search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
MSWSP: add two more Property Sets
[wireshark-wip.git] / epan / dissectors / packet-dcerpc-svcctl.c
blob128caa7c3a57c40787f8b9028b98fbce196ba0ee
1 /* packet-dcerpc-svcctl.c
2 * Routines for SMB \PIPE\svcctl packet disassembly
3 * Copyright 2003, Tim Potter <tpot@samba.org>
4 * Copyright 2003, Ronnie Sahlberg, added function dissectors
5 * Copyright 2010, Brett Kuskie <fullaxx@gmail.com>
6 *
7 * $Id$
8 *
9 * Wireshark - Network traffic analyzer
10 * By Gerald Combs <gerald@wireshark.org>
11 * Copyright 1998 Gerald Combs
12 *
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
17 *
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
22 *
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 */
27
28 #include "config.h"
29
30 #include <glib.h>
31 #include <epan/packet.h>
32 #include <epan/wmem/wmem.h>
33 #include "packet-dcerpc.h"
34 #include "packet-dcerpc-svcctl.h"
35 #include "packet-dcerpc-nt.h"
36 #include "packet-windows-common.h"
37
38 static int proto_dcerpc_svcctl = -1;
39 static int hf_svcctl_opnum = -1;
40 static int hf_svcctl_machinename = -1;
41 static int hf_svcctl_database = -1;
42 static int hf_svcctl_access_mask = -1;
43 static int hf_svcctl_scm_rights_connect = -1;
44 static int hf_svcctl_scm_rights_create_service = -1;
45 static int hf_svcctl_scm_rights_enumerate_service = -1;
46 static int hf_svcctl_scm_rights_lock = -1;
47 static int hf_svcctl_scm_rights_query_lock_status = -1;
48 static int hf_svcctl_scm_rights_modify_boot_config = -1;
49 static int hf_svcctl_hnd = -1;
50 static int hf_svcctl_lock = -1;
51 static int hf_svcctl_rc = -1;
52 static int hf_svcctl_size = -1;
53 static int hf_svcctl_required_size = -1;
54 static int hf_svcctl_is_locked = -1;
55 static int hf_svcctl_lock_duration = -1;
56 static int hf_svcctl_lock_owner = -1;
57 static int hf_svcctl_service_type = -1;
58 static int hf_svcctl_service_type_kernel_driver = -1;
59 static int hf_svcctl_service_type_fs_driver = -1;
60 static int hf_svcctl_service_type_win32_own_process = -1;
61 static int hf_svcctl_service_type_win32_share_process = -1;
62 static int hf_svcctl_service_type_interactive_process = -1;
63 static int hf_svcctl_service_state = -1;
64 static int hf_svcctl_buffer = -1;
65 /* static int hf_svcctl_bytes_needed = -1; */
66 /* static int hf_svcctl_services_returned = -1; */
67 static int hf_svcctl_resume = -1;
68 static int hf_svcctl_service_name = -1;
69 static int hf_svcctl_display_name = -1;
70 static int hf_svcctl_service_start_type = -1;
71 static int hf_svcctl_service_error_control = -1;
72 static int hf_svcctl_binarypathname = -1;
73 static int hf_svcctl_loadordergroup = -1;
74 static int hf_svcctl_tagid = -1;
75 static int hf_svcctl_dependencies = -1;
76 static int hf_svcctl_depend_size = -1;
77 static int hf_svcctl_service_start_name = -1;
78 static int hf_svcctl_password = -1;
79 static int hf_svcctl_password_size = -1;
80
81 static gint ett_dcerpc_svcctl = -1;
82 static gint ett_dcerpc_svcctl_service_type_bits = -1;
83
84 static e_uuid_t uuid_dcerpc_svcctl = {
85 0x367abb81, 0x9844, 0x35f1,
86 { 0xad, 0x32, 0x98, 0xf0, 0x38, 0x00, 0x10, 0x03 }
87 };
88
89 static guint16 ver_dcerpc_svcctl = 2;
90
91 #define SVCCTL_SERVICE_TYPE_KERNEL_DRIVER 0x01
92 #define SVCCTL_SERVICE_TYPE_FILE_SYSTEM_DRIVER 0x02
93 #define SVCCTL_SERVICE_TYPE_WIN32_OWN_PROCESS 0x10
94 #define SVCCTL_SERVICE_TYPE_WIN32_SHARE_PROCESS 0x20
95 #define SVCCTL_SERVICE_TYPE_INTERACTIVE_PROCESS 0x100
96 #define SVCCTL_SERVICE_TYPE_NO_CHANGE 0xffffffff
97 static const true_false_string tfs_svcctl_service_type_kernel_driver = {
98 "Is a kernel driver service",
99 "Is not a kernel driver service"
100 };
101 static const true_false_string tfs_svcctl_service_type_fs_driver = {
102 "Is a file system driver service",
103 "Is not a file system driver service"
104 };
105 static const true_false_string tfs_svcctl_service_type_win32_own_process = {
106 "Service runs its own processes",
107 "Service does not run its own process"
108 };
109 static const true_false_string tfs_svcctl_service_type_win32_share_process = {
110 "Service shares its process",
111 "Service does not share its process"
112 };
113 static const true_false_string tfs_svcctl_service_type_interactive_process = {
114 "Service can interact with the desktop",
115 "Service cannot interact with the desktop"
116 };
117
118 static int
119 svcctl_dissect_dwServiceType_flags(tvbuff_t *tvb, int offset,
120 packet_info *pinfo, proto_tree *parent_tree,
121 guint8 *drep, int opnum)
122 {
123 guint32 value, len=4;
124 proto_item *item = NULL;
125 proto_tree *tree = NULL;
126
127 (void) dissect_dcerpc_uint32 (tvb, offset, pinfo, NULL, drep, 0, &value);
128 if(parent_tree) {
129 item = proto_tree_add_uint(parent_tree, hf_svcctl_service_type, tvb, offset, len, value);
130 tree = proto_item_add_subtree(item, ett_dcerpc_svcctl_service_type_bits);
131 }
132
133 switch(opnum) {
134 case SVC_CREATE_SERVICE_W:
135 proto_tree_add_boolean(tree, hf_svcctl_service_type_interactive_process,
136 tvb, offset, len, value & SVCCTL_SERVICE_TYPE_INTERACTIVE_PROCESS);
137 proto_tree_add_boolean(tree, hf_svcctl_service_type_win32_share_process,
138 tvb, offset, len, value & SVCCTL_SERVICE_TYPE_WIN32_SHARE_PROCESS);
139 proto_tree_add_boolean(tree, hf_svcctl_service_type_win32_own_process,
140 tvb, offset, len, value & SVCCTL_SERVICE_TYPE_WIN32_OWN_PROCESS);
141 proto_tree_add_boolean(tree, hf_svcctl_service_type_fs_driver,
142 tvb, offset, len, value & SVCCTL_SERVICE_TYPE_FILE_SYSTEM_DRIVER);
143 proto_tree_add_boolean(tree, hf_svcctl_service_type_kernel_driver,
144 tvb, offset, len, value & SVCCTL_SERVICE_TYPE_KERNEL_DRIVER);
145 break;
146 case SVC_ENUM_SERVICES_STATUS_W:
147 proto_tree_add_boolean(tree, hf_svcctl_service_type_win32_share_process,
148 tvb, offset, len, value & SVCCTL_SERVICE_TYPE_WIN32_SHARE_PROCESS);
149 proto_tree_add_boolean(tree, hf_svcctl_service_type_win32_own_process,
150 tvb, offset, len, value & SVCCTL_SERVICE_TYPE_WIN32_OWN_PROCESS);
151 proto_tree_add_boolean(tree, hf_svcctl_service_type_fs_driver,
152 tvb, offset, len, value & SVCCTL_SERVICE_TYPE_FILE_SYSTEM_DRIVER);
153 proto_tree_add_boolean(tree, hf_svcctl_service_type_kernel_driver,
154 tvb, offset, len, value & SVCCTL_SERVICE_TYPE_KERNEL_DRIVER);
155 break;
156 case SVC_QUERY_SERVICE_CONFIG_W:
157 proto_tree_add_boolean(tree, hf_svcctl_service_type_win32_share_process,
158 tvb, offset, len, value & SVCCTL_SERVICE_TYPE_WIN32_SHARE_PROCESS);
159 proto_tree_add_boolean(tree, hf_svcctl_service_type_win32_own_process,
160 tvb, offset, len, value & SVCCTL_SERVICE_TYPE_WIN32_OWN_PROCESS);
161 proto_tree_add_boolean(tree, hf_svcctl_service_type_fs_driver,
162 tvb, offset, len, value & SVCCTL_SERVICE_TYPE_FILE_SYSTEM_DRIVER);
163 proto_tree_add_boolean(tree, hf_svcctl_service_type_kernel_driver,
164 tvb, offset, len, value & SVCCTL_SERVICE_TYPE_KERNEL_DRIVER);
165 break;
166 }
167
168 offset += len;
169 return offset;
170 }
171
172 #define SVCCTL_SERVICE_ACTIVE 0x01
173 #define SVCCTL_SERVICE_INACTIVE 0x02
174 #define SVCCTL_SERVICE_STATE_ALL 0x03
175 static const value_string svcctl_service_status_vals[] = {
176 { SVCCTL_SERVICE_ACTIVE, "SERVICE_ACTIVE" },
177 { SVCCTL_SERVICE_INACTIVE, "SERVICE_INACTIVE" },
178 { SVCCTL_SERVICE_STATE_ALL, "SERVICE_STATE_ALL" },
179 { 0, NULL }
180 };
181
182 #define SVCCTL_SERVICE_BOOT_START 0x00
183 #define SVCCTL_SERVICE_SYSTEM_START 0x01
184 #define SVCCTL_SERVICE_AUTO_START 0x02
185 #define SVCCTL_SERVICE_DEMAND_START 0x03
186 #define SVCCTL_SERVICE_DISABLED 0x04
187 static const value_string svcctl_service_start_type_vals[] = {
188 { SVCCTL_SERVICE_BOOT_START, "SERVICE_BOOT_START" },
189 { SVCCTL_SERVICE_SYSTEM_START, "SERVICE_SYSTEM_START" },
190 { SVCCTL_SERVICE_AUTO_START, "SERVICE_AUTO_START" },
191 { SVCCTL_SERVICE_DEMAND_START, "SERVICE_DEMAND_START" },
192 { SVCCTL_SERVICE_DISABLED, "SERVICE_DISABLED" },
193 { 0, NULL }
194 };
195
196 #define SVCCTL_SERVICE_ERROR_IGNORE 0x00
197 #define SVCCTL_SERVICE_ERROR_NORMAL 0x01
198 #define SVCCTL_SERVICE_ERROR_SEVERE 0x02
199 #define SVCCTL_SERVICE_ERROR_CRITICAL 0x03
200 static const value_string svcctl_service_error_control_vals[] = {
201 { SVCCTL_SERVICE_ERROR_IGNORE, "SERVICE_ERROR_IGNORE" },
202 { SVCCTL_SERVICE_ERROR_NORMAL, "SERVICE_ERROR_NORMAL" },
203 { SVCCTL_SERVICE_ERROR_SEVERE, "SERVICE_ERROR_SEVERE" },
204 { SVCCTL_SERVICE_ERROR_CRITICAL, "SERVICE_ERROR_CRITICAL" },
205 { 0, NULL }
206 };
207
208 static int
209 svcctl_dissect_pointer_long(tvbuff_t *tvb, int offset,
210 packet_info *pinfo, proto_tree *tree,
211 dcerpc_info *di, guint8 *drep)
212 {
213 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep,
214 di->hf_index, NULL);
215 return offset;
216 }
217
218 static void
219 svcctl_scm_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree,
220 guint32 access)
221 {
222 proto_tree_add_boolean(tree, hf_svcctl_scm_rights_modify_boot_config, tvb, offset, 4, access);
223 proto_tree_add_boolean(tree, hf_svcctl_scm_rights_query_lock_status, tvb, offset, 4, access);
224 proto_tree_add_boolean(tree, hf_svcctl_scm_rights_lock, tvb, offset, 4, access);
225 proto_tree_add_boolean(tree, hf_svcctl_scm_rights_enumerate_service, tvb, offset, 4, access);
226 proto_tree_add_boolean(tree, hf_svcctl_scm_rights_create_service, tvb, offset, 4, access);
227 proto_tree_add_boolean(tree, hf_svcctl_scm_rights_connect, tvb, offset, 4, access);
228 }
229
230 struct access_mask_info svcctl_scm_access_mask_info = {
231 "SVCCTL",
232 svcctl_scm_specific_rights,
233 NULL, /* Generic mapping table */
234 NULL /* Standard mapping table */
235 };
236
237 /*
238 * IDL long OpenSCManager(
239 * IDL [in] [string] [unique] char *MachineName,
240 * IDL [in] [string] [unique] char *DatabaseName,
241 * IDL [in] long access_mask,
242 * IDL [out] SC_HANDLE handle,
243 * IDL );
244 */
245 static int
246 svcctl_dissect_OpenSCManager_rqst(tvbuff_t *tvb, int offset,
247 packet_info *pinfo, proto_tree *tree,
248 dcerpc_info *di, guint8 *drep)
249 {
250 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
251 const char *mn, *dn;
252
253 /* MachineName */
254 dcv->private_data=NULL;
255 offset = dissect_ndr_pointer_cb(
256 tvb, offset, pinfo, tree, di, drep,
257 dissect_ndr_char_cvstring, NDR_POINTER_UNIQUE,
258 "MachineName", hf_svcctl_machinename, cb_str_postprocess,
259 GINT_TO_POINTER(CB_STR_COL_INFO | CB_STR_SAVE | 1));
260 mn=(const char *)dcv->private_data;
261 if(!mn)
262 mn="";
263
264 /* DatabaseName */
265 dcv->private_data=NULL;
266 offset = dissect_ndr_pointer_cb(
267 tvb, offset, pinfo, tree, di, drep,
268 dissect_ndr_char_cvstring, NDR_POINTER_UNIQUE,
269 "Database", hf_svcctl_database, cb_str_postprocess,
270 GINT_TO_POINTER(CB_STR_COL_INFO | 1));
271 dn=(const char *)dcv->private_data;
272 if(!dn)
273 dn="";
274
275 /* OpenSCManager() stores the server\database in se_data */
276 if(!pinfo->fd->flags.visited){
277 if(!dcv->se_data){
278 dcv->se_data=wmem_strdup_printf(wmem_file_scope(), "%s\\%s",mn,dn);
279 }
280 }
281
282 /* access mask */
283 offset = dissect_nt_access_mask(
284 tvb, offset, pinfo, tree, di, drep, hf_svcctl_access_mask,
285 &svcctl_scm_access_mask_info, NULL);
286
287 return offset;
288 }
289
290 static int
291 svcctl_dissect_OpenSCManager_reply(tvbuff_t *tvb, int offset,
292 packet_info *pinfo, proto_tree *tree,
293 dcerpc_info *di, guint8 *drep)
294 {
295 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
296 e_ctx_hnd policy_hnd;
297 proto_item *hnd_item;
298 guint32 status;
299
300 /* Parse packet */
301
302 offset = dissect_nt_policy_hnd(
303 tvb, offset, pinfo, tree, di, drep, hf_svcctl_hnd, &policy_hnd,
304 &hnd_item, TRUE, FALSE);
305
306 offset = dissect_doserror(
307 tvb, offset, pinfo, tree, di, drep, hf_svcctl_rc, &status);
308
309 if( status == 0 ){
310 const char *pol_name;
311
312 if (dcv->se_data){
313 pol_name = wmem_strdup_printf(wmem_packet_scope(),
314 "OpenSCManagerW(%s)", (char *)dcv->se_data);
315 } else {
316 pol_name = "Unknown OpenSCManagerW() handle";
317 }
318 if(!pinfo->fd->flags.visited){
319 dcerpc_store_polhnd_name(&policy_hnd, pinfo, pol_name);
320 }
321
322 if(hnd_item)
323 proto_item_append_text(hnd_item, ": %s", pol_name);
324 }
325
326 return offset;
327 }
328
329 static int
330 svcctl_dissect_OpenSCManagerW_rqst(tvbuff_t *tvb, int offset,
331 packet_info *pinfo, proto_tree *tree,
332 dcerpc_info *di, guint8 *drep)
333 {
334 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
335 const char *mn, *dn;
336
337 /* MachineName */
338 dcv->private_data=NULL;
339 offset = dissect_ndr_pointer_cb(
340 tvb, offset, pinfo, tree, di, drep,
341 dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE,
342 "MachineName", hf_svcctl_machinename, cb_wstr_postprocess,
343 GINT_TO_POINTER(CB_STR_COL_INFO | CB_STR_SAVE | 1));
344 mn=(const char *)dcv->private_data;
345 if(!mn)
346 mn="";
347
348 /* DatabaseName */
349 dcv->private_data=NULL;
350 offset = dissect_ndr_pointer_cb(
351 tvb, offset, pinfo, tree, di, drep,
352 dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE,
353 "Database", hf_svcctl_database, cb_wstr_postprocess,
354 GINT_TO_POINTER(CB_STR_COL_INFO | 1));
355 dn=(const char *)dcv->private_data;
356 if(!dn)
357 dn="";
358
359 /* OpenSCManager() stores the server\database in se_data */
360 if(!pinfo->fd->flags.visited){
361 if(!dcv->se_data){
362 dcv->se_data=wmem_strdup_printf(wmem_file_scope(), "%s\\%s",mn,dn);
363 }
364 }
365
366 /* access mask */
367 offset = dissect_nt_access_mask(
368 tvb, offset, pinfo, tree, di, drep, hf_svcctl_access_mask,
369 &svcctl_scm_access_mask_info, NULL);
370
371 return offset;
372 }
373
374 static int
375 svcctl_dissect_OpenSCManagerW_reply(tvbuff_t *tvb, int offset,
376 packet_info *pinfo, proto_tree *tree,
377 dcerpc_info *di, guint8 *drep)
378 {
379 dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data;
380 e_ctx_hnd policy_hnd;
381 proto_item *hnd_item;
382 guint32 status;
383
384 /* Parse packet */
385
386 offset = dissect_nt_policy_hnd(
387 tvb, offset, pinfo, tree, di, drep, hf_svcctl_hnd, &policy_hnd,
388 &hnd_item, TRUE, FALSE);
389
390 offset = dissect_doserror(
391 tvb, offset, pinfo, tree, di, drep, hf_svcctl_rc, &status);
392
393 if( status == 0 ){
394 const char *pol_name;
395
396 if (dcv->se_data){
397 pol_name = wmem_strdup_printf(wmem_packet_scope(),
398 "OpenSCManagerW(%s)", (char *)dcv->se_data);
399 } else {
400 pol_name = "Unknown OpenSCManagerW() handle";
401 }
402 if(!pinfo->fd->flags.visited){
403 dcerpc_store_polhnd_name(&policy_hnd, pinfo, pol_name);
404 }
405
406 if(hnd_item)
407 proto_item_append_text(hnd_item, ": %s", pol_name);
408 }
409
410 return offset;
411 }
412
413 static int
414 svcctl_dissect_CreateServiceW_rqst(tvbuff_t *tvb, int offset,
415 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
416 {
417 /* policy handle */
418 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, di, drep,
419 hf_svcctl_hnd, NULL, NULL, FALSE, FALSE);
420
421 /* service name */
422 offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep,
423 sizeof(guint16), hf_svcctl_service_name, TRUE, NULL);
424
425 /* display name */
426 offset = dissect_ndr_pointer_cb(
427 tvb, offset, pinfo, tree, di, drep,
428 dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE,
429 "Display Name", hf_svcctl_display_name, cb_wstr_postprocess,
430 GINT_TO_POINTER(1));
431
432 /* access mask */
433 offset = dissect_nt_access_mask(
434 tvb, offset, pinfo, tree, di, drep, hf_svcctl_access_mask,
435 &svcctl_scm_access_mask_info, NULL);
436
437 /* service type */
438 offset = svcctl_dissect_dwServiceType_flags(tvb, offset, pinfo, tree, drep, SVC_CREATE_SERVICE_W);
439
440 /* service start type */
441 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
442 hf_svcctl_service_start_type, NULL);
443
444 /* service error control */
445 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
446 hf_svcctl_service_error_control, NULL);
447
448 /* binary path name */
449 offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep,
450 sizeof(guint16), hf_svcctl_binarypathname, TRUE, NULL);
451
452 /* load order group */
453 offset = dissect_ndr_pointer_cb(
454 tvb, offset, pinfo, tree, di, drep,
455 dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE,
456 "Load Order Group", hf_svcctl_loadordergroup, cb_wstr_postprocess,
457 GINT_TO_POINTER(1));
458
459 /* tag id */
460 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
461 hf_svcctl_tagid, NULL);
462
463 /* dependencies */
464 offset = dissect_ndr_pointer_cb(
465 tvb, offset, pinfo, tree, di, drep,
466 dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE,
467 "Dependencies", hf_svcctl_dependencies, cb_wstr_postprocess,
468 GINT_TO_POINTER(1));
469
470 /* depend size */
471 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
472 hf_svcctl_depend_size, NULL);
473
474 /* service start name */
475 offset = dissect_ndr_pointer_cb(
476 tvb, offset, pinfo, tree, di, drep,
477 dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE,
478 "Service Start Name", hf_svcctl_service_start_name, cb_wstr_postprocess,
479 GINT_TO_POINTER(1));
480
481 /* password */
482 offset = dissect_ndr_pointer_cb(
483 tvb, offset, pinfo, tree, di, drep,
484 dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE,
485 "Password", hf_svcctl_password, cb_wstr_postprocess,
486 GINT_TO_POINTER(1));
487
488 /* password size */
489 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
490 hf_svcctl_password_size, NULL);
491
492 return offset;
493 }
494
495 static int
496 svcctl_dissect_CreateServiceW_reply(tvbuff_t *tvb, int offset,
497 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
498 {
499 /* tag id */
500 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
501 hf_svcctl_tagid, NULL);
502
503 /* policy handle */
504 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, di, drep,
505 hf_svcctl_hnd, NULL, NULL, FALSE, FALSE);
506
507 offset = dissect_doserror(
508 tvb, offset, pinfo, tree, di, drep, hf_svcctl_rc, NULL);
509
510 return offset;
511 }
512
513
514 /*
515 * IDL BOOL CloseServiceHandle(
516 * IDL [in][out] SC_HANDLE handle
517 * IDL );
518 */
519 static int
520 svcctl_dissect_CloseServiceHandle_rqst(tvbuff_t *tvb, int offset,
521 packet_info *pinfo, proto_tree *tree,
522 dcerpc_info *di, guint8 *drep)
523 {
524 e_ctx_hnd policy_hnd;
525 char *pol_name;
526
527 /* Parse packet */
528
529 offset = dissect_nt_policy_hnd(
530 tvb, offset, pinfo, tree, di, drep, hf_svcctl_hnd, &policy_hnd,
531 NULL, FALSE, TRUE);
532
533 dcerpc_fetch_polhnd_data(&policy_hnd, &pol_name, NULL, NULL, NULL,
534 pinfo->fd->num);
535
536 col_append_fstr(pinfo->cinfo, COL_INFO, ", %s",
537 pol_name);
538
539 return offset;
540 }
541
542 static int
543 svcctl_dissect_CloseServiceHandle_reply(tvbuff_t *tvb, int offset,
544 packet_info *pinfo, proto_tree *tree,
545 dcerpc_info *di, guint8 *drep)
546 {
547 offset = dissect_nt_policy_hnd(
548 tvb, offset, pinfo, tree, di, drep, hf_svcctl_hnd, NULL,
549 NULL, FALSE, TRUE);
550
551 offset = dissect_doserror(
552 tvb, offset, pinfo, tree, di, drep, hf_svcctl_rc, NULL);
553
554 return offset;
555 }
556
557
558
559 /*
560 * IDL long LockServiceDatabase(
561 * IDL [in] SC_HANDLE dbhandle,
562 * IDL [out] SC_HANDLE lock,
563 * IDL );
564 */
565 static int
566 svcctl_dissect_LockServiceDatabase_rqst(tvbuff_t *tvb, int offset,
567 packet_info *pinfo, proto_tree *tree,
568 dcerpc_info *di, guint8 *drep)
569 {
570 /* XXX - why is the "is a close" argument TRUE? */
571 offset = dissect_nt_policy_hnd(
572 tvb, offset, pinfo, tree, di, drep, hf_svcctl_hnd, NULL,
573 NULL, FALSE, TRUE);
574
575 return offset;
576 }
577 static int
578 svcctl_dissect_LockServiceDatabase_reply(tvbuff_t *tvb, int offset,
579 packet_info *pinfo, proto_tree *tree,
580 dcerpc_info *di, guint8 *drep)
581 {
582 /* XXX - why is the "is an open" argument TRUE? */
583 offset = dissect_nt_policy_hnd(
584 tvb, offset, pinfo, tree, di, drep, hf_svcctl_lock, NULL,
585 NULL, TRUE, FALSE);
586
587 offset = dissect_doserror(
588 tvb, offset, pinfo, tree, di, drep, hf_svcctl_rc, NULL);
589
590 return offset;
591 }
592
593
594
595 /*
596 * IDL long UnlockServiceDatabase(
597 * IDL [in][out] SC_HANDLE lock,
598 * IDL );
599 */
600 static int
601 svcctl_dissect_UnlockServiceDatabase_rqst(tvbuff_t *tvb, int offset,
602 packet_info *pinfo, proto_tree *tree,
603 dcerpc_info *di, guint8 *drep)
604 {
605 /* XXX - why is the "is a close" argument TRUE? */
606 offset = dissect_nt_policy_hnd(
607 tvb, offset, pinfo, tree, di, drep, hf_svcctl_lock, NULL,
608 NULL, FALSE, TRUE);
609
610 return offset;
611 }
612 static int
613 svcctl_dissect_UnlockServiceDatabase_reply(tvbuff_t *tvb, int offset,
614 packet_info *pinfo, proto_tree *tree,
615 dcerpc_info *di, guint8 *drep)
616 {
617 /* XXX - why is the "is an open" argument TRUE? */
618 offset = dissect_nt_policy_hnd(
619 tvb, offset, pinfo, tree, di, drep, hf_svcctl_lock, NULL,
620 NULL, TRUE, FALSE);
621
622 offset = dissect_doserror(
623 tvb, offset, pinfo, tree, di, drep, hf_svcctl_rc, NULL);
624
625 return offset;
626 }
627
628
629 /*
630 * IDL typedef struct {
631 * IDL long is_locked,
632 * IDL [unique][string] char *lock_owner,
633 * IDL long lock_duration,
634 * IDL };
635 */
636 static int
637 svcctl_dissect_QUERY_SERVICE_LOCK_STATUS(tvbuff_t *tvb, int offset,
638 packet_info *pinfo, proto_tree *tree,
639 dcerpc_info *di, guint8 *drep)
640 {
641 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
642 hf_svcctl_is_locked, NULL);
643
644 offset = dissect_ndr_pointer(
645 tvb, offset, pinfo, tree, di, drep,
646 dissect_ndr_char_cvstring, NDR_POINTER_UNIQUE,
647 "Owner", hf_svcctl_lock_owner);
648
649 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
650 hf_svcctl_lock_duration, NULL);
651
652 return offset;
653 }
654
655 /*
656 * IDL long QueryServiceLockStatus(
657 * IDL [in] SC_HANDLE db_handle,
658 * IDL [in] long buf_size,
659 * IDL [out][ref] QUERY_SERVICE_LOCK_STATUS *status,
660 * IDL [out][ref] long *required_buf_size
661 * IDL );
662 */
663 static int
664 svcctl_dissect_QueryServiceLockStatus_rqst(tvbuff_t *tvb, int offset,
665 packet_info *pinfo, proto_tree *tree,
666 dcerpc_info *di, guint8 *drep)
667 {
668 /* XXX - why is the "is a close" argument TRUE? */
669 offset = dissect_nt_policy_hnd(
670 tvb, offset, pinfo, tree, di, drep, hf_svcctl_hnd, NULL,
671 NULL, FALSE, TRUE);
672
673 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
674 hf_svcctl_size, NULL);
675
676 return offset;
677 }
678 static int
679 svcctl_dissect_QueryServiceLockStatus_reply(tvbuff_t *tvb, int offset,
680 packet_info *pinfo, proto_tree *tree,
681 dcerpc_info *di, guint8 *drep)
682 {
683 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
684 svcctl_dissect_QUERY_SERVICE_LOCK_STATUS, NDR_POINTER_REF,
685 "LOCK_STATUS", -1);
686
687 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
688 hf_svcctl_required_size, NULL);
689
690 offset = dissect_doserror(
691 tvb, offset, pinfo, tree, di, drep, hf_svcctl_rc, NULL);
692
693 return offset;
694 }
695
696 /*
697 * IDL long EnumServicesStatus(
698 * IDL [in] SC_HANDLE db_handle,
699 * IDL [in] long type,
700 * IDL [in] long status,
701 * IDL [in] long buf_size,
702 * IDL [in][unique] long *resume_handle,
703 * IDL );
704 */
705
706 static int
707 svcctl_dissect_EnumServicesStatus_rqst(tvbuff_t *tvb, int offset,
708 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
709 {
710 /* policy handle */
711 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, di, drep,
712 hf_svcctl_hnd, NULL, NULL, FALSE, FALSE);
713
714 /* service type */
715 offset = svcctl_dissect_dwServiceType_flags(tvb, offset, pinfo, tree, drep, SVC_ENUM_SERVICES_STATUS_W);
716
717 /* service state */
718 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
719 hf_svcctl_service_state, NULL);
720
721 /* size */
722 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
723 hf_svcctl_size, NULL);
724
725 /* resume handle */
726 offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, di, drep,
727 svcctl_dissect_pointer_long, NDR_POINTER_UNIQUE,
728 "Resume Handle", hf_svcctl_resume);
729
730 return offset;
731 }
732
733 static int
734 svcctl_dissect_OpenServiceW_rqst(tvbuff_t *tvb, int offset,
735 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
736 {
737 /* policy handle */
738 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, di, drep,
739 hf_svcctl_hnd, NULL, NULL, FALSE, FALSE);
740
741 /* service name */
742 offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, di, drep,
743 sizeof(guint16), hf_svcctl_service_name, TRUE, NULL);
744
745 /* access mask */
746 offset = dissect_nt_access_mask(
747 tvb, offset, pinfo, tree, di, drep, hf_svcctl_access_mask,
748 &svcctl_scm_access_mask_info, NULL);
749
750 return offset;
751 }
752
753 static int
754 svcctl_dissect_OpenServiceW_reply(tvbuff_t *tvb, int offset,
755 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
756 {
757 /* policy handle */
758 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, di, drep,
759 hf_svcctl_hnd, NULL, NULL, FALSE, FALSE);
760
761 offset = dissect_doserror(
762 tvb, offset, pinfo, tree, di, drep, hf_svcctl_rc, NULL);
763
764 return offset;
765 }
766
767 static int
768 svcctl_dissect_QueryServiceConfigW_rqst(tvbuff_t *tvb, int offset,
769 packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
770 {
771 /* policy handle */
772 offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, di, drep,
773 hf_svcctl_hnd, NULL, NULL, FALSE, FALSE);
774
775 /* cbBufSize */
776 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep,
777 hf_svcctl_buffer, NULL);
778
779 return offset;
780 }
781
782 static dcerpc_sub_dissector dcerpc_svcctl_dissectors[] = {
783 { SVC_CLOSE_SERVICE_HANDLE, "CloseServiceHandle",
784 svcctl_dissect_CloseServiceHandle_rqst,
785 svcctl_dissect_CloseServiceHandle_reply },
786 { SVC_CONTROL_SERVICE, "ControlService", NULL, NULL },
787 { SVC_DELETE_SERVICE, "DeleteService", NULL, NULL },
788 { SVC_LOCK_SERVICE_DATABASE, "LockServiceDatabase",
789 svcctl_dissect_LockServiceDatabase_rqst,
790 svcctl_dissect_LockServiceDatabase_reply },
791 { SVC_QUERY_SERVICE_OBJECT_SECURITY, "QueryServiceObjectSecurity",
792 NULL, NULL },
793 { SVC_SET_SERVICE_OBJECT_SECURITY, "SetServiceObjectSecurity",
794 NULL, NULL },
795 { SVC_QUERY_SERVICE_STATUS, "QueryServiceStatus",
796 NULL, NULL },
797 { SVC_SET_SERVICE_STATUS, "SetServiceStatus",
798 NULL, NULL },
799 { SVC_UNLOCK_SERVICE_DATABASE, "UnlockServiceDatabase",
800 svcctl_dissect_UnlockServiceDatabase_rqst,
801 svcctl_dissect_UnlockServiceDatabase_reply },
802 { SVC_NOTIFY_BOOT_CONFIG_STATUS, "NotifyBootConfigStatus",
803 NULL, NULL },
804 { SVC_SC_SET_SERVICE_BITS_W, "ScSetServiceBitsW",
805 NULL, NULL },
806 { SVC_CHANGE_SERVICE_CONFIG_W, "ChangeServiceConfigW",
807 NULL, NULL },
808 { SVC_CREATE_SERVICE_W, "CreateServiceW",
809 svcctl_dissect_CreateServiceW_rqst,
810 svcctl_dissect_CreateServiceW_reply },
811 { SVC_ENUM_DEPENDENT_SERVICES_W, "EnumDependentServicesW",
812 NULL, NULL },
813 { SVC_ENUM_SERVICES_STATUS_W, "EnumServicesStatusW",
814 svcctl_dissect_EnumServicesStatus_rqst, NULL },
815 { SVC_OPEN_SC_MANAGER_W, "OpenSCManagerW",
816 svcctl_dissect_OpenSCManagerW_rqst,
817 svcctl_dissect_OpenSCManagerW_reply },
818 { SVC_OPEN_SERVICE_W, "OpenServiceW",
819 svcctl_dissect_OpenServiceW_rqst,
820 svcctl_dissect_OpenServiceW_reply },
821 { SVC_QUERY_SERVICE_CONFIG_W, "QueryServiceConfigW",
822 svcctl_dissect_QueryServiceConfigW_rqst, NULL },
823 { SVC_QUERY_SERVICE_LOCK_STATUS_W, "QueryServiceLockStatusW",
824 NULL, NULL },
825 { SVC_START_SERVICE_W, "StartServiceW", NULL, NULL },
826 { SVC_GET_SERVICE_DISPLAY_NAME_W, "GetServiceDisplayNameW",
827 NULL, NULL },
828 { SVC_GET_SERVICE_KEY_NAME_W, "GetServiceKeyNameW", NULL, NULL },
829 { SVC_SC_SET_SERVICE_BITS_A, "ScSetServiceBitsA", NULL, NULL },
830 { SVC_CHANGE_SERVICE_CONFIG_A, "ChangeServiceConfigA", NULL, NULL },
831 { SVC_CREATE_SERVICE_A, "CreateServiceA", NULL, NULL },
832 { SVC_ENUM_DEPENDENT_SERVICES_A, "EnumDependentServicesA",
833 NULL, NULL },
834 { SVC_ENUM_SERVICES_STATUS_A, "EnumServicesStatusA",
835 svcctl_dissect_EnumServicesStatus_rqst,
836 NULL },
837 { SVC_OPEN_SC_MANAGER_A, "OpenSCManagerA",
838 svcctl_dissect_OpenSCManager_rqst,
839 svcctl_dissect_OpenSCManager_reply },
840 { SVC_OPEN_SERVICE_A, "OpenServiceA", NULL, NULL },
841 { SVC_QUERY_SERVICE_CONFIG_A, "QueryServiceConfigA", NULL, NULL },
842 { SVC_QUERY_SERVICE_LOCK_STATUS_A, "QueryServiceLockStatusA",
843 svcctl_dissect_QueryServiceLockStatus_rqst,
844 svcctl_dissect_QueryServiceLockStatus_reply },
845 { SVC_START_SERVICE_A, "StartServiceA", NULL, NULL },
846 { SVC_GET_SERVICE_DISPLAY_NAME_A, "GetServiceDisplayNameA",
847 NULL, NULL },
848 { SVC_GET_SERVICE_KEY_NAME_A, "GetServiceKeyNameA", NULL, NULL },
849 { SVC_SC_GET_CURRENT_GROUPE_STATE_W, "ScGetCurrentGroupStateW",
850 NULL, NULL },
851 { SVC_ENUM_SERVICE_GROUP_W, "EnumServiceGroupW",
852 NULL, NULL },
853 { SVC_CHANGE_SERVICE_CONFIG2_A, "ChangeServiceConfig2A",
854 NULL, NULL },
855 { SVC_CHANGE_SERVICE_CONFIG2_W, "ChangeServiceConfig2W",
856 NULL, NULL },
857 { SVC_QUERY_SERVICE_CONFIG2_A, "QueryServiceConfig2A",
858 NULL, NULL },
859 { SVC_QUERY_SERVICE_CONFIG2_W, "QueryServiceConfig2W",
860 NULL, NULL },
861 { SVC_QUERY_SERVICE_STATUS_EX, "QueryServiceStatusEx",
862 NULL, NULL },
863 { SVC_ENUM_SERVICES_STATUS_EX_A, "EnumServicesStatusExA",
864 NULL, NULL },
865 { SVC_ENUM_SERVICES_STATUS_EX_W, "EnumServicesStatusExW",
866 NULL, NULL },
867 { SVC_SC_SEND_TS_MESSAGE, "ScSendTSMessage",
868 NULL, NULL },
869 {0, NULL, NULL, NULL}
870 };
871
872 void
873 proto_register_dcerpc_svcctl(void)
874 {
875 static hf_register_info hf[] = {
876 { &hf_svcctl_opnum,
877 { "Operation", "svcctl.opnum", FT_UINT16, BASE_DEC,
878 NULL, 0x0, NULL, HFILL }},
879 { &hf_svcctl_machinename,
880 { "MachineName", "svcctl.machinename", FT_STRING, BASE_NONE,
881 NULL, 0x0, "Name of the host we want to open the database on", HFILL }},
882 { &hf_svcctl_database,
883 { "Database", "svcctl.database", FT_STRING, BASE_NONE,
884 NULL, 0x0, "Name of the database to open", HFILL }},
885 { &hf_svcctl_access_mask,
886 { "Access Mask", "svcctl.access_mask", FT_UINT32, BASE_HEX,
887 NULL, 0x0, "SVCCTL Access Mask", HFILL }},
888 { &hf_svcctl_scm_rights_connect,
889 { "Connect", "svcctl.scm_rights_connect", FT_BOOLEAN, 32,
890 TFS(&tfs_set_notset), 0x00000001, "SVCCTL Rights to connect to SCM", HFILL }},
891 { &hf_svcctl_scm_rights_create_service,
892 { "Create Service", "svcctl.scm_rights_create_service", FT_BOOLEAN, 32,
893 TFS(&tfs_set_notset), 0x00000002, "SVCCTL Rights to create services", HFILL }},
894 { &hf_svcctl_scm_rights_enumerate_service,
895 { "Enumerate Service", "svcctl.scm_rights_enumerate_service", FT_BOOLEAN, 32,
896 TFS(&tfs_set_notset), 0x00000004, "SVCCTL Rights to enumerate services", HFILL }},
897 { &hf_svcctl_scm_rights_lock,
898 { "Lock", "svcctl.scm_rights_lock", FT_BOOLEAN, 32,
899 TFS(&tfs_set_notset), 0x00000008, "SVCCTL Rights to lock database", HFILL }},
900 { &hf_svcctl_scm_rights_query_lock_status,
901 { "Query Lock Status", "svcctl.scm_rights_query_lock_status", FT_BOOLEAN, 32,
902 TFS(&tfs_set_notset), 0x00000010, "SVCCTL Rights to query database lock status", HFILL }},
903 { &hf_svcctl_scm_rights_modify_boot_config,
904 { "Modify Boot Config", "svcctl.scm_rights_modify_boot_config", FT_BOOLEAN, 32,
905 TFS(&tfs_set_notset), 0x00000020, "SVCCTL Rights to modify boot config", HFILL }},
906 { &hf_svcctl_hnd,
907 { "Context Handle", "svcctl.hnd", FT_BYTES, BASE_NONE,
908 NULL, 0x0, "SVCCTL Context handle", HFILL }},
909 { &hf_svcctl_lock,
910 { "Lock", "svcctl.lock", FT_BYTES, BASE_NONE,
911 NULL, 0x0, "SVCCTL Database Lock", HFILL }},
912 { &hf_svcctl_rc,
913 { "Return code", "svcctl.rc", FT_UINT32, BASE_HEX,
914 VALS(DOS_errors), 0x0, "SVCCTL return code", HFILL }},
915 { &hf_svcctl_size,
916 { "Size", "svcctl.size", FT_UINT32, BASE_DEC,
917 NULL, 0x0, "SVCCTL size of buffer", HFILL }},
918 { &hf_svcctl_required_size,
919 { "Required Size", "svcctl.required_size", FT_UINT32, BASE_DEC,
920 NULL, 0x0, "SVCCTL required size of buffer for data to fit", HFILL }},
921 { &hf_svcctl_is_locked,
922 { "IsLocked", "svcctl.is_locked", FT_UINT32, BASE_DEC,
923 NULL, 0x0, "SVCCTL whether the database is locked or not", HFILL }},
924 { &hf_svcctl_lock_duration,
925 { "Duration", "svcctl.lock_duration", FT_UINT32, BASE_DEC,
926 NULL, 0x0, "SVCCTL number of seconds the database has been locked", HFILL }},
927 { &hf_svcctl_lock_owner,
928 { "Owner", "svcctl.lock_owner", FT_STRING, BASE_NONE,
929 NULL, 0x0, "SVCCTL the user that holds the database lock", HFILL }},
930 { &hf_svcctl_service_type,
931 { "Service Type", "svcctl.service_type", FT_UINT32, BASE_HEX,
932 NULL, 0x0, "SVCCTL type of service", HFILL }},
933 { &hf_svcctl_service_type_kernel_driver,
934 { "Kernel Driver Service", "svcctl.service_type.kernel", FT_BOOLEAN, 32,
935 TFS(&tfs_svcctl_service_type_kernel_driver), SVCCTL_SERVICE_TYPE_KERNEL_DRIVER, "Request includes kernel driver services?", HFILL }},
936 { &hf_svcctl_service_type_fs_driver,
937 { "File System Driver Service", "svcctl.service_type.fs", FT_BOOLEAN, 32,
938 TFS(&tfs_svcctl_service_type_fs_driver), SVCCTL_SERVICE_TYPE_FILE_SYSTEM_DRIVER, "Request includes file system driver services?", HFILL }},
939 { &hf_svcctl_service_type_win32_own_process,
940 { "Self Process Service", "svcctl.service_type.win32_own", FT_BOOLEAN, 32,
941 TFS(&tfs_svcctl_service_type_win32_own_process), SVCCTL_SERVICE_TYPE_WIN32_OWN_PROCESS, "Request includes services that run their own process?", HFILL }},
942 { &hf_svcctl_service_type_win32_share_process,
943 { "Shared Process Service", "svcctl.service_type.win32_shared", FT_BOOLEAN, 32,
944 TFS(&tfs_svcctl_service_type_win32_share_process), SVCCTL_SERVICE_TYPE_WIN32_SHARE_PROCESS, "Request includes services that share their process?", HFILL }},
945 { &hf_svcctl_service_type_interactive_process,
946 { "Interactive Process Service", "svcctl.service_type.interactive", FT_BOOLEAN, 32,
947 TFS(&tfs_svcctl_service_type_interactive_process), SVCCTL_SERVICE_TYPE_INTERACTIVE_PROCESS, "Request includes services that can interact with the desktop?", HFILL }},
948 { &hf_svcctl_service_state,
949 { "Service State", "svcctl.service_state", FT_UINT32, BASE_DEC,
950 VALS(svcctl_service_status_vals), 0x0, "SVCCTL service state", HFILL }},
951 { &hf_svcctl_buffer,
952 { "Buffer", "svcctl.buffer", FT_UINT32, BASE_DEC,
953 NULL, 0x0, "SVCCTL buffer", HFILL }},
954 #if 0
955 { &hf_svcctl_bytes_needed,
956 { "Bytes Needed", "svcctl.bytes_needed", FT_UINT32, BASE_DEC,
957 NULL, 0x0, "SVCCTL bytes needed", HFILL }},
958 { &hf_svcctl_services_returned,
959 { "Services Returned", "svcctl.services_returned", FT_UINT32, BASE_DEC,
960 NULL, 0x0, "SVCCTL services returned", HFILL }},
961 #endif
962 { &hf_svcctl_service_name,
963 { "Service Name", "svcctl.servicename", FT_STRING, BASE_NONE,
964 NULL, 0x0, "SVCCTL name of service", HFILL }},
965 { &hf_svcctl_display_name,
966 { "Display Name", "svcctl.displayname", FT_STRING, BASE_NONE,
967 NULL, 0x0, "SVCCTL display name", HFILL }},
968 { &hf_svcctl_service_start_type,
969 { "Service Start Type", "svcctl.service_start_type", FT_UINT32, BASE_DEC,
970 VALS(svcctl_service_start_type_vals), 0x0, "SVCCTL service start type", HFILL }},
971 { &hf_svcctl_service_error_control,
972 { "Service Error Control", "svcctl.service_error_control", FT_UINT32, BASE_DEC,
973 VALS(svcctl_service_error_control_vals), 0x0, "SVCCTL service error control", HFILL }},
974 { &hf_svcctl_binarypathname,
975 { "Binary Path Name", "svcctl.binarypathname", FT_STRING, BASE_NONE,
976 NULL, 0x0, "SVCCTL binary path name", HFILL }},
977 { &hf_svcctl_loadordergroup,
978 { "Load Order Group", "svcctl.loadordergroup", FT_STRING, BASE_NONE,
979 NULL, 0x0, "SVCCTL load order group", HFILL }},
980 { &hf_svcctl_tagid,
981 { "Tag Id", "svcctl.tagid", FT_UINT32, BASE_DEC,
982 NULL, 0x0, "SVCCTL tag id", HFILL }},
983 { &hf_svcctl_dependencies,
984 { "Dependencies", "svcctl.dependencies", FT_STRING, BASE_NONE,
985 NULL, 0x0, "SVCCTL dependencies", HFILL }},
986 { &hf_svcctl_depend_size,
987 { "Depend Size", "svcctl.depend_size", FT_UINT32, BASE_DEC,
988 NULL, 0x0, "SVCCTL depend size", HFILL }},
989 { &hf_svcctl_service_start_name,
990 { "Service Start Name", "svcctl.service_start_name", FT_STRING, BASE_NONE,
991 NULL, 0x0, "SVCCTL service start name", HFILL }},
992 { &hf_svcctl_password,
993 { "Password", "svcctl.password", FT_STRING, BASE_NONE,
994 NULL, 0x0, "SVCCTL password", HFILL }},
995 { &hf_svcctl_password_size,
996 { "Password Size", "svcctl.password_size", FT_UINT32, BASE_DEC,
997 NULL, 0x0, "SVCCTL password size", HFILL }},
998 { &hf_svcctl_resume,
999 { "Resume Handle", "svcctl.resume", FT_UINT32, BASE_DEC,
1000 NULL, 0x0, "SVCCTL resume handle", HFILL }},
1001 };
1002
1003 static gint *ett[] = {
1004 &ett_dcerpc_svcctl,
1005 &ett_dcerpc_svcctl_service_type_bits,
1006 };
1007
1008 proto_dcerpc_svcctl = proto_register_protocol(
1009 "Microsoft Service Control", "SVCCTL", "svcctl");
1010
1011 proto_register_field_array(proto_dcerpc_svcctl, hf, array_length(hf));
1012 proto_register_subtree_array(ett, array_length(ett));
1013 }
1014
1015 void
1016 proto_reg_handoff_dcerpc_svcctl(void)
1017 {
1018 /* Register protocol as dcerpc */
1019
1020 dcerpc_init_uuid(proto_dcerpc_svcctl, ett_dcerpc_svcctl,
1021 &uuid_dcerpc_svcctl, ver_dcerpc_svcctl,
1022 dcerpc_svcctl_dissectors, hf_svcctl_opnum);
1023 }