Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

p2psvc.dll idl function definition ambiguities - any ideas?

From: Rich Smith <richard.j.smith () hp com>
Date: Thu, 10 Jan 2008 17:51:31 +0000
Hi all,
        I've been playing about with some MSRPC stuff in an effort to improve  
some fingerprinting techniques and have come up with some ambiguities  
in p2psvc.dll that I can't explain - so I was wondering if anyone on  
list might be able to :)

On unmidl'ing p2psvc.dll from a base install of XP with SP2 (no  
patches) and one from an XP SP2 that is patched up to date shows  
differences in the type & function definitions of the interfaces  
a2d47257-12f7-4beb-8981-0ebfa935c407 (pnrpsvc) &  
8174bb16-571b-4c38-8386-1102b449044a (IP2pIMSvc) but their interface  
version numbers haven't been changed?

Specifically functions 0x05 (register) an 0x07 (resolve) for pnrpsvc  
have some different and extra arguments, in addition to differences in  
type definitions (partial idl's included at end).

I thought (though I'm happy to be corrected) that the whole point of  
the UUID and version number was so that you always knew your were  
communicating with an interface that understood things were the way  
you understood them to be - so how can the same interface have the  
same UUID & version and different function definitions, surely this  
causes incompatibility?

The question this also raises is to why the changes were made, anyone  
any insight?

I'm currently in the process of tracking down which patch introduced  
the changes, so I'll update when I find out.

Cheers
Rich

[partial idl's - {*DD*} denotes difference]

<snip XP_SP2_NO_PATCH>
...
...
//NDR Version = 0002
//IDL
[ uuid(a2d47257-12f7-4beb-8981-0ebfa935c407),
   version(1.0) ] interface myinterface
...
...
long  Function_05( [out] [context_handle]  void * element_38823,
{*DD*}[in] [context_handle]  void * element_38824,
[in]  [string] wchar_t *  element_38825,
[in] [unique]  [string] wchar_t * element_38826,
[in]  TYPE_3 * element_38827,
[in] [unique]  TYPE_6 ** element_38841,
[out]  TYPE_6 * element_38843,
[in]  long  element_38844,
[in,out] [unique]  long * element_38845
  );
...
...
long  Function_07( [out] [context_handle]  void * element_38849,
{*DD*}[in] [context_handle]  void * element_38850,
{*DD*}[in]  [string] wchar_t *  element_38851,
[in]  [string] wchar_t *  element_38852,
[in]  long  element_38853,
[in]  long  element_38854,
[in]  /* enum */ unsigned short  element_38855,
[in] [unique]  TYPE_6 ** element_38856,
[in]  long  element_38857,
[in]  long  element_38858,
[in]  long  element_38859,
[in,out] [unique]  long * element_38860
  );
...
...
</snip XP_SP2_NO_PATCH>

<snip XP_SP2_UP2DATE>
...
...
//NDR Version = 0002
//IDL
[ uuid(a2d47257-12f7-4beb-8981-0ebfa935c407),
   version(1.0) ] interface myinterface
...
...
long  Function_05( [out] [context_handle]  void * element_23239,
{*DD*}[in]  long  element_23240,
[in]  [string] wchar_t *  element_23241,
[in] [unique]  [string] wchar_t * element_23242,
[in]  TYPE_3 * element_23243,
[in] [unique]  TYPE_7 ** element_23263,
[out]  TYPE_7 * element_23265,
[in]  long  element_23266,
[in,out] [unique]  long * element_23267
  );
...
...
long  Function_07( [out] [context_handle]  void * element_23271,
{*DD*}[in]  long  element_23272,
{*DD*}[in] [unique]  [string] wchar_t * element_23273,
[in]  [string] wchar_t *  element_23274,
[in]  long  element_23275,
[in]  long  element_23276,
[in]  /* enum */ unsigned short  element_23277,
[in] [unique]  TYPE_7 ** element_23278,
[in]  long  element_23279,
[in]  long  element_23280,
[in]  long  element_23281,
{*DD*}[in]  long  element_23282,
{*DD*}[in]  long  element_23283,
[in,out] [unique]  long * element_23284
  );
...
...
</snip XP_SP2_UP2DATE>

--
Rich Smith
Trusted Systems Lab
Hewlett-Packard Labs
--
Hewlett-Packard Limited registered Office: Cain Road, Bracknell, Berks  
RG12 1HN
Registered No: 690597 England

The contents of this message and any attachments to it are  
confidential and may be legally privileged.
If you have received this message in error, you should delete it from  
your system immediately and advise the sender.
To any recipient of this message within HP, unless otherwise stated  
you should consider this message and attachments as "HP CONFIDENTIAL".
--


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: