dcerpc_winreg_QueryValue
Karl Melcher
karl at melch.net
Fri Dec 3 14:23:03 GMT 2004
Mike,
I created some packet captures using the windows API. This is between the same
hosts getting the same reg value. The captures and source are located here:
ftp://melch.net/pub/winreg/query_value.zip
>From looking at the dump and Ethereal, it does look like the data is actually a
structure with 4 fields: max, offset, actual, data. I have not had time to
experiment with the pidl source, but hope to do that in the next few days.
Thanks,
Karl
----------
>>It would also be best to work from a capture of a Windows client because if
>>the current smbcli IDL isn't right the request could be messed up from the
>>start in which case you really don't know what you're looking at. If you can
>>produce such a capture [1] send it to me and I'll verify minimal winreg calls
>>in Java and then post the MIDL so the Samba guys can update their stuff.
More information about the samba-technical
mailing list