Request
| Index Word
|
Description
|
| 0
|
Header code [0x000F0404]
|
| 1
|
Output buffer max size
|
| 2-14
|
0x34-byte input structure.
|
| 15
|
wlancommID
|
| 16
|
This is the ID also located at offset 0xE in the CTR-generation structure.
|
| 17
|
Value 0x0
|
| 18
|
Input handle
|
| 19
|
(Size<<4) | 12
|
| 20
|
Output buffer ptr
|
Response
| Index Word
|
Description
|
| 0
|
Header code
|
| 1
|
Result code
|
Input structure
| Index Word
|
Description
|
| 0
|
?
|
| 1
|
?
|
| 2-3
|
MAC address? The 6-bytes located here are normally all 0xFF.
|
| 4-12
|
Unknown, usually zero / uninitialized?
|
Description
The input maxsize is written to outbuf+0. The total amount of data written to the output starting at offset 0x0, is written to outbuf+4. Outbuf+8 is zero when the buffer contains no actual received data, 1 otherwise. Therefore, when the output contains no actual received data the size value at outbuf+4 is set to 0xC.
The following is the structure of the data at outbuf+0xC. The data starting at +0x1C is the data from the entire raw beacon data, starting at the 802.11 management frame header. It's unknown what exactly the data prior to that is.