pastebin - collaborative debugging tool
smb-sniff.kpaste.net RSS


SMB Packet Struct
Posted by Anonymous on Thu 28th Oct 2010 23:31
raw | new post

  1. private struct SMB
  2. {
  3.         public UInt32 E_00_PacketID;
  4.         public UInt16 E_01_Header;
  5.         public UInt16 E_02_Epoch;
  6.         public UInt32 E_03_NTStatus;
  7.         public UInt16 E_04_Command;
  8.         public UInt16 E_05_CreditsRequested;
  9.         public UInt32 E_06_Flags;
  10.         public UInt32 E_07_ChainOffset;
  11.         public UInt64 E_08_CommandSequence;
  12.         public UInt32 E_09_ProcessID;
  13.         public UInt32 E_10_TreeID;
  14.         public UInt64 E_11_SessionID;
  15.         public UInt64 E_12_Signature1;
  16.         public UInt64 E_13_Signature2;
  17.         public UInt16 E_14_RequestLength; // remember to add 1 for Dynamic flag
  18.         public UInt16 E_15_Oplock;
  19.         public UInt32 E_16_Impersonate;
  20.         public UInt64 E_17_CreateFlags;
  21.         public UInt32 E_18_AccessMask;
  22.         public UInt32 E_19_FileAttributes;
  23.         public UInt32 E_20_ShareAccess;
  24.         public UInt32 E_21_AccessMode;
  25.         public UInt32 E_22_CreateOptions;
  26.         public UInt16 E_23_FilenameOffset;
  27.         public UInt16 E_24_FilenameLength;
  28.         public string E_25_Name;
  29.  
  30.         public SMB(byte[] packet)
  31.         {
  32.                 E_00_PacketID = BitConverter.ToUInt32(packet, 0);
  33.                 E_01_Header = BitConverter.ToUInt16(packet, 4);
  34.                 E_02_Epoch = BitConverter.ToUInt16(packet, 6);
  35.                 E_03_NTStatus = BitConverter.ToUInt32(packet, 8);
  36.                 E_04_Command = BitConverter.ToUInt16(packet, 12);
  37.                 E_05_CreditsRequested = BitConverter.ToUInt16(packet, 14);
  38.                 E_06_Flags = BitConverter.ToUInt32(packet, 16);
  39.                 E_07_ChainOffset = BitConverter.ToUInt32(packet, 20);
  40.                 E_08_CommandSequence = BitConverter.ToUInt64(packet, 24);
  41.                 E_09_ProcessID = BitConverter.ToUInt32(packet, 32);
  42.                 E_10_TreeID = BitConverter.ToUInt32(packet, 36);
  43.                 E_11_SessionID = BitConverter.ToUInt64(packet, 40);
  44.                 E_12_Signature1 = BitConverter.ToUInt64(packet, 48);
  45.                 E_13_Signature2 = BitConverter.ToUInt64(packet, 56);
  46.                 E_14_RequestLength = BitConverter.ToUInt16(packet, 64);
  47.                 E_15_Oplock = BitConverter.ToUInt16(packet, 66);
  48.                 E_16_Impersonate = BitConverter.ToUInt32(packet, 68);
  49.                 E_17_CreateFlags = BitConverter.ToUInt64(packet, 72);
  50.                 // there are 8 bytes of padding here
  51.                 E_18_AccessMask = BitConverter.ToUInt32(packet, 88);
  52.                 E_19_FileAttributes = BitConverter.ToUInt32(packet, 92);
  53.                 E_20_ShareAccess = BitConverter.ToUInt32(packet, 96);
  54.                 E_21_AccessMode = BitConverter.ToUInt32(packet, 100);
  55.                 E_22_CreateOptions = BitConverter.ToUInt32(packet, 104);
  56.                 E_23_FilenameOffset = BitConverter.ToUInt16(packet, 108);
  57.                 E_24_FilenameLength = BitConverter.ToUInt16(packet, 110);
  58.                 E_25_Name = UnicodeEncoding.Unicode.GetString(packet, E_23_FilenameOffset, E_24_FilenameLength);
  59.         }
  60. }

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting:

To highlight particular lines, prefix each line with {%HIGHLIGHT}





All content is user-submitted.
The administrators of this site (kpaste.net) are not responsible for their content.
Abuse reports should be emailed to us at