[Dailydave] p2psvc.dll idl function definition ambiguities - any ideas?
Rich Smith
richard.j.smith at hp.com
Tue Jan 15 06:44:34 EST 2008
Cheers for the pointer to MS download note, while PNRP may have been
updated to V2.0 this doesn't reference which MSRPC interfaces have
changed. An application version change doesn't mean the constituent
MSRPC interfaces are changed per se, and from the unmidl'd p2psvc.dll
the version numbers on interfaces a2d47257-12f7-4beb-8981-0ebfa935c407
(pnrpsvc) & 8174bb16-571b-4c38-8386-1102b449044a (IP2pIMSvc) are the
same in both versions. Which brings me back to the original question:
If v.2.0 of PNRP has changed the MSRPC interface definitions, why
haven't the version numbers on the interfaces been bumped or new
UUID's been designated?
idl's of the two versions of the p2psvc.dll are attached if people
want to have a peek.
Cheers
Rich
-------------- next part --------------
A non-text attachment was scrubbed...
Name: p2psvc_xpsp2base_UNMIDL.idl
Type: application/octet-stream
Size: 16167 bytes
Desc: not available
Url : http://lists.immunitysec.com/pipermail/dailydave/attachments/20080115/c829100a/attachment-0002.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: p2psvc_xpsp2up2date_UNMIDL.idl
Type: application/octet-stream
Size: 16590 bytes
Desc: not available
Url : http://lists.immunitysec.com/pipermail/dailydave/attachments/20080115/c829100a/attachment-0003.obj
-------------- next part --------------
On 14 Jan 2008, at 19:38, Nicolas RUFF wrote:
>> I've been playing about with some MSRPC stuff in an effort to
>> improve
>> some fingerprinting techniques and have come up with some ambiguities
>> in p2psvc.dll that I can't explain - so I was wondering if anyone on
>> list might be able to :)
>
> PNRP has been updated to version 2.0 through a Windows Update
> "recommended" patch.
>
> http://www.microsoft.com/downloads/details.aspx?FamilyId=55219164-EC71-4A32-A648-4ED2582EBC7C&displaylang=en
>
> Are you sure you are diffing the same version?
>
> My .02,
> - Nicolas RUFF
--
Rich Smith
Trusted Systems Lab
Hewlett-Packard Labs
--
Hewlett-Packard Limited registered Office: Cain Road, Bracknell, Berks
RG12 1HN
Registered No: 690597 England
The contents of this message and any attachments to it are
confidential and may be legally privileged.
If you have received this message in error, you should delete it from
your system immediately and advise the sender.
To any recipient of this message within HP, unless otherwise stated
you should consider this message and attachments as "HP CONFIDENTIAL".
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4213 bytes
Desc: not available
Url : http://lists.immunitysec.com/pipermail/dailydave/attachments/20080115/c829100a/attachment-0001.bin
More information about the Dailydave
mailing list