Difference between revisions of "NWMUDS:StartScan"
Jump to navigation
Jump to search
Line 11: | Line 11: | ||
| Output buffer max size | | Output buffer max size | ||
|- | |- | ||
− | | 2 | + | | 2-14 |
− | + | | 0x34-byte input structure. | |
− | |||
− | | | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
| 15 | | 15 | ||
Line 53: | Line 44: | ||
| 1 | | 1 | ||
| Result code | | Result code | ||
+ | |} | ||
+ | |||
+ | =Input structure= | ||
+ | {| class="wikitable" border="1" | ||
+ | |- | ||
+ | ! Index Word | ||
+ | ! Description | ||
+ | |- | ||
+ | | 0 | ||
+ | | ? | ||
+ | |- | ||
+ | | 1 | ||
+ | | ? | ||
+ | |- | ||
+ | | 2-3 | ||
+ | | MAC address? The 6-bytes located here are normally all 0xFF. | ||
+ | |- | ||
+ | | 4-12 | ||
+ | | Unknown, usually zero / uninitialized? | ||
|} | |} | ||
Revision as of 00:45, 4 April 2016
Request
Index Word | Description |
---|---|
0 | Header code [0x000F0404] |
1 | Output buffer max size |
2-14 | 0x34-byte input structure. |
15 | wlancommID |
16 | This is the ID also located at offset 0xE in the CTR-generation structure. |
17 | Value 0x0 |
18 | Input handle |
19 | (Size<<4) | 12 |
20 | Output buffer ptr |
Response
Index Word | Description |
---|---|
0 | Header code |
1 | Result code |
Input structure
Index Word | Description |
---|---|
0 | ? |
1 | ? |
2-3 | MAC address? The 6-bytes located here are normally all 0xFF. |
4-12 | Unknown, usually zero / uninitialized? |
Description
The input maxsize is written to outbuf+0. The total amount of data written to the output starting at offset 0x0, is written to outbuf+4. Outbuf+8 is zero when the buffer contains no actual received data, 1 otherwise. Therefore, when the output contains no actual received data the size value at outbuf+4 is set to 0xC.
The following is the structure of the data at outbuf+0xC. The data starting at +0x1C is the data from the entire raw beacon data, starting at the 802.11 management frame header. It's unknown what exactly the data prior to that is.