NWMUDS:StartScan
Request
| Index Word | Description |
|---|---|
| 0 | Header code [0x000F0404] |
| 1 | Output buffer max size |
| 2 | ? |
| 3 | ? |
| 4-5 | MAC address? The 6-bytes located here are normally all 0xFF. |
| 6-14 | Unknown, usually zero / uninitialized? |
| 15 | wlancommID |
| 16 | This is the ID also located at offset 0xE in the CTR-generation structure. |
| 17 | Value 0x0 |
| 18 | Input handle |
| 19 | (Size<<4) | 12 |
| 20 | Output buffer ptr |
Response
| Index Word | Description |
|---|---|
| 0 | Header code |
| 1 | Result code |
Description
The input maxsize is written to outbuf+0. The total amount of data written to the output starting at offset 0x0, is written to outbuf+4. Outbuf+8 is zero when the buffer contains no actual received data, 1 otherwise. Therefore, when the output contains no actual received data the size value at outbuf+4 is set to 0xC.
The following is the structure of the data at outbuf+0xC. The data starting at +0x1C is the data from the entire raw beacon data, starting at the 802.11 management frame header. It's unknown what exactly the data prior to that is.