osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Fix automatic generation of the dcerpc-eventlog dissector. 

The problem described in the README is simply because the conformance file
hadn't been updated.

Remove trailing white space from the .idl and .cnf files.

Change-Id: I778f206aa103e5f60574fe2c5c699597969dc644
Reviewed-on: https://code.wireshark.org/review/4042
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This commit is contained in:
Jeff Morriss 2014-09-08 17:40:30 -04:00 committed by Michael Mann
parent 7143bd72f9
commit e8491ce729
5 changed files with 299 additions and 315 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

568
epan/dissectors/packet-dcerpc-eventlog.c
View File

@ -1,10 +1,10 @@
/* DO NOT EDIT
This filter was automatically generated
This file was automatically generated by Pidl
from eventlog.idl and eventlog.cnf.
Pidl is a perl based IDL compiler for DCE/RPC idl files.
Pidl is a perl based IDL compiler for DCE/RPC idl files.
It is maintained by the Samba team, not the Wireshark team.
Instructions on how to download and install Pidl can be
Instructions on how to download and install Pidl can be
found at http://wiki.wireshark.org/Pidl
*/
@ -36,98 +36,98 @@ static gint ett_eventlog_eventlog_ChangeUnknown0 = -1;
/* Header field declarations */
static gint hf_eventlog_eventlog_GetLogIntormation_dwInfoLevel = -1;
static gint hf_eventlog_Record_computer_name = -1;
static gint hf_eventlog_eventlog_OpenEventLogW_unknown0 = -1;
static gint hf_eventlog_eventlog_Record_computer_name = -1;
static gint hf_eventlog_eventlog_RegisterEventSourceW_handle = -1;
static gint hf_eventlog_eventlog_GetNumRecords_handle = -1;
static gint hf_eventlog_eventlogEventTypes_EVENTLOG_WARNING_TYPE = -1;
static gint hf_eventlog_eventlogEventTypes_EVENTLOG_ERROR_TYPE = -1;
static gint hf_eventlog_eventlog_OpenBackupEventLogW_unknown2 = -1;
static gint hf_eventlog_eventlog_Record_sid_offset = -1;
static gint hf_eventlog_Record_string = -1;
static gint hf_eventlog_eventlogEventTypes_EVENTLOG_AUDIT_FAILURE = -1;
static gint hf_eventlog_eventlog_ChangeNotify_unknown2 = -1;
static gint hf_eventlog_eventlog_ReportEventW_event_category = -1;
static gint hf_eventlog_eventlog_ChangeUnknown0_unknown0 = -1;
static gint hf_eventlog_eventlog_Record_data_offset = -1;
static gint hf_eventlog_eventlog_OpenUnknown0_unknown0 = -1;
static gint hf_eventlog_eventlog_BackupEventLogW_backupfilename = -1;
static gint hf_eventlog_eventlog_ClearEventLogW_handle = -1;
static gint hf_eventlog_eventlog_Record_closing_record_number = -1;
static gint hf_eventlog_eventlog_Record_size = -1;
static gint hf_eventlog_eventlog_ReportEventW_computer_name = -1;
static gint hf_eventlog_eventlog_OpenBackupEventLogW_unknown0 = -1;
static gint hf_eventlog_eventlog_Record_event_id = -1;
static gint hf_eventlog_eventlog_ReadEventLogW_handle = -1;
static gint hf_eventlog_eventlog_BackupEventLogW_handle = -1;
static gint hf_eventlog_eventlog_Record_raw_data = -1;
static gint hf_eventlog_eventlog_RegisterEventSourceW_unknown0 = -1;
static gint hf_eventlog_eventlog_CloseEventLog_handle = -1;
static gint hf_eventlog_eventlog_ChangeUnknown0_unknown1 = -1;
static gint hf_eventlog_eventlog_OpenBackupEventLogW_handle = -1;
static gint hf_eventlog_eventlog_Record_reserved_flags = -1;
static gint hf_eventlog_eventlog_GetLogIntormation_cbBytesNeeded = -1;
static gint hf_eventlog_eventlogReadFlags_EVENTLOG_SEEK_READ = -1;
static gint hf_eventlog_eventlog_OpenEventLogW_MinorVersion = -1;
static gint hf_eventlog_eventlog_Record_source_name = -1;
static gint hf_eventlog_eventlog_GetLogIntormation_handle = -1;
static gint hf_eventlog_Record_length = -1;
static gint hf_eventlog_eventlog_Record_sid_length = -1;
static gint hf_eventlog_eventlog_GetOldestRecord_oldest = -1;
static gint hf_eventlog_eventlog_Record_strings = -1;
static gint hf_eventlog_eventlog_Record_record_number = -1;
static gint hf_eventlog_eventlog_OpenEventLogW_handle = -1;
static gint hf_eventlog_eventlog_GetLogIntormation_lpBuffer = -1;
static gint hf_eventlog_eventlog_RegisterEventSourceW_logname = -1;
static gint hf_eventlog_eventlog_ReadEventLogW_real_size = -1;
static gint hf_eventlog_eventlog_Record_time_written = -1;
static gint hf_eventlog_eventlog_Record_stringoffset = -1;
static gint hf_eventlog_eventlog_RegisterEventSourceW_unknown3 = -1;
static gint hf_eventlog_eventlogReadFlags_EVENTLOG_SEQUENTIAL_READ = -1;
static gint hf_eventlog_eventlog_Record_reserved = -1;
static gint hf_eventlog_eventlog_Record_data_length = -1;
static gint hf_eventlog_eventlog_RegisterEventSourceW_servername = -1;
static gint hf_eventlog_eventlog_ReportEventW_event_id = -1;
static gint hf_eventlog_eventlog_ReportEventW_handle = -1;
static gint hf_eventlog_eventlog_ReadEventLogW_sent_size = -1;
static gint hf_eventlog_eventlog_ChangeNotify_handle = -1;
static gint hf_eventlog_eventlog_OpenBackupEventLogW_logname = -1;
static gint hf_eventlog_Record_source_name = -1;
static gint hf_eventlog_eventlog_Record_event_type = -1;
static gint hf_eventlog_eventlog_Record_num_of_strings = -1;
static gint hf_eventlog_eventlog_RegisterEventSourceW_unknown2 = -1;
static gint hf_eventlog_eventlog_ReadEventLogW_offset = -1;
static gint hf_eventlog_eventlog_Record_event_category = -1;
static gint hf_eventlog_eventlog_GetOldestRecord_handle = -1;
static gint hf_eventlog_eventlog_OpenUnknown0_unknown1 = -1;
static gint hf_eventlog_eventlog_GetNumRecords_number = -1;
static gint hf_eventlog_eventlog_Record_time_generated = -1;
static gint hf_eventlog_eventlogEventTypes_EVENTLOG_AUDIT_SUCCESS = -1;
static gint hf_eventlog_eventlog_OpenEventLogW_RegModuleName = -1;
static gint hf_eventlog_eventlog_ReportEventW_data_length = -1;
static gint hf_eventlog_eventlogReadFlags_EVENTLOG_BACKWARDS_READ = -1;
static gint hf_eventlog_Record = -1;
static gint hf_eventlog_eventlog_ReadEventLogW_data = -1;
static gint hf_eventlog_eventlogEventTypes_EVENTLOG_INFORMATION_TYPE = -1;
static gint hf_eventlog_eventlog_DeregisterEventSource_handle = -1;
static gint hf_eventlog_opnum = -1;
static gint hf_eventlog_eventlog_OpenBackupEventLogW_unknown0 = -1;
static gint hf_eventlog_eventlog_GetLogIntormation_handle = -1;
static gint hf_eventlog_Record_source_name = -1;
static gint hf_eventlog_eventlog_ChangeNotify_unknown3 = -1;
static gint hf_eventlog_eventlog_ReportEventW_num_of_strings = -1;
static gint hf_eventlog_eventlog_ReportEventW_time = -1;
static gint hf_eventlog_eventlogReadFlags_EVENTLOG_FORWARDS_READ = -1;
static gint hf_eventlog_status = -1;
static gint hf_eventlog_eventlog_ReadEventLogW_number_of_bytes = -1;
static gint hf_eventlog_eventlog_ClearEventLogW_backupfilename = -1;
static gint hf_eventlog_eventlog_OpenEventLogW_Module = -1;
static gint hf_eventlog_eventlog_FlushEventLog_handle = -1;
static gint hf_eventlog_eventlog_ReportEventW_Type = -1;
static gint hf_eventlog_eventlog_OpenEventLogW_MajorVersion = -1;
static gint hf_eventlog_eventlog_ReportEventW_data_length = -1;
static gint hf_eventlog_eventlog_Record_reserved = -1;
static gint hf_eventlog_eventlog_GetLogIntormation_cbBufSize = -1;
static gint hf_eventlog_eventlog_OpenBackupEventLogW_unknown3 = -1;
static gint hf_eventlog_eventlog_ReadEventLogW_flags = -1;
static gint hf_eventlog_eventlog_GetNumRecords_handle = -1;
static gint hf_eventlog_Record_computer_name = -1;
static gint hf_eventlog_opnum = -1;
static gint hf_eventlog_eventlog_OpenEventLogW_Module = -1;
static gint hf_eventlog_eventlog_Record_strings = -1;
static gint hf_eventlog_eventlog_RegisterEventSourceW_servername = -1;
static gint hf_eventlog_eventlog_Record_time_written = -1;
static gint hf_eventlog_eventlog_Record_reserved_flags = -1;
static gint hf_eventlog_eventlog_BackupEventLogW_backupfilename = -1;
static gint hf_eventlog_eventlogEventTypes_EVENTLOG_INFORMATION_TYPE = -1;
static gint hf_eventlog_eventlog_ReportEventW_event_id = -1;
static gint hf_eventlog_eventlogEventTypes_EVENTLOG_SUCCESS = -1;
static gint hf_eventlog_eventlogEventTypes_EVENTLOG_ERROR_TYPE = -1;
static gint hf_eventlog_eventlog_RegisterEventSourceW_unknown3 = -1;
static gint hf_eventlog_eventlog_ReadEventLogW_handle = -1;
static gint hf_eventlog_eventlog_ReportEventW_computer_name = -1;
static gint hf_eventlog_eventlog_ReportEventW_event_category = -1;
static gint hf_eventlog_eventlog_OpenBackupEventLogW_handle = -1;
static gint hf_eventlog_eventlog_ChangeUnknown0_unknown0 = -1;
static gint hf_eventlog_eventlog_ReadEventLogW_number_of_bytes = -1;
static gint hf_eventlog_eventlog_GetOldestRecord_handle = -1;
static gint hf_eventlog_eventlog_Record_event_id = -1;
static gint hf_eventlog_eventlogReadFlags_EVENTLOG_SEEK_READ = -1;
static gint hf_eventlog_eventlog_FlushEventLog_handle = -1;
static gint hf_eventlog_eventlog_Record_data_length = -1;
static gint hf_eventlog_eventlog_ReadEventLogW_offset = -1;
static gint hf_eventlog_eventlog_DeregisterEventSource_handle = -1;
static gint hf_eventlog_eventlogReadFlags_EVENTLOG_SEQUENTIAL_READ = -1;
static gint hf_eventlog_eventlog_ChangeNotify_handle = -1;
static gint hf_eventlog_eventlogEventTypes_EVENTLOG_AUDIT_FAILURE = -1;
static gint hf_eventlog_eventlog_ChangeNotify_unknown2 = -1;
static gint hf_eventlog_eventlog_Record_sid_offset = -1;
static gint hf_eventlog_eventlog_Record_num_of_strings = -1;
static gint hf_eventlog_eventlog_GetLogIntormation_lpBuffer = -1;
static gint hf_eventlog_eventlog_OpenUnknown0_unknown1 = -1;
static gint hf_eventlog_eventlog_Record_computer_name = -1;
static gint hf_eventlog_eventlog_RegisterEventSourceW_unknown0 = -1;
static gint hf_eventlog_eventlog_ClearEventLogW_backupfilename = -1;
static gint hf_eventlog_eventlog_ReportEventW_handle = -1;
static gint hf_eventlog_eventlogReadFlags_EVENTLOG_FORWARDS_READ = -1;
static gint hf_eventlog_eventlog_OpenEventLogW_unknown0 = -1;
static gint hf_eventlog_eventlog_Record_size = -1;
static gint hf_eventlog_status = -1;
static gint hf_eventlog_eventlog_Record_data_offset = -1;
static gint hf_eventlog_eventlog_OpenEventLogW_handle = -1;
static gint hf_eventlog_eventlog_OpenEventLogW_RegModuleName = -1;
static gint hf_eventlog_eventlog_ReportEventW_Type = -1;
static gint hf_eventlog_eventlog_ReadEventLogW_real_size = -1;
static gint hf_eventlog_eventlog_OpenBackupEventLogW_unknown3 = -1;
static gint hf_eventlog_eventlog_OpenUnknown0_unknown0 = -1;
static gint hf_eventlog_eventlog_Record_source_name = -1;
static gint hf_eventlog_eventlog_Record_record_number = -1;
static gint hf_eventlog_eventlog_Record_event_category = -1;
static gint hf_eventlog_eventlog_Record_raw_data = -1;
static gint hf_eventlog_eventlog_OpenBackupEventLogW_logname = -1;
static gint hf_eventlog_eventlog_Record_sid_length = -1;
static gint hf_eventlog_eventlog_Record_time_generated = -1;
static gint hf_eventlog_eventlogReadFlags_EVENTLOG_BACKWARDS_READ = -1;
static gint hf_eventlog_eventlog_ClearEventLogW_handle = -1;
static gint hf_eventlog_eventlog_BackupEventLogW_handle = -1;
static gint hf_eventlog_eventlogEventTypes_EVENTLOG_WARNING_TYPE = -1;
static gint hf_eventlog_eventlog_ReportEventW_time = -1;
static gint hf_eventlog_Record_length = -1;
static gint hf_eventlog_eventlog_Record_closing_record_number = -1;
static gint hf_eventlog_eventlog_OpenBackupEventLogW_unknown2 = -1;
static gint hf_eventlog_eventlog_Record_event_type = -1;
static gint hf_eventlog_eventlog_RegisterEventSourceW_unknown2 = -1;
static gint hf_eventlog_eventlog_ReadEventLogW_flags = -1;
static gint hf_eventlog_eventlog_RegisterEventSourceW_logname = -1;
static gint hf_eventlog_eventlog_OpenEventLogW_MajorVersion = -1;
static gint hf_eventlog_eventlog_GetNumRecords_number = -1;
static gint hf_eventlog_eventlog_ChangeUnknown0_unknown1 = -1;
static gint hf_eventlog_Record_string = -1;
static gint hf_eventlog_eventlogEventTypes_EVENTLOG_AUDIT_SUCCESS = -1;
static gint hf_eventlog_eventlog_ReadEventLogW_sent_size = -1;
static gint hf_eventlog_eventlog_Record_stringoffset = -1;
static gint hf_eventlog_eventlog_GetLogIntormation_cbBytesNeeded = -1;
static gint hf_eventlog_eventlog_GetOldestRecord_oldest = -1;
static gint hf_eventlog_eventlog_CloseEventLog_handle = -1;
static gint hf_eventlog_eventlog_GetLogIntormation_dwInfoLevel = -1;
static gint hf_eventlog_eventlog_ReadEventLogW_data = -1;
static gint proto_dcerpc_eventlog = -1;
/* Version information */
@ -285,7 +285,7 @@ static int eventlog_dissect_element_FlushEventLog_handle(tvbuff_t *tvb _U_, int
static int eventlog_dissect_element_FlushEventLog_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
/* Add this one manually until we can compile LSA */
static int
eventlog_dissect_struct_lsa_String(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, guint8 *drep, int hf_index,int notused _U_)
eventlog_dissect_struct_lsa_String(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int hf_index,int notused _U_)
{
if(di->conformant_run){
/*just a run to handle conformant arrays, nothing to dissect */
@ -333,7 +333,7 @@ eventlog_dissect_element_Record_sid_offset(tvbuff_t *tvb, int offset, packet_inf
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_sid_offset,&sid_offset);
if(sid_offset && sid_length){
tvbuff_t *sid_tvb;
/* this blob contains an NT SID.
/* this blob contains an NT SID.
* tvb starts at the beginning of the record.
*/
sid_tvb=tvb_new_subset(tvb, sid_offset, MIN((gint)sid_length, tvb_length_remaining(tvb, offset)), sid_length);
@ -345,10 +345,8 @@ static int
eventlog_dissect_element_Record_source_name(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, dcerpc_info *di _U_, guint8 *drep _U_)
{
guint len;
len=tvb_unicode_strsize(tvb, offset);
proto_tree_add_item(tree, hf_eventlog_Record_source_name, tvb, offset, len, ENC_UTF_16|ENC_LITTLE_ENDIAN);
offset+=len;
return offset;
}
@ -356,10 +354,8 @@ static int
eventlog_dissect_element_Record_computer_name(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, dcerpc_info *di _U_, guint8 *drep _U_)
{
guint len;
len=tvb_unicode_strsize(tvb, offset);
proto_tree_add_item(tree, hf_eventlog_Record_computer_name, tvb, offset, len, ENC_UTF_16|ENC_LITTLE_ENDIAN);
offset+=len;
return offset;
}
@ -384,15 +380,11 @@ eventlog_dissect_element_Record_strings(tvbuff_t *tvb, int offset, packet_info *
{
while(string_offset && num_of_strings){
guint len;
len=tvb_unicode_strsize(tvb, string_offset);
proto_tree_add_item(tree, hf_eventlog_Record_string, tvb, string_offset, len, ENC_UTF_16|ENC_LITTLE_ENDIAN);
string_offset+=len;
num_of_strings--;
}
return offset;
}
@ -891,7 +883,7 @@ eventlog_dissect_element_ClearEventLogW_backupfilename_(tvbuff_t *tvb _U_, int o
/* IDL: NTSTATUS eventlog_ClearEventLogW( */
/* IDL: [ref] [in] policy_handle *handle, */
/* IDL: [unique(1)] [in] lsa_String *backupfilename */
/* IDL: [in] [unique(1)] lsa_String *backupfilename */
/* IDL: ); */
static int
@ -952,7 +944,7 @@ eventlog_dissect_element_BackupEventLogW_backupfilename_(tvbuff_t *tvb _U_, int
}
/* IDL: NTSTATUS eventlog_BackupEventLogW( */
/* IDL: [ref] [in] policy_handle *handle, */
/* IDL: [in] [ref] policy_handle *handle, */
/* IDL: [unique(1)] [in] lsa_String *backupfilename */
/* IDL: ); */
@ -998,7 +990,7 @@ eventlog_dissect_element_CloseEventLog_handle_(tvbuff_t *tvb _U_, int offset _U_
}
/* IDL: NTSTATUS eventlog_CloseEventLog( */
/* IDL: [out] [ref] [in] policy_handle *handle */
/* IDL: [ref] [out] [in] policy_handle *handle */
/* IDL: ); */
static int
@ -1044,7 +1036,7 @@ eventlog_dissect_element_DeregisterEventSource_handle_(tvbuff_t *tvb _U_, int of
}
/* IDL: NTSTATUS eventlog_DeregisterEventSource( */
/* IDL: [out] [ref] [in] policy_handle *handle */
/* IDL: [in] [out] [ref] policy_handle *handle */
/* IDL: ); */
static int
@ -1106,7 +1098,7 @@ eventlog_dissect_element_GetNumRecords_number_(tvbuff_t *tvb _U_, int offset _U_
}
/* IDL: NTSTATUS eventlog_GetNumRecords( */
/* IDL: [ref] [in] policy_handle *handle, */
/* IDL: [in] [ref] policy_handle *handle, */
/* IDL: [out] [ref] uint32 *number */
/* IDL: ); */
@ -1170,7 +1162,7 @@ eventlog_dissect_element_GetOldestRecord_oldest_(tvbuff_t *tvb _U_, int offset _
/* IDL: NTSTATUS eventlog_GetOldestRecord( */
/* IDL: [ref] [in] policy_handle *handle, */
/* IDL: [out] [ref] uint32 *oldest */
/* IDL: [ref] [out] uint32 *oldest */
/* IDL: ); */
static int
@ -1240,8 +1232,8 @@ eventlog_dissect_element_ChangeNotify_unknown3(tvbuff_t *tvb _U_, int offset _U_
}
/* IDL: NTSTATUS eventlog_ChangeNotify( */
/* IDL: [ref] [in] policy_handle *handle, */
/* IDL: [in] [ref] eventlog_ChangeUnknown0 *unknown2, */
/* IDL: [in] [ref] policy_handle *handle, */
/* IDL: [ref] [in] eventlog_ChangeUnknown0 *unknown2, */
/* IDL: [in] uint32 unknown3 */
/* IDL: ); */
@ -1444,12 +1436,12 @@ eventlog_dissect_element_RegisterEventSourceW_handle_(tvbuff_t *tvb _U_, int off
}
/* IDL: NTSTATUS eventlog_RegisterEventSourceW( */
/* IDL: [unique(1)] [in] eventlog_OpenUnknown0 *unknown0, */
/* IDL: [in] [unique(1)] eventlog_OpenUnknown0 *unknown0, */
/* IDL: [in] lsa_String logname, */
/* IDL: [in] lsa_String servername, */
/* IDL: [in] uint32 unknown2, */
/* IDL: [in] uint32 unknown3, */
/* IDL: [out] [ref] policy_handle *handle */
/* IDL: [ref] [out] policy_handle *handle */
/* IDL: ); */
static int
@ -1547,7 +1539,7 @@ eventlog_dissect_element_OpenBackupEventLogW_handle_(tvbuff_t *tvb _U_, int offs
/* IDL: [in] lsa_String logname, */
/* IDL: [in] uint32 unknown2, */
/* IDL: [in] uint32 unknown3, */
/* IDL: [out] [ref] policy_handle *handle */
/* IDL: [ref] [out] policy_handle *handle */
/* IDL: ); */
static int
@ -1675,7 +1667,7 @@ eventlog_dissect_element_ReadEventLogW_real_size_(tvbuff_t *tvb _U_, int offset
/* IDL: [in] eventlogReadFlags flags, */
/* IDL: [in] uint32 offset, */
/* IDL: [in] uint32 number_of_bytes, */
/* IDL: [out] [ref] [size_is(number_of_bytes)] uint8 *data, */
/* IDL: [out] [size_is(number_of_bytes)] [ref] uint8 *data, */
/* IDL: [out] [ref] uint32 *sent_size, */
/* IDL: [out] [ref] uint32 *real_size */
/* IDL: ); */
@ -2210,7 +2202,7 @@ eventlog_dissect_element_FlushEventLog_handle_(tvbuff_t *tvb _U_, int offset _U_
}
/* IDL: NTSTATUS eventlog_FlushEventLog( */
/* IDL: [ref] [in] policy_handle *handle */
/* IDL: [in] [ref] policy_handle *handle */
/* IDL: ); */
static int
@ -2292,190 +2284,190 @@ static dcerpc_sub_dissector eventlog_dissectors[] = {
void proto_register_dcerpc_eventlog(void)
{
static hf_register_info hf[] = {
{ &hf_eventlog_eventlog_GetLogIntormation_dwInfoLevel,
{ "Dwinfolevel", "eventlog.eventlog_GetLogIntormation.dwInfoLevel", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_Record_computer_name,
{ "Computer Name", "eventlog.Record.computer_name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_OpenEventLogW_unknown0,
{ "Unknown0", "eventlog.eventlog_OpenEventLogW.unknown0", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_computer_name,
{ "Computer Name", "eventlog.eventlog_Record.computer_name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_RegisterEventSourceW_handle,
{ &hf_eventlog_eventlog_RegisterEventSourceW_handle,
{ "Handle", "eventlog.eventlog_RegisterEventSourceW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_GetNumRecords_handle,
{ "Handle", "eventlog.eventlog_GetNumRecords.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlogEventTypes_EVENTLOG_WARNING_TYPE,
{ "Eventlog Warning Type", "eventlog.eventlogEventTypes.EVENTLOG_WARNING_TYPE", FT_BOOLEAN, 32, TFS(&eventlogEventTypes_EVENTLOG_WARNING_TYPE_tfs), ( 0x0002 ), NULL, HFILL }},
{ &hf_eventlog_eventlogEventTypes_EVENTLOG_ERROR_TYPE,
{ "Eventlog Error Type", "eventlog.eventlogEventTypes.EVENTLOG_ERROR_TYPE", FT_BOOLEAN, 32, TFS(&eventlogEventTypes_EVENTLOG_ERROR_TYPE_tfs), ( 0x0001 ), NULL, HFILL }},
{ &hf_eventlog_eventlog_OpenBackupEventLogW_unknown2,
{ "Unknown2", "eventlog.eventlog_OpenBackupEventLogW.unknown2", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_sid_offset,
{ "Sid Offset", "eventlog.eventlog_Record.sid_offset", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_Record_string,
{ "string", "eventlog.Record.string", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlogEventTypes_EVENTLOG_AUDIT_FAILURE,
{ "Eventlog Audit Failure", "eventlog.eventlogEventTypes.EVENTLOG_AUDIT_FAILURE", FT_BOOLEAN, 32, TFS(&eventlogEventTypes_EVENTLOG_AUDIT_FAILURE_tfs), ( 0x0010 ), NULL, HFILL }},
{ &hf_eventlog_eventlog_ChangeNotify_unknown2,
{ "Unknown2", "eventlog.eventlog_ChangeNotify.unknown2", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ReportEventW_event_category,
{ "Event Category", "eventlog.eventlog_ReportEventW.event_category", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ChangeUnknown0_unknown0,
{ "Unknown0", "eventlog.eventlog_ChangeUnknown0.unknown0", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_data_offset,
{ "Data Offset", "eventlog.eventlog_Record.data_offset", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_OpenUnknown0_unknown0,
{ "Unknown0", "eventlog.eventlog_OpenUnknown0.unknown0", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_BackupEventLogW_backupfilename,
{ "Backupfilename", "eventlog.eventlog_BackupEventLogW.backupfilename", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ClearEventLogW_handle,
{ "Handle", "eventlog.eventlog_ClearEventLogW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_closing_record_number,
{ "Closing Record Number", "eventlog.eventlog_Record.closing_record_number", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_size,
{ "Size", "eventlog.eventlog_Record.size", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ReportEventW_computer_name,
{ "Computer Name", "eventlog.eventlog_ReportEventW.computer_name", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_OpenBackupEventLogW_unknown0,
{ "Unknown0", "eventlog.eventlog_OpenBackupEventLogW.unknown0", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_event_id,
{ "Event Id", "eventlog.eventlog_Record.event_id", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ReadEventLogW_handle,
{ "Handle", "eventlog.eventlog_ReadEventLogW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_BackupEventLogW_handle,
{ "Handle", "eventlog.eventlog_BackupEventLogW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_raw_data,
{ "Raw Data", "eventlog.eventlog_Record.raw_data", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_RegisterEventSourceW_unknown0,
{ "Unknown0", "eventlog.eventlog_RegisterEventSourceW.unknown0", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_CloseEventLog_handle,
{ "Handle", "eventlog.eventlog_CloseEventLog.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ChangeUnknown0_unknown1,
{ "Unknown1", "eventlog.eventlog_ChangeUnknown0.unknown1", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_OpenBackupEventLogW_handle,
{ "Handle", "eventlog.eventlog_OpenBackupEventLogW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_reserved_flags,
{ "Reserved Flags", "eventlog.eventlog_Record.reserved_flags", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_GetLogIntormation_cbBytesNeeded,
{ "Cbbytesneeded", "eventlog.eventlog_GetLogIntormation.cbBytesNeeded", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlogReadFlags_EVENTLOG_SEEK_READ,
{ "Eventlog Seek Read", "eventlog.eventlogReadFlags.EVENTLOG_SEEK_READ", FT_BOOLEAN, 32, TFS(&eventlogReadFlags_EVENTLOG_SEEK_READ_tfs), ( 0x0002 ), NULL, HFILL }},
{ &hf_eventlog_eventlog_OpenEventLogW_MinorVersion,
{ &hf_eventlog_eventlog_OpenEventLogW_MinorVersion,
{ "Minorversion", "eventlog.eventlog_OpenEventLogW.MinorVersion", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_source_name,
{ "Source Name", "eventlog.eventlog_Record.source_name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_GetLogIntormation_handle,
{ "Handle", "eventlog.eventlog_GetLogIntormation.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_Record_length,
{ "Record Length", "eventlog.Record.length", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_sid_length,
{ "Sid Length", "eventlog.eventlog_Record.sid_length", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_GetOldestRecord_oldest,
{ "Oldest", "eventlog.eventlog_GetOldestRecord.oldest", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_strings,
{ "Strings", "eventlog.eventlog_Record.strings", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_record_number,
{ "Record Number", "eventlog.eventlog_Record.record_number", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_OpenEventLogW_handle,
{ "Handle", "eventlog.eventlog_OpenEventLogW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_GetLogIntormation_lpBuffer,
{ "Lpbuffer", "eventlog.eventlog_GetLogIntormation.lpBuffer", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_RegisterEventSourceW_logname,
{ "Logname", "eventlog.eventlog_RegisterEventSourceW.logname", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ReadEventLogW_real_size,
{ "Real Size", "eventlog.eventlog_ReadEventLogW.real_size", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_time_written,
{ "Time Written", "eventlog.eventlog_Record.time_written", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_stringoffset,
{ "Stringoffset", "eventlog.eventlog_Record.stringoffset", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_RegisterEventSourceW_unknown3,
{ "Unknown3", "eventlog.eventlog_RegisterEventSourceW.unknown3", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlogReadFlags_EVENTLOG_SEQUENTIAL_READ,
{ "Eventlog Sequential Read", "eventlog.eventlogReadFlags.EVENTLOG_SEQUENTIAL_READ", FT_BOOLEAN, 32, TFS(&eventlogReadFlags_EVENTLOG_SEQUENTIAL_READ_tfs), ( 0x0001 ), NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_reserved,
{ "Reserved", "eventlog.eventlog_Record.reserved", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_data_length,
{ "Data Length", "eventlog.eventlog_Record.data_length", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_RegisterEventSourceW_servername,
{ "Servername", "eventlog.eventlog_RegisterEventSourceW.servername", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ReportEventW_event_id,
{ "Event Id", "eventlog.eventlog_ReportEventW.event_id", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ReportEventW_handle,
{ "Handle", "eventlog.eventlog_ReportEventW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ReadEventLogW_sent_size,
{ "Sent Size", "eventlog.eventlog_ReadEventLogW.sent_size", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ChangeNotify_handle,
{ "Handle", "eventlog.eventlog_ChangeNotify.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_OpenBackupEventLogW_logname,
{ "Logname", "eventlog.eventlog_OpenBackupEventLogW.logname", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_Record_source_name,
{ "Source Name", "eventlog.Record.source_name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_event_type,
{ "Event Type", "eventlog.eventlog_Record.event_type", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_num_of_strings,
{ "Num Of Strings", "eventlog.eventlog_Record.num_of_strings", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_RegisterEventSourceW_unknown2,
{ "Unknown2", "eventlog.eventlog_RegisterEventSourceW.unknown2", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ReadEventLogW_offset,
{ "Offset", "eventlog.eventlog_ReadEventLogW.offset", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_event_category,
{ "Event Category", "eventlog.eventlog_Record.event_category", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_GetOldestRecord_handle,
{ "Handle", "eventlog.eventlog_GetOldestRecord.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_OpenUnknown0_unknown1,
{ "Unknown1", "eventlog.eventlog_OpenUnknown0.unknown1", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_GetNumRecords_number,
{ "Number", "eventlog.eventlog_GetNumRecords.number", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_time_generated,
{ "Time Generated", "eventlog.eventlog_Record.time_generated", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlogEventTypes_EVENTLOG_AUDIT_SUCCESS,
{ "Eventlog Audit Success", "eventlog.eventlogEventTypes.EVENTLOG_AUDIT_SUCCESS", FT_BOOLEAN, 32, TFS(&eventlogEventTypes_EVENTLOG_AUDIT_SUCCESS_tfs), ( 0x0008 ), NULL, HFILL }},
{ &hf_eventlog_eventlog_OpenEventLogW_RegModuleName,
{ "Regmodulename", "eventlog.eventlog_OpenEventLogW.RegModuleName", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ReportEventW_data_length,
{ "Data Length", "eventlog.eventlog_ReportEventW.data_length", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlogReadFlags_EVENTLOG_BACKWARDS_READ,
{ "Eventlog Backwards Read", "eventlog.eventlogReadFlags.EVENTLOG_BACKWARDS_READ", FT_BOOLEAN, 32, TFS(&eventlogReadFlags_EVENTLOG_BACKWARDS_READ_tfs), ( 0x0008 ), NULL, HFILL }},
{ &hf_eventlog_Record,
{ &hf_eventlog_Record,
{ "Record", "eventlog.Record", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ReadEventLogW_data,
{ "Data", "eventlog.eventlog_ReadEventLogW.data", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlogEventTypes_EVENTLOG_INFORMATION_TYPE,
{ "Eventlog Information Type", "eventlog.eventlogEventTypes.EVENTLOG_INFORMATION_TYPE", FT_BOOLEAN, 32, TFS(&eventlogEventTypes_EVENTLOG_INFORMATION_TYPE_tfs), ( 0x0004 ), NULL, HFILL }},
{ &hf_eventlog_eventlog_DeregisterEventSource_handle,
{ "Handle", "eventlog.eventlog_DeregisterEventSource.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_opnum,
{ "Operation", "eventlog.opnum", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ChangeNotify_unknown3,
{ &hf_eventlog_eventlog_OpenBackupEventLogW_unknown0,
{ "Unknown0", "eventlog.eventlog_OpenBackupEventLogW.unknown0", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_GetLogIntormation_handle,
{ "Handle", "eventlog.eventlog_GetLogIntormation.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_Record_source_name,
{ "Source Name", "eventlog.Record.source_name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ChangeNotify_unknown3,
{ "Unknown3", "eventlog.eventlog_ChangeNotify.unknown3", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ReportEventW_num_of_strings,
{ &hf_eventlog_eventlog_ReportEventW_num_of_strings,
{ "Num Of Strings", "eventlog.eventlog_ReportEventW.num_of_strings", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ReportEventW_time,
{ "Time", "eventlog.eventlog_ReportEventW.time", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlogReadFlags_EVENTLOG_FORWARDS_READ,
{ "Eventlog Forwards Read", "eventlog.eventlogReadFlags.EVENTLOG_FORWARDS_READ", FT_BOOLEAN, 32, TFS(&eventlogReadFlags_EVENTLOG_FORWARDS_READ_tfs), ( 0x0004 ), NULL, HFILL }},
{ &hf_eventlog_status,
{ "NT Error", "eventlog.status", FT_UINT32, BASE_HEX, VALS(NT_errors), 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ReadEventLogW_number_of_bytes,
{ "Number Of Bytes", "eventlog.eventlog_ReadEventLogW.number_of_bytes", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ClearEventLogW_backupfilename,
{ "Backupfilename", "eventlog.eventlog_ClearEventLogW.backupfilename", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_OpenEventLogW_Module,
{ "Module", "eventlog.eventlog_OpenEventLogW.Module", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_FlushEventLog_handle,
{ "Handle", "eventlog.eventlog_FlushEventLog.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ReportEventW_Type,
{ "Type", "eventlog.eventlog_ReportEventW.Type", FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_OpenEventLogW_MajorVersion,
{ "Majorversion", "eventlog.eventlog_OpenEventLogW.MajorVersion", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_GetLogIntormation_cbBufSize,
{ &hf_eventlog_eventlog_ReportEventW_data_length,
{ "Data Length", "eventlog.eventlog_ReportEventW.data_length", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_reserved,
{ "Reserved", "eventlog.eventlog_Record.reserved", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_GetLogIntormation_cbBufSize,
{ "Cbbufsize", "eventlog.eventlog_GetLogIntormation.cbBufSize", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_OpenBackupEventLogW_unknown3,
{ "Unknown3", "eventlog.eventlog_OpenBackupEventLogW.unknown3", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ReadEventLogW_flags,
{ "Flags", "eventlog.eventlog_ReadEventLogW.flags", FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlogEventTypes_EVENTLOG_SUCCESS,
{ &hf_eventlog_eventlog_GetNumRecords_handle,
{ "Handle", "eventlog.eventlog_GetNumRecords.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_Record_computer_name,
{ "Computer Name", "eventlog.Record.computer_name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_opnum,
{ "Operation", "eventlog.opnum", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_OpenEventLogW_Module,
{ "Module", "eventlog.eventlog_OpenEventLogW.Module", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_strings,
{ "Strings", "eventlog.eventlog_Record.strings", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_RegisterEventSourceW_servername,
{ "Servername", "eventlog.eventlog_RegisterEventSourceW.servername", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_time_written,
{ "Time Written", "eventlog.eventlog_Record.time_written", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_reserved_flags,
{ "Reserved Flags", "eventlog.eventlog_Record.reserved_flags", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_BackupEventLogW_backupfilename,
{ "Backupfilename", "eventlog.eventlog_BackupEventLogW.backupfilename", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlogEventTypes_EVENTLOG_INFORMATION_TYPE,
{ "Eventlog Information Type", "eventlog.eventlogEventTypes.EVENTLOG_INFORMATION_TYPE", FT_BOOLEAN, 32, TFS(&eventlogEventTypes_EVENTLOG_INFORMATION_TYPE_tfs), ( 0x0004 ), NULL, HFILL }},
{ &hf_eventlog_eventlog_ReportEventW_event_id,
{ "Event Id", "eventlog.eventlog_ReportEventW.event_id", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlogEventTypes_EVENTLOG_SUCCESS,
{ "Eventlog Success", "eventlog.eventlogEventTypes.EVENTLOG_SUCCESS", FT_BOOLEAN, 32, TFS(&eventlogEventTypes_EVENTLOG_SUCCESS_tfs), ( 0x0000 ), NULL, HFILL }},
{ &hf_eventlog_eventlogEventTypes_EVENTLOG_ERROR_TYPE,
{ "Eventlog Error Type", "eventlog.eventlogEventTypes.EVENTLOG_ERROR_TYPE", FT_BOOLEAN, 32, TFS(&eventlogEventTypes_EVENTLOG_ERROR_TYPE_tfs), ( 0x0001 ), NULL, HFILL }},
{ &hf_eventlog_eventlog_RegisterEventSourceW_unknown3,
{ "Unknown3", "eventlog.eventlog_RegisterEventSourceW.unknown3", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ReadEventLogW_handle,
{ "Handle", "eventlog.eventlog_ReadEventLogW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ReportEventW_computer_name,
{ "Computer Name", "eventlog.eventlog_ReportEventW.computer_name", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ReportEventW_event_category,
{ "Event Category", "eventlog.eventlog_ReportEventW.event_category", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_OpenBackupEventLogW_handle,
{ "Handle", "eventlog.eventlog_OpenBackupEventLogW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ChangeUnknown0_unknown0,
{ "Unknown0", "eventlog.eventlog_ChangeUnknown0.unknown0", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ReadEventLogW_number_of_bytes,
{ "Number Of Bytes", "eventlog.eventlog_ReadEventLogW.number_of_bytes", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_GetOldestRecord_handle,
{ "Handle", "eventlog.eventlog_GetOldestRecord.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_event_id,
{ "Event Id", "eventlog.eventlog_Record.event_id", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlogReadFlags_EVENTLOG_SEEK_READ,
{ "Eventlog Seek Read", "eventlog.eventlogReadFlags.EVENTLOG_SEEK_READ", FT_BOOLEAN, 32, TFS(&eventlogReadFlags_EVENTLOG_SEEK_READ_tfs), ( 0x0002 ), NULL, HFILL }},
{ &hf_eventlog_eventlog_FlushEventLog_handle,
{ "Handle", "eventlog.eventlog_FlushEventLog.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_data_length,
{ "Data Length", "eventlog.eventlog_Record.data_length", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ReadEventLogW_offset,
{ "Offset", "eventlog.eventlog_ReadEventLogW.offset", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_DeregisterEventSource_handle,
{ "Handle", "eventlog.eventlog_DeregisterEventSource.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlogReadFlags_EVENTLOG_SEQUENTIAL_READ,
{ "Eventlog Sequential Read", "eventlog.eventlogReadFlags.EVENTLOG_SEQUENTIAL_READ", FT_BOOLEAN, 32, TFS(&eventlogReadFlags_EVENTLOG_SEQUENTIAL_READ_tfs), ( 0x0001 ), NULL, HFILL }},
{ &hf_eventlog_eventlog_ChangeNotify_handle,
{ "Handle", "eventlog.eventlog_ChangeNotify.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlogEventTypes_EVENTLOG_AUDIT_FAILURE,
{ "Eventlog Audit Failure", "eventlog.eventlogEventTypes.EVENTLOG_AUDIT_FAILURE", FT_BOOLEAN, 32, TFS(&eventlogEventTypes_EVENTLOG_AUDIT_FAILURE_tfs), ( 0x0010 ), NULL, HFILL }},
{ &hf_eventlog_eventlog_ChangeNotify_unknown2,
{ "Unknown2", "eventlog.eventlog_ChangeNotify.unknown2", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_sid_offset,
{ "Sid Offset", "eventlog.eventlog_Record.sid_offset", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_num_of_strings,
{ "Num Of Strings", "eventlog.eventlog_Record.num_of_strings", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_GetLogIntormation_lpBuffer,
{ "Lpbuffer", "eventlog.eventlog_GetLogIntormation.lpBuffer", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_OpenUnknown0_unknown1,
{ "Unknown1", "eventlog.eventlog_OpenUnknown0.unknown1", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_computer_name,
{ "Computer Name", "eventlog.eventlog_Record.computer_name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_RegisterEventSourceW_unknown0,
{ "Unknown0", "eventlog.eventlog_RegisterEventSourceW.unknown0", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ClearEventLogW_backupfilename,
{ "Backupfilename", "eventlog.eventlog_ClearEventLogW.backupfilename", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ReportEventW_handle,
{ "Handle", "eventlog.eventlog_ReportEventW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlogReadFlags_EVENTLOG_FORWARDS_READ,
{ "Eventlog Forwards Read", "eventlog.eventlogReadFlags.EVENTLOG_FORWARDS_READ", FT_BOOLEAN, 32, TFS(&eventlogReadFlags_EVENTLOG_FORWARDS_READ_tfs), ( 0x0004 ), NULL, HFILL }},
{ &hf_eventlog_eventlog_OpenEventLogW_unknown0,
{ "Unknown0", "eventlog.eventlog_OpenEventLogW.unknown0", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_size,
{ "Size", "eventlog.eventlog_Record.size", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_status,
{ "NT Error", "eventlog.status", FT_UINT32, BASE_HEX, VALS(NT_errors), 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_data_offset,
{ "Data Offset", "eventlog.eventlog_Record.data_offset", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_OpenEventLogW_handle,
{ "Handle", "eventlog.eventlog_OpenEventLogW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_OpenEventLogW_RegModuleName,
{ "Regmodulename", "eventlog.eventlog_OpenEventLogW.RegModuleName", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ReportEventW_Type,
{ "Type", "eventlog.eventlog_ReportEventW.Type", FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ReadEventLogW_real_size,
{ "Real Size", "eventlog.eventlog_ReadEventLogW.real_size", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_OpenBackupEventLogW_unknown3,
{ "Unknown3", "eventlog.eventlog_OpenBackupEventLogW.unknown3", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_OpenUnknown0_unknown0,
{ "Unknown0", "eventlog.eventlog_OpenUnknown0.unknown0", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_source_name,
{ "Source Name", "eventlog.eventlog_Record.source_name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_record_number,
{ "Record Number", "eventlog.eventlog_Record.record_number", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_event_category,
{ "Event Category", "eventlog.eventlog_Record.event_category", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_raw_data,
{ "Raw Data", "eventlog.eventlog_Record.raw_data", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_OpenBackupEventLogW_logname,
{ "Logname", "eventlog.eventlog_OpenBackupEventLogW.logname", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_sid_length,
{ "Sid Length", "eventlog.eventlog_Record.sid_length", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_time_generated,
{ "Time Generated", "eventlog.eventlog_Record.time_generated", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlogReadFlags_EVENTLOG_BACKWARDS_READ,
{ "Eventlog Backwards Read", "eventlog.eventlogReadFlags.EVENTLOG_BACKWARDS_READ", FT_BOOLEAN, 32, TFS(&eventlogReadFlags_EVENTLOG_BACKWARDS_READ_tfs), ( 0x0008 ), NULL, HFILL }},
{ &hf_eventlog_eventlog_ClearEventLogW_handle,
{ "Handle", "eventlog.eventlog_ClearEventLogW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_BackupEventLogW_handle,
{ "Handle", "eventlog.eventlog_BackupEventLogW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlogEventTypes_EVENTLOG_WARNING_TYPE,
{ "Eventlog Warning Type", "eventlog.eventlogEventTypes.EVENTLOG_WARNING_TYPE", FT_BOOLEAN, 32, TFS(&eventlogEventTypes_EVENTLOG_WARNING_TYPE_tfs), ( 0x0002 ), NULL, HFILL }},
{ &hf_eventlog_eventlog_ReportEventW_time,
{ "Time", "eventlog.eventlog_ReportEventW.time", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_Record_length,
{ "Record Length", "eventlog.Record.length", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_closing_record_number,
{ "Closing Record Number", "eventlog.eventlog_Record.closing_record_number", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_OpenBackupEventLogW_unknown2,
{ "Unknown2", "eventlog.eventlog_OpenBackupEventLogW.unknown2", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_event_type,
{ "Event Type", "eventlog.eventlog_Record.event_type", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_RegisterEventSourceW_unknown2,
{ "Unknown2", "eventlog.eventlog_RegisterEventSourceW.unknown2", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ReadEventLogW_flags,
{ "Flags", "eventlog.eventlog_ReadEventLogW.flags", FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_RegisterEventSourceW_logname,
{ "Logname", "eventlog.eventlog_RegisterEventSourceW.logname", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_OpenEventLogW_MajorVersion,
{ "Majorversion", "eventlog.eventlog_OpenEventLogW.MajorVersion", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_GetNumRecords_number,
{ "Number", "eventlog.eventlog_GetNumRecords.number", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ChangeUnknown0_unknown1,
{ "Unknown1", "eventlog.eventlog_ChangeUnknown0.unknown1", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_Record_string,
{ "string", "eventlog.Record.string", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlogEventTypes_EVENTLOG_AUDIT_SUCCESS,
{ "Eventlog Audit Success", "eventlog.eventlogEventTypes.EVENTLOG_AUDIT_SUCCESS", FT_BOOLEAN, 32, TFS(&eventlogEventTypes_EVENTLOG_AUDIT_SUCCESS_tfs), ( 0x0008 ), NULL, HFILL }},
{ &hf_eventlog_eventlog_ReadEventLogW_sent_size,
{ "Sent Size", "eventlog.eventlog_ReadEventLogW.sent_size", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_Record_stringoffset,
{ "Stringoffset", "eventlog.eventlog_Record.stringoffset", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_GetLogIntormation_cbBytesNeeded,
{ "Cbbytesneeded", "eventlog.eventlog_GetLogIntormation.cbBytesNeeded", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_GetOldestRecord_oldest,
{ "Oldest", "eventlog.eventlog_GetOldestRecord.oldest", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_CloseEventLog_handle,
{ "Handle", "eventlog.eventlog_CloseEventLog.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_GetLogIntormation_dwInfoLevel,
{ "Dwinfolevel", "eventlog.eventlog_GetLogIntormation.dwInfoLevel", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
{ &hf_eventlog_eventlog_ReadEventLogW_data,
{ "Data", "eventlog.eventlog_ReadEventLogW.data", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL }},
};

9
epan/dissectors/packet-dcerpc-eventlog.h
View File

@ -1,16 +1,13 @@
/* autogenerated by pidl */
/* DO NOT EDIT
This filter was automatically generated
This file was automatically generated by Pidl
from eventlog.idl and eventlog.cnf.
Pidl is a perl based IDL compiler for DCE/RPC idl files.
Pidl is a perl based IDL compiler for DCE/RPC idl files.
It is maintained by the Samba team, not the Wireshark team.
Instructions on how to download and install Pidl can be
Instructions on how to download and install Pidl can be
found at http://wiki.wireshark.org/Pidl
*/
#ifndef __PACKET_DCERPC_EVENTLOG_H
#define __PACKET_DCERPC_EVENTLOG_H

5
epan/dissectors/pidl/README
View File

@ -99,11 +99,6 @@ Not compiling idl
As of November 23, 2013, the following idl have issues when generating
and compiling:
pidl generates declarations of functions that take a dcerpc_info *
argument and definitions of those functions that don't:
eventlog.idl
pidl generates declarations and definitions of functions that take a
dcerpc_info * argument, but calls to those functions that don't:

22
epan/dissectors/pidl/eventlog.cnf
View File

@ -34,7 +34,7 @@ PARAM_VALUE eventlog_dissect_element_CloseEventLog_handle_ PIDL_POLHND_CLO
CODE START
/* Add this one manually until we can compile LSA */
static int
eventlog_dissect_struct_lsa_String(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, guint8 *drep, int hf_index,int notused _U_)
eventlog_dissect_struct_lsa_String(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int hf_index,int notused _U_)
{
if(di->conformant_run){
/*just a run to handle conformant arrays, nothing to dissect */
@ -48,7 +48,7 @@ eventlog_dissect_struct_lsa_String(tvbuff_t *tvb, int offset, packet_info *pinfo
static int
eventlog_dissect_element_ReadEventLogW_data_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, guint8 *drep)
eventlog_dissect_element_ReadEventLogW_data_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
{
guint32 len;
tvbuff_t *record_tvb;
@ -78,7 +78,7 @@ eventlog_dissect_element_ReadEventLogW_data_(tvbuff_t *tvb, int offset, packet_i
and we want to dissect the sid from the data blob */
static guint32 sid_length;
static int
eventlog_dissect_element_Record_sid_length(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, guint8 *drep)
eventlog_dissect_element_Record_sid_length(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
{
sid_length=0;
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_sid_length,&sid_length);
@ -86,7 +86,7 @@ eventlog_dissect_element_Record_sid_length(tvbuff_t *tvb, int offset, packet_inf
return offset;
}
static int
eventlog_dissect_element_Record_sid_offset(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, guint8 *drep)
eventlog_dissect_element_Record_sid_offset(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
{
guint32 sid_offset=0;
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_sid_offset,&sid_offset);
@ -94,7 +94,7 @@ eventlog_dissect_element_Record_sid_offset(tvbuff_t *tvb, int offset, packet_inf
if(sid_offset && sid_length){
tvbuff_t *sid_tvb;
/* this blob contains an NT SID.
/* this blob contains an NT SID.
* tvb starts at the beginning of the record.
*/
sid_tvb=tvb_new_subset(tvb, sid_offset, MIN((gint)sid_length, tvb_length_remaining(tvb, offset)), sid_length);
@ -105,7 +105,7 @@ eventlog_dissect_element_Record_sid_offset(tvbuff_t *tvb, int offset, packet_inf
}
static int
eventlog_dissect_element_Record_source_name(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, guint8 *drep _U_)
eventlog_dissect_element_Record_source_name(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, dcerpc_info *di _U_, guint8 *drep _U_)
{
guint len;
@ -117,7 +117,7 @@ eventlog_dissect_element_Record_source_name(tvbuff_t *tvb, int offset, packet_in
}
static int
eventlog_dissect_element_Record_computer_name(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, guint8 *drep _U_)
eventlog_dissect_element_Record_computer_name(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, dcerpc_info *di _U_, guint8 *drep _U_)
{
guint len;
@ -131,7 +131,7 @@ eventlog_dissect_element_Record_computer_name(tvbuff_t *tvb, int offset, packet_
static guint16 num_of_strings;
static int
eventlog_dissect_element_Record_num_of_strings(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, guint8 *drep)
eventlog_dissect_element_Record_num_of_strings(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
{
num_of_strings=0;
offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_num_of_strings,&num_of_strings);
@ -142,7 +142,7 @@ eventlog_dissect_element_Record_num_of_strings(tvbuff_t *tvb, int offset, packet
static guint32 string_offset;
static int
eventlog_dissect_element_Record_stringoffset(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, guint8 *drep)
eventlog_dissect_element_Record_stringoffset(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
{
string_offset=0;
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_stringoffset,&string_offset);
@ -151,7 +151,7 @@ eventlog_dissect_element_Record_stringoffset(tvbuff_t *tvb, int offset, packet_i
}
static int
eventlog_dissect_element_Record_strings(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, guint8 *drep _U_)
eventlog_dissect_element_Record_strings(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, dcerpc_info *di _U_, guint8 *drep _U_)
{
while(string_offset && num_of_strings){
guint len;
@ -159,7 +159,7 @@ eventlog_dissect_element_Record_strings(tvbuff_t *tvb, int offset, packet_info *
len=tvb_unicode_strsize(tvb, string_offset);
proto_tree_add_item(tree, hf_eventlog_Record_string, tvb, string_offset, len, ENC_UTF_16|ENC_LITTLE_ENDIAN);
string_offset+=len;
num_of_strings--;
}

10
epan/dissectors/pidl/eventlog.idl
View File

@ -31,8 +31,8 @@
uint16 unknown0;
uint16 unknown1;
} eventlog_OpenUnknown0;
typedef [public] struct {
typedef [public] struct {
uint32 size;
uint32 reserved;
uint32 record_number;
@ -68,7 +68,7 @@
[in] policy_handle *handle,
[in,unique] lsa_String *backupfilename
);
/******************/
/* Function: 0x02 */
NTSTATUS eventlog_CloseEventLog(
@ -169,7 +169,7 @@
/*****************/
/* Function 0x0c */
NTSTATUS eventlog_ClearEventLogA();
/******************/
/* Function: 0x0d */
NTSTATUS eventlog_BackupEventLogA();
@ -220,5 +220,5 @@
/* Function 0x17 */
NTSTATUS eventlog_FlushEventLog(
[in] policy_handle *handle
);
);
}