forked from osmocom/wireshark
update EFS and EVENTLOG conformance files to use the new defines
for when policy handles are opened/closed and regenerate the dissector with the latest version of PIDL svn path=/trunk/; revision=20917
This commit is contained in:
Ronnie Sahlberg
parent
7a615b9729
commit
87f05b8bda
|
|
@ -137,10 +137,11 @@ efs_dissect_struct_dom_sid(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_
|
|||
return offset;
|
||||
}
|
||||
|
||||
/* IDL: typedef struct { */
|
||||
|
||||
/* IDL: struct { */
|
||||
/* IDL: uint32 cbData; */
|
||||
/* IDL: [size_is(cbData)] [unique(1)] uint8 *pbData; */
|
||||
/* IDL: } EFS_HASH_BLOB; */
|
||||
/* IDL: } */
|
||||
|
||||
static int
|
||||
efs_dissect_element_EFS_HASH_BLOB_cbData(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
||||
|
|
@ -200,12 +201,13 @@ efs_dissect_struct_EFS_HASH_BLOB(tvbuff_t *tvb, int offset, packet_info *pinfo,
|
|||
return offset;
|
||||
}
|
||||
|
||||
/* IDL: typedef struct { */
|
||||
|
||||
/* IDL: struct { */
|
||||
/* IDL: uint32 cbTotalLength; */
|
||||
/* IDL: [unique(1)] dom_sid *pUserSid; */
|
||||
/* IDL: [unique(1)] EFS_HASH_BLOB *pHash; */
|
||||
/* IDL: [charset(UTF16)] [unique(1)] uint16 *lpDisplayInformation; */
|
||||
/* IDL: } ENCRYPTION_CERTIFICATE_HASH; */
|
||||
/* IDL: } */
|
||||
|
||||
static int
|
||||
efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_cbTotalLength(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
||||
|
|
@ -296,10 +298,11 @@ efs_dissect_struct_ENCRYPTION_CERTIFICATE_HASH(tvbuff_t *tvb, int offset, packet
|
|||
return offset;
|
||||
}
|
||||
|
||||
/* IDL: typedef struct { */
|
||||
|
||||
/* IDL: struct { */
|
||||
/* IDL: uint32 nCert_Hash; */
|
||||
/* IDL: [size_is(nCert_Hash)] [unique(1)] ENCRYPTION_CERTIFICATE_HASH *pUsers[*]; */
|
||||
/* IDL: } ENCRYPTION_CERTIFICATE_HASH_LIST; */
|
||||
/* IDL: } */
|
||||
|
||||
static int
|
||||
efs_dissect_element_ENCRYPTION_CERTIFICATE_HASH_LIST_nCert_Hash(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
||||
|
|
@ -359,11 +362,12 @@ efs_dissect_struct_ENCRYPTION_CERTIFICATE_HASH_LIST(tvbuff_t *tvb, int offset, p
|
|||
return offset;
|
||||
}
|
||||
|
||||
/* IDL: typedef struct { */
|
||||
|
||||
/* IDL: struct { */
|
||||
/* IDL: uint32 dwCertEncodingType; */
|
||||
/* IDL: uint32 cbData; */
|
||||
/* IDL: [size_is(cbData)] [unique(1)] uint8 *pbData; */
|
||||
/* IDL: } EFS_CERTIFICATE_BLOB; */
|
||||
/* IDL: } */
|
||||
|
||||
static int
|
||||
efs_dissect_element_EFS_CERTIFICATE_BLOB_dwCertEncodingType(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
||||
|
|
@ -433,11 +437,12 @@ efs_dissect_struct_EFS_CERTIFICATE_BLOB(tvbuff_t *tvb, int offset, packet_info *
|
|||
return offset;
|
||||
}
|
||||
|
||||
/* IDL: typedef struct { */
|
||||
|
||||
/* IDL: struct { */
|
||||
/* IDL: uint32 TotalLength; */
|
||||
/* IDL: [unique(1)] dom_sid *pUserSid; */
|
||||
/* IDL: [unique(1)] EFS_CERTIFICATE_BLOB *pCertBlob; */
|
||||
/* IDL: } ENCRYPTION_CERTIFICATE; */
|
||||
/* IDL: } */
|
||||
|
||||
static int
|
||||
efs_dissect_element_ENCRYPTION_CERTIFICATE_TotalLength(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
||||
|
|
@ -518,7 +523,7 @@ efs_dissect_element_EfsRpcOpenFileRaw_pvContext(tvbuff_t *tvb, int offset, packe
|
|||
static int
|
||||
efs_dissect_element_EfsRpcOpenFileRaw_pvContext_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
||||
{
|
||||
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_efs_EfsRpcOpenFileRaw_pvContext, NULL, NULL, 0x0001&0x01, 0x0001&0x02);
|
||||
offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_efs_EfsRpcOpenFileRaw_pvContext, PIDL_POLHND_OPEN);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
|
@ -549,10 +554,11 @@ efs_dissect_element_EfsRpcOpenFileRaw_Flags(tvbuff_t *tvb, int offset, packet_in
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
efs_dissect_EfsRpcOpenFileRaw_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
efs_dissect_EfsRpcOpenFileRaw_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="EfsRpcOpenFileRaw";
|
||||
offset = efs_dissect_element_EfsRpcOpenFileRaw_pvContext(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
|
||||
|
|
@ -565,8 +571,9 @@ efs_dissect_EfsRpcOpenFileRaw_response(tvbuff_t *tvb _U_, int offset _U_, packet
|
|||
}
|
||||
|
||||
static int
|
||||
efs_dissect_EfsRpcOpenFileRaw_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
efs_dissect_EfsRpcOpenFileRaw_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="EfsRpcOpenFileRaw";
|
||||
offset = efs_dissect_element_EfsRpcOpenFileRaw_FileName(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
offset = efs_dissect_element_EfsRpcOpenFileRaw_Flags(tvb, offset, pinfo, tree, drep);
|
||||
|
|
@ -585,7 +592,7 @@ efs_dissect_element_EfsRpcReadFileRaw_pvContext(tvbuff_t *tvb, int offset, packe
|
|||
static int
|
||||
efs_dissect_element_EfsRpcReadFileRaw_pvContext_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
||||
{
|
||||
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_efs_EfsRpcReadFileRaw_pvContext, NULL, NULL, 0&0x01, 0&0x02);
|
||||
offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_efs_EfsRpcReadFileRaw_pvContext, 0);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
|
@ -595,10 +602,11 @@ efs_dissect_element_EfsRpcReadFileRaw_pvContext_(tvbuff_t *tvb, int offset, pack
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
efs_dissect_EfsRpcReadFileRaw_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
efs_dissect_EfsRpcReadFileRaw_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="EfsRpcReadFileRaw";
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_efs_werror, &status);
|
||||
|
||||
if (status != 0 && check_col(pinfo->cinfo, COL_INFO))
|
||||
|
|
@ -608,8 +616,9 @@ efs_dissect_EfsRpcReadFileRaw_response(tvbuff_t *tvb _U_, int offset _U_, packet
|
|||
}
|
||||
|
||||
static int
|
||||
efs_dissect_EfsRpcReadFileRaw_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
efs_dissect_EfsRpcReadFileRaw_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="EfsRpcReadFileRaw";
|
||||
offset = efs_dissect_element_EfsRpcReadFileRaw_pvContext(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
return offset;
|
||||
|
|
@ -626,7 +635,7 @@ efs_dissect_element_EfsRpcWriteFileRaw_pvContext(tvbuff_t *tvb, int offset, pack
|
|||
static int
|
||||
efs_dissect_element_EfsRpcWriteFileRaw_pvContext_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
||||
{
|
||||
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_efs_EfsRpcWriteFileRaw_pvContext, NULL, NULL, 0&0x01, 0&0x02);
|
||||
offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_efs_EfsRpcWriteFileRaw_pvContext, 0);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
|
@ -636,10 +645,11 @@ efs_dissect_element_EfsRpcWriteFileRaw_pvContext_(tvbuff_t *tvb, int offset, pac
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
efs_dissect_EfsRpcWriteFileRaw_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
efs_dissect_EfsRpcWriteFileRaw_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="EfsRpcWriteFileRaw";
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_efs_werror, &status);
|
||||
|
||||
if (status != 0 && check_col(pinfo->cinfo, COL_INFO))
|
||||
|
|
@ -649,8 +659,9 @@ efs_dissect_EfsRpcWriteFileRaw_response(tvbuff_t *tvb _U_, int offset _U_, packe
|
|||
}
|
||||
|
||||
static int
|
||||
efs_dissect_EfsRpcWriteFileRaw_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
efs_dissect_EfsRpcWriteFileRaw_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="EfsRpcWriteFileRaw";
|
||||
offset = efs_dissect_element_EfsRpcWriteFileRaw_pvContext(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
return offset;
|
||||
|
|
@ -667,7 +678,7 @@ efs_dissect_element_EfsRpcCloseRaw_pvContext(tvbuff_t *tvb, int offset, packet_i
|
|||
static int
|
||||
efs_dissect_element_EfsRpcCloseRaw_pvContext_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
||||
{
|
||||
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_efs_EfsRpcCloseRaw_pvContext, NULL, NULL, 0x0002&0x01, 0x0002&0x02);
|
||||
offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_efs_EfsRpcCloseRaw_pvContext, PIDL_POLHND_CLOSE);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
|
@ -677,8 +688,9 @@ efs_dissect_element_EfsRpcCloseRaw_pvContext_(tvbuff_t *tvb, int offset, packet_
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
efs_dissect_EfsRpcCloseRaw_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
efs_dissect_EfsRpcCloseRaw_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="EfsRpcCloseRaw";
|
||||
offset = efs_dissect_element_EfsRpcCloseRaw_pvContext(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
|
||||
|
|
@ -686,8 +698,9 @@ efs_dissect_EfsRpcCloseRaw_response(tvbuff_t *tvb _U_, int offset _U_, packet_in
|
|||
}
|
||||
|
||||
static int
|
||||
efs_dissect_EfsRpcCloseRaw_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
efs_dissect_EfsRpcCloseRaw_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="EfsRpcCloseRaw";
|
||||
offset = efs_dissect_element_EfsRpcCloseRaw_pvContext(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
return offset;
|
||||
|
|
@ -709,10 +722,11 @@ efs_dissect_element_EfsRpcEncryptFileSrv_Filename(tvbuff_t *tvb, int offset, pac
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
efs_dissect_EfsRpcEncryptFileSrv_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
efs_dissect_EfsRpcEncryptFileSrv_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="EfsRpcEncryptFileSrv";
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_efs_werror, &status);
|
||||
|
||||
if (status != 0 && check_col(pinfo->cinfo, COL_INFO))
|
||||
|
|
@ -722,8 +736,9 @@ efs_dissect_EfsRpcEncryptFileSrv_response(tvbuff_t *tvb _U_, int offset _U_, pac
|
|||
}
|
||||
|
||||
static int
|
||||
efs_dissect_EfsRpcEncryptFileSrv_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
efs_dissect_EfsRpcEncryptFileSrv_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="EfsRpcEncryptFileSrv";
|
||||
offset = efs_dissect_element_EfsRpcEncryptFileSrv_Filename(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
return offset;
|
||||
|
|
@ -754,10 +769,11 @@ efs_dissect_element_EfsRpcDecryptFileSrv_Reserved(tvbuff_t *tvb, int offset, pac
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
efs_dissect_EfsRpcDecryptFileSrv_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
efs_dissect_EfsRpcDecryptFileSrv_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="EfsRpcDecryptFileSrv";
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_efs_werror, &status);
|
||||
|
||||
if (status != 0 && check_col(pinfo->cinfo, COL_INFO))
|
||||
|
|
@ -767,8 +783,9 @@ efs_dissect_EfsRpcDecryptFileSrv_response(tvbuff_t *tvb _U_, int offset _U_, pac
|
|||
}
|
||||
|
||||
static int
|
||||
efs_dissect_EfsRpcDecryptFileSrv_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
efs_dissect_EfsRpcDecryptFileSrv_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="EfsRpcDecryptFileSrv";
|
||||
offset = efs_dissect_element_EfsRpcDecryptFileSrv_FileName(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
offset = efs_dissect_element_EfsRpcDecryptFileSrv_Reserved(tvb, offset, pinfo, tree, drep);
|
||||
|
|
@ -817,10 +834,11 @@ efs_dissect_element_EfsRpcQueryUsersOnFile_pUsers__(tvbuff_t *tvb, int offset, p
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
efs_dissect_EfsRpcQueryUsersOnFile_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
efs_dissect_EfsRpcQueryUsersOnFile_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="EfsRpcQueryUsersOnFile";
|
||||
offset = efs_dissect_element_EfsRpcQueryUsersOnFile_pUsers(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
|
||||
|
|
@ -833,8 +851,9 @@ efs_dissect_EfsRpcQueryUsersOnFile_response(tvbuff_t *tvb _U_, int offset _U_, p
|
|||
}
|
||||
|
||||
static int
|
||||
efs_dissect_EfsRpcQueryUsersOnFile_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
efs_dissect_EfsRpcQueryUsersOnFile_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="EfsRpcQueryUsersOnFile";
|
||||
offset = efs_dissect_element_EfsRpcQueryUsersOnFile_FileName(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
return offset;
|
||||
|
|
@ -881,10 +900,11 @@ efs_dissect_element_EfsRpcQueryRecoveryAgents_pRecoveryAgents__(tvbuff_t *tvb, i
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
efs_dissect_EfsRpcQueryRecoveryAgents_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
efs_dissect_EfsRpcQueryRecoveryAgents_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="EfsRpcQueryRecoveryAgents";
|
||||
offset = efs_dissect_element_EfsRpcQueryRecoveryAgents_pRecoveryAgents(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
|
||||
|
|
@ -897,8 +917,9 @@ efs_dissect_EfsRpcQueryRecoveryAgents_response(tvbuff_t *tvb _U_, int offset _U_
|
|||
}
|
||||
|
||||
static int
|
||||
efs_dissect_EfsRpcQueryRecoveryAgents_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
efs_dissect_EfsRpcQueryRecoveryAgents_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="EfsRpcQueryRecoveryAgents";
|
||||
offset = efs_dissect_element_EfsRpcQueryRecoveryAgents_FileName(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
return offset;
|
||||
|
|
@ -920,10 +941,11 @@ efs_dissect_element_EfsRpcRemoveUsersFromFile_FileName(tvbuff_t *tvb, int offset
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
efs_dissect_EfsRpcRemoveUsersFromFile_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
efs_dissect_EfsRpcRemoveUsersFromFile_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="EfsRpcRemoveUsersFromFile";
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_efs_werror, &status);
|
||||
|
||||
if (status != 0 && check_col(pinfo->cinfo, COL_INFO))
|
||||
|
|
@ -933,8 +955,9 @@ efs_dissect_EfsRpcRemoveUsersFromFile_response(tvbuff_t *tvb _U_, int offset _U_
|
|||
}
|
||||
|
||||
static int
|
||||
efs_dissect_EfsRpcRemoveUsersFromFile_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
efs_dissect_EfsRpcRemoveUsersFromFile_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="EfsRpcRemoveUsersFromFile";
|
||||
offset = efs_dissect_element_EfsRpcRemoveUsersFromFile_FileName(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
return offset;
|
||||
|
|
@ -956,10 +979,11 @@ efs_dissect_element_EfsRpcAddUsersToFile_FileName(tvbuff_t *tvb, int offset, pac
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
efs_dissect_EfsRpcAddUsersToFile_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
efs_dissect_EfsRpcAddUsersToFile_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="EfsRpcAddUsersToFile";
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_efs_werror, &status);
|
||||
|
||||
if (status != 0 && check_col(pinfo->cinfo, COL_INFO))
|
||||
|
|
@ -969,8 +993,9 @@ efs_dissect_EfsRpcAddUsersToFile_response(tvbuff_t *tvb _U_, int offset _U_, pac
|
|||
}
|
||||
|
||||
static int
|
||||
efs_dissect_EfsRpcAddUsersToFile_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
efs_dissect_EfsRpcAddUsersToFile_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="EfsRpcAddUsersToFile";
|
||||
offset = efs_dissect_element_EfsRpcAddUsersToFile_FileName(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
return offset;
|
||||
|
|
@ -997,10 +1022,11 @@ efs_dissect_element_EfsRpcSetFileEncryptionKey_pEncryptionCertificate_(tvbuff_t
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
efs_dissect_EfsRpcSetFileEncryptionKey_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
efs_dissect_EfsRpcSetFileEncryptionKey_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="EfsRpcSetFileEncryptionKey";
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_efs_werror, &status);
|
||||
|
||||
if (status != 0 && check_col(pinfo->cinfo, COL_INFO))
|
||||
|
|
@ -1010,8 +1036,9 @@ efs_dissect_EfsRpcSetFileEncryptionKey_response(tvbuff_t *tvb _U_, int offset _U
|
|||
}
|
||||
|
||||
static int
|
||||
efs_dissect_EfsRpcSetFileEncryptionKey_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
efs_dissect_EfsRpcSetFileEncryptionKey_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="EfsRpcSetFileEncryptionKey";
|
||||
offset = efs_dissect_element_EfsRpcSetFileEncryptionKey_pEncryptionCertificate(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
return offset;
|
||||
|
|
@ -1022,10 +1049,11 @@ efs_dissect_EfsRpcSetFileEncryptionKey_request(tvbuff_t *tvb _U_, int offset _U_
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
efs_dissect_EfsRpcNotSupported_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
efs_dissect_EfsRpcNotSupported_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="EfsRpcNotSupported";
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_efs_werror, &status);
|
||||
|
||||
if (status != 0 && check_col(pinfo->cinfo, COL_INFO))
|
||||
|
|
@ -1035,8 +1063,9 @@ efs_dissect_EfsRpcNotSupported_response(tvbuff_t *tvb _U_, int offset _U_, packe
|
|||
}
|
||||
|
||||
static int
|
||||
efs_dissect_EfsRpcNotSupported_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
efs_dissect_EfsRpcNotSupported_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="EfsRpcNotSupported";
|
||||
return offset;
|
||||
}
|
||||
|
||||
|
|
@ -1045,10 +1074,11 @@ efs_dissect_EfsRpcNotSupported_request(tvbuff_t *tvb _U_, int offset _U_, packet
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
efs_dissect_EfsRpcFileKeyInfo_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
efs_dissect_EfsRpcFileKeyInfo_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="EfsRpcFileKeyInfo";
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_efs_werror, &status);
|
||||
|
||||
if (status != 0 && check_col(pinfo->cinfo, COL_INFO))
|
||||
|
|
@ -1058,8 +1088,9 @@ efs_dissect_EfsRpcFileKeyInfo_response(tvbuff_t *tvb _U_, int offset _U_, packet
|
|||
}
|
||||
|
||||
static int
|
||||
efs_dissect_EfsRpcFileKeyInfo_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
efs_dissect_EfsRpcFileKeyInfo_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="EfsRpcFileKeyInfo";
|
||||
return offset;
|
||||
}
|
||||
|
||||
|
|
@ -1068,10 +1099,11 @@ efs_dissect_EfsRpcFileKeyInfo_request(tvbuff_t *tvb _U_, int offset _U_, packet_
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
efs_dissect_EfsRpcDuplicateEncryptionInfoFile_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
efs_dissect_EfsRpcDuplicateEncryptionInfoFile_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="EfsRpcDuplicateEncryptionInfoFile";
|
||||
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_efs_werror, &status);
|
||||
|
||||
if (status != 0 && check_col(pinfo->cinfo, COL_INFO))
|
||||
|
|
@ -1081,8 +1113,9 @@ efs_dissect_EfsRpcDuplicateEncryptionInfoFile_response(tvbuff_t *tvb _U_, int of
|
|||
}
|
||||
|
||||
static int
|
||||
efs_dissect_EfsRpcDuplicateEncryptionInfoFile_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
efs_dissect_EfsRpcDuplicateEncryptionInfoFile_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="EfsRpcDuplicateEncryptionInfoFile";
|
||||
return offset;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -387,12 +387,13 @@ eventlog_dissect_element_Record_strings(tvbuff_t *tvb, int offset, packet_info *
|
|||
return offset;
|
||||
}
|
||||
|
||||
/* IDL: typedef bitmap { */
|
||||
|
||||
/* IDL: bitmap { */
|
||||
/* IDL: EVENTLOG_SEQUENTIAL_READ = 0x0001 , */
|
||||
/* IDL: EVENTLOG_SEEK_READ = 0x0002 , */
|
||||
/* IDL: EVENTLOG_FORWARDS_READ = 0x0004 , */
|
||||
/* IDL: EVENTLOG_BACKWARDS_READ = 0x0008 , */
|
||||
/* IDL: } eventlogReadFlags; */
|
||||
/* IDL: } */
|
||||
|
||||
int
|
||||
eventlog_dissect_bitmap_eventlogReadFlags(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_)
|
||||
|
|
@ -453,14 +454,15 @@ eventlog_dissect_bitmap_eventlogReadFlags(tvbuff_t *tvb, int offset, packet_info
|
|||
return offset;
|
||||
}
|
||||
|
||||
/* IDL: typedef bitmap { */
|
||||
|
||||
/* IDL: bitmap { */
|
||||
/* IDL: EVENTLOG_SUCCESS = 0x0000 , */
|
||||
/* IDL: EVENTLOG_ERROR_TYPE = 0x0001 , */
|
||||
/* IDL: EVENTLOG_WARNING_TYPE = 0x0002 , */
|
||||
/* IDL: EVENTLOG_INFORMATION_TYPE = 0x0004 , */
|
||||
/* IDL: EVENTLOG_AUDIT_SUCCESS = 0x0008 , */
|
||||
/* IDL: EVENTLOG_AUDIT_FAILURE = 0x0010 , */
|
||||
/* IDL: } eventlogEventTypes; */
|
||||
/* IDL: } */
|
||||
|
||||
int
|
||||
eventlog_dissect_bitmap_eventlogEventTypes(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_)
|
||||
|
|
@ -537,10 +539,11 @@ eventlog_dissect_bitmap_eventlogEventTypes(tvbuff_t *tvb, int offset, packet_inf
|
|||
return offset;
|
||||
}
|
||||
|
||||
/* IDL: typedef struct { */
|
||||
|
||||
/* IDL: struct { */
|
||||
/* IDL: uint16 unknown0; */
|
||||
/* IDL: uint16 unknown1; */
|
||||
/* IDL: } eventlog_OpenUnknown0; */
|
||||
/* IDL: } */
|
||||
|
||||
static int
|
||||
eventlog_dissect_element_OpenUnknown0_unknown0(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
||||
|
|
@ -584,7 +587,8 @@ eventlog_dissect_struct_OpenUnknown0(tvbuff_t *tvb, int offset, packet_info *pin
|
|||
return offset;
|
||||
}
|
||||
|
||||
/* IDL: typedef struct { */
|
||||
|
||||
/* IDL: struct { */
|
||||
/* IDL: uint32 size; */
|
||||
/* IDL: uint32 reserved; */
|
||||
/* IDL: uint32 record_number; */
|
||||
|
|
@ -605,7 +609,7 @@ eventlog_dissect_struct_OpenUnknown0(tvbuff_t *tvb, int offset, packet_info *pin
|
|||
/* IDL: [flag(LIBNDR_FLAG_STR_NULLTERM)] string computer_name; */
|
||||
/* IDL: [flag(LIBNDR_FLAG_STR_NULLTERM)] string strings[num_of_strings]; */
|
||||
/* IDL: [flag(LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM)] string raw_data; */
|
||||
/* IDL: } eventlog_Record; */
|
||||
/* IDL: } */
|
||||
|
||||
static int
|
||||
eventlog_dissect_element_Record_size(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
||||
|
|
@ -779,10 +783,11 @@ eventlog_dissect_struct_Record(tvbuff_t *tvb, int offset, packet_info *pinfo, pr
|
|||
return offset;
|
||||
}
|
||||
|
||||
/* IDL: typedef struct { */
|
||||
|
||||
/* IDL: struct { */
|
||||
/* IDL: uint32 unknown0; */
|
||||
/* IDL: uint32 unknown1; */
|
||||
/* IDL: } eventlog_ChangeUnknown0; */
|
||||
/* IDL: } */
|
||||
|
||||
static int
|
||||
eventlog_dissect_element_ChangeUnknown0_unknown0(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
||||
|
|
@ -837,7 +842,7 @@ eventlog_dissect_element_ClearEventLogW_handle(tvbuff_t *tvb, int offset, packet
|
|||
static int
|
||||
eventlog_dissect_element_ClearEventLogW_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
||||
{
|
||||
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_eventlog_eventlog_ClearEventLogW_handle, NULL, NULL, 0&0x01, 0&0x02);
|
||||
offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_eventlog_eventlog_ClearEventLogW_handle, 0);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
|
@ -864,10 +869,11 @@ eventlog_dissect_element_ClearEventLogW_backupfilename_(tvbuff_t *tvb, int offse
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
eventlog_dissect_ClearEventLogW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_ClearEventLogW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="ClearEventLogW";
|
||||
offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep, hf_eventlog_status, &status);
|
||||
|
||||
if (status != 0 && check_col(pinfo->cinfo, COL_INFO))
|
||||
|
|
@ -877,8 +883,9 @@ eventlog_dissect_ClearEventLogW_response(tvbuff_t *tvb _U_, int offset _U_, pack
|
|||
}
|
||||
|
||||
static int
|
||||
eventlog_dissect_ClearEventLogW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_ClearEventLogW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="ClearEventLogW";
|
||||
offset = eventlog_dissect_element_ClearEventLogW_handle(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
offset = eventlog_dissect_element_ClearEventLogW_backupfilename(tvb, offset, pinfo, tree, drep);
|
||||
|
|
@ -897,7 +904,7 @@ eventlog_dissect_element_BackupEventLogW_handle(tvbuff_t *tvb, int offset, packe
|
|||
static int
|
||||
eventlog_dissect_element_BackupEventLogW_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
||||
{
|
||||
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_eventlog_eventlog_BackupEventLogW_handle, NULL, NULL, 0&0x01, 0&0x02);
|
||||
offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_eventlog_eventlog_BackupEventLogW_handle, 0);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
|
@ -924,10 +931,11 @@ eventlog_dissect_element_BackupEventLogW_backupfilename_(tvbuff_t *tvb, int offs
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
eventlog_dissect_BackupEventLogW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_BackupEventLogW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="BackupEventLogW";
|
||||
offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep, hf_eventlog_status, &status);
|
||||
|
||||
if (status != 0 && check_col(pinfo->cinfo, COL_INFO))
|
||||
|
|
@ -937,8 +945,9 @@ eventlog_dissect_BackupEventLogW_response(tvbuff_t *tvb _U_, int offset _U_, pac
|
|||
}
|
||||
|
||||
static int
|
||||
eventlog_dissect_BackupEventLogW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_BackupEventLogW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="BackupEventLogW";
|
||||
offset = eventlog_dissect_element_BackupEventLogW_handle(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
offset = eventlog_dissect_element_BackupEventLogW_backupfilename(tvb, offset, pinfo, tree, drep);
|
||||
|
|
@ -957,7 +966,7 @@ eventlog_dissect_element_CloseEventLog_handle(tvbuff_t *tvb, int offset, packet_
|
|||
static int
|
||||
eventlog_dissect_element_CloseEventLog_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
||||
{
|
||||
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_eventlog_eventlog_CloseEventLog_handle, NULL, NULL, 0x0002&0x01, 0x0002&0x02);
|
||||
offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_eventlog_eventlog_CloseEventLog_handle, PIDL_POLHND_CLOSE);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
|
@ -967,10 +976,11 @@ eventlog_dissect_element_CloseEventLog_handle_(tvbuff_t *tvb, int offset, packet
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
eventlog_dissect_CloseEventLog_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_CloseEventLog_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="CloseEventLog";
|
||||
offset = eventlog_dissect_element_CloseEventLog_handle(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
|
||||
|
|
@ -983,8 +993,9 @@ eventlog_dissect_CloseEventLog_response(tvbuff_t *tvb _U_, int offset _U_, packe
|
|||
}
|
||||
|
||||
static int
|
||||
eventlog_dissect_CloseEventLog_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_CloseEventLog_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="CloseEventLog";
|
||||
offset = eventlog_dissect_element_CloseEventLog_handle(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
return offset;
|
||||
|
|
@ -1001,7 +1012,7 @@ eventlog_dissect_element_DeregisterEventSource_handle(tvbuff_t *tvb, int offset,
|
|||
static int
|
||||
eventlog_dissect_element_DeregisterEventSource_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
||||
{
|
||||
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_eventlog_eventlog_DeregisterEventSource_handle, NULL, NULL, 0&0x01, 0&0x02);
|
||||
offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_eventlog_eventlog_DeregisterEventSource_handle, 0);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
|
@ -1011,10 +1022,11 @@ eventlog_dissect_element_DeregisterEventSource_handle_(tvbuff_t *tvb, int offset
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
eventlog_dissect_DeregisterEventSource_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_DeregisterEventSource_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="DeregisterEventSource";
|
||||
offset = eventlog_dissect_element_DeregisterEventSource_handle(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
|
||||
|
|
@ -1027,8 +1039,9 @@ eventlog_dissect_DeregisterEventSource_response(tvbuff_t *tvb _U_, int offset _U
|
|||
}
|
||||
|
||||
static int
|
||||
eventlog_dissect_DeregisterEventSource_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_DeregisterEventSource_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="DeregisterEventSource";
|
||||
offset = eventlog_dissect_element_DeregisterEventSource_handle(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
return offset;
|
||||
|
|
@ -1045,7 +1058,7 @@ eventlog_dissect_element_GetNumRecords_handle(tvbuff_t *tvb, int offset, packet_
|
|||
static int
|
||||
eventlog_dissect_element_GetNumRecords_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
||||
{
|
||||
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_eventlog_eventlog_GetNumRecords_handle, NULL, NULL, 0&0x01, 0&0x02);
|
||||
offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_eventlog_eventlog_GetNumRecords_handle, 0);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
|
@ -1064,10 +1077,11 @@ eventlog_dissect_element_GetNumRecords_number(tvbuff_t *tvb, int offset, packet_
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
eventlog_dissect_GetNumRecords_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_GetNumRecords_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="GetNumRecords";
|
||||
offset = eventlog_dissect_element_GetNumRecords_number(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
|
||||
|
|
@ -1080,8 +1094,9 @@ eventlog_dissect_GetNumRecords_response(tvbuff_t *tvb _U_, int offset _U_, packe
|
|||
}
|
||||
|
||||
static int
|
||||
eventlog_dissect_GetNumRecords_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_GetNumRecords_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="GetNumRecords";
|
||||
offset = eventlog_dissect_element_GetNumRecords_handle(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
return offset;
|
||||
|
|
@ -1098,7 +1113,7 @@ eventlog_dissect_element_GetOldestRecord_handle(tvbuff_t *tvb, int offset, packe
|
|||
static int
|
||||
eventlog_dissect_element_GetOldestRecord_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
||||
{
|
||||
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_eventlog_eventlog_GetOldestRecord_handle, NULL, NULL, 0&0x01, 0&0x02);
|
||||
offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_eventlog_eventlog_GetOldestRecord_handle, 0);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
|
@ -1117,10 +1132,11 @@ eventlog_dissect_element_GetOldestRecord_oldest(tvbuff_t *tvb, int offset, packe
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
eventlog_dissect_GetOldestRecord_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_GetOldestRecord_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="GetOldestRecord";
|
||||
offset = eventlog_dissect_element_GetOldestRecord_oldest(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
|
||||
|
|
@ -1133,8 +1149,9 @@ eventlog_dissect_GetOldestRecord_response(tvbuff_t *tvb _U_, int offset _U_, pac
|
|||
}
|
||||
|
||||
static int
|
||||
eventlog_dissect_GetOldestRecord_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_GetOldestRecord_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="GetOldestRecord";
|
||||
offset = eventlog_dissect_element_GetOldestRecord_handle(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
return offset;
|
||||
|
|
@ -1151,7 +1168,7 @@ eventlog_dissect_element_ChangeNotify_handle(tvbuff_t *tvb, int offset, packet_i
|
|||
static int
|
||||
eventlog_dissect_element_ChangeNotify_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
||||
{
|
||||
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_eventlog_eventlog_ChangeNotify_handle, NULL, NULL, 0&0x01, 0&0x02);
|
||||
offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_eventlog_eventlog_ChangeNotify_handle, 0);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
|
@ -1187,10 +1204,11 @@ eventlog_dissect_element_ChangeNotify_unknown3(tvbuff_t *tvb, int offset, packet
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
eventlog_dissect_ChangeNotify_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_ChangeNotify_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="ChangeNotify";
|
||||
offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep, hf_eventlog_status, &status);
|
||||
|
||||
if (status != 0 && check_col(pinfo->cinfo, COL_INFO))
|
||||
|
|
@ -1200,8 +1218,9 @@ eventlog_dissect_ChangeNotify_response(tvbuff_t *tvb _U_, int offset _U_, packet
|
|||
}
|
||||
|
||||
static int
|
||||
eventlog_dissect_ChangeNotify_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_ChangeNotify_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="ChangeNotify";
|
||||
offset = eventlog_dissect_element_ChangeNotify_handle(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
offset = eventlog_dissect_element_ChangeNotify_unknown2(tvb, offset, pinfo, tree, drep);
|
||||
|
|
@ -1270,7 +1289,7 @@ eventlog_dissect_element_OpenEventLogW_handle(tvbuff_t *tvb, int offset, packet_
|
|||
static int
|
||||
eventlog_dissect_element_OpenEventLogW_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
||||
{
|
||||
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_eventlog_eventlog_OpenEventLogW_handle, NULL, NULL, 0x0001&0x01, 0x0001&0x02);
|
||||
offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_eventlog_eventlog_OpenEventLogW_handle, PIDL_POLHND_OPEN);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
|
@ -1285,10 +1304,11 @@ eventlog_dissect_element_OpenEventLogW_handle_(tvbuff_t *tvb, int offset, packet
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
eventlog_dissect_OpenEventLogW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_OpenEventLogW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="OpenEventLogW";
|
||||
offset = eventlog_dissect_element_OpenEventLogW_handle(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
|
||||
|
|
@ -1301,8 +1321,9 @@ eventlog_dissect_OpenEventLogW_response(tvbuff_t *tvb _U_, int offset _U_, packe
|
|||
}
|
||||
|
||||
static int
|
||||
eventlog_dissect_OpenEventLogW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_OpenEventLogW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="OpenEventLogW";
|
||||
offset = eventlog_dissect_element_OpenEventLogW_unknown0(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
offset = eventlog_dissect_element_OpenEventLogW_logname(tvb, offset, pinfo, tree, drep);
|
||||
|
|
@ -1375,7 +1396,7 @@ eventlog_dissect_element_RegisterEventSourceW_handle(tvbuff_t *tvb, int offset,
|
|||
static int
|
||||
eventlog_dissect_element_RegisterEventSourceW_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
||||
{
|
||||
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_eventlog_eventlog_RegisterEventSourceW_handle, NULL, NULL, 0&0x01, 0&0x02);
|
||||
offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_eventlog_eventlog_RegisterEventSourceW_handle, 0);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
|
@ -1390,10 +1411,11 @@ eventlog_dissect_element_RegisterEventSourceW_handle_(tvbuff_t *tvb, int offset,
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
eventlog_dissect_RegisterEventSourceW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_RegisterEventSourceW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="RegisterEventSourceW";
|
||||
offset = eventlog_dissect_element_RegisterEventSourceW_handle(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
|
||||
|
|
@ -1406,8 +1428,9 @@ eventlog_dissect_RegisterEventSourceW_response(tvbuff_t *tvb _U_, int offset _U_
|
|||
}
|
||||
|
||||
static int
|
||||
eventlog_dissect_RegisterEventSourceW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_RegisterEventSourceW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="RegisterEventSourceW";
|
||||
offset = eventlog_dissect_element_RegisterEventSourceW_unknown0(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
offset = eventlog_dissect_element_RegisterEventSourceW_logname(tvb, offset, pinfo, tree, drep);
|
||||
|
|
@ -1472,7 +1495,7 @@ eventlog_dissect_element_OpenBackupEventLogW_handle(tvbuff_t *tvb, int offset, p
|
|||
static int
|
||||
eventlog_dissect_element_OpenBackupEventLogW_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
||||
{
|
||||
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_eventlog_eventlog_OpenBackupEventLogW_handle, NULL, NULL, 0x0001&0x01, 0x0001&0x02);
|
||||
offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_eventlog_eventlog_OpenBackupEventLogW_handle, PIDL_POLHND_OPEN);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
|
@ -1486,10 +1509,11 @@ eventlog_dissect_element_OpenBackupEventLogW_handle_(tvbuff_t *tvb, int offset,
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
eventlog_dissect_OpenBackupEventLogW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_OpenBackupEventLogW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="OpenBackupEventLogW";
|
||||
offset = eventlog_dissect_element_OpenBackupEventLogW_handle(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
|
||||
|
|
@ -1502,8 +1526,9 @@ eventlog_dissect_OpenBackupEventLogW_response(tvbuff_t *tvb _U_, int offset _U_,
|
|||
}
|
||||
|
||||
static int
|
||||
eventlog_dissect_OpenBackupEventLogW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_OpenBackupEventLogW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="OpenBackupEventLogW";
|
||||
offset = eventlog_dissect_element_OpenBackupEventLogW_unknown0(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
offset = eventlog_dissect_element_OpenBackupEventLogW_logname(tvb, offset, pinfo, tree, drep);
|
||||
|
|
@ -1526,7 +1551,7 @@ eventlog_dissect_element_ReadEventLogW_handle(tvbuff_t *tvb, int offset, packet_
|
|||
static int
|
||||
eventlog_dissect_element_ReadEventLogW_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
||||
{
|
||||
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_eventlog_eventlog_ReadEventLogW_handle, NULL, NULL, 0&0x01, 0&0x02);
|
||||
offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_eventlog_eventlog_ReadEventLogW_handle, 0);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
|
@ -1590,10 +1615,11 @@ eventlog_dissect_element_ReadEventLogW_real_size(tvbuff_t *tvb, int offset, pack
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
eventlog_dissect_ReadEventLogW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_ReadEventLogW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="ReadEventLogW";
|
||||
offset = eventlog_dissect_element_ReadEventLogW_data(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
|
||||
|
|
@ -1612,8 +1638,9 @@ eventlog_dissect_ReadEventLogW_response(tvbuff_t *tvb _U_, int offset _U_, packe
|
|||
}
|
||||
|
||||
static int
|
||||
eventlog_dissect_ReadEventLogW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_ReadEventLogW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="ReadEventLogW";
|
||||
offset = eventlog_dissect_element_ReadEventLogW_handle(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
offset = eventlog_dissect_element_ReadEventLogW_flags(tvb, offset, pinfo, tree, drep);
|
||||
|
|
@ -1630,10 +1657,11 @@ eventlog_dissect_ReadEventLogW_request(tvbuff_t *tvb _U_, int offset _U_, packet
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
eventlog_dissect_ReportEventW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_ReportEventW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="ReportEventW";
|
||||
offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep, hf_eventlog_status, &status);
|
||||
|
||||
if (status != 0 && check_col(pinfo->cinfo, COL_INFO))
|
||||
|
|
@ -1643,8 +1671,9 @@ eventlog_dissect_ReportEventW_response(tvbuff_t *tvb _U_, int offset _U_, packet
|
|||
}
|
||||
|
||||
static int
|
||||
eventlog_dissect_ReportEventW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_ReportEventW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="ReportEventW";
|
||||
return offset;
|
||||
}
|
||||
|
||||
|
|
@ -1653,10 +1682,11 @@ eventlog_dissect_ReportEventW_request(tvbuff_t *tvb _U_, int offset _U_, packet_
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
eventlog_dissect_ClearEventLogA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_ClearEventLogA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="ClearEventLogA";
|
||||
offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep, hf_eventlog_status, &status);
|
||||
|
||||
if (status != 0 && check_col(pinfo->cinfo, COL_INFO))
|
||||
|
|
@ -1666,8 +1696,9 @@ eventlog_dissect_ClearEventLogA_response(tvbuff_t *tvb _U_, int offset _U_, pack
|
|||
}
|
||||
|
||||
static int
|
||||
eventlog_dissect_ClearEventLogA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_ClearEventLogA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="ClearEventLogA";
|
||||
return offset;
|
||||
}
|
||||
|
||||
|
|
@ -1676,10 +1707,11 @@ eventlog_dissect_ClearEventLogA_request(tvbuff_t *tvb _U_, int offset _U_, packe
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
eventlog_dissect_BackupEventLogA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_BackupEventLogA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="BackupEventLogA";
|
||||
offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep, hf_eventlog_status, &status);
|
||||
|
||||
if (status != 0 && check_col(pinfo->cinfo, COL_INFO))
|
||||
|
|
@ -1689,8 +1721,9 @@ eventlog_dissect_BackupEventLogA_response(tvbuff_t *tvb _U_, int offset _U_, pac
|
|||
}
|
||||
|
||||
static int
|
||||
eventlog_dissect_BackupEventLogA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_BackupEventLogA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="BackupEventLogA";
|
||||
return offset;
|
||||
}
|
||||
|
||||
|
|
@ -1699,10 +1732,11 @@ eventlog_dissect_BackupEventLogA_request(tvbuff_t *tvb _U_, int offset _U_, pack
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
eventlog_dissect_OpenEventLogA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_OpenEventLogA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="OpenEventLogA";
|
||||
offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep, hf_eventlog_status, &status);
|
||||
|
||||
if (status != 0 && check_col(pinfo->cinfo, COL_INFO))
|
||||
|
|
@ -1712,8 +1746,9 @@ eventlog_dissect_OpenEventLogA_response(tvbuff_t *tvb _U_, int offset _U_, packe
|
|||
}
|
||||
|
||||
static int
|
||||
eventlog_dissect_OpenEventLogA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_OpenEventLogA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="OpenEventLogA";
|
||||
return offset;
|
||||
}
|
||||
|
||||
|
|
@ -1722,10 +1757,11 @@ eventlog_dissect_OpenEventLogA_request(tvbuff_t *tvb _U_, int offset _U_, packet
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
eventlog_dissect_RegisterEventSourceA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_RegisterEventSourceA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="RegisterEventSourceA";
|
||||
offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep, hf_eventlog_status, &status);
|
||||
|
||||
if (status != 0 && check_col(pinfo->cinfo, COL_INFO))
|
||||
|
|
@ -1735,8 +1771,9 @@ eventlog_dissect_RegisterEventSourceA_response(tvbuff_t *tvb _U_, int offset _U_
|
|||
}
|
||||
|
||||
static int
|
||||
eventlog_dissect_RegisterEventSourceA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_RegisterEventSourceA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="RegisterEventSourceA";
|
||||
return offset;
|
||||
}
|
||||
|
||||
|
|
@ -1745,10 +1782,11 @@ eventlog_dissect_RegisterEventSourceA_request(tvbuff_t *tvb _U_, int offset _U_,
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
eventlog_dissect_OpenBackupEventLogA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_OpenBackupEventLogA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="OpenBackupEventLogA";
|
||||
offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep, hf_eventlog_status, &status);
|
||||
|
||||
if (status != 0 && check_col(pinfo->cinfo, COL_INFO))
|
||||
|
|
@ -1758,8 +1796,9 @@ eventlog_dissect_OpenBackupEventLogA_response(tvbuff_t *tvb _U_, int offset _U_,
|
|||
}
|
||||
|
||||
static int
|
||||
eventlog_dissect_OpenBackupEventLogA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_OpenBackupEventLogA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="OpenBackupEventLogA";
|
||||
return offset;
|
||||
}
|
||||
|
||||
|
|
@ -1768,10 +1807,11 @@ eventlog_dissect_OpenBackupEventLogA_request(tvbuff_t *tvb _U_, int offset _U_,
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
eventlog_dissect_ReadEventLogA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_ReadEventLogA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="ReadEventLogA";
|
||||
offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep, hf_eventlog_status, &status);
|
||||
|
||||
if (status != 0 && check_col(pinfo->cinfo, COL_INFO))
|
||||
|
|
@ -1781,8 +1821,9 @@ eventlog_dissect_ReadEventLogA_response(tvbuff_t *tvb _U_, int offset _U_, packe
|
|||
}
|
||||
|
||||
static int
|
||||
eventlog_dissect_ReadEventLogA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_ReadEventLogA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="ReadEventLogA";
|
||||
return offset;
|
||||
}
|
||||
|
||||
|
|
@ -1791,10 +1832,11 @@ eventlog_dissect_ReadEventLogA_request(tvbuff_t *tvb _U_, int offset _U_, packet
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
eventlog_dissect_ReportEventA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_ReportEventA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="ReportEventA";
|
||||
offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep, hf_eventlog_status, &status);
|
||||
|
||||
if (status != 0 && check_col(pinfo->cinfo, COL_INFO))
|
||||
|
|
@ -1804,8 +1846,9 @@ eventlog_dissect_ReportEventA_response(tvbuff_t *tvb _U_, int offset _U_, packet
|
|||
}
|
||||
|
||||
static int
|
||||
eventlog_dissect_ReportEventA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_ReportEventA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="ReportEventA";
|
||||
return offset;
|
||||
}
|
||||
|
||||
|
|
@ -1814,10 +1857,11 @@ eventlog_dissect_ReportEventA_request(tvbuff_t *tvb _U_, int offset _U_, packet_
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
eventlog_dissect_RegisterClusterSvc_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_RegisterClusterSvc_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="RegisterClusterSvc";
|
||||
offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep, hf_eventlog_status, &status);
|
||||
|
||||
if (status != 0 && check_col(pinfo->cinfo, COL_INFO))
|
||||
|
|
@ -1827,8 +1871,9 @@ eventlog_dissect_RegisterClusterSvc_response(tvbuff_t *tvb _U_, int offset _U_,
|
|||
}
|
||||
|
||||
static int
|
||||
eventlog_dissect_RegisterClusterSvc_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_RegisterClusterSvc_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="RegisterClusterSvc";
|
||||
return offset;
|
||||
}
|
||||
|
||||
|
|
@ -1837,10 +1882,11 @@ eventlog_dissect_RegisterClusterSvc_request(tvbuff_t *tvb _U_, int offset _U_, p
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
eventlog_dissect_DeregisterClusterSvc_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_DeregisterClusterSvc_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="DeregisterClusterSvc";
|
||||
offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep, hf_eventlog_status, &status);
|
||||
|
||||
if (status != 0 && check_col(pinfo->cinfo, COL_INFO))
|
||||
|
|
@ -1850,8 +1896,9 @@ eventlog_dissect_DeregisterClusterSvc_response(tvbuff_t *tvb _U_, int offset _U_
|
|||
}
|
||||
|
||||
static int
|
||||
eventlog_dissect_DeregisterClusterSvc_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_DeregisterClusterSvc_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="DeregisterClusterSvc";
|
||||
return offset;
|
||||
}
|
||||
|
||||
|
|
@ -1860,10 +1907,11 @@ eventlog_dissect_DeregisterClusterSvc_request(tvbuff_t *tvb _U_, int offset _U_,
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
eventlog_dissect_WriteClusterEvents_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_WriteClusterEvents_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="WriteClusterEvents";
|
||||
offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep, hf_eventlog_status, &status);
|
||||
|
||||
if (status != 0 && check_col(pinfo->cinfo, COL_INFO))
|
||||
|
|
@ -1873,8 +1921,9 @@ eventlog_dissect_WriteClusterEvents_response(tvbuff_t *tvb _U_, int offset _U_,
|
|||
}
|
||||
|
||||
static int
|
||||
eventlog_dissect_WriteClusterEvents_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_WriteClusterEvents_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="WriteClusterEvents";
|
||||
return offset;
|
||||
}
|
||||
|
||||
|
|
@ -1889,7 +1938,7 @@ eventlog_dissect_element_GetLogIntormation_handle(tvbuff_t *tvb, int offset, pac
|
|||
static int
|
||||
eventlog_dissect_element_GetLogIntormation_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
||||
{
|
||||
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_eventlog_eventlog_GetLogIntormation_handle, NULL, NULL, 0&0x01, 0&0x02);
|
||||
offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_eventlog_eventlog_GetLogIntormation_handle, 0);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
|
@ -1943,10 +1992,11 @@ eventlog_dissect_element_GetLogIntormation_cbBytesNeeded(tvbuff_t *tvb, int offs
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
eventlog_dissect_GetLogIntormation_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_GetLogIntormation_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="GetLogIntormation";
|
||||
offset = eventlog_dissect_element_GetLogIntormation_lpBuffer(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
|
||||
|
|
@ -1962,8 +2012,9 @@ eventlog_dissect_GetLogIntormation_response(tvbuff_t *tvb _U_, int offset _U_, p
|
|||
}
|
||||
|
||||
static int
|
||||
eventlog_dissect_GetLogIntormation_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_GetLogIntormation_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="GetLogIntormation";
|
||||
offset = eventlog_dissect_element_GetLogIntormation_handle(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
offset = eventlog_dissect_element_GetLogIntormation_dwInfoLevel(tvb, offset, pinfo, tree, drep);
|
||||
|
|
@ -1984,7 +2035,7 @@ eventlog_dissect_element_FlushEventLog_handle(tvbuff_t *tvb, int offset, packet_
|
|||
static int
|
||||
eventlog_dissect_element_FlushEventLog_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
|
||||
{
|
||||
offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_eventlog_eventlog_FlushEventLog_handle, NULL, NULL, 0&0x01, 0&0x02);
|
||||
offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, drep, hf_eventlog_eventlog_FlushEventLog_handle, 0);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
|
@ -1994,10 +2045,11 @@ eventlog_dissect_element_FlushEventLog_handle_(tvbuff_t *tvb, int offset, packet
|
|||
/* IDL: ); */
|
||||
|
||||
static int
|
||||
eventlog_dissect_FlushEventLog_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_FlushEventLog_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
guint32 status;
|
||||
|
||||
pinfo->dcerpc_procedure_name="FlushEventLog";
|
||||
offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep, hf_eventlog_status, &status);
|
||||
|
||||
if (status != 0 && check_col(pinfo->cinfo, COL_INFO))
|
||||
|
|
@ -2007,8 +2059,9 @@ eventlog_dissect_FlushEventLog_response(tvbuff_t *tvb _U_, int offset _U_, packe
|
|||
}
|
||||
|
||||
static int
|
||||
eventlog_dissect_FlushEventLog_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
eventlog_dissect_FlushEventLog_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo, proto_tree *tree _U_, guint8 *drep _U_)
|
||||
{
|
||||
pinfo->dcerpc_procedure_name="FlushEventLog";
|
||||
offset = eventlog_dissect_element_FlushEventLog_handle(tvb, offset, pinfo, tree, drep);
|
||||
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
|
||||
return offset;
|
||||
|
|
|
|||
|
|
@ -14,8 +14,6 @@
|
|||
#ifndef __PACKET_DCERPC_EVENTLOG_H
|
||||
#define __PACKET_DCERPC_EVENTLOG_H
|
||||
|
||||
#include "packet-dcerpc-lsa.h"
|
||||
|
||||
int eventlog_dissect_bitmap_eventlogReadFlags(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int hf_index, guint32 param);
|
||||
int eventlog_dissect_bitmap_eventlogEventTypes(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int hf_index, guint32 param);
|
||||
int eventlog_dissect_struct_OpenUnknown0(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_);
|
||||
|
|
|
|||
|
|
@ -6,10 +6,10 @@
|
|||
# closed so that policyhandles when dissected contain nice info such as
|
||||
# [opened in xxx] [closed in yyy]
|
||||
#
|
||||
# Policyhandles are opened in these functions (open==0x0001)
|
||||
PARAM_VALUE efs_dissect_element_EfsRpcOpenFileRaw_pvContext_ 0x0001
|
||||
# Policyhandles are closed in these functions (close==0x0002)
|
||||
PARAM_VALUE efs_dissect_element_EfsRpcCloseRaw_pvContext_ 0x0002
|
||||
# Policyhandles are opened in these functions
|
||||
PARAM_VALUE efs_dissect_element_EfsRpcOpenFileRaw_pvContext_ PIDL_POLHND_OPEN
|
||||
# Policyhandles are closed in these functions
|
||||
PARAM_VALUE efs_dissect_element_EfsRpcCloseRaw_pvContext_ PIDL_POLHND_CLOSE
|
||||
|
||||
CODE START
|
||||
static int
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
by Jean-Baptiste Marchand
|
||||
*/
|
||||
|
||||
import "security.idl";
|
||||
/* import "security.idl";*/
|
||||
|
||||
[
|
||||
uuid("c681d488-d850-11d0-8c52-00c04fd90f7e"),
|
||||
|
|
|
|||
|
|
@ -24,11 +24,11 @@ MANUAL eventlog_dissect_element_Record_strings
|
|||
# closed so that policyhandles when dissected contain nice info such as
|
||||
# [opened in xxx] [closed in yyy]
|
||||
#
|
||||
# Policyhandles are opened in these functions (open==0x0001)
|
||||
PARAM_VALUE eventlog_dissect_element_OpenEventLogW_handle_ 0x0001
|
||||
PARAM_VALUE eventlog_dissect_element_OpenBackupEventLogW_handle_ 0x0001
|
||||
# Policyhandles are closed in these functions (close==0x0002)
|
||||
PARAM_VALUE eventlog_dissect_element_CloseEventLog_handle_ 0x0002
|
||||
# Policyhandles are opened in these functions
|
||||
PARAM_VALUE eventlog_dissect_element_OpenEventLogW_handle_ PIDL_POLHND_OPEN
|
||||
PARAM_VALUE eventlog_dissect_element_OpenBackupEventLogW_handle_ PIDL_POLHND_OPEN
|
||||
# Policyhandles are closed in these functions
|
||||
PARAM_VALUE eventlog_dissect_element_CloseEventLog_handle_ PIDL_POLHND_CLOSE
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
#include "idl_types.h"
|
||||
|
||||
import "lsa.idl", "security.idl";
|
||||
/* import "lsa.idl", "security.idl";*/
|
||||
|
||||
/*
|
||||
eventlog interface definition
|
||||
|
|
|
|||
Loading…
Reference in New Issue