I’m looking for interface or service which is server part for
NETAPI32.DLL.
Theoretically, “12345678-1234-abcd-ef00-01234567cffb v1.0: netlogon” RPC
interface has to answer on.
But I’ve traced all service’s RPC interfaces inside Windows and any
interface is not called on, for example, remote “net use \Comp\IPC$
/user:Me password”
Is it possible that netlogon is processed inside kernel, not service via
RPC?
How may be understanding where is netlogon places or who is answers on
netapi32.dll client requests?
Thanks for help,
Michael.
IIRC NETAPI32.DLL is a collection of RPC client stubs (wrapped with
pretty-named API functions), who lead to SRVSVC.DLL and WKSSVC.DLL in
SERVICES.EXE process.
These 2 DLLs are RPC servers for these client stubs, and control the real
workers - SRV.SYS and MRXSMB.SYS - via undocumented IOCTLs.
These 2 DLLs are what are called “LanmanServer” and “LanmanWorkstation”
services.
There is also XACTSRV.DLL, which is IIRC the support for the old-style,
pre-DCE-RPC, Windows-For-Workgroups remote management of the SMB file server.
“net use \server\share” command line has nothing to do with NETAPI32, it
is MPR’s WNetAddConnection(2 or 3) call.
–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
“Grabelkovsky, Michael” <michael.grabelkovsky> wrote in message
news:xxxxx@ntdev…
I’m looking for interface or service which is server part for
NETAPI32.DLL.
Theoretically, “12345678-1234-abcd-ef00-01234567cffb v1.0: netlogon” RPC
interface has to answer on.
But I’ve traced all service’s RPC interfaces inside Windows and any
interface is not called on, for example, remote “net use \Comp\IPC$
/user:Me password”
Is it possible that netlogon is processed inside kernel, not service via
RPC?
How may be understanding where is netlogon places or who is answers on
netapi32.dll client requests?
Thanks for help,
Michael.</michael.grabelkovsky>