[jcifs] SamOEMChangePassword works (sort of)
Tony Thompson
tony.thompson at stone-ware.com
Tue Jun 18 05:23:58 EST 2002
> > > abstract int writeParameterWordsWireFormat( byte[] dst, int dstIndex );
> > > abstract int writeBytesWireFormat( byte[] dst, int dstIndex );
> > > abstract int readParameterWordsWireFormat( byte[] buffer,
> > > int bufferIndex )
> > > throws IOException;
> > > abstract int readBytesWireFormat( byte[] buffer,
> > > int bufferIndex )
> > > throws IOException;
> > >
> > > To implement any SMB message you just have to fill in these methods and
> > > give that object to send or sendTransaction. The top level writeWriteFormat
> > > method will call writeParameterWordsWireFormat and write the return value
> > > of that into the ParameterCount field. It will do the same for
> > > writeBytesWireFormat writing the return value from that into the DataCount
> > > field. Same principle for readParameterWordsWireFormat and
> > > readBytesWireFormat. In other words, that 22 is being returned by your
> > > writeParameterWordsWireFormat implementation. Have it return 20 instead. If
> > > the accounting doesn't add up, that might be a further clue as to what
> > > constitutes a valid message and help to reverse engineer the precise format.
> >
> > The methods that I am using are writeParametersWireFormat() and writeDataWireFormat() not writeParameterWordsWireFormat() and writeBytesWireFormat(). I also can't write 20 instead of 22 and get anything in a pcap that makes sense. I am using a NG Sniffer instead of Ethereal to look at the traces (the decodes are much better) and I am still having a hard time figuring out where my issues are coming from.
>
> Oh, right. I forgot you're using Transactions. The same principle applies.
> You want to return 20 instead of 22. If the pcap says the ByteCount is 20
> then I don't see how you can have 22 bytes of stuff in there. I've never
> seen that. Check your accounting again and take into consideration there
> might be a padding (although that could only add to the offset and not the
> ByteCount I think).
The pcap from the working Win98 machine only has 20 bytes of information but when I send mine, it has 22. This number will change though depending on the length of the users ID. The Win98 pcap is somehow not taking into account the extra two bytes (the word with 532 or 814 in it, depending on which pcap you look at).
<* snip *>
> > There is a "parameter words" field in the transaction header that is partially wrong in the > jCIFS trace as well. I don't have a clue where any of that information came from but, it is > wrong.
> Partially wrong how? Again, some of those fields are calculated based on
> what you return from writeParametersWireFormat and writeDataWireFormat.
You would have to look at the traces I sent. If you compare the two, it is easy to see. I just don't know how to make it right.
Tony
More information about the jcifs
mailing list