4.3 Receive Packed ROP Responses from the Server
The client has already established a Session Context with the server and has a valid session context handle. For more information, see section 4.1.
The client sends ROP commands to server by calling the EcDoRpcExt2 method, as described in section 3.1.4.2, by using the session context handle that is returned from the EcDoConnectEx method call, as described in section 3.1.4.1. The last ROP request contains the RopReadStream ROP ([MS-OXCROPS] section 2.2.9.2), so the client requests response chaining (for example, packing).
pcxh: Pointer to session context handle value, which is 0x00001234.
pulFlags: Pointer to unsigned long containing value 0x00000007. (Client requests that the server not compress or perform an XOR operation on the payload of the rgbOut and rgbAuxOut parameters. Client requests response chaining.)
rgbIn: Client passes extended buffer and payload containing ROP commands to be processed by server. For details about ROP commands, see [MS-OXCROPS].
RPC_HEADER_EXT |
Payload |
|||||
---|---|---|---|---|---|---|
|
ROP request commands |
|||||
Version |
Flags |
Size |
SizeActual |
RopSize |
ROPs |
SOHT |
0x0000 |
0x0004 |
0x0152 |
0x0152 |
0x0142 |
320 bytes (last ROP command is RopReadStream) |
16 bytes |
(Payload is not compressed and not obfuscated.)
cbIn: 0x0000015A
rgbAuxIn: Null pointer value.
cbAuxIn: 0x000000
rgbOut: Pointer to buffer of size 0x00018008.
pcbOut: Pointer to unsigned long value 0x00018008.
rgbAuxOut: Pointer to buffer of size 0x1008.
pcbAuxOut: Pointer to unsigned long value 0x00001008.
The server processes the EcDoRpcExt2 method request. The server verifies that the session context handle is for a valid Session Context for this user. The server processes the ROP request commands and returns ROP response results to client. The last ROP was the RopReadStream ROP, and the client has requested chaining; there is more data to return in the stream being read, there is more room in the rgbOut parameter output buffer, and the server adds another extended buffer and payload. The server returns the following output values.
pcxh: Value at session context handle pointer is 0x00001234.
pulFlags: Value at unsigned long is 0x00000000.
rgbOut: Server returns two extended buffer header and payload pairs containing ROP response commands. The last payload contains only the RopReadStream ROP command.
RPC_HEADER_EXT
|
Payload |
RPC_HEADER_EXT
|
Payload |
||||
---|---|---|---|---|---|---|---|
Flags: 0x0000 Size: 0x7FFE |
ROP response commands |
Flags: 0x0004 Size: 0x2008 |
ROP response command |
||||
RopSize 0x7FEE |
ROPs |
SOHT 16 bytes |
RopSize 0x1FF8 |
ROP |
SOHT 16 bytes |
||
(Payloads are not compressed and not obfuscated.)
pcbOut: 0x0000A016
rgbAuxOut: Server returns nothing in the auxiliary output buffer.
pcbAuxOut: 0x00000000
pulTransTime: Value at unsigned long pointer is 0x00000010. (The number of milliseconds it took the server to process the EcDoRpcExt2 method call.)
Return Value: 0x00000000