search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
regen pidl all: rm epan/dissectors/pidl/*-stamp; pushd epan/dissectors/pidl/ && make...
[wireshark-sm.git] / epan / dissectors / packet-dcerpc-eventlog.c
blob78cd21a5485ebf08bafba644a9060b9993c32057
1 /* DO NOT EDIT
2 This file was automatically generated by Pidl
3 from eventlog.idl and eventlog.cnf.
4
5 Pidl is a perl based IDL compiler for DCE/RPC idl files.
6 It is maintained by the Samba team, not the Wireshark team.
7 Instructions on how to download and install Pidl can be
8 found at https://wiki.wireshark.org/Pidl
9 */
10
11
12 #include "config.h"
13 #include <string.h>
14 #include <wsutil/array.h>
15 #include <epan/packet.h>
16 #include <epan/tfs.h>
17
18 #include "packet-dcerpc.h"
19 #include "packet-dcerpc-nt.h"
20 #include "packet-windows-common.h"
21 #include "packet-dcerpc-eventlog.h"
22 void proto_register_dcerpc_eventlog(void);
23 void proto_reg_handoff_dcerpc_eventlog(void);
24
25 /* Ett declarations */
26 static int ett_dcerpc_eventlog;
27 static int ett_eventlog_eventlogReadFlags;
28 static int ett_eventlog_eventlogEventTypes;
29 static int ett_eventlog_eventlog_OpenUnknown0;
30 static int ett_eventlog_eventlog_Record;
31 static int ett_eventlog_eventlog_ChangeUnknown0;
32
33
34 /* Header field declarations */
35 static int hf_eventlog_Record;
36 static int hf_eventlog_Record_computer_name;
37 static int hf_eventlog_Record_length;
38 static int hf_eventlog_Record_source_name;
39 static int hf_eventlog_Record_string;
40 static int hf_eventlog_eventlogEventTypes_EVENTLOG_AUDIT_FAILURE;
41 static int hf_eventlog_eventlogEventTypes_EVENTLOG_AUDIT_SUCCESS;
42 static int hf_eventlog_eventlogEventTypes_EVENTLOG_ERROR_TYPE;
43 static int hf_eventlog_eventlogEventTypes_EVENTLOG_INFORMATION_TYPE;
44 static int hf_eventlog_eventlogEventTypes_EVENTLOG_WARNING_TYPE;
45 static int hf_eventlog_eventlogReadFlags_EVENTLOG_BACKWARDS_READ;
46 static int hf_eventlog_eventlogReadFlags_EVENTLOG_FORWARDS_READ;
47 static int hf_eventlog_eventlogReadFlags_EVENTLOG_SEEK_READ;
48 static int hf_eventlog_eventlogReadFlags_EVENTLOG_SEQUENTIAL_READ;
49 static int hf_eventlog_eventlog_BackupEventLogW_backupfilename;
50 static int hf_eventlog_eventlog_BackupEventLogW_handle;
51 static int hf_eventlog_eventlog_ChangeNotify_handle;
52 static int hf_eventlog_eventlog_ChangeNotify_unknown2;
53 static int hf_eventlog_eventlog_ChangeNotify_unknown3;
54 static int hf_eventlog_eventlog_ChangeUnknown0_unknown0;
55 static int hf_eventlog_eventlog_ChangeUnknown0_unknown1;
56 static int hf_eventlog_eventlog_ClearEventLogW_backupfilename;
57 static int hf_eventlog_eventlog_ClearEventLogW_handle;
58 static int hf_eventlog_eventlog_CloseEventLog_handle;
59 static int hf_eventlog_eventlog_DeregisterEventSource_handle;
60 static int hf_eventlog_eventlog_FlushEventLog_handle;
61 static int hf_eventlog_eventlog_GetLogInformation_cbBufSize;
62 static int hf_eventlog_eventlog_GetLogInformation_cbBytesNeeded;
63 static int hf_eventlog_eventlog_GetLogInformation_dwInfoLevel;
64 static int hf_eventlog_eventlog_GetLogInformation_handle;
65 static int hf_eventlog_eventlog_GetLogInformation_lpBuffer;
66 static int hf_eventlog_eventlog_GetNumRecords_handle;
67 static int hf_eventlog_eventlog_GetNumRecords_number;
68 static int hf_eventlog_eventlog_GetOldestRecord_handle;
69 static int hf_eventlog_eventlog_GetOldestRecord_oldest;
70 static int hf_eventlog_eventlog_OpenBackupEventLogW_handle;
71 static int hf_eventlog_eventlog_OpenBackupEventLogW_logname;
72 static int hf_eventlog_eventlog_OpenBackupEventLogW_unknown0;
73 static int hf_eventlog_eventlog_OpenBackupEventLogW_unknown2;
74 static int hf_eventlog_eventlog_OpenBackupEventLogW_unknown3;
75 static int hf_eventlog_eventlog_OpenEventLogW_MajorVersion;
76 static int hf_eventlog_eventlog_OpenEventLogW_MinorVersion;
77 static int hf_eventlog_eventlog_OpenEventLogW_Module;
78 static int hf_eventlog_eventlog_OpenEventLogW_RegModuleName;
79 static int hf_eventlog_eventlog_OpenEventLogW_handle;
80 static int hf_eventlog_eventlog_OpenEventLogW_unknown0;
81 static int hf_eventlog_eventlog_OpenUnknown0_unknown0;
82 static int hf_eventlog_eventlog_OpenUnknown0_unknown1;
83 static int hf_eventlog_eventlog_ReadEventLogW_data;
84 static int hf_eventlog_eventlog_ReadEventLogW_flags;
85 static int hf_eventlog_eventlog_ReadEventLogW_handle;
86 static int hf_eventlog_eventlog_ReadEventLogW_number_of_bytes;
87 static int hf_eventlog_eventlog_ReadEventLogW_offset;
88 static int hf_eventlog_eventlog_ReadEventLogW_real_size;
89 static int hf_eventlog_eventlog_ReadEventLogW_sent_size;
90 static int hf_eventlog_eventlog_Record_closing_record_number;
91 static int hf_eventlog_eventlog_Record_computer_name;
92 static int hf_eventlog_eventlog_Record_data_length;
93 static int hf_eventlog_eventlog_Record_data_offset;
94 static int hf_eventlog_eventlog_Record_event_category;
95 static int hf_eventlog_eventlog_Record_event_id;
96 static int hf_eventlog_eventlog_Record_event_type;
97 static int hf_eventlog_eventlog_Record_num_of_strings;
98 static int hf_eventlog_eventlog_Record_raw_data;
99 static int hf_eventlog_eventlog_Record_record_number;
100 static int hf_eventlog_eventlog_Record_reserved;
101 static int hf_eventlog_eventlog_Record_reserved_flags;
102 static int hf_eventlog_eventlog_Record_sid_length;
103 static int hf_eventlog_eventlog_Record_sid_offset;
104 static int hf_eventlog_eventlog_Record_size;
105 static int hf_eventlog_eventlog_Record_source_name;
106 static int hf_eventlog_eventlog_Record_stringoffset;
107 static int hf_eventlog_eventlog_Record_strings;
108 static int hf_eventlog_eventlog_Record_time_generated;
109 static int hf_eventlog_eventlog_Record_time_written;
110 static int hf_eventlog_eventlog_RegisterEventSourceW_handle;
111 static int hf_eventlog_eventlog_RegisterEventSourceW_logname;
112 static int hf_eventlog_eventlog_RegisterEventSourceW_servername;
113 static int hf_eventlog_eventlog_RegisterEventSourceW_unknown0;
114 static int hf_eventlog_eventlog_RegisterEventSourceW_unknown2;
115 static int hf_eventlog_eventlog_RegisterEventSourceW_unknown3;
116 static int hf_eventlog_eventlog_ReportEventW_Type;
117 static int hf_eventlog_eventlog_ReportEventW_computer_name;
118 static int hf_eventlog_eventlog_ReportEventW_data_length;
119 static int hf_eventlog_eventlog_ReportEventW_event_category;
120 static int hf_eventlog_eventlog_ReportEventW_event_id;
121 static int hf_eventlog_eventlog_ReportEventW_handle;
122 static int hf_eventlog_eventlog_ReportEventW_num_of_strings;
123 static int hf_eventlog_eventlog_ReportEventW_time;
124 static int hf_eventlog_opnum;
125 static int hf_eventlog_status;
126
127 static int proto_dcerpc_eventlog;
128 /* Version information */
129
130
131 static e_guid_t uuid_dcerpc_eventlog = {
132 0x82273fdc, 0xe32a, 0x18c3,
133 { 0x3f, 0x78, 0x82, 0x79, 0x29, 0xdc, 0x23, 0xea }
134 };
135 static uint16_t ver_dcerpc_eventlog = 0;
136
137 static const true_false_string eventlogReadFlags_EVENTLOG_SEQUENTIAL_READ_tfs = {
138 "EVENTLOG_SEQUENTIAL_READ is SET",
139 "EVENTLOG_SEQUENTIAL_READ is NOT SET",
140 };
141 static const true_false_string eventlogReadFlags_EVENTLOG_SEEK_READ_tfs = {
142 "EVENTLOG_SEEK_READ is SET",
143 "EVENTLOG_SEEK_READ is NOT SET",
144 };
145 static const true_false_string eventlogReadFlags_EVENTLOG_FORWARDS_READ_tfs = {
146 "EVENTLOG_FORWARDS_READ is SET",
147 "EVENTLOG_FORWARDS_READ is NOT SET",
148 };
149 static const true_false_string eventlogReadFlags_EVENTLOG_BACKWARDS_READ_tfs = {
150 "EVENTLOG_BACKWARDS_READ is SET",
151 "EVENTLOG_BACKWARDS_READ is NOT SET",
152 };
153 static const true_false_string eventlogEventTypes_EVENTLOG_ERROR_TYPE_tfs = {
154 "EVENTLOG_ERROR_TYPE is SET",
155 "EVENTLOG_ERROR_TYPE is NOT SET",
156 };
157 static const true_false_string eventlogEventTypes_EVENTLOG_WARNING_TYPE_tfs = {
158 "EVENTLOG_WARNING_TYPE is SET",
159 "EVENTLOG_WARNING_TYPE is NOT SET",
160 };
161 static const true_false_string eventlogEventTypes_EVENTLOG_INFORMATION_TYPE_tfs = {
162 "EVENTLOG_INFORMATION_TYPE is SET",
163 "EVENTLOG_INFORMATION_TYPE is NOT SET",
164 };
165 static const true_false_string eventlogEventTypes_EVENTLOG_AUDIT_SUCCESS_tfs = {
166 "EVENTLOG_AUDIT_SUCCESS is SET",
167 "EVENTLOG_AUDIT_SUCCESS is NOT SET",
168 };
169 static const true_false_string eventlogEventTypes_EVENTLOG_AUDIT_FAILURE_tfs = {
170 "EVENTLOG_AUDIT_FAILURE is SET",
171 "EVENTLOG_AUDIT_FAILURE is NOT SET",
172 };
173 static int eventlog_dissect_element_OpenUnknown0_unknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
174 static int eventlog_dissect_element_OpenUnknown0_unknown1(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
175 static int eventlog_dissect_element_Record_size(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
176 static int eventlog_dissect_element_Record_reserved(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
177 static int eventlog_dissect_element_Record_record_number(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
178 static int eventlog_dissect_element_Record_time_generated(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
179 static int eventlog_dissect_element_Record_time_written(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
180 static int eventlog_dissect_element_Record_event_id(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
181 static int eventlog_dissect_element_Record_event_type(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
182 static int eventlog_dissect_element_Record_num_of_strings(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_, uint16_t *num_of_strings);
183 static int eventlog_dissect_element_Record_event_category(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
184 static int eventlog_dissect_element_Record_reserved_flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
185 static int eventlog_dissect_element_Record_closing_record_number(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
186 static int eventlog_dissect_element_Record_stringoffset(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
187 static int eventlog_dissect_element_Record_sid_length(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
188 static int eventlog_dissect_element_Record_sid_offset(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
189 static int eventlog_dissect_element_Record_data_length(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
190 static int eventlog_dissect_element_Record_data_offset(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
191 static int eventlog_dissect_element_Record_source_name(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
192 static int eventlog_dissect_element_Record_computer_name(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
193 static int eventlog_dissect_element_Record_strings(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_, uint16_t *num_of_strings);
194 static int eventlog_dissect_element_Record_raw_data(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
195 static int eventlog_dissect_element_ChangeUnknown0_unknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
196 static int eventlog_dissect_element_ChangeUnknown0_unknown1(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
197 static int eventlog_dissect_element_ClearEventLogW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
198 static int eventlog_dissect_element_ClearEventLogW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
199 static int eventlog_dissect_element_ClearEventLogW_backupfilename(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
200 static int eventlog_dissect_element_ClearEventLogW_backupfilename_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
201 static int eventlog_dissect_element_BackupEventLogW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
202 static int eventlog_dissect_element_BackupEventLogW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
203 static int eventlog_dissect_element_BackupEventLogW_backupfilename(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
204 static int eventlog_dissect_element_BackupEventLogW_backupfilename_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
205 static int eventlog_dissect_element_CloseEventLog_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
206 static int eventlog_dissect_element_CloseEventLog_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
207 static int eventlog_dissect_element_DeregisterEventSource_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
208 static int eventlog_dissect_element_DeregisterEventSource_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
209 static int eventlog_dissect_element_GetNumRecords_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
210 static int eventlog_dissect_element_GetNumRecords_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
211 static int eventlog_dissect_element_GetNumRecords_number(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
212 static int eventlog_dissect_element_GetNumRecords_number_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
213 static int eventlog_dissect_element_GetOldestRecord_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
214 static int eventlog_dissect_element_GetOldestRecord_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
215 static int eventlog_dissect_element_GetOldestRecord_oldest(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
216 static int eventlog_dissect_element_GetOldestRecord_oldest_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
217 static int eventlog_dissect_element_ChangeNotify_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
218 static int eventlog_dissect_element_ChangeNotify_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
219 static int eventlog_dissect_element_ChangeNotify_unknown2(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
220 static int eventlog_dissect_element_ChangeNotify_unknown2_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
221 static int eventlog_dissect_element_ChangeNotify_unknown3(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
222 static int eventlog_dissect_element_OpenEventLogW_unknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
223 static int eventlog_dissect_element_OpenEventLogW_unknown0_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
224 static int eventlog_dissect_element_OpenEventLogW_Module(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
225 static int eventlog_dissect_element_OpenEventLogW_RegModuleName(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
226 static int eventlog_dissect_element_OpenEventLogW_MajorVersion(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
227 static int eventlog_dissect_element_OpenEventLogW_MinorVersion(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
228 static int eventlog_dissect_element_OpenEventLogW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
229 static int eventlog_dissect_element_OpenEventLogW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
230 static int eventlog_dissect_element_RegisterEventSourceW_unknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
231 static int eventlog_dissect_element_RegisterEventSourceW_unknown0_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
232 static int eventlog_dissect_element_RegisterEventSourceW_logname(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
233 static int eventlog_dissect_element_RegisterEventSourceW_servername(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
234 static int eventlog_dissect_element_RegisterEventSourceW_unknown2(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
235 static int eventlog_dissect_element_RegisterEventSourceW_unknown3(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
236 static int eventlog_dissect_element_RegisterEventSourceW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
237 static int eventlog_dissect_element_RegisterEventSourceW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
238 static int eventlog_dissect_element_OpenBackupEventLogW_unknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
239 static int eventlog_dissect_element_OpenBackupEventLogW_unknown0_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
240 static int eventlog_dissect_element_OpenBackupEventLogW_logname(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
241 static int eventlog_dissect_element_OpenBackupEventLogW_unknown2(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
242 static int eventlog_dissect_element_OpenBackupEventLogW_unknown3(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
243 static int eventlog_dissect_element_OpenBackupEventLogW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
244 static int eventlog_dissect_element_OpenBackupEventLogW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
245 static int eventlog_dissect_element_ReadEventLogW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
246 static int eventlog_dissect_element_ReadEventLogW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
247 static int eventlog_dissect_element_ReadEventLogW_flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
248 static int eventlog_dissect_element_ReadEventLogW_offset(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
249 static int eventlog_dissect_element_ReadEventLogW_number_of_bytes(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
250 static int eventlog_dissect_element_ReadEventLogW_data(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
251 static int eventlog_dissect_element_ReadEventLogW_data_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
252 static int eventlog_dissect_element_ReadEventLogW_sent_size(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
253 static int eventlog_dissect_element_ReadEventLogW_sent_size_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
254 static int eventlog_dissect_element_ReadEventLogW_real_size(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
255 static int eventlog_dissect_element_ReadEventLogW_real_size_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
256 static int eventlog_dissect_element_ReportEventW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
257 static int eventlog_dissect_element_ReportEventW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
258 static int eventlog_dissect_element_ReportEventW_time(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
259 static int eventlog_dissect_element_ReportEventW_Type(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
260 static int eventlog_dissect_element_ReportEventW_event_category(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
261 static int eventlog_dissect_element_ReportEventW_event_id(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
262 static int eventlog_dissect_element_ReportEventW_num_of_strings(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
263 static int eventlog_dissect_element_ReportEventW_data_length(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
264 static int eventlog_dissect_element_ReportEventW_computer_name(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
265 static int eventlog_dissect_element_GetLogInformation_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
266 static int eventlog_dissect_element_GetLogInformation_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
267 static int eventlog_dissect_element_GetLogInformation_dwInfoLevel(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
268 static int eventlog_dissect_element_GetLogInformation_lpBuffer(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
269 static int eventlog_dissect_element_GetLogInformation_lpBuffer_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
270 static int eventlog_dissect_element_GetLogInformation_cbBufSize(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
271 static int eventlog_dissect_element_GetLogInformation_cbBytesNeeded(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
272 static int eventlog_dissect_element_GetLogInformation_cbBytesNeeded_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
273 static int eventlog_dissect_element_FlushEventLog_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
274 static int eventlog_dissect_element_FlushEventLog_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
275 static int
276 eventlog_dissect_element_ReadEventLogW_data_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
277 {
278 uint32_t len;
279 tvbuff_t *record_tvb;
280 if(di->conformant_run){
281 /*just a run to handle conformant arrays, nothing to dissect */
282 return offset;
283 }
284 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep,
285 hf_eventlog_Record_length, &len);
286 /* Create a new tvb so that we know that offset==0 is the beginning
287 * of the record. We need to know this since the data is not really
288 * NDR encoded at all and there are byte offsets into this buffer
289 * encoded therein.
290 */
291 record_tvb=tvb_new_subset_length_caplen(tvb, offset, MIN((int)len, tvb_captured_length_remaining(tvb, offset)), len);
292 eventlog_dissect_struct_Record(record_tvb, 0, pinfo, tree, di, drep, hf_eventlog_Record, 0);
293 offset+=len;
294 return offset;
295 }
296 /* sid_length and sid_offset handled by manual code since this is not NDR
297 and we want to dissect the sid from the data blob */
298 static uint32_t sid_length;
299 static int
300 eventlog_dissect_element_Record_sid_length(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
301 {
302 sid_length=0;
303 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_sid_length,&sid_length);
304 return offset;
305 }
306 static int
307 eventlog_dissect_element_Record_sid_offset(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
308 {
309 uint32_t sid_offset=0;
310 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_sid_offset,&sid_offset);
311 if(sid_offset && sid_length){
312 tvbuff_t *sid_tvb;
313 /* this blob contains an NT SID.
314 * tvb starts at the beginning of the record.
315 */
316 sid_tvb=tvb_new_subset_length_caplen(tvb, sid_offset, MIN((int)sid_length, tvb_captured_length_remaining(tvb, offset)), sid_length);
317 dissect_nt_sid(sid_tvb, 0, tree, "SID", NULL, -1);
318 }
319 return offset;
320 }
321 static int
322 eventlog_dissect_element_Record_source_name(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, dcerpc_info *di _U_, uint8_t *drep _U_)
323 {
324 unsigned len;
325 len=tvb_unicode_strsize(tvb, offset);
326 proto_tree_add_item(tree, hf_eventlog_Record_source_name, tvb, offset, len, ENC_UTF_16|ENC_LITTLE_ENDIAN);
327 offset+=len;
328 return offset;
329 }
330 static int
331 eventlog_dissect_element_Record_computer_name(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, dcerpc_info *di _U_, uint8_t *drep _U_)
332 {
333 unsigned len;
334 len=tvb_unicode_strsize(tvb, offset);
335 proto_tree_add_item(tree, hf_eventlog_Record_computer_name, tvb, offset, len, ENC_UTF_16|ENC_LITTLE_ENDIAN);
336 offset+=len;
337 return offset;
338 }
339 static int
340 eventlog_dissect_element_Record_num_of_strings(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, uint8_t *drep, uint16_t *num_of_strings)
341 {
342 num_of_strings=0;
343 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_num_of_strings,num_of_strings);
344 return offset;
345 }
346 static uint32_t string_offset;
347 static int
348 eventlog_dissect_element_Record_stringoffset(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
349 {
350 string_offset=0;
351 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_stringoffset,&string_offset);
352 return offset;
353 }
354 static int
355 eventlog_dissect_element_Record_strings(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, dcerpc_info* di _U_, uint8_t *drep _U_, uint16_t *num_of_strings)
356 {
357 while(string_offset && *num_of_strings){
358 unsigned len;
359 len=tvb_unicode_strsize(tvb, string_offset);
360 proto_tree_add_item(tree, hf_eventlog_Record_string, tvb, string_offset, len, ENC_UTF_16|ENC_LITTLE_ENDIAN);
361 string_offset+=len;
362 (*num_of_strings)--;
363 }
364 return offset;
365 }
366
367
368 /* IDL: bitmap { */
369 /* IDL: EVENTLOG_SEQUENTIAL_READ = 0x00000001 , */
370 /* IDL: EVENTLOG_SEEK_READ = 0x00000002 , */
371 /* IDL: EVENTLOG_FORWARDS_READ = 0x00000004 , */
372 /* IDL: EVENTLOG_BACKWARDS_READ = 0x00000008 , */
373 /* IDL: } */
374
375 int
376 eventlog_dissect_bitmap_eventlogReadFlags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_, int hf_index _U_, uint32_t param _U_)
377 {
378 proto_item *item;
379 static int * const eventlog_eventlogReadFlags_fields[] = {
380 &hf_eventlog_eventlogReadFlags_EVENTLOG_SEQUENTIAL_READ,
381 &hf_eventlog_eventlogReadFlags_EVENTLOG_SEEK_READ,
382 &hf_eventlog_eventlogReadFlags_EVENTLOG_FORWARDS_READ,
383 &hf_eventlog_eventlogReadFlags_EVENTLOG_BACKWARDS_READ,
384 NULL
385 };
386 uint32_t flags;
387 ALIGN_TO_4_BYTES;
388
389 item = proto_tree_add_bitmask_with_flags(parent_tree, tvb, offset, hf_index,
390 ett_eventlog_eventlogReadFlags, eventlog_eventlogReadFlags_fields, DREP_ENC_INTEGER(drep), BMT_NO_FALSE);
391
392 offset = dissect_ndr_uint32(tvb, offset, pinfo, parent_tree, di, drep, -1, &flags);
393
394 if (!flags)
395 proto_item_append_text(item, ": (No values set)");
396
397 if (flags & (~0x0000000f)) {
398 flags &= (~0x0000000f);
399 proto_item_append_text(item, "Unknown bitmap value 0x%x", flags);
400 }
401
402 return offset;
403 }
404
405
406 /* IDL: bitmap { */
407 /* IDL: EVENTLOG_SUCCESS = 0x00000000 , */
408 /* IDL: EVENTLOG_ERROR_TYPE = 0x00000001 , */
409 /* IDL: EVENTLOG_WARNING_TYPE = 0x00000002 , */
410 /* IDL: EVENTLOG_INFORMATION_TYPE = 0x00000004 , */
411 /* IDL: EVENTLOG_AUDIT_SUCCESS = 0x00000008 , */
412 /* IDL: EVENTLOG_AUDIT_FAILURE = 0x00000010 , */
413 /* IDL: } */
414
415 int
416 eventlog_dissect_bitmap_eventlogEventTypes(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_, int hf_index _U_, uint32_t param _U_)
417 {
418 proto_item *item;
419 static int * const eventlog_eventlogEventTypes_fields[] = {
420 &hf_eventlog_eventlogEventTypes_EVENTLOG_ERROR_TYPE,
421 &hf_eventlog_eventlogEventTypes_EVENTLOG_WARNING_TYPE,
422 &hf_eventlog_eventlogEventTypes_EVENTLOG_INFORMATION_TYPE,
423 &hf_eventlog_eventlogEventTypes_EVENTLOG_AUDIT_SUCCESS,
424 &hf_eventlog_eventlogEventTypes_EVENTLOG_AUDIT_FAILURE,
425 NULL
426 };
427 uint32_t flags;
428 ALIGN_TO_4_BYTES;
429
430 item = proto_tree_add_bitmask_with_flags(parent_tree, tvb, offset, hf_index,
431 ett_eventlog_eventlogEventTypes, eventlog_eventlogEventTypes_fields, DREP_ENC_INTEGER(drep), BMT_NO_FALSE);
432
433 offset = dissect_ndr_uint32(tvb, offset, pinfo, parent_tree, di, drep, -1, &flags);
434
435 if (!flags)
436 proto_item_append_text(item, ": (No values set)");
437
438 if (flags & (~0x0000001f)) {
439 flags &= (~0x0000001f);
440 proto_item_append_text(item, "Unknown bitmap value 0x%x", flags);
441 }
442
443 return offset;
444 }
445
446
447 /* IDL: struct { */
448 /* IDL: uint16 unknown0; */
449 /* IDL: uint16 unknown1; */
450 /* IDL: } */
451
452 static int
453 eventlog_dissect_element_OpenUnknown0_unknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
454 {
455 offset = PIDL_dissect_uint16(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_OpenUnknown0_unknown0, 0);
456
457 return offset;
458 }
459
460 static int
461 eventlog_dissect_element_OpenUnknown0_unknown1(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
462 {
463 offset = PIDL_dissect_uint16(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_OpenUnknown0_unknown1, 0);
464
465 return offset;
466 }
467
468 int
469 eventlog_dissect_struct_OpenUnknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_, int hf_index _U_, uint32_t param _U_)
470 {
471 proto_item *item = NULL;
472 proto_tree *tree = NULL;
473 int old_offset;
474
475 ALIGN_TO_2_BYTES;
476
477 old_offset = offset;
478
479 if (parent_tree) {
480 item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
481 tree = proto_item_add_subtree(item, ett_eventlog_eventlog_OpenUnknown0);
482 }
483
484 offset = eventlog_dissect_element_OpenUnknown0_unknown0(tvb, offset, pinfo, tree, di, drep);
485
486 offset = eventlog_dissect_element_OpenUnknown0_unknown1(tvb, offset, pinfo, tree, di, drep);
487
488
489 proto_item_set_len(item, offset-old_offset);
490
491
492 if (di->call_data->flags & DCERPC_IS_NDR64) {
493 ALIGN_TO_2_BYTES;
494 }
495
496 return offset;
497 }
498
499
500 /* IDL: struct { */
501 /* IDL: uint32 size; */
502 /* IDL: uint32 reserved; */
503 /* IDL: uint32 record_number; */
504 /* IDL: uint32 time_generated; */
505 /* IDL: uint32 time_written; */
506 /* IDL: uint32 event_id; */
507 /* IDL: uint16 event_type; */
508 /* IDL: uint16 num_of_strings; */
509 /* IDL: uint16 event_category; */
510 /* IDL: uint16 reserved_flags; */
511 /* IDL: uint32 closing_record_number; */
512 /* IDL: uint32 stringoffset; */
513 /* IDL: uint32 sid_length; */
514 /* IDL: uint32 sid_offset; */
515 /* IDL: uint32 data_length; */
516 /* IDL: uint32 data_offset; */
517 /* IDL: [flag(LIBNDR_FLAG_STR_NULLTERM)] string source_name; */
518 /* IDL: [flag(LIBNDR_FLAG_STR_NULLTERM)] string computer_name; */
519 /* IDL: [flag(LIBNDR_FLAG_STR_NULLTERM)] string strings[num_of_strings]; */
520 /* IDL: [flag(LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM)] string raw_data; */
521 /* IDL: } */
522
523 static int
524 eventlog_dissect_element_Record_size(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
525 {
526 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_size, 0);
527
528 return offset;
529 }
530
531 static int
532 eventlog_dissect_element_Record_reserved(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
533 {
534 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_reserved, 0);
535
536 return offset;
537 }
538
539 static int
540 eventlog_dissect_element_Record_record_number(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
541 {
542 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_record_number, 0);
543
544 return offset;
545 }
546
547 static int
548 eventlog_dissect_element_Record_time_generated(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
549 {
550 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_time_generated, 0);
551
552 return offset;
553 }
554
555 static int
556 eventlog_dissect_element_Record_time_written(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
557 {
558 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_time_written, 0);
559
560 return offset;
561 }
562
563 static int
564 eventlog_dissect_element_Record_event_id(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
565 {
566 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_event_id, 0);
567
568 return offset;
569 }
570
571 static int
572 eventlog_dissect_element_Record_event_type(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
573 {
574 offset = PIDL_dissect_uint16(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_event_type, 0);
575
576 return offset;
577 }
578
579 static int
580 eventlog_dissect_element_Record_event_category(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
581 {
582 offset = PIDL_dissect_uint16(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_event_category, 0);
583
584 return offset;
585 }
586
587 static int
588 eventlog_dissect_element_Record_reserved_flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
589 {
590 offset = PIDL_dissect_uint16(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_reserved_flags, 0);
591
592 return offset;
593 }
594
595 static int
596 eventlog_dissect_element_Record_closing_record_number(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
597 {
598 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_closing_record_number, 0);
599
600 return offset;
601 }
602
603 static int
604 eventlog_dissect_element_Record_data_length(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
605 {
606 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_data_length, 0);
607
608 return offset;
609 }
610
611 static int
612 eventlog_dissect_element_Record_data_offset(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
613 {
614 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_data_offset, 0);
615
616 return offset;
617 }
618
619 static int
620 eventlog_dissect_element_Record_raw_data(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
621 {
622 offset = dissect_null_term_string(tvb, offset, pinfo, tree, drep, hf_eventlog_eventlog_Record_raw_data , 0);
623
624 return offset;
625 }
626
627 int
628 eventlog_dissect_struct_Record(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_, int hf_index _U_, uint32_t param _U_)
629 {
630 uint16_t num_of_strings = 0;
631 proto_item *item = NULL;
632 proto_tree *tree = NULL;
633 int old_offset;
634
635 ALIGN_TO_4_BYTES;
636
637 old_offset = offset;
638
639 if (parent_tree) {
640 item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
641 tree = proto_item_add_subtree(item, ett_eventlog_eventlog_Record);
642 }
643
644 offset = eventlog_dissect_element_Record_size(tvb, offset, pinfo, tree, di, drep);
645
646 offset = eventlog_dissect_element_Record_reserved(tvb, offset, pinfo, tree, di, drep);
647
648 offset = eventlog_dissect_element_Record_record_number(tvb, offset, pinfo, tree, di, drep);
649
650 offset = eventlog_dissect_element_Record_time_generated(tvb, offset, pinfo, tree, di, drep);
651
652 offset = eventlog_dissect_element_Record_time_written(tvb, offset, pinfo, tree, di, drep);
653
654 offset = eventlog_dissect_element_Record_event_id(tvb, offset, pinfo, tree, di, drep);
655
656 offset = eventlog_dissect_element_Record_event_type(tvb, offset, pinfo, tree, di, drep);
657
658 offset = eventlog_dissect_element_Record_num_of_strings(tvb, offset, pinfo, tree, di, drep, &num_of_strings);
659
660 offset = eventlog_dissect_element_Record_event_category(tvb, offset, pinfo, tree, di, drep);
661
662 offset = eventlog_dissect_element_Record_reserved_flags(tvb, offset, pinfo, tree, di, drep);
663
664 offset = eventlog_dissect_element_Record_closing_record_number(tvb, offset, pinfo, tree, di, drep);
665
666 offset = eventlog_dissect_element_Record_stringoffset(tvb, offset, pinfo, tree, di, drep);
667
668 offset = eventlog_dissect_element_Record_sid_length(tvb, offset, pinfo, tree, di, drep);
669
670 offset = eventlog_dissect_element_Record_sid_offset(tvb, offset, pinfo, tree, di, drep);
671
672 offset = eventlog_dissect_element_Record_data_length(tvb, offset, pinfo, tree, di, drep);
673
674 offset = eventlog_dissect_element_Record_data_offset(tvb, offset, pinfo, tree, di, drep);
675
676 offset = eventlog_dissect_element_Record_source_name(tvb, offset, pinfo, tree, di, drep);
677
678 offset = eventlog_dissect_element_Record_computer_name(tvb, offset, pinfo, tree, di, drep);
679
680 offset = eventlog_dissect_element_Record_strings(tvb, offset, pinfo, tree, di, drep, &num_of_strings);
681
682 offset = eventlog_dissect_element_Record_raw_data(tvb, offset, pinfo, tree, di, drep);
683
684
685 proto_item_set_len(item, offset-old_offset);
686
687
688 if (di->call_data->flags & DCERPC_IS_NDR64) {
689 ALIGN_TO_4_BYTES;
690 }
691
692 return offset;
693 }
694
695
696 /* IDL: struct { */
697 /* IDL: uint32 unknown0; */
698 /* IDL: uint32 unknown1; */
699 /* IDL: } */
700
701 static int
702 eventlog_dissect_element_ChangeUnknown0_unknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
703 {
704 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ChangeUnknown0_unknown0, 0);
705
706 return offset;
707 }
708
709 static int
710 eventlog_dissect_element_ChangeUnknown0_unknown1(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
711 {
712 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ChangeUnknown0_unknown1, 0);
713
714 return offset;
715 }
716
717 int
718 eventlog_dissect_struct_ChangeUnknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_, int hf_index _U_, uint32_t param _U_)
719 {
720 proto_item *item = NULL;
721 proto_tree *tree = NULL;
722 int old_offset;
723
724 ALIGN_TO_4_BYTES;
725
726 old_offset = offset;
727
728 if (parent_tree) {
729 item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
730 tree = proto_item_add_subtree(item, ett_eventlog_eventlog_ChangeUnknown0);
731 }
732
733 offset = eventlog_dissect_element_ChangeUnknown0_unknown0(tvb, offset, pinfo, tree, di, drep);
734
735 offset = eventlog_dissect_element_ChangeUnknown0_unknown1(tvb, offset, pinfo, tree, di, drep);
736
737
738 proto_item_set_len(item, offset-old_offset);
739
740
741 if (di->call_data->flags & DCERPC_IS_NDR64) {
742 ALIGN_TO_4_BYTES;
743 }
744
745 return offset;
746 }
747
748 static int
749 eventlog_dissect_element_ClearEventLogW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
750 {
751 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_ClearEventLogW_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_ClearEventLogW_handle);
752
753 return offset;
754 }
755
756 static int
757 eventlog_dissect_element_ClearEventLogW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
758 {
759 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ClearEventLogW_handle, 0);
760
761 return offset;
762 }
763
764 static int
765 eventlog_dissect_element_ClearEventLogW_backupfilename(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
766 {
767 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_ClearEventLogW_backupfilename_, NDR_POINTER_UNIQUE, "Pointer to Backupfilename (lsa_String)",hf_eventlog_eventlog_ClearEventLogW_backupfilename);
768
769 return offset;
770 }
771
772 static int
773 eventlog_dissect_element_ClearEventLogW_backupfilename_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
774 {
775 offset=dissect_ndr_counted_string(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ClearEventLogW_backupfilename, 0);
776
777 return offset;
778 }
779
780 /* IDL: NTSTATUS eventlog_ClearEventLogW( */
781 /* IDL: [in] [ref] policy_handle *handle, */
782 /* IDL: [in] [unique(1)] lsa_String *backupfilename */
783 /* IDL: ); */
784
785 static int
786 eventlog_dissect_ClearEventLogW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
787 {
788 uint32_t status;
789
790 di->dcerpc_procedure_name="ClearEventLogW";
791 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
792
793 if (status != 0)
794 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
795
796 return offset;
797 }
798
799 static int
800 eventlog_dissect_ClearEventLogW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
801 {
802 di->dcerpc_procedure_name="ClearEventLogW";
803 offset = eventlog_dissect_element_ClearEventLogW_handle(tvb, offset, pinfo, tree, di, drep);
804 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
805 offset = eventlog_dissect_element_ClearEventLogW_backupfilename(tvb, offset, pinfo, tree, di, drep);
806 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
807 return offset;
808 }
809
810 static int
811 eventlog_dissect_element_BackupEventLogW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
812 {
813 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_BackupEventLogW_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_BackupEventLogW_handle);
814
815 return offset;
816 }
817
818 static int
819 eventlog_dissect_element_BackupEventLogW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
820 {
821 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_BackupEventLogW_handle, 0);
822
823 return offset;
824 }
825
826 static int
827 eventlog_dissect_element_BackupEventLogW_backupfilename(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
828 {
829 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_BackupEventLogW_backupfilename_, NDR_POINTER_UNIQUE, "Pointer to Backupfilename (lsa_String)",hf_eventlog_eventlog_BackupEventLogW_backupfilename);
830
831 return offset;
832 }
833
834 static int
835 eventlog_dissect_element_BackupEventLogW_backupfilename_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
836 {
837 offset=dissect_ndr_counted_string(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_BackupEventLogW_backupfilename, 0);
838
839 return offset;
840 }
841
842 /* IDL: NTSTATUS eventlog_BackupEventLogW( */
843 /* IDL: [in] [ref] policy_handle *handle, */
844 /* IDL: [in] [unique(1)] lsa_String *backupfilename */
845 /* IDL: ); */
846
847 static int
848 eventlog_dissect_BackupEventLogW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
849 {
850 uint32_t status;
851
852 di->dcerpc_procedure_name="BackupEventLogW";
853 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
854
855 if (status != 0)
856 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
857
858 return offset;
859 }
860
861 static int
862 eventlog_dissect_BackupEventLogW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
863 {
864 di->dcerpc_procedure_name="BackupEventLogW";
865 offset = eventlog_dissect_element_BackupEventLogW_handle(tvb, offset, pinfo, tree, di, drep);
866 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
867 offset = eventlog_dissect_element_BackupEventLogW_backupfilename(tvb, offset, pinfo, tree, di, drep);
868 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
869 return offset;
870 }
871
872 static int
873 eventlog_dissect_element_CloseEventLog_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
874 {
875 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_CloseEventLog_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_CloseEventLog_handle);
876
877 return offset;
878 }
879
880 static int
881 eventlog_dissect_element_CloseEventLog_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
882 {
883 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_CloseEventLog_handle, PIDL_POLHND_CLOSE);
884
885 return offset;
886 }
887
888 /* IDL: NTSTATUS eventlog_CloseEventLog( */
889 /* IDL: [in] [out] [ref] policy_handle *handle */
890 /* IDL: ); */
891
892 static int
893 eventlog_dissect_CloseEventLog_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
894 {
895 uint32_t status;
896
897 di->dcerpc_procedure_name="CloseEventLog";
898 offset = eventlog_dissect_element_CloseEventLog_handle(tvb, offset, pinfo, tree, di, drep);
899 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
900
901 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
902
903 if (status != 0)
904 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
905
906 return offset;
907 }
908
909 static int
910 eventlog_dissect_CloseEventLog_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
911 {
912 di->dcerpc_procedure_name="CloseEventLog";
913 offset = eventlog_dissect_element_CloseEventLog_handle(tvb, offset, pinfo, tree, di, drep);
914 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
915 return offset;
916 }
917
918 static int
919 eventlog_dissect_element_DeregisterEventSource_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
920 {
921 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_DeregisterEventSource_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_DeregisterEventSource_handle);
922
923 return offset;
924 }
925
926 static int
927 eventlog_dissect_element_DeregisterEventSource_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
928 {
929 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_DeregisterEventSource_handle, 0);
930
931 return offset;
932 }
933
934 /* IDL: NTSTATUS eventlog_DeregisterEventSource( */
935 /* IDL: [in] [out] [ref] policy_handle *handle */
936 /* IDL: ); */
937
938 static int
939 eventlog_dissect_DeregisterEventSource_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
940 {
941 uint32_t status;
942
943 di->dcerpc_procedure_name="DeregisterEventSource";
944 offset = eventlog_dissect_element_DeregisterEventSource_handle(tvb, offset, pinfo, tree, di, drep);
945 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
946
947 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
948
949 if (status != 0)
950 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
951
952 return offset;
953 }
954
955 static int
956 eventlog_dissect_DeregisterEventSource_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
957 {
958 di->dcerpc_procedure_name="DeregisterEventSource";
959 offset = eventlog_dissect_element_DeregisterEventSource_handle(tvb, offset, pinfo, tree, di, drep);
960 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
961 return offset;
962 }
963
964 static int
965 eventlog_dissect_element_GetNumRecords_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
966 {
967 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_GetNumRecords_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_GetNumRecords_handle);
968
969 return offset;
970 }
971
972 static int
973 eventlog_dissect_element_GetNumRecords_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
974 {
975 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_GetNumRecords_handle, 0);
976
977 return offset;
978 }
979
980 static int
981 eventlog_dissect_element_GetNumRecords_number(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
982 {
983 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_GetNumRecords_number_, NDR_POINTER_REF, "Pointer to Number (uint32)",hf_eventlog_eventlog_GetNumRecords_number);
984
985 return offset;
986 }
987
988 static int
989 eventlog_dissect_element_GetNumRecords_number_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
990 {
991 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_GetNumRecords_number, 0);
992
993 return offset;
994 }
995
996 /* IDL: NTSTATUS eventlog_GetNumRecords( */
997 /* IDL: [in] [ref] policy_handle *handle, */
998 /* IDL: [out] [ref] uint32 *number */
999 /* IDL: ); */
1000
1001 static int
1002 eventlog_dissect_GetNumRecords_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1003 {
1004 uint32_t status;
1005
1006 di->dcerpc_procedure_name="GetNumRecords";
1007 offset = eventlog_dissect_element_GetNumRecords_number(tvb, offset, pinfo, tree, di, drep);
1008 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1009
1010 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1011
1012 if (status != 0)
1013 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1014
1015 return offset;
1016 }
1017
1018 static int
1019 eventlog_dissect_GetNumRecords_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1020 {
1021 di->dcerpc_procedure_name="GetNumRecords";
1022 offset = eventlog_dissect_element_GetNumRecords_handle(tvb, offset, pinfo, tree, di, drep);
1023 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1024 return offset;
1025 }
1026
1027 static int
1028 eventlog_dissect_element_GetOldestRecord_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1029 {
1030 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_GetOldestRecord_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_GetOldestRecord_handle);
1031
1032 return offset;
1033 }
1034
1035 static int
1036 eventlog_dissect_element_GetOldestRecord_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1037 {
1038 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_GetOldestRecord_handle, 0);
1039
1040 return offset;
1041 }
1042
1043 static int
1044 eventlog_dissect_element_GetOldestRecord_oldest(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1045 {
1046 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_GetOldestRecord_oldest_, NDR_POINTER_REF, "Pointer to Oldest (uint32)",hf_eventlog_eventlog_GetOldestRecord_oldest);
1047
1048 return offset;
1049 }
1050
1051 static int
1052 eventlog_dissect_element_GetOldestRecord_oldest_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1053 {
1054 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_GetOldestRecord_oldest, 0);
1055
1056 return offset;
1057 }
1058
1059 /* IDL: NTSTATUS eventlog_GetOldestRecord( */
1060 /* IDL: [in] [ref] policy_handle *handle, */
1061 /* IDL: [out] [ref] uint32 *oldest */
1062 /* IDL: ); */
1063
1064 static int
1065 eventlog_dissect_GetOldestRecord_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1066 {
1067 uint32_t status;
1068
1069 di->dcerpc_procedure_name="GetOldestRecord";
1070 offset = eventlog_dissect_element_GetOldestRecord_oldest(tvb, offset, pinfo, tree, di, drep);
1071 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1072
1073 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1074
1075 if (status != 0)
1076 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1077
1078 return offset;
1079 }
1080
1081 static int
1082 eventlog_dissect_GetOldestRecord_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1083 {
1084 di->dcerpc_procedure_name="GetOldestRecord";
1085 offset = eventlog_dissect_element_GetOldestRecord_handle(tvb, offset, pinfo, tree, di, drep);
1086 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1087 return offset;
1088 }
1089
1090 static int
1091 eventlog_dissect_element_ChangeNotify_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1092 {
1093 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_ChangeNotify_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_ChangeNotify_handle);
1094
1095 return offset;
1096 }
1097
1098 static int
1099 eventlog_dissect_element_ChangeNotify_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1100 {
1101 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ChangeNotify_handle, 0);
1102
1103 return offset;
1104 }
1105
1106 static int
1107 eventlog_dissect_element_ChangeNotify_unknown2(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1108 {
1109 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_ChangeNotify_unknown2_, NDR_POINTER_REF, "Pointer to Unknown2 (eventlog_ChangeUnknown0)",hf_eventlog_eventlog_ChangeNotify_unknown2);
1110
1111 return offset;
1112 }
1113
1114 static int
1115 eventlog_dissect_element_ChangeNotify_unknown2_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1116 {
1117 offset = eventlog_dissect_struct_ChangeUnknown0(tvb,offset,pinfo,tree,di,drep,hf_eventlog_eventlog_ChangeNotify_unknown2,0);
1118
1119 return offset;
1120 }
1121
1122 static int
1123 eventlog_dissect_element_ChangeNotify_unknown3(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1124 {
1125 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ChangeNotify_unknown3, 0);
1126
1127 return offset;
1128 }
1129
1130 /* IDL: NTSTATUS eventlog_ChangeNotify( */
1131 /* IDL: [in] [ref] policy_handle *handle, */
1132 /* IDL: [in] [ref] eventlog_ChangeUnknown0 *unknown2, */
1133 /* IDL: [in] uint32 unknown3 */
1134 /* IDL: ); */
1135
1136 static int
1137 eventlog_dissect_ChangeNotify_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1138 {
1139 uint32_t status;
1140
1141 di->dcerpc_procedure_name="ChangeNotify";
1142 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1143
1144 if (status != 0)
1145 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1146
1147 return offset;
1148 }
1149
1150 static int
1151 eventlog_dissect_ChangeNotify_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1152 {
1153 di->dcerpc_procedure_name="ChangeNotify";
1154 offset = eventlog_dissect_element_ChangeNotify_handle(tvb, offset, pinfo, tree, di, drep);
1155 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1156 offset = eventlog_dissect_element_ChangeNotify_unknown2(tvb, offset, pinfo, tree, di, drep);
1157 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1158 offset = eventlog_dissect_element_ChangeNotify_unknown3(tvb, offset, pinfo, tree, di, drep);
1159 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1160 return offset;
1161 }
1162
1163 static int
1164 eventlog_dissect_element_OpenEventLogW_unknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1165 {
1166 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_OpenEventLogW_unknown0_, NDR_POINTER_UNIQUE, "Pointer to Unknown0 (eventlog_OpenUnknown0)",hf_eventlog_eventlog_OpenEventLogW_unknown0);
1167
1168 return offset;
1169 }
1170
1171 static int
1172 eventlog_dissect_element_OpenEventLogW_unknown0_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1173 {
1174 offset = eventlog_dissect_struct_OpenUnknown0(tvb,offset,pinfo,tree,di,drep,hf_eventlog_eventlog_OpenEventLogW_unknown0,0);
1175
1176 return offset;
1177 }
1178
1179 static int
1180 eventlog_dissect_element_OpenEventLogW_Module(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1181 {
1182 offset=dissect_ndr_counted_string(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_OpenEventLogW_Module, 0);
1183
1184 return offset;
1185 }
1186
1187 static int
1188 eventlog_dissect_element_OpenEventLogW_RegModuleName(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1189 {
1190 offset=dissect_ndr_counted_string(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_OpenEventLogW_RegModuleName, 0);
1191
1192 return offset;
1193 }
1194
1195 static int
1196 eventlog_dissect_element_OpenEventLogW_MajorVersion(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1197 {
1198 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_OpenEventLogW_MajorVersion, 0);
1199
1200 return offset;
1201 }
1202
1203 static int
1204 eventlog_dissect_element_OpenEventLogW_MinorVersion(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1205 {
1206 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_OpenEventLogW_MinorVersion, 0);
1207
1208 return offset;
1209 }
1210
1211 static int
1212 eventlog_dissect_element_OpenEventLogW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1213 {
1214 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_OpenEventLogW_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_OpenEventLogW_handle);
1215
1216 return offset;
1217 }
1218
1219 static int
1220 eventlog_dissect_element_OpenEventLogW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1221 {
1222 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_OpenEventLogW_handle, PIDL_POLHND_OPEN);
1223
1224 return offset;
1225 }
1226
1227 /* IDL: NTSTATUS eventlog_OpenEventLogW( */
1228 /* IDL: [in] [unique(1)] eventlog_OpenUnknown0 *unknown0, */
1229 /* IDL: [in] lsa_String Module, */
1230 /* IDL: [in] lsa_String RegModuleName, */
1231 /* IDL: [in] uint32 MajorVersion, */
1232 /* IDL: [in] uint32 MinorVersion, */
1233 /* IDL: [out] [ref] policy_handle *handle */
1234 /* IDL: ); */
1235
1236 static int
1237 eventlog_dissect_OpenEventLogW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1238 {
1239 uint32_t status;
1240
1241 di->dcerpc_procedure_name="OpenEventLogW";
1242 offset = eventlog_dissect_element_OpenEventLogW_handle(tvb, offset, pinfo, tree, di, drep);
1243 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1244
1245 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1246
1247 if (status != 0)
1248 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1249
1250 return offset;
1251 }
1252
1253 static int
1254 eventlog_dissect_OpenEventLogW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1255 {
1256 di->dcerpc_procedure_name="OpenEventLogW";
1257 offset = eventlog_dissect_element_OpenEventLogW_unknown0(tvb, offset, pinfo, tree, di, drep);
1258 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1259 offset = eventlog_dissect_element_OpenEventLogW_Module(tvb, offset, pinfo, tree, di, drep);
1260 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1261 offset = eventlog_dissect_element_OpenEventLogW_RegModuleName(tvb, offset, pinfo, tree, di, drep);
1262 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1263 offset = eventlog_dissect_element_OpenEventLogW_MajorVersion(tvb, offset, pinfo, tree, di, drep);
1264 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1265 offset = eventlog_dissect_element_OpenEventLogW_MinorVersion(tvb, offset, pinfo, tree, di, drep);
1266 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1267 return offset;
1268 }
1269
1270 static int
1271 eventlog_dissect_element_RegisterEventSourceW_unknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1272 {
1273 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_RegisterEventSourceW_unknown0_, NDR_POINTER_UNIQUE, "Pointer to Unknown0 (eventlog_OpenUnknown0)",hf_eventlog_eventlog_RegisterEventSourceW_unknown0);
1274
1275 return offset;
1276 }
1277
1278 static int
1279 eventlog_dissect_element_RegisterEventSourceW_unknown0_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1280 {
1281 offset = eventlog_dissect_struct_OpenUnknown0(tvb,offset,pinfo,tree,di,drep,hf_eventlog_eventlog_RegisterEventSourceW_unknown0,0);
1282
1283 return offset;
1284 }
1285
1286 static int
1287 eventlog_dissect_element_RegisterEventSourceW_logname(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1288 {
1289 offset=dissect_ndr_counted_string(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_RegisterEventSourceW_logname, 0);
1290
1291 return offset;
1292 }
1293
1294 static int
1295 eventlog_dissect_element_RegisterEventSourceW_servername(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1296 {
1297 offset=dissect_ndr_counted_string(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_RegisterEventSourceW_servername, 0);
1298
1299 return offset;
1300 }
1301
1302 static int
1303 eventlog_dissect_element_RegisterEventSourceW_unknown2(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1304 {
1305 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_RegisterEventSourceW_unknown2, 0);
1306
1307 return offset;
1308 }
1309
1310 static int
1311 eventlog_dissect_element_RegisterEventSourceW_unknown3(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1312 {
1313 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_RegisterEventSourceW_unknown3, 0);
1314
1315 return offset;
1316 }
1317
1318 static int
1319 eventlog_dissect_element_RegisterEventSourceW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1320 {
1321 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_RegisterEventSourceW_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_RegisterEventSourceW_handle);
1322
1323 return offset;
1324 }
1325
1326 static int
1327 eventlog_dissect_element_RegisterEventSourceW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1328 {
1329 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_RegisterEventSourceW_handle, 0);
1330
1331 return offset;
1332 }
1333
1334 /* IDL: NTSTATUS eventlog_RegisterEventSourceW( */
1335 /* IDL: [in] [unique(1)] eventlog_OpenUnknown0 *unknown0, */
1336 /* IDL: [in] lsa_String logname, */
1337 /* IDL: [in] lsa_String servername, */
1338 /* IDL: [in] uint32 unknown2, */
1339 /* IDL: [in] uint32 unknown3, */
1340 /* IDL: [out] [ref] policy_handle *handle */
1341 /* IDL: ); */
1342
1343 static int
1344 eventlog_dissect_RegisterEventSourceW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1345 {
1346 uint32_t status;
1347
1348 di->dcerpc_procedure_name="RegisterEventSourceW";
1349 offset = eventlog_dissect_element_RegisterEventSourceW_handle(tvb, offset, pinfo, tree, di, drep);
1350 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1351
1352 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1353
1354 if (status != 0)
1355 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1356
1357 return offset;
1358 }
1359
1360 static int
1361 eventlog_dissect_RegisterEventSourceW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1362 {
1363 di->dcerpc_procedure_name="RegisterEventSourceW";
1364 offset = eventlog_dissect_element_RegisterEventSourceW_unknown0(tvb, offset, pinfo, tree, di, drep);
1365 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1366 offset = eventlog_dissect_element_RegisterEventSourceW_logname(tvb, offset, pinfo, tree, di, drep);
1367 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1368 offset = eventlog_dissect_element_RegisterEventSourceW_servername(tvb, offset, pinfo, tree, di, drep);
1369 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1370 offset = eventlog_dissect_element_RegisterEventSourceW_unknown2(tvb, offset, pinfo, tree, di, drep);
1371 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1372 offset = eventlog_dissect_element_RegisterEventSourceW_unknown3(tvb, offset, pinfo, tree, di, drep);
1373 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1374 return offset;
1375 }
1376
1377 static int
1378 eventlog_dissect_element_OpenBackupEventLogW_unknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1379 {
1380 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_OpenBackupEventLogW_unknown0_, NDR_POINTER_UNIQUE, "Pointer to Unknown0 (eventlog_OpenUnknown0)",hf_eventlog_eventlog_OpenBackupEventLogW_unknown0);
1381
1382 return offset;
1383 }
1384
1385 static int
1386 eventlog_dissect_element_OpenBackupEventLogW_unknown0_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1387 {
1388 offset = eventlog_dissect_struct_OpenUnknown0(tvb,offset,pinfo,tree,di,drep,hf_eventlog_eventlog_OpenBackupEventLogW_unknown0,0);
1389
1390 return offset;
1391 }
1392
1393 static int
1394 eventlog_dissect_element_OpenBackupEventLogW_logname(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1395 {
1396 offset=dissect_ndr_counted_string(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_OpenBackupEventLogW_logname, 0);
1397
1398 return offset;
1399 }
1400
1401 static int
1402 eventlog_dissect_element_OpenBackupEventLogW_unknown2(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1403 {
1404 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_OpenBackupEventLogW_unknown2, 0);
1405
1406 return offset;
1407 }
1408
1409 static int
1410 eventlog_dissect_element_OpenBackupEventLogW_unknown3(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1411 {
1412 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_OpenBackupEventLogW_unknown3, 0);
1413
1414 return offset;
1415 }
1416
1417 static int
1418 eventlog_dissect_element_OpenBackupEventLogW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1419 {
1420 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_OpenBackupEventLogW_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_OpenBackupEventLogW_handle);
1421
1422 return offset;
1423 }
1424
1425 static int
1426 eventlog_dissect_element_OpenBackupEventLogW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1427 {
1428 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_OpenBackupEventLogW_handle, PIDL_POLHND_OPEN);
1429
1430 return offset;
1431 }
1432
1433 /* IDL: NTSTATUS eventlog_OpenBackupEventLogW( */
1434 /* IDL: [in] [unique(1)] eventlog_OpenUnknown0 *unknown0, */
1435 /* IDL: [in] lsa_String logname, */
1436 /* IDL: [in] uint32 unknown2, */
1437 /* IDL: [in] uint32 unknown3, */
1438 /* IDL: [out] [ref] policy_handle *handle */
1439 /* IDL: ); */
1440
1441 static int
1442 eventlog_dissect_OpenBackupEventLogW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1443 {
1444 uint32_t status;
1445
1446 di->dcerpc_procedure_name="OpenBackupEventLogW";
1447 offset = eventlog_dissect_element_OpenBackupEventLogW_handle(tvb, offset, pinfo, tree, di, drep);
1448 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1449
1450 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1451
1452 if (status != 0)
1453 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1454
1455 return offset;
1456 }
1457
1458 static int
1459 eventlog_dissect_OpenBackupEventLogW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1460 {
1461 di->dcerpc_procedure_name="OpenBackupEventLogW";
1462 offset = eventlog_dissect_element_OpenBackupEventLogW_unknown0(tvb, offset, pinfo, tree, di, drep);
1463 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1464 offset = eventlog_dissect_element_OpenBackupEventLogW_logname(tvb, offset, pinfo, tree, di, drep);
1465 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1466 offset = eventlog_dissect_element_OpenBackupEventLogW_unknown2(tvb, offset, pinfo, tree, di, drep);
1467 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1468 offset = eventlog_dissect_element_OpenBackupEventLogW_unknown3(tvb, offset, pinfo, tree, di, drep);
1469 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1470 return offset;
1471 }
1472
1473 static int
1474 eventlog_dissect_element_ReadEventLogW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1475 {
1476 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_ReadEventLogW_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_ReadEventLogW_handle);
1477
1478 return offset;
1479 }
1480
1481 static int
1482 eventlog_dissect_element_ReadEventLogW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1483 {
1484 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReadEventLogW_handle, 0);
1485
1486 return offset;
1487 }
1488
1489 static int
1490 eventlog_dissect_element_ReadEventLogW_flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1491 {
1492 offset = eventlog_dissect_bitmap_eventlogReadFlags(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReadEventLogW_flags, 0);
1493
1494 return offset;
1495 }
1496
1497 static int
1498 eventlog_dissect_element_ReadEventLogW_offset(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1499 {
1500 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReadEventLogW_offset, 0);
1501
1502 return offset;
1503 }
1504
1505 static int
1506 eventlog_dissect_element_ReadEventLogW_number_of_bytes(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1507 {
1508 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReadEventLogW_number_of_bytes, 0);
1509
1510 return offset;
1511 }
1512
1513 static int
1514 eventlog_dissect_element_ReadEventLogW_data(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1515 {
1516 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_ReadEventLogW_data_, NDR_POINTER_REF, "Pointer to Data (uint8)",hf_eventlog_eventlog_ReadEventLogW_data);
1517
1518 return offset;
1519 }
1520
1521 static int
1522 eventlog_dissect_element_ReadEventLogW_sent_size(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1523 {
1524 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_ReadEventLogW_sent_size_, NDR_POINTER_REF, "Pointer to Sent Size (uint32)",hf_eventlog_eventlog_ReadEventLogW_sent_size);
1525
1526 return offset;
1527 }
1528
1529 static int
1530 eventlog_dissect_element_ReadEventLogW_sent_size_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1531 {
1532 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReadEventLogW_sent_size, 0);
1533
1534 return offset;
1535 }
1536
1537 static int
1538 eventlog_dissect_element_ReadEventLogW_real_size(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1539 {
1540 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_ReadEventLogW_real_size_, NDR_POINTER_REF, "Pointer to Real Size (uint32)",hf_eventlog_eventlog_ReadEventLogW_real_size);
1541
1542 return offset;
1543 }
1544
1545 static int
1546 eventlog_dissect_element_ReadEventLogW_real_size_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1547 {
1548 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReadEventLogW_real_size, 0);
1549
1550 return offset;
1551 }
1552
1553 /* IDL: NTSTATUS eventlog_ReadEventLogW( */
1554 /* IDL: [in] [ref] policy_handle *handle, */
1555 /* IDL: [in] eventlogReadFlags flags, */
1556 /* IDL: [in] uint32 offset, */
1557 /* IDL: [in] uint32 number_of_bytes, */
1558 /* IDL: [out] [ref] [size_is(number_of_bytes)] uint8 *data, */
1559 /* IDL: [out] [ref] uint32 *sent_size, */
1560 /* IDL: [out] [ref] uint32 *real_size */
1561 /* IDL: ); */
1562
1563 static int
1564 eventlog_dissect_ReadEventLogW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1565 {
1566 uint32_t status;
1567
1568 di->dcerpc_procedure_name="ReadEventLogW";
1569 offset = eventlog_dissect_element_ReadEventLogW_data(tvb, offset, pinfo, tree, di, drep);
1570 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1571
1572 offset = eventlog_dissect_element_ReadEventLogW_sent_size(tvb, offset, pinfo, tree, di, drep);
1573 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1574
1575 offset = eventlog_dissect_element_ReadEventLogW_real_size(tvb, offset, pinfo, tree, di, drep);
1576 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1577
1578 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1579
1580 if (status != 0)
1581 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1582
1583 return offset;
1584 }
1585
1586 static int
1587 eventlog_dissect_ReadEventLogW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1588 {
1589 di->dcerpc_procedure_name="ReadEventLogW";
1590 offset = eventlog_dissect_element_ReadEventLogW_handle(tvb, offset, pinfo, tree, di, drep);
1591 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1592 offset = eventlog_dissect_element_ReadEventLogW_flags(tvb, offset, pinfo, tree, di, drep);
1593 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1594 offset = eventlog_dissect_element_ReadEventLogW_offset(tvb, offset, pinfo, tree, di, drep);
1595 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1596 offset = eventlog_dissect_element_ReadEventLogW_number_of_bytes(tvb, offset, pinfo, tree, di, drep);
1597 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1598 return offset;
1599 }
1600
1601 static int
1602 eventlog_dissect_element_ReportEventW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1603 {
1604 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_ReportEventW_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_ReportEventW_handle);
1605
1606 return offset;
1607 }
1608
1609 static int
1610 eventlog_dissect_element_ReportEventW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1611 {
1612 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReportEventW_handle, 0);
1613
1614 return offset;
1615 }
1616
1617 static int
1618 eventlog_dissect_element_ReportEventW_time(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1619 {
1620 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReportEventW_time, 0);
1621
1622 return offset;
1623 }
1624
1625 static int
1626 eventlog_dissect_element_ReportEventW_Type(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1627 {
1628 offset = eventlog_dissect_bitmap_eventlogEventTypes(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReportEventW_Type, 0);
1629
1630 return offset;
1631 }
1632
1633 static int
1634 eventlog_dissect_element_ReportEventW_event_category(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1635 {
1636 offset = PIDL_dissect_uint16(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReportEventW_event_category, 0);
1637
1638 return offset;
1639 }
1640
1641 static int
1642 eventlog_dissect_element_ReportEventW_event_id(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1643 {
1644 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReportEventW_event_id, 0);
1645
1646 return offset;
1647 }
1648
1649 static int
1650 eventlog_dissect_element_ReportEventW_num_of_strings(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1651 {
1652 offset = PIDL_dissect_uint16(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReportEventW_num_of_strings, 0);
1653
1654 return offset;
1655 }
1656
1657 static int
1658 eventlog_dissect_element_ReportEventW_data_length(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1659 {
1660 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReportEventW_data_length, 0);
1661
1662 return offset;
1663 }
1664
1665 static int
1666 eventlog_dissect_element_ReportEventW_computer_name(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1667 {
1668 offset=dissect_ndr_counted_string(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReportEventW_computer_name, 0);
1669
1670 return offset;
1671 }
1672
1673 /* IDL: NTSTATUS eventlog_ReportEventW( */
1674 /* IDL: [in] [ref] policy_handle *handle, */
1675 /* IDL: [in] uint32 time, */
1676 /* IDL: [in] eventlogEventTypes Type, */
1677 /* IDL: [in] uint16 event_category, */
1678 /* IDL: [in] uint32 event_id, */
1679 /* IDL: [in] uint16 num_of_strings, */
1680 /* IDL: [in] uint32 data_length, */
1681 /* IDL: [in] lsa_String computer_name */
1682 /* IDL: ); */
1683
1684 static int
1685 eventlog_dissect_ReportEventW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1686 {
1687 uint32_t status;
1688
1689 di->dcerpc_procedure_name="ReportEventW";
1690 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1691
1692 if (status != 0)
1693 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1694
1695 return offset;
1696 }
1697
1698 static int
1699 eventlog_dissect_ReportEventW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1700 {
1701 di->dcerpc_procedure_name="ReportEventW";
1702 offset = eventlog_dissect_element_ReportEventW_handle(tvb, offset, pinfo, tree, di, drep);
1703 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1704 offset = eventlog_dissect_element_ReportEventW_time(tvb, offset, pinfo, tree, di, drep);
1705 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1706 offset = eventlog_dissect_element_ReportEventW_Type(tvb, offset, pinfo, tree, di, drep);
1707 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1708 offset = eventlog_dissect_element_ReportEventW_event_category(tvb, offset, pinfo, tree, di, drep);
1709 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1710 offset = eventlog_dissect_element_ReportEventW_event_id(tvb, offset, pinfo, tree, di, drep);
1711 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1712 offset = eventlog_dissect_element_ReportEventW_num_of_strings(tvb, offset, pinfo, tree, di, drep);
1713 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1714 offset = eventlog_dissect_element_ReportEventW_data_length(tvb, offset, pinfo, tree, di, drep);
1715 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1716 offset = eventlog_dissect_element_ReportEventW_computer_name(tvb, offset, pinfo, tree, di, drep);
1717 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1718 return offset;
1719 }
1720
1721 /* IDL: NTSTATUS eventlog_ClearEventLogA( */
1722 /* IDL: */
1723 /* IDL: ); */
1724
1725 static int
1726 eventlog_dissect_ClearEventLogA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1727 {
1728 uint32_t status;
1729
1730 di->dcerpc_procedure_name="ClearEventLogA";
1731 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1732
1733 if (status != 0)
1734 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1735
1736 return offset;
1737 }
1738
1739 static int
1740 eventlog_dissect_ClearEventLogA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1741 {
1742 di->dcerpc_procedure_name="ClearEventLogA";
1743 return offset;
1744 }
1745
1746 /* IDL: NTSTATUS eventlog_BackupEventLogA( */
1747 /* IDL: */
1748 /* IDL: ); */
1749
1750 static int
1751 eventlog_dissect_BackupEventLogA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1752 {
1753 uint32_t status;
1754
1755 di->dcerpc_procedure_name="BackupEventLogA";
1756 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1757
1758 if (status != 0)
1759 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1760
1761 return offset;
1762 }
1763
1764 static int
1765 eventlog_dissect_BackupEventLogA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1766 {
1767 di->dcerpc_procedure_name="BackupEventLogA";
1768 return offset;
1769 }
1770
1771 /* IDL: NTSTATUS eventlog_OpenEventLogA( */
1772 /* IDL: */
1773 /* IDL: ); */
1774
1775 static int
1776 eventlog_dissect_OpenEventLogA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1777 {
1778 uint32_t status;
1779
1780 di->dcerpc_procedure_name="OpenEventLogA";
1781 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1782
1783 if (status != 0)
1784 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1785
1786 return offset;
1787 }
1788
1789 static int
1790 eventlog_dissect_OpenEventLogA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1791 {
1792 di->dcerpc_procedure_name="OpenEventLogA";
1793 return offset;
1794 }
1795
1796 /* IDL: NTSTATUS eventlog_RegisterEventSourceA( */
1797 /* IDL: */
1798 /* IDL: ); */
1799
1800 static int
1801 eventlog_dissect_RegisterEventSourceA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1802 {
1803 uint32_t status;
1804
1805 di->dcerpc_procedure_name="RegisterEventSourceA";
1806 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1807
1808 if (status != 0)
1809 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1810
1811 return offset;
1812 }
1813
1814 static int
1815 eventlog_dissect_RegisterEventSourceA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1816 {
1817 di->dcerpc_procedure_name="RegisterEventSourceA";
1818 return offset;
1819 }
1820
1821 /* IDL: NTSTATUS eventlog_OpenBackupEventLogA( */
1822 /* IDL: */
1823 /* IDL: ); */
1824
1825 static int
1826 eventlog_dissect_OpenBackupEventLogA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1827 {
1828 uint32_t status;
1829
1830 di->dcerpc_procedure_name="OpenBackupEventLogA";
1831 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1832
1833 if (status != 0)
1834 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1835
1836 return offset;
1837 }
1838
1839 static int
1840 eventlog_dissect_OpenBackupEventLogA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1841 {
1842 di->dcerpc_procedure_name="OpenBackupEventLogA";
1843 return offset;
1844 }
1845
1846 /* IDL: NTSTATUS eventlog_ReadEventLogA( */
1847 /* IDL: */
1848 /* IDL: ); */
1849
1850 static int
1851 eventlog_dissect_ReadEventLogA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1852 {
1853 uint32_t status;
1854
1855 di->dcerpc_procedure_name="ReadEventLogA";
1856 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1857
1858 if (status != 0)
1859 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1860
1861 return offset;
1862 }
1863
1864 static int
1865 eventlog_dissect_ReadEventLogA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1866 {
1867 di->dcerpc_procedure_name="ReadEventLogA";
1868 return offset;
1869 }
1870
1871 /* IDL: NTSTATUS eventlog_ReportEventA( */
1872 /* IDL: */
1873 /* IDL: ); */
1874
1875 static int
1876 eventlog_dissect_ReportEventA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1877 {
1878 uint32_t status;
1879
1880 di->dcerpc_procedure_name="ReportEventA";
1881 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1882
1883 if (status != 0)
1884 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1885
1886 return offset;
1887 }
1888
1889 static int
1890 eventlog_dissect_ReportEventA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1891 {
1892 di->dcerpc_procedure_name="ReportEventA";
1893 return offset;
1894 }
1895
1896 /* IDL: NTSTATUS eventlog_RegisterClusterSvc( */
1897 /* IDL: */
1898 /* IDL: ); */
1899
1900 static int
1901 eventlog_dissect_RegisterClusterSvc_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1902 {
1903 uint32_t status;
1904
1905 di->dcerpc_procedure_name="RegisterClusterSvc";
1906 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1907
1908 if (status != 0)
1909 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1910
1911 return offset;
1912 }
1913
1914 static int
1915 eventlog_dissect_RegisterClusterSvc_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1916 {
1917 di->dcerpc_procedure_name="RegisterClusterSvc";
1918 return offset;
1919 }
1920
1921 /* IDL: NTSTATUS eventlog_DeregisterClusterSvc( */
1922 /* IDL: */
1923 /* IDL: ); */
1924
1925 static int
1926 eventlog_dissect_DeregisterClusterSvc_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1927 {
1928 uint32_t status;
1929
1930 di->dcerpc_procedure_name="DeregisterClusterSvc";
1931 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1932
1933 if (status != 0)
1934 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1935
1936 return offset;
1937 }
1938
1939 static int
1940 eventlog_dissect_DeregisterClusterSvc_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1941 {
1942 di->dcerpc_procedure_name="DeregisterClusterSvc";
1943 return offset;
1944 }
1945
1946 /* IDL: NTSTATUS eventlog_WriteClusterEvents( */
1947 /* IDL: */
1948 /* IDL: ); */
1949
1950 static int
1951 eventlog_dissect_WriteClusterEvents_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1952 {
1953 uint32_t status;
1954
1955 di->dcerpc_procedure_name="WriteClusterEvents";
1956 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1957
1958 if (status != 0)
1959 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1960
1961 return offset;
1962 }
1963
1964 static int
1965 eventlog_dissect_WriteClusterEvents_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1966 {
1967 di->dcerpc_procedure_name="WriteClusterEvents";
1968 return offset;
1969 }
1970
1971 static int
1972 eventlog_dissect_element_GetLogInformation_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1973 {
1974 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_GetLogInformation_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_GetLogInformation_handle);
1975
1976 return offset;
1977 }
1978
1979 static int
1980 eventlog_dissect_element_GetLogInformation_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1981 {
1982 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_GetLogInformation_handle, 0);
1983
1984 return offset;
1985 }
1986
1987 static int
1988 eventlog_dissect_element_GetLogInformation_dwInfoLevel(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1989 {
1990 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_GetLogInformation_dwInfoLevel, 0);
1991
1992 return offset;
1993 }
1994
1995 static int
1996 eventlog_dissect_element_GetLogInformation_lpBuffer(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1997 {
1998 struct ndr_generic_array nga = { .is_conformant = false, };
1999
2000 offset = dissect_ndr_conformant_array_hdr(tvb, offset, pinfo, tree, di, drep, &nga);
2001
2002 offset = dissect_ndr_generic_array_bytes(tvb, offset, pinfo, tree, di, drep, &nga, eventlog_dissect_element_GetLogInformation_lpBuffer_);
2003
2004 return offset;
2005 }
2006
2007 static int
2008 eventlog_dissect_element_GetLogInformation_lpBuffer_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
2009 {
2010 offset = PIDL_dissect_uint8(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_GetLogInformation_lpBuffer, 0);
2011
2012 return offset;
2013 }
2014
2015 static int
2016 eventlog_dissect_element_GetLogInformation_cbBufSize(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
2017 {
2018 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_GetLogInformation_cbBufSize, 0);
2019
2020 return offset;
2021 }
2022
2023 static int
2024 eventlog_dissect_element_GetLogInformation_cbBytesNeeded(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
2025 {
2026 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_GetLogInformation_cbBytesNeeded_, NDR_POINTER_REF, "Pointer to CbBytesNeeded (int32)",hf_eventlog_eventlog_GetLogInformation_cbBytesNeeded);
2027
2028 return offset;
2029 }
2030
2031 static int
2032 eventlog_dissect_element_GetLogInformation_cbBytesNeeded_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
2033 {
2034 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_GetLogInformation_cbBytesNeeded, 0);
2035
2036 return offset;
2037 }
2038
2039 /* IDL: NTSTATUS eventlog_GetLogInformation( */
2040 /* IDL: [in] [ref] policy_handle *handle, */
2041 /* IDL: [in] uint32 dwInfoLevel, */
2042 /* IDL: [out] [size_is(cbBufSize)] uint8 lpBuffer[*], */
2043 /* IDL: [in] uint32 cbBufSize, */
2044 /* IDL: [out] [ref] int32 *cbBytesNeeded */
2045 /* IDL: ); */
2046
2047 static int
2048 eventlog_dissect_GetLogInformation_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
2049 {
2050 uint32_t status;
2051
2052 di->dcerpc_procedure_name="GetLogInformation";
2053 offset = eventlog_dissect_element_GetLogInformation_lpBuffer(tvb, offset, pinfo, tree, di, drep);
2054 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
2055
2056 offset = eventlog_dissect_element_GetLogInformation_cbBytesNeeded(tvb, offset, pinfo, tree, di, drep);
2057 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
2058
2059 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
2060
2061 if (status != 0)
2062 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
2063
2064 return offset;
2065 }
2066
2067 static int
2068 eventlog_dissect_GetLogInformation_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
2069 {
2070 di->dcerpc_procedure_name="GetLogInformation";
2071 offset = eventlog_dissect_element_GetLogInformation_handle(tvb, offset, pinfo, tree, di, drep);
2072 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
2073 offset = eventlog_dissect_element_GetLogInformation_dwInfoLevel(tvb, offset, pinfo, tree, di, drep);
2074 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
2075 offset = eventlog_dissect_element_GetLogInformation_cbBufSize(tvb, offset, pinfo, tree, di, drep);
2076 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
2077 return offset;
2078 }
2079
2080 static int
2081 eventlog_dissect_element_FlushEventLog_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
2082 {
2083 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_FlushEventLog_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_FlushEventLog_handle);
2084
2085 return offset;
2086 }
2087
2088 static int
2089 eventlog_dissect_element_FlushEventLog_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
2090 {
2091 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_FlushEventLog_handle, 0);
2092
2093 return offset;
2094 }
2095
2096 /* IDL: NTSTATUS eventlog_FlushEventLog( */
2097 /* IDL: [in] [ref] policy_handle *handle */
2098 /* IDL: ); */
2099
2100 static int
2101 eventlog_dissect_FlushEventLog_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
2102 {
2103 uint32_t status;
2104
2105 di->dcerpc_procedure_name="FlushEventLog";
2106 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
2107
2108 if (status != 0)
2109 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
2110
2111 return offset;
2112 }
2113
2114 static int
2115 eventlog_dissect_FlushEventLog_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
2116 {
2117 di->dcerpc_procedure_name="FlushEventLog";
2118 offset = eventlog_dissect_element_FlushEventLog_handle(tvb, offset, pinfo, tree, di, drep);
2119 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
2120 return offset;
2121 }
2122
2123
2124 static const dcerpc_sub_dissector eventlog_dissectors[] = {
2125 { 0, "ClearEventLogW",
2126 eventlog_dissect_ClearEventLogW_request, eventlog_dissect_ClearEventLogW_response},
2127 { 1, "BackupEventLogW",
2128 eventlog_dissect_BackupEventLogW_request, eventlog_dissect_BackupEventLogW_response},
2129 { 2, "CloseEventLog",
2130 eventlog_dissect_CloseEventLog_request, eventlog_dissect_CloseEventLog_response},
2131 { 3, "DeregisterEventSource",
2132 eventlog_dissect_DeregisterEventSource_request, eventlog_dissect_DeregisterEventSource_response},
2133 { 4, "GetNumRecords",
2134 eventlog_dissect_GetNumRecords_request, eventlog_dissect_GetNumRecords_response},
2135 { 5, "GetOldestRecord",
2136 eventlog_dissect_GetOldestRecord_request, eventlog_dissect_GetOldestRecord_response},
2137 { 6, "ChangeNotify",
2138 eventlog_dissect_ChangeNotify_request, eventlog_dissect_ChangeNotify_response},
2139 { 7, "OpenEventLogW",
2140 eventlog_dissect_OpenEventLogW_request, eventlog_dissect_OpenEventLogW_response},
2141 { 8, "RegisterEventSourceW",
2142 eventlog_dissect_RegisterEventSourceW_request, eventlog_dissect_RegisterEventSourceW_response},
2143 { 9, "OpenBackupEventLogW",
2144 eventlog_dissect_OpenBackupEventLogW_request, eventlog_dissect_OpenBackupEventLogW_response},
2145 { 10, "ReadEventLogW",
2146 eventlog_dissect_ReadEventLogW_request, eventlog_dissect_ReadEventLogW_response},
2147 { 11, "ReportEventW",
2148 eventlog_dissect_ReportEventW_request, eventlog_dissect_ReportEventW_response},
2149 { 12, "ClearEventLogA",
2150 eventlog_dissect_ClearEventLogA_request, eventlog_dissect_ClearEventLogA_response},
2151 { 13, "BackupEventLogA",
2152 eventlog_dissect_BackupEventLogA_request, eventlog_dissect_BackupEventLogA_response},
2153 { 14, "OpenEventLogA",
2154 eventlog_dissect_OpenEventLogA_request, eventlog_dissect_OpenEventLogA_response},
2155 { 15, "RegisterEventSourceA",
2156 eventlog_dissect_RegisterEventSourceA_request, eventlog_dissect_RegisterEventSourceA_response},
2157 { 16, "OpenBackupEventLogA",
2158 eventlog_dissect_OpenBackupEventLogA_request, eventlog_dissect_OpenBackupEventLogA_response},
2159 { 17, "ReadEventLogA",
2160 eventlog_dissect_ReadEventLogA_request, eventlog_dissect_ReadEventLogA_response},
2161 { 18, "ReportEventA",
2162 eventlog_dissect_ReportEventA_request, eventlog_dissect_ReportEventA_response},
2163 { 19, "RegisterClusterSvc",
2164 eventlog_dissect_RegisterClusterSvc_request, eventlog_dissect_RegisterClusterSvc_response},
2165 { 20, "DeregisterClusterSvc",
2166 eventlog_dissect_DeregisterClusterSvc_request, eventlog_dissect_DeregisterClusterSvc_response},
2167 { 21, "WriteClusterEvents",
2168 eventlog_dissect_WriteClusterEvents_request, eventlog_dissect_WriteClusterEvents_response},
2169 { 22, "GetLogInformation",
2170 eventlog_dissect_GetLogInformation_request, eventlog_dissect_GetLogInformation_response},
2171 { 23, "FlushEventLog",
2172 eventlog_dissect_FlushEventLog_request, eventlog_dissect_FlushEventLog_response},
2173 { 0, NULL, NULL, NULL }
2174 };
2175
2176 void proto_register_dcerpc_eventlog(void)
2177 {
2178 static hf_register_info hf[] = {
2179 { &hf_eventlog_Record,
2180 { "Record", "eventlog.Record", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
2181 { &hf_eventlog_Record_computer_name,
2182 { "Computer Name", "eventlog.Record.computer_name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2183 { &hf_eventlog_Record_length,
2184 { "Record Length", "eventlog.Record.length", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2185 { &hf_eventlog_Record_source_name,
2186 { "Source Name", "eventlog.Record.source_name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2187 { &hf_eventlog_Record_string,
2188 { "string", "eventlog.Record.string", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2189 { &hf_eventlog_eventlogEventTypes_EVENTLOG_AUDIT_FAILURE,
2190 { "EVENTLOG AUDIT FAILURE", "eventlog.eventlogEventTypes.EVENTLOG_AUDIT_FAILURE", FT_BOOLEAN, 32, TFS(&eventlogEventTypes_EVENTLOG_AUDIT_FAILURE_tfs), ( 0x00000010 ), NULL, HFILL }},
2191 { &hf_eventlog_eventlogEventTypes_EVENTLOG_AUDIT_SUCCESS,
2192 { "EVENTLOG AUDIT SUCCESS", "eventlog.eventlogEventTypes.EVENTLOG_AUDIT_SUCCESS", FT_BOOLEAN, 32, TFS(&eventlogEventTypes_EVENTLOG_AUDIT_SUCCESS_tfs), ( 0x00000008 ), NULL, HFILL }},
2193 { &hf_eventlog_eventlogEventTypes_EVENTLOG_ERROR_TYPE,
2194 { "EVENTLOG ERROR TYPE", "eventlog.eventlogEventTypes.EVENTLOG_ERROR_TYPE", FT_BOOLEAN, 32, TFS(&eventlogEventTypes_EVENTLOG_ERROR_TYPE_tfs), ( 0x00000001 ), NULL, HFILL }},
2195 { &hf_eventlog_eventlogEventTypes_EVENTLOG_INFORMATION_TYPE,
2196 { "EVENTLOG INFORMATION TYPE", "eventlog.eventlogEventTypes.EVENTLOG_INFORMATION_TYPE", FT_BOOLEAN, 32, TFS(&eventlogEventTypes_EVENTLOG_INFORMATION_TYPE_tfs), ( 0x00000004 ), NULL, HFILL }},
2197 { &hf_eventlog_eventlogEventTypes_EVENTLOG_WARNING_TYPE,
2198 { "EVENTLOG WARNING TYPE", "eventlog.eventlogEventTypes.EVENTLOG_WARNING_TYPE", FT_BOOLEAN, 32, TFS(&eventlogEventTypes_EVENTLOG_WARNING_TYPE_tfs), ( 0x00000002 ), NULL, HFILL }},
2199 { &hf_eventlog_eventlogReadFlags_EVENTLOG_BACKWARDS_READ,
2200 { "EVENTLOG BACKWARDS READ", "eventlog.eventlogReadFlags.EVENTLOG_BACKWARDS_READ", FT_BOOLEAN, 32, TFS(&eventlogReadFlags_EVENTLOG_BACKWARDS_READ_tfs), ( 0x00000008 ), NULL, HFILL }},
2201 { &hf_eventlog_eventlogReadFlags_EVENTLOG_FORWARDS_READ,
2202 { "EVENTLOG FORWARDS READ", "eventlog.eventlogReadFlags.EVENTLOG_FORWARDS_READ", FT_BOOLEAN, 32, TFS(&eventlogReadFlags_EVENTLOG_FORWARDS_READ_tfs), ( 0x00000004 ), NULL, HFILL }},
2203 { &hf_eventlog_eventlogReadFlags_EVENTLOG_SEEK_READ,
2204 { "EVENTLOG SEEK READ", "eventlog.eventlogReadFlags.EVENTLOG_SEEK_READ", FT_BOOLEAN, 32, TFS(&eventlogReadFlags_EVENTLOG_SEEK_READ_tfs), ( 0x00000002 ), NULL, HFILL }},
2205 { &hf_eventlog_eventlogReadFlags_EVENTLOG_SEQUENTIAL_READ,
2206 { "EVENTLOG SEQUENTIAL READ", "eventlog.eventlogReadFlags.EVENTLOG_SEQUENTIAL_READ", FT_BOOLEAN, 32, TFS(&eventlogReadFlags_EVENTLOG_SEQUENTIAL_READ_tfs), ( 0x00000001 ), NULL, HFILL }},
2207 { &hf_eventlog_eventlog_BackupEventLogW_backupfilename,
2208 { "Backupfilename", "eventlog.eventlog_BackupEventLogW.backupfilename", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2209 { &hf_eventlog_eventlog_BackupEventLogW_handle,
2210 { "Handle", "eventlog.eventlog_BackupEventLogW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2211 { &hf_eventlog_eventlog_ChangeNotify_handle,
2212 { "Handle", "eventlog.eventlog_ChangeNotify.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2213 { &hf_eventlog_eventlog_ChangeNotify_unknown2,
2214 { "Unknown2", "eventlog.eventlog_ChangeNotify.unknown2", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
2215 { &hf_eventlog_eventlog_ChangeNotify_unknown3,
2216 { "Unknown3", "eventlog.eventlog_ChangeNotify.unknown3", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2217 { &hf_eventlog_eventlog_ChangeUnknown0_unknown0,
2218 { "Unknown0", "eventlog.eventlog_ChangeUnknown0.unknown0", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2219 { &hf_eventlog_eventlog_ChangeUnknown0_unknown1,
2220 { "Unknown1", "eventlog.eventlog_ChangeUnknown0.unknown1", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2221 { &hf_eventlog_eventlog_ClearEventLogW_backupfilename,
2222 { "Backupfilename", "eventlog.eventlog_ClearEventLogW.backupfilename", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2223 { &hf_eventlog_eventlog_ClearEventLogW_handle,
2224 { "Handle", "eventlog.eventlog_ClearEventLogW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2225 { &hf_eventlog_eventlog_CloseEventLog_handle,
2226 { "Handle", "eventlog.eventlog_CloseEventLog.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2227 { &hf_eventlog_eventlog_DeregisterEventSource_handle,
2228 { "Handle", "eventlog.eventlog_DeregisterEventSource.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2229 { &hf_eventlog_eventlog_FlushEventLog_handle,
2230 { "Handle", "eventlog.eventlog_FlushEventLog.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2231 { &hf_eventlog_eventlog_GetLogInformation_cbBufSize,
2232 { "CbBufSize", "eventlog.eventlog_GetLogInformation.cbBufSize", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2233 { &hf_eventlog_eventlog_GetLogInformation_cbBytesNeeded,
2234 { "CbBytesNeeded", "eventlog.eventlog_GetLogInformation.cbBytesNeeded", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2235 { &hf_eventlog_eventlog_GetLogInformation_dwInfoLevel,
2236 { "DwInfoLevel", "eventlog.eventlog_GetLogInformation.dwInfoLevel", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2237 { &hf_eventlog_eventlog_GetLogInformation_handle,
2238 { "Handle", "eventlog.eventlog_GetLogInformation.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2239 { &hf_eventlog_eventlog_GetLogInformation_lpBuffer,
2240 { "LpBuffer", "eventlog.eventlog_GetLogInformation.lpBuffer", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL }},
2241 { &hf_eventlog_eventlog_GetNumRecords_handle,
2242 { "Handle", "eventlog.eventlog_GetNumRecords.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2243 { &hf_eventlog_eventlog_GetNumRecords_number,
2244 { "Number", "eventlog.eventlog_GetNumRecords.number", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2245 { &hf_eventlog_eventlog_GetOldestRecord_handle,
2246 { "Handle", "eventlog.eventlog_GetOldestRecord.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2247 { &hf_eventlog_eventlog_GetOldestRecord_oldest,
2248 { "Oldest", "eventlog.eventlog_GetOldestRecord.oldest", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2249 { &hf_eventlog_eventlog_OpenBackupEventLogW_handle,
2250 { "Handle", "eventlog.eventlog_OpenBackupEventLogW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2251 { &hf_eventlog_eventlog_OpenBackupEventLogW_logname,
2252 { "Logname", "eventlog.eventlog_OpenBackupEventLogW.logname", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2253 { &hf_eventlog_eventlog_OpenBackupEventLogW_unknown0,
2254 { "Unknown0", "eventlog.eventlog_OpenBackupEventLogW.unknown0", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
2255 { &hf_eventlog_eventlog_OpenBackupEventLogW_unknown2,
2256 { "Unknown2", "eventlog.eventlog_OpenBackupEventLogW.unknown2", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2257 { &hf_eventlog_eventlog_OpenBackupEventLogW_unknown3,
2258 { "Unknown3", "eventlog.eventlog_OpenBackupEventLogW.unknown3", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2259 { &hf_eventlog_eventlog_OpenEventLogW_MajorVersion,
2260 { "MajorVersion", "eventlog.eventlog_OpenEventLogW.MajorVersion", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2261 { &hf_eventlog_eventlog_OpenEventLogW_MinorVersion,
2262 { "MinorVersion", "eventlog.eventlog_OpenEventLogW.MinorVersion", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2263 { &hf_eventlog_eventlog_OpenEventLogW_Module,
2264 { "Module", "eventlog.eventlog_OpenEventLogW.Module", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2265 { &hf_eventlog_eventlog_OpenEventLogW_RegModuleName,
2266 { "RegModuleName", "eventlog.eventlog_OpenEventLogW.RegModuleName", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2267 { &hf_eventlog_eventlog_OpenEventLogW_handle,
2268 { "Handle", "eventlog.eventlog_OpenEventLogW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2269 { &hf_eventlog_eventlog_OpenEventLogW_unknown0,
2270 { "Unknown0", "eventlog.eventlog_OpenEventLogW.unknown0", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
2271 { &hf_eventlog_eventlog_OpenUnknown0_unknown0,
2272 { "Unknown0", "eventlog.eventlog_OpenUnknown0.unknown0", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
2273 { &hf_eventlog_eventlog_OpenUnknown0_unknown1,
2274 { "Unknown1", "eventlog.eventlog_OpenUnknown0.unknown1", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
2275 { &hf_eventlog_eventlog_ReadEventLogW_data,
2276 { "Data", "eventlog.eventlog_ReadEventLogW.data", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL }},
2277 { &hf_eventlog_eventlog_ReadEventLogW_flags,
2278 { "Flags", "eventlog.eventlog_ReadEventLogW.flags", FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }},
2279 { &hf_eventlog_eventlog_ReadEventLogW_handle,
2280 { "Handle", "eventlog.eventlog_ReadEventLogW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2281 { &hf_eventlog_eventlog_ReadEventLogW_number_of_bytes,
2282 { "Number Of Bytes", "eventlog.eventlog_ReadEventLogW.number_of_bytes", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2283 { &hf_eventlog_eventlog_ReadEventLogW_offset,
2284 { "Offset", "eventlog.eventlog_ReadEventLogW.offset", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2285 { &hf_eventlog_eventlog_ReadEventLogW_real_size,
2286 { "Real Size", "eventlog.eventlog_ReadEventLogW.real_size", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2287 { &hf_eventlog_eventlog_ReadEventLogW_sent_size,
2288 { "Sent Size", "eventlog.eventlog_ReadEventLogW.sent_size", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2289 { &hf_eventlog_eventlog_Record_closing_record_number,
2290 { "Closing Record Number", "eventlog.eventlog_Record.closing_record_number", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2291 { &hf_eventlog_eventlog_Record_computer_name,
2292 { "Computer Name", "eventlog.eventlog_Record.computer_name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2293 { &hf_eventlog_eventlog_Record_data_length,
2294 { "Data Length", "eventlog.eventlog_Record.data_length", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2295 { &hf_eventlog_eventlog_Record_data_offset,
2296 { "Data Offset", "eventlog.eventlog_Record.data_offset", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2297 { &hf_eventlog_eventlog_Record_event_category,
2298 { "Event Category", "eventlog.eventlog_Record.event_category", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
2299 { &hf_eventlog_eventlog_Record_event_id,
2300 { "Event Id", "eventlog.eventlog_Record.event_id", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2301 { &hf_eventlog_eventlog_Record_event_type,
2302 { "Event Type", "eventlog.eventlog_Record.event_type", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
2303 { &hf_eventlog_eventlog_Record_num_of_strings,
2304 { "Num Of Strings", "eventlog.eventlog_Record.num_of_strings", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
2305 { &hf_eventlog_eventlog_Record_raw_data,
2306 { "Raw Data", "eventlog.eventlog_Record.raw_data", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2307 { &hf_eventlog_eventlog_Record_record_number,
2308 { "Record Number", "eventlog.eventlog_Record.record_number", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2309 { &hf_eventlog_eventlog_Record_reserved,
2310 { "Reserved", "eventlog.eventlog_Record.reserved", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2311 { &hf_eventlog_eventlog_Record_reserved_flags,
2312 { "Reserved Flags", "eventlog.eventlog_Record.reserved_flags", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
2313 { &hf_eventlog_eventlog_Record_sid_length,
2314 { "Sid Length", "eventlog.eventlog_Record.sid_length", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2315 { &hf_eventlog_eventlog_Record_sid_offset,
2316 { "Sid Offset", "eventlog.eventlog_Record.sid_offset", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2317 { &hf_eventlog_eventlog_Record_size,
2318 { "Size", "eventlog.eventlog_Record.size", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2319 { &hf_eventlog_eventlog_Record_source_name,
2320 { "Source Name", "eventlog.eventlog_Record.source_name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2321 { &hf_eventlog_eventlog_Record_stringoffset,
2322 { "Stringoffset", "eventlog.eventlog_Record.stringoffset", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2323 { &hf_eventlog_eventlog_Record_strings,
2324 { "Strings", "eventlog.eventlog_Record.strings", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2325 { &hf_eventlog_eventlog_Record_time_generated,
2326 { "Time Generated", "eventlog.eventlog_Record.time_generated", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2327 { &hf_eventlog_eventlog_Record_time_written,
2328 { "Time Written", "eventlog.eventlog_Record.time_written", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2329 { &hf_eventlog_eventlog_RegisterEventSourceW_handle,
2330 { "Handle", "eventlog.eventlog_RegisterEventSourceW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2331 { &hf_eventlog_eventlog_RegisterEventSourceW_logname,
2332 { "Logname", "eventlog.eventlog_RegisterEventSourceW.logname", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2333 { &hf_eventlog_eventlog_RegisterEventSourceW_servername,
2334 { "Servername", "eventlog.eventlog_RegisterEventSourceW.servername", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2335 { &hf_eventlog_eventlog_RegisterEventSourceW_unknown0,
2336 { "Unknown0", "eventlog.eventlog_RegisterEventSourceW.unknown0", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
2337 { &hf_eventlog_eventlog_RegisterEventSourceW_unknown2,
2338 { "Unknown2", "eventlog.eventlog_RegisterEventSourceW.unknown2", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2339 { &hf_eventlog_eventlog_RegisterEventSourceW_unknown3,
2340 { "Unknown3", "eventlog.eventlog_RegisterEventSourceW.unknown3", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2341 { &hf_eventlog_eventlog_ReportEventW_Type,
2342 { "Type", "eventlog.eventlog_ReportEventW.Type", FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }},
2343 { &hf_eventlog_eventlog_ReportEventW_computer_name,
2344 { "Computer Name", "eventlog.eventlog_ReportEventW.computer_name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2345 { &hf_eventlog_eventlog_ReportEventW_data_length,
2346 { "Data Length", "eventlog.eventlog_ReportEventW.data_length", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2347 { &hf_eventlog_eventlog_ReportEventW_event_category,
2348 { "Event Category", "eventlog.eventlog_ReportEventW.event_category", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
2349 { &hf_eventlog_eventlog_ReportEventW_event_id,
2350 { "Event Id", "eventlog.eventlog_ReportEventW.event_id", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2351 { &hf_eventlog_eventlog_ReportEventW_handle,
2352 { "Handle", "eventlog.eventlog_ReportEventW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2353 { &hf_eventlog_eventlog_ReportEventW_num_of_strings,
2354 { "Num Of Strings", "eventlog.eventlog_ReportEventW.num_of_strings", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
2355 { &hf_eventlog_eventlog_ReportEventW_time,
2356 { "Time", "eventlog.eventlog_ReportEventW.time", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2357 { &hf_eventlog_opnum,
2358 { "Operation", "eventlog.opnum", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
2359 { &hf_eventlog_status,
2360 { "NT Error", "eventlog.status", FT_UINT32, BASE_HEX|BASE_EXT_STRING, &NT_errors_ext, 0, NULL, HFILL }},
2361 };
2362
2363
2364 static int *ett[] = {
2365 &ett_dcerpc_eventlog,
2366 &ett_eventlog_eventlogReadFlags,
2367 &ett_eventlog_eventlogEventTypes,
2368 &ett_eventlog_eventlog_OpenUnknown0,
2369 &ett_eventlog_eventlog_Record,
2370 &ett_eventlog_eventlog_ChangeUnknown0,
2371 };
2372
2373 proto_dcerpc_eventlog = proto_register_protocol("Event Logger", "EVENTLOG", "eventlog");
2374 proto_register_field_array(proto_dcerpc_eventlog, hf, array_length (hf));
2375 proto_register_subtree_array(ett, array_length(ett));
2376 }
2377
2378 void proto_reg_handoff_dcerpc_eventlog(void)
2379 {
2380 dcerpc_init_uuid(proto_dcerpc_eventlog, ett_dcerpc_eventlog,
2381 &uuid_dcerpc_eventlog, ver_dcerpc_eventlog,
2382 eventlog_dissectors, hf_eventlog_opnum);
2383 }
Metzes wireshark repo