Hi, my problem is:
I have 2 apps using DCOM for remote interaction. Have no source code of this apps (just exe). Task - get to know the structure of server app (dcom interfaces, in/out params...) to write a new server app having the same interfaces.
Have tryed to sniff network pakets by Microsoft NetMonitor, and result is:
NM successfuly parse the traffic on RPC protocol level, but not DCOM payload:
- RPC: c/o Request: unknown Call=0x7 Opnum=0x3 Context=0x1 Hint=0x24
- MSRPCRpcconnRequestHdrT Request:
- StubData: 36 bytes
- MSRPCStubData StubData: 0x1
- BLOB MSRPCPayload: Binary Large Object (36 Bytes)
In my situation MSRPCPayload is DCOM. NM has DCOM parser - but unfortunately it's shows payload only as a blob.
Have no idea how to solve whis problem. Is there any other ways to discover structure of dcom interfaces?