Export (0) Print
Expand All

4 Protocol Examples

The following examples illustrate the byte order of ROPs in a buffer that is being prepared for transmission. Note that the examples in this section show only the relevant portions of the specified ROPs; this is not the final byte sequence that gets transmitted over the wire. Also note that the data format for a multibyte field appears in little-endian format, with the bytes in the field presented from least significant to most significant.

Frequently, these ROP requests are packed with other ROP requests, compressed and obfuscated, as described in [MS-OXCRPC] section 3. These examples assume that the client has already successfully logged on to the server and has obtained any Server object handles that are to be used as inputs in the ROPs.

Examples in this section use the following format for byte sequences. Each byte is expressed as a two-digit hexadecimal number.

0080: 45 4D 53 4D 44 42 2E 44-4C 4C 00 00 00 00 00 00

The value 0080 at the far left is the byte sequence's offset from the beginning of the buffer. Following the offset is a colon and then a series of up to 16 bytes. Here, the first byte (45) in the series is located 0x80 bytes (128 bytes) from the beginning of the buffer. The seventh byte (2E) in the series is located 0x86 bytes (134 bytes) from the beginning of the buffer. The dash between the eighth byte (44) and the ninth byte (4C) has no semantic value; it serves only to distinguish the eight-byte boundary for readability.

This byte sequence is followed by one or more lines that interpret it. In larger examples, the byte sequence is shown once in its entirety and then repeated in smaller chunks, with each smaller chunk interpreted separately.

When explaining the values of the InputHandleIndex and OutputHandleIndex fields, the example text describes the Server object that is referenced by the handle index. For more information about Server object handles, see [MS-OXCROPS] section 1.3.1.

Show:
© 2014 Microsoft