Hi all!
I am doing research on
MAPI at present,thanks for
wireshark,it gives me
much help to analyze the
ExchangeRpc packet,but I have a big
problem now,
I believe that some of you are very
familiar with MAPI, so please help
me!
In my work, I must
rebuild a quest type packet to get the mail packets
in advance,with the help of wireshark,I
know how to construct the packet in
Outlook 2002's account,W ireshark gives
some useful information,
I know the decryption of MAPI is
hard,but I can copy some bytes
form the last response
packet!
My problem is with
Outlook2003 's communication,the structure of playload
looks different, ,eg. In
Outlook2002 's stub data ,
the Maxcount section is "ff 7f 00 00",it means 32767,but in Outlook2002,
the same position is "04 00 00
00",I don't know what it is
,
and the length of stub data is longer,
it has so much unknown bytes!! what's the difference
of these two structure?
Any help will
be appreciated!
Regards.....
Na
2008-08-21
|