Support of Windows Vista / Windows 7

Anonymous
2011-05-31
2012-11-30
  • Anonymous - 2011-05-31

    Hi,

    first of all I will say that I don’t know if this will ever works but that’s why I will discuss this ;-).

    The problem is on Windows Vista / Windows 7 and Windows 2008 you have to change the owner of registry entries from TrustedInstaller to Administrator(s) to make changes on this (see post from csturtz) and this could not be changed be an msi package, so you have to do this manually (or have someone a solution for this?).

    The question is why does j-interop needs this changes and a vbs-script not?

    In wireshark I could see that j-Interop does a first authentication and then it does a RemoteActivation,  the vbs script does an nearly  the same  authentication but then it does a ISystemActivator RemoteCreateInstance.

    So I try to change this in the JIComServer class by replacing in the init method:

                syntax = "4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0";
                getEndpoint().getSyntax().setUuid(new rpc.core.UUID("4d9f4ab8-7d1c-11cf-861e-0020af6e7c57"));
                getEndpoint().getSyntax().setVersion(0,0);
                ((JIComEndpoint)getEndpoint()).rebindEndPoint();
                remoteActivation = new JIRemActivation(clsid);
                call(Endpoint.IDEMPOTENT,remoteActivation);
    

    with

                //setup syntax for ISystemActivator
                syntax = "000001A0-0000-0000-C000-000000000046:0.0";
                getEndpoint().getSyntax().setUuid(new rpc.core.UUID("000001A0-0000-0000-C000-000000000046"));
                getEndpoint().getSyntax().setVersion(0,0);
                ((JIComEndpoint)getEndpoint()).rebindEndPoint();
    
                sysActivator = new JISystemActivator(clsid);
                call(Endpoint.IDEMPOTENT, sysActivator);
    

    I write a class for JISystemActivator (based on JIRemActivation), this class does not work correctly at the moment! Most of the request is hard coded:

    package org.jinterop.dcom.core;
    import java.util.ArrayList;
    import java.util.HashMap;
    import org.jinterop.dcom.common.JIComVersion;
    import org.jinterop.dcom.common.JIRuntimeException;
    import org.jinterop.dcom.common.JISystem;
    import rpc.core.UUID;
    import ndr.NdrException;
    import ndr.NdrObject;
    import ndr.NetworkDataRepresentation;
    public class JISystemActivator extends NdrObject {
        public static final int RPC_C_IMP_LEVEL_IDENTIFY = 2;
        public static final int RPC_C_IMP_LEVEL_IMPERSONATE = 3;
        private int impersonationLevel = RPC_C_IMP_LEVEL_IMPERSONATE;
        private int mode = 0;
        private String monikerName = null;
        private UUID clsid = null;
        private boolean activationSuccessful = false;
        private JIOrpcThat orpcthat = null;
        private byte[] oxid = null;
        private JIDualStringArray dualStringArrayForOxid = null;
        private String ipid = null;
        private String clsidStr = null;
        private int authenticationHint = -1;
        private JIComVersion comVersion = null;
        private int hresult = -1;
        private JIInterfacePointer mInterfacePointer = null;
        boolean isDual = false;
        String dispIpid = null;
        int dispRefs = 5;
        byte[] dispOid = null;
        private JIInterfacePointer iidPtr = null;   
        public JISystemActivator(String clsid)
        {
            this.clsid = new UUID(clsid);
        }
        public void setMode (int mode)
        {
            this.mode = mode;
        }
        public void setClientImpersonationLevel(int implLevel)
        {
            impersonationLevel = implLevel;
        }
        public void setfileMonikerAtServer(String name)
        {
            if (name != null  && !name.equalsIgnoreCase(""))
            {
                monikerName = name;
            }
        }
        public int getOpnum() {
            return 4; // Operation RemoteCreateInstance
        }
    
        public void write(NetworkDataRepresentation ndr) {
            // OrpcThis
            JIOrpcThis orpcThis = new JIOrpcThis();
            orpcThis.setORPCFlags(1);
            orpcThis.encode(ndr);
    
            ndr.writeUnsignedLong(0); // Reserved?
            ndr.writeUnsignedLong(0x00020000); // PointVal
            ndr.writeUnsignedLong(744); // CntData: This should be set automatically
            ndr.writeUnsignedLong(744);// ArraySize: This should be set automatically
    
            // ObjectRef
            ndr.writeUnsignedLong(0x574f454d); // Signature MEWO
            ndr.writeUnsignedLong(4); // OBJREF_CUSTOM
    
            //IID 
            // IID_IActivationPropertiesIn see http://msdn.microsoft.com/en-us/library/cc226820%28v=prot.10%29.aspx
            UUID uuid = new UUID();
            uuid.parse("000001a2-0000-0000-c000-000000000046");
            try {
                uuid.encode(ndr,ndr.buf);
            } catch (NdrException e) {
                JISystem.getLogger().throwing("JISystemActivator","write",e);
            }
            // CLSID
            // CLSID_ActivationPropertiesIn see http://msdn.microsoft.com/en-us/library/cc226820%28v=prot.10%29.aspx
            uuid.parse("00000338-0000-0000-c000-000000000046");
            try {
                uuid.encode(ndr,ndr.buf);
            } catch (NdrException e) {
                JISystem.getLogger().throwing("JISystemActivator","write",e);
            }
            ndr.writeUnsignedLong(0); // CBExtension        
            ndr.writeUnsignedLong(696); // Size: This should be set automatically
    
            // TODO: Find out what in that String!
            String str = "b0:02:00:00:00:00:00:00:01:10:08:00:cc:cc:cc:cc:b0:00:00:00:00:00:00:00:b0:02:00:00:c0:00:00:00:00:00:00:00:02:00:00:00:06:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:02:00:04:00:02:00:00:00:00:00:06:00:00:00:b9:01:00:00:00:00:00:00:c0:00:00:00:00:00:00:46:ab:01:00:00:00:00:00:00:c0:00:00:00:00:00:00:46:a5:01:00:00:00:00:00:00:c0:00:00:00:00:00:00:46:a6:01:00:00:00:00:00:00:c0:00:00:00:00:00:00:46:a4:01:00:00:00:00:00:00:c0:00:00:00:00:00:00:46:aa:01:00:00:00:00:00:00:c0:00:00:00:00:00:00:46:06:00:00:00:68:00:00:00:58:00:00:00:90:00:00:00:50:00:00:00:20:00:00:00:30:00:00:00:01:10:08:00:cc:cc:cc:cc:58:00:00:00:00:00:00:00:ff:ff:ff:ff:00:00:00:00:00:00:00:00:00:00:00:00:02:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:14:00:00:00:02:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:01:10:08:00:cc:cc:cc:cc:48:00:00:00:00:00:00:00:5e:f0:c3:8b:6b:d8:d0:11:a0:75:00:c0:4f:b6:88:20:14:00:00:00:00:00:00:00:00:00:00:00:01:00:00:00:00:00:00:00:00:00:02:00:58:00:00:00:05:00:07:00:01:00:00:00:18:ad:09:f3:6a:d8:d0:11:a0:75:00:c0:4f:b6:88:20:00:00:00:00:01:10:08:00:cc:cc:cc:cc:80:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:02:00:00:00:00:00:60:00:00:00:60:00:00:00:4d:45:4f:57:04:00:00:00:c0:01:00:00:00:00:00:00:c0:00:00:00:00:00:00:46:3b:03:00:00:00:00:00:00:c0:00:00:00:00:00:00:46:00:00:00:00:30:00:00:00:01:00:01:00:c1:b9:7b:6f:98:5b:ce:43:86:79:2d:a3:55:ac:72:58:02:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:01:00:00:00:01:10:08:00:cc:cc:cc:cc:40:00:00:00:00:00:00:00:00:00:00:00:00:00:02:00:00:00:00:00:00:00:00:00:04:00:02:00:00:00:00:00:00:00:00:00:0c:00:00:00:00:00:00:00:0c:00:00:00:31:00:30:00:2e:00:31:00:30:00:2e:00:31:00:30:00:2e:00:35:00:39:00:00:00:01:10:08:00:cc:cc:cc:cc:10:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:01:10:08:00:cc:cc:cc:cc:20:00:00:00:00:00:00:00:00:00:00:00:00:00:02:00:02:00:00:00:01:00:00:00:04:00:02:00:01:00:00:00:07:00:00:00:00:00:00:00";
            String[] strB = str.split(":");
            for (String s : strB) {         
                ndr.writeUnsignedSmall(Integer.parseInt(s,16));
            }
        }
        public void read(NetworkDataRepresentation ndr) {
            // TODO: The decoding does not work at the moment
    
            orpcthat = JIOrpcThat.decode(ndr);
            //now fill the oxid
            // oxid = JIMarshalUnMarshalHelper.readOctetArrayLE(ndr,8);
    
            long lng = ndr.readUnsignedLong(); //size will be one
    
            //array length
             lng = ndr.readUnsignedLong();
            //array length
             lng = ndr.readUnsignedLong();
    
            /// OBJREF
    
            // Signature MEWO
             lng =ndr.readUnsignedLong();
    
            // OBJREF_CUSTOM
            lng =ndr.readUnsignedLong();
    
             // IID
                try {
                    UUID ipid2 = new UUID();
                    ipid2.decode(ndr,ndr.getBuffer());
                    ipid = (ipid2.toString());
                } catch (NdrException e) {
                    JISystem.getLogger().throwing("JIRemActivation","read",e);
                }
    
                //CLSID
                try {
                    UUID ipid2 = new UUID();
                    ipid2.decode(ndr,ndr.getBuffer());
                    clsidStr = (ipid2.toString());
                } catch (NdrException e) {
                    JISystem.getLogger().throwing("JIRemActivation","read",e);
                }
                // CBExtension
                lng = ndr.readUnsignedLong();
    
                // Size
                lng = ndr.readUnsignedLong();           
                // Activation Properties out
                lng = ndr.readUnsignedLong();           
                lng = ndr.readUnsignedLong();
    
                // MInterfacePointer 
                mInterfacePointer = JIInterfacePointer.decode(ndr, new ArrayList(), JIFlags.FLAG_NULL, new HashMap());
                // pObjectData?
    
                // IID?
    
            //final hresult
            int hresult1 = ndr.readUnsignedLong();
            if (hresult1 != 0)
            {
                //something happened.
                throw new JIRuntimeException(hresult1);
            }
        }
    
        public JIInterfacePointer getInterfacePointer()
        {
            return iidPtr;
        }   
        public boolean isActivationSuccessful()
        {
            return activationSuccessful;
        }
        public JIOrpcThat getORPCThat()
        {
            return orpcthat;
        }
        public byte[] getOxid()
        {
            return oxid;
        }
        public JIDualStringArray getDualStringArrayForOxid()
        {
            return dualStringArrayForOxid;
        }
        public int getAuthenticationHint()
        {
            return authenticationHint;
        }
        public JIComVersion getComVersion()
        {
            return comVersion;
        }
        public int getHresult()
        {
            return hresult;
        }
        public JIInterfacePointer getMInterfacePointer()
        {
            return iidPtr;
        }
        public String getIPID()
        {
            return ipid;
        }   
    }
    

    The hard coded request works, but I could not decode the response.

    Did you think this could work when we find out the correct encoding/decoding of the iSystemActivator interface (I found some documentation but I am not so familiar with c and the network protocols).  If someone has an idea to this please let me know.

    Kind regards
        Björn

     
  • Vikram Roopchand

    Hi,
        j-Interop only uses the registry when you provide the ProgID (for getting the corresponding CLSID) or if the server returns "Class not registered" exception (and j-Interop is running with AutoRegistration set to "true") in which case it tries to register the COM server.

    SystemActivator is supported by newer versions of DCOM. For all purposes the older version with RemActivation will suffice but if you want you can implement it fully and then submit a patch.

    thanks,
    best regards,
    Vikram

     
  • Vikram Roopchand

    Hi,
         This means that your handskake is not correct and APIs might have been called out of order. Can you read up the specs and check ?

    thanks,
    best regards,
    Vikram

     
  • Anonymous - 2011-06-15

    Hi Vikram,

    yes, the api seems the to be called out of order. When I compare the wireshark capture of the vbs script and the one from j-interop the order is different and the call ids are also different.

    Order of vbs script:

    18  3.161.039   10.10.10.37 10.10.10.59 TCP 50803 > epmap [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=2
    19  3.162.972   10.10.10.59 10.10.10.37 TCP epmap > 50803 [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0 MSS=1460 WS=0
    20  3.163.034   10.10.10.37 10.10.10.59 TCP 50803 > epmap [ACK] Seq=1 Ack=1 Win=65700 Len=0
    21  3.163.304   10.10.10.37 10.10.10.59 DCERPC  Bind: call_id: 2, 2 context items, 1st IOXIDResolver V0.0
    22  3.167.968   10.10.10.59 10.10.10.37 DCERPC  Bind_ack: call_id: 2 Unknown result (3), reason: Abstract syntax not supported
    23  3.168.108   10.10.10.37 10.10.10.59 IOXIDResolver   ServerAlive2 request
    24  3.170.612   10.10.10.59 10.10.10.37 IOXIDResolver   ServerAlive2 response[Long frame (2 bytes)]
    25  3.244.251   10.10.10.37 10.10.10.59 TCP 50804 > epmap [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=2
    26  3.247.987   10.10.10.59 10.10.10.37 TCP epmap > 50804 [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0 MSS=1460 WS=0
    27  3.248.060   10.10.10.37 10.10.10.59 TCP 50804 > epmap [ACK] Seq=1 Ack=1 Win=65700 Len=0
    28  3.297.429   10.10.10.37 10.10.10.59 DCERPC  Bind: call_id: 3 ISystemActivator V0.0, NTLMSSP_NEGOTIATE
    29  3.300.074   10.10.10.59 10.10.10.37 DCERPC  Bind_ack: call_id: 3, NTLMSSP_CHALLENGE accept max_xmit: 5840 max_recv: 5840
    30  3.300.464   10.10.10.37 10.10.10.59 DCERPC  AUTH3: call_id: 3, NTLMSSP_AUTH, User: Duderstadt\Administrator
    31  3.300.517   10.10.10.37 10.10.10.59 ISystemActivator    RemoteCreateInstance request
    32  3.303.337   10.10.10.59 10.10.10.37 TCP epmap > 50804 [ACK] Seq=279 Ack=1479 Win=64240 Len=0
    33  3.350.613   10.10.10.59 10.10.10.37 ISystemActivator    RemoteCreateInstance response
    34  3.364.536   10.10.10.37 10.10.10.59 TCP 50805 > 35427 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=2
    35  3.367.957   10.10.10.59 10.10.10.37 TCP 35427 > 50805 [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0 MSS=1460 WS=0
    36  3.368.032   10.10.10.37 10.10.10.59 TCP 50805 > 35427 [ACK] Seq=1 Ack=1 Win=65700 Len=0
    37  3.373.741   10.10.10.37 10.10.10.59 TCP 50803 > epmap [ACK] Seq=141 Ack=221 Win=65480 Len=0
    38  3.418.488   10.10.10.37 10.10.10.59 DCERPC  Bind: call_id: 2, 2 context items, 1st IRemUnknown2 V0.0, NTLMSSP_NEGOTIATE
    39  3.423.305   10.10.10.59 10.10.10.37 DCERPC  Bind_ack: call_id: 2, NTLMSSP_CHALLENGE Unknown result (3), reason: Abstract syntax not supported
    40  3.423.693   10.10.10.37 10.10.10.59 DCERPC  AUTH3: call_id: 2, NTLMSSP_AUTH, User: Duderstadt\Administrator
    41  3.423.765   10.10.10.37 10.10.10.59 IRemUnknown2    RemQueryInterface request IID[1]=IWbemLoginClientID
    42  3.426.302   10.10.10.59 10.10.10.37 TCP 35427 > 50805 [ACK] Seq=303 Ack=849 Win=63392 Len=0
    43  3.443.368   10.10.10.59 10.10.10.37 IRemUnknown2    RemQueryInterface response S_OK[1] -> S_OK
    44  3.444.071   10.10.10.37 10.10.10.59 DCERPC  Alter_context: call_id: 3 IWbemLoginClientID V0.0
    45  3.446.337   10.10.10.59 10.10.10.37 DCERPC  Alter_context_resp: call_id: 3 accept max_xmit: 5840 max_recv: 5840
    46  3.446.457   10.10.10.37 10.10.10.59 DCERPC  Request: call_id: 3 opnum: 3 ctx_id: 1 IWbemLoginClientID V0
    47  3.447.966   10.10.10.59 10.10.10.37 DCERPC  Response: call_id: 3 ctx_id: 1 IWbemLoginClientID V0
    48  3.465.477   10.10.10.37 10.10.10.59 DCERPC  Alter_context: call_id: 4 IWbemLevel1Login V0.0
    49  3.467.326   10.10.10.59 10.10.10.37 DCERPC  Alter_context_resp: call_id: 4 accept max_xmit: 5840 max_recv: 5840
    50  3.467.551   10.10.10.37 10.10.10.59 DCERPC  Request: call_id: 4 opnum: 3 ctx_id: 2 IWbemLevel1Login V0
    51  3.469.465   10.10.10.59 10.10.10.37 DCERPC  Response: call_id: 4 ctx_id: 2 IWbemLevel1Login V0
    52  3.469.670   10.10.10.37 10.10.10.59 DCERPC  Request: call_id: 5 opnum: 6 ctx_id: 2 IWbemLevel1Login V0
    53  3.477.127   10.10.10.59 10.10.10.37 DCERPC  Response: call_id: 5 ctx_id: 2 IWbemLevel1Login V0
    54  3.504.633   10.10.10.37 10.10.10.59 IRemUnknown2    RemRelease request Cnt=2 Refs=5-0,5-0
    55  3.515.723   10.10.10.59 10.10.10.37 IRemUnknown2    RemRelease response -> S_OK
    56  3.553.771   10.10.10.37 10.10.10.59 TCP 50804 > epmap [ACK] Seq=1479 Ack=1423 Win=64276 Len=0
    57  3.636.456   10.10.10.37 10.10.10.59 DCERPC  Alter_context: call_id: 7 IWbemServices V0.0, NTLMSSP_NEGOTIATE
    58  3.640.042   10.10.10.59 10.10.10.37 DCERPC  Alter_context_resp: call_id: 7, NTLMSSP_CHALLENGE accept max_xmit: 5840 max_recv: 5840
    59  3.640.396   10.10.10.37 10.10.10.59 DCERPC  AUTH3: call_id: 7, NTLMSSP_AUTH, User: Duderstadt\Administrator
    60  3.642.103   10.10.10.37 10.10.10.59 DCERPC  Request: call_id: 7 opnum: 20 ctx_id: 3 IWbemServices V0
    61  3.643.333   10.10.10.59 10.10.10.37 TCP 35427 > 50805 [ACK] Seq=1249 Ack=2491 Win=63366 Len=0
    62  3.657.976   10.10.10.59 10.10.10.37 DCERPC  Response: call_id: 7 ctx_id: 3 IWbemServices V0
    63  3.659.653   10.10.10.37 10.10.10.59 IRemUnknown2    RemQueryInterface request IID[1]=IWbemFetchSmartEnum
    64  3.662.353   10.10.10.59 10.10.10.37 IRemUnknown2    RemQueryInterface response S_OK[1] -> S_OK
    ...
    

    The j-interop wireshark capture is:

    28  5.568.261   10.10.10.37 10.10.10.59 TCP 49735 > epmap [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=2
    29  5.569.999   10.10.10.59 10.10.10.37 TCP epmap > 49735 [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0 MSS=1460 WS=0
    30  5.570.052   10.10.10.37 10.10.10.59 TCP 49735 > epmap [ACK] Seq=1 Ack=1 Win=65700 Len=0
    31  5.608.591   10.10.10.37 10.10.10.59 DCERPC  Bind: call_id: 0 IOXIDResolver V0.0, NTLMSSP_NEGOTIATE
    32  5.611.773   10.10.10.59 10.10.10.37 DCERPC  Bind_ack: call_id: 0, NTLMSSP_CHALLENGE accept max_xmit: 4280 max_recv: 4280
    33  5.634.394   10.10.10.37 10.10.10.59 DCERPC  AUTH3: call_id: 0, NTLMSSP_AUTH, User: 10.10.10.59\Administrator
    34  5.785.329   10.10.10.59 10.10.10.37 TCP epmap > 49735 [ACK] Seq=279 Ack=517 Win=63724 Len=0
    35  5.785.392   10.10.10.37 10.10.10.59 IOXIDResolver   ServerAlive2 request
    36  5.787.342   10.10.10.59 10.10.10.37 IOXIDResolver   ServerAlive2 response[Long frame (2 bytes)]
    37  5.791.124   10.10.10.37 10.10.10.59 DCERPC  Alter_context: call_id: 2 ISystemActivator V0.0
    38  5.793.329   10.10.10.59 10.10.10.37 DCERPC  Alter_context_resp: call_id: 2 accept max_xmit: 4280 max_recv: 4280
    39  5.816.762   10.10.10.37 10.10.10.59 ISystemActivator    RemoteCreateInstance request
    40  5.838.770   10.10.10.59 10.10.10.37 ISystemActivator    RemoteCreateInstance response
    41  5.857.361   10.10.10.37 10.10.10.59 TCP 49735 > epmap [FIN, ACK] Seq=1439 Ack=1615 Win=65700 Len=0
    42  5.859.147   10.10.10.59 10.10.10.37 TCP epmap > 49735 [ACK] Seq=1615 Ack=1440 Win=62802 Len=0
    43  5.859.340   10.10.10.59 10.10.10.37 TCP epmap > 49735 [FIN, ACK] Seq=1615 Ack=1440 Win=62802 Len=0
    44  5.859.393   10.10.10.37 10.10.10.59 TCP 49735 > epmap [ACK] Seq=1440 Ack=1616 Win=65700 Len=0
    45  5.864.182   10.10.10.37 10.10.10.59 TCP 49738 > 35427 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=2
    46  5.865.084   10.10.10.59 10.10.10.37 TCP 35427 > 49738 [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0 MSS=1460 WS=0
    47  5.865.138   10.10.10.37 10.10.10.59 TCP 49738 > 35427 [ACK] Seq=1 Ack=1 Win=65700 Len=0
    48  5.866.737   10.10.10.37 10.10.10.59 DCERPC  Bind: call_id: 0 IRemUnknown2 V0.0, NTLMSSP_NEGOTIATE
    49  5.869.685   10.10.10.59 10.10.10.37 DCERPC  Bind_ack: call_id: 0, NTLMSSP_CHALLENGE accept max_xmit: 4280 max_recv: 4280
    50  5.879.119   10.10.10.37 10.10.10.59 DCERPC  AUTH3: call_id: 0, NTLMSSP_AUTH, User: 10.10.10.59\Administrator
    52  6.087.123   10.10.10.59 10.10.10.37 TCP 35427 > 49738 [ACK] Seq=279 Ack=533 Win=63708 Len=0
    53  6.087.186   10.10.10.37 10.10.10.59 IRemUnknown2    RemQueryInterface request IID[1]=IWbemLoginClientID[Long frame (2 bytes)]
    54  6.092.389   10.10.10.59 10.10.10.37 DCERPC  Fault: call_id: 1 ctx_id: 0 status: nca_proto_error
    55  6.095.777   10.10.10.59 10.10.10.37 TCP 35427 > 49738 [FIN, ACK] Seq=311 Ack=677 Win=63564 Len=0
    56  6.095.856   10.10.10.37 10.10.10.59 TCP 49738 > 35427 [ACK] Seq=677 Ack=312 Win=65388 Len=0
    57  6.110.895   10.10.10.37 10.10.10.59 IRemUnknown2    RemRelease request Cnt=1 Refs=10-0[Long frame (16 bytes)]
    58  6.111.136   10.10.10.37 10.10.10.59 TCP 49738 > 35427 [FIN, ACK] Seq=805 Ack=312 Win=65388 Len=0
    59  6.112.378   10.10.10.59 10.10.10.37 TCP 35427 > 49738 [RST, ACK] Seq=312 Ack=805 Win=0 Len=0
    60  6.112.573   10.10.10.59 10.10.10.37 TCP 35427 > 49738 [RST] Seq=312 Win=0 Len=0
    

    How could I influence the order and the callIds? (If this is a problem)

    Have you some good specification document / or some keywords for me, I find mostly wireshark package description/ hacks etc. and the .pdf. In the pdf are the descriptions of the calls RemoteCreateInstance and RemQueryInterface, but not the correct call order (maybe I missed something).

    Thanks

    Kind regards
        Björn

     
  • Anonymous - 2011-06-15

    Hi,

    ok it seems that the problem is that I comment out the properties session security (but not all). This has violates the protocol.

    Now I get a new exception:

    org.jinterop.dcom.common.JIException: The object invoked has disconnected from its clients. [0x80010108]
        at org.jinterop.dcom.core.JIRemUnknownServer.call(JIRemUnknownServer.java:156)
        at org.jinterop.dcom.core.JIRemUnknownServer.addRef_ReleaseRef(JIRemUnknownServer.java:181)
        at org.jinterop.dcom.core.JIComObjectImpl2.addRef(JIComObjectImpl2.java:116)
        at org.jinterop.dcom.core.JIComServer.createInstance(JIComServer.java:956)
        at org.jinterop.dcom.test.MSWMI2.<init>(MSWMI2.java:42)
        at org.jinterop.dcom.test.MSWMI2.main(MSWMI2.java:102)
    Caused by: rpc.FaultException: Received fault. (unknown)
        at rpc.ConnectionOrientedEndpoint.call(ConnectionOrientedEndpoint.java:141)
        at rpc.Stub.call(Stub.java:113)
        at org.jinterop.dcom.core.JIRemUnknownServer.call(JIRemUnknownServer.java:152)
        ... 5 more
    

    I will do some more testing, but if someone have an idea how I can fix this or any other hint, please post it.

    Thanks
        Björn

     
  • Anonymous - 2011-06-17

    Hi,

    this error was caused by connecting to the wrong Object UUID, because it will be overwritten in the JIRemUnknownServer class method addRef_ReleaseRef with remunknownIPID.

    Now I get an “Access is denied” it seems that the RemQueryInterface request needs authentication in this request.

    161 8.999151    10.10.10.37 10.10.10.59 IRemUnknown2    RemQueryInterface request IID[1]=IWbemLoginClientID
    

    Is it possible to add the needed authentication information to the request with the j-interop framework? (Auth type: NTLMSSP, Auth level: Packet (4))

    Thanks
       Björn

     
  • Anonymous - 2011-07-04

    Hello Björn.

    Did you make any progress in authenticating with the ISystemActivator?

    We need to query win7 hosts without making any changes to the target host (like creating regKeys) and your approach looks promising.

    Kind regards,
    jens

     
  • Vikram Roopchand

    Hi,
          These (creating keys) and Authentication are two separate things. You might still need to create entries if the COM object is not registered on Target host.

    thanks,
    best regards,
    Vikram

     
  • Danny Tylman

    Danny Tylman - 2011-07-11

    I am trying to solve the same problem, but I would like to suggest a different approach:
    1. I noted that tools like WMIC  (http://manpages.ubuntu.com/manpages/intrepid/man1/wmic.1.html), based on samba4 works against Vista/7/2008 machines.
    2. I checked to code and also sniffed, it uses IWbemLevel1Login::NTLMLogin (http://msdn.microsoft.com/en-us/library/cc250759) which gives a ptr to IWbemServices.
    This is what wmic does:

    dcom_proxy_IUnknown_init();
        dcom_proxy_IWbemLevel1Login_init();
        dcom_proxy_IWbemServices_init();
        dcom_proxy_IEnumWbemClassObject_init();
        dcom_proxy_IRemUnknown_init();
        dcom_proxy_IWbemFetchSmartEnum_init();
        dcom_proxy_IWbemWCOSmartEnum_init();
        struct com_context *ctx = NULL;
        com_init_ctx(&ctx, NULL, lp_ctx);
        dcom_client_init(ctx, cmdline_credentials);
        if (!args.ns)
            args.ns = "root\\cimv2";
        result = WBEM_ConnectServer(ctx, args.hostname, args.ns, 0, 0, 0, 0, 0, 0, &pWS);
        WERR_CHECK("Login to remote object.");
        struct IEnumWbemClassObject *pEnum = NULL;
        result = IWbemServices_ExecQuery(pWS, ctx, "WQL", args.query, WBEM_FLAG_RETURN_IMMEDIATELY | WBEM_FLAG_ENSURE_LOCATABLE, NULL, &pEnum);
        WERR_CHECK("WMI query execute.");
    

    And this is what I am trying to do:

      
      public static final String IID_IWbemLevel1Login = "F309AD18-D86A-11d0-A075-00C04FB68820";
        public static final String CLSID_IWbemLevel1Login = "8BC3F05E-D86B-11d0-A075-00C04FB68820";
    ...
    session = JISession.createSession(domain, user, password);
            session.useSessionSecurity(true);
            int timeout = 50000;
            session.setGlobalSocketTimeout(timeout);
            JIComServer winmgmtClass =
                    new JIComServer(JIClsid.valueOf(CLSID_IWbemLevel1Login), hostName, session);
            IJIComObject winmgmt = winmgmtClass.createInstance();
            IJIComObject wbemLevel1Login = winmgmt.queryInterface(IID_IWbemLevel1Login);
            
            JICallBuilder ntlmLoginCall = new JICallBuilder(!wbemLevel1Login.isDispatchSupported());                
            ntlmLoginCall.setOpnum(3);                                
            ntlmLoginCall.addInParamAsString("root\\CIMV2", JIFlags.FLAG_REPRESENTATION_STRING_LPWSTR);
            ntlmLoginCall.addInParamAsString("", JIFlags.FLAG_REPRESENTATION_STRING_LPWSTR);
            ntlmLoginCall.addInParamAsInt(0, JIFlags.FLAG_REPRESENTATION_VT_INT);
            Object services = new Object();
            ntlmLoginCall.addOutParamAsObject(services,JIFlags.FLAG_REPRESENTATION_IDISPATCH_INVOKE);
            wbemLevel1Login.call(ntlmLoginCall);
    

    (i was playing with the in/out parameters quite a lots, but i guess I am not figuring this right, I also have sniffs of both methods - wmic and jinterop, but it seems jinterop generates encrypted buffer so I can't compare what i am doing wrong).

    Any ideas?

     
  • Danny Tylman

    Danny Tylman - 2011-07-11

    oh - I forget an important issue: the wmic implementation for WBEM_ConnectServer
    is

       GUID_from_string(CLSID_WBEMLEVEL1LOGIN, &clsid);
            GUID_from_string(COM_IWBEMLEVEL1LOGIN_UUID, &iid);
            result = dcom_create_object(ctx, &clsid, server, 1, &iid, &mqi, &coresult);
            WERR_CHECK("dcom_create_object.");
            result = coresult;
            WERR_CHECK("Create remote WMI object.");
            pL = (struct IWbemLevel1Login *)mqi[0];
            talloc_free(mqi);
            result = IWbemLevel1Login_NTLMLogin(pL, ctx, nspace, locale, flags, wbem_ctx, services);
            WERR_CHECK("Login to remote object.");
    

    And the error I am getting on the j-interop side is:
    Recieved FAULT
    org.jinterop.dcom.common.JIException: The stub received bad data. Please check whether the API has been called in the right way, with correct parameter formation.

     
  • Anonymous - 2011-07-11

    Hi,

    first you should turn of the encryption by setting:

    session.useSessionSecurity(false);
    

    After this you could compare the packages. But I am not sure if this will have success, because it seems that you using the normal j-interop activation, which requires the registry keys. Maybe they are already set for the IWbemLevel1Login.

    If I have time I will have a closer look, but this could take a while … sorry.

    Kind regards
        Björn

     
  • Danny Tylman

    Danny Tylman - 2011-07-13

    Hi,

    Thanks for the reply.  seems that

    For the problem of accessing 'out-of-the-box' Visa/7/2008 it seems that IWbemLevel1Login is already registered. So access WMI is possible. I got the sense many users needs this.

    Strangely, when I try to set encryption to false, the

    IJIComObject winmgmt = winmgmtClass.createInstance();
    

    fails the following stack:

     org.jinterop.dcom.common.JIException: Access is denied.  [0x80070005]
        at org.jinterop.dcom.core.JIRemUnknownServer.call(JIRemUnknownServer.java:161)
        at org.jinterop.dcom.core.JIRemUnknownServer.addRef_ReleaseRef(JIRemUnknownServer.java:181)
        at org.jinterop.dcom.core.JISession.addRef_ReleaseRef(JISession.java:701)
        at org.jinterop.dcom.core.JIComObjectImpl.addRef(JIComObjectImpl.java:119)
        at org.jinterop.dcom.core.JIComServer.createInstance(JIComServer.java:739)
        at org.jinterop.dcom.test.WMIC.login(WMIC.java:52)
        at org.jinterop.dcom.test.WMIC.main(WMIC.java:34)
    Caused by: org.jinterop.dcom.common.JIRuntimeException: Access is denied.  [0x80070005]
        at org.jinterop.dcom.core.JICallBuilder.readResult(JICallBuilder.java:985)
        at org.jinterop.dcom.core.JICallBuilder.read(JICallBuilder.java:877)
        at ndr.NdrObject.decode(NdrObject.java:36)
        at rpc.ConnectionOrientedEndpoint.call(ConnectionOrientedEndpoint.java:137)
        at rpc.Stub.call(Stub.java:113)
        at org.jinterop.dcom.core.JIRemUnknownServer.call(JIRemUnknownServer.java:152)
        ... 6 more
    

    Regards, Danny.

     
  • Vikram Roopchand

    Hi,
         Encryption needs to be set , if I am not mistaken it operates at PCKT_PRIVACY level. I hope you are aware that IWbemXXX has a different marshalling scheme (it is another specification altogether). So we would need to add those structures from the top (something like ITypeLib, ITypeInfo classes in j-Interop).

    thanks,
    best regards,
    Vikram

     
  • Ron Zeidman

    Ron Zeidman - 2012-08-29

    @dtylman
    Hi,
    did you're approach succeed? do you have working code? should I try to further investigate your lead?
    Thanks

     
  • Danny Tylman

    Danny Tylman - 2012-08-29

    Hi,

    I continued this some, until reaching the point which WMI queries are more or less working.

    I have submitted a patch for this, I think; but can't find it now.  This was about 6 month ago, so I don't really remember what is going on over there.

    I can send you the patch if you'd like. Send me you e-mail.

    Danny.

     
  • Danny Tylman

    Danny Tylman - 2012-08-29
     
    • Richard

      Richard - 2012-11-30

      Hi Danny !

      I tried the patch and ran your test case. Fantastic job ! It works well with Windows Server 2003. However, with Windows Server 2008 it works only for the query Win32_OperatingSystem.

      For example, I tried Win32_PerfFormattedData_PerfOS_Memory and Win32_PerfFormattedData_PerfOS_Processor and it throws an Exception at this line :

      System.out.println(object.getName());

      java.lang.ArrayIndexOutOfBoundsException: Array index out of range: 0
      at org.jinterop.dcom.impls.wmi.CIMBuffer.getByte(CIMBuffer.java:68)
      at org.jinterop.dcom.impls.wmi.structures.JICIMString.init(JICIMString.java:65)
      at org.jinterop.dcom.impls.wmi.structures.JICIMString.readFrom(JICIMString.java:33)
      at org.jinterop.dcom.impls.wmi.structures.JICIMHeap.getString(JICIMHeap.java:53)
      at org.jinterop.dcom.impls.wmi.structures.JICIMInstanceType.getName(JICIMInstanceType.java:80)
      at org.jinterop.dcom.test.WMICTest.executeQuery(WMICTest.java:48)
      at org.jinterop.dcom.test.WMICTest.test(WMICTest.java:41)
      at org.jinterop.dcom.test.WMICTest.main(WMICTest.java:28)

      Any thoughts ?

      Thanks,

      Richard

       
  • Ron Zeidman

    Ron Zeidman - 2012-08-29

    Thanks! I'll test that.

     
  • Ron Zeidman

    Ron Zeidman - 2012-09-11

    Thanks for the patch, works like a charm for queries.
    I've been trying to make methods work.
    I tried to get the class object like this:

    public JIWbemClassObject getObject(String path) throws JIException {
            final int OPNUM_GET_OBJECT = 3;
            JICallBuilder cb = new JICallBuilder(true);
            cb.setOpnum(OPNUM_GET_OBJECT);
            cb.addInParamAsString(path, JIFlags.FLAG_REPRESENTATION_STRING_BSTR);
            cb.addInParamAsInt(0x00000000, JIFlags.FLAG_NULL); //I also tried cb.addInParamAsInt(0x00000010, JIFlags.FLAG_NULL); and getting the IWbemCallResult
            cb.addInParamAsPointer(new JIPointer(null), JIFlags.FLAG_NULL);
            cb.addOutParamAsType(IJIComObject.class, JIFlags.FLAG_NULL); // IWbemClassObject
            cb.addInParamAsPointer(new JIPointer(null), JIFlags.FLAG_NULL); // 
            Object[] res = this.iface.call(cb);
            return new JIWbemClassObject((IJIComObject) res[0]);
    }
    

    The problem is I'm getting in the result an empty com object as a result, and if I'm using your decode function instead of trying to get a com object the buffer consists of zeros.
    Do you have any Idea what I'm doing wrong here?

     
  • Danny Tylman

    Danny Tylman - 2012-09-11

    Hi

    I was also trying to create objects for method invocation. If i remember correctly, the problem is that there is a completely different protocol for methods and objects which has different encoding. But It has been long time and i don't remember anymore.. sorry..

    I did it long time ago, and I was learning from the IDL and sniffing. My starting point was the WMIC implementation of samba4.  Maybe there is some progress on samba4 that can give you a clue to how objects are encoded.

    Danny.

     
  • Anonymous - 2012-09-11

    Danny is correct.  IWBemClassObject's are encoded per the  specification.  It is a very challenging specification to implement.  If you google for  you will see it.

     
  • Ron Zeidman

    Ron Zeidman - 2012-09-11

    Thanks for the fast response!
    I will try to implement it, but I can't seem to get any response. the

    ndr.buf
    

    that should contain the buffer contains 20 zeros. I'm missing something more fundamental here…

     

Log in to post a comment.