Marshalling and unmarshalling a VARIANT of IOPCSyncIO::Write|Classic OPC: DA, A&E, HDA, XML-DA, etc.|Forum|OPC Foundation

Hello,

I am trying to analyze stream of bytes of a IOPCSyncIO::Write() packets with no success.

For example the following stub data of a RPC request packet in little endian (context id = 39c13a52-011e-11d0-9675-0020afd8adb3. opnum = 4, i.e. IOPCSyncIO::Write):

050007000000000000000000660aaaa 44dbc49429fb94f541ddc661800000000 0100000001000000a0e9070201000000 55736572010000000300000000000000 0b000000000000000b000000ffff

Accordingly to 2.2.13.3@MS-DCOM document (ORPCTHIS):

0500 Mayor version 0700 Minor version 00000000 Flags 00000000 Reserved 660aaaa44dbc49429fb94f541ddc6618 CID 00000000 extensions

Methods arguments are according 4.4.5.2@opc-da-3.00-specifications document are: HRESULT Write( [in] DWORD dwCount, [in, size_is(dwCount)] DWORD * phServer, [in, size_is(dwCount)] VARIANT * pItemValues, [out, size_is(,dwCount)] HRESULT ** ppErrors); 

dwCount: 01000000
phServer: 01000000

And now it comes the VARIANT. Using 2.2.29@MS-OAUT doc clSize should be: a0e90702 (weird) or is it repeating the size? From here nothing has sense. I have read the following documents:

opc-da-3.00-specification.pdf
DCE 1.1 Remote Procedure Call c706.pdf
[MS-COM].pdf
[MS-DCOM].pdf
[MS-DTYP].pdf
[MS-ERREF].pdf
[MS-OAUT].pdf
[MS-RPCE].pdf

Does anyone have a clue?

Thank you in advance!

Rodrigo