diff options
Diffstat (limited to '')
| -rw-r--r-- | epan/dissectors/pidl/winreg/winreg.cnf | 234 | ||||
| -rw-r--r-- | epan/dissectors/pidl/winreg/winreg.idl | 460 |
2 files changed, 694 insertions, 0 deletions
diff --git a/epan/dissectors/pidl/winreg/winreg.cnf b/epan/dissectors/pidl/winreg/winreg.cnf new file mode 100644 index 00000000..1a0fa396 --- /dev/null +++ b/epan/dissectors/pidl/winreg/winreg.cnf @@ -0,0 +1,234 @@ +TYPE lsa_StringLarge "offset=lsarpc_dissect_struct_lsa_StringLarge(tvb, offset, pinfo, tree, di, drep, @HF@, @PARAM@);" FT_NONE BASE_NONE 0 NULL NULL +TYPE winreg_Type "offset=misc_dissect_enum_winreg_Type(tvb, offset, pinfo, tree, di, drep, @HF@, @PARAM@);" FT_NONE BASE_NONE 0 NULL NULL +IMPORT security_secinfo offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_winreg_winreg_GetKeySecurity_sec_info, NULL); + +# +# Make all instances of an access mask use the same hf field display filter +# name +# +HF_FIELD hf_winreg_access_mask "Access Mask" "winreg.access_mask" FT_UINT32 BASE_HEX NULL 0 "" "" "" +HF_RENAME hf_winreg_winreg_OpenHKCR_access_mask hf_winreg_access_mask +HF_RENAME hf_winreg_winreg_OpenHKLM_access_mask hf_winreg_access_mask +HF_RENAME hf_winreg_winreg_OpenHKU_access_mask hf_winreg_access_mask +HF_RENAME hf_winreg_winreg_CreateKey_access_mask hf_winreg_access_mask +HF_RENAME hf_winreg_winreg_OpenHKCC_access_mask hf_winreg_access_mask +HF_RENAME hf_winreg_winreg_OpenHKDD_access_mask hf_winreg_access_mask +HF_RENAME hf_winreg_winreg_OpenHKPT_access_mask hf_winreg_access_mask +HF_RENAME hf_winreg_winreg_OpenHKPN_access_mask hf_winreg_access_mask + + +# +# Make all instances of a system name use the same hf display filter name +# +HF_FIELD hf_winreg_system_name "System Name" "winreg.system_name" FT_UINT16 BASE_DEC NULL 0 "" "" "" +HF_RENAME hf_winreg_winreg_OpenHKCR_system_name hf_winreg_system_name +HF_RENAME hf_winreg_winreg_OpenHKCU_system_name hf_winreg_system_name +HF_RENAME hf_winreg_winreg_OpenHKLM_system_name hf_winreg_system_name +HF_RENAME hf_winreg_winreg_OpenHKPD_system_name hf_winreg_system_name +HF_RENAME hf_winreg_winreg_OpenHKU_system_name hf_winreg_system_name +HF_RENAME hf_winreg_winreg_OpenHKCC_system_name hf_winreg_system_name +HF_RENAME hf_winreg_winreg_OpenHKDD_system_name hf_winreg_system_name +HF_RENAME hf_winreg_winreg_OpenHKPT_system_name hf_winreg_system_name +HF_RENAME hf_winreg_winreg_OpenHKPN_system_name hf_winreg_system_name + + +# +# make all policyhandles use the same hf display filter name +# +HF_FIELD hf_winreg_handle "Handle" "winreg.handle" FT_BYTES BASE_NONE NULL 0 "" "" "" +HF_RENAME hf_winreg_winreg_OpenHKCR_handle hf_winreg_handle +HF_RENAME hf_winreg_winreg_OpenHKCU_handle hf_winreg_handle +HF_RENAME hf_winreg_winreg_OpenHKLM_handle hf_winreg_handle +HF_RENAME hf_winreg_winreg_OpenHKPD_handle hf_winreg_handle +HF_RENAME hf_winreg_winreg_OpenHKU_handle hf_winreg_handle +HF_RENAME hf_winreg_winreg_CloseKey_handle hf_winreg_handle +HF_RENAME hf_winreg_winreg_CreateKey_handle hf_winreg_handle +HF_RENAME hf_winreg_winreg_DeleteKey_handle hf_winreg_handle +HF_RENAME hf_winreg_winreg_DeleteValue_handle hf_winreg_handle +HF_RENAME hf_winreg_winreg_EnumKey_handle hf_winreg_handle +HF_RENAME hf_winreg_winreg_EnumValue_handle hf_winreg_handle +HF_RENAME hf_winreg_winreg_FlushKey_handle hf_winreg_handle +HF_RENAME hf_winreg_winreg_GetKeySecurity_handle hf_winreg_handle +HF_RENAME hf_winreg_winreg_LoadKey_handle hf_winreg_handle +HF_RENAME hf_winreg_winreg_NotifyChangeKeyValue_handle hf_winreg_handle +HF_RENAME hf_winreg_winreg_OpenKey_handle hf_winreg_handle +HF_RENAME hf_winreg_winreg_QueryInfoKey_handle hf_winreg_handle +HF_RENAME hf_winreg_winreg_QueryValue_handle hf_winreg_handle +HF_RENAME hf_winreg_winreg_SetKeySecurity_handle hf_winreg_handle +HF_RENAME hf_winreg_winreg_SetValue_handle hf_winreg_handle +HF_RENAME hf_winreg_winreg_GetVersion_handle hf_winreg_handle +HF_RENAME hf_winreg_winreg_OpenHKCC_handle hf_winreg_handle +HF_RENAME hf_winreg_winreg_OpenHKDD_handle hf_winreg_handle +HF_RENAME hf_winreg_winreg_OpenHKPT_handle hf_winreg_handle +HF_RENAME hf_winreg_winreg_OpenHKPN_handle hf_winreg_handle + + + +# +# Make both instances of KeySecurityData resolve to the same +# hf display filter field. +# +HF_FIELD hf_winreg_sd "KeySecurityData" "winreg.sd" FT_NONE BASE_NONE NULL 0 "" "" "" +HF_RENAME hf_winreg_winreg_GetKeySecurity_sd hf_winreg_sd +HF_RENAME hf_winreg_winreg_SetKeySecurity_sd hf_winreg_sd + + + +# +# policyhandle tracking +# This block is to specify where a policyhandle is opened and where it is +# closed so that policyhandles when dissected contain nice info such as +# [opened in xxx] [closed in yyy] +# +# Policyhandles are opened in these functions +PARAM_VALUE winreg_dissect_element_OpenHKCR_handle_ PIDL_POLHND_OPEN +PARAM_VALUE winreg_dissect_element_OpenHKCU_handle_ PIDL_POLHND_OPEN +PARAM_VALUE winreg_dissect_element_OpenHKLM_handle_ PIDL_POLHND_OPEN +PARAM_VALUE winreg_dissect_element_OpenHKPD_handle_ PIDL_POLHND_OPEN +PARAM_VALUE winreg_dissect_element_OpenHKU_handle_ PIDL_POLHND_OPEN +PARAM_VALUE winreg_dissect_element_OpenHKCC_handle_ PIDL_POLHND_OPEN +PARAM_VALUE winreg_dissect_element_OpenHKDD_handle_ PIDL_POLHND_OPEN +PARAM_VALUE winreg_dissect_element_OpenHKPT_handle_ PIDL_POLHND_OPEN +PARAM_VALUE winreg_dissect_element_OpenHKPN_handle_ PIDL_POLHND_OPEN +PARAM_VALUE winreg_dissect_element_CreateKey_new_handle_ PIDL_POLHND_OPEN +PARAM_VALUE winreg_dissect_element_OpenKey_handle_ PIDL_POLHND_OPEN +# Policyhandles are closed in these functions +PARAM_VALUE winreg_dissect_element_CloseKey_handle_ PIDL_POLHND_CLOSE + + +# winreg_String +# +# Create a new type to handle winreg_String so that we can get nice and +# pretty dissection of the strings contained within winreg +TYPE winreg_String "offset=cnf_dissect_winreg_String(tvb, offset, pinfo, tree, di, drep, @PARAM@, @HF@);" FT_STRING BASE_NONE 0 NULL 4 +# +# +# +PARAM_VALUE winreg_dissect_element_CreateKey_name 2|PIDL_SET_COL_INFO +PARAM_VALUE winreg_dissect_element_DeleteKey_key 2|PIDL_SET_COL_INFO +PARAM_VALUE winreg_dissect_element_LoadKey_keyname 2|PIDL_SET_COL_INFO +PARAM_VALUE winreg_dissect_element_OpenKey_keyname 2|PIDL_SET_COL_INFO|PIDL_STR_SAVE +PARAM_VALUE winreg_dissect_element_QueryValue_value_name 2|PIDL_SET_COL_INFO +PARAM_VALUE winreg_dissect_element_SaveKey_filename 2|PIDL_SET_COL_INFO +PARAM_VALUE winreg_dissect_element_SetValue_name 2|PIDL_SET_COL_INFO + +# +# Override the generation of dissectors of the security descriptor and the +# access mask. +# The security descriptor is just an array of bytes in the idl file +# so we override generation of it and calls the proper wireshark dissector +# after manually eating the 12 bytes of conformance data. +# +# Same for the access mask dissector since the idl would only define those +# flag bits that are specific to WINREG therefore we set up the appropriate +# structures and then call the wireshark accessmask dissector instead. +# +# +HF_FIELD hf_winreg_sd_max_size "Max Size" "winreg.sd.max_size" FT_UINT32 BASE_DEC NULL 0 "" "" "" +HF_FIELD hf_winreg_sd_offset "Offset" "winreg.sd.offset" FT_UINT32 BASE_DEC NULL 0 "" "" "" +HF_FIELD hf_winreg_sd_actual_size "Actual Size" "winreg.sd.actual_size" FT_UINT32 BASE_DEC NULL 0 "" "" "" +NOEMIT winreg_dissect_element_KeySecurityData_data__ +MANUAL winreg_dissect_element_KeySecurityData_data_ +MANUAL winreg_dissect_bitmap_AccessMask + + + +CODE START + #include "packet-dcerpc-lsa.h" +static void +winreg_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint32 access) +{ + static int* const access_flags[] = { + &hf_winreg_winreg_AccessMask_KEY_WOW64_32KEY, + &hf_winreg_winreg_AccessMask_KEY_WOW64_64KEY, + &hf_winreg_winreg_AccessMask_KEY_CREATE_LINK, + &hf_winreg_winreg_AccessMask_KEY_NOTIFY, + &hf_winreg_winreg_AccessMask_KEY_ENUMERATE_SUB_KEYS, + &hf_winreg_winreg_AccessMask_KEY_CREATE_SUB_KEY, + &hf_winreg_winreg_AccessMask_KEY_SET_VALUE, + &hf_winreg_winreg_AccessMask_KEY_QUERY_VALUE, + NULL + }; + + proto_tree_add_bitmask_list_value(tree, tvb, offset, 4, access_flags, access); +} + +struct access_mask_info winreg_access_mask_info = { + "WINREG", /* Name of specific rights */ + winreg_specific_rights, /* Dissection function */ + NULL, /* Generic mapping table */ + NULL /* Standard mapping table */ +}; + +static int +winreg_dissect_element_KeySecurityData_data_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, guint8 *drep) +{ + guint32 len; + + if(di->conformant_run){ + /*just a run to handle conformant arrays, nothing to dissect */ + return offset; + } + + /* this is a varying and conformant array */ + offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep, hf_winreg_sd_max_size, NULL); + offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep, hf_winreg_sd_offset, NULL); + offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep, hf_winreg_sd_actual_size, &len); + + dissect_nt_sec_desc(tvb, offset, pinfo, tree, drep, TRUE, len, + &winreg_access_mask_info); + + offset += len; + + return offset; +} + +int +winreg_dissect_bitmap_AccessMask(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info* di, guint8 *drep, int hf_index _U_, guint32 param _U_) +{ + offset = dissect_nt_access_mask( + tvb, offset, pinfo, tree, di, drep, hf_winreg_access_mask, + &winreg_access_mask_info, NULL); + return offset; +} + +/* winreg_String : + * typedef [public,noejs] struct { + * [value(strlen_m_term(name)*2)] uint16 name_len; + * [value(strlen_m_term(name)*2)] uint16 name_size; + * [string,charset(UTF16)] uint16 *name; + * } winreg_String; + */ +static int +cnf_dissect_winreg_String(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *parent_tree, dcerpc_info* di, guint8 *drep, guint32 param, int hfindex) +{ + proto_item *item = NULL; + proto_tree *tree = NULL; + int old_offset; + header_field_info *hf_info; + + ALIGN_TO_4_BYTES; + + old_offset = offset; + hf_info=proto_registrar_get_nth(hfindex); + + if (parent_tree) { + tree = proto_tree_add_subtree_format(parent_tree, tvb, offset, 0, ett_winreg_winreg_String, &item, "%s: ", hf_info->name); + } + + offset = winreg_dissect_element_String_name_len(tvb, offset, pinfo, tree, di, drep); + + offset = winreg_dissect_element_String_name_size(tvb, offset, pinfo, tree, di, drep); + + offset = dissect_ndr_pointer_cb( + tvb, offset, pinfo, tree, di, drep, + dissect_ndr_wchar_cvstring, NDR_POINTER_UNIQUE, + hf_info->name, hfindex, cb_wstr_postprocess, + GINT_TO_POINTER(param)); + + proto_item_set_len(item, offset-old_offset); + + return offset; +} + +CODE END diff --git a/epan/dissectors/pidl/winreg/winreg.idl b/epan/dissectors/pidl/winreg/winreg.idl new file mode 100644 index 00000000..1fd40848 --- /dev/null +++ b/epan/dissectors/pidl/winreg/winreg.idl @@ -0,0 +1,460 @@ +/* + winreg interface definition +*/ + +/*import "lsa.idl", "security.idl",*/ +import "misc/misc.idl"; + +[ + uuid("338cd001-2244-31f1-aaaa-900038001003"), + version(1.0), + endpoint("ncacn_np:[\\pipe\\winreg]","ncacn_ip_tcp:","ncalrpc:"), + pointer_default(unique), + helpstring("Remote Registry Service") +] interface winreg +{ + typedef bitmap security_secinfo security_secinfo; + + /* + * Access Bits for registry ACLS + */ + + typedef [bitmap32bit] bitmap { + KEY_QUERY_VALUE = 0x00001, + KEY_SET_VALUE = 0x00002, + KEY_CREATE_SUB_KEY = 0x00004, + KEY_ENUMERATE_SUB_KEYS = 0x00008, + KEY_NOTIFY = 0x00010, + KEY_CREATE_LINK = 0x00020, + KEY_WOW64_64KEY = 0x00100, + KEY_WOW64_32KEY = 0x00200 + } winreg_AccessMask; + + const int REG_KEY_READ = ( STANDARD_RIGHTS_READ_ACCESS | + KEY_QUERY_VALUE | + KEY_ENUMERATE_SUB_KEYS | + KEY_NOTIFY); + + const int REG_KEY_EXECUTE = REG_KEY_READ; + + const int REG_KEY_WRITE = ( STANDARD_RIGHTS_WRITE_ACCESS | + KEY_SET_VALUE | + KEY_CREATE_SUB_KEY); + + const int REG_KEY_ALL = ( STANDARD_RIGHTS_REQUIRED_ACCESS | + REG_KEY_READ | + REG_KEY_WRITE | + KEY_CREATE_LINK); + + typedef [public] struct { + [value(strlen_m_term(name)*2)] uint16 name_len; + [value(strlen_m_term(name)*2)] uint16 name_size; + [string,charset(UTF16)] uint16 *name; + } winreg_String; + + /******************/ + /* Function: 0x00 */ + WERROR winreg_OpenHKCR( + [in,unique] uint16 *system_name, + [in] winreg_AccessMask access_mask, + [out,ref] policy_handle *handle + ); + + /******************/ + /* Function: 0x01 */ + WERROR winreg_OpenHKCU( + [in,unique] uint16 *system_name, + [in] winreg_AccessMask access_mask, + [out,ref] policy_handle *handle + ); + + /******************/ + /* Function: 0x02 */ + [public] WERROR winreg_OpenHKLM( + [in,unique] uint16 *system_name, + [in] winreg_AccessMask access_mask, + [out,ref] policy_handle *handle + ); + + /******************/ + /* Function: 0x03 */ + WERROR winreg_OpenHKPD( + [in,unique] uint16 *system_name, + [in] winreg_AccessMask access_mask, + [out,ref] policy_handle *handle + ); + + /******************/ + /* Function: 0x04 */ + WERROR winreg_OpenHKU( + [in,unique] uint16 *system_name, + [in] winreg_AccessMask access_mask, + [out,ref] policy_handle *handle + ); + + /******************/ + /* Function: 0x05 */ + [public] WERROR winreg_CloseKey( + [in,out,ref] policy_handle *handle + ); + + /******************/ + /* Function: 0x06 */ + + typedef struct { + [size_is(size),length_is(len)] uint8 *data; + uint32 size; + uint32 len; + } KeySecurityData; + + typedef struct { + uint32 length; + KeySecurityData sd; + boolean8 inherit; + } winreg_SecBuf; + + const int REG_OPTION_NON_VOLATILE = 0x00000000; + + typedef [bitmap32bit] bitmap { + REG_OPTION_VOLATILE = 0x00000001, + REG_OPTION_CREATE_LINK = 0x00000002, + REG_OPTION_BACKUP_RESTORE = 0x00000004, + REG_OPTION_OPEN_LINK = 0x00000008 + } winreg_KeyOptions; + + typedef [v1_enum] enum { + REG_ACTION_NONE = 0, /* used by caller */ + REG_CREATED_NEW_KEY = 1, + REG_OPENED_EXISTING_KEY = 2 + } winreg_CreateAction; + + [public] WERROR winreg_CreateKey( + [in,ref] policy_handle *handle, + [in] winreg_String name, + [in] winreg_String keyclass, + [in] winreg_KeyOptions options, + [in] winreg_AccessMask access_mask, + [in,unique] winreg_SecBuf *secdesc, + [out,ref] policy_handle *new_handle, + [in,out,unique] winreg_CreateAction *action_taken + ); + + /******************/ + /* Function: 0x07 */ + [public] WERROR winreg_DeleteKey( + [in,ref] policy_handle *handle, + [in] winreg_String key + ); + + /******************/ + /* Function: 0x08 */ + WERROR winreg_DeleteValue( + [in,ref] policy_handle *handle, + [in] winreg_String value + ); + + typedef struct { + [value(strlen_m_term_null(name)*2)] uint16 length; + /* size cannot be auto-set by value() as it is the + amount of space the server is allowed to use for this + string in the reply, not its current size */ + uint16 size; + [size_is(size/2),length_is(length/2),charset(UTF16)] uint16 *name; + } winreg_StringBuf; + + /******************/ + /* Function: 0x09 */ + [public] WERROR winreg_EnumKey( + [in,ref] policy_handle *handle, + [in] uint32 enum_index, + [in,out,ref] winreg_StringBuf *name, + [in,out,unique] winreg_StringBuf *keyclass, + [in,out,unique] NTTIME *last_changed_time + ); + + typedef struct { + [value(strlen_m_term(name)*2)] uint16 length; + /* size cannot be auto-set by value() as it is the + amount of space the server is allowed to use for this + string in the reply, not its current size */ + uint16 size; + [size_is(size/2),length_is(length/2),charset(UTF16)] uint16 *name; + } winreg_ValNameBuf; + + /******************/ + /* Function: 0x0a */ + + [public] WERROR winreg_EnumValue( + [in,ref] policy_handle *handle, + [in] uint32 enum_index, + [in,out,ref] winreg_ValNameBuf *name, + [in,out,unique] winreg_Type *type, + [in,out,unique,size_is(size ? *size : 0),length_is(length ? *length : 0),range(0,0x4000000)] uint8 *value, + [in,out,unique] uint32 *size, + [in,out,unique] uint32 *length + ); + + /******************/ + /* Function: 0x0b */ + [public] WERROR winreg_FlushKey( + [in,ref] policy_handle *handle + ); + + /******************/ + /* Function: 0x0c */ + [public] WERROR winreg_GetKeySecurity( + [in,ref] policy_handle *handle, + [in] security_secinfo sec_info, + [in,out,ref] KeySecurityData *sd + ); + + /******************/ + /* Function: 0x0d */ + WERROR winreg_LoadKey( + [in,ref] policy_handle *handle, + [in,unique] winreg_String *keyname, + [in,unique] winreg_String *filename + ); + + /******************/ + /* Function: 0x0e */ + typedef [public,bitmap32bit] bitmap { + REG_NOTIFY_CHANGE_NAME = 0x00000001, + REG_NOTIFY_CHANGE_ATTRIBUTES = 0x00000002, + REG_NOTIFY_CHANGE_LAST_SET = 0x00000004, + REG_NOTIFY_CHANGE_SECURITY = 0x00000008 + } winreg_NotifyChangeType; + + [public] WERROR winreg_NotifyChangeKeyValue( + [in,ref] policy_handle *handle, + [in] boolean8 watch_subtree, + [in] winreg_NotifyChangeType notify_filter, + [in] uint32 unknown, + [in] winreg_String string1, + [in] winreg_String string2, + [in] uint32 unknown2 + ); + + /******************/ + /* Function: 0x0f */ + [public] WERROR winreg_OpenKey( + [in,ref] policy_handle *parent_handle, + [in] winreg_String keyname, + [in] winreg_KeyOptions options, + [in] winreg_AccessMask access_mask, + [out,ref] policy_handle *handle + ); + + /******************/ + /* Function: 0x10 */ + [public] WERROR winreg_QueryInfoKey( + [in,ref] policy_handle *handle, + [in,out,ref] winreg_String *classname, + [out,ref] uint32 *num_subkeys, + [out,ref] uint32 *max_subkeylen, + [out,ref] uint32 *max_classlen, + [out,ref] uint32 *num_values, + [out,ref] uint32 *max_valnamelen, + [out,ref] uint32 *max_valbufsize, + [out,ref] uint32 *secdescsize, + [out,ref] NTTIME *last_changed_time + ); + + /******************/ + /* Function: 0x11 */ + [public] WERROR winreg_QueryValue( + [in,ref] policy_handle *handle, + [in,ref] winreg_String *value_name, + [in,out,unique] winreg_Type *type, + [in,out,unique,size_is(data_size ? *data_size : 0),length_is(data_length ? *data_length : 0),range(0,0x4000000)] uint8 *data, + [in,out,unique] uint32 *data_size, + [in,out,unique] uint32 *data_length + ); + + /******************/ + /* Function: 0x12 */ + WERROR winreg_ReplaceKey( + [in,ref] policy_handle *handle, + [in,ref] winreg_String *subkey, + [in,ref] winreg_String *new_file, + [in,ref] winreg_String *old_file + ); + + /******************/ + /* Function: 0x13 */ + + typedef [public,bitmap32bit] bitmap { + REG_WHOLE_HIVE_VOLATILE = 0x00000001, + REG_REFRESH_HIVE = 0x00000002, + REG_NO_LAZY_FLUSH = 0x00000004, + REG_FORCE_RESTORE = 0x00000008 + } winreg_RestoreKeyFlags; + + WERROR winreg_RestoreKey( + [in,ref] policy_handle *handle, + [in,ref] winreg_String *filename, + [in] winreg_RestoreKeyFlags flags + ); + + /******************/ + /* Function: 0x14 */ + + typedef struct { + uint32 data_size; + KeySecurityData sec_data; + uint8 inherit; + } KeySecurityAttribute; + + WERROR winreg_SaveKey( + [in,ref] policy_handle *handle, + [in,ref] winreg_String *filename, + [in,unique] KeySecurityAttribute *sec_attrib + ); + + /******************/ + /* Function: 0x15 */ + WERROR winreg_SetKeySecurity( + [in,ref] policy_handle *handle, + [in] security_secinfo sec_info, + [in,ref] KeySecurityData *sd + ); + + /******************/ + /* Function: 0x16 */ + WERROR winreg_SetValue( + [in,ref] policy_handle *handle, + [in] winreg_String name, + [in] winreg_Type type, + [in,size_is(size),ref] uint8 *data, + [in] uint32 size + ); + + /******************/ + /* Function: 0x17 */ + WERROR winreg_UnLoadKey( + [in,ref] policy_handle *handle, + [in,ref] winreg_String *subkey + ); + + /******************/ + /* Function: 0x18 */ + WERROR winreg_InitiateSystemShutdown( + [in,unique] uint16 *hostname, + /* + * Note: lsa_String and winreg_String both result + * in WERR_INVALID_PARAM + */ + [in,unique] lsa_StringLarge *message, + [in] uint32 timeout, + [in] uint8 force_apps, + [in] uint8 do_reboot + ); + + /******************/ + /* Function: 0x19 */ + WERROR winreg_AbortSystemShutdown( + [in,unique] uint16 *server + ); + + /******************/ + /* Function: 0x1a */ + [public] WERROR winreg_GetVersion( + [in,ref] policy_handle *handle, + [out,ref] uint32 *version + ); + + /******************/ + /* Function: 0x1b */ + WERROR winreg_OpenHKCC( + [in,unique] uint16 *system_name, + [in] winreg_AccessMask access_mask, + [out,ref] policy_handle *handle + ); + + /******************/ + /* Function: 0x1c */ + WERROR winreg_OpenHKDD( + [in,unique] uint16 *system_name, + [in] winreg_AccessMask access_mask, + [out,ref] policy_handle *handle + ); + + typedef struct { + winreg_ValNameBuf *ve_valuename; + uint32 ve_valuelen; + uint32 ve_valueptr; + winreg_Type ve_type; + } QueryMultipleValue; + + /******************/ + /* Function: 0x1d */ + [public] WERROR winreg_QueryMultipleValues( + [in,ref] policy_handle *key_handle, + [in,ref,size_is(num_values),length_is(num_values)] QueryMultipleValue *values_in, + [out,ref,size_is(num_values),length_is(num_values)] QueryMultipleValue *values_out, + [in] uint32 num_values, + [in,out,unique,size_is(*buffer_size),length_is(*buffer_size)] uint8 *buffer, + [in,out,ref] uint32 *buffer_size + ); + + /******************/ + /* Function: 0x1e */ + WERROR winreg_InitiateSystemShutdownEx( + [in,unique] uint16 *hostname, + /* + * Note: lsa_String and winreg_String both result + * in WERR_INVALID_PARAM + */ + [in,unique] lsa_StringLarge *message, + [in] uint32 timeout, + [in] uint8 force_apps, + [in] uint8 do_reboot, + [in] uint32 reason + ); + + /******************/ + /* Function: 0x1f */ + WERROR winreg_SaveKeyEx( + [in,ref] policy_handle *handle, + [in,ref] winreg_String *filename, + [in,unique] KeySecurityAttribute *sec_attrib, + [in] uint32 flags + ); + + /******************/ + /* Function: 0x20 */ + WERROR winreg_OpenHKPT( + [in,unique] uint16 *system_name, + [in] winreg_AccessMask access_mask, + [out,ref] policy_handle *handle + ); + + /******************/ + /* Function: 0x21 */ + WERROR winreg_OpenHKPN( + [in,unique] uint16 *system_name, + [in] winreg_AccessMask access_mask, + [out,ref] policy_handle *handle + ); + + /******************/ + /* Function: 0x22 */ + [public] WERROR winreg_QueryMultipleValues2( + [in,ref] policy_handle *key_handle, + [in,ref,size_is(num_values),length_is(num_values)] QueryMultipleValue *values_in, + [out,ref,size_is(num_values),length_is(num_values)] QueryMultipleValue *values_out, + [in] uint32 num_values, + [in,out,unique,size_is(*offered),length_is(*offered)] uint8 *buffer, + [in,ref] uint32 *offered, + [out,ref] uint32 *needed + ); + + /******************/ + /* Function: 0x23 */ + WERROR winreg_DeleteKeyEx( + [in,ref] policy_handle *handle, + [in,ref] winreg_String *key, + [in] winreg_AccessMask access_mask, + [in] uint32 reserved + ); +} |