bugfix to idl2eth : handle the case when pointers were not explicitely specified

and we have a pointer to an array of pointers make the EFS dissector autogenerated by idl2eth git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@13806 f5534014-38df-0310-8fa8-9805f1628bb7
author: sahlberg <sahlberg@f5534014-38df-0310-8fa8-9805f1628bb7> 2005-03-19 09:11:56 +0000
committer: sahlberg <sahlberg@f5534014-38df-0310-8fa8-9805f1628bb7> 2005-03-19 09:11:56 +0000
commit: 9fd0ce7dda6aa463426f2e181f0aaa3176dbec24 (patch)
tree: ab6f9e57e814debc57a4eea4f5f4aecbfcd2eca0 /epan/dissectors/packet-dcerpc-efs.c
parent: 0916431b31bf3b0201c0ad49cfd4f0067bc05f9c (diff)
1 files changed, 938 insertions, 427 deletions
diff --git a/epan/dissectors/packet-dcerpc-efs.c b/epan/dissectors/packet-dcerpc-efs.c
index 5487912024..fe074f3e89 100644
--- a/epan/dissectors/packet-dcerpc-efs.c
+++ b/epan/dissectors/packet-dcerpc-efs.c
@@ -1,6 +1,12 @@
+/* DO NOT EDIT
+ * This dissector is autogenerated
+ */
+
 /* packet-dcerpc-efs.c
- * Routines for the efsrpc MSRPC interface
- * Copyright 2004 Ronnie Sahlberg, Jean-Baptiste Marchand
+ * Routines for EFS packet disassembly
+ *   ronnie sahlberg 2005
+ * Autogenerated based on the IDL definitions by
+ *   Jean-Baptiste Marchand
  *
  * $Id$
  *
@@ -23,676 +29,1181 @@
  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  */
 
-
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
 
 #include <glib.h>
+#include <string.h>
+
 #include <epan/packet.h>
 #include "packet-dcerpc.h"
 #include "packet-dcerpc-nt.h"
-#include "packet-dcerpc-efs.h"
 #include "packet-windows-common.h"
+#include "packet-dcerpc-efs.h"
 
+static int proto_efs = -1;
+
+
+/* INCLUDED FILE : ETH_HF */
+static int hf_efs_opnum = -1;
+static int hf_efs_rc = -1;
+static int hf_efs_EfsRpcOpenFileRaw_pvContext = -1;
+static int hf_efs_EfsRpcOpenFileRaw_FileName = -1;
+static int hf_efs_EfsRpcOpenFileRaw_Flags = -1;
+static int hf_efs_EfsRpcReadFileRaw_pvContext = -1;
+static int hf_efs_EfsRpcWriteFileRaw_pvContext = -1;
+static int hf_efs_EfsRpcCloseRaw_pvContext = -1;
+static int hf_efs_EfsRpcEncryptFileSrv_Filename = -1;
+static int hf_efs_EfsRpcDecryptFileSrv_FileName = -1;
+static int hf_efs_EfsRpcDecryptFileSrv_Reserved = -1;
+static int hf_efs_EFS_HASH_BLOB_cbData = -1;
+static int hf_efs_EFS_HASH_BLOB_pbData = -1;
+static int hf_efs_ENCRYPTION_CERTIFICATE_HASH_cbTotalLength = -1;
+static int hf_efs_ENCRYPTION_CERTIFICATE_HASH_pUserSid = -1;
+static int hf_efs_ENCRYPTION_CERTIFICATE_HASH_pHash = -1;
+static int hf_efs_ENCRYPTION_CERTIFICATE_HASH_lpDisplayInformation = -1;
+static int hf_efs_ENCRYPTION_CERTIFICATE_HASH_LIST_nCert_Hash = -1;
+static int hf_efs_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers = -1;
+static int hf_efs_EfsRpcQueryUsersOnFile_FileName = -1;
+static int hf_efs_EfsRpcQueryUsersOnFile_pUsers = -1;
+static int hf_efs_EfsRpcQueryRecoveryAgents_FileName = -1;
+static int hf_efs_EfsRpcQueryRecoveryAgents_pRecoveryAgents = -1;
+static int hf_efs_EfsRpcRemoveUsersFromFile_FileName = -1;
+static int hf_efs_EfsRpcAddUsersToFile_FileName = -1;
+static int hf_efs_EFS_CERTIFICATE_BLOB_dwCertEncodingType = -1;
+static int hf_efs_EFS_CERTIFICATE_BLOB_cbData = -1;
+static int hf_efs_EFS_CERTIFICATE_BLOB_pbData = -1;
+static int hf_efs_ENCRYPTION_CERTIFICATE_TotalLength = -1;
+static int hf_efs_ENCRYPTION_CERTIFICATE_pUserSid = -1;
+static int hf_efs_ENCRYPTION_CERTIFICATE_pCertBlob = -1;
+static int hf_efs_EfsRpcSetFileEncryptionKey_pEncryptionCertificate = -1;
+/* END OF INCLUDED FILE : ETH_HF */
+
+
+
+
+
+/* INCLUDED FILE : ETH_ETT */
+static gint ett_efs = -1;
+static gint ett_efs_EFS_HASH_BLOB = -1;
+static gint ett_efs_ENCRYPTION_CERTIFICATE_HASH = -1;
+static gint ett_efs_ENCRYPTION_CERTIFICATE_HASH_LIST = -1;
+static gint ett_efs_EFS_CERTIFICATE_BLOB = -1;
+static gint ett_efs_ENCRYPTION_CERTIFICATE = -1;
+/* END OF INCLUDED FILE : ETH_ETT */
+
+
+
+
+
+/* INCLUDED FILE : ETH_CODE */
+static e_uuid_t uuid_dcerpc_efs = {
+    0xc681d488, 0xd850, 0x11d0,
+    { 0x8c, 0x52, 0x00, 0xc0, 0x4f, 0xd9, 0x0f, 0x7e}
+};
 
-static int proto_dcerpc_efs = -1;
-static int hf_efsrpc_opnum = -1;
-static int hf_efsrpc_rc = -1;
-static int hf_efsrpc_filename = -1;
-static int hf_efsrpc_flags = -1;
-static int hf_efsrpc_hnd = -1;
-static int hf_efsrpc_reserved = -1;
-static int hf_efsrpc_num_entries = -1;
-static int hf_efsrpc_data_size = -1;
-static int hf_efsrpc_cert_dn = -1;
+static guint16 ver_efs = 1;
 
-static gint ett_dcerpc_efs = -1;
-static gint ett_dcerpc_efs_cert_hash = -1;
 
+static e_ctx_hnd policy_hnd;
+static proto_item *hnd_item;
 
-/* 
-IDL [ uuid(c681d488-d850-11d0-8c52-00c04fd90f7e),
-IDL  version(1.0),
-IDL  implicit_handle(handle_t rpc_binding)
-IDL ] interface efsrpc
-*/
+static int
+efs_dissect_policy_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int hf_index, guint32 param)
+{
+    offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
+                   hf_index, &policy_hnd, &hnd_item,
+                   param&0x01, param&0x02);
+    return offset;
+}
 
+static int
+efs_dissect_EfsRpcOpenFileRaw_pvContext(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    guint32 param=0;
+    offset=efs_dissect_policy_handle(tvb, offset, pinfo, tree, drep, hf_efs_EfsRpcOpenFileRaw_pvContext, param);
+    return offset;
+}
 
-static e_uuid_t uuid_dcerpc_efs = {
-	0xc681d488, 0xd850, 0x11d0,
-	{ 0x8c, 0x52, 0x00, 0xc0, 0x4f, 0xd9, 0x0f, 0x7e }
-};
+static int
+ref_efs_dissect_EfsRpcOpenFileRaw_pvContext(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    offset=dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, efs_dissect_EfsRpcOpenFileRaw_pvContext, NDR_POINTER_REF, "pvContext", -1);
+    return offset;
+}
 
-static guint16 ver_dcerpc_efs = 1; 
 
+static int
+efs_dissect_unistr(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int hf_index, guint32 param _U_)
+{
+    offset=dissect_ndr_cvstring(tvb, offset, pinfo, tree, drep, 2, hf_index, FALSE, NULL);
+    return offset;
+}
+
+static int
+efs_dissect_EfsRpcOpenFileRaw_FileName(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    guint32 param=0;
+    offset=efs_dissect_unistr(tvb, offset, pinfo, tree, drep, hf_efs_EfsRpcOpenFileRaw_FileName, param);
+    return offset;
+}
 
-/*
-IDL long EfsRpcOpenFileRaw(
-IDL       [out] [context_handle] void *pvContext,
-IDL        [in] [string] wchar_t FileName,
-IDL        [in] long Flags
-IDL  );
-*/
 
 static int
-efsrpc_dissect_open_file_raw_rqst(tvbuff_t *tvb, int offset,
-	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+efs_dissect_long(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int hf_index, guint32 param _U_)
 {
+    offset=dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_index, NULL);
+    return offset;
+}
+
+static int
+efs_dissect_EfsRpcOpenFileRaw_Flags(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    guint32 param=0;
+    offset=efs_dissect_long(tvb, offset, pinfo, tree, drep, hf_efs_EfsRpcOpenFileRaw_Flags, param);
+    return offset;
+}
+
 
-        offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, drep,
-                                      sizeof(guint16),
-			              hf_efsrpc_filename, TRUE, NULL);
+static int
+efs_dissect_EfsRpcOpenFileRaw_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
+{
+        offset=efs_dissect_EfsRpcOpenFileRaw_FileName(tvb, offset, pinfo, tree, drep);
+        offset=dissect_deferred_pointers(pinfo, tvb, offset, drep);
 
-	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
-			hf_efsrpc_flags, NULL);
+        offset=efs_dissect_EfsRpcOpenFileRaw_Flags(tvb, offset, pinfo, tree, drep);
+        offset=dissect_deferred_pointers(pinfo, tvb, offset, drep);
 
-	return offset;
 
+   return offset;
 }
 
 static int
-efsrpc_dissect_open_file_raw_reply(tvbuff_t *tvb, int offset,
-	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+efs_dissect_EfsRpcOpenFileRaw_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
 {
-        offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
-				       hf_efsrpc_hnd, NULL, NULL, TRUE, FALSE);
+        offset=ref_efs_dissect_EfsRpcOpenFileRaw_pvContext(tvb, offset, pinfo, tree, drep);
+        offset=dissect_deferred_pointers(pinfo, tvb, offset, drep);
 
-	offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep, 
-			hf_efsrpc_rc, NULL);
+   offset=dissect_ntstatus(tvb, offset, pinfo, tree, drep, hf_efs_rc, NULL);
 
-	return offset;
+
+   return offset;
+}
+static int
+efs_dissect_EfsRpcReadFileRaw_pvContext(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    guint32 param=0;
+    offset=efs_dissect_policy_handle(tvb, offset, pinfo, tree, drep, hf_efs_EfsRpcReadFileRaw_pvContext, param);
+    return offset;
 }
 
+static int
+ref_efs_dissect_EfsRpcReadFileRaw_pvContext(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    offset=dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, efs_dissect_EfsRpcReadFileRaw_pvContext, NDR_POINTER_REF, "pvContext", -1);
+    return offset;
+}
 
 
-/*
-IDL  long EfsRpcReadFileRaw(
-IDL        [in] [context_handle] void *pvContext,
-IDL       [out] ??? element_5
-IDL  );
-*/
+static int
+efs_dissect_EfsRpcReadFileRaw_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
+{
+        offset=ref_efs_dissect_EfsRpcReadFileRaw_pvContext(tvb, offset, pinfo, tree, drep);
+        offset=dissect_deferred_pointers(pinfo, tvb, offset, drep);
+
+
+   return offset;
+}
 
 static int
-efsrpc_dissect_read_file_raw_rqst(tvbuff_t *tvb, int offset,
-	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+efs_dissect_EfsRpcReadFileRaw_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
 {
+   offset=dissect_ntstatus(tvb, offset, pinfo, tree, drep, hf_efs_rc, NULL);
 
-        offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
-				       hf_efsrpc_hnd, NULL, NULL, FALSE, FALSE);
 
-	return offset;
+   return offset;
+}
+static int
+efs_dissect_EfsRpcWriteFileRaw_pvContext(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    guint32 param=0;
+    offset=efs_dissect_policy_handle(tvb, offset, pinfo, tree, drep, hf_efs_EfsRpcWriteFileRaw_pvContext, param);
+    return offset;
+}
 
+static int
+ref_efs_dissect_EfsRpcWriteFileRaw_pvContext(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    offset=dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, efs_dissect_EfsRpcWriteFileRaw_pvContext, NDR_POINTER_REF, "pvContext", -1);
+    return offset;
 }
 
 
-/*
-IDL  long EfsRpcWriteFileRaw(
-IDL        [in] [context_handle] void *pvContext,
-IDL        [in] ??? element_7
-IDL  );
-*/
+static int
+efs_dissect_EfsRpcWriteFileRaw_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
+{
+        offset=ref_efs_dissect_EfsRpcWriteFileRaw_pvContext(tvb, offset, pinfo, tree, drep);
+        offset=dissect_deferred_pointers(pinfo, tvb, offset, drep);
+
 
+   return offset;
+}
 
 static int
-efsrpc_dissect_write_file_raw_rqst(tvbuff_t *tvb, int offset,
-	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+efs_dissect_EfsRpcWriteFileRaw_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
 {
+   offset=dissect_ntstatus(tvb, offset, pinfo, tree, drep, hf_efs_rc, NULL);
 
-        offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
-				       hf_efsrpc_hnd, NULL, NULL, FALSE, FALSE);
 
-	return offset;
+   return offset;
+}
+static int
+efs_dissect_EfsRpcCloseRaw_pvContext(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    guint32 param=0;
+    offset=efs_dissect_policy_handle(tvb, offset, pinfo, tree, drep, hf_efs_EfsRpcCloseRaw_pvContext, param);
+    return offset;
+}
 
+static int
+ref_efs_dissect_EfsRpcCloseRaw_pvContext(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    offset=dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, efs_dissect_EfsRpcCloseRaw_pvContext, NDR_POINTER_REF, "pvContext", -1);
+    return offset;
 }
 
 
 static int
-efsrpc_dissect_write_file_raw_reply(tvbuff_t *tvb, int offset,
-	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+efs_dissect_EfsRpcCloseRaw_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
+{
+        offset=ref_efs_dissect_EfsRpcCloseRaw_pvContext(tvb, offset, pinfo, tree, drep);
+        offset=dissect_deferred_pointers(pinfo, tvb, offset, drep);
+
+
+   return offset;
+}
+
+static int
+efs_dissect_EfsRpcCloseRaw_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
 {
+        offset=ref_efs_dissect_EfsRpcCloseRaw_pvContext(tvb, offset, pinfo, tree, drep);
+        offset=dissect_deferred_pointers(pinfo, tvb, offset, drep);
 
-	offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep, 
-			hf_efsrpc_rc, NULL);
+   offset=dissect_ntstatus(tvb, offset, pinfo, tree, drep, hf_efs_rc, NULL);
 
-	return offset;
 
+   return offset;
+}
+static int
+efs_dissect_EfsRpcEncryptFileSrv_Filename(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    guint32 param=0;
+    offset=efs_dissect_unistr(tvb, offset, pinfo, tree, drep, hf_efs_EfsRpcEncryptFileSrv_Filename, param);
+    return offset;
 }
 
 
-/*
-IDL
-IDL  void EfsRpcCloseRaw(
-IDL        [in,out] [context_handle] void *pvContext,
-IDL  );
-*/
+static int
+efs_dissect_EfsRpcEncryptFileSrv_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
+{
+        offset=efs_dissect_EfsRpcEncryptFileSrv_Filename(tvb, offset, pinfo, tree, drep);
+        offset=dissect_deferred_pointers(pinfo, tvb, offset, drep);
+
 
+   return offset;
+}
 
 static int
-efsrpc_dissect_close_file_raw_rqst(tvbuff_t *tvb, int offset,
-	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+efs_dissect_EfsRpcEncryptFileSrv_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
 {
+   offset=dissect_ntstatus(tvb, offset, pinfo, tree, drep, hf_efs_rc, NULL);
 
-        offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
-				       hf_efsrpc_hnd, NULL, NULL, FALSE, TRUE);
 
-	return offset;
+   return offset;
+}
+static int
+efs_dissect_EfsRpcDecryptFileSrv_FileName(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    guint32 param=0;
+    offset=efs_dissect_unistr(tvb, offset, pinfo, tree, drep, hf_efs_EfsRpcDecryptFileSrv_FileName, param);
+    return offset;
+}
 
+static int
+efs_dissect_EfsRpcDecryptFileSrv_Reserved(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    guint32 param=0;
+    offset=efs_dissect_long(tvb, offset, pinfo, tree, drep, hf_efs_EfsRpcDecryptFileSrv_Reserved, param);
+    return offset;
 }
 
 
 static int
-efsrpc_dissect_close_file_raw_reply(tvbuff_t *tvb, int offset,
-	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+efs_dissect_EfsRpcDecryptFileSrv_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
 {
+        offset=efs_dissect_EfsRpcDecryptFileSrv_FileName(tvb, offset, pinfo, tree, drep);
+        offset=dissect_deferred_pointers(pinfo, tvb, offset, drep);
 
-        offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep,
-				       hf_efsrpc_hnd, NULL, NULL, FALSE, FALSE);
+        offset=efs_dissect_EfsRpcDecryptFileSrv_Reserved(tvb, offset, pinfo, tree, drep);
+        offset=dissect_deferred_pointers(pinfo, tvb, offset, drep);
 
-	return offset;
 
+   return offset;
 }
 
+static int
+efs_dissect_EfsRpcDecryptFileSrv_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
+{
+   offset=dissect_ntstatus(tvb, offset, pinfo, tree, drep, hf_efs_rc, NULL);
 
 
-/*
-IDL long EfsRpcEncryptFileSrv(
-IDL       [in] [string] wchar_t Filename
-IDL );
- */
-
+   return offset;
+}
 static int
-efsrpc_dissect_encrypt_file_srv_rqst(tvbuff_t *tvb, int offset,
-	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+efs_dissect_EFS_HASH_BLOB_cbData(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
 {
+    guint32 param=0;
+    offset=efs_dissect_long(tvb, offset, pinfo, tree, drep, hf_efs_EFS_HASH_BLOB_cbData, param);
+    return offset;
+}
 
-        offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, drep,
-                                      sizeof(guint16),
-			              hf_efsrpc_filename, TRUE, NULL);
 
-	return offset;
+static int
+efs_dissect_uint8(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int hf_index, guint32 param _U_)
+{
+    offset=dissect_ndr_uint8(tvb, offset, pinfo, tree, drep, hf_index, NULL);
+    return offset;
+}
 
+static int
+efs_dissect_EFS_HASH_BLOB_pbData(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    guint32 param=0;
+    offset=efs_dissect_uint8(tvb, offset, pinfo, tree, drep, hf_efs_EFS_HASH_BLOB_pbData, param);
+    return offset;
 }
 
+static int
+ucarray_efs_dissect_EFS_HASH_BLOB_pbData(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    offset=dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep, efs_dissect_EFS_HASH_BLOB_pbData);
+    return offset;
+}
 
 static int
-efsrpc_dissect_encrypt_file_srv_reply(tvbuff_t *tvb, int offset,
-	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+unique_ucarray_efs_dissect_EFS_HASH_BLOB_pbData(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
 {
+    offset=dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, drep, ucarray_efs_dissect_EFS_HASH_BLOB_pbData, NDR_POINTER_UNIQUE, "pbData", -1);
+    return offset;
+}
+
 
-	offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep, 
-			hf_efsrpc_rc, NULL);
+int
+efs_dissect_EFS_HASH_BLOB(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_)
+{
+    proto_item *item=NULL;
+    proto_tree *tree=NULL;
+    int old_offset;
 
-	return offset;
+    ALIGN_TO_4_BYTES;
 
-}
+    old_offset=offset;
+    if(parent_tree){
+        item=proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE);
+        tree=proto_item_add_subtree(item, ett_efs_EFS_HASH_BLOB);
+    }
 
+    offset=efs_dissect_EFS_HASH_BLOB_cbData(tvb, offset, pinfo, tree, drep);
 
-/*
-IDL  long EfsRpcDecryptFileSrv(
-IDL        [in] [string] wchar_t FileName, 
-IDL        [in] long Reserved
-IDL  );
-*/
+    offset=unique_ucarray_efs_dissect_EFS_HASH_BLOB_pbData(tvb, offset, pinfo, tree, drep);
 
+    proto_item_set_len(item, offset-old_offset);
 
+    return offset;
+}
 static int
-efsrpc_dissect_decrypt_file_srv_rqst(tvbuff_t *tvb, int offset,
-	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+efs_dissect_ENCRYPTION_CERTIFICATE_HASH_cbTotalLength(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
 {
+    guint32 param=0;
+    offset=efs_dissect_long(tvb, offset, pinfo, tree, drep, hf_efs_ENCRYPTION_CERTIFICATE_HASH_cbTotalLength, param);
+    return offset;
+}
 
-        offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, drep,
-                                      sizeof(guint16),
-			              hf_efsrpc_filename, TRUE, NULL);
 
-	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
-			hf_efsrpc_reserved, NULL);
+static int
+efs_dissect_SID(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int hf_index, guint32 param)
+{
+    dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
 
-	return offset;
+    di->hf_index=hf_index;
+    offset=dissect_ndr_nt_SID_with_options(tvb, offset, pinfo, tree, drep, param);
+    return offset;
+}
 
+static int
+efs_dissect_ENCRYPTION_CERTIFICATE_HASH_pUserSid(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    guint32 param=0;
+    offset=efs_dissect_SID(tvb, offset, pinfo, tree, drep, hf_efs_ENCRYPTION_CERTIFICATE_HASH_pUserSid, param);
+    return offset;
 }
 
+static int
+unique_efs_dissect_ENCRYPTION_CERTIFICATE_HASH_pUserSid(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    offset=dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, drep, efs_dissect_ENCRYPTION_CERTIFICATE_HASH_pUserSid, NDR_POINTER_UNIQUE, "pUserSid", -1);
+    return offset;
+}
 
 static int
-efsrpc_dissect_decrypt_file_srv_reply(tvbuff_t *tvb, int offset,
-	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+efs_dissect_ENCRYPTION_CERTIFICATE_HASH_pHash(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
 {
+    guint32 param=0;
+    offset=efs_dissect_EFS_HASH_BLOB(tvb, offset, pinfo, tree, drep, hf_efs_ENCRYPTION_CERTIFICATE_HASH_pHash, param);
+    return offset;
+}
 
-	offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep, 
-			hf_efsrpc_rc, NULL);
+static int
+unique_efs_dissect_ENCRYPTION_CERTIFICATE_HASH_pHash(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    offset=dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, drep, efs_dissect_ENCRYPTION_CERTIFICATE_HASH_pHash, NDR_POINTER_UNIQUE, "pHash", -1);
+    return offset;
+}
 
-	return offset;
+static int
+efs_dissect_ENCRYPTION_CERTIFICATE_HASH_lpDisplayInformation(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    guint32 param=0;
+    offset=efs_dissect_unistr(tvb, offset, pinfo, tree, drep, hf_efs_ENCRYPTION_CERTIFICATE_HASH_lpDisplayInformation, param);
+    return offset;
+}
 
+static int
+unique_efs_dissect_ENCRYPTION_CERTIFICATE_HASH_lpDisplayInformation(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    offset=dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, drep, efs_dissect_ENCRYPTION_CERTIFICATE_HASH_lpDisplayInformation, NDR_POINTER_UNIQUE, "lpDisplayInformation", -1);
+    return offset;
 }
 
 
-/*
-IDL typedef struct {
-IDL    long   cbData;
-IDL    [size_is(cbData)]  void  *pbData;
-IDL } EFS_HASH_BLOB;
-*/
+int
+efs_dissect_ENCRYPTION_CERTIFICATE_HASH(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_)
+{
+    proto_item *item=NULL;
+    proto_tree *tree=NULL;
+    int old_offset;
+
+    ALIGN_TO_4_BYTES;
+
+    old_offset=offset;
+    if(parent_tree){
+        item=proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE);
+        tree=proto_item_add_subtree(item, ett_efs_ENCRYPTION_CERTIFICATE_HASH);
+    }
+
+    offset=efs_dissect_ENCRYPTION_CERTIFICATE_HASH_cbTotalLength(tvb, offset, pinfo, tree, drep);
+
+    offset=unique_efs_dissect_ENCRYPTION_CERTIFICATE_HASH_pUserSid(tvb, offset, pinfo, tree, drep);
+
+    offset=unique_efs_dissect_ENCRYPTION_CERTIFICATE_HASH_pHash(tvb, offset, pinfo, tree, drep);
+
+    offset=unique_efs_dissect_ENCRYPTION_CERTIFICATE_HASH_lpDisplayInformation(tvb, offset, pinfo, tree, drep);
+
+    proto_item_set_len(item, offset-old_offset);
 
+    return offset;
+}
 static int
-efsrpc_dissect_EFS_HASH_BLOB_data(tvbuff_t *tvb, int offset,
-				     packet_info *pinfo, proto_tree *tree,
-				     guint8 *drep)
+efs_dissect_ENCRYPTION_CERTIFICATE_HASH_LIST_nCert_Hash(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
 {
-	guint32 size;
-	dcerpc_info *di = (dcerpc_info *)pinfo->private_data;
+    guint32 param=0;
+    offset=efs_dissect_long(tvb, offset, pinfo, tree, drep, hf_efs_ENCRYPTION_CERTIFICATE_HASH_LIST_nCert_Hash, param);
+    return offset;
+}
 
-	if(di->conformant_run){
-		return offset;   /* cant modify offset while performing conformant run */
-	}
+static int
+efs_dissect_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    guint32 param=0;
+    offset=efs_dissect_ENCRYPTION_CERTIFICATE_HASH(tvb, offset, pinfo, tree, drep, hf_efs_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers, param);
+    return offset;
+}
 
-	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
-		hf_efsrpc_data_size, &size);
+static int
+unique_efs_dissect_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    offset=dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, drep, efs_dissect_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers, NDR_POINTER_UNIQUE, "pUsers", -1);
+    return offset;
+}
 
-	/* XXX insert some sort of proto_tree_add_item  here and show hex data
-	   of the blob */
-	offset += size;
-	return offset;
+static int
+ucarray_unique_efs_dissect_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    offset=dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep, unique_efs_dissect_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers);
+    return offset;
 }
 
 static int
-efsrpc_dissect_EFS_HASH_BLOB(tvbuff_t *tvb, int offset,
-				     packet_info *pinfo, proto_tree *tree,
-				     guint8 *drep)
+unique_ucarray_unique_efs_dissect_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
 {
-	guint32 size;
+    offset=dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, drep, ucarray_unique_efs_dissect_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers, NDR_POINTER_UNIQUE, "pUsers", -1);
+    return offset;
+}
 
-	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
-		hf_efsrpc_data_size, &size);
 
-        offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		efsrpc_dissect_EFS_HASH_BLOB_data, NDR_POINTER_UNIQUE,
-		"HASH_BLOB", -1);
+int
+efs_dissect_ENCRYPTION_CERTIFICATE_HASH_LIST(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_)
+{
+    proto_item *item=NULL;
+    proto_tree *tree=NULL;
+    int old_offset;
 
-	return offset;
-}
+    ALIGN_TO_4_BYTES;
 
+    old_offset=offset;
+    if(parent_tree){
+        item=proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE);
+        tree=proto_item_add_subtree(item, ett_efs_ENCRYPTION_CERTIFICATE_HASH_LIST);
+    }
 
+    offset=efs_dissect_ENCRYPTION_CERTIFICATE_HASH_LIST_nCert_Hash(tvb, offset, pinfo, tree, drep);
+
+    offset=unique_ucarray_unique_efs_dissect_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers(tvb, offset, pinfo, tree, drep);
+
+    proto_item_set_len(item, offset-old_offset);
+
+    return offset;
+}
 static int
-efsrpc_dissect_efs_SID_ptr(tvbuff_t *tvb, int offset,
-				     packet_info *pinfo, proto_tree *tree,
-				     guint8 *drep)
+efs_dissect_EfsRpcQueryUsersOnFile_FileName(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
 {
-	offset = dissect_ndr_nt_SID(tvb, offset, pinfo, tree, drep);
+    guint32 param=0;
+    offset=efs_dissect_unistr(tvb, offset, pinfo, tree, drep, hf_efs_EfsRpcQueryUsersOnFile_FileName, param);
+    return offset;
+}
+
+static int
+efs_dissect_EfsRpcQueryUsersOnFile_pUsers(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    guint32 param=0;
+    offset=efs_dissect_ENCRYPTION_CERTIFICATE_HASH_LIST(tvb, offset, pinfo, tree, drep, hf_efs_EfsRpcQueryUsersOnFile_pUsers, param);
+    return offset;
+}
 
-	return offset;
+static int
+unique_efs_dissect_EfsRpcQueryUsersOnFile_pUsers(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    offset=dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, efs_dissect_EfsRpcQueryUsersOnFile_pUsers, NDR_POINTER_UNIQUE, "pUsers", -1);
+    return offset;
 }
 
+static int
+ref_unique_efs_dissect_EfsRpcQueryUsersOnFile_pUsers(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    offset=dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, unique_efs_dissect_EfsRpcQueryUsersOnFile_pUsers, NDR_POINTER_REF, "pUsers", -1);
+    return offset;
+}
 
-/*
-IDL typedef struct {
-IDL    long cbTotalLength;
-IDL    SID *pUserSid;
-IDL    EFS_HASH_BLOB  *pHash;
-IDL    [string] wchar_t lpDisplayInformation;
-IDL } ENCRYPTION_CERTIFICATE_HASH;
-*/
 
 static int
-efsrpc_dissect_ENCRYPTION_CERTIFICATE_HASH(tvbuff_t *tvb, int offset,
-				     packet_info *pinfo, proto_tree *parent_tree,
-				     guint8 *drep)
+efs_dissect_EfsRpcQueryUsersOnFile_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
 {
-	proto_item *item = NULL;
-	proto_tree *tree = NULL;
+        offset=efs_dissect_EfsRpcQueryUsersOnFile_FileName(tvb, offset, pinfo, tree, drep);
+        offset=dissect_deferred_pointers(pinfo, tvb, offset, drep);
 
-	if (parent_tree) {
-		item = proto_tree_add_text(parent_tree, tvb, offset, -1, "ENCRYPTION_CERTIFICATE_HASH");
-		tree = proto_item_add_subtree(item, ett_dcerpc_efs_cert_hash);
-	}
 
-	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
-		hf_efsrpc_data_size, NULL);
+   return offset;
+}
 
-        offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		efsrpc_dissect_efs_SID_ptr, NDR_POINTER_UNIQUE,
-		"SID", -1);
+static int
+efs_dissect_EfsRpcQueryUsersOnFile_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
+{
+        offset=ref_unique_efs_dissect_EfsRpcQueryUsersOnFile_pUsers(tvb, offset, pinfo, tree, drep);
+        offset=dissect_deferred_pointers(pinfo, tvb, offset, drep);
 
-        offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		efsrpc_dissect_EFS_HASH_BLOB, NDR_POINTER_UNIQUE,
-		"EFS_HASH_BLOB", -1);
+   offset=dissect_ntstatus(tvb, offset, pinfo, tree, drep, hf_efs_rc, NULL);
 
-	offset = dissect_ndr_pointer_cb(
-		tvb, offset, pinfo, tree, drep,
-		dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE,
-		"Certificate DN", hf_efsrpc_cert_dn, cb_wstr_postprocess,
-		GINT_TO_POINTER(CB_STR_COL_INFO | 1));
 
-	return offset;
+   return offset;
+}
+static int
+efs_dissect_EfsRpcQueryRecoveryAgents_FileName(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    guint32 param=0;
+    offset=efs_dissect_unistr(tvb, offset, pinfo, tree, drep, hf_efs_EfsRpcQueryRecoveryAgents_FileName, param);
+    return offset;
 }
 
+static int
+efs_dissect_EfsRpcQueryRecoveryAgents_pRecoveryAgents(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    guint32 param=0;
+    offset=efs_dissect_ENCRYPTION_CERTIFICATE_HASH_LIST(tvb, offset, pinfo, tree, drep, hf_efs_EfsRpcQueryRecoveryAgents_pRecoveryAgents, param);
+    return offset;
+}
 
 static int
-efsrpc_dissect_ENCRYPTION_CERTIFICATE_HASH_ptr(tvbuff_t *tvb, int offset,
-				     packet_info *pinfo, proto_tree *tree,
-				     guint8 *drep)
+unique_efs_dissect_EfsRpcQueryRecoveryAgents_pRecoveryAgents(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
 {
+    offset=dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, efs_dissect_EfsRpcQueryRecoveryAgents_pRecoveryAgents, NDR_POINTER_UNIQUE, "pRecoveryAgents", -1);
+    return offset;
+}
 
-	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		efsrpc_dissect_ENCRYPTION_CERTIFICATE_HASH, NDR_POINTER_UNIQUE,
-		"ENCRYPTION_CERTIFICATE_HASH", -1);
+static int
+ref_unique_efs_dissect_EfsRpcQueryRecoveryAgents_pRecoveryAgents(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    offset=dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, unique_efs_dissect_EfsRpcQueryRecoveryAgents_pRecoveryAgents, NDR_POINTER_REF, "pRecoveryAgents", -1);
+    return offset;
+}
 
-	return offset;
 
-}
+static int
+efs_dissect_EfsRpcQueryRecoveryAgents_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
+{
+        offset=efs_dissect_EfsRpcQueryRecoveryAgents_FileName(tvb, offset, pinfo, tree, drep);
+        offset=dissect_deferred_pointers(pinfo, tvb, offset, drep);
+
 
+   return offset;
+}
 
 static int
-efsrpc_dissect_ENCRYPTION_CERTIFICATE_HASH_array(tvbuff_t *tvb, int offset,
-				     packet_info *pinfo, proto_tree *tree,
-				     guint8 *drep)
+efs_dissect_EfsRpcQueryRecoveryAgents_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
 {
-	offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep,
-			efsrpc_dissect_ENCRYPTION_CERTIFICATE_HASH_ptr);
+        offset=ref_unique_efs_dissect_EfsRpcQueryRecoveryAgents_pRecoveryAgents(tvb, offset, pinfo, tree, drep);
+        offset=dissect_deferred_pointers(pinfo, tvb, offset, drep);
+
+   offset=dissect_ntstatus(tvb, offset, pinfo, tree, drep, hf_efs_rc, NULL);
+
 
-	return offset;
+   return offset;
+}
+static int
+efs_dissect_EfsRpcRemoveUsersFromFile_FileName(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    guint32 param=0;
+    offset=efs_dissect_unistr(tvb, offset, pinfo, tree, drep, hf_efs_EfsRpcRemoveUsersFromFile_FileName, param);
+    return offset;
 }
 
-/*
-IDL  typedef struct {
-IDL    long nCert_Hash;
-IDL    [size_is(nCert_Hash)] [unique] ENCRYPTION_CERTIFICATE_HASH *pUsers;
-IDL  } ENCRYPTION_CERTIFICATE_HASH_LIST;
-*/
 
-static int 
-efsrpc_dissect_ENCRYPTION_CERTIFICATE_HASH_LIST(tvbuff_t *tvb, int offset,
-	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+static int
+efs_dissect_EfsRpcRemoveUsersFromFile_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
 {
+        offset=efs_dissect_EfsRpcRemoveUsersFromFile_FileName(tvb, offset, pinfo, tree, drep);
+        offset=dissect_deferred_pointers(pinfo, tvb, offset, drep);
 
-	offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep,
-		hf_efsrpc_num_entries, NULL);
 
-	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		efsrpc_dissect_ENCRYPTION_CERTIFICATE_HASH_array, NDR_POINTER_UNIQUE,
-		"ENCRYPTION_CERTIFICATE_HASH array:", -1);
+   return offset;
+}
+
+static int
+efs_dissect_EfsRpcRemoveUsersFromFile_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
+{
+   offset=dissect_ntstatus(tvb, offset, pinfo, tree, drep, hf_efs_rc, NULL);
 
-	return offset;
 
+   return offset;
+}
+static int
+efs_dissect_EfsRpcAddUsersToFile_FileName(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    guint32 param=0;
+    offset=efs_dissect_unistr(tvb, offset, pinfo, tree, drep, hf_efs_EfsRpcAddUsersToFile_FileName, param);
+    return offset;
 }
 
 
+static int
+efs_dissect_EfsRpcAddUsersToFile_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
+{
+        offset=efs_dissect_EfsRpcAddUsersToFile_FileName(tvb, offset, pinfo, tree, drep);
+        offset=dissect_deferred_pointers(pinfo, tvb, offset, drep);
 
-/*
-IDL  long EfsRpcQueryUsersOnFile(
-IDL        [in] [string] wchar_t FileName,
-IDL       [out] [ref] ENCRYPTION_CERTIFICATE_HASH_LIST **pUsers
-IDL  );
-*/
 
+   return offset;
+}
 
 static int
-efsrpc_dissect_query_users_on_file_rqst(tvbuff_t *tvb, int offset,
-	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+efs_dissect_EfsRpcAddUsersToFile_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
 {
+   offset=dissect_ntstatus(tvb, offset, pinfo, tree, drep, hf_efs_rc, NULL);
 
-        offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, drep,
-                                      sizeof(guint16),
-			              hf_efsrpc_filename, TRUE, NULL);
 
+   return offset;
+}
+static int
+efs_dissect_EFS_CERTIFICATE_BLOB_dwCertEncodingType(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    guint32 param=0;
+    offset=efs_dissect_long(tvb, offset, pinfo, tree, drep, hf_efs_EFS_CERTIFICATE_BLOB_dwCertEncodingType, param);
+    return offset;
+}
 
-	return offset;
+static int
+efs_dissect_EFS_CERTIFICATE_BLOB_cbData(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    guint32 param=0;
+    offset=efs_dissect_long(tvb, offset, pinfo, tree, drep, hf_efs_EFS_CERTIFICATE_BLOB_cbData, param);
+    return offset;
+}
 
+static int
+efs_dissect_EFS_CERTIFICATE_BLOB_pbData(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    guint32 param=0;
+    offset=efs_dissect_uint8(tvb, offset, pinfo, tree, drep, hf_efs_EFS_CERTIFICATE_BLOB_pbData, param);
+    return offset;
 }
 
+static int
+ucarray_efs_dissect_EFS_CERTIFICATE_BLOB_pbData(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    offset=dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep, efs_dissect_EFS_CERTIFICATE_BLOB_pbData);
+    return offset;
+}
 
 static int
-efsrpc_dissect_query_users_on_file_reply(tvbuff_t *tvb, int offset,
-	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+unique_ucarray_efs_dissect_EFS_CERTIFICATE_BLOB_pbData(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
 {
-	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		efsrpc_dissect_ENCRYPTION_CERTIFICATE_HASH_LIST, NDR_POINTER_UNIQUE,
-		"ENCRYPTION_CERTIFICATE_HASH_LIST", -1);
+    offset=dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, drep, ucarray_efs_dissect_EFS_CERTIFICATE_BLOB_pbData, NDR_POINTER_UNIQUE, "pbData", -1);
+    return offset;
+}
 
-	offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep, 
-			hf_efsrpc_rc, NULL);
 
-	return offset;
+int
+efs_dissect_EFS_CERTIFICATE_BLOB(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_)
+{
+    proto_item *item=NULL;
+    proto_tree *tree=NULL;
+    int old_offset;
 
-}
+    ALIGN_TO_4_BYTES;
+
+    old_offset=offset;
+    if(parent_tree){
+        item=proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE);
+        tree=proto_item_add_subtree(item, ett_efs_EFS_CERTIFICATE_BLOB);
+    }
+
+    offset=efs_dissect_EFS_CERTIFICATE_BLOB_dwCertEncodingType(tvb, offset, pinfo, tree, drep);
+
+    offset=efs_dissect_EFS_CERTIFICATE_BLOB_cbData(tvb, offset, pinfo, tree, drep);
+
+    offset=unique_ucarray_efs_dissect_EFS_CERTIFICATE_BLOB_pbData(tvb, offset, pinfo, tree, drep);
 
-/*
-IDL  long EfsRpcQueryRecoveryAgents(
-IDL        [in] [string] wchar_t FileName,
-IDL       [out] [ref] ENCRYPTION_CERTIFICATE_HASH_LIST **pRecoveryAgents
-IDL  );
-*/
+    proto_item_set_len(item, offset-old_offset);
 
+    return offset;
+}
 static int
-efsrpc_dissect_query_recovery_agents_rqst(tvbuff_t *tvb, int offset,
-	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+efs_dissect_ENCRYPTION_CERTIFICATE_TotalLength(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
 {
+    guint32 param=0;
+    offset=efs_dissect_long(tvb, offset, pinfo, tree, drep, hf_efs_ENCRYPTION_CERTIFICATE_TotalLength, param);
+    return offset;
+}
 
-        offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, drep,
-                                      sizeof(guint16),
-			              hf_efsrpc_filename, TRUE, NULL);
-
-	return offset;
+static int
+efs_dissect_ENCRYPTION_CERTIFICATE_pUserSid(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    guint32 param=0;
+    offset=efs_dissect_SID(tvb, offset, pinfo, tree, drep, hf_efs_ENCRYPTION_CERTIFICATE_pUserSid, param);
+    return offset;
+}
 
+static int
+unique_efs_dissect_ENCRYPTION_CERTIFICATE_pUserSid(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    offset=dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, drep, efs_dissect_ENCRYPTION_CERTIFICATE_pUserSid, NDR_POINTER_UNIQUE, "pUserSid", -1);
+    return offset;
 }
 
+static int
+efs_dissect_ENCRYPTION_CERTIFICATE_pCertBlob(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    guint32 param=0;
+    offset=efs_dissect_EFS_CERTIFICATE_BLOB(tvb, offset, pinfo, tree, drep, hf_efs_ENCRYPTION_CERTIFICATE_pCertBlob, param);
+    return offset;
+}
 
 static int
-efsrpc_dissect_query_recovery_agents_reply(tvbuff_t *tvb, int offset,
-	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+unique_efs_dissect_ENCRYPTION_CERTIFICATE_pCertBlob(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
 {
+    offset=dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, drep, efs_dissect_ENCRYPTION_CERTIFICATE_pCertBlob, NDR_POINTER_UNIQUE, "pCertBlob", -1);
+    return offset;
+}
 
-	offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep,
-		efsrpc_dissect_ENCRYPTION_CERTIFICATE_HASH_LIST, NDR_POINTER_UNIQUE,
-		"ENCRYPTION_CERTIFICATE_HASH_LIST", -1);
 
-	offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep, 
-			hf_efsrpc_rc, NULL);
+int
+efs_dissect_ENCRYPTION_CERTIFICATE(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_)
+{
+    proto_item *item=NULL;
+    proto_tree *tree=NULL;
+    int old_offset;
 
-	return offset;
+    ALIGN_TO_4_BYTES;
 
+    old_offset=offset;
+    if(parent_tree){
+        item=proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE);
+        tree=proto_item_add_subtree(item, ett_efs_ENCRYPTION_CERTIFICATE);
+    }
 
-}
+    offset=efs_dissect_ENCRYPTION_CERTIFICATE_TotalLength(tvb, offset, pinfo, tree, drep);
 
+    offset=unique_efs_dissect_ENCRYPTION_CERTIFICATE_pUserSid(tvb, offset, pinfo, tree, drep);
 
+    offset=unique_efs_dissect_ENCRYPTION_CERTIFICATE_pCertBlob(tvb, offset, pinfo, tree, drep);
 
-/*
-IDL long EfsRpcRemoveUsersFromFile(
-IDL        [in] [string] wchar_t FileName,
-IDL        [in] ENCRYPTION_CERTIFICATE_LIST Hashes
-IDL  );
-*/
+    proto_item_set_len(item, offset-old_offset);
 
+    return offset;
+}
 static int
-efsrpc_dissect_remove_users_from_file_rqst(tvbuff_t *tvb, int offset,
-	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+efs_dissect_EfsRpcSetFileEncryptionKey_pEncryptionCertificate(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
 {
+    guint32 param=0;
+    offset=efs_dissect_ENCRYPTION_CERTIFICATE(tvb, offset, pinfo, tree, drep, hf_efs_EfsRpcSetFileEncryptionKey_pEncryptionCertificate, param);
+    return offset;
+}
 
-        offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, drep,
-                                      sizeof(guint16),
-			              hf_efsrpc_filename, TRUE, NULL);
-#if 0
-	offset = efsrpc_dissect_ENCRYPTION_CERTIFICATE_LIST(tvb, offset,
-			pinfo, tree, drep);
-#endif
-	return offset;
+static int
+unique_efs_dissect_EfsRpcSetFileEncryptionKey_pEncryptionCertificate(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+    offset=dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, efs_dissect_EfsRpcSetFileEncryptionKey_pEncryptionCertificate, NDR_POINTER_UNIQUE, "pEncryptionCertificate", -1);
+    return offset;
+}
 
+
+static int
+efs_dissect_EfsRpcSetFileEncryptionKey_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
+{
+        offset=unique_efs_dissect_EfsRpcSetFileEncryptionKey_pEncryptionCertificate(tvb, offset, pinfo, tree, drep);
+        offset=dissect_deferred_pointers(pinfo, tvb, offset, drep);
+
+
+   return offset;
 }
 
+static int
+efs_dissect_EfsRpcSetFileEncryptionKey_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
+{
+   offset=dissect_ntstatus(tvb, offset, pinfo, tree, drep, hf_efs_rc, NULL);
+
+
+   return offset;
+}
 
 static int
-efsrpc_dissect_remove_users_from_file_reply(tvbuff_t *tvb, int offset,
-	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+efs_dissect_EfsRpcNotSupported_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
 {
 
-	offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep, 
-			hf_efsrpc_rc, NULL);
+   return offset;
+}
 
-	return offset;
+static int
+efs_dissect_EfsRpcNotSupported_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
+{
+   offset=dissect_ntstatus(tvb, offset, pinfo, tree, drep, hf_efs_rc, NULL);
 
+
+   return offset;
 }
 
-/*
-IDL long EfsRpcAddUsersToFile(
-IDL        [in] [string] wchar_t FileName,
-IDL        [in] ENCRYPTION_CERTIFICATE_LIST Hashes
-IDL  );
-*/
+static int
+efs_dissect_EfsRpcFileKeyInfo_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
+{
+
+   return offset;
+}
 
 static int
-efsrpc_dissect_add_users_from_file_rqst(tvbuff_t *tvb, int offset,
-	packet_info *pinfo, proto_tree *tree, guint8 *drep)
+efs_dissect_EfsRpcFileKeyInfo_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
 {
+   offset=dissect_ntstatus(tvb, offset, pinfo, tree, drep, hf_efs_rc, NULL);
 
-        offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, drep,
-                                      sizeof(guint16),
-			              hf_efsrpc_filename, TRUE, NULL);
-#if 0
-	offset = efsrpc_dissect_ENCRYPTION_CERTIFICATE_LIST(tvb, offset,
-			pinfo, tree, drep);
-#endif
-	return offset;
-
-}
-
-
-static int
-efsrpc_dissect_add_users_from_file_reply(tvbuff_t *tvb, int offset,
-	packet_info *pinfo, proto_tree *tree, guint8 *drep)
-{
-
-	offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep, 
-			hf_efsrpc_rc, NULL);
-
-	return offset;
-
-}
-
-
-/*
-IDL typedef struct {
-IDL    long dwCertEncodingType;
-IDL    long cbData;
-IDL    [size_is(cbData)] [unique] byte *pbData
-IDL  } EFS_CERTIFICATE_BLOB;
-*/
-
-/*
-IDL typedef struct {
-IDL    long TotalLength;
-IDL    [unique] SID *pUserSid;
-IDL    [unique] EFS_CERTIFICATE_BLOB *pCertBlob;
-IDL  } ENCRYPTION_CERTIFICATE;
-*/
-
-/*
-IDL  long EfsRpcSetFileEncryptionKey(
-IDL        [in] [unique] ENCRYPTION_CERTIFICATE *pEncryptionCertificate
-IDL  );
-*/
-
-static dcerpc_sub_dissector dcerpc_efs_dissectors[] = {
-        { EFS_RPC_OPEN_FILE_RAW , "EfsRpcOpenFileRaw",
-		efsrpc_dissect_open_file_raw_rqst,
-		efsrpc_dissect_open_file_raw_reply },
-        { EFS_RPC_READ_FILE_RAW, "EfsRpcReadFileRaw",
-		efsrpc_dissect_read_file_raw_rqst,
-		NULL },
-        { EFS_RPC_WRITE_FILE_RAW, "EfsRpcWriteFileRaw",
-		efsrpc_dissect_write_file_raw_rqst,
-		efsrpc_dissect_write_file_raw_reply },
-        { EFS_RPC_CLOSE_RAW, "EfsRpcCloseRaw",
-		efsrpc_dissect_close_file_raw_rqst,
-		efsrpc_dissect_close_file_raw_reply },
-        { EFS_RPC_ENCRYPT_FILE_SRV, "EfsRpcEncryptFileSrv",
-		efsrpc_dissect_encrypt_file_srv_rqst, 
-        	efsrpc_dissect_encrypt_file_srv_reply },
-        { EFS_RPC_DECRYPT_FILE_SRV, "EfsRpcDecryptFileSrv",
-		efsrpc_dissect_decrypt_file_srv_rqst, 
-        	efsrpc_dissect_decrypt_file_srv_reply },
-        { EFS_RPC_QUERY_USERS_ON_FILE, "EfsRpcQueryUsersOnFile",
-		efsrpc_dissect_query_users_on_file_rqst,
-		efsrpc_dissect_query_users_on_file_reply },
-        { EFS_RPC_QUERY_RECOVERY_AGENTS, "EfsRpcQueryRecoveryAgents",
-		efsrpc_dissect_query_recovery_agents_rqst,
-		efsrpc_dissect_query_recovery_agents_reply },
-        { EFS_RPC_REMOVE_USERS_FROM_FILE, "EfsRpcRemoveUsersFromFile",
-		efsrpc_dissect_remove_users_from_file_rqst,
-		efsrpc_dissect_remove_users_from_file_reply },
-        { EFS_RPC_ADD_USERS_TO_FILE, "EfsRpcAddUsersToFile",
-		efsrpc_dissect_add_users_from_file_rqst,
-		efsrpc_dissect_add_users_from_file_reply },
-        { EFS_RPC_SET_FILE_ENCRYPTION_KEY, "EfsRpcSetFileEncryptionKey"
-		, NULL, NULL },
-        { EFS_RPC_NOT_SUPPORTED, "EfsRpcNotSupported"
-		, NULL, NULL },
-        { EFS_RPC_FILE_KEY_INFO, "EfsRpcFileKeyInfo"
-		, NULL, NULL },
-        { EFS_RPC_DUPLICATE_ENCRYPTION_INFO_FILE,
-		"EfsRpcDuplicateEncryptionInfoFile", NULL, NULL },
-        { 0, NULL, NULL,  NULL }
-};
 
-void
-proto_register_dcerpc_efs(void)
+   return offset;
+}
+
+static int
+efs_dissect_EfsRpcDuplicateEncryptionInfoFile_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
 {
-static hf_register_info hf[] = {
-	{ &hf_efsrpc_opnum, { 
-		"Operation", "efsrpc.opnum", FT_UINT16, BASE_DEC,
-		NULL, 0x0, "", HFILL }},
-	{ &hf_efsrpc_rc, {
-		"Return code", "efsrpc.rc", FT_UINT32, BASE_HEX,
-		VALS(NT_errors), 0x0, "EFSRPC return code", HFILL }},
-	{ &hf_efsrpc_filename,
-	    { "Filename", "efsrpc.filename", FT_STRING, BASE_NONE,
-	      NULL, 0x0, "File name", HFILL}},
 
-	{ &hf_efsrpc_flags, {
-		"Flags", "efsrpc.flags", FT_UINT32, BASE_HEX,
-		NULL, 0x0, "EFSRPC Flags", HFILL }},
+   return offset;
+}
 
-	{ &hf_efsrpc_hnd, { 
-		"Context Handle", "efsrpc.hnd", FT_BYTES,
-	      	BASE_NONE, NULL, 0x0, "Context Handle", HFILL}},
+static int
+efs_dissect_EfsRpcDuplicateEncryptionInfoFile_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_)
+{
+   offset=dissect_ntstatus(tvb, offset, pinfo, tree, drep, hf_efs_rc, NULL);
 
-	{ &hf_efsrpc_reserved, {
-		"Reserved value", "efsrpc.reserved", FT_UINT32, BASE_HEX,
-		NULL, 0x0, "Reserved value", HFILL }},
 
-	 { &hf_efsrpc_num_entries,
-	    { "Number of entries", "efsrpc.num_entries", FT_UINT32,
-	      BASE_DEC, NULL, 0x0, "Number of Entries", HFILL}},
+   return offset;
+}
+/* END OF INCLUDED FILE : ETH_CODE */
+
 
-	 { &hf_efsrpc_data_size,
-	    { "Size of data structure", "efsrpc.data_size", FT_UINT32,
-	      BASE_DEC, NULL, 0x0, "Size of data structure", HFILL}},
 
-	{ &hf_efsrpc_cert_dn,
-	    { "Certificate DN", "efsrpc.cert_dn", FT_STRING, BASE_NONE,
-	      NULL, 0x0, "Distinguished Name of EFS certificate", HFILL}},
+void
+proto_register_efs(void)
+{
+        static hf_register_info hf[] = {
+
+
+/* INCLUDED FILE : ETH_HFARR */
+        { &hf_efs_opnum,
+          { "Operation", "efs.opnum", FT_UINT16, BASE_DEC,
+          NULL, 0,
+         "", HFILL }},
+
+        { &hf_efs_rc,
+          { "Return code", "efs.rc", FT_UINT32, BASE_HEX,
+          VALS(NT_errors), 0,
+         "", HFILL }},
+
+        { &hf_efs_EfsRpcOpenFileRaw_pvContext,
+          { "pvContext", "efs.EfsRpcOpenFileRaw.pvContext", FT_BYTES, BASE_NONE,
+          NULL, 0,
+         "", HFILL }},
+
+        { &hf_efs_EfsRpcOpenFileRaw_FileName,
+          { "FileName", "efs.EfsRpcOpenFileRaw.FileName", FT_STRING, BASE_DEC,
+          NULL, 0,
+         "", HFILL }},
+
+        { &hf_efs_EfsRpcOpenFileRaw_Flags,
+          { "Flags", "efs.EfsRpcOpenFileRaw.Flags", FT_INT32, BASE_DEC,
+          NULL, 0,
+         "", HFILL }},
+
+        { &hf_efs_EfsRpcReadFileRaw_pvContext,
+          { "pvContext", "efs.EfsRpcReadFileRaw.pvContext", FT_BYTES, BASE_NONE,
+          NULL, 0,
+         "", HFILL }},
+
+        { &hf_efs_EfsRpcWriteFileRaw_pvContext,
+          { "pvContext", "efs.EfsRpcWriteFileRaw.pvContext", FT_BYTES, BASE_NONE,
+          NULL, 0,
+         "", HFILL }},
+
+        { &hf_efs_EfsRpcCloseRaw_pvContext,
+          { "pvContext", "efs.EfsRpcCloseRaw.pvContext", FT_BYTES, BASE_NONE,
+          NULL, 0,
+         "", HFILL }},
+
+        { &hf_efs_EfsRpcEncryptFileSrv_Filename,
+          { "Filename", "efs.EfsRpcEncryptFileSrv.Filename", FT_STRING, BASE_DEC,
+          NULL, 0,
+         "", HFILL }},
+
+        { &hf_efs_EfsRpcDecryptFileSrv_FileName,
+          { "FileName", "efs.EfsRpcDecryptFileSrv.FileName", FT_STRING, BASE_DEC,
+          NULL, 0,
+         "", HFILL }},
+
+        { &hf_efs_EfsRpcDecryptFileSrv_Reserved,
+          { "Reserved", "efs.EfsRpcDecryptFileSrv.Reserved", FT_INT32, BASE_DEC,
+          NULL, 0,
+         "", HFILL }},
+
+        { &hf_efs_EFS_HASH_BLOB_cbData,
+          { "cbData", "efs.EFS_HASH_BLOB.cbData", FT_INT32, BASE_DEC,
+          NULL, 0,
+         "", HFILL }},
+
+        { &hf_efs_EFS_HASH_BLOB_pbData,
+          { "pbData", "efs.EFS_HASH_BLOB.pbData", FT_UINT8, BASE_DEC,
+          NULL, 0,
+         "", HFILL }},
+
+        { &hf_efs_ENCRYPTION_CERTIFICATE_HASH_cbTotalLength,
+          { "cbTotalLength", "efs.ENCRYPTION_CERTIFICATE_HASH.cbTotalLength", FT_INT32, BASE_DEC,
+          NULL, 0,
+         "", HFILL }},
+
+        { &hf_efs_ENCRYPTION_CERTIFICATE_HASH_pUserSid,
+          { "pUserSid", "efs.ENCRYPTION_CERTIFICATE_HASH.pUserSid", FT_STRING, BASE_DEC,
+          NULL, 0,
+         "", HFILL }},
+
+        { &hf_efs_ENCRYPTION_CERTIFICATE_HASH_pHash,
+          { "pHash", "efs.ENCRYPTION_CERTIFICATE_HASH.pHash", FT_NONE, BASE_NONE,
+          NULL, 0,
+         "", HFILL }},
+
+        { &hf_efs_ENCRYPTION_CERTIFICATE_HASH_lpDisplayInformation,
+          { "lpDisplayInformation", "efs.ENCRYPTION_CERTIFICATE_HASH.lpDisplayInformation", FT_STRING, BASE_DEC,
+          NULL, 0,
+         "", HFILL }},
+
+        { &hf_efs_ENCRYPTION_CERTIFICATE_HASH_LIST_nCert_Hash,
+          { "nCert_Hash", "efs.ENCRYPTION_CERTIFICATE_HASH_LIST.nCert_Hash", FT_INT32, BASE_DEC,
+          NULL, 0,
+         "", HFILL }},
+
+        { &hf_efs_ENCRYPTION_CERTIFICATE_HASH_LIST_pUsers,
+          { "pUsers", "efs.ENCRYPTION_CERTIFICATE_HASH_LIST.pUsers", FT_NONE, BASE_NONE,
+          NULL, 0,
+         "", HFILL }},
+
+        { &hf_efs_EfsRpcQueryUsersOnFile_FileName,
+          { "FileName", "efs.EfsRpcQueryUsersOnFile.FileName", FT_STRING, BASE_DEC,
+          NULL, 0,
+         "", HFILL }},
+
+        { &hf_efs_EfsRpcQueryUsersOnFile_pUsers,
+          { "pUsers", "efs.EfsRpcQueryUsersOnFile.pUsers", FT_NONE, BASE_NONE,
+          NULL, 0,
+         "", HFILL }},
+
+        { &hf_efs_EfsRpcQueryRecoveryAgents_FileName,
+          { "FileName", "efs.EfsRpcQueryRecoveryAgents.FileName", FT_STRING, BASE_DEC,
+          NULL, 0,
+         "", HFILL }},
+
+        { &hf_efs_EfsRpcQueryRecoveryAgents_pRecoveryAgents,
+          { "pRecoveryAgents", "efs.EfsRpcQueryRecoveryAgents.pRecoveryAgents", FT_NONE, BASE_NONE,
+          NULL, 0,
+         "", HFILL }},
+
+        { &hf_efs_EfsRpcRemoveUsersFromFile_FileName,
+          { "FileName", "efs.EfsRpcRemoveUsersFromFile.FileName", FT_STRING, BASE_DEC,
+          NULL, 0,
+         "", HFILL }},
+
+        { &hf_efs_EfsRpcAddUsersToFile_FileName,
+          { "FileName", "efs.EfsRpcAddUsersToFile.FileName", FT_STRING, BASE_DEC,
+          NULL, 0,
+         "", HFILL }},
+
+        { &hf_efs_EFS_CERTIFICATE_BLOB_dwCertEncodingType,
+          { "dwCertEncodingType", "efs.EFS_CERTIFICATE_BLOB.dwCertEncodingType", FT_INT32, BASE_DEC,
+          NULL, 0,
+         "", HFILL }},
+
+        { &hf_efs_EFS_CERTIFICATE_BLOB_cbData,
+          { "cbData", "efs.EFS_CERTIFICATE_BLOB.cbData", FT_INT32, BASE_DEC,
+          NULL, 0,
+         "", HFILL }},
+
+        { &hf_efs_EFS_CERTIFICATE_BLOB_pbData,
+          { "pbData", "efs.EFS_CERTIFICATE_BLOB.pbData", FT_UINT8, BASE_DEC,
+          NULL, 0,
+         "", HFILL }},
+
+        { &hf_efs_ENCRYPTION_CERTIFICATE_TotalLength,
+          { "TotalLength", "efs.ENCRYPTION_CERTIFICATE.TotalLength", FT_INT32, BASE_DEC,
+          NULL, 0,
+         "", HFILL }},
+
+        { &hf_efs_ENCRYPTION_CERTIFICATE_pUserSid,
+          { "pUserSid", "efs.ENCRYPTION_CERTIFICATE.pUserSid", FT_STRING, BASE_DEC,
+          NULL, 0,
+         "", HFILL }},
+
+        { &hf_efs_ENCRYPTION_CERTIFICATE_pCertBlob,
+          { "pCertBlob", "efs.ENCRYPTION_CERTIFICATE.pCertBlob", FT_NONE, BASE_NONE,
+          NULL, 0,
+         "", HFILL }},
+
+        { &hf_efs_EfsRpcSetFileEncryptionKey_pEncryptionCertificate,
+          { "pEncryptionCertificate", "efs.EfsRpcSetFileEncryptionKey.pEncryptionCertificate", FT_NONE, BASE_NONE,
+          NULL, 0,
+         "", HFILL }},
+
+/* END OF INCLUDED FILE : ETH_HFARR */
 
 
 	};
 
         static gint *ett[] = {
-                &ett_dcerpc_efs,
-		&ett_dcerpc_efs_cert_hash
-        };
 
-        proto_dcerpc_efs = proto_register_protocol(
-                "Microsoft Encrypted File System Service", "EFSRPC", "efsrpc");
 
-        proto_register_field_array(proto_dcerpc_efs, hf,
-				   array_length(hf));
+/* INCLUDED FILE : ETH_ETTARR */
+        &ett_efs,
+        &ett_efs_EFS_HASH_BLOB,
+        &ett_efs_ENCRYPTION_CERTIFICATE_HASH,
+        &ett_efs_ENCRYPTION_CERTIFICATE_HASH_LIST,
+        &ett_efs_EFS_CERTIFICATE_BLOB,
+        &ett_efs_ENCRYPTION_CERTIFICATE,
+/* END OF INCLUDED FILE : ETH_ETTARR */
+
 
+        };
+
+        proto_efs = proto_register_protocol(
+                "Microsoft Encrypted File System Service", 
+		"EFS", "efs");
+	proto_register_field_array(proto_efs, hf, array_length(hf));
         proto_register_subtree_array(ett, array_length(ett));
 }
 
+static dcerpc_sub_dissector function_dissectors[] = {
+
+
+/* INCLUDED FILE : ETH_FT */
+    { 0, "EfsRpcOpenFileRaw",
+        efs_dissect_EfsRpcOpenFileRaw_request,
+        efs_dissect_EfsRpcOpenFileRaw_response },
+    { 1, "EfsRpcReadFileRaw",
+        efs_dissect_EfsRpcReadFileRaw_request,
+        efs_dissect_EfsRpcReadFileRaw_response },
+    { 2, "EfsRpcWriteFileRaw",
+        efs_dissect_EfsRpcWriteFileRaw_request,
+        efs_dissect_EfsRpcWriteFileRaw_response },
+    { 3, "EfsRpcCloseRaw",
+        efs_dissect_EfsRpcCloseRaw_request,
+        efs_dissect_EfsRpcCloseRaw_response },
+    { 4, "EfsRpcEncryptFileSrv",
+        efs_dissect_EfsRpcEncryptFileSrv_request,
+        efs_dissect_EfsRpcEncryptFileSrv_response },
+    { 5, "EfsRpcDecryptFileSrv",
+        efs_dissect_EfsRpcDecryptFileSrv_request,
+        efs_dissect_EfsRpcDecryptFileSrv_response },
+    { 6, "EfsRpcQueryUsersOnFile",
+        efs_dissect_EfsRpcQueryUsersOnFile_request,
+        efs_dissect_EfsRpcQueryUsersOnFile_response },
+    { 7, "EfsRpcQueryRecoveryAgents",
+        efs_dissect_EfsRpcQueryRecoveryAgents_request,
+        efs_dissect_EfsRpcQueryRecoveryAgents_response },
+    { 8, "EfsRpcRemoveUsersFromFile",
+        efs_dissect_EfsRpcRemoveUsersFromFile_request,
+        efs_dissect_EfsRpcRemoveUsersFromFile_response },
+    { 9, "EfsRpcAddUsersToFile",
+        efs_dissect_EfsRpcAddUsersToFile_request,
+        efs_dissect_EfsRpcAddUsersToFile_response },
+    { 10, "EfsRpcSetFileEncryptionKey",
+        efs_dissect_EfsRpcSetFileEncryptionKey_request,
+        efs_dissect_EfsRpcSetFileEncryptionKey_response },
+    { 11, "EfsRpcNotSupported",
+        efs_dissect_EfsRpcNotSupported_request,
+        efs_dissect_EfsRpcNotSupported_response },
+    { 12, "EfsRpcFileKeyInfo",
+        efs_dissect_EfsRpcFileKeyInfo_request,
+        efs_dissect_EfsRpcFileKeyInfo_response },
+    { 13, "EfsRpcDuplicateEncryptionInfoFile",
+        efs_dissect_EfsRpcDuplicateEncryptionInfoFile_request,
+        efs_dissect_EfsRpcDuplicateEncryptionInfoFile_response },
+/* END OF INCLUDED FILE : ETH_FT */
+
+
+	{ 0, NULL, NULL, NULL },
+};
+
 void
-proto_reg_handoff_dcerpc_efs(void)
+proto_reg_handoff_efs(void)
 {
-        /* Register protocol as dcerpc */
 
-        dcerpc_init_uuid(proto_dcerpc_efs, ett_dcerpc_efs,
-                         &uuid_dcerpc_efs, ver_dcerpc_efs,
-                         dcerpc_efs_dissectors, hf_efsrpc_opnum);
+
+/* INCLUDED FILE : ETH_HANDOFF */
+    dcerpc_init_uuid(proto_efs, ett_efs,
+        &uuid_dcerpc_efs, ver_efs,
+        function_dissectors, hf_efs_opnum);
+/* END OF INCLUDED FILE : ETH_HANDOFF */
+
+
 }
+
author	sahlberg <sahlberg@f5534014-38df-0310-8fa8-9805f1628bb7>	2005-03-19 09:11:56 +0000
committer	sahlberg <sahlberg@f5534014-38df-0310-8fa8-9805f1628bb7>	2005-03-19 09:11:56 +0000
commit	9fd0ce7dda6aa463426f2e181f0aaa3176dbec24 (patch)
tree	ab6f9e57e814debc57a4eea4f5f4aecbfcd2eca0 /epan/dissectors/packet-dcerpc-efs.c
parent	0916431b31bf3b0201c0ad49cfd4f0067bc05f9c (diff)