none
Marshalling and unmarshalling a VARIANT in DCOM (ORPC) RRS feed

  • Question

  • Hello,

    I am trying to analyze stream of bytes of a ORPC communications with no success.

    For example the following stub data of a RPC request packet in little endian:

    050007000000000000000000660aaaa 44dbc49429fb94f541ddc661800000000

    0100000001000000a0e9070201000000 55736572010000000300000000000000 0b000000000000000b000000ffff

    Accordingly to 2.2.13.3@MS-DCOM document (ORPCTHIS):

    0500 Mayor version
    0700 Minor version
    00000000 Flags
    00000000 Reserved
    660aaaa44dbc49429fb94f541ddc6618 CID
    00000000 extensions

    Methods arguments are:

    HRESULT Write( [in] DWORD dwCount, [in, size_is(dwCount)] DWORD * phServer, [in, size_is(dwCount)] VARIANT * pItemValues, [out, size_is(,dwCount)] HRESULT ** ppErrors );

    dwCount: 01000000
    phServer: 01000000


    And now it comes the VARIANT. Using 2.2.29@MS-OAUT doc

    clSize should be: a0e90702 (weird) or is it repeating the size? From here nothing has sense.

    I have read the following documents:

    DCE 1.1 Remote Procedure Call c706.pdf
    [MS-COM].pdf
    [MS-DCOM].pdf
    [MS-DTYP].pdf
    [MS-ERREF].pdf
    [MS-OAUT].pdf
    [MS-RPCE].pdf

    Does anyone have a clue?

    Thank you in advance!

    Rodrigo


    Monday, July 23, 2018 4:10 PM

Answers

  • To close the loop on the forum, the interpretation of stub data in your packet depends on the opnum on the given interface. You confirmed to us offline that you are calling methods of a protocol which does not belong to the Microsoft Open Specifications.

    This is a third-party protocol development issue. You might want to consult an expert on that third-party protocol. The stub data is protocol specific and each opnum in your interface will have their definition.

     

    Regards,

    Edgar


    Saturday, August 11, 2018 2:56 AM
    Moderator

All replies

  • Hi Rodrigo,

    Thanks for posting your question related to marshalling and unmarshalling a VARIANT datatype in DCOM. A member of the open specifications team will be engaging with you to assist you.

    Will Gregg | open specifications 

    Monday, July 23, 2018 5:42 PM
    Moderator
  • Hello Rodrigo,

    We are reviewing your request and follow-up soon.

    Thanks,

    Edgar

    Tuesday, July 24, 2018 5:03 PM
    Moderator
  • Thanks Edgar and Will
    Tuesday, July 31, 2018 7:23 AM
  • Hello Rodrigo,

    Please send a message to dochelp < at > Microsoft ( dot ) com. Please address the message to my attention and mention this thread.

    Thanks,
    Edgar

    Wednesday, August 1, 2018 4:02 AM
    Moderator
  • Sent! Thank you.
    Wednesday, August 1, 2018 8:16 AM
  • To close the loop on the forum, the interpretation of stub data in your packet depends on the opnum on the given interface. You confirmed to us offline that you are calling methods of a protocol which does not belong to the Microsoft Open Specifications.

    This is a third-party protocol development issue. You might want to consult an expert on that third-party protocol. The stub data is protocol specific and each opnum in your interface will have their definition.

     

    Regards,

    Edgar


    Saturday, August 11, 2018 2:56 AM
    Moderator