[jcifs] SamOEMChangePassword works (sort of)

Tony Thompson tony.thompson at stone-ware.com
Tue Jun 18 05:23:58 EST 2002

> > >     abstract int writeParameterWordsWireFormat( byte[] dst, int dstIndex );
> > >     abstract int writeBytesWireFormat( byte[] dst, int dstIndex );
> > >     abstract int readParameterWordsWireFormat( byte[] buffer, 
> > >                                         int bufferIndex )
> > >                                         throws IOException;
> > >     abstract int readBytesWireFormat( byte[] buffer, 
> > >                                         int bufferIndex )
> > >                                         throws IOException;
> > > 
> > > To  implement  any  SMB  message you just have to fill in these methods and
> > > give that object to send or sendTransaction. The top level writeWriteFormat
> > > method  will  call writeParameterWordsWireFormat and write the return value
> > > of   that   into  the  ParameterCount  field.  It  will  do  the  same  for
> > > writeBytesWireFormat  writing the return value from that into the DataCount
> > > field.     Same     principle    for    readParameterWordsWireFormat    and
> > > readBytesWireFormat.  In  other  words,  that  22 is being returned by your
> > > writeParameterWordsWireFormat implementation. Have it return 20 instead. If
> > > the  accounting  doesn't  add  up,  that might be a further clue as to what
> > > constitutes a valid message and help to reverse engineer the precise format.
> > 
> > The methods that I am using are writeParametersWireFormat() and writeDataWireFormat() not writeParameterWordsWireFormat() and writeBytesWireFormat().  I also can't write 20 instead of 22 and get anything in a pcap that makes sense.  I am using a NG Sniffer instead of Ethereal to look at the traces (the decodes are much better) and I am still having a hard time figuring out where my issues are coming from.
> Oh,  right. I forgot you're using Transactions. The same principle applies.
> You  want  to return 20 instead of 22. If the pcap says the ByteCount is 20
> then  I  don't  see how you can have 22 bytes of stuff in there. I've never
> seen  that.  Check  your accounting again and take into consideration there
> might  be a padding (although that could only add to the offset and not the
> ByteCount I think). 

The pcap from the working Win98 machine only has 20 bytes of information but when I send mine, it has 22.  This number will change though depending on the length of the users ID.  The Win98 pcap is somehow not taking into account the extra two bytes (the word with 532 or 814 in it, depending on which pcap you look at).

<* snip *>

> > There is a "parameter words" field in the transaction header that is partially wrong in the > jCIFS trace as well.  I don't have a clue where any of that information came from but, it is  > wrong.

> Partially  wrong  how?  Again, some of those fields are calculated based on
> what you return from writeParametersWireFormat and writeDataWireFormat. 

You would have to look at the traces I sent.  If you compare the two, it is easy to see.  I just don't know how to make it right.


More information about the jcifs mailing list