coding binge coming on.

Todd Sabin tastas at
Mon Mar 8 05:43:43 GMT 1999

Luke wrote:
> that requires info from microsoft on how they obfuscate an area of the rpc
> code that contains six buffers (four unicode strings: two passwords).

Which call is this?  I did this while sniffing.  The calls made were 

a couple of SamrCloseHandle(0x1)

The SamrSetInformationUser2 call looks to have some ugly stuff in it.  Is
this the one you're referring to?  I have the sniff if you want it.


p.s.  I hacked up a skeleton netmon parser dll for samr today.  It doesn't do
much besides display the apis by name, but I find even that to be a great
help.  If anyone wants it, let me know.

More information about the samba-technical mailing list