4.3 Multiple ROP Request

In the multiple ROP request scenario, the buffer consists of two ROP requests. The first is a RopOpenFolder ROP request (section 2.2.4.1), and the second is a RopGetHierarchyTable ROP request (section 2.2.4.13). The input for the second ROP is the output for the first ROP. All output handles are initialized to 0xFFFFFFFF.

 14 00 02 00 00 01 01 00 59 65 73 73 69 72 00 04 00 01 02 04 6E 00 00 00 FF FF FF FF FF FF FF FF

RopSize: 14 00

Rops:

RopId: 02 (RopOpenFolder)

LogonId: 00

InputHandleIndex: 00

OutputHandleIndex 01

FolderId: 01 00 59 65 73 73 69 72 (ID of the folder to be opened)

OpenModeFlags: 00

RopId: 04 (RopGetHierarchyTable)

LogonId: 00

InputHandleIndex: 01

OutputHandleIndex: 02

TableFlags: 04

ServerObjectHandleTable:

6E 00 00 00 (Handle 0, input of RopOpenFolder)

FF FF FF FF (Handle 1, output of RopOpenFolder, input of RopGetHierarchyTable)

FF FF FF FF (Handle 2, output of RopGetHierarchyTable)