coding binge coming on.
Todd Sabin
tastas at home.com
Mon Mar 8 05:43:43 GMT 1999
Luke wrote:
>
> that requires info from microsoft on how they obfuscate an area of the rpc
> code that contains six buffers (four unicode strings: two passwords).
>
Which call is this? I did this while sniffing. The calls made were
SamrOpenDomain(0x7)
SamrCreateUser2InDomain(0x32)
SamrQueryInformationUser(0x24)
SamrGetUserDomainPasswordInformation(0x2c)
SamrSetInformationUser2(0x3a)
a couple of SamrCloseHandle(0x1)
The SamrSetInformationUser2 call looks to have some ugly stuff in it. Is
this the one you're referring to? I have the sniff if you want it.
Todd
p.s. I hacked up a skeleton netmon parser dll for samr today. It doesn't do
much besides display the apis by name, but I find even that to be a great
help. If anyone wants it, let me know.
More information about the samba-technical
mailing list