need more information about unknown bytes in RPC call

[Matthieu Patou]

Andrew and all the team,

With the help of my netlogon dissector I'm sure that what ever version 
of windows there is always undocumented bytes in netlogon and drsuapi 
and LSA calls. They have the particularity to begin with the same 
"signature": 8a e3 13 71 02 f4 36 71 01 40 04 00 01 00 00 00

For GetDomainInfo and LogonSamLogonWithFlags (when level == 6) and  it is :

8a e3 13 71 02 f4 36 71 01 40 04 00 01 00 00 00

For DsBind
0000   8a e3 13 71 02 f4 36 71 01 00 04 00 01 00 00 00  ...q..6q........
0010   02 40 28 00 35 42 51 e3 06 4b d1 11 ab 04 00 c0  .@(.5BQ..K......
0020   4f c2 dc d2 04 00 00 00 04 5d 88 8a eb 1c c9 11  O........]......
0030   9f e8 08 00 2b 10 48 60 02 00 00 00              ....+.H`....

For LookupSid3Request
0000   8a e3 13 71 02 f4 36 71 01 00 04 00 01 00 00 00  ...q..6q........
0010   02 40 28 00 78 57 34 12 34 12 cd ab ef 00 01 23  .@(.xW4.4......#
0020   45 67 89 ab 00 00 00 00 04 5d 88 8a eb 1c c9 11  Eg.......]......
0030   9f e8 08 00 2b 10 48 60 02 00 00 00              ....+.H`....

For LogonSamLogonEx
0000   8a e3 13 71 02 f4 36 71 01 00 04 00 01 00 00 00  ...q..6q........
0010   02 40 28 00 78 56 34 12 34 12 cd ab ef 00 01 23  .@(.xV4.4......#
0020   45 67 cf fb 01 00 00 00 04 5d 88 8a eb 1c c9 11  Eg.......]......
0030   9f e8 08 00 2b 10 48 60 02 00 00 00              ....+.H`....

I can't stop thinking that something (maybe useful maybe not) is hidden 
in it.
Can we ask the guys from wspp for more information ?

Matthieu.