Re: Implementation of DCERPC protocol

[Guy Harris <guy () alum mit edu>]

On Feb 23, 2012, at 12:51 AM, rahul sharma wrote:

> 1> What does the Byte order to be Little Endian specify?

It specifies that all multi-byte integral and floating-point values are in little-endian format within the DCE RPC 
request or reply in question.  To quote the DCE RPC spec:

        http://pubs.opengroup.org/onlinepubs/009629399/chap14.htm

"NDR represents signed integers in twos complement format and represents unsigned integers as unsigned binary numbers. 
There are two integer formats: big-endian and little-endian. If the integer format is big-endian, the octets of the 
representation are ordered in the octet stream from the most significant octet to the least significant octet. If the 
integer format is little-endian, the octets of the representation are ordered in the octet stream from the least 
significant octet to the most significant octet."

Unlike ONC RPC, DCE RPC doesn't use a single standard byte order when encoding values; instead, it uses "receiver makes 
it right", so that the data is transmitted in the byte order of the sending host, and the receiving host has to 
translate that into its byte order if necessary.  (It also uses "receiver makes it right" for floating-point numbers - 
the sender transmits the number in its own format, whether that's IEEE binary, PDP-11/VAX format, Cray format, or IBM 
System/3x0 format.  Presumably if it supports multiple formats, as Alpha-based machines and later System/390 and all 
z/Architecture machines do, it uses whatever format the program is using.)
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe