4.4.2.1 Client Request Buffer

A complete RopWriteStream ROP request buffer ([MS-OXCROPS] section 2.2.9.3) is a variable length buffer, formatted as follows.

 0000: 2D 01 01 15 2E 00 00 61-6E 20 61 6C 77 61 79 73
 0010: 20 72 65 73 74 6f 72 65-20 74 68 65 20 6C 6F 6F
 0020: 6B 20 6F 66 20 79 6F 75-72 20 64 6F 63 75 6D 65

The first three bytes of the buffer refer to the RopId, LogonId, and InputHandleIndex fields of the RopWriteStream ROP.

 0000: 2D 01 01

RopId: 0x2D (RopWriteStream)

LogonId: 0x01

InputHandleIndex: 0x01

The next two bytes in the ROP request buffer are the DataSize field, described in section 2.2.16.1.

 0006: 15 2E

DataSize: 0x2E15 (11797)

The remaining bytes constitute the Data field. The ROP request buffer specified earlier in this section is truncated, and all of the stream data is not shown.

Data: 00 00 61-6E 20 61 6C 77 61 79 73 20 72 65 73 74 6F 72 65-20 74 68 65 20 6C 6F 6F 6B 20 6F 66 20 79 6F 75-72 20 64 6F 63 75 6D 65...........

Show: