Changeset 1724

Timestamp:

08/12/08 15:36:04 (4 months ago)

Author:

xkovah

Message:

going to try to get returning structured data to work…but this check in is just for the upcoming rename

Files:

• capture-mod/trunk/MySoapServer.cpp (modified) (4 diffs)
• capture-mod/trunk/Visitor.cpp (modified) (1 diff)
• capture-mod/trunk/captureGSOAP.h (modified) (1 diff)
• capture-mod/trunk/client.pl (added)
• capture-mod/trunk/install/CaptureBAT.exe (modified) (previous)
• capture-mod/trunk/install/CaptureFileMonitor.sys (modified) (previous)
• capture-mod/trunk/install/CaptureProcessMonitor.sys (modified) (previous)
• capture-mod/trunk/install/CaptureRegistryMonitor.sys (modified) (previous)
• capture-mod/trunk/install/FileMonitor.exl (modified) (7 diffs)
• capture-mod/trunk/install/ProcessMonitor.exl (modified) (2 diffs)
• capture-mod/trunk/install/RegistryMonitor.exl (modified) (4 diffs)
• capture-mod/trunk/soapC.cpp (modified) (17 diffs)
• capture-mod/trunk/soapClient.cpp (modified) (2 diffs)
• capture-mod/trunk/soapH.h (modified) (16 diffs)
• capture-mod/trunk/soapServer.cpp (modified) (3 diffs)
• capture-mod/trunk/soapStub.h (modified) (15 diffs)
• capture-mod/trunk/soapcpp2.exe (added)

capture-mod/trunk/MySoapServer.cpp

@@ -7 +7 @@
-
-#include "soapH.h" 
-lculator
+pture
-
-#include "Visitor.h"
@@ -83 +83 @@
-   *result = "pong";
-
+    wchar_t xURL[1024];
+    wsprintf(xURL, L"%hs", a);
-    //Build my own new-fangled Element to pass to Visitor:onServerEvent which I think will open 
-    typedef boost::signal<void (Element*)> signal_serverEvent;
-    Attribute att;
-    att.name = L"url";
-L"http://slashdot.org";
+xURL; //Now expecting you to pass the URL
-    Element e;
-    e.name = L"visit";
@@ -95 +97 @@
-    printf("trying with notifyListeners\n");
-    EventController::getInstance()->notifyListeners(&e);
-
+//
-//  globVisitor->onServerEvent(&e);
-
@@ -107 +109 @@
-   return SOAP_OK; 
-}
+
+/*
+int ns__junks(char * a, ns__myStruct2 &result)
+{
+    printf("in ns__struct\n");
+    ns__myStruct2 bob;
+    bob.first = "bob";
+    bob.last = "dole";
+    result = &bob;
+
+    return SOAP_OK;
+}
+*/
-
-void

capture-mod/trunk/Visitor.cpp

@@ -8 +8 @@
-
-    hQueueNotEmpty = CreateEvent(NULL, FALSE, FALSE, NULL);
-    printf("Visitor: boost that sucka\n");
-    onServerVisitEventConnection=EventController::getInstance()->connect_onServerEvent(L"visit", boost::bind(&Visitor::onServerEvent, this, _1));
-

capture-mod/trunk/captureGSOAP.h

@@ -7 +7 @@
-//gsoap ns service port: http://192.168.0.131:1234
-//gsoap ns service namespace: capture
+
+/*
+typedef struct ms2{
+    char * first; 
+    char * last;
+} ns__myStruct2;
+
+int ns__junks(char * a, ns__myStruct2 &result);
+*/
+
-int ns__add(int a, int b, int &result); 
- 
+
-int ns__sub(double a, double b, double &result); 

capture-mod/trunk/install/FileMonitor.exl

@@ -9 +9 @@
-+   Delete  C:\\program Files\\capture\\captureclient\.exe  C:\\program files\\capture\\.+\.zip
-#Prefetch
-
+
+
-+   Write   System  C:\\WINDOWS\\Prefetch\\.+
-#NTFS Metadata
@@ -50 +51 @@
-+   Write   C:\\WINDOWS\\system32\\services\.exe    C:\\WINDOWS\\system32\\config\\SecEvent\.Evt
-#Mapping
-\\.+
+.*
-#Cataloging
-+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\system32\\CatRoot2\\.+
@@ -73 +74 @@
-+   Delete  C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\Documents and Settings\\.+\\Local Settings\\Temp\\.+tmp
-# History
-
-
+
+
+
+
-# IE Cookies
-+   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\Documents and Settings\\.+\\Cookies\\.+
@@ -94 +97 @@
-+   Write   C:\\Program Files\\Messenger\\msmsgs\.exe   C:\\Documents and Settings\\.+\\NTUSER.DAT.LOG
-+   Delete  C:\\Program Files\\Messenger\\msmsgs\.exe   C:\\Documents and Settings\\.+\\NTUSER.DAT.LOG
-
-
-
-
+\\
+\\
+\\
+\\
-
-###################################################
@@ -125 +128 @@
-###################################################
-# Alert about executables or scripts that are written to disk
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-#commented out for IE because \.com cache files and \.vb script files are very common
-#-  Write   .*  .+\.vb
-#-  Write   .*  .+\.com
+#commented out for IE because .exe downloads to the cache dir are very common
+#-  Write   .*  .+\.exe
-# Alert about modifications to startup locations
--   Write   .*  C:\\Documents and Settings\\.+\\Start Menu\\Programs\\Startup.+
@@ -154 +168 @@
-#### HONEYCLIENT AUTO EXCLUDE SCRIPT
-+   Delete  C:\\WINDOWS\\system32\\defrag\.exe  C:\\.*\.tmp
-
-
-
-
-
+\
+\
+\
+\
+\
-#### HONEYCLIENT manual
-+   Write   C:\\WINDOWS\\system32\\dwwin\.exe   C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\.*
@@ -166 +180 @@
-+   Delete  C:\\WINDOWS\\system32\\wbem\\wmiadap\.exe   C:\\WINDOWS\\system32\\wbem\\Performance\\WmiApRpl\.h
-+   Delete  C:\\WINDOWS\\system32\\wbem\\wmiadap\.exe   C:\\WINDOWS\\system32\\PerfStringBackup\.TMP
++   Write   C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe  C:\\WINDOWS
++   Write   C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe  C:\\WINDOWS\\AppPatch
++   Write   C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe  C:\\WINDOWS\\system32
++   Write   C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe  C:\\WINDOWS\\system32\\config
++   Write   C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe  C:\\WINDOWS\\system32\\config\\systemprofile
++   Write   C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe  C:\\WINDOWS\\system32\\wbem
++   Write   C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe  C:\\WINDOWS\\system32\\wbem\\Repository\\FS
++   Write   C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe  C:\\WINDOWS\\system32\\Prefetch
++   Write   C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe  C:\\WINDOWS\\PCHEALTH\\HELPCTR
++   Write   C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe  C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Config
++   Write   C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe  C:\\WINDOWS\\PCHEALTH\\HELPCTR\\PackageStore
++   Write   C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe  C:\\
++   Write   C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe  C:\\WINDOWS\\Prefetch
++   Write   C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe  C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries
++   Write   C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe  C:\\WINDOWS\\PCHEALTH\\HELPCTR\\DataColl
++   Write   C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe  E:\\
++   Write   C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe  C:\\WINDOWS\\WinSxS
++   Write   C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe  C:\\WINDOWS\\WinSxS\\MANIFESTS
++   Write   C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe  C:\\WINDOWS\\WinSxS\\Policies
++   Write   C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe  C:\\WINDOWS\\REGISTRATION
++   Write   C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe  C:\\WINDOWS\\WinSxS\\Policies\\.*
++   Write   C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe  C:\\Documents and Settings
++   Write   C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe  C:\\Documents and Settings\\Default User
++   Write   C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe  C:\\Documents and Settings\\ALL USERS
++   Write   C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe  C:\\Documents and Settings\\Default User\\Start Menu\\Programs
++   Write   C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe  C:\\Documents and Settings\\All Users\\START MENU
+
+#### Honeyclient manual add - helpsvc.exe
++   Write   C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpsvc\.exe  C:\\WINDOWS\\PCHEALTH\\HELPCTR\\DataColl\\.*
++   Delete  C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpsvc\.exe  C:\\WINDOWS\\PCHEALTH\\HELPCTR\\DataColl\\.*
+
+#### Honeyclient manual add - dfrgntfs.exe - ticket #143
++   Write   C:\\WINDOWS\\system32\\dfrgntfs\.exe    .*
+
+#### Honeyclient manual add - iexplore.exe - ticket #142
++   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\Cab.*\.tmp
++   Delete  C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\Cab.*\.tmp
++   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\Tar.*\.tmp
++   Delete  C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\Tar.*\.tmp
+
+#### Honeyclient manual add - iexplore.exe - ticket #144 (windows update services)
++   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\WindowsUpdate.log
++   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\system32\\wuweb\.dll
++   Delete  C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\system32\\wuweb\.dll
++   Delete  C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\ICD.?.?\.tmp
++   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\ICD.?.?\.tmp\\wuweb\.dll
++   Delete  C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\ICD.?.?\.tmp\\wuweb\.dll
++   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\ICD.?.?\.tmp\\wuweb\.inf
++   Delete  C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\ICD.?.?\.tmp\\wuweb\.inf
++   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\ICD.?.?\.tmp\\wuweb\.cat
++   Delete  C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\ICD.?.?\.tmp\\wuweb\.cat
++   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\system32\\CatRoot2\\dberr\.txt
++   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\LastGood\\TMP.*\.tmp
++   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\system32\\SET.*\.tmp
++   Delete  C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\system32\\SET.*\.tmp
++   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\Downloaded Program Files\\SET.*\.tmp
++   Delete  C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\Downloaded Program Files\\SET.*\.tmp
++   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\SoftwareDistribution\\WuRedir\\9482F4B4-E343-43B6-B170-9A65BC822C77\\wuredir\.cab\.bak
++   Delete  C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\SoftwareDistribution\\WuRedir\\9482F4B4-E343-43B6-B170-9A65BC822C77\\wuredir\.cab\.bak
++   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\SoftwareDistribution\\WuRedir\\9482F4B4-E343-43B6-B170-9A65BC822C77\\wuredir\.xml
++   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\SoftwareDistribution\\WuRedir\\9482F4B4-E343-43B6-B170-9A65BC822C77\\wuredir\.cab
++   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\SoftwareDistribution\\WebSetup\\wuident\.txt
++   Delete  C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\SoftwareDistribution\\WebSetup\\wuident\.txt
++   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\SoftwareDistribution\\WebSetup\\wuident\.cab
++   Delete  C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\SoftwareDistribution\\WebSetup\\wuident\.cab
++   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\SoftwareDistribution\\WebSetup\\wsus3setup\.cab
++   Delete  C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\SoftwareDistribution\\WebSetup\\wsus3setup\.cab
++   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\SoftwareDistribution\\WebSetup\\wsus3setup\.inf
++   Delete  C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\SoftwareDistribution\\WebSetup\\wsus3setup\.inf
++   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\SoftwareDistribution\\WebSetup\\wsus3setup\.cat
++   Delete  C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\SoftwareDistribution\\WebSetup\\wsus3setup\.cat
++   Delete  C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\system32\\CatRoot2\\tmp\.edb
++   Write   C:\\WINDOWS\\system32\\winlogon\.exe    C:\\WINDOWS\\system32\\dllcache\\wuweb\.dll\.new
+
+#### Honeyclient manual add - iexplore.exe - ticket #136 (flash)
++   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\fla.*\.tmp
++   Delete  C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\fla.*\.tmp
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\fla.*\.tmp
++   Delete  C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\fla.*\.tmp
+
+#### Honeyclient manual add - iexplore.exe - ticket #152
++   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\VGX.*\.tmp
+
+#### Honeyclient manual add - iexplore.exe
++   Delete  C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\wbk.*\.tmp
+
+#### HONEYCLIENT AUTO EXCLUDE SCRIPT - Internet Explorer 7 Updates
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\SoftwareDistribution\\DataStore\\Logs
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\system32
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\repair
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\SoftwareDistribution
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Cookies
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Cookies\\index.dat
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\.+\\Local Settings\\History\\History\.IE5.*
++   Delete  C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\.+\\Local Settings\\History\\History\.IE5.*
++   Write   C:\\WINDOWS\\system32\\WgaTray\.exe C:\\Documents and Settings\\.+\\Local Settings\\History\\History\.IE5.*
++   Delete  C:\\WINDOWS\\system32\\WgaTray\.exe C:\\Documents and Settings\\.+\\Local Settings\\History\\History\.IE5.*
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\cygwin.*
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Desktop
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Desktop\\%USERPROFILE%\\Local Settings\\Application Data\\Microsoft\\Feeds Cache
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Temporary Internet Files.*
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Temporary Internet Files\\Content\.IE5\\.*
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Desktop\\%USERPROFILE%\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\index\.dat
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\MSIMGSIZ\.DAT
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Local Settings
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Temporary Internet Files\\AntiPhishing\\.+
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Program Files\\Internet Explorer
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Temporary Internet Files\\Content\.IE5
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\system32\\Macromed\\Flash
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Microsoft\\Feeds Cache
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Program Files
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Favorites
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Program Files\\Messenger
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\index\.dat
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\Microsoft\.NET\\Framework.*
++   Write   C:\\WINDOWS\\system32\\WgaTray\.exe C:\\Documents and Settings\\.+\\Local Settings\\Temporary Internet Files\\.*
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\.+\\Cookies\\.+
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\.+\\Cookies\\index.dat
++   Delete  C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\.+\\Cookies\\.+
++   Delete  C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\.+\\Cookies\\index.dat
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\WinSxS\\Policies\\.*
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\WinSxS
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\Temp
+
+#### HONEYCLIENT AUTO EXCLUDE SCRIPT
+#No guarantees that the % will be interpreted literally by the regex processing...but this is what it spit out
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Desktop\\%USERPROFILE%\\UserData\\index\.dat
+
+#### HONEYCLIENT AUTO EXCLUDE SCRIPT
++   Write   C:\\WINDOWS\\system32\\lsass\.exe   C:\\Documents and Settings\\Administrator\\Application Data\\Microsoft\\Protect\\.*
+
+
+###Stuff that got accidentally removed in r 1511
+
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\Temp\\WGANotify\.settings
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\system32\\config
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\.+\\Application Data.*
++   Delete  C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\.+\\Application Data.*
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\.+\\Application Data\\Microsoft\\CryptnetUrlCache.*
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\All Users
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\SoftwareDistribution\\Download
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\SoftwareDistribution\\Download.*
++   Delete  C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\SoftwareDistribution\\Download.*
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\system32\\wbem
+
+#### HONEYCLIENT AUTO EXCLUDE SCRIPT - IE7 accessing live.com
++   Write   C:\\WINDOWS\\Microsoft\.NET\\Framework\\v3\.0\\Windows Communication Foundation\\infocard\.exe  C:\\WINDOWS\\system32\\config\\system\.LOG
++   Write   C:\\WINDOWS\\Microsoft\.NET\\Framework\\v3\.0\\Windows Communication Foundation\\infocard\.exe  C:\\WINDOWS\\system32\\config\\system
++   Write   C:\\WINDOWS\\Microsoft\.NET\\Framework\\v3\.0\\Windows Communication Foundation\\infocard\.exe  C:\\WINDOWS\\system32\\config
+
+# IE7 - Exclusion
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\LocalService
++   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\system32\\config\\SysEvent\.Evt
+
+# VMware Tools
++   Write   C:\\Program Files\\VMware\\VMware Tools\\VMwareUser\.exe    C:\\Documents and Settings\\Administrator\\Local Settings\\Temp.*
++   Delete  C:\\Program Files\\VMware\\VMware Tools\\VMwareUser\.exe    C:\\Documents and Settings\\Administrator\\Local Settings\\Temp.*
+
+# IE - Active Scripting Printing
++   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\.+htm
++   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\.+html
++   Delete  C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\.+tmp
++   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\.+tmp
+
+# System Log Files - IE7
++   Write   C:\\WINDOWS\\system32\\services\.exe    C:\\WINDOWS\\Debug\\UserMode\\userenv\.log
+
+# IE6 Crashing
++   Write   C:\\WINDOWS\\system32\\drwtsn32\.exe    C:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\Dr Watson\\.*

capture-mod/trunk/install/ProcessMonitor.exl

@@ -15 +15 @@
-### Microsoft Internet Explorer 6.0     ###
-###################################################
-
+\
-#agent server is an activeX control that starts upon displaying multimedia content
-
+\
-#messenger activeX
-
+\
-###################################################
-### Honeyclient added/specific?         ###
-###################################################
-Does specifying a parent process even work? I tried
+specifying a parent process doesn't work - this is a known bug
-+   bash.exe    .*  C:\\cygwin\\bin\\bash\.exe
-+   perl.exe    .*  C:\\cygwin\\bin\\perl\.exe
@@ -33 +33 @@
-+   WgaTray.exe .*  C:\\WINDOWS\\system32\\WgaTray\.exe
-+   alg.exe .*  C:\\WINDOWS\\system32\\alg\.exe
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+

capture-mod/trunk/install/RegistryMonitor.exl

@@ -14 +14 @@
-+   SetValueKey .*  HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\.+
-+   SetValueKey .*  HKLM\\SOFTWARE\\Microsoft\\Cryptography\\RNG\\Seed.*
-
-
-
-
-
-
-
+\
+\
+\
+\
+\
+\
+\
-+   SetValueKey C:\\WINDOWS\\system32\\WgaTray\.exe HKCU\\SOFTWARE\\Microsoft\\SystemCertificates\\.+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
-+   DeleteValueKey  .*  HKU\\.+\\SessionInformation\\ProgramCount
-+   DeleteValueKey  .*  HKCU\\Software\\Microsoft\\Windows\\ShellNoRoam.*
-+   DeleteValueKey  .*  HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\.+
-+   DeleteValueKey  .*  HKLM\\SOFTWARE\\Microsoft\\Cryptography\\RNG\\Seed.*
-
-
-
-
-
-
-
+\
+\
+\
+\
+\
+\
+\
-+   DeleteValueKey  C:\\WINDOWS\\system32\\WgaTray\.exe HKCU\\SOFTWARE\\Microsoft\\SystemCertificates\\.+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
+\
-#defrag
-
-
+\
+\
-#windows update
-
-
+\
+\
-###################################################
-### Internet Explorer 6.0 SP2           ###
@@ -114 +114 @@
-+   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache.+
-+   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Cache.+
-\\.+
+.*
-+   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\\.+
-+   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Direct3D.+
@@ -160 +160 @@
-+   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache.+
-+   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Cache.+
-\\.+
+.*
-+   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\\.+
-+   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Direct3D.+
@@ -312 +312 @@
-+   SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKLM\\SYSTEM\\ControlSet001\\Control\\Print\\Printers
-+   SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKLM\\SYSTEM\\ControlSet001\\Control\\Print\\Providers
+
+#### Honeyclient manual add - helpsvc.exe
++   SetValueKey C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpsvc.exe   HKLM\\SOFTWARE\\Microsoft\\PCHealth\\.+
+
+#### Honeyclient manual add - iexplore.exe - ticket #144 (windows update services)
++   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ModuleUsage\\C:\/WINDOWS\/System32\/wuweb\.dll
++   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SharedDLLs
++   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Code Store Database\\Distribution Units\\\{6414512B-B978-451D-A0D8-FCFDF33E833C\}
++   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Code Store Database\\Distribution Units\\\{6414512B-B978-451D-A0D8-FCFDF33E833C\}\\DownloadInformation
++   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Code Store Database\\Distribution Units\\\{6414512B-B978-451D-A0D8-FCFDF33E833C\}\\InstalledVersion
++   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Code Store Database\\Distribution Units\\\{6414512B-B978-451D-A0D8-FCFDF33E833C\}\\Contains\\Files
++   SetValueKey C:\\WINDOWS\\system32\\winlogon.exe HKU\\\.DEFAULT\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon
+
+#### HONEYCLIENT AUTO EXCLUDE SCRIPT - Internet Explorer 7 Updates
++   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\Security\\AntiPhishing\\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F
++   DeleteValueKey  C:\\WINDOWS\\system32\\spoolsv\.exe HKU\\\.DEFAULT\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PrinterPorts
++   SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKU\\\.DEFAULT\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows
++   SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKCU\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows
++   DeleteValueKey  C:\\WINDOWS\\system32\\spoolsv\.exe HKU\\S.+\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PrinterPorts
++   SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKU\\S.+\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PrinterPorts
++   SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKCU\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Devices
++   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\LowRegistry
++   DeleteValueKey  C:\\WINDOWS\\system32\\spoolsv\.exe HKU\\S.+\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Devices
++   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\Zoom
++   DeleteValueKey  C:\\WINDOWS\\system32\\spoolsv\.exe HKCU\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Devices
++   DeleteValueKey  C:\\WINDOWS\\system32\\spoolsv\.exe HKU\\\.DEFAULT\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Devices
++   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\CTF\\TIP\\\{1188450c-fdab-47ae-80d8-c9633f71be64\}\\LanguageProfile\\0x00000000\\\{63800dac-e7ca-4df9-9a5c-20765055488d\}
++   SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Ports
++   SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKU\\S.+\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows
++   DeleteValueKey  C:\\WINDOWS\\system32\\userinit\.exe    HKCU\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PrinterPorts
++   SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKU\\S.+\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Devices
++   SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKU\\\.DEFAULT\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Devices
++   DeleteValueKey  C:\\WINDOWS\\system32\\spoolsv\.exe HKCU\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PrinterPorts
++   DeleteValueKey  C:\\WINDOWS\\system32\\userinit\.exe    HKCU\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Devices
++   SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKU\\\.DEFAULT\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PrinterPorts
++   SetValueKey C:\\WINDOWS\\explorer\.exe  HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached
++   SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKCU\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PrinterPorts
++   SetValueKey C:\\WINDOWS\\system32\\userinit\.exe    HKCU\\Printers
++   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\PhishingFilter
+
+#### HONEYCLIENT AUTO EXCLUDE SCRIPT
++   SetValueKey C:\\Program Files\\Windows Media Player\\wmpnscfg\.exe  HKLM\\SOFTWARE\\Microsoft\\Windows Media Player NSS\\.*
++   SetValueKey C:\\Program Files\\Windows Media Player\\wmpnetwk\.exe  HKLM\\SOFTWARE\\Microsoft\\Windows Media Player NSS\\.*
+
+#### HONEYCLIENT AUTO EXCLUDE SCRIPT - Internet Explorer 7 Updates
++   SetValueKey C:\\WINDOWS\\explorer\.exe  HKCU\\Software\\Microsoft\\Windows\\Shell\\Bag.+
+#The above should cover the below 2 cases...but it didn't...why?
++   SetValueKey C:\\WINDOWS\\explorer\.exe  HKCU\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop
++   SetValueKey C:\\WINDOWS\\explorer\.exe  HKCU\\Software\\Microsoft\\Windows\\Shell\\BagMRU
+#### HONEYCLIENT AUTO EXCLUDE SCRIPT
++   SetValueKey C:\\Program Files\\Internet Explorer\\IEXPLORE\.EXE HKCU\\Software\\Microsoft\\Internet Explorer\\International
+
+#### HONEYCLIENT AUTO EXCLUDE SCRIPT
+#After installing updates, the language bar was newly activated, these are related to that, and thus seem reasonable to add
++   SetValueKey C:\\WINDOWS\\system32\\ctfmon\.exe  HKCU\\Software\\Microsoft\\CTF\\Sapilayr
++   DeleteValueKey  C:\\WINDOWS\\system32\\ctfmon\.exe  HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run
++   SetValueKey C:\\WINDOWS\\system32\\ctfmon\.exe  HKCU\\Software\\Microsoft\\CTF\\TIP\\.+\\LanguageProfile\\.*
++   SetValueKey C:\\WINDOWS\\system32\\ctfmon\.exe  HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run
++   SetValueKey C:\\WINDOWS\\system32\\ctfmon\.exe  HKCU\\Software\\Microsoft\\CTF\\LangBar
+
++   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\.*
++   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\LowRegistry\\Extensions\\CmdMapping
++   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\SearchUrl
++   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Clients\\StartMenuInternet\\IEXPLORE\.EXE\\DefaultIcon
++   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser
++   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Setup\\7\.0
++   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached
++   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\SearchScopes
++   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components
++   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\Security\\AntiPhishing\\.+\\Smart Screen DAT file
++   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellExecuteHooks
+
++   SetValueKey C:\\WINDOWS\\explorer\.exe  HKCU\\Software\\Microsoft\\CTF\\LangBar
+
+#NOTE: looks like a likely bug value (translation not getting done)
++   DeleteValueKey  C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe  \\REGIS
+
+#### HONEYCLIENT AUTO EXCLUDE SCRIPT
++   DeleteValueKey  C:\\WINDOWS\\system32\\ctfmon\.exe  HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run
++   SetValueKey C:\\WINDOWS\\system32\\ctfmon\.exe  HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run
+
+#### HONEYCLIENT AUTO EXCLUDE SCRIPT - IE7 accessing live.com
++   SetValueKey C:\\WINDOWS\\Microsoft\.NET\\Framework\\v3\.0\\Windows Communication Foundation\\infocard\.exe  HKU\\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders
++   SetValueKey C:\\WINDOWS\\Microsoft\.NET\\Framework\\v3\.0\\Windows Communication Foundation\\infocard\.exe  HKLM\\SYSTEM\\ControlSet001\\Services\\Eventlog\\Application
++   SetValueKey C:\\WINDOWS\\Microsoft\.NET\\Framework\\v3\.0\\Windows Communication Foundation\\infocard\.exe  HKLM\\SYSTEM\\ControlSet001\\Services\\Eventlog\\Application\\idsvc
++   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\Main
+
+# IE7 - accessing multimedia pages
++   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\MPEG2Demultiplexer
+
+# IE - Active Scripting Printing
++   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\PageSetup
+
+# IE - Random Crashing Due To Poor Application Coding
++   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\PCHealth\\ErrorReporting\\.*
++   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\PCHealth\\ErrorReporting\\.*
+
+# IE - Dr Watson IE 6 Crashing
++   SetValueKey C:\\WINDOWS\\system32\\drwtsn32\.exe    HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders.*
++   SetValueKey C:\\WINDOWS\\system32\\drwtsn32\.exe    HKLM\\SOFTWARE\\Microsoft\\DrWatson.*
+
+# Benign Explorer Activity
++   SetValueKey C:\\WINDOWS\\explorer\.exe  HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar.*
++   SetValueKey C:\\WINDOWS\\explorer\.exe  HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings.*

capture-mod/trunk/soapC.cpp

@@ -8 +8 @@
-#include "soapH.h"
-
-6-27 05:00:35
+8-12 07:24:58
-
-
@@ -162 +162 @@
-    case SOAP_TYPE_double:
-        return soap_in_double(soap, NULL, NULL, "xsd:double");
+    case SOAP_TYPE_ns__junks:
+        return soap_in_ns__junks(soap, NULL, NULL, "ns:junks");
-    case SOAP_TYPE_ns__sub:
-        return soap_in_ns__sub(soap, NULL, NULL, "ns:sub");
@@ -174 +176 @@
-    case SOAP_TYPE_ns__addResponse:
-        return soap_in_ns__addResponse(soap, NULL, NULL, "ns:addResponse");
+    case SOAP_TYPE_ns__myStruct2:
+        return soap_in_ns__myStruct2(soap, NULL, NULL, "ns:myStruct2");
+    case SOAP_TYPE_ms2:
+        return soap_in_ms2(soap, NULL, NULL, "ms2");
-    case SOAP_TYPE_PointerTostring:
-        return soap_in_PointerTostring(soap, NULL, NULL, "xsd:string");
@@ -197 +203 @@
-            return soap_in_double(soap, NULL, NULL, NULL);
-        }
+        if (!soap_match_tag(soap, t, "ns:junks"))
+        {   *type = SOAP_TYPE_ns__junks;
+            return soap_in_ns__junks(soap, NULL, NULL, NULL);
+        }
-        if (!soap_match_tag(soap, t, "ns:sub"))
-        {   *type = SOAP_TYPE_ns__sub;
@@ -220 +230 @@
-        {   *type = SOAP_TYPE_ns__addResponse;
-            return soap_in_ns__addResponse(soap, NULL, NULL, NULL);
+        }
+        if (!soap_match_tag(soap, t, "ns:myStruct2"))
+        {   *type = SOAP_TYPE_ns__myStruct2;
+            return soap_in_ns__myStruct2(soap, NULL, NULL, NULL);
+        }
+        if (!soap_match_tag(soap, t, "ms2"))
+        {   *type = SOAP_TYPE_ms2;
+            return soap_in_ms2(soap, NULL, NULL, NULL);
-        }
-        if (!soap_match_tag(soap, t, "xsd:string"))
@@ -305 +323 @@
-    case SOAP_TYPE_double:
-        return soap_out_double(soap, tag, id, (const double *)ptr, "xsd:double");
+    case SOAP_TYPE_ns__junks:
+        return soap_out_ns__junks(soap, tag, id, (const struct ns__junks *)ptr, "ns:junks");
-    case SOAP_TYPE_ns__sub:
-        return soap_out_ns__sub(soap, tag, id, (const struct ns__sub *)ptr, "ns:sub");
@@ -317 +337 @@
-    case SOAP_TYPE_ns__addResponse:
-        return soap_out_ns__addResponse(soap, tag, id, (const struct ns__addResponse *)ptr, "ns:addResponse");
+    case SOAP_TYPE_ns__myStruct2:
+        return soap_out_ns__myStruct2(soap, tag, id, (const struct ms2 *)ptr, "ns:myStruct2");
+    case SOAP_TYPE_ms2:
+        return soap_out_ms2(soap, tag, id, (const struct ms2 *)ptr, "ms2");
-    case SOAP_TYPE_PointerTostring:
-        return soap_out_PointerTostring(soap, tag, id, (char **const*)ptr, "xsd:string");
@@ -342 +366 @@
-    switch (type)
-    {
+    case SOAP_TYPE_ns__junks:
+        soap_serialize_ns__junks(soap, (const struct ns__junks *)ptr);
+        break;
-    case SOAP_TYPE_ns__sub:
-        soap_serialize_ns__sub(soap, (const struct ns__sub *)ptr);
@@ -360 +387 @@
-        soap_serialize_ns__addResponse(soap, (const struct ns__addResponse *)ptr);
-        break;
+    case SOAP_TYPE_ns__myStruct2:
+        soap_serialize_ns__myStruct2(soap, (const struct ms2 *)ptr);
+        break;
+    case SOAP_TYPE_ms2:
+        soap_serialize_ms2(soap, (const struct ms2 *)ptr);
+        break;
-    case SOAP_TYPE_PointerTostring:
-        soap_serialize_PointerTostring(soap, (char **const*)ptr);
@@ -381 +414 @@
-    switch (t)
-    {
+    case SOAP_TYPE_ms2:
+        return (void*)soap_instantiate_ms2(soap, -1, type, arrayType, n);
-    case SOAP_TYPE_ns__addResponse:
-        return (void*)soap_instantiate_ns__addResponse(soap, -1, type, arrayType, n);
@@ -393 +428 @@
-    case SOAP_TYPE_ns__sub:
-        return (void*)soap_instantiate_ns__sub(soap, -1, type, arrayType, n);
+    case SOAP_TYPE_ns__junks:
+        return (void*)soap_instantiate_ns__junks(soap, -1, type, arrayType, n);
-#ifndef WITH_NOGLOBAL
-    case SOAP_TYPE_SOAP_ENV__Header:
@@ -413 +450 @@
-        return (void*)soap_instantiate_SOAP_ENV__Fault(soap, -1, type, arrayType, n);
-#endif
+    case SOAP_TYPE_ns__myStruct2:
+        return (void*)soap_instantiate_ns__myStruct2(soap, -1, type, arrayType, n);