diff options
author | Guy Harris <guy@alum.mit.edu> | 2004-08-03 02:28:49 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2004-08-03 02:28:49 +0000 |
commit | 13bb12c4f1e8611202bca516e65cddc5e29e45ce (patch) | |
tree | f31a0b745dea790a0070678be6db8442ba481cac /epan/dissectors | |
parent | 6e683f009886ed74c315f455bfedf31e496f7ba9 (diff) |
Move a bunch of stuff that's more Windows-related than SMB-related to
"packet-windows-common.[ch]".
svn path=/trunk/; revision=11592
Diffstat (limited to 'epan/dissectors')
29 files changed, 2585 insertions, 2373 deletions
diff --git a/epan/dissectors/Makefile.common b/epan/dissectors/Makefile.common index d7ad940620..adaffa0b76 100644 --- a/epan/dissectors/Makefile.common +++ b/epan/dissectors/Makefile.common @@ -486,6 +486,7 @@ DISSECTOR_SRC = \ packet-wcp.c \ packet-wfleet-hdlc.c \ packet-who.c \ + packet-windows-common.c \ packet-wlancap.c \ packet-wsp.c \ packet-wtls.c \ @@ -687,6 +688,7 @@ DISSECTOR_INCLUDES = \ packet-vlan.h \ packet-wap.h \ packet-wccp.h \ + packet-windows-common.h \ packet-wlancap.h \ packet-wsp.h \ packet-wtls.h \ diff --git a/epan/dissectors/packet-dcerpc-atsvc.c b/epan/dissectors/packet-dcerpc-atsvc.c index 5fb8b99262..d7cc0c5db8 100644 --- a/epan/dissectors/packet-dcerpc-atsvc.c +++ b/epan/dissectors/packet-dcerpc-atsvc.c @@ -33,7 +33,7 @@ #include "packet-dcerpc.h" #include "packet-dcerpc-nt.h" #include "packet-dcerpc-atsvc.h" -#include "smb.h" +#include "packet-windows-common.h" static int proto_dcerpc_atsvc = -1; diff --git a/epan/dissectors/packet-dcerpc-browser.c b/epan/dissectors/packet-dcerpc-browser.c index 3a4e4156f3..cbbac28214 100644 --- a/epan/dissectors/packet-dcerpc-browser.c +++ b/epan/dissectors/packet-dcerpc-browser.c @@ -36,7 +36,7 @@ #include "packet-dcerpc.h" #include "packet-dcerpc-browser.h" #include "packet-dcerpc-nt.h" -#include "smb.h" +#include "packet-windows-common.h" static int proto_dcerpc_browser = -1; static int hf_browser_opnum = -1; diff --git a/epan/dissectors/packet-dcerpc-dnsserver.c b/epan/dissectors/packet-dcerpc-dnsserver.c index e6fdd83ce3..3e2fc1c97b 100644 --- a/epan/dissectors/packet-dcerpc-dnsserver.c +++ b/epan/dissectors/packet-dcerpc-dnsserver.c @@ -32,7 +32,7 @@ #include "packet-dcerpc.h" #include "packet-dcerpc-nt.h" #include "packet-dcerpc-dnsserver.h" -#include "smb.h" +#include "packet-windows-common.h" /* Global hf index fields */ diff --git a/epan/dissectors/packet-dcerpc-efs.c b/epan/dissectors/packet-dcerpc-efs.c index 260fbb0ef5..5487912024 100644 --- a/epan/dissectors/packet-dcerpc-efs.c +++ b/epan/dissectors/packet-dcerpc-efs.c @@ -33,7 +33,7 @@ #include "packet-dcerpc.h" #include "packet-dcerpc-nt.h" #include "packet-dcerpc-efs.h" -#include "smb.h" +#include "packet-windows-common.h" static int proto_dcerpc_efs = -1; diff --git a/epan/dissectors/packet-dcerpc-eventlog.c b/epan/dissectors/packet-dcerpc-eventlog.c index 4541330671..91b4d7f2f9 100644 --- a/epan/dissectors/packet-dcerpc-eventlog.c +++ b/epan/dissectors/packet-dcerpc-eventlog.c @@ -32,7 +32,7 @@ #include "packet-dcerpc.h" #include "packet-dcerpc-nt.h" #include "packet-dcerpc-eventlog.h" -#include "smb.h" +#include "packet-windows-common.h" static int proto_dcerpc_eventlog = -1; diff --git a/epan/dissectors/packet-dcerpc-initshutdown.c b/epan/dissectors/packet-dcerpc-initshutdown.c index 2d38ec1322..48212fd7ec 100644 --- a/epan/dissectors/packet-dcerpc-initshutdown.c +++ b/epan/dissectors/packet-dcerpc-initshutdown.c @@ -34,7 +34,7 @@ #include "packet-dcerpc.h" #include "packet-dcerpc-nt.h" #include "packet-dcerpc-initshutdown.h" -#include "smb.h" +#include "packet-windows-common.h" /* Global hf index fields */ diff --git a/epan/dissectors/packet-dcerpc-lsa-ds.c b/epan/dissectors/packet-dcerpc-lsa-ds.c index 8f48809115..c5ee6d320c 100644 --- a/epan/dissectors/packet-dcerpc-lsa-ds.c +++ b/epan/dissectors/packet-dcerpc-lsa-ds.c @@ -34,7 +34,7 @@ #include <epan/packet.h> #include "packet-dcerpc.h" #include "packet-dcerpc-nt.h" -#include "smb.h" +#include "packet-windows-common.h" #define LSA_DS_DSROLERGETDOMINFO 0x0000 #define LSA_DS_DSROLER_DNS_NAME_TO_FLAT_NAME 0x0001 diff --git a/epan/dissectors/packet-dcerpc-lsa.c b/epan/dissectors/packet-dcerpc-lsa.c index d276869292..ad99814799 100644 --- a/epan/dissectors/packet-dcerpc-lsa.c +++ b/epan/dissectors/packet-dcerpc-lsa.c @@ -35,8 +35,7 @@ #include "packet-dcerpc.h" #include "packet-dcerpc-nt.h" #include "packet-dcerpc-lsa.h" -#include "packet-smb-common.h" -#include "smb.h" +#include "packet-windows-common.h" static int proto_dcerpc_lsa = -1; diff --git a/epan/dissectors/packet-dcerpc-mapi.c b/epan/dissectors/packet-dcerpc-mapi.c index 5792f418e0..4295abff8c 100644 --- a/epan/dissectors/packet-dcerpc-mapi.c +++ b/epan/dissectors/packet-dcerpc-mapi.c @@ -32,7 +32,7 @@ #include "packet-dcerpc.h" #include "packet-dcerpc-nt.h" #include "packet-dcerpc-mapi.h" -#include "smb.h" /* for "NT_errors[]" */ +#include "packet-windows-common.h" /* for "NT_errors[]" */ #include "prefs.h" static int proto_dcerpc_mapi = -1; diff --git a/epan/dissectors/packet-dcerpc-messenger.c b/epan/dissectors/packet-dcerpc-messenger.c index 757fe2fb02..a16353ba13 100644 --- a/epan/dissectors/packet-dcerpc-messenger.c +++ b/epan/dissectors/packet-dcerpc-messenger.c @@ -31,7 +31,7 @@ #include "prefs.h" #include "packet-dcerpc.h" #include "packet-dcerpc-nt.h" -#include "smb.h" +#include "packet-windows-common.h" static int proto_dcerpc_messenger = -1; diff --git a/epan/dissectors/packet-dcerpc-netlogon.c b/epan/dissectors/packet-dcerpc-netlogon.c index cb9f160adc..2ef36e3bf9 100644 --- a/epan/dissectors/packet-dcerpc-netlogon.c +++ b/epan/dissectors/packet-dcerpc-netlogon.c @@ -33,7 +33,7 @@ #include "packet-dcerpc.h" #include "packet-dcerpc-nt.h" #include "packet-dcerpc-netlogon.h" -#include "smb.h" /* for "NT_errors[]" */ +#include "packet-windows-common.h" #include "packet-ntlmssp.h" #include "packet-dcerpc-lsa.h" diff --git a/epan/dissectors/packet-dcerpc-nt.c b/epan/dissectors/packet-dcerpc-nt.c index 0c899d57de..411eee6001 100644 --- a/epan/dissectors/packet-dcerpc-nt.c +++ b/epan/dissectors/packet-dcerpc-nt.c @@ -33,8 +33,7 @@ #include <epan/packet.h> #include "packet-dcerpc.h" #include "packet-dcerpc-nt.h" -#include "smb.h" -#include "packet-smb-common.h" /* for dissect_smb_64bit_time() */ +#include "packet-windows-common.h" /* * This file contains helper routines that are used by the DCERPC over SMB @@ -219,7 +218,7 @@ dissect_ndr_counted_byte_array(tvbuff_t *tvb, int offset, } /* This function is used to dissect a DCERPC encoded 64 bit time value. - XXX it should be fixed both here and in dissect_smb_64bit_time so + XXX it should be fixed both here and in dissect_nt_64bit_time so it can handle both BIG and LITTLE endian encodings */ int @@ -237,7 +236,7 @@ dissect_ndr_nt_NTTIME (tvbuff_t *tvb, int offset, ALIGN_TO_4_BYTES; - offset = dissect_smb_64bit_time(tvb, tree, offset, hf_index); + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_index); return offset; } diff --git a/epan/dissectors/packet-dcerpc-reg.c b/epan/dissectors/packet-dcerpc-reg.c index 5cc600ad13..12af39c6fc 100644 --- a/epan/dissectors/packet-dcerpc-reg.c +++ b/epan/dissectors/packet-dcerpc-reg.c @@ -32,7 +32,7 @@ #include "packet-dcerpc.h" #include "packet-dcerpc-nt.h" #include "packet-dcerpc-reg.h" -#include "smb.h" +#include "packet-windows-common.h" /* Global hf index fields */ diff --git a/epan/dissectors/packet-dcerpc-samr.c b/epan/dissectors/packet-dcerpc-samr.c index 9e6d52fb43..c4b3524849 100644 --- a/epan/dissectors/packet-dcerpc-samr.c +++ b/epan/dissectors/packet-dcerpc-samr.c @@ -35,7 +35,7 @@ #include "packet-dcerpc.h" #include "packet-dcerpc-nt.h" #include "packet-dcerpc-samr.h" -#include "smb.h" /* for "NT_errors[]" */ +#include "packet-windows-common.h" #include "packet-smb-common.h" #include "crypt-md4.h" #include "crypt-rc4.h" diff --git a/epan/dissectors/packet-dcerpc-spoolss.c b/epan/dissectors/packet-dcerpc-spoolss.c index 86220411b3..d6ebd7545e 100644 --- a/epan/dissectors/packet-dcerpc-spoolss.c +++ b/epan/dissectors/packet-dcerpc-spoolss.c @@ -41,8 +41,7 @@ #include "packet-dcerpc-nt.h" #include "packet-dcerpc-spoolss.h" #include "packet-dcerpc-reg.h" -#include "smb.h" -#include "packet-smb-common.h" +#include "packet-windows-common.h" /* GetPrinterDriver2 */ diff --git a/epan/dissectors/packet-dcerpc-srvsvc.c b/epan/dissectors/packet-dcerpc-srvsvc.c index d699a3be33..1e1d403777 100644 --- a/epan/dissectors/packet-dcerpc-srvsvc.c +++ b/epan/dissectors/packet-dcerpc-srvsvc.c @@ -45,7 +45,7 @@ #include "packet-dcerpc-nt.h" #include "packet-smb-common.h" #include "packet-smb-browse.h" -#include "smb.h" +#include "packet-windows-common.h" /* for "DOS_errors[]" */ static int proto_dcerpc_srvsvc = -1; static int hf_srvsvc_opnum = -1; diff --git a/epan/dissectors/packet-dcerpc-svcctl.c b/epan/dissectors/packet-dcerpc-svcctl.c index b2040cbfc6..fb339f5d94 100644 --- a/epan/dissectors/packet-dcerpc-svcctl.c +++ b/epan/dissectors/packet-dcerpc-svcctl.c @@ -33,8 +33,7 @@ #include "packet-dcerpc.h" #include "packet-dcerpc-svcctl.h" #include "packet-dcerpc-nt.h" -#include "smb.h" -#include "packet-smb-common.h" +#include "packet-windows-common.h" static int proto_dcerpc_svcctl = -1; static int hf_svcctl_opnum = -1; diff --git a/epan/dissectors/packet-dcerpc-tapi.c b/epan/dissectors/packet-dcerpc-tapi.c index 628b04841d..acc6224a4b 100644 --- a/epan/dissectors/packet-dcerpc-tapi.c +++ b/epan/dissectors/packet-dcerpc-tapi.c @@ -35,7 +35,7 @@ #include "packet-dcerpc.h" #include "packet-dcerpc-nt.h" #include "packet-dcerpc-tapi.h" -#include "smb.h" +#include "packet-windows-common.h" static int proto_dcerpc_tapi = -1; static int hf_tapi_opnum = -1; diff --git a/epan/dissectors/packet-dcerpc-trksvr.c b/epan/dissectors/packet-dcerpc-trksvr.c index e819c57346..9c068ebd96 100644 --- a/epan/dissectors/packet-dcerpc-trksvr.c +++ b/epan/dissectors/packet-dcerpc-trksvr.c @@ -34,7 +34,7 @@ #include <epan/packet.h> #include "packet-dcerpc.h" #include "packet-dcerpc-nt.h" -#include "smb.h" +#include "packet-windows-common.h" static int proto_dcerpc_trksvr = -1; static int hf_trksvr_opnum = -1; diff --git a/epan/dissectors/packet-dcerpc-wkssvc.c b/epan/dissectors/packet-dcerpc-wkssvc.c index ed18756b1e..8c6e17d77f 100644 --- a/epan/dissectors/packet-dcerpc-wkssvc.c +++ b/epan/dissectors/packet-dcerpc-wkssvc.c @@ -33,7 +33,7 @@ #include "packet-dcerpc.h" #include "packet-dcerpc-wkssvc.h" #include "packet-dcerpc-nt.h" -#include "smb.h" +#include "packet-windows-common.h" static int proto_dcerpc_wkssvc = -1; static int hf_wkssvc_opnum = -1; diff --git a/epan/dissectors/packet-kerberos.c b/epan/dissectors/packet-kerberos.c index 41f83a146b..7c06701dbd 100644 --- a/epan/dissectors/packet-kerberos.c +++ b/epan/dissectors/packet-kerberos.c @@ -70,7 +70,7 @@ #include "prefs.h" #include <epan/dissectors/packet-ber.h> #include <epan/dissectors/packet-cms.h> -#include <epan/dissectors/packet-smb-common.h> +#include <epan/dissectors/packet-windows-common.h> #include <epan/dissectors/packet-dcerpc-netlogon.h> #include <epan/dissectors/packet-dcerpc.h> @@ -2017,7 +2017,7 @@ dissect_krb5_PAC_CLIENT_INFO_TYPE(packet_info *pinfo _U_, proto_tree *parent_tre } /* clientid */ - offset = dissect_smb_64bit_time(tvb, tree, offset, + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_krb_pac_clientid); /* name length */ diff --git a/epan/dissectors/packet-ntlmssp.c b/epan/dissectors/packet-ntlmssp.c index 5869a6ba6c..fa3f03c2ab 100644 --- a/epan/dissectors/packet-ntlmssp.c +++ b/epan/dissectors/packet-ntlmssp.c @@ -34,6 +34,7 @@ #include <glib.h> #include <epan/packet.h> +#include "packet-windows-common.h" #include "packet-smb-common.h" #include "asn1.h" /* XXX - needed for subid_t */ #include "packet-gssapi.h" @@ -640,7 +641,7 @@ dissect_ntlmv2_response(tvbuff_t *tvb, proto_tree *tree, int offset, int len) offset += 4; - offset = dissect_smb_64bit_time( + offset = dissect_nt_64bit_time( tvb, ntlmv2_tree, offset, hf_ntlmssp_ntlmv2_response_time); proto_tree_add_item( diff --git a/epan/dissectors/packet-smb-common.h b/epan/dissectors/packet-smb-common.h index 4b612f0cad..915fe193b0 100644 --- a/epan/dissectors/packet-smb-common.h +++ b/epan/dissectors/packet-smb-common.h @@ -36,54 +36,6 @@ const gchar *get_unicode_or_ascii_string(tvbuff_t *tvb, int *offsetp, gboolean useunicode, int *len, gboolean nopad, gboolean exactlen, guint16 *bcp); -int dissect_smb_64bit_time(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_date); - -int dissect_nt_sid(tvbuff_t *tvb, int offset, proto_tree *parent_tree, - char *name, char **sid_str, int hf_sid); - -/* - * Stuff for dissecting NT access masks - */ - -typedef void (nt_access_mask_fn_t)(tvbuff_t *tvb, gint offset, - proto_tree *tree, guint32 access); - -/* Map generic access permissions to specific permissions */ - -struct generic_mapping { - guint32 generic_read; - guint32 generic_write; - guint32 generic_execute; - guint32 generic_all; -}; - -/* Map standard access permissions to specific permissions */ - -struct standard_mapping { - guint32 std_read; - guint32 std_write; - guint32 std_execute; - guint32 std_all; -}; - -struct access_mask_info { - char *specific_rights_name; - nt_access_mask_fn_t *specific_rights_fn; - struct generic_mapping *generic_mapping; - struct standard_mapping *standard_mapping; -}; - -int -dissect_nt_access_mask(tvbuff_t *tvb, gint offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep, int hfindex, - struct access_mask_info *ami, - guint32 *perms); - -int -dissect_nt_sec_desc(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *parent_tree, guint8 *drep, int len, - struct access_mask_info *ami); - extern const value_string share_type_vals[]; #endif diff --git a/epan/dissectors/packet-smb-logon.c b/epan/dissectors/packet-smb-logon.c index bfb72b3ffd..18472d5da0 100644 --- a/epan/dissectors/packet-smb-logon.c +++ b/epan/dissectors/packet-smb-logon.c @@ -32,6 +32,7 @@ #include <glib.h> #include <epan/packet.h> +#include "packet-windows-common.h" #include "packet-smb-common.h" static int proto_smb_logon = -1; @@ -498,7 +499,7 @@ dissect_announce_change(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, TRUE); offset += 8; - offset = dissect_smb_64bit_time(tvb, info_tree, offset, + offset = dissect_nt_64bit_time(tvb, info_tree, offset, hf_nt_date_time); info_count--; diff --git a/epan/dissectors/packet-smb-pipe.c b/epan/dissectors/packet-smb-pipe.c index b7ba500976..e2bb58e518 100644 --- a/epan/dissectors/packet-smb-pipe.c +++ b/epan/dissectors/packet-smb-pipe.c @@ -46,6 +46,7 @@ XXX Fixme : shouldnt show [malformed frame] for long packets #include "packet-smb-pipe.h" #include "packet-smb-browse.h" #include "packet-smb-common.h" +#include "packet-windows-common.h" #include "packet-dcerpc.h" #include "reassemble.h" diff --git a/epan/dissectors/packet-smb.c b/epan/dissectors/packet-smb.c index cd40568044..606c515591 100644 --- a/epan/dissectors/packet-smb.c +++ b/epan/dissectors/packet-smb.c @@ -46,11 +46,11 @@ #include "tap.h" #include "packet-ipx.h" +#include "packet-windows-common.h" #include "packet-smb-common.h" #include "packet-smb-mailslot.h" #include "packet-smb-pipe.h" #include "packet-dcerpc.h" -#include "packet-smb-sidsnooping.h" #include "packet-ntlmssp.h" /* @@ -442,35 +442,6 @@ static int hf_smb_file_eattr_offline = -1; static int hf_smb_file_eattr_not_content_indexed = -1; static int hf_smb_file_eattr_encrypted = -1; static int hf_smb_sec_desc_len = -1; -static int hf_smb_sec_desc_revision = -1; -static int hf_smb_sec_desc_type_owner_defaulted = -1; -static int hf_smb_sec_desc_type_group_defaulted = -1; -static int hf_smb_sec_desc_type_dacl_present = -1; -static int hf_smb_sec_desc_type_dacl_defaulted = -1; -static int hf_smb_sec_desc_type_sacl_present = -1; -static int hf_smb_sec_desc_type_sacl_defaulted = -1; -static int hf_smb_sec_desc_type_dacl_auto_inherit_req = -1; -static int hf_smb_sec_desc_type_sacl_auto_inherit_req = -1; -static int hf_smb_sec_desc_type_dacl_auto_inherited = -1; -static int hf_smb_sec_desc_type_sacl_auto_inherited = -1; -static int hf_smb_sec_desc_type_dacl_protected = -1; -static int hf_smb_sec_desc_type_sacl_protected = -1; -static int hf_smb_sec_desc_type_self_relative = -1; -static int hf_smb_sid = -1; -static int hf_smb_sid_revision = -1; -static int hf_smb_sid_num_auth = -1; -static int hf_smb_acl_revision = -1; -static int hf_smb_acl_size = -1; -static int hf_smb_acl_num_aces = -1; -static int hf_smb_ace_type = -1; -static int hf_smb_ace_size = -1; -static int hf_smb_ace_flags_object_inherit = -1; -static int hf_smb_ace_flags_container_inherit = -1; -static int hf_smb_ace_flags_non_propagate_inherit = -1; -static int hf_smb_ace_flags_inherit_only = -1; -static int hf_smb_ace_flags_inherited_ace = -1; -static int hf_smb_ace_flags_successful_access = -1; -static int hf_smb_ace_flags_failed_access = -1; static int hf_smb_nt_qsd_owner = -1; static int hf_smb_nt_qsd_group = -1; static int hf_smb_nt_qsd_dacl = -1; @@ -704,12 +675,6 @@ static gint ett_smb_device_characteristics = -1; static gint ett_smb_fs_attributes = -1; static gint ett_smb_segments = -1; static gint ett_smb_segment = -1; -static gint ett_smb_sec_desc = -1; -static gint ett_smb_sid = -1; -static gint ett_smb_acl = -1; -static gint ett_smb_ace = -1; -static gint ett_smb_ace_flags = -1; -static gint ett_smb_sec_desc_type = -1; static gint ett_smb_quotaflags = -1; static gint ett_smb_secblob = -1; static gint ett_smb_unicode_password = -1; @@ -1209,103 +1174,6 @@ dissect_smb_UTIME(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_date) return offset; } -#define TIME_FIXUP_CONSTANT (369.0*365.25*24*60*60-(3.0*24*60*60+6.0*60*60)) - -/* - * Translate an 8-byte FILETIME value, given as the upper and lower 32 bits, - * to an "nstime_t". - * A FILETIME is a 64-bit integer, giving the time since Jan 1, 1601, - * midnight "UTC", in 100ns units. - * Return TRUE if the conversion succeeds, FALSE otherwise. - * - * According to the Samba code, it appears to be kludge-GMT (at least for - * file listings). This means it's the GMT you get by taking a local time - * and adding the server time zone offset. This is NOT the same as GMT in - * some cases. However, we don't know the server time zone, so we don't - * do that adjustment. - * - * This code is based on the Samba code: - * - * Unix SMB/Netbios implementation. - * Version 1.9. - * time handling functions - * Copyright (C) Andrew Tridgell 1992-1998 - */ -static gboolean -nt_time_to_nstime(guint32 filetime_high, guint32 filetime_low, nstime_t *tv) -{ - double d; - /* The next two lines are a fix needed for the - broken SCO compiler. JRA. */ - time_t l_time_min = TIME_T_MIN; - time_t l_time_max = TIME_T_MAX; - - if (filetime_high == 0) - return FALSE; - - /* - * Get the time as a double, in seconds and fractional seconds. - */ - d = ((double)filetime_high)*4.0*(double)(1<<30); - d += filetime_low; - d *= 1.0e-7; - - /* Now adjust by 369 years, to make the seconds since 1970. */ - d -= TIME_FIXUP_CONSTANT; - - if (!(l_time_min <= d && d <= l_time_max)) - return FALSE; - - /* - * Get the time as seconds and nanoseconds. - */ - tv->secs = (time_t) d; - tv->nsecs = (int) ((d - tv->secs)*1000000000); - - return TRUE; -} - -int -dissect_smb_64bit_time(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_date) -{ - guint32 filetime_high, filetime_low; - nstime_t ts; - - /* XXX there seems also to be another special time value which is fairly common : - 0x40000000 00000000 - the meaning of this one is yet unknown - */ - if (tree) { - filetime_low = tvb_get_letohl(tvb, offset); - filetime_high = tvb_get_letohl(tvb, offset + 4); - if (filetime_low == 0 && filetime_high == 0) { - proto_tree_add_text(tree, tvb, offset, 8, - "%s: No time specified (0)", - proto_registrar_get_name(hf_date)); - } else if(filetime_low==0 && filetime_high==0x80000000){ - proto_tree_add_text(tree, tvb, offset, 8, - "%s: Infinity (relative time)", - proto_registrar_get_name(hf_date)); - } else if(filetime_low==0xffffffff && filetime_high==0x7fffffff){ - proto_tree_add_text(tree, tvb, offset, 8, - "%s: Infinity (absolute time)", - proto_registrar_get_name(hf_date)); - } else { - if (nt_time_to_nstime(filetime_high, filetime_low, &ts)) { - proto_tree_add_time(tree, hf_date, tvb, - offset, 8, &ts); - } else { - proto_tree_add_text(tree, tvb, offset, 8, - "%s: Time can't be converted", - proto_registrar_get_name(hf_date)); - } - } - } - - offset += 8; - return offset; -} - static int dissect_smb_datetime(tvbuff_t *tvb, proto_tree *parent_tree, int offset, int hf_date, int hf_dos_date, int hf_dos_time, gboolean time_first) @@ -2244,7 +2112,7 @@ dissect_negprot_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, in offset += 4; /* system time */ - offset = dissect_smb_64bit_time(tvb, tree, offset, + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_system_time); /* time zone */ @@ -7247,824 +7115,6 @@ dissect_security_information_mask(tvbuff_t *tvb, proto_tree *parent_tree, int of return offset; } -static void -free_g_string(void *arg) -{ - g_string_free(arg, TRUE); -} - -/* Dissect a NT SID. Label it with 'name' and return a string version of - the SID in the 'sid_str' parameter which must be freed by the caller. - hf_sid can be -1 if the caller doesnt care what name is used and then - "smb.sid" will be the default instead. If the caller wants a more - appropriate hf field, it will just pass a FT_STRING hf field here -*/ - -int -dissect_nt_sid(tvbuff_t *tvb, int offset, proto_tree *parent_tree, char *name, - char **sid_str, int hf_sid) -{ - proto_item *item = NULL; - proto_tree *tree = NULL; - int old_offset = offset, sa_offset = offset; - gboolean rid_present; - guint rid=0; - int rid_offset=0; - guint8 revision; - int rev_offset; - guint8 num_auth; - int na_offset; - guint auth = 0; /* FIXME: What if it is larger than 32-bits */ - int i; - GString *gstr; - char sid_string[245]; - char *sid_name; - - if(hf_sid==-1){ - hf_sid=hf_smb_sid; - } - - /* revision of sid */ - revision = tvb_get_guint8(tvb, offset); - rev_offset = offset; - offset += 1; - - switch(revision){ - case 1: - case 2: /* Not sure what the different revision numbers mean */ - /* number of authorities*/ - num_auth = tvb_get_guint8(tvb, offset); - na_offset = offset; - offset += 1; - - /* XXX perhaps we should have these thing searchable? - a new FT_xxx thingie? SMB is quite common!*/ - /* identifier authorities */ - - for(i=0;i<6;i++){ - auth = (auth << 8) + tvb_get_guint8(tvb, offset); - - offset++; - } - - sa_offset = offset; - - gstr = g_string_new(""); - - CLEANUP_PUSH(free_g_string, gstr); - - /* sub authorities, leave RID to last */ - for(i=0; i < (num_auth > 4?(num_auth - 1):num_auth); i++){ - /* - * XXX should not be letohl but native byteorder according to - * Samba header files. - * - * However, considering that there were never any NT ports - * to big-endian platforms (PowerPC and MIPS ran little-endian, - * and IA-64 runs little-endian, as does x86-64), we can (?) - * assume that non le byte encodings will be "uncommon"? - */ - g_string_sprintfa(gstr, (i>0 ? "-%u" : "%u"), - tvb_get_letohl(tvb, offset)); - offset+=4; - } - - - if (num_auth > 4) { - rid = tvb_get_letohl(tvb, offset); - rid_present=TRUE; - rid_offset=offset; - offset+=4; - sprintf(sid_string, "S-1-%u-%s-%u", auth, gstr->str, rid); - } else { - rid_present=FALSE; - sprintf(sid_string, "S-1-%u-%s", auth, gstr->str); - } - - sid_name=NULL; - if(sid_name_snooping){ - sid_name=find_sid_name(sid_string); - } - - if(parent_tree){ - if(sid_name){ - item = proto_tree_add_string_format(parent_tree, hf_sid, tvb, old_offset, offset-old_offset, sid_string, "%s: %s (%s)", name, sid_string, sid_name); - } else { - item = proto_tree_add_string_format(parent_tree, hf_sid, tvb, old_offset, offset-old_offset, sid_string, "%s: %s", name, sid_string); - } - tree = proto_item_add_subtree(item, ett_smb_sid); - } - - proto_tree_add_item(tree, hf_smb_sid_revision, tvb, rev_offset, 1, TRUE); - proto_tree_add_item(tree, hf_smb_sid_num_auth, tvb, na_offset, 1, TRUE); - proto_tree_add_text(tree, tvb, na_offset+1, 6, "Authority: %u", auth); - proto_tree_add_text(tree, tvb, sa_offset, num_auth * 4, "Sub-authorities: %s", gstr->str); - - if(rid_present){ - proto_tree_add_text(tree, tvb, rid_offset, 4, "RID: %u", rid); - } - - if(sid_str){ - if(sid_name){ - *sid_str = g_strdup_printf("%s (%s)", sid_string, sid_name); - } else { - *sid_str = g_strdup(sid_string); - } - } - - CLEANUP_CALL_AND_POP; - } - - - return offset; -} - - -static const value_string ace_type_vals[] = { - { 0, "Access Allowed"}, - { 1, "Access Denied"}, - { 2, "System Audit"}, - { 3, "System Alarm"}, - { 0, NULL} -}; -static const true_false_string tfs_ace_flags_object_inherit = { - "Subordinate files will inherit this ACE", - "Subordinate files will not inherit this ACE" -}; -static const true_false_string tfs_ace_flags_container_inherit = { - "Subordinate containers will inherit this ACE", - "Subordinate containers will not inherit this ACE" -}; -static const true_false_string tfs_ace_flags_non_propagate_inherit = { - "Subordinate object will not propagate the inherited ACE further", - "Subordinate object will propagate the inherited ACE further" -}; -static const true_false_string tfs_ace_flags_inherit_only = { - "This ACE does not apply to the current object", - "This ACE applies to the current object" -}; -static const true_false_string tfs_ace_flags_inherited_ace = { - "This ACE was inherited from its parent object", - "This ACE was not inherited from its parent object" -}; -static const true_false_string tfs_ace_flags_successful_access = { - "Successful accesses will be audited", - "Successful accesses will not be audited" -}; -static const true_false_string tfs_ace_flags_failed_access = { - "Failed accesses will be audited", - "Failed accesses will not be audited" -}; - -#define APPEND_ACE_TEXT(flag, item, string) \ - if(flag){ \ - if(item) \ - proto_item_append_text(item, string, sep); \ - sep = ", "; \ - } - -static int -dissect_nt_v2_ace_flags(tvbuff_t *tvb, int offset, proto_tree *parent_tree, - guint8 *data) -{ - proto_item *item = NULL; - proto_tree *tree = NULL; - guint8 mask; - char *sep = " "; - - mask = tvb_get_guint8(tvb, offset); - - if (data) - *data = mask; - - - if(parent_tree){ - item = proto_tree_add_text(parent_tree, tvb, offset, 1, - "NT ACE Flags: 0x%02x", mask); - tree = proto_item_add_subtree(item, ett_smb_ace_flags); - } - - proto_tree_add_boolean(tree, hf_smb_ace_flags_failed_access, - tvb, offset, 1, mask); - APPEND_ACE_TEXT(mask&0x80, item, "%sFailed Access"); - - proto_tree_add_boolean(tree, hf_smb_ace_flags_successful_access, - tvb, offset, 1, mask); - APPEND_ACE_TEXT(mask&0x40, item, "%sSuccessful Access"); - - proto_tree_add_boolean(tree, hf_smb_ace_flags_inherited_ace, - tvb, offset, 1, mask); - APPEND_ACE_TEXT(mask&0x10, item, "%sInherited ACE"); - - proto_tree_add_boolean(tree, hf_smb_ace_flags_inherit_only, - tvb, offset, 1, mask); - APPEND_ACE_TEXT(mask&0x08, item, "%sInherit Only"); - - proto_tree_add_boolean(tree, hf_smb_ace_flags_non_propagate_inherit, - tvb, offset, 1, mask); - APPEND_ACE_TEXT(mask&0x04, item, "%sNo Propagate Inherit"); - - proto_tree_add_boolean(tree, hf_smb_ace_flags_container_inherit, - tvb, offset, 1, mask); - APPEND_ACE_TEXT(mask&0x02, item, "%sContainer Inherit"); - - proto_tree_add_boolean(tree, hf_smb_ace_flags_object_inherit, - tvb, offset, 1, mask); - APPEND_ACE_TEXT(mask&0x01, item, "%sObject Inherit"); - - - offset += 1; - return offset; -} - -/* Dissect an access mask. All this stuff is kind of explained at MSDN: - -http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/windows_2000_windows_nt_access_mask_format.asp - -*/ - -static gint ett_nt_access_mask = -1; -static gint ett_nt_access_mask_generic = -1; -static gint ett_nt_access_mask_standard = -1; -static gint ett_nt_access_mask_specific = -1; - -static int hf_access_sacl = -1; -static int hf_access_maximum_allowed = -1; -static int hf_access_generic_read = -1; -static int hf_access_generic_write = -1; -static int hf_access_generic_execute = -1; -static int hf_access_generic_all = -1; -static int hf_access_standard_delete = -1; -static int hf_access_standard_read_control = -1; -static int hf_access_standard_synchronise = -1; -static int hf_access_standard_write_dac = -1; -static int hf_access_standard_write_owner = -1; -static int hf_access_specific_15 = -1; -static int hf_access_specific_14 = -1; -static int hf_access_specific_13 = -1; -static int hf_access_specific_12 = -1; -static int hf_access_specific_11 = -1; -static int hf_access_specific_10 = -1; -static int hf_access_specific_9 = -1; -static int hf_access_specific_8 = -1; -static int hf_access_specific_7 = -1; -static int hf_access_specific_6 = -1; -static int hf_access_specific_5 = -1; -static int hf_access_specific_4 = -1; -static int hf_access_specific_3 = -1; -static int hf_access_specific_2 = -1; -static int hf_access_specific_1 = -1; -static int hf_access_specific_0 = -1; - -/* Map generic permissions to specific permissions */ - -static void map_generic_access(guint32 *access_mask, - struct generic_mapping *mapping) -{ - if (*access_mask & GENERIC_READ_ACCESS) { - *access_mask &= ~GENERIC_READ_ACCESS; - *access_mask |= mapping->generic_read; - } - - if (*access_mask & GENERIC_WRITE_ACCESS) { - *access_mask &= ~GENERIC_WRITE_ACCESS; - *access_mask |= mapping->generic_write; - } - - if (*access_mask & GENERIC_EXECUTE_ACCESS) { - *access_mask &= ~GENERIC_EXECUTE_ACCESS; - *access_mask |= mapping->generic_execute; - } - - if (*access_mask & GENERIC_ALL_ACCESS) { - *access_mask &= ~GENERIC_ALL_ACCESS; - *access_mask |= mapping->generic_all; - } -} - -/* Map standard permissions to specific permissions */ - -static void map_standard_access(guint32 *access_mask, - struct standard_mapping *mapping) -{ - if (*access_mask & READ_CONTROL_ACCESS) { - *access_mask &= ~READ_CONTROL_ACCESS; - *access_mask |= mapping->std_read; - } - - if (*access_mask & (DELETE_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS| - SYNCHRONIZE_ACCESS)) { - *access_mask &= ~(DELETE_ACCESS|WRITE_DAC_ACCESS| - WRITE_OWNER_ACCESS|SYNCHRONIZE_ACCESS); - *access_mask |= mapping->std_all; - } - -} - -int -dissect_nt_access_mask(tvbuff_t *tvb, gint offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep, int hfindex, - struct access_mask_info *ami, guint32 *perms) -{ - proto_item *item; - proto_tree *subtree, *generic_tree, *standard_tree, *specific_tree; - guint32 access; - - if (drep != NULL) { - /* - * Called from a DCE RPC protocol dissector, for a - * protocol where a 32-bit NDR integer contains - * an NT access mask; extract the access mask - * with an NDR call. - */ - offset = dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep, - hfindex, &access); - } else { - /* - * Called from SMB, where the access mask is just a - * 4-byte little-endian quantity with no special - * NDR alignment requirement; extract it with - * "tvb_get_letohl()". - */ - access = tvb_get_letohl(tvb, offset); - offset += 4; - } - - if (perms) { - *perms = access; - } - - item = proto_tree_add_uint(tree, hfindex, tvb, offset - 4, 4, access); - - subtree = proto_item_add_subtree(item, ett_nt_access_mask); - - /* Generic access rights */ - - item = proto_tree_add_text(subtree, tvb, offset - 4, 4, - "Generic rights: 0x%08x", - access & GENERIC_RIGHTS_MASK); - - generic_tree = proto_item_add_subtree( - item, ett_nt_access_mask_generic); - - proto_tree_add_boolean( - generic_tree, hf_access_generic_read, tvb, offset - 4, 4, - access); - - proto_tree_add_boolean( - generic_tree, hf_access_generic_write, tvb, offset - 4, 4, - access); - - proto_tree_add_boolean( - generic_tree, hf_access_generic_execute, tvb, offset - 4, 4, - access); - - proto_tree_add_boolean( - generic_tree, hf_access_generic_all, tvb, offset - 4, 4, - access); - - /* Reserved (??) */ - - proto_tree_add_boolean( - subtree, hf_access_maximum_allowed, tvb, offset - 4, 4, - access); - - /* Access system security */ - - proto_tree_add_boolean( - subtree, hf_access_sacl, tvb, offset - 4, 4, - access); - - /* Standard access rights */ - - item = proto_tree_add_text(subtree, tvb, offset - 4, 4, - "Standard rights: 0x%08x", - access & STANDARD_RIGHTS_MASK); - - standard_tree = proto_item_add_subtree( - item, ett_nt_access_mask_standard); - - proto_tree_add_boolean( - standard_tree, hf_access_standard_synchronise, tvb, - offset - 4, 4, access); - - proto_tree_add_boolean( - standard_tree, hf_access_standard_write_owner, tvb, - offset - 4, 4, access); - - proto_tree_add_boolean( - standard_tree, hf_access_standard_write_dac, tvb, - offset - 4, 4, access); - - proto_tree_add_boolean( - standard_tree, hf_access_standard_read_control, tvb, - offset - 4, 4, access); - - proto_tree_add_boolean( - standard_tree, hf_access_standard_delete, tvb, offset - 4, 4, - access); - - /* Specific access rights. Call the specific_rights_fn - pointer if we have one, otherwise just display bits 0-15 in - boring fashion. */ - - if (ami && ami->specific_rights_name) - item = proto_tree_add_text(subtree, tvb, offset - 4, 4, - "%s specific rights: 0x%08x", - ami->specific_rights_name, - access & SPECIFIC_RIGHTS_MASK); - else - item = proto_tree_add_text(subtree, tvb, offset - 4, 4, - "Specific rights: 0x%08x", - access & SPECIFIC_RIGHTS_MASK); - - specific_tree = proto_item_add_subtree( - item, ett_nt_access_mask_specific); - - if (ami && ami->specific_rights_fn) { - guint32 mapped_access = access; - proto_tree *specific_mapped; - - specific_mapped = proto_item_add_subtree( - item, ett_nt_access_mask_specific); - - ami->specific_rights_fn( - tvb, offset - 4, specific_tree, access); - - if (ami->generic_mapping) - map_generic_access(&access, ami->generic_mapping); - - if (ami->standard_mapping) - map_standard_access(&access, ami->standard_mapping); - - if (access != mapped_access) { - ami->specific_rights_fn( - tvb, offset - 4, specific_mapped, - mapped_access); - } - - return offset; - } - - proto_tree_add_boolean( - specific_tree, hf_access_specific_15, tvb, offset - 4, 4, - access); - - proto_tree_add_boolean( - specific_tree, hf_access_specific_14, tvb, offset - 4, 4, - access); - - proto_tree_add_boolean( - specific_tree, hf_access_specific_13, tvb, offset - 4, 4, - access); - - proto_tree_add_boolean( - specific_tree, hf_access_specific_12, tvb, offset - 4, 4, - access); - - proto_tree_add_boolean( - specific_tree, hf_access_specific_11, tvb, offset - 4, 4, - access); - - proto_tree_add_boolean( - specific_tree, hf_access_specific_10, tvb, offset - 4, 4, - access); - - proto_tree_add_boolean( - specific_tree, hf_access_specific_9, tvb, offset - 4, 4, - access); - - proto_tree_add_boolean( - specific_tree, hf_access_specific_8, tvb, offset - 4, 4, - access); - - proto_tree_add_boolean( - specific_tree, hf_access_specific_7, tvb, offset - 4, 4, - access); - - proto_tree_add_boolean( - specific_tree, hf_access_specific_6, tvb, offset - 4, 4, - access); - - proto_tree_add_boolean( - specific_tree, hf_access_specific_5, tvb, offset - 4, 4, - access); - - proto_tree_add_boolean( - specific_tree, hf_access_specific_4, tvb, offset - 4, 4, - access); - - proto_tree_add_boolean( - specific_tree, hf_access_specific_3, tvb, offset - 4, 4, - access); - - proto_tree_add_boolean( - specific_tree, hf_access_specific_2, tvb, offset - 4, 4, - access); - - proto_tree_add_boolean( - specific_tree, hf_access_specific_1, tvb, offset - 4, 4, - access); - - proto_tree_add_boolean( - specific_tree, hf_access_specific_0, tvb, offset - 4, 4, - access); - - return offset; -} - -static int hf_smb_access_mask = -1; - -static int -dissect_nt_v2_ace(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *parent_tree, guint8 *drep, - struct access_mask_info *ami) -{ - proto_item *item = NULL; - proto_tree *tree = NULL; - int old_offset = offset; - guint16 size; - char *sid_str = NULL; - guint8 type; - guint8 flags; - guint32 perms = 0; - - if(parent_tree){ - item = proto_tree_add_text(parent_tree, tvb, offset, -1, - "NT ACE: "); - tree = proto_item_add_subtree(item, ett_smb_ace); - } - - /* type */ - type = tvb_get_guint8(tvb, offset); - proto_tree_add_uint(tree, hf_smb_ace_type, tvb, offset, 1, type); - offset += 1; - - /* flags */ - offset = dissect_nt_v2_ace_flags(tvb, offset, tree, &flags); - - /* size */ - size = tvb_get_letohs(tvb, offset); - proto_tree_add_uint(tree, hf_smb_ace_size, tvb, offset, 2, size); - offset += 2; - - /* access mask */ - offset = dissect_nt_access_mask( - tvb, offset, pinfo, tree, drep, - hf_smb_access_mask, ami, &perms); - - /* SID */ - offset = dissect_nt_sid(tvb, offset, tree, "ACE", &sid_str, -1); - - if (item) - proto_item_append_text( - item, "%s, flags 0x%02x, %s, mask 0x%08x", sid_str, flags, - val_to_str(type, ace_type_vals, "Unknown ACE type (0x%02x)"), - perms); - - g_free(sid_str); - - proto_item_set_len(item, offset-old_offset); - - /* Sometimes there is some spare space at the end of the ACE so use - the size field to work out where the end is. */ - - return old_offset + size; -} - -static int -dissect_nt_acl(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *parent_tree, guint8 *drep, char *name, - struct access_mask_info *ami) -{ - proto_item *item = NULL; - proto_tree *tree = NULL; - int old_offset = offset; - guint8 revision; - guint32 num_aces; - - if(parent_tree){ - item = proto_tree_add_text(parent_tree, tvb, offset, -1, - "NT %s ACL", name); - tree = proto_item_add_subtree(item, ett_smb_acl); - } - - /* revision */ - revision = tvb_get_guint8(tvb, offset); - proto_tree_add_uint(tree, hf_smb_acl_revision, - tvb, offset, 1, revision); - offset += 2; - - switch(revision){ - case 2: /* only version we will ever see of this structure?*/ - case 3: - /* size */ - proto_tree_add_item(tree, hf_smb_acl_size, tvb, offset, 2, TRUE); - offset += 2; - - /* number of ace structures */ - num_aces = tvb_get_letohl(tvb, offset); - proto_tree_add_uint(tree, hf_smb_acl_num_aces, - tvb, offset, 4, num_aces); - offset += 4; - - while(num_aces--){ - offset=dissect_nt_v2_ace( - tvb, offset, pinfo, tree, drep, ami); - } - } - - proto_item_set_len(item, offset-old_offset); - return offset; -} - -static const true_false_string tfs_sec_desc_type_owner_defaulted = { - "OWNER is DEFAULTED", - "Owner is NOT defaulted" -}; -static const true_false_string tfs_sec_desc_type_group_defaulted = { - "GROUP is DEFAULTED", - "Group is NOT defaulted" -}; -static const true_false_string tfs_sec_desc_type_dacl_present = { - "DACL is PRESENT", - "DACL is NOT present" -}; -static const true_false_string tfs_sec_desc_type_dacl_defaulted = { - "DACL is DEFAULTED", - "DACL is NOT defaulted" -}; -static const true_false_string tfs_sec_desc_type_sacl_present = { - "SACL is PRESENT", - "SACL is NOT present" -}; -static const true_false_string tfs_sec_desc_type_sacl_defaulted = { - "SACL is DEFAULTED", - "SACL is NOT defaulted" -}; -static const true_false_string tfs_sec_desc_type_dacl_auto_inherit_req = { - "DACL has AUTO INHERIT REQUIRED", - "DACL does NOT require auto inherit" -}; -static const true_false_string tfs_sec_desc_type_sacl_auto_inherit_req = { - "SACL has AUTO INHERIT REQUIRED", - "SACL does NOT require auto inherit" -}; -static const true_false_string tfs_sec_desc_type_dacl_auto_inherited = { - "DACL is AUTO INHERITED", - "DACL is NOT auto inherited" -}; -static const true_false_string tfs_sec_desc_type_sacl_auto_inherited = { - "SACL is AUTO INHERITED", - "SACL is NOT auto inherited" -}; -static const true_false_string tfs_sec_desc_type_dacl_protected = { - "The DACL is PROTECTED", - "The DACL is NOT protected" -}; -static const true_false_string tfs_sec_desc_type_sacl_protected = { - "The SACL is PROTECTED", - "The SACL is NOT protected" -}; -static const true_false_string tfs_sec_desc_type_self_relative = { - "This SecDesc is SELF RELATIVE", - "This SecDesc is NOT self relative" -}; - - -static int -dissect_nt_sec_desc_type(tvbuff_t *tvb, int offset, proto_tree *parent_tree) -{ - proto_item *item = NULL; - proto_tree *tree = NULL; - guint16 mask; - - mask = tvb_get_letohs(tvb, offset); - if(parent_tree){ - item = proto_tree_add_text(parent_tree, tvb, offset, 2, - "Type: 0x%04x", mask); - tree = proto_item_add_subtree(item, ett_smb_sec_desc_type); - } - - proto_tree_add_boolean(tree,hf_smb_sec_desc_type_self_relative, - tvb, offset, 2, mask); - proto_tree_add_boolean(tree,hf_smb_sec_desc_type_sacl_protected, - tvb, offset, 2, mask); - proto_tree_add_boolean(tree,hf_smb_sec_desc_type_dacl_protected, - tvb, offset, 2, mask); - proto_tree_add_boolean(tree,hf_smb_sec_desc_type_sacl_auto_inherited, - tvb, offset, 2, mask); - proto_tree_add_boolean(tree,hf_smb_sec_desc_type_dacl_auto_inherited, - tvb, offset, 2, mask); - proto_tree_add_boolean(tree,hf_smb_sec_desc_type_sacl_auto_inherit_req, - tvb, offset, 2, mask); - proto_tree_add_boolean(tree,hf_smb_sec_desc_type_dacl_auto_inherit_req, - tvb, offset, 2, mask); - proto_tree_add_boolean(tree,hf_smb_sec_desc_type_sacl_defaulted, - tvb, offset, 2, mask); - proto_tree_add_boolean(tree,hf_smb_sec_desc_type_sacl_present, - tvb, offset, 2, mask); - proto_tree_add_boolean(tree,hf_smb_sec_desc_type_dacl_defaulted, - tvb, offset, 2, mask); - proto_tree_add_boolean(tree,hf_smb_sec_desc_type_dacl_present, - tvb, offset, 2, mask); - proto_tree_add_boolean(tree,hf_smb_sec_desc_type_group_defaulted, - tvb, offset, 2, mask); - proto_tree_add_boolean(tree, hf_smb_sec_desc_type_owner_defaulted, - tvb, offset, 2, mask); - - - offset += 2; - return offset; -} - -int -dissect_nt_sec_desc(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *parent_tree, guint8 *drep, int len, - struct access_mask_info *ami) -{ - proto_item *item = NULL; - proto_tree *tree = NULL; - guint8 revision; - int old_offset = offset; - guint32 owner_sid_offset; - guint32 group_sid_offset; - guint32 sacl_offset; - guint32 dacl_offset; - - if(parent_tree){ - item = proto_tree_add_text(parent_tree, tvb, offset, len, - "NT Security Descriptor"); - tree = proto_item_add_subtree(item, ett_smb_sec_desc); - } - - /* revision */ - revision = tvb_get_guint8(tvb, offset); - proto_tree_add_uint(tree, hf_smb_sec_desc_revision, - tvb, offset, 1, revision); - offset += 1; - - /* next byte should be zero, for now just ignore it */ - offset += 1; - - - switch(revision){ - case 1: /* only version we will ever see of this structure?*/ - /* type */ - offset = dissect_nt_sec_desc_type(tvb, offset, tree); - - /* offset to owner sid */ - owner_sid_offset = tvb_get_letohl(tvb, offset); - proto_tree_add_text(tree, tvb, offset, 4, "Offset to owner SID: %u", owner_sid_offset); - offset += 4; - - /* offset to group sid */ - group_sid_offset = tvb_get_letohl(tvb, offset); - proto_tree_add_text(tree, tvb, offset, 4, "Offset to group SID: %u", group_sid_offset); - offset += 4; - - /* offset to sacl */ - sacl_offset = tvb_get_letohl(tvb, offset); - proto_tree_add_text(tree, tvb, offset, 4, "Offset to SACL: %u", sacl_offset); - offset += 4; - - /* offset to dacl */ - dacl_offset = tvb_get_letohl(tvb, offset); - proto_tree_add_text(tree, tvb, offset, 4, "Offset to DACL: %u", dacl_offset); - offset += 4; - - /*owner SID*/ - if(owner_sid_offset){ - if (len == -1) - offset = dissect_nt_sid(tvb, offset, tree, "Owner", NULL, -1); - else - dissect_nt_sid( - tvb, old_offset+owner_sid_offset, tree, "Owner", NULL, -1); - } - - /*group SID*/ - if(group_sid_offset){ - dissect_nt_sid( - tvb, old_offset+group_sid_offset, tree, "Group", NULL, -1); - } - - /* sacl */ - if(sacl_offset){ - dissect_nt_acl(tvb, old_offset+sacl_offset, pinfo, tree, - drep, "System (SACL)", ami); - } - - /* dacl */ - if(dacl_offset){ - dissect_nt_acl(tvb, old_offset+dacl_offset, pinfo, tree, - drep, "User (DACL)", ami); - } - - } - - return offset+len; -} - static int dissect_nt_user_quota(tvbuff_t *tvb, proto_tree *tree, int offset, guint16 *bcp) { @@ -8745,19 +7795,19 @@ dissect_nt_trans_param_response(tvbuff_t *tvb, packet_info *pinfo, offset += 4; /* create time */ - offset = dissect_smb_64bit_time(tvb, tree, offset, + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_create_time); /* access time */ - offset = dissect_smb_64bit_time(tvb, tree, offset, + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_access_time); /* last write time */ - offset = dissect_smb_64bit_time(tvb, tree, offset, + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_last_write_time); /* last change time */ - offset = dissect_smb_64bit_time(tvb, tree, offset, + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_change_time); /* Extended File Attributes */ @@ -9689,17 +8739,17 @@ dissect_nt_create_andx_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *t offset += 4; /* create time */ - offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_create_time); + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_create_time); /* access time */ - offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_access_time); + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_access_time); /* last write time */ - offset = dissect_smb_64bit_time(tvb, tree, offset, + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_last_write_time); /* last change time */ - offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_change_time); + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_change_time); /* Extended File Attributes */ offset = dissect_file_ext_attr(tvb, tree, offset); @@ -11079,23 +10129,23 @@ dissect_4_2_16_4(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, { /* create time */ CHECK_BYTE_COUNT_SUBR(8); - offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_create_time); + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_create_time); *bcp -= 8; /* access time */ CHECK_BYTE_COUNT_SUBR(8); - offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_access_time); + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_access_time); *bcp -= 8; /* last write time */ CHECK_BYTE_COUNT_SUBR(8); - offset = dissect_smb_64bit_time(tvb, tree, offset, + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_last_write_time); *bcp -= 8; /* last change time */ CHECK_BYTE_COUNT_SUBR(8); - offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_change_time); + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_change_time); *bcp -= 8; /* File Attributes */ @@ -11394,17 +10444,17 @@ dissect_4_2_16_12(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, /* Last status change */ CHECK_BYTE_COUNT_SUBR(8); - offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_unix_file_last_status); - *bcp -= 8; /* dissect_smb_64bit_time() increments offset */ + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_unix_file_last_status); + *bcp -= 8; /* dissect_nt_64bit_time() increments offset */ /* Last access time */ CHECK_BYTE_COUNT_SUBR(8); - offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_unix_file_last_access); + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_unix_file_last_access); *bcp -= 8; /* Last modification time */ CHECK_BYTE_COUNT_SUBR(8); - offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_unix_file_last_change); + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_unix_file_last_change); *bcp -= 8; /* File owner uid */ @@ -12666,23 +11716,23 @@ dissect_4_3_4_4(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, /* create time */ CHECK_BYTE_COUNT_SUBR(8); - offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_create_time); + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_create_time); *bcp -= 8; /* access time */ CHECK_BYTE_COUNT_SUBR(8); - offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_access_time); + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_access_time); *bcp -= 8; /* last write time */ CHECK_BYTE_COUNT_SUBR(8); - offset = dissect_smb_64bit_time(tvb, tree, offset, + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_last_write_time); *bcp -= 8; /* last change time */ CHECK_BYTE_COUNT_SUBR(8); - offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_change_time); + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_change_time); *bcp -= 8; /* end of file */ @@ -12779,23 +11829,23 @@ dissect_4_3_4_5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, /* create time */ CHECK_BYTE_COUNT_SUBR(8); - offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_create_time); + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_create_time); *bcp -= 8; /* access time */ CHECK_BYTE_COUNT_SUBR(8); - offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_access_time); + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_access_time); *bcp -= 8; /* last write time */ CHECK_BYTE_COUNT_SUBR(8); - offset = dissect_smb_64bit_time(tvb, tree, offset, + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_last_write_time); *bcp -= 8; /* last change time */ CHECK_BYTE_COUNT_SUBR(8); - offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_change_time); + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_change_time); *bcp -= 8; /* end of file */ @@ -12898,23 +11948,23 @@ dissect_4_3_4_6(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, /* create time */ CHECK_BYTE_COUNT_SUBR(8); - offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_create_time); + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_create_time); *bcp -= 8; /* access time */ CHECK_BYTE_COUNT_SUBR(8); - offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_access_time); + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_access_time); *bcp -= 8; /* last write time */ CHECK_BYTE_COUNT_SUBR(8); - offset = dissect_smb_64bit_time(tvb, tree, offset, + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_last_write_time); *bcp -= 8; /* last change time */ CHECK_BYTE_COUNT_SUBR(8); - offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_change_time); + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_change_time); *bcp -= 8; /* end of file */ @@ -13112,17 +12162,17 @@ dissect_4_3_4_8(tvbuff_t *tvb _U_, packet_info *pinfo _U_, /* Last status change */ CHECK_BYTE_COUNT_SUBR(8); - offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_unix_file_last_status); + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_unix_file_last_status); *bcp -= 8; /* Last access time */ CHECK_BYTE_COUNT_SUBR(8); - offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_unix_file_last_access); + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_unix_file_last_access); *bcp -= 8; /* Last modification time */ CHECK_BYTE_COUNT_SUBR(8); - offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_unix_file_last_change); + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_unix_file_last_change); *bcp -= 8; /* File owner uid */ @@ -13418,7 +12468,7 @@ dissect_qfsi_vals(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, case 1001: /* SMB_FS_VOLUME_INFORMATION */ /* create time */ CHECK_BYTE_COUNT_TRANS_SUBR(8); - offset = dissect_smb_64bit_time(tvb, tree, offset, + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_create_time); *bcp -= 8; @@ -13555,15 +12605,15 @@ dissect_qfsi_vals(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, case 0x301: /* MAC_QUERY_FS_INFO */ /* Create time */ CHECK_BYTE_COUNT_TRANS_SUBR(8); - offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_create_time); + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_create_time); *bcp -= 8; /* Modify Time */ CHECK_BYTE_COUNT_TRANS_SUBR(8); - offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_modify_time); + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_modify_time); *bcp -= 8; /* Backup Time */ CHECK_BYTE_COUNT_TRANS_SUBR(8); - offset = dissect_smb_64bit_time(tvb, tree, offset, hf_smb_backup_time); + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb_backup_time); *bcp -= 8; /* Allocation blocks */ CHECK_BYTE_COUNT_TRANS_SUBR(4); @@ -15167,60 +14217,6 @@ static const value_string errcls_types[] = { { 0, NULL } }; -const value_string DOS_errors[] = { - {0, "Success"}, - {SMBE_insufficientbuffer, "Insufficient buffer"}, - {SMBE_badfunc, "Invalid function (or system call)"}, - {SMBE_badfile, "File not found (pathname error)"}, - {SMBE_badpath, "Directory not found"}, - {SMBE_nofids, "Too many open files"}, - {SMBE_noaccess, "Access denied"}, - {SMBE_badfid, "Invalid fid"}, - {SMBE_nomem, "Out of memory"}, - {SMBE_badmem, "Invalid memory block address"}, - {SMBE_badenv, "Invalid environment"}, - {SMBE_badaccess, "Invalid open mode"}, - {SMBE_baddata, "Invalid data (only from ioctl call)"}, - {SMBE_res, "Reserved error code?"}, - {SMBE_baddrive, "Invalid drive"}, - {SMBE_remcd, "Attempt to delete current directory"}, - {SMBE_diffdevice, "Rename/move across different filesystems"}, - {SMBE_nofiles, "No more files found in file search"}, - {SMBE_badshare, "Share mode on file conflict with open mode"}, - {SMBE_lock, "Lock request conflicts with existing lock"}, - {SMBE_unsup, "Request unsupported, returned by Win 95"}, - {SMBE_nosuchshare, "Requested share does not exist"}, - {SMBE_filexists, "File in operation already exists"}, - {SMBE_cannotopen, "Cannot open the file specified"}, - {SMBE_unknownlevel, "Unknown info level"}, - {SMBE_invalidname, "Invalid name"}, - {SMBE_badpipe, "Named pipe invalid"}, - {SMBE_pipebusy, "All instances of pipe are busy"}, - {SMBE_pipeclosing, "Named pipe close in progress"}, - {SMBE_notconnected, "No process on other end of named pipe"}, - {SMBE_moredata, "More data to be returned"}, - {SMBE_baddirectory, "Invalid directory name in a path."}, - {SMBE_eas_didnt_fit, "Extended attributes didn't fit"}, - {SMBE_eas_nsup, "Extended attributes not supported"}, - {SMBE_notify_buf_small, "Buffer too small to return change notify."}, - {SMBE_unknownipc, "Unknown IPC Operation"}, - {SMBE_noipc, "Don't support ipc"}, - {SMBE_alreadyexists, "File already exists"}, - {SMBE_unknownprinterdriver, "Unknown printer driver"}, - {SMBE_invalidprintername, "Invalid printer name"}, - {SMBE_printeralreadyexists, "Printer already exists"}, - {SMBE_invaliddatatype, "Invalid data type"}, - {SMBE_invalidenvironment, "Invalid environment"}, - {SMBE_printerdriverinuse, "Printer driver in use"}, - {SMBE_invalidparam, "Invalid parameter"}, - {SMBE_invalidformsize, "Invalid form size"}, - {SMBE_invalidsecuritydescriptor, "Invalid security descriptor"}, - {SMBE_invalidowner, "Invalid owner"}, - {SMBE_nomoreitems, "No more items"}, - {SMBE_serverunavailable, "Server unavailable"}, - {0, NULL} - }; - /* Error codes for the ERRSRV class */ static const value_string SRV_errors[] = { @@ -15317,993 +14313,6 @@ static char *decode_smb_error(guint8 errcls, guint16 errcode) } - -/* These are the MS country codes from - - http://www.unicode.org/unicode/onlinedat/countries.html - - For countries that share the same number, I choose to use only the - name of the largest country. Apologies for this. If this offends you, - here is the table to change that. - - This also includes the code of 0 for "Default", which isn't in - that list, but is in Microsoft's SDKs and the Cygnus "winnls.h" - header file. Presumably it means "don't override the setting - on the user's machine". - - Future versions of Microsoft's "winnls.h" header file might include - additional codes; the current version matches the Unicode Consortium's - table. -*/ -const value_string ms_country_codes[] = { - { 0, "Default"}, - { 1, "USA"}, - { 2, "Canada"}, - { 7, "Russia"}, - { 20, "Egypt"}, - { 27, "South Africa"}, - { 30, "Greece"}, - { 31, "Netherlands"}, - { 32, "Belgium"}, - { 33, "France"}, - { 34, "Spain"}, - { 36, "Hungary"}, - { 39, "Italy"}, - { 40, "Romania"}, - { 41, "Switzerland"}, - { 43, "Austria"}, - { 44, "United Kingdom"}, - { 45, "Denmark"}, - { 46, "Sweden"}, - { 47, "Norway"}, - { 48, "Poland"}, - { 49, "Germany"}, - { 51, "Peru"}, - { 52, "Mexico"}, - { 54, "Argentina"}, - { 55, "Brazil"}, - { 56, "Chile"}, - { 57, "Colombia"}, - { 58, "Venezuela"}, - { 60, "Malaysia"}, - { 61, "Australia"}, - { 62, "Indonesia"}, - { 63, "Philippines"}, - { 64, "New Zealand"}, - { 65, "Singapore"}, - { 66, "Thailand"}, - { 81, "Japan"}, - { 82, "South Korea"}, - { 84, "Viet Nam"}, - { 86, "China"}, - { 90, "Turkey"}, - { 91, "India"}, - { 92, "Pakistan"}, - {212, "Morocco"}, - {213, "Algeria"}, - {216, "Tunisia"}, - {218, "Libya"}, - {254, "Kenya"}, - {263, "Zimbabwe"}, - {298, "Faroe Islands"}, - {351, "Portugal"}, - {352, "Luxembourg"}, - {353, "Ireland"}, - {354, "Iceland"}, - {355, "Albania"}, - {358, "Finland"}, - {359, "Bulgaria"}, - {370, "Lithuania"}, - {371, "Latvia"}, - {372, "Estonia"}, - {374, "Armenia"}, - {375, "Belarus"}, - {380, "Ukraine"}, - {381, "Serbia"}, - {385, "Croatia"}, - {386, "Slovenia"}, - {389, "Macedonia"}, - {420, "Czech Republic"}, - {421, "Slovak Republic"}, - {501, "Belize"}, - {502, "Guatemala"}, - {503, "El Salvador"}, - {504, "Honduras"}, - {505, "Nicaragua"}, - {506, "Costa Rica"}, - {507, "Panama"}, - {591, "Bolivia"}, - {593, "Ecuador"}, - {595, "Paraguay"}, - {598, "Uruguay"}, - {673, "Brunei Darussalam"}, - {852, "Hong Kong"}, - {853, "Macau"}, - {886, "Taiwan"}, - {960, "Maldives"}, - {961, "Lebanon"}, - {962, "Jordan"}, - {963, "Syria"}, - {964, "Iraq"}, - {965, "Kuwait"}, - {966, "Saudi Arabia"}, - {967, "Yemen"}, - {968, "Oman"}, - {971, "United Arab Emirates"}, - {972, "Israel"}, - {973, "Bahrain"}, - {974, "Qatar"}, - {976, "Mongolia"}, - {981, "Iran"}, - {994, "Azerbaijan"}, - {995, "Georgia"}, - {996, "Kyrgyzstan"}, - - {0, NULL} -}; - -/* - * NT error codes. - * - * From - * - * http://www.wildpackets.com/elements/SMB_NT_Status_Codes.txt - */ -const value_string NT_errors[] = { - { 0x00000000, "STATUS_SUCCESS" }, - { 0x00000000, "STATUS_WAIT_0" }, - { 0x00000001, "STATUS_WAIT_1" }, - { 0x00000002, "STATUS_WAIT_2" }, - { 0x00000003, "STATUS_WAIT_3" }, - { 0x0000003F, "STATUS_WAIT_63" }, - { 0x00000080, "STATUS_ABANDONED" }, - { 0x00000080, "STATUS_ABANDONED_WAIT_0" }, - { 0x000000BF, "STATUS_ABANDONED_WAIT_63" }, - { 0x000000C0, "STATUS_USER_APC" }, - { 0x00000100, "STATUS_KERNEL_APC" }, - { 0x00000101, "STATUS_ALERTED" }, - { 0x00000102, "STATUS_TIMEOUT" }, - { 0x00000103, "STATUS_PENDING" }, - { 0x00000104, "STATUS_REPARSE" }, - { 0x00000105, "STATUS_MORE_ENTRIES" }, - { 0x00000106, "STATUS_NOT_ALL_ASSIGNED" }, - { 0x00000107, "STATUS_SOME_NOT_MAPPED" }, - { 0x00000108, "STATUS_OPLOCK_BREAK_IN_PROGRESS" }, - { 0x00000109, "STATUS_VOLUME_MOUNTED" }, - { 0x0000010A, "STATUS_RXACT_COMMITTED" }, - { 0x0000010B, "STATUS_NOTIFY_CLEANUP" }, - { 0x0000010C, "STATUS_NOTIFY_ENUM_DIR" }, - { 0x0000010D, "STATUS_NO_QUOTAS_FOR_ACCOUNT" }, - { 0x0000010E, "STATUS_PRIMARY_TRANSPORT_CONNECT_FAILED" }, - { 0x00000110, "STATUS_PAGE_FAULT_TRANSITION" }, - { 0x00000111, "STATUS_PAGE_FAULT_DEMAND_ZERO" }, - { 0x00000112, "STATUS_PAGE_FAULT_COPY_ON_WRITE" }, - { 0x00000113, "STATUS_PAGE_FAULT_GUARD_PAGE" }, - { 0x00000114, "STATUS_PAGE_FAULT_PAGING_FILE" }, - { 0x00000115, "STATUS_CACHE_PAGE_LOCKED" }, - { 0x00000116, "STATUS_CRASH_DUMP" }, - { 0x00000117, "STATUS_BUFFER_ALL_ZEROS" }, - { 0x00000118, "STATUS_REPARSE_OBJECT" }, - { 0x0000045C, "STATUS_NO_SHUTDOWN_IN_PROGRESS" }, - { 0x40000000, "STATUS_OBJECT_NAME_EXISTS" }, - { 0x40000001, "STATUS_THREAD_WAS_SUSPENDED" }, - { 0x40000002, "STATUS_WORKING_SET_LIMIT_RANGE" }, - { 0x40000003, "STATUS_IMAGE_NOT_AT_BASE" }, - { 0x40000004, "STATUS_RXACT_STATE_CREATED" }, - { 0x40000005, "STATUS_SEGMENT_NOTIFICATION" }, - { 0x40000006, "STATUS_LOCAL_USER_SESSION_KEY" }, - { 0x40000007, "STATUS_BAD_CURRENT_DIRECTORY" }, - { 0x40000008, "STATUS_SERIAL_MORE_WRITES" }, - { 0x40000009, "STATUS_REGISTRY_RECOVERED" }, - { 0x4000000A, "STATUS_FT_READ_RECOVERY_FROM_BACKUP" }, - { 0x4000000B, "STATUS_FT_WRITE_RECOVERY" }, - { 0x4000000C, "STATUS_SERIAL_COUNTER_TIMEOUT" }, - { 0x4000000D, "STATUS_NULL_LM_PASSWORD" }, - { 0x4000000E, "STATUS_IMAGE_MACHINE_TYPE_MISMATCH" }, - { 0x4000000F, "STATUS_RECEIVE_PARTIAL" }, - { 0x40000010, "STATUS_RECEIVE_EXPEDITED" }, - { 0x40000011, "STATUS_RECEIVE_PARTIAL_EXPEDITED" }, - { 0x40000012, "STATUS_EVENT_DONE" }, - { 0x40000013, "STATUS_EVENT_PENDING" }, - { 0x40000014, "STATUS_CHECKING_FILE_SYSTEM" }, - { 0x40000015, "STATUS_FATAL_APP_EXIT" }, - { 0x40000016, "STATUS_PREDEFINED_HANDLE" }, - { 0x40000017, "STATUS_WAS_UNLOCKED" }, - { 0x40000018, "STATUS_SERVICE_NOTIFICATION" }, - { 0x40000019, "STATUS_WAS_LOCKED" }, - { 0x4000001A, "STATUS_LOG_HARD_ERROR" }, - { 0x4000001B, "STATUS_ALREADY_WIN32" }, - { 0x4000001C, "STATUS_WX86_UNSIMULATE" }, - { 0x4000001D, "STATUS_WX86_CONTINUE" }, - { 0x4000001E, "STATUS_WX86_SINGLE_STEP" }, - { 0x4000001F, "STATUS_WX86_BREAKPOINT" }, - { 0x40000020, "STATUS_WX86_EXCEPTION_CONTINUE" }, - { 0x40000021, "STATUS_WX86_EXCEPTION_LASTCHANCE" }, - { 0x40000022, "STATUS_WX86_EXCEPTION_CHAIN" }, - { 0x40000023, "STATUS_IMAGE_MACHINE_TYPE_MISMATCH_EXE" }, - { 0x40000024, "STATUS_NO_YIELD_PERFORMED" }, - { 0x40000025, "STATUS_TIMER_RESUME_IGNORED" }, - { 0x80000001, "STATUS_GUARD_PAGE_VIOLATION" }, - { 0x80000002, "STATUS_DATATYPE_MISALIGNMENT" }, - { 0x80000003, "STATUS_BREAKPOINT" }, - { 0x80000004, "STATUS_SINGLE_STEP" }, - { 0x80000005, "STATUS_BUFFER_OVERFLOW" }, - { 0x80000006, "STATUS_NO_MORE_FILES" }, - { 0x80000007, "STATUS_WAKE_SYSTEM_DEBUGGER" }, - { 0x8000000A, "STATUS_HANDLES_CLOSED" }, - { 0x8000000B, "STATUS_NO_INHERITANCE" }, - { 0x8000000C, "STATUS_GUID_SUBSTITUTION_MADE" }, - { 0x8000000D, "STATUS_PARTIAL_COPY" }, - { 0x8000000E, "STATUS_DEVICE_PAPER_EMPTY" }, - { 0x8000000F, "STATUS_DEVICE_POWERED_OFF" }, - { 0x80000010, "STATUS_DEVICE_OFF_LINE" }, - { 0x80000011, "STATUS_DEVICE_BUSY" }, - { 0x80000012, "STATUS_NO_MORE_EAS" }, - { 0x80000013, "STATUS_INVALID_EA_NAME" }, - { 0x80000014, "STATUS_EA_LIST_INCONSISTENT" }, - { 0x80000015, "STATUS_INVALID_EA_FLAG" }, - { 0x80000016, "STATUS_VERIFY_REQUIRED" }, - { 0x80000017, "STATUS_EXTRANEOUS_INFORMATION" }, - { 0x80000018, "STATUS_RXACT_COMMIT_NECESSARY" }, - { 0x8000001A, "STATUS_NO_MORE_ENTRIES" }, - { 0x8000001B, "STATUS_FILEMARK_DETECTED" }, - { 0x8000001C, "STATUS_MEDIA_CHANGED" }, - { 0x8000001D, "STATUS_BUS_RESET" }, - { 0x8000001E, "STATUS_END_OF_MEDIA" }, - { 0x8000001F, "STATUS_BEGINNING_OF_MEDIA" }, - { 0x80000020, "STATUS_MEDIA_CHECK" }, - { 0x80000021, "STATUS_SETMARK_DETECTED" }, - { 0x80000022, "STATUS_NO_DATA_DETECTED" }, - { 0x80000023, "STATUS_REDIRECTOR_HAS_OPEN_HANDLES" }, - { 0x80000024, "STATUS_SERVER_HAS_OPEN_HANDLES" }, - { 0x80000025, "STATUS_ALREADY_DISCONNECTED" }, - { 0x80000026, "STATUS_LONGJUMP" }, - { 0x80040111, "MAPI_E_LOGON_FAILED" }, - { 0x80090300, "SEC_E_INSUFFICIENT_MEMORY" }, - { 0x80090301, "SEC_E_INVALID_HANDLE" }, - { 0x80090302, "SEC_E_UNSUPPORTED_FUNCTION" }, - { 0x8009030B, "SEC_E_NO_IMPERSONATION" }, - { 0x8009030D, "SEC_E_UNKNOWN_CREDENTIALS" }, - { 0x8009030E, "SEC_E_NO_CREDENTIALS" }, - { 0x8009030F, "SEC_E_MESSAGE_ALTERED" }, - { 0x80090310, "SEC_E_OUT_OF_SEQUENCE" }, - { 0x80090311, "SEC_E_NO_AUTHENTICATING_AUTHORITY" }, - { 0xC0000001, "STATUS_UNSUCCESSFUL" }, - { 0xC0000002, "STATUS_NOT_IMPLEMENTED" }, - { 0xC0000003, "STATUS_INVALID_INFO_CLASS" }, - { 0xC0000004, "STATUS_INFO_LENGTH_MISMATCH" }, - { 0xC0000005, "STATUS_ACCESS_VIOLATION" }, - { 0xC0000006, "STATUS_IN_PAGE_ERROR" }, - { 0xC0000007, "STATUS_PAGEFILE_QUOTA" }, - { 0xC0000008, "STATUS_INVALID_HANDLE" }, - { 0xC0000009, "STATUS_BAD_INITIAL_STACK" }, - { 0xC000000A, "STATUS_BAD_INITIAL_PC" }, - { 0xC000000B, "STATUS_INVALID_CID" }, - { 0xC000000C, "STATUS_TIMER_NOT_CANCELED" }, - { 0xC000000D, "STATUS_INVALID_PARAMETER" }, - { 0xC000000E, "STATUS_NO_SUCH_DEVICE" }, - { 0xC000000F, "STATUS_NO_SUCH_FILE" }, - { 0xC0000010, "STATUS_INVALID_DEVICE_REQUEST" }, - { 0xC0000011, "STATUS_END_OF_FILE" }, - { 0xC0000012, "STATUS_WRONG_VOLUME" }, - { 0xC0000013, "STATUS_NO_MEDIA_IN_DEVICE" }, - { 0xC0000014, "STATUS_UNRECOGNIZED_MEDIA" }, - { 0xC0000015, "STATUS_NONEXISTENT_SECTOR" }, - { 0xC0000016, "STATUS_MORE_PROCESSING_REQUIRED" }, - { 0xC0000017, "STATUS_NO_MEMORY" }, - { 0xC0000018, "STATUS_CONFLICTING_ADDRESSES" }, - { 0xC0000019, "STATUS_NOT_MAPPED_VIEW" }, - { 0xC000001A, "STATUS_UNABLE_TO_FREE_VM" }, - { 0xC000001B, "STATUS_UNABLE_TO_DELETE_SECTION" }, - { 0xC000001C, "STATUS_INVALID_SYSTEM_SERVICE" }, - { 0xC000001D, "STATUS_ILLEGAL_INSTRUCTION" }, - { 0xC000001E, "STATUS_INVALID_LOCK_SEQUENCE" }, - { 0xC000001F, "STATUS_INVALID_VIEW_SIZE" }, - { 0xC0000020, "STATUS_INVALID_FILE_FOR_SECTION" }, - { 0xC0000021, "STATUS_ALREADY_COMMITTED" }, - { 0xC0000022, "STATUS_ACCESS_DENIED" }, - { 0xC0000023, "STATUS_BUFFER_TOO_SMALL" }, - { 0xC0000024, "STATUS_OBJECT_TYPE_MISMATCH" }, - { 0xC0000025, "STATUS_NONCONTINUABLE_EXCEPTION" }, - { 0xC0000026, "STATUS_INVALID_DISPOSITION" }, - { 0xC0000027, "STATUS_UNWIND" }, - { 0xC0000028, "STATUS_BAD_STACK" }, - { 0xC0000029, "STATUS_INVALID_UNWIND_TARGET" }, - { 0xC000002A, "STATUS_NOT_LOCKED" }, - { 0xC000002B, "STATUS_PARITY_ERROR" }, - { 0xC000002C, "STATUS_UNABLE_TO_DECOMMIT_VM" }, - { 0xC000002D, "STATUS_NOT_COMMITTED" }, - { 0xC000002E, "STATUS_INVALID_PORT_ATTRIBUTES" }, - { 0xC000002F, "STATUS_PORT_MESSAGE_TOO_LONG" }, - { 0xC0000030, "STATUS_INVALID_PARAMETER_MIX" }, - { 0xC0000031, "STATUS_INVALID_QUOTA_LOWER" }, - { 0xC0000032, "STATUS_DISK_CORRUPT_ERROR" }, - { 0xC0000033, "STATUS_OBJECT_NAME_INVALID" }, - { 0xC0000034, "STATUS_OBJECT_NAME_NOT_FOUND" }, - { 0xC0000035, "STATUS_OBJECT_NAME_COLLISION" }, - { 0xC0000037, "STATUS_PORT_DISCONNECTED" }, - { 0xC0000038, "STATUS_DEVICE_ALREADY_ATTACHED" }, - { 0xC0000039, "STATUS_OBJECT_PATH_INVALID" }, - { 0xC000003A, "STATUS_OBJECT_PATH_NOT_FOUND" }, - { 0xC000003B, "STATUS_OBJECT_PATH_SYNTAX_BAD" }, - { 0xC000003C, "STATUS_DATA_OVERRUN" }, - { 0xC000003D, "STATUS_DATA_LATE_ERROR" }, - { 0xC000003E, "STATUS_DATA_ERROR" }, - { 0xC000003F, "STATUS_CRC_ERROR" }, - { 0xC0000040, "STATUS_SECTION_TOO_BIG" }, - { 0xC0000041, "STATUS_PORT_CONNECTION_REFUSED" }, - { 0xC0000042, "STATUS_INVALID_PORT_HANDLE" }, - { 0xC0000043, "STATUS_SHARING_VIOLATION" }, - { 0xC0000044, "STATUS_QUOTA_EXCEEDED" }, - { 0xC0000045, "STATUS_INVALID_PAGE_PROTECTION" }, - { 0xC0000046, "STATUS_MUTANT_NOT_OWNED" }, - { 0xC0000047, "STATUS_SEMAPHORE_LIMIT_EXCEEDED" }, - { 0xC0000048, "STATUS_PORT_ALREADY_SET" }, - { 0xC0000049, "STATUS_SECTION_NOT_IMAGE" }, - { 0xC000004A, "STATUS_SUSPEND_COUNT_EXCEEDED" }, - { 0xC000004B, "STATUS_THREAD_IS_TERMINATING" }, - { 0xC000004C, "STATUS_BAD_WORKING_SET_LIMIT" }, - { 0xC000004D, "STATUS_INCOMPATIBLE_FILE_MAP" }, - { 0xC000004E, "STATUS_SECTION_PROTECTION" }, - { 0xC000004F, "STATUS_EAS_NOT_SUPPORTED" }, - { 0xC0000050, "STATUS_EA_TOO_LARGE" }, - { 0xC0000051, "STATUS_NONEXISTENT_EA_ENTRY" }, - { 0xC0000052, "STATUS_NO_EAS_ON_FILE" }, - { 0xC0000053, "STATUS_EA_CORRUPT_ERROR" }, - { 0xC0000054, "STATUS_FILE_LOCK_CONFLICT" }, - { 0xC0000055, "STATUS_LOCK_NOT_GRANTED" }, - { 0xC0000056, "STATUS_DELETE_PENDING" }, - { 0xC0000057, "STATUS_CTL_FILE_NOT_SUPPORTED" }, - { 0xC0000058, "STATUS_UNKNOWN_REVISION" }, - { 0xC0000059, "STATUS_REVISION_MISMATCH" }, - { 0xC000005A, "STATUS_INVALID_OWNER" }, - { 0xC000005B, "STATUS_INVALID_PRIMARY_GROUP" }, - { 0xC000005C, "STATUS_NO_IMPERSONATION_TOKEN" }, - { 0xC000005D, "STATUS_CANT_DISABLE_MANDATORY" }, - { 0xC000005E, "STATUS_NO_LOGON_SERVERS" }, - { 0xC000005F, "STATUS_NO_SUCH_LOGON_SESSION" }, - { 0xC0000060, "STATUS_NO_SUCH_PRIVILEGE" }, - { 0xC0000061, "STATUS_PRIVILEGE_NOT_HELD" }, - { 0xC0000062, "STATUS_INVALID_ACCOUNT_NAME" }, - { 0xC0000063, "STATUS_USER_EXISTS" }, - { 0xC0000064, "STATUS_NO_SUCH_USER" }, - { 0xC0000065, "STATUS_GROUP_EXISTS" }, - { 0xC0000066, "STATUS_NO_SUCH_GROUP" }, - { 0xC0000067, "STATUS_MEMBER_IN_GROUP" }, - { 0xC0000068, "STATUS_MEMBER_NOT_IN_GROUP" }, - { 0xC0000069, "STATUS_LAST_ADMIN" }, - { 0xC000006A, "STATUS_WRONG_PASSWORD" }, - { 0xC000006B, "STATUS_ILL_FORMED_PASSWORD" }, - { 0xC000006C, "STATUS_PASSWORD_RESTRICTION" }, - { 0xC000006D, "STATUS_LOGON_FAILURE" }, - { 0xC000006E, "STATUS_ACCOUNT_RESTRICTION" }, - { 0xC000006F, "STATUS_INVALID_LOGON_HOURS" }, - { 0xC0000070, "STATUS_INVALID_WORKSTATION" }, - { 0xC0000071, "STATUS_PASSWORD_EXPIRED" }, - { 0xC0000072, "STATUS_ACCOUNT_DISABLED" }, - { 0xC0000073, "STATUS_NONE_MAPPED" }, - { 0xC0000074, "STATUS_TOO_MANY_LUIDS_REQUESTED" }, - { 0xC0000075, "STATUS_LUIDS_EXHAUSTED" }, - { 0xC0000076, "STATUS_INVALID_SUB_AUTHORITY" }, - { 0xC0000077, "STATUS_INVALID_ACL" }, - { 0xC0000078, "STATUS_INVALID_SID" }, - { 0xC0000079, "STATUS_INVALID_SECURITY_DESCR" }, - { 0xC000007A, "STATUS_PROCEDURE_NOT_FOUND" }, - { 0xC000007B, "STATUS_INVALID_IMAGE_FORMAT" }, - { 0xC000007C, "STATUS_NO_TOKEN" }, - { 0xC000007D, "STATUS_BAD_INHERITANCE_ACL" }, - { 0xC000007E, "STATUS_RANGE_NOT_LOCKED" }, - { 0xC000007F, "STATUS_DISK_FULL" }, - { 0xC0000080, "STATUS_SERVER_DISABLED" }, - { 0xC0000081, "STATUS_SERVER_NOT_DISABLED" }, - { 0xC0000082, "STATUS_TOO_MANY_GUIDS_REQUESTED" }, - { 0xC0000083, "STATUS_GUIDS_EXHAUSTED" }, - { 0xC0000084, "STATUS_INVALID_ID_AUTHORITY" }, - { 0xC0000085, "STATUS_AGENTS_EXHAUSTED" }, - { 0xC0000086, "STATUS_INVALID_VOLUME_LABEL" }, - { 0xC0000087, "STATUS_SECTION_NOT_EXTENDED" }, - { 0xC0000088, "STATUS_NOT_MAPPED_DATA" }, - { 0xC0000089, "STATUS_RESOURCE_DATA_NOT_FOUND" }, - { 0xC000008A, "STATUS_RESOURCE_TYPE_NOT_FOUND" }, - { 0xC000008B, "STATUS_RESOURCE_NAME_NOT_FOUND" }, - { 0xC000008C, "STATUS_ARRAY_BOUNDS_EXCEEDED" }, - { 0xC000008D, "STATUS_FLOAT_DENORMAL_OPERAND" }, - { 0xC000008E, "STATUS_FLOAT_DIVIDE_BY_ZERO" }, - { 0xC000008F, "STATUS_FLOAT_INEXACT_RESULT" }, - { 0xC0000090, "STATUS_FLOAT_INVALID_OPERATION" }, - { 0xC0000091, "STATUS_FLOAT_OVERFLOW" }, - { 0xC0000092, "STATUS_FLOAT_STACK_CHECK" }, - { 0xC0000093, "STATUS_FLOAT_UNDERFLOW" }, - { 0xC0000094, "STATUS_INTEGER_DIVIDE_BY_ZERO" }, - { 0xC0000095, "STATUS_INTEGER_OVERFLOW" }, - { 0xC0000096, "STATUS_PRIVILEGED_INSTRUCTION" }, - { 0xC0000097, "STATUS_TOO_MANY_PAGING_FILES" }, - { 0xC0000098, "STATUS_FILE_INVALID" }, - { 0xC0000099, "STATUS_ALLOTTED_SPACE_EXCEEDED" }, - { 0xC000009A, "STATUS_INSUFFICIENT_RESOURCES" }, - { 0xC000009B, "STATUS_DFS_EXIT_PATH_FOUND" }, - { 0xC000009C, "STATUS_DEVICE_DATA_ERROR" }, - { 0xC000009D, "STATUS_DEVICE_NOT_CONNECTED" }, - { 0xC000009E, "STATUS_DEVICE_POWER_FAILURE" }, - { 0xC000009F, "STATUS_FREE_VM_NOT_AT_BASE" }, - { 0xC00000A0, "STATUS_MEMORY_NOT_ALLOCATED" }, - { 0xC00000A1, "STATUS_WORKING_SET_QUOTA" }, - { 0xC00000A2, "STATUS_MEDIA_WRITE_PROTECTED" }, - { 0xC00000A3, "STATUS_DEVICE_NOT_READY" }, - { 0xC00000A4, "STATUS_INVALID_GROUP_ATTRIBUTES" }, - { 0xC00000A5, "STATUS_BAD_IMPERSONATION_LEVEL" }, - { 0xC00000A6, "STATUS_CANT_OPEN_ANONYMOUS" }, - { 0xC00000A7, "STATUS_BAD_VALIDATION_CLASS" }, - { 0xC00000A8, "STATUS_BAD_TOKEN_TYPE" }, - { 0xC00000A9, "STATUS_BAD_MASTER_BOOT_RECORD" }, - { 0xC00000AA, "STATUS_INSTRUCTION_MISALIGNMENT" }, - { 0xC00000AB, "STATUS_INSTANCE_NOT_AVAILABLE" }, - { 0xC00000AC, "STATUS_PIPE_NOT_AVAILABLE" }, - { 0xC00000AD, "STATUS_INVALID_PIPE_STATE" }, - { 0xC00000AE, "STATUS_PIPE_BUSY" }, - { 0xC00000AF, "STATUS_ILLEGAL_FUNCTION" }, - { 0xC00000B0, "STATUS_PIPE_DISCONNECTED" }, - { 0xC00000B1, "STATUS_PIPE_CLOSING" }, - { 0xC00000B2, "STATUS_PIPE_CONNECTED" }, - { 0xC00000B3, "STATUS_PIPE_LISTENING" }, - { 0xC00000B4, "STATUS_INVALID_READ_MODE" }, - { 0xC00000B5, "STATUS_IO_TIMEOUT" }, - { 0xC00000B6, "STATUS_FILE_FORCED_CLOSED" }, - { 0xC00000B7, "STATUS_PROFILING_NOT_STARTED" }, - { 0xC00000B8, "STATUS_PROFILING_NOT_STOPPED" }, - { 0xC00000B9, "STATUS_COULD_NOT_INTERPRET" }, - { 0xC00000BA, "STATUS_FILE_IS_A_DIRECTORY" }, - { 0xC00000BB, "STATUS_NOT_SUPPORTED" }, - { 0xC00000BC, "STATUS_REMOTE_NOT_LISTENING" }, - { 0xC00000BD, "STATUS_DUPLICATE_NAME" }, - { 0xC00000BE, "STATUS_BAD_NETWORK_PATH" }, - { 0xC00000BF, "STATUS_NETWORK_BUSY" }, - { 0xC00000C0, "STATUS_DEVICE_DOES_NOT_EXIST" }, - { 0xC00000C1, "STATUS_TOO_MANY_COMMANDS" }, - { 0xC00000C2, "STATUS_ADAPTER_HARDWARE_ERROR" }, - { 0xC00000C3, "STATUS_INVALID_NETWORK_RESPONSE" }, - { 0xC00000C4, "STATUS_UNEXPECTED_NETWORK_ERROR" }, - { 0xC00000C5, "STATUS_BAD_REMOTE_ADAPTER" }, - { 0xC00000C6, "STATUS_PRINT_QUEUE_FULL" }, - { 0xC00000C7, "STATUS_NO_SPOOL_SPACE" }, - { 0xC00000C8, "STATUS_PRINT_CANCELLED" }, - { 0xC00000C9, "STATUS_NETWORK_NAME_DELETED" }, - { 0xC00000CA, "STATUS_NETWORK_ACCESS_DENIED" }, - { 0xC00000CB, "STATUS_BAD_DEVICE_TYPE" }, - { 0xC00000CC, "STATUS_BAD_NETWORK_NAME" }, - { 0xC00000CD, "STATUS_TOO_MANY_NAMES" }, - { 0xC00000CE, "STATUS_TOO_MANY_SESSIONS" }, - { 0xC00000CF, "STATUS_SHARING_PAUSED" }, - { 0xC00000D0, "STATUS_REQUEST_NOT_ACCEPTED" }, - { 0xC00000D1, "STATUS_REDIRECTOR_PAUSED" }, - { 0xC00000D2, "STATUS_NET_WRITE_FAULT" }, - { 0xC00000D3, "STATUS_PROFILING_AT_LIMIT" }, - { 0xC00000D4, "STATUS_NOT_SAME_DEVICE" }, - { 0xC00000D5, "STATUS_FILE_RENAMED" }, - { 0xC00000D6, "STATUS_VIRTUAL_CIRCUIT_CLOSED" }, - { 0xC00000D7, "STATUS_NO_SECURITY_ON_OBJECT" }, - { 0xC00000D8, "STATUS_CANT_WAIT" }, - { 0xC00000D9, "STATUS_PIPE_EMPTY" }, - { 0xC00000DA, "STATUS_CANT_ACCESS_DOMAIN_INFO" }, - { 0xC00000DB, "STATUS_CANT_TERMINATE_SELF" }, - { 0xC00000DC, "STATUS_INVALID_SERVER_STATE" }, - { 0xC00000DD, "STATUS_INVALID_DOMAIN_STATE" }, - { 0xC00000DE, "STATUS_INVALID_DOMAIN_ROLE" }, - { 0xC00000DF, "STATUS_NO_SUCH_DOMAIN" }, - { 0xC00000E0, "STATUS_DOMAIN_EXISTS" }, - { 0xC00000E1, "STATUS_DOMAIN_LIMIT_EXCEEDED" }, - { 0xC00000E2, "STATUS_OPLOCK_NOT_GRANTED" }, - { 0xC00000E3, "STATUS_INVALID_OPLOCK_PROTOCOL" }, - { 0xC00000E4, "STATUS_INTERNAL_DB_CORRUPTION" }, - { 0xC00000E5, "STATUS_INTERNAL_ERROR" }, - { 0xC00000E6, "STATUS_GENERIC_NOT_MAPPED" }, - { 0xC00000E7, "STATUS_BAD_DESCRIPTOR_FORMAT" }, - { 0xC00000E8, "STATUS_INVALID_USER_BUFFER" }, - { 0xC00000E9, "STATUS_UNEXPECTED_IO_ERROR" }, - { 0xC00000EA, "STATUS_UNEXPECTED_MM_CREATE_ERR" }, - { 0xC00000EB, "STATUS_UNEXPECTED_MM_MAP_ERROR" }, - { 0xC00000EC, "STATUS_UNEXPECTED_MM_EXTEND_ERR" }, - { 0xC00000ED, "STATUS_NOT_LOGON_PROCESS" }, - { 0xC00000EE, "STATUS_LOGON_SESSION_EXISTS" }, - { 0xC00000EF, "STATUS_INVALID_PARAMETER_1" }, - { 0xC00000F0, "STATUS_INVALID_PARAMETER_2" }, - { 0xC00000F1, "STATUS_INVALID_PARAMETER_3" }, - { 0xC00000F2, "STATUS_INVALID_PARAMETER_4" }, - { 0xC00000F3, "STATUS_INVALID_PARAMETER_5" }, - { 0xC00000F4, "STATUS_INVALID_PARAMETER_6" }, - { 0xC00000F5, "STATUS_INVALID_PARAMETER_7" }, - { 0xC00000F6, "STATUS_INVALID_PARAMETER_8" }, - { 0xC00000F7, "STATUS_INVALID_PARAMETER_9" }, - { 0xC00000F8, "STATUS_INVALID_PARAMETER_10" }, - { 0xC00000F9, "STATUS_INVALID_PARAMETER_11" }, - { 0xC00000FA, "STATUS_INVALID_PARAMETER_12" }, - { 0xC00000FB, "STATUS_REDIRECTOR_NOT_STARTED" }, - { 0xC00000FC, "STATUS_REDIRECTOR_STARTED" }, - { 0xC00000FD, "STATUS_STACK_OVERFLOW" }, - { 0xC00000FE, "STATUS_NO_SUCH_PACKAGE" }, - { 0xC00000FF, "STATUS_BAD_FUNCTION_TABLE" }, - { 0xC0000100, "STATUS_VARIABLE_NOT_FOUND" }, - { 0xC0000101, "STATUS_DIRECTORY_NOT_EMPTY" }, - { 0xC0000102, "STATUS_FILE_CORRUPT_ERROR" }, - { 0xC0000103, "STATUS_NOT_A_DIRECTORY" }, - { 0xC0000104, "STATUS_BAD_LOGON_SESSION_STATE" }, - { 0xC0000105, "STATUS_LOGON_SESSION_COLLISION" }, - { 0xC0000106, "STATUS_NAME_TOO_LONG" }, - { 0xC0000107, "STATUS_FILES_OPEN" }, - { 0xC0000108, "STATUS_CONNECTION_IN_USE" }, - { 0xC0000109, "STATUS_MESSAGE_NOT_FOUND" }, - { 0xC000010A, "STATUS_PROCESS_IS_TERMINATING" }, - { 0xC000010B, "STATUS_INVALID_LOGON_TYPE" }, - { 0xC000010C, "STATUS_NO_GUID_TRANSLATION" }, - { 0xC000010D, "STATUS_CANNOT_IMPERSONATE" }, - { 0xC000010E, "STATUS_IMAGE_ALREADY_LOADED" }, - { 0xC000010F, "STATUS_ABIOS_NOT_PRESENT" }, - { 0xC0000110, "STATUS_ABIOS_LID_NOT_EXIST" }, - { 0xC0000111, "STATUS_ABIOS_LID_ALREADY_OWNED" }, - { 0xC0000112, "STATUS_ABIOS_NOT_LID_OWNER" }, - { 0xC0000113, "STATUS_ABIOS_INVALID_COMMAND" }, - { 0xC0000114, "STATUS_ABIOS_INVALID_LID" }, - { 0xC0000115, "STATUS_ABIOS_SELECTOR_NOT_AVAILABLE" }, - { 0xC0000116, "STATUS_ABIOS_INVALID_SELECTOR" }, - { 0xC0000117, "STATUS_NO_LDT" }, - { 0xC0000118, "STATUS_INVALID_LDT_SIZE" }, - { 0xC0000119, "STATUS_INVALID_LDT_OFFSET" }, - { 0xC000011A, "STATUS_INVALID_LDT_DESCRIPTOR" }, - { 0xC000011B, "STATUS_INVALID_IMAGE_NE_FORMAT" }, - { 0xC000011C, "STATUS_RXACT_INVALID_STATE" }, - { 0xC000011D, "STATUS_RXACT_COMMIT_FAILURE" }, - { 0xC000011E, "STATUS_MAPPED_FILE_SIZE_ZERO" }, - { 0xC000011F, "STATUS_TOO_MANY_OPENED_FILES" }, - { 0xC0000120, "STATUS_CANCELLED" }, - { 0xC0000121, "STATUS_CANNOT_DELETE" }, - { 0xC0000122, "STATUS_INVALID_COMPUTER_NAME" }, - { 0xC0000123, "STATUS_FILE_DELETED" }, - { 0xC0000124, "STATUS_SPECIAL_ACCOUNT" }, - { 0xC0000125, "STATUS_SPECIAL_GROUP" }, - { 0xC0000126, "STATUS_SPECIAL_USER" }, - { 0xC0000127, "STATUS_MEMBERS_PRIMARY_GROUP" }, - { 0xC0000128, "STATUS_FILE_CLOSED" }, - { 0xC0000129, "STATUS_TOO_MANY_THREADS" }, - { 0xC000012A, "STATUS_THREAD_NOT_IN_PROCESS" }, - { 0xC000012B, "STATUS_TOKEN_ALREADY_IN_USE" }, - { 0xC000012C, "STATUS_PAGEFILE_QUOTA_EXCEEDED" }, - { 0xC000012D, "STATUS_COMMITMENT_LIMIT" }, - { 0xC000012E, "STATUS_INVALID_IMAGE_LE_FORMAT" }, - { 0xC000012F, "STATUS_INVALID_IMAGE_NOT_MZ" }, - { 0xC0000130, "STATUS_INVALID_IMAGE_PROTECT" }, - { 0xC0000131, "STATUS_INVALID_IMAGE_WIN_16" }, - { 0xC0000132, "STATUS_LOGON_SERVER_CONFLICT" }, - { 0xC0000133, "STATUS_TIME_DIFFERENCE_AT_DC" }, - { 0xC0000134, "STATUS_SYNCHRONIZATION_REQUIRED" }, - { 0xC0000135, "STATUS_DLL_NOT_FOUND" }, - { 0xC0000136, "STATUS_OPEN_FAILED" }, - { 0xC0000137, "STATUS_IO_PRIVILEGE_FAILED" }, - { 0xC0000138, "STATUS_ORDINAL_NOT_FOUND" }, - { 0xC0000139, "STATUS_ENTRYPOINT_NOT_FOUND" }, - { 0xC000013A, "STATUS_CONTROL_C_EXIT" }, - { 0xC000013B, "STATUS_LOCAL_DISCONNECT" }, - { 0xC000013C, "STATUS_REMOTE_DISCONNECT" }, - { 0xC000013D, "STATUS_REMOTE_RESOURCES" }, - { 0xC000013E, "STATUS_LINK_FAILED" }, - { 0xC000013F, "STATUS_LINK_TIMEOUT" }, - { 0xC0000140, "STATUS_INVALID_CONNECTION" }, - { 0xC0000141, "STATUS_INVALID_ADDRESS" }, - { 0xC0000142, "STATUS_DLL_INIT_FAILED" }, - { 0xC0000143, "STATUS_MISSING_SYSTEMFILE" }, - { 0xC0000144, "STATUS_UNHANDLED_EXCEPTION" }, - { 0xC0000145, "STATUS_APP_INIT_FAILURE" }, - { 0xC0000146, "STATUS_PAGEFILE_CREATE_FAILED" }, - { 0xC0000147, "STATUS_NO_PAGEFILE" }, - { 0xC0000148, "STATUS_INVALID_LEVEL" }, - { 0xC0000149, "STATUS_WRONG_PASSWORD_CORE" }, - { 0xC000014A, "STATUS_ILLEGAL_FLOAT_CONTEXT" }, - { 0xC000014B, "STATUS_PIPE_BROKEN" }, - { 0xC000014C, "STATUS_REGISTRY_CORRUPT" }, - { 0xC000014D, "STATUS_REGISTRY_IO_FAILED" }, - { 0xC000014E, "STATUS_NO_EVENT_PAIR" }, - { 0xC000014F, "STATUS_UNRECOGNIZED_VOLUME" }, - { 0xC0000150, "STATUS_SERIAL_NO_DEVICE_INITED" }, - { 0xC0000151, "STATUS_NO_SUCH_ALIAS" }, - { 0xC0000152, "STATUS_MEMBER_NOT_IN_ALIAS" }, - { 0xC0000153, "STATUS_MEMBER_IN_ALIAS" }, - { 0xC0000154, "STATUS_ALIAS_EXISTS" }, - { 0xC0000155, "STATUS_LOGON_NOT_GRANTED" }, - { 0xC0000156, "STATUS_TOO_MANY_SECRETS" }, - { 0xC0000157, "STATUS_SECRET_TOO_LONG" }, - { 0xC0000158, "STATUS_INTERNAL_DB_ERROR" }, - { 0xC0000159, "STATUS_FULLSCREEN_MODE" }, - { 0xC000015A, "STATUS_TOO_MANY_CONTEXT_IDS" }, - { 0xC000015B, "STATUS_LOGON_TYPE_NOT_GRANTED" }, - { 0xC000015C, "STATUS_NOT_REGISTRY_FILE" }, - { 0xC000015D, "STATUS_NT_CROSS_ENCRYPTION_REQUIRED" }, - { 0xC000015E, "STATUS_DOMAIN_CTRLR_CONFIG_ERROR" }, - { 0xC000015F, "STATUS_FT_MISSING_MEMBER" }, - { 0xC0000160, "STATUS_ILL_FORMED_SERVICE_ENTRY" }, - { 0xC0000161, "STATUS_ILLEGAL_CHARACTER" }, - { 0xC0000162, "STATUS_UNMAPPABLE_CHARACTER" }, - { 0xC0000163, "STATUS_UNDEFINED_CHARACTER" }, - { 0xC0000164, "STATUS_FLOPPY_VOLUME" }, - { 0xC0000165, "STATUS_FLOPPY_ID_MARK_NOT_FOUND" }, - { 0xC0000166, "STATUS_FLOPPY_WRONG_CYLINDER" }, - { 0xC0000167, "STATUS_FLOPPY_UNKNOWN_ERROR" }, - { 0xC0000168, "STATUS_FLOPPY_BAD_REGISTERS" }, - { 0xC0000169, "STATUS_DISK_RECALIBRATE_FAILED" }, - { 0xC000016A, "STATUS_DISK_OPERATION_FAILED" }, - { 0xC000016B, "STATUS_DISK_RESET_FAILED" }, - { 0xC000016C, "STATUS_SHARED_IRQ_BUSY" }, - { 0xC000016D, "STATUS_FT_ORPHANING" }, - { 0xC000016E, "STATUS_BIOS_FAILED_TO_CONNECT_INTERRUPT" }, - { 0xC0000172, "STATUS_PARTITION_FAILURE" }, - { 0xC0000173, "STATUS_INVALID_BLOCK_LENGTH" }, - { 0xC0000174, "STATUS_DEVICE_NOT_PARTITIONED" }, - { 0xC0000175, "STATUS_UNABLE_TO_LOCK_MEDIA" }, - { 0xC0000176, "STATUS_UNABLE_TO_UNLOAD_MEDIA" }, - { 0xC0000177, "STATUS_EOM_OVERFLOW" }, - { 0xC0000178, "STATUS_NO_MEDIA" }, - { 0xC000017A, "STATUS_NO_SUCH_MEMBER" }, - { 0xC000017B, "STATUS_INVALID_MEMBER" }, - { 0xC000017C, "STATUS_KEY_DELETED" }, - { 0xC000017D, "STATUS_NO_LOG_SPACE" }, - { 0xC000017E, "STATUS_TOO_MANY_SIDS" }, - { 0xC000017F, "STATUS_LM_CROSS_ENCRYPTION_REQUIRED" }, - { 0xC0000180, "STATUS_KEY_HAS_CHILDREN" }, - { 0xC0000181, "STATUS_CHILD_MUST_BE_VOLATILE" }, - { 0xC0000182, "STATUS_DEVICE_CONFIGURATION_ERROR" }, - { 0xC0000183, "STATUS_DRIVER_INTERNAL_ERROR" }, - { 0xC0000184, "STATUS_INVALID_DEVICE_STATE" }, - { 0xC0000185, "STATUS_IO_DEVICE_ERROR" }, - { 0xC0000186, "STATUS_DEVICE_PROTOCOL_ERROR" }, - { 0xC0000187, "STATUS_BACKUP_CONTROLLER" }, - { 0xC0000188, "STATUS_LOG_FILE_FULL" }, - { 0xC0000189, "STATUS_TOO_LATE" }, - { 0xC000018A, "STATUS_NO_TRUST_LSA_SECRET" }, - { 0xC000018B, "STATUS_NO_TRUST_SAM_ACCOUNT" }, - { 0xC000018C, "STATUS_TRUSTED_DOMAIN_FAILURE" }, - { 0xC000018D, "STATUS_TRUSTED_RELATIONSHIP_FAILURE" }, - { 0xC000018E, "STATUS_EVENTLOG_FILE_CORRUPT" }, - { 0xC000018F, "STATUS_EVENTLOG_CANT_START" }, - { 0xC0000190, "STATUS_TRUST_FAILURE" }, - { 0xC0000191, "STATUS_MUTANT_LIMIT_EXCEEDED" }, - { 0xC0000192, "STATUS_NETLOGON_NOT_STARTED" }, - { 0xC0000193, "STATUS_ACCOUNT_EXPIRED" }, - { 0xC0000194, "STATUS_POSSIBLE_DEADLOCK" }, - { 0xC0000195, "STATUS_NETWORK_CREDENTIAL_CONFLICT" }, - { 0xC0000196, "STATUS_REMOTE_SESSION_LIMIT" }, - { 0xC0000197, "STATUS_EVENTLOG_FILE_CHANGED" }, - { 0xC0000198, "STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT" }, - { 0xC0000199, "STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT" }, - { 0xC000019A, "STATUS_NOLOGON_SERVER_TRUST_ACCOUNT" }, - { 0xC000019B, "STATUS_DOMAIN_TRUST_INCONSISTENT" }, - { 0xC000019C, "STATUS_FS_DRIVER_REQUIRED" }, - { 0xC0000202, "STATUS_NO_USER_SESSION_KEY" }, - { 0xC0000203, "STATUS_USER_SESSION_DELETED" }, - { 0xC0000204, "STATUS_RESOURCE_LANG_NOT_FOUND" }, - { 0xC0000205, "STATUS_INSUFF_SERVER_RESOURCES" }, - { 0xC0000206, "STATUS_INVALID_BUFFER_SIZE" }, - { 0xC0000207, "STATUS_INVALID_ADDRESS_COMPONENT" }, - { 0xC0000208, "STATUS_INVALID_ADDRESS_WILDCARD" }, - { 0xC0000209, "STATUS_TOO_MANY_ADDRESSES" }, - { 0xC000020A, "STATUS_ADDRESS_ALREADY_EXISTS" }, - { 0xC000020B, "STATUS_ADDRESS_CLOSED" }, - { 0xC000020C, "STATUS_CONNECTION_DISCONNECTED" }, - { 0xC000020D, "STATUS_CONNECTION_RESET" }, - { 0xC000020E, "STATUS_TOO_MANY_NODES" }, - { 0xC000020F, "STATUS_TRANSACTION_ABORTED" }, - { 0xC0000210, "STATUS_TRANSACTION_TIMED_OUT" }, - { 0xC0000211, "STATUS_TRANSACTION_NO_RELEASE" }, - { 0xC0000212, "STATUS_TRANSACTION_NO_MATCH" }, - { 0xC0000213, "STATUS_TRANSACTION_RESPONDED" }, - { 0xC0000214, "STATUS_TRANSACTION_INVALID_ID" }, - { 0xC0000215, "STATUS_TRANSACTION_INVALID_TYPE" }, - { 0xC0000216, "STATUS_NOT_SERVER_SESSION" }, - { 0xC0000217, "STATUS_NOT_CLIENT_SESSION" }, - { 0xC0000218, "STATUS_CANNOT_LOAD_REGISTRY_FILE" }, - { 0xC0000219, "STATUS_DEBUG_ATTACH_FAILED" }, - { 0xC000021A, "STATUS_SYSTEM_PROCESS_TERMINATED" }, - { 0xC000021B, "STATUS_DATA_NOT_ACCEPTED" }, - { 0xC000021C, "STATUS_NO_BROWSER_SERVERS_FOUND" }, - { 0xC000021D, "STATUS_VDM_HARD_ERROR" }, - { 0xC000021E, "STATUS_DRIVER_CANCEL_TIMEOUT" }, - { 0xC000021F, "STATUS_REPLY_MESSAGE_MISMATCH" }, - { 0xC0000220, "STATUS_MAPPED_ALIGNMENT" }, - { 0xC0000221, "STATUS_IMAGE_CHECKSUM_MISMATCH" }, - { 0xC0000222, "STATUS_LOST_WRITEBEHIND_DATA" }, - { 0xC0000223, "STATUS_CLIENT_SERVER_PARAMETERS_INVALID" }, - { 0xC0000224, "STATUS_PASSWORD_MUST_CHANGE" }, - { 0xC0000225, "STATUS_NOT_FOUND" }, - { 0xC0000226, "STATUS_NOT_TINY_STREAM" }, - { 0xC0000227, "STATUS_RECOVERY_FAILURE" }, - { 0xC0000228, "STATUS_STACK_OVERFLOW_READ" }, - { 0xC0000229, "STATUS_FAIL_CHECK" }, - { 0xC000022A, "STATUS_DUPLICATE_OBJECTID" }, - { 0xC000022B, "STATUS_OBJECTID_EXISTS" }, - { 0xC000022C, "STATUS_CONVERT_TO_LARGE" }, - { 0xC000022D, "STATUS_RETRY" }, - { 0xC000022E, "STATUS_FOUND_OUT_OF_SCOPE" }, - { 0xC000022F, "STATUS_ALLOCATE_BUCKET" }, - { 0xC0000230, "STATUS_PROPSET_NOT_FOUND" }, - { 0xC0000231, "STATUS_MARSHALL_OVERFLOW" }, - { 0xC0000232, "STATUS_INVALID_VARIANT" }, - { 0xC0000233, "STATUS_DOMAIN_CONTROLLER_NOT_FOUND" }, - { 0xC0000234, "STATUS_ACCOUNT_LOCKED_OUT" }, - { 0xC0000235, "STATUS_HANDLE_NOT_CLOSABLE" }, - { 0xC0000236, "STATUS_CONNECTION_REFUSED" }, - { 0xC0000237, "STATUS_GRACEFUL_DISCONNECT" }, - { 0xC0000238, "STATUS_ADDRESS_ALREADY_ASSOCIATED" }, - { 0xC0000239, "STATUS_ADDRESS_NOT_ASSOCIATED" }, - { 0xC000023A, "STATUS_CONNECTION_INVALID" }, - { 0xC000023B, "STATUS_CONNECTION_ACTIVE" }, - { 0xC000023C, "STATUS_NETWORK_UNREACHABLE" }, - { 0xC000023D, "STATUS_HOST_UNREACHABLE" }, - { 0xC000023E, "STATUS_PROTOCOL_UNREACHABLE" }, - { 0xC000023F, "STATUS_PORT_UNREACHABLE" }, - { 0xC0000240, "STATUS_REQUEST_ABORTED" }, - { 0xC0000241, "STATUS_CONNECTION_ABORTED" }, - { 0xC0000242, "STATUS_BAD_COMPRESSION_BUFFER" }, - { 0xC0000243, "STATUS_USER_MAPPED_FILE" }, - { 0xC0000244, "STATUS_AUDIT_FAILED" }, - { 0xC0000245, "STATUS_TIMER_RESOLUTION_NOT_SET" }, - { 0xC0000246, "STATUS_CONNECTION_COUNT_LIMIT" }, - { 0xC0000247, "STATUS_LOGIN_TIME_RESTRICTION" }, - { 0xC0000248, "STATUS_LOGIN_WKSTA_RESTRICTION" }, - { 0xC0000249, "STATUS_IMAGE_MP_UP_MISMATCH" }, - { 0xC0000250, "STATUS_INSUFFICIENT_LOGON_INFO" }, - { 0xC0000251, "STATUS_BAD_DLL_ENTRYPOINT" }, - { 0xC0000252, "STATUS_BAD_SERVICE_ENTRYPOINT" }, - { 0xC0000253, "STATUS_LPC_REPLY_LOST" }, - { 0xC0000254, "STATUS_IP_ADDRESS_CONFLICT1" }, - { 0xC0000255, "STATUS_IP_ADDRESS_CONFLICT2" }, - { 0xC0000256, "STATUS_REGISTRY_QUOTA_LIMIT" }, - { 0xC0000257, "STATUS_PATH_NOT_COVERED" }, - { 0xC0000258, "STATUS_NO_CALLBACK_ACTIVE" }, - { 0xC0000259, "STATUS_LICENSE_QUOTA_EXCEEDED" }, - { 0xC000025A, "STATUS_PWD_TOO_SHORT" }, - { 0xC000025B, "STATUS_PWD_TOO_RECENT" }, - { 0xC000025C, "STATUS_PWD_HISTORY_CONFLICT" }, - { 0xC000025E, "STATUS_PLUGPLAY_NO_DEVICE" }, - { 0xC000025F, "STATUS_UNSUPPORTED_COMPRESSION" }, - { 0xC0000260, "STATUS_INVALID_HW_PROFILE" }, - { 0xC0000261, "STATUS_INVALID_PLUGPLAY_DEVICE_PATH" }, - { 0xC0000262, "STATUS_DRIVER_ORDINAL_NOT_FOUND" }, - { 0xC0000263, "STATUS_DRIVER_ENTRYPOINT_NOT_FOUND" }, - { 0xC0000264, "STATUS_RESOURCE_NOT_OWNED" }, - { 0xC0000265, "STATUS_TOO_MANY_LINKS" }, - { 0xC0000266, "STATUS_QUOTA_LIST_INCONSISTENT" }, - { 0xC0000267, "STATUS_FILE_IS_OFFLINE" }, - { 0xC0000268, "STATUS_EVALUATION_EXPIRATION" }, - { 0xC0000269, "STATUS_ILLEGAL_DLL_RELOCATION" }, - { 0xC000026A, "STATUS_LICENSE_VIOLATION" }, - { 0xC000026B, "STATUS_DLL_INIT_FAILED_LOGOFF" }, - { 0xC000026C, "STATUS_DRIVER_UNABLE_TO_LOAD" }, - { 0xC000026D, "STATUS_DFS_UNAVAILABLE" }, - { 0xC000026E, "STATUS_VOLUME_DISMOUNTED" }, - { 0xC000026F, "STATUS_WX86_INTERNAL_ERROR" }, - { 0xC0000270, "STATUS_WX86_FLOAT_STACK_CHECK" }, - { 0xC0000271, "STATUS_VALIDATE_CONTINUE" }, - { 0xC0000272, "STATUS_NO_MATCH" }, - { 0xC0000273, "STATUS_NO_MORE_MATCHES" }, - { 0xC0000275, "STATUS_NOT_A_REPARSE_POINT" }, - { 0xC0000276, "STATUS_IO_REPARSE_TAG_INVALID" }, - { 0xC0000277, "STATUS_IO_REPARSE_TAG_MISMATCH" }, - { 0xC0000278, "STATUS_IO_REPARSE_DATA_INVALID" }, - { 0xC0000279, "STATUS_IO_REPARSE_TAG_NOT_HANDLED" }, - { 0xC0000280, "STATUS_REPARSE_POINT_NOT_RESOLVED" }, - { 0xC0000281, "STATUS_DIRECTORY_IS_A_REPARSE_POINT" }, - { 0xC0000282, "STATUS_RANGE_LIST_CONFLICT" }, - { 0xC0000283, "STATUS_SOURCE_ELEMENT_EMPTY" }, - { 0xC0000284, "STATUS_DESTINATION_ELEMENT_FULL" }, - { 0xC0000285, "STATUS_ILLEGAL_ELEMENT_ADDRESS" }, - { 0xC0000286, "STATUS_MAGAZINE_NOT_PRESENT" }, - { 0xC0000287, "STATUS_REINITIALIZATION_NEEDED" }, - { 0x80000288, "STATUS_DEVICE_REQUIRES_CLEANING" }, - { 0x80000289, "STATUS_DEVICE_DOOR_OPEN" }, - { 0xC000028A, "STATUS_ENCRYPTION_FAILED" }, - { 0xC000028B, "STATUS_DECRYPTION_FAILED" }, - { 0xC000028C, "STATUS_RANGE_NOT_FOUND" }, - { 0xC000028D, "STATUS_NO_RECOVERY_POLICY" }, - { 0xC000028E, "STATUS_NO_EFS" }, - { 0xC000028F, "STATUS_WRONG_EFS" }, - { 0xC0000290, "STATUS_NO_USER_KEYS" }, - { 0xC0000291, "STATUS_FILE_NOT_ENCRYPTED" }, - { 0xC0000292, "STATUS_NOT_EXPORT_FORMAT" }, - { 0xC0000293, "STATUS_FILE_ENCRYPTED" }, - { 0x40000294, "STATUS_WAKE_SYSTEM" }, - { 0xC0000295, "STATUS_WMI_GUID_NOT_FOUND" }, - { 0xC0000296, "STATUS_WMI_INSTANCE_NOT_FOUND" }, - { 0xC0000297, "STATUS_WMI_ITEMID_NOT_FOUND" }, - { 0xC0000298, "STATUS_WMI_TRY_AGAIN" }, - { 0xC0000299, "STATUS_SHARED_POLICY" }, - { 0xC000029A, "STATUS_POLICY_OBJECT_NOT_FOUND" }, - { 0xC000029B, "STATUS_POLICY_ONLY_IN_DS" }, - { 0xC000029C, "STATUS_VOLUME_NOT_UPGRADED" }, - { 0xC000029D, "STATUS_REMOTE_STORAGE_NOT_ACTIVE" }, - { 0xC000029E, "STATUS_REMOTE_STORAGE_MEDIA_ERROR" }, - { 0xC000029F, "STATUS_NO_TRACKING_SERVICE" }, - { 0xC00002A0, "STATUS_SERVER_SID_MISMATCH" }, - { 0xC00002A1, "STATUS_DS_NO_ATTRIBUTE_OR_VALUE" }, - { 0xC00002A2, "STATUS_DS_INVALID_ATTRIBUTE_SYNTAX" }, - { 0xC00002A3, "STATUS_DS_ATTRIBUTE_TYPE_UNDEFINED" }, - { 0xC00002A4, "STATUS_DS_ATTRIBUTE_OR_VALUE_EXISTS" }, - { 0xC00002A5, "STATUS_DS_BUSY" }, - { 0xC00002A6, "STATUS_DS_UNAVAILABLE" }, - { 0xC00002A7, "STATUS_DS_NO_RIDS_ALLOCATED" }, - { 0xC00002A8, "STATUS_DS_NO_MORE_RIDS" }, - { 0xC00002A9, "STATUS_DS_INCORRECT_ROLE_OWNER" }, - { 0xC00002AA, "STATUS_DS_RIDMGR_INIT_ERROR" }, - { 0xC00002AB, "STATUS_DS_OBJ_CLASS_VIOLATION" }, - { 0xC00002AC, "STATUS_DS_CANT_ON_NON_LEAF" }, - { 0xC00002AD, "STATUS_DS_CANT_ON_RDN" }, - { 0xC00002AE, "STATUS_DS_CANT_MOD_OBJ_CLASS" }, - { 0xC00002AF, "STATUS_DS_CROSS_DOM_MOVE_FAILED" }, - { 0xC00002B0, "STATUS_DS_GC_NOT_AVAILABLE" }, - { 0xC00002B1, "STATUS_DIRECTORY_SERVICE_REQUIRED" }, - { 0xC00002B2, "STATUS_REPARSE_ATTRIBUTE_CONFLICT" }, - { 0xC00002B3, "STATUS_CANT_ENABLE_DENY_ONLY" }, - { 0xC00002B4, "STATUS_FLOAT_MULTIPLE_FAULTS" }, - { 0xC00002B5, "STATUS_FLOAT_MULTIPLE_TRAPS" }, - { 0xC00002B6, "STATUS_DEVICE_REMOVED" }, - { 0xC00002B7, "STATUS_JOURNAL_DELETE_IN_PROGRESS" }, - { 0xC00002B8, "STATUS_JOURNAL_NOT_ACTIVE" }, - { 0xC00002B9, "STATUS_NOINTERFACE" }, - { 0xC00002C1, "STATUS_DS_ADMIN_LIMIT_EXCEEDED" }, - { 0xC00002C2, "STATUS_DRIVER_FAILED_SLEEP" }, - { 0xC00002C3, "STATUS_MUTUAL_AUTHENTICATION_FAILED" }, - { 0xC00002C4, "STATUS_CORRUPT_SYSTEM_FILE" }, - { 0xC00002C5, "STATUS_DATATYPE_MISALIGNMENT_ERROR" }, - { 0xC00002C6, "STATUS_WMI_READ_ONLY" }, - { 0xC00002C7, "STATUS_WMI_SET_FAILURE" }, - { 0xC00002C8, "STATUS_COMMITMENT_MINIMUM" }, - { 0xC00002C9, "STATUS_REG_NAT_CONSUMPTION" }, - { 0xC00002CA, "STATUS_TRANSPORT_FULL" }, - { 0xC00002CB, "STATUS_DS_SAM_INIT_FAILURE" }, - { 0xC00002CC, "STATUS_ONLY_IF_CONNECTED" }, - { 0xC00002CD, "STATUS_DS_SENSITIVE_GROUP_VIOLATION" }, - { 0xC00002CE, "STATUS_PNP_RESTART_ENUMERATION" }, - { 0xC00002CF, "STATUS_JOURNAL_ENTRY_DELETED" }, - { 0xC00002D0, "STATUS_DS_CANT_MOD_PRIMARYGROUPID" }, - { 0xC00002D1, "STATUS_SYSTEM_IMAGE_BAD_SIGNATURE" }, - { 0xC00002D2, "STATUS_PNP_REBOOT_REQUIRED" }, - { 0xC00002D3, "STATUS_POWER_STATE_INVALID" }, - { 0xC00002D4, "STATUS_DS_INVALID_GROUP_TYPE" }, - { 0xC00002D5, "STATUS_DS_NO_NEST_GLOBALGROUP_IN_MIXEDDOMAIN" }, - { 0xC00002D6, "STATUS_DS_NO_NEST_LOCALGROUP_IN_MIXEDDOMAIN" }, - { 0xC00002D7, "STATUS_DS_GLOBAL_CANT_HAVE_LOCAL_MEMBER" }, - { 0xC00002D8, "STATUS_DS_GLOBAL_CANT_HAVE_UNIVERSAL_MEMBER" }, - { 0xC00002D9, "STATUS_DS_UNIVERSAL_CANT_HAVE_LOCAL_MEMBER" }, - { 0xC00002DA, "STATUS_DS_GLOBAL_CANT_HAVE_CROSSDOMAIN_MEMBER" }, - { 0xC00002DB, "STATUS_DS_LOCAL_CANT_HAVE_CROSSDOMAIN_LOCAL_MEMBER" }, - { 0xC00002DC, "STATUS_DS_HAVE_PRIMARY_MEMBERS" }, - { 0xC00002DD, "STATUS_WMI_NOT_SUPPORTED" }, - { 0xC00002DE, "STATUS_INSUFFICIENT_POWER" }, - { 0xC00002DF, "STATUS_SAM_NEED_BOOTKEY_PASSWORD" }, - { 0xC00002E0, "STATUS_SAM_NEED_BOOTKEY_FLOPPY" }, - { 0xC00002E1, "STATUS_DS_CANT_START" }, - { 0xC00002E2, "STATUS_DS_INIT_FAILURE" }, - { 0xC00002E3, "STATUS_SAM_INIT_FAILURE" }, - { 0xC00002E4, "STATUS_DS_GC_REQUIRED" }, - { 0xC00002E5, "STATUS_DS_LOCAL_MEMBER_OF_LOCAL_ONLY" }, - { 0xC00002E6, "STATUS_DS_NO_FPO_IN_UNIVERSAL_GROUPS" }, - { 0xC00002E7, "STATUS_DS_MACHINE_ACCOUNT_QUOTA_EXCEEDED" }, - { 0xC00002E8, "STATUS_MULTIPLE_FAULT_VIOLATION" }, - { 0xC0000300, "STATUS_NOT_SUPPORTED_ON_SBS" }, - { 0xC0009898, "STATUS_WOW_ASSERTION" }, - { 0xC0020001, "RPC_NT_INVALID_STRING_BINDING" }, - { 0xC0020002, "RPC_NT_WRONG_KIND_OF_BINDING" }, - { 0xC0020003, "RPC_NT_INVALID_BINDING" }, - { 0xC0020004, "RPC_NT_PROTSEQ_NOT_SUPPORTED" }, - { 0xC0020005, "RPC_NT_INVALID_RPC_PROTSEQ" }, - { 0xC0020006, "RPC_NT_INVALID_STRING_UUID" }, - { 0xC0020007, "RPC_NT_INVALID_ENDPOINT_FORMAT" }, - { 0xC0020008, "RPC_NT_INVALID_NET_ADDR" }, - { 0xC0020009, "RPC_NT_NO_ENDPOINT_FOUND" }, - { 0xC002000A, "RPC_NT_INVALID_TIMEOUT" }, - { 0xC002000B, "RPC_NT_OBJECT_NOT_FOUND" }, - { 0xC002000C, "RPC_NT_ALREADY_REGISTERED" }, - { 0xC002000D, "RPC_NT_TYPE_ALREADY_REGISTERED" }, - { 0xC002000E, "RPC_NT_ALREADY_LISTENING" }, - { 0xC002000F, "RPC_NT_NO_PROTSEQS_REGISTERED" }, - { 0xC0020010, "RPC_NT_NOT_LISTENING" }, - { 0xC0020011, "RPC_NT_UNKNOWN_MGR_TYPE" }, - { 0xC0020012, "RPC_NT_UNKNOWN_IF" }, - { 0xC0020013, "RPC_NT_NO_BINDINGS" }, - { 0xC0020014, "RPC_NT_NO_PROTSEQS" }, - { 0xC0020015, "RPC_NT_CANT_CREATE_ENDPOINT" }, - { 0xC0020016, "RPC_NT_OUT_OF_RESOURCES" }, - { 0xC0020017, "RPC_NT_SERVER_UNAVAILABLE" }, - { 0xC0020018, "RPC_NT_SERVER_TOO_BUSY" }, - { 0xC0020019, "RPC_NT_INVALID_NETWORK_OPTIONS" }, - { 0xC002001A, "RPC_NT_NO_CALL_ACTIVE" }, - { 0xC002001B, "RPC_NT_CALL_FAILED" }, - { 0xC002001C, "RPC_NT_CALL_FAILED_DNE" }, - { 0xC002001D, "RPC_NT_PROTOCOL_ERROR" }, - { 0xC002001F, "RPC_NT_UNSUPPORTED_TRANS_SYN" }, - { 0xC0020021, "RPC_NT_UNSUPPORTED_TYPE" }, - { 0xC0020022, "RPC_NT_INVALID_TAG" }, - { 0xC0020023, "RPC_NT_INVALID_BOUND" }, - { 0xC0020024, "RPC_NT_NO_ENTRY_NAME" }, - { 0xC0020025, "RPC_NT_INVALID_NAME_SYNTAX" }, - { 0xC0020026, "RPC_NT_UNSUPPORTED_NAME_SYNTAX" }, - { 0xC0020028, "RPC_NT_UUID_NO_ADDRESS" }, - { 0xC0020029, "RPC_NT_DUPLICATE_ENDPOINT" }, - { 0xC002002A, "RPC_NT_UNKNOWN_AUTHN_TYPE" }, - { 0xC002002B, "RPC_NT_MAX_CALLS_TOO_SMALL" }, - { 0xC002002C, "RPC_NT_STRING_TOO_LONG" }, - { 0xC002002D, "RPC_NT_PROTSEQ_NOT_FOUND" }, - { 0xC002002E, "RPC_NT_PROCNUM_OUT_OF_RANGE" }, - { 0xC002002F, "RPC_NT_BINDING_HAS_NO_AUTH" }, - { 0xC0020030, "RPC_NT_UNKNOWN_AUTHN_SERVICE" }, - { 0xC0020031, "RPC_NT_UNKNOWN_AUTHN_LEVEL" }, - { 0xC0020032, "RPC_NT_INVALID_AUTH_IDENTITY" }, - { 0xC0020033, "RPC_NT_UNKNOWN_AUTHZ_SERVICE" }, - { 0xC0020034, "EPT_NT_INVALID_ENTRY" }, - { 0xC0020035, "EPT_NT_CANT_PERFORM_OP" }, - { 0xC0020036, "EPT_NT_NOT_REGISTERED" }, - { 0xC0020037, "RPC_NT_NOTHING_TO_EXPORT" }, - { 0xC0020038, "RPC_NT_INCOMPLETE_NAME" }, - { 0xC0020039, "RPC_NT_INVALID_VERS_OPTION" }, - { 0xC002003A, "RPC_NT_NO_MORE_MEMBERS" }, - { 0xC002003B, "RPC_NT_NOT_ALL_OBJS_UNEXPORTED" }, - { 0xC002003C, "RPC_NT_INTERFACE_NOT_FOUND" }, - { 0xC002003D, "RPC_NT_ENTRY_ALREADY_EXISTS" }, - { 0xC002003E, "RPC_NT_ENTRY_NOT_FOUND" }, - { 0xC002003F, "RPC_NT_NAME_SERVICE_UNAVAILABLE" }, - { 0xC0020040, "RPC_NT_INVALID_NAF_ID" }, - { 0xC0020041, "RPC_NT_CANNOT_SUPPORT" }, - { 0xC0020042, "RPC_NT_NO_CONTEXT_AVAILABLE" }, - { 0xC0020043, "RPC_NT_INTERNAL_ERROR" }, - { 0xC0020044, "RPC_NT_ZERO_DIVIDE" }, - { 0xC0020045, "RPC_NT_ADDRESS_ERROR" }, - { 0xC0020046, "RPC_NT_FP_DIV_ZERO" }, - { 0xC0020047, "RPC_NT_FP_UNDERFLOW" }, - { 0xC0020048, "RPC_NT_FP_OVERFLOW" }, - { 0xC0021007, "RPC_P_RECEIVE_ALERTED" }, - { 0xC0021008, "RPC_P_CONNECTION_CLOSED" }, - { 0xC0021009, "RPC_P_RECEIVE_FAILED" }, - { 0xC002100A, "RPC_P_SEND_FAILED" }, - { 0xC002100B, "RPC_P_TIMEOUT" }, - { 0xC002100C, "RPC_P_SERVER_TRANSPORT_ERROR" }, - { 0xC002100E, "RPC_P_EXCEPTION_OCCURED" }, - { 0xC0021012, "RPC_P_CONNECTION_SHUTDOWN" }, - { 0xC0021015, "RPC_P_THREAD_LISTENING" }, - { 0xC0030001, "RPC_NT_NO_MORE_ENTRIES" }, - { 0xC0030002, "RPC_NT_SS_CHAR_TRANS_OPEN_FAIL" }, - { 0xC0030003, "RPC_NT_SS_CHAR_TRANS_SHORT_FILE" }, - { 0xC0030004, "RPC_NT_SS_IN_NULL_CONTEXT" }, - { 0xC0030005, "RPC_NT_SS_CONTEXT_MISMATCH" }, - { 0xC0030006, "RPC_NT_SS_CONTEXT_DAMAGED" }, - { 0xC0030007, "RPC_NT_SS_HANDLES_MISMATCH" }, - { 0xC0030008, "RPC_NT_SS_CANNOT_GET_CALL_HANDLE" }, - { 0xC0030009, "RPC_NT_NULL_REF_POINTER" }, - { 0xC003000A, "RPC_NT_ENUM_VALUE_OUT_OF_RANGE" }, - { 0xC003000B, "RPC_NT_BYTE_COUNT_TOO_SMALL" }, - { 0xC003000C, "RPC_NT_BAD_STUB_DATA" }, - { 0xC0020049, "RPC_NT_CALL_IN_PROGRESS" }, - { 0xC002004A, "RPC_NT_NO_MORE_BINDINGS" }, - { 0xC002004B, "RPC_NT_GROUP_MEMBER_NOT_FOUND" }, - { 0xC002004C, "EPT_NT_CANT_CREATE" }, - { 0xC002004D, "RPC_NT_INVALID_OBJECT" }, - { 0xC002004F, "RPC_NT_NO_INTERFACES" }, - { 0xC0020050, "RPC_NT_CALL_CANCELLED" }, - { 0xC0020051, "RPC_NT_BINDING_INCOMPLETE" }, - { 0xC0020052, "RPC_NT_COMM_FAILURE" }, - { 0xC0020053, "RPC_NT_UNSUPPORTED_AUTHN_LEVEL" }, - { 0xC0020054, "RPC_NT_NO_PRINC_NAME" }, - { 0xC0020055, "RPC_NT_NOT_RPC_ERROR" }, - { 0x40020056, "RPC_NT_UUID_LOCAL_ONLY" }, - { 0xC0020057, "RPC_NT_SEC_PKG_ERROR" }, - { 0xC0020058, "RPC_NT_NOT_CANCELLED" }, - { 0xC0030059, "RPC_NT_INVALID_ES_ACTION" }, - { 0xC003005A, "RPC_NT_WRONG_ES_VERSION" }, - { 0xC003005B, "RPC_NT_WRONG_STUB_VERSION" }, - { 0xC003005C, "RPC_NT_INVALID_PIPE_OBJECT" }, - { 0xC003005D, "RPC_NT_INVALID_PIPE_OPERATION" }, - { 0xC003005E, "RPC_NT_WRONG_PIPE_VERSION" }, - { 0x400200AF, "RPC_NT_SEND_INCOMPLETE" }, - { 0, NULL } -}; - - - static const true_false_string tfs_smb_flags_lock = { "Lock&Read, Write&Unlock are supported", "Lock&Read, Write&Unlock are not supported" @@ -18921,130 +16930,14 @@ proto_register_smb(void) { "Compressed", "smb.fs_attr.vic", FT_BOOLEAN, 32, TFS(&tfs_fs_attr_vic), 0x00008000, "Is this FS Compressed?", HFILL }}, - { &hf_smb_sec_desc_revision, - { "Revision", "smb.sec_desc.revision", FT_UINT8, BASE_DEC, - NULL, 0, "Version of NT Security Descriptor structure", HFILL }}, - - { &hf_smb_sid, - { "SID", "smb.sid", FT_STRING, BASE_DEC, - NULL, 0, "SID: Security Identifier", HFILL }}, - - { &hf_smb_sid_revision, - { "Revision", "smb.sid.revision", FT_UINT8, BASE_DEC, - NULL, 0, "Version of SID structure", HFILL }}, - - { &hf_smb_sid_num_auth, - { "Num Auth", "smb.sid.num_auth", FT_UINT8, BASE_DEC, - NULL, 0, "Number of authorities for this SID", HFILL }}, - - { &hf_smb_acl_revision, - { "Revision", "smb.acl.revision", FT_UINT8, BASE_DEC, - NULL, 0, "Version of NT ACL structure", HFILL }}, - - { &hf_smb_acl_size, - { "Size", "smb.acl.size", FT_UINT16, BASE_DEC, - NULL, 0, "Size of NT ACL structure", HFILL }}, - - { &hf_smb_acl_num_aces, - { "Num ACEs", "smb.acl.num_aces", FT_UINT32, BASE_DEC, - NULL, 0, "Number of ACE structures for this ACL", HFILL }}, - { &hf_smb_user_quota_offset, { "Next Offset", "smb.quota.user.offset", FT_UINT32, BASE_DEC, NULL, 0, "Relative offset to next user quota structure", HFILL }}, - { &hf_smb_ace_type, - { "Type", "smb.ace.type", FT_UINT8, BASE_DEC, - VALS(ace_type_vals), 0, "Type of ACE", HFILL }}, - { &hf_smb_pipe_write_len, { "Pipe Write Len", "smb.pipe.write_len", FT_UINT16, BASE_DEC, NULL, 0, "Number of bytes written to pipe", HFILL }}, - { &hf_smb_ace_size, - { "Size", "smb.ace.size", FT_UINT16, BASE_DEC, - NULL, 0, "Size of this ACE", HFILL }}, - - { &hf_smb_ace_flags_object_inherit, - { "Object Inherit", "smb.ace.flags.object_inherit", FT_BOOLEAN, 8, - TFS(&tfs_ace_flags_object_inherit), 0x01, "Will subordinate files inherit this ACE?", HFILL }}, - - { &hf_smb_ace_flags_container_inherit, - { "Container Inherit", "smb.ace.flags.container_inherit", FT_BOOLEAN, 8, - TFS(&tfs_ace_flags_container_inherit), 0x02, "Will subordinate containers inherit this ACE?", HFILL }}, - - { &hf_smb_ace_flags_non_propagate_inherit, - { "Non-Propagate Inherit", "smb.ace.flags.non_propagate_inherit", FT_BOOLEAN, 8, - TFS(&tfs_ace_flags_non_propagate_inherit), 0x04, "Will subordinate object propagate this ACE further?", HFILL }}, - - { &hf_smb_ace_flags_inherit_only, - { "Inherit Only", "smb.ace.flags.inherit_only", FT_BOOLEAN, 8, - TFS(&tfs_ace_flags_inherit_only), 0x08, "Does this ACE apply to the current object?", HFILL }}, - - { &hf_smb_ace_flags_inherited_ace, - { "Inherited ACE", "smb.ace.flags.inherited_ace", FT_BOOLEAN, 8, - TFS(&tfs_ace_flags_inherited_ace), 0x10, "Was this ACE inherited from its parent object?", HFILL }}, - - { &hf_smb_ace_flags_successful_access, - { "Audit Successful Accesses", "smb.ace.flags.successful_access", FT_BOOLEAN, 8, - TFS(&tfs_ace_flags_successful_access), 0x40, "Should successful accesses be audited?", HFILL }}, - - { &hf_smb_ace_flags_failed_access, - { "Audit Failed Accesses", "smb.ace.flags.failed_access", FT_BOOLEAN, 8, - TFS(&tfs_ace_flags_failed_access), 0x80, "Should failed accesses be audited?", HFILL }}, - - { &hf_smb_sec_desc_type_owner_defaulted, - { "Owner Defaulted", "smb.sec_desc.type.owner_defaulted", FT_BOOLEAN, 16, - TFS(&tfs_sec_desc_type_owner_defaulted), 0x0001, "Is Owner Defaulted set?", HFILL }}, - - { &hf_smb_sec_desc_type_group_defaulted, - { "Group Defaulted", "smb.sec_desc.type.group_defaulted", FT_BOOLEAN, 16, - TFS(&tfs_sec_desc_type_group_defaulted), 0x0002, "Is Group Defaulted?", HFILL }}, - - { &hf_smb_sec_desc_type_dacl_present, - { "DACL Present", "smb.sec_desc.type.dacl_present", FT_BOOLEAN, 16, - TFS(&tfs_sec_desc_type_dacl_present), 0x0004, "Does this SecDesc have DACL present?", HFILL }}, - - { &hf_smb_sec_desc_type_dacl_defaulted, - { "DACL Defaulted", "smb.sec_desc.type.dacl_defaulted", FT_BOOLEAN, 16, - TFS(&tfs_sec_desc_type_dacl_defaulted), 0x0008, "Does this SecDesc have DACL Defaulted?", HFILL }}, - - { &hf_smb_sec_desc_type_sacl_present, - { "SACL Present", "smb.sec_desc.type.sacl_present", FT_BOOLEAN, 16, - TFS(&tfs_sec_desc_type_sacl_present), 0x0010, "Is the SACL present?", HFILL }}, - - { &hf_smb_sec_desc_type_sacl_defaulted, - { "SACL Defaulted", "smb.sec_desc.type.sacl_defaulted", FT_BOOLEAN, 16, - TFS(&tfs_sec_desc_type_sacl_defaulted), 0x0020, "Does this SecDesc have SACL Defaulted?", HFILL }}, - - { &hf_smb_sec_desc_type_dacl_auto_inherit_req, - { "DACL Auto Inherit Required", "smb.sec_desc.type.dacl_auto_inherit_req", FT_BOOLEAN, 16, - TFS(&tfs_sec_desc_type_dacl_auto_inherit_req), 0x0100, "Does this SecDesc have DACL Auto Inherit Required set?", HFILL }}, - - { &hf_smb_sec_desc_type_sacl_auto_inherit_req, - { "SACL Auto Inherit Required", "smb.sec_desc.type.sacl_auto_inherit_req", FT_BOOLEAN, 16, - TFS(&tfs_sec_desc_type_sacl_auto_inherit_req), 0x0200, "Does this SecDesc have SACL Auto Inherit Required set?", HFILL }}, - - { &hf_smb_sec_desc_type_dacl_auto_inherited, - { "DACL Auto Inherited", "smb.sec_desc.type.dacl_auto_inherited", FT_BOOLEAN, 16, - TFS(&tfs_sec_desc_type_dacl_auto_inherited), 0x0400, "Is this DACL auto inherited", HFILL }}, - - { &hf_smb_sec_desc_type_sacl_auto_inherited, - { "SACL Auto Inherited", "smb.sec_desc.type.sacl_auto_inherited", FT_BOOLEAN, 16, - TFS(&tfs_sec_desc_type_sacl_auto_inherited), 0x0800, "Is this SACL auto inherited", HFILL }}, - - { &hf_smb_sec_desc_type_dacl_protected, - { "DACL Protected", "smb.sec_desc.type.dacl_protected", FT_BOOLEAN, 16, - TFS(&tfs_sec_desc_type_dacl_protected), 0x1000, "Is the DACL structure protected?", HFILL }}, - - { &hf_smb_sec_desc_type_sacl_protected, - { "SACL Protected", "smb.sec_desc.type.sacl_protected", FT_BOOLEAN, 16, - TFS(&tfs_sec_desc_type_sacl_protected), 0x2000, "Is the SACL structure protected?", HFILL }}, - - { &hf_smb_sec_desc_type_self_relative, - { "Self Relative", "smb.sec_desc.type.self_relative", FT_BOOLEAN, 16, - TFS(&tfs_sec_desc_type_self_relative), 0x8000, "Is this SecDesc self relative?", HFILL }}, - { &hf_smb_quota_flags_deny_disk, { "Deny Disk", "smb.quota.flags.deny_disk", FT_BOOLEAN, 8, TFS(&tfs_quota_flags_deny_disk), 0x02, "Is the default quota limit enforced?", HFILL }}, @@ -19168,147 +17061,6 @@ proto_register_smb(void) { &hf_smb_unix_find_file_resumekey, { "Resume key", "smb.unix.find_file.resume_key", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }}, - - /* Access masks */ - - { &hf_smb_access_mask, - { "Access required", "smb.access_mask", - FT_UINT32, BASE_HEX, NULL, 0x0, "Access mask", - HFILL }}, - { &hf_access_generic_read, - { "Generic read", "nt.access_mask.generic_read", - FT_BOOLEAN, 32, TFS(&flags_set_truth), - GENERIC_READ_ACCESS, "Generic read", HFILL }}, - - { &hf_access_generic_write, - { "Generic write", "nt.access_mask.generic_write", - FT_BOOLEAN, 32, TFS(&flags_set_truth), - GENERIC_WRITE_ACCESS, "Generic write", HFILL }}, - - { &hf_access_generic_execute, - { "Generic execute", "nt.access_mask.generic_execute", - FT_BOOLEAN, 32, TFS(&flags_set_truth), - GENERIC_EXECUTE_ACCESS, "Generic execute", HFILL }}, - - { &hf_access_generic_all, - { "Generic all", "nt.access_mask.generic_all", - FT_BOOLEAN, 32, TFS(&flags_set_truth), - GENERIC_ALL_ACCESS, "Generic all", HFILL }}, - - { &hf_access_maximum_allowed, - { "Maximum allowed", "nt.access_mask.maximum_allowed", - FT_BOOLEAN, 32, TFS(&flags_set_truth), - MAXIMUM_ALLOWED_ACCESS, "Maximum allowed", HFILL }}, - - { &hf_access_sacl, - { "Access SACL", "nt.access_mask.access_sacl", - FT_BOOLEAN, 32, TFS(&flags_set_truth), - ACCESS_SACL_ACCESS, "Access SACL", HFILL }}, - - { &hf_access_standard_read_control, - { "Read control", "nt.access_mask.read_control", - FT_BOOLEAN, 32, TFS(&flags_set_truth), - READ_CONTROL_ACCESS, "Read control", HFILL }}, - - { &hf_access_standard_delete, - { "Delete", "nt.access_mask.delete", - FT_BOOLEAN, 32, TFS(&flags_set_truth), - DELETE_ACCESS, "Delete", HFILL }}, - - { &hf_access_standard_synchronise, - { "Synchronise", "nt.access_mask.synchronise", - FT_BOOLEAN, 32, TFS(&flags_set_truth), - SYNCHRONIZE_ACCESS, "Synchronise", HFILL }}, - - { &hf_access_standard_write_dac, - { "Write DAC", "nt.access_mask.write_dac", - FT_BOOLEAN, 32, TFS(&flags_set_truth), - WRITE_DAC_ACCESS, "Write DAC", HFILL }}, - - { &hf_access_standard_write_owner, - { "Write owner", "nt.access_mask.write_owner", - FT_BOOLEAN, 32, TFS(&flags_set_truth), - WRITE_OWNER_ACCESS, "Write owner", HFILL }}, - - { &hf_access_specific_15, - { "Specific access, bit 15", "nt.access_mask.specific_15", - FT_BOOLEAN, 32, TFS(&flags_set_truth), - 0x8000, "Specific access, bit 15", HFILL }}, - - { &hf_access_specific_14, - { "Specific access, bit 14", "nt.access_mask.specific_14", - FT_BOOLEAN, 32, TFS(&flags_set_truth), - 0x4000, "Specific access, bit 14", HFILL }}, - - { &hf_access_specific_13, - { "Specific access, bit 13", "nt.access_mask.specific_13", - FT_BOOLEAN, 32, TFS(&flags_set_truth), - 0x2000, "Specific access, bit 13", HFILL }}, - - { &hf_access_specific_12, - { "Specific access, bit 12", "nt.access_mask.specific_12", - FT_BOOLEAN, 32, TFS(&flags_set_truth), - 0x1000, "Specific access, bit 12", HFILL }}, - - { &hf_access_specific_11, - { "Specific access, bit 11", "nt.access_mask.specific_11", - FT_BOOLEAN, 32, TFS(&flags_set_truth), - 0x0800, "Specific access, bit 11", HFILL }}, - - { &hf_access_specific_10, - { "Specific access, bit 10", "nt.access_mask.specific_10", - FT_BOOLEAN, 32, TFS(&flags_set_truth), - 0x0400, "Specific access, bit 10", HFILL }}, - - { &hf_access_specific_9, - { "Specific access, bit 9", "nt.access_mask.specific_9", - FT_BOOLEAN, 32, TFS(&flags_set_truth), - 0x0200, "Specific access, bit 9", HFILL }}, - - { &hf_access_specific_8, - { "Specific access, bit 8", "nt.access_mask.specific_8", - FT_BOOLEAN, 32, TFS(&flags_set_truth), - 0x0100, "Specific access, bit 8", HFILL }}, - - { &hf_access_specific_7, - { "Specific access, bit 7", "nt.access_mask.specific_7", - FT_BOOLEAN, 32, TFS(&flags_set_truth), - 0x0080, "Specific access, bit 7", HFILL }}, - - { &hf_access_specific_6, - { "Specific access, bit 6", "nt.access_mask.specific_6", - FT_BOOLEAN, 32, TFS(&flags_set_truth), - 0x0040, "Specific access, bit 6", HFILL }}, - - { &hf_access_specific_5, - { "Specific access, bit 5", "nt.access_mask.specific_5", - FT_BOOLEAN, 32, TFS(&flags_set_truth), - 0x0020, "Specific access, bit 5", HFILL }}, - - { &hf_access_specific_4, - { "Specific access, bit 4", "nt.access_mask.specific_4", - FT_BOOLEAN, 32, TFS(&flags_set_truth), - 0x0010, "Specific access, bit 4", HFILL }}, - - { &hf_access_specific_3, - { "Specific access, bit 3", "nt.access_mask.specific_3", - FT_BOOLEAN, 32, TFS(&flags_set_truth), - 0x0008, "Specific access, bit 3", HFILL }}, - - { &hf_access_specific_2, - { "Specific access, bit 2", "nt.access_mask.specific_2", - FT_BOOLEAN, 32, TFS(&flags_set_truth), - 0x0004, "Specific access, bit 2", HFILL }}, - - { &hf_access_specific_1, - { "Specific access, bit 1", "nt.access_mask.specific_1", - FT_BOOLEAN, 32, TFS(&flags_set_truth), - 0x0002, "Specific access, bit 1", HFILL }}, - - { &hf_access_specific_0, - { "Specific access, bit 0", "nt.access_mask.specific_0", - FT_BOOLEAN, 32, TFS(&flags_set_truth), - 0x0001, "Specific access, bit 0", HFILL }} }; static gint *ett[] = { @@ -19378,19 +17130,9 @@ proto_register_smb(void) &ett_smb_fs_attributes, &ett_smb_segments, &ett_smb_segment, - &ett_smb_sec_desc, - &ett_smb_sid, - &ett_smb_acl, - &ett_smb_ace, - &ett_smb_ace_flags, - &ett_smb_sec_desc_type, &ett_smb_quotaflags, &ett_smb_secblob, &ett_smb_mac_support_flags, - &ett_nt_access_mask, - &ett_nt_access_mask_generic, - &ett_nt_access_mask_standard, - &ett_nt_access_mask_specific, &ett_smb_unicode_password, &ett_smb_ea, &ett_smb_unix_capabilities @@ -19402,6 +17144,8 @@ proto_register_smb(void) proto_register_subtree_array(ett, array_length(ett)); proto_register_field_array(proto_smb, hf, array_length(hf)); + proto_do_register_windows_common(proto_smb); + register_init_routine(&smb_init_protocol); smb_module = prefs_register_protocol(proto_smb, NULL); prefs_register_bool_preference(smb_module, "trans_reassembly", diff --git a/epan/dissectors/packet-windows-common.c b/epan/dissectors/packet-windows-common.c new file mode 100644 index 0000000000..b71de12acf --- /dev/null +++ b/epan/dissectors/packet-windows-common.c @@ -0,0 +1,2332 @@ +/* packet-windows-common.c + * Routines for dissecting various Windows data types + * + * $Id$ + * + * Ethereal - Network traffic analyzer + * By Gerald Combs <gerald@ethereal.com> + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include <glib.h> + +#include <epan/packet.h> +#include "packet-dcerpc.h" +#include "packet-smb-sidsnooping.h" +#include "packet-windows-common.h" +#include "smb.h" /* for "sid_name_snooping" */ + +static int hf_nt_sec_desc_revision = -1; +static int hf_nt_sec_desc_type_owner_defaulted = -1; +static int hf_nt_sec_desc_type_group_defaulted = -1; +static int hf_nt_sec_desc_type_dacl_present = -1; +static int hf_nt_sec_desc_type_dacl_defaulted = -1; +static int hf_nt_sec_desc_type_sacl_present = -1; +static int hf_nt_sec_desc_type_sacl_defaulted = -1; +static int hf_nt_sec_desc_type_dacl_auto_inherit_req = -1; +static int hf_nt_sec_desc_type_sacl_auto_inherit_req = -1; +static int hf_nt_sec_desc_type_dacl_auto_inherited = -1; +static int hf_nt_sec_desc_type_sacl_auto_inherited = -1; +static int hf_nt_sec_desc_type_dacl_protected = -1; +static int hf_nt_sec_desc_type_sacl_protected = -1; +static int hf_nt_sec_desc_type_self_relative = -1; +static int hf_nt_sid = -1; +static int hf_nt_sid_revision = -1; +static int hf_nt_sid_num_auth = -1; +static int hf_nt_acl_revision = -1; +static int hf_nt_acl_size = -1; +static int hf_nt_acl_num_aces = -1; +static int hf_nt_ace_flags_object_inherit = -1; +static int hf_nt_ace_flags_container_inherit = -1; +static int hf_nt_ace_flags_non_propagate_inherit = -1; +static int hf_nt_ace_flags_inherit_only = -1; +static int hf_nt_ace_flags_inherited_ace = -1; +static int hf_nt_ace_flags_successful_access = -1; +static int hf_nt_ace_flags_failed_access = -1; +static int hf_nt_ace_type = -1; +static int hf_nt_ace_size = -1; + +static gint ett_nt_sec_desc = -1; +static gint ett_nt_sec_desc_type = -1; +static gint ett_nt_sid = -1; +static gint ett_nt_acl = -1; +static gint ett_nt_ace = -1; +static gint ett_nt_ace_flags = -1; + +/* + * DOS error codes. + */ +const value_string DOS_errors[] = { + {0, "Success"}, + {SMBE_insufficientbuffer, "Insufficient buffer"}, + {SMBE_badfunc, "Invalid function (or system call)"}, + {SMBE_badfile, "File not found (pathname error)"}, + {SMBE_badpath, "Directory not found"}, + {SMBE_nofids, "Too many open files"}, + {SMBE_noaccess, "Access denied"}, + {SMBE_badfid, "Invalid fid"}, + {SMBE_nomem, "Out of memory"}, + {SMBE_badmem, "Invalid memory block address"}, + {SMBE_badenv, "Invalid environment"}, + {SMBE_badaccess, "Invalid open mode"}, + {SMBE_baddata, "Invalid data (only from ioctl call)"}, + {SMBE_res, "Reserved error code?"}, + {SMBE_baddrive, "Invalid drive"}, + {SMBE_remcd, "Attempt to delete current directory"}, + {SMBE_diffdevice, "Rename/move across different filesystems"}, + {SMBE_nofiles, "No more files found in file search"}, + {SMBE_badshare, "Share mode on file conflict with open mode"}, + {SMBE_lock, "Lock request conflicts with existing lock"}, + {SMBE_unsup, "Request unsupported, returned by Win 95"}, + {SMBE_nosuchshare, "Requested share does not exist"}, + {SMBE_filexists, "File in operation already exists"}, + {SMBE_cannotopen, "Cannot open the file specified"}, + {SMBE_unknownlevel, "Unknown info level"}, + {SMBE_invalidname, "Invalid name"}, + {SMBE_badpipe, "Named pipe invalid"}, + {SMBE_pipebusy, "All instances of pipe are busy"}, + {SMBE_pipeclosing, "Named pipe close in progress"}, + {SMBE_notconnected, "No process on other end of named pipe"}, + {SMBE_moredata, "More data to be returned"}, + {SMBE_baddirectory, "Invalid directory name in a path."}, + {SMBE_eas_didnt_fit, "Extended attributes didn't fit"}, + {SMBE_eas_nsup, "Extended attributes not supported"}, + {SMBE_notify_buf_small, "Buffer too small to return change notify."}, + {SMBE_unknownipc, "Unknown IPC Operation"}, + {SMBE_noipc, "Don't support ipc"}, + {SMBE_alreadyexists, "File already exists"}, + {SMBE_unknownprinterdriver, "Unknown printer driver"}, + {SMBE_invalidprintername, "Invalid printer name"}, + {SMBE_printeralreadyexists, "Printer already exists"}, + {SMBE_invaliddatatype, "Invalid data type"}, + {SMBE_invalidenvironment, "Invalid environment"}, + {SMBE_printerdriverinuse, "Printer driver in use"}, + {SMBE_invalidparam, "Invalid parameter"}, + {SMBE_invalidformsize, "Invalid form size"}, + {SMBE_invalidsecuritydescriptor, "Invalid security descriptor"}, + {SMBE_invalidowner, "Invalid owner"}, + {SMBE_nomoreitems, "No more items"}, + {SMBE_serverunavailable, "Server unavailable"}, + {0, NULL} +}; + +/* + * NT error codes. + * + * From + * + * http://www.wildpackets.com/elements/SMB_NT_Status_Codes.txt + */ +const value_string NT_errors[] = { + { 0x00000000, "STATUS_SUCCESS" }, + { 0x00000000, "STATUS_WAIT_0" }, + { 0x00000001, "STATUS_WAIT_1" }, + { 0x00000002, "STATUS_WAIT_2" }, + { 0x00000003, "STATUS_WAIT_3" }, + { 0x0000003F, "STATUS_WAIT_63" }, + { 0x00000080, "STATUS_ABANDONED" }, + { 0x00000080, "STATUS_ABANDONED_WAIT_0" }, + { 0x000000BF, "STATUS_ABANDONED_WAIT_63" }, + { 0x000000C0, "STATUS_USER_APC" }, + { 0x00000100, "STATUS_KERNEL_APC" }, + { 0x00000101, "STATUS_ALERTED" }, + { 0x00000102, "STATUS_TIMEOUT" }, + { 0x00000103, "STATUS_PENDING" }, + { 0x00000104, "STATUS_REPARSE" }, + { 0x00000105, "STATUS_MORE_ENTRIES" }, + { 0x00000106, "STATUS_NOT_ALL_ASSIGNED" }, + { 0x00000107, "STATUS_SOME_NOT_MAPPED" }, + { 0x00000108, "STATUS_OPLOCK_BREAK_IN_PROGRESS" }, + { 0x00000109, "STATUS_VOLUME_MOUNTED" }, + { 0x0000010A, "STATUS_RXACT_COMMITTED" }, + { 0x0000010B, "STATUS_NOTIFY_CLEANUP" }, + { 0x0000010C, "STATUS_NOTIFY_ENUM_DIR" }, + { 0x0000010D, "STATUS_NO_QUOTAS_FOR_ACCOUNT" }, + { 0x0000010E, "STATUS_PRIMARY_TRANSPORT_CONNECT_FAILED" }, + { 0x00000110, "STATUS_PAGE_FAULT_TRANSITION" }, + { 0x00000111, "STATUS_PAGE_FAULT_DEMAND_ZERO" }, + { 0x00000112, "STATUS_PAGE_FAULT_COPY_ON_WRITE" }, + { 0x00000113, "STATUS_PAGE_FAULT_GUARD_PAGE" }, + { 0x00000114, "STATUS_PAGE_FAULT_PAGING_FILE" }, + { 0x00000115, "STATUS_CACHE_PAGE_LOCKED" }, + { 0x00000116, "STATUS_CRASH_DUMP" }, + { 0x00000117, "STATUS_BUFFER_ALL_ZEROS" }, + { 0x00000118, "STATUS_REPARSE_OBJECT" }, + { 0x0000045C, "STATUS_NO_SHUTDOWN_IN_PROGRESS" }, + { 0x40000000, "STATUS_OBJECT_NAME_EXISTS" }, + { 0x40000001, "STATUS_THREAD_WAS_SUSPENDED" }, + { 0x40000002, "STATUS_WORKING_SET_LIMIT_RANGE" }, + { 0x40000003, "STATUS_IMAGE_NOT_AT_BASE" }, + { 0x40000004, "STATUS_RXACT_STATE_CREATED" }, + { 0x40000005, "STATUS_SEGMENT_NOTIFICATION" }, + { 0x40000006, "STATUS_LOCAL_USER_SESSION_KEY" }, + { 0x40000007, "STATUS_BAD_CURRENT_DIRECTORY" }, + { 0x40000008, "STATUS_SERIAL_MORE_WRITES" }, + { 0x40000009, "STATUS_REGISTRY_RECOVERED" }, + { 0x4000000A, "STATUS_FT_READ_RECOVERY_FROM_BACKUP" }, + { 0x4000000B, "STATUS_FT_WRITE_RECOVERY" }, + { 0x4000000C, "STATUS_SERIAL_COUNTER_TIMEOUT" }, + { 0x4000000D, "STATUS_NULL_LM_PASSWORD" }, + { 0x4000000E, "STATUS_IMAGE_MACHINE_TYPE_MISMATCH" }, + { 0x4000000F, "STATUS_RECEIVE_PARTIAL" }, + { 0x40000010, "STATUS_RECEIVE_EXPEDITED" }, + { 0x40000011, "STATUS_RECEIVE_PARTIAL_EXPEDITED" }, + { 0x40000012, "STATUS_EVENT_DONE" }, + { 0x40000013, "STATUS_EVENT_PENDING" }, + { 0x40000014, "STATUS_CHECKING_FILE_SYSTEM" }, + { 0x40000015, "STATUS_FATAL_APP_EXIT" }, + { 0x40000016, "STATUS_PREDEFINED_HANDLE" }, + { 0x40000017, "STATUS_WAS_UNLOCKED" }, + { 0x40000018, "STATUS_SERVICE_NOTIFICATION" }, + { 0x40000019, "STATUS_WAS_LOCKED" }, + { 0x4000001A, "STATUS_LOG_HARD_ERROR" }, + { 0x4000001B, "STATUS_ALREADY_WIN32" }, + { 0x4000001C, "STATUS_WX86_UNSIMULATE" }, + { 0x4000001D, "STATUS_WX86_CONTINUE" }, + { 0x4000001E, "STATUS_WX86_SINGLE_STEP" }, + { 0x4000001F, "STATUS_WX86_BREAKPOINT" }, + { 0x40000020, "STATUS_WX86_EXCEPTION_CONTINUE" }, + { 0x40000021, "STATUS_WX86_EXCEPTION_LASTCHANCE" }, + { 0x40000022, "STATUS_WX86_EXCEPTION_CHAIN" }, + { 0x40000023, "STATUS_IMAGE_MACHINE_TYPE_MISMATCH_EXE" }, + { 0x40000024, "STATUS_NO_YIELD_PERFORMED" }, + { 0x40000025, "STATUS_TIMER_RESUME_IGNORED" }, + { 0x80000001, "STATUS_GUARD_PAGE_VIOLATION" }, + { 0x80000002, "STATUS_DATATYPE_MISALIGNMENT" }, + { 0x80000003, "STATUS_BREAKPOINT" }, + { 0x80000004, "STATUS_SINGLE_STEP" }, + { 0x80000005, "STATUS_BUFFER_OVERFLOW" }, + { 0x80000006, "STATUS_NO_MORE_FILES" }, + { 0x80000007, "STATUS_WAKE_SYSTEM_DEBUGGER" }, + { 0x8000000A, "STATUS_HANDLES_CLOSED" }, + { 0x8000000B, "STATUS_NO_INHERITANCE" }, + { 0x8000000C, "STATUS_GUID_SUBSTITUTION_MADE" }, + { 0x8000000D, "STATUS_PARTIAL_COPY" }, + { 0x8000000E, "STATUS_DEVICE_PAPER_EMPTY" }, + { 0x8000000F, "STATUS_DEVICE_POWERED_OFF" }, + { 0x80000010, "STATUS_DEVICE_OFF_LINE" }, + { 0x80000011, "STATUS_DEVICE_BUSY" }, + { 0x80000012, "STATUS_NO_MORE_EAS" }, + { 0x80000013, "STATUS_INVALID_EA_NAME" }, + { 0x80000014, "STATUS_EA_LIST_INCONSISTENT" }, + { 0x80000015, "STATUS_INVALID_EA_FLAG" }, + { 0x80000016, "STATUS_VERIFY_REQUIRED" }, + { 0x80000017, "STATUS_EXTRANEOUS_INFORMATION" }, + { 0x80000018, "STATUS_RXACT_COMMIT_NECESSARY" }, + { 0x8000001A, "STATUS_NO_MORE_ENTRIES" }, + { 0x8000001B, "STATUS_FILEMARK_DETECTED" }, + { 0x8000001C, "STATUS_MEDIA_CHANGED" }, + { 0x8000001D, "STATUS_BUS_RESET" }, + { 0x8000001E, "STATUS_END_OF_MEDIA" }, + { 0x8000001F, "STATUS_BEGINNING_OF_MEDIA" }, + { 0x80000020, "STATUS_MEDIA_CHECK" }, + { 0x80000021, "STATUS_SETMARK_DETECTED" }, + { 0x80000022, "STATUS_NO_DATA_DETECTED" }, + { 0x80000023, "STATUS_REDIRECTOR_HAS_OPEN_HANDLES" }, + { 0x80000024, "STATUS_SERVER_HAS_OPEN_HANDLES" }, + { 0x80000025, "STATUS_ALREADY_DISCONNECTED" }, + { 0x80000026, "STATUS_LONGJUMP" }, + { 0x80040111, "MAPI_E_LOGON_FAILED" }, + { 0x80090300, "SEC_E_INSUFFICIENT_MEMORY" }, + { 0x80090301, "SEC_E_INVALID_HANDLE" }, + { 0x80090302, "SEC_E_UNSUPPORTED_FUNCTION" }, + { 0x8009030B, "SEC_E_NO_IMPERSONATION" }, + { 0x8009030D, "SEC_E_UNKNOWN_CREDENTIALS" }, + { 0x8009030E, "SEC_E_NO_CREDENTIALS" }, + { 0x8009030F, "SEC_E_MESSAGE_ALTERED" }, + { 0x80090310, "SEC_E_OUT_OF_SEQUENCE" }, + { 0x80090311, "SEC_E_NO_AUTHENTICATING_AUTHORITY" }, + { 0xC0000001, "STATUS_UNSUCCESSFUL" }, + { 0xC0000002, "STATUS_NOT_IMPLEMENTED" }, + { 0xC0000003, "STATUS_INVALID_INFO_CLASS" }, + { 0xC0000004, "STATUS_INFO_LENGTH_MISMATCH" }, + { 0xC0000005, "STATUS_ACCESS_VIOLATION" }, + { 0xC0000006, "STATUS_IN_PAGE_ERROR" }, + { 0xC0000007, "STATUS_PAGEFILE_QUOTA" }, + { 0xC0000008, "STATUS_INVALID_HANDLE" }, + { 0xC0000009, "STATUS_BAD_INITIAL_STACK" }, + { 0xC000000A, "STATUS_BAD_INITIAL_PC" }, + { 0xC000000B, "STATUS_INVALID_CID" }, + { 0xC000000C, "STATUS_TIMER_NOT_CANCELED" }, + { 0xC000000D, "STATUS_INVALID_PARAMETER" }, + { 0xC000000E, "STATUS_NO_SUCH_DEVICE" }, + { 0xC000000F, "STATUS_NO_SUCH_FILE" }, + { 0xC0000010, "STATUS_INVALID_DEVICE_REQUEST" }, + { 0xC0000011, "STATUS_END_OF_FILE" }, + { 0xC0000012, "STATUS_WRONG_VOLUME" }, + { 0xC0000013, "STATUS_NO_MEDIA_IN_DEVICE" }, + { 0xC0000014, "STATUS_UNRECOGNIZED_MEDIA" }, + { 0xC0000015, "STATUS_NONEXISTENT_SECTOR" }, + { 0xC0000016, "STATUS_MORE_PROCESSING_REQUIRED" }, + { 0xC0000017, "STATUS_NO_MEMORY" }, + { 0xC0000018, "STATUS_CONFLICTING_ADDRESSES" }, + { 0xC0000019, "STATUS_NOT_MAPPED_VIEW" }, + { 0xC000001A, "STATUS_UNABLE_TO_FREE_VM" }, + { 0xC000001B, "STATUS_UNABLE_TO_DELETE_SECTION" }, + { 0xC000001C, "STATUS_INVALID_SYSTEM_SERVICE" }, + { 0xC000001D, "STATUS_ILLEGAL_INSTRUCTION" }, + { 0xC000001E, "STATUS_INVALID_LOCK_SEQUENCE" }, + { 0xC000001F, "STATUS_INVALID_VIEW_SIZE" }, + { 0xC0000020, "STATUS_INVALID_FILE_FOR_SECTION" }, + { 0xC0000021, "STATUS_ALREADY_COMMITTED" }, + { 0xC0000022, "STATUS_ACCESS_DENIED" }, + { 0xC0000023, "STATUS_BUFFER_TOO_SMALL" }, + { 0xC0000024, "STATUS_OBJECT_TYPE_MISMATCH" }, + { 0xC0000025, "STATUS_NONCONTINUABLE_EXCEPTION" }, + { 0xC0000026, "STATUS_INVALID_DISPOSITION" }, + { 0xC0000027, "STATUS_UNWIND" }, + { 0xC0000028, "STATUS_BAD_STACK" }, + { 0xC0000029, "STATUS_INVALID_UNWIND_TARGET" }, + { 0xC000002A, "STATUS_NOT_LOCKED" }, + { 0xC000002B, "STATUS_PARITY_ERROR" }, + { 0xC000002C, "STATUS_UNABLE_TO_DECOMMIT_VM" }, + { 0xC000002D, "STATUS_NOT_COMMITTED" }, + { 0xC000002E, "STATUS_INVALID_PORT_ATTRIBUTES" }, + { 0xC000002F, "STATUS_PORT_MESSAGE_TOO_LONG" }, + { 0xC0000030, "STATUS_INVALID_PARAMETER_MIX" }, + { 0xC0000031, "STATUS_INVALID_QUOTA_LOWER" }, + { 0xC0000032, "STATUS_DISK_CORRUPT_ERROR" }, + { 0xC0000033, "STATUS_OBJECT_NAME_INVALID" }, + { 0xC0000034, "STATUS_OBJECT_NAME_NOT_FOUND" }, + { 0xC0000035, "STATUS_OBJECT_NAME_COLLISION" }, + { 0xC0000037, "STATUS_PORT_DISCONNECTED" }, + { 0xC0000038, "STATUS_DEVICE_ALREADY_ATTACHED" }, + { 0xC0000039, "STATUS_OBJECT_PATH_INVALID" }, + { 0xC000003A, "STATUS_OBJECT_PATH_NOT_FOUND" }, + { 0xC000003B, "STATUS_OBJECT_PATH_SYNTAX_BAD" }, + { 0xC000003C, "STATUS_DATA_OVERRUN" }, + { 0xC000003D, "STATUS_DATA_LATE_ERROR" }, + { 0xC000003E, "STATUS_DATA_ERROR" }, + { 0xC000003F, "STATUS_CRC_ERROR" }, + { 0xC0000040, "STATUS_SECTION_TOO_BIG" }, + { 0xC0000041, "STATUS_PORT_CONNECTION_REFUSED" }, + { 0xC0000042, "STATUS_INVALID_PORT_HANDLE" }, + { 0xC0000043, "STATUS_SHARING_VIOLATION" }, + { 0xC0000044, "STATUS_QUOTA_EXCEEDED" }, + { 0xC0000045, "STATUS_INVALID_PAGE_PROTECTION" }, + { 0xC0000046, "STATUS_MUTANT_NOT_OWNED" }, + { 0xC0000047, "STATUS_SEMAPHORE_LIMIT_EXCEEDED" }, + { 0xC0000048, "STATUS_PORT_ALREADY_SET" }, + { 0xC0000049, "STATUS_SECTION_NOT_IMAGE" }, + { 0xC000004A, "STATUS_SUSPEND_COUNT_EXCEEDED" }, + { 0xC000004B, "STATUS_THREAD_IS_TERMINATING" }, + { 0xC000004C, "STATUS_BAD_WORKING_SET_LIMIT" }, + { 0xC000004D, "STATUS_INCOMPATIBLE_FILE_MAP" }, + { 0xC000004E, "STATUS_SECTION_PROTECTION" }, + { 0xC000004F, "STATUS_EAS_NOT_SUPPORTED" }, + { 0xC0000050, "STATUS_EA_TOO_LARGE" }, + { 0xC0000051, "STATUS_NONEXISTENT_EA_ENTRY" }, + { 0xC0000052, "STATUS_NO_EAS_ON_FILE" }, + { 0xC0000053, "STATUS_EA_CORRUPT_ERROR" }, + { 0xC0000054, "STATUS_FILE_LOCK_CONFLICT" }, + { 0xC0000055, "STATUS_LOCK_NOT_GRANTED" }, + { 0xC0000056, "STATUS_DELETE_PENDING" }, + { 0xC0000057, "STATUS_CTL_FILE_NOT_SUPPORTED" }, + { 0xC0000058, "STATUS_UNKNOWN_REVISION" }, + { 0xC0000059, "STATUS_REVISION_MISMATCH" }, + { 0xC000005A, "STATUS_INVALID_OWNER" }, + { 0xC000005B, "STATUS_INVALID_PRIMARY_GROUP" }, + { 0xC000005C, "STATUS_NO_IMPERSONATION_TOKEN" }, + { 0xC000005D, "STATUS_CANT_DISABLE_MANDATORY" }, + { 0xC000005E, "STATUS_NO_LOGON_SERVERS" }, + { 0xC000005F, "STATUS_NO_SUCH_LOGON_SESSION" }, + { 0xC0000060, "STATUS_NO_SUCH_PRIVILEGE" }, + { 0xC0000061, "STATUS_PRIVILEGE_NOT_HELD" }, + { 0xC0000062, "STATUS_INVALID_ACCOUNT_NAME" }, + { 0xC0000063, "STATUS_USER_EXISTS" }, + { 0xC0000064, "STATUS_NO_SUCH_USER" }, + { 0xC0000065, "STATUS_GROUP_EXISTS" }, + { 0xC0000066, "STATUS_NO_SUCH_GROUP" }, + { 0xC0000067, "STATUS_MEMBER_IN_GROUP" }, + { 0xC0000068, "STATUS_MEMBER_NOT_IN_GROUP" }, + { 0xC0000069, "STATUS_LAST_ADMIN" }, + { 0xC000006A, "STATUS_WRONG_PASSWORD" }, + { 0xC000006B, "STATUS_ILL_FORMED_PASSWORD" }, + { 0xC000006C, "STATUS_PASSWORD_RESTRICTION" }, + { 0xC000006D, "STATUS_LOGON_FAILURE" }, + { 0xC000006E, "STATUS_ACCOUNT_RESTRICTION" }, + { 0xC000006F, "STATUS_INVALID_LOGON_HOURS" }, + { 0xC0000070, "STATUS_INVALID_WORKSTATION" }, + { 0xC0000071, "STATUS_PASSWORD_EXPIRED" }, + { 0xC0000072, "STATUS_ACCOUNT_DISABLED" }, + { 0xC0000073, "STATUS_NONE_MAPPED" }, + { 0xC0000074, "STATUS_TOO_MANY_LUIDS_REQUESTED" }, + { 0xC0000075, "STATUS_LUIDS_EXHAUSTED" }, + { 0xC0000076, "STATUS_INVALID_SUB_AUTHORITY" }, + { 0xC0000077, "STATUS_INVALID_ACL" }, + { 0xC0000078, "STATUS_INVALID_SID" }, + { 0xC0000079, "STATUS_INVALID_SECURITY_DESCR" }, + { 0xC000007A, "STATUS_PROCEDURE_NOT_FOUND" }, + { 0xC000007B, "STATUS_INVALID_IMAGE_FORMAT" }, + { 0xC000007C, "STATUS_NO_TOKEN" }, + { 0xC000007D, "STATUS_BAD_INHERITANCE_ACL" }, + { 0xC000007E, "STATUS_RANGE_NOT_LOCKED" }, + { 0xC000007F, "STATUS_DISK_FULL" }, + { 0xC0000080, "STATUS_SERVER_DISABLED" }, + { 0xC0000081, "STATUS_SERVER_NOT_DISABLED" }, + { 0xC0000082, "STATUS_TOO_MANY_GUIDS_REQUESTED" }, + { 0xC0000083, "STATUS_GUIDS_EXHAUSTED" }, + { 0xC0000084, "STATUS_INVALID_ID_AUTHORITY" }, + { 0xC0000085, "STATUS_AGENTS_EXHAUSTED" }, + { 0xC0000086, "STATUS_INVALID_VOLUME_LABEL" }, + { 0xC0000087, "STATUS_SECTION_NOT_EXTENDED" }, + { 0xC0000088, "STATUS_NOT_MAPPED_DATA" }, + { 0xC0000089, "STATUS_RESOURCE_DATA_NOT_FOUND" }, + { 0xC000008A, "STATUS_RESOURCE_TYPE_NOT_FOUND" }, + { 0xC000008B, "STATUS_RESOURCE_NAME_NOT_FOUND" }, + { 0xC000008C, "STATUS_ARRAY_BOUNDS_EXCEEDED" }, + { 0xC000008D, "STATUS_FLOAT_DENORMAL_OPERAND" }, + { 0xC000008E, "STATUS_FLOAT_DIVIDE_BY_ZERO" }, + { 0xC000008F, "STATUS_FLOAT_INEXACT_RESULT" }, + { 0xC0000090, "STATUS_FLOAT_INVALID_OPERATION" }, + { 0xC0000091, "STATUS_FLOAT_OVERFLOW" }, + { 0xC0000092, "STATUS_FLOAT_STACK_CHECK" }, + { 0xC0000093, "STATUS_FLOAT_UNDERFLOW" }, + { 0xC0000094, "STATUS_INTEGER_DIVIDE_BY_ZERO" }, + { 0xC0000095, "STATUS_INTEGER_OVERFLOW" }, + { 0xC0000096, "STATUS_PRIVILEGED_INSTRUCTION" }, + { 0xC0000097, "STATUS_TOO_MANY_PAGING_FILES" }, + { 0xC0000098, "STATUS_FILE_INVALID" }, + { 0xC0000099, "STATUS_ALLOTTED_SPACE_EXCEEDED" }, + { 0xC000009A, "STATUS_INSUFFICIENT_RESOURCES" }, + { 0xC000009B, "STATUS_DFS_EXIT_PATH_FOUND" }, + { 0xC000009C, "STATUS_DEVICE_DATA_ERROR" }, + { 0xC000009D, "STATUS_DEVICE_NOT_CONNECTED" }, + { 0xC000009E, "STATUS_DEVICE_POWER_FAILURE" }, + { 0xC000009F, "STATUS_FREE_VM_NOT_AT_BASE" }, + { 0xC00000A0, "STATUS_MEMORY_NOT_ALLOCATED" }, + { 0xC00000A1, "STATUS_WORKING_SET_QUOTA" }, + { 0xC00000A2, "STATUS_MEDIA_WRITE_PROTECTED" }, + { 0xC00000A3, "STATUS_DEVICE_NOT_READY" }, + { 0xC00000A4, "STATUS_INVALID_GROUP_ATTRIBUTES" }, + { 0xC00000A5, "STATUS_BAD_IMPERSONATION_LEVEL" }, + { 0xC00000A6, "STATUS_CANT_OPEN_ANONYMOUS" }, + { 0xC00000A7, "STATUS_BAD_VALIDATION_CLASS" }, + { 0xC00000A8, "STATUS_BAD_TOKEN_TYPE" }, + { 0xC00000A9, "STATUS_BAD_MASTER_BOOT_RECORD" }, + { 0xC00000AA, "STATUS_INSTRUCTION_MISALIGNMENT" }, + { 0xC00000AB, "STATUS_INSTANCE_NOT_AVAILABLE" }, + { 0xC00000AC, "STATUS_PIPE_NOT_AVAILABLE" }, + { 0xC00000AD, "STATUS_INVALID_PIPE_STATE" }, + { 0xC00000AE, "STATUS_PIPE_BUSY" }, + { 0xC00000AF, "STATUS_ILLEGAL_FUNCTION" }, + { 0xC00000B0, "STATUS_PIPE_DISCONNECTED" }, + { 0xC00000B1, "STATUS_PIPE_CLOSING" }, + { 0xC00000B2, "STATUS_PIPE_CONNECTED" }, + { 0xC00000B3, "STATUS_PIPE_LISTENING" }, + { 0xC00000B4, "STATUS_INVALID_READ_MODE" }, + { 0xC00000B5, "STATUS_IO_TIMEOUT" }, + { 0xC00000B6, "STATUS_FILE_FORCED_CLOSED" }, + { 0xC00000B7, "STATUS_PROFILING_NOT_STARTED" }, + { 0xC00000B8, "STATUS_PROFILING_NOT_STOPPED" }, + { 0xC00000B9, "STATUS_COULD_NOT_INTERPRET" }, + { 0xC00000BA, "STATUS_FILE_IS_A_DIRECTORY" }, + { 0xC00000BB, "STATUS_NOT_SUPPORTED" }, + { 0xC00000BC, "STATUS_REMOTE_NOT_LISTENING" }, + { 0xC00000BD, "STATUS_DUPLICATE_NAME" }, + { 0xC00000BE, "STATUS_BAD_NETWORK_PATH" }, + { 0xC00000BF, "STATUS_NETWORK_BUSY" }, + { 0xC00000C0, "STATUS_DEVICE_DOES_NOT_EXIST" }, + { 0xC00000C1, "STATUS_TOO_MANY_COMMANDS" }, + { 0xC00000C2, "STATUS_ADAPTER_HARDWARE_ERROR" }, + { 0xC00000C3, "STATUS_INVALID_NETWORK_RESPONSE" }, + { 0xC00000C4, "STATUS_UNEXPECTED_NETWORK_ERROR" }, + { 0xC00000C5, "STATUS_BAD_REMOTE_ADAPTER" }, + { 0xC00000C6, "STATUS_PRINT_QUEUE_FULL" }, + { 0xC00000C7, "STATUS_NO_SPOOL_SPACE" }, + { 0xC00000C8, "STATUS_PRINT_CANCELLED" }, + { 0xC00000C9, "STATUS_NETWORK_NAME_DELETED" }, + { 0xC00000CA, "STATUS_NETWORK_ACCESS_DENIED" }, + { 0xC00000CB, "STATUS_BAD_DEVICE_TYPE" }, + { 0xC00000CC, "STATUS_BAD_NETWORK_NAME" }, + { 0xC00000CD, "STATUS_TOO_MANY_NAMES" }, + { 0xC00000CE, "STATUS_TOO_MANY_SESSIONS" }, + { 0xC00000CF, "STATUS_SHARING_PAUSED" }, + { 0xC00000D0, "STATUS_REQUEST_NOT_ACCEPTED" }, + { 0xC00000D1, "STATUS_REDIRECTOR_PAUSED" }, + { 0xC00000D2, "STATUS_NET_WRITE_FAULT" }, + { 0xC00000D3, "STATUS_PROFILING_AT_LIMIT" }, + { 0xC00000D4, "STATUS_NOT_SAME_DEVICE" }, + { 0xC00000D5, "STATUS_FILE_RENAMED" }, + { 0xC00000D6, "STATUS_VIRTUAL_CIRCUIT_CLOSED" }, + { 0xC00000D7, "STATUS_NO_SECURITY_ON_OBJECT" }, + { 0xC00000D8, "STATUS_CANT_WAIT" }, + { 0xC00000D9, "STATUS_PIPE_EMPTY" }, + { 0xC00000DA, "STATUS_CANT_ACCESS_DOMAIN_INFO" }, + { 0xC00000DB, "STATUS_CANT_TERMINATE_SELF" }, + { 0xC00000DC, "STATUS_INVALID_SERVER_STATE" }, + { 0xC00000DD, "STATUS_INVALID_DOMAIN_STATE" }, + { 0xC00000DE, "STATUS_INVALID_DOMAIN_ROLE" }, + { 0xC00000DF, "STATUS_NO_SUCH_DOMAIN" }, + { 0xC00000E0, "STATUS_DOMAIN_EXISTS" }, + { 0xC00000E1, "STATUS_DOMAIN_LIMIT_EXCEEDED" }, + { 0xC00000E2, "STATUS_OPLOCK_NOT_GRANTED" }, + { 0xC00000E3, "STATUS_INVALID_OPLOCK_PROTOCOL" }, + { 0xC00000E4, "STATUS_INTERNAL_DB_CORRUPTION" }, + { 0xC00000E5, "STATUS_INTERNAL_ERROR" }, + { 0xC00000E6, "STATUS_GENERIC_NOT_MAPPED" }, + { 0xC00000E7, "STATUS_BAD_DESCRIPTOR_FORMAT" }, + { 0xC00000E8, "STATUS_INVALID_USER_BUFFER" }, + { 0xC00000E9, "STATUS_UNEXPECTED_IO_ERROR" }, + { 0xC00000EA, "STATUS_UNEXPECTED_MM_CREATE_ERR" }, + { 0xC00000EB, "STATUS_UNEXPECTED_MM_MAP_ERROR" }, + { 0xC00000EC, "STATUS_UNEXPECTED_MM_EXTEND_ERR" }, + { 0xC00000ED, "STATUS_NOT_LOGON_PROCESS" }, + { 0xC00000EE, "STATUS_LOGON_SESSION_EXISTS" }, + { 0xC00000EF, "STATUS_INVALID_PARAMETER_1" }, + { 0xC00000F0, "STATUS_INVALID_PARAMETER_2" }, + { 0xC00000F1, "STATUS_INVALID_PARAMETER_3" }, + { 0xC00000F2, "STATUS_INVALID_PARAMETER_4" }, + { 0xC00000F3, "STATUS_INVALID_PARAMETER_5" }, + { 0xC00000F4, "STATUS_INVALID_PARAMETER_6" }, + { 0xC00000F5, "STATUS_INVALID_PARAMETER_7" }, + { 0xC00000F6, "STATUS_INVALID_PARAMETER_8" }, + { 0xC00000F7, "STATUS_INVALID_PARAMETER_9" }, + { 0xC00000F8, "STATUS_INVALID_PARAMETER_10" }, + { 0xC00000F9, "STATUS_INVALID_PARAMETER_11" }, + { 0xC00000FA, "STATUS_INVALID_PARAMETER_12" }, + { 0xC00000FB, "STATUS_REDIRECTOR_NOT_STARTED" }, + { 0xC00000FC, "STATUS_REDIRECTOR_STARTED" }, + { 0xC00000FD, "STATUS_STACK_OVERFLOW" }, + { 0xC00000FE, "STATUS_NO_SUCH_PACKAGE" }, + { 0xC00000FF, "STATUS_BAD_FUNCTION_TABLE" }, + { 0xC0000100, "STATUS_VARIABLE_NOT_FOUND" }, + { 0xC0000101, "STATUS_DIRECTORY_NOT_EMPTY" }, + { 0xC0000102, "STATUS_FILE_CORRUPT_ERROR" }, + { 0xC0000103, "STATUS_NOT_A_DIRECTORY" }, + { 0xC0000104, "STATUS_BAD_LOGON_SESSION_STATE" }, + { 0xC0000105, "STATUS_LOGON_SESSION_COLLISION" }, + { 0xC0000106, "STATUS_NAME_TOO_LONG" }, + { 0xC0000107, "STATUS_FILES_OPEN" }, + { 0xC0000108, "STATUS_CONNECTION_IN_USE" }, + { 0xC0000109, "STATUS_MESSAGE_NOT_FOUND" }, + { 0xC000010A, "STATUS_PROCESS_IS_TERMINATING" }, + { 0xC000010B, "STATUS_INVALID_LOGON_TYPE" }, + { 0xC000010C, "STATUS_NO_GUID_TRANSLATION" }, + { 0xC000010D, "STATUS_CANNOT_IMPERSONATE" }, + { 0xC000010E, "STATUS_IMAGE_ALREADY_LOADED" }, + { 0xC000010F, "STATUS_ABIOS_NOT_PRESENT" }, + { 0xC0000110, "STATUS_ABIOS_LID_NOT_EXIST" }, + { 0xC0000111, "STATUS_ABIOS_LID_ALREADY_OWNED" }, + { 0xC0000112, "STATUS_ABIOS_NOT_LID_OWNER" }, + { 0xC0000113, "STATUS_ABIOS_INVALID_COMMAND" }, + { 0xC0000114, "STATUS_ABIOS_INVALID_LID" }, + { 0xC0000115, "STATUS_ABIOS_SELECTOR_NOT_AVAILABLE" }, + { 0xC0000116, "STATUS_ABIOS_INVALID_SELECTOR" }, + { 0xC0000117, "STATUS_NO_LDT" }, + { 0xC0000118, "STATUS_INVALID_LDT_SIZE" }, + { 0xC0000119, "STATUS_INVALID_LDT_OFFSET" }, + { 0xC000011A, "STATUS_INVALID_LDT_DESCRIPTOR" }, + { 0xC000011B, "STATUS_INVALID_IMAGE_NE_FORMAT" }, + { 0xC000011C, "STATUS_RXACT_INVALID_STATE" }, + { 0xC000011D, "STATUS_RXACT_COMMIT_FAILURE" }, + { 0xC000011E, "STATUS_MAPPED_FILE_SIZE_ZERO" }, + { 0xC000011F, "STATUS_TOO_MANY_OPENED_FILES" }, + { 0xC0000120, "STATUS_CANCELLED" }, + { 0xC0000121, "STATUS_CANNOT_DELETE" }, + { 0xC0000122, "STATUS_INVALID_COMPUTER_NAME" }, + { 0xC0000123, "STATUS_FILE_DELETED" }, + { 0xC0000124, "STATUS_SPECIAL_ACCOUNT" }, + { 0xC0000125, "STATUS_SPECIAL_GROUP" }, + { 0xC0000126, "STATUS_SPECIAL_USER" }, + { 0xC0000127, "STATUS_MEMBERS_PRIMARY_GROUP" }, + { 0xC0000128, "STATUS_FILE_CLOSED" }, + { 0xC0000129, "STATUS_TOO_MANY_THREADS" }, + { 0xC000012A, "STATUS_THREAD_NOT_IN_PROCESS" }, + { 0xC000012B, "STATUS_TOKEN_ALREADY_IN_USE" }, + { 0xC000012C, "STATUS_PAGEFILE_QUOTA_EXCEEDED" }, + { 0xC000012D, "STATUS_COMMITMENT_LIMIT" }, + { 0xC000012E, "STATUS_INVALID_IMAGE_LE_FORMAT" }, + { 0xC000012F, "STATUS_INVALID_IMAGE_NOT_MZ" }, + { 0xC0000130, "STATUS_INVALID_IMAGE_PROTECT" }, + { 0xC0000131, "STATUS_INVALID_IMAGE_WIN_16" }, + { 0xC0000132, "STATUS_LOGON_SERVER_CONFLICT" }, + { 0xC0000133, "STATUS_TIME_DIFFERENCE_AT_DC" }, + { 0xC0000134, "STATUS_SYNCHRONIZATION_REQUIRED" }, + { 0xC0000135, "STATUS_DLL_NOT_FOUND" }, + { 0xC0000136, "STATUS_OPEN_FAILED" }, + { 0xC0000137, "STATUS_IO_PRIVILEGE_FAILED" }, + { 0xC0000138, "STATUS_ORDINAL_NOT_FOUND" }, + { 0xC0000139, "STATUS_ENTRYPOINT_NOT_FOUND" }, + { 0xC000013A, "STATUS_CONTROL_C_EXIT" }, + { 0xC000013B, "STATUS_LOCAL_DISCONNECT" }, + { 0xC000013C, "STATUS_REMOTE_DISCONNECT" }, + { 0xC000013D, "STATUS_REMOTE_RESOURCES" }, + { 0xC000013E, "STATUS_LINK_FAILED" }, + { 0xC000013F, "STATUS_LINK_TIMEOUT" }, + { 0xC0000140, "STATUS_INVALID_CONNECTION" }, + { 0xC0000141, "STATUS_INVALID_ADDRESS" }, + { 0xC0000142, "STATUS_DLL_INIT_FAILED" }, + { 0xC0000143, "STATUS_MISSING_SYSTEMFILE" }, + { 0xC0000144, "STATUS_UNHANDLED_EXCEPTION" }, + { 0xC0000145, "STATUS_APP_INIT_FAILURE" }, + { 0xC0000146, "STATUS_PAGEFILE_CREATE_FAILED" }, + { 0xC0000147, "STATUS_NO_PAGEFILE" }, + { 0xC0000148, "STATUS_INVALID_LEVEL" }, + { 0xC0000149, "STATUS_WRONG_PASSWORD_CORE" }, + { 0xC000014A, "STATUS_ILLEGAL_FLOAT_CONTEXT" }, + { 0xC000014B, "STATUS_PIPE_BROKEN" }, + { 0xC000014C, "STATUS_REGISTRY_CORRUPT" }, + { 0xC000014D, "STATUS_REGISTRY_IO_FAILED" }, + { 0xC000014E, "STATUS_NO_EVENT_PAIR" }, + { 0xC000014F, "STATUS_UNRECOGNIZED_VOLUME" }, + { 0xC0000150, "STATUS_SERIAL_NO_DEVICE_INITED" }, + { 0xC0000151, "STATUS_NO_SUCH_ALIAS" }, + { 0xC0000152, "STATUS_MEMBER_NOT_IN_ALIAS" }, + { 0xC0000153, "STATUS_MEMBER_IN_ALIAS" }, + { 0xC0000154, "STATUS_ALIAS_EXISTS" }, + { 0xC0000155, "STATUS_LOGON_NOT_GRANTED" }, + { 0xC0000156, "STATUS_TOO_MANY_SECRETS" }, + { 0xC0000157, "STATUS_SECRET_TOO_LONG" }, + { 0xC0000158, "STATUS_INTERNAL_DB_ERROR" }, + { 0xC0000159, "STATUS_FULLSCREEN_MODE" }, + { 0xC000015A, "STATUS_TOO_MANY_CONTEXT_IDS" }, + { 0xC000015B, "STATUS_LOGON_TYPE_NOT_GRANTED" }, + { 0xC000015C, "STATUS_NOT_REGISTRY_FILE" }, + { 0xC000015D, "STATUS_NT_CROSS_ENCRYPTION_REQUIRED" }, + { 0xC000015E, "STATUS_DOMAIN_CTRLR_CONFIG_ERROR" }, + { 0xC000015F, "STATUS_FT_MISSING_MEMBER" }, + { 0xC0000160, "STATUS_ILL_FORMED_SERVICE_ENTRY" }, + { 0xC0000161, "STATUS_ILLEGAL_CHARACTER" }, + { 0xC0000162, "STATUS_UNMAPPABLE_CHARACTER" }, + { 0xC0000163, "STATUS_UNDEFINED_CHARACTER" }, + { 0xC0000164, "STATUS_FLOPPY_VOLUME" }, + { 0xC0000165, "STATUS_FLOPPY_ID_MARK_NOT_FOUND" }, + { 0xC0000166, "STATUS_FLOPPY_WRONG_CYLINDER" }, + { 0xC0000167, "STATUS_FLOPPY_UNKNOWN_ERROR" }, + { 0xC0000168, "STATUS_FLOPPY_BAD_REGISTERS" }, + { 0xC0000169, "STATUS_DISK_RECALIBRATE_FAILED" }, + { 0xC000016A, "STATUS_DISK_OPERATION_FAILED" }, + { 0xC000016B, "STATUS_DISK_RESET_FAILED" }, + { 0xC000016C, "STATUS_SHARED_IRQ_BUSY" }, + { 0xC000016D, "STATUS_FT_ORPHANING" }, + { 0xC000016E, "STATUS_BIOS_FAILED_TO_CONNECT_INTERRUPT" }, + { 0xC0000172, "STATUS_PARTITION_FAILURE" }, + { 0xC0000173, "STATUS_INVALID_BLOCK_LENGTH" }, + { 0xC0000174, "STATUS_DEVICE_NOT_PARTITIONED" }, + { 0xC0000175, "STATUS_UNABLE_TO_LOCK_MEDIA" }, + { 0xC0000176, "STATUS_UNABLE_TO_UNLOAD_MEDIA" }, + { 0xC0000177, "STATUS_EOM_OVERFLOW" }, + { 0xC0000178, "STATUS_NO_MEDIA" }, + { 0xC000017A, "STATUS_NO_SUCH_MEMBER" }, + { 0xC000017B, "STATUS_INVALID_MEMBER" }, + { 0xC000017C, "STATUS_KEY_DELETED" }, + { 0xC000017D, "STATUS_NO_LOG_SPACE" }, + { 0xC000017E, "STATUS_TOO_MANY_SIDS" }, + { 0xC000017F, "STATUS_LM_CROSS_ENCRYPTION_REQUIRED" }, + { 0xC0000180, "STATUS_KEY_HAS_CHILDREN" }, + { 0xC0000181, "STATUS_CHILD_MUST_BE_VOLATILE" }, + { 0xC0000182, "STATUS_DEVICE_CONFIGURATION_ERROR" }, + { 0xC0000183, "STATUS_DRIVER_INTERNAL_ERROR" }, + { 0xC0000184, "STATUS_INVALID_DEVICE_STATE" }, + { 0xC0000185, "STATUS_IO_DEVICE_ERROR" }, + { 0xC0000186, "STATUS_DEVICE_PROTOCOL_ERROR" }, + { 0xC0000187, "STATUS_BACKUP_CONTROLLER" }, + { 0xC0000188, "STATUS_LOG_FILE_FULL" }, + { 0xC0000189, "STATUS_TOO_LATE" }, + { 0xC000018A, "STATUS_NO_TRUST_LSA_SECRET" }, + { 0xC000018B, "STATUS_NO_TRUST_SAM_ACCOUNT" }, + { 0xC000018C, "STATUS_TRUSTED_DOMAIN_FAILURE" }, + { 0xC000018D, "STATUS_TRUSTED_RELATIONSHIP_FAILURE" }, + { 0xC000018E, "STATUS_EVENTLOG_FILE_CORRUPT" }, + { 0xC000018F, "STATUS_EVENTLOG_CANT_START" }, + { 0xC0000190, "STATUS_TRUST_FAILURE" }, + { 0xC0000191, "STATUS_MUTANT_LIMIT_EXCEEDED" }, + { 0xC0000192, "STATUS_NETLOGON_NOT_STARTED" }, + { 0xC0000193, "STATUS_ACCOUNT_EXPIRED" }, + { 0xC0000194, "STATUS_POSSIBLE_DEADLOCK" }, + { 0xC0000195, "STATUS_NETWORK_CREDENTIAL_CONFLICT" }, + { 0xC0000196, "STATUS_REMOTE_SESSION_LIMIT" }, + { 0xC0000197, "STATUS_EVENTLOG_FILE_CHANGED" }, + { 0xC0000198, "STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT" }, + { 0xC0000199, "STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT" }, + { 0xC000019A, "STATUS_NOLOGON_SERVER_TRUST_ACCOUNT" }, + { 0xC000019B, "STATUS_DOMAIN_TRUST_INCONSISTENT" }, + { 0xC000019C, "STATUS_FS_DRIVER_REQUIRED" }, + { 0xC0000202, "STATUS_NO_USER_SESSION_KEY" }, + { 0xC0000203, "STATUS_USER_SESSION_DELETED" }, + { 0xC0000204, "STATUS_RESOURCE_LANG_NOT_FOUND" }, + { 0xC0000205, "STATUS_INSUFF_SERVER_RESOURCES" }, + { 0xC0000206, "STATUS_INVALID_BUFFER_SIZE" }, + { 0xC0000207, "STATUS_INVALID_ADDRESS_COMPONENT" }, + { 0xC0000208, "STATUS_INVALID_ADDRESS_WILDCARD" }, + { 0xC0000209, "STATUS_TOO_MANY_ADDRESSES" }, + { 0xC000020A, "STATUS_ADDRESS_ALREADY_EXISTS" }, + { 0xC000020B, "STATUS_ADDRESS_CLOSED" }, + { 0xC000020C, "STATUS_CONNECTION_DISCONNECTED" }, + { 0xC000020D, "STATUS_CONNECTION_RESET" }, + { 0xC000020E, "STATUS_TOO_MANY_NODES" }, + { 0xC000020F, "STATUS_TRANSACTION_ABORTED" }, + { 0xC0000210, "STATUS_TRANSACTION_TIMED_OUT" }, + { 0xC0000211, "STATUS_TRANSACTION_NO_RELEASE" }, + { 0xC0000212, "STATUS_TRANSACTION_NO_MATCH" }, + { 0xC0000213, "STATUS_TRANSACTION_RESPONDED" }, + { 0xC0000214, "STATUS_TRANSACTION_INVALID_ID" }, + { 0xC0000215, "STATUS_TRANSACTION_INVALID_TYPE" }, + { 0xC0000216, "STATUS_NOT_SERVER_SESSION" }, + { 0xC0000217, "STATUS_NOT_CLIENT_SESSION" }, + { 0xC0000218, "STATUS_CANNOT_LOAD_REGISTRY_FILE" }, + { 0xC0000219, "STATUS_DEBUG_ATTACH_FAILED" }, + { 0xC000021A, "STATUS_SYSTEM_PROCESS_TERMINATED" }, + { 0xC000021B, "STATUS_DATA_NOT_ACCEPTED" }, + { 0xC000021C, "STATUS_NO_BROWSER_SERVERS_FOUND" }, + { 0xC000021D, "STATUS_VDM_HARD_ERROR" }, + { 0xC000021E, "STATUS_DRIVER_CANCEL_TIMEOUT" }, + { 0xC000021F, "STATUS_REPLY_MESSAGE_MISMATCH" }, + { 0xC0000220, "STATUS_MAPPED_ALIGNMENT" }, + { 0xC0000221, "STATUS_IMAGE_CHECKSUM_MISMATCH" }, + { 0xC0000222, "STATUS_LOST_WRITEBEHIND_DATA" }, + { 0xC0000223, "STATUS_CLIENT_SERVER_PARAMETERS_INVALID" }, + { 0xC0000224, "STATUS_PASSWORD_MUST_CHANGE" }, + { 0xC0000225, "STATUS_NOT_FOUND" }, + { 0xC0000226, "STATUS_NOT_TINY_STREAM" }, + { 0xC0000227, "STATUS_RECOVERY_FAILURE" }, + { 0xC0000228, "STATUS_STACK_OVERFLOW_READ" }, + { 0xC0000229, "STATUS_FAIL_CHECK" }, + { 0xC000022A, "STATUS_DUPLICATE_OBJECTID" }, + { 0xC000022B, "STATUS_OBJECTID_EXISTS" }, + { 0xC000022C, "STATUS_CONVERT_TO_LARGE" }, + { 0xC000022D, "STATUS_RETRY" }, + { 0xC000022E, "STATUS_FOUND_OUT_OF_SCOPE" }, + { 0xC000022F, "STATUS_ALLOCATE_BUCKET" }, + { 0xC0000230, "STATUS_PROPSET_NOT_FOUND" }, + { 0xC0000231, "STATUS_MARSHALL_OVERFLOW" }, + { 0xC0000232, "STATUS_INVALID_VARIANT" }, + { 0xC0000233, "STATUS_DOMAIN_CONTROLLER_NOT_FOUND" }, + { 0xC0000234, "STATUS_ACCOUNT_LOCKED_OUT" }, + { 0xC0000235, "STATUS_HANDLE_NOT_CLOSABLE" }, + { 0xC0000236, "STATUS_CONNECTION_REFUSED" }, + { 0xC0000237, "STATUS_GRACEFUL_DISCONNECT" }, + { 0xC0000238, "STATUS_ADDRESS_ALREADY_ASSOCIATED" }, + { 0xC0000239, "STATUS_ADDRESS_NOT_ASSOCIATED" }, + { 0xC000023A, "STATUS_CONNECTION_INVALID" }, + { 0xC000023B, "STATUS_CONNECTION_ACTIVE" }, + { 0xC000023C, "STATUS_NETWORK_UNREACHABLE" }, + { 0xC000023D, "STATUS_HOST_UNREACHABLE" }, + { 0xC000023E, "STATUS_PROTOCOL_UNREACHABLE" }, + { 0xC000023F, "STATUS_PORT_UNREACHABLE" }, + { 0xC0000240, "STATUS_REQUEST_ABORTED" }, + { 0xC0000241, "STATUS_CONNECTION_ABORTED" }, + { 0xC0000242, "STATUS_BAD_COMPRESSION_BUFFER" }, + { 0xC0000243, "STATUS_USER_MAPPED_FILE" }, + { 0xC0000244, "STATUS_AUDIT_FAILED" }, + { 0xC0000245, "STATUS_TIMER_RESOLUTION_NOT_SET" }, + { 0xC0000246, "STATUS_CONNECTION_COUNT_LIMIT" }, + { 0xC0000247, "STATUS_LOGIN_TIME_RESTRICTION" }, + { 0xC0000248, "STATUS_LOGIN_WKSTA_RESTRICTION" }, + { 0xC0000249, "STATUS_IMAGE_MP_UP_MISMATCH" }, + { 0xC0000250, "STATUS_INSUFFICIENT_LOGON_INFO" }, + { 0xC0000251, "STATUS_BAD_DLL_ENTRYPOINT" }, + { 0xC0000252, "STATUS_BAD_SERVICE_ENTRYPOINT" }, + { 0xC0000253, "STATUS_LPC_REPLY_LOST" }, + { 0xC0000254, "STATUS_IP_ADDRESS_CONFLICT1" }, + { 0xC0000255, "STATUS_IP_ADDRESS_CONFLICT2" }, + { 0xC0000256, "STATUS_REGISTRY_QUOTA_LIMIT" }, + { 0xC0000257, "STATUS_PATH_NOT_COVERED" }, + { 0xC0000258, "STATUS_NO_CALLBACK_ACTIVE" }, + { 0xC0000259, "STATUS_LICENSE_QUOTA_EXCEEDED" }, + { 0xC000025A, "STATUS_PWD_TOO_SHORT" }, + { 0xC000025B, "STATUS_PWD_TOO_RECENT" }, + { 0xC000025C, "STATUS_PWD_HISTORY_CONFLICT" }, + { 0xC000025E, "STATUS_PLUGPLAY_NO_DEVICE" }, + { 0xC000025F, "STATUS_UNSUPPORTED_COMPRESSION" }, + { 0xC0000260, "STATUS_INVALID_HW_PROFILE" }, + { 0xC0000261, "STATUS_INVALID_PLUGPLAY_DEVICE_PATH" }, + { 0xC0000262, "STATUS_DRIVER_ORDINAL_NOT_FOUND" }, + { 0xC0000263, "STATUS_DRIVER_ENTRYPOINT_NOT_FOUND" }, + { 0xC0000264, "STATUS_RESOURCE_NOT_OWNED" }, + { 0xC0000265, "STATUS_TOO_MANY_LINKS" }, + { 0xC0000266, "STATUS_QUOTA_LIST_INCONSISTENT" }, + { 0xC0000267, "STATUS_FILE_IS_OFFLINE" }, + { 0xC0000268, "STATUS_EVALUATION_EXPIRATION" }, + { 0xC0000269, "STATUS_ILLEGAL_DLL_RELOCATION" }, + { 0xC000026A, "STATUS_LICENSE_VIOLATION" }, + { 0xC000026B, "STATUS_DLL_INIT_FAILED_LOGOFF" }, + { 0xC000026C, "STATUS_DRIVER_UNABLE_TO_LOAD" }, + { 0xC000026D, "STATUS_DFS_UNAVAILABLE" }, + { 0xC000026E, "STATUS_VOLUME_DISMOUNTED" }, + { 0xC000026F, "STATUS_WX86_INTERNAL_ERROR" }, + { 0xC0000270, "STATUS_WX86_FLOAT_STACK_CHECK" }, + { 0xC0000271, "STATUS_VALIDATE_CONTINUE" }, + { 0xC0000272, "STATUS_NO_MATCH" }, + { 0xC0000273, "STATUS_NO_MORE_MATCHES" }, + { 0xC0000275, "STATUS_NOT_A_REPARSE_POINT" }, + { 0xC0000276, "STATUS_IO_REPARSE_TAG_INVALID" }, + { 0xC0000277, "STATUS_IO_REPARSE_TAG_MISMATCH" }, + { 0xC0000278, "STATUS_IO_REPARSE_DATA_INVALID" }, + { 0xC0000279, "STATUS_IO_REPARSE_TAG_NOT_HANDLED" }, + { 0xC0000280, "STATUS_REPARSE_POINT_NOT_RESOLVED" }, + { 0xC0000281, "STATUS_DIRECTORY_IS_A_REPARSE_POINT" }, + { 0xC0000282, "STATUS_RANGE_LIST_CONFLICT" }, + { 0xC0000283, "STATUS_SOURCE_ELEMENT_EMPTY" }, + { 0xC0000284, "STATUS_DESTINATION_ELEMENT_FULL" }, + { 0xC0000285, "STATUS_ILLEGAL_ELEMENT_ADDRESS" }, + { 0xC0000286, "STATUS_MAGAZINE_NOT_PRESENT" }, + { 0xC0000287, "STATUS_REINITIALIZATION_NEEDED" }, + { 0x80000288, "STATUS_DEVICE_REQUIRES_CLEANING" }, + { 0x80000289, "STATUS_DEVICE_DOOR_OPEN" }, + { 0xC000028A, "STATUS_ENCRYPTION_FAILED" }, + { 0xC000028B, "STATUS_DECRYPTION_FAILED" }, + { 0xC000028C, "STATUS_RANGE_NOT_FOUND" }, + { 0xC000028D, "STATUS_NO_RECOVERY_POLICY" }, + { 0xC000028E, "STATUS_NO_EFS" }, + { 0xC000028F, "STATUS_WRONG_EFS" }, + { 0xC0000290, "STATUS_NO_USER_KEYS" }, + { 0xC0000291, "STATUS_FILE_NOT_ENCRYPTED" }, + { 0xC0000292, "STATUS_NOT_EXPORT_FORMAT" }, + { 0xC0000293, "STATUS_FILE_ENCRYPTED" }, + { 0x40000294, "STATUS_WAKE_SYSTEM" }, + { 0xC0000295, "STATUS_WMI_GUID_NOT_FOUND" }, + { 0xC0000296, "STATUS_WMI_INSTANCE_NOT_FOUND" }, + { 0xC0000297, "STATUS_WMI_ITEMID_NOT_FOUND" }, + { 0xC0000298, "STATUS_WMI_TRY_AGAIN" }, + { 0xC0000299, "STATUS_SHARED_POLICY" }, + { 0xC000029A, "STATUS_POLICY_OBJECT_NOT_FOUND" }, + { 0xC000029B, "STATUS_POLICY_ONLY_IN_DS" }, + { 0xC000029C, "STATUS_VOLUME_NOT_UPGRADED" }, + { 0xC000029D, "STATUS_REMOTE_STORAGE_NOT_ACTIVE" }, + { 0xC000029E, "STATUS_REMOTE_STORAGE_MEDIA_ERROR" }, + { 0xC000029F, "STATUS_NO_TRACKING_SERVICE" }, + { 0xC00002A0, "STATUS_SERVER_SID_MISMATCH" }, + { 0xC00002A1, "STATUS_DS_NO_ATTRIBUTE_OR_VALUE" }, + { 0xC00002A2, "STATUS_DS_INVALID_ATTRIBUTE_SYNTAX" }, + { 0xC00002A3, "STATUS_DS_ATTRIBUTE_TYPE_UNDEFINED" }, + { 0xC00002A4, "STATUS_DS_ATTRIBUTE_OR_VALUE_EXISTS" }, + { 0xC00002A5, "STATUS_DS_BUSY" }, + { 0xC00002A6, "STATUS_DS_UNAVAILABLE" }, + { 0xC00002A7, "STATUS_DS_NO_RIDS_ALLOCATED" }, + { 0xC00002A8, "STATUS_DS_NO_MORE_RIDS" }, + { 0xC00002A9, "STATUS_DS_INCORRECT_ROLE_OWNER" }, + { 0xC00002AA, "STATUS_DS_RIDMGR_INIT_ERROR" }, + { 0xC00002AB, "STATUS_DS_OBJ_CLASS_VIOLATION" }, + { 0xC00002AC, "STATUS_DS_CANT_ON_NON_LEAF" }, + { 0xC00002AD, "STATUS_DS_CANT_ON_RDN" }, + { 0xC00002AE, "STATUS_DS_CANT_MOD_OBJ_CLASS" }, + { 0xC00002AF, "STATUS_DS_CROSS_DOM_MOVE_FAILED" }, + { 0xC00002B0, "STATUS_DS_GC_NOT_AVAILABLE" }, + { 0xC00002B1, "STATUS_DIRECTORY_SERVICE_REQUIRED" }, + { 0xC00002B2, "STATUS_REPARSE_ATTRIBUTE_CONFLICT" }, + { 0xC00002B3, "STATUS_CANT_ENABLE_DENY_ONLY" }, + { 0xC00002B4, "STATUS_FLOAT_MULTIPLE_FAULTS" }, + { 0xC00002B5, "STATUS_FLOAT_MULTIPLE_TRAPS" }, + { 0xC00002B6, "STATUS_DEVICE_REMOVED" }, + { 0xC00002B7, "STATUS_JOURNAL_DELETE_IN_PROGRESS" }, + { 0xC00002B8, "STATUS_JOURNAL_NOT_ACTIVE" }, + { 0xC00002B9, "STATUS_NOINTERFACE" }, + { 0xC00002C1, "STATUS_DS_ADMIN_LIMIT_EXCEEDED" }, + { 0xC00002C2, "STATUS_DRIVER_FAILED_SLEEP" }, + { 0xC00002C3, "STATUS_MUTUAL_AUTHENTICATION_FAILED" }, + { 0xC00002C4, "STATUS_CORRUPT_SYSTEM_FILE" }, + { 0xC00002C5, "STATUS_DATATYPE_MISALIGNMENT_ERROR" }, + { 0xC00002C6, "STATUS_WMI_READ_ONLY" }, + { 0xC00002C7, "STATUS_WMI_SET_FAILURE" }, + { 0xC00002C8, "STATUS_COMMITMENT_MINIMUM" }, + { 0xC00002C9, "STATUS_REG_NAT_CONSUMPTION" }, + { 0xC00002CA, "STATUS_TRANSPORT_FULL" }, + { 0xC00002CB, "STATUS_DS_SAM_INIT_FAILURE" }, + { 0xC00002CC, "STATUS_ONLY_IF_CONNECTED" }, + { 0xC00002CD, "STATUS_DS_SENSITIVE_GROUP_VIOLATION" }, + { 0xC00002CE, "STATUS_PNP_RESTART_ENUMERATION" }, + { 0xC00002CF, "STATUS_JOURNAL_ENTRY_DELETED" }, + { 0xC00002D0, "STATUS_DS_CANT_MOD_PRIMARYGROUPID" }, + { 0xC00002D1, "STATUS_SYSTEM_IMAGE_BAD_SIGNATURE" }, + { 0xC00002D2, "STATUS_PNP_REBOOT_REQUIRED" }, + { 0xC00002D3, "STATUS_POWER_STATE_INVALID" }, + { 0xC00002D4, "STATUS_DS_INVALID_GROUP_TYPE" }, + { 0xC00002D5, "STATUS_DS_NO_NEST_GLOBALGROUP_IN_MIXEDDOMAIN" }, + { 0xC00002D6, "STATUS_DS_NO_NEST_LOCALGROUP_IN_MIXEDDOMAIN" }, + { 0xC00002D7, "STATUS_DS_GLOBAL_CANT_HAVE_LOCAL_MEMBER" }, + { 0xC00002D8, "STATUS_DS_GLOBAL_CANT_HAVE_UNIVERSAL_MEMBER" }, + { 0xC00002D9, "STATUS_DS_UNIVERSAL_CANT_HAVE_LOCAL_MEMBER" }, + { 0xC00002DA, "STATUS_DS_GLOBAL_CANT_HAVE_CROSSDOMAIN_MEMBER" }, + { 0xC00002DB, "STATUS_DS_LOCAL_CANT_HAVE_CROSSDOMAIN_LOCAL_MEMBER" }, + { 0xC00002DC, "STATUS_DS_HAVE_PRIMARY_MEMBERS" }, + { 0xC00002DD, "STATUS_WMI_NOT_SUPPORTED" }, + { 0xC00002DE, "STATUS_INSUFFICIENT_POWER" }, + { 0xC00002DF, "STATUS_SAM_NEED_BOOTKEY_PASSWORD" }, + { 0xC00002E0, "STATUS_SAM_NEED_BOOTKEY_FLOPPY" }, + { 0xC00002E1, "STATUS_DS_CANT_START" }, + { 0xC00002E2, "STATUS_DS_INIT_FAILURE" }, + { 0xC00002E3, "STATUS_SAM_INIT_FAILURE" }, + { 0xC00002E4, "STATUS_DS_GC_REQUIRED" }, + { 0xC00002E5, "STATUS_DS_LOCAL_MEMBER_OF_LOCAL_ONLY" }, + { 0xC00002E6, "STATUS_DS_NO_FPO_IN_UNIVERSAL_GROUPS" }, + { 0xC00002E7, "STATUS_DS_MACHINE_ACCOUNT_QUOTA_EXCEEDED" }, + { 0xC00002E8, "STATUS_MULTIPLE_FAULT_VIOLATION" }, + { 0xC0000300, "STATUS_NOT_SUPPORTED_ON_SBS" }, + { 0xC0009898, "STATUS_WOW_ASSERTION" }, + { 0xC0020001, "RPC_NT_INVALID_STRING_BINDING" }, + { 0xC0020002, "RPC_NT_WRONG_KIND_OF_BINDING" }, + { 0xC0020003, "RPC_NT_INVALID_BINDING" }, + { 0xC0020004, "RPC_NT_PROTSEQ_NOT_SUPPORTED" }, + { 0xC0020005, "RPC_NT_INVALID_RPC_PROTSEQ" }, + { 0xC0020006, "RPC_NT_INVALID_STRING_UUID" }, + { 0xC0020007, "RPC_NT_INVALID_ENDPOINT_FORMAT" }, + { 0xC0020008, "RPC_NT_INVALID_NET_ADDR" }, + { 0xC0020009, "RPC_NT_NO_ENDPOINT_FOUND" }, + { 0xC002000A, "RPC_NT_INVALID_TIMEOUT" }, + { 0xC002000B, "RPC_NT_OBJECT_NOT_FOUND" }, + { 0xC002000C, "RPC_NT_ALREADY_REGISTERED" }, + { 0xC002000D, "RPC_NT_TYPE_ALREADY_REGISTERED" }, + { 0xC002000E, "RPC_NT_ALREADY_LISTENING" }, + { 0xC002000F, "RPC_NT_NO_PROTSEQS_REGISTERED" }, + { 0xC0020010, "RPC_NT_NOT_LISTENING" }, + { 0xC0020011, "RPC_NT_UNKNOWN_MGR_TYPE" }, + { 0xC0020012, "RPC_NT_UNKNOWN_IF" }, + { 0xC0020013, "RPC_NT_NO_BINDINGS" }, + { 0xC0020014, "RPC_NT_NO_PROTSEQS" }, + { 0xC0020015, "RPC_NT_CANT_CREATE_ENDPOINT" }, + { 0xC0020016, "RPC_NT_OUT_OF_RESOURCES" }, + { 0xC0020017, "RPC_NT_SERVER_UNAVAILABLE" }, + { 0xC0020018, "RPC_NT_SERVER_TOO_BUSY" }, + { 0xC0020019, "RPC_NT_INVALID_NETWORK_OPTIONS" }, + { 0xC002001A, "RPC_NT_NO_CALL_ACTIVE" }, + { 0xC002001B, "RPC_NT_CALL_FAILED" }, + { 0xC002001C, "RPC_NT_CALL_FAILED_DNE" }, + { 0xC002001D, "RPC_NT_PROTOCOL_ERROR" }, + { 0xC002001F, "RPC_NT_UNSUPPORTED_TRANS_SYN" }, + { 0xC0020021, "RPC_NT_UNSUPPORTED_TYPE" }, + { 0xC0020022, "RPC_NT_INVALID_TAG" }, + { 0xC0020023, "RPC_NT_INVALID_BOUND" }, + { 0xC0020024, "RPC_NT_NO_ENTRY_NAME" }, + { 0xC0020025, "RPC_NT_INVALID_NAME_SYNTAX" }, + { 0xC0020026, "RPC_NT_UNSUPPORTED_NAME_SYNTAX" }, + { 0xC0020028, "RPC_NT_UUID_NO_ADDRESS" }, + { 0xC0020029, "RPC_NT_DUPLICATE_ENDPOINT" }, + { 0xC002002A, "RPC_NT_UNKNOWN_AUTHN_TYPE" }, + { 0xC002002B, "RPC_NT_MAX_CALLS_TOO_SMALL" }, + { 0xC002002C, "RPC_NT_STRING_TOO_LONG" }, + { 0xC002002D, "RPC_NT_PROTSEQ_NOT_FOUND" }, + { 0xC002002E, "RPC_NT_PROCNUM_OUT_OF_RANGE" }, + { 0xC002002F, "RPC_NT_BINDING_HAS_NO_AUTH" }, + { 0xC0020030, "RPC_NT_UNKNOWN_AUTHN_SERVICE" }, + { 0xC0020031, "RPC_NT_UNKNOWN_AUTHN_LEVEL" }, + { 0xC0020032, "RPC_NT_INVALID_AUTH_IDENTITY" }, + { 0xC0020033, "RPC_NT_UNKNOWN_AUTHZ_SERVICE" }, + { 0xC0020034, "EPT_NT_INVALID_ENTRY" }, + { 0xC0020035, "EPT_NT_CANT_PERFORM_OP" }, + { 0xC0020036, "EPT_NT_NOT_REGISTERED" }, + { 0xC0020037, "RPC_NT_NOTHING_TO_EXPORT" }, + { 0xC0020038, "RPC_NT_INCOMPLETE_NAME" }, + { 0xC0020039, "RPC_NT_INVALID_VERS_OPTION" }, + { 0xC002003A, "RPC_NT_NO_MORE_MEMBERS" }, + { 0xC002003B, "RPC_NT_NOT_ALL_OBJS_UNEXPORTED" }, + { 0xC002003C, "RPC_NT_INTERFACE_NOT_FOUND" }, + { 0xC002003D, "RPC_NT_ENTRY_ALREADY_EXISTS" }, + { 0xC002003E, "RPC_NT_ENTRY_NOT_FOUND" }, + { 0xC002003F, "RPC_NT_NAME_SERVICE_UNAVAILABLE" }, + { 0xC0020040, "RPC_NT_INVALID_NAF_ID" }, + { 0xC0020041, "RPC_NT_CANNOT_SUPPORT" }, + { 0xC0020042, "RPC_NT_NO_CONTEXT_AVAILABLE" }, + { 0xC0020043, "RPC_NT_INTERNAL_ERROR" }, + { 0xC0020044, "RPC_NT_ZERO_DIVIDE" }, + { 0xC0020045, "RPC_NT_ADDRESS_ERROR" }, + { 0xC0020046, "RPC_NT_FP_DIV_ZERO" }, + { 0xC0020047, "RPC_NT_FP_UNDERFLOW" }, + { 0xC0020048, "RPC_NT_FP_OVERFLOW" }, + { 0xC0021007, "RPC_P_RECEIVE_ALERTED" }, + { 0xC0021008, "RPC_P_CONNECTION_CLOSED" }, + { 0xC0021009, "RPC_P_RECEIVE_FAILED" }, + { 0xC002100A, "RPC_P_SEND_FAILED" }, + { 0xC002100B, "RPC_P_TIMEOUT" }, + { 0xC002100C, "RPC_P_SERVER_TRANSPORT_ERROR" }, + { 0xC002100E, "RPC_P_EXCEPTION_OCCURED" }, + { 0xC0021012, "RPC_P_CONNECTION_SHUTDOWN" }, + { 0xC0021015, "RPC_P_THREAD_LISTENING" }, + { 0xC0030001, "RPC_NT_NO_MORE_ENTRIES" }, + { 0xC0030002, "RPC_NT_SS_CHAR_TRANS_OPEN_FAIL" }, + { 0xC0030003, "RPC_NT_SS_CHAR_TRANS_SHORT_FILE" }, + { 0xC0030004, "RPC_NT_SS_IN_NULL_CONTEXT" }, + { 0xC0030005, "RPC_NT_SS_CONTEXT_MISMATCH" }, + { 0xC0030006, "RPC_NT_SS_CONTEXT_DAMAGED" }, + { 0xC0030007, "RPC_NT_SS_HANDLES_MISMATCH" }, + { 0xC0030008, "RPC_NT_SS_CANNOT_GET_CALL_HANDLE" }, + { 0xC0030009, "RPC_NT_NULL_REF_POINTER" }, + { 0xC003000A, "RPC_NT_ENUM_VALUE_OUT_OF_RANGE" }, + { 0xC003000B, "RPC_NT_BYTE_COUNT_TOO_SMALL" }, + { 0xC003000C, "RPC_NT_BAD_STUB_DATA" }, + { 0xC0020049, "RPC_NT_CALL_IN_PROGRESS" }, + { 0xC002004A, "RPC_NT_NO_MORE_BINDINGS" }, + { 0xC002004B, "RPC_NT_GROUP_MEMBER_NOT_FOUND" }, + { 0xC002004C, "EPT_NT_CANT_CREATE" }, + { 0xC002004D, "RPC_NT_INVALID_OBJECT" }, + { 0xC002004F, "RPC_NT_NO_INTERFACES" }, + { 0xC0020050, "RPC_NT_CALL_CANCELLED" }, + { 0xC0020051, "RPC_NT_BINDING_INCOMPLETE" }, + { 0xC0020052, "RPC_NT_COMM_FAILURE" }, + { 0xC0020053, "RPC_NT_UNSUPPORTED_AUTHN_LEVEL" }, + { 0xC0020054, "RPC_NT_NO_PRINC_NAME" }, + { 0xC0020055, "RPC_NT_NOT_RPC_ERROR" }, + { 0x40020056, "RPC_NT_UUID_LOCAL_ONLY" }, + { 0xC0020057, "RPC_NT_SEC_PKG_ERROR" }, + { 0xC0020058, "RPC_NT_NOT_CANCELLED" }, + { 0xC0030059, "RPC_NT_INVALID_ES_ACTION" }, + { 0xC003005A, "RPC_NT_WRONG_ES_VERSION" }, + { 0xC003005B, "RPC_NT_WRONG_STUB_VERSION" }, + { 0xC003005C, "RPC_NT_INVALID_PIPE_OBJECT" }, + { 0xC003005D, "RPC_NT_INVALID_PIPE_OPERATION" }, + { 0xC003005E, "RPC_NT_WRONG_PIPE_VERSION" }, + { 0x400200AF, "RPC_NT_SEND_INCOMPLETE" }, + { 0, NULL } +}; + +/* These are the MS country codes from + + http://www.unicode.org/unicode/onlinedat/countries.html + + For countries that share the same number, I choose to use only the + name of the largest country. Apologies for this. If this offends you, + here is the table to change that. + + This also includes the code of 0 for "Default", which isn't in + that list, but is in Microsoft's SDKs and the Cygnus "winnls.h" + header file. Presumably it means "don't override the setting + on the user's machine". + + Future versions of Microsoft's "winnls.h" header file might include + additional codes; the current version matches the Unicode Consortium's + table. +*/ +const value_string ms_country_codes[] = { + { 0, "Default"}, + { 1, "USA"}, + { 2, "Canada"}, + { 7, "Russia"}, + { 20, "Egypt"}, + { 27, "South Africa"}, + { 30, "Greece"}, + { 31, "Netherlands"}, + { 32, "Belgium"}, + { 33, "France"}, + { 34, "Spain"}, + { 36, "Hungary"}, + { 39, "Italy"}, + { 40, "Romania"}, + { 41, "Switzerland"}, + { 43, "Austria"}, + { 44, "United Kingdom"}, + { 45, "Denmark"}, + { 46, "Sweden"}, + { 47, "Norway"}, + { 48, "Poland"}, + { 49, "Germany"}, + { 51, "Peru"}, + { 52, "Mexico"}, + { 54, "Argentina"}, + { 55, "Brazil"}, + { 56, "Chile"}, + { 57, "Colombia"}, + { 58, "Venezuela"}, + { 60, "Malaysia"}, + { 61, "Australia"}, + { 62, "Indonesia"}, + { 63, "Philippines"}, + { 64, "New Zealand"}, + { 65, "Singapore"}, + { 66, "Thailand"}, + { 81, "Japan"}, + { 82, "South Korea"}, + { 84, "Viet Nam"}, + { 86, "China"}, + { 90, "Turkey"}, + { 91, "India"}, + { 92, "Pakistan"}, + {212, "Morocco"}, + {213, "Algeria"}, + {216, "Tunisia"}, + {218, "Libya"}, + {254, "Kenya"}, + {263, "Zimbabwe"}, + {298, "Faroe Islands"}, + {351, "Portugal"}, + {352, "Luxembourg"}, + {353, "Ireland"}, + {354, "Iceland"}, + {355, "Albania"}, + {358, "Finland"}, + {359, "Bulgaria"}, + {370, "Lithuania"}, + {371, "Latvia"}, + {372, "Estonia"}, + {374, "Armenia"}, + {375, "Belarus"}, + {380, "Ukraine"}, + {381, "Serbia"}, + {385, "Croatia"}, + {386, "Slovenia"}, + {389, "Macedonia"}, + {420, "Czech Republic"}, + {421, "Slovak Republic"}, + {501, "Belize"}, + {502, "Guatemala"}, + {503, "El Salvador"}, + {504, "Honduras"}, + {505, "Nicaragua"}, + {506, "Costa Rica"}, + {507, "Panama"}, + {591, "Bolivia"}, + {593, "Ecuador"}, + {595, "Paraguay"}, + {598, "Uruguay"}, + {673, "Brunei Darussalam"}, + {852, "Hong Kong"}, + {853, "Macau"}, + {886, "Taiwan"}, + {960, "Maldives"}, + {961, "Lebanon"}, + {962, "Jordan"}, + {963, "Syria"}, + {964, "Iraq"}, + {965, "Kuwait"}, + {966, "Saudi Arabia"}, + {967, "Yemen"}, + {968, "Oman"}, + {971, "United Arab Emirates"}, + {972, "Israel"}, + {973, "Bahrain"}, + {974, "Qatar"}, + {976, "Mongolia"}, + {981, "Iran"}, + {994, "Azerbaijan"}, + {995, "Georgia"}, + {996, "Kyrgyzstan"}, + + {0, NULL} +}; + +#ifndef TIME_T_MIN +#define TIME_T_MIN ((time_t)0 < (time_t) -1 ? (time_t) 0 \ + : ~ (time_t) 0 << (sizeof (time_t) * CHAR_BIT - 1)) +#endif +#ifndef TIME_T_MAX +#define TIME_T_MAX (~ (time_t) 0 - TIME_T_MIN) +#endif + +#define TIME_FIXUP_CONSTANT (369.0*365.25*24*60*60-(3.0*24*60*60+6.0*60*60)) + +/* + * Translate an 8-byte FILETIME value, given as the upper and lower 32 bits, + * to an "nstime_t". + * A FILETIME is a 64-bit integer, giving the time since Jan 1, 1601, + * midnight "UTC", in 100ns units. + * Return TRUE if the conversion succeeds, FALSE otherwise. + * + * According to the Samba code, it appears to be kludge-GMT (at least for + * file listings). This means it's the GMT you get by taking a local time + * and adding the server time zone offset. This is NOT the same as GMT in + * some cases. However, we don't know the server time zone, so we don't + * do that adjustment. + * + * This code is based on the Samba code: + * + * Unix SMB/Netbios implementation. + * Version 1.9. + * time handling functions + * Copyright (C) Andrew Tridgell 1992-1998 + */ +static gboolean +nt_time_to_nstime(guint32 filetime_high, guint32 filetime_low, nstime_t *tv) +{ + double d; + /* The next two lines are a fix needed for the + broken SCO compiler. JRA. */ + time_t l_time_min = TIME_T_MIN; + time_t l_time_max = TIME_T_MAX; + + if (filetime_high == 0) + return FALSE; + + /* + * Get the time as a double, in seconds and fractional seconds. + */ + d = ((double)filetime_high)*4.0*(double)(1<<30); + d += filetime_low; + d *= 1.0e-7; + + /* Now adjust by 369 years, to make the seconds since 1970. */ + d -= TIME_FIXUP_CONSTANT; + + if (!(l_time_min <= d && d <= l_time_max)) + return FALSE; + + /* + * Get the time as seconds and nanoseconds. + */ + tv->secs = (time_t) d; + tv->nsecs = (int) ((d - tv->secs)*1000000000); + + return TRUE; +} + +int +dissect_nt_64bit_time(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_date) +{ + guint32 filetime_high, filetime_low; + nstime_t ts; + + /* XXX there seems also to be another special time value which is fairly common : + 0x40000000 00000000 + the meaning of this one is yet unknown + */ + if (tree) { + filetime_low = tvb_get_letohl(tvb, offset); + filetime_high = tvb_get_letohl(tvb, offset + 4); + if (filetime_low == 0 && filetime_high == 0) { + proto_tree_add_text(tree, tvb, offset, 8, + "%s: No time specified (0)", + proto_registrar_get_name(hf_date)); + } else if(filetime_low==0 && filetime_high==0x80000000){ + proto_tree_add_text(tree, tvb, offset, 8, + "%s: Infinity (relative time)", + proto_registrar_get_name(hf_date)); + } else if(filetime_low==0xffffffff && filetime_high==0x7fffffff){ + proto_tree_add_text(tree, tvb, offset, 8, + "%s: Infinity (absolute time)", + proto_registrar_get_name(hf_date)); + } else { + if (nt_time_to_nstime(filetime_high, filetime_low, &ts)) { + proto_tree_add_time(tree, hf_date, tvb, + offset, 8, &ts); + } else { + proto_tree_add_text(tree, tvb, offset, 8, + "%s: Time can't be converted", + proto_registrar_get_name(hf_date)); + } + } + } + + offset += 8; + return offset; +} + +static void +free_g_string(void *arg) +{ + g_string_free(arg, TRUE); +} + +/* Dissect a NT SID. Label it with 'name' and return a string version of + the SID in the 'sid_str' parameter which must be freed by the caller. + hf_sid can be -1 if the caller doesnt care what name is used and then + "nt.sid" will be the default instead. If the caller wants a more + appropriate hf field, it will just pass a FT_STRING hf field here +*/ + +int +dissect_nt_sid(tvbuff_t *tvb, int offset, proto_tree *parent_tree, char *name, + char **sid_str, int hf_sid) +{ + proto_item *item = NULL; + proto_tree *tree = NULL; + int old_offset = offset, sa_offset = offset; + gboolean rid_present; + guint rid=0; + int rid_offset=0; + guint8 revision; + int rev_offset; + guint8 num_auth; + int na_offset; + guint auth = 0; /* FIXME: What if it is larger than 32-bits */ + int i; + GString *gstr; + char sid_string[245]; + char *sid_name; + + if(hf_sid==-1){ + hf_sid=hf_nt_sid; + } + + /* revision of sid */ + revision = tvb_get_guint8(tvb, offset); + rev_offset = offset; + offset += 1; + + switch(revision){ + case 1: + case 2: /* Not sure what the different revision numbers mean */ + /* number of authorities*/ + num_auth = tvb_get_guint8(tvb, offset); + na_offset = offset; + offset += 1; + + /* XXX perhaps we should have these thing searchable? + a new FT_xxx thingie? SMB is quite common!*/ + /* identifier authorities */ + + for(i=0;i<6;i++){ + auth = (auth << 8) + tvb_get_guint8(tvb, offset); + + offset++; + } + + sa_offset = offset; + + gstr = g_string_new(""); + + CLEANUP_PUSH(free_g_string, gstr); + + /* sub authorities, leave RID to last */ + for(i=0; i < (num_auth > 4?(num_auth - 1):num_auth); i++){ + /* + * XXX should not be letohl but native byteorder according to + * Samba header files. + * + * However, considering that there were never any NT ports + * to big-endian platforms (PowerPC and MIPS ran little-endian, + * and IA-64 runs little-endian, as does x86-64), we can (?) + * assume that non le byte encodings will be "uncommon"? + */ + g_string_sprintfa(gstr, (i>0 ? "-%u" : "%u"), + tvb_get_letohl(tvb, offset)); + offset+=4; + } + + + if (num_auth > 4) { + rid = tvb_get_letohl(tvb, offset); + rid_present=TRUE; + rid_offset=offset; + offset+=4; + sprintf(sid_string, "S-1-%u-%s-%u", auth, gstr->str, rid); + } else { + rid_present=FALSE; + sprintf(sid_string, "S-1-%u-%s", auth, gstr->str); + } + + sid_name=NULL; + if(sid_name_snooping){ + sid_name=find_sid_name(sid_string); + } + + if(parent_tree){ + if(sid_name){ + item = proto_tree_add_string_format(parent_tree, hf_sid, tvb, old_offset, offset-old_offset, sid_string, "%s: %s (%s)", name, sid_string, sid_name); + } else { + item = proto_tree_add_string_format(parent_tree, hf_sid, tvb, old_offset, offset-old_offset, sid_string, "%s: %s", name, sid_string); + } + tree = proto_item_add_subtree(item, ett_nt_sid); + } + + proto_tree_add_item(tree, hf_nt_sid_revision, tvb, rev_offset, 1, TRUE); + proto_tree_add_item(tree, hf_nt_sid_num_auth, tvb, na_offset, 1, TRUE); + proto_tree_add_text(tree, tvb, na_offset+1, 6, "Authority: %u", auth); + proto_tree_add_text(tree, tvb, sa_offset, num_auth * 4, "Sub-authorities: %s", gstr->str); + + if(rid_present){ + proto_tree_add_text(tree, tvb, rid_offset, 4, "RID: %u", rid); + } + + if(sid_str){ + if(sid_name){ + *sid_str = g_strdup_printf("%s (%s)", sid_string, sid_name); + } else { + *sid_str = g_strdup(sid_string); + } + } + + CLEANUP_CALL_AND_POP; + } + + + return offset; +} + +/* Dissect an access mask. All this stuff is kind of explained at MSDN: + +http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/windows_2000_windows_nt_access_mask_format.asp + +*/ + +static gint ett_nt_access_mask = -1; +static gint ett_nt_access_mask_generic = -1; +static gint ett_nt_access_mask_standard = -1; +static gint ett_nt_access_mask_specific = -1; + +static int hf_access_sacl = -1; +static int hf_access_maximum_allowed = -1; +static int hf_access_generic_read = -1; +static int hf_access_generic_write = -1; +static int hf_access_generic_execute = -1; +static int hf_access_generic_all = -1; +static int hf_access_standard_delete = -1; +static int hf_access_standard_read_control = -1; +static int hf_access_standard_synchronise = -1; +static int hf_access_standard_write_dac = -1; +static int hf_access_standard_write_owner = -1; +static int hf_access_specific_15 = -1; +static int hf_access_specific_14 = -1; +static int hf_access_specific_13 = -1; +static int hf_access_specific_12 = -1; +static int hf_access_specific_11 = -1; +static int hf_access_specific_10 = -1; +static int hf_access_specific_9 = -1; +static int hf_access_specific_8 = -1; +static int hf_access_specific_7 = -1; +static int hf_access_specific_6 = -1; +static int hf_access_specific_5 = -1; +static int hf_access_specific_4 = -1; +static int hf_access_specific_3 = -1; +static int hf_access_specific_2 = -1; +static int hf_access_specific_1 = -1; +static int hf_access_specific_0 = -1; + +/* Map generic permissions to specific permissions */ + +static void map_generic_access(guint32 *access_mask, + struct generic_mapping *mapping) +{ + if (*access_mask & GENERIC_READ_ACCESS) { + *access_mask &= ~GENERIC_READ_ACCESS; + *access_mask |= mapping->generic_read; + } + + if (*access_mask & GENERIC_WRITE_ACCESS) { + *access_mask &= ~GENERIC_WRITE_ACCESS; + *access_mask |= mapping->generic_write; + } + + if (*access_mask & GENERIC_EXECUTE_ACCESS) { + *access_mask &= ~GENERIC_EXECUTE_ACCESS; + *access_mask |= mapping->generic_execute; + } + + if (*access_mask & GENERIC_ALL_ACCESS) { + *access_mask &= ~GENERIC_ALL_ACCESS; + *access_mask |= mapping->generic_all; + } +} + +/* Map standard permissions to specific permissions */ + +static void map_standard_access(guint32 *access_mask, + struct standard_mapping *mapping) +{ + if (*access_mask & READ_CONTROL_ACCESS) { + *access_mask &= ~READ_CONTROL_ACCESS; + *access_mask |= mapping->std_read; + } + + if (*access_mask & (DELETE_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS| + SYNCHRONIZE_ACCESS)) { + *access_mask &= ~(DELETE_ACCESS|WRITE_DAC_ACCESS| + WRITE_OWNER_ACCESS|SYNCHRONIZE_ACCESS); + *access_mask |= mapping->std_all; + } + +} + +int +dissect_nt_access_mask(tvbuff_t *tvb, gint offset, packet_info *pinfo, + proto_tree *tree, guint8 *drep, int hfindex, + struct access_mask_info *ami, guint32 *perms) +{ + proto_item *item; + proto_tree *subtree, *generic_tree, *standard_tree, *specific_tree; + guint32 access; + + if (drep != NULL) { + /* + * Called from a DCE RPC protocol dissector, for a + * protocol where a 32-bit NDR integer contains + * an NT access mask; extract the access mask + * with an NDR call. + */ + offset = dissect_ndr_uint32(tvb, offset, pinfo, NULL, drep, + hfindex, &access); + } else { + /* + * Called from SMB, where the access mask is just a + * 4-byte little-endian quantity with no special + * NDR alignment requirement; extract it with + * "tvb_get_letohl()". + */ + access = tvb_get_letohl(tvb, offset); + offset += 4; + } + + if (perms) { + *perms = access; + } + + item = proto_tree_add_uint(tree, hfindex, tvb, offset - 4, 4, access); + + subtree = proto_item_add_subtree(item, ett_nt_access_mask); + + /* Generic access rights */ + + item = proto_tree_add_text(subtree, tvb, offset - 4, 4, + "Generic rights: 0x%08x", + access & GENERIC_RIGHTS_MASK); + + generic_tree = proto_item_add_subtree( + item, ett_nt_access_mask_generic); + + proto_tree_add_boolean( + generic_tree, hf_access_generic_read, tvb, offset - 4, 4, + access); + + proto_tree_add_boolean( + generic_tree, hf_access_generic_write, tvb, offset - 4, 4, + access); + + proto_tree_add_boolean( + generic_tree, hf_access_generic_execute, tvb, offset - 4, 4, + access); + + proto_tree_add_boolean( + generic_tree, hf_access_generic_all, tvb, offset - 4, 4, + access); + + /* Reserved (??) */ + + proto_tree_add_boolean( + subtree, hf_access_maximum_allowed, tvb, offset - 4, 4, + access); + + /* Access system security */ + + proto_tree_add_boolean( + subtree, hf_access_sacl, tvb, offset - 4, 4, + access); + + /* Standard access rights */ + + item = proto_tree_add_text(subtree, tvb, offset - 4, 4, + "Standard rights: 0x%08x", + access & STANDARD_RIGHTS_MASK); + + standard_tree = proto_item_add_subtree( + item, ett_nt_access_mask_standard); + + proto_tree_add_boolean( + standard_tree, hf_access_standard_synchronise, tvb, + offset - 4, 4, access); + + proto_tree_add_boolean( + standard_tree, hf_access_standard_write_owner, tvb, + offset - 4, 4, access); + + proto_tree_add_boolean( + standard_tree, hf_access_standard_write_dac, tvb, + offset - 4, 4, access); + + proto_tree_add_boolean( + standard_tree, hf_access_standard_read_control, tvb, + offset - 4, 4, access); + + proto_tree_add_boolean( + standard_tree, hf_access_standard_delete, tvb, offset - 4, 4, + access); + + /* Specific access rights. Call the specific_rights_fn + pointer if we have one, otherwise just display bits 0-15 in + boring fashion. */ + + if (ami && ami->specific_rights_name) + item = proto_tree_add_text(subtree, tvb, offset - 4, 4, + "%s specific rights: 0x%08x", + ami->specific_rights_name, + access & SPECIFIC_RIGHTS_MASK); + else + item = proto_tree_add_text(subtree, tvb, offset - 4, 4, + "Specific rights: 0x%08x", + access & SPECIFIC_RIGHTS_MASK); + + specific_tree = proto_item_add_subtree( + item, ett_nt_access_mask_specific); + + if (ami && ami->specific_rights_fn) { + guint32 mapped_access = access; + proto_tree *specific_mapped; + + specific_mapped = proto_item_add_subtree( + item, ett_nt_access_mask_specific); + + ami->specific_rights_fn( + tvb, offset - 4, specific_tree, access); + + if (ami->generic_mapping) + map_generic_access(&access, ami->generic_mapping); + + if (ami->standard_mapping) + map_standard_access(&access, ami->standard_mapping); + + if (access != mapped_access) { + ami->specific_rights_fn( + tvb, offset - 4, specific_mapped, + mapped_access); + } + + return offset; + } + + proto_tree_add_boolean( + specific_tree, hf_access_specific_15, tvb, offset - 4, 4, + access); + + proto_tree_add_boolean( + specific_tree, hf_access_specific_14, tvb, offset - 4, 4, + access); + + proto_tree_add_boolean( + specific_tree, hf_access_specific_13, tvb, offset - 4, 4, + access); + + proto_tree_add_boolean( + specific_tree, hf_access_specific_12, tvb, offset - 4, 4, + access); + + proto_tree_add_boolean( + specific_tree, hf_access_specific_11, tvb, offset - 4, 4, + access); + + proto_tree_add_boolean( + specific_tree, hf_access_specific_10, tvb, offset - 4, 4, + access); + + proto_tree_add_boolean( + specific_tree, hf_access_specific_9, tvb, offset - 4, 4, + access); + + proto_tree_add_boolean( + specific_tree, hf_access_specific_8, tvb, offset - 4, 4, + access); + + proto_tree_add_boolean( + specific_tree, hf_access_specific_7, tvb, offset - 4, 4, + access); + + proto_tree_add_boolean( + specific_tree, hf_access_specific_6, tvb, offset - 4, 4, + access); + + proto_tree_add_boolean( + specific_tree, hf_access_specific_5, tvb, offset - 4, 4, + access); + + proto_tree_add_boolean( + specific_tree, hf_access_specific_4, tvb, offset - 4, 4, + access); + + proto_tree_add_boolean( + specific_tree, hf_access_specific_3, tvb, offset - 4, 4, + access); + + proto_tree_add_boolean( + specific_tree, hf_access_specific_2, tvb, offset - 4, 4, + access); + + proto_tree_add_boolean( + specific_tree, hf_access_specific_1, tvb, offset - 4, 4, + access); + + proto_tree_add_boolean( + specific_tree, hf_access_specific_0, tvb, offset - 4, 4, + access); + + return offset; +} + +static int hf_nt_access_mask = -1; + +static const value_string ace_type_vals[] = { + { 0, "Access Allowed"}, + { 1, "Access Denied"}, + { 2, "System Audit"}, + { 3, "System Alarm"}, + { 0, NULL} +}; +static const true_false_string tfs_ace_flags_object_inherit = { + "Subordinate files will inherit this ACE", + "Subordinate files will not inherit this ACE" +}; +static const true_false_string tfs_ace_flags_container_inherit = { + "Subordinate containers will inherit this ACE", + "Subordinate containers will not inherit this ACE" +}; +static const true_false_string tfs_ace_flags_non_propagate_inherit = { + "Subordinate object will not propagate the inherited ACE further", + "Subordinate object will propagate the inherited ACE further" +}; +static const true_false_string tfs_ace_flags_inherit_only = { + "This ACE does not apply to the current object", + "This ACE applies to the current object" +}; +static const true_false_string tfs_ace_flags_inherited_ace = { + "This ACE was inherited from its parent object", + "This ACE was not inherited from its parent object" +}; +static const true_false_string tfs_ace_flags_successful_access = { + "Successful accesses will be audited", + "Successful accesses will not be audited" +}; +static const true_false_string tfs_ace_flags_failed_access = { + "Failed accesses will be audited", + "Failed accesses will not be audited" +}; + +#define APPEND_ACE_TEXT(flag, item, string) \ + if(flag){ \ + if(item) \ + proto_item_append_text(item, string, sep); \ + sep = ", "; \ + } + +static int +dissect_nt_v2_ace_flags(tvbuff_t *tvb, int offset, proto_tree *parent_tree, + guint8 *data) +{ + proto_item *item = NULL; + proto_tree *tree = NULL; + guint8 mask; + char *sep = " "; + + mask = tvb_get_guint8(tvb, offset); + + if (data) + *data = mask; + + + if(parent_tree){ + item = proto_tree_add_text(parent_tree, tvb, offset, 1, + "NT ACE Flags: 0x%02x", mask); + tree = proto_item_add_subtree(item, ett_nt_ace_flags); + } + + proto_tree_add_boolean(tree, hf_nt_ace_flags_failed_access, + tvb, offset, 1, mask); + APPEND_ACE_TEXT(mask&0x80, item, "%sFailed Access"); + + proto_tree_add_boolean(tree, hf_nt_ace_flags_successful_access, + tvb, offset, 1, mask); + APPEND_ACE_TEXT(mask&0x40, item, "%sSuccessful Access"); + + proto_tree_add_boolean(tree, hf_nt_ace_flags_inherited_ace, + tvb, offset, 1, mask); + APPEND_ACE_TEXT(mask&0x10, item, "%sInherited ACE"); + + proto_tree_add_boolean(tree, hf_nt_ace_flags_inherit_only, + tvb, offset, 1, mask); + APPEND_ACE_TEXT(mask&0x08, item, "%sInherit Only"); + + proto_tree_add_boolean(tree, hf_nt_ace_flags_non_propagate_inherit, + tvb, offset, 1, mask); + APPEND_ACE_TEXT(mask&0x04, item, "%sNo Propagate Inherit"); + + proto_tree_add_boolean(tree, hf_nt_ace_flags_container_inherit, + tvb, offset, 1, mask); + APPEND_ACE_TEXT(mask&0x02, item, "%sContainer Inherit"); + + proto_tree_add_boolean(tree, hf_nt_ace_flags_object_inherit, + tvb, offset, 1, mask); + APPEND_ACE_TEXT(mask&0x01, item, "%sObject Inherit"); + + + offset += 1; + return offset; +} + +static int +dissect_nt_v2_ace(tvbuff_t *tvb, int offset, packet_info *pinfo, + proto_tree *parent_tree, guint8 *drep, + struct access_mask_info *ami) +{ + proto_item *item = NULL; + proto_tree *tree = NULL; + int old_offset = offset; + guint16 size; + char *sid_str = NULL; + guint8 type; + guint8 flags; + guint32 perms = 0; + + if(parent_tree){ + item = proto_tree_add_text(parent_tree, tvb, offset, -1, + "NT ACE: "); + tree = proto_item_add_subtree(item, ett_nt_ace); + } + + /* type */ + type = tvb_get_guint8(tvb, offset); + proto_tree_add_uint(tree, hf_nt_ace_type, tvb, offset, 1, type); + offset += 1; + + /* flags */ + offset = dissect_nt_v2_ace_flags(tvb, offset, tree, &flags); + + /* size */ + size = tvb_get_letohs(tvb, offset); + proto_tree_add_uint(tree, hf_nt_ace_size, tvb, offset, 2, size); + offset += 2; + + /* access mask */ + offset = dissect_nt_access_mask( + tvb, offset, pinfo, tree, drep, + hf_nt_access_mask, ami, &perms); + + /* SID */ + offset = dissect_nt_sid(tvb, offset, tree, "ACE", &sid_str, -1); + + if (item) + proto_item_append_text( + item, "%s, flags 0x%02x, %s, mask 0x%08x", sid_str, flags, + val_to_str(type, ace_type_vals, "Unknown ACE type (0x%02x)"), + perms); + + g_free(sid_str); + + proto_item_set_len(item, offset-old_offset); + + /* Sometimes there is some spare space at the end of the ACE so use + the size field to work out where the end is. */ + + return old_offset + size; +} + +static int +dissect_nt_acl(tvbuff_t *tvb, int offset, packet_info *pinfo, + proto_tree *parent_tree, guint8 *drep, char *name, + struct access_mask_info *ami) +{ + proto_item *item = NULL; + proto_tree *tree = NULL; + int old_offset = offset; + guint8 revision; + guint32 num_aces; + + if(parent_tree){ + item = proto_tree_add_text(parent_tree, tvb, offset, -1, + "NT %s ACL", name); + tree = proto_item_add_subtree(item, ett_nt_acl); + } + + /* revision */ + revision = tvb_get_guint8(tvb, offset); + proto_tree_add_uint(tree, hf_nt_acl_revision, + tvb, offset, 1, revision); + offset += 2; + + switch(revision){ + case 2: /* only version we will ever see of this structure?*/ + case 3: + /* size */ + proto_tree_add_item(tree, hf_nt_acl_size, tvb, offset, 2, TRUE); + offset += 2; + + /* number of ace structures */ + num_aces = tvb_get_letohl(tvb, offset); + proto_tree_add_uint(tree, hf_nt_acl_num_aces, + tvb, offset, 4, num_aces); + offset += 4; + + while(num_aces--){ + offset=dissect_nt_v2_ace( + tvb, offset, pinfo, tree, drep, ami); + } + } + + proto_item_set_len(item, offset-old_offset); + return offset; +} + +static const true_false_string tfs_sec_desc_type_owner_defaulted = { + "OWNER is DEFAULTED", + "Owner is NOT defaulted" +}; +static const true_false_string tfs_sec_desc_type_group_defaulted = { + "GROUP is DEFAULTED", + "Group is NOT defaulted" +}; +static const true_false_string tfs_sec_desc_type_dacl_present = { + "DACL is PRESENT", + "DACL is NOT present" +}; +static const true_false_string tfs_sec_desc_type_dacl_defaulted = { + "DACL is DEFAULTED", + "DACL is NOT defaulted" +}; +static const true_false_string tfs_sec_desc_type_sacl_present = { + "SACL is PRESENT", + "SACL is NOT present" +}; +static const true_false_string tfs_sec_desc_type_sacl_defaulted = { + "SACL is DEFAULTED", + "SACL is NOT defaulted" +}; +static const true_false_string tfs_sec_desc_type_dacl_auto_inherit_req = { + "DACL has AUTO INHERIT REQUIRED", + "DACL does NOT require auto inherit" +}; +static const true_false_string tfs_sec_desc_type_sacl_auto_inherit_req = { + "SACL has AUTO INHERIT REQUIRED", + "SACL does NOT require auto inherit" +}; +static const true_false_string tfs_sec_desc_type_dacl_auto_inherited = { + "DACL is AUTO INHERITED", + "DACL is NOT auto inherited" +}; +static const true_false_string tfs_sec_desc_type_sacl_auto_inherited = { + "SACL is AUTO INHERITED", + "SACL is NOT auto inherited" +}; +static const true_false_string tfs_sec_desc_type_dacl_protected = { + "The DACL is PROTECTED", + "The DACL is NOT protected" +}; +static const true_false_string tfs_sec_desc_type_sacl_protected = { + "The SACL is PROTECTED", + "The SACL is NOT protected" +}; +static const true_false_string tfs_sec_desc_type_self_relative = { + "This SecDesc is SELF RELATIVE", + "This SecDesc is NOT self relative" +}; + + +static int +dissect_nt_sec_desc_type(tvbuff_t *tvb, int offset, proto_tree *parent_tree) +{ + proto_item *item = NULL; + proto_tree *tree = NULL; + guint16 mask; + + mask = tvb_get_letohs(tvb, offset); + if(parent_tree){ + item = proto_tree_add_text(parent_tree, tvb, offset, 2, + "Type: 0x%04x", mask); + tree = proto_item_add_subtree(item, ett_nt_sec_desc_type); + } + + proto_tree_add_boolean(tree,hf_nt_sec_desc_type_self_relative, + tvb, offset, 2, mask); + proto_tree_add_boolean(tree,hf_nt_sec_desc_type_sacl_protected, + tvb, offset, 2, mask); + proto_tree_add_boolean(tree,hf_nt_sec_desc_type_dacl_protected, + tvb, offset, 2, mask); + proto_tree_add_boolean(tree,hf_nt_sec_desc_type_sacl_auto_inherited, + tvb, offset, 2, mask); + proto_tree_add_boolean(tree,hf_nt_sec_desc_type_dacl_auto_inherited, + tvb, offset, 2, mask); + proto_tree_add_boolean(tree,hf_nt_sec_desc_type_sacl_auto_inherit_req, + tvb, offset, 2, mask); + proto_tree_add_boolean(tree,hf_nt_sec_desc_type_dacl_auto_inherit_req, + tvb, offset, 2, mask); + proto_tree_add_boolean(tree,hf_nt_sec_desc_type_sacl_defaulted, + tvb, offset, 2, mask); + proto_tree_add_boolean(tree,hf_nt_sec_desc_type_sacl_present, + tvb, offset, 2, mask); + proto_tree_add_boolean(tree,hf_nt_sec_desc_type_dacl_defaulted, + tvb, offset, 2, mask); + proto_tree_add_boolean(tree,hf_nt_sec_desc_type_dacl_present, + tvb, offset, 2, mask); + proto_tree_add_boolean(tree,hf_nt_sec_desc_type_group_defaulted, + tvb, offset, 2, mask); + proto_tree_add_boolean(tree, hf_nt_sec_desc_type_owner_defaulted, + tvb, offset, 2, mask); + + + offset += 2; + return offset; +} + +int +dissect_nt_sec_desc(tvbuff_t *tvb, int offset, packet_info *pinfo, + proto_tree *parent_tree, guint8 *drep, int len, + struct access_mask_info *ami) +{ + proto_item *item = NULL; + proto_tree *tree = NULL; + guint8 revision; + int old_offset = offset; + guint32 owner_sid_offset; + guint32 group_sid_offset; + guint32 sacl_offset; + guint32 dacl_offset; + + if(parent_tree){ + item = proto_tree_add_text(parent_tree, tvb, offset, len, + "NT Security Descriptor"); + tree = proto_item_add_subtree(item, ett_nt_sec_desc); + } + + /* revision */ + revision = tvb_get_guint8(tvb, offset); + proto_tree_add_uint(tree, hf_nt_sec_desc_revision, + tvb, offset, 1, revision); + offset += 1; + + /* next byte should be zero, for now just ignore it */ + offset += 1; + + + switch(revision){ + case 1: /* only version we will ever see of this structure?*/ + /* type */ + offset = dissect_nt_sec_desc_type(tvb, offset, tree); + + /* offset to owner sid */ + owner_sid_offset = tvb_get_letohl(tvb, offset); + proto_tree_add_text(tree, tvb, offset, 4, "Offset to owner SID: %u", owner_sid_offset); + offset += 4; + + /* offset to group sid */ + group_sid_offset = tvb_get_letohl(tvb, offset); + proto_tree_add_text(tree, tvb, offset, 4, "Offset to group SID: %u", group_sid_offset); + offset += 4; + + /* offset to sacl */ + sacl_offset = tvb_get_letohl(tvb, offset); + proto_tree_add_text(tree, tvb, offset, 4, "Offset to SACL: %u", sacl_offset); + offset += 4; + + /* offset to dacl */ + dacl_offset = tvb_get_letohl(tvb, offset); + proto_tree_add_text(tree, tvb, offset, 4, "Offset to DACL: %u", dacl_offset); + offset += 4; + + /*owner SID*/ + if(owner_sid_offset){ + if (len == -1) + offset = dissect_nt_sid(tvb, offset, tree, "Owner", NULL, -1); + else + dissect_nt_sid( + tvb, old_offset+owner_sid_offset, tree, "Owner", NULL, -1); + } + + /*group SID*/ + if(group_sid_offset){ + dissect_nt_sid( + tvb, old_offset+group_sid_offset, tree, "Group", NULL, -1); + } + + /* sacl */ + if(sacl_offset){ + dissect_nt_acl(tvb, old_offset+sacl_offset, pinfo, tree, + drep, "System (SACL)", ami); + } + + /* dacl */ + if(dacl_offset){ + dissect_nt_acl(tvb, old_offset+dacl_offset, pinfo, tree, + drep, "User (DACL)", ami); + } + + } + + return offset+len; +} + +/* + * XXX - we should have a way to register fields not associated with a + * protocol. + * + * XXX - make-reg-dotc.py doesn't check for an argument list of "(void)", + * so we have to give this a name other than "proto_register_..." so that + * it doesn't end up being called from "register.c". + */ +void +proto_do_register_windows_common(int proto_smb) +{ + static hf_register_info hf[] = { + /* Security descriptors */ + + { &hf_nt_sec_desc_revision, + { "Revision", "nt.sec_desc.revision", FT_UINT8, BASE_DEC, + NULL, 0, "Version of NT Security Descriptor structure", HFILL }}, + + { &hf_nt_sec_desc_type_owner_defaulted, + { "Owner Defaulted", "nt.sec_desc.type.owner_defaulted", FT_BOOLEAN, 16, + TFS(&tfs_sec_desc_type_owner_defaulted), 0x0001, "Is Owner Defaulted set?", HFILL }}, + + { &hf_nt_sec_desc_type_group_defaulted, + { "Group Defaulted", "nt.sec_desc.type.group_defaulted", FT_BOOLEAN, 16, + TFS(&tfs_sec_desc_type_group_defaulted), 0x0002, "Is Group Defaulted?", HFILL }}, + + { &hf_nt_sec_desc_type_dacl_present, + { "DACL Present", "nt.sec_desc.type.dacl_present", FT_BOOLEAN, 16, + TFS(&tfs_sec_desc_type_dacl_present), 0x0004, "Does this SecDesc have DACL present?", HFILL }}, + + { &hf_nt_sec_desc_type_dacl_defaulted, + { "DACL Defaulted", "nt.sec_desc.type.dacl_defaulted", FT_BOOLEAN, 16, + TFS(&tfs_sec_desc_type_dacl_defaulted), 0x0008, "Does this SecDesc have DACL Defaulted?", HFILL }}, + + { &hf_nt_sec_desc_type_sacl_present, + { "SACL Present", "nt.sec_desc.type.sacl_present", FT_BOOLEAN, 16, + TFS(&tfs_sec_desc_type_sacl_present), 0x0010, "Is the SACL present?", HFILL }}, + + { &hf_nt_sec_desc_type_sacl_defaulted, + { "SACL Defaulted", "nt.sec_desc.type.sacl_defaulted", FT_BOOLEAN, 16, + TFS(&tfs_sec_desc_type_sacl_defaulted), 0x0020, "Does this SecDesc have SACL Defaulted?", HFILL }}, + + { &hf_nt_sec_desc_type_dacl_auto_inherit_req, + { "DACL Auto Inherit Required", "nt.sec_desc.type.dacl_auto_inherit_req", FT_BOOLEAN, 16, + TFS(&tfs_sec_desc_type_dacl_auto_inherit_req), 0x0100, "Does this SecDesc have DACL Auto Inherit Required set?", HFILL }}, + + { &hf_nt_sec_desc_type_sacl_auto_inherit_req, + { "SACL Auto Inherit Required", "nt.sec_desc.type.sacl_auto_inherit_req", FT_BOOLEAN, 16, + TFS(&tfs_sec_desc_type_sacl_auto_inherit_req), 0x0200, "Does this SecDesc have SACL Auto Inherit Required set?", HFILL }}, + + { &hf_nt_sec_desc_type_dacl_auto_inherited, + { "DACL Auto Inherited", "nt.sec_desc.type.dacl_auto_inherited", FT_BOOLEAN, 16, + TFS(&tfs_sec_desc_type_dacl_auto_inherited), 0x0400, "Is this DACL auto inherited", HFILL }}, + + { &hf_nt_sec_desc_type_sacl_auto_inherited, + { "SACL Auto Inherited", "nt.sec_desc.type.sacl_auto_inherited", FT_BOOLEAN, 16, + TFS(&tfs_sec_desc_type_sacl_auto_inherited), 0x0800, "Is this SACL auto inherited", HFILL }}, + + { &hf_nt_sec_desc_type_dacl_protected, + { "DACL Protected", "nt.sec_desc.type.dacl_protected", FT_BOOLEAN, 16, + TFS(&tfs_sec_desc_type_dacl_protected), 0x1000, "Is the DACL structure protected?", HFILL }}, + + { &hf_nt_sec_desc_type_sacl_protected, + { "SACL Protected", "nt.sec_desc.type.sacl_protected", FT_BOOLEAN, 16, + TFS(&tfs_sec_desc_type_sacl_protected), 0x2000, "Is the SACL structure protected?", HFILL }}, + + { &hf_nt_sec_desc_type_self_relative, + { "Self Relative", "nt.sec_desc.type.self_relative", FT_BOOLEAN, 16, + TFS(&tfs_sec_desc_type_self_relative), 0x8000, "Is this SecDesc self relative?", HFILL }}, + + /* SIDs */ + + { &hf_nt_sid, + { "SID", "nt.sid", FT_STRING, BASE_DEC, + NULL, 0, "SID: Security Identifier", HFILL }}, + + { &hf_nt_sid_revision, + { "Revision", "nt.sid.revision", FT_UINT8, BASE_DEC, + NULL, 0, "Version of SID structure", HFILL }}, + + { &hf_nt_sid_num_auth, + { "Num Auth", "nt.sid.num_auth", FT_UINT8, BASE_DEC, + NULL, 0, "Number of authorities for this SID", HFILL }}, + + { &hf_nt_acl_revision, + { "Revision", "nt.acl.revision", FT_UINT8, BASE_DEC, + NULL, 0, "Version of NT ACL structure", HFILL }}, + + /* ACLs */ + + { &hf_nt_acl_size, + { "Size", "nt.acl.size", FT_UINT16, BASE_DEC, + NULL, 0, "Size of NT ACL structure", HFILL }}, + + { &hf_nt_acl_num_aces, + { "Num ACEs", "nt.acl.num_aces", FT_UINT32, BASE_DEC, + NULL, 0, "Number of ACE structures for this ACL", HFILL }}, + + /* ACEs */ + + { &hf_nt_ace_type, + { "Type", "nt.ace.type", + FT_UINT8, BASE_DEC, VALS(ace_type_vals), 0, "Type of ACE", + HFILL }}, + + { &hf_nt_ace_size, + { "Size", "nt.ace.size", FT_UINT16, BASE_DEC, NULL, 0, + "Size of this ACE", HFILL }}, + + { &hf_nt_ace_flags_object_inherit, + { "Object Inherit", "nt.ace.flags.object_inherit", FT_BOOLEAN, 8, + TFS(&tfs_ace_flags_object_inherit), 0x01, "Will subordinate files inherit this ACE?", HFILL }}, + + { &hf_nt_ace_flags_container_inherit, + { "Container Inherit", "nt.ace.flags.container_inherit", FT_BOOLEAN, 8, + TFS(&tfs_ace_flags_container_inherit), 0x02, "Will subordinate containers inherit this ACE?", HFILL }}, + + { &hf_nt_ace_flags_non_propagate_inherit, + { "Non-Propagate Inherit", "nt.ace.flags.non_propagate_inherit", FT_BOOLEAN, 8, + TFS(&tfs_ace_flags_non_propagate_inherit), 0x04, "Will subordinate object propagate this ACE further?", HFILL }}, + + { &hf_nt_ace_flags_inherit_only, + { "Inherit Only", "nt.ace.flags.inherit_only", FT_BOOLEAN, 8, + TFS(&tfs_ace_flags_inherit_only), 0x08, "Does this ACE apply to the current object?", HFILL }}, + + { &hf_nt_ace_flags_inherited_ace, + { "Inherited ACE", "nt.ace.flags.inherited_ace", FT_BOOLEAN, 8, + TFS(&tfs_ace_flags_inherited_ace), 0x10, "Was this ACE inherited from its parent object?", HFILL }}, + + { &hf_nt_ace_flags_successful_access, + { "Audit Successful Accesses", "nt.ace.flags.successful_access", FT_BOOLEAN, 8, + TFS(&tfs_ace_flags_successful_access), 0x40, "Should successful accesses be audited?", HFILL }}, + + { &hf_nt_ace_flags_failed_access, + { "Audit Failed Accesses", "nt.ace.flags.failed_access", FT_BOOLEAN, 8, + TFS(&tfs_ace_flags_failed_access), 0x80, "Should failed accesses be audited?", HFILL }}, + + /* Access masks */ + + { &hf_nt_access_mask, + { "Access required", "nt.access_mask", + FT_UINT32, BASE_HEX, NULL, 0x0, "Access mask", + HFILL }}, + + { &hf_access_generic_read, + { "Generic read", "nt.access_mask.generic_read", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + GENERIC_READ_ACCESS, "Generic read", HFILL }}, + + { &hf_access_generic_write, + { "Generic write", "nt.access_mask.generic_write", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + GENERIC_WRITE_ACCESS, "Generic write", HFILL }}, + + { &hf_access_generic_execute, + { "Generic execute", "nt.access_mask.generic_execute", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + GENERIC_EXECUTE_ACCESS, "Generic execute", HFILL }}, + + { &hf_access_generic_all, + { "Generic all", "nt.access_mask.generic_all", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + GENERIC_ALL_ACCESS, "Generic all", HFILL }}, + + { &hf_access_maximum_allowed, + { "Maximum allowed", "nt.access_mask.maximum_allowed", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + MAXIMUM_ALLOWED_ACCESS, "Maximum allowed", HFILL }}, + + { &hf_access_sacl, + { "Access SACL", "nt.access_mask.access_sacl", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + ACCESS_SACL_ACCESS, "Access SACL", HFILL }}, + + { &hf_access_standard_read_control, + { "Read control", "nt.access_mask.read_control", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + READ_CONTROL_ACCESS, "Read control", HFILL }}, + + { &hf_access_standard_delete, + { "Delete", "nt.access_mask.delete", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + DELETE_ACCESS, "Delete", HFILL }}, + + { &hf_access_standard_synchronise, + { "Synchronise", "nt.access_mask.synchronise", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + SYNCHRONIZE_ACCESS, "Synchronise", HFILL }}, + + { &hf_access_standard_write_dac, + { "Write DAC", "nt.access_mask.write_dac", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + WRITE_DAC_ACCESS, "Write DAC", HFILL }}, + + { &hf_access_standard_write_owner, + { "Write owner", "nt.access_mask.write_owner", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + WRITE_OWNER_ACCESS, "Write owner", HFILL }}, + + { &hf_access_specific_15, + { "Specific access, bit 15", "nt.access_mask.specific_15", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + 0x8000, "Specific access, bit 15", HFILL }}, + + { &hf_access_specific_14, + { "Specific access, bit 14", "nt.access_mask.specific_14", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + 0x4000, "Specific access, bit 14", HFILL }}, + + { &hf_access_specific_13, + { "Specific access, bit 13", "nt.access_mask.specific_13", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + 0x2000, "Specific access, bit 13", HFILL }}, + + { &hf_access_specific_12, + { "Specific access, bit 12", "nt.access_mask.specific_12", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + 0x1000, "Specific access, bit 12", HFILL }}, + + { &hf_access_specific_11, + { "Specific access, bit 11", "nt.access_mask.specific_11", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + 0x0800, "Specific access, bit 11", HFILL }}, + + { &hf_access_specific_10, + { "Specific access, bit 10", "nt.access_mask.specific_10", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + 0x0400, "Specific access, bit 10", HFILL }}, + + { &hf_access_specific_9, + { "Specific access, bit 9", "nt.access_mask.specific_9", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + 0x0200, "Specific access, bit 9", HFILL }}, + + { &hf_access_specific_8, + { "Specific access, bit 8", "nt.access_mask.specific_8", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + 0x0100, "Specific access, bit 8", HFILL }}, + + { &hf_access_specific_7, + { "Specific access, bit 7", "nt.access_mask.specific_7", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + 0x0080, "Specific access, bit 7", HFILL }}, + + { &hf_access_specific_6, + { "Specific access, bit 6", "nt.access_mask.specific_6", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + 0x0040, "Specific access, bit 6", HFILL }}, + + { &hf_access_specific_5, + { "Specific access, bit 5", "nt.access_mask.specific_5", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + 0x0020, "Specific access, bit 5", HFILL }}, + + { &hf_access_specific_4, + { "Specific access, bit 4", "nt.access_mask.specific_4", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + 0x0010, "Specific access, bit 4", HFILL }}, + + { &hf_access_specific_3, + { "Specific access, bit 3", "nt.access_mask.specific_3", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + 0x0008, "Specific access, bit 3", HFILL }}, + + { &hf_access_specific_2, + { "Specific access, bit 2", "nt.access_mask.specific_2", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + 0x0004, "Specific access, bit 2", HFILL }}, + + { &hf_access_specific_1, + { "Specific access, bit 1", "nt.access_mask.specific_1", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + 0x0002, "Specific access, bit 1", HFILL }}, + + { &hf_access_specific_0, + { "Specific access, bit 0", "nt.access_mask.specific_0", + FT_BOOLEAN, 32, TFS(&flags_set_truth), + 0x0001, "Specific access, bit 0", HFILL }} + }; + + static gint *ett[] = { + &ett_nt_sec_desc, + &ett_nt_sec_desc_type, + &ett_nt_sid, + &ett_nt_acl, + &ett_nt_ace, + &ett_nt_ace_flags, + &ett_nt_access_mask, + &ett_nt_access_mask_generic, + &ett_nt_access_mask_standard, + &ett_nt_access_mask_specific, + }; + + proto_register_subtree_array(ett, array_length(ett)); + proto_register_field_array(proto_smb, hf, array_length(hf)); +} diff --git a/epan/dissectors/packet-windows-common.h b/epan/dissectors/packet-windows-common.h new file mode 100644 index 0000000000..8dfd541363 --- /dev/null +++ b/epan/dissectors/packet-windows-common.h @@ -0,0 +1,183 @@ +/* packet-windows-common.h + * Declarations for dissecting various Windows data types + * + * $Id$ + * + * Ethereal - Network traffic analyzer + * By Gerald Combs <gerald@ethereal.com> + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifndef __PACKET_WINDOWS_COMMON_H__ +#define __PACKET_WINDOWS_COMMON_H__ + +/* + * DOS error codes used by other dissectors. + * At least some of these are from the SMB X/Open spec, as errors for + * the ERRDOS error class, but they might be error codes returned from + * DOS. + */ +#define SMBE_badfunc 1 /* Invalid function (or system call) */ +#define SMBE_badfile 2 /* File not found (pathname error) */ +#define SMBE_badpath 3 /* Directory not found */ +#define SMBE_nofids 4 /* Too many open files */ +#define SMBE_noaccess 5 /* Access denied */ +#define SMBE_badfid 6 /* Invalid fid */ +#define SMBE_badmcb 7 /* Memory control blocks destroyed */ +#define SMBE_nomem 8 /* Out of memory */ +#define SMBE_badmem 9 /* Invalid memory block address */ +#define SMBE_badenv 10 /* Invalid environment */ +#define SMBE_badformat 11 /* Invalid format */ +#define SMBE_badaccess 12 /* Invalid open mode */ +#define SMBE_baddata 13 /* Invalid data (only from ioctl call) */ +#define SMBE_res 14 +#define SMBE_baddrive 15 /* Invalid drive */ +#define SMBE_remcd 16 /* Attempt to delete current directory */ +#define SMBE_diffdevice 17 /* rename/move across different filesystems */ +#define SMBE_nofiles 18 /* no more files found in file search */ +#define SMBE_badshare 32 /* Share mode on file conflict with open mode */ +#define SMBE_lock 33 /* Lock request conflicts with existing lock */ +#define SMBE_unsup 50 /* Request unsupported, returned by Win 95, RJS 20Jun98 */ +#define SMBE_nosuchshare 67 /* Share does not exits */ +#define SMBE_filexists 80 /* File in operation already exists */ +#define SMBE_invalidparam 87 /* Invalid parameter */ +#define SMBE_cannotopen 110 /* Cannot open the file specified */ +#define SMBE_insufficientbuffer 122/* Insufficient buffer size */ +#define SMBE_invalidname 123 /* Invalid name */ +#define SMBE_unknownlevel 124 /* Unknown info level */ +#define SMBE_alreadyexists 183 /* File already exists */ +#define SMBE_badpipe 230 /* Named pipe invalid */ +#define SMBE_pipebusy 231 /* All instances of pipe are busy */ +#define SMBE_pipeclosing 232 /* named pipe close in progress */ +#define SMBE_notconnected 233 /* No process on other end of named pipe */ +#define SMBE_moredata 234 /* More data to be returned */ +#define SMBE_nomoreitems 259 /* No more items */ +#define SMBE_baddirectory 267 /* Invalid directory name in a path. */ +#define SMBE_eas_didnt_fit 275 /* Extended attributes didn't fit */ +#define SMBE_eas_nsup 282 /* Extended attributes not supported */ +#define SMBE_notify_buf_small 1022 /* Buffer too small to return change notify. */ +#define SMBE_serverunavailable 1722/* Server unavailable */ +#define SMBE_unknownipc 2142 +#define SMBE_noipc 66 /* don't support ipc */ + +/* These errors seem to be only returned by the NT printer driver system */ + +#define SMBE_invalidowner 1307 /* Invalid security descriptor owner */ +#define SMBE_invalidsecuritydescriptor 1338 /* Invalid security descriptor */ +#define SMBE_unknownprinterdriver 1797 /* Unknown printer driver */ +#define SMBE_invalidprintername 1801 /* Invalid printer name */ +#define SMBE_printeralreadyexists 1802 /* Printer already exists */ +#define SMBE_invaliddatatype 1804 /* Invalid datatype */ +#define SMBE_invalidenvironment 1805 /* Invalid environment */ +#define SMBE_invalidformsize 1903 /* Invalid form size */ +#define SMBE_printerdriverinuse 3001 /* Printer driver in use */ + +extern const value_string DOS_errors[]; + +/* + * NT error codes used by other dissectors. + */ +extern const value_string NT_errors[]; + +extern const value_string ms_country_codes[]; + +int dissect_nt_64bit_time(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_date); + +int dissect_nt_sid(tvbuff_t *tvb, int offset, proto_tree *parent_tree, + char *name, char **sid_str, int hf_sid); + +/* + * Stuff for dissecting NT access masks + */ + +/* + * Access mask values + */ + +/* Generic rights */ + +#define GENERIC_RIGHTS_MASK 0xF0000000 + +#define GENERIC_ALL_ACCESS 0x10000000 +#define GENERIC_EXECUTE_ACCESS 0x20000000 +#define GENERIC_WRITE_ACCESS 0x40000000 +#define GENERIC_READ_ACCESS 0x80000000 + +/* Misc/reserved */ + +#define ACCESS_SACL_ACCESS 0x00800000 +#define SYSTEM_SECURITY_ACCESS 0x01000000 +#define MAXIMUM_ALLOWED_ACCESS 0x02000000 + +/* Standard rights */ + +#define STANDARD_RIGHTS_MASK 0x00FF0000 + +#define DELETE_ACCESS 0x00010000 +#define READ_CONTROL_ACCESS 0x00020000 +#define WRITE_DAC_ACCESS 0x00040000 +#define WRITE_OWNER_ACCESS 0x00080000 +#define SYNCHRONIZE_ACCESS 0x00100000 + +/* Specific rights */ + +#define SPECIFIC_RIGHTS_MASK 0x0000FFFF /* Specific rights defined per-object */ + +typedef void (nt_access_mask_fn_t)(tvbuff_t *tvb, gint offset, + proto_tree *tree, guint32 access); + +/* Map generic access permissions to specific permissions */ + +struct generic_mapping { + guint32 generic_read; + guint32 generic_write; + guint32 generic_execute; + guint32 generic_all; +}; + +/* Map standard access permissions to specific permissions */ + +struct standard_mapping { + guint32 std_read; + guint32 std_write; + guint32 std_execute; + guint32 std_all; +}; + +struct access_mask_info { + char *specific_rights_name; + nt_access_mask_fn_t *specific_rights_fn; + struct generic_mapping *generic_mapping; + struct standard_mapping *standard_mapping; +}; + +int +dissect_nt_access_mask(tvbuff_t *tvb, gint offset, packet_info *pinfo, + proto_tree *tree, guint8 *drep, int hfindex, + struct access_mask_info *ami, + guint32 *perms); + +int +dissect_nt_sec_desc(tvbuff_t *tvb, int offset, packet_info *pinfo, + proto_tree *parent_tree, guint8 *drep, int len, + struct access_mask_info *ami); + +void +proto_do_register_windows_common(int proto_smb); + +#endif + |