[jcifs] help! parse the ORPC protocol
Xiaobo Li
xiaobo_zju at sohu.com
Fri Oct 1 14:24:29 GMT 2004
hi all
Is there anybody familiar with ORPC? I want to ask some questions.
I uses Ethereal to observe the traffic of a DCOM request.
The dcom version is 5.6 (Win2000).
The interface is IRemUnknown2, opnum is 5, I think it should be
HRESULT RemRelease (
[in] uint16 cInterfaceRefs,
[in, size_is(cInterfaceRefs)] REMINTERFACEREF InterfaceRefs[]
);
And the stub is as follows.
05 00 major version
06 00 minor version
00 00 00 00 flag
00 00 00 00 reserved
6c d2 48 a3 c4 ed 2b 40 9e cf 7a dc 84 01 5b 77 CID
00 00 00 00 no extensions
//OPCTHIS end
01 00 00 00
01 00 00 00
03 bc 00 00 04 08 0c 08 b3 0e ad b3 66 a2 8d 20 IPID
05 00 00 00 cPublicRefs
00 00 00 00 cPrivateRefs
00 00 00 00
In fact, I can only understand the content till the OPCTHIS.
What effect do other bytes take?
Is there any body can teach me?
thanks in advance..
More information about the jcifs
mailing list