id , tvb , offset , 2 , ENC_LITTLE_ENDIAN , & provider_id_data . event_id ) ;
2017-08-29 01:40:31 +00:00
offset + = 2 ;
2017-09-07 20:16:52 +00:00
provider_id_data . event_version = tvb_get_guint8 ( tvb , offset ) ;
2017-08-29 01:40:31 +00:00
proto_tree_add_item ( event_desc_tree , hf_netmon_event_event_desc_version , tvb , offset , 1 , ENC_LITTLE_ENDIAN ) ;
offset + = 1 ;
proto_tree_add_item ( event_desc_tree , hf_netmon_event_event_desc_channel , tvb , offset , 1 , ENC_LITTLE_ENDIAN ) ;
offset + = 1 ;
proto_tree_add_item ( event_desc_tree , hf_netmon_event_event_desc_level , tvb , offset , 1 , ENC_LITTLE_ENDIAN ) ;
offset + = 1 ;
2017-09-06 20:54:40 +00:00
provider_id_data . opcode = tvb_get_guint8 ( tvb , offset ) ;
2017-08-29 01:40:31 +00:00
proto_tree_add_item ( event_desc_tree , hf_netmon_event_event_desc_opcode , tvb , offset , 1 , ENC_LITTLE_ENDIAN ) ;
offset + = 1 ;
proto_tree_add_item ( event_desc_tree , hf_netmon_event_event_desc_task , tvb , offset , 2 , ENC_LITTLE_ENDIAN ) ;
offset + = 2 ;
2017-09-05 21:04:33 +00:00
proto_tree_add_item_ret_uint64 ( event_desc_tree , hf_netmon_event_event_desc_keyword , tvb , offset , 8 , ENC_LITTLE_ENDIAN , & provider_id_data . keyword ) ;
2017-08-29 01:40:31 +00:00
offset + = 8 ;
2017-09-03 14:36:40 +00:00
if ( provider_id_data . event_flags & ( EVENT_HEADER_FLAG_PRIVATE_SESSION | EVENT_HEADER_FLAG_NO_CPUTIME ) )
{
/* Kernel and User time are a union with processor time */
proto_tree_add_item ( event_tree , hf_netmon_event_kernel_time , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( event_tree , hf_netmon_event_user_time , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
}
else
{
proto_tree_add_item ( event_tree , hf_netmon_event_processor_time , tvb , offset , 8 , ENC_LITTLE_ENDIAN ) ;
offset + = 8 ;
}
2017-08-29 01:40:31 +00:00
proto_tree_add_item ( event_tree , hf_netmon_event_activity_id , tvb , offset , 16 , ENC_LITTLE_ENDIAN ) ;
offset + = 16 ;
2017-09-05 21:04:33 +00:00
buffer_context_tree = proto_tree_add_subtree ( event_tree , tvb , offset , 4 , ett_netmon_event_buffer_context , NULL , " BufferContext " ) ;
proto_tree_add_item ( buffer_context_tree , hf_netmon_event_processor_number , tvb , offset , 1 , ENC_LITTLE_ENDIAN ) ;
2017-08-29 01:40:31 +00:00
offset + = 1 ;
2017-09-05 21:04:33 +00:00
proto_tree_add_item ( buffer_context_tree , hf_netmon_event_alignment , tvb , offset , 1 , ENC_LITTLE_ENDIAN ) ;
2017-08-29 01:40:31 +00:00
offset + = 1 ;
2017-09-05 21:04:33 +00:00
proto_tree_add_item ( buffer_context_tree , hf_netmon_event_logger_id , tvb , offset , 2 , ENC_LITTLE_ENDIAN ) ;
2017-08-29 01:40:31 +00:00
offset + = 2 ;
2017-09-05 21:04:33 +00:00
2017-08-29 01:40:31 +00:00
proto_tree_add_item_ret_uint ( event_tree , hf_netmon_event_extended_data_count , tvb , offset , 2 , ENC_LITTLE_ENDIAN , & extended_data_count ) ;
offset + = 2 ;
proto_tree_add_item_ret_uint ( event_tree , hf_netmon_event_user_data_length , tvb , offset , 2 , ENC_LITTLE_ENDIAN , & user_data_size ) ;
offset + = 2 ;
2017-09-03 14:36:40 +00:00
proto_tree_add_item ( event_tree , hf_netmon_event_reassembled , tvb , offset , 1 , ENC_LITTLE_ENDIAN ) ;
offset + = 1 ;
2017-08-29 01:40:31 +00:00
for ( i = 1 ; i < = extended_data_count ; i + + )
{
extended_data_count_offset = offset ;
extended_data_tree = proto_tree_add_subtree_format ( event_tree , tvb , offset , 4 , ett_netmon_event_extended_data , & extended_data_item , " Extended Data Item #%d " , i ) ;
proto_tree_add_item ( extended_data_tree , hf_netmon_event_extended_data_reserved , tvb , offset , 2 , ENC_LITTLE_ENDIAN ) ;
offset + = 2 ;
proto_tree_add_item ( extended_data_tree , hf_netmon_event_extended_data_type , tvb , offset , 2 , ENC_LITTLE_ENDIAN ) ;
offset + = 2 ;
proto_tree_add_item ( extended_data_tree , hf_netmon_event_extended_data_linkage , tvb , offset , 2 , ENC_LITTLE_ENDIAN ) ;
proto_tree_add_item ( extended_data_tree , hf_netmon_event_extended_data_reserved2 , tvb , offset , 2 , ENC_LITTLE_ENDIAN ) ;
offset + = 2 ;
proto_tree_add_item_ret_uint ( extended_data_tree , hf_netmon_event_extended_data_size , tvb , offset , 2 , ENC_LITTLE_ENDIAN , & extended_data_size ) ;
offset + = 2 ;
proto_tree_add_item ( extended_data_tree , hf_netmon_event_extended_data , tvb , offset , extended_data_size , ENC_NA ) ;
offset + = extended_data_size ;
proto_item_set_len ( extended_data_item , offset - extended_data_count_offset ) ;
}
2017-09-03 14:36:40 +00:00
provider_id_tvb = tvb_new_subset_remaining ( tvb , offset ) ;
if ( ! dissector_try_guid_new ( provider_id_table , & provider_guid , provider_id_tvb , pinfo , tree , TRUE , & provider_id_data ) )
{
proto_tree_add_item ( event_tree , hf_netmon_event_user_data , tvb , offset , user_data_size , ENC_NA ) ;
2018-09-24 18:02:11 +00:00
offset + = user_data_size ;
2017-09-03 14:36:40 +00:00
}
2018-09-24 18:02:11 +00:00
proto_item_set_len ( ti , offset ) ;
2017-08-29 01:40:31 +00:00
return tvb_captured_length ( tvb ) ;
}
2017-08-31 16:45:46 +00:00
static int
dissect_netmon_filter ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * tree , void * data _U_ )
{
proto_item * ti ;
proto_tree * filter_tree ;
int offset = 0 ;
guint length ;
const guint8 * filter ;
col_set_str ( pinfo - > cinfo , COL_PROTOCOL , " NetMon Filter " ) ;
/* Clear out stuff in the info column */
col_clear ( pinfo - > cinfo , COL_INFO ) ;
ti = proto_tree_add_item ( tree , proto_netmon_filter , tvb , offset , - 1 , ENC_NA ) ;
filter_tree = proto_item_add_subtree ( ti , ett_netmon_filter ) ;
proto_tree_add_item ( filter_tree , hf_netmon_filter_version , tvb , offset , 2 , ENC_BIG_ENDIAN ) ;
offset + = 2 ;
proto_tree_add_item ( filter_tree , hf_netmon_filter_type , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( filter_tree , hf_netmon_filter_app_major_version , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( filter_tree , hf_netmon_filter_app_minor_version , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
offset + = 4 ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item ( filter_tree , hf_netmon_filter_app_name , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = length ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item_ret_string ( filter_tree , hf_netmon_filter_filter , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 ,
wmem_packet_scope ( ) , & filter ) ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " Filter: %s " , filter ) ;
return tvb_captured_length ( tvb ) ;
}
static int
dissect_netmon_network_info ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * tree , void * data _U_ )
{
proto_item * ti , * list_item , * adapter_item ;
proto_tree * network_info_tree , * list_tree , * adapter_tree ;
int offset = 0 , list_start_offset , adapter_start_offset ;
guint adapter , adapter_count , length ;
guint64 link_speed ;
col_set_str ( pinfo - > cinfo , COL_PROTOCOL , " NetMon Network Info " ) ;
/* Clear out stuff in the info column */
col_clear ( pinfo - > cinfo , COL_INFO ) ;
ti = proto_tree_add_item ( tree , proto_netmon_network_info , tvb , offset , - 1 , ENC_NA ) ;
network_info_tree = proto_item_add_subtree ( ti , ett_netmon_network_info ) ;
proto_tree_add_item ( network_info_tree , hf_netmon_network_info_version , tvb , offset , 2 , ENC_BIG_ENDIAN ) ;
offset + = 2 ;
proto_tree_add_item_ret_uint ( network_info_tree , hf_netmon_network_info_adapter_count , tvb , offset , 2 , ENC_BIG_ENDIAN , & adapter_count ) ;
offset + = 2 ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " Adapter count: %d " , adapter_count ) ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item ( network_info_tree , hf_netmon_network_info_computer_name , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = length ;
if ( adapter_count > 0 )
{
list_start_offset = offset ;
list_tree = proto_tree_add_subtree ( network_info_tree , tvb , offset , 1 , ett_netmon_network_info_list , & list_item , " NetworkInfo " ) ;
for ( adapter = 1 ; adapter < = adapter_count ; adapter + + )
{
guint32 loop , ipv4_count , ipv6_count , gateway_count , dhcp_server_count , dns_ipv4_count , dns_ipv6_count ;
adapter_start_offset = offset ;
adapter_tree = proto_tree_add_subtree_format ( list_tree , tvb , offset , 1 , ett_netmon_network_info_adapter , & adapter_item , " Adapter #%d " , adapter ) ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item ( adapter_tree , hf_netmon_network_info_friendly_name , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = length ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item ( adapter_tree , hf_netmon_network_info_description , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = length ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item ( adapter_tree , hf_netmon_network_info_miniport_guid , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = length ;
proto_tree_add_item ( adapter_tree , hf_netmon_network_info_media_type , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( adapter_tree , hf_netmon_network_info_mtu , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
offset + = 4 ;
link_speed = tvb_get_ntoh64 ( tvb , offset ) ;
if ( link_speed = = 0xFFFFFFFFFFFFFFFF )
{
proto_tree_add_uint64_format_value ( adapter_tree , hf_netmon_network_info_link_speed , tvb , offset , 8 , link_speed , " (Unknown) " ) ;
}
2018-04-23 18:44:29 +00:00
else if ( link_speed > = 1000 * 1000 * 1000 )
2017-08-31 16:45:46 +00:00
{
proto_tree_add_uint64_format_value ( adapter_tree , hf_netmon_network_info_link_speed , tvb , offset , 8 , link_speed , " % " G_GINT64_MODIFIER " u Gbps " , link_speed / ( 1000 * 1000 * 1000 ) ) ;
}
else if ( link_speed > = 1000 * 1000 )
{
proto_tree_add_uint64_format_value ( adapter_tree , hf_netmon_network_info_link_speed , tvb , offset , 8 , link_speed , " % " G_GINT64_MODIFIER " u Mbps " , link_speed / ( 1000 * 1000 ) ) ;
}
2018-04-23 18:44:29 +00:00
else if ( link_speed > = 1000 )
2017-08-31 16:45:46 +00:00
{
proto_tree_add_uint64_format_value ( adapter_tree , hf_netmon_network_info_link_speed , tvb , offset , 8 , link_speed , " % " G_GINT64_MODIFIER " u Kbps " , link_speed / 1000 ) ;
}
else
{
proto_tree_add_uint64_format_value ( adapter_tree , hf_netmon_network_info_link_speed , tvb , offset , 8 , link_speed , " % " G_GINT64_MODIFIER " u bps " , link_speed ) ;
}
offset + = 8 ;
proto_tree_add_item ( adapter_tree , hf_netmon_network_info_mac_address , tvb , offset , 6 , ENC_NA ) ;
offset + = 6 ;
proto_tree_add_item_ret_uint ( adapter_tree , hf_netmon_network_info_ipv4_count , tvb , offset , 2 , ENC_BIG_ENDIAN , & ipv4_count ) ;
offset + = 2 ;
proto_tree_add_item_ret_uint ( adapter_tree , hf_netmon_network_info_ipv6_count , tvb , offset , 2 , ENC_BIG_ENDIAN , & ipv6_count ) ;
offset + = 2 ;
proto_tree_add_item_ret_uint ( adapter_tree , hf_netmon_network_info_gateway_count , tvb , offset , 2 , ENC_BIG_ENDIAN , & gateway_count ) ;
offset + = 2 ;
proto_tree_add_item_ret_uint ( adapter_tree , hf_netmon_network_info_dhcp_server_count , tvb , offset , 2 , ENC_BIG_ENDIAN , & dhcp_server_count ) ;
offset + = 2 ;
proto_tree_add_item_ret_uint ( adapter_tree , hf_netmon_network_info_dns_ipv4_count , tvb , offset , 2 , ENC_BIG_ENDIAN , & dns_ipv4_count ) ;
offset + = 2 ;
proto_tree_add_item_ret_uint ( adapter_tree , hf_netmon_network_info_dns_ipv6_count , tvb , offset , 2 , ENC_BIG_ENDIAN , & dns_ipv6_count ) ;
offset + = 2 ;
for ( loop = 0 ; loop < ipv4_count ; loop + + )
{
proto_tree_add_item ( adapter_tree , hf_netmon_network_info_ipv4 , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
offset + = 4 ;
}
for ( loop = 0 ; loop < ipv4_count ; loop + + )
{
proto_tree_add_item ( adapter_tree , hf_netmon_network_info_subnet , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
offset + = 4 ;
}
for ( loop = 0 ; loop < ipv6_count ; loop + + )
{
proto_tree_add_item ( adapter_tree , hf_netmon_network_info_ipv6 , tvb , offset , 16 , ENC_NA ) ;
offset + = 16 ;
}
for ( loop = 0 ; loop < gateway_count ; loop + + )
{
proto_tree_add_item ( adapter_tree , hf_netmon_network_info_gateway , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
offset + = 4 ;
}
for ( loop = 0 ; loop < dhcp_server_count ; loop + + )
{
proto_tree_add_item ( adapter_tree , hf_netmon_network_info_dhcp_server , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
offset + = 4 ;
}
for ( loop = 0 ; loop < dns_ipv4_count ; loop + + )
{
proto_tree_add_item ( adapter_tree , hf_netmon_network_info_dns_ipv4 , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
offset + = 4 ;
}
for ( loop = 0 ; loop < dns_ipv6_count ; loop + + )
{
proto_tree_add_item ( adapter_tree , hf_netmon_network_info_dns_ipv6 , tvb , offset , 16 , ENC_NA ) ;
offset + = 16 ;
}
proto_item_set_len ( adapter_item , offset - adapter_start_offset ) ;
}
proto_item_set_len ( list_item , offset - list_start_offset ) ;
}
return tvb_captured_length ( tvb ) ;
}
2017-09-05 00:36:00 +00:00
static int
dissect_netmon_system_trace ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * tree , void * data _U_ )
{
proto_item * ti ;
proto_tree * system_tree ;
int offset = 0 ;
struct netmon_provider_id_data * provider_id_data = ( struct netmon_provider_id_data * ) data ;
guint length ;
nstime_t timestamp ;
2017-09-06 20:54:40 +00:00
guint64 raw_timestamp ;
2017-09-05 00:36:00 +00:00
DISSECTOR_ASSERT ( provider_id_data ! = NULL ) ;
col_set_str ( pinfo - > cinfo , COL_PROTOCOL , " NetMon System Trace " ) ;
col_clear ( pinfo - > cinfo , COL_INFO ) ;
ti = proto_tree_add_item ( tree , proto_netmon_system_trace , tvb , 0 , - 1 , ENC_NA ) ;
system_tree = proto_item_add_subtree ( ti , ett_netmon_system_trace ) ;
2017-09-06 18:45:54 +00:00
switch ( provider_id_data - > opcode )
2017-09-05 00:36:00 +00:00
{
case 0 :
proto_tree_add_item ( system_tree , hf_netmon_system_trace_buffer_size , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_trace_version , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_trace_provider_version , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_trace_num_processors , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
2017-09-06 20:54:40 +00:00
raw_timestamp = tvb_get_letoh64 ( tvb , offset ) ;
if ( raw_timestamp ! = 0 )
{
timestamp . secs = 0 ;
timestamp . nsecs = 0 ;
filetime_to_nstime ( & timestamp , raw_timestamp ) ;
proto_tree_add_time ( system_tree , hf_netmon_system_trace_end_time , tvb , offset , 8 , & timestamp ) ;
}
else
{
proto_tree_add_time_format_value ( system_tree , hf_netmon_system_trace_end_time , tvb , offset , 8 , & timestamp , " (None) " ) ;
}
2017-09-05 00:36:00 +00:00
offset + = 8 ;
proto_tree_add_item ( system_tree , hf_netmon_system_trace_timer_resolution , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_trace_max_file_size , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_trace_log_file_mode , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_trace_buffers_written , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_trace_start_buffers , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_trace_pointers_size , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_trace_events_lost , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_trace_cpu_speed , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
netmon_etl_field ( system_tree , tvb , & offset , hf_netmon_system_trace_logger_name , provider_id_data - > event_flags ) ;
netmon_etl_field ( system_tree , tvb , & offset , hf_netmon_system_trace_log_file_name_ptr , provider_id_data - > event_flags ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_trace_time_zone_info , tvb , offset , 176 , ENC_NA ) ;
offset + = 176 ;
timestamp . secs = 0 ;
timestamp . nsecs = 0 ;
filetime_to_nstime ( & timestamp , tvb_get_letoh64 ( tvb , offset ) ) ;
proto_tree_add_time ( system_tree , hf_netmon_system_trace_boot_time , tvb , offset , 8 , & timestamp ) ;
offset + = 8 ;
proto_tree_add_item ( system_tree , hf_netmon_system_trace_perf_freq , tvb , offset , 8 , ENC_LITTLE_ENDIAN ) ;
offset + = 8 ;
timestamp . secs = 0 ;
timestamp . nsecs = 0 ;
filetime_to_nstime ( & timestamp , tvb_get_letoh64 ( tvb , offset ) ) ;
proto_tree_add_time ( system_tree , hf_netmon_system_trace_start_time , tvb , offset , 8 , & timestamp ) ;
offset + = 8 ;
proto_tree_add_item ( system_tree , hf_netmon_system_trace_reserved_flags , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_trace_buffers_lost , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_trace_session_name , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = length ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_trace_log_file_name , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
break ;
case 5 :
case 32 :
proto_tree_add_item ( system_tree , hf_netmon_system_trace_group_mask1 , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_trace_group_mask2 , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_trace_group_mask3 , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_trace_group_mask4 , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_trace_group_mask5 , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_trace_group_mask6 , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_trace_group_mask7 , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_trace_group_mask8 , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_trace_kernel_event_version , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
break ;
case 8 : // EventTrace_RDComplete
break ;
}
return tvb_captured_length ( tvb ) ;
}
2017-09-07 20:16:52 +00:00
static int
dissect_netmon_system_config ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * tree , void * data _U_ )
2017-08-29 01:40:31 +00:00
{
2017-09-07 20:16:52 +00:00
proto_item * ti ;
proto_tree * system_tree ;
int offset = 0 ;
struct netmon_provider_id_data * provider_id_data = ( struct netmon_provider_id_data * ) data ;
guint length ;
guint32 field1 , field2 ;
const guint8 * str_field1 , * str_field2 , * str_field3 , * str_field4 ;
2017-08-25 19:29:17 +00:00
2017-09-07 20:16:52 +00:00
DISSECTOR_ASSERT ( provider_id_data ! = NULL ) ;
2017-08-25 19:29:17 +00:00
2017-09-07 20:16:52 +00:00
col_set_str ( pinfo - > cinfo , COL_PROTOCOL , " NetMon System Config " ) ;
col_clear ( pinfo - > cinfo , COL_INFO ) ;
2017-08-29 01:40:31 +00:00
2017-09-07 20:16:52 +00:00
ti = proto_tree_add_item ( tree , proto_netmon_system_config , tvb , 0 , - 1 , ENC_NA ) ;
system_tree = proto_item_add_subtree ( ti , ett_netmon_system_config ) ;
2017-08-31 16:45:46 +00:00
2017-09-07 20:16:52 +00:00
switch ( provider_id_data - > event_version )
{
// SystemConfig_V0
case 0 :
switch ( provider_id_data - > opcode )
{
case 10 :
proto_tree_add_item_ret_uint ( system_tree , hf_netmon_system_config_mhz , tvb , offset , 4 , ENC_LITTLE_ENDIAN , & field1 ) ;
offset + = 4 ;
proto_tree_add_item_ret_uint ( system_tree , hf_netmon_system_config_num_processors , tvb , offset , 4 , ENC_LITTLE_ENDIAN , & field2 ) ;
offset + = 4 ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " Processors: %u, (%u MHz) " , field2 , field1 ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_mem_size , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_page_size , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_allocation_granularity , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_computer_name , tvb , offset , 512 , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = 512 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_domain_name , tvb , offset , 264 , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = 264 ;
netmon_etl_field ( system_tree , tvb , & offset , hf_netmon_system_config_hyper_threading_flag , provider_id_data - > event_flags ) ;
break ;
case 11 :
proto_tree_add_item ( system_tree , hf_netmon_system_config_disk_number , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_bytes_per_sector , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_sectors_per_track , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_tracks_per_cylinder , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_cylinders , tvb , offset , 8 , ENC_LITTLE_ENDIAN ) ;
offset + = 8 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_scsi_port , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_scsi_path , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_scsi_target , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_scsi_lun , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_manufacturer , tvb , offset , 512 , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field1 ) ;
offset + = 512 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_partition_count , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_write_cache_enabled , tvb , offset , 1 , ENC_LITTLE_ENDIAN ) ;
offset + = 1 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_pad , tvb , offset , 1 , ENC_NA ) ;
offset + = 1 ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_boot_drive_letter , tvb , offset , 6 , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field2 ) ;
offset + = 6 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_spare , tvb , offset , 4 , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = 4 ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " Manufacturer: %s, BootDriveLetter: %s " , str_field1 , str_field2 ) ;
break ;
case 12 :
proto_tree_add_item ( system_tree , hf_netmon_system_config_start_offset , tvb , offset , 8 , ENC_LITTLE_ENDIAN ) ;
offset + = 8 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_partition_size , tvb , offset , 8 , ENC_LITTLE_ENDIAN ) ;
offset + = 8 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_disk_number , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_size , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_drive_type , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_drive_letter , tvb , offset , 8 , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field1 ) ;
offset + = 8 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_pad , tvb , offset , 4 , ENC_NA ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_partition_number , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_sectors_per_cluster , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_bytes_per_sector , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_pad , tvb , offset , 4 , ENC_NA ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_num_free_clusters , tvb , offset , 8 , ENC_LITTLE_ENDIAN ) ;
offset + = 8 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_total_num_clusters , tvb , offset , 8 , ENC_LITTLE_ENDIAN ) ;
offset + = 8 ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_file_system , tvb , offset , 32 , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field2 ) ;
offset + = 32 ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " Drive: %s, FileSystem: %s " , str_field1 , str_field2 ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_volume_ext , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
break ;
case 13 :
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_nic_name , tvb , offset , 512 , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field1 ) ;
offset + = 512 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_index , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_physical_addr_len , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_physical_addr_str , tvb , offset , 16 , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = 16 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_size , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_ip_address , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " NIC: %s, Address: %s " , str_field1 , tvb_ip_to_str ( tvb , offset ) ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_subnet_mask , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_dhcp_server , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_gateway , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_primary_wins_server , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_secondary_wins_server , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_dns_server1 , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_dns_server2 , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_dns_server3 , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_dns_server4 , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_data , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
break ;
case 14 :
proto_tree_add_item ( system_tree , hf_netmon_system_config_memory_size , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_x_resolution , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_y_resolution , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_bits_per_pixel , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_vrefresh , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_chip_type , tvb , offset , 512 , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field1 ) ;
offset + = 512 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_dac_type , tvb , offset , 512 , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = 512 ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_adapter_string , tvb , offset , 512 , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field2 ) ;
offset + = 512 ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_bios_string , tvb , offset , 512 , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field3 ) ;
offset + = 512 ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " Chip: %s, Adapter: %s, Bios: %s " , str_field1 , str_field2 , str_field3 ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_device_id , tvb , offset , 512 , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = 512 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_state_flags , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
break ;
case 15 :
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_service_name , tvb , offset , 68 , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field1 ) ;
offset + = 68 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_display_name , tvb , offset , 512 , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = 512 ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_process_name , tvb , offset , 68 , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field2 ) ;
offset + = 68 ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " Service: %s, Process: %s " , str_field1 , str_field2 ) ;
proto_tree_add_item_ret_uint ( system_tree , hf_netmon_system_config_process_id , tvb , offset , 4 , ENC_LITTLE_ENDIAN , & field1 ) ;
offset + = 4 ;
break ;
case 16 :
proto_tree_add_item ( system_tree , hf_netmon_system_config_s1 , tvb , offset , 1 , ENC_LITTLE_ENDIAN ) ;
offset + = 1 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_s2 , tvb , offset , 1 , ENC_LITTLE_ENDIAN ) ;
offset + = 1 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_s3 , tvb , offset , 1 , ENC_LITTLE_ENDIAN ) ;
offset + = 1 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_s4 , tvb , offset , 1 , ENC_LITTLE_ENDIAN ) ;
offset + = 1 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_s5 , tvb , offset , 1 , ENC_LITTLE_ENDIAN ) ;
offset + = 1 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_pad , tvb , offset , 3 , ENC_NA ) ;
offset + = 3 ;
break ;
case 21 :
proto_tree_add_item ( system_tree , hf_netmon_system_config_irq_affinity , tvb , offset , 8 , ENC_LITTLE_ENDIAN ) ;
offset + = 8 ;
proto_tree_add_item_ret_uint ( system_tree , hf_netmon_system_config_irq_num , tvb , offset , 4 , ENC_LITTLE_ENDIAN , & field1 ) ;
offset + = 4 ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " IRQ: %u " , field1 ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_device_desc_len , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
/* XXX - can we trust size above? */
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_device_desc , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = length ;
break ;
case 22 :
proto_tree_add_item ( system_tree , hf_netmon_system_config_device_id_len , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_device_desc_len , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_friendly_name_len , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
/* XXX - can we trust sizes above? */
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_device_id , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field1 ) ;
offset + = length ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_device_desc , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = length ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_friendly_name , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field2 ) ;
offset + = length ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " ID: %s, Name: %s " , str_field1 , str_field2 ) ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_pdo_name , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = length ;
break ;
}
break ;
// SystemConfig_V1
case 1 :
switch ( provider_id_data - > opcode )
{
case 10 :
proto_tree_add_item_ret_uint ( system_tree , hf_netmon_system_config_mhz , tvb , offset , 4 , ENC_LITTLE_ENDIAN , & field1 ) ;
offset + = 4 ;
proto_tree_add_item_ret_uint ( system_tree , hf_netmon_system_config_num_processors , tvb , offset , 4 , ENC_LITTLE_ENDIAN , & field2 ) ;
offset + = 4 ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " Processors: %u, (%u MHz) " , field2 , field1 ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_mem_size , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_page_size , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_allocation_granularity , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_computer_name , tvb , offset , 512 , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = 512 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_domain_name , tvb , offset , 264 , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = 264 ;
netmon_etl_field ( system_tree , tvb , & offset , hf_netmon_system_config_hyper_threading_flag , provider_id_data - > event_flags ) ;
break ;
case 11 :
proto_tree_add_item ( system_tree , hf_netmon_system_config_disk_number , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_bytes_per_sector , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_sectors_per_track , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_tracks_per_cylinder , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_cylinders , tvb , offset , 8 , ENC_LITTLE_ENDIAN ) ;
offset + = 8 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_scsi_port , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_scsi_path , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_scsi_target , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_scsi_lun , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_manufacturer , tvb , offset , 512 , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field1 ) ;
offset + = 512 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_partition_count , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_write_cache_enabled , tvb , offset , 1 , ENC_LITTLE_ENDIAN ) ;
offset + = 1 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_pad , tvb , offset , 1 , ENC_NA ) ;
offset + = 1 ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_boot_drive_letter , tvb , offset , 6 , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field2 ) ;
offset + = 6 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_spare , tvb , offset , 4 , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = 4 ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " Manufacturer: %s, BootDriveLetter: %s " , str_field1 , str_field2 ) ;
break ;
case 12 :
proto_tree_add_item ( system_tree , hf_netmon_system_config_start_offset , tvb , offset , 8 , ENC_LITTLE_ENDIAN ) ;
offset + = 8 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_partition_size , tvb , offset , 8 , ENC_LITTLE_ENDIAN ) ;
offset + = 8 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_disk_number , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_size , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_drive_type , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_drive_letter , tvb , offset , 8 , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field1 ) ;
offset + = 8 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_pad , tvb , offset , 4 , ENC_NA ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_partition_number , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_sectors_per_cluster , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_bytes_per_sector , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_pad , tvb , offset , 4 , ENC_NA ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_num_free_clusters , tvb , offset , 8 , ENC_LITTLE_ENDIAN ) ;
offset + = 8 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_total_num_clusters , tvb , offset , 8 , ENC_LITTLE_ENDIAN ) ;
offset + = 8 ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_file_system , tvb , offset , 32 , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field2 ) ;
offset + = 32 ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " Drive: %s, FileSystem: %s " , str_field1 , str_field2 ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_volume_ext , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
break ;
case 13 :
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_nic_name , tvb , offset , 512 , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field1 ) ;
offset + = 512 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_index , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_physical_addr_len , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_physical_addr_str , tvb , offset , 16 , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = 16 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_size , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_ip_address , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " NIC: %s, Address: %s " , str_field1 , tvb_ip_to_str ( tvb , offset ) ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_subnet_mask , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_dhcp_server , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_gateway , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_primary_wins_server , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_secondary_wins_server , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_dns_server1 , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_dns_server2 , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_dns_server3 , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_dns_server4 , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_data , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
break ;
case 14 :
proto_tree_add_item ( system_tree , hf_netmon_system_config_memory_size , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_x_resolution , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_y_resolution , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_bits_per_pixel , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_vrefresh , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_chip_type , tvb , offset , 512 , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field1 ) ;
offset + = 512 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_dac_type , tvb , offset , 512 , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = 512 ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_adapter_string , tvb , offset , 512 , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field2 ) ;
offset + = 512 ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_bios_string , tvb , offset , 512 , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field3 ) ;
offset + = 512 ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " Chip: %s, Adapter: %s, Bios: %s " , str_field1 , str_field2 , str_field3 ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_device_id , tvb , offset , 512 , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = 512 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_state_flags , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
break ;
case 15 :
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_service_name , tvb , offset , 68 , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field1 ) ;
offset + = 68 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_display_name , tvb , offset , 512 , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = 512 ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_process_name , tvb , offset , 68 , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field2 ) ;
offset + = 68 ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " Service: %s, Process: %s " , str_field1 , str_field2 ) ;
proto_tree_add_item_ret_uint ( system_tree , hf_netmon_system_config_process_id , tvb , offset , 4 , ENC_LITTLE_ENDIAN , & field1 ) ;
offset + = 4 ;
break ;
case 16 :
proto_tree_add_item ( system_tree , hf_netmon_system_config_s1 , tvb , offset , 1 , ENC_LITTLE_ENDIAN ) ;
offset + = 1 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_s2 , tvb , offset , 1 , ENC_LITTLE_ENDIAN ) ;
offset + = 1 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_s3 , tvb , offset , 1 , ENC_LITTLE_ENDIAN ) ;
offset + = 1 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_s4 , tvb , offset , 1 , ENC_LITTLE_ENDIAN ) ;
offset + = 1 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_s5 , tvb , offset , 1 , ENC_LITTLE_ENDIAN ) ;
offset + = 1 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_pad , tvb , offset , 3 , ENC_NA ) ;
offset + = 3 ;
break ;
case 21 :
proto_tree_add_item ( system_tree , hf_netmon_system_config_irq_affinity , tvb , offset , 8 , ENC_LITTLE_ENDIAN ) ;
offset + = 8 ;
proto_tree_add_item_ret_uint ( system_tree , hf_netmon_system_config_irq_num , tvb , offset , 4 , ENC_LITTLE_ENDIAN , & field1 ) ;
offset + = 4 ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " IRQ: %u " , field1 ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_device_desc_len , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
/* XXX - can we trust size above? */
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_device_desc , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = length ;
break ;
case 22 :
proto_tree_add_item ( system_tree , hf_netmon_system_config_device_id_len , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_device_desc_len , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_friendly_name_len , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
/* XXX - can we trust sizes above? */
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_device_id , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field1 ) ;
offset + = length ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_device_desc , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = length ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_friendly_name , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field2 ) ;
offset + = length ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " ID: %s, Name: %s " , str_field1 , str_field2 ) ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_pdo_name , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = length ;
break ;
}
break ;
// SystemConfig_V2
case 2 :
switch ( provider_id_data - > opcode )
{
case 10 :
proto_tree_add_item_ret_uint ( system_tree , hf_netmon_system_config_mhz , tvb , offset , 4 , ENC_LITTLE_ENDIAN , & field1 ) ;
offset + = 4 ;
proto_tree_add_item_ret_uint ( system_tree , hf_netmon_system_config_num_processors , tvb , offset , 4 , ENC_LITTLE_ENDIAN , & field2 ) ;
offset + = 4 ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " Processors: %u, (%u MHz) " , field2 , field1 ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_mem_size , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_page_size , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_allocation_granularity , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_computer_name , tvb , offset , 512 , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = 512 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_domain_name , tvb , offset , 268 , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = 268 ;
netmon_etl_field ( system_tree , tvb , & offset , hf_netmon_system_config_hyper_threading_flag , provider_id_data - > event_flags ) ;
break ;
case 11 :
proto_tree_add_item ( system_tree , hf_netmon_system_config_disk_number , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_bytes_per_sector , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_sectors_per_track , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_tracks_per_cylinder , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_cylinders , tvb , offset , 8 , ENC_LITTLE_ENDIAN ) ;
offset + = 8 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_scsi_port , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_scsi_path , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_scsi_target , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_scsi_lun , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_manufacturer , tvb , offset , 512 , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field1 ) ;
offset + = 512 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_partition_count , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_write_cache_enabled , tvb , offset , 1 , ENC_LITTLE_ENDIAN ) ;
offset + = 1 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_pad , tvb , offset , 1 , ENC_NA ) ;
offset + = 1 ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_boot_drive_letter , tvb , offset , 6 , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field2 ) ;
offset + = 6 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_spare , tvb , offset , 4 , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = 4 ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " Manufacturer: %s, BootDriveLetter: %s " , str_field1 , str_field2 ) ;
break ;
case 12 :
proto_tree_add_item ( system_tree , hf_netmon_system_config_start_offset , tvb , offset , 8 , ENC_LITTLE_ENDIAN ) ;
offset + = 8 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_partition_size , tvb , offset , 8 , ENC_LITTLE_ENDIAN ) ;
offset + = 8 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_disk_number , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_size , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_drive_type , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_drive_letter , tvb , offset , 8 , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field1 ) ;
offset + = 8 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_pad , tvb , offset , 4 , ENC_NA ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_partition_number , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_sectors_per_cluster , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_bytes_per_sector , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_pad , tvb , offset , 4 , ENC_NA ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_num_free_clusters , tvb , offset , 8 , ENC_LITTLE_ENDIAN ) ;
offset + = 8 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_total_num_clusters , tvb , offset , 8 , ENC_LITTLE_ENDIAN ) ;
offset + = 8 ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_file_system , tvb , offset , 32 , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field2 ) ;
offset + = 32 ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " Drive: %s, FileSystem: %s " , str_field1 , str_field2 ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_volume_ext , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_pad , tvb , offset , 4 , ENC_NA ) ;
offset + = 4 ;
break ;
case 13 :
proto_tree_add_item ( system_tree , hf_netmon_system_config_physical_addr , tvb , offset , 8 , ENC_LITTLE_ENDIAN ) ;
offset + = 8 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_physical_addr_len , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_ipv4_index , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_ipv6_index , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_nic_description , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = length ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_ipaddresses , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field1 ) ;
offset + = length ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " IP Addresses: %s " , str_field1 ) ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_dns_server_addresses , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = length ;
break ;
case 14 :
proto_tree_add_item ( system_tree , hf_netmon_system_config_memory_size , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_x_resolution , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_y_resolution , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_bits_per_pixel , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_vrefresh , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_chip_type , tvb , offset , 512 , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field1 ) ;
offset + = 512 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_dac_type , tvb , offset , 512 , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = 512 ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_adapter_string , tvb , offset , 512 , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field2 ) ;
offset + = 512 ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_bios_string , tvb , offset , 512 , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field3 ) ;
offset + = 512 ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " Chip: %s, Adapter: %s, Bios: %s " , str_field1 , str_field2 , str_field3 ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_device_id , tvb , offset , 512 , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = 512 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_state_flags , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
break ;
case 15 :
proto_tree_add_item ( system_tree , hf_netmon_system_config_process_id , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_service_state , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_sub_process_tag , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_service_name , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field1 ) ;
offset + = length ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_display_name , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = length ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_process_name , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field2 ) ;
offset + = length ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " Service: %s, Process: %s " , str_field1 , str_field2 ) ;
break ;
case 16 :
proto_tree_add_item ( system_tree , hf_netmon_system_config_s1 , tvb , offset , 1 , ENC_LITTLE_ENDIAN ) ;
offset + = 1 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_s2 , tvb , offset , 1 , ENC_LITTLE_ENDIAN ) ;
offset + = 1 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_s3 , tvb , offset , 1 , ENC_LITTLE_ENDIAN ) ;
offset + = 1 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_s4 , tvb , offset , 1 , ENC_LITTLE_ENDIAN ) ;
offset + = 1 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_s5 , tvb , offset , 1 , ENC_LITTLE_ENDIAN ) ;
offset + = 1 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_pad , tvb , offset , 3 , ENC_NA ) ;
offset + = 3 ;
break ;
case 17 :
proto_tree_add_item ( system_tree , hf_netmon_system_config_tcb_table_partitions , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_max_hash_table_size , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item_ret_uint ( system_tree , hf_netmon_system_config_max_user_port , tvb , offset , 4 , ENC_LITTLE_ENDIAN , & field1 ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_tcp_timed_wait_delay , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " MaxUserPort: %u " , field1 ) ;
break ;
case 21 :
proto_tree_add_item ( system_tree , hf_netmon_system_config_irq_affinity , tvb , offset , 8 , ENC_LITTLE_ENDIAN ) ;
offset + = 8 ;
proto_tree_add_item_ret_uint ( system_tree , hf_netmon_system_config_irq_num , tvb , offset , 4 , ENC_LITTLE_ENDIAN , & field1 ) ;
offset + = 4 ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " IRQ: %u " , field1 ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_device_desc_len , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
/* XXX - can we trust size above? */
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_device_desc , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = length ;
break ;
case 22 :
proto_tree_add_item ( system_tree , hf_netmon_system_config_device_id_len , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_device_desc_len , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_friendly_name_len , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
/* XXX - can we trust sizes above? */
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_device_id , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field1 ) ;
offset + = length ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_device_desc , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = length ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_friendly_name , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field2 ) ;
offset + = length ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " ID: %s, Name: %s " , str_field1 , str_field2 ) ;
break ;
case 23 :
proto_tree_add_item ( system_tree , hf_netmon_system_config_target_id , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_device_type , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_device_timing_mode , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_location_information_len , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_location_information , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field1 ) ;
offset + = length ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " Location: %s " , str_field1 ) ;
break ;
case 25 :
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_system_manufacturer , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field1 ) ;
offset + = length ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_system_product_name , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field2 ) ;
offset + = length ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_bios_date , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field3 ) ;
offset + = length ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_bios_version , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field4 ) ;
offset + = length ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " Manufacturer: %s, ProductName: %s, BiosDate: %s, BiosVersion: %s " , str_field1 , str_field2 , str_field3 , str_field4 ) ;
break ;
}
break ;
// SystemConfig_V3
case 3 :
switch ( provider_id_data - > opcode )
{
case 15 :
proto_tree_add_item_ret_uint ( system_tree , hf_netmon_system_config_process_id , tvb , offset , 4 , ENC_LITTLE_ENDIAN , & field1 ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_service_state , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_sub_process_tag , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_service_name , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field1 ) ;
offset + = length ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " Service: %s, (PID=%d) " , str_field1 , field1 ) ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_display_name , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = length ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_process_name , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = length ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_load_order_group , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = length ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_svc_host_group , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = length ;
break ;
case 21 :
proto_tree_add_item ( system_tree , hf_netmon_system_config_irq_affinity , tvb , offset , 8 , ENC_LITTLE_ENDIAN ) ;
offset + = 8 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_irq_group , tvb , offset , 2 , ENC_LITTLE_ENDIAN ) ;
offset + = 2 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_pad , tvb , offset , 2 , ENC_NA ) ;
offset + = 2 ;
proto_tree_add_item_ret_uint ( system_tree , hf_netmon_system_config_irq_num , tvb , offset , 4 , ENC_LITTLE_ENDIAN , & field1 ) ;
offset + = 4 ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " IRQ: %u " , field1 ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_device_desc_len , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
/* XXX - can we trust size above? */
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_device_desc , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = length ;
break ;
case 22 :
proto_tree_add_item ( system_tree , hf_netmon_system_config_device_id_len , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_device_desc_len , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_friendly_name_len , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
/* XXX - can we trust sizes above? */
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_device_id , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field1 ) ;
offset + = length ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_device_desc , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = length ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item_ret_string ( system_tree , hf_netmon_system_config_friendly_name , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 , wmem_packet_scope ( ) , & str_field2 ) ;
offset + = length ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " ID: %s, Name: %s " , str_field1 , str_field2 ) ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item ( system_tree , hf_netmon_system_config_pdo_name , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = length ;
break ;
}
break ;
}
return offset ;
}
static int
dissect_netmon_process ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * tree , void * data _U_ )
{
proto_item * ti ;
proto_tree * process_tree ;
int offset = 0 ;
struct netmon_provider_id_data * provider_id_data = ( struct netmon_provider_id_data * ) data ;
guint length ;
const guint8 * filename ;
DISSECTOR_ASSERT ( provider_id_data ! = NULL ) ;
col_set_str ( pinfo - > cinfo , COL_PROTOCOL , " NetMon Process " ) ;
col_clear ( pinfo - > cinfo , COL_INFO ) ;
ti = proto_tree_add_item ( tree , proto_netmon_process , tvb , 0 , - 1 , ENC_NA ) ;
process_tree = proto_item_add_subtree ( ti , ett_netmon_process ) ;
switch ( provider_id_data - > event_version )
{
case 0 :
switch ( provider_id_data - > opcode )
{
case 1 :
case 2 :
case 3 :
case 4 :
proto_tree_add_item ( process_tree , hf_netmon_process_process_id , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( process_tree , hf_netmon_process_parent_id , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
netmon_sid_field ( process_tree , tvb , & offset , pinfo , hf_netmon_process_user_sid_revision ,
hf_netmon_process_user_sid_subauth_count , hf_netmon_process_user_sid_id , hf_netmon_process_user_sid_authority ,
& ei_netmon_process_user_sid , FALSE ) ;
length = tvb_strsize ( tvb , offset ) ;
proto_tree_add_item_ret_string ( process_tree , hf_netmon_process_image_file_name , tvb , offset , length , ENC_NA | ENC_ASCII ,
wmem_packet_scope ( ) , & filename ) ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " Filename: %s " , filename ) ;
offset + = length ;
break ;
}
break ;
case 1 :
switch ( provider_id_data - > opcode )
{
case 1 :
case 2 :
case 3 :
case 4 :
netmon_etl_field ( process_tree , tvb , & offset , hf_netmon_process_page_directory_base , provider_id_data - > event_flags ) ;
proto_tree_add_item ( process_tree , hf_netmon_process_process_id , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( process_tree , hf_netmon_process_parent_id , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( process_tree , hf_netmon_process_session_id , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( process_tree , hf_netmon_process_exit_status , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
netmon_sid_field ( process_tree , tvb , & offset , pinfo , hf_netmon_process_user_sid_revision ,
hf_netmon_process_user_sid_subauth_count , hf_netmon_process_user_sid_id , hf_netmon_process_user_sid_authority ,
& ei_netmon_process_user_sid , FALSE ) ;
length = tvb_strsize ( tvb , offset ) ;
proto_tree_add_item_ret_string ( process_tree , hf_netmon_process_image_file_name , tvb , offset , length , ENC_NA | ENC_ASCII ,
wmem_packet_scope ( ) , & filename ) ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " Filename: %s " , filename ) ;
offset + = length ;
break ;
}
break ;
case 2 :
switch ( provider_id_data - > opcode )
{
case 1 :
case 2 :
case 3 :
case 4 :
case 39 :
netmon_etl_field ( process_tree , tvb , & offset , hf_netmon_process_unique_process_key , provider_id_data - > event_flags ) ;
proto_tree_add_item ( process_tree , hf_netmon_process_process_id , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( process_tree , hf_netmon_process_parent_id , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( process_tree , hf_netmon_process_session_id , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( process_tree , hf_netmon_process_exit_status , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
if ( provider_id_data - > event_flags & EVENT_HEADER_FLAG_64_BIT_HEADER )
{
proto_tree_add_item ( process_tree , hf_netmon_process_unknown , tvb , offset , 16 , ENC_NA ) ;
offset + = 16 ;
}
else
{
proto_tree_add_item ( process_tree , hf_netmon_process_unknown , tvb , offset , 8 , ENC_NA ) ;
offset + = 8 ;
}
netmon_sid_field ( process_tree , tvb , & offset , pinfo , hf_netmon_process_user_sid_revision ,
hf_netmon_process_user_sid_subauth_count , hf_netmon_process_user_sid_id , hf_netmon_process_user_sid_authority ,
& ei_netmon_process_user_sid , FALSE ) ;
length = tvb_strsize ( tvb , offset ) ;
proto_tree_add_item_ret_string ( process_tree , hf_netmon_process_image_file_name , tvb , offset , length , ENC_NA | ENC_ASCII ,
wmem_packet_scope ( ) , & filename ) ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " Filename: %s " , filename ) ;
offset + = length ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item ( process_tree , hf_netmon_process_command_line , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = length ;
break ;
case 32 :
case 33 :
proto_tree_add_item ( process_tree , hf_netmon_process_process_id , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( process_tree , hf_netmon_process_page_fault_count , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( process_tree , hf_netmon_process_handle_count , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( process_tree , hf_netmon_process_reserved , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( process_tree , hf_netmon_process_peak_virtual_size , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( process_tree , hf_netmon_process_peak_working_set_size , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( process_tree , hf_netmon_process_peak_page_file_usage , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( process_tree , hf_netmon_process_quota_peak_paged_pool_usage , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( process_tree , hf_netmon_process_quota_peak_non_paged_pool_usage , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( process_tree , hf_netmon_process_virtual_size , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( process_tree , hf_netmon_process_workingset_size , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( process_tree , hf_netmon_process_pagefile_usage , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( process_tree , hf_netmon_process_quota_paged_pool_usage , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( process_tree , hf_netmon_process_quota_non_paged_pool_usage , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( process_tree , hf_netmon_process_private_page_count , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
break ;
case 35 :
proto_tree_add_item ( process_tree , hf_netmon_process_process_id , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( process_tree , hf_netmon_process_directory_table_base32 , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
break ;
}
break ;
case 3 :
switch ( provider_id_data - > opcode )
{
case 1 :
case 2 :
case 3 :
case 4 :
case 39 :
netmon_etl_field ( process_tree , tvb , & offset , hf_netmon_process_unique_process_key , provider_id_data - > event_flags ) ;
proto_tree_add_item ( process_tree , hf_netmon_process_process_id , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( process_tree , hf_netmon_process_parent_id , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( process_tree , hf_netmon_process_session_id , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
proto_tree_add_item ( process_tree , hf_netmon_process_exit_status , tvb , offset , 4 , ENC_LITTLE_ENDIAN ) ;
offset + = 4 ;
netmon_etl_field ( process_tree , tvb , & offset , hf_netmon_process_directory_table_base , provider_id_data - > event_flags ) ;
if ( provider_id_data - > event_flags & EVENT_HEADER_FLAG_64_BIT_HEADER )
{
proto_tree_add_item ( process_tree , hf_netmon_process_unknown , tvb , offset , 16 , ENC_NA ) ;
offset + = 16 ;
}
else
{
proto_tree_add_item ( process_tree , hf_netmon_process_unknown , tvb , offset , 8 , ENC_NA ) ;
offset + = 8 ;
}
netmon_sid_field ( process_tree , tvb , & offset , pinfo , hf_netmon_process_user_sid_revision ,
hf_netmon_process_user_sid_subauth_count , hf_netmon_process_user_sid_id , hf_netmon_process_user_sid_authority ,
& ei_netmon_process_user_sid , FALSE ) ;
length = tvb_strsize ( tvb , offset ) ;
proto_tree_add_item_ret_string ( process_tree , hf_netmon_process_image_file_name , tvb , offset , length , ENC_NA | ENC_ASCII ,
wmem_packet_scope ( ) , & filename ) ;
col_add_fstr ( pinfo - > cinfo , COL_INFO , " Filename: %s " , filename ) ;
offset + = length ;
length = tvb_unicode_strsize ( tvb , offset ) ;
proto_tree_add_item ( process_tree , hf_netmon_process_command_line , tvb , offset , length , ENC_LITTLE_ENDIAN | ENC_UTF_16 ) ;
offset + = length ;
break ;
}
break ;
}
return tvb_captured_length ( tvb ) ;
}
void proto_register_netmon ( void )
{
static hf_register_info hf_header [ ] = {
{ & hf_netmon_header_title_comment ,
{ " Comment title " , " netmon_header.title_comment " ,
FT_STRING , BASE_NONE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_header_description_comment ,
{ " Comment description " , " netmon_header.description_comment " ,
FT_STRING , BASE_NONE , NULL , 0x0 , NULL , HFILL }
} ,
} ;
static hf_register_info hf_event [ ] = {
{ & hf_netmon_event_size ,
{ " Size " , " netmon_event.size " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_event_header_type ,
{ " Header type " , " netmon_event.header_type " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_event_flags ,
{ " Flags " , " netmon_event.flags " ,
FT_UINT16 , BASE_HEX , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_event_flags_extended_info ,
{ " Extended Info " , " netmon_event.flags.extended_info " ,
FT_BOOLEAN , 16 , TFS ( & tfs_present_not_present ) , EVENT_HEADER_FLAG_EXTENDED_INFO , NULL , HFILL }
} ,
{ & hf_netmon_event_flags_private_session ,
{ " Private Sessions " , " netmon_event.flags.private_session " ,
FT_BOOLEAN , 16 , TFS ( & tfs_yes_no ) , EVENT_HEADER_FLAG_PRIVATE_SESSION , NULL , HFILL }
} ,
{ & hf_netmon_event_flags_string_only ,
{ " Null-terminated Unicode string " , " netmon_event.flags.string_only " ,
FT_BOOLEAN , 16 , TFS ( & tfs_yes_no ) , EVENT_HEADER_FLAG_STRING_ONLY , NULL , HFILL }
} ,
{ & hf_netmon_event_flags_trace_message ,
{ " TraceMessage logged " , " netmon_event.flags.trace_message " ,
FT_BOOLEAN , 16 , TFS ( & tfs_yes_no ) , EVENT_HEADER_FLAG_TRACE_MESSAGE , NULL , HFILL }
} ,
{ & hf_netmon_event_flags_no_cputime ,
{ " Use ProcessorTime " , " netmon_event.flags.no_cputime " ,
FT_BOOLEAN , 16 , TFS ( & tfs_yes_no ) , EVENT_HEADER_FLAG_NO_CPUTIME , NULL , HFILL }
} ,
{ & hf_netmon_event_flags_32bit_header ,
{ " Provider running on 32-bit computer " , " netmon_event.flags.32bit_header " ,
FT_BOOLEAN , 16 , TFS ( & tfs_yes_no ) , EVENT_HEADER_FLAG_32_BIT_HEADER , NULL , HFILL }
} ,
{ & hf_netmon_event_flags_64bit_header ,
{ " Provider running on 64-bit computer " , " netmon_event.flags.64bit_header " ,
FT_BOOLEAN , 16 , TFS ( & tfs_yes_no ) , EVENT_HEADER_FLAG_64_BIT_HEADER , NULL , HFILL }
} ,
{ & hf_netmon_event_flags_classic_header ,
{ " Use TraceEvent " , " netmon_event.flags.classic_header " ,
FT_BOOLEAN , 16 , TFS ( & tfs_yes_no ) , EVENT_HEADER_FLAG_CLASSIC_HEADER , NULL , HFILL }
} ,
{ & hf_netmon_event_event_property ,
{ " Event property " , " netmon_event.event_property " ,
FT_UINT16 , BASE_HEX , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_event_event_property_xml ,
{ " Need manifest " , " netmon_event.event_property.xml " ,
FT_BOOLEAN , 16 , TFS ( & tfs_yes_no ) , EVENT_HEADER_PROPERTY_XML , NULL , HFILL }
} ,
{ & hf_netmon_event_event_property_forwarded_xml ,
{ " Event data contains fully-rendered XML " , " netmon_event.event_property.forwarded_xml " ,
FT_BOOLEAN , 16 , TFS ( & tfs_yes_no ) , EVENT_HEADER_PROPERTY_FORWARDED_XML , NULL , HFILL }
} ,
{ & hf_netmon_event_event_property_legacy_eventlog ,
{ " Need WMI MOF class " , " netmon_event.event_property.legacy_eventlog " ,
FT_BOOLEAN , 16 , TFS ( & tfs_yes_no ) , EVENT_HEADER_PROPERTY_LEGACY_EVENTLOG , NULL , HFILL }
} ,
{ & hf_netmon_event_thread_id ,
{ " Thread ID " , " netmon_event.thread_id " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_event_process_id ,
{ " Process ID " , " netmon_event.process_id " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_event_timestamp ,
{ " Timestamp " , " netmon_event.timestamp " ,
FT_ABSOLUTE_TIME , ABSOLUTE_TIME_LOCAL , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_event_provider_id ,
{ " Provider ID " , " netmon_event.provider_id " ,
FT_GUID , BASE_NONE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_event_event_desc_id ,
{ " ID " , " netmon_event.event_desc.id " ,
FT_UINT16 , BASE_DEC_HEX , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_event_event_desc_version ,
{ " Version " , " netmon_event.event_desc.version " ,
FT_UINT8 , BASE_DEC_HEX , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_event_event_desc_channel ,
{ " Channel " , " netmon_event.event_desc.channel " ,
FT_UINT8 , BASE_DEC_HEX , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_event_event_desc_level ,
{ " Level " , " netmon_event.event_desc.level " ,
FT_UINT8 , BASE_DEC , VALS ( event_level_vals ) , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_event_event_desc_opcode ,
{ " Opcode " , " netmon_event.event_desc.opcode " ,
FT_UINT8 , BASE_HEX , VALS ( opcode_vals ) , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_event_event_desc_task ,
{ " Task " , " netmon_event.event_desc.task " ,
FT_UINT16 , BASE_DEC_HEX , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_event_event_desc_keyword ,
{ " Keyword " , " netmon_event.event_desc.keyword " ,
FT_UINT64 , BASE_HEX , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_event_kernel_time ,
{ " Kernel time " , " netmon_event.kernel_time " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_event_user_time ,
{ " User time " , " netmon_event.user_time " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_event_processor_time ,
{ " Processor time " , " netmon_event.processor_time " ,
FT_UINT64 , BASE_DEC_HEX , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_event_activity_id ,
{ " Activity ID " , " netmon_event.activity_id " ,
FT_GUID , BASE_NONE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_event_processor_number ,
{ " Processor number " , " netmon_event.processor_number " ,
FT_UINT8 , BASE_DEC_HEX , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_event_alignment ,
{ " Alignment " , " netmon_event.alignment " ,
FT_UINT8 , BASE_DEC_HEX , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_event_logger_id ,
{ " Logger ID " , " netmon_event.logger_id " ,
FT_UINT16 , BASE_DEC_HEX , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_event_extended_data_count ,
{ " Extended data count " , " netmon_event.extended_data_count " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_event_user_data_length ,
{ " User data length " , " netmon_event.user_data_length " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_event_reassembled ,
{ " Reassembled " , " netmon_event.reassembled " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_event_extended_data_reserved ,
{ " Reserved " , " netmon_event.extended_data.reserved " ,
FT_UINT16 , BASE_HEX , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_event_extended_data_type ,
{ " Extended info type " , " netmon_event.extended_data.type " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_event_extended_data_linkage ,
{ " Additional extended data " , " netmon_event.extended_data.linkage " ,
FT_BOOLEAN , 16 , TFS ( & tfs_yes_no ) , 0x0001 , NULL , HFILL }
} ,
{ & hf_netmon_event_extended_data_reserved2 ,
{ " Reserved " , " netmon_event.extended_data.reserved2 " ,
FT_UINT16 , BASE_HEX , NULL , 0xFFFE , NULL , HFILL }
} ,
{ & hf_netmon_event_extended_data_size ,
{ " Extended data size " , " netmon_event.extended_data.size " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_event_extended_data ,
{ " Extended data " , " netmon_event.extended_data " ,
FT_BYTES , BASE_NONE | BASE_ALLOW_ZERO , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_event_user_data ,
{ " User data " , " netmon_event.user_data " ,
FT_BYTES , BASE_NONE | BASE_ALLOW_ZERO , NULL , 0x0 , NULL , HFILL }
} ,
} ;
static hf_register_info hf_filter [ ] = {
{ & hf_netmon_filter_version ,
{ " Version " , " netmon_filter.version " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_filter_type ,
{ " Filter type " , " netmon_filter.type " ,
FT_UINT32 , BASE_DEC | BASE_RANGE_STRING , RVALS ( filter_types ) , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_filter_app_major_version ,
{ " App Major Version " , " netmon_filter.app_major_version " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_filter_app_minor_version ,
{ " App Minor Version " , " netmon_filter.app_minor_version " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_filter_app_name ,
{ " Application Name " , " netmon_filter.app_name " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_filter_filter ,
{ " Filter " , " netmon_filter.filter " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
} ;
static hf_register_info hf_network_info [ ] = {
{ & hf_netmon_network_info_version ,
{ " Version " , " netmon_network_info.version " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_network_info_adapter_count ,
{ " Adapter count " , " netmon_network_info.adapter_count " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_network_info_computer_name ,
{ " Computer name " , " netmon_network_info.computer_name " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_network_info_friendly_name ,
{ " Friendly name " , " netmon_network_info.friendly_name " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_network_info_description ,
2017-08-31 16:45:46 +00:00
{ " Description " , " netmon_network_info.description " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_network_info_miniport_guid ,
{ " Miniport GUID " , " netmon_network_info.miniport_guid " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_network_info_media_type ,
{ " Media type " , " netmon_network_info.media_type " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_network_info_mtu ,
{ " MTU " , " netmon_network_info.mtu " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_network_info_link_speed ,
{ " Link speed " , " netmon_network_info.link_speed " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_network_info_mac_address ,
{ " MAC address " , " netmon_network_info.mac_address " ,
FT_ETHER , BASE_NONE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_network_info_ipv4_count ,
{ " IPv4 count " , " netmon_network_info.ipv4_count " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_network_info_ipv6_count ,
{ " IPv6 count " , " netmon_network_info.ipv6_count " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_network_info_gateway_count ,
{ " Gateway count " , " netmon_network_info.gateway_count " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_network_info_dhcp_server_count ,
{ " DHCP server count " , " netmon_network_info.dhcp_server_count " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_network_info_dns_ipv4_count ,
{ " DNS IPv4 count " , " netmon_network_info.dns_ipv4_count " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_network_info_dns_ipv6_count ,
{ " DNS IPv6 count " , " netmon_network_info.dns_ipv6_count " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_network_info_ipv4 ,
{ " IPv4 address " , " netmon_network_info.ipv4 " ,
FT_IPv4 , BASE_NONE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_network_info_subnet ,
{ " Subnet mask " , " netmon_network_info.subnet " ,
FT_IPv4 , BASE_NETMASK , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_network_info_ipv6 ,
{ " IPv6 address " , " netmon_network_info.ipv6 " ,
FT_IPv6 , BASE_NONE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_network_info_gateway ,
{ " Gateway address " , " netmon_network_info.gateway " ,
FT_IPv4 , BASE_NONE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_network_info_dhcp_server ,
{ " DHCP Server " , " netmon_network_info.dhcp_server " ,
FT_IPv4 , BASE_NONE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_network_info_dns_ipv4 ,
{ " DNS IPv4 address " , " netmon_network_info.dns_ipv4 " ,
FT_IPv4 , BASE_NONE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_network_info_dns_ipv6 ,
{ " DNS IPv6 address " , " netmon_network_info.dns_ipv6 " ,
FT_IPv6 , BASE_NONE , NULL , 0x0 , NULL , HFILL }
} ,
} ;
2017-09-05 00:36:00 +00:00
static hf_register_info hf_system_trace [ ] = {
{ & hf_netmon_system_trace_buffer_size ,
{ " Buffer size " , " netmon_system_trace.buffer_size " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_trace_version ,
{ " Version " , " netmon_system_trace.version " ,
FT_UINT32 , BASE_HEX_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_trace_provider_version ,
{ " Provider version " , " netmon_system_trace.provider_version " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_trace_num_processors ,
{ " Number of processors " , " netmon_system_trace.num_processors " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_trace_end_time ,
{ " End time " , " netmon_system_trace.end_time " ,
FT_ABSOLUTE_TIME , ABSOLUTE_TIME_LOCAL , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_trace_timer_resolution ,
{ " Timer resolution " , " netmon_system_trace.timer_resolution " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_trace_max_file_size ,
{ " Max file size " , " netmon_system_trace.max_file_size " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_trace_log_file_mode ,
{ " Log file mode " , " netmon_system_trace.log_file_mode " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_trace_buffers_written ,
{ " Buffers written " , " netmon_system_trace.buffers_written " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_trace_start_buffers ,
{ " Start buffers " , " netmon_system_trace.start_buffers " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_trace_pointers_size ,
{ " Pointers size " , " netmon_system_trace.pointers_size " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_trace_events_lost ,
{ " Events lost " , " netmon_system_trace.events_lost " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_trace_cpu_speed ,
{ " CPU speed " , " netmon_system_trace.cpu_speed " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_trace_logger_name ,
{ " Logger name " , " netmon_system_trace.logger_name " ,
FT_UINT64 , BASE_HEX , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_trace_log_file_name_ptr ,
{ " Log file name " , " netmon_system_trace.log_file_name_ptr " ,
FT_UINT64 , BASE_HEX , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_trace_time_zone_info ,
{ " Time zone info " , " netmon_system_trace.time_zone_info " ,
FT_BYTES , BASE_NONE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_trace_boot_time ,
{ " Boot time " , " netmon_system_trace.boot_time " ,
FT_ABSOLUTE_TIME , ABSOLUTE_TIME_LOCAL , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_trace_perf_freq ,
{ " Perf freq " , " netmon_system_trace.pref_freq " ,
FT_UINT64 , BASE_HEX , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_trace_start_time ,
{ " Start time " , " netmon_system_trace.start_time " ,
FT_ABSOLUTE_TIME , ABSOLUTE_TIME_LOCAL , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_trace_reserved_flags ,
{ " Reserved Flags " , " netmon_system_trace.reserved_flags " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_trace_buffers_lost ,
{ " Buffers lost " , " netmon_system_trace.buffers_lost " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_trace_session_name ,
{ " Session name " , " netmon_system_trace.session_name " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_trace_log_file_name ,
{ " Log file name " , " netmon_system_trace.log_file_name " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_trace_group_mask1 ,
{ " Group Mask1 " , " netmon_system_trace.group_mask1 " ,
FT_UINT32 , BASE_HEX , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_trace_group_mask2 ,
{ " Group Mask2 " , " netmon_system_trace.group_mask2 " ,
FT_UINT32 , BASE_HEX , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_trace_group_mask3 ,
{ " Group Mask3 " , " netmon_system_trace.group_mask3 " ,
FT_UINT32 , BASE_HEX , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_trace_group_mask4 ,
{ " Group Mask4 " , " netmon_system_trace.group_mask4 " ,
FT_UINT32 , BASE_HEX , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_trace_group_mask5 ,
{ " Group Mask5 " , " netmon_system_trace.group_mask5 " ,
FT_UINT32 , BASE_HEX , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_trace_group_mask6 ,
{ " Group Mask6 " , " netmon_system_trace.group_mask6 " ,
FT_UINT32 , BASE_HEX , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_trace_group_mask7 ,
{ " Group Mask7 " , " netmon_system_trace.group_mask7 " ,
FT_UINT32 , BASE_HEX , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_trace_group_mask8 ,
{ " Group Mask8 " , " netmon_system_trace.group_mask8 " ,
FT_UINT32 , BASE_HEX , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_trace_kernel_event_version ,
{ " Kernel event version " , " netmon_system_trace.kernel_event_version " ,
FT_UINT32 , BASE_HEX , NULL , 0x0 , NULL , HFILL }
} ,
} ;
2017-09-07 20:16:52 +00:00
static hf_register_info hf_system_config [ ] = {
{ & hf_netmon_system_config_mhz ,
{ " Mhz " , " netmon_system_config.mhz " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_num_processors ,
{ " Number of processors " , " netmon_system_config.num_processors " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_mem_size ,
{ " Memory size " , " netmon_system_config.mem_size " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_page_size ,
{ " Page size " , " netmon_system_config.page_size " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_allocation_granularity ,
{ " Allocation granularity " , " netmon_system_config.allocation_granularity " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_computer_name ,
{ " Computer name " , " netmon_system_config.computer_name " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_domain_name ,
{ " Domain name " , " netmon_system_config.domain_name " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_hyper_threading_flag ,
{ " Hyper threading flag " , " netmon_system_config.hyper_threading_flag " ,
FT_UINT64 , BASE_HEX , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_disk_number ,
{ " Disk number " , " netmon_system_config.disk_number " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_bytes_per_sector ,
{ " Bytes per sector " , " netmon_system_config.bytes_per_sector " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_sectors_per_track ,
{ " Sectors per track " , " netmon_system_config.sectors_per_track " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_tracks_per_cylinder ,
{ " Tracks per cylinder " , " netmon_system_config.tracks_per_cylinder " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_cylinders ,
{ " Cylinders " , " netmon_system_config.cylinders " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_scsi_port ,
{ " SCSI port " , " netmon_system_config.scsi_port " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_scsi_path ,
{ " SCSI path " , " netmon_system_config.scsi_path " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_scsi_target ,
{ " SCSI target " , " netmon_system_config.csi_target " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_scsi_lun ,
{ " SCSI lun " , " netmon_system_config.scsi_lun " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_manufacturer ,
{ " Manufacturer " , " netmon_system_config.manufacturer " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_partition_count ,
{ " Partition count " , " netmon_system_config.partition_count " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_write_cache_enabled ,
{ " Write cache enabled " , " netmon_system_config.write_cache_enabled " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_pad ,
{ " Pad " , " netmon_system_config.pad " ,
FT_BYTES , BASE_NONE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_boot_drive_letter ,
{ " Boot drive letter " , " netmon_system_config.boot_drive_letter " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_spare ,
{ " Spare " , " netmon_system_config.spare " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_start_offset ,
{ " Start offset " , " netmon_system_config.start_offset " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_partition_size ,
{ " Partition size " , " netmon_system_config.partition_size " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_size ,
{ " Size " , " netmon_system_config.size " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_drive_type ,
{ " Drive type " , " netmon_system_config.drive_type " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_drive_letter ,
{ " Drive letter " , " netmon_system_config.drive_letter " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_partition_number ,
{ " Partition number " , " netmon_system_config.partition_number " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_sectors_per_cluster ,
{ " Sectors per cluster " , " netmon_system_config.sectors_per_cluster " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_num_free_clusters ,
{ " Number of free clusters " , " netmon_system_config.num_free_clusters " ,
FT_INT64 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_total_num_clusters ,
{ " Total number of clusters " , " netmon_system_config.total_num_clusters " ,
FT_INT64 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_file_system ,
{ " File system " , " netmon_system_config.file_system " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_volume_ext ,
{ " Volume ext " , " netmon_system_config.volume_ext " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_physical_addr ,
{ " Physical address " , " netmon_system_config.physical_addr " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_physical_addr_len ,
{ " Physical address length " , " netmon_system_config.physical_addr_len " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_ipv4_index ,
{ " IPv4 index " , " netmon_system_config.ipv4_index " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_ipv6_index ,
{ " IPv6 index " , " netmon_system_config.ipv6_index " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_nic_description ,
{ " File system " , " netmon_system_config.file_system " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_ipaddresses ,
{ " IP addresses " , " netmon_system_config.ipaddresses " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_dns_server_addresses ,
{ " DNS server addresses " , " netmon_system_config.dns_server_addresses " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_memory_size ,
{ " Memory size " , " netmon_system_config.memory_size " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_x_resolution ,
{ " X resolution " , " netmon_system_config.x_resolution " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_y_resolution ,
{ " Y resolution " , " netmon_system_config.y_resolution " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_bits_per_pixel ,
{ " Bits per pixel " , " netmon_system_config.bits_per_pixel " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_vrefresh ,
{ " VRefresh " , " netmon_system_config.vrefresh " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_chip_type ,
{ " Chip type " , " netmon_system_config.chip_type " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_dac_type ,
{ " DAC type " , " netmon_system_config.dac_type " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_adapter_string ,
{ " Adapter string " , " netmon_system_config.adapter_string " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_bios_string ,
{ " BIOS string " , " netmon_system_config.bios_string " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_device_id ,
{ " Device ID " , " netmon_system_config.device_id " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_state_flags ,
{ " State flags " , " netmon_system_config.state_flags " ,
FT_UINT32 , BASE_HEX , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_process_id ,
{ " Process ID " , " netmon_system_config.process_id " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_service_state ,
{ " Service state " , " netmon_system_config.service_state " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_sub_process_tag ,
{ " Subprocess tag " , " netmon_system_config.sub_process_tag " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_service_name ,
{ " Service name " , " netmon_system_config.service_name " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_display_name ,
{ " Display name " , " netmon_system_config.display_name " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_process_name ,
{ " Process name " , " netmon_system_config.process_name " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_s1 ,
{ " S1 " , " netmon_system_config.s1 " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_s2 ,
{ " S2 " , " netmon_system_config.s2 " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_s3 ,
{ " S3 " , " netmon_system_config.s3 " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_s4 ,
{ " S4 " , " netmon_system_config.s4 " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_s5 ,
{ " S5 " , " netmon_system_config.s5 " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_tcb_table_partitions ,
2020-08-29 19:00:42 +00:00
{ " Tcb table partitions " , " netmon_system_config.tcb_table_partitions " ,
2017-09-07 20:16:52 +00:00
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_max_hash_table_size ,
{ " Max hash table size " , " netmon_system_config.max_hash_table_size " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_max_user_port ,
{ " Max user port " , " netmon_system_config.max_user_port " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_tcp_timed_wait_delay ,
{ " TCP timed wait delay " , " netmon_system_config.tcp_timed_wait_delay " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_irq_affinity ,
{ " IRQ affinity " , " netmon_system_config.irq_affinity " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_irq_num ,
{ " IRQ " , " netmon_system_config.irq_num " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_device_desc_len ,
{ " Device description length " , " netmon_system_config.device_desc_len " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_device_desc ,
{ " Device description " , " netmon_system_config.device_desc " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_friendly_name ,
{ " Friendly name " , " netmon_system_config.friendly_name " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_device_id_len ,
{ " Device ID length " , " netmon_system_config.device_id_len " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_friendly_name_len ,
{ " Friendly name length " , " netmon_system_config.friendly_name_len " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_target_id ,
{ " Target ID " , " netmon_system_config.target_id " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_device_type ,
{ " Device type " , " netmon_system_config.device_type " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_device_timing_mode ,
{ " Device timing mode " , " netmon_system_config.device_timing_mode " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_location_information_len ,
{ " Location information length " , " netmon_system_config.location_information_len " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_location_information ,
{ " Location information " , " netmon_system_config.location_information " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_system_manufacturer ,
{ " System manufacturer " , " netmon_system_config.system_manufacturer " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_system_product_name ,
{ " System product name " , " netmon_system_config.system_product_name " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_bios_date ,
{ " BIOS date " , " netmon_system_config.bios_date " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_bios_version ,
{ " BIOS version " , " netmon_system_config.bios_version " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_load_order_group ,
{ " Load order group " , " netmon_system_config.load_order_group " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_svc_host_group ,
{ " svchost group " , " netmon_system_config.svc_host_group " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_irq_group ,
{ " IRQ group " , " netmon_system_config.irq_group " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_pdo_name ,
{ " PDO name " , " netmon_system_config.pdo_name " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_nic_name ,
{ " NIC name " , " netmon_system_config.nic_name " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_index ,
{ " Index " , " netmon_system_config.index " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_physical_addr_str ,
{ " Physical address " , " netmon_system_config.physical_addr_str " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_ip_address ,
{ " IP address " , " netmon_system_config.ip_address " ,
FT_IPv4 , BASE_NONE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_subnet_mask ,
{ " Subnet mask " , " netmon_system_config.subnet_mask " ,
FT_IPv4 , BASE_NETMASK , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_dhcp_server ,
{ " DHCP server " , " netmon_system_config.dhcp_server " ,
FT_IPv4 , BASE_NONE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_gateway ,
{ " Gateway " , " netmon_system_config.gateway " ,
FT_IPv4 , BASE_NONE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_primary_wins_server ,
{ " Primary WINS server " , " netmon_system_config.primary_wins_server " ,
FT_IPv4 , BASE_NONE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_secondary_wins_server ,
{ " Secondary WINS server " , " netmon_system_config.secondary_wins_server " ,
FT_IPv4 , BASE_NONE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_dns_server1 ,
{ " DNS server1 " , " netmon_system_config.dns_server1 " ,
FT_IPv4 , BASE_NONE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_dns_server2 ,
{ " DNS server2 " , " netmon_system_config.dns_server2 " ,
FT_IPv4 , BASE_NONE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_dns_server3 ,
{ " DNS server3 " , " netmon_system_config.dns_server3 " ,
FT_IPv4 , BASE_NONE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_dns_server4 ,
{ " DNS server4 " , " netmon_system_config.dns_server4 " ,
FT_IPv4 , BASE_NONE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_system_config_data ,
{ " Data " , " netmon_system_config.data " ,
FT_UINT32 , BASE_HEX , NULL , 0x0 , NULL , HFILL }
} ,
} ;
static hf_register_info hf_process [ ] = {
{ & hf_netmon_process_unique_process_key ,
{ " Unique process key " , " netmon_process.unique_process_key " ,
FT_UINT64 , BASE_HEX , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_process_process_id ,
{ " Process ID " , " netmon_process.process_id " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_process_parent_id ,
{ " Parent ID " , " netmon_process.parent_id " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_process_session_id ,
{ " Session ID " , " netmon_process.session_id " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_process_exit_status ,
{ " Exit status " , " netmon_process.exit_status " ,
FT_INT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_process_directory_table_base ,
{ " Directory table base " , " netmon_process.directory_table_base " ,
FT_UINT64 , BASE_HEX , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_process_unknown ,
{ " Unknown " , " netmon_process.unknown " ,
FT_BYTES , BASE_NONE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_process_user_sid_revision ,
{ " User SID Revision " , " netmon_process.user_sid.revision " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_process_user_sid_subauth_count ,
{ " User SID Subauth count " , " netmon_process.user_sid.subauth_count " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_process_user_sid_id ,
{ " User SID Identifier Authority " , " netmon_process.user_sid.id " ,
FT_BYTES , BASE_NONE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_process_user_sid_authority ,
{ " User SID Authority " , " netmon_process.user_sid.authority " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_process_image_file_name ,
{ " Image file name " , " netmon_process.image_file_name " ,
FT_STRING , STR_ASCII , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_process_command_line ,
{ " Commandline " , " netmon_process.command_line " ,
FT_STRING , STR_UNICODE , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_process_page_directory_base ,
{ " Page directory base " , " netmon_process.page_directory_base " ,
FT_UINT64 , BASE_HEX , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_process_page_fault_count ,
{ " Page fault count " , " netmon_process.page_fault_count " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_process_handle_count ,
{ " Handle count " , " netmon_process.handle_count " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_process_reserved ,
{ " Reserved " , " netmon_process.reserved " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_process_peak_virtual_size ,
{ " Peak virtual size " , " netmon_process.peak_virtual_size " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_process_peak_working_set_size ,
{ " Peak working set size " , " netmon_process.peak_working_set_size " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_process_peak_page_file_usage ,
{ " Peak page file usage " , " netmon_process.peak_page_file_usage " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_process_quota_peak_paged_pool_usage ,
{ " Quota peak paged pool usage " , " netmon_process.quota_peak_paged_pool_usage " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_process_quota_peak_non_paged_pool_usage ,
{ " Quota peak non-paged pool usage " , " netmon_process.quota_peak_non_paged_pool_usage " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_process_virtual_size ,
{ " Virtual size " , " netmon_process.virtual_size " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_process_workingset_size ,
{ " Working set size " , " netmon_process.workingset_size " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_process_pagefile_usage ,
{ " Pagefile usage " , " netmon_process.pagefile_usage " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_process_quota_paged_pool_usage ,
{ " Quota paged pool usage " , " netmon_process.quota_paged_pool_usage " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_process_quota_non_paged_pool_usage ,
{ " Quota nonpaged pool usage " , " netmon_process.quota_non_paged_pool_usage " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_process_private_page_count ,
{ " Private page count " , " netmon_process.private_page_count " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
{ & hf_netmon_process_directory_table_base32 ,
{ " Directory table base " , " netmon_process.directory_table_base32 " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 , NULL , HFILL }
} ,
} ;
2017-08-29 01:40:31 +00:00
static gint * ett [ ] = {
2017-08-25 19:29:17 +00:00
& ett_netmon_header ,
2017-08-29 01:40:31 +00:00
& ett_netmon_event ,
& ett_netmon_event_desc ,
& ett_netmon_event_flags ,
& ett_netmon_event_property ,
2017-08-31 16:45:46 +00:00
& ett_netmon_event_extended_data ,
& ett_netmon_filter ,
& ett_netmon_network_info ,
& ett_netmon_network_info_list ,
2017-09-05 00:36:00 +00:00
& ett_netmon_network_info_adapter ,
& ett_netmon_system_trace ,
2017-09-05 21:04:33 +00:00
& ett_netmon_event_buffer_context ,
2017-09-07 20:16:52 +00:00
& ett_netmon_process ,
& ett_netmon_sid ,
& ett_netmon_system_config ,
2017-08-29 01:40:31 +00:00
} ;
2017-09-07 20:16:52 +00:00
static ei_register_info ei_process [ ] = {
{ & ei_netmon_process_user_sid , { " netmon_process.process_user_sid.invalid " , PI_MALFORMED , PI_WARN , " Invalid SID " , EXPFILL } } ,
} ;
expert_module_t * expert_process ;
2017-08-25 19:29:17 +00:00
proto_netmon_header = proto_register_protocol ( " Network Monitor Header " , " NetMon Header " , " netmon_header " ) ;
2017-08-29 01:40:31 +00:00
proto_netmon_event = proto_register_protocol ( " Network Monitor Event " , " NetMon Event " , " netmon_event " ) ;
2017-08-31 16:45:46 +00:00
proto_netmon_filter = proto_register_protocol ( " Network Monitor Filter " , " NetMon Filter " , " netmon_filter " ) ;
proto_netmon_network_info = proto_register_protocol ( " Network Monitor Network Info " , " NetMon Network Info " , " netmon_network_info " ) ;
2017-09-05 00:36:00 +00:00
proto_netmon_system_trace = proto_register_protocol ( " Network Monitor System Trace " , " NetMon System Trace " , " netmon_system_trace " ) ;
2017-09-07 20:16:52 +00:00
proto_netmon_system_config = proto_register_protocol ( " Network Monitor System Config " , " NetMon System Config " , " netmon_system_config " ) ;
proto_netmon_process = proto_register_protocol ( " Network Monitor Process " , " NetMon Process " , " netmon_process " ) ;
2017-08-25 19:29:17 +00:00
2017-09-03 14:36:40 +00:00
provider_id_table = register_dissector_table ( " netmon.provider_id " , " NetMon Provider IDs " , proto_netmon_event , FT_GUID , BASE_HEX ) ;
2017-08-25 19:29:17 +00:00
proto_register_field_array ( proto_netmon_header , hf_header , array_length ( hf_header ) ) ;
proto_register_field_array ( proto_netmon_event , hf_event , array_length ( hf_event ) ) ;
2017-08-31 16:45:46 +00:00
proto_register_field_array ( proto_netmon_filter , hf_filter , array_length ( hf_filter ) ) ;
proto_register_field_array ( proto_netmon_network_info , hf_network_info , array_length ( hf_network_info ) ) ;
2017-09-05 00:36:00 +00:00
proto_register_field_array ( proto_netmon_system_trace , hf_system_trace , array_length ( hf_system_trace ) ) ;
2017-09-07 20:16:52 +00:00
proto_register_field_array ( proto_netmon_system_config , hf_system_config , array_length ( hf_system_config ) ) ;
proto_register_field_array ( proto_netmon_process , hf_process , array_length ( hf_process ) ) ;
2017-08-29 01:40:31 +00:00
proto_register_subtree_array ( ett , array_length ( ett ) ) ;
2017-09-07 20:16:52 +00:00
expert_process = expert_register_protocol ( proto_netmon_process ) ;
expert_register_field_array ( expert_process , ei_process , array_length ( ei_process ) ) ;
2017-08-29 01:40:31 +00:00
}
void proto_reg_handoff_netmon ( void )
{
2017-08-31 16:45:46 +00:00
dissector_handle_t netmon_event_handle , netmon_filter_handle ,
2017-09-05 00:36:00 +00:00
netmon_network_info_handle , netmon_header_handle ,
2017-09-07 20:16:52 +00:00
system_trace_handle , system_config_handle , process_handle ;
2017-09-05 00:36:00 +00:00
static guid_key system_trace_guid = { { 0x68fdd900 , 0x4a3e , 0x11d1 , { 0x84 , 0xf4 , 0x00 , 0x00 , 0xf8 , 0x04 , 0x64 , 0xe3 } } , 0 } ;
2017-09-07 20:16:52 +00:00
static guid_key system_config_guid = { { 0x01853a65 , 0x418f , 0x4f36 , { 0xae , 0xfc , 0xdc , 0x0f , 0x1d , 0x2f , 0xd2 , 0x35 } } , 0 } ;
static guid_key process_guid = { { 0x3d6fa8d0 , 0xfe05 , 0x11d0 , { 0x9d , 0xda , 0x00 , 0xc0 , 0x4f , 0xd7 , 0xba , 0x7c } } , 0 } ;
2017-08-25 19:29:17 +00:00
netmon_event_handle = create_dissector_handle ( dissect_netmon_event , proto_netmon_event ) ;
2017-08-31 16:45:46 +00:00
netmon_filter_handle = create_dissector_handle ( dissect_netmon_filter , proto_netmon_filter ) ;
netmon_network_info_handle = create_dissector_handle ( dissect_netmon_network_info , proto_netmon_network_info ) ;
2017-08-25 19:29:17 +00:00
netmon_header_handle = create_dissector_handle ( dissect_netmon_header , proto_netmon_header ) ;
2017-09-05 00:36:00 +00:00
system_trace_handle = create_dissector_handle ( dissect_netmon_system_trace , proto_netmon_system_trace ) ;
2017-09-07 20:16:52 +00:00
system_config_handle = create_dissector_handle ( dissect_netmon_system_config , proto_netmon_system_config ) ;
process_handle = create_dissector_handle ( dissect_netmon_process , proto_netmon_process ) ;
2017-08-29 01:40:31 +00:00
2017-08-25 19:29:17 +00:00
dissector_add_uint ( " wtap_encap " , WTAP_ENCAP_NETMON_NET_NETEVENT , netmon_event_handle ) ;
2017-08-31 16:45:46 +00:00
dissector_add_uint ( " wtap_encap " , WTAP_ENCAP_NETMON_NET_FILTER , netmon_filter_handle ) ;
dissector_add_uint ( " wtap_encap " , WTAP_ENCAP_NETMON_NETWORK_INFO_EX , netmon_network_info_handle ) ;
2017-08-25 19:29:17 +00:00
dissector_add_uint ( " wtap_encap " , WTAP_ENCAP_NETMON_HEADER , netmon_header_handle ) ;
2017-08-29 01:40:31 +00:00
2017-09-05 00:36:00 +00:00
dissector_add_guid ( " netmon.provider_id " , & system_trace_guid , system_trace_handle ) ;
2017-09-07 20:16:52 +00:00
dissector_add_guid ( " netmon.provider_id " , & system_config_guid , system_config_handle ) ;
dissector_add_guid ( " netmon.provider_id " , & process_guid , process_handle ) ;
2017-09-05 00:36:00 +00:00
2017-08-25 19:29:17 +00:00
wtap_encap_table = find_dissector_table ( " wtap_encap " ) ;
2017-08-29 01:40:31 +00:00
}
/*
2019-07-26 18:43:17 +00:00
* Editor modelines - https : //www.wireshark.org/tools/modelines.html
2017-08-29 01:40:31 +00:00
*
* Local variables :
* c - basic - offset : 8
* tab - width : 8
* indent - tabs - mode : t
* End :
*
* vi : set shiftwidth = 8 tabstop = 8 noexpandtab :
* : indentSize = 8 : tabSize = 8 : noTabs = false :
*/