osmocom
/
wireshark
14
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

A first go at importing some pidl generated code into ethereal. This 

commit replaces the hand written dcerpc initshutdown and winreg 
interfaces with autogenerated ones.  

The pidl generated code is still a bit rought around the edges but will 
hopefully improve with time.

svn path=/trunk/; revision=15812
This commit is contained in:
Tim Potter 2005-09-15 07:34:52 +00:00
parent 3808fc02a1
commit 7cc2d21bc7
13 changed files with 4594 additions and 1264 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
epan/dissectors/Makefile.common
View File

@ -45,8 +45,19 @@ GENERATED_C_FILES = \
# All the generated files.
GENERATED_FILES = $(GENERATED_HEADER_FILES) $(GENERATED_C_FILES)
# pidl dissectors
PIDL_DISSECTOR_SRC = \
pidl/packet-dcerpc-initshutdown.c \
pidl/packet-dcerpc-winreg.c
PIDL_DISSECTOR_INCLUDES = \
pidl/packet-dcerpc-initshutdown.h \
pidl/packet-dcerpc-winreg.h
# the dissector sources (without any helpers)
DISSECTOR_SRC = \
$(PIDL_DISSECTOR_SRC) \
packet-3com-xns.c \
packet-3g-a11.c \
packet-9p.c \
@ -168,7 +179,6 @@ DISSECTOR_SRC = \
packet-dcerpc-frsrpc.c \
packet-dcerpc-ftserver.c \
packet-dcerpc-icl_rpc.c \
packet-dcerpc-initshutdown.c \
packet-dcerpc-krb5rpc.c \
packet-dcerpc-llb.c \
packet-dcerpc-lsa.c \
@ -180,7 +190,6 @@ DISSECTOR_SRC = \
packet-dcerpc-nspi.c \
packet-dcerpc-pnp.c \
packet-dcerpc-rdaclif.c \
packet-dcerpc-reg.c \
packet-dcerpc-rep_proc.c \
packet-dcerpc-roverride.c \
packet-dcerpc-rpriv.c \
@ -627,6 +636,7 @@ DISSECTOR_SRC = \
# corresponding headers
DISSECTOR_INCLUDES = \
$(PIDL_DISSECTOR_INCLUDES) \
packet-acse.h \
packet-actrace.h \
packet-afp.h \
@ -671,13 +681,11 @@ DISSECTOR_INCLUDES = \
packet-dcerpc-eventlog.h \
packet-dcerpc-frsapi.h \
packet-dcerpc-frsrpc.h \
packet-dcerpc-initshutdown.h \
packet-dcerpc-lsa.h \
packet-dcerpc-mapi.h \
packet-dcerpc-netlogon.h \
packet-dcerpc-nt.h \
packet-dcerpc-pnp.h \
packet-dcerpc-reg.h \
packet-dcerpc-rras.h \
packet-dcerpc-samr.h \
packet-dcerpc-spoolss.h \

212
epan/dissectors/packet-dcerpc-initshutdown.c
View File

@ -1,212 +0,0 @@
/* packet-dcerpc-initshutdown.c
* Routines for SMB \PIPE\initshutdown packet disassembly
* Based on packet-dcerpc-winreg.c
* Copyright 2001-2003 Tim Potter <tpot@samba.org>
* as per a suggestion by Jim McDonough
*
* $Id$
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <glib.h>
#include <epan/packet.h>
#include "packet-dcerpc.h"
#include "packet-dcerpc-nt.h"
#include "packet-dcerpc-initshutdown.h"
#include "packet-windows-common.h"
/* Global hf index fields */
static int hf_rc = -1;
static int hf_shutdown_message = -1;
static int hf_shutdown_seconds = -1;
static int hf_shutdown_force = -1;
static int hf_shutdown_reboot = -1;
static int hf_shutdown_server = -1;
static int hf_shutdown_reason = -1;
/* Reg Shutdown functions */
static int
dissect_shutdown_server(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_uint16(
tvb, offset, pinfo, tree, drep, hf_shutdown_server, NULL);
return offset;
}
static int
dissect_shutdown_message(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_counted_string(
tvb, offset, pinfo, tree, drep, hf_shutdown_message, 0);
return offset;
}
static int
InitshutdownShutdown_q(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(
tvb, offset, pinfo, tree, drep,
dissect_shutdown_server, NDR_POINTER_UNIQUE,
"Server", -1);
offset = dissect_ndr_pointer(
tvb, offset, pinfo, tree, drep,
dissect_shutdown_message, NDR_POINTER_UNIQUE,
"message", -1);
offset = dissect_ndr_uint32(
tvb, offset, pinfo, tree, drep, hf_shutdown_seconds, NULL);
offset = dissect_ndr_uint8(
tvb, offset, pinfo, tree, drep, hf_shutdown_force, NULL);
offset = dissect_ndr_uint8(
tvb, offset, pinfo, tree, drep, hf_shutdown_reboot, NULL);
return offset;
}
static int
InitshutdownShutdown_r(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
offset = dissect_ntstatus(
tvb, offset, pinfo, tree, drep, hf_rc, NULL);
return offset;
}
static int
InitshutdownAbortShutdown_q(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(
tvb, offset, pinfo, tree, drep,
dissect_shutdown_server, NDR_POINTER_UNIQUE,
"Server", -1);
return offset;
}
static int
InitshutdownShutdownEx_q(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
offset = InitshutdownShutdown_q(tvb, offset, pinfo, tree, drep);
offset = dissect_ndr_uint32(
tvb, offset, pinfo, tree, drep, hf_shutdown_reason, NULL);
return offset;
}
static int proto_dcerpc_initshutdown = -1;
static int hf_initshutdown_opnum = -1;
static gint ett_dcerpc_initshutdown = -1;
static e_uuid_t uuid_dcerpc_initshutdown = {
0x894de0c0, 0x0d55, 0x11d3,
{ 0xa3, 0x22, 0x00, 0xc0, 0x4f, 0xa3, 0x21, 0xa1 }
};
static guint16 ver_dcerpc_initshutdown = 1;
static dcerpc_sub_dissector dcerpc_initshutdown_dissectors[] = {
{ INITSHUTDOWN_INITIATE_SYSTEM_SHUTDOWN, "InitiateSystemShutdown",
InitshutdownShutdown_q, InitshutdownShutdown_r },
{ INITSHUTDOWN_ABORT_SYSTEM_SHUTDOWN, "AbortSystemShutdown",
InitshutdownAbortShutdown_q, InitshutdownShutdown_r },
{ INITSHUTDOWN_INITIATE_SYSTEM_SHUTDOWN_EX, "InitiateSystemShutdownEx",
InitshutdownShutdownEx_q, InitshutdownShutdown_r },
{ 0, NULL, NULL, NULL }
};
void
proto_register_dcerpc_initshutdown(void)
{
static hf_register_info hf[] = {
/* Global indexes */
{ &hf_rc,
{ "Return code", "initshutdown.rc", FT_UINT32, BASE_HEX,
VALS(NT_errors), 0x0, "Initshutdown return code", HFILL }},
{ &hf_initshutdown_opnum,
{ "Operation", "initshutdown.opnum", FT_UINT16, BASE_DEC,
NULL, 0x0, "Operation", HFILL }},
{ &hf_shutdown_message,
{ "Message", "initshutdown.message", FT_STRING, BASE_NONE,
NULL, 0x0, "Message", HFILL }},
{ &hf_shutdown_seconds,
{ "Seconds", "initshutdown.seconds", FT_UINT32, BASE_DEC,
NULL, 0x00, "Seconds", HFILL }},
{ &hf_shutdown_force,
{ "Force applications shut", "initshutdown.force", FT_UINT8,
BASE_DEC, NULL, 0x00, "Force applications shut", HFILL }},
{ &hf_shutdown_reboot,
{ "Reboot", "initshutdown.reboot", FT_UINT8, BASE_DEC,
NULL, 0x00, "Reboot", HFILL }},
{ &hf_shutdown_server,
{ "Server", "initshutdown.server", FT_UINT16, BASE_HEX,
NULL, 0x00, "Server", HFILL }},
{ &hf_shutdown_reason,
{ "Reason", "initshutdown.reason", FT_UINT32, BASE_HEX,
NULL, 0x00, "Reason", HFILL }}
};
static gint *ett[] = {
&ett_dcerpc_initshutdown
};
proto_dcerpc_initshutdown = proto_register_protocol(
"Remote Shutdown", "INITSHUTDOWN", "initshutdown");
proto_register_field_array(proto_dcerpc_initshutdown, hf,
array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
}
void
proto_reg_handoff_dcerpc_initshutdown(void)
{
/* Register protocol as dcerpc */
dcerpc_init_uuid(proto_dcerpc_initshutdown, ett_dcerpc_initshutdown,
&uuid_dcerpc_initshutdown, ver_dcerpc_initshutdown,
dcerpc_initshutdown_dissectors, hf_initshutdown_opnum);
}

37
epan/dissectors/packet-dcerpc-initshutdown.h
View File

@ -1,37 +0,0 @@
/* packet-dcerpc-initshutdown.h
* Routines for SMB \PIPE\initshutdown packet disassembly
* Based on packet-dcerpc-winreg.h
* Copyright 2001-2003 Tim Potter <tpot@samba.org>
* as per a suggestion by Jim McDonough
*
* $Id$
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef __PACKET_DCERPC_INITSHUTDOWN_H
#define __PACKET_DCERPC_INITSHUTDOWN_H
/* Functions available on the INITSHUTDOWN pipe. */
#define INITSHUTDOWN_INITIATE_SYSTEM_SHUTDOWN 0x00
#define INITSHUTDOWN_ABORT_SYSTEM_SHUTDOWN 0x01
#define INITSHUTDOWN_INITIATE_SYSTEM_SHUTDOWN_EX 0x02
#endif /* packet-dcerpc-initshutdown.h */

926
epan/dissectors/packet-dcerpc-reg.c
View File

@ -1,926 +0,0 @@
/* packet-dcerpc-reg.c
* Routines for SMB \PIPE\winreg packet disassembly
* Copyright 2001-2003 Tim Potter <tpot@samba.org>
*
* $Id$
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <glib.h>
#include <epan/packet.h>
#include "packet-dcerpc.h"
#include "packet-dcerpc-nt.h"
#include "packet-dcerpc-reg.h"
#include "packet-windows-common.h"
/* Global hf index fields */
static int hf_rc = -1;
static int hf_hnd = -1;
static int hf_access_mask = -1;
static int hf_keytype = -1;
static int hf_keydata = -1;
static int hf_offered = -1;
static int hf_returned = -1;
static int hf_reserved = -1;
static int hf_unknown = -1;
/* OpenHKLM */
static int hf_openhklm_unknown1 = -1;
static int hf_openhklm_unknown2 = -1;
/* QueryInfoKey */
static int hf_querykey_class = -1;
static int hf_querykey_num_subkeys = -1;
static int hf_querykey_max_subkey_len = -1;
static int hf_querykey_reserved = -1;
static int hf_querykey_num_values = -1;
static int hf_querykey_max_valname_len = -1;
static int hf_querykey_max_valbuf_size = -1;
static int hf_querykey_secdesc = -1;
static int hf_querykey_modtime = -1;
/* OpenKey */
static int hf_keyname = -1;
static int hf_openkey_unknown1 = -1;
/* GetVersion */
static int hf_getversion_version = -1;
/* Shutdown */
static int hf_shutdown_message = -1;
static int hf_shutdown_seconds = -1;
static int hf_shutdown_force = -1;
static int hf_shutdown_reboot = -1;
static int hf_shutdown_server = -1;
static int hf_shutdown_reason = -1;
/* Data that is passed to a open call */
static int
dissect_open_data(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_uint16(
tvb, offset, pinfo, tree, drep,
hf_openhklm_unknown1, NULL);
offset = dissect_ndr_uint16(
tvb, offset, pinfo, tree, drep,
hf_openhklm_unknown1, NULL);
offset = dissect_ndr_uint32(
tvb, offset, pinfo, tree, drep,
hf_access_mask, NULL);
return offset;
}
/*
* OpenHKLM
*/
static int
RegOpenHKLM_q(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
/* Parse packet */
offset = dissect_ndr_pointer(
tvb, offset, pinfo, tree, drep,
dissect_open_data,
NDR_POINTER_UNIQUE, "Unknown", -1);
return offset;
}
static int
RegOpenHKLM_r(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
e_ctx_hnd policy_hnd;
proto_item *hnd_item;
guint32 status;
/* Parse packet */
offset = dissect_nt_policy_hnd(
tvb, offset, pinfo, tree, drep,
hf_hnd, &policy_hnd, &hnd_item, TRUE, FALSE);
offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep,
hf_rc, &status);
if (status == 0) {
dcerpc_smb_store_pol_name(&policy_hnd, pinfo, "HKLM handle");
if (hnd_item != NULL)
proto_item_append_text(hnd_item, ": HKLM handle");
}
return offset;
}
/*
* OpenHKU
*/
static int
RegOpenHKU_q(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
/* Parse packet */
offset = dissect_ndr_pointer(
tvb, offset, pinfo, tree, drep,
dissect_open_data,
NDR_POINTER_UNIQUE, "Unknown", -1);
return offset;
}
static int
RegOpenHKU_r(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
e_ctx_hnd policy_hnd;
proto_item *hnd_item;
guint32 status;
/* Parse packet */
offset = dissect_nt_policy_hnd(
tvb, offset, pinfo, tree, drep,
hf_hnd, &policy_hnd, &hnd_item, TRUE, FALSE);
offset = dissect_ntstatus(
tvb, offset, pinfo, tree, drep, hf_rc, &status);
if (status == 0) {
dcerpc_smb_store_pol_name(&policy_hnd, pinfo, "HKU handle");
if (hnd_item != NULL)
proto_item_append_text(hnd_item, ": HKU handle");
}
return offset;
}
/*
* OpenHKCR
*/
static int
RegOpenHKCR_q(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
/* Parse packet */
offset = dissect_ndr_pointer(
tvb, offset, pinfo, tree, drep,
dissect_open_data,
NDR_POINTER_UNIQUE, "Unknown", -1);
return offset;
}
static int
RegOpenHKCR_r(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
e_ctx_hnd policy_hnd;
proto_item *hnd_item;
guint32 status;
/* Parse packet */
offset = dissect_nt_policy_hnd(
tvb, offset, pinfo, tree, drep,
hf_hnd, &policy_hnd, &hnd_item, TRUE, FALSE);
offset = dissect_ntstatus(
tvb, offset, pinfo, tree, drep, hf_rc, &status);
if (status == 0) {
dcerpc_smb_store_pol_name(&policy_hnd, pinfo, "HKCR handle");
if (hnd_item != NULL)
proto_item_append_text(hnd_item, ": HKCR handle");
}
return offset;
}
/*
* CloseKey
*/
static int
RegCloseKey_q(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
/* Parse packet */
offset = dissect_nt_policy_hnd(
tvb, offset, pinfo, tree, drep,
hf_hnd, NULL, NULL, FALSE, TRUE);
return offset;
}
static int
RegCloseKey_r(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
/* Parse packet */
offset = dissect_nt_policy_hnd(
tvb, offset, pinfo, tree, drep,
hf_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ntstatus(
tvb, offset, pinfo, tree, drep, hf_rc, NULL);
return offset;
}
/*
* QueryInfoKey
*/
static int
RegQueryInfoKey_q(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
/* Parse packet */
offset = dissect_nt_policy_hnd(
tvb, offset, pinfo, tree, drep,
hf_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_counted_string(
tvb, offset, pinfo, tree, drep, hf_querykey_class, 0);
return offset;
}
static int
RegQueryInfoKey_r(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
/* Parse packet */
offset = dissect_ndr_counted_string(
tvb, offset, pinfo, tree, drep, hf_querykey_class, 0);
offset = dissect_ndr_uint32(
tvb, offset, pinfo, tree, drep,
hf_querykey_num_subkeys, NULL);
offset = dissect_ndr_uint32(
tvb, offset, pinfo, tree, drep,
hf_querykey_max_subkey_len, NULL);
offset = dissect_ndr_uint32(
tvb, offset, pinfo, tree, drep,
hf_querykey_reserved, NULL);
offset = dissect_ndr_uint32(
tvb, offset, pinfo, tree, drep,
hf_querykey_num_values, NULL);
offset = dissect_ndr_uint32(
tvb, offset, pinfo, tree, drep,
hf_querykey_max_valname_len, NULL);
offset = dissect_ndr_uint32(
tvb, offset, pinfo, tree, drep,
hf_querykey_max_valbuf_size, NULL);
offset = dissect_ndr_uint32(
tvb, offset, pinfo, tree, drep,
hf_querykey_secdesc, NULL);
offset = dissect_ndr_nt_NTTIME(
tvb, offset, pinfo, tree, drep, hf_querykey_modtime);
offset = dissect_ntstatus(
tvb, offset, pinfo, tree, drep, hf_rc, NULL);
return offset;
}
/*
* OpenKey
*/
static int
RegOpenKey_q(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
/* Parse packet */
offset = dissect_nt_policy_hnd(
tvb, offset, pinfo, tree, drep,
hf_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_counted_string(
tvb, offset, pinfo, tree, drep, hf_querykey_class, 0);
offset = dissect_ndr_uint32(
tvb, offset, pinfo, tree, drep,
hf_openkey_unknown1, NULL);
offset = dissect_ndr_uint32(
tvb, offset, pinfo, tree, drep,
hf_access_mask, NULL);
return offset;
}
static int
RegOpenKey_r(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
e_ctx_hnd policy_hnd;
proto_item *hnd_item;
guint32 status;
/* Parse packet */
offset = dissect_nt_policy_hnd(
tvb, offset, pinfo, tree, drep,
hf_hnd, &policy_hnd, &hnd_item, TRUE, FALSE);
offset = dissect_ntstatus(
tvb, offset, pinfo, tree, drep, hf_rc, &status);
if (status == 0) {
dcerpc_smb_store_pol_name(&policy_hnd, pinfo,
"OpenKey handle");
if (hnd_item != NULL)
proto_item_append_text(hnd_item, ": OpenKey handle");
}
return offset;
}
/*
* GetVersion
*/
static int
RegGetVersion_q(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
/* Parse packet */
offset = dissect_nt_policy_hnd(
tvb, offset, pinfo, tree, drep,
hf_hnd, NULL, NULL, FALSE, FALSE);
return offset;
}
static int
RegGetVersion_r(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
/* Parse packet */
offset = dissect_ndr_uint32(
tvb, offset, pinfo, tree, drep,
hf_getversion_version, NULL);
offset = dissect_ntstatus(
tvb, offset, pinfo, tree, drep, hf_rc, NULL);
return offset;
}
/*
* EnumKey
*/
static int
RegEnumKey_q(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
/* Parse packet */
offset = dissect_nt_policy_hnd(
tvb, offset, pinfo, tree, drep,
hf_hnd, NULL, NULL, FALSE, FALSE);
return offset;
}
static int
RegEnumKey_r(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
/* Parse packet */
offset = dissect_ntstatus(
tvb, offset, pinfo, tree, drep, hf_rc, NULL);
return offset;
}
/*
* RegQueryValue
*/
static int
dissect_reserved(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_uint32(
tvb, offset, pinfo, tree, drep, hf_reserved, NULL);
return offset;
}
static int
dissect_offered(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_uint32(
tvb, offset, pinfo, tree, drep, hf_offered, NULL);
return offset;
}
static int
dissect_returned(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_uint32(
tvb, offset, pinfo, tree, drep, hf_returned, NULL);
return offset;
}
static int
dissect_unknown(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_uint32(
tvb, offset, pinfo, tree, drep, hf_unknown, NULL);
return offset;
}
static int
RegQueryValue_q(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
/* Parse packet */
offset = dissect_nt_policy_hnd(
tvb, offset, pinfo, tree, drep,
hf_hnd, NULL, NULL, FALSE, FALSE);
offset = dissect_ndr_counted_string(
tvb, offset, pinfo, tree, drep, hf_querykey_class, 0);
offset = dissect_ndr_pointer(
tvb, offset, pinfo, tree, drep,
dissect_reserved, NDR_POINTER_UNIQUE,
"Reserved", -1);
offset = dissect_ndr_pointer(
tvb, offset, pinfo, tree, drep,
dissect_offered, NDR_POINTER_UNIQUE,
"Offered", -1);
offset = dissect_ndr_pointer(
tvb, offset, pinfo, tree, drep,
dissect_unknown, NDR_POINTER_UNIQUE,
"Unknown", -1);
offset = dissect_ndr_pointer(
tvb, offset, pinfo, tree, drep,
dissect_unknown, NDR_POINTER_UNIQUE,
"Unknown", -1);
offset = dissect_ndr_pointer(
tvb, offset, pinfo, tree, drep,
dissect_offered, NDR_POINTER_UNIQUE,
"Offered", -1);
offset = dissect_ndr_pointer(
tvb, offset, pinfo, tree, drep,
dissect_returned, NDR_POINTER_UNIQUE,
"Returned", -1);
return offset;
}
static int
dissect_key_type(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_uint32(
tvb, offset, pinfo, tree, drep, hf_keytype, NULL);
return offset;
}
static int
RegQueryValue_r(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
/* Parse packet */
offset = dissect_ndr_pointer(
tvb, offset, pinfo, tree, drep,
dissect_key_type, NDR_POINTER_UNIQUE,
"Key Type", -1);
offset = dissect_ndr_pointer(
tvb, offset, pinfo, tree, drep,
dissect_ndr_byte_array, NDR_POINTER_UNIQUE,
"Key Data", -1);
offset = dissect_ndr_pointer(
tvb, offset, pinfo, tree, drep,
dissect_offered, NDR_POINTER_UNIQUE,
"Offered", -1);
offset = dissect_ndr_pointer(
tvb, offset, pinfo, tree, drep,
dissect_returned, NDR_POINTER_UNIQUE,
"Returned", -1);
offset = dissect_ntstatus(
tvb, offset, pinfo, tree, drep, hf_rc, NULL);
return offset;
}
/* Reg Shutdown functions */
static int
dissect_shutdown_server(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_uint16(
tvb, offset, pinfo, tree, drep, hf_shutdown_server, NULL);
return offset;
}
static int
dissect_shutdown_message(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_counted_string(
tvb, offset, pinfo, tree, drep, hf_shutdown_message, 0);
return offset;
}
static int
RegShutdown_q(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(
tvb, offset, pinfo, tree, drep,
dissect_shutdown_server, NDR_POINTER_UNIQUE,
"Server", -1);
offset = dissect_ndr_pointer(
tvb, offset, pinfo, tree, drep,
dissect_shutdown_message, NDR_POINTER_UNIQUE,
"message", -1);
offset = dissect_ndr_uint32(
tvb, offset, pinfo, tree, drep, hf_shutdown_seconds, NULL);
offset = dissect_ndr_uint8(
tvb, offset, pinfo, tree, drep, hf_shutdown_force, NULL);
offset = dissect_ndr_uint8(
tvb, offset, pinfo, tree, drep, hf_shutdown_reboot, NULL);
return offset;
}
static int
RegShutdown_r(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
offset = dissect_ntstatus(
tvb, offset, pinfo, tree, drep, hf_rc, NULL);
return offset;
}
static int
RegAbortShutdown_q(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_pointer(
tvb, offset, pinfo, tree, drep,
dissect_shutdown_server, NDR_POINTER_UNIQUE,
"Server", -1);
return offset;
}
static int
RegShutdownEx_q(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
offset = RegShutdown_q(tvb, offset, pinfo, tree, drep);
offset = dissect_ndr_uint32(
tvb, offset, pinfo, tree, drep, hf_shutdown_reason, NULL);
return offset;
}
#if 0
/* Templates for new subdissectors */
/*
* FOO
*/
static int
RegFoo_q(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
/* Parse packet */
return offset;
}
static int
RegFoo_r(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, guint8 *drep)
{
dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
/* Parse packet */
offset = dissect_ntstatus(
tvb, offset, pinfo, tree, drep, hf_rc, NULL);
return offset;
}
#endif
/* Registry data types */
const value_string reg_datatypes[] = {
{ DCERPC_REG_NONE, "REG_NONE" },
{ DCERPC_REG_SZ, "REG_SZ" },
{ DCERPC_REG_EXPAND_SZ, "REG_EXPAND_SZ" },
{ DCERPC_REG_BINARY, "REG_BINARY" },
{ DCERPC_REG_DWORD, "REG_DWORD" },
{ DCERPC_REG_DWORD_LE, "REG_DWORD_LE" },
{ DCERPC_REG_DWORD_BE, "REG_DWORD_BE" },
{ DCERPC_REG_LINK, "REG_LINK" },
{ DCERPC_REG_MULTI_SZ, "REG_MULTI_SZ" },
{ DCERPC_REG_RESOURCE_LIST, "REG_RESOURCE_LIST" },
{ DCERPC_REG_FULL_RESOURCE_DESCRIPTOR, "REG_FULL_RESOURCE_DESCRIPTOR" },
{ DCERPC_REG_RESOURCE_REQUIREMENTS_LIST, "REG_RESOURCE_REQUIREMENTS_LIST" },
{0, NULL }
};
static int proto_dcerpc_reg = -1;
static int hf_reg_opnum = -1;
static gint ett_dcerpc_reg = -1;
static e_uuid_t uuid_dcerpc_reg = {
0x338cd001, 0x2244, 0x31f1,
{ 0xaa, 0xaa, 0x90, 0x00, 0x38, 0x00, 0x10, 0x03 }
};
static guint16 ver_dcerpc_reg = 1;
static dcerpc_sub_dissector dcerpc_reg_dissectors[] = {
{ REG_OPEN_HKCR, "OpenHKCR", RegOpenHKCR_q, RegOpenHKCR_r },
{ REG_OPEN_HKCU, "OpenHKCU", NULL, NULL },
{ REG_OPEN_HKLM, "OpenHKLM", RegOpenHKLM_q, RegOpenHKLM_r },
{ REG_OPEN_HKPD, "OpenHKPD", NULL, NULL },
{ REG_OPEN_HKU, "OpenHKU", RegOpenHKU_q, RegOpenHKU_r },
{ REG_CLOSE_KEY, "CloseKey", RegCloseKey_q, RegCloseKey_r },
{ REG_CREATE_KEY, "CreateKey", NULL, NULL },
{ REG_DELETE_KEY, "DeleteKey", NULL, NULL },
{ REG_DELETE_VALUE, "DeleteValue", NULL, NULL },
{ REG_ENUM_KEY, "EnumKey", RegEnumKey_q, RegEnumKey_r },
{ REG_ENUM_VALUE, "EnumValue", NULL, NULL },
{ REG_FLUSH_KEY, "FlushKey", NULL, NULL },
{ REG_GET_KEY_SEC, "GetKeySecurity", NULL, NULL },
{ REG_LOAD_KEY, "LoadKey", NULL, NULL },
{ REG_NOTIFY_CHANGE_KEY_VALUE, "NotifyChangeKeyValue", NULL, NULL },
{ REG_OPEN_KEY, "OpenKey", RegOpenKey_q, RegOpenKey_r },
{ REG_QUERY_INFO_KEY, "QueryInfoKey", RegQueryInfoKey_q, RegQueryInfoKey_r },
{ REG_QUERY_VALUE, "QueryValue", RegQueryValue_q, RegQueryValue_r },
{ REG_REPLACE_KEY, "ReplaceKey", NULL, NULL },
{ REG_RESTORE_KEY, "RestoreKey", NULL, NULL },
{ REG_SAVE_KEY, "SaveKey", NULL, NULL },
{ REG_SET_KEY_SEC, "SetKeySecurity", NULL, NULL },
{ REG_SET_VALUE, "SetValue", NULL, NULL },
{ REG_UNLOAD_KEY, "UnLoadKey", NULL, NULL },
{ REG_INITIATE_SYSTEM_SHUTDOWN, "InitiateSystemShutdown",
RegShutdown_q, RegShutdown_r },
{ REG_ABORT_SYSTEM_SHUTDOWN, "AbortSystemShutdown",
RegAbortShutdown_q, RegShutdown_r },
{ REG_GET_VERSION, "GetVersion", RegGetVersion_q, RegGetVersion_r },
{ REG_OPEN_HKCC, "OpenHKCC", NULL, NULL },
{ REG_OPEN_HKDD, "OpenHKDD", NULL, NULL },
{ REG_QUERY_MULTIPLE_VALUES, "QueryMultipleValues", NULL, NULL },
{ REG_INITIATE_SYSTEM_SHUTDOWN_EX, "InitiateSystemShutdownEx",
RegShutdownEx_q, RegShutdown_r },
{ REG_SAVE_KEY_EX, "SaveKeyEx", NULL, NULL },
{ REG_OPEN_HKPT, "OpenHKPT", NULL, NULL },
{ REG_OPEN_HKPN, "OpenHKPN", NULL, NULL },
{ REG_QUERY_MULTIPLE_VALUES_2, "QueryMultipleValues2", NULL, NULL },
{ 0, NULL, NULL, NULL }
};
void
proto_register_dcerpc_reg(void)
{
static hf_register_info hf[] = {
/* Global indexes */
{ &hf_hnd,
{ "Context handle", "reg.hnd", FT_BYTES, BASE_NONE,
NULL, 0x0, "REG policy handle", HFILL }},
{ &hf_rc,
{ "Return code", "reg.rc", FT_UINT32, BASE_HEX,
VALS(NT_errors), 0x0, "REG return code", HFILL }},
{ &hf_reg_opnum,
{ "Operation", "reg.opnum", FT_UINT16, BASE_DEC,
NULL, 0x0, "Operation", HFILL }},
{ &hf_access_mask,
{ "Access mask", "reg.access_mask", FT_UINT32, BASE_HEX,
NULL, 0x0, "Access mask", HFILL }},
{ &hf_keytype,
{ "Key type", "reg.type", FT_UINT32, BASE_DEC,
VALS(reg_datatypes), 0x0, "Key type", HFILL }},
{ &hf_keydata,
{ "Key data", "reg.data", FT_BYTES, BASE_HEX,
NULL, 0x0, "Key data", HFILL }},
{ &hf_offered,
{ "Offered", "reg.offered", FT_UINT32, BASE_DEC,
NULL, 0x0, "Offered", HFILL }},
{ &hf_returned,
{ "Returned", "reg.returned", FT_UINT32, BASE_DEC,
NULL, 0x0, "Returned", HFILL }},
{ &hf_reserved,
{ "Reserved", "reg.reserved", FT_UINT32, BASE_HEX,
NULL, 0x0, "Reserved", HFILL }},
{ &hf_unknown,
{ "Unknown", "reg.unknown", FT_UINT32, BASE_HEX,
NULL, 0x0, "Unknown", HFILL }},
/* OpenHKLM */
{ &hf_openhklm_unknown1,
{ "Unknown 1", "reg.openhklm.unknown1", FT_UINT16, BASE_HEX,
NULL, 0x0, "Unknown 1", HFILL }},
{ &hf_openhklm_unknown2,
{ "Unknown 2", "reg.openhklm.unknown2", FT_UINT16, BASE_HEX,
NULL, 0x0, "Unknown 2", HFILL }},
/* QueryClass */
{ &hf_querykey_class,
{ "Class", "reg.querykey.class", FT_STRING, BASE_NONE,
NULL, 0, "Class", HFILL }},
{ &hf_querykey_num_subkeys,
{ "Num subkeys", "reg.querykey.num_subkeys", FT_UINT32, BASE_DEC,
NULL, 0x0, "Num subkeys", HFILL }},
{ &hf_querykey_max_subkey_len,
{ "Max subkey len", "reg.querykey.max_subkey_len", FT_UINT32, BASE_DEC,
NULL, 0x0, "Max subkey len", HFILL }},
{ &hf_querykey_reserved,
{ "Reserved", "reg.querykey.reserved", FT_UINT32, BASE_DEC,
NULL, 0x0, "Reserved", HFILL }},
{ &hf_querykey_num_values,
{ "Num values", "reg.querykey.num_values", FT_UINT32, BASE_DEC,
NULL, 0x0, "Num values", HFILL }},
{ &hf_querykey_max_valname_len,
{ "Max valnum len", "reg.querykey.max_valname_len", FT_UINT32, BASE_DEC,
NULL, 0x0, "Max valname len", HFILL }},
{ &hf_querykey_max_valbuf_size,
{ "Max valbuf size", "reg.querykey.max_valbuf_size", FT_UINT32, BASE_DEC,
NULL, 0x0, "Max valbuf size", HFILL }},
{ &hf_querykey_secdesc,
{ "Secdesc", "reg.querykey.secdesc", FT_UINT32, BASE_DEC,
NULL, 0x0, "Secdesc", HFILL }},
{ &hf_querykey_modtime,
{ "Mod time", "reg.querykey.modtime", FT_ABSOLUTE_TIME, BASE_NONE,
NULL, 0x0, "Secdesc", HFILL }},
/* OpenKey */
{ &hf_keyname,
{ "Key name", "reg.keyname", FT_STRING, BASE_NONE,
NULL, 0x0, "Keyname", HFILL }},
{ &hf_openkey_unknown1,
{ "Unknown 1", "reg.openkey.unknown1", FT_UINT32, BASE_HEX,
NULL, 0x0, "Unknown 1", HFILL }},
/* GetVersion */
{ &hf_getversion_version,
{ "Version", "reg.getversion.version", FT_UINT32, BASE_HEX,
NULL, 0x0, "Version", HFILL }},
/* Shutdown */
{ &hf_shutdown_message,
{ "Message", "reg.shutdown.message", FT_STRING, BASE_NONE,
NULL, 0x0, "Message", HFILL }},
{ &hf_shutdown_seconds,
{ "Seconds", "reg.shutdown.seconds", FT_UINT32, BASE_DEC,
NULL, 0x00, "Seconds", HFILL }},
{ &hf_shutdown_force,
{ "Force applications shut", "reg.shutdown.force", FT_UINT8,
BASE_DEC, NULL, 0x00, "Force applications shut", HFILL }},
{ &hf_shutdown_reboot,
{ "Reboot", "reg.shutdown.reboot", FT_UINT8, BASE_DEC,
NULL, 0x00, "Reboot", HFILL }},
{ &hf_shutdown_server,
{ "Server", "reg.shutdown.server", FT_UINT16, BASE_HEX,
NULL, 0x00, "Server", HFILL }},
{ &hf_shutdown_reason,
{ "Reason", "reg.shutdown.reason", FT_UINT32, BASE_HEX,
NULL, 0x00, "Reason", HFILL }}
};
static gint *ett[] = {
&ett_dcerpc_reg
};
proto_dcerpc_reg = proto_register_protocol(
"Microsoft Registry", "WINREG", "winreg");
proto_register_field_array(proto_dcerpc_reg, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
}
void
proto_reg_handoff_dcerpc_reg(void)
{
/* Register protocol as dcerpc */
dcerpc_init_uuid(proto_dcerpc_reg, ett_dcerpc_reg, &uuid_dcerpc_reg,
ver_dcerpc_reg, dcerpc_reg_dissectors, hf_reg_opnum);
}

84
epan/dissectors/packet-dcerpc-reg.h
View File

@ -1,84 +0,0 @@
/* packet-dcerpc-reg.h
* Routines for SMB \PIPE\winreg packet disassembly
* Copyright 2001, Tim Potter <tpot@samba.org>
*
* $Id$
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef __PACKET_DCERPC_REG_H
#define __PACKET_DCERPC_REG_H
/* Functions available on the WINREG pipe. From Samba, include/rpc_reg.h */
#define REG_OPEN_HKCR 0x00
#define REG_OPEN_HKCU 0x01
#define REG_OPEN_HKLM 0x02
#define REG_OPEN_HKPD 0x03
#define REG_OPEN_HKU 0x04
#define REG_CLOSE_KEY 0x05
#define REG_CREATE_KEY 0x06
#define REG_DELETE_KEY 0x07
#define REG_DELETE_VALUE 0x08
#define REG_ENUM_KEY 0x09
#define REG_ENUM_VALUE 0x0a
#define REG_FLUSH_KEY 0x0b
#define REG_GET_KEY_SEC 0x0c
#define REG_LOAD_KEY 0x0d
#define REG_NOTIFY_CHANGE_KEY_VALUE 0x0e
#define REG_OPEN_KEY 0x0f
#define REG_QUERY_INFO_KEY 0x10
#define REG_QUERY_VALUE 0x11
#define REG_REPLACE_KEY 0x12
#define REG_RESTORE_KEY 0x13
#define REG_SAVE_KEY 0x14
#define REG_SET_KEY_SEC 0x15
#define REG_SET_VALUE 0x16
#define REG_UNLOAD_KEY 0x17
#define REG_INITIATE_SYSTEM_SHUTDOWN 0x18
#define REG_ABORT_SYSTEM_SHUTDOWN 0x19
#define REG_GET_VERSION 0x1a
#define REG_OPEN_HKCC 0x1b
#define REG_OPEN_HKDD 0x1c
#define REG_QUERY_MULTIPLE_VALUES 0x1d
#define REG_INITIATE_SYSTEM_SHUTDOWN_EX 0x1e
#define REG_SAVE_KEY_EX 0x1f
#define REG_OPEN_HKPT 0x20
#define REG_OPEN_HKPN 0x21
#define REG_QUERY_MULTIPLE_VALUES_2 0x22
/* Registry data types */
#define DCERPC_REG_NONE 0
#define DCERPC_REG_SZ 1
#define DCERPC_REG_EXPAND_SZ 2
#define DCERPC_REG_BINARY 3
#define DCERPC_REG_DWORD 4
#define DCERPC_REG_DWORD_LE 4 /* DWORD, little endian */
#define DCERPC_REG_DWORD_BE 5 /* DWORD, big endian */
#define DCERPC_REG_LINK 6
#define DCERPC_REG_MULTI_SZ 7
#define DCERPC_REG_RESOURCE_LIST 8
#define DCERPC_REG_FULL_RESOURCE_DESCRIPTOR 9
#define DCERPC_REG_RESOURCE_REQUIREMENTS_LIST 10
extern const value_string reg_datatypes[];
#endif /* packet-dcerpc-reg.h */

32
epan/dissectors/packet-dcerpc-spoolss.c
View File

@ -40,7 +40,6 @@
#include "packet-dcerpc.h"
#include "packet-dcerpc-nt.h"
#include "packet-dcerpc-spoolss.h"
#include "packet-dcerpc-reg.h"
#include "packet-windows-common.h"
/* GetPrinterDriver2 */
@ -300,6 +299,37 @@ static int hf_rrpcn_unk1 = -1;
static int hf_replyopenprinter_unk0 = -1;
static int hf_replyopenprinter_unk1 = -1;
/* Registry data types */
#define DCERPC_REG_NONE 0
#define DCERPC_REG_SZ 1
#define DCERPC_REG_EXPAND_SZ 2
#define DCERPC_REG_BINARY 3
#define DCERPC_REG_DWORD 4
#define DCERPC_REG_DWORD_LE 4 /* DWORD, little endian
*/
#define DCERPC_REG_DWORD_BE 5 /* DWORD, big endian */
#define DCERPC_REG_LINK 6
#define DCERPC_REG_MULTI_SZ 7
#define DCERPC_REG_RESOURCE_LIST 8
#define DCERPC_REG_FULL_RESOURCE_DESCRIPTOR 9
#define DCERPC_REG_RESOURCE_REQUIREMENTS_LIST 10
const value_string reg_datatypes[] = {
{ DCERPC_REG_NONE, "REG_NONE" },
{ DCERPC_REG_SZ, "REG_SZ" },
{ DCERPC_REG_EXPAND_SZ, "REG_EXPAND_SZ" },
{ DCERPC_REG_BINARY, "REG_BINARY" },
{ DCERPC_REG_DWORD, "REG_DWORD" },
{ DCERPC_REG_DWORD_LE, "REG_DWORD_LE" },
{ DCERPC_REG_DWORD_BE, "REG_DWORD_BE" },
{ DCERPC_REG_LINK, "REG_LINK" },
{ DCERPC_REG_MULTI_SZ, "REG_MULTI_SZ" },
{ DCERPC_REG_RESOURCE_LIST, "REG_RESOURCE_LIST" },
{ DCERPC_REG_FULL_RESOURCE_DESCRIPTOR, "REG_FULL_RESOURCE_DESCRIPTOR" }, { DCERPC_REG_RESOURCE_REQUIREMENTS_LIST, "REG_RESOURCE_REQUIREMENTS_LIST" },
{0, NULL }
};
/****************************************************************************/
/*

0
epan/dissectors/pidl/README Normal file
View File

47
epan/dissectors/pidl/initshutdown.idl Normal file
View File

@ -0,0 +1,47 @@
#include "idl_types.h"
/*
initshutdown interface definition
*/
[
uuid("894de0c0-0d55-11d3-a322-00c04fa321a1"),
version(1.0),
endpoint("ncacn_np:[\\pipe\\InitShutdown]"),
pointer_default(unique),
pointer_default_top(unique),
helpstring("Init shutdown service")
] interface initshutdown
{
typedef struct {
[value(strlen_m_term(name))] uint32 name_size;
[flag(STR_LEN4|STR_NOTERM)] string name;
} initshutdown_String_sub;
typedef [public] struct {
[value(strlen_m(r->name->name)*2)] uint16 name_len;
[value(strlen_m_term(r->name->name)*2)] uint16 name_size;
initshutdown_String_sub *name;
} initshutdown_String;
WERROR initshutdown_Init(
[in] uint16 *hostname,
[in] initshutdown_String *message,
[in] uint32 timeout,
[in] uint8 force_apps,
[in] uint8 reboot
);
WERROR initshutdown_Abort(
[in] uint16 *server
);
WERROR initshutdown_InitEx(
[in] uint16 *hostname,
[in] initshutdown_String *message,
[in] uint32 timeout,
[in] uint8 force_apps,
[in] uint8 reboot,
[in] uint32 reason
);
}

489
epan/dissectors/pidl/packet-dcerpc-initshutdown.c Normal file
View File

@ -0,0 +1,489 @@
/* DO NOT EDIT
This filter was automatically generated
from librpc/idl/initshutdown.idl and librpc/idl/initshutdown.cnf.
Pidl is a perl based IDL compiler for DCE/RPC idl files.
It is maintained by the Samba team, not the Ethereal team.
Instructions on how to download and install Pidl can be
found at http://wiki.ethereal.com/Pidl
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <glib.h>
#include <string.h>
#include <epan/packet.h>
#include "packet-dcerpc.h"
#include "packet-dcerpc-nt.h"
#include "packet-windows-common.h"
#include "packet-dcerpc-initshutdown.h"
/* Ett declarations */
static gint ett_dcerpc_initshutdown = -1;
static gint ett_initshutdown_initshutdown_String_sub = -1;
static gint ett_initshutdown_initshutdown_String = -1;
/* Header field declarations */
static gint hf_initshutdown_initshutdown_String_name_len = -1;
static gint hf_initshutdown_opnum = -1;
static gint hf_initshutdown_initshutdown_Init_hostname = -1;
static gint hf_initshutdown_initshutdown_String_sub_name = -1;
static gint hf_initshutdown_initshutdown_String_sub_name_size = -1;
static gint hf_initshutdown_initshutdown_InitEx_reason = -1;
static gint hf_initshutdown_initshutdown_InitEx_force_apps = -1;
static gint hf_initshutdown_initshutdown_InitEx_timeout = -1;
static gint hf_initshutdown_initshutdown_Init_timeout = -1;
static gint hf_initshutdown_initshutdown_String_name_size = -1;
static gint hf_initshutdown_initshutdown_Init_force_apps = -1;
static gint hf_initshutdown_initshutdown_InitEx_hostname = -1;
static gint hf_initshutdown_initshutdown_Init_reboot = -1;
static gint hf_initshutdown_initshutdown_InitEx_reboot = -1;
static gint hf_initshutdown_initshutdown_Init_message = -1;
static gint hf_initshutdown_werror = -1;
static gint hf_initshutdown_initshutdown_InitEx_message = -1;
static gint hf_initshutdown_initshutdown_Abort_server = -1;
static gint hf_initshutdown_initshutdown_String_name = -1;
static gint proto_dcerpc_initshutdown = -1;
/* Version information */
static e_uuid_t uuid_dcerpc_initshutdown = {
0x894de0c0, 0x0d55, 0x11d3,
{ 0xa3, 0x22, 0x00, 0xc0, 0x4f, 0xa3, 0x21, 0xa1 }
};
static guint16 ver_dcerpc_initshutdown = 1;
static int initshutdown_dissect_element_String_sub_name_size(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int initshutdown_dissect_element_String_sub_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int initshutdown_dissect_element_String_name_len(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int initshutdown_dissect_element_String_name_size(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int initshutdown_dissect_element_String_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int initshutdown_dissect_element_String_name_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int initshutdown_dissect_element_Init_hostname(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int initshutdown_dissect_element_Init_hostname_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int initshutdown_dissect_element_Init_message(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int initshutdown_dissect_element_Init_message_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int initshutdown_dissect_element_Init_timeout(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int initshutdown_dissect_element_Init_force_apps(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int initshutdown_dissect_element_Init_reboot(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int initshutdown_dissect_element_Abort_server(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int initshutdown_dissect_element_Abort_server_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int initshutdown_dissect_element_InitEx_hostname(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int initshutdown_dissect_element_InitEx_hostname_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int initshutdown_dissect_element_InitEx_message(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int initshutdown_dissect_element_InitEx_message_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int initshutdown_dissect_element_InitEx_timeout(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int initshutdown_dissect_element_InitEx_force_apps(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int initshutdown_dissect_element_InitEx_reboot(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int initshutdown_dissect_element_InitEx_reason(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
/* IDL: typedef struct { */
/* IDL: [value(strlen_m_term(name))] uint32 name_size; */
/* IDL: [flag(LIBNDR_FLAG_STR_LEN4|LIBNDR_FLAG_STR_NOTERM)] string name; */
/* IDL: } initshutdown_String_sub; */
static int
initshutdown_dissect_element_String_sub_name_size(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_initshutdown_initshutdown_String_sub_name_size,NULL);
return offset;
}
static int
initshutdown_dissect_element_String_sub_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
return offset;
}
int
initshutdown_dissect_struct_String_sub(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_)
{
proto_item *item = NULL;
proto_tree *tree = NULL;
int old_offset;
ALIGN_TO_4_BYTES;
old_offset = offset;
if(parent_tree){
item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE);
tree = proto_item_add_subtree(item, ett_initshutdown_initshutdown_String_sub);
}
offset = initshutdown_dissect_element_String_sub_name_size(tvb, offset, pinfo, tree, drep);
offset = initshutdown_dissect_element_String_sub_name(tvb, offset, pinfo, tree, drep);
proto_item_set_len(item, offset-old_offset);
return offset;
}
/* IDL: typedef struct { */
/* IDL: [value(strlen_m(r->name->name)*2)] uint16 name_len; */
/* IDL: [value(strlen_m_term(r->name->name)*2)] uint16 name_size; */
/* IDL: [unique(1)] initshutdown_String_sub *name; */
/* IDL: } initshutdown_String; */
static int
initshutdown_dissect_element_String_name_len(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep, hf_initshutdown_initshutdown_String_name_len,NULL);
return offset;
}
static int
initshutdown_dissect_element_String_name_size(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep, hf_initshutdown_initshutdown_String_name_size,NULL);
return offset;
}
static int
initshutdown_dissect_element_String_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, drep, initshutdown_dissect_element_String_name_, NDR_POINTER_UNIQUE, "Pointer to Name (initshutdown_String_sub)",hf_initshutdown_initshutdown_String_name);
return offset;
}
static int
initshutdown_dissect_element_String_name_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = initshutdown_dissect_struct_String_sub(tvb,offset,pinfo,tree,drep,hf_initshutdown_initshutdown_String_name,0);
return offset;
}
int
initshutdown_dissect_struct_String(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_)
{
proto_item *item = NULL;
proto_tree *tree = NULL;
int old_offset;
ALIGN_TO_4_BYTES;
old_offset = offset;
if(parent_tree){
item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE);
tree = proto_item_add_subtree(item, ett_initshutdown_initshutdown_String);
}
offset = initshutdown_dissect_element_String_name_len(tvb, offset, pinfo, tree, drep);
offset = initshutdown_dissect_element_String_name_size(tvb, offset, pinfo, tree, drep);
offset = initshutdown_dissect_element_String_name(tvb, offset, pinfo, tree, drep);
proto_item_set_len(item, offset-old_offset);
return offset;
}
static int
initshutdown_dissect_element_Init_hostname(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, initshutdown_dissect_element_Init_hostname_, NDR_POINTER_UNIQUE, "Pointer to Hostname (uint16)",hf_initshutdown_initshutdown_Init_hostname);
return offset;
}
static int
initshutdown_dissect_element_Init_hostname_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep, hf_initshutdown_initshutdown_Init_hostname,NULL);
return offset;
}
static int
initshutdown_dissect_element_Init_message(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, initshutdown_dissect_element_Init_message_, NDR_POINTER_UNIQUE, "Pointer to Message (initshutdown_String)",hf_initshutdown_initshutdown_Init_message);
return offset;
}
static int
initshutdown_dissect_element_Init_message_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = initshutdown_dissect_struct_String(tvb,offset,pinfo,tree,drep,hf_initshutdown_initshutdown_Init_message,0);
return offset;
}
static int
initshutdown_dissect_element_Init_timeout(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_initshutdown_initshutdown_Init_timeout,NULL);
return offset;
}
static int
initshutdown_dissect_element_Init_force_apps(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep, hf_initshutdown_initshutdown_Init_force_apps,NULL);
return offset;
}
static int
initshutdown_dissect_element_Init_reboot(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep, hf_initshutdown_initshutdown_Init_reboot,NULL);
return offset;
}
/* IDL: WERROR initshutdown_Init( */
/* IDL: [unique(1)] [in] uint16 *hostname, */
/* IDL: [unique(1)] [in] initshutdown_String *message, */
/* IDL: [in] uint32 timeout, */
/* IDL: [in] uint8 force_apps, */
/* IDL: [in] uint8 reboot */
/* IDL: ); */
static int
initshutdown_dissect_Init_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
{
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_initshutdown_werror, NULL);
return offset;
}
static int
initshutdown_dissect_Init_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
{
offset = initshutdown_dissect_element_Init_hostname(tvb, offset, pinfo, tree, drep);
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
offset = initshutdown_dissect_element_Init_message(tvb, offset, pinfo, tree, drep);
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
offset = initshutdown_dissect_element_Init_timeout(tvb, offset, pinfo, tree, drep);
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
offset = initshutdown_dissect_element_Init_force_apps(tvb, offset, pinfo, tree, drep);
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
offset = initshutdown_dissect_element_Init_reboot(tvb, offset, pinfo, tree, drep);
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
return offset;
}
static int
initshutdown_dissect_element_Abort_server(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, initshutdown_dissect_element_Abort_server_, NDR_POINTER_UNIQUE, "Pointer to Server (uint16)",hf_initshutdown_initshutdown_Abort_server);
return offset;
}
static int
initshutdown_dissect_element_Abort_server_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep, hf_initshutdown_initshutdown_Abort_server,NULL);
return offset;
}
/* IDL: WERROR initshutdown_Abort( */
/* IDL: [unique(1)] [in] uint16 *server */
/* IDL: ); */
static int
initshutdown_dissect_Abort_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
{
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_initshutdown_werror, NULL);
return offset;
}
static int
initshutdown_dissect_Abort_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
{
offset = initshutdown_dissect_element_Abort_server(tvb, offset, pinfo, tree, drep);
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
return offset;
}
static int
initshutdown_dissect_element_InitEx_hostname(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, initshutdown_dissect_element_InitEx_hostname_, NDR_POINTER_UNIQUE, "Pointer to Hostname (uint16)",hf_initshutdown_initshutdown_InitEx_hostname);
return offset;
}
static int
initshutdown_dissect_element_InitEx_hostname_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep, hf_initshutdown_initshutdown_InitEx_hostname,NULL);
return offset;
}
static int
initshutdown_dissect_element_InitEx_message(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, initshutdown_dissect_element_InitEx_message_, NDR_POINTER_UNIQUE, "Pointer to Message (initshutdown_String)",hf_initshutdown_initshutdown_InitEx_message);
return offset;
}
static int
initshutdown_dissect_element_InitEx_message_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = initshutdown_dissect_struct_String(tvb,offset,pinfo,tree,drep,hf_initshutdown_initshutdown_InitEx_message,0);
return offset;
}
static int
initshutdown_dissect_element_InitEx_timeout(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_initshutdown_initshutdown_InitEx_timeout,NULL);
return offset;
}
static int
initshutdown_dissect_element_InitEx_force_apps(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep, hf_initshutdown_initshutdown_InitEx_force_apps,NULL);
return offset;
}
static int
initshutdown_dissect_element_InitEx_reboot(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep, hf_initshutdown_initshutdown_InitEx_reboot,NULL);
return offset;
}
static int
initshutdown_dissect_element_InitEx_reason(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_initshutdown_initshutdown_InitEx_reason,NULL);
return offset;
}
/* IDL: WERROR initshutdown_InitEx( */
/* IDL: [unique(1)] [in] uint16 *hostname, */
/* IDL: [unique(1)] [in] initshutdown_String *message, */
/* IDL: [in] uint32 timeout, */
/* IDL: [in] uint8 force_apps, */
/* IDL: [in] uint8 reboot, */
/* IDL: [in] uint32 reason */
/* IDL: ); */
static int
initshutdown_dissect_InitEx_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
{
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_initshutdown_werror, NULL);
return offset;
}
static int
initshutdown_dissect_InitEx_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
{
offset = initshutdown_dissect_element_InitEx_hostname(tvb, offset, pinfo, tree, drep);
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
offset = initshutdown_dissect_element_InitEx_message(tvb, offset, pinfo, tree, drep);
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
offset = initshutdown_dissect_element_InitEx_timeout(tvb, offset, pinfo, tree, drep);
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
offset = initshutdown_dissect_element_InitEx_force_apps(tvb, offset, pinfo, tree, drep);
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
offset = initshutdown_dissect_element_InitEx_reboot(tvb, offset, pinfo, tree, drep);
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
offset = initshutdown_dissect_element_InitEx_reason(tvb, offset, pinfo, tree, drep);
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
return offset;
}
static dcerpc_sub_dissector initshutdown_dissectors[] = {
{ 0, "Init",
initshutdown_dissect_Init_request, initshutdown_dissect_Init_response},
{ 1, "Abort",
initshutdown_dissect_Abort_request, initshutdown_dissect_Abort_response},
{ 2, "InitEx",
initshutdown_dissect_InitEx_request, initshutdown_dissect_InitEx_response},
{ 0, NULL, NULL, NULL }
};
void proto_register_dcerpc_initshutdown(void)
{
static hf_register_info hf[] = {
{ &hf_initshutdown_initshutdown_String_name_len,
{ "Name Len", "initshutdown.initshutdown_String.name_len", FT_UINT16, BASE_HEX, NULL, 0, "", HFILL }},
{ &hf_initshutdown_opnum,
{ "Operation", "initshutdown.opnum", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
{ &hf_initshutdown_initshutdown_Init_hostname,
{ "Hostname", "initshutdown.initshutdown_Init.hostname", FT_UINT16, BASE_HEX, NULL, 0, "", HFILL }},
{ &hf_initshutdown_initshutdown_String_sub_name,
{ "Name", "initshutdown.initshutdown_String_sub.name", FT_STRING, BASE_HEX, NULL, 0, "", HFILL }},
{ &hf_initshutdown_initshutdown_String_sub_name_size,
{ "Name Size", "initshutdown.initshutdown_String_sub.name_size", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }},
{ &hf_initshutdown_initshutdown_InitEx_reason,
{ "Reason", "initshutdown.initshutdown_InitEx.reason", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }},
{ &hf_initshutdown_initshutdown_InitEx_force_apps,
{ "Force Apps", "initshutdown.initshutdown_InitEx.force_apps", FT_UINT8, BASE_HEX, NULL, 0, "", HFILL }},
{ &hf_initshutdown_initshutdown_InitEx_timeout,
{ "Timeout", "initshutdown.initshutdown_InitEx.timeout", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }},
{ &hf_initshutdown_initshutdown_Init_timeout,
{ "Timeout", "initshutdown.initshutdown_Init.timeout", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }},
{ &hf_initshutdown_initshutdown_String_name_size,
{ "Name Size", "initshutdown.initshutdown_String.name_size", FT_UINT16, BASE_HEX, NULL, 0, "", HFILL }},
{ &hf_initshutdown_initshutdown_Init_force_apps,
{ "Force Apps", "initshutdown.initshutdown_Init.force_apps", FT_UINT8, BASE_HEX, NULL, 0, "", HFILL }},
{ &hf_initshutdown_initshutdown_InitEx_hostname,
{ "Hostname", "initshutdown.initshutdown_InitEx.hostname", FT_UINT16, BASE_HEX, NULL, 0, "", HFILL }},
{ &hf_initshutdown_initshutdown_Init_reboot,
{ "Reboot", "initshutdown.initshutdown_Init.reboot", FT_UINT8, BASE_HEX, NULL, 0, "", HFILL }},
{ &hf_initshutdown_initshutdown_InitEx_reboot,
{ "Reboot", "initshutdown.initshutdown_InitEx.reboot", FT_UINT8, BASE_HEX, NULL, 0, "", HFILL }},
{ &hf_initshutdown_initshutdown_Init_message,
{ "Message", "initshutdown.initshutdown_Init.message", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }},
{ &hf_initshutdown_werror,
{ "Windows Error", "initshutdown.werror", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }},
{ &hf_initshutdown_initshutdown_InitEx_message,
{ "Message", "initshutdown.initshutdown_InitEx.message", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }},
{ &hf_initshutdown_initshutdown_Abort_server,
{ "Server", "initshutdown.initshutdown_Abort.server", FT_UINT16, BASE_HEX, NULL, 0, "", HFILL }},
{ &hf_initshutdown_initshutdown_String_name,
{ "Name", "initshutdown.initshutdown_String.name", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }},
};
static gint *ett[] = {
&ett_dcerpc_initshutdown,
&ett_initshutdown_initshutdown_String_sub,
&ett_initshutdown_initshutdown_String,
};
proto_dcerpc_initshutdown = proto_register_protocol("Init shutdown service", "INITSHUTDOWN", "initshutdown");
proto_register_field_array(proto_dcerpc_initshutdown, hf, array_length (hf));
proto_register_subtree_array(ett, array_length(ett));
}
void proto_reg_handoff_dcerpc_initshutdown(void)
{
dcerpc_init_uuid(proto_dcerpc_initshutdown, ett_dcerpc_initshutdown,
&uuid_dcerpc_initshutdown, ver_dcerpc_initshutdown,
initshutdown_dissectors, hf_initshutdown_opnum);
}

19
epan/dissectors/pidl/packet-dcerpc-initshutdown.h Normal file
View File

@ -0,0 +1,19 @@
/* autogenerated by pidl */
/* DO NOT EDIT
This filter was automatically generated
from librpc/idl/initshutdown.idl and librpc/idl/initshutdown.cnf.
Pidl is a perl based IDL compiler for DCE/RPC idl files.
It is maintained by the Samba team, not the Ethereal team.
Instructions on how to download and install Pidl can be
found at http://wiki.ethereal.com/Pidl
*/
#ifndef __PACKET_DCERPC_INITSHUTDOWN_H
#define __PACKET_DCERPC_INITSHUTDOWN_H
int initshutdown_dissect_struct_String_sub(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_);
int initshutdown_dissect_struct_String(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_);
#endif /* __PACKET_DCERPC_INITSHUTDOWN_H */

3588
epan/dissectors/pidl/packet-dcerpc-winreg.c Normal file
View File

File diff suppressed because it is too large Load Diff

45
epan/dissectors/pidl/packet-dcerpc-winreg.h Normal file
View File

@ -0,0 +1,45 @@
/* autogenerated by pidl */
/* DO NOT EDIT
This filter was automatically generated
from librpc/idl/winreg.idl and librpc/idl/winreg.cnf.
Pidl is a perl based IDL compiler for DCE/RPC idl files.
It is maintained by the Samba team, not the Ethereal team.
Instructions on how to download and install Pidl can be
found at http://wiki.ethereal.com/Pidl
*/
#ifndef __PACKET_DCERPC_WINREG_H
#define __PACKET_DCERPC_WINREG_H
#include "packet-dcerpc-lsa.h"
#include "packet-dcerpc-initshutdown.h"
#define REG_NONE (0)
#define REG_SZ (1)
#define REG_EXPAND_SZ (2)
#define REG_BINARY (3)
#define REG_DWORD (4)
#define REG_DWORD_BIG_ENDIAN (5)
#define REG_LINK (6)
#define REG_MULTI_SZ (7)
#define REG_RESOURCE_LIST (8)
#define REG_FULL_RESOURCE_DESCRIPTOR (9)
#define REG_RESOURCE_REQUIREMENTS_LIST (10)
#define REG_QWORD (11)
extern const value_string winreg_winreg_Type_vals[];
int winreg_dissect_enum_Type(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int hf_index, guint32 param);
int winreg_dissect_struct_String(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_);
int winreg_dissect_struct_KeySecurityData(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_);
int winreg_dissect_struct_SecBuf(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_);
#define REG_ACTION_NONE (0)
#define REG_CREATED_NEW_KEY (1)
#define REG_OPENED_EXISTING_KEY (2)
extern const value_string winreg_winreg_CreateAction_vals[];
int winreg_dissect_enum_CreateAction(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int hf_index, guint32 param);
int winreg_dissect_struct_StringBuf(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_);
int winreg_dissect_struct_QueryMultipleValue(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_);
#endif /* __PACKET_DCERPC_WINREG_H */

363
epan/dissectors/pidl/winreg.idl Normal file
View File

@ -0,0 +1,363 @@
#include "idl_types.h"
/*
winreg interface definition
*/
[
uuid("338cd001-2244-31f1-aaaa-900038001003"),
version(1.0),
endpoint("ncacn_np:[\\pipe\\winreg]","ncacn_ip_tcp:","ncalrpc:"),
pointer_default(unique),
pointer_default_top(unique),
helpstring("Remote Registry Service"),
depends(lsa,initshutdown)
] interface winreg
{
declare bitmap security_secinfo;
typedef [v1_enum] enum {
REG_NONE = 0,
REG_SZ = 1,
REG_EXPAND_SZ = 2,
REG_BINARY = 3,
REG_DWORD = 4,
REG_DWORD_BIG_ENDIAN = 5,
REG_LINK = 6,
REG_MULTI_SZ = 7,
REG_RESOURCE_LIST = 8,
REG_FULL_RESOURCE_DESCRIPTOR = 9,
REG_RESOURCE_REQUIREMENTS_LIST = 10,
REG_QWORD = 11
} winreg_Type;
typedef [public,noejs] struct {
[value(strlen_m_term(name)*2)] uint16 name_len;
[value(strlen_m_term(name)*2)] uint16 name_size;
unistr *name;
} winreg_String;
/******************/
/* Function: 0x00 */
WERROR winreg_OpenHKCR(
[in] uint16 *system_name,
[in] uint32 access_required,
[out,ref] policy_handle *handle
);
/******************/
/* Function: 0x01 */
WERROR winreg_OpenHKCU(
[in] uint16 *system_name,
[in] uint32 access_required,
[out,ref] policy_handle *handle
);
/******************/
/* Function: 0x02 */
WERROR winreg_OpenHKLM(
[in] uint16 *system_name,
[in] uint32 access_required,
[out,ref] policy_handle *handle
);
/******************/
/* Function: 0x03 */
WERROR winreg_OpenHKPD(
[in] uint16 *system_name,
[in] uint32 access_required,
[out,ref] policy_handle *handle
);
/******************/
/* Function: 0x04 */
WERROR winreg_OpenHKU(
[in] uint16 *system_name,
[in] uint32 access_required,
[out,ref] policy_handle *handle
);
/******************/
/* Function: 0x05 */
WERROR winreg_CloseKey(
[in,out,ref] policy_handle *handle
);
/******************/
/* Function: 0x06 */
typedef struct {
[size_is(size),length_is(len)] uint8 *data;
uint32 size;
uint32 len;
} KeySecurityData;
typedef struct {
uint32 length;
KeySecurityData sd;
bool8 inherit;
} winreg_SecBuf;
typedef [v1_enum] enum {
REG_ACTION_NONE = 0, /* used by caller */
REG_CREATED_NEW_KEY = 1,
REG_OPENED_EXISTING_KEY = 2
} winreg_CreateAction;
WERROR winreg_CreateKey(
[in,ref] policy_handle *handle,
[in] winreg_String name,
[in] winreg_String class,
[in] uint32 options,
[in] uint32 access_required,
[in,unique] winreg_SecBuf *secdesc,
[out,ref] policy_handle *new_handle,
[in,out,unique] winreg_CreateAction *action_taken
);
/******************/
/* Function: 0x07 */
WERROR winreg_DeleteKey(
[in,ref] policy_handle *handle,
[in] winreg_String key
);
/******************/
/* Function: 0x08 */
WERROR winreg_DeleteValue(
[in,ref] policy_handle *handle,
[in] winreg_String value
);
typedef struct {
/* we can't use value(strlen_m(name)*2) here as it
doesn't propogate to the length_is() property
below. Jelmer, can this be fixed? */
uint16 length;
uint16 size;
[size_is(size/2),length_is(length/2),charset(UTF16)] uint16 *name;
} winreg_StringBuf;
WERROR winreg_EnumKey(
[in,ref] policy_handle *handle,
[in] uint32 enum_index,
[in,out,ref] winreg_StringBuf *name,
[in,out,unique] winreg_StringBuf *class,
[in,out,unique] NTTIME *last_changed_time
);
/******************/
/* Function: 0x0a */
WERROR winreg_EnumValue(
[in,ref] policy_handle *handle,
[in] uint32 enum_index,
[in,out,ref] winreg_StringBuf *name,
[in,out,unique] winreg_Type *type,
[in,out,unique,size_is(*size),length_is(*length)] uint8 *value,
[in,out,unique] uint32 *size,
[in,out,unique] uint32 *length
);
/******************/
/* Function: 0x0b */
WERROR winreg_FlushKey(
[in,ref] policy_handle *handle
);
/******************/
/* Function: 0x0c */
WERROR winreg_GetKeySecurity(
[in,ref] policy_handle *handle,
[in] security_secinfo sec_info,
[in,out,ref] KeySecurityData *sd
);
/******************/
/* Function: 0x0d */
WERROR winreg_LoadKey(
[in,ref] policy_handle *handle,
[in] winreg_String *keyname,
[in] winreg_String *filename
);
/******************/
/* Function: 0x0e */
WERROR winreg_NotifyChangeKeyValue(
[in,ref] policy_handle *handle,
[in] uint8 watch_subtree,
[in] uint32 notify_filter,
[in] uint32 unknown,
[in] winreg_String string1,
[in] winreg_String string2,
[in] uint32 unknown2
);
/******************/
/* Function: 0x0f */
WERROR winreg_OpenKey(
[in,ref] policy_handle *handle,
[in] winreg_String keyname,
[in] uint32 unknown,
[in] uint32 access_mask,
[out,ref] policy_handle *handle
);
/******************/
/* Function: 0x10 */
WERROR winreg_QueryInfoKey(
[in,ref] policy_handle *handle,
[in] winreg_String class,
[out] winreg_String class,
[out] uint32 num_subkeys,
[out] uint32 max_subkeylen,
[out] uint32 max_subkeysize,
[out] uint32 num_values,
[out] uint32 max_valnamelen,
[out] uint32 max_valbufsize,
[out] uint32 secdescsize,
[out] NTTIME last_changed_time
);
/******************/
/* Function: 0x11 */
WERROR winreg_QueryValue(
[in,ref] policy_handle *handle,
[in] winreg_String value_name,
[in,out] winreg_Type *type,
[in,out,size_is(*size),length_is(*length)] uint8 *data,
[in,out] uint32 *size,
[in,out] uint32 *length
);
/******************/
/* Function: 0x12 */
WERROR winreg_ReplaceKey(
);
/******************/
/* Function: 0x13 */
WERROR winreg_RestoreKey(
);
/******************/
/* Function: 0x14 */
WERROR winreg_SaveKey(
);
/******************/
/* Function: 0x15 */
WERROR winreg_SetKeySecurity(
[in,ref] policy_handle *handle,
[in] uint32 access_mask,
[in,out,ref] KeySecurityData *data
);
/******************/
/* Function: 0x16 */
WERROR winreg_SetValue(
[in,ref] policy_handle *handle,
[in] winreg_String name,
[in] winreg_Type type,
[in,size_is(size),ref] uint8 *data,
[in] uint32 size
);
/******************/
/* Function: 0x17 */
WERROR winreg_UnLoadKey(
);
/******************/
/* Function: 0x18 */
WERROR winreg_InitiateSystemShutdown(
[in] uint16 *hostname,
[in] initshutdown_String *message,
[in] uint32 timeout,
[in] uint8 force_apps,
[in] uint8 reboot
);
/******************/
/* Function: 0x19 */
WERROR winreg_AbortSystemShutdown(
[in] uint16 *server
);
/******************/
/* Function: 0x1a */
WERROR winreg_GetVersion(
[in,ref] policy_handle *handle,
[out] uint32 version
);
/******************/
/* Function: 0x1b */
WERROR winreg_OpenHKCC(
[in] uint16 *system_name,
[in] uint32 access_required,
[out,ref] policy_handle *handle
);
/******************/
/* Function: 0x1c */
WERROR winreg_OpenHKDD(
[in] uint16 *system_name,
[in] uint32 access_required,
[out,ref] policy_handle *handle
);
typedef struct {
winreg_String *name;
winreg_Type type;
uint32 offset;
uint32 length;
} QueryMultipleValue;
/******************/
/* Function: 0x1d */
WERROR winreg_QueryMultipleValues(
[in,ref] policy_handle *key_handle,
[in,out,ref,size_is(num_values),length_is(num_values)] QueryMultipleValue *values,
[in] uint32 num_values,
[in,out,size_is(*buffer_size),length_is(*buffer_size)] uint8 *buffer,
[in,out,ref] uint32 *buffer_size
);
/******************/
/* Function: 0x1e */
WERROR winreg_InitiateSystemShutdownEx(
[in] uint16 *hostname,
[in] initshutdown_String *message,
[in] uint32 timeout,
[in] uint8 force_apps,
[in] uint8 reboot,
[in] uint32 reason
);
/******************/
/* Function: 0x1f */
WERROR winreg_SaveKeyEx(
);
/******************/
/* Function: 0x20 */
WERROR winreg_OpenHKPT(
[in] uint16 *system_name,
[in] uint32 access_required,
[out,ref] policy_handle *handle
);
/******************/
/* Function: 0x21 */
WERROR winreg_OpenHKPN(
[in] uint16 *system_name,
[in] uint32 access_required,
[out,ref] policy_handle *handle
);
/******************/
/* Function: 0x22 */
WERROR winreg_QueryMultipleValues2(
);
}