blob: 377efde8f30b0dfce009ed7f5aed8f2c1d452da3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
# Conformance file for EFS
#
# policyhandle tracking
# This block is to specify where a policyhandle is opened and where it is
# closed so that policyhandles when dissected contain nice info such as
# [opened in xxx] [closed in yyy]
#
# Policyhandles are opened in these functions
PARAM_VALUE efs_dissect_element_EfsRpcOpenFileRaw_pvContext_ PIDL_POLHND_OPEN
# Policyhandles are closed in these functions
PARAM_VALUE efs_dissect_element_EfsRpcCloseRaw_pvContext_ PIDL_POLHND_CLOSE
CODE START
static int
efs_dissect_struct_dom_sid(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, dcerpc_info* di, uint8_t *drep _U_, int hf_index _U_, uint32_t param _U_)
{
if(di->conformant_run){
/* just a run to handle conformant arrays, no scalars to dissect */
return offset;
}
offset=dissect_nt_sid(tvb, offset, tree, "SID", NULL, -1);
return offset;
}
CODE END
|