unknown RPC opcodes during join+logon
Richard Sharpe
rsharpe at ns.aus.com
Sat Jul 27 09:22:01 GMT 2002
On Sat, 27 Jul 2002, Jim McDonough wrote:
>
> Jean Francois Micouleau <Jean-Francois.Micouleau at dalalu.fr> wrote:
> >uint32 ptr to struct (00 13 2b c8)
> >uint16 info level (00 0c)
> >uint16 of padding
> >UNIHDR string 1 (byte length, byte length: 00 06, 00 08)
> >uint32 ptr: 00 0f 4e 40
> >UNIHDR string 2 (00 20, 00 22)
> >uint32 ptr:68 83 11 00
> >UNIHDR string 3 (20 00, 22 00)
> >uint32 ptr: 38 83 11 00
> >don't know: 0f 64 ce f7 1d fe 30 45 8d f5 78 80 b3 a7 42 93
> >uint32 ptr: e8 82 11 00
> >UNISTR2: MCD
> >padding
> >UNISTR2: mcd.maine.rr.com
> >UNISTR2: mcd.maine.rr.com
> >SID: S-1-5-21-398125506-2811944389-3810785154
> >uint32 status code
> Ok, looks like we mostly agree, so the only thing I'd change on yours is:
> -the long "don't know" is the domain guid...I'm sure of this.
>
> So why are there ptrs before two of the strings but not the first one?
They are possibly top-level refs.
Regards
-----
Richard Sharpe, rsharpe at ns.aus.com, rsharpe at samba.org,
sharpe at ethereal.com
More information about the samba-technical
mailing list