Help Understanding Stub for MS06-040

[npouvesle at tenablesecurity.com (Nicolas Pouvesle)]

On Mar 14, 2007, at 2:38 PM, Kyle Schatzle wrote:

>  I thought I could disassemble the netapi32.dll and recreate the  
> IDL file, but was unsuccessful with using mIDA, and unmidl.

netapi32.dll only contains a client stub. I have a version of mIDA  
that can decompile some client stubs but I have to fix it/merge it  
with the main code.
For the function called in this exploit you should look at the server  
stub in srvsvc.dll.


Nicolas