It does have a Metasploit module. Have you tried reading the source to figure out what's going on?
Theres a whole set of info on bypassing NX protection in the comments, as well as information about the handle you have to bind to as well as the type of dceprc call that triggers the vulnerability. I was currious what additional info was in the Metasploit module, and i just learned quite a bit about bypassing NX protection.
If you are going to be re-creating this in python, the Metasploit dcerpc library is pretty easy to decypher, so you can probably pull what you need from there. The RFCs are pretty helpful as well, but understanding how something works in theory and then looking at a protocol interaction in reality is often more helpful.
Hope this helps.
CISSP, CSSLP, MCSE+Security, MCTS, CCSP, GPEN, GWAPT, GCWN, NOP, OSCP, Security+