4 Protocol Examples

The following examples illustrate the byte order of ROPs in a buffer being prepared for transmission. Note that the examples in this section show only the relevant portions of the specified ROPs; this is not the final byte sequence that gets transmitted over the wire. Also note that the data format for a multibyte field appears in little-endian format, with the bytes in the field presented from least significant to most significant.

Frequently, these ROP requests are packed with other ROP requests, compressed and obfuscated, as described in [MS-OXCRPC] section 3. These examples assume that the client has already successfully logged on to the server and has obtained any Server object handles that are to be used as inputs for the ROPs.

Examples in this section use the following format for byte sequences, expressed in hexadecimal:

 0080: 45 4D 53 4D 44 42 2E 44-4C 4C 00 00 00 00 00 00

The value at the far left (0080) is the byte sequence's offset from the beginning of the buffer. Following the offset is a series of up to 16 bytes, with each two-character sequence describing the value of one byte. Here, the first byte (45) in the series is located 0x80 bytes (128 bytes) from the beginning of the buffer. The seventh byte (2E) in the series is located 0x86 bytes (134 bytes) from the beginning of the buffer. The dash between the eighth byte (44) and the ninth byte (4C) has no semantic value and serves only to distinguish the eight-byte boundary for readability.

This byte sequence is followed by one or more lines that interpret it. In larger examples, the byte sequence is shown once in its entirety and then repeated in smaller chunks, with each smaller chunk interpreted separately.

When explaining InputHandleIndex values, the example text describes the Server object that is referenced by the handle index. For information about Server object handles, see [MS-OXCROPS] section 1.3.1.