forked from osmocom/wireshark
30 lines
920 B
INI
30 lines
920 B
INI
# Conformance file for EFS
|
|
|
|
#
|
|
# policyhandle tracking
|
|
# This block is to specify where a policyhandle is opened and where it is
|
|
# closed so that policyhandles when dissected contain nice info such as
|
|
# [opened in xxx] [closed in yyy]
|
|
#
|
|
# Policyhandles are opened in these functions (open==0x0001)
|
|
PARAM_VALUE efs_dissect_element_EfsRpcOpenFileRaw_pvContext_ 0x0001
|
|
# Policyhandles are closed in these functions (close==0x0002)
|
|
PARAM_VALUE efs_dissect_element_EfsRpcCloseRaw_pvContext_ 0x0002
|
|
|
|
CODE START
|
|
static int
|
|
efs_dissect_struct_dom_sid(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int hf_index, guint32 param _U_)
|
|
{
|
|
dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
|
|
|
|
if(di->conformant_run){
|
|
/* just a run to handle conformant arrays, no scalars to dissect */
|
|
return offset;
|
|
}
|
|
|
|
offset=dissect_nt_sid(tvb, offset, tree, "SID", NULL, -1);
|
|
return offset;
|
|
}
|
|
|
|
CODE END
|