coding binge coming on.
tastas at home.com
Mon Mar 8 05:43:43 GMT 1999
> that requires info from microsoft on how they obfuscate an area of the rpc
> code that contains six buffers (four unicode strings: two passwords).
Which call is this? I did this while sniffing. The calls made were
a couple of SamrCloseHandle(0x1)
The SamrSetInformationUser2 call looks to have some ugly stuff in it. Is
this the one you're referring to? I have the sniff if you want it.
p.s. I hacked up a skeleton netmon parser dll for samr today. It doesn't do
much besides display the apis by name, but I find even that to be a great
help. If anyone wants it, let me know.
More information about the samba-technical