Smb2-protocol: [Smb2-protocol] Re: smb qfi level 1018

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: ronnie sahlberg <ronniesahlberg@xxxxxxxxx>
Date: Fri, 18 Nov 2005 21:59:33 +0000
thanks.
i have updated the wiki and ethereal


On 11/18/05, tridge@xxxxxxxxx <tridge@xxxxxxxxx> wrote:
> Ronnie,
>
>  > would anyone have a link to where i can find a current description of
>  > qfi level 1018  SMB_FILE_ALL_INFO.
>
> The parse code is as follows:
>
>  case RAW_FILEINFO_ALL_INFORMATION:
>   FINFO_CHECK_MIN_SIZE(72);
>   parms->all_info.out.create_time =           smbcli_pull_nttime(blob->data,
> 0);
>   parms->all_info.out.access_time =           smbcli_pull_nttime(blob->data,
> 8);
>   parms->all_info.out.write_time =            smbcli_pull_nttime(blob->data,
> 16);
>   parms->all_info.out.change_time =           smbcli_pull_nttime(blob->data,
> 24);
>   parms->all_info.out.attrib =                IVAL(blob->data, 32);
>   parms->all_info.out.alloc_size =            BVAL(blob->data, 40);
>   parms->all_info.out.size =                  BVAL(blob->data, 48);
>   parms->all_info.out.nlink =                 IVAL(blob->data, 56);
>   parms->all_info.out.delete_pending =        CVAL(blob->data, 60);
>   parms->all_info.out.directory =             CVAL(blob->data, 61);
> #if 1
>   parms->all_info.out.ea_size =               IVAL(blob->data, 64);
>   smbcli_blob_pull_string(NULL, mem_ctx, blob,
>      &parms->all_info.out.fname, 68, 72, STR_UNICODE);
>
> there 68 is the offset of the string length, and 72 is the offset of
> the string.
>
>  > It appears the ethereal implementation of this infolevel is completely
> broken
>
> yep, the leach spec is wrong for this level.
>
> Also note that I was wrong about this level being the same in SMB and
> SMB2. My test code had a bug. The SMB2 ALL_INFORMATION level looks
> like this:
>
>   FINFO_CHECK_MIN_SIZE(0x64);
>   parms->all_info2.out.create_time    = smbcli_pull_nttime(blob->data,
> 0x00);
>   parms->all_info2.out.access_time    = smbcli_pull_nttime(blob->data,
> 0x08);
>   parms->all_info2.out.write_time     = smbcli_pull_nttime(blob->data,
> 0x10);
>   parms->all_info2.out.change_time    = smbcli_pull_nttime(blob->data,
> 0x18);
>   parms->all_info2.out.attrib         = IVAL(blob->data, 0x20);
>   parms->all_info2.out.unknown1       = IVAL(blob->data, 0x24);
>   parms->all_info2.out.alloc_size     = BVAL(blob->data, 0x28);
>   parms->all_info2.out.size           = BVAL(blob->data, 0x30);
>   parms->all_info2.out.nlink          = IVAL(blob->data, 0x38);
>   parms->all_info2.out.delete_pending = CVAL(blob->data, 0x3C);
>   parms->all_info2.out.directory      = CVAL(blob->data, 0x3D);
>   parms->all_info2.out.file_id        = BVAL(blob->data, 0x40);
>   parms->all_info2.out.ea_size        = IVAL(blob->data, 0x48);
>   parms->all_info2.out.access_mask    = IVAL(blob->data, 0x4C);
>   parms->all_info2.out.unknown2       = BVAL(blob->data, 0x50);
>   parms->all_info2.out.unknown3       = BVAL(blob->data, 0x58);
>   smbcli_blob_pull_string(NULL, mem_ctx, blob,
>      &parms->all_info2.out.fname, 0x60, 0x64, STR_UNICODE);
>
>
> It seems that this is the only level where the SMB and SMB2 structures
> don't match?
>
> _______________________________________________
> Smb2-protocol mailing list
> Smb2-protocol@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/smb2-protocol
>