mailing list archives
Help Understanding Stub for MS06-040
From: npouvesle at tenablesecurity.com (Nicolas Pouvesle)
Date: Thu, 15 Mar 2007 07:42:24 +0100
On Mar 14, 2007, at 2:38 PM, Kyle Schatzle wrote:
I thought I could disassemble the netapi32.dll and recreate the
IDL file, but was unsuccessful with using mIDA, and unmidl.
netapi32.dll only contains a client stub. I have a version of mIDA
that can decompile some client stubs but I have to fix it/merge it
with the main code.
For the function called in this exploit you should look at the server
stub in srvsvc.dll.