search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
FIXUP: WIP: verification_trailer
[wireshark-wip.git] / epan / dissectors / packet-dcerpc-eventlog.c
blob06e7a21824a7d18654a72547572bd117229a562f
1 /* DO NOT EDIT
2 This filter was automatically generated
3 from eventlog.idl and eventlog.cnf.
4
5 Pidl is a perl based IDL compiler for DCE/RPC idl files.
6 It is maintained by the Samba team, not the Wireshark team.
7 Instructions on how to download and install Pidl can be
8 found at http://wiki.wireshark.org/Pidl
9
10 $Id$
11 */
12
13
14 #include "config.h"
15 #ifdef _MSC_VER
16 #pragma warning(disable:4005)
17 #pragma warning(disable:4013)
18 #pragma warning(disable:4018)
19 #pragma warning(disable:4101)
20 #endif
21
22 #include <glib.h>
23 #include <string.h>
24 #include <epan/packet.h>
25
26 #include "packet-dcerpc.h"
27 #include "packet-dcerpc-nt.h"
28 #include "packet-windows-common.h"
29 #include "packet-dcerpc-eventlog.h"
30
31 /* Ett declarations */
32 static gint ett_dcerpc_eventlog = -1;
33 static gint ett_eventlog_eventlogReadFlags = -1;
34 static gint ett_eventlog_eventlogEventTypes = -1;
35 static gint ett_eventlog_eventlog_OpenUnknown0 = -1;
36 static gint ett_eventlog_eventlog_Record = -1;
37 static gint ett_eventlog_eventlog_ChangeUnknown0 = -1;
38
39
40 /* Header field declarations */
41 static gint hf_eventlog_eventlog_GetLogIntormation_dwInfoLevel = -1;
42 static gint hf_eventlog_Record_computer_name = -1;
43 static gint hf_eventlog_eventlog_OpenEventLogW_unknown0 = -1;
44 static gint hf_eventlog_eventlog_Record_computer_name = -1;
45 static gint hf_eventlog_eventlog_RegisterEventSourceW_handle = -1;
46 static gint hf_eventlog_eventlog_GetNumRecords_handle = -1;
47 static gint hf_eventlog_eventlogEventTypes_EVENTLOG_WARNING_TYPE = -1;
48 static gint hf_eventlog_eventlogEventTypes_EVENTLOG_ERROR_TYPE = -1;
49 static gint hf_eventlog_eventlog_OpenBackupEventLogW_unknown2 = -1;
50 static gint hf_eventlog_eventlog_Record_sid_offset = -1;
51 static gint hf_eventlog_Record_string = -1;
52 static gint hf_eventlog_eventlogEventTypes_EVENTLOG_AUDIT_FAILURE = -1;
53 static gint hf_eventlog_eventlog_ChangeNotify_unknown2 = -1;
54 static gint hf_eventlog_eventlog_ReportEventW_event_category = -1;
55 static gint hf_eventlog_eventlog_ChangeUnknown0_unknown0 = -1;
56 static gint hf_eventlog_eventlog_Record_data_offset = -1;
57 static gint hf_eventlog_eventlog_OpenUnknown0_unknown0 = -1;
58 static gint hf_eventlog_eventlog_BackupEventLogW_backupfilename = -1;
59 static gint hf_eventlog_eventlog_ClearEventLogW_handle = -1;
60 static gint hf_eventlog_eventlog_Record_closing_record_number = -1;
61 static gint hf_eventlog_eventlog_Record_size = -1;
62 static gint hf_eventlog_eventlog_ReportEventW_computer_name = -1;
63 static gint hf_eventlog_eventlog_OpenBackupEventLogW_unknown0 = -1;
64 static gint hf_eventlog_eventlog_Record_event_id = -1;
65 static gint hf_eventlog_eventlog_ReadEventLogW_handle = -1;
66 static gint hf_eventlog_eventlog_BackupEventLogW_handle = -1;
67 static gint hf_eventlog_eventlog_Record_raw_data = -1;
68 static gint hf_eventlog_eventlog_RegisterEventSourceW_unknown0 = -1;
69 static gint hf_eventlog_eventlog_CloseEventLog_handle = -1;
70 static gint hf_eventlog_eventlog_ChangeUnknown0_unknown1 = -1;
71 static gint hf_eventlog_eventlog_OpenBackupEventLogW_handle = -1;
72 static gint hf_eventlog_eventlog_Record_reserved_flags = -1;
73 static gint hf_eventlog_eventlog_GetLogIntormation_cbBytesNeeded = -1;
74 static gint hf_eventlog_eventlogReadFlags_EVENTLOG_SEEK_READ = -1;
75 static gint hf_eventlog_eventlog_OpenEventLogW_MinorVersion = -1;
76 static gint hf_eventlog_eventlog_Record_source_name = -1;
77 static gint hf_eventlog_eventlog_GetLogIntormation_handle = -1;
78 static gint hf_eventlog_Record_length = -1;
79 static gint hf_eventlog_eventlog_Record_sid_length = -1;
80 static gint hf_eventlog_eventlog_GetOldestRecord_oldest = -1;
81 static gint hf_eventlog_eventlog_Record_strings = -1;
82 static gint hf_eventlog_eventlog_Record_record_number = -1;
83 static gint hf_eventlog_eventlog_OpenEventLogW_handle = -1;
84 static gint hf_eventlog_eventlog_GetLogIntormation_lpBuffer = -1;
85 static gint hf_eventlog_eventlog_RegisterEventSourceW_logname = -1;
86 static gint hf_eventlog_eventlog_ReadEventLogW_real_size = -1;
87 static gint hf_eventlog_eventlog_Record_time_written = -1;
88 static gint hf_eventlog_eventlog_Record_stringoffset = -1;
89 static gint hf_eventlog_eventlog_RegisterEventSourceW_unknown3 = -1;
90 static gint hf_eventlog_eventlogReadFlags_EVENTLOG_SEQUENTIAL_READ = -1;
91 static gint hf_eventlog_eventlog_Record_reserved = -1;
92 static gint hf_eventlog_eventlog_Record_data_length = -1;
93 static gint hf_eventlog_eventlog_RegisterEventSourceW_servername = -1;
94 static gint hf_eventlog_eventlog_ReportEventW_event_id = -1;
95 static gint hf_eventlog_eventlog_ReportEventW_handle = -1;
96 static gint hf_eventlog_eventlog_ReadEventLogW_sent_size = -1;
97 static gint hf_eventlog_eventlog_ChangeNotify_handle = -1;
98 static gint hf_eventlog_eventlog_OpenBackupEventLogW_logname = -1;
99 static gint hf_eventlog_Record_source_name = -1;
100 static gint hf_eventlog_eventlog_Record_event_type = -1;
101 static gint hf_eventlog_eventlog_Record_num_of_strings = -1;
102 static gint hf_eventlog_eventlog_RegisterEventSourceW_unknown2 = -1;
103 static gint hf_eventlog_eventlog_ReadEventLogW_offset = -1;
104 static gint hf_eventlog_eventlog_Record_event_category = -1;
105 static gint hf_eventlog_eventlog_GetOldestRecord_handle = -1;
106 static gint hf_eventlog_eventlog_OpenUnknown0_unknown1 = -1;
107 static gint hf_eventlog_eventlog_GetNumRecords_number = -1;
108 static gint hf_eventlog_eventlog_Record_time_generated = -1;
109 static gint hf_eventlog_eventlogEventTypes_EVENTLOG_AUDIT_SUCCESS = -1;
110 static gint hf_eventlog_eventlog_OpenEventLogW_RegModuleName = -1;
111 static gint hf_eventlog_eventlog_ReportEventW_data_length = -1;
112 static gint hf_eventlog_eventlogReadFlags_EVENTLOG_BACKWARDS_READ = -1;
113 static gint hf_eventlog_Record = -1;
114 static gint hf_eventlog_eventlog_ReadEventLogW_data = -1;
115 static gint hf_eventlog_eventlogEventTypes_EVENTLOG_INFORMATION_TYPE = -1;
116 static gint hf_eventlog_eventlog_DeregisterEventSource_handle = -1;
117 static gint hf_eventlog_opnum = -1;
118 static gint hf_eventlog_eventlog_ChangeNotify_unknown3 = -1;
119 static gint hf_eventlog_eventlog_ReportEventW_num_of_strings = -1;
120 static gint hf_eventlog_eventlog_ReportEventW_time = -1;
121 static gint hf_eventlog_eventlogReadFlags_EVENTLOG_FORWARDS_READ = -1;
122 static gint hf_eventlog_status = -1;
123 static gint hf_eventlog_eventlog_ReadEventLogW_number_of_bytes = -1;
124 static gint hf_eventlog_eventlog_ClearEventLogW_backupfilename = -1;
125 static gint hf_eventlog_eventlog_OpenEventLogW_Module = -1;
126 static gint hf_eventlog_eventlog_FlushEventLog_handle = -1;
127 static gint hf_eventlog_eventlog_ReportEventW_Type = -1;
128 static gint hf_eventlog_eventlog_OpenEventLogW_MajorVersion = -1;
129 static gint hf_eventlog_eventlog_GetLogIntormation_cbBufSize = -1;
130 static gint hf_eventlog_eventlog_OpenBackupEventLogW_unknown3 = -1;
131 static gint hf_eventlog_eventlog_ReadEventLogW_flags = -1;
132 static gint hf_eventlog_eventlogEventTypes_EVENTLOG_SUCCESS = -1;
133
134 static gint proto_dcerpc_eventlog = -1;
135 /* Version information */
136
137
138 static e_uuid_t uuid_dcerpc_eventlog = {
139 0x82273fdc, 0xe32a, 0x18c3,
140 { 0x3f, 0x78, 0x82, 0x79, 0x29, 0xdc, 0x23, 0xea }
141 };
142 static guint16 ver_dcerpc_eventlog = 0;
143
144 static const true_false_string eventlogReadFlags_EVENTLOG_SEQUENTIAL_READ_tfs = {
145 "EVENTLOG_SEQUENTIAL_READ is SET",
146 "EVENTLOG_SEQUENTIAL_READ is NOT SET",
147 };
148 static const true_false_string eventlogReadFlags_EVENTLOG_SEEK_READ_tfs = {
149 "EVENTLOG_SEEK_READ is SET",
150 "EVENTLOG_SEEK_READ is NOT SET",
151 };
152 static const true_false_string eventlogReadFlags_EVENTLOG_FORWARDS_READ_tfs = {
153 "EVENTLOG_FORWARDS_READ is SET",
154 "EVENTLOG_FORWARDS_READ is NOT SET",
155 };
156 static const true_false_string eventlogReadFlags_EVENTLOG_BACKWARDS_READ_tfs = {
157 "EVENTLOG_BACKWARDS_READ is SET",
158 "EVENTLOG_BACKWARDS_READ is NOT SET",
159 };
160 static const true_false_string eventlogEventTypes_EVENTLOG_SUCCESS_tfs = {
161 "EVENTLOG_SUCCESS is SET",
162 "EVENTLOG_SUCCESS is NOT SET",
163 };
164 static const true_false_string eventlogEventTypes_EVENTLOG_ERROR_TYPE_tfs = {
165 "EVENTLOG_ERROR_TYPE is SET",
166 "EVENTLOG_ERROR_TYPE is NOT SET",
167 };
168 static const true_false_string eventlogEventTypes_EVENTLOG_WARNING_TYPE_tfs = {
169 "EVENTLOG_WARNING_TYPE is SET",
170 "EVENTLOG_WARNING_TYPE is NOT SET",
171 };
172 static const true_false_string eventlogEventTypes_EVENTLOG_INFORMATION_TYPE_tfs = {
173 "EVENTLOG_INFORMATION_TYPE is SET",
174 "EVENTLOG_INFORMATION_TYPE is NOT SET",
175 };
176 static const true_false_string eventlogEventTypes_EVENTLOG_AUDIT_SUCCESS_tfs = {
177 "EVENTLOG_AUDIT_SUCCESS is SET",
178 "EVENTLOG_AUDIT_SUCCESS is NOT SET",
179 };
180 static const true_false_string eventlogEventTypes_EVENTLOG_AUDIT_FAILURE_tfs = {
181 "EVENTLOG_AUDIT_FAILURE is SET",
182 "EVENTLOG_AUDIT_FAILURE is NOT SET",
183 };
184 static int eventlog_dissect_element_OpenUnknown0_unknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
185 static int eventlog_dissect_element_OpenUnknown0_unknown1(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
186 static int eventlog_dissect_element_Record_size(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
187 static int eventlog_dissect_element_Record_reserved(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
188 static int eventlog_dissect_element_Record_record_number(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
189 static int eventlog_dissect_element_Record_time_generated(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
190 static int eventlog_dissect_element_Record_time_written(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
191 static int eventlog_dissect_element_Record_event_id(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
192 static int eventlog_dissect_element_Record_event_type(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
193 static int eventlog_dissect_element_Record_num_of_strings(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
194 static int eventlog_dissect_element_Record_event_category(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
195 static int eventlog_dissect_element_Record_reserved_flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
196 static int eventlog_dissect_element_Record_closing_record_number(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
197 static int eventlog_dissect_element_Record_stringoffset(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
198 static int eventlog_dissect_element_Record_sid_length(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
199 static int eventlog_dissect_element_Record_sid_offset(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
200 static int eventlog_dissect_element_Record_data_length(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
201 static int eventlog_dissect_element_Record_data_offset(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
202 static int eventlog_dissect_element_Record_source_name(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
203 static int eventlog_dissect_element_Record_computer_name(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
204 static int eventlog_dissect_element_Record_strings(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
205 static int eventlog_dissect_element_Record_strings_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
206 static int eventlog_dissect_element_Record_raw_data(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
207 static int eventlog_dissect_element_ChangeUnknown0_unknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
208 static int eventlog_dissect_element_ChangeUnknown0_unknown1(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
209 static int eventlog_dissect_element_ClearEventLogW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
210 static int eventlog_dissect_element_ClearEventLogW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
211 static int eventlog_dissect_element_ClearEventLogW_backupfilename(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
212 static int eventlog_dissect_element_ClearEventLogW_backupfilename_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
213 static int eventlog_dissect_element_BackupEventLogW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
214 static int eventlog_dissect_element_BackupEventLogW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
215 static int eventlog_dissect_element_BackupEventLogW_backupfilename(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
216 static int eventlog_dissect_element_BackupEventLogW_backupfilename_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
217 static int eventlog_dissect_element_CloseEventLog_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
218 static int eventlog_dissect_element_CloseEventLog_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
219 static int eventlog_dissect_element_DeregisterEventSource_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
220 static int eventlog_dissect_element_DeregisterEventSource_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
221 static int eventlog_dissect_element_GetNumRecords_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
222 static int eventlog_dissect_element_GetNumRecords_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
223 static int eventlog_dissect_element_GetNumRecords_number(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
224 static int eventlog_dissect_element_GetNumRecords_number_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
225 static int eventlog_dissect_element_GetOldestRecord_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
226 static int eventlog_dissect_element_GetOldestRecord_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
227 static int eventlog_dissect_element_GetOldestRecord_oldest(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
228 static int eventlog_dissect_element_GetOldestRecord_oldest_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
229 static int eventlog_dissect_element_ChangeNotify_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
230 static int eventlog_dissect_element_ChangeNotify_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
231 static int eventlog_dissect_element_ChangeNotify_unknown2(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
232 static int eventlog_dissect_element_ChangeNotify_unknown2_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
233 static int eventlog_dissect_element_ChangeNotify_unknown3(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
234 static int eventlog_dissect_element_OpenEventLogW_unknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
235 static int eventlog_dissect_element_OpenEventLogW_unknown0_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
236 static int eventlog_dissect_element_OpenEventLogW_Module(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
237 static int eventlog_dissect_element_OpenEventLogW_RegModuleName(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
238 static int eventlog_dissect_element_OpenEventLogW_MajorVersion(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
239 static int eventlog_dissect_element_OpenEventLogW_MinorVersion(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
240 static int eventlog_dissect_element_OpenEventLogW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
241 static int eventlog_dissect_element_OpenEventLogW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
242 static int eventlog_dissect_element_RegisterEventSourceW_unknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
243 static int eventlog_dissect_element_RegisterEventSourceW_unknown0_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
244 static int eventlog_dissect_element_RegisterEventSourceW_logname(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
245 static int eventlog_dissect_element_RegisterEventSourceW_servername(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
246 static int eventlog_dissect_element_RegisterEventSourceW_unknown2(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
247 static int eventlog_dissect_element_RegisterEventSourceW_unknown3(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
248 static int eventlog_dissect_element_RegisterEventSourceW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
249 static int eventlog_dissect_element_RegisterEventSourceW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
250 static int eventlog_dissect_element_OpenBackupEventLogW_unknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
251 static int eventlog_dissect_element_OpenBackupEventLogW_unknown0_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
252 static int eventlog_dissect_element_OpenBackupEventLogW_logname(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
253 static int eventlog_dissect_element_OpenBackupEventLogW_unknown2(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
254 static int eventlog_dissect_element_OpenBackupEventLogW_unknown3(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
255 static int eventlog_dissect_element_OpenBackupEventLogW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
256 static int eventlog_dissect_element_OpenBackupEventLogW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
257 static int eventlog_dissect_element_ReadEventLogW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
258 static int eventlog_dissect_element_ReadEventLogW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
259 static int eventlog_dissect_element_ReadEventLogW_flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
260 static int eventlog_dissect_element_ReadEventLogW_offset(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
261 static int eventlog_dissect_element_ReadEventLogW_number_of_bytes(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
262 static int eventlog_dissect_element_ReadEventLogW_data(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
263 static int eventlog_dissect_element_ReadEventLogW_data_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
264 static int eventlog_dissect_element_ReadEventLogW_data__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
265 static int eventlog_dissect_element_ReadEventLogW_sent_size(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
266 static int eventlog_dissect_element_ReadEventLogW_sent_size_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
267 static int eventlog_dissect_element_ReadEventLogW_real_size(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
268 static int eventlog_dissect_element_ReadEventLogW_real_size_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
269 static int eventlog_dissect_element_ReportEventW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
270 static int eventlog_dissect_element_ReportEventW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
271 static int eventlog_dissect_element_ReportEventW_time(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
272 static int eventlog_dissect_element_ReportEventW_Type(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
273 static int eventlog_dissect_element_ReportEventW_event_category(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
274 static int eventlog_dissect_element_ReportEventW_event_id(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
275 static int eventlog_dissect_element_ReportEventW_num_of_strings(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
276 static int eventlog_dissect_element_ReportEventW_data_length(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
277 static int eventlog_dissect_element_ReportEventW_computer_name(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
278 static int eventlog_dissect_element_GetLogIntormation_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
279 static int eventlog_dissect_element_GetLogIntormation_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
280 static int eventlog_dissect_element_GetLogIntormation_dwInfoLevel(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
281 static int eventlog_dissect_element_GetLogIntormation_lpBuffer(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
282 static int eventlog_dissect_element_GetLogIntormation_lpBuffer_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
283 static int eventlog_dissect_element_GetLogIntormation_cbBufSize(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
284 static int eventlog_dissect_element_GetLogIntormation_cbBytesNeeded(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
285 static int eventlog_dissect_element_GetLogIntormation_cbBytesNeeded_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
286 static int eventlog_dissect_element_FlushEventLog_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
287 static int eventlog_dissect_element_FlushEventLog_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_);
288 /* Add this one manually until we can compile LSA */
289 static int
290 eventlog_dissect_struct_lsa_String(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, guint8 *drep, int hf_index,int notused _U_)
291 {
292 if(di->conformant_run){
293 /*just a run to handle conformant arrays, nothing to dissect */
294 return offset;
295 }
296 offset = dissect_ndr_counted_string(tvb, offset, pinfo, tree, di, drep,
297 hf_index, 0);
298 return offset;
299 }
300 static int
301 eventlog_dissect_element_ReadEventLogW_data_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
302 {
303 guint32 len;
304 tvbuff_t *record_tvb;
305 if(di->conformant_run){
306 /*just a run to handle conformant arrays, nothing to dissect */
307 return offset;
308 }
309 offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep,
310 hf_eventlog_Record_length, &len);
311 /* Create a new tvb so that we know that offset==0 is the beginning
312 * of the record. We need to know this since the data is not really
313 * NDR encoded at all and there are byte offsets into this buffer
314 * encoded therein.
315 */
316 record_tvb=tvb_new_subset(tvb, offset, MIN((gint)len, tvb_length_remaining(tvb, offset)), len);
317 eventlog_dissect_struct_Record(record_tvb, 0, pinfo, tree, di, drep, hf_eventlog_Record, 0);
318 offset+=len;
319 return offset;
320 }
321 /* sid_length and sid_offset handled by manual code since this is not NDR
322 and we want to dissect the sid from the data blob */
323 static guint32 sid_length;
324 static int
325 eventlog_dissect_element_Record_sid_length(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
326 {
327 sid_length=0;
328 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_sid_length,&sid_length);
329 return offset;
330 }
331 static int
332 eventlog_dissect_element_Record_sid_offset(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
333 {
334 guint32 sid_offset=0;
335 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_sid_offset,&sid_offset);
336 if(sid_offset && sid_length){
337 tvbuff_t *sid_tvb;
338 /* this blob contains an NT SID.
339 * tvb starts at the beginning of the record.
340 */
341 sid_tvb=tvb_new_subset(tvb, sid_offset, MIN((gint)sid_length, tvb_length_remaining(tvb, offset)), sid_length);
342 dissect_nt_sid(sid_tvb, 0, tree, "SID", NULL, -1);
343 }
344 return offset;
345 }
346 static int
347 eventlog_get_unicode_string_length(tvbuff_t *tvb, int offset)
348 {
349 int len;
350 len=0;
351 while(1){
352 if(!tvb_get_ntohs(tvb, offset+len*2)){
353 len++;
354 break;
355 }
356 len++;
357 }
358 return len;
359 }
360 static int
361 eventlog_dissect_element_Record_source_name(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, dcerpc_info *di _U_, guint8 *drep _U_)
362 {
363 char *str;
364 int len;
365 len=eventlog_get_unicode_string_length(tvb, offset);
366 str=tvb_get_faked_unicode(wmem_packet_scope(), tvb, offset, len, TRUE);
367 proto_tree_add_string_format(tree, hf_eventlog_Record_source_name, tvb, offset, len*2, str, "source_name: %s", str);
368 offset+=len*2;
369 return offset;
370 }
371 static int
372 eventlog_dissect_element_Record_computer_name(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, dcerpc_info *di _U_, guint8 *drep _U_)
373 {
374 char *str;
375 int len;
376 len=eventlog_get_unicode_string_length(tvb, offset);
377 str=tvb_get_faked_unicode(wmem_packet_scope(), tvb, offset, len, TRUE);
378 proto_tree_add_string_format(tree, hf_eventlog_Record_computer_name, tvb, offset, len*2, str, "computer_name: %s", str);
379 offset+=len*2;
380 return offset;
381 }
382 static guint16 num_of_strings;
383 static int
384 eventlog_dissect_element_Record_num_of_strings(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
385 {
386 num_of_strings=0;
387 offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_num_of_strings,&num_of_strings);
388 return offset;
389 }
390 static guint32 string_offset;
391 static int
392 eventlog_dissect_element_Record_stringoffset(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
393 {
394 string_offset=0;
395 offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_stringoffset,&string_offset);
396 return offset;
397 }
398 static int
399 eventlog_dissect_element_Record_strings(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, dcerpc_info *di _U_, guint8 *drep _U_)
400 {
401 while(string_offset && num_of_strings){
402 char *str;
403 int len;
404 len=eventlog_get_unicode_string_length(tvb, string_offset);
405 str=tvb_get_faked_unicode(wmem_packet_scope(), tvb, string_offset, len, TRUE);
406 proto_tree_add_string_format(tree, hf_eventlog_Record_string, tvb, string_offset, len*2, str, "string: %s", str);
407 string_offset+=len*2;
408
409 num_of_strings--;
410 }
411 return offset;
412 }
413
414
415 /* IDL: bitmap { */
416 /* IDL: EVENTLOG_SEQUENTIAL_READ = 0x0001 , */
417 /* IDL: EVENTLOG_SEEK_READ = 0x0002 , */
418 /* IDL: EVENTLOG_FORWARDS_READ = 0x0004 , */
419 /* IDL: EVENTLOG_BACKWARDS_READ = 0x0008 , */
420 /* IDL: } */
421
422 int
423 eventlog_dissect_bitmap_eventlogReadFlags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
424 {
425 proto_item *item = NULL;
426 proto_tree *tree = NULL;
427
428 guint32 flags;
429 ALIGN_TO_4_BYTES;
430
431 if (parent_tree) {
432 item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, 4, DREP_ENC_INTEGER(drep));
433 tree = proto_item_add_subtree(item,ett_eventlog_eventlogReadFlags);
434 }
435
436 offset = dissect_ndr_uint32(tvb, offset, pinfo, NULL, di, drep, -1, &flags);
437 proto_item_append_text(item, ": ");
438
439 if (!flags)
440 proto_item_append_text(item, "(No values set)");
441
442 proto_tree_add_boolean(tree, hf_eventlog_eventlogReadFlags_EVENTLOG_SEQUENTIAL_READ, tvb, offset-4, 4, flags);
443 if (flags&( 0x0001 )){
444 proto_item_append_text(item, "EVENTLOG_SEQUENTIAL_READ");
445 if (flags & (~( 0x0001 )))
446 proto_item_append_text(item, ", ");
447 }
448 flags&=(~( 0x0001 ));
449
450 proto_tree_add_boolean(tree, hf_eventlog_eventlogReadFlags_EVENTLOG_SEEK_READ, tvb, offset-4, 4, flags);
451 if (flags&( 0x0002 )){
452 proto_item_append_text(item, "EVENTLOG_SEEK_READ");
453 if (flags & (~( 0x0002 )))
454 proto_item_append_text(item, ", ");
455 }
456 flags&=(~( 0x0002 ));
457
458 proto_tree_add_boolean(tree, hf_eventlog_eventlogReadFlags_EVENTLOG_FORWARDS_READ, tvb, offset-4, 4, flags);
459 if (flags&( 0x0004 )){
460 proto_item_append_text(item, "EVENTLOG_FORWARDS_READ");
461 if (flags & (~( 0x0004 )))
462 proto_item_append_text(item, ", ");
463 }
464 flags&=(~( 0x0004 ));
465
466 proto_tree_add_boolean(tree, hf_eventlog_eventlogReadFlags_EVENTLOG_BACKWARDS_READ, tvb, offset-4, 4, flags);
467 if (flags&( 0x0008 )){
468 proto_item_append_text(item, "EVENTLOG_BACKWARDS_READ");
469 if (flags & (~( 0x0008 )))
470 proto_item_append_text(item, ", ");
471 }
472 flags&=(~( 0x0008 ));
473
474 if (flags) {
475 proto_item_append_text(item, "Unknown bitmap value 0x%x", flags);
476 }
477
478 return offset;
479 }
480
481
482 /* IDL: bitmap { */
483 /* IDL: EVENTLOG_SUCCESS = 0x0000 , */
484 /* IDL: EVENTLOG_ERROR_TYPE = 0x0001 , */
485 /* IDL: EVENTLOG_WARNING_TYPE = 0x0002 , */
486 /* IDL: EVENTLOG_INFORMATION_TYPE = 0x0004 , */
487 /* IDL: EVENTLOG_AUDIT_SUCCESS = 0x0008 , */
488 /* IDL: EVENTLOG_AUDIT_FAILURE = 0x0010 , */
489 /* IDL: } */
490
491 int
492 eventlog_dissect_bitmap_eventlogEventTypes(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
493 {
494 proto_item *item = NULL;
495 proto_tree *tree = NULL;
496
497 guint32 flags;
498 ALIGN_TO_4_BYTES;
499
500 if (parent_tree) {
501 item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, 4, DREP_ENC_INTEGER(drep));
502 tree = proto_item_add_subtree(item,ett_eventlog_eventlogEventTypes);
503 }
504
505 offset = dissect_ndr_uint32(tvb, offset, pinfo, NULL, di, drep, -1, &flags);
506 proto_item_append_text(item, ": ");
507
508 if (!flags)
509 proto_item_append_text(item, "(No values set)");
510
511 proto_tree_add_boolean(tree, hf_eventlog_eventlogEventTypes_EVENTLOG_SUCCESS, tvb, offset-4, 4, flags);
512 if (flags&( 0x0000 )){
513 proto_item_append_text(item, "EVENTLOG_SUCCESS");
514 if (flags & (~( 0x0000 )))
515 proto_item_append_text(item, ", ");
516 }
517 flags&=(~( 0x0000 ));
518
519 proto_tree_add_boolean(tree, hf_eventlog_eventlogEventTypes_EVENTLOG_ERROR_TYPE, tvb, offset-4, 4, flags);
520 if (flags&( 0x0001 )){
521 proto_item_append_text(item, "EVENTLOG_ERROR_TYPE");
522 if (flags & (~( 0x0001 )))
523 proto_item_append_text(item, ", ");
524 }
525 flags&=(~( 0x0001 ));
526
527 proto_tree_add_boolean(tree, hf_eventlog_eventlogEventTypes_EVENTLOG_WARNING_TYPE, tvb, offset-4, 4, flags);
528 if (flags&( 0x0002 )){
529 proto_item_append_text(item, "EVENTLOG_WARNING_TYPE");
530 if (flags & (~( 0x0002 )))
531 proto_item_append_text(item, ", ");
532 }
533 flags&=(~( 0x0002 ));
534
535 proto_tree_add_boolean(tree, hf_eventlog_eventlogEventTypes_EVENTLOG_INFORMATION_TYPE, tvb, offset-4, 4, flags);
536 if (flags&( 0x0004 )){
537 proto_item_append_text(item, "EVENTLOG_INFORMATION_TYPE");
538 if (flags & (~( 0x0004 )))
539 proto_item_append_text(item, ", ");
540 }
541 flags&=(~( 0x0004 ));
542
543 proto_tree_add_boolean(tree, hf_eventlog_eventlogEventTypes_EVENTLOG_AUDIT_SUCCESS, tvb, offset-4, 4, flags);
544 if (flags&( 0x0008 )){
545 proto_item_append_text(item, "EVENTLOG_AUDIT_SUCCESS");
546 if (flags & (~( 0x0008 )))
547 proto_item_append_text(item, ", ");
548 }
549 flags&=(~( 0x0008 ));
550
551 proto_tree_add_boolean(tree, hf_eventlog_eventlogEventTypes_EVENTLOG_AUDIT_FAILURE, tvb, offset-4, 4, flags);
552 if (flags&( 0x0010 )){
553 proto_item_append_text(item, "EVENTLOG_AUDIT_FAILURE");
554 if (flags & (~( 0x0010 )))
555 proto_item_append_text(item, ", ");
556 }
557 flags&=(~( 0x0010 ));
558
559 if (flags) {
560 proto_item_append_text(item, "Unknown bitmap value 0x%x", flags);
561 }
562
563 return offset;
564 }
565
566
567 /* IDL: struct { */
568 /* IDL: uint16 unknown0; */
569 /* IDL: uint16 unknown1; */
570 /* IDL: } */
571
572 static int
573 eventlog_dissect_element_OpenUnknown0_unknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
574 {
575 offset = PIDL_dissect_uint16(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_OpenUnknown0_unknown0, 0);
576
577 return offset;
578 }
579
580 static int
581 eventlog_dissect_element_OpenUnknown0_unknown1(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
582 {
583 offset = PIDL_dissect_uint16(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_OpenUnknown0_unknown1, 0);
584
585 return offset;
586 }
587
588 int
589 eventlog_dissect_struct_OpenUnknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
590 {
591 proto_item *item = NULL;
592 proto_tree *tree = NULL;
593 int old_offset;
594
595 ALIGN_TO_2_BYTES;
596
597 old_offset = offset;
598
599 if (parent_tree) {
600 item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
601 tree = proto_item_add_subtree(item, ett_eventlog_eventlog_OpenUnknown0);
602 }
603
604 offset = eventlog_dissect_element_OpenUnknown0_unknown0(tvb, offset, pinfo, tree, di, drep);
605
606 offset = eventlog_dissect_element_OpenUnknown0_unknown1(tvb, offset, pinfo, tree, di, drep);
607
608
609 proto_item_set_len(item, offset-old_offset);
610
611
612 if (di->call_data->flags & DCERPC_IS_NDR64) {
613 ALIGN_TO_2_BYTES;
614 }
615
616 return offset;
617 }
618
619
620 /* IDL: struct { */
621 /* IDL: uint32 size; */
622 /* IDL: uint32 reserved; */
623 /* IDL: uint32 record_number; */
624 /* IDL: uint32 time_generated; */
625 /* IDL: uint32 time_written; */
626 /* IDL: uint32 event_id; */
627 /* IDL: uint16 event_type; */
628 /* IDL: uint16 num_of_strings; */
629 /* IDL: uint16 event_category; */
630 /* IDL: uint16 reserved_flags; */
631 /* IDL: uint32 closing_record_number; */
632 /* IDL: uint32 stringoffset; */
633 /* IDL: uint32 sid_length; */
634 /* IDL: uint32 sid_offset; */
635 /* IDL: uint32 data_length; */
636 /* IDL: uint32 data_offset; */
637 /* IDL: [flag(LIBNDR_FLAG_STR_NULLTERM)] string source_name; */
638 /* IDL: [flag(LIBNDR_FLAG_STR_NULLTERM)] string computer_name; */
639 /* IDL: [flag(LIBNDR_FLAG_STR_NULLTERM)] string strings[num_of_strings]; */
640 /* IDL: [flag(LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM)] string raw_data; */
641 /* IDL: } */
642
643 static int
644 eventlog_dissect_element_Record_size(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
645 {
646 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_size, 0);
647
648 return offset;
649 }
650
651 static int
652 eventlog_dissect_element_Record_reserved(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
653 {
654 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_reserved, 0);
655
656 return offset;
657 }
658
659 static int
660 eventlog_dissect_element_Record_record_number(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
661 {
662 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_record_number, 0);
663
664 return offset;
665 }
666
667 static int
668 eventlog_dissect_element_Record_time_generated(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
669 {
670 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_time_generated, 0);
671
672 return offset;
673 }
674
675 static int
676 eventlog_dissect_element_Record_time_written(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
677 {
678 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_time_written, 0);
679
680 return offset;
681 }
682
683 static int
684 eventlog_dissect_element_Record_event_id(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
685 {
686 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_event_id, 0);
687
688 return offset;
689 }
690
691 static int
692 eventlog_dissect_element_Record_event_type(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
693 {
694 offset = PIDL_dissect_uint16(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_event_type, 0);
695
696 return offset;
697 }
698
699 static int
700 eventlog_dissect_element_Record_event_category(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
701 {
702 offset = PIDL_dissect_uint16(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_event_category, 0);
703
704 return offset;
705 }
706
707 static int
708 eventlog_dissect_element_Record_reserved_flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
709 {
710 offset = PIDL_dissect_uint16(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_reserved_flags, 0);
711
712 return offset;
713 }
714
715 static int
716 eventlog_dissect_element_Record_closing_record_number(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
717 {
718 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_closing_record_number, 0);
719
720 return offset;
721 }
722
723 static int
724 eventlog_dissect_element_Record_data_length(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
725 {
726 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_data_length, 0);
727
728 return offset;
729 }
730
731 static int
732 eventlog_dissect_element_Record_data_offset(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
733 {
734 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_data_offset, 0);
735
736 return offset;
737 }
738
739 static int
740 eventlog_dissect_element_Record_strings_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
741 {
742 offset = dissect_null_term_wstring(tvb, offset, pinfo, tree, drep, hf_eventlog_eventlog_Record_strings , 0);
743
744 return offset;
745 }
746
747 static int
748 eventlog_dissect_element_Record_raw_data(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
749 {
750 offset = dissect_null_term_string(tvb, offset, pinfo, tree, drep, hf_eventlog_eventlog_Record_raw_data , 0);
751
752 return offset;
753 }
754
755 int
756 eventlog_dissect_struct_Record(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
757 {
758 proto_item *item = NULL;
759 proto_tree *tree = NULL;
760 int old_offset;
761
762 ALIGN_TO_4_BYTES;
763
764 old_offset = offset;
765
766 if (parent_tree) {
767 item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
768 tree = proto_item_add_subtree(item, ett_eventlog_eventlog_Record);
769 }
770
771 offset = eventlog_dissect_element_Record_size(tvb, offset, pinfo, tree, di, drep);
772
773 offset = eventlog_dissect_element_Record_reserved(tvb, offset, pinfo, tree, di, drep);
774
775 offset = eventlog_dissect_element_Record_record_number(tvb, offset, pinfo, tree, di, drep);
776
777 offset = eventlog_dissect_element_Record_time_generated(tvb, offset, pinfo, tree, di, drep);
778
779 offset = eventlog_dissect_element_Record_time_written(tvb, offset, pinfo, tree, di, drep);
780
781 offset = eventlog_dissect_element_Record_event_id(tvb, offset, pinfo, tree, di, drep);
782
783 offset = eventlog_dissect_element_Record_event_type(tvb, offset, pinfo, tree, di, drep);
784
785 offset = eventlog_dissect_element_Record_num_of_strings(tvb, offset, pinfo, tree, di, drep);
786
787 offset = eventlog_dissect_element_Record_event_category(tvb, offset, pinfo, tree, di, drep);
788
789 offset = eventlog_dissect_element_Record_reserved_flags(tvb, offset, pinfo, tree, di, drep);
790
791 offset = eventlog_dissect_element_Record_closing_record_number(tvb, offset, pinfo, tree, di, drep);
792
793 offset = eventlog_dissect_element_Record_stringoffset(tvb, offset, pinfo, tree, di, drep);
794
795 offset = eventlog_dissect_element_Record_sid_length(tvb, offset, pinfo, tree, di, drep);
796
797 offset = eventlog_dissect_element_Record_sid_offset(tvb, offset, pinfo, tree, di, drep);
798
799 offset = eventlog_dissect_element_Record_data_length(tvb, offset, pinfo, tree, di, drep);
800
801 offset = eventlog_dissect_element_Record_data_offset(tvb, offset, pinfo, tree, di, drep);
802
803 offset = eventlog_dissect_element_Record_source_name(tvb, offset, pinfo, tree, di, drep);
804
805 offset = eventlog_dissect_element_Record_computer_name(tvb, offset, pinfo, tree, di, drep);
806
807 offset = eventlog_dissect_element_Record_strings(tvb, offset, pinfo, tree, di, drep);
808
809 offset = eventlog_dissect_element_Record_raw_data(tvb, offset, pinfo, tree, di, drep);
810
811
812 proto_item_set_len(item, offset-old_offset);
813
814
815 if (di->call_data->flags & DCERPC_IS_NDR64) {
816 ALIGN_TO_4_BYTES;
817 }
818
819 return offset;
820 }
821
822
823 /* IDL: struct { */
824 /* IDL: uint32 unknown0; */
825 /* IDL: uint32 unknown1; */
826 /* IDL: } */
827
828 static int
829 eventlog_dissect_element_ChangeUnknown0_unknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
830 {
831 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ChangeUnknown0_unknown0, 0);
832
833 return offset;
834 }
835
836 static int
837 eventlog_dissect_element_ChangeUnknown0_unknown1(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
838 {
839 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ChangeUnknown0_unknown1, 0);
840
841 return offset;
842 }
843
844 int
845 eventlog_dissect_struct_ChangeUnknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, guint8 *drep _U_, int hf_index _U_, guint32 param _U_)
846 {
847 proto_item *item = NULL;
848 proto_tree *tree = NULL;
849 int old_offset;
850
851 ALIGN_TO_4_BYTES;
852
853 old_offset = offset;
854
855 if (parent_tree) {
856 item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
857 tree = proto_item_add_subtree(item, ett_eventlog_eventlog_ChangeUnknown0);
858 }
859
860 offset = eventlog_dissect_element_ChangeUnknown0_unknown0(tvb, offset, pinfo, tree, di, drep);
861
862 offset = eventlog_dissect_element_ChangeUnknown0_unknown1(tvb, offset, pinfo, tree, di, drep);
863
864
865 proto_item_set_len(item, offset-old_offset);
866
867
868 if (di->call_data->flags & DCERPC_IS_NDR64) {
869 ALIGN_TO_4_BYTES;
870 }
871
872 return offset;
873 }
874
875 static int
876 eventlog_dissect_element_ClearEventLogW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
877 {
878 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_ClearEventLogW_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_ClearEventLogW_handle);
879
880 return offset;
881 }
882
883 static int
884 eventlog_dissect_element_ClearEventLogW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
885 {
886 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ClearEventLogW_handle, 0);
887
888 return offset;
889 }
890
891 static int
892 eventlog_dissect_element_ClearEventLogW_backupfilename(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
893 {
894 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_ClearEventLogW_backupfilename_, NDR_POINTER_UNIQUE, "Pointer to Backupfilename (lsa_String)",hf_eventlog_eventlog_ClearEventLogW_backupfilename);
895
896 return offset;
897 }
898
899 static int
900 eventlog_dissect_element_ClearEventLogW_backupfilename_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
901 {
902 offset = eventlog_dissect_struct_lsa_String(tvb,offset,pinfo,tree,di,drep,hf_eventlog_eventlog_ClearEventLogW_backupfilename,0);
903
904 return offset;
905 }
906
907 /* IDL: NTSTATUS eventlog_ClearEventLogW( */
908 /* IDL: [ref] [in] policy_handle *handle, */
909 /* IDL: [unique(1)] [in] lsa_String *backupfilename */
910 /* IDL: ); */
911
912 static int
913 eventlog_dissect_ClearEventLogW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
914 {
915 guint32 status;
916
917 pinfo->dcerpc_procedure_name="ClearEventLogW";
918 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
919
920 if (status != 0)
921 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, NT_errors, "Unknown NT status 0x%08x"));
922
923 return offset;
924 }
925
926 static int
927 eventlog_dissect_ClearEventLogW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
928 {
929 pinfo->dcerpc_procedure_name="ClearEventLogW";
930 offset = eventlog_dissect_element_ClearEventLogW_handle(tvb, offset, pinfo, tree, di, drep);
931 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
932 offset = eventlog_dissect_element_ClearEventLogW_backupfilename(tvb, offset, pinfo, tree, di, drep);
933 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
934 return offset;
935 }
936
937 static int
938 eventlog_dissect_element_BackupEventLogW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
939 {
940 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_BackupEventLogW_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_BackupEventLogW_handle);
941
942 return offset;
943 }
944
945 static int
946 eventlog_dissect_element_BackupEventLogW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
947 {
948 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_BackupEventLogW_handle, 0);
949
950 return offset;
951 }
952
953 static int
954 eventlog_dissect_element_BackupEventLogW_backupfilename(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
955 {
956 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_BackupEventLogW_backupfilename_, NDR_POINTER_UNIQUE, "Pointer to Backupfilename (lsa_String)",hf_eventlog_eventlog_BackupEventLogW_backupfilename);
957
958 return offset;
959 }
960
961 static int
962 eventlog_dissect_element_BackupEventLogW_backupfilename_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
963 {
964 offset = eventlog_dissect_struct_lsa_String(tvb,offset,pinfo,tree,di,drep,hf_eventlog_eventlog_BackupEventLogW_backupfilename,0);
965
966 return offset;
967 }
968
969 /* IDL: NTSTATUS eventlog_BackupEventLogW( */
970 /* IDL: [ref] [in] policy_handle *handle, */
971 /* IDL: [unique(1)] [in] lsa_String *backupfilename */
972 /* IDL: ); */
973
974 static int
975 eventlog_dissect_BackupEventLogW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
976 {
977 guint32 status;
978
979 pinfo->dcerpc_procedure_name="BackupEventLogW";
980 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
981
982 if (status != 0)
983 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, NT_errors, "Unknown NT status 0x%08x"));
984
985 return offset;
986 }
987
988 static int
989 eventlog_dissect_BackupEventLogW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
990 {
991 pinfo->dcerpc_procedure_name="BackupEventLogW";
992 offset = eventlog_dissect_element_BackupEventLogW_handle(tvb, offset, pinfo, tree, di, drep);
993 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
994 offset = eventlog_dissect_element_BackupEventLogW_backupfilename(tvb, offset, pinfo, tree, di, drep);
995 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
996 return offset;
997 }
998
999 static int
1000 eventlog_dissect_element_CloseEventLog_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1001 {
1002 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_CloseEventLog_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_CloseEventLog_handle);
1003
1004 return offset;
1005 }
1006
1007 static int
1008 eventlog_dissect_element_CloseEventLog_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1009 {
1010 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_CloseEventLog_handle, PIDL_POLHND_CLOSE);
1011
1012 return offset;
1013 }
1014
1015 /* IDL: NTSTATUS eventlog_CloseEventLog( */
1016 /* IDL: [out] [ref] [in] policy_handle *handle */
1017 /* IDL: ); */
1018
1019 static int
1020 eventlog_dissect_CloseEventLog_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1021 {
1022 guint32 status;
1023
1024 pinfo->dcerpc_procedure_name="CloseEventLog";
1025 offset = eventlog_dissect_element_CloseEventLog_handle(tvb, offset, pinfo, tree, di, drep);
1026 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1027
1028 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1029
1030 if (status != 0)
1031 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, NT_errors, "Unknown NT status 0x%08x"));
1032
1033 return offset;
1034 }
1035
1036 static int
1037 eventlog_dissect_CloseEventLog_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1038 {
1039 pinfo->dcerpc_procedure_name="CloseEventLog";
1040 offset = eventlog_dissect_element_CloseEventLog_handle(tvb, offset, pinfo, tree, di, drep);
1041 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1042 return offset;
1043 }
1044
1045 static int
1046 eventlog_dissect_element_DeregisterEventSource_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1047 {
1048 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_DeregisterEventSource_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_DeregisterEventSource_handle);
1049
1050 return offset;
1051 }
1052
1053 static int
1054 eventlog_dissect_element_DeregisterEventSource_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1055 {
1056 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_DeregisterEventSource_handle, 0);
1057
1058 return offset;
1059 }
1060
1061 /* IDL: NTSTATUS eventlog_DeregisterEventSource( */
1062 /* IDL: [out] [ref] [in] policy_handle *handle */
1063 /* IDL: ); */
1064
1065 static int
1066 eventlog_dissect_DeregisterEventSource_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1067 {
1068 guint32 status;
1069
1070 pinfo->dcerpc_procedure_name="DeregisterEventSource";
1071 offset = eventlog_dissect_element_DeregisterEventSource_handle(tvb, offset, pinfo, tree, di, drep);
1072 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1073
1074 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1075
1076 if (status != 0)
1077 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, NT_errors, "Unknown NT status 0x%08x"));
1078
1079 return offset;
1080 }
1081
1082 static int
1083 eventlog_dissect_DeregisterEventSource_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1084 {
1085 pinfo->dcerpc_procedure_name="DeregisterEventSource";
1086 offset = eventlog_dissect_element_DeregisterEventSource_handle(tvb, offset, pinfo, tree, di, drep);
1087 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1088 return offset;
1089 }
1090
1091 static int
1092 eventlog_dissect_element_GetNumRecords_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1093 {
1094 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_GetNumRecords_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_GetNumRecords_handle);
1095
1096 return offset;
1097 }
1098
1099 static int
1100 eventlog_dissect_element_GetNumRecords_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1101 {
1102 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_GetNumRecords_handle, 0);
1103
1104 return offset;
1105 }
1106
1107 static int
1108 eventlog_dissect_element_GetNumRecords_number(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1109 {
1110 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_GetNumRecords_number_, NDR_POINTER_REF, "Pointer to Number (uint32)",hf_eventlog_eventlog_GetNumRecords_number);
1111
1112 return offset;
1113 }
1114
1115 static int
1116 eventlog_dissect_element_GetNumRecords_number_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1117 {
1118 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_GetNumRecords_number, 0);
1119
1120 return offset;
1121 }
1122
1123 /* IDL: NTSTATUS eventlog_GetNumRecords( */
1124 /* IDL: [ref] [in] policy_handle *handle, */
1125 /* IDL: [out] [ref] uint32 *number */
1126 /* IDL: ); */
1127
1128 static int
1129 eventlog_dissect_GetNumRecords_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1130 {
1131 guint32 status;
1132
1133 pinfo->dcerpc_procedure_name="GetNumRecords";
1134 offset = eventlog_dissect_element_GetNumRecords_number(tvb, offset, pinfo, tree, di, drep);
1135 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1136
1137 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1138
1139 if (status != 0)
1140 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, NT_errors, "Unknown NT status 0x%08x"));
1141
1142 return offset;
1143 }
1144
1145 static int
1146 eventlog_dissect_GetNumRecords_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1147 {
1148 pinfo->dcerpc_procedure_name="GetNumRecords";
1149 offset = eventlog_dissect_element_GetNumRecords_handle(tvb, offset, pinfo, tree, di, drep);
1150 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1151 return offset;
1152 }
1153
1154 static int
1155 eventlog_dissect_element_GetOldestRecord_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1156 {
1157 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_GetOldestRecord_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_GetOldestRecord_handle);
1158
1159 return offset;
1160 }
1161
1162 static int
1163 eventlog_dissect_element_GetOldestRecord_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1164 {
1165 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_GetOldestRecord_handle, 0);
1166
1167 return offset;
1168 }
1169
1170 static int
1171 eventlog_dissect_element_GetOldestRecord_oldest(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1172 {
1173 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_GetOldestRecord_oldest_, NDR_POINTER_REF, "Pointer to Oldest (uint32)",hf_eventlog_eventlog_GetOldestRecord_oldest);
1174
1175 return offset;
1176 }
1177
1178 static int
1179 eventlog_dissect_element_GetOldestRecord_oldest_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1180 {
1181 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_GetOldestRecord_oldest, 0);
1182
1183 return offset;
1184 }
1185
1186 /* IDL: NTSTATUS eventlog_GetOldestRecord( */
1187 /* IDL: [ref] [in] policy_handle *handle, */
1188 /* IDL: [out] [ref] uint32 *oldest */
1189 /* IDL: ); */
1190
1191 static int
1192 eventlog_dissect_GetOldestRecord_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1193 {
1194 guint32 status;
1195
1196 pinfo->dcerpc_procedure_name="GetOldestRecord";
1197 offset = eventlog_dissect_element_GetOldestRecord_oldest(tvb, offset, pinfo, tree, di, drep);
1198 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1199
1200 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1201
1202 if (status != 0)
1203 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, NT_errors, "Unknown NT status 0x%08x"));
1204
1205 return offset;
1206 }
1207
1208 static int
1209 eventlog_dissect_GetOldestRecord_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1210 {
1211 pinfo->dcerpc_procedure_name="GetOldestRecord";
1212 offset = eventlog_dissect_element_GetOldestRecord_handle(tvb, offset, pinfo, tree, di, drep);
1213 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1214 return offset;
1215 }
1216
1217 static int
1218 eventlog_dissect_element_ChangeNotify_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1219 {
1220 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_ChangeNotify_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_ChangeNotify_handle);
1221
1222 return offset;
1223 }
1224
1225 static int
1226 eventlog_dissect_element_ChangeNotify_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1227 {
1228 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ChangeNotify_handle, 0);
1229
1230 return offset;
1231 }
1232
1233 static int
1234 eventlog_dissect_element_ChangeNotify_unknown2(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1235 {
1236 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_ChangeNotify_unknown2_, NDR_POINTER_REF, "Pointer to Unknown2 (eventlog_ChangeUnknown0)",hf_eventlog_eventlog_ChangeNotify_unknown2);
1237
1238 return offset;
1239 }
1240
1241 static int
1242 eventlog_dissect_element_ChangeNotify_unknown2_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1243 {
1244 offset = eventlog_dissect_struct_ChangeUnknown0(tvb,offset,pinfo,tree,di,drep,hf_eventlog_eventlog_ChangeNotify_unknown2,0);
1245
1246 return offset;
1247 }
1248
1249 static int
1250 eventlog_dissect_element_ChangeNotify_unknown3(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1251 {
1252 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ChangeNotify_unknown3, 0);
1253
1254 return offset;
1255 }
1256
1257 /* IDL: NTSTATUS eventlog_ChangeNotify( */
1258 /* IDL: [ref] [in] policy_handle *handle, */
1259 /* IDL: [in] [ref] eventlog_ChangeUnknown0 *unknown2, */
1260 /* IDL: [in] uint32 unknown3 */
1261 /* IDL: ); */
1262
1263 static int
1264 eventlog_dissect_ChangeNotify_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1265 {
1266 guint32 status;
1267
1268 pinfo->dcerpc_procedure_name="ChangeNotify";
1269 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1270
1271 if (status != 0)
1272 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, NT_errors, "Unknown NT status 0x%08x"));
1273
1274 return offset;
1275 }
1276
1277 static int
1278 eventlog_dissect_ChangeNotify_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1279 {
1280 pinfo->dcerpc_procedure_name="ChangeNotify";
1281 offset = eventlog_dissect_element_ChangeNotify_handle(tvb, offset, pinfo, tree, di, drep);
1282 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1283 offset = eventlog_dissect_element_ChangeNotify_unknown2(tvb, offset, pinfo, tree, di, drep);
1284 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1285 offset = eventlog_dissect_element_ChangeNotify_unknown3(tvb, offset, pinfo, tree, di, drep);
1286 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1287 return offset;
1288 }
1289
1290 static int
1291 eventlog_dissect_element_OpenEventLogW_unknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1292 {
1293 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_OpenEventLogW_unknown0_, NDR_POINTER_UNIQUE, "Pointer to Unknown0 (eventlog_OpenUnknown0)",hf_eventlog_eventlog_OpenEventLogW_unknown0);
1294
1295 return offset;
1296 }
1297
1298 static int
1299 eventlog_dissect_element_OpenEventLogW_unknown0_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1300 {
1301 offset = eventlog_dissect_struct_OpenUnknown0(tvb,offset,pinfo,tree,di,drep,hf_eventlog_eventlog_OpenEventLogW_unknown0,0);
1302
1303 return offset;
1304 }
1305
1306 static int
1307 eventlog_dissect_element_OpenEventLogW_Module(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1308 {
1309 offset = eventlog_dissect_struct_lsa_String(tvb,offset,pinfo,tree,di,drep,hf_eventlog_eventlog_OpenEventLogW_Module,0);
1310
1311 return offset;
1312 }
1313
1314 static int
1315 eventlog_dissect_element_OpenEventLogW_RegModuleName(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1316 {
1317 offset = eventlog_dissect_struct_lsa_String(tvb,offset,pinfo,tree,di,drep,hf_eventlog_eventlog_OpenEventLogW_RegModuleName,0);
1318
1319 return offset;
1320 }
1321
1322 static int
1323 eventlog_dissect_element_OpenEventLogW_MajorVersion(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1324 {
1325 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_OpenEventLogW_MajorVersion, 0);
1326
1327 return offset;
1328 }
1329
1330 static int
1331 eventlog_dissect_element_OpenEventLogW_MinorVersion(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1332 {
1333 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_OpenEventLogW_MinorVersion, 0);
1334
1335 return offset;
1336 }
1337
1338 static int
1339 eventlog_dissect_element_OpenEventLogW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1340 {
1341 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_OpenEventLogW_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_OpenEventLogW_handle);
1342
1343 return offset;
1344 }
1345
1346 static int
1347 eventlog_dissect_element_OpenEventLogW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1348 {
1349 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_OpenEventLogW_handle, PIDL_POLHND_OPEN);
1350
1351 return offset;
1352 }
1353
1354 /* IDL: NTSTATUS eventlog_OpenEventLogW( */
1355 /* IDL: [unique(1)] [in] eventlog_OpenUnknown0 *unknown0, */
1356 /* IDL: [in] lsa_String Module, */
1357 /* IDL: [in] lsa_String RegModuleName, */
1358 /* IDL: [in] uint32 MajorVersion, */
1359 /* IDL: [in] uint32 MinorVersion, */
1360 /* IDL: [out] [ref] policy_handle *handle */
1361 /* IDL: ); */
1362
1363 static int
1364 eventlog_dissect_OpenEventLogW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1365 {
1366 guint32 status;
1367
1368 pinfo->dcerpc_procedure_name="OpenEventLogW";
1369 offset = eventlog_dissect_element_OpenEventLogW_handle(tvb, offset, pinfo, tree, di, drep);
1370 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1371
1372 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1373
1374 if (status != 0)
1375 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, NT_errors, "Unknown NT status 0x%08x"));
1376
1377 return offset;
1378 }
1379
1380 static int
1381 eventlog_dissect_OpenEventLogW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1382 {
1383 pinfo->dcerpc_procedure_name="OpenEventLogW";
1384 offset = eventlog_dissect_element_OpenEventLogW_unknown0(tvb, offset, pinfo, tree, di, drep);
1385 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1386 offset = eventlog_dissect_element_OpenEventLogW_Module(tvb, offset, pinfo, tree, di, drep);
1387 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1388 offset = eventlog_dissect_element_OpenEventLogW_RegModuleName(tvb, offset, pinfo, tree, di, drep);
1389 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1390 offset = eventlog_dissect_element_OpenEventLogW_MajorVersion(tvb, offset, pinfo, tree, di, drep);
1391 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1392 offset = eventlog_dissect_element_OpenEventLogW_MinorVersion(tvb, offset, pinfo, tree, di, drep);
1393 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1394 return offset;
1395 }
1396
1397 static int
1398 eventlog_dissect_element_RegisterEventSourceW_unknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1399 {
1400 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_RegisterEventSourceW_unknown0_, NDR_POINTER_UNIQUE, "Pointer to Unknown0 (eventlog_OpenUnknown0)",hf_eventlog_eventlog_RegisterEventSourceW_unknown0);
1401
1402 return offset;
1403 }
1404
1405 static int
1406 eventlog_dissect_element_RegisterEventSourceW_unknown0_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1407 {
1408 offset = eventlog_dissect_struct_OpenUnknown0(tvb,offset,pinfo,tree,di,drep,hf_eventlog_eventlog_RegisterEventSourceW_unknown0,0);
1409
1410 return offset;
1411 }
1412
1413 static int
1414 eventlog_dissect_element_RegisterEventSourceW_logname(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1415 {
1416 offset = eventlog_dissect_struct_lsa_String(tvb,offset,pinfo,tree,di,drep,hf_eventlog_eventlog_RegisterEventSourceW_logname,0);
1417
1418 return offset;
1419 }
1420
1421 static int
1422 eventlog_dissect_element_RegisterEventSourceW_servername(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1423 {
1424 offset = eventlog_dissect_struct_lsa_String(tvb,offset,pinfo,tree,di,drep,hf_eventlog_eventlog_RegisterEventSourceW_servername,0);
1425
1426 return offset;
1427 }
1428
1429 static int
1430 eventlog_dissect_element_RegisterEventSourceW_unknown2(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1431 {
1432 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_RegisterEventSourceW_unknown2, 0);
1433
1434 return offset;
1435 }
1436
1437 static int
1438 eventlog_dissect_element_RegisterEventSourceW_unknown3(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1439 {
1440 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_RegisterEventSourceW_unknown3, 0);
1441
1442 return offset;
1443 }
1444
1445 static int
1446 eventlog_dissect_element_RegisterEventSourceW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1447 {
1448 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_RegisterEventSourceW_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_RegisterEventSourceW_handle);
1449
1450 return offset;
1451 }
1452
1453 static int
1454 eventlog_dissect_element_RegisterEventSourceW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1455 {
1456 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_RegisterEventSourceW_handle, 0);
1457
1458 return offset;
1459 }
1460
1461 /* IDL: NTSTATUS eventlog_RegisterEventSourceW( */
1462 /* IDL: [unique(1)] [in] eventlog_OpenUnknown0 *unknown0, */
1463 /* IDL: [in] lsa_String logname, */
1464 /* IDL: [in] lsa_String servername, */
1465 /* IDL: [in] uint32 unknown2, */
1466 /* IDL: [in] uint32 unknown3, */
1467 /* IDL: [out] [ref] policy_handle *handle */
1468 /* IDL: ); */
1469
1470 static int
1471 eventlog_dissect_RegisterEventSourceW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1472 {
1473 guint32 status;
1474
1475 pinfo->dcerpc_procedure_name="RegisterEventSourceW";
1476 offset = eventlog_dissect_element_RegisterEventSourceW_handle(tvb, offset, pinfo, tree, di, drep);
1477 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1478
1479 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1480
1481 if (status != 0)
1482 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, NT_errors, "Unknown NT status 0x%08x"));
1483
1484 return offset;
1485 }
1486
1487 static int
1488 eventlog_dissect_RegisterEventSourceW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1489 {
1490 pinfo->dcerpc_procedure_name="RegisterEventSourceW";
1491 offset = eventlog_dissect_element_RegisterEventSourceW_unknown0(tvb, offset, pinfo, tree, di, drep);
1492 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1493 offset = eventlog_dissect_element_RegisterEventSourceW_logname(tvb, offset, pinfo, tree, di, drep);
1494 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1495 offset = eventlog_dissect_element_RegisterEventSourceW_servername(tvb, offset, pinfo, tree, di, drep);
1496 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1497 offset = eventlog_dissect_element_RegisterEventSourceW_unknown2(tvb, offset, pinfo, tree, di, drep);
1498 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1499 offset = eventlog_dissect_element_RegisterEventSourceW_unknown3(tvb, offset, pinfo, tree, di, drep);
1500 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1501 return offset;
1502 }
1503
1504 static int
1505 eventlog_dissect_element_OpenBackupEventLogW_unknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1506 {
1507 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_OpenBackupEventLogW_unknown0_, NDR_POINTER_UNIQUE, "Pointer to Unknown0 (eventlog_OpenUnknown0)",hf_eventlog_eventlog_OpenBackupEventLogW_unknown0);
1508
1509 return offset;
1510 }
1511
1512 static int
1513 eventlog_dissect_element_OpenBackupEventLogW_unknown0_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1514 {
1515 offset = eventlog_dissect_struct_OpenUnknown0(tvb,offset,pinfo,tree,di,drep,hf_eventlog_eventlog_OpenBackupEventLogW_unknown0,0);
1516
1517 return offset;
1518 }
1519
1520 static int
1521 eventlog_dissect_element_OpenBackupEventLogW_logname(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1522 {
1523 offset = eventlog_dissect_struct_lsa_String(tvb,offset,pinfo,tree,di,drep,hf_eventlog_eventlog_OpenBackupEventLogW_logname,0);
1524
1525 return offset;
1526 }
1527
1528 static int
1529 eventlog_dissect_element_OpenBackupEventLogW_unknown2(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1530 {
1531 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_OpenBackupEventLogW_unknown2, 0);
1532
1533 return offset;
1534 }
1535
1536 static int
1537 eventlog_dissect_element_OpenBackupEventLogW_unknown3(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1538 {
1539 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_OpenBackupEventLogW_unknown3, 0);
1540
1541 return offset;
1542 }
1543
1544 static int
1545 eventlog_dissect_element_OpenBackupEventLogW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1546 {
1547 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_OpenBackupEventLogW_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_OpenBackupEventLogW_handle);
1548
1549 return offset;
1550 }
1551
1552 static int
1553 eventlog_dissect_element_OpenBackupEventLogW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1554 {
1555 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_OpenBackupEventLogW_handle, PIDL_POLHND_OPEN);
1556
1557 return offset;
1558 }
1559
1560 /* IDL: NTSTATUS eventlog_OpenBackupEventLogW( */
1561 /* IDL: [unique(1)] [in] eventlog_OpenUnknown0 *unknown0, */
1562 /* IDL: [in] lsa_String logname, */
1563 /* IDL: [in] uint32 unknown2, */
1564 /* IDL: [in] uint32 unknown3, */
1565 /* IDL: [out] [ref] policy_handle *handle */
1566 /* IDL: ); */
1567
1568 static int
1569 eventlog_dissect_OpenBackupEventLogW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1570 {
1571 guint32 status;
1572
1573 pinfo->dcerpc_procedure_name="OpenBackupEventLogW";
1574 offset = eventlog_dissect_element_OpenBackupEventLogW_handle(tvb, offset, pinfo, tree, di, drep);
1575 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1576
1577 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1578
1579 if (status != 0)
1580 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, NT_errors, "Unknown NT status 0x%08x"));
1581
1582 return offset;
1583 }
1584
1585 static int
1586 eventlog_dissect_OpenBackupEventLogW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1587 {
1588 pinfo->dcerpc_procedure_name="OpenBackupEventLogW";
1589 offset = eventlog_dissect_element_OpenBackupEventLogW_unknown0(tvb, offset, pinfo, tree, di, drep);
1590 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1591 offset = eventlog_dissect_element_OpenBackupEventLogW_logname(tvb, offset, pinfo, tree, di, drep);
1592 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1593 offset = eventlog_dissect_element_OpenBackupEventLogW_unknown2(tvb, offset, pinfo, tree, di, drep);
1594 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1595 offset = eventlog_dissect_element_OpenBackupEventLogW_unknown3(tvb, offset, pinfo, tree, di, drep);
1596 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1597 return offset;
1598 }
1599
1600 static int
1601 eventlog_dissect_element_ReadEventLogW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1602 {
1603 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_ReadEventLogW_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_ReadEventLogW_handle);
1604
1605 return offset;
1606 }
1607
1608 static int
1609 eventlog_dissect_element_ReadEventLogW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1610 {
1611 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReadEventLogW_handle, 0);
1612
1613 return offset;
1614 }
1615
1616 static int
1617 eventlog_dissect_element_ReadEventLogW_flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1618 {
1619 offset = eventlog_dissect_bitmap_eventlogReadFlags(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReadEventLogW_flags, 0);
1620
1621 return offset;
1622 }
1623
1624 static int
1625 eventlog_dissect_element_ReadEventLogW_offset(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1626 {
1627 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReadEventLogW_offset, 0);
1628
1629 return offset;
1630 }
1631
1632 static int
1633 eventlog_dissect_element_ReadEventLogW_number_of_bytes(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1634 {
1635 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReadEventLogW_number_of_bytes, 0);
1636
1637 return offset;
1638 }
1639
1640 static int
1641 eventlog_dissect_element_ReadEventLogW_data(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1642 {
1643 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_ReadEventLogW_data_, NDR_POINTER_REF, "Pointer to Data (uint8)",hf_eventlog_eventlog_ReadEventLogW_data);
1644
1645 return offset;
1646 }
1647
1648 static int
1649 eventlog_dissect_element_ReadEventLogW_data__(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1650 {
1651 offset = PIDL_dissect_uint8(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReadEventLogW_data, 0);
1652
1653 return offset;
1654 }
1655
1656 static int
1657 eventlog_dissect_element_ReadEventLogW_sent_size(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1658 {
1659 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_ReadEventLogW_sent_size_, NDR_POINTER_REF, "Pointer to Sent Size (uint32)",hf_eventlog_eventlog_ReadEventLogW_sent_size);
1660
1661 return offset;
1662 }
1663
1664 static int
1665 eventlog_dissect_element_ReadEventLogW_sent_size_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1666 {
1667 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReadEventLogW_sent_size, 0);
1668
1669 return offset;
1670 }
1671
1672 static int
1673 eventlog_dissect_element_ReadEventLogW_real_size(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1674 {
1675 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_ReadEventLogW_real_size_, NDR_POINTER_REF, "Pointer to Real Size (uint32)",hf_eventlog_eventlog_ReadEventLogW_real_size);
1676
1677 return offset;
1678 }
1679
1680 static int
1681 eventlog_dissect_element_ReadEventLogW_real_size_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1682 {
1683 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReadEventLogW_real_size, 0);
1684
1685 return offset;
1686 }
1687
1688 /* IDL: NTSTATUS eventlog_ReadEventLogW( */
1689 /* IDL: [ref] [in] policy_handle *handle, */
1690 /* IDL: [in] eventlogReadFlags flags, */
1691 /* IDL: [in] uint32 offset, */
1692 /* IDL: [in] uint32 number_of_bytes, */
1693 /* IDL: [out] [ref] [size_is(number_of_bytes)] uint8 *data, */
1694 /* IDL: [out] [ref] uint32 *sent_size, */
1695 /* IDL: [out] [ref] uint32 *real_size */
1696 /* IDL: ); */
1697
1698 static int
1699 eventlog_dissect_ReadEventLogW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1700 {
1701 guint32 status;
1702
1703 pinfo->dcerpc_procedure_name="ReadEventLogW";
1704 offset = eventlog_dissect_element_ReadEventLogW_data(tvb, offset, pinfo, tree, di, drep);
1705 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1706
1707 offset = eventlog_dissect_element_ReadEventLogW_sent_size(tvb, offset, pinfo, tree, di, drep);
1708 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1709
1710 offset = eventlog_dissect_element_ReadEventLogW_real_size(tvb, offset, pinfo, tree, di, drep);
1711 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1712
1713 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1714
1715 if (status != 0)
1716 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, NT_errors, "Unknown NT status 0x%08x"));
1717
1718 return offset;
1719 }
1720
1721 static int
1722 eventlog_dissect_ReadEventLogW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1723 {
1724 pinfo->dcerpc_procedure_name="ReadEventLogW";
1725 offset = eventlog_dissect_element_ReadEventLogW_handle(tvb, offset, pinfo, tree, di, drep);
1726 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1727 offset = eventlog_dissect_element_ReadEventLogW_flags(tvb, offset, pinfo, tree, di, drep);
1728 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1729 offset = eventlog_dissect_element_ReadEventLogW_offset(tvb, offset, pinfo, tree, di, drep);
1730 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1731 offset = eventlog_dissect_element_ReadEventLogW_number_of_bytes(tvb, offset, pinfo, tree, di, drep);
1732 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1733 return offset;
1734 }
1735
1736 static int
1737 eventlog_dissect_element_ReportEventW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1738 {
1739 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_ReportEventW_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_ReportEventW_handle);
1740
1741 return offset;
1742 }
1743
1744 static int
1745 eventlog_dissect_element_ReportEventW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1746 {
1747 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReportEventW_handle, 0);
1748
1749 return offset;
1750 }
1751
1752 static int
1753 eventlog_dissect_element_ReportEventW_time(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1754 {
1755 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReportEventW_time, 0);
1756
1757 return offset;
1758 }
1759
1760 static int
1761 eventlog_dissect_element_ReportEventW_Type(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1762 {
1763 offset = eventlog_dissect_bitmap_eventlogEventTypes(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReportEventW_Type, 0);
1764
1765 return offset;
1766 }
1767
1768 static int
1769 eventlog_dissect_element_ReportEventW_event_category(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1770 {
1771 offset = PIDL_dissect_uint16(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReportEventW_event_category, 0);
1772
1773 return offset;
1774 }
1775
1776 static int
1777 eventlog_dissect_element_ReportEventW_event_id(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1778 {
1779 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReportEventW_event_id, 0);
1780
1781 return offset;
1782 }
1783
1784 static int
1785 eventlog_dissect_element_ReportEventW_num_of_strings(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1786 {
1787 offset = PIDL_dissect_uint16(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReportEventW_num_of_strings, 0);
1788
1789 return offset;
1790 }
1791
1792 static int
1793 eventlog_dissect_element_ReportEventW_data_length(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1794 {
1795 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReportEventW_data_length, 0);
1796
1797 return offset;
1798 }
1799
1800 static int
1801 eventlog_dissect_element_ReportEventW_computer_name(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1802 {
1803 offset = eventlog_dissect_struct_lsa_String(tvb,offset,pinfo,tree,di,drep,hf_eventlog_eventlog_ReportEventW_computer_name,0);
1804
1805 return offset;
1806 }
1807
1808 /* IDL: NTSTATUS eventlog_ReportEventW( */
1809 /* IDL: [ref] [in] policy_handle *handle, */
1810 /* IDL: [in] uint32 time, */
1811 /* IDL: [in] eventlogEventTypes Type, */
1812 /* IDL: [in] uint16 event_category, */
1813 /* IDL: [in] uint32 event_id, */
1814 /* IDL: [in] uint16 num_of_strings, */
1815 /* IDL: [in] uint32 data_length, */
1816 /* IDL: [in] lsa_String computer_name */
1817 /* IDL: ); */
1818
1819 static int
1820 eventlog_dissect_ReportEventW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1821 {
1822 guint32 status;
1823
1824 pinfo->dcerpc_procedure_name="ReportEventW";
1825 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1826
1827 if (status != 0)
1828 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, NT_errors, "Unknown NT status 0x%08x"));
1829
1830 return offset;
1831 }
1832
1833 static int
1834 eventlog_dissect_ReportEventW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1835 {
1836 pinfo->dcerpc_procedure_name="ReportEventW";
1837 offset = eventlog_dissect_element_ReportEventW_handle(tvb, offset, pinfo, tree, di, drep);
1838 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1839 offset = eventlog_dissect_element_ReportEventW_time(tvb, offset, pinfo, tree, di, drep);
1840 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1841 offset = eventlog_dissect_element_ReportEventW_Type(tvb, offset, pinfo, tree, di, drep);
1842 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1843 offset = eventlog_dissect_element_ReportEventW_event_category(tvb, offset, pinfo, tree, di, drep);
1844 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1845 offset = eventlog_dissect_element_ReportEventW_event_id(tvb, offset, pinfo, tree, di, drep);
1846 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1847 offset = eventlog_dissect_element_ReportEventW_num_of_strings(tvb, offset, pinfo, tree, di, drep);
1848 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1849 offset = eventlog_dissect_element_ReportEventW_data_length(tvb, offset, pinfo, tree, di, drep);
1850 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1851 offset = eventlog_dissect_element_ReportEventW_computer_name(tvb, offset, pinfo, tree, di, drep);
1852 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1853 return offset;
1854 }
1855
1856 /* IDL: NTSTATUS eventlog_ClearEventLogA( */
1857 /* IDL: */
1858 /* IDL: ); */
1859
1860 static int
1861 eventlog_dissect_ClearEventLogA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1862 {
1863 guint32 status;
1864
1865 pinfo->dcerpc_procedure_name="ClearEventLogA";
1866 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1867
1868 if (status != 0)
1869 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, NT_errors, "Unknown NT status 0x%08x"));
1870
1871 return offset;
1872 }
1873
1874 static int
1875 eventlog_dissect_ClearEventLogA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1876 {
1877 pinfo->dcerpc_procedure_name="ClearEventLogA";
1878 return offset;
1879 }
1880
1881 /* IDL: NTSTATUS eventlog_BackupEventLogA( */
1882 /* IDL: */
1883 /* IDL: ); */
1884
1885 static int
1886 eventlog_dissect_BackupEventLogA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1887 {
1888 guint32 status;
1889
1890 pinfo->dcerpc_procedure_name="BackupEventLogA";
1891 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1892
1893 if (status != 0)
1894 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, NT_errors, "Unknown NT status 0x%08x"));
1895
1896 return offset;
1897 }
1898
1899 static int
1900 eventlog_dissect_BackupEventLogA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1901 {
1902 pinfo->dcerpc_procedure_name="BackupEventLogA";
1903 return offset;
1904 }
1905
1906 /* IDL: NTSTATUS eventlog_OpenEventLogA( */
1907 /* IDL: */
1908 /* IDL: ); */
1909
1910 static int
1911 eventlog_dissect_OpenEventLogA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1912 {
1913 guint32 status;
1914
1915 pinfo->dcerpc_procedure_name="OpenEventLogA";
1916 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1917
1918 if (status != 0)
1919 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, NT_errors, "Unknown NT status 0x%08x"));
1920
1921 return offset;
1922 }
1923
1924 static int
1925 eventlog_dissect_OpenEventLogA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1926 {
1927 pinfo->dcerpc_procedure_name="OpenEventLogA";
1928 return offset;
1929 }
1930
1931 /* IDL: NTSTATUS eventlog_RegisterEventSourceA( */
1932 /* IDL: */
1933 /* IDL: ); */
1934
1935 static int
1936 eventlog_dissect_RegisterEventSourceA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1937 {
1938 guint32 status;
1939
1940 pinfo->dcerpc_procedure_name="RegisterEventSourceA";
1941 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1942
1943 if (status != 0)
1944 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, NT_errors, "Unknown NT status 0x%08x"));
1945
1946 return offset;
1947 }
1948
1949 static int
1950 eventlog_dissect_RegisterEventSourceA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1951 {
1952 pinfo->dcerpc_procedure_name="RegisterEventSourceA";
1953 return offset;
1954 }
1955
1956 /* IDL: NTSTATUS eventlog_OpenBackupEventLogA( */
1957 /* IDL: */
1958 /* IDL: ); */
1959
1960 static int
1961 eventlog_dissect_OpenBackupEventLogA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1962 {
1963 guint32 status;
1964
1965 pinfo->dcerpc_procedure_name="OpenBackupEventLogA";
1966 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1967
1968 if (status != 0)
1969 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, NT_errors, "Unknown NT status 0x%08x"));
1970
1971 return offset;
1972 }
1973
1974 static int
1975 eventlog_dissect_OpenBackupEventLogA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1976 {
1977 pinfo->dcerpc_procedure_name="OpenBackupEventLogA";
1978 return offset;
1979 }
1980
1981 /* IDL: NTSTATUS eventlog_ReadEventLogA( */
1982 /* IDL: */
1983 /* IDL: ); */
1984
1985 static int
1986 eventlog_dissect_ReadEventLogA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
1987 {
1988 guint32 status;
1989
1990 pinfo->dcerpc_procedure_name="ReadEventLogA";
1991 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1992
1993 if (status != 0)
1994 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, NT_errors, "Unknown NT status 0x%08x"));
1995
1996 return offset;
1997 }
1998
1999 static int
2000 eventlog_dissect_ReadEventLogA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
2001 {
2002 pinfo->dcerpc_procedure_name="ReadEventLogA";
2003 return offset;
2004 }
2005
2006 /* IDL: NTSTATUS eventlog_ReportEventA( */
2007 /* IDL: */
2008 /* IDL: ); */
2009
2010 static int
2011 eventlog_dissect_ReportEventA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
2012 {
2013 guint32 status;
2014
2015 pinfo->dcerpc_procedure_name="ReportEventA";
2016 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
2017
2018 if (status != 0)
2019 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, NT_errors, "Unknown NT status 0x%08x"));
2020
2021 return offset;
2022 }
2023
2024 static int
2025 eventlog_dissect_ReportEventA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
2026 {
2027 pinfo->dcerpc_procedure_name="ReportEventA";
2028 return offset;
2029 }
2030
2031 /* IDL: NTSTATUS eventlog_RegisterClusterSvc( */
2032 /* IDL: */
2033 /* IDL: ); */
2034
2035 static int
2036 eventlog_dissect_RegisterClusterSvc_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
2037 {
2038 guint32 status;
2039
2040 pinfo->dcerpc_procedure_name="RegisterClusterSvc";
2041 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
2042
2043 if (status != 0)
2044 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, NT_errors, "Unknown NT status 0x%08x"));
2045
2046 return offset;
2047 }
2048
2049 static int
2050 eventlog_dissect_RegisterClusterSvc_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
2051 {
2052 pinfo->dcerpc_procedure_name="RegisterClusterSvc";
2053 return offset;
2054 }
2055
2056 /* IDL: NTSTATUS eventlog_DeregisterClusterSvc( */
2057 /* IDL: */
2058 /* IDL: ); */
2059
2060 static int
2061 eventlog_dissect_DeregisterClusterSvc_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
2062 {
2063 guint32 status;
2064
2065 pinfo->dcerpc_procedure_name="DeregisterClusterSvc";
2066 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
2067
2068 if (status != 0)
2069 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, NT_errors, "Unknown NT status 0x%08x"));
2070
2071 return offset;
2072 }
2073
2074 static int
2075 eventlog_dissect_DeregisterClusterSvc_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
2076 {
2077 pinfo->dcerpc_procedure_name="DeregisterClusterSvc";
2078 return offset;
2079 }
2080
2081 /* IDL: NTSTATUS eventlog_WriteClusterEvents( */
2082 /* IDL: */
2083 /* IDL: ); */
2084
2085 static int
2086 eventlog_dissect_WriteClusterEvents_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
2087 {
2088 guint32 status;
2089
2090 pinfo->dcerpc_procedure_name="WriteClusterEvents";
2091 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
2092
2093 if (status != 0)
2094 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, NT_errors, "Unknown NT status 0x%08x"));
2095
2096 return offset;
2097 }
2098
2099 static int
2100 eventlog_dissect_WriteClusterEvents_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
2101 {
2102 pinfo->dcerpc_procedure_name="WriteClusterEvents";
2103 return offset;
2104 }
2105
2106 static int
2107 eventlog_dissect_element_GetLogIntormation_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
2108 {
2109 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_GetLogIntormation_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_GetLogIntormation_handle);
2110
2111 return offset;
2112 }
2113
2114 static int
2115 eventlog_dissect_element_GetLogIntormation_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
2116 {
2117 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_GetLogIntormation_handle, 0);
2118
2119 return offset;
2120 }
2121
2122 static int
2123 eventlog_dissect_element_GetLogIntormation_dwInfoLevel(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
2124 {
2125 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_GetLogIntormation_dwInfoLevel, 0);
2126
2127 return offset;
2128 }
2129
2130 static int
2131 eventlog_dissect_element_GetLogIntormation_lpBuffer(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
2132 {
2133 offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_GetLogIntormation_lpBuffer_);
2134
2135 return offset;
2136 }
2137
2138 static int
2139 eventlog_dissect_element_GetLogIntormation_lpBuffer_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
2140 {
2141 offset = PIDL_dissect_uint8(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_GetLogIntormation_lpBuffer, 0);
2142
2143 return offset;
2144 }
2145
2146 static int
2147 eventlog_dissect_element_GetLogIntormation_cbBufSize(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
2148 {
2149 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_GetLogIntormation_cbBufSize, 0);
2150
2151 return offset;
2152 }
2153
2154 static int
2155 eventlog_dissect_element_GetLogIntormation_cbBytesNeeded(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
2156 {
2157 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_GetLogIntormation_cbBytesNeeded_, NDR_POINTER_REF, "Pointer to Cbbytesneeded (int32)",hf_eventlog_eventlog_GetLogIntormation_cbBytesNeeded);
2158
2159 return offset;
2160 }
2161
2162 static int
2163 eventlog_dissect_element_GetLogIntormation_cbBytesNeeded_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
2164 {
2165 offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_GetLogIntormation_cbBytesNeeded, 0);
2166
2167 return offset;
2168 }
2169
2170 /* IDL: NTSTATUS eventlog_GetLogIntormation( */
2171 /* IDL: [ref] [in] policy_handle *handle, */
2172 /* IDL: [in] uint32 dwInfoLevel, */
2173 /* IDL: [out] [size_is(cbBufSize)] uint8 lpBuffer[*], */
2174 /* IDL: [in] uint32 cbBufSize, */
2175 /* IDL: [out] [ref] int32 *cbBytesNeeded */
2176 /* IDL: ); */
2177
2178 static int
2179 eventlog_dissect_GetLogIntormation_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
2180 {
2181 guint32 status;
2182
2183 pinfo->dcerpc_procedure_name="GetLogIntormation";
2184 offset = eventlog_dissect_element_GetLogIntormation_lpBuffer(tvb, offset, pinfo, tree, di, drep);
2185 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
2186
2187 offset = eventlog_dissect_element_GetLogIntormation_cbBytesNeeded(tvb, offset, pinfo, tree, di, drep);
2188 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
2189
2190 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
2191
2192 if (status != 0)
2193 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, NT_errors, "Unknown NT status 0x%08x"));
2194
2195 return offset;
2196 }
2197
2198 static int
2199 eventlog_dissect_GetLogIntormation_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
2200 {
2201 pinfo->dcerpc_procedure_name="GetLogIntormation";
2202 offset = eventlog_dissect_element_GetLogIntormation_handle(tvb, offset, pinfo, tree, di, drep);
2203 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
2204 offset = eventlog_dissect_element_GetLogIntormation_dwInfoLevel(tvb, offset, pinfo, tree, di, drep);
2205 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
2206 offset = eventlog_dissect_element_GetLogIntormation_cbBufSize(tvb, offset, pinfo, tree, di, drep);
2207 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
2208 return offset;
2209 }
2210
2211 static int
2212 eventlog_dissect_element_FlushEventLog_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
2213 {
2214 offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_FlushEventLog_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_FlushEventLog_handle);
2215
2216 return offset;
2217 }
2218
2219 static int
2220 eventlog_dissect_element_FlushEventLog_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
2221 {
2222 offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_FlushEventLog_handle, 0);
2223
2224 return offset;
2225 }
2226
2227 /* IDL: NTSTATUS eventlog_FlushEventLog( */
2228 /* IDL: [ref] [in] policy_handle *handle */
2229 /* IDL: ); */
2230
2231 static int
2232 eventlog_dissect_FlushEventLog_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
2233 {
2234 guint32 status;
2235
2236 pinfo->dcerpc_procedure_name="FlushEventLog";
2237 offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
2238
2239 if (status != 0)
2240 col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str(status, NT_errors, "Unknown NT status 0x%08x"));
2241
2242 return offset;
2243 }
2244
2245 static int
2246 eventlog_dissect_FlushEventLog_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, guint8 *drep _U_)
2247 {
2248 pinfo->dcerpc_procedure_name="FlushEventLog";
2249 offset = eventlog_dissect_element_FlushEventLog_handle(tvb, offset, pinfo, tree, di, drep);
2250 offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
2251 return offset;
2252 }
2253
2254
2255 static dcerpc_sub_dissector eventlog_dissectors[] = {
2256 { 0, "ClearEventLogW",
2257 eventlog_dissect_ClearEventLogW_request, eventlog_dissect_ClearEventLogW_response},
2258 { 1, "BackupEventLogW",
2259 eventlog_dissect_BackupEventLogW_request, eventlog_dissect_BackupEventLogW_response},
2260 { 2, "CloseEventLog",
2261 eventlog_dissect_CloseEventLog_request, eventlog_dissect_CloseEventLog_response},
2262 { 3, "DeregisterEventSource",
2263 eventlog_dissect_DeregisterEventSource_request, eventlog_dissect_DeregisterEventSource_response},
2264 { 4, "GetNumRecords",
2265 eventlog_dissect_GetNumRecords_request, eventlog_dissect_GetNumRecords_response},
2266 { 5, "GetOldestRecord",
2267 eventlog_dissect_GetOldestRecord_request, eventlog_dissect_GetOldestRecord_response},
2268 { 6, "ChangeNotify",
2269 eventlog_dissect_ChangeNotify_request, eventlog_dissect_ChangeNotify_response},
2270 { 7, "OpenEventLogW",
2271 eventlog_dissect_OpenEventLogW_request, eventlog_dissect_OpenEventLogW_response},
2272 { 8, "RegisterEventSourceW",
2273 eventlog_dissect_RegisterEventSourceW_request, eventlog_dissect_RegisterEventSourceW_response},
2274 { 9, "OpenBackupEventLogW",
2275 eventlog_dissect_OpenBackupEventLogW_request, eventlog_dissect_OpenBackupEventLogW_response},
2276 { 10, "ReadEventLogW",
2277 eventlog_dissect_ReadEventLogW_request, eventlog_dissect_ReadEventLogW_response},
2278 { 11, "ReportEventW",
2279 eventlog_dissect_ReportEventW_request, eventlog_dissect_ReportEventW_response},
2280 { 12, "ClearEventLogA",
2281 eventlog_dissect_ClearEventLogA_request, eventlog_dissect_ClearEventLogA_response},
2282 { 13, "BackupEventLogA",
2283 eventlog_dissect_BackupEventLogA_request, eventlog_dissect_BackupEventLogA_response},
2284 { 14, "OpenEventLogA",
2285 eventlog_dissect_OpenEventLogA_request, eventlog_dissect_OpenEventLogA_response},
2286 { 15, "RegisterEventSourceA",
2287 eventlog_dissect_RegisterEventSourceA_request, eventlog_dissect_RegisterEventSourceA_response},
2288 { 16, "OpenBackupEventLogA",
2289 eventlog_dissect_OpenBackupEventLogA_request, eventlog_dissect_OpenBackupEventLogA_response},
2290 { 17, "ReadEventLogA",
2291 eventlog_dissect_ReadEventLogA_request, eventlog_dissect_ReadEventLogA_response},
2292 { 18, "ReportEventA",
2293 eventlog_dissect_ReportEventA_request, eventlog_dissect_ReportEventA_response},
2294 { 19, "RegisterClusterSvc",
2295 eventlog_dissect_RegisterClusterSvc_request, eventlog_dissect_RegisterClusterSvc_response},
2296 { 20, "DeregisterClusterSvc",
2297 eventlog_dissect_DeregisterClusterSvc_request, eventlog_dissect_DeregisterClusterSvc_response},
2298 { 21, "WriteClusterEvents",
2299 eventlog_dissect_WriteClusterEvents_request, eventlog_dissect_WriteClusterEvents_response},
2300 { 22, "GetLogIntormation",
2301 eventlog_dissect_GetLogIntormation_request, eventlog_dissect_GetLogIntormation_response},
2302 { 23, "FlushEventLog",
2303 eventlog_dissect_FlushEventLog_request, eventlog_dissect_FlushEventLog_response},
2304 { 0, NULL, NULL, NULL }
2305 };
2306
2307 void proto_register_dcerpc_eventlog(void)
2308 {
2309 static hf_register_info hf[] = {
2310 { &hf_eventlog_eventlog_GetLogIntormation_dwInfoLevel,
2311 { "Dwinfolevel", "eventlog.eventlog_GetLogIntormation.dwInfoLevel", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2312 { &hf_eventlog_Record_computer_name,
2313 { "Computer Name", "eventlog.Record.computer_name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2314 { &hf_eventlog_eventlog_OpenEventLogW_unknown0,
2315 { "Unknown0", "eventlog.eventlog_OpenEventLogW.unknown0", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
2316 { &hf_eventlog_eventlog_Record_computer_name,
2317 { "Computer Name", "eventlog.eventlog_Record.computer_name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2318 { &hf_eventlog_eventlog_RegisterEventSourceW_handle,
2319 { "Handle", "eventlog.eventlog_RegisterEventSourceW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2320 { &hf_eventlog_eventlog_GetNumRecords_handle,
2321 { "Handle", "eventlog.eventlog_GetNumRecords.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2322 { &hf_eventlog_eventlogEventTypes_EVENTLOG_WARNING_TYPE,
2323 { "Eventlog Warning Type", "eventlog.eventlogEventTypes.EVENTLOG_WARNING_TYPE", FT_BOOLEAN, 32, TFS(&eventlogEventTypes_EVENTLOG_WARNING_TYPE_tfs), ( 0x0002 ), NULL, HFILL }},
2324 { &hf_eventlog_eventlogEventTypes_EVENTLOG_ERROR_TYPE,
2325 { "Eventlog Error Type", "eventlog.eventlogEventTypes.EVENTLOG_ERROR_TYPE", FT_BOOLEAN, 32, TFS(&eventlogEventTypes_EVENTLOG_ERROR_TYPE_tfs), ( 0x0001 ), NULL, HFILL }},
2326 { &hf_eventlog_eventlog_OpenBackupEventLogW_unknown2,
2327 { "Unknown2", "eventlog.eventlog_OpenBackupEventLogW.unknown2", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2328 { &hf_eventlog_eventlog_Record_sid_offset,
2329 { "Sid Offset", "eventlog.eventlog_Record.sid_offset", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2330 { &hf_eventlog_Record_string,
2331 { "string", "eventlog.Record.string", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2332 { &hf_eventlog_eventlogEventTypes_EVENTLOG_AUDIT_FAILURE,
2333 { "Eventlog Audit Failure", "eventlog.eventlogEventTypes.EVENTLOG_AUDIT_FAILURE", FT_BOOLEAN, 32, TFS(&eventlogEventTypes_EVENTLOG_AUDIT_FAILURE_tfs), ( 0x0010 ), NULL, HFILL }},
2334 { &hf_eventlog_eventlog_ChangeNotify_unknown2,
2335 { "Unknown2", "eventlog.eventlog_ChangeNotify.unknown2", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
2336 { &hf_eventlog_eventlog_ReportEventW_event_category,
2337 { "Event Category", "eventlog.eventlog_ReportEventW.event_category", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
2338 { &hf_eventlog_eventlog_ChangeUnknown0_unknown0,
2339 { "Unknown0", "eventlog.eventlog_ChangeUnknown0.unknown0", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2340 { &hf_eventlog_eventlog_Record_data_offset,
2341 { "Data Offset", "eventlog.eventlog_Record.data_offset", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2342 { &hf_eventlog_eventlog_OpenUnknown0_unknown0,
2343 { "Unknown0", "eventlog.eventlog_OpenUnknown0.unknown0", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
2344 { &hf_eventlog_eventlog_BackupEventLogW_backupfilename,
2345 { "Backupfilename", "eventlog.eventlog_BackupEventLogW.backupfilename", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
2346 { &hf_eventlog_eventlog_ClearEventLogW_handle,
2347 { "Handle", "eventlog.eventlog_ClearEventLogW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2348 { &hf_eventlog_eventlog_Record_closing_record_number,
2349 { "Closing Record Number", "eventlog.eventlog_Record.closing_record_number", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2350 { &hf_eventlog_eventlog_Record_size,
2351 { "Size", "eventlog.eventlog_Record.size", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2352 { &hf_eventlog_eventlog_ReportEventW_computer_name,
2353 { "Computer Name", "eventlog.eventlog_ReportEventW.computer_name", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
2354 { &hf_eventlog_eventlog_OpenBackupEventLogW_unknown0,
2355 { "Unknown0", "eventlog.eventlog_OpenBackupEventLogW.unknown0", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
2356 { &hf_eventlog_eventlog_Record_event_id,
2357 { "Event Id", "eventlog.eventlog_Record.event_id", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2358 { &hf_eventlog_eventlog_ReadEventLogW_handle,
2359 { "Handle", "eventlog.eventlog_ReadEventLogW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2360 { &hf_eventlog_eventlog_BackupEventLogW_handle,
2361 { "Handle", "eventlog.eventlog_BackupEventLogW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2362 { &hf_eventlog_eventlog_Record_raw_data,
2363 { "Raw Data", "eventlog.eventlog_Record.raw_data", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2364 { &hf_eventlog_eventlog_RegisterEventSourceW_unknown0,
2365 { "Unknown0", "eventlog.eventlog_RegisterEventSourceW.unknown0", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
2366 { &hf_eventlog_eventlog_CloseEventLog_handle,
2367 { "Handle", "eventlog.eventlog_CloseEventLog.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2368 { &hf_eventlog_eventlog_ChangeUnknown0_unknown1,
2369 { "Unknown1", "eventlog.eventlog_ChangeUnknown0.unknown1", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2370 { &hf_eventlog_eventlog_OpenBackupEventLogW_handle,
2371 { "Handle", "eventlog.eventlog_OpenBackupEventLogW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2372 { &hf_eventlog_eventlog_Record_reserved_flags,
2373 { "Reserved Flags", "eventlog.eventlog_Record.reserved_flags", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
2374 { &hf_eventlog_eventlog_GetLogIntormation_cbBytesNeeded,
2375 { "Cbbytesneeded", "eventlog.eventlog_GetLogIntormation.cbBytesNeeded", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2376 { &hf_eventlog_eventlogReadFlags_EVENTLOG_SEEK_READ,
2377 { "Eventlog Seek Read", "eventlog.eventlogReadFlags.EVENTLOG_SEEK_READ", FT_BOOLEAN, 32, TFS(&eventlogReadFlags_EVENTLOG_SEEK_READ_tfs), ( 0x0002 ), NULL, HFILL }},
2378 { &hf_eventlog_eventlog_OpenEventLogW_MinorVersion,
2379 { "Minorversion", "eventlog.eventlog_OpenEventLogW.MinorVersion", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2380 { &hf_eventlog_eventlog_Record_source_name,
2381 { "Source Name", "eventlog.eventlog_Record.source_name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2382 { &hf_eventlog_eventlog_GetLogIntormation_handle,
2383 { "Handle", "eventlog.eventlog_GetLogIntormation.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2384 { &hf_eventlog_Record_length,
2385 { "Record Length", "eventlog.Record.length", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2386 { &hf_eventlog_eventlog_Record_sid_length,
2387 { "Sid Length", "eventlog.eventlog_Record.sid_length", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2388 { &hf_eventlog_eventlog_GetOldestRecord_oldest,
2389 { "Oldest", "eventlog.eventlog_GetOldestRecord.oldest", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2390 { &hf_eventlog_eventlog_Record_strings,
2391 { "Strings", "eventlog.eventlog_Record.strings", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2392 { &hf_eventlog_eventlog_Record_record_number,
2393 { "Record Number", "eventlog.eventlog_Record.record_number", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2394 { &hf_eventlog_eventlog_OpenEventLogW_handle,
2395 { "Handle", "eventlog.eventlog_OpenEventLogW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2396 { &hf_eventlog_eventlog_GetLogIntormation_lpBuffer,
2397 { "Lpbuffer", "eventlog.eventlog_GetLogIntormation.lpBuffer", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL }},
2398 { &hf_eventlog_eventlog_RegisterEventSourceW_logname,
2399 { "Logname", "eventlog.eventlog_RegisterEventSourceW.logname", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
2400 { &hf_eventlog_eventlog_ReadEventLogW_real_size,
2401 { "Real Size", "eventlog.eventlog_ReadEventLogW.real_size", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2402 { &hf_eventlog_eventlog_Record_time_written,
2403 { "Time Written", "eventlog.eventlog_Record.time_written", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2404 { &hf_eventlog_eventlog_Record_stringoffset,
2405 { "Stringoffset", "eventlog.eventlog_Record.stringoffset", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2406 { &hf_eventlog_eventlog_RegisterEventSourceW_unknown3,
2407 { "Unknown3", "eventlog.eventlog_RegisterEventSourceW.unknown3", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2408 { &hf_eventlog_eventlogReadFlags_EVENTLOG_SEQUENTIAL_READ,
2409 { "Eventlog Sequential Read", "eventlog.eventlogReadFlags.EVENTLOG_SEQUENTIAL_READ", FT_BOOLEAN, 32, TFS(&eventlogReadFlags_EVENTLOG_SEQUENTIAL_READ_tfs), ( 0x0001 ), NULL, HFILL }},
2410 { &hf_eventlog_eventlog_Record_reserved,
2411 { "Reserved", "eventlog.eventlog_Record.reserved", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2412 { &hf_eventlog_eventlog_Record_data_length,
2413 { "Data Length", "eventlog.eventlog_Record.data_length", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2414 { &hf_eventlog_eventlog_RegisterEventSourceW_servername,
2415 { "Servername", "eventlog.eventlog_RegisterEventSourceW.servername", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
2416 { &hf_eventlog_eventlog_ReportEventW_event_id,
2417 { "Event Id", "eventlog.eventlog_ReportEventW.event_id", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2418 { &hf_eventlog_eventlog_ReportEventW_handle,
2419 { "Handle", "eventlog.eventlog_ReportEventW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2420 { &hf_eventlog_eventlog_ReadEventLogW_sent_size,
2421 { "Sent Size", "eventlog.eventlog_ReadEventLogW.sent_size", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2422 { &hf_eventlog_eventlog_ChangeNotify_handle,
2423 { "Handle", "eventlog.eventlog_ChangeNotify.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2424 { &hf_eventlog_eventlog_OpenBackupEventLogW_logname,
2425 { "Logname", "eventlog.eventlog_OpenBackupEventLogW.logname", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
2426 { &hf_eventlog_Record_source_name,
2427 { "Source Name", "eventlog.Record.source_name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2428 { &hf_eventlog_eventlog_Record_event_type,
2429 { "Event Type", "eventlog.eventlog_Record.event_type", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
2430 { &hf_eventlog_eventlog_Record_num_of_strings,
2431 { "Num Of Strings", "eventlog.eventlog_Record.num_of_strings", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
2432 { &hf_eventlog_eventlog_RegisterEventSourceW_unknown2,
2433 { "Unknown2", "eventlog.eventlog_RegisterEventSourceW.unknown2", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2434 { &hf_eventlog_eventlog_ReadEventLogW_offset,
2435 { "Offset", "eventlog.eventlog_ReadEventLogW.offset", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2436 { &hf_eventlog_eventlog_Record_event_category,
2437 { "Event Category", "eventlog.eventlog_Record.event_category", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
2438 { &hf_eventlog_eventlog_GetOldestRecord_handle,
2439 { "Handle", "eventlog.eventlog_GetOldestRecord.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2440 { &hf_eventlog_eventlog_OpenUnknown0_unknown1,
2441 { "Unknown1", "eventlog.eventlog_OpenUnknown0.unknown1", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
2442 { &hf_eventlog_eventlog_GetNumRecords_number,
2443 { "Number", "eventlog.eventlog_GetNumRecords.number", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2444 { &hf_eventlog_eventlog_Record_time_generated,
2445 { "Time Generated", "eventlog.eventlog_Record.time_generated", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2446 { &hf_eventlog_eventlogEventTypes_EVENTLOG_AUDIT_SUCCESS,
2447 { "Eventlog Audit Success", "eventlog.eventlogEventTypes.EVENTLOG_AUDIT_SUCCESS", FT_BOOLEAN, 32, TFS(&eventlogEventTypes_EVENTLOG_AUDIT_SUCCESS_tfs), ( 0x0008 ), NULL, HFILL }},
2448 { &hf_eventlog_eventlog_OpenEventLogW_RegModuleName,
2449 { "Regmodulename", "eventlog.eventlog_OpenEventLogW.RegModuleName", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
2450 { &hf_eventlog_eventlog_ReportEventW_data_length,
2451 { "Data Length", "eventlog.eventlog_ReportEventW.data_length", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2452 { &hf_eventlog_eventlogReadFlags_EVENTLOG_BACKWARDS_READ,
2453 { "Eventlog Backwards Read", "eventlog.eventlogReadFlags.EVENTLOG_BACKWARDS_READ", FT_BOOLEAN, 32, TFS(&eventlogReadFlags_EVENTLOG_BACKWARDS_READ_tfs), ( 0x0008 ), NULL, HFILL }},
2454 { &hf_eventlog_Record,
2455 { "Record", "eventlog.Record", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
2456 { &hf_eventlog_eventlog_ReadEventLogW_data,
2457 { "Data", "eventlog.eventlog_ReadEventLogW.data", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL }},
2458 { &hf_eventlog_eventlogEventTypes_EVENTLOG_INFORMATION_TYPE,
2459 { "Eventlog Information Type", "eventlog.eventlogEventTypes.EVENTLOG_INFORMATION_TYPE", FT_BOOLEAN, 32, TFS(&eventlogEventTypes_EVENTLOG_INFORMATION_TYPE_tfs), ( 0x0004 ), NULL, HFILL }},
2460 { &hf_eventlog_eventlog_DeregisterEventSource_handle,
2461 { "Handle", "eventlog.eventlog_DeregisterEventSource.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2462 { &hf_eventlog_opnum,
2463 { "Operation", "eventlog.opnum", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
2464 { &hf_eventlog_eventlog_ChangeNotify_unknown3,
2465 { "Unknown3", "eventlog.eventlog_ChangeNotify.unknown3", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2466 { &hf_eventlog_eventlog_ReportEventW_num_of_strings,
2467 { "Num Of Strings", "eventlog.eventlog_ReportEventW.num_of_strings", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
2468 { &hf_eventlog_eventlog_ReportEventW_time,
2469 { "Time", "eventlog.eventlog_ReportEventW.time", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2470 { &hf_eventlog_eventlogReadFlags_EVENTLOG_FORWARDS_READ,
2471 { "Eventlog Forwards Read", "eventlog.eventlogReadFlags.EVENTLOG_FORWARDS_READ", FT_BOOLEAN, 32, TFS(&eventlogReadFlags_EVENTLOG_FORWARDS_READ_tfs), ( 0x0004 ), NULL, HFILL }},
2472 { &hf_eventlog_status,
2473 { "NT Error", "eventlog.status", FT_UINT32, BASE_HEX, VALS(NT_errors), 0, NULL, HFILL }},
2474 { &hf_eventlog_eventlog_ReadEventLogW_number_of_bytes,
2475 { "Number Of Bytes", "eventlog.eventlog_ReadEventLogW.number_of_bytes", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2476 { &hf_eventlog_eventlog_ClearEventLogW_backupfilename,
2477 { "Backupfilename", "eventlog.eventlog_ClearEventLogW.backupfilename", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
2478 { &hf_eventlog_eventlog_OpenEventLogW_Module,
2479 { "Module", "eventlog.eventlog_OpenEventLogW.Module", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
2480 { &hf_eventlog_eventlog_FlushEventLog_handle,
2481 { "Handle", "eventlog.eventlog_FlushEventLog.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2482 { &hf_eventlog_eventlog_ReportEventW_Type,
2483 { "Type", "eventlog.eventlog_ReportEventW.Type", FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }},
2484 { &hf_eventlog_eventlog_OpenEventLogW_MajorVersion,
2485 { "Majorversion", "eventlog.eventlog_OpenEventLogW.MajorVersion", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2486 { &hf_eventlog_eventlog_GetLogIntormation_cbBufSize,
2487 { "Cbbufsize", "eventlog.eventlog_GetLogIntormation.cbBufSize", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2488 { &hf_eventlog_eventlog_OpenBackupEventLogW_unknown3,
2489 { "Unknown3", "eventlog.eventlog_OpenBackupEventLogW.unknown3", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2490 { &hf_eventlog_eventlog_ReadEventLogW_flags,
2491 { "Flags", "eventlog.eventlog_ReadEventLogW.flags", FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }},
2492 { &hf_eventlog_eventlogEventTypes_EVENTLOG_SUCCESS,
2493 { "Eventlog Success", "eventlog.eventlogEventTypes.EVENTLOG_SUCCESS", FT_BOOLEAN, 32, TFS(&eventlogEventTypes_EVENTLOG_SUCCESS_tfs), ( 0x0000 ), NULL, HFILL }},
2494 };
2495
2496
2497 static gint *ett[] = {
2498 &ett_dcerpc_eventlog,
2499 &ett_eventlog_eventlogReadFlags,
2500 &ett_eventlog_eventlogEventTypes,
2501 &ett_eventlog_eventlog_OpenUnknown0,
2502 &ett_eventlog_eventlog_Record,
2503 &ett_eventlog_eventlog_ChangeUnknown0,
2504 };
2505
2506 proto_dcerpc_eventlog = proto_register_protocol("Event Logger", "EVENTLOG", "eventlog");
2507 proto_register_field_array(proto_dcerpc_eventlog, hf, array_length (hf));
2508 proto_register_subtree_array(ett, array_length(ett));
2509 }
2510
2511 void proto_reg_handoff_dcerpc_eventlog(void)
2512 {
2513 dcerpc_init_uuid(proto_dcerpc_eventlog, ett_dcerpc_eventlog,
2514 &uuid_dcerpc_eventlog, ver_dcerpc_eventlog,
2515 eventlog_dissectors, hf_eventlog_opnum);
2516 }