Getting nca_proto_error/DCERPC_FAULT_PROTO_ERROR when using JCIFS to communicate with a remote Windows Instance

Question

I am currently trying to do something similar to PSExec but entirely in Java. I think my problem isnt directly relate to actually what I am doing, but how. Currently I am trying to implement the creating and starting of a service remotely.

For this I got my hands on the midlc tool (version 0.6.1) and extended the svcctl.idl with the CreateService and DeleteService calls. After that I used midlc to generate code for usage with jcifs ( -t jcifs ). I then created a test-program to use that class and jcifs to communicate with a remote windows machine.

Here comes the code for that:

        rpc.policy_handle scHandle = new rpc.policy_handle();
        SvcCtl.OpenSCManager openSCManagerRpc = new SvcCtl.OpenSCManager(host, null, 0x0001 | 0x0002, scHandle);

        // Connection-oriented DCE/RPC over SMB named pipes.
        DcerpcHandle handle = DcerpcHandle.getHandle("ncacn_np:" + host + "[\\PIPE\\svcctl]",
                ConcurrentNtlmAuthenticator.getInstance().getNtlmPasswordAuthentication());
        try {
            handle.sendrecv(openSCManagerRpc);
            if (openSCManagerRpc.retval != 0) {
                throw new SmbException(openSCManagerRpc.retval, true);
            }
        } catch(Exception e) {
            e.printStackTrace();
        } finally {
            try {
                handle.close();
            } catch(IOException ioe) {
                ioe.printStackTrace();
            }
        }

Unfortunately I am getting a DCERPC_FAULT_PROTO_ERROR alias nca_proto_error alias 0x1c01000b

So my simple question is ... what am I doing wrong?

Chris

Answer 1

Ok,

I sorted this out. The problem was, that the request type was not initialized and hereby set to -1 which is not a valid value. By manually setting this, I was able to actually perform the tasks I was trying to do:

https://dev.c-ware.de/confluence/pages/viewpage.action?pageId=15007754

Chris