4.5 RopBufferTooSmall ROP Response

In the RopBufferTooSmall ROP response scenario, when a RopOpenMessage ROP (section 2.2.6.1) call produces a response that won't fit in the output buffer (the output buffer being much smaller than usual for this example), the RopBufferTooSmall ROP (section 2.2.15.1) indicates that an output buffer with at least 0x002C bytes is required to return the ROP response buffer from the RopOpenMessage ROP in the ROP request. The RopOpenMessage ROP request and the Server object handle table are the same as those specified in the input ROP buffer. In this scenario, the RopBufferTooSmall ROP is the first ROP, which indicates that no ROPs were processed before running out of room.

 1C 00 FF 2C 00 03 00 00 01 FF 0F 01 00 15 89 00 78 27 1E 03 01 00 15 89 00 78 2F BB 12 00 00 00 FF FF FF FF

RopSize: 1C 00

Rops:

RopId: FF (RopBufferTooSmall)

SizeNeeded: 2C 00 (0x002C bytes)

RopId:  03 (RopOpenMessage)

LogonId: 00

InputHandleIndex: 00

OutputHandleIndex: 01

CodePageID: FF 0F

FolderId: 01 00 15 89 00 78 27 1E

OpenModeFlags: 03

MessageId: 01 00 15 89 00 78 2F BB

ServerObjectHandleTable:

12 00 00 00 (Handle 0, input of RopOpenMessage)

FF FF FF FF (Handle 1, output of RopOpenMessage)

Show: