static int svcctl_dissect_EnumServicesStatus_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) { /* policy handle */ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_svcctl_hnd, NULL, NULL, FALSE, FALSE); /* service type */ offset = svcctl_dissect_dwServiceType_flags(tvb, offset, pinfo, tree, drep, SVC_ENUM_SERVICES_STATUS_W); /* service state */ offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_svcctl_service_state, NULL); /* size */ offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_svcctl_size, NULL); /* resume handle */ offset = dissect_ndr_pointer(tvb, offset, pinfo, tree, drep, svcctl_dissect_pointer_long, NDR_POINTER_UNIQUE, "Resume Handle", hf_svcctl_resume); return offset; }
/* * IDL long UnlockServiceDatabase( * IDL [in][out] SC_HANDLE lock, * IDL ); */ static int svcctl_dissect_UnlockServiceDatabase_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) { /* XXX - why is the "is a close" argument TRUE? */ offset = dissect_nt_policy_hnd( tvb, offset, pinfo, tree, drep, hf_svcctl_lock, NULL, NULL, FALSE, TRUE); return offset; }
static int svcctl_dissect_OpenServiceW_reply(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) { /* policy handle */ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_svcctl_hnd, NULL, NULL, FALSE, FALSE); offset = dissect_doserror( tvb, offset, pinfo, tree, drep, hf_svcctl_rc, NULL); return offset; }
static int svcctl_dissect_QueryServiceConfigW_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) { /* policy handle */ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_svcctl_hnd, NULL, NULL, FALSE, FALSE); /* cbBufSize */ offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_svcctl_buffer, NULL); return offset; }
static int svcctl_dissect_CloseServiceHandle_reply(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep) { offset = dissect_nt_policy_hnd( tvb, offset, pinfo, tree, di, drep, hf_svcctl_hnd, NULL, NULL, FALSE, TRUE); offset = dissect_doserror( tvb, offset, pinfo, tree, di, drep, hf_svcctl_rc, NULL); return offset; }
/* * IDL long QueryServiceLockStatus( * IDL [in] SC_HANDLE db_handle, * IDL [in] long buf_size, * IDL [out][ref] QUERY_SERVICE_LOCK_STATUS *status, * IDL [out][ref] long *required_buf_size * IDL ); */ static int svcctl_dissect_QueryServiceLockStatus_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) { /* XXX - why is the "is a close" argument TRUE? */ offset = dissect_nt_policy_hnd( tvb, offset, pinfo, tree, drep, hf_svcctl_hnd, NULL, NULL, FALSE, TRUE); offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_svcctl_size, NULL); return offset; }
static int svcctl_dissect_LockServiceDatabase_reply(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) { /* XXX - why is the "is an open" argument TRUE? */ offset = dissect_nt_policy_hnd( tvb, offset, pinfo, tree, drep, hf_svcctl_lock, NULL, NULL, TRUE, FALSE); offset = dissect_doserror( tvb, offset, pinfo, tree, drep, hf_svcctl_rc, NULL); return offset; }
static int svcctl_dissect_CreateServiceW_reply(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep) { /* tag id */ offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_svcctl_tagid, NULL); /* policy handle */ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_svcctl_hnd, NULL, NULL, FALSE, FALSE); offset = dissect_doserror( tvb, offset, pinfo, tree, di, drep, hf_svcctl_rc, NULL); return offset; }
static int svcctl_dissect_OpenServiceW_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) { /* policy handle */ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_svcctl_hnd, NULL, NULL, FALSE, FALSE); /* service name */ offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, drep, sizeof(guint16), hf_svcctl_service_name, TRUE, NULL); /* access mask */ offset = dissect_nt_access_mask( tvb, offset, pinfo, tree, drep, hf_svcctl_access_mask, &svcctl_scm_access_mask_info, NULL); return offset; }
static int svcctl_dissect_OpenSCManagerW_reply(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) { dcerpc_info *di = (dcerpc_info *)pinfo->private_data; dcerpc_call_value *dcv = (dcerpc_call_value *)di->call_data; e_ctx_hnd policy_hnd; proto_item *hnd_item; guint32 status; /* Parse packet */ offset = dissect_nt_policy_hnd( tvb, offset, pinfo, tree, drep, hf_svcctl_hnd, &policy_hnd, &hnd_item, TRUE, FALSE); offset = dissect_doserror( tvb, offset, pinfo, tree, drep, hf_svcctl_rc, &status); if( status == 0 ){ const char *pol_name; if (dcv->se_data){ pol_name = ep_strdup_printf( "OpenSCManagerW(%s)", (char *)dcv->se_data); } else { pol_name = "Unknown OpenSCManagerW() handle"; } if(!pinfo->fd->flags.visited){ dcerpc_store_polhnd_name(&policy_hnd, pinfo, pol_name); } if(hnd_item) proto_item_append_text(hnd_item, ": %s", pol_name); } return offset; }
/* * IDL BOOL CloseServiceHandle( * IDL [in][out] SC_HANDLE handle * IDL ); */ static int svcctl_dissect_CloseServiceHandle_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep) { e_ctx_hnd policy_hnd; char *pol_name; /* Parse packet */ offset = dissect_nt_policy_hnd( tvb, offset, pinfo, tree, di, drep, hf_svcctl_hnd, &policy_hnd, NULL, FALSE, TRUE); dcerpc_fetch_polhnd_data(&policy_hnd, &pol_name, NULL, NULL, NULL, pinfo->fd->num); col_append_fstr(pinfo->cinfo, COL_INFO, ", %s", pol_name); return offset; }
static int svcctl_dissect_CreateServiceW_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, guint8 *drep) { /* policy handle */ offset = dissect_nt_policy_hnd(tvb, offset, pinfo, tree, drep, hf_svcctl_hnd, NULL, NULL, FALSE, FALSE); /* service name */ offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, drep, sizeof(guint16), hf_svcctl_service_name, TRUE, NULL); /* display name */ offset = dissect_ndr_pointer_cb( tvb, offset, pinfo, tree, drep, dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE, "Display Name", hf_svcctl_display_name, cb_wstr_postprocess, GINT_TO_POINTER(1)); /* access mask */ offset = dissect_nt_access_mask( tvb, offset, pinfo, tree, drep, hf_svcctl_access_mask, &svcctl_scm_access_mask_info, NULL); /* service type */ offset = svcctl_dissect_dwServiceType_flags(tvb, offset, pinfo, tree, drep, SVC_CREATE_SERVICE_W); /* service start type */ offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_svcctl_service_start_type, NULL); /* service error control */ offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_svcctl_service_error_control, NULL); /* binary path name */ offset = dissect_ndr_cvstring(tvb, offset, pinfo, tree, drep, sizeof(guint16), hf_svcctl_binarypathname, TRUE, NULL); /* load order group */ offset = dissect_ndr_pointer_cb( tvb, offset, pinfo, tree, drep, dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE, "Load Order Group", hf_svcctl_loadordergroup, cb_wstr_postprocess, GINT_TO_POINTER(1)); /* tag id */ offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_svcctl_tagid, NULL); /* dependencies */ offset = dissect_ndr_pointer_cb( tvb, offset, pinfo, tree, drep, dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE, "Dependencies", hf_svcctl_dependencies, cb_wstr_postprocess, GINT_TO_POINTER(1)); /* depend size */ offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_svcctl_depend_size, NULL); /* service start name */ offset = dissect_ndr_pointer_cb( tvb, offset, pinfo, tree, drep, dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE, "Service Start Name", hf_svcctl_service_start_name, cb_wstr_postprocess, GINT_TO_POINTER(1)); /* password */ offset = dissect_ndr_pointer_cb( tvb, offset, pinfo, tree, drep, dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE, "Password", hf_svcctl_password, cb_wstr_postprocess, GINT_TO_POINTER(1)); /* password size */ offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, drep, hf_svcctl_password_size, NULL); return offset; }