Perhaps it isn't, but I have at least one capture that was *NOT*
correctly dissected by the code before my changes and *WAS* correctly
dissected by the code after my changes.
Ok.
Good reason for the changes then.
Does "lsa-muddle.idl" come from Microsoft? If not, perhaps it's wrong.
( Was your capture from a MS implementation? If not, perhaps it's wrong :-)
)
No. It comes from the muddle tool from the (now defunct?) freedce project.
Muddle was the tool they used to machinegenerate idl files from a NT/w2k
system. I dont know how it worked.
I belive it inspected dll files or available interfaces to generate
an idl file with all functions and structs/unions in that interface.
Of course it could not provide meaningful names for functions or elements,
only the types.
I crossreference this machinegenerated file (which should be reasonably
correct) to the reverse engineered human generated lsarpc.idl one and found
many inconsistencies between them regarding the functions not yet
implemented in the lsa dissector.
best regards
ronnie sahlberg
_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com
