Ethereal-dev: [Ethereal-dev] [packet-dcerpc-reg.c] Operations names
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Jean-Baptiste Marchand <Jean-Baptiste.Marchand@xxxxxx>
Date: Sun, 28 Sep 2003 12:38:44 +0200
Hello, attached patches add names for all operations in the winreg (remote registry service) MSRPC interface to the packet-dcerpc-reg.c dissector. Jean-Baptiste Marchand -- Jean-Baptiste.Marchand@xxxxxx HSC - http://www.hsc.fr/
Index: packet-dcerpc-reg.c
===================================================================
RCS file: /cvsroot/ethereal/packet-dcerpc-reg.c,v
retrieving revision 1.21
diff -u -r1.21 packet-dcerpc-reg.c
--- packet-dcerpc-reg.c 4 Aug 2003 02:49:02 -0000 1.21
+++ packet-dcerpc-reg.c 28 Sep 2003 10:26:05 -0000
@@ -51,7 +51,7 @@
static int hf_openhklm_unknown1 = -1;
static int hf_openhklm_unknown2 = -1;
-/* QueryKey */
+/* QueryInfoKey */
static int hf_querykey_class = -1;
static int hf_querykey_num_subkeys = -1;
@@ -63,14 +63,14 @@
static int hf_querykey_secdesc = -1;
static int hf_querykey_modtime = -1;
-/* OpenEntry */
+/* OpenKey */
static int hf_keyname = -1;
-static int hf_openentry_unknown1 = -1;
+static int hf_openkey_unknown1 = -1;
-/* Unknown 0x1A */
+/* GetVersion */
-static int hf_unknown1A_unknown1 = -1;
+static int hf_getversion_version = -1;
/* Data that is passed to a open call */
@@ -226,11 +226,11 @@
}
/*
- * RegClose
+ * CloseKey
*/
static int
-RegClose_q(tvbuff_t *tvb, int offset, packet_info *pinfo,
+RegCloseKey_q(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, char *drep)
{
/* Parse packet */
@@ -243,7 +243,7 @@
}
static int
-RegClose_r(tvbuff_t *tvb, int offset, packet_info *pinfo,
+RegCloseKey_r(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, char *drep)
{
/* Parse packet */
@@ -259,11 +259,11 @@
}
/*
- * RegQueryKey
+ * QueryInfoKey
*/
static int
-RegQueryKey_q(tvbuff_t *tvb, int offset, packet_info *pinfo,
+RegQueryInfoKey_q(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, char *drep)
{
/* Parse packet */
@@ -279,7 +279,7 @@
}
static int
-RegQueryKey_r(tvbuff_t *tvb, int offset, packet_info *pinfo,
+RegQueryInfoKey_r(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, char *drep)
{
/* Parse packet */
@@ -325,11 +325,11 @@
}
/*
- * OpenEntry
+ * OpenKey
*/
static int
-RegOpenEntry_q(tvbuff_t *tvb, int offset, packet_info *pinfo,
+RegOpenKey_q(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, char *drep)
{
/* Parse packet */
@@ -343,7 +343,7 @@
offset = dissect_ndr_uint32(
tvb, offset, pinfo, tree, drep,
- hf_openentry_unknown1, NULL);
+ hf_openkey_unknown1, NULL);
offset = dissect_ndr_uint32(
tvb, offset, pinfo, tree, drep,
@@ -353,7 +353,7 @@
}
static int
-RegOpenEntry_r(tvbuff_t *tvb, int offset, packet_info *pinfo,
+RegOpenKey_r(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, char *drep)
{
e_ctx_hnd policy_hnd;
@@ -371,20 +371,20 @@
if (status == 0) {
dcerpc_smb_store_pol_name(&policy_hnd, pinfo,
- "OpenEntry handle");
+ "OpenKey handle");
if (hnd_item != NULL)
- proto_item_append_text(hnd_item, ": OpenEntry handle");
+ proto_item_append_text(hnd_item, ": OpenKey handle");
}
return offset;
}
/*
- * Unknown1A
+ * GetVersion
*/
static int
-RegUnknown1A_q(tvbuff_t *tvb, int offset, packet_info *pinfo,
+RegGetVersion_q(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, char *drep)
{
/* Parse packet */
@@ -397,14 +397,14 @@
}
static int
-RegUnknown1A_r(tvbuff_t *tvb, int offset, packet_info *pinfo,
+RegGetVersion_r(tvbuff_t *tvb, int offset, packet_info *pinfo,
proto_tree *tree, char *drep)
{
/* Parse packet */
offset = dissect_ndr_uint32(
tvb, offset, pinfo, tree, drep,
- hf_unknown1A_unknown1, NULL);
+ hf_getversion_version, NULL);
offset = dissect_ntstatus(
tvb, offset, pinfo, tree, drep, hf_rc, NULL);
@@ -639,11 +639,11 @@
static dcerpc_sub_dissector dcerpc_reg_dissectors[] = {
{ REG_OPEN_HKCR, "OpenHKCR", RegOpenHKCR_q, RegOpenHKCR_r },
- { _REG_UNK_01, "Unknown01", NULL, NULL },
+ { REG_OPEN_HKCU, "OpenHKCU", NULL, NULL },
{ REG_OPEN_HKLM, "OpenHKLM", RegOpenHKLM_q, RegOpenHKLM_r },
- { _REG_UNK_03, "Unknown03", NULL, NULL },
+ { REG_OPEN_HKPD, "OpenHKPD", NULL, NULL },
{ REG_OPEN_HKU, "OpenHKU", RegOpenHKU_q, RegOpenHKU_r },
- { REG_CLOSE, "Close", RegClose_q, RegClose_r },
+ { REG_CLOSE_KEY, "CloseKey", RegCloseKey_q, RegCloseKey_r },
{ REG_CREATE_KEY, "CreateKey", NULL, NULL },
{ REG_DELETE_KEY, "DeleteKey", NULL, NULL },
{ REG_DELETE_VALUE, "DeleteValue", NULL, NULL },
@@ -651,21 +651,29 @@
{ REG_ENUM_VALUE, "EnumValue", NULL, NULL },
{ REG_FLUSH_KEY, "FlushKey", NULL, NULL },
{ REG_GET_KEY_SEC, "GetKeySecurity", NULL, NULL },
- { _REG_UNK_0D, "Unknown0d", NULL, NULL },
- { _REG_UNK_0E, "Unknown0e", NULL, NULL },
- { REG_OPEN_ENTRY, "OpenEntry", RegOpenEntry_q, RegOpenEntry_r },
- { REG_QUERY_KEY, "QueryKey", RegQueryKey_q, RegQueryKey_r },
+ { REG_LOAD_KEY, "LoadKey", NULL, NULL },
+ { REG_NOTIFY_CHANGE_KEY_VALUE, "NotifyChangeKeyValue", NULL, NULL },
+ { REG_OPEN_KEY, "OpenKey", RegOpenKey_q, RegOpenKey_r },
+ { REG_QUERY_INFO_KEY, "QueryInfoKey", RegQueryInfoKey_q, RegQueryInfoKey_r },
{ REG_QUERY_VALUE, "QueryValue", RegQueryValue_q, RegQueryValue_r },
- { _REG_UNK_12, "Unknown12", NULL, NULL },
- { _REG_UNK_13, "Unknown13", NULL, NULL },
- { _REG_UNK_14, "Unknown14", NULL, NULL },
+ { REG_REPLACE_KEY, "ReplaceKey", NULL, NULL },
+ { REG_RESTORE_KEY, "RestoreKey", NULL, NULL },
+ { REG_SAVE_KEY, "SaveKey", NULL, NULL },
{ REG_SET_KEY_SEC, "SetKeySecurity", NULL, NULL },
- { REG_CREATE_VALUE, "CreateValue", NULL, NULL },
- { _REG_UNK_17, "Unknown17", NULL, NULL },
- { REG_SHUTDOWN, "Shutdown", NULL, NULL },
- { REG_ABORT_SHUTDOWN, "AbortShutdown", NULL, NULL },
- { _REG_UNK_1A, "Unknown1A", RegUnknown1A_q, RegUnknown1A_r },
-
+ { REG_SET_VALUE, "SetValue", NULL, NULL },
+ { REG_UNLOAD_KEY, "UnLoadKey", NULL, NULL },
+ { REG_INITIATE_SYSTEM_SHUTDOWN, "InitiateSystemShutdown", NULL, NULL },
+ { REG_ABORT_SYSTEM_SHUTDOWN, "AbortSystemShutdown", NULL, NULL },
+ { REG_GET_VERSION, "GetVersion", RegGetVersion_q, RegGetVersion_r },
+ { REG_OPEN_HKCC, "OpenHKCC", NULL, NULL },
+ { REG_OPEN_HKDD, "OpenHKDD", NULL, NULL },
+ { REG_QUERY_MULTIPLE_VALUES, "QueryMultipleValues", NULL, NULL },
+ { REG_INITIATE_SYSTEM_SHUTDOWN_EX, "InitiateSystemShutdownEx",
+ NULL, NULL },
+ { REG_SAVE_KEY_EX, "SaveKeyEx", NULL, NULL },
+ { REG_OPEN_HKPT, "OpenHKPT", NULL, NULL },
+ { REG_OPEN_HKPN, "OpenHKPN", NULL, NULL },
+ { REG_QUERY_MULTIPLE_VALUES_2, "QueryMultipleValues2", NULL, NULL },
{ 0, NULL, NULL, NULL }
};
@@ -764,21 +772,21 @@
{ "Mod time", "reg.querykey.modtime", FT_ABSOLUTE_TIME, BASE_NONE,
NULL, 0x0, "Secdesc", HFILL }},
- /* OpenEntry */
+ /* OpenKey */
{ &hf_keyname,
{ "Key name", "reg.keyname", FT_STRING, BASE_NONE,
NULL, 0x0, "Keyname", HFILL }},
- { &hf_openentry_unknown1,
- { "Unknown 1", "reg.openentry.unknown1", FT_UINT32, BASE_HEX,
+ { &hf_openkey_unknown1,
+ { "Unknown 1", "reg.openkey.unknown1", FT_UINT32, BASE_HEX,
NULL, 0x0, "Unknown 1", HFILL }},
- /* Unknown1A */
+ /* GetVersion */
- { &hf_unknown1A_unknown1,
- { "Unknown 1", "reg.unknown1A.unknown1", FT_UINT32, BASE_HEX,
- NULL, 0x0, "Unknown 1", HFILL }},
+ { &hf_getversion_version,
+ { "Version", "reg.getversion.version", FT_UINT32, BASE_HEX,
+ NULL, 0x0, "Version", HFILL }},
};
Index: packet-dcerpc-reg.h =================================================================== RCS file: /cvsroot/ethereal/packet-dcerpc-reg.h,v retrieving revision 1.7 diff -u -r1.7 packet-dcerpc-reg.h --- packet-dcerpc-reg.h 17 Jun 2003 06:50:36 -0000 1.7 +++ packet-dcerpc-reg.h 28 Sep 2003 10:25:28 -0000 @@ -28,33 +28,41 @@ /* Functions available on the WINREG pipe. From Samba, include/rpc_reg.h */ -#define REG_OPEN_HKCR 0x00 -#define _REG_UNK_01 0x01 -#define REG_OPEN_HKLM 0x02 -#define _REG_UNK_03 0x03 -#define REG_OPEN_HKU 0x04 -#define REG_CLOSE 0x05 -#define REG_CREATE_KEY 0x06 -#define REG_DELETE_KEY 0x07 -#define REG_DELETE_VALUE 0x08 -#define REG_ENUM_KEY 0x09 -#define REG_ENUM_VALUE 0x0a -#define REG_FLUSH_KEY 0x0b -#define REG_GET_KEY_SEC 0x0c -#define _REG_UNK_0D 0x0d -#define _REG_UNK_0E 0x0e -#define REG_OPEN_ENTRY 0x0f -#define REG_QUERY_KEY 0x10 -#define REG_QUERY_VALUE 0x11 -#define _REG_UNK_12 0x12 -#define _REG_UNK_13 0x13 -#define _REG_UNK_14 0x14 -#define REG_SET_KEY_SEC 0x15 -#define REG_CREATE_VALUE 0x16 -#define _REG_UNK_17 0x17 -#define REG_SHUTDOWN 0x18 -#define REG_ABORT_SHUTDOWN 0x19 -#define _REG_UNK_1A 0x1a +#define REG_OPEN_HKCR 0x00 +#define REG_OPEN_HKCU 0x01 +#define REG_OPEN_HKLM 0x02 +#define REG_OPEN_HKPD 0x03 +#define REG_OPEN_HKU 0x04 +#define REG_CLOSE_KEY 0x05 +#define REG_CREATE_KEY 0x06 +#define REG_DELETE_KEY 0x07 +#define REG_DELETE_VALUE 0x08 +#define REG_ENUM_KEY 0x09 +#define REG_ENUM_VALUE 0x0a +#define REG_FLUSH_KEY 0x0b +#define REG_GET_KEY_SEC 0x0c +#define REG_LOAD_KEY 0x0d +#define REG_NOTIFY_CHANGE_KEY_VALUE 0x0e +#define REG_OPEN_KEY 0x0f +#define REG_QUERY_INFO_KEY 0x10 +#define REG_QUERY_VALUE 0x11 +#define REG_REPLACE_KEY 0x12 +#define REG_RESTORE_KEY 0x13 +#define REG_SAVE_KEY 0x14 +#define REG_SET_KEY_SEC 0x15 +#define REG_SET_VALUE 0x16 +#define REG_UNLOAD_KEY 0x17 +#define REG_INITIATE_SYSTEM_SHUTDOWN 0x18 +#define REG_ABORT_SYSTEM_SHUTDOWN 0x19 +#define REG_GET_VERSION 0x1a +#define REG_OPEN_HKCC 0x1b +#define REG_OPEN_HKDD 0x1c +#define REG_QUERY_MULTIPLE_VALUES 0x1d +#define REG_INITIATE_SYSTEM_SHUTDOWN_EX 0x1e +#define REG_SAVE_KEY_EX 0x1f +#define REG_OPEN_HKPT 0x20 +#define REG_OPEN_HKPN 0x21 +#define REG_QUERY_MULTIPLE_VALUES_2 0x22 /* Registry data types */
- Follow-Ups:
- Re: [Ethereal-dev] [packet-dcerpc-reg.c] Operations names
- From: Tim Potter
- Re: [Ethereal-dev] [packet-dcerpc-reg.c] Operations names
- Prev by Date: Re: [Ethereal-dev] Patch for Linux Capabilities
- Next by Date: Re: [Ethereal-dev] [packet-dcerpc-reg.c] Operations names
- Previous by thread: Re: [Ethereal-dev] Patch for Linux Capabilities
- Next by thread: Re: [Ethereal-dev] [packet-dcerpc-reg.c] Operations names
- Index(es):
- Get Wireshark
- Download
- Code of Conduct