1594 lines
39 KiB
Plaintext
1594 lines
39 KiB
Plaintext
//******************************************
|
|
// Guid Definitions
|
|
// 10/23/98
|
|
//******************************************
|
|
|
|
// The #type statement and the #typev statement may be used to convert
|
|
// messages into user readable forms.
|
|
// With #type all parameters are processed as strings and the default string
|
|
// processing of FormTMessage is used
|
|
// With #typev wherever possible parameters are processed as their native format
|
|
// and the %x!x! style of FormatMessage should be used.
|
|
//
|
|
// Note Parameter %1 through %9 are predefined
|
|
// Parameter is #typev
|
|
// %1 GUID Friendly Name string
|
|
// %2 GUID SubType Name string
|
|
// %3 Thread ID ULONG_PTR
|
|
// %4 System Time String
|
|
// %5 Kernel Time or User Time String
|
|
// %6 User Time or NULL String
|
|
// %7 Sequence Number LONG
|
|
// %8 Unused String
|
|
// %9 CPU Number LONG
|
|
// %10 and above are the user parameters
|
|
// %255 Is reserved
|
|
//
|
|
// Note these parameters are always present, but may not be valid
|
|
// depending on the source.
|
|
//
|
|
// User defined messages always start at message number 10
|
|
// Messages 0 through 9 are reserved for system use.
|
|
// Message number 255 is reserved.
|
|
//
|
|
// Available formats for user arguments are -
|
|
//
|
|
//Name Description #typev Format
|
|
//ItemChar CHAR
|
|
//ItemUChar UCHAR
|
|
//ItemCharShort USHORT
|
|
//ItemCharSign SHORT
|
|
//ItemShort Signed Short SHORT
|
|
//ItemUShort Unsigned Short USHORT
|
|
//ItemLong Signed Long, decoded as decimal LONG
|
|
//ItemULong Unsigned Long, decoded as decimal ULONG
|
|
//ItemULongX Unsigned Long, seen as hexadecimal ULONG
|
|
//ItemLongLong Signed 64 Bit value LONGLONG
|
|
//ItemULongLong Unsigned 64 Bit value ULONGLONG
|
|
//ItemRString Reduced Ascii String String
|
|
// (\t, \n, \r, \,, converted to space, trailing sp removed)
|
|
//ItemWString Unicode String, null terminated String
|
|
//ItemPString Counted Ascii String String
|
|
//ItemPWString Counted Unicode String String
|
|
//ItemMLString Multi-Line Ascii String String
|
|
//ItemSid Security identifier String
|
|
//ItemChar4 CHAR4
|
|
//ItemIPAddr IP Address String (If needed raw, use ItemUlong)
|
|
// (string of form xxx.xxx.xxx.xxx)
|
|
//ItemPort String (If needed raw use ItemUshort)
|
|
//ItemNWString Non-null terminated Wide Char String String
|
|
//ItemListByte (element1,element2,....) String
|
|
// byte index into a list of strings
|
|
//ItemListShort(element1,element2,....) String
|
|
// short index into a list of strings
|
|
//ItemListLong (element1,element2,....) String
|
|
// Long index into a list of strings
|
|
//ItemGUID Normal GUID format String
|
|
//ItemNTerror Translates a ULONG error code to the String
|
|
// NT Error Text
|
|
//ItemNTSTATUS Converts NTSTATUS to symbolic name String
|
|
//ItemWINERROR Converts WINERROR to symbolic name String
|
|
//ItemNETEVENT Converts NETEVENT to symbolic name String
|
|
//ItemMerror module.ext String
|
|
// Translates a ULONG error code using the
|
|
// module specified.
|
|
//ItemTimeStamp Treats a LONGLONG as a timestamp String
|
|
//ItemUnknown String
|
|
|
|
|
|
ce5b1020-8ea9-11d0-a4ec-00a0c9062910 TraceDp
|
|
#type Start 1 "TraceDp TID=0x%3 Start"
|
|
#type End 2 "TraceDp TID=0x%3End"
|
|
{
|
|
}
|
|
|
|
68fdd900-4a3e-11d1-84f4-0000f80464e3 EventTrace
|
|
#typev Header 0 "EventTrace Header"
|
|
{
|
|
BufferSize, ItemULong //10
|
|
Version, ItemULong //11
|
|
BuildNumber, ItemULong //12
|
|
NumProc, ItemULong //13
|
|
EndTime, ItemULongLong //14
|
|
TimerResolution,ItemULong //15
|
|
MaxFileSize, ItemULong //16
|
|
LogFileMode, ItemULongX //17
|
|
BuffersWritten, ItemULong //18
|
|
StartBuffers, ItemULong //19
|
|
PointerSize, ItemULong //20
|
|
EventsLost, ItemULong //21
|
|
CPUSpeed, ItemULong //22
|
|
LoggerName, ItemPtr //23
|
|
LogFileName, ItemPtr //24
|
|
TimeZone, ItemCharHidden[176] //25
|
|
BootTime, ItemULongLong //26
|
|
PerfFrequency, ItemULongLong //27
|
|
StartTime, ItemULongLong //28
|
|
ReservedFlags, ItemULongX //29
|
|
BuffersLost, ItemULong //30
|
|
}
|
|
|
|
01853a65-418f-4f36-aefc-dc0f1d2fd235 HWConfig
|
|
#typev CPU 10 "%15!s! :: CPU # %11!d!, Speed %10!d!Mhz, Memory %12!d!K, PageSize %13!d!K, AllocationGranularity %14!d!"
|
|
{
|
|
MHz, ItemULong // 10
|
|
NumberOfProcessors, ItemULong // 11
|
|
MemSize, ItemULong // 12
|
|
PageSize, ItemULong // 13
|
|
AllocationGranularity, ItemULong // 14
|
|
ComputerName, ItemWString // 15
|
|
}
|
|
#typev PhyDisk 11 "Phsical Disk %10!d!(%19!s!), SectorSize: %11!d!, SectorsperTrack: %12!d!, TracksPerCylinder %13!d! Cylinders %14!d!, SCSI (Port=%15!d!, Path %16!d!, Target=%17!d!, Lun=%18!d!)"
|
|
{
|
|
DiskNumber, ItemULong // 10
|
|
BytesPerSector, ItemULong // 11
|
|
SectorsPerTrack, ItemULong // 12
|
|
TracksPerCylinder, ItemULong // 13
|
|
Cylinders, ItemULongLong // 14
|
|
SCSIPort, ItemULong // 15
|
|
SCSIPath, ItemULong // 16
|
|
SCSITarget, ItemULong // 17
|
|
SCSILun, ItemULong // 18
|
|
Manufacturer, ItemWString // 19
|
|
}
|
|
#typev LogDisk 12 "Logical Disk %10!d! StartOffset: %11!d!, Size: %12!d!"
|
|
{
|
|
DiskNumber, ItemULong // 10
|
|
Pad, ItemULong // 11
|
|
StartOffset, ItemULongLong // 12
|
|
PartitionSize, ItemULongLong // 13
|
|
}
|
|
#typev NIC 13 "NIC %10!s!"
|
|
{
|
|
NICName, ItemWString // 10
|
|
}
|
|
|
|
2cb15d1d-5fc1-11d2-abe1-00a0c911f518 Image
|
|
#typev Load 10 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>ImageLoad of %13!s! (Process= %12!d!, Base=0x%10!X!,size=0x%11!X!)"
|
|
{
|
|
Base Address, ItemPtr
|
|
Module Size, ItemPtr
|
|
ProcessId, ItemUlong
|
|
Image Filename, ItemWString
|
|
}
|
|
|
|
3d6fa8d0-fe05-11d0-9dda-00c04fd7ba7c Process
|
|
#typev Start 1 "%10!08X!.%3!08X!::%4!s! [%1!s!] <%9!d!>Process Started %16!s! :: %15!s! (Pid=%11!d!,PPid=%12!d!, Session=%13!d!) "
|
|
#typev End 2 "%10!08X!.%3!08X!::%4!s! [%1!s!] <%9!d!>Process Ended %16!s! :: %15!s! (Pid=%11!d!,PPid=%12!d!, Session=%13!d!) Exit Status %14!X!"
|
|
#typev DCStart 3 "%10!08X!.%3!08X!::%4!s! [%1!s!DC] <*>Process Data Collection Started of %16!s! :: %15!s! (Pid=%11!d!,PPid=%12!d!, Session=%13!d!)"
|
|
#typev DCEnd 4 "%10!08X!.%3!08X!::%4!s! [%1!s!DC] <*>Process Data Colection Ended for %16!s! :: %15!s! (Pid=%11!d!,PPid=%12!d!, Session=%13!d!)"
|
|
#typev Load 5 "%10!08X!.%3!08X!::%4!s! [%1!s!] <%9!d!>5Load of %16!s! :: %15!s! (Pid=%11!d!,PPid=%12!d!, Session=%13!d!)"
|
|
{
|
|
PageDirectoryBase, ItemPtr
|
|
Process Id, ItemULong
|
|
Parent Id, ItemULong
|
|
Session Id, ItemULong
|
|
Exit Status, ItemUlong
|
|
User SID, ItemSid
|
|
Image FileName, ItemString
|
|
}
|
|
|
|
3d6fa8d1-fe05-11d0-9dda-00c04fd7ba7c Thread
|
|
#typev Start 1 "%11!08X!.%10!08X!::%4!s! [%1!s!] <%9!d!>Started"
|
|
#typev DCStart 3 "%11!08X!.%10!08X!::%4!s! [%1!s!DC] <%9!d!>Data Collection Started "
|
|
#type Start 1
|
|
#type DCStart 3
|
|
{
|
|
Process Id, ItemULong
|
|
Thread Id, ItemULong
|
|
StackBase, ItemPtr
|
|
StackLimit, ItemPtr
|
|
UserStackBase, ItemPtr
|
|
UserStackLimit, ItemPtr
|
|
StartAddr, ItemPtr
|
|
Win32StartAddr, ItemPtr
|
|
WaitMode, ItemChar
|
|
}
|
|
#typev End 2 "%11!08X!.%10!08X!::%4!s! [%1!s!] <%9!d!>Ended"
|
|
#typev DCEnd 4 "%11!08X!.%10!08X!::%4!s! [%1!s!DC] <%9!d!>Data Collection Ended"
|
|
{
|
|
Process Id, ItemULong
|
|
Thread Id, ItemULong
|
|
}
|
|
|
|
|
|
3d6fa8d3-fe05-11d0-9dda-00c04fd7ba7c PageFault
|
|
#typev TransitionFault 10 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>Pagefault Transition VA=0x%10!08X!, PC=0x%11!08X!"
|
|
#typev DemandZeroFault 11 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>Pagefault DemandZero VA=0x%10!08X!, PC=0x%11!08X!"
|
|
#typev CopyOnWrite 12 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>Pagefault CopyOnWrite VA=0x%10!08X!, PC=0x%11!08X!"
|
|
#typev GlobalPageFault 13 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>Pagefault GuardPageFault VA=0x%10!08X!, PC=0x%11!08X!"
|
|
#typev Hard 14 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>Pagefault Hard VA=0x%10!08X!, PC=0x%11!08X!, in %12!016X!"
|
|
#typev Notification 15 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>Pagefault Notification VA=0x%10!08X!, PC=0x%11!08X!, in %12!016X!"
|
|
{
|
|
Virtual Address,ItemULongX
|
|
Program Counter,ItemUlongX
|
|
Byte Offset, ItemLongLong
|
|
File Object, ItemUlongX
|
|
Byte Count, ItemUlong
|
|
HotFile Name, ItemNWString
|
|
}
|
|
|
|
01853a65-418f-4f36-aefc-dc0f1d2fd235 HWConfig
|
|
#typev CPU 10 "%15!s! :: CPU # %11!d!, Speed %10!d!Mhz, Memory %12!d!K, PageSize %13!d!K, AllocationGranularity %14!d!"
|
|
{
|
|
MHz, ItemULong
|
|
NumberOfProcessors, ItemULong
|
|
MemSize, ItemULong
|
|
PageSize, ItemULong
|
|
AllocationGranularity, ItemULong
|
|
ComputerName, ItemWString
|
|
}
|
|
#typev PhyDisk 11 "Phsical Disk %10!d!(%19!s!), SectorSize: %11!d!, SectorsperTrack: %12!d!, TracksPerCylinder %13!d! Cylinders %14!d!, SCSI (Port=%15!d!, Path %16!d!, Target=%17!d!, Lun=%18!d!)"
|
|
{
|
|
DiskNumber, ItemULong
|
|
BytesPerSector, ItemULong
|
|
SectorsPerTrack, ItemULong
|
|
TracksPerCylinder, ItemULong
|
|
Cylinders, ItemULongLong
|
|
SCSIPort, ItemULong
|
|
SCSIPath, ItemULong
|
|
SCSITarget, ItemULong
|
|
SCSILun, ItemULong
|
|
Manufacturer, ItemWString
|
|
}
|
|
#typev LogDisk 12 "Logical Disk %10!d! StartOffset: %11!d!, Size: %12!d!"
|
|
{
|
|
DiskNumber, ItemULong
|
|
Pad, ItemULong
|
|
StartOffset, ItemULongLong
|
|
PartitionSize, ItemULongLong
|
|
}
|
|
#typev NIC 13 "NIC %10!s!"
|
|
{
|
|
NICName, ItemWString
|
|
}
|
|
|
|
|
|
3d6fa8d4-fe05-11d0-9dda-00c04fd7ba7c DiskIo
|
|
#typev Read 10 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>Disk %10!2d! Read of %12!5d! bytes (FileObj=0x%15!08X!)"
|
|
#typev Write 11 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>Disk %10!2d! Write of %12!5d! bytes (FileObj=0x%15!08X!)"
|
|
{
|
|
Disk Number, ItemULong
|
|
Irp Flags, ItemULongX
|
|
Transfer Size, ItemULong
|
|
QueueDepth, ItemULong
|
|
Byte Offset, ItemLongLong
|
|
File Object, ItemULongX
|
|
}
|
|
AE53722E-C863-11d2-8659-00C04FA321A1 Registry
|
|
#typev Create 10 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>Create of %14!s! Handle = 0x%11!08X! Status = %10!0X!"
|
|
#typev Open 11 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>Open of %14!s! Handle = 0x%11!08X! Status = %10!0X!"
|
|
#typev Delete 12 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>Delete of Handle = 0x%11!08X!(%14!s!) Status = %10!0X!"
|
|
#typev Query 13 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>Query of (%14!s!) Handle = 0x%11!08X! Status = %10!0X!"
|
|
#typev SetValue 14 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>SetValue of %14!s! Handle = 0x%11!08X!(%14!s!)8X! Status = %10!0X! (TID =%3!0X!)"
|
|
#typev QueryValue 16 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>QueryValue of (%14!s!) Handle = 0x%11!08X! Status = %10!0X!"
|
|
#typev EnumerateKey 17 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>EnumerateKey of %14!s! Handle = 0x%11!08X! Status = %10!0X!"
|
|
#typev EnumerateValueKey 18 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>EnumerateValueKey of %14!s! Handle = 0x%11!08X! Status = %10!0X!"
|
|
#typev QueryMultipleValue 19 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>QueryMultiple of %14!s! Handle = 0x%11!08X! Status = %10!0X!"
|
|
#typev SetInformation 20 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>SetInformation of %14!s! Handle = 0x%11!08X! Status = %10!0X!"
|
|
#typev Flush 21 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>Flush of %14!s! Handle = 0x%11!08X! Status = %10!0X!"
|
|
#type RunDown 22 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>Rundown"
|
|
{
|
|
Status,ItemUlongX
|
|
Key Handle, ItemULongX
|
|
Elapsed Time, ItemLongLong
|
|
Index, ItemULong
|
|
KeyName, ItemWString
|
|
}
|
|
90cbdc39-4a3e-11d1-84f4-0000f80464e3 FileIo
|
|
#typev Name 0 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>Filio for %11 (FileObj=0x%10!X!)"
|
|
{
|
|
File Object, ItemPtr
|
|
File Name, ItemWString
|
|
}
|
|
|
|
9a280ac0-c8e0-11d1-84e2-00c04fb998a2 TcpIp
|
|
#typev Send 10 "%15!08X!.%3!08X!::%4!s! [%1!s!] <%9!d!>TCPIP Send to %10!13s!:%12!05d! from %11!13s!:%13!05d! of %14!5d! bytes"
|
|
{
|
|
saddr, ItemIPAddr
|
|
daddr, ItemIPAddr
|
|
sport, ItemUShort
|
|
dport, ItemUShort
|
|
size, ItemULong
|
|
PID, ItemULongX
|
|
}
|
|
#typev Recv 11 "%15!08X!.%3!08X!::%4!s! [%1!s!] <%9!d!>TCPIP Receive from %10!13s!:%12!05d! to %11!13s!:%13!05d! of %14!5d! bytes"
|
|
{
|
|
saddr, ItemIPAddr
|
|
daddr, ItemIPAddr
|
|
sport, ItemUShort
|
|
dport, ItemUShort
|
|
size, ItemULong
|
|
PID, ItemULongX
|
|
}
|
|
#typev Connect 12 "%15!08X!.%3!08X!::%4!s! [%1!s!] <%9!d!>TCPIP Connect to %10:%12!05D! from %11:%13!05D!"
|
|
#typev Disconnect 13 "%15!08X!.%3!08X!::%4!s! [%1!s!] <%9!d!>TCPIP Discon From %10:%12!05D! to %11:%13!05D!"
|
|
{
|
|
saddr, ItemIPAddr
|
|
daddr, ItemIPAddr
|
|
sport, ItemUShort
|
|
dport, ItemUShort
|
|
size, ItemULong
|
|
PID, ItemULongX
|
|
}
|
|
#typev Retransmit 14 "%15!08X!.%3!08X!::%4!s! [%1!s!] <%9!d!>TCPIP Retransmit to %10:%12!05D!"
|
|
#typev Accept 15 "%15!08X!.%3!08X!::%4!s! [%1!s!] <%9!d!>TCPIP Accept From %10:%12!05D!"
|
|
{
|
|
saddr, ItemIPAddr
|
|
daddr, ItemIPAddr
|
|
sport, ItemUShort
|
|
dport, ItemUShort
|
|
size, ItemULong
|
|
PID, ItemULongX
|
|
}
|
|
|
|
bf3a50c5-a9c9-4988-a005-2df0b7c80f80 UdpIp
|
|
#typev Send 10 "%15!08X!.%3!08X!::%4!s! [%1!s!] <%9!d!>UDP Send to %11!13s!:%12!05d! from %14!13s!:%15!05d! of %13!5d! bytes (Context= %10!08X!)"
|
|
#typev Recv 11 "%15!08X!.%3!08X!::%4!s! [%1!s!] <%9!d!>UDP Receive from %11!13s!:%12!05d! to %14!13s!:%15!05d! of %13!5d! bytes (Context= %10!08X!)"
|
|
{
|
|
context, ItemULongX /10
|
|
destaddr, ItemIPAddr /11
|
|
destport, ItemUShort /12
|
|
Bufrsize, ItemUShort /13
|
|
srcdaddr, ItemIPAddr /14
|
|
srcport, ItemUShort /15
|
|
sentsize, ItemUShort /16
|
|
}
|
|
|
|
//******************************************
|
|
// Test Events
|
|
// d58c126f-b309-11d1-969e-0000f875a5bc
|
|
//******************************************
|
|
ce5b1020-8ea9-11d0-a4ec-00a0c9062910 TraceDp
|
|
#type Start 1
|
|
#type End 2
|
|
{
|
|
UserData, ItemULong
|
|
}
|
|
//******************************************
|
|
// Test Events
|
|
// 1bd67283-57cc-11d2-9a03-00c04f72c722
|
|
//******************************************
|
|
1bd67283-57cc-11d2-9a03-00c04f72c722 TranProv
|
|
#type Start 1
|
|
#type End 2
|
|
{
|
|
UserData, ItemULong
|
|
}
|
|
|
|
//******************************************
|
|
// DS Events
|
|
// 1c83b2fc-c04f-11d1-8afc-00c04fc21914
|
|
//******************************************
|
|
|
|
5b7eb15d-7441-11d2-b711-00c04fb998a2 DsKccGuid
|
|
#type Start 1
|
|
#type End 2
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
Null1, ItemDSString
|
|
Null2, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
|
|
05acd000-daeb-11d1-be80-00c04fadfff5 DsDirSearch
|
|
#type Start 1
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId, ItemULong
|
|
Caller, ItemDSString
|
|
Choice, ItemDSString
|
|
ObjDN, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
#type End 2
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId, ItemULong
|
|
ErrCode, ItemDSString
|
|
Null2, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
|
|
05acd001-daeb-11d1-be80-00c04fadfff5 DsDirAddEntry
|
|
#type Start 1
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId, ItemULong
|
|
Caller, ItemDSString
|
|
ObjDn, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
#type End 2
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId, ItemULong
|
|
ErrCode, ItemDSString
|
|
Null2, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
|
|
05acd002-daeb-11d1-be80-00c04fadfff5 DsDirMod
|
|
#type Start 1
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId, ItemULong
|
|
Caller, ItemDSString
|
|
ObjDn, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemMLString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
#type End 2
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId, ItemULong
|
|
ErrCode, ItemDSString
|
|
Null2, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemMLString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
|
|
05acd005-daeb-11d1-be80-00c04fadfff5 DsDirModDN
|
|
#type Start 1
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
Caller, ItemDSString
|
|
ObjDn, ItemDSString
|
|
NewParentDn, ItemDSString
|
|
NewName, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
#type End 2
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
ErrCode, ItemDSString
|
|
Null2, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
|
|
05acd003-daeb-11d1-be80-00c04fadfff5 DsDirDel
|
|
#type Start 1
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId, ItemULong
|
|
Caller, ItemDSString
|
|
ObjDn, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemMLString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
#type End 2
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId, ItemULong
|
|
ErrCode, ItemDSString
|
|
Null2, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemMLString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
|
|
05acd004-daeb-11d1-be80-00c04fadfff5 DsDirCompare
|
|
#type Start 1
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId, ItemULong
|
|
Caller, ItemDSString
|
|
AssertType, ItemDSString
|
|
ObjDn, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
#type End 2
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId, ItemULong
|
|
ErrCode, ItemDSString
|
|
Null2, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
|
|
05acd006-daeb-11d1-be80-00c04fadfff5 DsDirGtNcChg
|
|
#type Start 1
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
UuidDest, ItemDSString
|
|
NcDn, ItemDSString
|
|
UsnVecFrom, ItemDSString
|
|
flags, ItemDSString
|
|
RetCrit, ItemDSString
|
|
ExtOp, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
#type End 2
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
NumObj, ItemDSString
|
|
NumBytes, ItemDSString
|
|
UsnVecTo, ItemDSString
|
|
ExtRet, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
|
|
05acd007-daeb-11d1-be80-00c04fadfff5 DsDirReplSync
|
|
#type Start 1
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId, ItemULong
|
|
NcDn, ItemDSString
|
|
DsaOrUuid, ItemDSString
|
|
Options, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
#type End 2
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId, ItemULong
|
|
ErrCode, ItemDSString
|
|
Null2, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
|
|
05acd008-daeb-11d1-be80-00c04fadfff5 DsDirFind
|
|
#type Start 1
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
Caller, ItemDSString
|
|
AttId, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
#type End 2
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
ErrCode, ItemDSString
|
|
Null2, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
|
|
05acd009-daeb-11d1-be80-00c04fadfff5 DsLdapBind
|
|
#type Start 1
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
Null1, ItemDSString
|
|
Null2, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
#type End 2
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
ErrCode, ItemDSString
|
|
Null2, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
|
|
14f8aa22-7f4b-11d2-b389-0000f87a46c8 DsKccTask
|
|
#type Start 1
|
|
#type End 2
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
Null1, ItemDSString
|
|
Null2, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
|
|
14f8aa23-7f4b-11d2-b389-0000f87a46c8 DsDrsReplSync
|
|
#type Start 1
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
ObjDN, ItemDSString
|
|
DraSrc, ItemDSString
|
|
UuidSrc, ItemDSString
|
|
Options, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
#type End 2
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
ErrCode, ItemDSString
|
|
Null2, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
|
|
14f8aa24-7f4b-11d2-b389-0000f87a46c8 DsDrsReplGtChg
|
|
#type Start 1
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
UuidDest, ItemDSString
|
|
NcDn, ItemDSString
|
|
UsnFromHighObj, ItemDSString
|
|
UsnFromHighProp, ItemDSString
|
|
Flags, ItemDSString
|
|
MaxObj, ItemDSString
|
|
MaxBytes, ItemDSString
|
|
ExtOp, ItemDSString
|
|
}
|
|
#type End 2
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
UsnToHighObj, ItemDSString
|
|
UsnToHighProp, ItemDSString
|
|
NumObj, ItemDSString
|
|
NumByte, ItemDSString
|
|
ExtRet, ItemDSString
|
|
ErrCode, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
|
|
14f8aa25-7f4b-11d2-b389-0000f87a46c8 DsDrsUpdtRefs
|
|
#type Start 1
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
NcDn, ItemDSString
|
|
DsaDest, ItemDSString
|
|
UuidDest, ItemDSString
|
|
Options, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
#type End 2
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
ErrCode, ItemDSString
|
|
Null2, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
|
|
14f8aa26-7f4b-11d2-b389-0000f87a46c8 DsDrsReplAdd
|
|
#type Start 1
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
NcDn, ItemDSString
|
|
SrcDsaDn, ItemDSString
|
|
TransDn, ItemDSString
|
|
DsaSrc, ItemDSString
|
|
Options, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
#type End 2
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
ErrCode, ItemDSString
|
|
Null2, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
|
|
14f8aa27-7f4b-11d2-b389-0000f87a46c8 DsDrsReplMod
|
|
#type Start 1
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
NcDn, ItemDSString
|
|
UuidSrc, ItemDSString
|
|
SrcDra, ItemDSString
|
|
RepFlags, ItemDSString
|
|
ModFields, ItemDSString
|
|
Options, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
#type End 2
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
ErrCode, ItemDSString
|
|
Null2, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
|
|
14f8aa28-7f4b-11d2-b389-0000f87a46c8 DsDrsReplDel
|
|
#type Start 1
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
NcDn, ItemDSString
|
|
DsaSrc, ItemDSString
|
|
Options, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
#type End 2
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
ErrCode, ItemDSString
|
|
Null2, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
|
|
14f8aa29-7f4b-11d2-b389-0000f87a46c8 DsDrsVrfyNames
|
|
#type Start 1
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
cNames, ItemDSString
|
|
Flags, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
#type End 2
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
ErrCode, ItemDSString
|
|
Null2, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
|
|
14f8aa2a-7f4b-11d2-b389-0000f87a46c8 DsDrsIntDmMv
|
|
#type Start 1
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
SrcDsaDn, ItemDSString
|
|
SrcObjDn, ItemDSString
|
|
DstNameDn, ItemDSString
|
|
TargetNcDn, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
#type End 2
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
ErrCode, ItemDSString
|
|
Null2, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
|
|
14f8aa2b-7f4b-11d2-b389-0000f87a46c8 DsDrsAddEntry
|
|
#type Start 1
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
cObj, ItemDSString
|
|
NameDn, ItemDSString
|
|
NextNameDn, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
#type End 2
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
cObjAdded, ItemDSString
|
|
ErrCode, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
|
|
14f8aa2c-7f4b-11d2-b389-0000f87a46c8 DsDrsExecKcc
|
|
#type Start 1
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
TaskId, ItemDSString
|
|
Flags, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
#type End 2
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
ErrCode, ItemDSString
|
|
Null2, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
|
|
14f8aa2d-7f4b-11d2-b389-0000f87a46c8 DsDrsGtReplInfo
|
|
#type Start 1
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
InfoType, ItemDSString
|
|
ObjDn, ItemDSString
|
|
UuidSrc, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
#type End 2
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
ErrCode, ItemDSString
|
|
Null2, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
|
|
14f8aa2e-7f4b-11d2-b389-0000f87a46c8 DsDrsGtNT4ChgLg
|
|
#type Start 1
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
flags, ItemDSString
|
|
maxLen, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
#type End 2
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
NtStatus, ItemDSString
|
|
Null2, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
|
|
14f8aa2f-7f4b-11d2-b389-0000f87a46c8 DsDrsCrackNames
|
|
#type Start 1
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
cNames, ItemDSString
|
|
CodePage, ItemDSString
|
|
LocaleId, ItemDSString
|
|
FmtOffered, ItemDSString
|
|
FmtDesired, ItemDSString
|
|
Flags, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
#type End 2
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
ErrCode, ItemDSString
|
|
Null2, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
|
|
14f8aa30-7f4b-11d2-b389-0000f87a46c8 DsDrsWrtSPN
|
|
#type Start 1
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
Account, ItemDSString
|
|
Op, ItemDSString
|
|
cSpn, ItemDSString
|
|
Flags, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
#type End 2
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
ErrCode, ItemDSString
|
|
Null2, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
|
|
14f8aa31-7f4b-11d2-b389-0000f87a46c8 DsDrsDCInfo
|
|
#type Start 1
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
Domain, ItemDSString
|
|
InfoLevel, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
#type End 2
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
ErrCode, ItemDSString
|
|
Null2, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
|
|
14f8aa32-7f4b-11d2-b389-0000f87a46c8 DsDrsGtMbrshps
|
|
#type Start 1
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
cDsNames, ItemDSString
|
|
OpType, ItemDSString
|
|
LimitDomDn, ItemDSString
|
|
Flags, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
#type End 2
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
ErrCode, ItemDSString
|
|
Null2, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
|
|
5b7eb154-7441-11d2-b711-00c04fb998a2 LdapAtqGuid
|
|
#type Start 1
|
|
#type End 2
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
}
|
|
|
|
b9d4702a-6a98-11d2-b710-00c04fb998a2 LdapRequest
|
|
#type Start 1
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
Choice, ItemDSString
|
|
Null2, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
#type End 2
|
|
{
|
|
Signature, ItemCharSign
|
|
Version, ItemCharShort
|
|
Inserts, ItemCharShort
|
|
messageId, ItemULong
|
|
BindId,ItemULong
|
|
Id, ItemDSString
|
|
ErrCode, ItemDSString
|
|
Null3, ItemDSString
|
|
Null4, ItemDSString
|
|
Null5, ItemDSString
|
|
Null6, ItemDSString
|
|
Null7, ItemDSString
|
|
Null8, ItemDSString
|
|
}
|
|
|
|
//******************************************
|
|
// KDC Events
|
|
// 24db8964-e6bc-11d1-916a-0000f8045b04
|
|
//******************************************
|
|
|
|
50af5304-e6bc-11d1-916a-0000f8045b04 GetASTicket
|
|
#type Start 1
|
|
{
|
|
KdcOption, ItemULongX
|
|
}
|
|
#type End 2
|
|
{
|
|
KerbErr, ItemULongX
|
|
Client, ItemPWString
|
|
Server, ItemPWString
|
|
RequestRealm, ItemPWString
|
|
}
|
|
|
|
c11cf384-e6bd-11d1-916a-0000f8045b04 TGSRequest
|
|
#type Start 1
|
|
{
|
|
KdcOption, ItemULongX
|
|
}
|
|
#type End 2
|
|
{
|
|
KerbErr, ItemULongX
|
|
Client, ItemPWString
|
|
ServerAcct, ItemPWString
|
|
ClientRealm, ItemPWString
|
|
}
|
|
|
|
//******************************************
|
|
// SAM Events
|
|
// 8e598056-8993-11d2-819e-0000f875a064
|
|
//******************************************
|
|
|
|
39511dbe-899b-11d2-819e-0000f875a064 SamUserCreate
|
|
#type Start 1
|
|
#type End 2
|
|
|
|
abb14b68-899b-11d2-819e-0000f875a064 SamCompCreate
|
|
#type Start 1
|
|
#type End 2
|
|
|
|
c8eb5e5c-899c-11d2-819e-0000f875a064 SamGrpCreate
|
|
#type Start 1
|
|
#type End 2
|
|
|
|
f9d2ba6a-899c-11d2-819e-0000f875a064 SamAddMemGrp
|
|
#type Start 1
|
|
#type End 2
|
|
|
|
250959aa-899d-11d2-819e-0000f875a064 SamDelMemGrp
|
|
#type Start 1
|
|
#type End 2
|
|
|
|
45fc997e-899d-11d2-819e-0000f875a064 SamPwdChng
|
|
#type Start 1
|
|
#type End 2
|
|
|
|
62bef71e-899d-11d2-819e-0000f875a064 SamUserPwdSet
|
|
#type Start 1
|
|
#type End 2
|
|
|
|
880217b8-899d-11d2-819e-0000f875a064 SamCompPwdSet
|
|
#type Start 1
|
|
#type End 2
|
|
|
|
1f228de8-8a6c-11d2-819e-0000f875a064 SamPwdPushPdc
|
|
#type Start 1
|
|
#type End 2
|
|
|
|
a41d90bc-899d-11d2-819e-0000f875a064 SamIdByName
|
|
#type Start 1
|
|
#type End 2
|
|
|
|
25059476-899f-11d2-819e-0000f875a064 SamNameById
|
|
#type Start 1
|
|
#type End 2
|
|
|
|
//******************************************
|
|
// LSA Events
|
|
// cc85922f-db41-11d2-9244-006008269001 MSLSATrace
|
|
//******************************************
|
|
|
|
cc85922e-db41-11d2-9244-006008269001 QuerySecret
|
|
#type Start 1
|
|
#type End 2
|
|
|
|
2306fe3b-dbf6-11d2-9244-006008269001 Close
|
|
#type Start 1
|
|
#type End 2
|
|
|
|
2306fe3a-dbf6-11d2-9244-006008269001 OpenPolicy
|
|
#type Start 1
|
|
#type End 2
|
|
|
|
2306fe39-dbf6-11d2-9244-006008269001 QueryInformationPolicy
|
|
#type Start 1
|
|
#type End 2
|
|
|
|
2306fe38-dbf6-11d2-9244-006008269001 SetInformationPolicy
|
|
#type Start 1
|
|
#type End 2
|
|
|
|
2306fe37-dbf6-11d2-9244-006008269001 EnumerateTrustedDomains
|
|
#type Start 1
|
|
#type End 2
|
|
|
|
2306fe36-dbf6-11d2-9244-006008269001 LookupNames
|
|
#type Start 1
|
|
#type End 2
|
|
|
|
2306fe35-dbf6-11d2-9244-006008269001 LookupSids
|
|
#type Start 1
|
|
#type End 2
|
|
|
|
2306fe34-dbf6-11d2-9244-006008269001 OpenTrustedDomain
|
|
#type Start 1
|
|
#type End 2
|
|
|
|
2306fe33-dbf6-11d2-9244-006008269001 QueryInfoTrustedDomain
|
|
#type Start 1
|
|
#type End 2
|
|
|
|
2306fe32-dbf6-11d2-9244-006008269001 SetInformationTrustedDomain
|
|
#type Start 1
|
|
#type End 2
|
|
|
|
2306fe31-dbf6-11d2-9244-006008269001 QueryInformationPolicy2
|
|
#type Start 1
|
|
#type End 2
|
|
|
|
2306fe30-dbf6-11d2-9244-006008269001 SetInformationPolicy2
|
|
#type Start 1
|
|
#type End 2
|
|
|
|
2306fe2f-dbf6-11d2-9244-006008269001 QueryTrustedDomainInfoByName
|
|
#type Start 1
|
|
#type End 2
|
|
|
|
2306fe2e-dbf6-11d2-9244-006008269001 SetTrustedDomainInfoByName
|
|
#type Start 1
|
|
#type End 2
|
|
|
|
2306fe2d-dbf6-11d2-9244-006008269001 EnumerateTrustedDomainsEx
|
|
#type Start 1
|
|
#type End 2
|
|
|
|
2306fe2c-dbf6-11d2-9244-006008269001 CreateTrustedDomainEx
|
|
#type Start 1
|
|
#type End 2
|
|
|
|
2306fe2b-dbf6-11d2-9244-006008269001 QueryDomainInformationPolicy
|
|
#type Start 1
|
|
#type End 2
|
|
|
|
2306fe2a-dbf6-11d2-9244-006008269001 SetDomainInformationPolicy
|
|
#type Start 1
|
|
#type End 2
|
|
|
|
2306fe29-dbf6-11d2-9244-006008269001 OpenTrustedDomainByName
|
|
#type Start 1
|
|
#type End 2
|
|
|
|
// Netdevice
|
|
f404cdf8-6926-11d2-a059-00a0c95b7f08 NetDevice
|
|
#typev Normal 10 "%11!2d!, %4: %12!s!"
|
|
{
|
|
Ordinal, ItemULongX // 10
|
|
CPU Num, ItemUShort // 11
|
|
Message, ItemString // 12
|
|
}
|
|
#type BytesIndicated 11 "%11, %4: NDBothHandleReceiveIndication (%15): Conn[%12], Indicated %13, Available %14"
|
|
{
|
|
Ordinal, ItemULongX // 10
|
|
CPU Num, ItemUShort // 11
|
|
ConnIdx, ItemUShort // 12
|
|
Indicated, ItemULong // 13
|
|
Available, ItemULong // 14
|
|
Message, ItemString // 15
|
|
}
|
|
#type BuildReceiveIrpEnter 20 "%11, %4: NDBothBuildReceiveIrp: Entry"
|
|
{
|
|
Ordinal, ItemULongX // 10
|
|
CPU Num, ItemUShort // 11
|
|
}
|
|
#type BuildReceiveIrpInfo 23 "%11, %4: NDBothBuildReceiveIrp as %13: Conn[%12], Phase = %14"
|
|
{
|
|
Ordinal, ItemULongX // 10
|
|
CPU Num, ItemUShort // 11
|
|
ConnIdx, ItemUShort // 12
|
|
DriverType,ItemString // 13
|
|
ConnPhase, ItemString // 14
|
|
}
|
|
#type BuildReceiveIrpCounts 26 "%11, %4: NDBothBuildReceiveIrp as %17: Bytes for Sec %12, Buf %13, Hdr %14, Rcb In = %15, Out = %16"
|
|
{
|
|
Ordinal, ItemULongX // 10
|
|
CPU Num, ItemUShort // 11
|
|
SecBytes,ItemULong // 12
|
|
BufBytes,ItemULong // 13
|
|
HdrBytes,ItemULong // 14
|
|
RcbInIdx,ItemUShort // 15
|
|
RcbOutIdx,ItemUShort // 16
|
|
DriverType,ItemString // 17
|
|
}
|
|
#type BuildReceiveIrpExit 29 "%11, %4: NDBothBuildReceiveIrp: Exit"
|
|
{
|
|
Ordinal, ItemULongX // 10
|
|
CPU Num, ItemUShort // 11
|
|
}
|
|
#type ProcessIncomingBufferEntry 120 "%11, %4: NDBothProcessIncomingBuffer: Entry"
|
|
{
|
|
Ordinal, ItemULongX // 10
|
|
CPU Num, ItemUShort // 11
|
|
}
|
|
#type ProcessIncomingBufferIgnore 126 "%11, %4: NDBothProcessIncomingBuffer: Ignoring Message"
|
|
{
|
|
Ordinal, ItemULongX // 10
|
|
CPU Num, ItemUShort // 11
|
|
}
|
|
#type ProcessIncomingBufferExit 129 "%11, %4: NDBothProcessIncomingBuffer: Exit"
|
|
{
|
|
Ordinal, ItemULongX // 10
|
|
CPU Num, ItemUShort // 11
|
|
}
|
|
#type ProcessNewHeaderEnter 130 "%11, %4: NDBothProcessNewHeader: Entry"
|
|
{
|
|
Ordinal, ItemULongX // 10
|
|
CPU Num, ItemUShort // 11
|
|
}
|
|
#type ProcessNewHeaderAnnounce 132 "%11, %4: NDBothProcessNewHeader as %16 for RCB[%12] on Conn[%15] is Rqst Id 0x%13_%14"
|
|
{
|
|
Ordinal, ItemULongX // 10
|
|
CPU Num, ItemUShort // 11
|
|
RCB Idx, ItemUShort // 12
|
|
Rqst IdH,ItemULongX // 13
|
|
Rqst IdL,ItemULongX // 14
|
|
Conn Idx,ItemUShort // 15
|
|
DriverType,ItemString // 16
|
|
}
|
|
#type ProcessNewHeaderExit 148 "%11, %4: NDBothProcessNewHeader: Exit"
|
|
{
|
|
Ordinal, ItemULongX // 10
|
|
CPU Num, ItemUShort // 11
|
|
}
|
|
|
|
|
|
5eb2d7d2-c2af-11d2-afc3-00c04f8ef2f7 Sample
|
|
#typev Ascii 10 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!> Type: %2, Seq: %10!d! Str1: %11!s!"
|
|
//#typev Ascii 0 "0,%3!08X!,%4!s!,%1!s!,%9!d!,%2,%10!d!,%11!s!"
|
|
{
|
|
Sequence, ItemUlong // 10
|
|
AsciiStr, ItemString // 11
|
|
}
|
|
//#typev Wchar 11 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!> Type: %2!s!, Seq: %10!d! Str1: %11!s!"
|
|
//#typev Wchar 11 "0,%3!08X!,%4!s!,%1!s!,%9!d!,%2,%10!d!,%11!s!"
|
|
//{
|
|
// Sequence,ItemUlong // 10
|
|
// UnicodeStr, ItemWString // 11
|
|
//}
|
|
|
|
|
|
|