aboutsummaryrefslogtreecommitdiffstats
path: root/epan/dissectors
diff options
context:
space:
mode:
authorRonnie Sahlberg <ronnie_sahlberg@ozemail.com.au>2006-06-09 21:17:58 +0000
committerRonnie Sahlberg <ronnie_sahlberg@ozemail.com.au>2006-06-09 21:17:58 +0000
commitde2e6dc731d7e272a40f224f5dab052eed37d397 (patch)
tree1d4f240878ffe2d0c6d0114d7c4fd97a04e4a970 /epan/dissectors
parentecdde88d463126f9169700dbafcf0b05392f5fb6 (diff)
some updates from new pidl
svn path=/trunk/; revision=18408
Diffstat (limited to 'epan/dissectors')
-rw-r--r--epan/dissectors/packet-dcerpc-winreg.c939
-rw-r--r--epan/dissectors/packet-dcerpc-winreg.h5
-rw-r--r--epan/dissectors/pidl/idl_types.h10
-rw-r--r--epan/dissectors/pidl/packet-dcerpc-winreg.c939
-rw-r--r--epan/dissectors/pidl/packet-dcerpc-winreg.h5
-rw-r--r--epan/dissectors/pidl/winreg.cnf141
-rw-r--r--epan/dissectors/pidl/winreg.idl45
7 files changed, 1152 insertions, 932 deletions
diff --git a/epan/dissectors/packet-dcerpc-winreg.c b/epan/dissectors/packet-dcerpc-winreg.c
index 9c3172a6f3..bad44dc9c6 100644
--- a/epan/dissectors/packet-dcerpc-winreg.c
+++ b/epan/dissectors/packet-dcerpc-winreg.c
@@ -3,9 +3,9 @@
from winreg.idl and winreg.cnf.
Pidl is a perl based IDL compiler for DCE/RPC idl files.
- It is maintained by the Samba team, not the Wireshark team.
+ It is maintained by the Samba team, not the Ethereal team.
Instructions on how to download and install Pidl can be
- found at http://wiki.wireshark.org/Pidl
+ found at http://wiki.ethereal.com/Pidl
*/
@@ -24,6 +24,7 @@
/* Ett declarations */
static gint ett_dcerpc_winreg = -1;
+static gint ett_winreg_winreg_AccessMask = -1;
static gint ett_winreg_winreg_String = -1;
static gint ett_winreg_KeySecurityData = -1;
static gint ett_winreg_winreg_SecBuf = -1;
@@ -32,106 +33,103 @@ static gint ett_winreg_QueryMultipleValue = -1;
/* Header field declarations */
-static gint hf_winreg_winreg_NotifyChangeKeyValue_string2 = -1;
-static gint hf_winreg_winreg_InitiateSystemShutdown_message = -1;
-static gint hf_winreg_KeySecurityData_size = -1;
-static gint hf_winreg_winreg_String_name = -1;
-static gint hf_winreg_winreg_InitiateSystemShutdownEx_message = -1;
-static gint hf_winreg_winreg_InitiateSystemShutdown_reboot = -1;
-static gint hf_winreg_winreg_EnumValue_enum_index = -1;
+static gint hf_winreg_winreg_QueryInfoKey_max_valbufsize = -1;
+static gint hf_winreg_winreg_SecBuf_inherit = -1;
static gint hf_winreg_winreg_QueryMultipleValues_key_handle = -1;
-static gint hf_winreg_winreg_LoadKey_keyname = -1;
-static gint hf_winreg_winreg_EnumKey_name = -1;
static gint hf_winreg_winreg_CreateKey_options = -1;
-static gint hf_winreg_winreg_EnumValue_type = -1;
-static gint hf_winreg_winreg_InitiateSystemShutdownEx_timeout = -1;
-static gint hf_winreg_winreg_EnumKey_last_changed_time = -1;
-static gint hf_winreg_winreg_QueryValue_size = -1;
-static gint hf_winreg_winreg_EnumValue_size = -1;
-static gint hf_winreg_handle = -1;
-static gint hf_winreg_winreg_QueryInfoKey_max_valnamelen = -1;
-static gint hf_winreg_winreg_SecBuf_length = -1;
static gint hf_winreg_winreg_InitiateSystemShutdownEx_reboot = -1;
-static gint hf_winreg_winreg_QueryMultipleValues_buffer_size = -1;
-static gint hf_winreg_winreg_QueryValue_data = -1;
-static gint hf_winreg_winreg_CreateKey_new_handle = -1;
-static gint hf_winreg_winreg_EnumKey_class = -1;
+static gint hf_winreg_winreg_String_name = -1;
+static gint hf_winreg_winreg_NotifyChangeKeyValue_notify_filter = -1;
static gint hf_winreg_winreg_QueryInfoKey_max_subkeysize = -1;
-static gint hf_winreg_winreg_InitiateSystemShutdown_hostname = -1;
-static gint hf_winreg_winreg_OpenHKPT_access_mask = -1;
-static gint hf_winreg_winreg_OpenHKCC_access_mask = -1;
-static gint hf_winreg_KeySecurityData_data = -1;
-static gint hf_winreg_winreg_OpenKey_access_mask = -1;
+static gint hf_winreg_winreg_OpenKey_new_handle = -1;
+static gint hf_winreg_winreg_OpenKey_unknown = -1;
+static gint hf_winreg_winreg_SetValue_data = -1;
+static gint hf_winreg_winreg_QueryMultipleValues_values = -1;
+static gint hf_winreg_winreg_QueryInfoKey_last_changed_time = -1;
static gint hf_winreg_QueryMultipleValue_name = -1;
-static gint hf_winreg_winreg_GetKeySecurity_sec_info = -1;
-static gint hf_winreg_winreg_StringBuf_size = -1;
-static gint hf_winreg_winreg_SecBuf_sd = -1;
+static gint hf_winreg_winreg_EnumValue_type = -1;
static gint hf_winreg_winreg_CreateKey_class = -1;
-static gint hf_winreg_winreg_QueryInfoKey_secdescsize = -1;
-static gint hf_winreg_winreg_OpenKey_keyname = -1;
-static gint hf_winreg_QueryMultipleValue_type = -1;
-static gint hf_winreg_winreg_SetValue_name = -1;
-static gint hf_winreg_winreg_NotifyChangeKeyValue_watch_subtree = -1;
-static gint hf_winreg_winreg_CreateKey_access_mask = -1;
-static gint hf_winreg_winreg_CreateKey_secdesc = -1;
-static gint hf_winreg_winreg_InitiateSystemShutdownEx_force_apps = -1;
static gint hf_winreg_winreg_SetValue_type = -1;
-static gint hf_winreg_KeySecurityData_len = -1;
-static gint hf_winreg_winreg_CreateKey_name = -1;
-static gint hf_winreg_winreg_String_name_len = -1;
-static gint hf_winreg_opnum = -1;
-static gint hf_winreg_winreg_DeleteKey_key = -1;
-static gint hf_winreg_winreg_EnumValue_name = -1;
+static gint hf_winreg_winreg_EnumKey_class = -1;
+static gint hf_winreg_access_mask = -1;
+static gint hf_winreg_winreg_CreateKey_secdesc = -1;
+static gint hf_winreg_winreg_QueryMultipleValues_buffer = -1;
+static gint hf_winreg_winreg_GetVersion_version = -1;
+static gint hf_winreg_winreg_SetKeySecurity_access_mask = -1;
+static gint hf_winreg_winreg_NotifyChangeKeyValue_unknown = -1;
static gint hf_winreg_winreg_LoadKey_filename = -1;
-static gint hf_winreg_winreg_DeleteValue_value = -1;
+static gint hf_winreg_winreg_EnumValue_enum_index = -1;
+static gint hf_winreg_winreg_CreateKey_action_taken = -1;
+static gint hf_winreg_winreg_QueryValue_size = -1;
+static gint hf_winreg_winreg_QueryMultipleValues_buffer_size = -1;
static gint hf_winreg_system_name = -1;
+static gint hf_winreg_KeySecurityData_size = -1;
+static gint hf_winreg_winreg_EnumValue_value = -1;
+static gint hf_winreg_winreg_InitiateSystemShutdownEx_message = -1;
+static gint hf_winreg_winreg_QueryInfoKey_secdescsize = -1;
+static gint hf_winreg_sd_max_size = -1;
+static gint hf_winreg_winreg_QueryValue_data = -1;
+static gint hf_winreg_winreg_EnumValue_length = -1;
+static gint hf_winreg_winreg_SecBuf_length = -1;
+static gint hf_winreg_winreg_QueryValue_value_name = -1;
+static gint hf_winreg_winreg_QueryInfoKey_num_values = -1;
+static gint hf_winreg_winreg_InitiateSystemShutdown_reboot = -1;
+static gint hf_winreg_winreg_CreateKey_new_handle = -1;
+static gint hf_winreg_winreg_QueryValue_type = -1;
+static gint hf_winreg_winreg_AccessMask_CANT_HAVE_EMPTY_BITMAP_PIDL_BUG = -1;
+static gint hf_winreg_KeySecurityData_data = -1;
static gint hf_winreg_QueryMultipleValue_length = -1;
-static gint hf_winreg_winreg_QueryMultipleValues_num_values = -1;
-static gint hf_winreg_access_required = -1;
+static gint hf_winreg_winreg_LoadKey_keyname = -1;
+static gint hf_winreg_winreg_InitiateSystemShutdown_hostname = -1;
static gint hf_winreg_winreg_StringBuf_name = -1;
static gint hf_winreg_winreg_NotifyChangeKeyValue_unknown2 = -1;
-static gint hf_winreg_winreg_QueryInfoKey_num_subkeys = -1;
-static gint hf_winreg_winreg_StringBuf_length = -1;
-static gint hf_winreg_winreg_QueryInfoKey_last_changed_time = -1;
-static gint hf_winreg_winreg_OpenHKPD_access_mask = -1;
-static gint hf_winreg_winreg_AbortSystemShutdown_server = -1;
-static gint hf_winreg_winreg_QueryValue_type = -1;
-static gint hf_winreg_winreg_String_name_size = -1;
-static gint hf_winreg_winreg_NotifyChangeKeyValue_unknown = -1;
-static gint hf_winreg_winreg_QueryValue_length = -1;
-static gint hf_winreg_winreg_OpenHKCR_access_mask = -1;
-static gint hf_winreg_winreg_OpenKey_unknown = -1;
-static gint hf_winreg_winreg_QueryInfoKey_max_valbufsize = -1;
+static gint hf_winreg_winreg_EnumValue_name = -1;
static gint hf_winreg_winreg_InitiateSystemShutdownEx_reason = -1;
-static gint hf_winreg_winreg_OpenHKLM_access_mask = -1;
-static gint hf_winreg_winreg_SecBuf_inherit = -1;
-static gint hf_winreg_winreg_SetValue_size = -1;
-static gint hf_winreg_winreg_EnumValue_length = -1;
-static gint hf_winreg_winreg_QueryMultipleValues_values = -1;
-static gint hf_winreg_winreg_QueryInfoKey_max_subkeylen = -1;
-static gint hf_winreg_winreg_InitiateSystemShutdown_timeout = -1;
-static gint hf_winreg_winreg_InitiateSystemShutdownEx_hostname = -1;
-static gint hf_winreg_winreg_QueryInfoKey_class = -1;
+static gint hf_winreg_winreg_InitiateSystemShutdown_message = -1;
+static gint hf_winreg_winreg_DeleteValue_value = -1;
+static gint hf_winreg_winreg_SetValue_name = -1;
+static gint hf_winreg_winreg_NotifyChangeKeyValue_watch_subtree = -1;
+static gint hf_winreg_winreg_EnumKey_name = -1;
+static gint hf_winreg_winreg_QueryValue_length = -1;
+static gint hf_winreg_QueryMultipleValue_offset = -1;
+static gint hf_winreg_winreg_SecBuf_sd = -1;
static gint hf_winreg_werror = -1;
-static gint hf_winreg_winreg_OpenHKPN_access_mask = -1;
-static gint hf_winreg_winreg_GetVersion_version = -1;
-static gint hf_winreg_winreg_CreateKey_action_taken = -1;
-static gint hf_winreg_winreg_QueryInfoKey_num_values = -1;
-static gint hf_winreg_winreg_SetKeySecurity_data = -1;
+static gint hf_winreg_winreg_String_name_len = -1;
+static gint hf_winreg_opnum = -1;
+static gint hf_winreg_QueryMultipleValue_type = -1;
+static gint hf_winreg_winreg_QueryInfoKey_num_subkeys = -1;
+static gint hf_winreg_winreg_QueryInfoKey_class_in = -1;
+static gint hf_winreg_winreg_InitiateSystemShutdownEx_timeout = -1;
+static gint hf_winreg_handle = -1;
+static gint hf_winreg_winreg_GetKeySecurity_sec_info = -1;
+static gint hf_winreg_winreg_DeleteKey_key = -1;
+static gint hf_winreg_winreg_EnumKey_last_changed_time = -1;
+static gint hf_winreg_winreg_QueryInfoKey_max_subkeylen = -1;
+static gint hf_winreg_sd_actual_size = -1;
+static gint hf_winreg_winreg_AbortSystemShutdown_server = -1;
+static gint hf_winreg_sd_offset = -1;
+static gint hf_winreg_sd = -1;
static gint hf_winreg_winreg_EnumKey_enum_index = -1;
-static gint hf_winreg_winreg_SetValue_data = -1;
+static gint hf_winreg_winreg_QueryInfoKey_class_out = -1;
+static gint hf_winreg_winreg_InitiateSystemShutdownEx_hostname = -1;
+static gint hf_winreg_winreg_InitiateSystemShutdownEx_force_apps = -1;
+static gint hf_winreg_winreg_CreateKey_name = -1;
+static gint hf_winreg_winreg_StringBuf_size = -1;
+static gint hf_winreg_winreg_OpenKey_keyname = -1;
+static gint hf_winreg_KeySecurityData_len = -1;
static gint hf_winreg_winreg_InitiateSystemShutdown_force_apps = -1;
-static gint hf_winreg_winreg_EnumValue_value = -1;
-static gint hf_winreg_winreg_NotifyChangeKeyValue_string1 = -1;
-static gint hf_winreg_winreg_QueryMultipleValues_buffer = -1;
-static gint hf_winreg_winreg_OpenHKDD_access_mask = -1;
-static gint hf_winreg_winreg_SetKeySecurity_access_mask = -1;
-static gint hf_winreg_winreg_QueryValue_value_name = -1;
+static gint hf_winreg_winreg_OpenHKPD_access_mask = -1;
+static gint hf_winreg_winreg_EnumValue_size = -1;
+static gint hf_winreg_winreg_SetValue_size = -1;
+static gint hf_winreg_winreg_OpenKey_access_mask = -1;
+static gint hf_winreg_winreg_InitiateSystemShutdown_timeout = -1;
+static gint hf_winreg_winreg_QueryInfoKey_max_valnamelen = -1;
+static gint hf_winreg_winreg_QueryMultipleValues_num_values = -1;
static gint hf_winreg_winreg_OpenHKCU_access_mask = -1;
-static gint hf_winreg_winreg_GetKeySecurity_sd = -1;
-static gint hf_winreg_winreg_OpenHKU_access_mask = -1;
-static gint hf_winreg_winreg_NotifyChangeKeyValue_notify_filter = -1;
-static gint hf_winreg_QueryMultipleValue_offset = -1;
+static gint hf_winreg_winreg_String_name_size = -1;
+static gint hf_winreg_winreg_StringBuf_length = -1;
+static gint hf_winreg_winreg_NotifyChangeKeyValue_string1 = -1;
+static gint hf_winreg_winreg_NotifyChangeKeyValue_string2 = -1;
static gint proto_dcerpc_winreg = -1;
/* Version information */
@@ -143,6 +141,10 @@ static e_uuid_t uuid_dcerpc_winreg = {
};
static guint16 ver_dcerpc_winreg = 1;
+static const true_false_string winreg_AccessMask_CANT_HAVE_EMPTY_BITMAP_PIDL_BUG_tfs = {
+ "CANT_HAVE_EMPTY_BITMAP_PIDL_BUG is SET",
+ "CANT_HAVE_EMPTY_BITMAP_PIDL_BUG is NOT SET",
+};
const value_string winreg_winreg_Type_vals[] = {
{ REG_NONE, "REG_NONE" },
{ REG_SZ, "REG_SZ" },
@@ -280,9 +282,12 @@ static int winreg_dissect_element_OpenKey_handle_(tvbuff_t *tvb, int offset, pac
static int winreg_dissect_element_OpenKey_keyname(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int winreg_dissect_element_OpenKey_unknown(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int winreg_dissect_element_OpenKey_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
+static int winreg_dissect_element_OpenKey_new_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
+static int winreg_dissect_element_OpenKey_new_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int winreg_dissect_element_QueryInfoKey_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int winreg_dissect_element_QueryInfoKey_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
-static int winreg_dissect_element_QueryInfoKey_class(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
+static int winreg_dissect_element_QueryInfoKey_class_in(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
+static int winreg_dissect_element_QueryInfoKey_class_out(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int winreg_dissect_element_QueryInfoKey_num_subkeys(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int winreg_dissect_element_QueryInfoKey_max_subkeylen(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int winreg_dissect_element_QueryInfoKey_max_subkeysize(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
@@ -306,8 +311,8 @@ static int winreg_dissect_element_QueryValue_length_(tvbuff_t *tvb, int offset,
static int winreg_dissect_element_SetKeySecurity_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int winreg_dissect_element_SetKeySecurity_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int winreg_dissect_element_SetKeySecurity_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
-static int winreg_dissect_element_SetKeySecurity_data(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
-static int winreg_dissect_element_SetKeySecurity_data_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
+static int winreg_dissect_element_SetKeySecurity_sd(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
+static int winreg_dissect_element_SetKeySecurity_sd_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int winreg_dissect_element_SetValue_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int winreg_dissect_element_SetValue_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int winreg_dissect_element_SetValue_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
@@ -367,6 +372,51 @@ static int winreg_dissect_element_OpenHKPN_system_name_(tvbuff_t *tvb, int offse
static int winreg_dissect_element_OpenHKPN_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int winreg_dissect_element_OpenHKPN_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int winreg_dissect_element_OpenHKPN_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
+static void
+winreg_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint32 access)
+{
+ proto_tree_add_boolean(tree, hf_winreg_winreg_AccessMask_CANT_HAVE_EMPTY_BITMAP_PIDL_BUG, tvb, offset, 4, access);
+}
+struct access_mask_info winreg_access_mask_info = {
+ "WINREG", /* Name of specific rights */
+ winreg_specific_rights, /* Dissection function */
+ NULL, /* Generic mapping table */
+ NULL /* Standard mapping table */
+};
+static int
+winreg_dissect_element_KeySecurityData_data_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+ guint32 len;
+ dcerpc_info *di;
+ di=pinfo->private_data;
+ if(di->conformant_run){
+ /*just a run to handle conformant arrays, nothing to dissect */
+ return offset;
+ }
+ /* this is a varying and conformant array */
+ offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+ hf_winreg_sd_max_size, NULL);
+ offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+ hf_winreg_sd_offset, NULL);
+ offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+ hf_winreg_sd_actual_size, &len);
+ dissect_nt_sec_desc(tvb, offset, pinfo, tree, drep, TRUE, len,
+ &winreg_access_mask_info);
+ offset += len;
+ return offset;
+}
+int
+winreg_dissect_bitmap_AccessMask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int hf_index, guint32 param _U_)
+{
+ offset = dissect_nt_access_mask(
+ tvb, offset, pinfo, tree, drep, hf_winreg_access_mask,
+ &winreg_access_mask_info, NULL);
+ return offset;
+}
+
+/* IDL: typedef bitmap { */
+/* IDL: CANT_HAVE_EMPTY_BITMAP_PIDL_BUG = 0x00000001 , */
+/* IDL: } winreg_AccessMask; */
/* IDL: typedef enum { */
/* IDL: REG_NONE=0, */
@@ -391,9 +441,9 @@ winreg_dissect_enum_Type(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tr
}
/* IDL: typedef struct { */
-/* IDL: [value(strlen_m_term(name)*2)] uint16 name_len; */
-/* IDL: [value(strlen_m_term(name)*2)] uint16 name_size; */
-/* IDL: [unique(1)] [charset(UTF16)] uint16 *name; */
+/* IDL: [keepref(1)] [value(strlen_m_term(name)*2)] uint16 name_len; */
+/* IDL: [keepref(1)] [value(strlen_m_term(name)*2)] uint16 name_size; */
+/* IDL: [charset(UTF16)] [keepref(1)] [unique(1)] uint16 *name; */
/* IDL: } winreg_String; */
static int
@@ -442,7 +492,7 @@ winreg_dissect_struct_String(tvbuff_t *tvb, int offset, packet_info *pinfo, prot
old_offset = offset;
- if(parent_tree){
+ if (parent_tree) {
item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE);
tree = proto_item_add_subtree(item, ett_winreg_winreg_String);
}
@@ -460,9 +510,9 @@ winreg_dissect_struct_String(tvbuff_t *tvb, int offset, packet_info *pinfo, prot
}
/* IDL: typedef struct { */
-/* IDL: [unique(1)] [length_is(len)] [size_is(size)] uint8 *data; */
-/* IDL: uint32 size; */
-/* IDL: uint32 len; */
+/* IDL: [keepref(1)] [size_is(size)] [length_is(len)] [unique(1)] uint8 *data; */
+/* IDL: [keepref(1)] uint32 size; */
+/* IDL: [keepref(1)] uint32 len; */
/* IDL: } KeySecurityData; */
static int
@@ -474,22 +524,6 @@ winreg_dissect_element_KeySecurityData_data(tvbuff_t *tvb, int offset, packet_in
}
static int
-winreg_dissect_element_KeySecurityData_data_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
-{
- offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep, winreg_dissect_element_KeySecurityData_data__);
-
- return offset;
-}
-
-static int
-winreg_dissect_element_KeySecurityData_data__(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
-{
- offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep, hf_winreg_KeySecurityData_data,NULL);
-
- return offset;
-}
-
-static int
winreg_dissect_element_KeySecurityData_size(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_KeySecurityData_size,NULL);
@@ -516,7 +550,7 @@ winreg_dissect_struct_KeySecurityData(tvbuff_t *tvb, int offset, packet_info *pi
old_offset = offset;
- if(parent_tree){
+ if (parent_tree) {
item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE);
tree = proto_item_add_subtree(item, ett_winreg_KeySecurityData);
}
@@ -534,9 +568,9 @@ winreg_dissect_struct_KeySecurityData(tvbuff_t *tvb, int offset, packet_info *pi
}
/* IDL: typedef struct { */
-/* IDL: uint32 length; */
-/* IDL: KeySecurityData sd; */
-/* IDL: uint8 inherit; */
+/* IDL: [keepref(1)] uint32 length; */
+/* IDL: [keepref(1)] KeySecurityData sd; */
+/* IDL: [keepref(1)] uint8 inherit; */
/* IDL: } winreg_SecBuf; */
static int
@@ -574,7 +608,7 @@ winreg_dissect_struct_SecBuf(tvbuff_t *tvb, int offset, packet_info *pinfo, prot
old_offset = offset;
- if(parent_tree){
+ if (parent_tree) {
item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE);
tree = proto_item_add_subtree(item, ett_winreg_winreg_SecBuf);
}
@@ -605,9 +639,9 @@ winreg_dissect_enum_CreateAction(tvbuff_t *tvb, int offset, packet_info *pinfo,
}
/* IDL: typedef struct { */
-/* IDL: [value(strlen_m(name)*2)] uint16 length; */
-/* IDL: uint16 size; */
-/* IDL: [unique(1)] [length_is(length/2)] [charset(UTF16)] [size_is(size/2)] uint16 *name; */
+/* IDL: [keepref(1)] [value(strlen_m_term(name)*2)] uint16 length; */
+/* IDL: [keepref(1)] uint16 size; */
+/* IDL: [charset(UTF16)] [keepref(1)] [size_is(size/2)] [length_is(length/2)] [unique(1)] uint16 *name; */
/* IDL: } winreg_StringBuf; */
static int
@@ -661,7 +695,7 @@ winreg_dissect_struct_StringBuf(tvbuff_t *tvb, int offset, packet_info *pinfo, p
old_offset = offset;
- if(parent_tree){
+ if (parent_tree) {
item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE);
tree = proto_item_add_subtree(item, ett_winreg_winreg_StringBuf);
}
@@ -679,10 +713,10 @@ winreg_dissect_struct_StringBuf(tvbuff_t *tvb, int offset, packet_info *pinfo, p
}
/* IDL: typedef struct { */
-/* IDL: [unique(1)] winreg_String *name; */
-/* IDL: winreg_Type type; */
-/* IDL: uint32 offset; */
-/* IDL: uint32 length; */
+/* IDL: [keepref(1)] [unique(1)] winreg_String *name; */
+/* IDL: [keepref(1)] winreg_Type type; */
+/* IDL: [keepref(1)] uint32 offset; */
+/* IDL: [keepref(1)] uint32 length; */
/* IDL: } QueryMultipleValue; */
static int
@@ -736,7 +770,7 @@ winreg_dissect_struct_QueryMultipleValue(tvbuff_t *tvb, int offset, packet_info
old_offset = offset;
- if(parent_tree){
+ if (parent_tree) {
item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE);
tree = proto_item_add_subtree(item, ett_winreg_QueryMultipleValue);
}
@@ -774,7 +808,7 @@ winreg_dissect_element_OpenHKCR_system_name_(tvbuff_t *tvb, int offset, packet_i
static int
winreg_dissect_element_OpenHKCR_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKCR_access_mask,NULL);
+ offset = winreg_dissect_bitmap_AccessMask(tvb, offset, pinfo, tree, drep, hf_winreg_access_mask, 0);
return offset;
}
@@ -790,15 +824,15 @@ winreg_dissect_element_OpenHKCR_handle(tvbuff_t *tvb, int offset, packet_info *p
static int
winreg_dissect_element_OpenHKCR_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 0&0x01, 0&0x02);
+ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 1&0x01, 1&0x02);
return offset;
}
/* IDL: WERROR winreg_OpenHKCR( */
-/* IDL: [unique(1)] [in] uint16 *system_name, */
-/* IDL: [in] uint32 access_mask, */
-/* IDL: [out] [ref] policy_handle *handle */
+/* IDL: [keepref(1)] [unique(1)] [in] uint16 *system_name, */
+/* IDL: [keepref(1)] [in] winreg_AccessMask access_mask, */
+/* IDL: [keepref(1)] [out] [ref] policy_handle *handle */
/* IDL: ); */
static int
@@ -846,7 +880,7 @@ winreg_dissect_element_OpenHKCU_system_name_(tvbuff_t *tvb, int offset, packet_i
static int
winreg_dissect_element_OpenHKCU_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKCU_access_mask,NULL);
+ offset = winreg_dissect_bitmap_AccessMask(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKCU_access_mask, 0);
return offset;
}
@@ -862,15 +896,15 @@ winreg_dissect_element_OpenHKCU_handle(tvbuff_t *tvb, int offset, packet_info *p
static int
winreg_dissect_element_OpenHKCU_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 0&0x01, 0&0x02);
+ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 1&0x01, 1&0x02);
return offset;
}
/* IDL: WERROR winreg_OpenHKCU( */
-/* IDL: [unique(1)] [in] uint16 *system_name, */
-/* IDL: [in] uint32 access_mask, */
-/* IDL: [out] [ref] policy_handle *handle */
+/* IDL: [keepref(1)] [unique(1)] [in] uint16 *system_name, */
+/* IDL: [keepref(1)] [in] winreg_AccessMask access_mask, */
+/* IDL: [keepref(1)] [out] [ref] policy_handle *handle */
/* IDL: ); */
static int
@@ -918,7 +952,7 @@ winreg_dissect_element_OpenHKLM_system_name_(tvbuff_t *tvb, int offset, packet_i
static int
winreg_dissect_element_OpenHKLM_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKLM_access_mask,NULL);
+ offset = winreg_dissect_bitmap_AccessMask(tvb, offset, pinfo, tree, drep, hf_winreg_access_mask, 0);
return offset;
}
@@ -934,15 +968,15 @@ winreg_dissect_element_OpenHKLM_handle(tvbuff_t *tvb, int offset, packet_info *p
static int
winreg_dissect_element_OpenHKLM_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 0&0x01, 0&0x02);
+ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 1&0x01, 1&0x02);
return offset;
}
/* IDL: WERROR winreg_OpenHKLM( */
-/* IDL: [unique(1)] [in] uint16 *system_name, */
-/* IDL: [in] uint32 access_mask, */
-/* IDL: [out] [ref] policy_handle *handle */
+/* IDL: [keepref(1)] [unique(1)] [in] uint16 *system_name, */
+/* IDL: [keepref(1)] [in] winreg_AccessMask access_mask, */
+/* IDL: [keepref(1)] [out] [ref] policy_handle *handle */
/* IDL: ); */
static int
@@ -990,7 +1024,7 @@ winreg_dissect_element_OpenHKPD_system_name_(tvbuff_t *tvb, int offset, packet_i
static int
winreg_dissect_element_OpenHKPD_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKPD_access_mask,NULL);
+ offset = winreg_dissect_bitmap_AccessMask(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKPD_access_mask, 0);
return offset;
}
@@ -1006,15 +1040,15 @@ winreg_dissect_element_OpenHKPD_handle(tvbuff_t *tvb, int offset, packet_info *p
static int
winreg_dissect_element_OpenHKPD_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 0&0x01, 0&0x02);
+ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 1&0x01, 1&0x02);
return offset;
}
/* IDL: WERROR winreg_OpenHKPD( */
-/* IDL: [unique(1)] [in] uint16 *system_name, */
-/* IDL: [in] uint32 access_mask, */
-/* IDL: [out] [ref] policy_handle *handle */
+/* IDL: [keepref(1)] [unique(1)] [in] uint16 *system_name, */
+/* IDL: [keepref(1)] [in] winreg_AccessMask access_mask, */
+/* IDL: [keepref(1)] [out] [ref] policy_handle *handle */
/* IDL: ); */
static int
@@ -1062,7 +1096,7 @@ winreg_dissect_element_OpenHKU_system_name_(tvbuff_t *tvb, int offset, packet_in
static int
winreg_dissect_element_OpenHKU_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKU_access_mask,NULL);
+ offset = winreg_dissect_bitmap_AccessMask(tvb, offset, pinfo, tree, drep, hf_winreg_access_mask, 0);
return offset;
}
@@ -1078,15 +1112,15 @@ winreg_dissect_element_OpenHKU_handle(tvbuff_t *tvb, int offset, packet_info *pi
static int
winreg_dissect_element_OpenHKU_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 0&0x01, 0&0x02);
+ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 1&0x01, 1&0x02);
return offset;
}
/* IDL: WERROR winreg_OpenHKU( */
-/* IDL: [unique(1)] [in] uint16 *system_name, */
-/* IDL: [in] uint32 access_mask, */
-/* IDL: [out] [ref] policy_handle *handle */
+/* IDL: [keepref(1)] [unique(1)] [in] uint16 *system_name, */
+/* IDL: [keepref(1)] [in] winreg_AccessMask access_mask, */
+/* IDL: [keepref(1)] [out] [ref] policy_handle *handle */
/* IDL: ); */
static int
@@ -1126,13 +1160,13 @@ winreg_dissect_element_CloseKey_handle(tvbuff_t *tvb, int offset, packet_info *p
static int
winreg_dissect_element_CloseKey_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 0&0x01, 0&0x02);
+ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 1&0x01, 1&0x02);
return offset;
}
/* IDL: WERROR winreg_CloseKey( */
-/* IDL: [out] [in] [ref] policy_handle *handle */
+/* IDL: [keepref(1)] [out] [in] [ref] policy_handle *handle */
/* IDL: ); */
static int
@@ -1202,7 +1236,7 @@ winreg_dissect_element_CreateKey_options(tvbuff_t *tvb, int offset, packet_info
static int
winreg_dissect_element_CreateKey_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_CreateKey_access_mask,NULL);
+ offset = winreg_dissect_bitmap_AccessMask(tvb, offset, pinfo, tree, drep, hf_winreg_access_mask, 0);
return offset;
}
@@ -1234,7 +1268,7 @@ winreg_dissect_element_CreateKey_new_handle(tvbuff_t *tvb, int offset, packet_in
static int
winreg_dissect_element_CreateKey_new_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_CreateKey_new_handle, NULL, NULL, 0&0x01, 0&0x02);
+ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_CreateKey_new_handle, NULL, NULL, 1&0x01, 1&0x02);
return offset;
}
@@ -1256,14 +1290,14 @@ winreg_dissect_element_CreateKey_action_taken_(tvbuff_t *tvb, int offset, packet
}
/* IDL: WERROR winreg_CreateKey( */
-/* IDL: [in] [ref] policy_handle *handle, */
-/* IDL: [in] winreg_String name, */
-/* IDL: [in] winreg_String class, */
-/* IDL: [in] uint32 options, */
-/* IDL: [in] uint32 access_mask, */
-/* IDL: [unique(1)] [in] winreg_SecBuf *secdesc, */
-/* IDL: [out] [ref] policy_handle *new_handle, */
-/* IDL: [out] [unique(1)] [in] winreg_CreateAction *action_taken */
+/* IDL: [keepref(1)] [in] [ref] policy_handle *handle, */
+/* IDL: [keepref(1)] [in] winreg_String name, */
+/* IDL: [keepref(1)] [in] winreg_String class, */
+/* IDL: [keepref(1)] [in] uint32 options, */
+/* IDL: [keepref(1)] [in] winreg_AccessMask access_mask, */
+/* IDL: [keepref(1)] [in] [unique(1)] winreg_SecBuf *secdesc, */
+/* IDL: [keepref(1)] [out] [ref] policy_handle *new_handle, */
+/* IDL: [keepref(1)] [out] [in] [unique(1)] winreg_CreateAction *action_taken */
/* IDL: ); */
static int
@@ -1316,7 +1350,7 @@ winreg_dissect_element_DeleteKey_handle(tvbuff_t *tvb, int offset, packet_info *
static int
winreg_dissect_element_DeleteKey_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 0&0x01, 0&0x02);
+ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 1&0x01, 1&0x02);
return offset;
}
@@ -1330,8 +1364,8 @@ winreg_dissect_element_DeleteKey_key(tvbuff_t *tvb, int offset, packet_info *pin
}
/* IDL: WERROR winreg_DeleteKey( */
-/* IDL: [in] [ref] policy_handle *handle, */
-/* IDL: [in] winreg_String key */
+/* IDL: [keepref(1)] [in] [ref] policy_handle *handle, */
+/* IDL: [keepref(1)] [in] winreg_String key */
/* IDL: ); */
static int
@@ -1382,8 +1416,8 @@ winreg_dissect_element_DeleteValue_value(tvbuff_t *tvb, int offset, packet_info
}
/* IDL: WERROR winreg_DeleteValue( */
-/* IDL: [in] [ref] policy_handle *handle, */
-/* IDL: [in] winreg_String value */
+/* IDL: [keepref(1)] [in] [ref] policy_handle *handle, */
+/* IDL: [keepref(1)] [in] winreg_String value */
/* IDL: ); */
static int
@@ -1482,11 +1516,11 @@ winreg_dissect_element_EnumKey_last_changed_time_(tvbuff_t *tvb, int offset, pac
}
/* IDL: WERROR winreg_EnumKey( */
-/* IDL: [in] [ref] policy_handle *handle, */
-/* IDL: [in] uint32 enum_index, */
-/* IDL: [out] [in] [ref] winreg_StringBuf *name, */
-/* IDL: [out] [unique(1)] [in] winreg_StringBuf *class, */
-/* IDL: [out] [unique(1)] [in] NTTIME *last_changed_time */
+/* IDL: [keepref(1)] [in] [ref] policy_handle *handle, */
+/* IDL: [keepref(1)] [in] uint32 enum_index, */
+/* IDL: [keepref(1)] [out] [in] [ref] winreg_StringBuf *name, */
+/* IDL: [keepref(1)] [out] [in] [unique(1)] winreg_StringBuf *class, */
+/* IDL: [keepref(1)] [out] [in] [unique(1)] NTTIME *last_changed_time */
/* IDL: ); */
static int
@@ -1640,13 +1674,13 @@ winreg_dissect_element_EnumValue_length_(tvbuff_t *tvb, int offset, packet_info
}
/* IDL: WERROR winreg_EnumValue( */
-/* IDL: [in] [ref] policy_handle *handle, */
-/* IDL: [in] uint32 enum_index, */
-/* IDL: [out] [in] [ref] winreg_StringBuf *name, */
-/* IDL: [out] [unique(1)] [in] winreg_Type *type, */
-/* IDL: [out] [unique(1)] [in] [length_is(*length)] [size_is(*size)] uint8 *value, */
-/* IDL: [out] [unique(1)] [in] uint32 *size, */
-/* IDL: [out] [unique(1)] [in] uint32 *length */
+/* IDL: [keepref(1)] [in] [ref] policy_handle *handle, */
+/* IDL: [keepref(1)] [in] uint32 enum_index, */
+/* IDL: [keepref(1)] [out] [in] [ref] winreg_StringBuf *name, */
+/* IDL: [keepref(1)] [out] [in] [unique(1)] winreg_Type *type, */
+/* IDL: [keepref(1)] [size_is(*size)] [length_is(*length)] [out] [in] [unique(1)] uint8 *value, */
+/* IDL: [keepref(1)] [out] [in] [unique(1)] uint32 *size, */
+/* IDL: [keepref(1)] [out] [in] [unique(1)] uint32 *length */
/* IDL: ); */
static int
@@ -1714,7 +1748,7 @@ winreg_dissect_element_FlushKey_handle_(tvbuff_t *tvb, int offset, packet_info *
}
/* IDL: WERROR winreg_FlushKey( */
-/* IDL: [in] [ref] policy_handle *handle */
+/* IDL: [keepref(1)] [in] [ref] policy_handle *handle */
/* IDL: ); */
static int
@@ -1765,7 +1799,7 @@ winreg_dissect_element_GetKeySecurity_sec_info(tvbuff_t *tvb, int offset, packet
static int
winreg_dissect_element_GetKeySecurity_sd(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_GetKeySecurity_sd_, NDR_POINTER_REF, "Pointer to Sd (KeySecurityData)",hf_winreg_winreg_GetKeySecurity_sd);
+ offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_GetKeySecurity_sd_, NDR_POINTER_REF, "Pointer to Sd (KeySecurityData)",hf_winreg_sd);
return offset;
}
@@ -1773,15 +1807,15 @@ winreg_dissect_element_GetKeySecurity_sd(tvbuff_t *tvb, int offset, packet_info
static int
winreg_dissect_element_GetKeySecurity_sd_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = winreg_dissect_struct_KeySecurityData(tvb,offset,pinfo,tree,drep,hf_winreg_winreg_GetKeySecurity_sd,0);
+ offset = winreg_dissect_struct_KeySecurityData(tvb,offset,pinfo,tree,drep,hf_winreg_sd,0);
return offset;
}
/* IDL: WERROR winreg_GetKeySecurity( */
-/* IDL: [in] [ref] policy_handle *handle, */
-/* IDL: [in] security_secinfo sec_info, */
-/* IDL: [out] [in] [ref] KeySecurityData *sd */
+/* IDL: [keepref(1)] [in] [ref] policy_handle *handle, */
+/* IDL: [keepref(1)] [in] security_secinfo sec_info, */
+/* IDL: [keepref(1)] [out] [in] [ref] KeySecurityData *sd */
/* IDL: ); */
static int
@@ -1861,9 +1895,9 @@ winreg_dissect_element_LoadKey_filename_(tvbuff_t *tvb, int offset, packet_info
}
/* IDL: WERROR winreg_LoadKey( */
-/* IDL: [in] [ref] policy_handle *handle, */
-/* IDL: [unique(1)] [in] winreg_String *keyname, */
-/* IDL: [unique(1)] [in] winreg_String *filename */
+/* IDL: [keepref(1)] [in] [ref] policy_handle *handle, */
+/* IDL: [keepref(1)] [unique(1)] [in] winreg_String *keyname, */
+/* IDL: [keepref(1)] [unique(1)] [in] winreg_String *filename */
/* IDL: ); */
static int
@@ -1956,13 +1990,13 @@ winreg_dissect_element_NotifyChangeKeyValue_unknown2(tvbuff_t *tvb, int offset,
}
/* IDL: WERROR winreg_NotifyChangeKeyValue( */
-/* IDL: [in] [ref] policy_handle *handle, */
-/* IDL: [in] uint8 watch_subtree, */
-/* IDL: [in] uint32 notify_filter, */
-/* IDL: [in] uint32 unknown, */
-/* IDL: [in] winreg_String string1, */
-/* IDL: [in] winreg_String string2, */
-/* IDL: [in] uint32 unknown2 */
+/* IDL: [keepref(1)] [in] [ref] policy_handle *handle, */
+/* IDL: [keepref(1)] [in] uint8 watch_subtree, */
+/* IDL: [keepref(1)] [in] uint32 notify_filter, */
+/* IDL: [keepref(1)] [in] uint32 unknown, */
+/* IDL: [keepref(1)] [in] winreg_String string1, */
+/* IDL: [keepref(1)] [in] winreg_String string2, */
+/* IDL: [keepref(1)] [in] uint32 unknown2 */
/* IDL: ); */
static int
@@ -2033,17 +2067,33 @@ winreg_dissect_element_OpenKey_unknown(tvbuff_t *tvb, int offset, packet_info *p
static int
winreg_dissect_element_OpenKey_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenKey_access_mask,NULL);
+ offset = winreg_dissect_bitmap_AccessMask(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenKey_access_mask, 0);
+
+ return offset;
+}
+
+static int
+winreg_dissect_element_OpenKey_new_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+ offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_OpenKey_new_handle_, NDR_POINTER_REF, "Pointer to New Handle (policy_handle)",hf_winreg_winreg_OpenKey_new_handle);
+
+ return offset;
+}
+
+static int
+winreg_dissect_element_OpenKey_new_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenKey_new_handle, NULL, NULL, 1&0x01, 1&0x02);
return offset;
}
/* IDL: WERROR winreg_OpenKey( */
-/* IDL: [in] [ref] policy_handle *handle, */
-/* IDL: [in] winreg_String keyname, */
-/* IDL: [in] uint32 unknown, */
-/* IDL: [in] uint32 access_mask, */
-/* IDL: [out] [ref] policy_handle *handle */
+/* IDL: [keepref(1)] [in] [ref] policy_handle *handle, */
+/* IDL: [keepref(1)] [in] winreg_String keyname, */
+/* IDL: [keepref(1)] [in] uint32 unknown, */
+/* IDL: [keepref(1)] [in] winreg_AccessMask access_mask, */
+/* IDL: [keepref(1)] [out] [ref] policy_handle *new_handle */
/* IDL: ); */
static int
@@ -2051,7 +2101,7 @@ winreg_dissect_OpenKey_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *
{
guint32 status;
- offset = winreg_dissect_element_OpenKey_handle(tvb, offset, pinfo, tree, drep);
+ offset = winreg_dissect_element_OpenKey_new_handle(tvb, offset, pinfo, tree, drep);
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, &status);
@@ -2093,9 +2143,17 @@ winreg_dissect_element_QueryInfoKey_handle_(tvbuff_t *tvb, int offset, packet_in
}
static int
-winreg_dissect_element_QueryInfoKey_class(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+winreg_dissect_element_QueryInfoKey_class_in(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+ offset = winreg_dissect_struct_String(tvb,offset,pinfo,tree,drep,hf_winreg_winreg_QueryInfoKey_class_in,0);
+
+ return offset;
+}
+
+static int
+winreg_dissect_element_QueryInfoKey_class_out(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = winreg_dissect_struct_String(tvb,offset,pinfo,tree,drep,hf_winreg_winreg_QueryInfoKey_class,0);
+ offset = winreg_dissect_struct_String(tvb,offset,pinfo,tree,drep,hf_winreg_winreg_QueryInfoKey_class_out,0);
return offset;
}
@@ -2165,17 +2223,17 @@ winreg_dissect_element_QueryInfoKey_last_changed_time(tvbuff_t *tvb, int offset,
}
/* IDL: WERROR winreg_QueryInfoKey( */
-/* IDL: [in] [ref] policy_handle *handle, */
-/* IDL: [in] winreg_String class, */
-/* IDL: [out] winreg_String class, */
-/* IDL: [out] uint32 num_subkeys, */
-/* IDL: [out] uint32 max_subkeylen, */
-/* IDL: [out] uint32 max_subkeysize, */
-/* IDL: [out] uint32 num_values, */
-/* IDL: [out] uint32 max_valnamelen, */
-/* IDL: [out] uint32 max_valbufsize, */
-/* IDL: [out] uint32 secdescsize, */
-/* IDL: [out] NTTIME last_changed_time */
+/* IDL: [keepref(1)] [in] [ref] policy_handle *handle, */
+/* IDL: [keepref(1)] [in] winreg_String class_in, */
+/* IDL: [keepref(1)] [out] winreg_String class_out, */
+/* IDL: [keepref(1)] [out] uint32 num_subkeys, */
+/* IDL: [keepref(1)] [out] uint32 max_subkeylen, */
+/* IDL: [keepref(1)] [out] uint32 max_subkeysize, */
+/* IDL: [keepref(1)] [out] uint32 num_values, */
+/* IDL: [keepref(1)] [out] uint32 max_valnamelen, */
+/* IDL: [keepref(1)] [out] uint32 max_valbufsize, */
+/* IDL: [keepref(1)] [out] uint32 secdescsize, */
+/* IDL: [keepref(1)] [out] NTTIME last_changed_time */
/* IDL: ); */
static int
@@ -2183,7 +2241,7 @@ winreg_dissect_QueryInfoKey_response(tvbuff_t *tvb _U_, int offset _U_, packet_i
{
guint32 status;
- offset = winreg_dissect_element_QueryInfoKey_class(tvb, offset, pinfo, tree, drep);
+ offset = winreg_dissect_element_QueryInfoKey_class_out(tvb, offset, pinfo, tree, drep);
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
offset = winreg_dissect_element_QueryInfoKey_num_subkeys(tvb, offset, pinfo, tree, drep);
@@ -2223,7 +2281,7 @@ winreg_dissect_QueryInfoKey_request(tvbuff_t *tvb _U_, int offset _U_, packet_in
{
offset = winreg_dissect_element_QueryInfoKey_handle(tvb, offset, pinfo, tree, drep);
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
- offset = winreg_dissect_element_QueryInfoKey_class(tvb, offset, pinfo, tree, drep);
+ offset = winreg_dissect_element_QueryInfoKey_class_in(tvb, offset, pinfo, tree, drep);
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
return offset;
}
@@ -2325,12 +2383,12 @@ winreg_dissect_element_QueryValue_length_(tvbuff_t *tvb, int offset, packet_info
}
/* IDL: WERROR winreg_QueryValue( */
-/* IDL: [in] [ref] policy_handle *handle, */
-/* IDL: [in] winreg_String value_name, */
-/* IDL: [unique(1)] [out] [in] winreg_Type *type, */
-/* IDL: [unique(1)] [out] [in] [length_is(*length)] [size_is(*size)] uint8 *data, */
-/* IDL: [unique(1)] [out] [in] uint32 *size, */
-/* IDL: [unique(1)] [out] [in] uint32 *length */
+/* IDL: [keepref(1)] [in] [ref] policy_handle *handle, */
+/* IDL: [keepref(1)] [in] winreg_String value_name, */
+/* IDL: [keepref(1)] [out] [unique(1)] [in] winreg_Type *type, */
+/* IDL: [keepref(1)] [size_is(*size)] [length_is(*length)] [out] [unique(1)] [in] uint8 *data, */
+/* IDL: [keepref(1)] [out] [unique(1)] [in] uint32 *size, */
+/* IDL: [keepref(1)] [out] [unique(1)] [in] uint32 *length */
/* IDL: ); */
static int
@@ -2464,31 +2522,31 @@ winreg_dissect_element_SetKeySecurity_handle_(tvbuff_t *tvb, int offset, packet_
static int
winreg_dissect_element_SetKeySecurity_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_SetKeySecurity_access_mask,NULL);
+ offset = winreg_dissect_bitmap_AccessMask(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_SetKeySecurity_access_mask, 0);
return offset;
}
static int
-winreg_dissect_element_SetKeySecurity_data(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+winreg_dissect_element_SetKeySecurity_sd(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_SetKeySecurity_data_, NDR_POINTER_REF, "Pointer to Data (KeySecurityData)",hf_winreg_winreg_SetKeySecurity_data);
+ offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_SetKeySecurity_sd_, NDR_POINTER_REF, "Pointer to Sd (KeySecurityData)",hf_winreg_sd);
return offset;
}
static int
-winreg_dissect_element_SetKeySecurity_data_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+winreg_dissect_element_SetKeySecurity_sd_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = winreg_dissect_struct_KeySecurityData(tvb,offset,pinfo,tree,drep,hf_winreg_winreg_SetKeySecurity_data,0);
+ offset = winreg_dissect_struct_KeySecurityData(tvb,offset,pinfo,tree,drep,hf_winreg_sd,0);
return offset;
}
/* IDL: WERROR winreg_SetKeySecurity( */
-/* IDL: [in] [ref] policy_handle *handle, */
-/* IDL: [in] uint32 access_mask, */
-/* IDL: [out] [in] [ref] KeySecurityData *data */
+/* IDL: [keepref(1)] [in] [ref] policy_handle *handle, */
+/* IDL: [keepref(1)] [in] winreg_AccessMask access_mask, */
+/* IDL: [keepref(1)] [out] [in] [ref] KeySecurityData *sd */
/* IDL: ); */
static int
@@ -2496,7 +2554,7 @@ winreg_dissect_SetKeySecurity_response(tvbuff_t *tvb _U_, int offset _U_, packet
{
guint32 status;
- offset = winreg_dissect_element_SetKeySecurity_data(tvb, offset, pinfo, tree, drep);
+ offset = winreg_dissect_element_SetKeySecurity_sd(tvb, offset, pinfo, tree, drep);
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, &status);
@@ -2514,7 +2572,7 @@ winreg_dissect_SetKeySecurity_request(tvbuff_t *tvb _U_, int offset _U_, packet_
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
offset = winreg_dissect_element_SetKeySecurity_access_mask(tvb, offset, pinfo, tree, drep);
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
- offset = winreg_dissect_element_SetKeySecurity_data(tvb, offset, pinfo, tree, drep);
+ offset = winreg_dissect_element_SetKeySecurity_sd(tvb, offset, pinfo, tree, drep);
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
return offset;
}
@@ -2584,11 +2642,11 @@ winreg_dissect_element_SetValue_size(tvbuff_t *tvb, int offset, packet_info *pin
}
/* IDL: WERROR winreg_SetValue( */
-/* IDL: [in] [ref] policy_handle *handle, */
-/* IDL: [in] winreg_String name, */
-/* IDL: [in] winreg_Type type, */
-/* IDL: [in] [ref] [size_is(size)] uint8 *data, */
-/* IDL: [in] uint32 size */
+/* IDL: [keepref(1)] [in] [ref] policy_handle *handle, */
+/* IDL: [keepref(1)] [in] winreg_String name, */
+/* IDL: [keepref(1)] [in] winreg_Type type, */
+/* IDL: [keepref(1)] [size_is(size)] [in] [ref] uint8 *data, */
+/* IDL: [keepref(1)] [in] uint32 size */
/* IDL: ); */
static int
@@ -2700,11 +2758,11 @@ winreg_dissect_element_InitiateSystemShutdown_reboot(tvbuff_t *tvb, int offset,
}
/* IDL: WERROR winreg_InitiateSystemShutdown( */
-/* IDL: [unique(1)] [in] uint16 *hostname, */
-/* IDL: [unique(1)] [in] initshutdown_String *message, */
-/* IDL: [in] uint32 timeout, */
-/* IDL: [in] uint8 force_apps, */
-/* IDL: [in] uint8 reboot */
+/* IDL: [keepref(1)] [unique(1)] [in] uint16 *hostname, */
+/* IDL: [keepref(1)] [unique(1)] [in] initshutdown_String *message, */
+/* IDL: [keepref(1)] [in] uint32 timeout, */
+/* IDL: [keepref(1)] [in] uint8 force_apps, */
+/* IDL: [keepref(1)] [in] uint8 reboot */
/* IDL: ); */
static int
@@ -2753,7 +2811,7 @@ winreg_dissect_element_AbortSystemShutdown_server_(tvbuff_t *tvb, int offset, pa
}
/* IDL: WERROR winreg_AbortSystemShutdown( */
-/* IDL: [unique(1)] [in] uint16 *server */
+/* IDL: [keepref(1)] [unique(1)] [in] uint16 *server */
/* IDL: ); */
static int
@@ -2802,8 +2860,8 @@ winreg_dissect_element_GetVersion_version(tvbuff_t *tvb, int offset, packet_info
}
/* IDL: WERROR winreg_GetVersion( */
-/* IDL: [in] [ref] policy_handle *handle, */
-/* IDL: [out] uint32 version */
+/* IDL: [keepref(1)] [in] [ref] policy_handle *handle, */
+/* IDL: [keepref(1)] [out] uint32 version */
/* IDL: ); */
static int
@@ -2849,7 +2907,7 @@ winreg_dissect_element_OpenHKCC_system_name_(tvbuff_t *tvb, int offset, packet_i
static int
winreg_dissect_element_OpenHKCC_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKCC_access_mask,NULL);
+ offset = winreg_dissect_bitmap_AccessMask(tvb, offset, pinfo, tree, drep, hf_winreg_access_mask, 0);
return offset;
}
@@ -2865,15 +2923,15 @@ winreg_dissect_element_OpenHKCC_handle(tvbuff_t *tvb, int offset, packet_info *p
static int
winreg_dissect_element_OpenHKCC_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 0&0x01, 0&0x02);
+ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 1&0x01, 1&0x02);
return offset;
}
/* IDL: WERROR winreg_OpenHKCC( */
-/* IDL: [unique(1)] [in] uint16 *system_name, */
-/* IDL: [in] uint32 access_mask, */
-/* IDL: [out] [ref] policy_handle *handle */
+/* IDL: [keepref(1)] [unique(1)] [in] uint16 *system_name, */
+/* IDL: [keepref(1)] [in] winreg_AccessMask access_mask, */
+/* IDL: [keepref(1)] [out] [ref] policy_handle *handle */
/* IDL: ); */
static int
@@ -2921,7 +2979,7 @@ winreg_dissect_element_OpenHKDD_system_name_(tvbuff_t *tvb, int offset, packet_i
static int
winreg_dissect_element_OpenHKDD_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKDD_access_mask,NULL);
+ offset = winreg_dissect_bitmap_AccessMask(tvb, offset, pinfo, tree, drep, hf_winreg_access_mask, 0);
return offset;
}
@@ -2937,15 +2995,15 @@ winreg_dissect_element_OpenHKDD_handle(tvbuff_t *tvb, int offset, packet_info *p
static int
winreg_dissect_element_OpenHKDD_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 0&0x01, 0&0x02);
+ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 1&0x01, 1&0x02);
return offset;
}
/* IDL: WERROR winreg_OpenHKDD( */
-/* IDL: [unique(1)] [in] uint16 *system_name, */
-/* IDL: [in] uint32 access_mask, */
-/* IDL: [out] [ref] policy_handle *handle */
+/* IDL: [keepref(1)] [unique(1)] [in] uint16 *system_name, */
+/* IDL: [keepref(1)] [in] winreg_AccessMask access_mask, */
+/* IDL: [keepref(1)] [out] [ref] policy_handle *handle */
/* IDL: ); */
static int
@@ -3063,11 +3121,11 @@ winreg_dissect_element_QueryMultipleValues_buffer_size_(tvbuff_t *tvb, int offse
}
/* IDL: WERROR winreg_QueryMultipleValues( */
-/* IDL: [in] [ref] policy_handle *key_handle, */
-/* IDL: [out] [in] [ref] [length_is(num_values)] [size_is(num_values)] QueryMultipleValue *values, */
-/* IDL: [in] uint32 num_values, */
-/* IDL: [unique(1)] [out] [in] [length_is(*buffer_size)] [size_is(*buffer_size)] uint8 *buffer, */
-/* IDL: [out] [in] [ref] uint32 *buffer_size */
+/* IDL: [keepref(1)] [in] [ref] policy_handle *key_handle, */
+/* IDL: [keepref(1)] [size_is(num_values)] [length_is(num_values)] [out] [in] [ref] QueryMultipleValue *values, */
+/* IDL: [keepref(1)] [in] uint32 num_values, */
+/* IDL: [keepref(1)] [size_is(*buffer_size)] [length_is(*buffer_size)] [out] [unique(1)] [in] uint8 *buffer, */
+/* IDL: [keepref(1)] [out] [in] [ref] uint32 *buffer_size */
/* IDL: ); */
static int
@@ -3173,12 +3231,12 @@ winreg_dissect_element_InitiateSystemShutdownEx_reason(tvbuff_t *tvb, int offset
}
/* IDL: WERROR winreg_InitiateSystemShutdownEx( */
-/* IDL: [unique(1)] [in] uint16 *hostname, */
-/* IDL: [unique(1)] [in] initshutdown_String *message, */
-/* IDL: [in] uint32 timeout, */
-/* IDL: [in] uint8 force_apps, */
-/* IDL: [in] uint8 reboot, */
-/* IDL: [in] uint32 reason */
+/* IDL: [keepref(1)] [unique(1)] [in] uint16 *hostname, */
+/* IDL: [keepref(1)] [unique(1)] [in] initshutdown_String *message, */
+/* IDL: [keepref(1)] [in] uint32 timeout, */
+/* IDL: [keepref(1)] [in] uint8 force_apps, */
+/* IDL: [keepref(1)] [in] uint8 reboot, */
+/* IDL: [keepref(1)] [in] uint32 reason */
/* IDL: ); */
static int
@@ -3254,7 +3312,7 @@ winreg_dissect_element_OpenHKPT_system_name_(tvbuff_t *tvb, int offset, packet_i
static int
winreg_dissect_element_OpenHKPT_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKPT_access_mask,NULL);
+ offset = winreg_dissect_bitmap_AccessMask(tvb, offset, pinfo, tree, drep, hf_winreg_access_mask, 0);
return offset;
}
@@ -3270,15 +3328,15 @@ winreg_dissect_element_OpenHKPT_handle(tvbuff_t *tvb, int offset, packet_info *p
static int
winreg_dissect_element_OpenHKPT_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 0&0x01, 0&0x02);
+ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 1&0x01, 1&0x02);
return offset;
}
/* IDL: WERROR winreg_OpenHKPT( */
-/* IDL: [unique(1)] [in] uint16 *system_name, */
-/* IDL: [in] uint32 access_mask, */
-/* IDL: [out] [ref] policy_handle *handle */
+/* IDL: [keepref(1)] [unique(1)] [in] uint16 *system_name, */
+/* IDL: [keepref(1)] [in] winreg_AccessMask access_mask, */
+/* IDL: [keepref(1)] [out] [ref] policy_handle *handle */
/* IDL: ); */
static int
@@ -3326,7 +3384,7 @@ winreg_dissect_element_OpenHKPN_system_name_(tvbuff_t *tvb, int offset, packet_i
static int
winreg_dissect_element_OpenHKPN_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKPN_access_mask,NULL);
+ offset = winreg_dissect_bitmap_AccessMask(tvb, offset, pinfo, tree, drep, hf_winreg_access_mask, 0);
return offset;
}
@@ -3342,15 +3400,15 @@ winreg_dissect_element_OpenHKPN_handle(tvbuff_t *tvb, int offset, packet_info *p
static int
winreg_dissect_element_OpenHKPN_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 0&0x01, 0&0x02);
+ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 1&0x01, 1&0x02);
return offset;
}
/* IDL: WERROR winreg_OpenHKPN( */
-/* IDL: [unique(1)] [in] uint16 *system_name, */
-/* IDL: [in] uint32 access_mask, */
-/* IDL: [out] [ref] policy_handle *handle */
+/* IDL: [keepref(1)] [unique(1)] [in] uint16 *system_name, */
+/* IDL: [keepref(1)] [in] winreg_AccessMask access_mask, */
+/* IDL: [keepref(1)] [out] [ref] policy_handle *handle */
/* IDL: ); */
static int
@@ -3480,211 +3538,206 @@ static dcerpc_sub_dissector winreg_dissectors[] = {
void proto_register_dcerpc_winreg(void)
{
static hf_register_info hf[] = {
- { &hf_winreg_winreg_NotifyChangeKeyValue_string2,
- { "String2", "winreg.winreg_NotifyChangeKeyValue.string2", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_InitiateSystemShutdown_message,
- { "Message", "winreg.winreg_InitiateSystemShutdown.message", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }},
- { &hf_winreg_KeySecurityData_size,
- { "Size", "winreg.KeySecurityData.size", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_String_name,
- { "Name", "winreg.winreg_String.name", FT_STRING, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_InitiateSystemShutdownEx_message,
- { "Message", "winreg.winreg_InitiateSystemShutdownEx.message", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_InitiateSystemShutdown_reboot,
- { "Reboot", "winreg.winreg_InitiateSystemShutdown.reboot", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_EnumValue_enum_index,
- { "Enum Index", "winreg.winreg_EnumValue.enum_index", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryInfoKey_max_valbufsize,
+ { "Max Valbufsize", "winreg.winreg_QueryInfoKey.max_valbufsize", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_SecBuf_inherit,
+ { "Inherit", "winreg.winreg_SecBuf.inherit", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
{ &hf_winreg_winreg_QueryMultipleValues_key_handle,
{ "Key Handle", "winreg.winreg_QueryMultipleValues.key_handle", FT_BYTES, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_LoadKey_keyname,
- { "Keyname", "winreg.winreg_LoadKey.keyname", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_EnumKey_name,
- { "Name", "winreg.winreg_EnumKey.name", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
{ &hf_winreg_winreg_CreateKey_options,
{ "Options", "winreg.winreg_CreateKey.options", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_EnumValue_type,
- { "Type", "winreg.winreg_EnumValue.type", FT_UINT32, BASE_DEC, VALS(winreg_winreg_Type_vals), 0, "", HFILL }},
- { &hf_winreg_winreg_InitiateSystemShutdownEx_timeout,
- { "Timeout", "winreg.winreg_InitiateSystemShutdownEx.timeout", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_EnumKey_last_changed_time,
- { "Last Changed Time", "winreg.winreg_EnumKey.last_changed_time", FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_QueryValue_size,
- { "Size", "winreg.winreg_QueryValue.size", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_EnumValue_size,
- { "Size", "winreg.winreg_EnumValue.size", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_handle,
- { "Handle", "winreg.handle", FT_BYTES, BASE_NONE, NULL, 0, " ", HFILL }},
- { &hf_winreg_winreg_QueryInfoKey_max_valnamelen,
- { "Max Valnamelen", "winreg.winreg_QueryInfoKey.max_valnamelen", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_SecBuf_length,
- { "Length", "winreg.winreg_SecBuf.length", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
{ &hf_winreg_winreg_InitiateSystemShutdownEx_reboot,
{ "Reboot", "winreg.winreg_InitiateSystemShutdownEx.reboot", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_QueryMultipleValues_buffer_size,
- { "Buffer Size", "winreg.winreg_QueryMultipleValues.buffer_size", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_QueryValue_data,
- { "Data", "winreg.winreg_QueryValue.data", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_CreateKey_new_handle,
- { "New Handle", "winreg.winreg_CreateKey.new_handle", FT_BYTES, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_EnumKey_class,
- { "Class", "winreg.winreg_EnumKey.class", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_String_name,
+ { "Name", "winreg.winreg_String.name", FT_STRING, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_NotifyChangeKeyValue_notify_filter,
+ { "Notify Filter", "winreg.winreg_NotifyChangeKeyValue.notify_filter", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
{ &hf_winreg_winreg_QueryInfoKey_max_subkeysize,
{ "Max Subkeysize", "winreg.winreg_QueryInfoKey.max_subkeysize", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_InitiateSystemShutdown_hostname,
- { "Hostname", "winreg.winreg_InitiateSystemShutdown.hostname", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_OpenHKPT_access_mask,
- { "Access Mask", "winreg.winreg_OpenHKPT.access_mask", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_OpenHKCC_access_mask,
- { "Access Mask", "winreg.winreg_OpenHKCC.access_mask", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_KeySecurityData_data,
- { "Data", "winreg.KeySecurityData.data", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_OpenKey_access_mask,
- { "Access Mask", "winreg.winreg_OpenKey.access_mask", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_OpenKey_new_handle,
+ { "New Handle", "winreg.winreg_OpenKey.new_handle", FT_BYTES, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_OpenKey_unknown,
+ { "Unknown", "winreg.winreg_OpenKey.unknown", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_SetValue_data,
+ { "Data", "winreg.winreg_SetValue.data", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryMultipleValues_values,
+ { "Values", "winreg.winreg_QueryMultipleValues.values", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryInfoKey_last_changed_time,
+ { "Last Changed Time", "winreg.winreg_QueryInfoKey.last_changed_time", FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0, "", HFILL }},
{ &hf_winreg_QueryMultipleValue_name,
{ "Name", "winreg.QueryMultipleValue.name", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_GetKeySecurity_sec_info,
- { "Sec Info", "winreg.winreg_GetKeySecurity.sec_info", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_StringBuf_size,
- { "Size", "winreg.winreg_StringBuf.size", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_SecBuf_sd,
- { "Sd", "winreg.winreg_SecBuf.sd", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_EnumValue_type,
+ { "Type", "winreg.winreg_EnumValue.type", FT_UINT32, BASE_DEC, VALS(winreg_winreg_Type_vals), 0, "", HFILL }},
{ &hf_winreg_winreg_CreateKey_class,
{ "Class", "winreg.winreg_CreateKey.class", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_QueryInfoKey_secdescsize,
- { "Secdescsize", "winreg.winreg_QueryInfoKey.secdescsize", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_OpenKey_keyname,
- { "Keyname", "winreg.winreg_OpenKey.keyname", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_QueryMultipleValue_type,
- { "Type", "winreg.QueryMultipleValue.type", FT_UINT32, BASE_DEC, VALS(winreg_winreg_Type_vals), 0, "", HFILL }},
- { &hf_winreg_winreg_SetValue_name,
- { "Name", "winreg.winreg_SetValue.name", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_NotifyChangeKeyValue_watch_subtree,
- { "Watch Subtree", "winreg.winreg_NotifyChangeKeyValue.watch_subtree", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_CreateKey_access_mask,
- { "Access Mask", "winreg.winreg_CreateKey.access_mask", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_CreateKey_secdesc,
- { "Secdesc", "winreg.winreg_CreateKey.secdesc", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_InitiateSystemShutdownEx_force_apps,
- { "Force Apps", "winreg.winreg_InitiateSystemShutdownEx.force_apps", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
{ &hf_winreg_winreg_SetValue_type,
{ "Type", "winreg.winreg_SetValue.type", FT_UINT32, BASE_DEC, VALS(winreg_winreg_Type_vals), 0, "", HFILL }},
- { &hf_winreg_KeySecurityData_len,
- { "Len", "winreg.KeySecurityData.len", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_CreateKey_name,
- { "Name", "winreg.winreg_CreateKey.name", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_String_name_len,
- { "Name Len", "winreg.winreg_String.name_len", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_opnum,
- { "Operation", "winreg.opnum", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_DeleteKey_key,
- { "Key", "winreg.winreg_DeleteKey.key", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_EnumValue_name,
- { "Name", "winreg.winreg_EnumValue.name", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_EnumKey_class,
+ { "Class", "winreg.winreg_EnumKey.class", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_access_mask,
+ { "Access Mask", "winreg.access_mask", FT_UINT32, BASE_HEX, NULL, 0, " ", HFILL }},
+ { &hf_winreg_winreg_CreateKey_secdesc,
+ { "Secdesc", "winreg.winreg_CreateKey.secdesc", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryMultipleValues_buffer,
+ { "Buffer", "winreg.winreg_QueryMultipleValues.buffer", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_GetVersion_version,
+ { "Version", "winreg.winreg_GetVersion.version", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_SetKeySecurity_access_mask,
+ { "Access Mask", "winreg.winreg_SetKeySecurity.access_mask", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_NotifyChangeKeyValue_unknown,
+ { "Unknown", "winreg.winreg_NotifyChangeKeyValue.unknown", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
{ &hf_winreg_winreg_LoadKey_filename,
{ "Filename", "winreg.winreg_LoadKey.filename", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_DeleteValue_value,
- { "Value", "winreg.winreg_DeleteValue.value", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_EnumValue_enum_index,
+ { "Enum Index", "winreg.winreg_EnumValue.enum_index", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_CreateKey_action_taken,
+ { "Action Taken", "winreg.winreg_CreateKey.action_taken", FT_UINT32, BASE_DEC, VALS(winreg_winreg_CreateAction_vals), 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryValue_size,
+ { "Size", "winreg.winreg_QueryValue.size", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryMultipleValues_buffer_size,
+ { "Buffer Size", "winreg.winreg_QueryMultipleValues.buffer_size", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
{ &hf_winreg_system_name,
{ "System Name", "winreg.system_name", FT_UINT16, BASE_DEC, NULL, 0, " ", HFILL }},
+ { &hf_winreg_KeySecurityData_size,
+ { "Size", "winreg.KeySecurityData.size", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_EnumValue_value,
+ { "Value", "winreg.winreg_EnumValue.value", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_InitiateSystemShutdownEx_message,
+ { "Message", "winreg.winreg_InitiateSystemShutdownEx.message", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryInfoKey_secdescsize,
+ { "Secdescsize", "winreg.winreg_QueryInfoKey.secdescsize", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_sd_max_size,
+ { "Max Size", "winreg.sd.max_size", FT_UINT32, BASE_DEC, NULL, 0, " ", HFILL }},
+ { &hf_winreg_winreg_QueryValue_data,
+ { "Data", "winreg.winreg_QueryValue.data", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_EnumValue_length,
+ { "Length", "winreg.winreg_EnumValue.length", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_SecBuf_length,
+ { "Length", "winreg.winreg_SecBuf.length", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryValue_value_name,
+ { "Value Name", "winreg.winreg_QueryValue.value_name", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryInfoKey_num_values,
+ { "Num Values", "winreg.winreg_QueryInfoKey.num_values", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_InitiateSystemShutdown_reboot,
+ { "Reboot", "winreg.winreg_InitiateSystemShutdown.reboot", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_CreateKey_new_handle,
+ { "New Handle", "winreg.winreg_CreateKey.new_handle", FT_BYTES, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryValue_type,
+ { "Type", "winreg.winreg_QueryValue.type", FT_UINT32, BASE_DEC, VALS(winreg_winreg_Type_vals), 0, "", HFILL }},
+ { &hf_winreg_winreg_AccessMask_CANT_HAVE_EMPTY_BITMAP_PIDL_BUG,
+ { "Cant Have Empty Bitmap Pidl Bug", "winreg.winreg_AccessMask.CANT_HAVE_EMPTY_BITMAP_PIDL_BUG", FT_BOOLEAN, 32, TFS(&winreg_AccessMask_CANT_HAVE_EMPTY_BITMAP_PIDL_BUG_tfs), ( 0x00000001 ), "", HFILL }},
+ { &hf_winreg_KeySecurityData_data,
+ { "Data", "winreg.KeySecurityData.data", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
{ &hf_winreg_QueryMultipleValue_length,
{ "Length", "winreg.QueryMultipleValue.length", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_QueryMultipleValues_num_values,
- { "Num Values", "winreg.winreg_QueryMultipleValues.num_values", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_access_required,
- { "Access Required", "winreg.access_required", FT_UINT32, BASE_HEX, NULL, 0, " ", HFILL }},
+ { &hf_winreg_winreg_LoadKey_keyname,
+ { "Keyname", "winreg.winreg_LoadKey.keyname", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_InitiateSystemShutdown_hostname,
+ { "Hostname", "winreg.winreg_InitiateSystemShutdown.hostname", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
{ &hf_winreg_winreg_StringBuf_name,
{ "Name", "winreg.winreg_StringBuf.name", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
{ &hf_winreg_winreg_NotifyChangeKeyValue_unknown2,
{ "Unknown2", "winreg.winreg_NotifyChangeKeyValue.unknown2", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_QueryInfoKey_num_subkeys,
- { "Num Subkeys", "winreg.winreg_QueryInfoKey.num_subkeys", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_StringBuf_length,
- { "Length", "winreg.winreg_StringBuf.length", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_QueryInfoKey_last_changed_time,
- { "Last Changed Time", "winreg.winreg_QueryInfoKey.last_changed_time", FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_OpenHKPD_access_mask,
- { "Access Mask", "winreg.winreg_OpenHKPD.access_mask", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_AbortSystemShutdown_server,
- { "Server", "winreg.winreg_AbortSystemShutdown.server", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_QueryValue_type,
- { "Type", "winreg.winreg_QueryValue.type", FT_UINT32, BASE_DEC, VALS(winreg_winreg_Type_vals), 0, "", HFILL }},
- { &hf_winreg_winreg_String_name_size,
- { "Name Size", "winreg.winreg_String.name_size", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_NotifyChangeKeyValue_unknown,
- { "Unknown", "winreg.winreg_NotifyChangeKeyValue.unknown", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_QueryValue_length,
- { "Length", "winreg.winreg_QueryValue.length", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_OpenHKCR_access_mask,
- { "Access Mask", "winreg.winreg_OpenHKCR.access_mask", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_OpenKey_unknown,
- { "Unknown", "winreg.winreg_OpenKey.unknown", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_QueryInfoKey_max_valbufsize,
- { "Max Valbufsize", "winreg.winreg_QueryInfoKey.max_valbufsize", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_EnumValue_name,
+ { "Name", "winreg.winreg_EnumValue.name", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
{ &hf_winreg_winreg_InitiateSystemShutdownEx_reason,
{ "Reason", "winreg.winreg_InitiateSystemShutdownEx.reason", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_OpenHKLM_access_mask,
- { "Access Mask", "winreg.winreg_OpenHKLM.access_mask", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_SecBuf_inherit,
- { "Inherit", "winreg.winreg_SecBuf.inherit", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_SetValue_size,
- { "Size", "winreg.winreg_SetValue.size", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_EnumValue_length,
- { "Length", "winreg.winreg_EnumValue.length", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_QueryMultipleValues_values,
- { "Values", "winreg.winreg_QueryMultipleValues.values", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_QueryInfoKey_max_subkeylen,
- { "Max Subkeylen", "winreg.winreg_QueryInfoKey.max_subkeylen", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_InitiateSystemShutdown_timeout,
- { "Timeout", "winreg.winreg_InitiateSystemShutdown.timeout", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_InitiateSystemShutdownEx_hostname,
- { "Hostname", "winreg.winreg_InitiateSystemShutdownEx.hostname", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_QueryInfoKey_class,
- { "Class", "winreg.winreg_QueryInfoKey.class", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_InitiateSystemShutdown_message,
+ { "Message", "winreg.winreg_InitiateSystemShutdown.message", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_DeleteValue_value,
+ { "Value", "winreg.winreg_DeleteValue.value", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_SetValue_name,
+ { "Name", "winreg.winreg_SetValue.name", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_NotifyChangeKeyValue_watch_subtree,
+ { "Watch Subtree", "winreg.winreg_NotifyChangeKeyValue.watch_subtree", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_EnumKey_name,
+ { "Name", "winreg.winreg_EnumKey.name", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryValue_length,
+ { "Length", "winreg.winreg_QueryValue.length", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_QueryMultipleValue_offset,
+ { "Offset", "winreg.QueryMultipleValue.offset", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_SecBuf_sd,
+ { "Sd", "winreg.winreg_SecBuf.sd", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
{ &hf_winreg_werror,
{ "Windows Error", "winreg.werror", FT_UINT32, BASE_HEX, VALS(DOS_errors), 0, "", HFILL }},
- { &hf_winreg_winreg_OpenHKPN_access_mask,
- { "Access Mask", "winreg.winreg_OpenHKPN.access_mask", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_GetVersion_version,
- { "Version", "winreg.winreg_GetVersion.version", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_CreateKey_action_taken,
- { "Action Taken", "winreg.winreg_CreateKey.action_taken", FT_UINT32, BASE_DEC, VALS(winreg_winreg_CreateAction_vals), 0, "", HFILL }},
- { &hf_winreg_winreg_QueryInfoKey_num_values,
- { "Num Values", "winreg.winreg_QueryInfoKey.num_values", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_SetKeySecurity_data,
- { "Data", "winreg.winreg_SetKeySecurity.data", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_String_name_len,
+ { "Name Len", "winreg.winreg_String.name_len", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_opnum,
+ { "Operation", "winreg.opnum", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_QueryMultipleValue_type,
+ { "Type", "winreg.QueryMultipleValue.type", FT_UINT32, BASE_DEC, VALS(winreg_winreg_Type_vals), 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryInfoKey_num_subkeys,
+ { "Num Subkeys", "winreg.winreg_QueryInfoKey.num_subkeys", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryInfoKey_class_in,
+ { "Class In", "winreg.winreg_QueryInfoKey.class_in", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_InitiateSystemShutdownEx_timeout,
+ { "Timeout", "winreg.winreg_InitiateSystemShutdownEx.timeout", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_handle,
+ { "Handle", "winreg.handle", FT_BYTES, BASE_NONE, NULL, 0, " ", HFILL }},
+ { &hf_winreg_winreg_GetKeySecurity_sec_info,
+ { "Sec Info", "winreg.winreg_GetKeySecurity.sec_info", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_DeleteKey_key,
+ { "Key", "winreg.winreg_DeleteKey.key", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_EnumKey_last_changed_time,
+ { "Last Changed Time", "winreg.winreg_EnumKey.last_changed_time", FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryInfoKey_max_subkeylen,
+ { "Max Subkeylen", "winreg.winreg_QueryInfoKey.max_subkeylen", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_sd_actual_size,
+ { "Actual Size", "winreg.sd.actual_size", FT_UINT32, BASE_DEC, NULL, 0, " ", HFILL }},
+ { &hf_winreg_winreg_AbortSystemShutdown_server,
+ { "Server", "winreg.winreg_AbortSystemShutdown.server", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_sd_offset,
+ { "Offset", "winreg.sd.offset", FT_UINT32, BASE_DEC, NULL, 0, " ", HFILL }},
+ { &hf_winreg_sd,
+ { "KeySecurityData", "winreg.sd", FT_NONE, BASE_NONE, NULL, 0, " ", HFILL }},
{ &hf_winreg_winreg_EnumKey_enum_index,
{ "Enum Index", "winreg.winreg_EnumKey.enum_index", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_SetValue_data,
- { "Data", "winreg.winreg_SetValue.data", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryInfoKey_class_out,
+ { "Class Out", "winreg.winreg_QueryInfoKey.class_out", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_InitiateSystemShutdownEx_hostname,
+ { "Hostname", "winreg.winreg_InitiateSystemShutdownEx.hostname", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_InitiateSystemShutdownEx_force_apps,
+ { "Force Apps", "winreg.winreg_InitiateSystemShutdownEx.force_apps", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_CreateKey_name,
+ { "Name", "winreg.winreg_CreateKey.name", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_StringBuf_size,
+ { "Size", "winreg.winreg_StringBuf.size", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_OpenKey_keyname,
+ { "Keyname", "winreg.winreg_OpenKey.keyname", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_KeySecurityData_len,
+ { "Len", "winreg.KeySecurityData.len", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
{ &hf_winreg_winreg_InitiateSystemShutdown_force_apps,
{ "Force Apps", "winreg.winreg_InitiateSystemShutdown.force_apps", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_EnumValue_value,
- { "Value", "winreg.winreg_EnumValue.value", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_OpenHKPD_access_mask,
+ { "Access Mask", "winreg.winreg_OpenHKPD.access_mask", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_EnumValue_size,
+ { "Size", "winreg.winreg_EnumValue.size", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_SetValue_size,
+ { "Size", "winreg.winreg_SetValue.size", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_OpenKey_access_mask,
+ { "Access Mask", "winreg.winreg_OpenKey.access_mask", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_InitiateSystemShutdown_timeout,
+ { "Timeout", "winreg.winreg_InitiateSystemShutdown.timeout", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryInfoKey_max_valnamelen,
+ { "Max Valnamelen", "winreg.winreg_QueryInfoKey.max_valnamelen", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryMultipleValues_num_values,
+ { "Num Values", "winreg.winreg_QueryMultipleValues.num_values", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_OpenHKCU_access_mask,
+ { "Access Mask", "winreg.winreg_OpenHKCU.access_mask", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_String_name_size,
+ { "Name Size", "winreg.winreg_String.name_size", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_StringBuf_length,
+ { "Length", "winreg.winreg_StringBuf.length", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
{ &hf_winreg_winreg_NotifyChangeKeyValue_string1,
{ "String1", "winreg.winreg_NotifyChangeKeyValue.string1", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_QueryMultipleValues_buffer,
- { "Buffer", "winreg.winreg_QueryMultipleValues.buffer", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_OpenHKDD_access_mask,
- { "Access Mask", "winreg.winreg_OpenHKDD.access_mask", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_SetKeySecurity_access_mask,
- { "Access Mask", "winreg.winreg_SetKeySecurity.access_mask", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_QueryValue_value_name,
- { "Value Name", "winreg.winreg_QueryValue.value_name", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_OpenHKCU_access_mask,
- { "Access Mask", "winreg.winreg_OpenHKCU.access_mask", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_GetKeySecurity_sd,
- { "Sd", "winreg.winreg_GetKeySecurity.sd", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_OpenHKU_access_mask,
- { "Access Mask", "winreg.winreg_OpenHKU.access_mask", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_NotifyChangeKeyValue_notify_filter,
- { "Notify Filter", "winreg.winreg_NotifyChangeKeyValue.notify_filter", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_QueryMultipleValue_offset,
- { "Offset", "winreg.QueryMultipleValue.offset", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_NotifyChangeKeyValue_string2,
+ { "String2", "winreg.winreg_NotifyChangeKeyValue.string2", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
};
static gint *ett[] = {
&ett_dcerpc_winreg,
+ &ett_winreg_winreg_AccessMask,
&ett_winreg_winreg_String,
&ett_winreg_KeySecurityData,
&ett_winreg_winreg_SecBuf,
diff --git a/epan/dissectors/packet-dcerpc-winreg.h b/epan/dissectors/packet-dcerpc-winreg.h
index 08166d1aa8..774fb38210 100644
--- a/epan/dissectors/packet-dcerpc-winreg.h
+++ b/epan/dissectors/packet-dcerpc-winreg.h
@@ -5,9 +5,9 @@
from winreg.idl and winreg.cnf.
Pidl is a perl based IDL compiler for DCE/RPC idl files.
- It is maintained by the Samba team, not the Wireshark team.
+ It is maintained by the Samba team, not the Ethereal team.
Instructions on how to download and install Pidl can be
- found at http://wiki.wireshark.org/Pidl
+ found at http://wiki.ethereal.com/Pidl
*/
@@ -18,6 +18,7 @@
#include "packet-dcerpc-initshutdown.h"
+int winreg_dissect_bitmap_AccessMask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int hf_index, guint32 param);
#define REG_NONE (0)
#define REG_SZ (1)
#define REG_EXPAND_SZ (2)
diff --git a/epan/dissectors/pidl/idl_types.h b/epan/dissectors/pidl/idl_types.h
index 054aef608b..f21f3e660d 100644
--- a/epan/dissectors/pidl/idl_types.h
+++ b/epan/dissectors/pidl/idl_types.h
@@ -80,17 +80,7 @@
#define NDR_LITTLE_ENDIAN LIBNDR_FLAG_LITTLE_ENDIAN
#define NDR_BIG_ENDIAN LIBNDR_FLAG_BIGENDIAN
-
-/*
- these are used by the epmapper and mgmt interfaces
-*/
-#define error_status_t uint32
-#define boolean32 uint32
-#define unsigned32 uint32
-
/*
this is used to control formatting of uint8 arrays
*/
#define NDR_PAHEX LIBNDR_PRINT_ARRAY_HEX
-
-#define bool8 uint8
diff --git a/epan/dissectors/pidl/packet-dcerpc-winreg.c b/epan/dissectors/pidl/packet-dcerpc-winreg.c
index 9c3172a6f3..bad44dc9c6 100644
--- a/epan/dissectors/pidl/packet-dcerpc-winreg.c
+++ b/epan/dissectors/pidl/packet-dcerpc-winreg.c
@@ -3,9 +3,9 @@
from winreg.idl and winreg.cnf.
Pidl is a perl based IDL compiler for DCE/RPC idl files.
- It is maintained by the Samba team, not the Wireshark team.
+ It is maintained by the Samba team, not the Ethereal team.
Instructions on how to download and install Pidl can be
- found at http://wiki.wireshark.org/Pidl
+ found at http://wiki.ethereal.com/Pidl
*/
@@ -24,6 +24,7 @@
/* Ett declarations */
static gint ett_dcerpc_winreg = -1;
+static gint ett_winreg_winreg_AccessMask = -1;
static gint ett_winreg_winreg_String = -1;
static gint ett_winreg_KeySecurityData = -1;
static gint ett_winreg_winreg_SecBuf = -1;
@@ -32,106 +33,103 @@ static gint ett_winreg_QueryMultipleValue = -1;
/* Header field declarations */
-static gint hf_winreg_winreg_NotifyChangeKeyValue_string2 = -1;
-static gint hf_winreg_winreg_InitiateSystemShutdown_message = -1;
-static gint hf_winreg_KeySecurityData_size = -1;
-static gint hf_winreg_winreg_String_name = -1;
-static gint hf_winreg_winreg_InitiateSystemShutdownEx_message = -1;
-static gint hf_winreg_winreg_InitiateSystemShutdown_reboot = -1;
-static gint hf_winreg_winreg_EnumValue_enum_index = -1;
+static gint hf_winreg_winreg_QueryInfoKey_max_valbufsize = -1;
+static gint hf_winreg_winreg_SecBuf_inherit = -1;
static gint hf_winreg_winreg_QueryMultipleValues_key_handle = -1;
-static gint hf_winreg_winreg_LoadKey_keyname = -1;
-static gint hf_winreg_winreg_EnumKey_name = -1;
static gint hf_winreg_winreg_CreateKey_options = -1;
-static gint hf_winreg_winreg_EnumValue_type = -1;
-static gint hf_winreg_winreg_InitiateSystemShutdownEx_timeout = -1;
-static gint hf_winreg_winreg_EnumKey_last_changed_time = -1;
-static gint hf_winreg_winreg_QueryValue_size = -1;
-static gint hf_winreg_winreg_EnumValue_size = -1;
-static gint hf_winreg_handle = -1;
-static gint hf_winreg_winreg_QueryInfoKey_max_valnamelen = -1;
-static gint hf_winreg_winreg_SecBuf_length = -1;
static gint hf_winreg_winreg_InitiateSystemShutdownEx_reboot = -1;
-static gint hf_winreg_winreg_QueryMultipleValues_buffer_size = -1;
-static gint hf_winreg_winreg_QueryValue_data = -1;
-static gint hf_winreg_winreg_CreateKey_new_handle = -1;
-static gint hf_winreg_winreg_EnumKey_class = -1;
+static gint hf_winreg_winreg_String_name = -1;
+static gint hf_winreg_winreg_NotifyChangeKeyValue_notify_filter = -1;
static gint hf_winreg_winreg_QueryInfoKey_max_subkeysize = -1;
-static gint hf_winreg_winreg_InitiateSystemShutdown_hostname = -1;
-static gint hf_winreg_winreg_OpenHKPT_access_mask = -1;
-static gint hf_winreg_winreg_OpenHKCC_access_mask = -1;
-static gint hf_winreg_KeySecurityData_data = -1;
-static gint hf_winreg_winreg_OpenKey_access_mask = -1;
+static gint hf_winreg_winreg_OpenKey_new_handle = -1;
+static gint hf_winreg_winreg_OpenKey_unknown = -1;
+static gint hf_winreg_winreg_SetValue_data = -1;
+static gint hf_winreg_winreg_QueryMultipleValues_values = -1;
+static gint hf_winreg_winreg_QueryInfoKey_last_changed_time = -1;
static gint hf_winreg_QueryMultipleValue_name = -1;
-static gint hf_winreg_winreg_GetKeySecurity_sec_info = -1;
-static gint hf_winreg_winreg_StringBuf_size = -1;
-static gint hf_winreg_winreg_SecBuf_sd = -1;
+static gint hf_winreg_winreg_EnumValue_type = -1;
static gint hf_winreg_winreg_CreateKey_class = -1;
-static gint hf_winreg_winreg_QueryInfoKey_secdescsize = -1;
-static gint hf_winreg_winreg_OpenKey_keyname = -1;
-static gint hf_winreg_QueryMultipleValue_type = -1;
-static gint hf_winreg_winreg_SetValue_name = -1;
-static gint hf_winreg_winreg_NotifyChangeKeyValue_watch_subtree = -1;
-static gint hf_winreg_winreg_CreateKey_access_mask = -1;
-static gint hf_winreg_winreg_CreateKey_secdesc = -1;
-static gint hf_winreg_winreg_InitiateSystemShutdownEx_force_apps = -1;
static gint hf_winreg_winreg_SetValue_type = -1;
-static gint hf_winreg_KeySecurityData_len = -1;
-static gint hf_winreg_winreg_CreateKey_name = -1;
-static gint hf_winreg_winreg_String_name_len = -1;
-static gint hf_winreg_opnum = -1;
-static gint hf_winreg_winreg_DeleteKey_key = -1;
-static gint hf_winreg_winreg_EnumValue_name = -1;
+static gint hf_winreg_winreg_EnumKey_class = -1;
+static gint hf_winreg_access_mask = -1;
+static gint hf_winreg_winreg_CreateKey_secdesc = -1;
+static gint hf_winreg_winreg_QueryMultipleValues_buffer = -1;
+static gint hf_winreg_winreg_GetVersion_version = -1;
+static gint hf_winreg_winreg_SetKeySecurity_access_mask = -1;
+static gint hf_winreg_winreg_NotifyChangeKeyValue_unknown = -1;
static gint hf_winreg_winreg_LoadKey_filename = -1;
-static gint hf_winreg_winreg_DeleteValue_value = -1;
+static gint hf_winreg_winreg_EnumValue_enum_index = -1;
+static gint hf_winreg_winreg_CreateKey_action_taken = -1;
+static gint hf_winreg_winreg_QueryValue_size = -1;
+static gint hf_winreg_winreg_QueryMultipleValues_buffer_size = -1;
static gint hf_winreg_system_name = -1;
+static gint hf_winreg_KeySecurityData_size = -1;
+static gint hf_winreg_winreg_EnumValue_value = -1;
+static gint hf_winreg_winreg_InitiateSystemShutdownEx_message = -1;
+static gint hf_winreg_winreg_QueryInfoKey_secdescsize = -1;
+static gint hf_winreg_sd_max_size = -1;
+static gint hf_winreg_winreg_QueryValue_data = -1;
+static gint hf_winreg_winreg_EnumValue_length = -1;
+static gint hf_winreg_winreg_SecBuf_length = -1;
+static gint hf_winreg_winreg_QueryValue_value_name = -1;
+static gint hf_winreg_winreg_QueryInfoKey_num_values = -1;
+static gint hf_winreg_winreg_InitiateSystemShutdown_reboot = -1;
+static gint hf_winreg_winreg_CreateKey_new_handle = -1;
+static gint hf_winreg_winreg_QueryValue_type = -1;
+static gint hf_winreg_winreg_AccessMask_CANT_HAVE_EMPTY_BITMAP_PIDL_BUG = -1;
+static gint hf_winreg_KeySecurityData_data = -1;
static gint hf_winreg_QueryMultipleValue_length = -1;
-static gint hf_winreg_winreg_QueryMultipleValues_num_values = -1;
-static gint hf_winreg_access_required = -1;
+static gint hf_winreg_winreg_LoadKey_keyname = -1;
+static gint hf_winreg_winreg_InitiateSystemShutdown_hostname = -1;
static gint hf_winreg_winreg_StringBuf_name = -1;
static gint hf_winreg_winreg_NotifyChangeKeyValue_unknown2 = -1;
-static gint hf_winreg_winreg_QueryInfoKey_num_subkeys = -1;
-static gint hf_winreg_winreg_StringBuf_length = -1;
-static gint hf_winreg_winreg_QueryInfoKey_last_changed_time = -1;
-static gint hf_winreg_winreg_OpenHKPD_access_mask = -1;
-static gint hf_winreg_winreg_AbortSystemShutdown_server = -1;
-static gint hf_winreg_winreg_QueryValue_type = -1;
-static gint hf_winreg_winreg_String_name_size = -1;
-static gint hf_winreg_winreg_NotifyChangeKeyValue_unknown = -1;
-static gint hf_winreg_winreg_QueryValue_length = -1;
-static gint hf_winreg_winreg_OpenHKCR_access_mask = -1;
-static gint hf_winreg_winreg_OpenKey_unknown = -1;
-static gint hf_winreg_winreg_QueryInfoKey_max_valbufsize = -1;
+static gint hf_winreg_winreg_EnumValue_name = -1;
static gint hf_winreg_winreg_InitiateSystemShutdownEx_reason = -1;
-static gint hf_winreg_winreg_OpenHKLM_access_mask = -1;
-static gint hf_winreg_winreg_SecBuf_inherit = -1;
-static gint hf_winreg_winreg_SetValue_size = -1;
-static gint hf_winreg_winreg_EnumValue_length = -1;
-static gint hf_winreg_winreg_QueryMultipleValues_values = -1;
-static gint hf_winreg_winreg_QueryInfoKey_max_subkeylen = -1;
-static gint hf_winreg_winreg_InitiateSystemShutdown_timeout = -1;
-static gint hf_winreg_winreg_InitiateSystemShutdownEx_hostname = -1;
-static gint hf_winreg_winreg_QueryInfoKey_class = -1;
+static gint hf_winreg_winreg_InitiateSystemShutdown_message = -1;
+static gint hf_winreg_winreg_DeleteValue_value = -1;
+static gint hf_winreg_winreg_SetValue_name = -1;
+static gint hf_winreg_winreg_NotifyChangeKeyValue_watch_subtree = -1;
+static gint hf_winreg_winreg_EnumKey_name = -1;
+static gint hf_winreg_winreg_QueryValue_length = -1;
+static gint hf_winreg_QueryMultipleValue_offset = -1;
+static gint hf_winreg_winreg_SecBuf_sd = -1;
static gint hf_winreg_werror = -1;
-static gint hf_winreg_winreg_OpenHKPN_access_mask = -1;
-static gint hf_winreg_winreg_GetVersion_version = -1;
-static gint hf_winreg_winreg_CreateKey_action_taken = -1;
-static gint hf_winreg_winreg_QueryInfoKey_num_values = -1;
-static gint hf_winreg_winreg_SetKeySecurity_data = -1;
+static gint hf_winreg_winreg_String_name_len = -1;
+static gint hf_winreg_opnum = -1;
+static gint hf_winreg_QueryMultipleValue_type = -1;
+static gint hf_winreg_winreg_QueryInfoKey_num_subkeys = -1;
+static gint hf_winreg_winreg_QueryInfoKey_class_in = -1;
+static gint hf_winreg_winreg_InitiateSystemShutdownEx_timeout = -1;
+static gint hf_winreg_handle = -1;
+static gint hf_winreg_winreg_GetKeySecurity_sec_info = -1;
+static gint hf_winreg_winreg_DeleteKey_key = -1;
+static gint hf_winreg_winreg_EnumKey_last_changed_time = -1;
+static gint hf_winreg_winreg_QueryInfoKey_max_subkeylen = -1;
+static gint hf_winreg_sd_actual_size = -1;
+static gint hf_winreg_winreg_AbortSystemShutdown_server = -1;
+static gint hf_winreg_sd_offset = -1;
+static gint hf_winreg_sd = -1;
static gint hf_winreg_winreg_EnumKey_enum_index = -1;
-static gint hf_winreg_winreg_SetValue_data = -1;
+static gint hf_winreg_winreg_QueryInfoKey_class_out = -1;
+static gint hf_winreg_winreg_InitiateSystemShutdownEx_hostname = -1;
+static gint hf_winreg_winreg_InitiateSystemShutdownEx_force_apps = -1;
+static gint hf_winreg_winreg_CreateKey_name = -1;
+static gint hf_winreg_winreg_StringBuf_size = -1;
+static gint hf_winreg_winreg_OpenKey_keyname = -1;
+static gint hf_winreg_KeySecurityData_len = -1;
static gint hf_winreg_winreg_InitiateSystemShutdown_force_apps = -1;
-static gint hf_winreg_winreg_EnumValue_value = -1;
-static gint hf_winreg_winreg_NotifyChangeKeyValue_string1 = -1;
-static gint hf_winreg_winreg_QueryMultipleValues_buffer = -1;
-static gint hf_winreg_winreg_OpenHKDD_access_mask = -1;
-static gint hf_winreg_winreg_SetKeySecurity_access_mask = -1;
-static gint hf_winreg_winreg_QueryValue_value_name = -1;
+static gint hf_winreg_winreg_OpenHKPD_access_mask = -1;
+static gint hf_winreg_winreg_EnumValue_size = -1;
+static gint hf_winreg_winreg_SetValue_size = -1;
+static gint hf_winreg_winreg_OpenKey_access_mask = -1;
+static gint hf_winreg_winreg_InitiateSystemShutdown_timeout = -1;
+static gint hf_winreg_winreg_QueryInfoKey_max_valnamelen = -1;
+static gint hf_winreg_winreg_QueryMultipleValues_num_values = -1;
static gint hf_winreg_winreg_OpenHKCU_access_mask = -1;
-static gint hf_winreg_winreg_GetKeySecurity_sd = -1;
-static gint hf_winreg_winreg_OpenHKU_access_mask = -1;
-static gint hf_winreg_winreg_NotifyChangeKeyValue_notify_filter = -1;
-static gint hf_winreg_QueryMultipleValue_offset = -1;
+static gint hf_winreg_winreg_String_name_size = -1;
+static gint hf_winreg_winreg_StringBuf_length = -1;
+static gint hf_winreg_winreg_NotifyChangeKeyValue_string1 = -1;
+static gint hf_winreg_winreg_NotifyChangeKeyValue_string2 = -1;
static gint proto_dcerpc_winreg = -1;
/* Version information */
@@ -143,6 +141,10 @@ static e_uuid_t uuid_dcerpc_winreg = {
};
static guint16 ver_dcerpc_winreg = 1;
+static const true_false_string winreg_AccessMask_CANT_HAVE_EMPTY_BITMAP_PIDL_BUG_tfs = {
+ "CANT_HAVE_EMPTY_BITMAP_PIDL_BUG is SET",
+ "CANT_HAVE_EMPTY_BITMAP_PIDL_BUG is NOT SET",
+};
const value_string winreg_winreg_Type_vals[] = {
{ REG_NONE, "REG_NONE" },
{ REG_SZ, "REG_SZ" },
@@ -280,9 +282,12 @@ static int winreg_dissect_element_OpenKey_handle_(tvbuff_t *tvb, int offset, pac
static int winreg_dissect_element_OpenKey_keyname(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int winreg_dissect_element_OpenKey_unknown(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int winreg_dissect_element_OpenKey_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
+static int winreg_dissect_element_OpenKey_new_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
+static int winreg_dissect_element_OpenKey_new_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int winreg_dissect_element_QueryInfoKey_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int winreg_dissect_element_QueryInfoKey_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
-static int winreg_dissect_element_QueryInfoKey_class(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
+static int winreg_dissect_element_QueryInfoKey_class_in(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
+static int winreg_dissect_element_QueryInfoKey_class_out(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int winreg_dissect_element_QueryInfoKey_num_subkeys(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int winreg_dissect_element_QueryInfoKey_max_subkeylen(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int winreg_dissect_element_QueryInfoKey_max_subkeysize(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
@@ -306,8 +311,8 @@ static int winreg_dissect_element_QueryValue_length_(tvbuff_t *tvb, int offset,
static int winreg_dissect_element_SetKeySecurity_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int winreg_dissect_element_SetKeySecurity_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int winreg_dissect_element_SetKeySecurity_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
-static int winreg_dissect_element_SetKeySecurity_data(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
-static int winreg_dissect_element_SetKeySecurity_data_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
+static int winreg_dissect_element_SetKeySecurity_sd(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
+static int winreg_dissect_element_SetKeySecurity_sd_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int winreg_dissect_element_SetValue_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int winreg_dissect_element_SetValue_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int winreg_dissect_element_SetValue_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
@@ -367,6 +372,51 @@ static int winreg_dissect_element_OpenHKPN_system_name_(tvbuff_t *tvb, int offse
static int winreg_dissect_element_OpenHKPN_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int winreg_dissect_element_OpenHKPN_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
static int winreg_dissect_element_OpenHKPN_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep);
+static void
+winreg_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint32 access)
+{
+ proto_tree_add_boolean(tree, hf_winreg_winreg_AccessMask_CANT_HAVE_EMPTY_BITMAP_PIDL_BUG, tvb, offset, 4, access);
+}
+struct access_mask_info winreg_access_mask_info = {
+ "WINREG", /* Name of specific rights */
+ winreg_specific_rights, /* Dissection function */
+ NULL, /* Generic mapping table */
+ NULL /* Standard mapping table */
+};
+static int
+winreg_dissect_element_KeySecurityData_data_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+ guint32 len;
+ dcerpc_info *di;
+ di=pinfo->private_data;
+ if(di->conformant_run){
+ /*just a run to handle conformant arrays, nothing to dissect */
+ return offset;
+ }
+ /* this is a varying and conformant array */
+ offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+ hf_winreg_sd_max_size, NULL);
+ offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+ hf_winreg_sd_offset, NULL);
+ offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+ hf_winreg_sd_actual_size, &len);
+ dissect_nt_sec_desc(tvb, offset, pinfo, tree, drep, TRUE, len,
+ &winreg_access_mask_info);
+ offset += len;
+ return offset;
+}
+int
+winreg_dissect_bitmap_AccessMask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int hf_index, guint32 param _U_)
+{
+ offset = dissect_nt_access_mask(
+ tvb, offset, pinfo, tree, drep, hf_winreg_access_mask,
+ &winreg_access_mask_info, NULL);
+ return offset;
+}
+
+/* IDL: typedef bitmap { */
+/* IDL: CANT_HAVE_EMPTY_BITMAP_PIDL_BUG = 0x00000001 , */
+/* IDL: } winreg_AccessMask; */
/* IDL: typedef enum { */
/* IDL: REG_NONE=0, */
@@ -391,9 +441,9 @@ winreg_dissect_enum_Type(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tr
}
/* IDL: typedef struct { */
-/* IDL: [value(strlen_m_term(name)*2)] uint16 name_len; */
-/* IDL: [value(strlen_m_term(name)*2)] uint16 name_size; */
-/* IDL: [unique(1)] [charset(UTF16)] uint16 *name; */
+/* IDL: [keepref(1)] [value(strlen_m_term(name)*2)] uint16 name_len; */
+/* IDL: [keepref(1)] [value(strlen_m_term(name)*2)] uint16 name_size; */
+/* IDL: [charset(UTF16)] [keepref(1)] [unique(1)] uint16 *name; */
/* IDL: } winreg_String; */
static int
@@ -442,7 +492,7 @@ winreg_dissect_struct_String(tvbuff_t *tvb, int offset, packet_info *pinfo, prot
old_offset = offset;
- if(parent_tree){
+ if (parent_tree) {
item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE);
tree = proto_item_add_subtree(item, ett_winreg_winreg_String);
}
@@ -460,9 +510,9 @@ winreg_dissect_struct_String(tvbuff_t *tvb, int offset, packet_info *pinfo, prot
}
/* IDL: typedef struct { */
-/* IDL: [unique(1)] [length_is(len)] [size_is(size)] uint8 *data; */
-/* IDL: uint32 size; */
-/* IDL: uint32 len; */
+/* IDL: [keepref(1)] [size_is(size)] [length_is(len)] [unique(1)] uint8 *data; */
+/* IDL: [keepref(1)] uint32 size; */
+/* IDL: [keepref(1)] uint32 len; */
/* IDL: } KeySecurityData; */
static int
@@ -474,22 +524,6 @@ winreg_dissect_element_KeySecurityData_data(tvbuff_t *tvb, int offset, packet_in
}
static int
-winreg_dissect_element_KeySecurityData_data_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
-{
- offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep, winreg_dissect_element_KeySecurityData_data__);
-
- return offset;
-}
-
-static int
-winreg_dissect_element_KeySecurityData_data__(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
-{
- offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep, hf_winreg_KeySecurityData_data,NULL);
-
- return offset;
-}
-
-static int
winreg_dissect_element_KeySecurityData_size(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_KeySecurityData_size,NULL);
@@ -516,7 +550,7 @@ winreg_dissect_struct_KeySecurityData(tvbuff_t *tvb, int offset, packet_info *pi
old_offset = offset;
- if(parent_tree){
+ if (parent_tree) {
item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE);
tree = proto_item_add_subtree(item, ett_winreg_KeySecurityData);
}
@@ -534,9 +568,9 @@ winreg_dissect_struct_KeySecurityData(tvbuff_t *tvb, int offset, packet_info *pi
}
/* IDL: typedef struct { */
-/* IDL: uint32 length; */
-/* IDL: KeySecurityData sd; */
-/* IDL: uint8 inherit; */
+/* IDL: [keepref(1)] uint32 length; */
+/* IDL: [keepref(1)] KeySecurityData sd; */
+/* IDL: [keepref(1)] uint8 inherit; */
/* IDL: } winreg_SecBuf; */
static int
@@ -574,7 +608,7 @@ winreg_dissect_struct_SecBuf(tvbuff_t *tvb, int offset, packet_info *pinfo, prot
old_offset = offset;
- if(parent_tree){
+ if (parent_tree) {
item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE);
tree = proto_item_add_subtree(item, ett_winreg_winreg_SecBuf);
}
@@ -605,9 +639,9 @@ winreg_dissect_enum_CreateAction(tvbuff_t *tvb, int offset, packet_info *pinfo,
}
/* IDL: typedef struct { */
-/* IDL: [value(strlen_m(name)*2)] uint16 length; */
-/* IDL: uint16 size; */
-/* IDL: [unique(1)] [length_is(length/2)] [charset(UTF16)] [size_is(size/2)] uint16 *name; */
+/* IDL: [keepref(1)] [value(strlen_m_term(name)*2)] uint16 length; */
+/* IDL: [keepref(1)] uint16 size; */
+/* IDL: [charset(UTF16)] [keepref(1)] [size_is(size/2)] [length_is(length/2)] [unique(1)] uint16 *name; */
/* IDL: } winreg_StringBuf; */
static int
@@ -661,7 +695,7 @@ winreg_dissect_struct_StringBuf(tvbuff_t *tvb, int offset, packet_info *pinfo, p
old_offset = offset;
- if(parent_tree){
+ if (parent_tree) {
item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE);
tree = proto_item_add_subtree(item, ett_winreg_winreg_StringBuf);
}
@@ -679,10 +713,10 @@ winreg_dissect_struct_StringBuf(tvbuff_t *tvb, int offset, packet_info *pinfo, p
}
/* IDL: typedef struct { */
-/* IDL: [unique(1)] winreg_String *name; */
-/* IDL: winreg_Type type; */
-/* IDL: uint32 offset; */
-/* IDL: uint32 length; */
+/* IDL: [keepref(1)] [unique(1)] winreg_String *name; */
+/* IDL: [keepref(1)] winreg_Type type; */
+/* IDL: [keepref(1)] uint32 offset; */
+/* IDL: [keepref(1)] uint32 length; */
/* IDL: } QueryMultipleValue; */
static int
@@ -736,7 +770,7 @@ winreg_dissect_struct_QueryMultipleValue(tvbuff_t *tvb, int offset, packet_info
old_offset = offset;
- if(parent_tree){
+ if (parent_tree) {
item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE);
tree = proto_item_add_subtree(item, ett_winreg_QueryMultipleValue);
}
@@ -774,7 +808,7 @@ winreg_dissect_element_OpenHKCR_system_name_(tvbuff_t *tvb, int offset, packet_i
static int
winreg_dissect_element_OpenHKCR_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKCR_access_mask,NULL);
+ offset = winreg_dissect_bitmap_AccessMask(tvb, offset, pinfo, tree, drep, hf_winreg_access_mask, 0);
return offset;
}
@@ -790,15 +824,15 @@ winreg_dissect_element_OpenHKCR_handle(tvbuff_t *tvb, int offset, packet_info *p
static int
winreg_dissect_element_OpenHKCR_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 0&0x01, 0&0x02);
+ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 1&0x01, 1&0x02);
return offset;
}
/* IDL: WERROR winreg_OpenHKCR( */
-/* IDL: [unique(1)] [in] uint16 *system_name, */
-/* IDL: [in] uint32 access_mask, */
-/* IDL: [out] [ref] policy_handle *handle */
+/* IDL: [keepref(1)] [unique(1)] [in] uint16 *system_name, */
+/* IDL: [keepref(1)] [in] winreg_AccessMask access_mask, */
+/* IDL: [keepref(1)] [out] [ref] policy_handle *handle */
/* IDL: ); */
static int
@@ -846,7 +880,7 @@ winreg_dissect_element_OpenHKCU_system_name_(tvbuff_t *tvb, int offset, packet_i
static int
winreg_dissect_element_OpenHKCU_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKCU_access_mask,NULL);
+ offset = winreg_dissect_bitmap_AccessMask(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKCU_access_mask, 0);
return offset;
}
@@ -862,15 +896,15 @@ winreg_dissect_element_OpenHKCU_handle(tvbuff_t *tvb, int offset, packet_info *p
static int
winreg_dissect_element_OpenHKCU_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 0&0x01, 0&0x02);
+ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 1&0x01, 1&0x02);
return offset;
}
/* IDL: WERROR winreg_OpenHKCU( */
-/* IDL: [unique(1)] [in] uint16 *system_name, */
-/* IDL: [in] uint32 access_mask, */
-/* IDL: [out] [ref] policy_handle *handle */
+/* IDL: [keepref(1)] [unique(1)] [in] uint16 *system_name, */
+/* IDL: [keepref(1)] [in] winreg_AccessMask access_mask, */
+/* IDL: [keepref(1)] [out] [ref] policy_handle *handle */
/* IDL: ); */
static int
@@ -918,7 +952,7 @@ winreg_dissect_element_OpenHKLM_system_name_(tvbuff_t *tvb, int offset, packet_i
static int
winreg_dissect_element_OpenHKLM_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKLM_access_mask,NULL);
+ offset = winreg_dissect_bitmap_AccessMask(tvb, offset, pinfo, tree, drep, hf_winreg_access_mask, 0);
return offset;
}
@@ -934,15 +968,15 @@ winreg_dissect_element_OpenHKLM_handle(tvbuff_t *tvb, int offset, packet_info *p
static int
winreg_dissect_element_OpenHKLM_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 0&0x01, 0&0x02);
+ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 1&0x01, 1&0x02);
return offset;
}
/* IDL: WERROR winreg_OpenHKLM( */
-/* IDL: [unique(1)] [in] uint16 *system_name, */
-/* IDL: [in] uint32 access_mask, */
-/* IDL: [out] [ref] policy_handle *handle */
+/* IDL: [keepref(1)] [unique(1)] [in] uint16 *system_name, */
+/* IDL: [keepref(1)] [in] winreg_AccessMask access_mask, */
+/* IDL: [keepref(1)] [out] [ref] policy_handle *handle */
/* IDL: ); */
static int
@@ -990,7 +1024,7 @@ winreg_dissect_element_OpenHKPD_system_name_(tvbuff_t *tvb, int offset, packet_i
static int
winreg_dissect_element_OpenHKPD_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKPD_access_mask,NULL);
+ offset = winreg_dissect_bitmap_AccessMask(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKPD_access_mask, 0);
return offset;
}
@@ -1006,15 +1040,15 @@ winreg_dissect_element_OpenHKPD_handle(tvbuff_t *tvb, int offset, packet_info *p
static int
winreg_dissect_element_OpenHKPD_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 0&0x01, 0&0x02);
+ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 1&0x01, 1&0x02);
return offset;
}
/* IDL: WERROR winreg_OpenHKPD( */
-/* IDL: [unique(1)] [in] uint16 *system_name, */
-/* IDL: [in] uint32 access_mask, */
-/* IDL: [out] [ref] policy_handle *handle */
+/* IDL: [keepref(1)] [unique(1)] [in] uint16 *system_name, */
+/* IDL: [keepref(1)] [in] winreg_AccessMask access_mask, */
+/* IDL: [keepref(1)] [out] [ref] policy_handle *handle */
/* IDL: ); */
static int
@@ -1062,7 +1096,7 @@ winreg_dissect_element_OpenHKU_system_name_(tvbuff_t *tvb, int offset, packet_in
static int
winreg_dissect_element_OpenHKU_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKU_access_mask,NULL);
+ offset = winreg_dissect_bitmap_AccessMask(tvb, offset, pinfo, tree, drep, hf_winreg_access_mask, 0);
return offset;
}
@@ -1078,15 +1112,15 @@ winreg_dissect_element_OpenHKU_handle(tvbuff_t *tvb, int offset, packet_info *pi
static int
winreg_dissect_element_OpenHKU_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 0&0x01, 0&0x02);
+ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 1&0x01, 1&0x02);
return offset;
}
/* IDL: WERROR winreg_OpenHKU( */
-/* IDL: [unique(1)] [in] uint16 *system_name, */
-/* IDL: [in] uint32 access_mask, */
-/* IDL: [out] [ref] policy_handle *handle */
+/* IDL: [keepref(1)] [unique(1)] [in] uint16 *system_name, */
+/* IDL: [keepref(1)] [in] winreg_AccessMask access_mask, */
+/* IDL: [keepref(1)] [out] [ref] policy_handle *handle */
/* IDL: ); */
static int
@@ -1126,13 +1160,13 @@ winreg_dissect_element_CloseKey_handle(tvbuff_t *tvb, int offset, packet_info *p
static int
winreg_dissect_element_CloseKey_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 0&0x01, 0&0x02);
+ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 1&0x01, 1&0x02);
return offset;
}
/* IDL: WERROR winreg_CloseKey( */
-/* IDL: [out] [in] [ref] policy_handle *handle */
+/* IDL: [keepref(1)] [out] [in] [ref] policy_handle *handle */
/* IDL: ); */
static int
@@ -1202,7 +1236,7 @@ winreg_dissect_element_CreateKey_options(tvbuff_t *tvb, int offset, packet_info
static int
winreg_dissect_element_CreateKey_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_CreateKey_access_mask,NULL);
+ offset = winreg_dissect_bitmap_AccessMask(tvb, offset, pinfo, tree, drep, hf_winreg_access_mask, 0);
return offset;
}
@@ -1234,7 +1268,7 @@ winreg_dissect_element_CreateKey_new_handle(tvbuff_t *tvb, int offset, packet_in
static int
winreg_dissect_element_CreateKey_new_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_CreateKey_new_handle, NULL, NULL, 0&0x01, 0&0x02);
+ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_CreateKey_new_handle, NULL, NULL, 1&0x01, 1&0x02);
return offset;
}
@@ -1256,14 +1290,14 @@ winreg_dissect_element_CreateKey_action_taken_(tvbuff_t *tvb, int offset, packet
}
/* IDL: WERROR winreg_CreateKey( */
-/* IDL: [in] [ref] policy_handle *handle, */
-/* IDL: [in] winreg_String name, */
-/* IDL: [in] winreg_String class, */
-/* IDL: [in] uint32 options, */
-/* IDL: [in] uint32 access_mask, */
-/* IDL: [unique(1)] [in] winreg_SecBuf *secdesc, */
-/* IDL: [out] [ref] policy_handle *new_handle, */
-/* IDL: [out] [unique(1)] [in] winreg_CreateAction *action_taken */
+/* IDL: [keepref(1)] [in] [ref] policy_handle *handle, */
+/* IDL: [keepref(1)] [in] winreg_String name, */
+/* IDL: [keepref(1)] [in] winreg_String class, */
+/* IDL: [keepref(1)] [in] uint32 options, */
+/* IDL: [keepref(1)] [in] winreg_AccessMask access_mask, */
+/* IDL: [keepref(1)] [in] [unique(1)] winreg_SecBuf *secdesc, */
+/* IDL: [keepref(1)] [out] [ref] policy_handle *new_handle, */
+/* IDL: [keepref(1)] [out] [in] [unique(1)] winreg_CreateAction *action_taken */
/* IDL: ); */
static int
@@ -1316,7 +1350,7 @@ winreg_dissect_element_DeleteKey_handle(tvbuff_t *tvb, int offset, packet_info *
static int
winreg_dissect_element_DeleteKey_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 0&0x01, 0&0x02);
+ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 1&0x01, 1&0x02);
return offset;
}
@@ -1330,8 +1364,8 @@ winreg_dissect_element_DeleteKey_key(tvbuff_t *tvb, int offset, packet_info *pin
}
/* IDL: WERROR winreg_DeleteKey( */
-/* IDL: [in] [ref] policy_handle *handle, */
-/* IDL: [in] winreg_String key */
+/* IDL: [keepref(1)] [in] [ref] policy_handle *handle, */
+/* IDL: [keepref(1)] [in] winreg_String key */
/* IDL: ); */
static int
@@ -1382,8 +1416,8 @@ winreg_dissect_element_DeleteValue_value(tvbuff_t *tvb, int offset, packet_info
}
/* IDL: WERROR winreg_DeleteValue( */
-/* IDL: [in] [ref] policy_handle *handle, */
-/* IDL: [in] winreg_String value */
+/* IDL: [keepref(1)] [in] [ref] policy_handle *handle, */
+/* IDL: [keepref(1)] [in] winreg_String value */
/* IDL: ); */
static int
@@ -1482,11 +1516,11 @@ winreg_dissect_element_EnumKey_last_changed_time_(tvbuff_t *tvb, int offset, pac
}
/* IDL: WERROR winreg_EnumKey( */
-/* IDL: [in] [ref] policy_handle *handle, */
-/* IDL: [in] uint32 enum_index, */
-/* IDL: [out] [in] [ref] winreg_StringBuf *name, */
-/* IDL: [out] [unique(1)] [in] winreg_StringBuf *class, */
-/* IDL: [out] [unique(1)] [in] NTTIME *last_changed_time */
+/* IDL: [keepref(1)] [in] [ref] policy_handle *handle, */
+/* IDL: [keepref(1)] [in] uint32 enum_index, */
+/* IDL: [keepref(1)] [out] [in] [ref] winreg_StringBuf *name, */
+/* IDL: [keepref(1)] [out] [in] [unique(1)] winreg_StringBuf *class, */
+/* IDL: [keepref(1)] [out] [in] [unique(1)] NTTIME *last_changed_time */
/* IDL: ); */
static int
@@ -1640,13 +1674,13 @@ winreg_dissect_element_EnumValue_length_(tvbuff_t *tvb, int offset, packet_info
}
/* IDL: WERROR winreg_EnumValue( */
-/* IDL: [in] [ref] policy_handle *handle, */
-/* IDL: [in] uint32 enum_index, */
-/* IDL: [out] [in] [ref] winreg_StringBuf *name, */
-/* IDL: [out] [unique(1)] [in] winreg_Type *type, */
-/* IDL: [out] [unique(1)] [in] [length_is(*length)] [size_is(*size)] uint8 *value, */
-/* IDL: [out] [unique(1)] [in] uint32 *size, */
-/* IDL: [out] [unique(1)] [in] uint32 *length */
+/* IDL: [keepref(1)] [in] [ref] policy_handle *handle, */
+/* IDL: [keepref(1)] [in] uint32 enum_index, */
+/* IDL: [keepref(1)] [out] [in] [ref] winreg_StringBuf *name, */
+/* IDL: [keepref(1)] [out] [in] [unique(1)] winreg_Type *type, */
+/* IDL: [keepref(1)] [size_is(*size)] [length_is(*length)] [out] [in] [unique(1)] uint8 *value, */
+/* IDL: [keepref(1)] [out] [in] [unique(1)] uint32 *size, */
+/* IDL: [keepref(1)] [out] [in] [unique(1)] uint32 *length */
/* IDL: ); */
static int
@@ -1714,7 +1748,7 @@ winreg_dissect_element_FlushKey_handle_(tvbuff_t *tvb, int offset, packet_info *
}
/* IDL: WERROR winreg_FlushKey( */
-/* IDL: [in] [ref] policy_handle *handle */
+/* IDL: [keepref(1)] [in] [ref] policy_handle *handle */
/* IDL: ); */
static int
@@ -1765,7 +1799,7 @@ winreg_dissect_element_GetKeySecurity_sec_info(tvbuff_t *tvb, int offset, packet
static int
winreg_dissect_element_GetKeySecurity_sd(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_GetKeySecurity_sd_, NDR_POINTER_REF, "Pointer to Sd (KeySecurityData)",hf_winreg_winreg_GetKeySecurity_sd);
+ offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_GetKeySecurity_sd_, NDR_POINTER_REF, "Pointer to Sd (KeySecurityData)",hf_winreg_sd);
return offset;
}
@@ -1773,15 +1807,15 @@ winreg_dissect_element_GetKeySecurity_sd(tvbuff_t *tvb, int offset, packet_info
static int
winreg_dissect_element_GetKeySecurity_sd_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = winreg_dissect_struct_KeySecurityData(tvb,offset,pinfo,tree,drep,hf_winreg_winreg_GetKeySecurity_sd,0);
+ offset = winreg_dissect_struct_KeySecurityData(tvb,offset,pinfo,tree,drep,hf_winreg_sd,0);
return offset;
}
/* IDL: WERROR winreg_GetKeySecurity( */
-/* IDL: [in] [ref] policy_handle *handle, */
-/* IDL: [in] security_secinfo sec_info, */
-/* IDL: [out] [in] [ref] KeySecurityData *sd */
+/* IDL: [keepref(1)] [in] [ref] policy_handle *handle, */
+/* IDL: [keepref(1)] [in] security_secinfo sec_info, */
+/* IDL: [keepref(1)] [out] [in] [ref] KeySecurityData *sd */
/* IDL: ); */
static int
@@ -1861,9 +1895,9 @@ winreg_dissect_element_LoadKey_filename_(tvbuff_t *tvb, int offset, packet_info
}
/* IDL: WERROR winreg_LoadKey( */
-/* IDL: [in] [ref] policy_handle *handle, */
-/* IDL: [unique(1)] [in] winreg_String *keyname, */
-/* IDL: [unique(1)] [in] winreg_String *filename */
+/* IDL: [keepref(1)] [in] [ref] policy_handle *handle, */
+/* IDL: [keepref(1)] [unique(1)] [in] winreg_String *keyname, */
+/* IDL: [keepref(1)] [unique(1)] [in] winreg_String *filename */
/* IDL: ); */
static int
@@ -1956,13 +1990,13 @@ winreg_dissect_element_NotifyChangeKeyValue_unknown2(tvbuff_t *tvb, int offset,
}
/* IDL: WERROR winreg_NotifyChangeKeyValue( */
-/* IDL: [in] [ref] policy_handle *handle, */
-/* IDL: [in] uint8 watch_subtree, */
-/* IDL: [in] uint32 notify_filter, */
-/* IDL: [in] uint32 unknown, */
-/* IDL: [in] winreg_String string1, */
-/* IDL: [in] winreg_String string2, */
-/* IDL: [in] uint32 unknown2 */
+/* IDL: [keepref(1)] [in] [ref] policy_handle *handle, */
+/* IDL: [keepref(1)] [in] uint8 watch_subtree, */
+/* IDL: [keepref(1)] [in] uint32 notify_filter, */
+/* IDL: [keepref(1)] [in] uint32 unknown, */
+/* IDL: [keepref(1)] [in] winreg_String string1, */
+/* IDL: [keepref(1)] [in] winreg_String string2, */
+/* IDL: [keepref(1)] [in] uint32 unknown2 */
/* IDL: ); */
static int
@@ -2033,17 +2067,33 @@ winreg_dissect_element_OpenKey_unknown(tvbuff_t *tvb, int offset, packet_info *p
static int
winreg_dissect_element_OpenKey_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenKey_access_mask,NULL);
+ offset = winreg_dissect_bitmap_AccessMask(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenKey_access_mask, 0);
+
+ return offset;
+}
+
+static int
+winreg_dissect_element_OpenKey_new_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+ offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_OpenKey_new_handle_, NDR_POINTER_REF, "Pointer to New Handle (policy_handle)",hf_winreg_winreg_OpenKey_new_handle);
+
+ return offset;
+}
+
+static int
+winreg_dissect_element_OpenKey_new_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenKey_new_handle, NULL, NULL, 1&0x01, 1&0x02);
return offset;
}
/* IDL: WERROR winreg_OpenKey( */
-/* IDL: [in] [ref] policy_handle *handle, */
-/* IDL: [in] winreg_String keyname, */
-/* IDL: [in] uint32 unknown, */
-/* IDL: [in] uint32 access_mask, */
-/* IDL: [out] [ref] policy_handle *handle */
+/* IDL: [keepref(1)] [in] [ref] policy_handle *handle, */
+/* IDL: [keepref(1)] [in] winreg_String keyname, */
+/* IDL: [keepref(1)] [in] uint32 unknown, */
+/* IDL: [keepref(1)] [in] winreg_AccessMask access_mask, */
+/* IDL: [keepref(1)] [out] [ref] policy_handle *new_handle */
/* IDL: ); */
static int
@@ -2051,7 +2101,7 @@ winreg_dissect_OpenKey_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *
{
guint32 status;
- offset = winreg_dissect_element_OpenKey_handle(tvb, offset, pinfo, tree, drep);
+ offset = winreg_dissect_element_OpenKey_new_handle(tvb, offset, pinfo, tree, drep);
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, &status);
@@ -2093,9 +2143,17 @@ winreg_dissect_element_QueryInfoKey_handle_(tvbuff_t *tvb, int offset, packet_in
}
static int
-winreg_dissect_element_QueryInfoKey_class(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+winreg_dissect_element_QueryInfoKey_class_in(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+ offset = winreg_dissect_struct_String(tvb,offset,pinfo,tree,drep,hf_winreg_winreg_QueryInfoKey_class_in,0);
+
+ return offset;
+}
+
+static int
+winreg_dissect_element_QueryInfoKey_class_out(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = winreg_dissect_struct_String(tvb,offset,pinfo,tree,drep,hf_winreg_winreg_QueryInfoKey_class,0);
+ offset = winreg_dissect_struct_String(tvb,offset,pinfo,tree,drep,hf_winreg_winreg_QueryInfoKey_class_out,0);
return offset;
}
@@ -2165,17 +2223,17 @@ winreg_dissect_element_QueryInfoKey_last_changed_time(tvbuff_t *tvb, int offset,
}
/* IDL: WERROR winreg_QueryInfoKey( */
-/* IDL: [in] [ref] policy_handle *handle, */
-/* IDL: [in] winreg_String class, */
-/* IDL: [out] winreg_String class, */
-/* IDL: [out] uint32 num_subkeys, */
-/* IDL: [out] uint32 max_subkeylen, */
-/* IDL: [out] uint32 max_subkeysize, */
-/* IDL: [out] uint32 num_values, */
-/* IDL: [out] uint32 max_valnamelen, */
-/* IDL: [out] uint32 max_valbufsize, */
-/* IDL: [out] uint32 secdescsize, */
-/* IDL: [out] NTTIME last_changed_time */
+/* IDL: [keepref(1)] [in] [ref] policy_handle *handle, */
+/* IDL: [keepref(1)] [in] winreg_String class_in, */
+/* IDL: [keepref(1)] [out] winreg_String class_out, */
+/* IDL: [keepref(1)] [out] uint32 num_subkeys, */
+/* IDL: [keepref(1)] [out] uint32 max_subkeylen, */
+/* IDL: [keepref(1)] [out] uint32 max_subkeysize, */
+/* IDL: [keepref(1)] [out] uint32 num_values, */
+/* IDL: [keepref(1)] [out] uint32 max_valnamelen, */
+/* IDL: [keepref(1)] [out] uint32 max_valbufsize, */
+/* IDL: [keepref(1)] [out] uint32 secdescsize, */
+/* IDL: [keepref(1)] [out] NTTIME last_changed_time */
/* IDL: ); */
static int
@@ -2183,7 +2241,7 @@ winreg_dissect_QueryInfoKey_response(tvbuff_t *tvb _U_, int offset _U_, packet_i
{
guint32 status;
- offset = winreg_dissect_element_QueryInfoKey_class(tvb, offset, pinfo, tree, drep);
+ offset = winreg_dissect_element_QueryInfoKey_class_out(tvb, offset, pinfo, tree, drep);
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
offset = winreg_dissect_element_QueryInfoKey_num_subkeys(tvb, offset, pinfo, tree, drep);
@@ -2223,7 +2281,7 @@ winreg_dissect_QueryInfoKey_request(tvbuff_t *tvb _U_, int offset _U_, packet_in
{
offset = winreg_dissect_element_QueryInfoKey_handle(tvb, offset, pinfo, tree, drep);
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
- offset = winreg_dissect_element_QueryInfoKey_class(tvb, offset, pinfo, tree, drep);
+ offset = winreg_dissect_element_QueryInfoKey_class_in(tvb, offset, pinfo, tree, drep);
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
return offset;
}
@@ -2325,12 +2383,12 @@ winreg_dissect_element_QueryValue_length_(tvbuff_t *tvb, int offset, packet_info
}
/* IDL: WERROR winreg_QueryValue( */
-/* IDL: [in] [ref] policy_handle *handle, */
-/* IDL: [in] winreg_String value_name, */
-/* IDL: [unique(1)] [out] [in] winreg_Type *type, */
-/* IDL: [unique(1)] [out] [in] [length_is(*length)] [size_is(*size)] uint8 *data, */
-/* IDL: [unique(1)] [out] [in] uint32 *size, */
-/* IDL: [unique(1)] [out] [in] uint32 *length */
+/* IDL: [keepref(1)] [in] [ref] policy_handle *handle, */
+/* IDL: [keepref(1)] [in] winreg_String value_name, */
+/* IDL: [keepref(1)] [out] [unique(1)] [in] winreg_Type *type, */
+/* IDL: [keepref(1)] [size_is(*size)] [length_is(*length)] [out] [unique(1)] [in] uint8 *data, */
+/* IDL: [keepref(1)] [out] [unique(1)] [in] uint32 *size, */
+/* IDL: [keepref(1)] [out] [unique(1)] [in] uint32 *length */
/* IDL: ); */
static int
@@ -2464,31 +2522,31 @@ winreg_dissect_element_SetKeySecurity_handle_(tvbuff_t *tvb, int offset, packet_
static int
winreg_dissect_element_SetKeySecurity_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_SetKeySecurity_access_mask,NULL);
+ offset = winreg_dissect_bitmap_AccessMask(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_SetKeySecurity_access_mask, 0);
return offset;
}
static int
-winreg_dissect_element_SetKeySecurity_data(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+winreg_dissect_element_SetKeySecurity_sd(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_SetKeySecurity_data_, NDR_POINTER_REF, "Pointer to Data (KeySecurityData)",hf_winreg_winreg_SetKeySecurity_data);
+ offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_SetKeySecurity_sd_, NDR_POINTER_REF, "Pointer to Sd (KeySecurityData)",hf_winreg_sd);
return offset;
}
static int
-winreg_dissect_element_SetKeySecurity_data_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+winreg_dissect_element_SetKeySecurity_sd_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = winreg_dissect_struct_KeySecurityData(tvb,offset,pinfo,tree,drep,hf_winreg_winreg_SetKeySecurity_data,0);
+ offset = winreg_dissect_struct_KeySecurityData(tvb,offset,pinfo,tree,drep,hf_winreg_sd,0);
return offset;
}
/* IDL: WERROR winreg_SetKeySecurity( */
-/* IDL: [in] [ref] policy_handle *handle, */
-/* IDL: [in] uint32 access_mask, */
-/* IDL: [out] [in] [ref] KeySecurityData *data */
+/* IDL: [keepref(1)] [in] [ref] policy_handle *handle, */
+/* IDL: [keepref(1)] [in] winreg_AccessMask access_mask, */
+/* IDL: [keepref(1)] [out] [in] [ref] KeySecurityData *sd */
/* IDL: ); */
static int
@@ -2496,7 +2554,7 @@ winreg_dissect_SetKeySecurity_response(tvbuff_t *tvb _U_, int offset _U_, packet
{
guint32 status;
- offset = winreg_dissect_element_SetKeySecurity_data(tvb, offset, pinfo, tree, drep);
+ offset = winreg_dissect_element_SetKeySecurity_sd(tvb, offset, pinfo, tree, drep);
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, &status);
@@ -2514,7 +2572,7 @@ winreg_dissect_SetKeySecurity_request(tvbuff_t *tvb _U_, int offset _U_, packet_
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
offset = winreg_dissect_element_SetKeySecurity_access_mask(tvb, offset, pinfo, tree, drep);
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
- offset = winreg_dissect_element_SetKeySecurity_data(tvb, offset, pinfo, tree, drep);
+ offset = winreg_dissect_element_SetKeySecurity_sd(tvb, offset, pinfo, tree, drep);
offset = dissect_deferred_pointers(pinfo, tvb, offset, drep);
return offset;
}
@@ -2584,11 +2642,11 @@ winreg_dissect_element_SetValue_size(tvbuff_t *tvb, int offset, packet_info *pin
}
/* IDL: WERROR winreg_SetValue( */
-/* IDL: [in] [ref] policy_handle *handle, */
-/* IDL: [in] winreg_String name, */
-/* IDL: [in] winreg_Type type, */
-/* IDL: [in] [ref] [size_is(size)] uint8 *data, */
-/* IDL: [in] uint32 size */
+/* IDL: [keepref(1)] [in] [ref] policy_handle *handle, */
+/* IDL: [keepref(1)] [in] winreg_String name, */
+/* IDL: [keepref(1)] [in] winreg_Type type, */
+/* IDL: [keepref(1)] [size_is(size)] [in] [ref] uint8 *data, */
+/* IDL: [keepref(1)] [in] uint32 size */
/* IDL: ); */
static int
@@ -2700,11 +2758,11 @@ winreg_dissect_element_InitiateSystemShutdown_reboot(tvbuff_t *tvb, int offset,
}
/* IDL: WERROR winreg_InitiateSystemShutdown( */
-/* IDL: [unique(1)] [in] uint16 *hostname, */
-/* IDL: [unique(1)] [in] initshutdown_String *message, */
-/* IDL: [in] uint32 timeout, */
-/* IDL: [in] uint8 force_apps, */
-/* IDL: [in] uint8 reboot */
+/* IDL: [keepref(1)] [unique(1)] [in] uint16 *hostname, */
+/* IDL: [keepref(1)] [unique(1)] [in] initshutdown_String *message, */
+/* IDL: [keepref(1)] [in] uint32 timeout, */
+/* IDL: [keepref(1)] [in] uint8 force_apps, */
+/* IDL: [keepref(1)] [in] uint8 reboot */
/* IDL: ); */
static int
@@ -2753,7 +2811,7 @@ winreg_dissect_element_AbortSystemShutdown_server_(tvbuff_t *tvb, int offset, pa
}
/* IDL: WERROR winreg_AbortSystemShutdown( */
-/* IDL: [unique(1)] [in] uint16 *server */
+/* IDL: [keepref(1)] [unique(1)] [in] uint16 *server */
/* IDL: ); */
static int
@@ -2802,8 +2860,8 @@ winreg_dissect_element_GetVersion_version(tvbuff_t *tvb, int offset, packet_info
}
/* IDL: WERROR winreg_GetVersion( */
-/* IDL: [in] [ref] policy_handle *handle, */
-/* IDL: [out] uint32 version */
+/* IDL: [keepref(1)] [in] [ref] policy_handle *handle, */
+/* IDL: [keepref(1)] [out] uint32 version */
/* IDL: ); */
static int
@@ -2849,7 +2907,7 @@ winreg_dissect_element_OpenHKCC_system_name_(tvbuff_t *tvb, int offset, packet_i
static int
winreg_dissect_element_OpenHKCC_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKCC_access_mask,NULL);
+ offset = winreg_dissect_bitmap_AccessMask(tvb, offset, pinfo, tree, drep, hf_winreg_access_mask, 0);
return offset;
}
@@ -2865,15 +2923,15 @@ winreg_dissect_element_OpenHKCC_handle(tvbuff_t *tvb, int offset, packet_info *p
static int
winreg_dissect_element_OpenHKCC_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 0&0x01, 0&0x02);
+ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 1&0x01, 1&0x02);
return offset;
}
/* IDL: WERROR winreg_OpenHKCC( */
-/* IDL: [unique(1)] [in] uint16 *system_name, */
-/* IDL: [in] uint32 access_mask, */
-/* IDL: [out] [ref] policy_handle *handle */
+/* IDL: [keepref(1)] [unique(1)] [in] uint16 *system_name, */
+/* IDL: [keepref(1)] [in] winreg_AccessMask access_mask, */
+/* IDL: [keepref(1)] [out] [ref] policy_handle *handle */
/* IDL: ); */
static int
@@ -2921,7 +2979,7 @@ winreg_dissect_element_OpenHKDD_system_name_(tvbuff_t *tvb, int offset, packet_i
static int
winreg_dissect_element_OpenHKDD_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKDD_access_mask,NULL);
+ offset = winreg_dissect_bitmap_AccessMask(tvb, offset, pinfo, tree, drep, hf_winreg_access_mask, 0);
return offset;
}
@@ -2937,15 +2995,15 @@ winreg_dissect_element_OpenHKDD_handle(tvbuff_t *tvb, int offset, packet_info *p
static int
winreg_dissect_element_OpenHKDD_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 0&0x01, 0&0x02);
+ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 1&0x01, 1&0x02);
return offset;
}
/* IDL: WERROR winreg_OpenHKDD( */
-/* IDL: [unique(1)] [in] uint16 *system_name, */
-/* IDL: [in] uint32 access_mask, */
-/* IDL: [out] [ref] policy_handle *handle */
+/* IDL: [keepref(1)] [unique(1)] [in] uint16 *system_name, */
+/* IDL: [keepref(1)] [in] winreg_AccessMask access_mask, */
+/* IDL: [keepref(1)] [out] [ref] policy_handle *handle */
/* IDL: ); */
static int
@@ -3063,11 +3121,11 @@ winreg_dissect_element_QueryMultipleValues_buffer_size_(tvbuff_t *tvb, int offse
}
/* IDL: WERROR winreg_QueryMultipleValues( */
-/* IDL: [in] [ref] policy_handle *key_handle, */
-/* IDL: [out] [in] [ref] [length_is(num_values)] [size_is(num_values)] QueryMultipleValue *values, */
-/* IDL: [in] uint32 num_values, */
-/* IDL: [unique(1)] [out] [in] [length_is(*buffer_size)] [size_is(*buffer_size)] uint8 *buffer, */
-/* IDL: [out] [in] [ref] uint32 *buffer_size */
+/* IDL: [keepref(1)] [in] [ref] policy_handle *key_handle, */
+/* IDL: [keepref(1)] [size_is(num_values)] [length_is(num_values)] [out] [in] [ref] QueryMultipleValue *values, */
+/* IDL: [keepref(1)] [in] uint32 num_values, */
+/* IDL: [keepref(1)] [size_is(*buffer_size)] [length_is(*buffer_size)] [out] [unique(1)] [in] uint8 *buffer, */
+/* IDL: [keepref(1)] [out] [in] [ref] uint32 *buffer_size */
/* IDL: ); */
static int
@@ -3173,12 +3231,12 @@ winreg_dissect_element_InitiateSystemShutdownEx_reason(tvbuff_t *tvb, int offset
}
/* IDL: WERROR winreg_InitiateSystemShutdownEx( */
-/* IDL: [unique(1)] [in] uint16 *hostname, */
-/* IDL: [unique(1)] [in] initshutdown_String *message, */
-/* IDL: [in] uint32 timeout, */
-/* IDL: [in] uint8 force_apps, */
-/* IDL: [in] uint8 reboot, */
-/* IDL: [in] uint32 reason */
+/* IDL: [keepref(1)] [unique(1)] [in] uint16 *hostname, */
+/* IDL: [keepref(1)] [unique(1)] [in] initshutdown_String *message, */
+/* IDL: [keepref(1)] [in] uint32 timeout, */
+/* IDL: [keepref(1)] [in] uint8 force_apps, */
+/* IDL: [keepref(1)] [in] uint8 reboot, */
+/* IDL: [keepref(1)] [in] uint32 reason */
/* IDL: ); */
static int
@@ -3254,7 +3312,7 @@ winreg_dissect_element_OpenHKPT_system_name_(tvbuff_t *tvb, int offset, packet_i
static int
winreg_dissect_element_OpenHKPT_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKPT_access_mask,NULL);
+ offset = winreg_dissect_bitmap_AccessMask(tvb, offset, pinfo, tree, drep, hf_winreg_access_mask, 0);
return offset;
}
@@ -3270,15 +3328,15 @@ winreg_dissect_element_OpenHKPT_handle(tvbuff_t *tvb, int offset, packet_info *p
static int
winreg_dissect_element_OpenHKPT_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 0&0x01, 0&0x02);
+ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 1&0x01, 1&0x02);
return offset;
}
/* IDL: WERROR winreg_OpenHKPT( */
-/* IDL: [unique(1)] [in] uint16 *system_name, */
-/* IDL: [in] uint32 access_mask, */
-/* IDL: [out] [ref] policy_handle *handle */
+/* IDL: [keepref(1)] [unique(1)] [in] uint16 *system_name, */
+/* IDL: [keepref(1)] [in] winreg_AccessMask access_mask, */
+/* IDL: [keepref(1)] [out] [ref] policy_handle *handle */
/* IDL: ); */
static int
@@ -3326,7 +3384,7 @@ winreg_dissect_element_OpenHKPN_system_name_(tvbuff_t *tvb, int offset, packet_i
static int
winreg_dissect_element_OpenHKPN_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKPN_access_mask,NULL);
+ offset = winreg_dissect_bitmap_AccessMask(tvb, offset, pinfo, tree, drep, hf_winreg_access_mask, 0);
return offset;
}
@@ -3342,15 +3400,15 @@ winreg_dissect_element_OpenHKPN_handle(tvbuff_t *tvb, int offset, packet_info *p
static int
winreg_dissect_element_OpenHKPN_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
{
- offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 0&0x01, 0&0x02);
+ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_handle, NULL, NULL, 1&0x01, 1&0x02);
return offset;
}
/* IDL: WERROR winreg_OpenHKPN( */
-/* IDL: [unique(1)] [in] uint16 *system_name, */
-/* IDL: [in] uint32 access_mask, */
-/* IDL: [out] [ref] policy_handle *handle */
+/* IDL: [keepref(1)] [unique(1)] [in] uint16 *system_name, */
+/* IDL: [keepref(1)] [in] winreg_AccessMask access_mask, */
+/* IDL: [keepref(1)] [out] [ref] policy_handle *handle */
/* IDL: ); */
static int
@@ -3480,211 +3538,206 @@ static dcerpc_sub_dissector winreg_dissectors[] = {
void proto_register_dcerpc_winreg(void)
{
static hf_register_info hf[] = {
- { &hf_winreg_winreg_NotifyChangeKeyValue_string2,
- { "String2", "winreg.winreg_NotifyChangeKeyValue.string2", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_InitiateSystemShutdown_message,
- { "Message", "winreg.winreg_InitiateSystemShutdown.message", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }},
- { &hf_winreg_KeySecurityData_size,
- { "Size", "winreg.KeySecurityData.size", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_String_name,
- { "Name", "winreg.winreg_String.name", FT_STRING, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_InitiateSystemShutdownEx_message,
- { "Message", "winreg.winreg_InitiateSystemShutdownEx.message", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_InitiateSystemShutdown_reboot,
- { "Reboot", "winreg.winreg_InitiateSystemShutdown.reboot", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_EnumValue_enum_index,
- { "Enum Index", "winreg.winreg_EnumValue.enum_index", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryInfoKey_max_valbufsize,
+ { "Max Valbufsize", "winreg.winreg_QueryInfoKey.max_valbufsize", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_SecBuf_inherit,
+ { "Inherit", "winreg.winreg_SecBuf.inherit", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
{ &hf_winreg_winreg_QueryMultipleValues_key_handle,
{ "Key Handle", "winreg.winreg_QueryMultipleValues.key_handle", FT_BYTES, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_LoadKey_keyname,
- { "Keyname", "winreg.winreg_LoadKey.keyname", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_EnumKey_name,
- { "Name", "winreg.winreg_EnumKey.name", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
{ &hf_winreg_winreg_CreateKey_options,
{ "Options", "winreg.winreg_CreateKey.options", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_EnumValue_type,
- { "Type", "winreg.winreg_EnumValue.type", FT_UINT32, BASE_DEC, VALS(winreg_winreg_Type_vals), 0, "", HFILL }},
- { &hf_winreg_winreg_InitiateSystemShutdownEx_timeout,
- { "Timeout", "winreg.winreg_InitiateSystemShutdownEx.timeout", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_EnumKey_last_changed_time,
- { "Last Changed Time", "winreg.winreg_EnumKey.last_changed_time", FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_QueryValue_size,
- { "Size", "winreg.winreg_QueryValue.size", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_EnumValue_size,
- { "Size", "winreg.winreg_EnumValue.size", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_handle,
- { "Handle", "winreg.handle", FT_BYTES, BASE_NONE, NULL, 0, " ", HFILL }},
- { &hf_winreg_winreg_QueryInfoKey_max_valnamelen,
- { "Max Valnamelen", "winreg.winreg_QueryInfoKey.max_valnamelen", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_SecBuf_length,
- { "Length", "winreg.winreg_SecBuf.length", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
{ &hf_winreg_winreg_InitiateSystemShutdownEx_reboot,
{ "Reboot", "winreg.winreg_InitiateSystemShutdownEx.reboot", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_QueryMultipleValues_buffer_size,
- { "Buffer Size", "winreg.winreg_QueryMultipleValues.buffer_size", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_QueryValue_data,
- { "Data", "winreg.winreg_QueryValue.data", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_CreateKey_new_handle,
- { "New Handle", "winreg.winreg_CreateKey.new_handle", FT_BYTES, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_EnumKey_class,
- { "Class", "winreg.winreg_EnumKey.class", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_String_name,
+ { "Name", "winreg.winreg_String.name", FT_STRING, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_NotifyChangeKeyValue_notify_filter,
+ { "Notify Filter", "winreg.winreg_NotifyChangeKeyValue.notify_filter", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
{ &hf_winreg_winreg_QueryInfoKey_max_subkeysize,
{ "Max Subkeysize", "winreg.winreg_QueryInfoKey.max_subkeysize", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_InitiateSystemShutdown_hostname,
- { "Hostname", "winreg.winreg_InitiateSystemShutdown.hostname", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_OpenHKPT_access_mask,
- { "Access Mask", "winreg.winreg_OpenHKPT.access_mask", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_OpenHKCC_access_mask,
- { "Access Mask", "winreg.winreg_OpenHKCC.access_mask", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_KeySecurityData_data,
- { "Data", "winreg.KeySecurityData.data", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_OpenKey_access_mask,
- { "Access Mask", "winreg.winreg_OpenKey.access_mask", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_OpenKey_new_handle,
+ { "New Handle", "winreg.winreg_OpenKey.new_handle", FT_BYTES, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_OpenKey_unknown,
+ { "Unknown", "winreg.winreg_OpenKey.unknown", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_SetValue_data,
+ { "Data", "winreg.winreg_SetValue.data", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryMultipleValues_values,
+ { "Values", "winreg.winreg_QueryMultipleValues.values", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryInfoKey_last_changed_time,
+ { "Last Changed Time", "winreg.winreg_QueryInfoKey.last_changed_time", FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0, "", HFILL }},
{ &hf_winreg_QueryMultipleValue_name,
{ "Name", "winreg.QueryMultipleValue.name", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_GetKeySecurity_sec_info,
- { "Sec Info", "winreg.winreg_GetKeySecurity.sec_info", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_StringBuf_size,
- { "Size", "winreg.winreg_StringBuf.size", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_SecBuf_sd,
- { "Sd", "winreg.winreg_SecBuf.sd", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_EnumValue_type,
+ { "Type", "winreg.winreg_EnumValue.type", FT_UINT32, BASE_DEC, VALS(winreg_winreg_Type_vals), 0, "", HFILL }},
{ &hf_winreg_winreg_CreateKey_class,
{ "Class", "winreg.winreg_CreateKey.class", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_QueryInfoKey_secdescsize,
- { "Secdescsize", "winreg.winreg_QueryInfoKey.secdescsize", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_OpenKey_keyname,
- { "Keyname", "winreg.winreg_OpenKey.keyname", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_QueryMultipleValue_type,
- { "Type", "winreg.QueryMultipleValue.type", FT_UINT32, BASE_DEC, VALS(winreg_winreg_Type_vals), 0, "", HFILL }},
- { &hf_winreg_winreg_SetValue_name,
- { "Name", "winreg.winreg_SetValue.name", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_NotifyChangeKeyValue_watch_subtree,
- { "Watch Subtree", "winreg.winreg_NotifyChangeKeyValue.watch_subtree", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_CreateKey_access_mask,
- { "Access Mask", "winreg.winreg_CreateKey.access_mask", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_CreateKey_secdesc,
- { "Secdesc", "winreg.winreg_CreateKey.secdesc", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_InitiateSystemShutdownEx_force_apps,
- { "Force Apps", "winreg.winreg_InitiateSystemShutdownEx.force_apps", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
{ &hf_winreg_winreg_SetValue_type,
{ "Type", "winreg.winreg_SetValue.type", FT_UINT32, BASE_DEC, VALS(winreg_winreg_Type_vals), 0, "", HFILL }},
- { &hf_winreg_KeySecurityData_len,
- { "Len", "winreg.KeySecurityData.len", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_CreateKey_name,
- { "Name", "winreg.winreg_CreateKey.name", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_String_name_len,
- { "Name Len", "winreg.winreg_String.name_len", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_opnum,
- { "Operation", "winreg.opnum", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_DeleteKey_key,
- { "Key", "winreg.winreg_DeleteKey.key", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_EnumValue_name,
- { "Name", "winreg.winreg_EnumValue.name", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_EnumKey_class,
+ { "Class", "winreg.winreg_EnumKey.class", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_access_mask,
+ { "Access Mask", "winreg.access_mask", FT_UINT32, BASE_HEX, NULL, 0, " ", HFILL }},
+ { &hf_winreg_winreg_CreateKey_secdesc,
+ { "Secdesc", "winreg.winreg_CreateKey.secdesc", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryMultipleValues_buffer,
+ { "Buffer", "winreg.winreg_QueryMultipleValues.buffer", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_GetVersion_version,
+ { "Version", "winreg.winreg_GetVersion.version", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_SetKeySecurity_access_mask,
+ { "Access Mask", "winreg.winreg_SetKeySecurity.access_mask", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_NotifyChangeKeyValue_unknown,
+ { "Unknown", "winreg.winreg_NotifyChangeKeyValue.unknown", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
{ &hf_winreg_winreg_LoadKey_filename,
{ "Filename", "winreg.winreg_LoadKey.filename", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_DeleteValue_value,
- { "Value", "winreg.winreg_DeleteValue.value", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_EnumValue_enum_index,
+ { "Enum Index", "winreg.winreg_EnumValue.enum_index", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_CreateKey_action_taken,
+ { "Action Taken", "winreg.winreg_CreateKey.action_taken", FT_UINT32, BASE_DEC, VALS(winreg_winreg_CreateAction_vals), 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryValue_size,
+ { "Size", "winreg.winreg_QueryValue.size", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryMultipleValues_buffer_size,
+ { "Buffer Size", "winreg.winreg_QueryMultipleValues.buffer_size", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
{ &hf_winreg_system_name,
{ "System Name", "winreg.system_name", FT_UINT16, BASE_DEC, NULL, 0, " ", HFILL }},
+ { &hf_winreg_KeySecurityData_size,
+ { "Size", "winreg.KeySecurityData.size", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_EnumValue_value,
+ { "Value", "winreg.winreg_EnumValue.value", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_InitiateSystemShutdownEx_message,
+ { "Message", "winreg.winreg_InitiateSystemShutdownEx.message", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryInfoKey_secdescsize,
+ { "Secdescsize", "winreg.winreg_QueryInfoKey.secdescsize", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_sd_max_size,
+ { "Max Size", "winreg.sd.max_size", FT_UINT32, BASE_DEC, NULL, 0, " ", HFILL }},
+ { &hf_winreg_winreg_QueryValue_data,
+ { "Data", "winreg.winreg_QueryValue.data", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_EnumValue_length,
+ { "Length", "winreg.winreg_EnumValue.length", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_SecBuf_length,
+ { "Length", "winreg.winreg_SecBuf.length", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryValue_value_name,
+ { "Value Name", "winreg.winreg_QueryValue.value_name", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryInfoKey_num_values,
+ { "Num Values", "winreg.winreg_QueryInfoKey.num_values", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_InitiateSystemShutdown_reboot,
+ { "Reboot", "winreg.winreg_InitiateSystemShutdown.reboot", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_CreateKey_new_handle,
+ { "New Handle", "winreg.winreg_CreateKey.new_handle", FT_BYTES, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryValue_type,
+ { "Type", "winreg.winreg_QueryValue.type", FT_UINT32, BASE_DEC, VALS(winreg_winreg_Type_vals), 0, "", HFILL }},
+ { &hf_winreg_winreg_AccessMask_CANT_HAVE_EMPTY_BITMAP_PIDL_BUG,
+ { "Cant Have Empty Bitmap Pidl Bug", "winreg.winreg_AccessMask.CANT_HAVE_EMPTY_BITMAP_PIDL_BUG", FT_BOOLEAN, 32, TFS(&winreg_AccessMask_CANT_HAVE_EMPTY_BITMAP_PIDL_BUG_tfs), ( 0x00000001 ), "", HFILL }},
+ { &hf_winreg_KeySecurityData_data,
+ { "Data", "winreg.KeySecurityData.data", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
{ &hf_winreg_QueryMultipleValue_length,
{ "Length", "winreg.QueryMultipleValue.length", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_QueryMultipleValues_num_values,
- { "Num Values", "winreg.winreg_QueryMultipleValues.num_values", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_access_required,
- { "Access Required", "winreg.access_required", FT_UINT32, BASE_HEX, NULL, 0, " ", HFILL }},
+ { &hf_winreg_winreg_LoadKey_keyname,
+ { "Keyname", "winreg.winreg_LoadKey.keyname", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_InitiateSystemShutdown_hostname,
+ { "Hostname", "winreg.winreg_InitiateSystemShutdown.hostname", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
{ &hf_winreg_winreg_StringBuf_name,
{ "Name", "winreg.winreg_StringBuf.name", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
{ &hf_winreg_winreg_NotifyChangeKeyValue_unknown2,
{ "Unknown2", "winreg.winreg_NotifyChangeKeyValue.unknown2", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_QueryInfoKey_num_subkeys,
- { "Num Subkeys", "winreg.winreg_QueryInfoKey.num_subkeys", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_StringBuf_length,
- { "Length", "winreg.winreg_StringBuf.length", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_QueryInfoKey_last_changed_time,
- { "Last Changed Time", "winreg.winreg_QueryInfoKey.last_changed_time", FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_OpenHKPD_access_mask,
- { "Access Mask", "winreg.winreg_OpenHKPD.access_mask", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_AbortSystemShutdown_server,
- { "Server", "winreg.winreg_AbortSystemShutdown.server", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_QueryValue_type,
- { "Type", "winreg.winreg_QueryValue.type", FT_UINT32, BASE_DEC, VALS(winreg_winreg_Type_vals), 0, "", HFILL }},
- { &hf_winreg_winreg_String_name_size,
- { "Name Size", "winreg.winreg_String.name_size", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_NotifyChangeKeyValue_unknown,
- { "Unknown", "winreg.winreg_NotifyChangeKeyValue.unknown", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_QueryValue_length,
- { "Length", "winreg.winreg_QueryValue.length", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_OpenHKCR_access_mask,
- { "Access Mask", "winreg.winreg_OpenHKCR.access_mask", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_OpenKey_unknown,
- { "Unknown", "winreg.winreg_OpenKey.unknown", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_QueryInfoKey_max_valbufsize,
- { "Max Valbufsize", "winreg.winreg_QueryInfoKey.max_valbufsize", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_EnumValue_name,
+ { "Name", "winreg.winreg_EnumValue.name", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
{ &hf_winreg_winreg_InitiateSystemShutdownEx_reason,
{ "Reason", "winreg.winreg_InitiateSystemShutdownEx.reason", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_OpenHKLM_access_mask,
- { "Access Mask", "winreg.winreg_OpenHKLM.access_mask", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_SecBuf_inherit,
- { "Inherit", "winreg.winreg_SecBuf.inherit", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_SetValue_size,
- { "Size", "winreg.winreg_SetValue.size", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_EnumValue_length,
- { "Length", "winreg.winreg_EnumValue.length", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_QueryMultipleValues_values,
- { "Values", "winreg.winreg_QueryMultipleValues.values", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_QueryInfoKey_max_subkeylen,
- { "Max Subkeylen", "winreg.winreg_QueryInfoKey.max_subkeylen", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_InitiateSystemShutdown_timeout,
- { "Timeout", "winreg.winreg_InitiateSystemShutdown.timeout", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_InitiateSystemShutdownEx_hostname,
- { "Hostname", "winreg.winreg_InitiateSystemShutdownEx.hostname", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_QueryInfoKey_class,
- { "Class", "winreg.winreg_QueryInfoKey.class", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_InitiateSystemShutdown_message,
+ { "Message", "winreg.winreg_InitiateSystemShutdown.message", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_DeleteValue_value,
+ { "Value", "winreg.winreg_DeleteValue.value", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_SetValue_name,
+ { "Name", "winreg.winreg_SetValue.name", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_NotifyChangeKeyValue_watch_subtree,
+ { "Watch Subtree", "winreg.winreg_NotifyChangeKeyValue.watch_subtree", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_EnumKey_name,
+ { "Name", "winreg.winreg_EnumKey.name", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryValue_length,
+ { "Length", "winreg.winreg_QueryValue.length", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_QueryMultipleValue_offset,
+ { "Offset", "winreg.QueryMultipleValue.offset", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_SecBuf_sd,
+ { "Sd", "winreg.winreg_SecBuf.sd", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
{ &hf_winreg_werror,
{ "Windows Error", "winreg.werror", FT_UINT32, BASE_HEX, VALS(DOS_errors), 0, "", HFILL }},
- { &hf_winreg_winreg_OpenHKPN_access_mask,
- { "Access Mask", "winreg.winreg_OpenHKPN.access_mask", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_GetVersion_version,
- { "Version", "winreg.winreg_GetVersion.version", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_CreateKey_action_taken,
- { "Action Taken", "winreg.winreg_CreateKey.action_taken", FT_UINT32, BASE_DEC, VALS(winreg_winreg_CreateAction_vals), 0, "", HFILL }},
- { &hf_winreg_winreg_QueryInfoKey_num_values,
- { "Num Values", "winreg.winreg_QueryInfoKey.num_values", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_SetKeySecurity_data,
- { "Data", "winreg.winreg_SetKeySecurity.data", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_String_name_len,
+ { "Name Len", "winreg.winreg_String.name_len", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_opnum,
+ { "Operation", "winreg.opnum", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_QueryMultipleValue_type,
+ { "Type", "winreg.QueryMultipleValue.type", FT_UINT32, BASE_DEC, VALS(winreg_winreg_Type_vals), 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryInfoKey_num_subkeys,
+ { "Num Subkeys", "winreg.winreg_QueryInfoKey.num_subkeys", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryInfoKey_class_in,
+ { "Class In", "winreg.winreg_QueryInfoKey.class_in", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_InitiateSystemShutdownEx_timeout,
+ { "Timeout", "winreg.winreg_InitiateSystemShutdownEx.timeout", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_handle,
+ { "Handle", "winreg.handle", FT_BYTES, BASE_NONE, NULL, 0, " ", HFILL }},
+ { &hf_winreg_winreg_GetKeySecurity_sec_info,
+ { "Sec Info", "winreg.winreg_GetKeySecurity.sec_info", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_DeleteKey_key,
+ { "Key", "winreg.winreg_DeleteKey.key", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_EnumKey_last_changed_time,
+ { "Last Changed Time", "winreg.winreg_EnumKey.last_changed_time", FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryInfoKey_max_subkeylen,
+ { "Max Subkeylen", "winreg.winreg_QueryInfoKey.max_subkeylen", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_sd_actual_size,
+ { "Actual Size", "winreg.sd.actual_size", FT_UINT32, BASE_DEC, NULL, 0, " ", HFILL }},
+ { &hf_winreg_winreg_AbortSystemShutdown_server,
+ { "Server", "winreg.winreg_AbortSystemShutdown.server", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_sd_offset,
+ { "Offset", "winreg.sd.offset", FT_UINT32, BASE_DEC, NULL, 0, " ", HFILL }},
+ { &hf_winreg_sd,
+ { "KeySecurityData", "winreg.sd", FT_NONE, BASE_NONE, NULL, 0, " ", HFILL }},
{ &hf_winreg_winreg_EnumKey_enum_index,
{ "Enum Index", "winreg.winreg_EnumKey.enum_index", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_SetValue_data,
- { "Data", "winreg.winreg_SetValue.data", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryInfoKey_class_out,
+ { "Class Out", "winreg.winreg_QueryInfoKey.class_out", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_InitiateSystemShutdownEx_hostname,
+ { "Hostname", "winreg.winreg_InitiateSystemShutdownEx.hostname", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_InitiateSystemShutdownEx_force_apps,
+ { "Force Apps", "winreg.winreg_InitiateSystemShutdownEx.force_apps", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_CreateKey_name,
+ { "Name", "winreg.winreg_CreateKey.name", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_StringBuf_size,
+ { "Size", "winreg.winreg_StringBuf.size", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_OpenKey_keyname,
+ { "Keyname", "winreg.winreg_OpenKey.keyname", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
+ { &hf_winreg_KeySecurityData_len,
+ { "Len", "winreg.KeySecurityData.len", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
{ &hf_winreg_winreg_InitiateSystemShutdown_force_apps,
{ "Force Apps", "winreg.winreg_InitiateSystemShutdown.force_apps", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_EnumValue_value,
- { "Value", "winreg.winreg_EnumValue.value", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_OpenHKPD_access_mask,
+ { "Access Mask", "winreg.winreg_OpenHKPD.access_mask", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_EnumValue_size,
+ { "Size", "winreg.winreg_EnumValue.size", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_SetValue_size,
+ { "Size", "winreg.winreg_SetValue.size", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_OpenKey_access_mask,
+ { "Access Mask", "winreg.winreg_OpenKey.access_mask", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_InitiateSystemShutdown_timeout,
+ { "Timeout", "winreg.winreg_InitiateSystemShutdown.timeout", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryInfoKey_max_valnamelen,
+ { "Max Valnamelen", "winreg.winreg_QueryInfoKey.max_valnamelen", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_QueryMultipleValues_num_values,
+ { "Num Values", "winreg.winreg_QueryMultipleValues.num_values", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_OpenHKCU_access_mask,
+ { "Access Mask", "winreg.winreg_OpenHKCU.access_mask", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_String_name_size,
+ { "Name Size", "winreg.winreg_String.name_size", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_StringBuf_length,
+ { "Length", "winreg.winreg_StringBuf.length", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }},
{ &hf_winreg_winreg_NotifyChangeKeyValue_string1,
{ "String1", "winreg.winreg_NotifyChangeKeyValue.string1", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_QueryMultipleValues_buffer,
- { "Buffer", "winreg.winreg_QueryMultipleValues.buffer", FT_UINT8, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_OpenHKDD_access_mask,
- { "Access Mask", "winreg.winreg_OpenHKDD.access_mask", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_SetKeySecurity_access_mask,
- { "Access Mask", "winreg.winreg_SetKeySecurity.access_mask", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_QueryValue_value_name,
- { "Value Name", "winreg.winreg_QueryValue.value_name", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_OpenHKCU_access_mask,
- { "Access Mask", "winreg.winreg_OpenHKCU.access_mask", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_GetKeySecurity_sd,
- { "Sd", "winreg.winreg_GetKeySecurity.sd", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_OpenHKU_access_mask,
- { "Access Mask", "winreg.winreg_OpenHKU.access_mask", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_winreg_NotifyChangeKeyValue_notify_filter,
- { "Notify Filter", "winreg.winreg_NotifyChangeKeyValue.notify_filter", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
- { &hf_winreg_QueryMultipleValue_offset,
- { "Offset", "winreg.QueryMultipleValue.offset", FT_UINT32, BASE_DEC, NULL, 0, "", HFILL }},
+ { &hf_winreg_winreg_NotifyChangeKeyValue_string2,
+ { "String2", "winreg.winreg_NotifyChangeKeyValue.string2", FT_NONE, BASE_NONE, NULL, 0, "", HFILL }},
};
static gint *ett[] = {
&ett_dcerpc_winreg,
+ &ett_winreg_winreg_AccessMask,
&ett_winreg_winreg_String,
&ett_winreg_KeySecurityData,
&ett_winreg_winreg_SecBuf,
diff --git a/epan/dissectors/pidl/packet-dcerpc-winreg.h b/epan/dissectors/pidl/packet-dcerpc-winreg.h
index 08166d1aa8..774fb38210 100644
--- a/epan/dissectors/pidl/packet-dcerpc-winreg.h
+++ b/epan/dissectors/pidl/packet-dcerpc-winreg.h
@@ -5,9 +5,9 @@
from winreg.idl and winreg.cnf.
Pidl is a perl based IDL compiler for DCE/RPC idl files.
- It is maintained by the Samba team, not the Wireshark team.
+ It is maintained by the Samba team, not the Ethereal team.
Instructions on how to download and install Pidl can be
- found at http://wiki.wireshark.org/Pidl
+ found at http://wiki.ethereal.com/Pidl
*/
@@ -18,6 +18,7 @@
#include "packet-dcerpc-initshutdown.h"
+int winreg_dissect_bitmap_AccessMask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int hf_index, guint32 param);
#define REG_NONE (0)
#define REG_SZ (1)
#define REG_EXPAND_SZ (2)
diff --git a/epan/dissectors/pidl/winreg.cnf b/epan/dissectors/pidl/winreg.cnf
index e5a146cd5d..f44cc742c5 100644
--- a/epan/dissectors/pidl/winreg.cnf
+++ b/epan/dissectors/pidl/winreg.cnf
@@ -1,18 +1,25 @@
IMPORT security_secinfo offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_GetKeySecurity_sec_info, NULL);
-HF_FIELD hf_winreg_access_required "Access Required" "winreg.access_required" FT_UINT32 BASE_HEX NULL 0 "" "" ""
-HF_RENAME hf_winreg_winreg_OpenHKCR_access_required hf_winreg_access_required
-HF_RENAME hf_winreg_winreg_OpenHKLM_access_required hf_winreg_access_required
-HF_RENAME hf_winreg_winreg_OpenHKU_access_required hf_winreg_access_required
-HF_RENAME hf_winreg_winreg_CreateKey_access_required hf_winreg_access_required
-HF_RENAME hf_winreg_winreg_OpenHKCC_access_required hf_winreg_access_required
-HF_RENAME hf_winreg_winreg_OpenHKDD_access_required hf_winreg_access_required
-HF_RENAME hf_winreg_winreg_OpenHKPT_access_required hf_winreg_access_required
-HF_RENAME hf_winreg_winreg_OpenHKPN_access_required hf_winreg_access_required
+#
+# Make all instances of an access mask use the same hf field display filter
+# name
+#
+HF_FIELD hf_winreg_access_mask "Access Mask" "winreg.access_mask" FT_UINT32 BASE_HEX NULL 0 "" "" ""
+HF_RENAME hf_winreg_winreg_OpenHKCR_access_mask hf_winreg_access_mask
+HF_RENAME hf_winreg_winreg_OpenHKLM_access_mask hf_winreg_access_mask
+HF_RENAME hf_winreg_winreg_OpenHKU_access_mask hf_winreg_access_mask
+HF_RENAME hf_winreg_winreg_CreateKey_access_mask hf_winreg_access_mask
+HF_RENAME hf_winreg_winreg_OpenHKCC_access_mask hf_winreg_access_mask
+HF_RENAME hf_winreg_winreg_OpenHKDD_access_mask hf_winreg_access_mask
+HF_RENAME hf_winreg_winreg_OpenHKPT_access_mask hf_winreg_access_mask
+HF_RENAME hf_winreg_winreg_OpenHKPN_access_mask hf_winreg_access_mask
-HF_FIELD hf_winreg_system_name "System Name" "winreg.system_name" FT_UINT16 BASE_DEC NULL 0 "" "" ""
+#
+# Make all instances of a system name use the same hf display filter name
+#
+HF_FIELD hf_winreg_system_name "System Name" "winreg.system_name" FT_UINT16 BASE_DEC NULL 0 "" "" ""
HF_RENAME hf_winreg_winreg_OpenHKCR_system_name hf_winreg_system_name
HF_RENAME hf_winreg_winreg_OpenHKCU_system_name hf_winreg_system_name
HF_RENAME hf_winreg_winreg_OpenHKLM_system_name hf_winreg_system_name
@@ -23,8 +30,11 @@ HF_RENAME hf_winreg_winreg_OpenHKDD_system_name hf_winreg_system_name
HF_RENAME hf_winreg_winreg_OpenHKPT_system_name hf_winreg_system_name
HF_RENAME hf_winreg_winreg_OpenHKPN_system_name hf_winreg_system_name
-HF_FIELD hf_winreg_handle "Handle" "winreg.handle" FT_BYTES BASE_NONE NULL 0 "" "" ""
+#
+# make all policyhandles use the same hf display filter name
+#
+HF_FIELD hf_winreg_handle "Handle" "winreg.handle" FT_BYTES BASE_NONE NULL 0 "" "" ""
HF_RENAME hf_winreg_winreg_OpenHKCR_handle hf_winreg_handle
HF_RENAME hf_winreg_winreg_OpenHKCU_handle hf_winreg_handle
HF_RENAME hf_winreg_winreg_OpenHKLM_handle hf_winreg_handle
@@ -50,3 +60,112 @@ HF_RENAME hf_winreg_winreg_OpenHKCC_handle hf_winreg_handle
HF_RENAME hf_winreg_winreg_OpenHKDD_handle hf_winreg_handle
HF_RENAME hf_winreg_winreg_OpenHKPT_handle hf_winreg_handle
HF_RENAME hf_winreg_winreg_OpenHKPN_handle hf_winreg_handle
+
+
+
+#
+# Make both instances of KeySecurityData resolve to the same
+# hf display filter field.
+#
+HF_FIELD hf_winreg_sd "KeySecurityData" "winreg.sd" FT_NONE BASE_NONE NULL 0 "" "" ""
+HF_RENAME hf_winreg_winreg_GetKeySecurity_sd hf_winreg_sd
+HF_RENAME hf_winreg_winreg_SetKeySecurity_sd hf_winreg_sd
+
+
+
+#
+# policyhandle tracking
+# This block is to specify where a policyhandle is opened and where it is
+# closed so that policyhandles when dissected contain nice info such as
+# [opened in xxx] [closed in yyy]
+#
+# Policyhandles are opened in these functions (open==0x0001)
+PARAM_VALUE winreg_dissect_element_OpenHKCR_handle_ 0x0001
+PARAM_VALUE winreg_dissect_element_OpenHKCU_handle_ 0x0001
+PARAM_VALUE winreg_dissect_element_OpenHKLM_handle_ 0x0001
+PARAM_VALUE winreg_dissect_element_OpenHKPD_handle_ 0x0001
+PARAM_VALUE winreg_dissect_element_OpenHKU_handle_ 0x0001
+PARAM_VALUE winreg_dissect_element_OpenHKCC_handle_ 0x0001
+PARAM_VALUE winreg_dissect_element_OpenHKDD_handle_ 0x0001
+PARAM_VALUE winreg_dissect_element_OpenHKPT_handle_ 0x0001
+PARAM_VALUE winreg_dissect_element_OpenHKPN_handle_ 0x0001
+PARAM_VALUE winreg_dissect_element_CreateKey_new_handle_ 0x0001
+PARAM_VALUE winreg_dissect_element_OpenKey_new_handle_ 0x0001
+# Policyhandles are closed in these functions (close==0x0002)
+PARAM_VALUE winreg_dissect_element_CloseKey_handle_ 0x0002
+PARAM_VALUE winreg_dissect_element_DeleteKey_handle_ 0x0002
+
+
+
+#
+# Override the generation of dissectors of the security descriptor and the
+# access mask.
+# The security descriptor is just an array of bytes in the idl file
+# so we override generation of it and calls the proper wireshark dissector
+# after manually eating the 12 bytes of conformance data.
+#
+# Same for the access mask dissector since the idl would only define those
+# flag bits that are specific to WINREG therefore we set up the appropriate
+# structures and then call the wireshark accessmask dissector instead.
+#
+#
+HF_FIELD hf_winreg_sd_max_size "Max Size" "winreg.sd.max_size" FT_UINT32 BASE_DEC NULL 0 "" "" ""
+HF_FIELD hf_winreg_sd_offset "Offset" "winreg.sd.offset" FT_UINT32 BASE_DEC NULL 0 "" "" ""
+HF_FIELD hf_winreg_sd_actual_size "Actual Size" "winreg.sd.actual_size" FT_UINT32 BASE_DEC NULL 0 "" "" ""
+MANUAL winreg_dissect_element_KeySecurityData_data__
+MANUAL winreg_dissect_element_KeySecurityData_data_
+MANUAL winreg_dissect_bitmap_AccessMask
+
+
+
+CODE START
+static void
+winreg_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint32 access)
+{
+ proto_tree_add_boolean(tree, hf_winreg_winreg_AccessMask_CANT_HAVE_EMPTY_BITMAP_PIDL_BUG, tvb, offset, 4, access);
+}
+
+struct access_mask_info winreg_access_mask_info = {
+ "WINREG", /* Name of specific rights */
+ winreg_specific_rights, /* Dissection function */
+ NULL, /* Generic mapping table */
+ NULL /* Standard mapping table */
+};
+
+static int
+winreg_dissect_element_KeySecurityData_data_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep)
+{
+ guint32 len;
+ dcerpc_info *di;
+
+ di=pinfo->private_data;
+ if(di->conformant_run){
+ /*just a run to handle conformant arrays, nothing to dissect */
+ return offset;
+ }
+
+ /* this is a varying and conformant array */
+ offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+ hf_winreg_sd_max_size, NULL);
+ offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+ hf_winreg_sd_offset, NULL);
+ offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep,
+ hf_winreg_sd_actual_size, &len);
+
+ dissect_nt_sec_desc(tvb, offset, pinfo, tree, drep, TRUE, len,
+ &winreg_access_mask_info);
+
+ offset += len;
+
+ return offset;
+}
+
+int
+winreg_dissect_bitmap_AccessMask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int hf_index, guint32 param _U_)
+{
+ offset = dissect_nt_access_mask(
+ tvb, offset, pinfo, tree, drep, hf_winreg_access_mask,
+ &winreg_access_mask_info, NULL);
+ return offset;
+}
+CODE END
diff --git a/epan/dissectors/pidl/winreg.idl b/epan/dissectors/pidl/winreg.idl
index d0da5fcc24..bdfeaa5c2d 100644
--- a/epan/dissectors/pidl/winreg.idl
+++ b/epan/dissectors/pidl/winreg.idl
@@ -1,5 +1,3 @@
-#include "idl_types.h"
-
/*
winreg interface definition
*/
@@ -11,11 +9,16 @@
pointer_default(unique),
pointer_default_top(unique),
helpstring("Remote Registry Service"),
- depends(lsa,initshutdown)
+ depends(lsa,initshutdown,security),
+ keepref
] interface winreg
{
declare bitmap security_secinfo;
+ typedef [bitmap32bit] bitmap {
+ CANT_HAVE_EMPTY_BITMAP_PIDL_BUG = 0x00000001
+ } winreg_AccessMask;
+
typedef [v1_enum] enum {
REG_NONE = 0,
REG_SZ = 1,
@@ -41,7 +44,7 @@
/* Function: 0x00 */
WERROR winreg_OpenHKCR(
[in] uint16 *system_name,
- [in] uint32 access_mask,
+ [in] winreg_AccessMask access_mask,
[out,ref] policy_handle *handle
);
@@ -49,7 +52,7 @@
/* Function: 0x01 */
WERROR winreg_OpenHKCU(
[in] uint16 *system_name,
- [in] uint32 access_mask,
+ [in] winreg_AccessMask access_mask,
[out,ref] policy_handle *handle
);
@@ -57,7 +60,7 @@
/* Function: 0x02 */
WERROR winreg_OpenHKLM(
[in] uint16 *system_name,
- [in] uint32 access_mask,
+ [in] winreg_AccessMask access_mask,
[out,ref] policy_handle *handle
);
@@ -65,7 +68,7 @@
/* Function: 0x03 */
WERROR winreg_OpenHKPD(
[in] uint16 *system_name,
- [in] uint32 access_mask,
+ [in] winreg_AccessMask access_mask,
[out,ref] policy_handle *handle
);
@@ -73,7 +76,7 @@
/* Function: 0x04 */
WERROR winreg_OpenHKU(
[in] uint16 *system_name,
- [in] uint32 access_mask,
+ [in] winreg_AccessMask access_mask,
[out,ref] policy_handle *handle
);
@@ -95,7 +98,7 @@
typedef struct {
uint32 length;
KeySecurityData sd;
- bool8 inherit;
+ boolean8 inherit;
} winreg_SecBuf;
typedef [v1_enum] enum {
@@ -109,7 +112,7 @@
[in] winreg_String name,
[in] winreg_String class,
[in] uint32 options,
- [in] uint32 access_mask,
+ [in] winreg_AccessMask access_mask,
[in,unique] winreg_SecBuf *secdesc,
[out,ref] policy_handle *new_handle,
[in,out,unique] winreg_CreateAction *action_taken
@@ -130,7 +133,7 @@
);
typedef struct {
- [value(strlen_m(name)*2)] uint16 length;
+ [value(strlen_m_term(name)*2)] uint16 length;
/* size cannot be auto-set by value() as it is the
amount of space the server is allowed to use for this
string in the reply, not its current size */
@@ -199,16 +202,16 @@
[in,ref] policy_handle *handle,
[in] winreg_String keyname,
[in] uint32 unknown,
- [in] uint32 access_mask,
- [out,ref] policy_handle *handle
+ [in] winreg_AccessMask access_mask,
+ [out,ref] policy_handle *new_handle
);
/******************/
/* Function: 0x10 */
WERROR winreg_QueryInfoKey(
[in,ref] policy_handle *handle,
- [in] winreg_String class,
- [out] winreg_String class,
+ [in] winreg_String class_in,
+ [out] winreg_String class_out,
[out] uint32 num_subkeys,
[out] uint32 max_subkeylen,
[out] uint32 max_subkeysize,
@@ -249,8 +252,8 @@
/* Function: 0x15 */
WERROR winreg_SetKeySecurity(
[in,ref] policy_handle *handle,
- [in] uint32 access_mask,
- [in,out,ref] KeySecurityData *data
+ [in] winreg_AccessMask access_mask,
+ [in,out,ref] KeySecurityData *sd
);
/******************/
@@ -295,7 +298,7 @@
/* Function: 0x1b */
WERROR winreg_OpenHKCC(
[in] uint16 *system_name,
- [in] uint32 access_mask,
+ [in] winreg_AccessMask access_mask,
[out,ref] policy_handle *handle
);
@@ -303,7 +306,7 @@
/* Function: 0x1c */
WERROR winreg_OpenHKDD(
[in] uint16 *system_name,
- [in] uint32 access_mask,
+ [in] winreg_AccessMask access_mask,
[out,ref] policy_handle *handle
);
@@ -344,7 +347,7 @@
/* Function: 0x20 */
WERROR winreg_OpenHKPT(
[in] uint16 *system_name,
- [in] uint32 access_mask,
+ [in] winreg_AccessMask access_mask,
[out,ref] policy_handle *handle
);
@@ -352,7 +355,7 @@
/* Function: 0x21 */
WERROR winreg_OpenHKPN(
[in] uint16 *system_name,
- [in] uint32 access_mask,
+ [in] winreg_AccessMask access_mask,
[out,ref] policy_handle *handle
);
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-09 18:09:39 +0000