|
EtherealRe: [Ethereal-dev] Unicode strings ... |
|
||
|
|
EtherealRe: [Ethereal-dev] Unicode strings ... |
|
||
Todd Sabin writes: > Ignoring the SMB parts of things for the moment, what you're actually > seeing in the DCE/RPC parts of these calls are usually one of two > different things: [unsigned short array vs counted array of unsigned shorts] That makes a lot of sense. I suspect, as you also do I think, that it really depends on who happened to write the IDL for the particular pipe in question. It does seem to be fairly consistent across pipes though. > also note that in either case, the endianness is specified by the > dce/rpc packet header, so you can't assume that it's LE on the wire. Oh, I thought the endianess of the rpc strings is always LE, regardless of the dce/rpc packet header bit. I think there are some bits in the header that have their endianness changed though. I'd have to check the source to make sure... > In theory, this kind of stuff should be auto-generated by an .idl > compiler, but even if we had one, there's really no way to guess > whether an array of unsigned shorts is really a ucs2 string or not. So I have been looking at the IDL compiler that comes with the freedce project (http://freedce.sourceforge.net) but at the moment it doesn't have a retargetable back end that could generate ethereal code. Tim.
Powered by MHonArc 2.6.10