From 7cc2d21bc7c56a0fb04ed72af23c99256615b085 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Thu, 15 Sep 2005 07:34:52 +0000 Subject: A first go at importing some pidl generated code into ethereal. This commit replaces the hand written dcerpc initshutdown and winreg interfaces with autogenerated ones. The pidl generated code is still a bit rought around the edges but will hopefully improve with time. svn path=/trunk/; revision=15812 --- epan/dissectors/Makefile.common | 16 +- epan/dissectors/packet-dcerpc-initshutdown.c | 212 -- epan/dissectors/packet-dcerpc-initshutdown.h | 37 - epan/dissectors/packet-dcerpc-reg.c | 926 ------ epan/dissectors/packet-dcerpc-reg.h | 84 - epan/dissectors/packet-dcerpc-spoolss.c | 32 +- epan/dissectors/pidl/README | 0 epan/dissectors/pidl/initshutdown.idl | 47 + epan/dissectors/pidl/packet-dcerpc-initshutdown.c | 489 +++ epan/dissectors/pidl/packet-dcerpc-initshutdown.h | 19 + epan/dissectors/pidl/packet-dcerpc-winreg.c | 3588 +++++++++++++++++++++ epan/dissectors/pidl/packet-dcerpc-winreg.h | 45 + epan/dissectors/pidl/winreg.idl | 363 +++ 13 files changed, 4594 insertions(+), 1264 deletions(-) delete mode 100644 epan/dissectors/packet-dcerpc-initshutdown.c delete mode 100644 epan/dissectors/packet-dcerpc-initshutdown.h delete mode 100644 epan/dissectors/packet-dcerpc-reg.c delete mode 100644 epan/dissectors/packet-dcerpc-reg.h create mode 100644 epan/dissectors/pidl/README create mode 100644 epan/dissectors/pidl/initshutdown.idl create mode 100644 epan/dissectors/pidl/packet-dcerpc-initshutdown.c create mode 100644 epan/dissectors/pidl/packet-dcerpc-initshutdown.h create mode 100644 epan/dissectors/pidl/packet-dcerpc-winreg.c create mode 100644 epan/dissectors/pidl/packet-dcerpc-winreg.h create mode 100644 epan/dissectors/pidl/winreg.idl (limited to 'epan/dissectors') diff --git a/epan/dissectors/Makefile.common b/epan/dissectors/Makefile.common index e2295b74a1..88ee4b5954 100644 --- a/epan/dissectors/Makefile.common +++ b/epan/dissectors/Makefile.common @@ -45,8 +45,19 @@ GENERATED_C_FILES = \ # All the generated files. GENERATED_FILES = $(GENERATED_HEADER_FILES) $(GENERATED_C_FILES) +# pidl dissectors + +PIDL_DISSECTOR_SRC = \ + pidl/packet-dcerpc-initshutdown.c \ + pidl/packet-dcerpc-winreg.c + +PIDL_DISSECTOR_INCLUDES = \ + pidl/packet-dcerpc-initshutdown.h \ + pidl/packet-dcerpc-winreg.h + # the dissector sources (without any helpers) DISSECTOR_SRC = \ + $(PIDL_DISSECTOR_SRC) \ packet-3com-xns.c \ packet-3g-a11.c \ packet-9p.c \ @@ -168,7 +179,6 @@ DISSECTOR_SRC = \ packet-dcerpc-frsrpc.c \ packet-dcerpc-ftserver.c \ packet-dcerpc-icl_rpc.c \ - packet-dcerpc-initshutdown.c \ packet-dcerpc-krb5rpc.c \ packet-dcerpc-llb.c \ packet-dcerpc-lsa.c \ @@ -180,7 +190,6 @@ DISSECTOR_SRC = \ packet-dcerpc-nspi.c \ packet-dcerpc-pnp.c \ packet-dcerpc-rdaclif.c \ - packet-dcerpc-reg.c \ packet-dcerpc-rep_proc.c \ packet-dcerpc-roverride.c \ packet-dcerpc-rpriv.c \ @@ -627,6 +636,7 @@ DISSECTOR_SRC = \ # corresponding headers DISSECTOR_INCLUDES = \ + $(PIDL_DISSECTOR_INCLUDES) \ packet-acse.h \ packet-actrace.h \ packet-afp.h \ @@ -671,13 +681,11 @@ DISSECTOR_INCLUDES = \ packet-dcerpc-eventlog.h \ packet-dcerpc-frsapi.h \ packet-dcerpc-frsrpc.h \ - packet-dcerpc-initshutdown.h \ packet-dcerpc-lsa.h \ packet-dcerpc-mapi.h \ packet-dcerpc-netlogon.h \ packet-dcerpc-nt.h \ packet-dcerpc-pnp.h \ - packet-dcerpc-reg.h \ packet-dcerpc-rras.h \ packet-dcerpc-samr.h \ packet-dcerpc-spoolss.h \ diff --git a/epan/dissectors/packet-dcerpc-initshutdown.c b/epan/dissectors/packet-dcerpc-initshutdown.c deleted file mode 100644 index 48212fd7ec..0000000000 --- a/epan/dissectors/packet-dcerpc-initshutdown.c +++ /dev/null @@ -1,212 +0,0 @@ -/* packet-dcerpc-initshutdown.c - * Routines for SMB \PIPE\initshutdown packet disassembly - * Based on packet-dcerpc-winreg.c - * Copyright 2001-2003 Tim Potter - * as per a suggestion by Jim McDonough - * - * $Id$ - * - * Ethereal - Network traffic analyzer - * By Gerald Combs - * Copyright 1998 Gerald Combs - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - */ - -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif - -#include -#include -#include "packet-dcerpc.h" -#include "packet-dcerpc-nt.h" -#include "packet-dcerpc-initshutdown.h" -#include "packet-windows-common.h" - -/* Global hf index fields */ - -static int hf_rc = -1; -static int hf_shutdown_message = -1; -static int hf_shutdown_seconds = -1; -static int hf_shutdown_force = -1; -static int hf_shutdown_reboot = -1; -static int hf_shutdown_server = -1; -static int hf_shutdown_reason = -1; - - -/* Reg Shutdown functions */ -static int -dissect_shutdown_server(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - offset = dissect_ndr_uint16( - tvb, offset, pinfo, tree, drep, hf_shutdown_server, NULL); - - return offset; -} - -static int -dissect_shutdown_message(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - offset = dissect_ndr_counted_string( - tvb, offset, pinfo, tree, drep, hf_shutdown_message, 0); - - return offset; -} - -static int -InitshutdownShutdown_q(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - offset = dissect_ndr_pointer( - tvb, offset, pinfo, tree, drep, - dissect_shutdown_server, NDR_POINTER_UNIQUE, - "Server", -1); - - offset = dissect_ndr_pointer( - tvb, offset, pinfo, tree, drep, - dissect_shutdown_message, NDR_POINTER_UNIQUE, - "message", -1); - - offset = dissect_ndr_uint32( - tvb, offset, pinfo, tree, drep, hf_shutdown_seconds, NULL); - - offset = dissect_ndr_uint8( - tvb, offset, pinfo, tree, drep, hf_shutdown_force, NULL); - offset = dissect_ndr_uint8( - tvb, offset, pinfo, tree, drep, hf_shutdown_reboot, NULL); - - return offset; -} - -static int -InitshutdownShutdown_r(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - offset = dissect_ntstatus( - tvb, offset, pinfo, tree, drep, hf_rc, NULL); - - return offset; -} - -static int -InitshutdownAbortShutdown_q(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - offset = dissect_ndr_pointer( - tvb, offset, pinfo, tree, drep, - dissect_shutdown_server, NDR_POINTER_UNIQUE, - "Server", -1); - - return offset; -} - -static int -InitshutdownShutdownEx_q(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - offset = InitshutdownShutdown_q(tvb, offset, pinfo, tree, drep); - offset = dissect_ndr_uint32( - tvb, offset, pinfo, tree, drep, hf_shutdown_reason, NULL); - - return offset; -} - -static int proto_dcerpc_initshutdown = -1; -static int hf_initshutdown_opnum = -1; -static gint ett_dcerpc_initshutdown = -1; - -static e_uuid_t uuid_dcerpc_initshutdown = { - 0x894de0c0, 0x0d55, 0x11d3, - { 0xa3, 0x22, 0x00, 0xc0, 0x4f, 0xa3, 0x21, 0xa1 } -}; - -static guint16 ver_dcerpc_initshutdown = 1; - -static dcerpc_sub_dissector dcerpc_initshutdown_dissectors[] = { - { INITSHUTDOWN_INITIATE_SYSTEM_SHUTDOWN, "InitiateSystemShutdown", - InitshutdownShutdown_q, InitshutdownShutdown_r }, - { INITSHUTDOWN_ABORT_SYSTEM_SHUTDOWN, "AbortSystemShutdown", - InitshutdownAbortShutdown_q, InitshutdownShutdown_r }, - { INITSHUTDOWN_INITIATE_SYSTEM_SHUTDOWN_EX, "InitiateSystemShutdownEx", - InitshutdownShutdownEx_q, InitshutdownShutdown_r }, - { 0, NULL, NULL, NULL } -}; - -void -proto_register_dcerpc_initshutdown(void) -{ - static hf_register_info hf[] = { - - /* Global indexes */ - - { &hf_rc, - { "Return code", "initshutdown.rc", FT_UINT32, BASE_HEX, - VALS(NT_errors), 0x0, "Initshutdown return code", HFILL }}, - - { &hf_initshutdown_opnum, - { "Operation", "initshutdown.opnum", FT_UINT16, BASE_DEC, - NULL, 0x0, "Operation", HFILL }}, - - { &hf_shutdown_message, - { "Message", "initshutdown.message", FT_STRING, BASE_NONE, - NULL, 0x0, "Message", HFILL }}, - - { &hf_shutdown_seconds, - { "Seconds", "initshutdown.seconds", FT_UINT32, BASE_DEC, - NULL, 0x00, "Seconds", HFILL }}, - - { &hf_shutdown_force, - { "Force applications shut", "initshutdown.force", FT_UINT8, - BASE_DEC, NULL, 0x00, "Force applications shut", HFILL }}, - - { &hf_shutdown_reboot, - { "Reboot", "initshutdown.reboot", FT_UINT8, BASE_DEC, - NULL, 0x00, "Reboot", HFILL }}, - - { &hf_shutdown_server, - { "Server", "initshutdown.server", FT_UINT16, BASE_HEX, - NULL, 0x00, "Server", HFILL }}, - - { &hf_shutdown_reason, - { "Reason", "initshutdown.reason", FT_UINT32, BASE_HEX, - NULL, 0x00, "Reason", HFILL }} - - }; - - static gint *ett[] = { - &ett_dcerpc_initshutdown - }; - - proto_dcerpc_initshutdown = proto_register_protocol( - "Remote Shutdown", "INITSHUTDOWN", "initshutdown"); - - proto_register_field_array(proto_dcerpc_initshutdown, hf, - array_length(hf)); - - proto_register_subtree_array(ett, array_length(ett)); -} - -void -proto_reg_handoff_dcerpc_initshutdown(void) -{ - /* Register protocol as dcerpc */ - - dcerpc_init_uuid(proto_dcerpc_initshutdown, ett_dcerpc_initshutdown, - &uuid_dcerpc_initshutdown, ver_dcerpc_initshutdown, - dcerpc_initshutdown_dissectors, hf_initshutdown_opnum); -} diff --git a/epan/dissectors/packet-dcerpc-initshutdown.h b/epan/dissectors/packet-dcerpc-initshutdown.h deleted file mode 100644 index 4ff8b36eaf..0000000000 --- a/epan/dissectors/packet-dcerpc-initshutdown.h +++ /dev/null @@ -1,37 +0,0 @@ -/* packet-dcerpc-initshutdown.h - * Routines for SMB \PIPE\initshutdown packet disassembly - * Based on packet-dcerpc-winreg.h - * Copyright 2001-2003 Tim Potter - * as per a suggestion by Jim McDonough - * - * $Id$ - * - * Ethereal - Network traffic analyzer - * By Gerald Combs - * Copyright 1998 Gerald Combs - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - */ - -#ifndef __PACKET_DCERPC_INITSHUTDOWN_H -#define __PACKET_DCERPC_INITSHUTDOWN_H - -/* Functions available on the INITSHUTDOWN pipe. */ - -#define INITSHUTDOWN_INITIATE_SYSTEM_SHUTDOWN 0x00 -#define INITSHUTDOWN_ABORT_SYSTEM_SHUTDOWN 0x01 -#define INITSHUTDOWN_INITIATE_SYSTEM_SHUTDOWN_EX 0x02 - -#endif /* packet-dcerpc-initshutdown.h */ diff --git a/epan/dissectors/packet-dcerpc-reg.c b/epan/dissectors/packet-dcerpc-reg.c deleted file mode 100644 index 12af39c6fc..0000000000 --- a/epan/dissectors/packet-dcerpc-reg.c +++ /dev/null @@ -1,926 +0,0 @@ -/* packet-dcerpc-reg.c - * Routines for SMB \PIPE\winreg packet disassembly - * Copyright 2001-2003 Tim Potter - * - * $Id$ - * - * Ethereal - Network traffic analyzer - * By Gerald Combs - * Copyright 1998 Gerald Combs - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - */ - -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif - -#include -#include -#include "packet-dcerpc.h" -#include "packet-dcerpc-nt.h" -#include "packet-dcerpc-reg.h" -#include "packet-windows-common.h" - -/* Global hf index fields */ - -static int hf_rc = -1; -static int hf_hnd = -1; -static int hf_access_mask = -1; -static int hf_keytype = -1; -static int hf_keydata = -1; -static int hf_offered = -1; -static int hf_returned = -1; -static int hf_reserved = -1; -static int hf_unknown = -1; - -/* OpenHKLM */ - -static int hf_openhklm_unknown1 = -1; -static int hf_openhklm_unknown2 = -1; - -/* QueryInfoKey */ - -static int hf_querykey_class = -1; -static int hf_querykey_num_subkeys = -1; -static int hf_querykey_max_subkey_len = -1; -static int hf_querykey_reserved = -1; -static int hf_querykey_num_values = -1; -static int hf_querykey_max_valname_len = -1; -static int hf_querykey_max_valbuf_size = -1; -static int hf_querykey_secdesc = -1; -static int hf_querykey_modtime = -1; - -/* OpenKey */ - -static int hf_keyname = -1; -static int hf_openkey_unknown1 = -1; - -/* GetVersion */ - -static int hf_getversion_version = -1; - -/* Shutdown */ -static int hf_shutdown_message = -1; -static int hf_shutdown_seconds = -1; -static int hf_shutdown_force = -1; -static int hf_shutdown_reboot = -1; -static int hf_shutdown_server = -1; -static int hf_shutdown_reason = -1; - -/* Data that is passed to a open call */ - -static int -dissect_open_data(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - offset = dissect_ndr_uint16( - tvb, offset, pinfo, tree, drep, - hf_openhklm_unknown1, NULL); - - offset = dissect_ndr_uint16( - tvb, offset, pinfo, tree, drep, - hf_openhklm_unknown1, NULL); - - offset = dissect_ndr_uint32( - tvb, offset, pinfo, tree, drep, - hf_access_mask, NULL); - - return offset; -} - -/* - * OpenHKLM - */ - -static int -RegOpenHKLM_q(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - /* Parse packet */ - - offset = dissect_ndr_pointer( - tvb, offset, pinfo, tree, drep, - dissect_open_data, - NDR_POINTER_UNIQUE, "Unknown", -1); - - return offset; -} - -static int -RegOpenHKLM_r(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - e_ctx_hnd policy_hnd; - proto_item *hnd_item; - guint32 status; - - /* Parse packet */ - - offset = dissect_nt_policy_hnd( - tvb, offset, pinfo, tree, drep, - hf_hnd, &policy_hnd, &hnd_item, TRUE, FALSE); - - offset = dissect_ntstatus(tvb, offset, pinfo, tree, drep, - hf_rc, &status); - - if (status == 0) { - dcerpc_smb_store_pol_name(&policy_hnd, pinfo, "HKLM handle"); - if (hnd_item != NULL) - proto_item_append_text(hnd_item, ": HKLM handle"); - } - - return offset; -} - -/* - * OpenHKU - */ - -static int -RegOpenHKU_q(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - /* Parse packet */ - - offset = dissect_ndr_pointer( - tvb, offset, pinfo, tree, drep, - dissect_open_data, - NDR_POINTER_UNIQUE, "Unknown", -1); - - return offset; -} - -static int -RegOpenHKU_r(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - e_ctx_hnd policy_hnd; - proto_item *hnd_item; - guint32 status; - - /* Parse packet */ - - offset = dissect_nt_policy_hnd( - tvb, offset, pinfo, tree, drep, - hf_hnd, &policy_hnd, &hnd_item, TRUE, FALSE); - - offset = dissect_ntstatus( - tvb, offset, pinfo, tree, drep, hf_rc, &status); - - if (status == 0) { - dcerpc_smb_store_pol_name(&policy_hnd, pinfo, "HKU handle"); - if (hnd_item != NULL) - proto_item_append_text(hnd_item, ": HKU handle"); - } - - return offset; -} - -/* - * OpenHKCR - */ - -static int -RegOpenHKCR_q(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - /* Parse packet */ - - offset = dissect_ndr_pointer( - tvb, offset, pinfo, tree, drep, - dissect_open_data, - NDR_POINTER_UNIQUE, "Unknown", -1); - - return offset; -} - -static int -RegOpenHKCR_r(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - e_ctx_hnd policy_hnd; - proto_item *hnd_item; - guint32 status; - - /* Parse packet */ - - offset = dissect_nt_policy_hnd( - tvb, offset, pinfo, tree, drep, - hf_hnd, &policy_hnd, &hnd_item, TRUE, FALSE); - - offset = dissect_ntstatus( - tvb, offset, pinfo, tree, drep, hf_rc, &status); - - if (status == 0) { - dcerpc_smb_store_pol_name(&policy_hnd, pinfo, "HKCR handle"); - if (hnd_item != NULL) - proto_item_append_text(hnd_item, ": HKCR handle"); - } - - return offset; -} - -/* - * CloseKey - */ - -static int -RegCloseKey_q(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - /* Parse packet */ - - offset = dissect_nt_policy_hnd( - tvb, offset, pinfo, tree, drep, - hf_hnd, NULL, NULL, FALSE, TRUE); - - return offset; -} - -static int -RegCloseKey_r(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - /* Parse packet */ - - offset = dissect_nt_policy_hnd( - tvb, offset, pinfo, tree, drep, - hf_hnd, NULL, NULL, FALSE, FALSE); - - offset = dissect_ntstatus( - tvb, offset, pinfo, tree, drep, hf_rc, NULL); - - return offset; -} - -/* - * QueryInfoKey - */ - -static int -RegQueryInfoKey_q(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - /* Parse packet */ - - offset = dissect_nt_policy_hnd( - tvb, offset, pinfo, tree, drep, - hf_hnd, NULL, NULL, FALSE, FALSE); - - offset = dissect_ndr_counted_string( - tvb, offset, pinfo, tree, drep, hf_querykey_class, 0); - - return offset; -} - -static int -RegQueryInfoKey_r(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - /* Parse packet */ - - offset = dissect_ndr_counted_string( - tvb, offset, pinfo, tree, drep, hf_querykey_class, 0); - - offset = dissect_ndr_uint32( - tvb, offset, pinfo, tree, drep, - hf_querykey_num_subkeys, NULL); - - offset = dissect_ndr_uint32( - tvb, offset, pinfo, tree, drep, - hf_querykey_max_subkey_len, NULL); - - offset = dissect_ndr_uint32( - tvb, offset, pinfo, tree, drep, - hf_querykey_reserved, NULL); - - offset = dissect_ndr_uint32( - tvb, offset, pinfo, tree, drep, - hf_querykey_num_values, NULL); - - offset = dissect_ndr_uint32( - tvb, offset, pinfo, tree, drep, - hf_querykey_max_valname_len, NULL); - - offset = dissect_ndr_uint32( - tvb, offset, pinfo, tree, drep, - hf_querykey_max_valbuf_size, NULL); - - offset = dissect_ndr_uint32( - tvb, offset, pinfo, tree, drep, - hf_querykey_secdesc, NULL); - - offset = dissect_ndr_nt_NTTIME( - tvb, offset, pinfo, tree, drep, hf_querykey_modtime); - - offset = dissect_ntstatus( - tvb, offset, pinfo, tree, drep, hf_rc, NULL); - - return offset; -} - -/* - * OpenKey - */ - -static int -RegOpenKey_q(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - /* Parse packet */ - - offset = dissect_nt_policy_hnd( - tvb, offset, pinfo, tree, drep, - hf_hnd, NULL, NULL, FALSE, FALSE); - - offset = dissect_ndr_counted_string( - tvb, offset, pinfo, tree, drep, hf_querykey_class, 0); - - offset = dissect_ndr_uint32( - tvb, offset, pinfo, tree, drep, - hf_openkey_unknown1, NULL); - - offset = dissect_ndr_uint32( - tvb, offset, pinfo, tree, drep, - hf_access_mask, NULL); - - return offset; -} - -static int -RegOpenKey_r(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - e_ctx_hnd policy_hnd; - proto_item *hnd_item; - guint32 status; - - /* Parse packet */ - - offset = dissect_nt_policy_hnd( - tvb, offset, pinfo, tree, drep, - hf_hnd, &policy_hnd, &hnd_item, TRUE, FALSE); - - offset = dissect_ntstatus( - tvb, offset, pinfo, tree, drep, hf_rc, &status); - - if (status == 0) { - dcerpc_smb_store_pol_name(&policy_hnd, pinfo, - "OpenKey handle"); - if (hnd_item != NULL) - proto_item_append_text(hnd_item, ": OpenKey handle"); - } - - return offset; -} - -/* - * GetVersion - */ - -static int -RegGetVersion_q(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - /* Parse packet */ - - offset = dissect_nt_policy_hnd( - tvb, offset, pinfo, tree, drep, - hf_hnd, NULL, NULL, FALSE, FALSE); - - return offset; -} - -static int -RegGetVersion_r(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - /* Parse packet */ - - offset = dissect_ndr_uint32( - tvb, offset, pinfo, tree, drep, - hf_getversion_version, NULL); - - offset = dissect_ntstatus( - tvb, offset, pinfo, tree, drep, hf_rc, NULL); - - return offset; -} - -/* - * EnumKey - */ - -static int -RegEnumKey_q(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - /* Parse packet */ - - offset = dissect_nt_policy_hnd( - tvb, offset, pinfo, tree, drep, - hf_hnd, NULL, NULL, FALSE, FALSE); - - return offset; -} - -static int -RegEnumKey_r(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - /* Parse packet */ - - offset = dissect_ntstatus( - tvb, offset, pinfo, tree, drep, hf_rc, NULL); - - return offset; -} - -/* - * RegQueryValue - */ - -static int -dissect_reserved(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - offset = dissect_ndr_uint32( - tvb, offset, pinfo, tree, drep, hf_reserved, NULL); - - return offset; -} - -static int -dissect_offered(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - offset = dissect_ndr_uint32( - tvb, offset, pinfo, tree, drep, hf_offered, NULL); - - return offset; -} - -static int -dissect_returned(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - offset = dissect_ndr_uint32( - tvb, offset, pinfo, tree, drep, hf_returned, NULL); - - return offset; -} - -static int -dissect_unknown(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - offset = dissect_ndr_uint32( - tvb, offset, pinfo, tree, drep, hf_unknown, NULL); - - return offset; -} - -static int -RegQueryValue_q(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - /* Parse packet */ - - offset = dissect_nt_policy_hnd( - tvb, offset, pinfo, tree, drep, - hf_hnd, NULL, NULL, FALSE, FALSE); - - offset = dissect_ndr_counted_string( - tvb, offset, pinfo, tree, drep, hf_querykey_class, 0); - - offset = dissect_ndr_pointer( - tvb, offset, pinfo, tree, drep, - dissect_reserved, NDR_POINTER_UNIQUE, - "Reserved", -1); - - offset = dissect_ndr_pointer( - tvb, offset, pinfo, tree, drep, - dissect_offered, NDR_POINTER_UNIQUE, - "Offered", -1); - - offset = dissect_ndr_pointer( - tvb, offset, pinfo, tree, drep, - dissect_unknown, NDR_POINTER_UNIQUE, - "Unknown", -1); - - offset = dissect_ndr_pointer( - tvb, offset, pinfo, tree, drep, - dissect_unknown, NDR_POINTER_UNIQUE, - "Unknown", -1); - - offset = dissect_ndr_pointer( - tvb, offset, pinfo, tree, drep, - dissect_offered, NDR_POINTER_UNIQUE, - "Offered", -1); - - offset = dissect_ndr_pointer( - tvb, offset, pinfo, tree, drep, - dissect_returned, NDR_POINTER_UNIQUE, - "Returned", -1); - - return offset; -} - -static int -dissect_key_type(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - offset = dissect_ndr_uint32( - tvb, offset, pinfo, tree, drep, hf_keytype, NULL); - - return offset; -} - -static int -RegQueryValue_r(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - /* Parse packet */ - - offset = dissect_ndr_pointer( - tvb, offset, pinfo, tree, drep, - dissect_key_type, NDR_POINTER_UNIQUE, - "Key Type", -1); - - offset = dissect_ndr_pointer( - tvb, offset, pinfo, tree, drep, - dissect_ndr_byte_array, NDR_POINTER_UNIQUE, - "Key Data", -1); - - offset = dissect_ndr_pointer( - tvb, offset, pinfo, tree, drep, - dissect_offered, NDR_POINTER_UNIQUE, - "Offered", -1); - - offset = dissect_ndr_pointer( - tvb, offset, pinfo, tree, drep, - dissect_returned, NDR_POINTER_UNIQUE, - "Returned", -1); - - offset = dissect_ntstatus( - tvb, offset, pinfo, tree, drep, hf_rc, NULL); - - return offset; -} - -/* Reg Shutdown functions */ -static int -dissect_shutdown_server(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - offset = dissect_ndr_uint16( - tvb, offset, pinfo, tree, drep, hf_shutdown_server, NULL); - - return offset; -} - -static int -dissect_shutdown_message(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - offset = dissect_ndr_counted_string( - tvb, offset, pinfo, tree, drep, hf_shutdown_message, 0); - - return offset; -} - -static int -RegShutdown_q(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - offset = dissect_ndr_pointer( - tvb, offset, pinfo, tree, drep, - dissect_shutdown_server, NDR_POINTER_UNIQUE, - "Server", -1); - - offset = dissect_ndr_pointer( - tvb, offset, pinfo, tree, drep, - dissect_shutdown_message, NDR_POINTER_UNIQUE, - "message", -1); - - offset = dissect_ndr_uint32( - tvb, offset, pinfo, tree, drep, hf_shutdown_seconds, NULL); - - offset = dissect_ndr_uint8( - tvb, offset, pinfo, tree, drep, hf_shutdown_force, NULL); - offset = dissect_ndr_uint8( - tvb, offset, pinfo, tree, drep, hf_shutdown_reboot, NULL); - - return offset; -} - -static int -RegShutdown_r(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - offset = dissect_ntstatus( - tvb, offset, pinfo, tree, drep, hf_rc, NULL); - - return offset; -} - -static int -RegAbortShutdown_q(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - offset = dissect_ndr_pointer( - tvb, offset, pinfo, tree, drep, - dissect_shutdown_server, NDR_POINTER_UNIQUE, - "Server", -1); - - return offset; -} - -static int -RegShutdownEx_q(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - offset = RegShutdown_q(tvb, offset, pinfo, tree, drep); - offset = dissect_ndr_uint32( - tvb, offset, pinfo, tree, drep, hf_shutdown_reason, NULL); - - return offset; -} - -#if 0 - -/* Templates for new subdissectors */ - -/* - * FOO - */ - -static int -RegFoo_q(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - dcerpc_info *di = (dcerpc_info *)pinfo->private_data; - - /* Parse packet */ - - return offset; -} - -static int -RegFoo_r(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *tree, guint8 *drep) -{ - dcerpc_info *di = (dcerpc_info *)pinfo->private_data; - - /* Parse packet */ - - offset = dissect_ntstatus( - tvb, offset, pinfo, tree, drep, hf_rc, NULL); - - return offset; -} - -#endif - -/* Registry data types */ - -const value_string reg_datatypes[] = { - { DCERPC_REG_NONE, "REG_NONE" }, - { DCERPC_REG_SZ, "REG_SZ" }, - { DCERPC_REG_EXPAND_SZ, "REG_EXPAND_SZ" }, - { DCERPC_REG_BINARY, "REG_BINARY" }, - { DCERPC_REG_DWORD, "REG_DWORD" }, - { DCERPC_REG_DWORD_LE, "REG_DWORD_LE" }, - { DCERPC_REG_DWORD_BE, "REG_DWORD_BE" }, - { DCERPC_REG_LINK, "REG_LINK" }, - { DCERPC_REG_MULTI_SZ, "REG_MULTI_SZ" }, - { DCERPC_REG_RESOURCE_LIST, "REG_RESOURCE_LIST" }, - { DCERPC_REG_FULL_RESOURCE_DESCRIPTOR, "REG_FULL_RESOURCE_DESCRIPTOR" }, - { DCERPC_REG_RESOURCE_REQUIREMENTS_LIST, "REG_RESOURCE_REQUIREMENTS_LIST" }, - {0, NULL } -}; - -static int proto_dcerpc_reg = -1; -static int hf_reg_opnum = -1; -static gint ett_dcerpc_reg = -1; - -static e_uuid_t uuid_dcerpc_reg = { - 0x338cd001, 0x2244, 0x31f1, - { 0xaa, 0xaa, 0x90, 0x00, 0x38, 0x00, 0x10, 0x03 } -}; - -static guint16 ver_dcerpc_reg = 1; - -static dcerpc_sub_dissector dcerpc_reg_dissectors[] = { - { REG_OPEN_HKCR, "OpenHKCR", RegOpenHKCR_q, RegOpenHKCR_r }, - { REG_OPEN_HKCU, "OpenHKCU", NULL, NULL }, - { REG_OPEN_HKLM, "OpenHKLM", RegOpenHKLM_q, RegOpenHKLM_r }, - { REG_OPEN_HKPD, "OpenHKPD", NULL, NULL }, - { REG_OPEN_HKU, "OpenHKU", RegOpenHKU_q, RegOpenHKU_r }, - { REG_CLOSE_KEY, "CloseKey", RegCloseKey_q, RegCloseKey_r }, - { REG_CREATE_KEY, "CreateKey", NULL, NULL }, - { REG_DELETE_KEY, "DeleteKey", NULL, NULL }, - { REG_DELETE_VALUE, "DeleteValue", NULL, NULL }, - { REG_ENUM_KEY, "EnumKey", RegEnumKey_q, RegEnumKey_r }, - { REG_ENUM_VALUE, "EnumValue", NULL, NULL }, - { REG_FLUSH_KEY, "FlushKey", NULL, NULL }, - { REG_GET_KEY_SEC, "GetKeySecurity", NULL, NULL }, - { REG_LOAD_KEY, "LoadKey", NULL, NULL }, - { REG_NOTIFY_CHANGE_KEY_VALUE, "NotifyChangeKeyValue", NULL, NULL }, - { REG_OPEN_KEY, "OpenKey", RegOpenKey_q, RegOpenKey_r }, - { REG_QUERY_INFO_KEY, "QueryInfoKey", RegQueryInfoKey_q, RegQueryInfoKey_r }, - { REG_QUERY_VALUE, "QueryValue", RegQueryValue_q, RegQueryValue_r }, - { REG_REPLACE_KEY, "ReplaceKey", NULL, NULL }, - { REG_RESTORE_KEY, "RestoreKey", NULL, NULL }, - { REG_SAVE_KEY, "SaveKey", NULL, NULL }, - { REG_SET_KEY_SEC, "SetKeySecurity", NULL, NULL }, - { REG_SET_VALUE, "SetValue", NULL, NULL }, - { REG_UNLOAD_KEY, "UnLoadKey", NULL, NULL }, - { REG_INITIATE_SYSTEM_SHUTDOWN, "InitiateSystemShutdown", - RegShutdown_q, RegShutdown_r }, - { REG_ABORT_SYSTEM_SHUTDOWN, "AbortSystemShutdown", - RegAbortShutdown_q, RegShutdown_r }, - { REG_GET_VERSION, "GetVersion", RegGetVersion_q, RegGetVersion_r }, - { REG_OPEN_HKCC, "OpenHKCC", NULL, NULL }, - { REG_OPEN_HKDD, "OpenHKDD", NULL, NULL }, - { REG_QUERY_MULTIPLE_VALUES, "QueryMultipleValues", NULL, NULL }, - { REG_INITIATE_SYSTEM_SHUTDOWN_EX, "InitiateSystemShutdownEx", - RegShutdownEx_q, RegShutdown_r }, - { REG_SAVE_KEY_EX, "SaveKeyEx", NULL, NULL }, - { REG_OPEN_HKPT, "OpenHKPT", NULL, NULL }, - { REG_OPEN_HKPN, "OpenHKPN", NULL, NULL }, - { REG_QUERY_MULTIPLE_VALUES_2, "QueryMultipleValues2", NULL, NULL }, - { 0, NULL, NULL, NULL } -}; - -void -proto_register_dcerpc_reg(void) -{ - static hf_register_info hf[] = { - - /* Global indexes */ - - { &hf_hnd, - { "Context handle", "reg.hnd", FT_BYTES, BASE_NONE, - NULL, 0x0, "REG policy handle", HFILL }}, - - { &hf_rc, - { "Return code", "reg.rc", FT_UINT32, BASE_HEX, - VALS(NT_errors), 0x0, "REG return code", HFILL }}, - - { &hf_reg_opnum, - { "Operation", "reg.opnum", FT_UINT16, BASE_DEC, - NULL, 0x0, "Operation", HFILL }}, - - { &hf_access_mask, - { "Access mask", "reg.access_mask", FT_UINT32, BASE_HEX, - NULL, 0x0, "Access mask", HFILL }}, - - { &hf_keytype, - { "Key type", "reg.type", FT_UINT32, BASE_DEC, - VALS(reg_datatypes), 0x0, "Key type", HFILL }}, - - { &hf_keydata, - { "Key data", "reg.data", FT_BYTES, BASE_HEX, - NULL, 0x0, "Key data", HFILL }}, - - { &hf_offered, - { "Offered", "reg.offered", FT_UINT32, BASE_DEC, - NULL, 0x0, "Offered", HFILL }}, - - { &hf_returned, - { "Returned", "reg.returned", FT_UINT32, BASE_DEC, - NULL, 0x0, "Returned", HFILL }}, - - { &hf_reserved, - { "Reserved", "reg.reserved", FT_UINT32, BASE_HEX, - NULL, 0x0, "Reserved", HFILL }}, - - { &hf_unknown, - { "Unknown", "reg.unknown", FT_UINT32, BASE_HEX, - NULL, 0x0, "Unknown", HFILL }}, - - /* OpenHKLM */ - - { &hf_openhklm_unknown1, - { "Unknown 1", "reg.openhklm.unknown1", FT_UINT16, BASE_HEX, - NULL, 0x0, "Unknown 1", HFILL }}, - - { &hf_openhklm_unknown2, - { "Unknown 2", "reg.openhklm.unknown2", FT_UINT16, BASE_HEX, - NULL, 0x0, "Unknown 2", HFILL }}, - - /* QueryClass */ - - { &hf_querykey_class, - { "Class", "reg.querykey.class", FT_STRING, BASE_NONE, - NULL, 0, "Class", HFILL }}, - - { &hf_querykey_num_subkeys, - { "Num subkeys", "reg.querykey.num_subkeys", FT_UINT32, BASE_DEC, - NULL, 0x0, "Num subkeys", HFILL }}, - - { &hf_querykey_max_subkey_len, - { "Max subkey len", "reg.querykey.max_subkey_len", FT_UINT32, BASE_DEC, - NULL, 0x0, "Max subkey len", HFILL }}, - - { &hf_querykey_reserved, - { "Reserved", "reg.querykey.reserved", FT_UINT32, BASE_DEC, - NULL, 0x0, "Reserved", HFILL }}, - - { &hf_querykey_num_values, - { "Num values", "reg.querykey.num_values", FT_UINT32, BASE_DEC, - NULL, 0x0, "Num values", HFILL }}, - - { &hf_querykey_max_valname_len, - { "Max valnum len", "reg.querykey.max_valname_len", FT_UINT32, BASE_DEC, - NULL, 0x0, "Max valname len", HFILL }}, - - { &hf_querykey_max_valbuf_size, - { "Max valbuf size", "reg.querykey.max_valbuf_size", FT_UINT32, BASE_DEC, - NULL, 0x0, "Max valbuf size", HFILL }}, - - { &hf_querykey_secdesc, - { "Secdesc", "reg.querykey.secdesc", FT_UINT32, BASE_DEC, - NULL, 0x0, "Secdesc", HFILL }}, - - { &hf_querykey_modtime, - { "Mod time", "reg.querykey.modtime", FT_ABSOLUTE_TIME, BASE_NONE, - NULL, 0x0, "Secdesc", HFILL }}, - - /* OpenKey */ - - { &hf_keyname, - { "Key name", "reg.keyname", FT_STRING, BASE_NONE, - NULL, 0x0, "Keyname", HFILL }}, - - { &hf_openkey_unknown1, - { "Unknown 1", "reg.openkey.unknown1", FT_UINT32, BASE_HEX, - NULL, 0x0, "Unknown 1", HFILL }}, - - /* GetVersion */ - - { &hf_getversion_version, - { "Version", "reg.getversion.version", FT_UINT32, BASE_HEX, - NULL, 0x0, "Version", HFILL }}, - - /* Shutdown */ - { &hf_shutdown_message, - { "Message", "reg.shutdown.message", FT_STRING, BASE_NONE, - NULL, 0x0, "Message", HFILL }}, - - { &hf_shutdown_seconds, - { "Seconds", "reg.shutdown.seconds", FT_UINT32, BASE_DEC, - NULL, 0x00, "Seconds", HFILL }}, - - { &hf_shutdown_force, - { "Force applications shut", "reg.shutdown.force", FT_UINT8, - BASE_DEC, NULL, 0x00, "Force applications shut", HFILL }}, - - { &hf_shutdown_reboot, - { "Reboot", "reg.shutdown.reboot", FT_UINT8, BASE_DEC, - NULL, 0x00, "Reboot", HFILL }}, - - { &hf_shutdown_server, - { "Server", "reg.shutdown.server", FT_UINT16, BASE_HEX, - NULL, 0x00, "Server", HFILL }}, - - { &hf_shutdown_reason, - { "Reason", "reg.shutdown.reason", FT_UINT32, BASE_HEX, - NULL, 0x00, "Reason", HFILL }} - - }; - - static gint *ett[] = { - &ett_dcerpc_reg - }; - - proto_dcerpc_reg = proto_register_protocol( - "Microsoft Registry", "WINREG", "winreg"); - - proto_register_field_array(proto_dcerpc_reg, hf, array_length(hf)); - - proto_register_subtree_array(ett, array_length(ett)); -} - -void -proto_reg_handoff_dcerpc_reg(void) -{ - /* Register protocol as dcerpc */ - - dcerpc_init_uuid(proto_dcerpc_reg, ett_dcerpc_reg, &uuid_dcerpc_reg, - ver_dcerpc_reg, dcerpc_reg_dissectors, hf_reg_opnum); -} diff --git a/epan/dissectors/packet-dcerpc-reg.h b/epan/dissectors/packet-dcerpc-reg.h deleted file mode 100644 index 6c7805aefb..0000000000 --- a/epan/dissectors/packet-dcerpc-reg.h +++ /dev/null @@ -1,84 +0,0 @@ -/* packet-dcerpc-reg.h - * Routines for SMB \PIPE\winreg packet disassembly - * Copyright 2001, Tim Potter - * - * $Id$ - * - * Ethereal - Network traffic analyzer - * By Gerald Combs - * Copyright 1998 Gerald Combs - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - */ - -#ifndef __PACKET_DCERPC_REG_H -#define __PACKET_DCERPC_REG_H - -/* Functions available on the WINREG pipe. From Samba, include/rpc_reg.h */ - -#define REG_OPEN_HKCR 0x00 -#define REG_OPEN_HKCU 0x01 -#define REG_OPEN_HKLM 0x02 -#define REG_OPEN_HKPD 0x03 -#define REG_OPEN_HKU 0x04 -#define REG_CLOSE_KEY 0x05 -#define REG_CREATE_KEY 0x06 -#define REG_DELETE_KEY 0x07 -#define REG_DELETE_VALUE 0x08 -#define REG_ENUM_KEY 0x09 -#define REG_ENUM_VALUE 0x0a -#define REG_FLUSH_KEY 0x0b -#define REG_GET_KEY_SEC 0x0c -#define REG_LOAD_KEY 0x0d -#define REG_NOTIFY_CHANGE_KEY_VALUE 0x0e -#define REG_OPEN_KEY 0x0f -#define REG_QUERY_INFO_KEY 0x10 -#define REG_QUERY_VALUE 0x11 -#define REG_REPLACE_KEY 0x12 -#define REG_RESTORE_KEY 0x13 -#define REG_SAVE_KEY 0x14 -#define REG_SET_KEY_SEC 0x15 -#define REG_SET_VALUE 0x16 -#define REG_UNLOAD_KEY 0x17 -#define REG_INITIATE_SYSTEM_SHUTDOWN 0x18 -#define REG_ABORT_SYSTEM_SHUTDOWN 0x19 -#define REG_GET_VERSION 0x1a -#define REG_OPEN_HKCC 0x1b -#define REG_OPEN_HKDD 0x1c -#define REG_QUERY_MULTIPLE_VALUES 0x1d -#define REG_INITIATE_SYSTEM_SHUTDOWN_EX 0x1e -#define REG_SAVE_KEY_EX 0x1f -#define REG_OPEN_HKPT 0x20 -#define REG_OPEN_HKPN 0x21 -#define REG_QUERY_MULTIPLE_VALUES_2 0x22 - -/* Registry data types */ - -#define DCERPC_REG_NONE 0 -#define DCERPC_REG_SZ 1 -#define DCERPC_REG_EXPAND_SZ 2 -#define DCERPC_REG_BINARY 3 -#define DCERPC_REG_DWORD 4 -#define DCERPC_REG_DWORD_LE 4 /* DWORD, little endian */ -#define DCERPC_REG_DWORD_BE 5 /* DWORD, big endian */ -#define DCERPC_REG_LINK 6 -#define DCERPC_REG_MULTI_SZ 7 -#define DCERPC_REG_RESOURCE_LIST 8 -#define DCERPC_REG_FULL_RESOURCE_DESCRIPTOR 9 -#define DCERPC_REG_RESOURCE_REQUIREMENTS_LIST 10 - -extern const value_string reg_datatypes[]; - -#endif /* packet-dcerpc-reg.h */ diff --git a/epan/dissectors/packet-dcerpc-spoolss.c b/epan/dissectors/packet-dcerpc-spoolss.c index b63fc2523d..42ce9c0b95 100644 --- a/epan/dissectors/packet-dcerpc-spoolss.c +++ b/epan/dissectors/packet-dcerpc-spoolss.c @@ -40,7 +40,6 @@ #include "packet-dcerpc.h" #include "packet-dcerpc-nt.h" #include "packet-dcerpc-spoolss.h" -#include "packet-dcerpc-reg.h" #include "packet-windows-common.h" /* GetPrinterDriver2 */ @@ -300,6 +299,37 @@ static int hf_rrpcn_unk1 = -1; static int hf_replyopenprinter_unk0 = -1; static int hf_replyopenprinter_unk1 = -1; +/* Registry data types */ + +#define DCERPC_REG_NONE 0 +#define DCERPC_REG_SZ 1 +#define DCERPC_REG_EXPAND_SZ 2 +#define DCERPC_REG_BINARY 3 +#define DCERPC_REG_DWORD 4 +#define DCERPC_REG_DWORD_LE 4 /* DWORD, little endian +*/ +#define DCERPC_REG_DWORD_BE 5 /* DWORD, big endian */ +#define DCERPC_REG_LINK 6 +#define DCERPC_REG_MULTI_SZ 7 +#define DCERPC_REG_RESOURCE_LIST 8 +#define DCERPC_REG_FULL_RESOURCE_DESCRIPTOR 9 +#define DCERPC_REG_RESOURCE_REQUIREMENTS_LIST 10 + +const value_string reg_datatypes[] = { + { DCERPC_REG_NONE, "REG_NONE" }, + { DCERPC_REG_SZ, "REG_SZ" }, + { DCERPC_REG_EXPAND_SZ, "REG_EXPAND_SZ" }, + { DCERPC_REG_BINARY, "REG_BINARY" }, + { DCERPC_REG_DWORD, "REG_DWORD" }, + { DCERPC_REG_DWORD_LE, "REG_DWORD_LE" }, + { DCERPC_REG_DWORD_BE, "REG_DWORD_BE" }, + { DCERPC_REG_LINK, "REG_LINK" }, + { DCERPC_REG_MULTI_SZ, "REG_MULTI_SZ" }, + { DCERPC_REG_RESOURCE_LIST, "REG_RESOURCE_LIST" }, + { DCERPC_REG_FULL_RESOURCE_DESCRIPTOR, "REG_FULL_RESOURCE_DESCRIPTOR" }, { DCERPC_REG_RESOURCE_REQUIREMENTS_LIST, "REG_RESOURCE_REQUIREMENTS_LIST" }, + {0, NULL } +}; + /****************************************************************************/ /* diff --git a/epan/dissectors/pidl/README b/epan/dissectors/pidl/README new file mode 100644 index 0000000000..e69de29bb2 diff --git a/epan/dissectors/pidl/initshutdown.idl b/epan/dissectors/pidl/initshutdown.idl new file mode 100644 index 0000000000..f576061565 --- /dev/null +++ b/epan/dissectors/pidl/initshutdown.idl @@ -0,0 +1,47 @@ +#include "idl_types.h" + +/* + initshutdown interface definition +*/ + +[ + uuid("894de0c0-0d55-11d3-a322-00c04fa321a1"), + version(1.0), + endpoint("ncacn_np:[\\pipe\\InitShutdown]"), + pointer_default(unique), + pointer_default_top(unique), + helpstring("Init shutdown service") +] interface initshutdown +{ + typedef struct { + [value(strlen_m_term(name))] uint32 name_size; + [flag(STR_LEN4|STR_NOTERM)] string name; + } initshutdown_String_sub; + + typedef [public] struct { + [value(strlen_m(r->name->name)*2)] uint16 name_len; + [value(strlen_m_term(r->name->name)*2)] uint16 name_size; + initshutdown_String_sub *name; + } initshutdown_String; + + WERROR initshutdown_Init( + [in] uint16 *hostname, + [in] initshutdown_String *message, + [in] uint32 timeout, + [in] uint8 force_apps, + [in] uint8 reboot + ); + + WERROR initshutdown_Abort( + [in] uint16 *server + ); + + WERROR initshutdown_InitEx( + [in] uint16 *hostname, + [in] initshutdown_String *message, + [in] uint32 timeout, + [in] uint8 force_apps, + [in] uint8 reboot, + [in] uint32 reason + ); +} diff --git a/epan/dissectors/pidl/packet-dcerpc-initshutdown.c b/epan/dissectors/pidl/packet-dcerpc-initshutdown.c new file mode 100644 index 0000000000..102c34cf3e --- /dev/null +++ b/epan/dissectors/pidl/packet-dcerpc-initshutdown.c @@ -0,0 +1,489 @@ +/* DO NOT EDIT + This filter was automatically generated + from librpc/idl/initshutdown.idl and librpc/idl/initshutdown.cnf. + + Pidl is a perl based IDL compiler for DCE/RPC idl files. + It is maintained by the Samba team, not the Ethereal team. + Instructions on how to download and install Pidl can be + found at http://wiki.ethereal.com/Pidl +*/ + + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include +#include +#include + +#include "packet-dcerpc.h" +#include "packet-dcerpc-nt.h" +#include "packet-windows-common.h" +#include "packet-dcerpc-initshutdown.h" + +/* Ett declarations */ +static gint ett_dcerpc_initshutdown = -1; +static gint ett_initshutdown_initshutdown_String_sub = -1; +static gint ett_initshutdown_initshutdown_String = -1; + + +/* Header field declarations */ +static gint hf_initshutdown_initshutdown_String_name_len = -1; +static gint hf_initshutdown_opnum = -1; +static gint hf_initshutdown_initshutdown_Init_hostname = -1; +static gint hf_initshutdown_initshutdown_String_sub_name = -1; +static gint hf_initshutdown_initshutdown_String_sub_name_size = -1; +static gint hf_initshutdown_initshutdown_InitEx_reason = -1; +static gint hf_initshutdown_initshutdown_InitEx_force_apps = -1; +static gint hf_initshutdown_initshutdown_InitEx_timeout = -1; +static gint hf_initshutdown_initshutdown_Init_timeout = -1; +static gint hf_initshutdown_initshutdown_String_name_size = -1; +static gint hf_initshutdown_initshutdown_Init_force_apps = -1; +static gint hf_initshutdown_initshutdown_InitEx_hostname = -1; +static gint hf_initshutdown_initshutdown_Init_reboot = -1; +static gint hf_initshutdown_initshutdown_InitEx_reboot = -1; +static gint hf_initshutdown_initshutdown_Init_message = -1; +static gint hf_initshutdown_werror = -1; +static gint hf_initshutdown_initshutdown_InitEx_message = -1; +static gint hf_initshutdown_initshutdown_Abort_server = -1; +static gint hf_initshutdown_initshutdown_String_name = -1; + +static gint proto_dcerpc_initshutdown = -1; +/* Version information */ + + +static e_uuid_t uuid_dcerpc_initshutdown = { + 0x894de0c0, 0x0d55, 0x11d3, + { 0xa3, 0x22, 0x00, 0xc0, 0x4f, 0xa3, 0x21, 0xa1 } +}; +static guint16 ver_dcerpc_initshutdown = 1; + +static int initshutdown_dissect_element_String_sub_name_size(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int initshutdown_dissect_element_String_sub_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int initshutdown_dissect_element_String_name_len(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int initshutdown_dissect_element_String_name_size(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int initshutdown_dissect_element_String_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int initshutdown_dissect_element_String_name_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int initshutdown_dissect_element_Init_hostname(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int initshutdown_dissect_element_Init_hostname_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int initshutdown_dissect_element_Init_message(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int initshutdown_dissect_element_Init_message_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int initshutdown_dissect_element_Init_timeout(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int initshutdown_dissect_element_Init_force_apps(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int initshutdown_dissect_element_Init_reboot(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int initshutdown_dissect_element_Abort_server(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int initshutdown_dissect_element_Abort_server_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int initshutdown_dissect_element_InitEx_hostname(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int initshutdown_dissect_element_InitEx_hostname_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int initshutdown_dissect_element_InitEx_message(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int initshutdown_dissect_element_InitEx_message_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int initshutdown_dissect_element_InitEx_timeout(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int initshutdown_dissect_element_InitEx_force_apps(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int initshutdown_dissect_element_InitEx_reboot(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int initshutdown_dissect_element_InitEx_reason(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); + +/* IDL: typedef struct { */ +/* IDL: [value(strlen_m_term(name))] uint32 name_size; */ +/* IDL: [flag(LIBNDR_FLAG_STR_LEN4|LIBNDR_FLAG_STR_NOTERM)] string name; */ +/* IDL: } initshutdown_String_sub; */ + +static int +initshutdown_dissect_element_String_sub_name_size(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_initshutdown_initshutdown_String_sub_name_size,NULL); + + return offset; +} + +static int +initshutdown_dissect_element_String_sub_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + + return offset; +} + +int +initshutdown_dissect_struct_String_sub(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_) +{ + proto_item *item = NULL; + proto_tree *tree = NULL; + int old_offset; + + ALIGN_TO_4_BYTES; + + old_offset = offset; + + if(parent_tree){ + item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE); + tree = proto_item_add_subtree(item, ett_initshutdown_initshutdown_String_sub); + } + + offset = initshutdown_dissect_element_String_sub_name_size(tvb, offset, pinfo, tree, drep); + + offset = initshutdown_dissect_element_String_sub_name(tvb, offset, pinfo, tree, drep); + + + proto_item_set_len(item, offset-old_offset); + + return offset; +} + +/* IDL: typedef struct { */ +/* IDL: [value(strlen_m(r->name->name)*2)] uint16 name_len; */ +/* IDL: [value(strlen_m_term(r->name->name)*2)] uint16 name_size; */ +/* IDL: [unique(1)] initshutdown_String_sub *name; */ +/* IDL: } initshutdown_String; */ + +static int +initshutdown_dissect_element_String_name_len(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep, hf_initshutdown_initshutdown_String_name_len,NULL); + + return offset; +} + +static int +initshutdown_dissect_element_String_name_size(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep, hf_initshutdown_initshutdown_String_name_size,NULL); + + return offset; +} + +static int +initshutdown_dissect_element_String_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, drep, initshutdown_dissect_element_String_name_, NDR_POINTER_UNIQUE, "Pointer to Name (initshutdown_String_sub)",hf_initshutdown_initshutdown_String_name); + + return offset; +} + +static int +initshutdown_dissect_element_String_name_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = initshutdown_dissect_struct_String_sub(tvb,offset,pinfo,tree,drep,hf_initshutdown_initshutdown_String_name,0); + + return offset; +} + +int +initshutdown_dissect_struct_String(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_) +{ + proto_item *item = NULL; + proto_tree *tree = NULL; + int old_offset; + + ALIGN_TO_4_BYTES; + + old_offset = offset; + + if(parent_tree){ + item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE); + tree = proto_item_add_subtree(item, ett_initshutdown_initshutdown_String); + } + + offset = initshutdown_dissect_element_String_name_len(tvb, offset, pinfo, tree, drep); + + offset = initshutdown_dissect_element_String_name_size(tvb, offset, pinfo, tree, drep); + + offset = initshutdown_dissect_element_String_name(tvb, offset, pinfo, tree, drep); + + + proto_item_set_len(item, offset-old_offset); + + return offset; +} + +static int +initshutdown_dissect_element_Init_hostname(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, initshutdown_dissect_element_Init_hostname_, NDR_POINTER_UNIQUE, "Pointer to Hostname (uint16)",hf_initshutdown_initshutdown_Init_hostname); + + return offset; +} + +static int +initshutdown_dissect_element_Init_hostname_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep, hf_initshutdown_initshutdown_Init_hostname,NULL); + + return offset; +} + +static int +initshutdown_dissect_element_Init_message(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, initshutdown_dissect_element_Init_message_, NDR_POINTER_UNIQUE, "Pointer to Message (initshutdown_String)",hf_initshutdown_initshutdown_Init_message); + + return offset; +} + +static int +initshutdown_dissect_element_Init_message_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = initshutdown_dissect_struct_String(tvb,offset,pinfo,tree,drep,hf_initshutdown_initshutdown_Init_message,0); + + return offset; +} + +static int +initshutdown_dissect_element_Init_timeout(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_initshutdown_initshutdown_Init_timeout,NULL); + + return offset; +} + +static int +initshutdown_dissect_element_Init_force_apps(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep, hf_initshutdown_initshutdown_Init_force_apps,NULL); + + return offset; +} + +static int +initshutdown_dissect_element_Init_reboot(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep, hf_initshutdown_initshutdown_Init_reboot,NULL); + + return offset; +} + +/* IDL: WERROR initshutdown_Init( */ +/* IDL: [unique(1)] [in] uint16 *hostname, */ +/* IDL: [unique(1)] [in] initshutdown_String *message, */ +/* IDL: [in] uint32 timeout, */ +/* IDL: [in] uint8 force_apps, */ +/* IDL: [in] uint8 reboot */ +/* IDL: ); */ + +static int +initshutdown_dissect_Init_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_initshutdown_werror, NULL); + return offset; +} + +static int +initshutdown_dissect_Init_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = initshutdown_dissect_element_Init_hostname(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = initshutdown_dissect_element_Init_message(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = initshutdown_dissect_element_Init_timeout(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = initshutdown_dissect_element_Init_force_apps(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = initshutdown_dissect_element_Init_reboot(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + return offset; +} + +static int +initshutdown_dissect_element_Abort_server(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, initshutdown_dissect_element_Abort_server_, NDR_POINTER_UNIQUE, "Pointer to Server (uint16)",hf_initshutdown_initshutdown_Abort_server); + + return offset; +} + +static int +initshutdown_dissect_element_Abort_server_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep, hf_initshutdown_initshutdown_Abort_server,NULL); + + return offset; +} + +/* IDL: WERROR initshutdown_Abort( */ +/* IDL: [unique(1)] [in] uint16 *server */ +/* IDL: ); */ + +static int +initshutdown_dissect_Abort_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_initshutdown_werror, NULL); + return offset; +} + +static int +initshutdown_dissect_Abort_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = initshutdown_dissect_element_Abort_server(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + return offset; +} + +static int +initshutdown_dissect_element_InitEx_hostname(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, initshutdown_dissect_element_InitEx_hostname_, NDR_POINTER_UNIQUE, "Pointer to Hostname (uint16)",hf_initshutdown_initshutdown_InitEx_hostname); + + return offset; +} + +static int +initshutdown_dissect_element_InitEx_hostname_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep, hf_initshutdown_initshutdown_InitEx_hostname,NULL); + + return offset; +} + +static int +initshutdown_dissect_element_InitEx_message(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, initshutdown_dissect_element_InitEx_message_, NDR_POINTER_UNIQUE, "Pointer to Message (initshutdown_String)",hf_initshutdown_initshutdown_InitEx_message); + + return offset; +} + +static int +initshutdown_dissect_element_InitEx_message_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = initshutdown_dissect_struct_String(tvb,offset,pinfo,tree,drep,hf_initshutdown_initshutdown_InitEx_message,0); + + return offset; +} + +static int +initshutdown_dissect_element_InitEx_timeout(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_initshutdown_initshutdown_InitEx_timeout,NULL); + + return offset; +} + +static int +initshutdown_dissect_element_InitEx_force_apps(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep, hf_initshutdown_initshutdown_InitEx_force_apps,NULL); + + return offset; +} + +static int +initshutdown_dissect_element_InitEx_reboot(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep, hf_initshutdown_initshutdown_InitEx_reboot,NULL); + + return offset; +} + +static int +initshutdown_dissect_element_InitEx_reason(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_initshutdown_initshutdown_InitEx_reason,NULL); + + return offset; +} + +/* IDL: WERROR initshutdown_InitEx( */ +/* IDL: [unique(1)] [in] uint16 *hostname, */ +/* IDL: [unique(1)] [in] initshutdown_String *message, */ +/* IDL: [in] uint32 timeout, */ +/* IDL: [in] uint8 force_apps, */ +/* IDL: [in] uint8 reboot, */ +/* IDL: [in] uint32 reason */ +/* IDL: ); */ + +static int +initshutdown_dissect_InitEx_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_initshutdown_werror, NULL); + return offset; +} + +static int +initshutdown_dissect_InitEx_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = initshutdown_dissect_element_InitEx_hostname(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = initshutdown_dissect_element_InitEx_message(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = initshutdown_dissect_element_InitEx_timeout(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = initshutdown_dissect_element_InitEx_force_apps(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = initshutdown_dissect_element_InitEx_reboot(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = initshutdown_dissect_element_InitEx_reason(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + return offset; +} + + +static dcerpc_sub_dissector initshutdown_dissectors[] = { + { 0, "Init", + initshutdown_dissect_Init_request, initshutdown_dissect_Init_response}, + { 1, "Abort", + initshutdown_dissect_Abort_request, initshutdown_dissect_Abort_response}, + { 2, "InitEx", + initshutdown_dissect_InitEx_request, initshutdown_dissect_InitEx_response}, + { 0, NULL, NULL, NULL } +}; + +void proto_register_dcerpc_initshutdown(void) +{ + static hf_register_info hf[] = { + { &hf_initshutdown_initshutdown_String_name_len, + { "Name Len", "initshutdown.initshutdown_String.name_len", FT_UINT16, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_initshutdown_opnum, + { "Operation", "initshutdown.opnum", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }}, + { &hf_initshutdown_initshutdown_Init_hostname, + { "Hostname", "initshutdown.initshutdown_Init.hostname", FT_UINT16, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_initshutdown_initshutdown_String_sub_name, + { "Name", "initshutdown.initshutdown_String_sub.name", FT_STRING, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_initshutdown_initshutdown_String_sub_name_size, + { "Name Size", "initshutdown.initshutdown_String_sub.name_size", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_initshutdown_initshutdown_InitEx_reason, + { "Reason", "initshutdown.initshutdown_InitEx.reason", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_initshutdown_initshutdown_InitEx_force_apps, + { "Force Apps", "initshutdown.initshutdown_InitEx.force_apps", FT_UINT8, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_initshutdown_initshutdown_InitEx_timeout, + { "Timeout", "initshutdown.initshutdown_InitEx.timeout", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_initshutdown_initshutdown_Init_timeout, + { "Timeout", "initshutdown.initshutdown_Init.timeout", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_initshutdown_initshutdown_String_name_size, + { "Name Size", "initshutdown.initshutdown_String.name_size", FT_UINT16, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_initshutdown_initshutdown_Init_force_apps, + { "Force Apps", "initshutdown.initshutdown_Init.force_apps", FT_UINT8, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_initshutdown_initshutdown_InitEx_hostname, + { "Hostname", "initshutdown.initshutdown_InitEx.hostname", FT_UINT16, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_initshutdown_initshutdown_Init_reboot, + { "Reboot", "initshutdown.initshutdown_Init.reboot", FT_UINT8, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_initshutdown_initshutdown_InitEx_reboot, + { "Reboot", "initshutdown.initshutdown_InitEx.reboot", FT_UINT8, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_initshutdown_initshutdown_Init_message, + { "Message", "initshutdown.initshutdown_Init.message", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_initshutdown_werror, + { "Windows Error", "initshutdown.werror", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_initshutdown_initshutdown_InitEx_message, + { "Message", "initshutdown.initshutdown_InitEx.message", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_initshutdown_initshutdown_Abort_server, + { "Server", "initshutdown.initshutdown_Abort.server", FT_UINT16, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_initshutdown_initshutdown_String_name, + { "Name", "initshutdown.initshutdown_String.name", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + }; + + + static gint *ett[] = { + &ett_dcerpc_initshutdown, + &ett_initshutdown_initshutdown_String_sub, + &ett_initshutdown_initshutdown_String, + }; + + proto_dcerpc_initshutdown = proto_register_protocol("Init shutdown service", "INITSHUTDOWN", "initshutdown"); + proto_register_field_array(proto_dcerpc_initshutdown, hf, array_length (hf)); + proto_register_subtree_array(ett, array_length(ett)); +} + +void proto_reg_handoff_dcerpc_initshutdown(void) +{ + dcerpc_init_uuid(proto_dcerpc_initshutdown, ett_dcerpc_initshutdown, + &uuid_dcerpc_initshutdown, ver_dcerpc_initshutdown, + initshutdown_dissectors, hf_initshutdown_opnum); +} diff --git a/epan/dissectors/pidl/packet-dcerpc-initshutdown.h b/epan/dissectors/pidl/packet-dcerpc-initshutdown.h new file mode 100644 index 0000000000..5027819d6c --- /dev/null +++ b/epan/dissectors/pidl/packet-dcerpc-initshutdown.h @@ -0,0 +1,19 @@ +/* autogenerated by pidl */ + +/* DO NOT EDIT + This filter was automatically generated + from librpc/idl/initshutdown.idl and librpc/idl/initshutdown.cnf. + + Pidl is a perl based IDL compiler for DCE/RPC idl files. + It is maintained by the Samba team, not the Ethereal team. + Instructions on how to download and install Pidl can be + found at http://wiki.ethereal.com/Pidl +*/ + + +#ifndef __PACKET_DCERPC_INITSHUTDOWN_H +#define __PACKET_DCERPC_INITSHUTDOWN_H + +int initshutdown_dissect_struct_String_sub(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_); +int initshutdown_dissect_struct_String(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_); +#endif /* __PACKET_DCERPC_INITSHUTDOWN_H */ diff --git a/epan/dissectors/pidl/packet-dcerpc-winreg.c b/epan/dissectors/pidl/packet-dcerpc-winreg.c new file mode 100644 index 0000000000..8f5d3022b8 --- /dev/null +++ b/epan/dissectors/pidl/packet-dcerpc-winreg.c @@ -0,0 +1,3588 @@ +/* DO NOT EDIT + This filter was automatically generated + from librpc/idl/winreg.idl and librpc/idl/winreg.cnf. + + Pidl is a perl based IDL compiler for DCE/RPC idl files. + It is maintained by the Samba team, not the Ethereal team. + Instructions on how to download and install Pidl can be + found at http://wiki.ethereal.com/Pidl +*/ + + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include +#include +#include + +#include "packet-dcerpc.h" +#include "packet-dcerpc-nt.h" +#include "packet-windows-common.h" +#include "packet-dcerpc-winreg.h" + +/* Ett declarations */ +static gint ett_dcerpc_winreg = -1; +static gint ett_winreg_winreg_String = -1; +static gint ett_winreg_KeySecurityData = -1; +static gint ett_winreg_winreg_SecBuf = -1; +static gint ett_winreg_winreg_StringBuf = -1; +static gint ett_winreg_QueryMultipleValue = -1; + + +/* Header field declarations */ +static gint hf_winreg_winreg_OpenHKCC_access_required = -1; +static gint hf_winreg_winreg_NotifyChangeKeyValue_string2 = -1; +static gint hf_winreg_winreg_InitiateSystemShutdown_message = -1; +static gint hf_winreg_winreg_String_name = -1; +static gint hf_winreg_winreg_InitiateSystemShutdownEx_message = -1; +static gint hf_winreg_winreg_InitiateSystemShutdown_reboot = -1; +static gint hf_winreg_winreg_OpenHKPN_access_required = -1; +static gint hf_winreg_winreg_EnumValue_enum_index = -1; +static gint hf_winreg_winreg_CreateKey_options = -1; +static gint hf_winreg_winreg_InitiateSystemShutdownEx_timeout = -1; +static gint hf_winreg_winreg_QueryValue_size = -1; +static gint hf_winreg_winreg_QueryInfoKey_max_valnamelen = -1; +static gint hf_winreg_winreg_SecBuf_length = -1; +static gint hf_winreg_winreg_InitiateSystemShutdownEx_reboot = -1; +static gint hf_winreg_winreg_OpenHKCC_handle = -1; +static gint hf_winreg_winreg_QueryMultipleValues_buffer_size = -1; +static gint hf_winreg_winreg_OpenHKCU_handle = -1; +static gint hf_winreg_winreg_CreateKey_new_handle = -1; +static gint hf_winreg_winreg_OpenHKPT_handle = -1; +static gint hf_winreg_winreg_EnumKey_class = -1; +static gint hf_winreg_winreg_GetKeySecurity_handle = -1; +static gint hf_winreg_winreg_OpenHKCR_handle = -1; +static gint hf_winreg_winreg_OpenHKLM_access_required = -1; +static gint hf_winreg_winreg_OpenHKPN_system_name = -1; +static gint hf_winreg_winreg_OpenHKU_access_required = -1; +static gint hf_winreg_QueryMultipleValue_name = -1; +static gint hf_winreg_winreg_GetKeySecurity_sec_info = -1; +static gint hf_winreg_winreg_StringBuf_size = -1; +static gint hf_winreg_winreg_OpenHKCR_access_required = -1; +static gint hf_winreg_winreg_SecBuf_sd = -1; +static gint hf_winreg_winreg_CreateKey_class = -1; +static gint hf_winreg_winreg_QueryInfoKey_secdescsize = -1; +static gint hf_winreg_winreg_SetValue_name = -1; +static gint hf_winreg_winreg_OpenHKPT_system_name = -1; +static gint hf_winreg_winreg_CreateKey_secdesc = -1; +static gint hf_winreg_winreg_InitiateSystemShutdownEx_force_apps = -1; +static gint hf_winreg_winreg_SetValue_type = -1; +static gint hf_winreg_winreg_EnumValue_handle = -1; +static gint hf_winreg_winreg_DeleteValue_handle = -1; +static gint hf_winreg_opnum = -1; +static gint hf_winreg_winreg_EnumValue_name = -1; +static gint hf_winreg_winreg_LoadKey_filename = -1; +static gint hf_winreg_winreg_DeleteValue_value = -1; +static gint hf_winreg_winreg_OpenHKCU_access_required = -1; +static gint hf_winreg_winreg_NotifyChangeKeyValue_handle = -1; +static gint hf_winreg_winreg_OpenHKDD_handle = -1; +static gint hf_winreg_winreg_QueryInfoKey_num_subkeys = -1; +static gint hf_winreg_winreg_QueryInfoKey_last_changed_time = -1; +static gint hf_winreg_winreg_AbortSystemShutdown_server = -1; +static gint hf_winreg_winreg_QueryValue_type = -1; +static gint hf_winreg_winreg_CloseKey_handle = -1; +static gint hf_winreg_winreg_OpenHKU_system_name = -1; +static gint hf_winreg_winreg_OpenHKDD_system_name = -1; +static gint hf_winreg_winreg_DeleteKey_handle = -1; +static gint hf_winreg_winreg_SecBuf_inherit = -1; +static gint hf_winreg_winreg_SetValue_size = -1; +static gint hf_winreg_winreg_QueryMultipleValues_values = -1; +static gint hf_winreg_winreg_OpenHKCC_system_name = -1; +static gint hf_winreg_winreg_GetVersion_version = -1; +static gint hf_winreg_winreg_CreateKey_action_taken = -1; +static gint hf_winreg_winreg_QueryInfoKey_num_values = -1; +static gint hf_winreg_winreg_SetKeySecurity_data = -1; +static gint hf_winreg_winreg_EnumKey_enum_index = -1; +static gint hf_winreg_winreg_SetValue_data = -1; +static gint hf_winreg_winreg_InitiateSystemShutdown_force_apps = -1; +static gint hf_winreg_winreg_NotifyChangeKeyValue_string1 = -1; +static gint hf_winreg_winreg_QueryMultipleValues_buffer = -1; +static gint hf_winreg_winreg_SetValue_handle = -1; +static gint hf_winreg_winreg_CreateKey_access_required = -1; +static gint hf_winreg_winreg_NotifyChangeKeyValue_notify_filter = -1; +static gint hf_winreg_winreg_OpenHKCU_system_name = -1; +static gint hf_winreg_KeySecurityData_size = -1; +static gint hf_winreg_winreg_OpenHKU_handle = -1; +static gint hf_winreg_winreg_OpenHKPD_handle = -1; +static gint hf_winreg_winreg_EnumKey_name = -1; +static gint hf_winreg_winreg_LoadKey_keyname = -1; +static gint hf_winreg_winreg_QueryMultipleValues_key_handle = -1; +static gint hf_winreg_winreg_EnumValue_type = -1; +static gint hf_winreg_winreg_EnumKey_last_changed_time = -1; +static gint hf_winreg_winreg_GetVersion_handle = -1; +static gint hf_winreg_winreg_EnumValue_size = -1; +static gint hf_winreg_winreg_OpenKey_handle = -1; +static gint hf_winreg_winreg_OpenHKPN_handle = -1; +static gint hf_winreg_winreg_QueryValue_data = -1; +static gint hf_winreg_winreg_QueryInfoKey_max_subkeysize = -1; +static gint hf_winreg_winreg_OpenHKPD_system_name = -1; +static gint hf_winreg_winreg_InitiateSystemShutdown_hostname = -1; +static gint hf_winreg_KeySecurityData_data = -1; +static gint hf_winreg_winreg_OpenKey_access_mask = -1; +static gint hf_winreg_winreg_QueryValue_handle = -1; +static gint hf_winreg_winreg_OpenKey_keyname = -1; +static gint hf_winreg_QueryMultipleValue_type = -1; +static gint hf_winreg_winreg_NotifyChangeKeyValue_watch_subtree = -1; +static gint hf_winreg_winreg_SetKeySecurity_handle = -1; +static gint hf_winreg_winreg_OpenHKDD_access_required = -1; +static gint hf_winreg_KeySecurityData_len = -1; +static gint hf_winreg_winreg_CreateKey_name = -1; +static gint hf_winreg_winreg_OpenHKPD_access_required = -1; +static gint hf_winreg_winreg_String_name_len = -1; +static gint hf_winreg_winreg_DeleteKey_key = -1; +static gint hf_winreg_QueryMultipleValue_length = -1; +static gint hf_winreg_winreg_OpenHKPT_access_required = -1; +static gint hf_winreg_winreg_QueryMultipleValues_num_values = -1; +static gint hf_winreg_winreg_QueryInfoKey_handle = -1; +static gint hf_winreg_winreg_StringBuf_name = -1; +static gint hf_winreg_winreg_NotifyChangeKeyValue_unknown2 = -1; +static gint hf_winreg_winreg_FlushKey_handle = -1; +static gint hf_winreg_winreg_OpenHKLM_system_name = -1; +static gint hf_winreg_winreg_CreateKey_handle = -1; +static gint hf_winreg_winreg_StringBuf_length = -1; +static gint hf_winreg_winreg_OpenHKCR_system_name = -1; +static gint hf_winreg_winreg_OpenHKLM_handle = -1; +static gint hf_winreg_winreg_String_name_size = -1; +static gint hf_winreg_winreg_NotifyChangeKeyValue_unknown = -1; +static gint hf_winreg_winreg_QueryValue_length = -1; +static gint hf_winreg_winreg_OpenKey_unknown = -1; +static gint hf_winreg_winreg_QueryInfoKey_max_valbufsize = -1; +static gint hf_winreg_winreg_InitiateSystemShutdownEx_reason = -1; +static gint hf_winreg_winreg_EnumValue_length = -1; +static gint hf_winreg_winreg_QueryInfoKey_max_subkeylen = -1; +static gint hf_winreg_winreg_InitiateSystemShutdown_timeout = -1; +static gint hf_winreg_winreg_QueryInfoKey_class = -1; +static gint hf_winreg_winreg_InitiateSystemShutdownEx_hostname = -1; +static gint hf_winreg_werror = -1; +static gint hf_winreg_winreg_EnumValue_value = -1; +static gint hf_winreg_winreg_SetKeySecurity_access_mask = -1; +static gint hf_winreg_winreg_GetKeySecurity_sd = -1; +static gint hf_winreg_winreg_QueryValue_value_name = -1; +static gint hf_winreg_winreg_LoadKey_handle = -1; +static gint hf_winreg_winreg_EnumKey_handle = -1; +static gint hf_winreg_QueryMultipleValue_offset = -1; + +static gint proto_dcerpc_winreg = -1; +/* Version information */ + + +static e_uuid_t uuid_dcerpc_winreg = { + 0x338cd001, 0x2244, 0x31f1, + { 0xaa, 0xaa, 0x90, 0x00, 0x38, 0x00, 0x10, 0x03 } +}; +static guint16 ver_dcerpc_winreg = 1; + +const value_string winreg_winreg_Type_vals[] = { + { REG_NONE, "REG_NONE" }, + { REG_SZ, "REG_SZ" }, + { REG_EXPAND_SZ, "REG_EXPAND_SZ" }, + { REG_BINARY, "REG_BINARY" }, + { REG_DWORD, "REG_DWORD" }, + { REG_DWORD_BIG_ENDIAN, "REG_DWORD_BIG_ENDIAN" }, + { REG_LINK, "REG_LINK" }, + { REG_MULTI_SZ, "REG_MULTI_SZ" }, + { REG_RESOURCE_LIST, "REG_RESOURCE_LIST" }, + { REG_FULL_RESOURCE_DESCRIPTOR, "REG_FULL_RESOURCE_DESCRIPTOR" }, + { REG_RESOURCE_REQUIREMENTS_LIST, "REG_RESOURCE_REQUIREMENTS_LIST" }, + { REG_QWORD, "REG_QWORD" }, +{ 0, NULL } +}; +static int winreg_dissect_element_String_name_len(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_String_name_size(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_String_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_String_name_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_KeySecurityData_data(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_KeySecurityData_data_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_KeySecurityData_data__(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_KeySecurityData_size(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_KeySecurityData_len(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_SecBuf_length(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_SecBuf_sd(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_SecBuf_inherit(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +const value_string winreg_winreg_CreateAction_vals[] = { + { REG_ACTION_NONE, "REG_ACTION_NONE" }, + { REG_CREATED_NEW_KEY, "REG_CREATED_NEW_KEY" }, + { REG_OPENED_EXISTING_KEY, "REG_OPENED_EXISTING_KEY" }, +{ 0, NULL } +}; +static int winreg_dissect_element_StringBuf_length(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_StringBuf_size(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_StringBuf_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_StringBuf_name_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_StringBuf_name__(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryMultipleValue_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryMultipleValue_name_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryMultipleValue_type(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryMultipleValue_offset(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryMultipleValue_length(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKCR_system_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKCR_system_name_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKCR_access_required(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKCR_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKCR_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKCU_system_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKCU_system_name_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKCU_access_required(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKCU_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKCU_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKLM_system_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKLM_system_name_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKLM_access_required(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKLM_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKLM_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKPD_system_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKPD_system_name_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKPD_access_required(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKPD_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKPD_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKU_system_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKU_system_name_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKU_access_required(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKU_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKU_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_CloseKey_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_CloseKey_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_CreateKey_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_CreateKey_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_CreateKey_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_CreateKey_class(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_CreateKey_options(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_CreateKey_access_required(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_CreateKey_secdesc(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_CreateKey_secdesc_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_CreateKey_new_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_CreateKey_new_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_CreateKey_action_taken(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_CreateKey_action_taken_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_DeleteKey_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_DeleteKey_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_DeleteKey_key(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_DeleteValue_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_DeleteValue_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_DeleteValue_value(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_EnumKey_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_EnumKey_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_EnumKey_enum_index(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_EnumKey_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_EnumKey_name_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_EnumKey_class(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_EnumKey_class_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_EnumKey_last_changed_time(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_EnumKey_last_changed_time_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_EnumValue_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_EnumValue_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_EnumValue_enum_index(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_EnumValue_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_EnumValue_name_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_EnumValue_type(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_EnumValue_type_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_EnumValue_value(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_EnumValue_value_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_EnumValue_value__(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_EnumValue_size(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_EnumValue_size_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_EnumValue_length(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_EnumValue_length_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_FlushKey_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_FlushKey_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_GetKeySecurity_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_GetKeySecurity_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_GetKeySecurity_sec_info(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_GetKeySecurity_sd(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_GetKeySecurity_sd_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_LoadKey_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_LoadKey_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_LoadKey_keyname(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_LoadKey_keyname_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_LoadKey_filename(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_LoadKey_filename_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_NotifyChangeKeyValue_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_NotifyChangeKeyValue_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_NotifyChangeKeyValue_watch_subtree(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_NotifyChangeKeyValue_notify_filter(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_NotifyChangeKeyValue_unknown(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_NotifyChangeKeyValue_string1(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_NotifyChangeKeyValue_string2(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_NotifyChangeKeyValue_unknown2(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenKey_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenKey_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenKey_keyname(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenKey_unknown(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenKey_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryInfoKey_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryInfoKey_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryInfoKey_class(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryInfoKey_num_subkeys(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryInfoKey_max_subkeylen(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryInfoKey_max_subkeysize(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryInfoKey_num_values(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryInfoKey_max_valnamelen(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryInfoKey_max_valbufsize(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryInfoKey_secdescsize(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryInfoKey_last_changed_time(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryValue_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryValue_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryValue_value_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryValue_type(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryValue_type_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryValue_data(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryValue_data_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryValue_data__(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryValue_size(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryValue_size_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryValue_length(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryValue_length_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_SetKeySecurity_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_SetKeySecurity_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_SetKeySecurity_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_SetKeySecurity_data(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_SetKeySecurity_data_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_SetValue_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_SetValue_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_SetValue_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_SetValue_type(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_SetValue_data(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_SetValue_data_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_SetValue_data__(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_SetValue_size(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_InitiateSystemShutdown_hostname(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_InitiateSystemShutdown_hostname_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_InitiateSystemShutdown_message(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_InitiateSystemShutdown_message_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_InitiateSystemShutdown_timeout(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_InitiateSystemShutdown_force_apps(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_InitiateSystemShutdown_reboot(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_AbortSystemShutdown_server(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_AbortSystemShutdown_server_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_GetVersion_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_GetVersion_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_GetVersion_version(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKCC_system_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKCC_system_name_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKCC_access_required(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKCC_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKCC_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKDD_system_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKDD_system_name_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKDD_access_required(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKDD_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKDD_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryMultipleValues_key_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryMultipleValues_key_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryMultipleValues_values(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryMultipleValues_values_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryMultipleValues_values__(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryMultipleValues_num_values(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryMultipleValues_buffer(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryMultipleValues_buffer_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryMultipleValues_buffer__(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryMultipleValues_buffer_size(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_QueryMultipleValues_buffer_size_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_InitiateSystemShutdownEx_hostname(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_InitiateSystemShutdownEx_hostname_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_InitiateSystemShutdownEx_message(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_InitiateSystemShutdownEx_message_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_InitiateSystemShutdownEx_timeout(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_InitiateSystemShutdownEx_force_apps(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_InitiateSystemShutdownEx_reboot(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_InitiateSystemShutdownEx_reason(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKPT_system_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKPT_system_name_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKPT_access_required(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKPT_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKPT_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKPN_system_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKPN_system_name_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKPN_access_required(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKPN_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); +static int winreg_dissect_element_OpenHKPN_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep); + +/* IDL: typedef enum { */ +/* IDL: REG_NONE=0, */ +/* IDL: REG_SZ=1, */ +/* IDL: REG_EXPAND_SZ=2, */ +/* IDL: REG_BINARY=3, */ +/* IDL: REG_DWORD=4, */ +/* IDL: REG_DWORD_BIG_ENDIAN=5, */ +/* IDL: REG_LINK=6, */ +/* IDL: REG_MULTI_SZ=7, */ +/* IDL: REG_RESOURCE_LIST=8, */ +/* IDL: REG_FULL_RESOURCE_DESCRIPTOR=9, */ +/* IDL: REG_RESOURCE_REQUIREMENTS_LIST=10, */ +/* IDL: REG_QWORD=11, */ +/* IDL: } winreg_Type; */ + +int +winreg_dissect_enum_Type(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int hf_index, guint32 param _U_) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_index, NULL); + return offset; +} + +/* IDL: typedef struct { */ +/* IDL: [value(strlen_m_term(name)*2)] uint16 name_len; */ +/* IDL: [value(strlen_m_term(name)*2)] uint16 name_size; */ +/* IDL: [unique(1)] [flag(LIBNDR_FLAG_STR_SIZE4|LIBNDR_FLAG_STR_LEN4)] string *name; */ +/* IDL: } winreg_String; */ + +static int +winreg_dissect_element_String_name_len(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_String_name_len,NULL); + + return offset; +} + +static int +winreg_dissect_element_String_name_size(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_String_name_size,NULL); + + return offset; +} + +static int +winreg_dissect_element_String_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_String_name_, NDR_POINTER_UNIQUE, "Pointer to Name (string)",hf_winreg_winreg_String_name); + + return offset; +} + +static int +winreg_dissect_element_String_name_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + char *data; + + offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, drep, 2, hf_winreg_winreg_String_name, FALSE, &data); + proto_item_append_text(tree, ": %s", data); + + return offset; +} + +int +winreg_dissect_struct_String(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_) +{ + proto_item *item = NULL; + proto_tree *tree = NULL; + int old_offset; + + ALIGN_TO_4_BYTES; + + old_offset = offset; + + if(parent_tree){ + item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE); + tree = proto_item_add_subtree(item, ett_winreg_winreg_String); + } + + offset = winreg_dissect_element_String_name_len(tvb, offset, pinfo, tree, drep); + + offset = winreg_dissect_element_String_name_size(tvb, offset, pinfo, tree, drep); + + offset = winreg_dissect_element_String_name(tvb, offset, pinfo, tree, drep); + + + proto_item_set_len(item, offset-old_offset); + + return offset; +} + +/* IDL: typedef struct { */ +/* IDL: [unique(1)] [length_is(len)] [size_is(size)] uint8 *data; */ +/* IDL: uint32 size; */ +/* IDL: uint32 len; */ +/* IDL: } KeySecurityData; */ + +static int +winreg_dissect_element_KeySecurityData_data(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_KeySecurityData_data_, NDR_POINTER_UNIQUE, "Pointer to Data (uint8)",hf_winreg_KeySecurityData_data); + + return offset; +} + +static int +winreg_dissect_element_KeySecurityData_data_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep, winreg_dissect_element_KeySecurityData_data__); + + return offset; +} + +static int +winreg_dissect_element_KeySecurityData_data__(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep, hf_winreg_KeySecurityData_data,NULL); + + return offset; +} + +static int +winreg_dissect_element_KeySecurityData_size(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_KeySecurityData_size,NULL); + + return offset; +} + +static int +winreg_dissect_element_KeySecurityData_len(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_KeySecurityData_len,NULL); + + return offset; +} + +int +winreg_dissect_struct_KeySecurityData(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_) +{ + proto_item *item = NULL; + proto_tree *tree = NULL; + int old_offset; + + ALIGN_TO_4_BYTES; + + old_offset = offset; + + if(parent_tree){ + item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE); + tree = proto_item_add_subtree(item, ett_winreg_KeySecurityData); + } + + offset = winreg_dissect_element_KeySecurityData_data(tvb, offset, pinfo, tree, drep); + + offset = winreg_dissect_element_KeySecurityData_size(tvb, offset, pinfo, tree, drep); + + offset = winreg_dissect_element_KeySecurityData_len(tvb, offset, pinfo, tree, drep); + + + proto_item_set_len(item, offset-old_offset); + + return offset; +} + +/* IDL: typedef struct { */ +/* IDL: uint32 length; */ +/* IDL: KeySecurityData sd; */ +/* IDL: uint8 inherit; */ +/* IDL: } winreg_SecBuf; */ + +static int +winreg_dissect_element_SecBuf_length(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_SecBuf_length,NULL); + + return offset; +} + +static int +winreg_dissect_element_SecBuf_sd(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = winreg_dissect_struct_KeySecurityData(tvb,offset,pinfo,tree,drep,hf_winreg_winreg_SecBuf_sd,0); + + return offset; +} + +static int +winreg_dissect_element_SecBuf_inherit(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_SecBuf_inherit,NULL); + + return offset; +} + +int +winreg_dissect_struct_SecBuf(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_) +{ + proto_item *item = NULL; + proto_tree *tree = NULL; + int old_offset; + + ALIGN_TO_4_BYTES; + + old_offset = offset; + + if(parent_tree){ + item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE); + tree = proto_item_add_subtree(item, ett_winreg_winreg_SecBuf); + } + + offset = winreg_dissect_element_SecBuf_length(tvb, offset, pinfo, tree, drep); + + offset = winreg_dissect_element_SecBuf_sd(tvb, offset, pinfo, tree, drep); + + offset = winreg_dissect_element_SecBuf_inherit(tvb, offset, pinfo, tree, drep); + + + proto_item_set_len(item, offset-old_offset); + + return offset; +} + +/* IDL: typedef enum { */ +/* IDL: REG_ACTION_NONE=0, */ +/* IDL: REG_CREATED_NEW_KEY=1, */ +/* IDL: REG_OPENED_EXISTING_KEY=2, */ +/* IDL: } winreg_CreateAction; */ + +int +winreg_dissect_enum_CreateAction(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int hf_index, guint32 param _U_) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_index, NULL); + return offset; +} + +/* IDL: typedef struct { */ +/* IDL: uint16 length; */ +/* IDL: uint16 size; */ +/* IDL: [unique(1)] [length_is(length/2)] [charset(UTF16)] [size_is(size/2)] uint16 *name; */ +/* IDL: } winreg_StringBuf; */ + +static int +winreg_dissect_element_StringBuf_length(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_StringBuf_length,NULL); + + return offset; +} + +static int +winreg_dissect_element_StringBuf_size(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_StringBuf_size,NULL); + + return offset; +} + +static int +winreg_dissect_element_StringBuf_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_StringBuf_name_, NDR_POINTER_UNIQUE, "Pointer to Name (uint16)",hf_winreg_winreg_StringBuf_name); + + return offset; +} + +static int +winreg_dissect_element_StringBuf_name_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep, winreg_dissect_element_StringBuf_name__); + + return offset; +} + +static int +winreg_dissect_element_StringBuf_name__(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_StringBuf_name,NULL); + + return offset; +} + +int +winreg_dissect_struct_StringBuf(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_) +{ + proto_item *item = NULL; + proto_tree *tree = NULL; + int old_offset; + + ALIGN_TO_4_BYTES; + + old_offset = offset; + + if(parent_tree){ + item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE); + tree = proto_item_add_subtree(item, ett_winreg_winreg_StringBuf); + } + + offset = winreg_dissect_element_StringBuf_length(tvb, offset, pinfo, tree, drep); + + offset = winreg_dissect_element_StringBuf_size(tvb, offset, pinfo, tree, drep); + + offset = winreg_dissect_element_StringBuf_name(tvb, offset, pinfo, tree, drep); + + + proto_item_set_len(item, offset-old_offset); + + return offset; +} + +/* IDL: typedef struct { */ +/* IDL: [unique(1)] winreg_String *name; */ +/* IDL: winreg_Type type; */ +/* IDL: uint32 offset; */ +/* IDL: uint32 length; */ +/* IDL: } QueryMultipleValue; */ + +static int +winreg_dissect_element_QueryMultipleValue_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_embedded_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_QueryMultipleValue_name_, NDR_POINTER_UNIQUE, "Pointer to Name (winreg_String)",hf_winreg_QueryMultipleValue_name); + + return offset; +} + +static int +winreg_dissect_element_QueryMultipleValue_name_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = winreg_dissect_struct_String(tvb,offset,pinfo,tree,drep,hf_winreg_QueryMultipleValue_name,0); + + return offset; +} + +static int +winreg_dissect_element_QueryMultipleValue_type(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = winreg_dissect_enum_Type(tvb, offset, pinfo, tree, drep, hf_winreg_QueryMultipleValue_type, 0); + + return offset; +} + +static int +winreg_dissect_element_QueryMultipleValue_offset(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_QueryMultipleValue_offset,NULL); + + return offset; +} + +static int +winreg_dissect_element_QueryMultipleValue_length(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_QueryMultipleValue_length,NULL); + + return offset; +} + +int +winreg_dissect_struct_QueryMultipleValue(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_) +{ + proto_item *item = NULL; + proto_tree *tree = NULL; + int old_offset; + + ALIGN_TO_4_BYTES; + + old_offset = offset; + + if(parent_tree){ + item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, TRUE); + tree = proto_item_add_subtree(item, ett_winreg_QueryMultipleValue); + } + + offset = winreg_dissect_element_QueryMultipleValue_name(tvb, offset, pinfo, tree, drep); + + offset = winreg_dissect_element_QueryMultipleValue_type(tvb, offset, pinfo, tree, drep); + + offset = winreg_dissect_element_QueryMultipleValue_offset(tvb, offset, pinfo, tree, drep); + + offset = winreg_dissect_element_QueryMultipleValue_length(tvb, offset, pinfo, tree, drep); + + + proto_item_set_len(item, offset-old_offset); + + return offset; +} + +static int +winreg_dissect_element_OpenHKCR_system_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_OpenHKCR_system_name_, NDR_POINTER_UNIQUE, "Pointer to System Name (uint16)",hf_winreg_winreg_OpenHKCR_system_name); + + return offset; +} + +static int +winreg_dissect_element_OpenHKCR_system_name_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKCR_system_name,NULL); + + return offset; +} + +static int +winreg_dissect_element_OpenHKCR_access_required(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKCR_access_required,NULL); + + return offset; +} + +static int +winreg_dissect_element_OpenHKCR_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_OpenHKCR_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_winreg_winreg_OpenHKCR_handle); + + return offset; +} + +static int +winreg_dissect_element_OpenHKCR_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKCR_handle, NULL, NULL, 0&0x01, 0&0x02); + + return offset; +} + +/* IDL: WERROR winreg_OpenHKCR( */ +/* IDL: [unique(1)] [in] uint16 *system_name, */ +/* IDL: [in] uint32 access_required, */ +/* IDL: [out] [ref] policy_handle *handle */ +/* IDL: ); */ + +static int +winreg_dissect_OpenHKCR_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_OpenHKCR_handle(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_OpenHKCR_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_OpenHKCR_system_name(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_OpenHKCR_access_required(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + return offset; +} + +static int +winreg_dissect_element_OpenHKCU_system_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_OpenHKCU_system_name_, NDR_POINTER_UNIQUE, "Pointer to System Name (uint16)",hf_winreg_winreg_OpenHKCU_system_name); + + return offset; +} + +static int +winreg_dissect_element_OpenHKCU_system_name_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKCU_system_name,NULL); + + return offset; +} + +static int +winreg_dissect_element_OpenHKCU_access_required(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKCU_access_required,NULL); + + return offset; +} + +static int +winreg_dissect_element_OpenHKCU_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_OpenHKCU_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_winreg_winreg_OpenHKCU_handle); + + return offset; +} + +static int +winreg_dissect_element_OpenHKCU_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKCU_handle, NULL, NULL, 0&0x01, 0&0x02); + + return offset; +} + +/* IDL: WERROR winreg_OpenHKCU( */ +/* IDL: [unique(1)] [in] uint16 *system_name, */ +/* IDL: [in] uint32 access_required, */ +/* IDL: [out] [ref] policy_handle *handle */ +/* IDL: ); */ + +static int +winreg_dissect_OpenHKCU_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_OpenHKCU_handle(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_OpenHKCU_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_OpenHKCU_system_name(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_OpenHKCU_access_required(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + return offset; +} + +static int +winreg_dissect_element_OpenHKLM_system_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_OpenHKLM_system_name_, NDR_POINTER_UNIQUE, "Pointer to System Name (uint16)",hf_winreg_winreg_OpenHKLM_system_name); + + return offset; +} + +static int +winreg_dissect_element_OpenHKLM_system_name_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKLM_system_name,NULL); + + return offset; +} + +static int +winreg_dissect_element_OpenHKLM_access_required(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKLM_access_required,NULL); + + return offset; +} + +static int +winreg_dissect_element_OpenHKLM_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_OpenHKLM_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_winreg_winreg_OpenHKLM_handle); + + return offset; +} + +static int +winreg_dissect_element_OpenHKLM_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKLM_handle, NULL, NULL, 0&0x01, 0&0x02); + + return offset; +} + +/* IDL: WERROR winreg_OpenHKLM( */ +/* IDL: [unique(1)] [in] uint16 *system_name, */ +/* IDL: [in] uint32 access_required, */ +/* IDL: [out] [ref] policy_handle *handle */ +/* IDL: ); */ + +static int +winreg_dissect_OpenHKLM_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_OpenHKLM_handle(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_OpenHKLM_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_OpenHKLM_system_name(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_OpenHKLM_access_required(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + return offset; +} + +static int +winreg_dissect_element_OpenHKPD_system_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_OpenHKPD_system_name_, NDR_POINTER_UNIQUE, "Pointer to System Name (uint16)",hf_winreg_winreg_OpenHKPD_system_name); + + return offset; +} + +static int +winreg_dissect_element_OpenHKPD_system_name_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKPD_system_name,NULL); + + return offset; +} + +static int +winreg_dissect_element_OpenHKPD_access_required(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKPD_access_required,NULL); + + return offset; +} + +static int +winreg_dissect_element_OpenHKPD_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_OpenHKPD_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_winreg_winreg_OpenHKPD_handle); + + return offset; +} + +static int +winreg_dissect_element_OpenHKPD_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKPD_handle, NULL, NULL, 0&0x01, 0&0x02); + + return offset; +} + +/* IDL: WERROR winreg_OpenHKPD( */ +/* IDL: [unique(1)] [in] uint16 *system_name, */ +/* IDL: [in] uint32 access_required, */ +/* IDL: [out] [ref] policy_handle *handle */ +/* IDL: ); */ + +static int +winreg_dissect_OpenHKPD_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_OpenHKPD_handle(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_OpenHKPD_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_OpenHKPD_system_name(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_OpenHKPD_access_required(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + return offset; +} + +static int +winreg_dissect_element_OpenHKU_system_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_OpenHKU_system_name_, NDR_POINTER_UNIQUE, "Pointer to System Name (uint16)",hf_winreg_winreg_OpenHKU_system_name); + + return offset; +} + +static int +winreg_dissect_element_OpenHKU_system_name_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKU_system_name,NULL); + + return offset; +} + +static int +winreg_dissect_element_OpenHKU_access_required(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKU_access_required,NULL); + + return offset; +} + +static int +winreg_dissect_element_OpenHKU_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_OpenHKU_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_winreg_winreg_OpenHKU_handle); + + return offset; +} + +static int +winreg_dissect_element_OpenHKU_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKU_handle, NULL, NULL, 0&0x01, 0&0x02); + + return offset; +} + +/* IDL: WERROR winreg_OpenHKU( */ +/* IDL: [unique(1)] [in] uint16 *system_name, */ +/* IDL: [in] uint32 access_required, */ +/* IDL: [out] [ref] policy_handle *handle */ +/* IDL: ); */ + +static int +winreg_dissect_OpenHKU_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_OpenHKU_handle(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_OpenHKU_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_OpenHKU_system_name(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_OpenHKU_access_required(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + return offset; +} + +static int +winreg_dissect_element_CloseKey_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_CloseKey_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_winreg_winreg_CloseKey_handle); + + return offset; +} + +static int +winreg_dissect_element_CloseKey_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_CloseKey_handle, NULL, NULL, 0&0x01, 0&0x02); + + return offset; +} + +/* IDL: WERROR winreg_CloseKey( */ +/* IDL: [out] [in] [ref] policy_handle *handle */ +/* IDL: ); */ + +static int +winreg_dissect_CloseKey_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_CloseKey_handle(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_CloseKey_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_CloseKey_handle(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + return offset; +} + +static int +winreg_dissect_element_CreateKey_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_CreateKey_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_winreg_winreg_CreateKey_handle); + + return offset; +} + +static int +winreg_dissect_element_CreateKey_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_CreateKey_handle, NULL, NULL, 0&0x01, 0&0x02); + + return offset; +} + +static int +winreg_dissect_element_CreateKey_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = winreg_dissect_struct_String(tvb,offset,pinfo,tree,drep,hf_winreg_winreg_CreateKey_name,0); + + return offset; +} + +static int +winreg_dissect_element_CreateKey_class(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = winreg_dissect_struct_String(tvb,offset,pinfo,tree,drep,hf_winreg_winreg_CreateKey_class,0); + + return offset; +} + +static int +winreg_dissect_element_CreateKey_options(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_CreateKey_options,NULL); + + return offset; +} + +static int +winreg_dissect_element_CreateKey_access_required(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_CreateKey_access_required,NULL); + + return offset; +} + +static int +winreg_dissect_element_CreateKey_secdesc(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_CreateKey_secdesc_, NDR_POINTER_UNIQUE, "Pointer to Secdesc (winreg_SecBuf)",hf_winreg_winreg_CreateKey_secdesc); + + return offset; +} + +static int +winreg_dissect_element_CreateKey_secdesc_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = winreg_dissect_struct_SecBuf(tvb,offset,pinfo,tree,drep,hf_winreg_winreg_CreateKey_secdesc,0); + + return offset; +} + +static int +winreg_dissect_element_CreateKey_new_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_CreateKey_new_handle_, NDR_POINTER_REF, "Pointer to New Handle (policy_handle)",hf_winreg_winreg_CreateKey_new_handle); + + return offset; +} + +static int +winreg_dissect_element_CreateKey_new_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_CreateKey_new_handle, NULL, NULL, 0&0x01, 0&0x02); + + return offset; +} + +static int +winreg_dissect_element_CreateKey_action_taken(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_CreateKey_action_taken_, NDR_POINTER_UNIQUE, "Pointer to Action Taken (winreg_CreateAction)",hf_winreg_winreg_CreateKey_action_taken); + + return offset; +} + +static int +winreg_dissect_element_CreateKey_action_taken_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = winreg_dissect_enum_CreateAction(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_CreateKey_action_taken, 0); + + return offset; +} + +/* IDL: WERROR winreg_CreateKey( */ +/* IDL: [in] [ref] policy_handle *handle, */ +/* IDL: [in] winreg_String name, */ +/* IDL: [in] winreg_String class, */ +/* IDL: [in] uint32 options, */ +/* IDL: [in] uint32 access_required, */ +/* IDL: [unique(1)] [in] winreg_SecBuf *secdesc, */ +/* IDL: [out] [ref] policy_handle *new_handle, */ +/* IDL: [out] [unique(1)] [in] winreg_CreateAction *action_taken */ +/* IDL: ); */ + +static int +winreg_dissect_CreateKey_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_CreateKey_new_handle(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = winreg_dissect_element_CreateKey_action_taken(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_CreateKey_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_CreateKey_handle(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_CreateKey_name(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_CreateKey_class(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_CreateKey_options(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_CreateKey_access_required(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_CreateKey_secdesc(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_CreateKey_action_taken(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + return offset; +} + +static int +winreg_dissect_element_DeleteKey_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_DeleteKey_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_winreg_winreg_DeleteKey_handle); + + return offset; +} + +static int +winreg_dissect_element_DeleteKey_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_DeleteKey_handle, NULL, NULL, 0&0x01, 0&0x02); + + return offset; +} + +static int +winreg_dissect_element_DeleteKey_key(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = winreg_dissect_struct_String(tvb,offset,pinfo,tree,drep,hf_winreg_winreg_DeleteKey_key,0); + + return offset; +} + +/* IDL: WERROR winreg_DeleteKey( */ +/* IDL: [in] [ref] policy_handle *handle, */ +/* IDL: [in] winreg_String key */ +/* IDL: ); */ + +static int +winreg_dissect_DeleteKey_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_DeleteKey_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_DeleteKey_handle(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_DeleteKey_key(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + return offset; +} + +static int +winreg_dissect_element_DeleteValue_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_DeleteValue_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_winreg_winreg_DeleteValue_handle); + + return offset; +} + +static int +winreg_dissect_element_DeleteValue_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_DeleteValue_handle, NULL, NULL, 0&0x01, 0&0x02); + + return offset; +} + +static int +winreg_dissect_element_DeleteValue_value(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = winreg_dissect_struct_String(tvb,offset,pinfo,tree,drep,hf_winreg_winreg_DeleteValue_value,0); + + return offset; +} + +/* IDL: WERROR winreg_DeleteValue( */ +/* IDL: [in] [ref] policy_handle *handle, */ +/* IDL: [in] winreg_String value */ +/* IDL: ); */ + +static int +winreg_dissect_DeleteValue_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_DeleteValue_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_DeleteValue_handle(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_DeleteValue_value(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + return offset; +} + +static int +winreg_dissect_element_EnumKey_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_EnumKey_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_winreg_winreg_EnumKey_handle); + + return offset; +} + +static int +winreg_dissect_element_EnumKey_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_EnumKey_handle, NULL, NULL, 0&0x01, 0&0x02); + + return offset; +} + +static int +winreg_dissect_element_EnumKey_enum_index(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_EnumKey_enum_index,NULL); + + return offset; +} + +static int +winreg_dissect_element_EnumKey_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_EnumKey_name_, NDR_POINTER_REF, "Pointer to Name (winreg_StringBuf)",hf_winreg_winreg_EnumKey_name); + + return offset; +} + +static int +winreg_dissect_element_EnumKey_name_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = winreg_dissect_struct_StringBuf(tvb,offset,pinfo,tree,drep,hf_winreg_winreg_EnumKey_name,0); + + return offset; +} + +static int +winreg_dissect_element_EnumKey_class(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_EnumKey_class_, NDR_POINTER_UNIQUE, "Pointer to Class (winreg_StringBuf)",hf_winreg_winreg_EnumKey_class); + + return offset; +} + +static int +winreg_dissect_element_EnumKey_class_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = winreg_dissect_struct_StringBuf(tvb,offset,pinfo,tree,drep,hf_winreg_winreg_EnumKey_class,0); + + return offset; +} + +static int +winreg_dissect_element_EnumKey_last_changed_time(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_EnumKey_last_changed_time_, NDR_POINTER_UNIQUE, "Pointer to Last Changed Time (NTTIME)",hf_winreg_winreg_EnumKey_last_changed_time); + + return offset; +} + +static int +winreg_dissect_element_EnumKey_last_changed_time_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_EnumKey_last_changed_time); + + return offset; +} + +/* IDL: WERROR winreg_EnumKey( */ +/* IDL: [in] [ref] policy_handle *handle, */ +/* IDL: [in] uint32 enum_index, */ +/* IDL: [out] [in] [ref] winreg_StringBuf *name, */ +/* IDL: [out] [unique(1)] [in] winreg_StringBuf *class, */ +/* IDL: [out] [unique(1)] [in] NTTIME *last_changed_time */ +/* IDL: ); */ + +static int +winreg_dissect_EnumKey_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_EnumKey_name(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = winreg_dissect_element_EnumKey_class(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = winreg_dissect_element_EnumKey_last_changed_time(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_EnumKey_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_EnumKey_handle(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_EnumKey_enum_index(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_EnumKey_name(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_EnumKey_class(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_EnumKey_last_changed_time(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + return offset; +} + +static int +winreg_dissect_element_EnumValue_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_EnumValue_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_winreg_winreg_EnumValue_handle); + + return offset; +} + +static int +winreg_dissect_element_EnumValue_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_EnumValue_handle, NULL, NULL, 0&0x01, 0&0x02); + + return offset; +} + +static int +winreg_dissect_element_EnumValue_enum_index(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_EnumValue_enum_index,NULL); + + return offset; +} + +static int +winreg_dissect_element_EnumValue_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_EnumValue_name_, NDR_POINTER_REF, "Pointer to Name (winreg_StringBuf)",hf_winreg_winreg_EnumValue_name); + + return offset; +} + +static int +winreg_dissect_element_EnumValue_name_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = winreg_dissect_struct_StringBuf(tvb,offset,pinfo,tree,drep,hf_winreg_winreg_EnumValue_name,0); + + return offset; +} + +static int +winreg_dissect_element_EnumValue_type(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_EnumValue_type_, NDR_POINTER_UNIQUE, "Pointer to Type (winreg_Type)",hf_winreg_winreg_EnumValue_type); + + return offset; +} + +static int +winreg_dissect_element_EnumValue_type_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = winreg_dissect_enum_Type(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_EnumValue_type, 0); + + return offset; +} + +static int +winreg_dissect_element_EnumValue_value(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_EnumValue_value_, NDR_POINTER_UNIQUE, "Pointer to Value (uint8)",hf_winreg_winreg_EnumValue_value); + + return offset; +} + +static int +winreg_dissect_element_EnumValue_value_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep, winreg_dissect_element_EnumValue_value__); + + return offset; +} + +static int +winreg_dissect_element_EnumValue_value__(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_EnumValue_value,NULL); + + return offset; +} + +static int +winreg_dissect_element_EnumValue_size(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_EnumValue_size_, NDR_POINTER_UNIQUE, "Pointer to Size (uint32)",hf_winreg_winreg_EnumValue_size); + + return offset; +} + +static int +winreg_dissect_element_EnumValue_size_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_EnumValue_size,NULL); + + return offset; +} + +static int +winreg_dissect_element_EnumValue_length(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_EnumValue_length_, NDR_POINTER_UNIQUE, "Pointer to Length (uint32)",hf_winreg_winreg_EnumValue_length); + + return offset; +} + +static int +winreg_dissect_element_EnumValue_length_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_EnumValue_length,NULL); + + return offset; +} + +/* IDL: WERROR winreg_EnumValue( */ +/* IDL: [in] [ref] policy_handle *handle, */ +/* IDL: [in] uint32 enum_index, */ +/* IDL: [out] [in] [ref] winreg_StringBuf *name, */ +/* IDL: [out] [unique(1)] [in] winreg_Type *type, */ +/* IDL: [out] [unique(1)] [in] [length_is(*length)] [size_is(*size)] uint8 *value, */ +/* IDL: [out] [unique(1)] [in] uint32 *size, */ +/* IDL: [out] [unique(1)] [in] uint32 *length */ +/* IDL: ); */ + +static int +winreg_dissect_EnumValue_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_EnumValue_name(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = winreg_dissect_element_EnumValue_type(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = winreg_dissect_element_EnumValue_value(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = winreg_dissect_element_EnumValue_size(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = winreg_dissect_element_EnumValue_length(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_EnumValue_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_EnumValue_handle(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_EnumValue_enum_index(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_EnumValue_name(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_EnumValue_type(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_EnumValue_value(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_EnumValue_size(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_EnumValue_length(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + return offset; +} + +static int +winreg_dissect_element_FlushKey_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_FlushKey_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_winreg_winreg_FlushKey_handle); + + return offset; +} + +static int +winreg_dissect_element_FlushKey_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_FlushKey_handle, NULL, NULL, 0&0x01, 0&0x02); + + return offset; +} + +/* IDL: WERROR winreg_FlushKey( */ +/* IDL: [in] [ref] policy_handle *handle */ +/* IDL: ); */ + +static int +winreg_dissect_FlushKey_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_FlushKey_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_FlushKey_handle(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + return offset; +} + +static int +winreg_dissect_element_GetKeySecurity_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_GetKeySecurity_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_winreg_winreg_GetKeySecurity_handle); + + return offset; +} + +static int +winreg_dissect_element_GetKeySecurity_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_GetKeySecurity_handle, NULL, NULL, 0&0x01, 0&0x02); + + return offset; +} + +static int +winreg_dissect_element_GetKeySecurity_sec_info(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_GetKeySecurity_sec_info, NULL); + + return offset; +} + +static int +winreg_dissect_element_GetKeySecurity_sd(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_GetKeySecurity_sd_, NDR_POINTER_REF, "Pointer to Sd (KeySecurityData)",hf_winreg_winreg_GetKeySecurity_sd); + + return offset; +} + +static int +winreg_dissect_element_GetKeySecurity_sd_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = winreg_dissect_struct_KeySecurityData(tvb,offset,pinfo,tree,drep,hf_winreg_winreg_GetKeySecurity_sd,0); + + return offset; +} + +/* IDL: WERROR winreg_GetKeySecurity( */ +/* IDL: [in] [ref] policy_handle *handle, */ +/* IDL: [in] security_secinfo sec_info, */ +/* IDL: [out] [in] [ref] KeySecurityData *sd */ +/* IDL: ); */ + +static int +winreg_dissect_GetKeySecurity_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_GetKeySecurity_sd(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_GetKeySecurity_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_GetKeySecurity_handle(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_GetKeySecurity_sec_info(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_GetKeySecurity_sd(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + return offset; +} + +static int +winreg_dissect_element_LoadKey_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_LoadKey_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_winreg_winreg_LoadKey_handle); + + return offset; +} + +static int +winreg_dissect_element_LoadKey_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_LoadKey_handle, NULL, NULL, 0&0x01, 0&0x02); + + return offset; +} + +static int +winreg_dissect_element_LoadKey_keyname(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_LoadKey_keyname_, NDR_POINTER_UNIQUE, "Pointer to Keyname (winreg_String)",hf_winreg_winreg_LoadKey_keyname); + + return offset; +} + +static int +winreg_dissect_element_LoadKey_keyname_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = winreg_dissect_struct_String(tvb,offset,pinfo,tree,drep,hf_winreg_winreg_LoadKey_keyname,0); + + return offset; +} + +static int +winreg_dissect_element_LoadKey_filename(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_LoadKey_filename_, NDR_POINTER_UNIQUE, "Pointer to Filename (winreg_String)",hf_winreg_winreg_LoadKey_filename); + + return offset; +} + +static int +winreg_dissect_element_LoadKey_filename_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = winreg_dissect_struct_String(tvb,offset,pinfo,tree,drep,hf_winreg_winreg_LoadKey_filename,0); + + return offset; +} + +/* IDL: WERROR winreg_LoadKey( */ +/* IDL: [in] [ref] policy_handle *handle, */ +/* IDL: [unique(1)] [in] winreg_String *keyname, */ +/* IDL: [unique(1)] [in] winreg_String *filename */ +/* IDL: ); */ + +static int +winreg_dissect_LoadKey_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_LoadKey_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_LoadKey_handle(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_LoadKey_keyname(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_LoadKey_filename(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + return offset; +} + +static int +winreg_dissect_element_NotifyChangeKeyValue_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_NotifyChangeKeyValue_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_winreg_winreg_NotifyChangeKeyValue_handle); + + return offset; +} + +static int +winreg_dissect_element_NotifyChangeKeyValue_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_NotifyChangeKeyValue_handle, NULL, NULL, 0&0x01, 0&0x02); + + return offset; +} + +static int +winreg_dissect_element_NotifyChangeKeyValue_watch_subtree(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_NotifyChangeKeyValue_watch_subtree,NULL); + + return offset; +} + +static int +winreg_dissect_element_NotifyChangeKeyValue_notify_filter(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_NotifyChangeKeyValue_notify_filter,NULL); + + return offset; +} + +static int +winreg_dissect_element_NotifyChangeKeyValue_unknown(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_NotifyChangeKeyValue_unknown,NULL); + + return offset; +} + +static int +winreg_dissect_element_NotifyChangeKeyValue_string1(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = winreg_dissect_struct_String(tvb,offset,pinfo,tree,drep,hf_winreg_winreg_NotifyChangeKeyValue_string1,0); + + return offset; +} + +static int +winreg_dissect_element_NotifyChangeKeyValue_string2(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = winreg_dissect_struct_String(tvb,offset,pinfo,tree,drep,hf_winreg_winreg_NotifyChangeKeyValue_string2,0); + + return offset; +} + +static int +winreg_dissect_element_NotifyChangeKeyValue_unknown2(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_NotifyChangeKeyValue_unknown2,NULL); + + return offset; +} + +/* IDL: WERROR winreg_NotifyChangeKeyValue( */ +/* IDL: [in] [ref] policy_handle *handle, */ +/* IDL: [in] uint8 watch_subtree, */ +/* IDL: [in] uint32 notify_filter, */ +/* IDL: [in] uint32 unknown, */ +/* IDL: [in] winreg_String string1, */ +/* IDL: [in] winreg_String string2, */ +/* IDL: [in] uint32 unknown2 */ +/* IDL: ); */ + +static int +winreg_dissect_NotifyChangeKeyValue_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_NotifyChangeKeyValue_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_NotifyChangeKeyValue_handle(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_NotifyChangeKeyValue_watch_subtree(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_NotifyChangeKeyValue_notify_filter(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_NotifyChangeKeyValue_unknown(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_NotifyChangeKeyValue_string1(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_NotifyChangeKeyValue_string2(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_NotifyChangeKeyValue_unknown2(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + return offset; +} + +static int +winreg_dissect_element_OpenKey_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_OpenKey_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_winreg_winreg_OpenKey_handle); + + return offset; +} + +static int +winreg_dissect_element_OpenKey_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenKey_handle, NULL, NULL, 0&0x01, 0&0x02); + + return offset; +} + +static int +winreg_dissect_element_OpenKey_keyname(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = winreg_dissect_struct_String(tvb,offset,pinfo,tree,drep,hf_winreg_winreg_OpenKey_keyname,0); + + return offset; +} + +static int +winreg_dissect_element_OpenKey_unknown(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenKey_unknown,NULL); + + return offset; +} + +static int +winreg_dissect_element_OpenKey_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenKey_access_mask,NULL); + + return offset; +} + +/* IDL: WERROR winreg_OpenKey( */ +/* IDL: [in] [ref] policy_handle *handle, */ +/* IDL: [in] winreg_String keyname, */ +/* IDL: [in] uint32 unknown, */ +/* IDL: [in] uint32 access_mask, */ +/* IDL: [out] [ref] policy_handle *handle */ +/* IDL: ); */ + +static int +winreg_dissect_OpenKey_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_OpenKey_handle(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_OpenKey_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_OpenKey_handle(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_OpenKey_keyname(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_OpenKey_unknown(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_OpenKey_access_mask(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + return offset; +} + +static int +winreg_dissect_element_QueryInfoKey_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_QueryInfoKey_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_winreg_winreg_QueryInfoKey_handle); + + return offset; +} + +static int +winreg_dissect_element_QueryInfoKey_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_QueryInfoKey_handle, NULL, NULL, 0&0x01, 0&0x02); + + return offset; +} + +static int +winreg_dissect_element_QueryInfoKey_class(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = winreg_dissect_struct_String(tvb,offset,pinfo,tree,drep,hf_winreg_winreg_QueryInfoKey_class,0); + + return offset; +} + +static int +winreg_dissect_element_QueryInfoKey_num_subkeys(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_QueryInfoKey_num_subkeys,NULL); + + return offset; +} + +static int +winreg_dissect_element_QueryInfoKey_max_subkeylen(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_QueryInfoKey_max_subkeylen,NULL); + + return offset; +} + +static int +winreg_dissect_element_QueryInfoKey_max_subkeysize(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_QueryInfoKey_max_subkeysize,NULL); + + return offset; +} + +static int +winreg_dissect_element_QueryInfoKey_num_values(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_QueryInfoKey_num_values,NULL); + + return offset; +} + +static int +winreg_dissect_element_QueryInfoKey_max_valnamelen(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_QueryInfoKey_max_valnamelen,NULL); + + return offset; +} + +static int +winreg_dissect_element_QueryInfoKey_max_valbufsize(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_QueryInfoKey_max_valbufsize,NULL); + + return offset; +} + +static int +winreg_dissect_element_QueryInfoKey_secdescsize(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_QueryInfoKey_secdescsize,NULL); + + return offset; +} + +static int +winreg_dissect_element_QueryInfoKey_last_changed_time(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_nt_NTTIME(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_QueryInfoKey_last_changed_time); + + return offset; +} + +/* IDL: WERROR winreg_QueryInfoKey( */ +/* IDL: [in] [ref] policy_handle *handle, */ +/* IDL: [in] winreg_String class, */ +/* IDL: [out] winreg_String class, */ +/* IDL: [out] uint32 num_subkeys, */ +/* IDL: [out] uint32 max_subkeylen, */ +/* IDL: [out] uint32 max_subkeysize, */ +/* IDL: [out] uint32 num_values, */ +/* IDL: [out] uint32 max_valnamelen, */ +/* IDL: [out] uint32 max_valbufsize, */ +/* IDL: [out] uint32 secdescsize, */ +/* IDL: [out] NTTIME last_changed_time */ +/* IDL: ); */ + +static int +winreg_dissect_QueryInfoKey_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_QueryInfoKey_class(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = winreg_dissect_element_QueryInfoKey_num_subkeys(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = winreg_dissect_element_QueryInfoKey_max_subkeylen(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = winreg_dissect_element_QueryInfoKey_max_subkeysize(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = winreg_dissect_element_QueryInfoKey_num_values(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = winreg_dissect_element_QueryInfoKey_max_valnamelen(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = winreg_dissect_element_QueryInfoKey_max_valbufsize(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = winreg_dissect_element_QueryInfoKey_secdescsize(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = winreg_dissect_element_QueryInfoKey_last_changed_time(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_QueryInfoKey_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_QueryInfoKey_handle(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_QueryInfoKey_class(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + return offset; +} + +static int +winreg_dissect_element_QueryValue_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_QueryValue_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_winreg_winreg_QueryValue_handle); + + return offset; +} + +static int +winreg_dissect_element_QueryValue_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_QueryValue_handle, NULL, NULL, 0&0x01, 0&0x02); + + return offset; +} + +static int +winreg_dissect_element_QueryValue_value_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = winreg_dissect_struct_String(tvb,offset,pinfo,tree,drep,hf_winreg_winreg_QueryValue_value_name,0); + + return offset; +} + +static int +winreg_dissect_element_QueryValue_type(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_QueryValue_type_, NDR_POINTER_UNIQUE, "Pointer to Type (winreg_Type)",hf_winreg_winreg_QueryValue_type); + + return offset; +} + +static int +winreg_dissect_element_QueryValue_type_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = winreg_dissect_enum_Type(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_QueryValue_type, 0); + + return offset; +} + +static int +winreg_dissect_element_QueryValue_data(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_QueryValue_data_, NDR_POINTER_UNIQUE, "Pointer to Data (uint8)",hf_winreg_winreg_QueryValue_data); + + return offset; +} + +static int +winreg_dissect_element_QueryValue_data_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep, winreg_dissect_element_QueryValue_data__); + + return offset; +} + +static int +winreg_dissect_element_QueryValue_data__(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_QueryValue_data,NULL); + + return offset; +} + +static int +winreg_dissect_element_QueryValue_size(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_QueryValue_size_, NDR_POINTER_UNIQUE, "Pointer to Size (uint32)",hf_winreg_winreg_QueryValue_size); + + return offset; +} + +static int +winreg_dissect_element_QueryValue_size_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_QueryValue_size,NULL); + + return offset; +} + +static int +winreg_dissect_element_QueryValue_length(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_QueryValue_length_, NDR_POINTER_UNIQUE, "Pointer to Length (uint32)",hf_winreg_winreg_QueryValue_length); + + return offset; +} + +static int +winreg_dissect_element_QueryValue_length_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_QueryValue_length,NULL); + + return offset; +} + +/* IDL: WERROR winreg_QueryValue( */ +/* IDL: [in] [ref] policy_handle *handle, */ +/* IDL: [in] winreg_String value_name, */ +/* IDL: [unique(1)] [out] [in] winreg_Type *type, */ +/* IDL: [unique(1)] [out] [in] [length_is(*length)] [size_is(*size)] uint8 *data, */ +/* IDL: [unique(1)] [out] [in] uint32 *size, */ +/* IDL: [unique(1)] [out] [in] uint32 *length */ +/* IDL: ); */ + +static int +winreg_dissect_QueryValue_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_QueryValue_type(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = winreg_dissect_element_QueryValue_data(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = winreg_dissect_element_QueryValue_size(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = winreg_dissect_element_QueryValue_length(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_QueryValue_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_QueryValue_handle(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_QueryValue_value_name(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_QueryValue_type(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_QueryValue_data(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_QueryValue_size(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_QueryValue_length(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + return offset; +} + +/* IDL: WERROR winreg_ReplaceKey( */ +/* IDL: */ +/* IDL: ); */ + +static int +winreg_dissect_ReplaceKey_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_ReplaceKey_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + return offset; +} + +/* IDL: WERROR winreg_RestoreKey( */ +/* IDL: */ +/* IDL: ); */ + +static int +winreg_dissect_RestoreKey_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_RestoreKey_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + return offset; +} + +/* IDL: WERROR winreg_SaveKey( */ +/* IDL: */ +/* IDL: ); */ + +static int +winreg_dissect_SaveKey_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_SaveKey_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + return offset; +} + +static int +winreg_dissect_element_SetKeySecurity_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_SetKeySecurity_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_winreg_winreg_SetKeySecurity_handle); + + return offset; +} + +static int +winreg_dissect_element_SetKeySecurity_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_SetKeySecurity_handle, NULL, NULL, 0&0x01, 0&0x02); + + return offset; +} + +static int +winreg_dissect_element_SetKeySecurity_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_SetKeySecurity_access_mask,NULL); + + return offset; +} + +static int +winreg_dissect_element_SetKeySecurity_data(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_SetKeySecurity_data_, NDR_POINTER_REF, "Pointer to Data (KeySecurityData)",hf_winreg_winreg_SetKeySecurity_data); + + return offset; +} + +static int +winreg_dissect_element_SetKeySecurity_data_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = winreg_dissect_struct_KeySecurityData(tvb,offset,pinfo,tree,drep,hf_winreg_winreg_SetKeySecurity_data,0); + + return offset; +} + +/* IDL: WERROR winreg_SetKeySecurity( */ +/* IDL: [in] [ref] policy_handle *handle, */ +/* IDL: [in] uint32 access_mask, */ +/* IDL: [out] [in] [ref] KeySecurityData *data */ +/* IDL: ); */ + +static int +winreg_dissect_SetKeySecurity_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_SetKeySecurity_data(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_SetKeySecurity_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_SetKeySecurity_handle(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_SetKeySecurity_access_mask(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_SetKeySecurity_data(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + return offset; +} + +static int +winreg_dissect_element_SetValue_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_SetValue_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_winreg_winreg_SetValue_handle); + + return offset; +} + +static int +winreg_dissect_element_SetValue_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_SetValue_handle, NULL, NULL, 0&0x01, 0&0x02); + + return offset; +} + +static int +winreg_dissect_element_SetValue_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = winreg_dissect_struct_String(tvb,offset,pinfo,tree,drep,hf_winreg_winreg_SetValue_name,0); + + return offset; +} + +static int +winreg_dissect_element_SetValue_type(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = winreg_dissect_enum_Type(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_SetValue_type, 0); + + return offset; +} + +static int +winreg_dissect_element_SetValue_data(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_SetValue_data_, NDR_POINTER_REF, "Pointer to Data (uint8)",hf_winreg_winreg_SetValue_data); + + return offset; +} + +static int +winreg_dissect_element_SetValue_data_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, drep, winreg_dissect_element_SetValue_data__); + + return offset; +} + +static int +winreg_dissect_element_SetValue_data__(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_SetValue_data,NULL); + + return offset; +} + +static int +winreg_dissect_element_SetValue_size(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_SetValue_size,NULL); + + return offset; +} + +/* IDL: WERROR winreg_SetValue( */ +/* IDL: [in] [ref] policy_handle *handle, */ +/* IDL: [in] winreg_String name, */ +/* IDL: [in] winreg_Type type, */ +/* IDL: [in] [ref] [size_is(size)] uint8 *data, */ +/* IDL: [in] uint32 size */ +/* IDL: ); */ + +static int +winreg_dissect_SetValue_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_SetValue_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_SetValue_handle(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_SetValue_name(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_SetValue_type(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_SetValue_data(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_SetValue_size(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + return offset; +} + +/* IDL: WERROR winreg_UnLoadKey( */ +/* IDL: */ +/* IDL: ); */ + +static int +winreg_dissect_UnLoadKey_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_UnLoadKey_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + return offset; +} + +static int +winreg_dissect_element_InitiateSystemShutdown_hostname(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_InitiateSystemShutdown_hostname_, NDR_POINTER_UNIQUE, "Pointer to Hostname (uint16)",hf_winreg_winreg_InitiateSystemShutdown_hostname); + + return offset; +} + +static int +winreg_dissect_element_InitiateSystemShutdown_hostname_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_InitiateSystemShutdown_hostname,NULL); + + return offset; +} + +static int +winreg_dissect_element_InitiateSystemShutdown_message(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_InitiateSystemShutdown_message_, NDR_POINTER_UNIQUE, "Pointer to Message (initshutdown_String)",hf_winreg_winreg_InitiateSystemShutdown_message); + + return offset; +} + +static int +winreg_dissect_element_InitiateSystemShutdown_message_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = initshutdown_dissect_struct_String(tvb,offset,pinfo,tree,drep,hf_winreg_winreg_InitiateSystemShutdown_message,0); + + return offset; +} + +static int +winreg_dissect_element_InitiateSystemShutdown_timeout(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_InitiateSystemShutdown_timeout,NULL); + + return offset; +} + +static int +winreg_dissect_element_InitiateSystemShutdown_force_apps(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_InitiateSystemShutdown_force_apps,NULL); + + return offset; +} + +static int +winreg_dissect_element_InitiateSystemShutdown_reboot(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_InitiateSystemShutdown_reboot,NULL); + + return offset; +} + +/* IDL: WERROR winreg_InitiateSystemShutdown( */ +/* IDL: [unique(1)] [in] uint16 *hostname, */ +/* IDL: [unique(1)] [in] initshutdown_String *message, */ +/* IDL: [in] uint32 timeout, */ +/* IDL: [in] uint8 force_apps, */ +/* IDL: [in] uint8 reboot */ +/* IDL: ); */ + +static int +winreg_dissect_InitiateSystemShutdown_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_InitiateSystemShutdown_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_InitiateSystemShutdown_hostname(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_InitiateSystemShutdown_message(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_InitiateSystemShutdown_timeout(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_InitiateSystemShutdown_force_apps(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_InitiateSystemShutdown_reboot(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + return offset; +} + +static int +winreg_dissect_element_AbortSystemShutdown_server(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_AbortSystemShutdown_server_, NDR_POINTER_UNIQUE, "Pointer to Server (uint16)",hf_winreg_winreg_AbortSystemShutdown_server); + + return offset; +} + +static int +winreg_dissect_element_AbortSystemShutdown_server_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_AbortSystemShutdown_server,NULL); + + return offset; +} + +/* IDL: WERROR winreg_AbortSystemShutdown( */ +/* IDL: [unique(1)] [in] uint16 *server */ +/* IDL: ); */ + +static int +winreg_dissect_AbortSystemShutdown_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_AbortSystemShutdown_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_AbortSystemShutdown_server(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + return offset; +} + +static int +winreg_dissect_element_GetVersion_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_GetVersion_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_winreg_winreg_GetVersion_handle); + + return offset; +} + +static int +winreg_dissect_element_GetVersion_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_GetVersion_handle, NULL, NULL, 0&0x01, 0&0x02); + + return offset; +} + +static int +winreg_dissect_element_GetVersion_version(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_GetVersion_version,NULL); + + return offset; +} + +/* IDL: WERROR winreg_GetVersion( */ +/* IDL: [in] [ref] policy_handle *handle, */ +/* IDL: [out] uint32 version */ +/* IDL: ); */ + +static int +winreg_dissect_GetVersion_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_GetVersion_version(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_GetVersion_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_GetVersion_handle(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + return offset; +} + +static int +winreg_dissect_element_OpenHKCC_system_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_OpenHKCC_system_name_, NDR_POINTER_UNIQUE, "Pointer to System Name (uint16)",hf_winreg_winreg_OpenHKCC_system_name); + + return offset; +} + +static int +winreg_dissect_element_OpenHKCC_system_name_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKCC_system_name,NULL); + + return offset; +} + +static int +winreg_dissect_element_OpenHKCC_access_required(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKCC_access_required,NULL); + + return offset; +} + +static int +winreg_dissect_element_OpenHKCC_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_OpenHKCC_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_winreg_winreg_OpenHKCC_handle); + + return offset; +} + +static int +winreg_dissect_element_OpenHKCC_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKCC_handle, NULL, NULL, 0&0x01, 0&0x02); + + return offset; +} + +/* IDL: WERROR winreg_OpenHKCC( */ +/* IDL: [unique(1)] [in] uint16 *system_name, */ +/* IDL: [in] uint32 access_required, */ +/* IDL: [out] [ref] policy_handle *handle */ +/* IDL: ); */ + +static int +winreg_dissect_OpenHKCC_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_OpenHKCC_handle(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_OpenHKCC_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_OpenHKCC_system_name(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_OpenHKCC_access_required(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + return offset; +} + +static int +winreg_dissect_element_OpenHKDD_system_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_OpenHKDD_system_name_, NDR_POINTER_UNIQUE, "Pointer to System Name (uint16)",hf_winreg_winreg_OpenHKDD_system_name); + + return offset; +} + +static int +winreg_dissect_element_OpenHKDD_system_name_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKDD_system_name,NULL); + + return offset; +} + +static int +winreg_dissect_element_OpenHKDD_access_required(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKDD_access_required,NULL); + + return offset; +} + +static int +winreg_dissect_element_OpenHKDD_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_OpenHKDD_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_winreg_winreg_OpenHKDD_handle); + + return offset; +} + +static int +winreg_dissect_element_OpenHKDD_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKDD_handle, NULL, NULL, 0&0x01, 0&0x02); + + return offset; +} + +/* IDL: WERROR winreg_OpenHKDD( */ +/* IDL: [unique(1)] [in] uint16 *system_name, */ +/* IDL: [in] uint32 access_required, */ +/* IDL: [out] [ref] policy_handle *handle */ +/* IDL: ); */ + +static int +winreg_dissect_OpenHKDD_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_OpenHKDD_handle(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_OpenHKDD_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_OpenHKDD_system_name(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_OpenHKDD_access_required(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + return offset; +} + +static int +winreg_dissect_element_QueryMultipleValues_key_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_QueryMultipleValues_key_handle_, NDR_POINTER_REF, "Pointer to Key Handle (policy_handle)",hf_winreg_winreg_QueryMultipleValues_key_handle); + + return offset; +} + +static int +winreg_dissect_element_QueryMultipleValues_key_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_QueryMultipleValues_key_handle, NULL, NULL, 0&0x01, 0&0x02); + + return offset; +} + +static int +winreg_dissect_element_QueryMultipleValues_values(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_QueryMultipleValues_values_, NDR_POINTER_REF, "Pointer to Values (QueryMultipleValue)",hf_winreg_winreg_QueryMultipleValues_values); + + return offset; +} + +static int +winreg_dissect_element_QueryMultipleValues_values_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep, winreg_dissect_element_QueryMultipleValues_values__); + + return offset; +} + +static int +winreg_dissect_element_QueryMultipleValues_values__(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = winreg_dissect_struct_QueryMultipleValue(tvb,offset,pinfo,tree,drep,hf_winreg_winreg_QueryMultipleValues_values,0); + + return offset; +} + +static int +winreg_dissect_element_QueryMultipleValues_num_values(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_QueryMultipleValues_num_values,NULL); + + return offset; +} + +static int +winreg_dissect_element_QueryMultipleValues_buffer(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_QueryMultipleValues_buffer_, NDR_POINTER_UNIQUE, "Pointer to Buffer (uint8)",hf_winreg_winreg_QueryMultipleValues_buffer); + + return offset; +} + +static int +winreg_dissect_element_QueryMultipleValues_buffer_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_ucvarray(tvb, offset, pinfo, tree, drep, winreg_dissect_element_QueryMultipleValues_buffer__); + + return offset; +} + +static int +winreg_dissect_element_QueryMultipleValues_buffer__(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_QueryMultipleValues_buffer,NULL); + + return offset; +} + +static int +winreg_dissect_element_QueryMultipleValues_buffer_size(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_QueryMultipleValues_buffer_size_, NDR_POINTER_REF, "Pointer to Buffer Size (uint32)",hf_winreg_winreg_QueryMultipleValues_buffer_size); + + return offset; +} + +static int +winreg_dissect_element_QueryMultipleValues_buffer_size_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_QueryMultipleValues_buffer_size,NULL); + + return offset; +} + +/* IDL: WERROR winreg_QueryMultipleValues( */ +/* IDL: [in] [ref] policy_handle *key_handle, */ +/* IDL: [out] [in] [ref] [length_is(num_values)] [size_is(num_values)] QueryMultipleValue *values, */ +/* IDL: [in] uint32 num_values, */ +/* IDL: [unique(1)] [out] [in] [length_is(*buffer_size)] [size_is(*buffer_size)] uint8 *buffer, */ +/* IDL: [out] [in] [ref] uint32 *buffer_size */ +/* IDL: ); */ + +static int +winreg_dissect_QueryMultipleValues_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_QueryMultipleValues_values(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = winreg_dissect_element_QueryMultipleValues_buffer(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = winreg_dissect_element_QueryMultipleValues_buffer_size(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_QueryMultipleValues_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_QueryMultipleValues_key_handle(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_QueryMultipleValues_values(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_QueryMultipleValues_num_values(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_QueryMultipleValues_buffer(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_QueryMultipleValues_buffer_size(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + return offset; +} + +static int +winreg_dissect_element_InitiateSystemShutdownEx_hostname(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_InitiateSystemShutdownEx_hostname_, NDR_POINTER_UNIQUE, "Pointer to Hostname (uint16)",hf_winreg_winreg_InitiateSystemShutdownEx_hostname); + + return offset; +} + +static int +winreg_dissect_element_InitiateSystemShutdownEx_hostname_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_InitiateSystemShutdownEx_hostname,NULL); + + return offset; +} + +static int +winreg_dissect_element_InitiateSystemShutdownEx_message(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_InitiateSystemShutdownEx_message_, NDR_POINTER_UNIQUE, "Pointer to Message (initshutdown_String)",hf_winreg_winreg_InitiateSystemShutdownEx_message); + + return offset; +} + +static int +winreg_dissect_element_InitiateSystemShutdownEx_message_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = initshutdown_dissect_struct_String(tvb,offset,pinfo,tree,drep,hf_winreg_winreg_InitiateSystemShutdownEx_message,0); + + return offset; +} + +static int +winreg_dissect_element_InitiateSystemShutdownEx_timeout(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_InitiateSystemShutdownEx_timeout,NULL); + + return offset; +} + +static int +winreg_dissect_element_InitiateSystemShutdownEx_force_apps(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_InitiateSystemShutdownEx_force_apps,NULL); + + return offset; +} + +static int +winreg_dissect_element_InitiateSystemShutdownEx_reboot(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint8(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_InitiateSystemShutdownEx_reboot,NULL); + + return offset; +} + +static int +winreg_dissect_element_InitiateSystemShutdownEx_reason(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_InitiateSystemShutdownEx_reason,NULL); + + return offset; +} + +/* IDL: WERROR winreg_InitiateSystemShutdownEx( */ +/* IDL: [unique(1)] [in] uint16 *hostname, */ +/* IDL: [unique(1)] [in] initshutdown_String *message, */ +/* IDL: [in] uint32 timeout, */ +/* IDL: [in] uint8 force_apps, */ +/* IDL: [in] uint8 reboot, */ +/* IDL: [in] uint32 reason */ +/* IDL: ); */ + +static int +winreg_dissect_InitiateSystemShutdownEx_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_InitiateSystemShutdownEx_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_InitiateSystemShutdownEx_hostname(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_InitiateSystemShutdownEx_message(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_InitiateSystemShutdownEx_timeout(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_InitiateSystemShutdownEx_force_apps(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_InitiateSystemShutdownEx_reboot(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_InitiateSystemShutdownEx_reason(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + return offset; +} + +/* IDL: WERROR winreg_SaveKeyEx( */ +/* IDL: */ +/* IDL: ); */ + +static int +winreg_dissect_SaveKeyEx_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_SaveKeyEx_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + return offset; +} + +static int +winreg_dissect_element_OpenHKPT_system_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_OpenHKPT_system_name_, NDR_POINTER_UNIQUE, "Pointer to System Name (uint16)",hf_winreg_winreg_OpenHKPT_system_name); + + return offset; +} + +static int +winreg_dissect_element_OpenHKPT_system_name_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKPT_system_name,NULL); + + return offset; +} + +static int +winreg_dissect_element_OpenHKPT_access_required(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKPT_access_required,NULL); + + return offset; +} + +static int +winreg_dissect_element_OpenHKPT_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_OpenHKPT_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_winreg_winreg_OpenHKPT_handle); + + return offset; +} + +static int +winreg_dissect_element_OpenHKPT_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKPT_handle, NULL, NULL, 0&0x01, 0&0x02); + + return offset; +} + +/* IDL: WERROR winreg_OpenHKPT( */ +/* IDL: [unique(1)] [in] uint16 *system_name, */ +/* IDL: [in] uint32 access_required, */ +/* IDL: [out] [ref] policy_handle *handle */ +/* IDL: ); */ + +static int +winreg_dissect_OpenHKPT_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_OpenHKPT_handle(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_OpenHKPT_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_OpenHKPT_system_name(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_OpenHKPT_access_required(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + return offset; +} + +static int +winreg_dissect_element_OpenHKPN_system_name(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_OpenHKPN_system_name_, NDR_POINTER_UNIQUE, "Pointer to System Name (uint16)",hf_winreg_winreg_OpenHKPN_system_name); + + return offset; +} + +static int +winreg_dissect_element_OpenHKPN_system_name_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKPN_system_name,NULL); + + return offset; +} + +static int +winreg_dissect_element_OpenHKPN_access_required(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKPN_access_required,NULL); + + return offset; +} + +static int +winreg_dissect_element_OpenHKPN_handle(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, drep, winreg_dissect_element_OpenHKPN_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_winreg_winreg_OpenHKPN_handle); + + return offset; +} + +static int +winreg_dissect_element_OpenHKPN_handle_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) +{ + offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_winreg_winreg_OpenHKPN_handle, NULL, NULL, 0&0x01, 0&0x02); + + return offset; +} + +/* IDL: WERROR winreg_OpenHKPN( */ +/* IDL: [unique(1)] [in] uint16 *system_name, */ +/* IDL: [in] uint32 access_required, */ +/* IDL: [out] [ref] policy_handle *handle */ +/* IDL: ); */ + +static int +winreg_dissect_OpenHKPN_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_OpenHKPN_handle(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_OpenHKPN_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = winreg_dissect_element_OpenHKPN_system_name(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + offset = winreg_dissect_element_OpenHKPN_access_required(tvb, offset, pinfo, tree, drep); + offset = dissect_deferred_pointers(pinfo, tvb, offset, drep); + return offset; +} + +/* IDL: WERROR winreg_QueryMultipleValues2( */ +/* IDL: */ +/* IDL: ); */ + +static int +winreg_dissect_QueryMultipleValues2_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_winreg_werror, NULL); + return offset; +} + +static int +winreg_dissect_QueryMultipleValues2_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) +{ + return offset; +} + + +static dcerpc_sub_dissector winreg_dissectors[] = { + { 0, "OpenHKCR", + winreg_dissect_OpenHKCR_request, winreg_dissect_OpenHKCR_response}, + { 1, "OpenHKCU", + winreg_dissect_OpenHKCU_request, winreg_dissect_OpenHKCU_response}, + { 2, "OpenHKLM", + winreg_dissect_OpenHKLM_request, winreg_dissect_OpenHKLM_response}, + { 3, "OpenHKPD", + winreg_dissect_OpenHKPD_request, winreg_dissect_OpenHKPD_response}, + { 4, "OpenHKU", + winreg_dissect_OpenHKU_request, winreg_dissect_OpenHKU_response}, + { 5, "CloseKey", + winreg_dissect_CloseKey_request, winreg_dissect_CloseKey_response}, + { 6, "CreateKey", + winreg_dissect_CreateKey_request, winreg_dissect_CreateKey_response}, + { 7, "DeleteKey", + winreg_dissect_DeleteKey_request, winreg_dissect_DeleteKey_response}, + { 8, "DeleteValue", + winreg_dissect_DeleteValue_request, winreg_dissect_DeleteValue_response}, + { 9, "EnumKey", + winreg_dissect_EnumKey_request, winreg_dissect_EnumKey_response}, + { 10, "EnumValue", + winreg_dissect_EnumValue_request, winreg_dissect_EnumValue_response}, + { 11, "FlushKey", + winreg_dissect_FlushKey_request, winreg_dissect_FlushKey_response}, + { 12, "GetKeySecurity", + winreg_dissect_GetKeySecurity_request, winreg_dissect_GetKeySecurity_response}, + { 13, "LoadKey", + winreg_dissect_LoadKey_request, winreg_dissect_LoadKey_response}, + { 14, "NotifyChangeKeyValue", + winreg_dissect_NotifyChangeKeyValue_request, winreg_dissect_NotifyChangeKeyValue_response}, + { 15, "OpenKey", + winreg_dissect_OpenKey_request, winreg_dissect_OpenKey_response}, + { 16, "QueryInfoKey", + winreg_dissect_QueryInfoKey_request, winreg_dissect_QueryInfoKey_response}, + { 17, "QueryValue", + winreg_dissect_QueryValue_request, winreg_dissect_QueryValue_response}, + { 18, "ReplaceKey", + winreg_dissect_ReplaceKey_request, winreg_dissect_ReplaceKey_response}, + { 19, "RestoreKey", + winreg_dissect_RestoreKey_request, winreg_dissect_RestoreKey_response}, + { 20, "SaveKey", + winreg_dissect_SaveKey_request, winreg_dissect_SaveKey_response}, + { 21, "SetKeySecurity", + winreg_dissect_SetKeySecurity_request, winreg_dissect_SetKeySecurity_response}, + { 22, "SetValue", + winreg_dissect_SetValue_request, winreg_dissect_SetValue_response}, + { 23, "UnLoadKey", + winreg_dissect_UnLoadKey_request, winreg_dissect_UnLoadKey_response}, + { 24, "InitiateSystemShutdown", + winreg_dissect_InitiateSystemShutdown_request, winreg_dissect_InitiateSystemShutdown_response}, + { 25, "AbortSystemShutdown", + winreg_dissect_AbortSystemShutdown_request, winreg_dissect_AbortSystemShutdown_response}, + { 26, "GetVersion", + winreg_dissect_GetVersion_request, winreg_dissect_GetVersion_response}, + { 27, "OpenHKCC", + winreg_dissect_OpenHKCC_request, winreg_dissect_OpenHKCC_response}, + { 28, "OpenHKDD", + winreg_dissect_OpenHKDD_request, winreg_dissect_OpenHKDD_response}, + { 29, "QueryMultipleValues", + winreg_dissect_QueryMultipleValues_request, winreg_dissect_QueryMultipleValues_response}, + { 30, "InitiateSystemShutdownEx", + winreg_dissect_InitiateSystemShutdownEx_request, winreg_dissect_InitiateSystemShutdownEx_response}, + { 31, "SaveKeyEx", + winreg_dissect_SaveKeyEx_request, winreg_dissect_SaveKeyEx_response}, + { 32, "OpenHKPT", + winreg_dissect_OpenHKPT_request, winreg_dissect_OpenHKPT_response}, + { 33, "OpenHKPN", + winreg_dissect_OpenHKPN_request, winreg_dissect_OpenHKPN_response}, + { 34, "QueryMultipleValues2", + winreg_dissect_QueryMultipleValues2_request, winreg_dissect_QueryMultipleValues2_response}, + { 0, NULL, NULL, NULL } +}; + +void proto_register_dcerpc_winreg(void) +{ + static hf_register_info hf[] = { + { &hf_winreg_winreg_OpenHKCC_access_required, + { "Access Required", "winreg.winreg_OpenHKCC.access_required", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_NotifyChangeKeyValue_string2, + { "String2", "winreg.winreg_NotifyChangeKeyValue.string2", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_InitiateSystemShutdown_message, + { "Message", "winreg.winreg_InitiateSystemShutdown.message", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_String_name, + { "Name", "winreg.winreg_String.name", FT_STRING, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_InitiateSystemShutdownEx_message, + { "Message", "winreg.winreg_InitiateSystemShutdownEx.message", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_InitiateSystemShutdown_reboot, + { "Reboot", "winreg.winreg_InitiateSystemShutdown.reboot", FT_UINT8, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_OpenHKPN_access_required, + { "Access Required", "winreg.winreg_OpenHKPN.access_required", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_EnumValue_enum_index, + { "Enum Index", "winreg.winreg_EnumValue.enum_index", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_CreateKey_options, + { "Options", "winreg.winreg_CreateKey.options", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_InitiateSystemShutdownEx_timeout, + { "Timeout", "winreg.winreg_InitiateSystemShutdownEx.timeout", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_QueryValue_size, + { "Size", "winreg.winreg_QueryValue.size", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_QueryInfoKey_max_valnamelen, + { "Max Valnamelen", "winreg.winreg_QueryInfoKey.max_valnamelen", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_SecBuf_length, + { "Length", "winreg.winreg_SecBuf.length", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_InitiateSystemShutdownEx_reboot, + { "Reboot", "winreg.winreg_InitiateSystemShutdownEx.reboot", FT_UINT8, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_OpenHKCC_handle, + { "Handle", "winreg.winreg_OpenHKCC.handle", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_QueryMultipleValues_buffer_size, + { "Buffer Size", "winreg.winreg_QueryMultipleValues.buffer_size", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_OpenHKCU_handle, + { "Handle", "winreg.winreg_OpenHKCU.handle", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_CreateKey_new_handle, + { "New Handle", "winreg.winreg_CreateKey.new_handle", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_OpenHKPT_handle, + { "Handle", "winreg.winreg_OpenHKPT.handle", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_EnumKey_class, + { "Class", "winreg.winreg_EnumKey.class", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_GetKeySecurity_handle, + { "Handle", "winreg.winreg_GetKeySecurity.handle", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_OpenHKCR_handle, + { "Handle", "winreg.winreg_OpenHKCR.handle", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_OpenHKLM_access_required, + { "Access Required", "winreg.winreg_OpenHKLM.access_required", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_OpenHKPN_system_name, + { "System Name", "winreg.winreg_OpenHKPN.system_name", FT_UINT16, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_OpenHKU_access_required, + { "Access Required", "winreg.winreg_OpenHKU.access_required", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_QueryMultipleValue_name, + { "Name", "winreg.QueryMultipleValue.name", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_GetKeySecurity_sec_info, + { "Sec Info", "winreg.winreg_GetKeySecurity.sec_info", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_StringBuf_size, + { "Size", "winreg.winreg_StringBuf.size", FT_UINT16, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_OpenHKCR_access_required, + { "Access Required", "winreg.winreg_OpenHKCR.access_required", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_SecBuf_sd, + { "Sd", "winreg.winreg_SecBuf.sd", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_CreateKey_class, + { "Class", "winreg.winreg_CreateKey.class", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_QueryInfoKey_secdescsize, + { "Secdescsize", "winreg.winreg_QueryInfoKey.secdescsize", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_SetValue_name, + { "Name", "winreg.winreg_SetValue.name", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_OpenHKPT_system_name, + { "System Name", "winreg.winreg_OpenHKPT.system_name", FT_UINT16, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_CreateKey_secdesc, + { "Secdesc", "winreg.winreg_CreateKey.secdesc", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_InitiateSystemShutdownEx_force_apps, + { "Force Apps", "winreg.winreg_InitiateSystemShutdownEx.force_apps", FT_UINT8, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_SetValue_type, + { "Type", "winreg.winreg_SetValue.type", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_EnumValue_handle, + { "Handle", "winreg.winreg_EnumValue.handle", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_DeleteValue_handle, + { "Handle", "winreg.winreg_DeleteValue.handle", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_opnum, + { "Operation", "winreg.opnum", FT_UINT16, BASE_DEC, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_EnumValue_name, + { "Name", "winreg.winreg_EnumValue.name", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_LoadKey_filename, + { "Filename", "winreg.winreg_LoadKey.filename", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_DeleteValue_value, + { "Value", "winreg.winreg_DeleteValue.value", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_OpenHKCU_access_required, + { "Access Required", "winreg.winreg_OpenHKCU.access_required", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_NotifyChangeKeyValue_handle, + { "Handle", "winreg.winreg_NotifyChangeKeyValue.handle", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_OpenHKDD_handle, + { "Handle", "winreg.winreg_OpenHKDD.handle", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_QueryInfoKey_num_subkeys, + { "Num Subkeys", "winreg.winreg_QueryInfoKey.num_subkeys", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_QueryInfoKey_last_changed_time, + { "Last Changed Time", "winreg.winreg_QueryInfoKey.last_changed_time", FT_ABSOLUTE_TIME, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_AbortSystemShutdown_server, + { "Server", "winreg.winreg_AbortSystemShutdown.server", FT_UINT16, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_QueryValue_type, + { "Type", "winreg.winreg_QueryValue.type", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_CloseKey_handle, + { "Handle", "winreg.winreg_CloseKey.handle", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_OpenHKU_system_name, + { "System Name", "winreg.winreg_OpenHKU.system_name", FT_UINT16, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_OpenHKDD_system_name, + { "System Name", "winreg.winreg_OpenHKDD.system_name", FT_UINT16, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_DeleteKey_handle, + { "Handle", "winreg.winreg_DeleteKey.handle", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_SecBuf_inherit, + { "Inherit", "winreg.winreg_SecBuf.inherit", FT_UINT8, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_SetValue_size, + { "Size", "winreg.winreg_SetValue.size", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_QueryMultipleValues_values, + { "Values", "winreg.winreg_QueryMultipleValues.values", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_OpenHKCC_system_name, + { "System Name", "winreg.winreg_OpenHKCC.system_name", FT_UINT16, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_GetVersion_version, + { "Version", "winreg.winreg_GetVersion.version", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_CreateKey_action_taken, + { "Action Taken", "winreg.winreg_CreateKey.action_taken", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_QueryInfoKey_num_values, + { "Num Values", "winreg.winreg_QueryInfoKey.num_values", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_SetKeySecurity_data, + { "Data", "winreg.winreg_SetKeySecurity.data", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_EnumKey_enum_index, + { "Enum Index", "winreg.winreg_EnumKey.enum_index", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_SetValue_data, + { "Data", "winreg.winreg_SetValue.data", FT_UINT8, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_InitiateSystemShutdown_force_apps, + { "Force Apps", "winreg.winreg_InitiateSystemShutdown.force_apps", FT_UINT8, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_NotifyChangeKeyValue_string1, + { "String1", "winreg.winreg_NotifyChangeKeyValue.string1", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_QueryMultipleValues_buffer, + { "Buffer", "winreg.winreg_QueryMultipleValues.buffer", FT_UINT8, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_SetValue_handle, + { "Handle", "winreg.winreg_SetValue.handle", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_CreateKey_access_required, + { "Access Required", "winreg.winreg_CreateKey.access_required", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_NotifyChangeKeyValue_notify_filter, + { "Notify Filter", "winreg.winreg_NotifyChangeKeyValue.notify_filter", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_OpenHKCU_system_name, + { "System Name", "winreg.winreg_OpenHKCU.system_name", FT_UINT16, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_KeySecurityData_size, + { "Size", "winreg.KeySecurityData.size", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_OpenHKU_handle, + { "Handle", "winreg.winreg_OpenHKU.handle", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_OpenHKPD_handle, + { "Handle", "winreg.winreg_OpenHKPD.handle", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_EnumKey_name, + { "Name", "winreg.winreg_EnumKey.name", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_LoadKey_keyname, + { "Keyname", "winreg.winreg_LoadKey.keyname", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_QueryMultipleValues_key_handle, + { "Key Handle", "winreg.winreg_QueryMultipleValues.key_handle", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_EnumValue_type, + { "Type", "winreg.winreg_EnumValue.type", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_EnumKey_last_changed_time, + { "Last Changed Time", "winreg.winreg_EnumKey.last_changed_time", FT_ABSOLUTE_TIME, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_GetVersion_handle, + { "Handle", "winreg.winreg_GetVersion.handle", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_EnumValue_size, + { "Size", "winreg.winreg_EnumValue.size", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_OpenKey_handle, + { "Handle", "winreg.winreg_OpenKey.handle", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_OpenHKPN_handle, + { "Handle", "winreg.winreg_OpenHKPN.handle", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_QueryValue_data, + { "Data", "winreg.winreg_QueryValue.data", FT_UINT8, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_QueryInfoKey_max_subkeysize, + { "Max Subkeysize", "winreg.winreg_QueryInfoKey.max_subkeysize", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_OpenHKPD_system_name, + { "System Name", "winreg.winreg_OpenHKPD.system_name", FT_UINT16, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_InitiateSystemShutdown_hostname, + { "Hostname", "winreg.winreg_InitiateSystemShutdown.hostname", FT_UINT16, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_KeySecurityData_data, + { "Data", "winreg.KeySecurityData.data", FT_UINT8, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_OpenKey_access_mask, + { "Access Mask", "winreg.winreg_OpenKey.access_mask", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_QueryValue_handle, + { "Handle", "winreg.winreg_QueryValue.handle", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_OpenKey_keyname, + { "Keyname", "winreg.winreg_OpenKey.keyname", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_QueryMultipleValue_type, + { "Type", "winreg.QueryMultipleValue.type", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_NotifyChangeKeyValue_watch_subtree, + { "Watch Subtree", "winreg.winreg_NotifyChangeKeyValue.watch_subtree", FT_UINT8, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_SetKeySecurity_handle, + { "Handle", "winreg.winreg_SetKeySecurity.handle", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_OpenHKDD_access_required, + { "Access Required", "winreg.winreg_OpenHKDD.access_required", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_KeySecurityData_len, + { "Len", "winreg.KeySecurityData.len", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_CreateKey_name, + { "Name", "winreg.winreg_CreateKey.name", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_OpenHKPD_access_required, + { "Access Required", "winreg.winreg_OpenHKPD.access_required", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_String_name_len, + { "Name Len", "winreg.winreg_String.name_len", FT_UINT16, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_DeleteKey_key, + { "Key", "winreg.winreg_DeleteKey.key", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_QueryMultipleValue_length, + { "Length", "winreg.QueryMultipleValue.length", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_OpenHKPT_access_required, + { "Access Required", "winreg.winreg_OpenHKPT.access_required", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_QueryMultipleValues_num_values, + { "Num Values", "winreg.winreg_QueryMultipleValues.num_values", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_QueryInfoKey_handle, + { "Handle", "winreg.winreg_QueryInfoKey.handle", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_StringBuf_name, + { "Name", "winreg.winreg_StringBuf.name", FT_UINT16, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_NotifyChangeKeyValue_unknown2, + { "Unknown2", "winreg.winreg_NotifyChangeKeyValue.unknown2", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_FlushKey_handle, + { "Handle", "winreg.winreg_FlushKey.handle", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_OpenHKLM_system_name, + { "System Name", "winreg.winreg_OpenHKLM.system_name", FT_UINT16, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_CreateKey_handle, + { "Handle", "winreg.winreg_CreateKey.handle", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_StringBuf_length, + { "Length", "winreg.winreg_StringBuf.length", FT_UINT16, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_OpenHKCR_system_name, + { "System Name", "winreg.winreg_OpenHKCR.system_name", FT_UINT16, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_OpenHKLM_handle, + { "Handle", "winreg.winreg_OpenHKLM.handle", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_String_name_size, + { "Name Size", "winreg.winreg_String.name_size", FT_UINT16, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_NotifyChangeKeyValue_unknown, + { "Unknown", "winreg.winreg_NotifyChangeKeyValue.unknown", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_QueryValue_length, + { "Length", "winreg.winreg_QueryValue.length", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_OpenKey_unknown, + { "Unknown", "winreg.winreg_OpenKey.unknown", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_QueryInfoKey_max_valbufsize, + { "Max Valbufsize", "winreg.winreg_QueryInfoKey.max_valbufsize", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_InitiateSystemShutdownEx_reason, + { "Reason", "winreg.winreg_InitiateSystemShutdownEx.reason", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_EnumValue_length, + { "Length", "winreg.winreg_EnumValue.length", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_QueryInfoKey_max_subkeylen, + { "Max Subkeylen", "winreg.winreg_QueryInfoKey.max_subkeylen", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_InitiateSystemShutdown_timeout, + { "Timeout", "winreg.winreg_InitiateSystemShutdown.timeout", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_QueryInfoKey_class, + { "Class", "winreg.winreg_QueryInfoKey.class", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_InitiateSystemShutdownEx_hostname, + { "Hostname", "winreg.winreg_InitiateSystemShutdownEx.hostname", FT_UINT16, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_werror, + { "Windows Error", "winreg.werror", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_EnumValue_value, + { "Value", "winreg.winreg_EnumValue.value", FT_UINT8, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_SetKeySecurity_access_mask, + { "Access Mask", "winreg.winreg_SetKeySecurity.access_mask", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_GetKeySecurity_sd, + { "Sd", "winreg.winreg_GetKeySecurity.sd", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_QueryValue_value_name, + { "Value Name", "winreg.winreg_QueryValue.value_name", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_LoadKey_handle, + { "Handle", "winreg.winreg_LoadKey.handle", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_winreg_EnumKey_handle, + { "Handle", "winreg.winreg_EnumKey.handle", FT_NONE, BASE_HEX, NULL, 0, "", HFILL }}, + { &hf_winreg_QueryMultipleValue_offset, + { "Offset", "winreg.QueryMultipleValue.offset", FT_UINT32, BASE_HEX, NULL, 0, "", HFILL }}, + }; + + + static gint *ett[] = { + &ett_dcerpc_winreg, + &ett_winreg_winreg_String, + &ett_winreg_KeySecurityData, + &ett_winreg_winreg_SecBuf, + &ett_winreg_winreg_StringBuf, + &ett_winreg_QueryMultipleValue, + }; + + proto_dcerpc_winreg = proto_register_protocol("Remote Registry Service", "WINREG", "winreg"); + proto_register_field_array(proto_dcerpc_winreg, hf, array_length (hf)); + proto_register_subtree_array(ett, array_length(ett)); +} + +void proto_reg_handoff_dcerpc_winreg(void) +{ + dcerpc_init_uuid(proto_dcerpc_winreg, ett_dcerpc_winreg, + &uuid_dcerpc_winreg, ver_dcerpc_winreg, + winreg_dissectors, hf_winreg_opnum); +} diff --git a/epan/dissectors/pidl/packet-dcerpc-winreg.h b/epan/dissectors/pidl/packet-dcerpc-winreg.h new file mode 100644 index 0000000000..5db62b57f2 --- /dev/null +++ b/epan/dissectors/pidl/packet-dcerpc-winreg.h @@ -0,0 +1,45 @@ +/* autogenerated by pidl */ + +/* DO NOT EDIT + This filter was automatically generated + from librpc/idl/winreg.idl and librpc/idl/winreg.cnf. + + Pidl is a perl based IDL compiler for DCE/RPC idl files. + It is maintained by the Samba team, not the Ethereal team. + Instructions on how to download and install Pidl can be + found at http://wiki.ethereal.com/Pidl +*/ + + +#ifndef __PACKET_DCERPC_WINREG_H +#define __PACKET_DCERPC_WINREG_H + +#include "packet-dcerpc-lsa.h" + +#include "packet-dcerpc-initshutdown.h" + +#define REG_NONE (0) +#define REG_SZ (1) +#define REG_EXPAND_SZ (2) +#define REG_BINARY (3) +#define REG_DWORD (4) +#define REG_DWORD_BIG_ENDIAN (5) +#define REG_LINK (6) +#define REG_MULTI_SZ (7) +#define REG_RESOURCE_LIST (8) +#define REG_FULL_RESOURCE_DESCRIPTOR (9) +#define REG_RESOURCE_REQUIREMENTS_LIST (10) +#define REG_QWORD (11) +extern const value_string winreg_winreg_Type_vals[]; +int winreg_dissect_enum_Type(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int hf_index, guint32 param); +int winreg_dissect_struct_String(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_); +int winreg_dissect_struct_KeySecurityData(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_); +int winreg_dissect_struct_SecBuf(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_); +#define REG_ACTION_NONE (0) +#define REG_CREATED_NEW_KEY (1) +#define REG_OPENED_EXISTING_KEY (2) +extern const value_string winreg_winreg_CreateAction_vals[]; +int winreg_dissect_enum_CreateAction(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep, int hf_index, guint32 param); +int winreg_dissect_struct_StringBuf(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_); +int winreg_dissect_struct_QueryMultipleValue(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, guint8 *drep, int hf_index, guint32 param _U_); +#endif /* __PACKET_DCERPC_WINREG_H */ diff --git a/epan/dissectors/pidl/winreg.idl b/epan/dissectors/pidl/winreg.idl new file mode 100644 index 0000000000..f29d3f6268 --- /dev/null +++ b/epan/dissectors/pidl/winreg.idl @@ -0,0 +1,363 @@ +#include "idl_types.h" + +/* + winreg interface definition +*/ + +[ + uuid("338cd001-2244-31f1-aaaa-900038001003"), + version(1.0), + endpoint("ncacn_np:[\\pipe\\winreg]","ncacn_ip_tcp:","ncalrpc:"), + pointer_default(unique), + pointer_default_top(unique), + helpstring("Remote Registry Service"), + depends(lsa,initshutdown) +] interface winreg +{ + declare bitmap security_secinfo; + + typedef [v1_enum] enum { + REG_NONE = 0, + REG_SZ = 1, + REG_EXPAND_SZ = 2, + REG_BINARY = 3, + REG_DWORD = 4, + REG_DWORD_BIG_ENDIAN = 5, + REG_LINK = 6, + REG_MULTI_SZ = 7, + REG_RESOURCE_LIST = 8, + REG_FULL_RESOURCE_DESCRIPTOR = 9, + REG_RESOURCE_REQUIREMENTS_LIST = 10, + REG_QWORD = 11 + } winreg_Type; + + typedef [public,noejs] struct { + [value(strlen_m_term(name)*2)] uint16 name_len; + [value(strlen_m_term(name)*2)] uint16 name_size; + unistr *name; + } winreg_String; + + /******************/ + /* Function: 0x00 */ + WERROR winreg_OpenHKCR( + [in] uint16 *system_name, + [in] uint32 access_required, + [out,ref] policy_handle *handle + ); + + /******************/ + /* Function: 0x01 */ + WERROR winreg_OpenHKCU( + [in] uint16 *system_name, + [in] uint32 access_required, + [out,ref] policy_handle *handle + ); + + /******************/ + /* Function: 0x02 */ + WERROR winreg_OpenHKLM( + [in] uint16 *system_name, + [in] uint32 access_required, + [out,ref] policy_handle *handle + ); + + /******************/ + /* Function: 0x03 */ + WERROR winreg_OpenHKPD( + [in] uint16 *system_name, + [in] uint32 access_required, + [out,ref] policy_handle *handle + ); + + /******************/ + /* Function: 0x04 */ + WERROR winreg_OpenHKU( + [in] uint16 *system_name, + [in] uint32 access_required, + [out,ref] policy_handle *handle + ); + + /******************/ + /* Function: 0x05 */ + WERROR winreg_CloseKey( + [in,out,ref] policy_handle *handle + ); + + /******************/ + /* Function: 0x06 */ + + typedef struct { + [size_is(size),length_is(len)] uint8 *data; + uint32 size; + uint32 len; + } KeySecurityData; + + typedef struct { + uint32 length; + KeySecurityData sd; + bool8 inherit; + } winreg_SecBuf; + + typedef [v1_enum] enum { + REG_ACTION_NONE = 0, /* used by caller */ + REG_CREATED_NEW_KEY = 1, + REG_OPENED_EXISTING_KEY = 2 + } winreg_CreateAction; + + WERROR winreg_CreateKey( + [in,ref] policy_handle *handle, + [in] winreg_String name, + [in] winreg_String class, + [in] uint32 options, + [in] uint32 access_required, + [in,unique] winreg_SecBuf *secdesc, + [out,ref] policy_handle *new_handle, + [in,out,unique] winreg_CreateAction *action_taken + ); + + /******************/ + /* Function: 0x07 */ + WERROR winreg_DeleteKey( + [in,ref] policy_handle *handle, + [in] winreg_String key + ); + + /******************/ + /* Function: 0x08 */ + WERROR winreg_DeleteValue( + [in,ref] policy_handle *handle, + [in] winreg_String value + ); + + typedef struct { + /* we can't use value(strlen_m(name)*2) here as it + doesn't propogate to the length_is() property + below. Jelmer, can this be fixed? */ + uint16 length; + uint16 size; + [size_is(size/2),length_is(length/2),charset(UTF16)] uint16 *name; + } winreg_StringBuf; + + WERROR winreg_EnumKey( + [in,ref] policy_handle *handle, + [in] uint32 enum_index, + [in,out,ref] winreg_StringBuf *name, + [in,out,unique] winreg_StringBuf *class, + [in,out,unique] NTTIME *last_changed_time + ); + + /******************/ + /* Function: 0x0a */ + + WERROR winreg_EnumValue( + [in,ref] policy_handle *handle, + [in] uint32 enum_index, + [in,out,ref] winreg_StringBuf *name, + [in,out,unique] winreg_Type *type, + [in,out,unique,size_is(*size),length_is(*length)] uint8 *value, + [in,out,unique] uint32 *size, + [in,out,unique] uint32 *length + ); + + /******************/ + /* Function: 0x0b */ + WERROR winreg_FlushKey( + [in,ref] policy_handle *handle + ); + + /******************/ + /* Function: 0x0c */ + WERROR winreg_GetKeySecurity( + [in,ref] policy_handle *handle, + [in] security_secinfo sec_info, + [in,out,ref] KeySecurityData *sd + ); + + /******************/ + /* Function: 0x0d */ + WERROR winreg_LoadKey( + [in,ref] policy_handle *handle, + [in] winreg_String *keyname, + [in] winreg_String *filename + ); + + /******************/ + /* Function: 0x0e */ + WERROR winreg_NotifyChangeKeyValue( + [in,ref] policy_handle *handle, + [in] uint8 watch_subtree, + [in] uint32 notify_filter, + [in] uint32 unknown, + [in] winreg_String string1, + [in] winreg_String string2, + [in] uint32 unknown2 + ); + + /******************/ + /* Function: 0x0f */ + WERROR winreg_OpenKey( + [in,ref] policy_handle *handle, + [in] winreg_String keyname, + [in] uint32 unknown, + [in] uint32 access_mask, + [out,ref] policy_handle *handle + ); + + /******************/ + /* Function: 0x10 */ + WERROR winreg_QueryInfoKey( + [in,ref] policy_handle *handle, + [in] winreg_String class, + [out] winreg_String class, + [out] uint32 num_subkeys, + [out] uint32 max_subkeylen, + [out] uint32 max_subkeysize, + [out] uint32 num_values, + [out] uint32 max_valnamelen, + [out] uint32 max_valbufsize, + [out] uint32 secdescsize, + [out] NTTIME last_changed_time + ); + + /******************/ + /* Function: 0x11 */ + WERROR winreg_QueryValue( + [in,ref] policy_handle *handle, + [in] winreg_String value_name, + [in,out] winreg_Type *type, + [in,out,size_is(*size),length_is(*length)] uint8 *data, + [in,out] uint32 *size, + [in,out] uint32 *length + ); + + /******************/ + /* Function: 0x12 */ + WERROR winreg_ReplaceKey( + ); + + /******************/ + /* Function: 0x13 */ + WERROR winreg_RestoreKey( + ); + + /******************/ + /* Function: 0x14 */ + WERROR winreg_SaveKey( + ); + + /******************/ + /* Function: 0x15 */ + WERROR winreg_SetKeySecurity( + [in,ref] policy_handle *handle, + [in] uint32 access_mask, + [in,out,ref] KeySecurityData *data + ); + + /******************/ + /* Function: 0x16 */ + WERROR winreg_SetValue( + [in,ref] policy_handle *handle, + [in] winreg_String name, + [in] winreg_Type type, + [in,size_is(size),ref] uint8 *data, + [in] uint32 size + ); + + /******************/ + /* Function: 0x17 */ + WERROR winreg_UnLoadKey( + ); + + /******************/ + /* Function: 0x18 */ + WERROR winreg_InitiateSystemShutdown( + [in] uint16 *hostname, + [in] initshutdown_String *message, + [in] uint32 timeout, + [in] uint8 force_apps, + [in] uint8 reboot + ); + + /******************/ + /* Function: 0x19 */ + WERROR winreg_AbortSystemShutdown( + [in] uint16 *server + ); + + /******************/ + /* Function: 0x1a */ + WERROR winreg_GetVersion( + [in,ref] policy_handle *handle, + [out] uint32 version + ); + + /******************/ + /* Function: 0x1b */ + WERROR winreg_OpenHKCC( + [in] uint16 *system_name, + [in] uint32 access_required, + [out,ref] policy_handle *handle + ); + + /******************/ + /* Function: 0x1c */ + WERROR winreg_OpenHKDD( + [in] uint16 *system_name, + [in] uint32 access_required, + [out,ref] policy_handle *handle + ); + + typedef struct { + winreg_String *name; + winreg_Type type; + uint32 offset; + uint32 length; + } QueryMultipleValue; + + /******************/ + /* Function: 0x1d */ + WERROR winreg_QueryMultipleValues( + [in,ref] policy_handle *key_handle, + [in,out,ref,size_is(num_values),length_is(num_values)] QueryMultipleValue *values, + [in] uint32 num_values, + [in,out,size_is(*buffer_size),length_is(*buffer_size)] uint8 *buffer, + [in,out,ref] uint32 *buffer_size + ); + + /******************/ + /* Function: 0x1e */ + WERROR winreg_InitiateSystemShutdownEx( + [in] uint16 *hostname, + [in] initshutdown_String *message, + [in] uint32 timeout, + [in] uint8 force_apps, + [in] uint8 reboot, + [in] uint32 reason + ); + + /******************/ + /* Function: 0x1f */ + WERROR winreg_SaveKeyEx( + ); + + /******************/ + /* Function: 0x20 */ + WERROR winreg_OpenHKPT( + [in] uint16 *system_name, + [in] uint32 access_required, + [out,ref] policy_handle *handle + ); + + /******************/ + /* Function: 0x21 */ + WERROR winreg_OpenHKPN( + [in] uint16 *system_name, + [in] uint32 access_required, + [out,ref] policy_handle *handle + ); + + /******************/ + /* Function: 0x22 */ + WERROR winreg_QueryMultipleValues2( + ); +} -- cgit v1.2.3