4.2 Issue ROP Commands to the Server
The client has already established a Session Context with the server and has a valid session context handle. For more information, see section 4.1.
The client sends ROP commands to server by using the EcDoRpcExt2 method, as described in section 3.1.4.2, and by using the session context handle returned from the EcDoConnectEx method RPC, as described in section 3.1.4.1.
pcxh: Pointer to session context handle value, which is 0x00001234.
pulFlags: Pointer to unsigned long containing value 0x00000003. (Client requests server to not compress or perform the XOR operation on the payload of the rgbOut and rgbAuxOut parameters.)
rgbIn: Client passes extended buffer and payload containing ROP commands to be processed by server. For details about ROP commands, see [MS-OXCROPS].
|
RPC_HEADER_EXT |
Payload |
|||||
|---|---|---|---|---|---|---|
|
|
ROP request commands |
|||||
|
Version |
Flags |
Size |
SizeActual |
RopSize |
ROPs |
ServerObjectHandleTable (SOHT) |
|
0x0000 |
0x0004 |
0x0152 |
0x0152 |
0x0142 |
320 bytes |
16 bytes |
(Payload is not compressed and not obfuscated.)
cbIn: 0x0000015A
rgbAuxIn: Null pointer value.
cbAuxIn: 0x00000000
rgbOut: Pointer to buffer of size 0x00018008.
pcbOut: Pointer to unsigned long value 0x00018008.
rgbAuxOut: Pointer to buffer of size 0x1008.
pcbAuxOut: Pointer to unsigned long value 0x00001008.
The server processes the EcDoRpcExt2 method request. The server verifies that the session context handle is for a valid Session Context for this user. The server processes the ROP request commands and returns the ROP response results to the client with the following output values:
pcxh: Value at session context handle pointer is 0x00001234.
pulFlags: Value at unsigned long is 0x00000000.
rgbOut: Server returns the following extended buffer and payload containing ROP response commands.
|
RPC_HEADER_EXT |
Payload |
|||||
|---|---|---|---|---|---|---|
|
|
ROP response commands |
|||||
|
Version |
Flags |
Size |
SizeActual |
RopSize |
ROPs |
SOHT |
|
0x0000 |
0x0004 |
0x0052 |
0x0052 |
0x0042 |
64 bytes |
16 bytes |
(Payload is not compressed and not obfuscated.)
pcbOut: 0x0000005A
rgbAuxOut: Server returns nothing in the auxiliary output buffer.
pcbAuxOut: 0x00000000
pulTransTime: Value at unsigned long pointer is 0x00000010. (The number of milliseconds it took the server to process the EcDoRpcExt2 method RPC.)
Return Value: 0x00000000