# Conformance file for EFS # # policyhandle tracking # This block is to specify where a policyhandle is opened and where it is # closed so that policyhandles when dissected contain nice info such as # [opened in xxx] [closed in yyy] # # Policyhandles are opened in these functions PARAM_VALUE efs_dissect_element_EfsRpcOpenFileRaw_pvContext_ PIDL_POLHND_OPEN # Policyhandles are closed in these functions PARAM_VALUE efs_dissect_element_EfsRpcCloseRaw_pvContext_ PIDL_POLHND_CLOSE CODE START static int efs_dissect_struct_dom_sid(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, dcerpc_info* di, uint8_t *drep _U_, int hf_index _U_, uint32_t param _U_) { if(di->conformant_run){ /* just a run to handle conformant arrays, no scalars to dissect */ return offset; } offset=dissect_nt_sid(tvb, offset, tree, "SID", NULL, -1); return offset; } CODE END