public TransactionResponse(byte[] buffer, int offset) : base(buffer, offset)
{
TotalParameterCount = LittleEndianConverter.ToUInt16(SMBParameters, 0);
TotalDataCount = LittleEndianConverter.ToUInt16(SMBParameters, 2);
Reserved1 = LittleEndianConverter.ToUInt16(SMBParameters, 4);
ushort parameterCount = LittleEndianConverter.ToUInt16(SMBParameters, 6);
ushort parameterOffset = LittleEndianConverter.ToUInt16(SMBParameters, 8);
ParameterDisplacement = LittleEndianConverter.ToUInt16(SMBParameters, 10);
ushort dataCount = LittleEndianConverter.ToUInt16(SMBParameters, 12);
ushort dataOffset = LittleEndianConverter.ToUInt16(SMBParameters, 14);
DataDisplacement = LittleEndianConverter.ToUInt16(SMBParameters, 16);
byte setupCount = ByteReader.ReadByte(SMBParameters, 18);
Reserved2 = ByteReader.ReadByte(SMBParameters, 19);
Setup = ByteReader.ReadBytes(SMBParameters, 20, setupCount * 2);
TransParameters = ByteReader.ReadBytes(buffer, parameterOffset, parameterCount);
TransData = ByteReader.ReadBytes(buffer, dataOffset, dataCount);
}
public SessionSetupAndXResponse(byte[] buffer, int offset, bool isUnicode) : base(buffer, offset)
{
Action = (SessionSetupAction)LittleEndianConverter.ToUInt16(SMBParameters, 4);
int dataOffset = 0;
if (isUnicode)
{
// A Unicode string MUST be aligned to a 16-bit boundary with respect to the beginning of the SMB Header.
// Note: SMBData starts at an odd offset.
dataOffset++;
}
NativeOS = SMB1Helper.ReadSMBString(SMBData, ref dataOffset, isUnicode);
NativeLanMan = SMB1Helper.ReadSMBString(SMBData, ref dataOffset, isUnicode);
if ((SMBData.Length - dataOffset) % 2 == 1)
{
// Workaround for a single terminating null byte
SMBData = ByteUtils.Concatenate(SMBData, new byte[1]);
}
PrimaryDomain = SMB1Helper.ReadSMBString(SMBData, ref dataOffset, isUnicode);
}
public static PSTHeader ReadFromStream(Stream stream, WriterCompatibilityMode writerCompatibilityMode)
{
byte[] buffer = new byte[HeaderLength];
stream.Read(buffer, 0, HeaderLength);
string dwMagic = ByteReader.ReadAnsiString(buffer, 0, 4);
string wMagicClient = ByteReader.ReadAnsiString(buffer, 8, 2);
ushort wVer = LittleEndianConverter.ToUInt16(buffer, 10);
ushort wVerClient = LittleEndianConverter.ToUInt16(buffer, 12);
if (dwMagic == "!BDN" && wVer == (int)PSTVersion.Unicode &&
((wMagicClient == "SO" && wVerClient == (int)ClientVersion.OfflineFolders) ||
(wMagicClient == "SM" && wVerClient == (int)ClientVersion.PersonalFolders)))
{
return(new PSTHeader(buffer));
}
else
{
return(null);
}
}
public WriteAndXRequest(byte[] buffer, int offset, bool isUnicode) : base(buffer, offset, isUnicode)
{
FID = LittleEndianConverter.ToUInt16(this.SMBParameters, 4);
Offset = LittleEndianConverter.ToUInt32(this.SMBParameters, 6);
Timeout = LittleEndianConverter.ToUInt32(this.SMBParameters, 10);
WriteMode = (WriteMode)LittleEndianConverter.ToUInt16(this.SMBParameters, 14);
Remaining = LittleEndianConverter.ToUInt16(this.SMBParameters, 16);
ushort dataLengthHigh = LittleEndianConverter.ToUInt16(this.SMBParameters, 18);
uint DataLength = LittleEndianConverter.ToUInt16(this.SMBParameters, 20);
ushort DataOffset = LittleEndianConverter.ToUInt16(this.SMBParameters, 22);
if (SMBParameters.Length == ParametersFixedLength + 4)
{
uint offsetHigh = LittleEndianConverter.ToUInt32(this.SMBParameters, 24);
Offset |= ((ulong)offsetHigh << 32);
}
DataLength |= (uint)(dataLengthHigh << 16);
Data = ByteReader.ReadBytes(buffer, (int)DataOffset, (int)DataLength);
}
public FileRecordSegment(byte[] buffer, int offset, long segmentNumber)
{
MultiSectorHeader multiSectorHeader = new MultiSectorHeader(buffer, offset + 0x00);
if (multiSectorHeader.Signature != ValidSignature)
{
throw new InvalidDataException("Invalid FILE record signature");
}
LogFileSequenceNumber = LittleEndianConverter.ToUInt64(buffer, offset + 0x08);
m_sequenceNumber = LittleEndianConverter.ToUInt16(buffer, offset + 0x10);
ReferenceCount = LittleEndianConverter.ToUInt16(buffer, offset + 0x12);
ushort firstAttributeOffset = LittleEndianConverter.ToUInt16(buffer, offset + 0x14);
m_flags = (FileRecordFlags)LittleEndianConverter.ToUInt16(buffer, offset + 0x16);
uint segmentLength = LittleEndianConverter.ToUInt32(buffer, offset + 0x18);
uint segmentAllocatedLength = LittleEndianConverter.ToUInt32(buffer, offset + 0x1C);
m_baseFileRecordSegment = new MftSegmentReference(buffer, offset + 0x20);
NextAttributeInstance = LittleEndianConverter.ToUInt16(buffer, offset + 0x28);
// 2 bytes padding
m_segmentNumberOnDisk = LittleEndianConverter.ToUInt32(buffer, offset + 0x2C);
UpdateSequenceNumber = LittleEndianConverter.ToUInt16(buffer, offset + multiSectorHeader.UpdateSequenceArrayOffset);
// Read attributes
int position = offset + firstAttributeOffset;
while (!IsEndMarker(buffer, position))
{
AttributeRecord attribute = AttributeRecord.FromBytes(buffer, position);
m_immediateAttributes.Add(attribute);
position += (int)attribute.RecordLengthOnDisk;
if (position > buffer.Length)
{
throw new InvalidDataException("Invalid attribute length");
}
}
m_segmentNumber = segmentNumber;
}
public TransactionRequest(byte[] buffer, int offset, bool isUnicode) : base(buffer, offset)
{
TotalParameterCount = LittleEndianConverter.ToUInt16(SMBParameters, 0);
TotalDataCount = LittleEndianConverter.ToUInt16(SMBParameters, 2);
MaxParameterCount = LittleEndianConverter.ToUInt16(SMBParameters, 4);
MaxDataCount = LittleEndianConverter.ToUInt16(SMBParameters, 6);
MaxSetupCount = ByteReader.ReadByte(SMBParameters, 8);
Reserved1 = ByteReader.ReadByte(SMBParameters, 9);
Flags = (TransactionFlags)LittleEndianConverter.ToUInt16(SMBParameters, 10);
Timeout = LittleEndianConverter.ToUInt32(SMBParameters, 12);
Reserved2 = LittleEndianConverter.ToUInt16(SMBParameters, 16);
ushort transParameterCount = LittleEndianConverter.ToUInt16(SMBParameters, 18);
ushort transParameterOffset = LittleEndianConverter.ToUInt16(SMBParameters, 20);
ushort transDataCount = LittleEndianConverter.ToUInt16(SMBParameters, 22);
ushort transDataOffset = LittleEndianConverter.ToUInt16(SMBParameters, 24);
byte setupCount = ByteReader.ReadByte(SMBParameters, 26);
Reserved3 = ByteReader.ReadByte(SMBParameters, 27);
Setup = ByteReader.ReadBytes(SMBParameters, 28, setupCount * 2);
if (SMBData.Length > 0) // Workaround, Some SAMBA clients will set ByteCount to 0 (Popcorn Hour A-400)
{
int dataOffset = 0;
if (this is Transaction2Request)
{
Name = string.Empty;
}
else
{
if (isUnicode)
{
int namePadding = 1;
dataOffset += namePadding;
}
Name = SMB1Helper.ReadSMBString(SMBData, ref dataOffset, isUnicode);
}
}
TransParameters = ByteReader.ReadBytes(buffer, transParameterOffset, transParameterCount);
TransData = ByteReader.ReadBytes(buffer, transDataOffset, transDataCount);
}
public LockingAndXRequest(byte[] buffer, int offset) : base(buffer, offset, false)
{
FID = LittleEndianConverter.ToUInt16(this.SMBParameters, 4);
TypeOfLock = (LockType)ByteReader.ReadByte(this.SMBParameters, 6);
NewOpLockLevel = ByteReader.ReadByte(this.SMBParameters, 7);
Timeout = LittleEndianConverter.ToUInt32(this.SMBParameters, 8);
ushort numberOfRequestedUnlocks = LittleEndianConverter.ToUInt16(this.SMBParameters, 12);
ushort numberOfRequestedLocks = LittleEndianConverter.ToUInt16(this.SMBParameters, 14);
int dataOffset = 0;
if ((TypeOfLock & LockType.LARGE_FILES) > 0)
{
for (int index = 0; index < numberOfRequestedUnlocks; index++)
{
LockingRange entry = LockingRange.Read64(this.SMBData, ref dataOffset);
Unlocks.Add(entry);
}
for (int index = 0; index < numberOfRequestedLocks; index++)
{
LockingRange entry = LockingRange.Read64(this.SMBData, ref dataOffset);
Locks.Add(entry);
}
}
else
{
for (int index = 0; index < numberOfRequestedUnlocks; index++)
{
LockingRange entry = LockingRange.Read32(this.SMBData, ref dataOffset);
Unlocks.Add(entry);
}
for (int index = 0; index < numberOfRequestedLocks; index++)
{
LockingRange entry = LockingRange.Read32(this.SMBData, ref dataOffset);
Locks.Add(entry);
}
}
}
public NTFSLogRecord(byte[] recordBytes)
{
RedoOperation = (NTFSLogOperation)LittleEndianConverter.ToUInt16(recordBytes, 0x00);
UndoOperation = (NTFSLogOperation)LittleEndianConverter.ToUInt16(recordBytes, 0x02);
ushort redoOffset = LittleEndianConverter.ToUInt16(recordBytes, 0x04);
ushort redoLength = LittleEndianConverter.ToUInt16(recordBytes, 0x06);
ushort undoOffset = LittleEndianConverter.ToUInt16(recordBytes, 0x08);
ushort undoLength = LittleEndianConverter.ToUInt16(recordBytes, 0x0A);
TargetAttributeIndex = LittleEndianConverter.ToUInt16(recordBytes, 0x0C);
ushort lcnsToFollow = LittleEndianConverter.ToUInt16(recordBytes, 0x0E);
RecordOffset = LittleEndianConverter.ToUInt16(recordBytes, 0x10);
AttributeOffset = LittleEndianConverter.ToUInt16(recordBytes, 0x12);
ClusterBlockOffset = LittleEndianConverter.ToUInt16(recordBytes, 0x14);
Reserved = LittleEndianConverter.ToUInt16(recordBytes, 0x16);
TargetVCN = (long)LittleEndianConverter.ToUInt64(recordBytes, 0x18);
for (int index = 0; index < lcnsToFollow; index++)
{
long lcn = (long)LittleEndianConverter.ToUInt64(recordBytes, 0x20 + index * 8);
LCNsForPage.Add(lcn);
}
/*int dataOffset = 0x20 + lcnsToFollow * 8;
* int dataLength = recordBytes.Length - dataOffset;*/
RedoData = ByteReader.ReadBytes(recordBytes, redoOffset, redoLength);
if (undoOffset == redoOffset && undoLength == redoLength)
{
UndoData = RedoData;
}
else if (UndoOperation != NTFSLogOperation.CompensationLogRecord)
{
UndoData = ByteReader.ReadBytes(recordBytes, undoOffset, undoLength);
}
else
{
// This record is logging the undo of a previous operation (e.g. when aborting a transaction)
UndoData = new byte[0];
}
}
public TimeZoneStructure(byte[] buffer)
{
lBias = LittleEndianConverter.ToInt32(buffer, 0);
lStandardBias = LittleEndianConverter.ToInt32(buffer, 4);
lDaylightBias = LittleEndianConverter.ToInt32(buffer, 8);
ushort wStandardYear = LittleEndianConverter.ToUInt16(buffer, 12);
stStandardDate = new SystemTime(buffer, 14);
ushort wDaylightYear = LittleEndianConverter.ToUInt16(buffer, 30);
stDaylightDate = new SystemTime(buffer, 32);
if (stStandardDate.wYear != wStandardYear)
{
throw new InvalidPropertyException("Invalid TimeZoneStructure");
}
if (stDaylightDate.wYear != wDaylightYear)
{
throw new InvalidPropertyException("Invalid TimeZoneStructure");
}
}
public TableContextInfo(byte[] buffer)
{
bType = (OnHeapTypeName)ByteReader.ReadByte(buffer, 0);
byte cCols = ByteReader.ReadByte(buffer, 1);
int position = 2;
for (int index = 0; index < 4; index++)
{
rgib[index] = LittleEndianConverter.ToUInt16(buffer, position);
position += 2;
}
hidRowIndex = new HeapID(buffer, 10);
hnidRows = new HeapOrNodeID(buffer, 14);
// hidIndex - deprecated
position = 22;
for (int index = 0; index < cCols; index++)
{
TableColumnDescriptor descriptor = new TableColumnDescriptor(buffer, position);
rgTCOLDESC.Add(descriptor);
position += TableColumnDescriptor.Length;
}
}
public NonResidentAttributeRecord(byte[] buffer, int offset) : base(buffer, offset)
{
LowestVCN = (long)LittleEndianConverter.ToUInt64(buffer, offset + 0x10);
HighestVCN = (long)LittleEndianConverter.ToUInt64(buffer, offset + 0x18);
ushort mappingPairsOffset = LittleEndianConverter.ToUInt16(buffer, offset + 0x20);
CompressionUnit = ByteReader.ReadByte(buffer, offset + 0x22);
AllocatedLength = LittleEndianConverter.ToUInt64(buffer, offset + 0x28);
FileSize = LittleEndianConverter.ToUInt64(buffer, offset + 0x30);
ValidDataLength = LittleEndianConverter.ToUInt64(buffer, offset + 0x38);
m_dataRunSequence = new DataRunSequence(buffer, offset + mappingPairsOffset, (int)this.RecordLengthOnDisk - mappingPairsOffset);
if (CompressionUnit != 0)
{
throw new NotSupportedException("NTFS compression is not supported");
}
if ((HighestVCN - LowestVCN + 1) != m_dataRunSequence.DataClusterCount)
{
throw new InvalidDataException("Invalid non-resident attribute record");
}
}
public CreateResponse(byte[] buffer, int offset) : base(buffer, offset)
{
StructureSize = LittleEndianConverter.ToUInt16(buffer, offset + SMB2Header.Length + 0);
OplockLevel = (OplockLevel)ByteReader.ReadByte(buffer, offset + SMB2Header.Length + 2);
Flags = (CreateResponseFlags)ByteReader.ReadByte(buffer, offset + SMB2Header.Length + 3);
CreateAction = (CreateAction)LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 4);
CreationTime = FileTimeHelper.ReadNullableFileTime(buffer, offset + SMB2Header.Length + 8);
LastAccessTime = FileTimeHelper.ReadNullableFileTime(buffer, offset + SMB2Header.Length + 16);
LastWriteTime = FileTimeHelper.ReadNullableFileTime(buffer, offset + SMB2Header.Length + 24);
ChangeTime = FileTimeHelper.ReadNullableFileTime(buffer, offset + SMB2Header.Length + 32);
AllocationSize = LittleEndianConverter.ToInt64(buffer, offset + SMB2Header.Length + 40);
EndofFile = LittleEndianConverter.ToInt64(buffer, offset + SMB2Header.Length + 48);
FileAttributes = (FileAttributes)LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 56);
Reserved2 = LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 60);
FileId = new FileID(buffer, offset + SMB2Header.Length + 64);
CreateContextsOffsets = LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 80);
CreateContextsLength = LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 84);
if (CreateContextsLength > 0)
{
CreateContexts = CreateContext.ReadCreateContextList(buffer, offset + (int)CreateContextsOffsets);
}
}
public NegotiateResponse(byte[] buffer, int offset) : base(buffer, offset)
{
DialectIndex = LittleEndianConverter.ToUInt16(SMBParameters, 0);
SecurityMode = (SecurityMode)ByteReader.ReadByte(SMBParameters, 2);
MaxMpxCount = LittleEndianConverter.ToUInt16(SMBParameters, 3);
MaxNumberVcs = LittleEndianConverter.ToUInt16(SMBParameters, 5);
MaxBufferSize = LittleEndianConverter.ToUInt32(SMBParameters, 7);
MaxRawSize = LittleEndianConverter.ToUInt32(SMBParameters, 11);
SessionKey = LittleEndianConverter.ToUInt32(SMBParameters, 15);
Capabilities = (Capabilities)LittleEndianConverter.ToUInt32(SMBParameters, 19);
SystemTime = FileTimeHelper.ReadFileTime(SMBParameters, 23);
ServerTimeZone = LittleEndianConverter.ToInt16(SMBParameters, 31);
ChallengeLength = ByteReader.ReadByte(SMBParameters, 33);
int dataOffset = 0;
Challenge = ByteReader.ReadBytes(SMBData, ref dataOffset, ChallengeLength);
// [MS-CIFS] <90> Padding is not added before DomainName
// DomainName and ServerName are always in Unicode
DomainName = SMB1Helper.ReadSMBString(SMBData, ref dataOffset, true);
ServerName = SMB1Helper.ReadSMBString(SMBData, ref dataOffset, true);
}
public AttributeListEntry(byte[] buffer, int offset)
{
AttributeType = (AttributeType)LittleEndianConverter.ToUInt32(buffer, offset + 0x00);
m_lengthOnDisk = LittleEndianConverter.ToUInt16(buffer, offset + 0x04);
if (m_lengthOnDisk < AttributeListEntry.HeaderLength)
{
throw new InvalidDataException("Invalid attribute list entry, data length is less than the valid minimum");
}
else if (m_lengthOnDisk > buffer.Length - offset)
{
throw new InvalidDataException("Invalid attribute list entry, data length exceed list length");
}
byte nameLength = ByteReader.ReadByte(buffer, offset + 0x06);
byte nameOffset = ByteReader.ReadByte(buffer, offset + 0x07);
LowestVCN = (long)LittleEndianConverter.ToUInt64(buffer, offset + 0x08);
SegmentReference = new MftSegmentReference(buffer, offset + 0x10);
Instance = LittleEndianConverter.ToUInt16(buffer, offset + 0x18);
if (nameLength > 0)
{
AttributeName = ByteReader.ReadUTF16String(buffer, offset + nameOffset, nameLength);
}
}
public string NativeLanMan; // SMB_STRING (this field WILL be aligned to start on a 2-byte boundary from the start of the SMB header)
public SessionSetupAndXRequestExtended(byte[] buffer, int offset, bool isUnicode) : base(buffer, offset, isUnicode)
{
MaxBufferSize = LittleEndianConverter.ToUInt16(this.SMBParameters, 4);
MaxMpxCount = LittleEndianConverter.ToUInt16(this.SMBParameters, 6);
VcNumber = LittleEndianConverter.ToUInt16(this.SMBParameters, 8);
SessionKey = LittleEndianConverter.ToUInt32(this.SMBParameters, 10);
ushort securityBlobLength = LittleEndianConverter.ToUInt16(this.SMBParameters, 14);
Reserved = LittleEndianConverter.ToUInt32(this.SMBParameters, 16);
Capabilities = (ServerCapabilities)LittleEndianConverter.ToUInt32(this.SMBParameters, 20);
SecurityBlob = ByteReader.ReadBytes(this.SMBData, 0, securityBlobLength);
int dataOffset = SecurityBlob.Length;
if (isUnicode)
{
int padding = securityBlobLength % 2;
dataOffset += padding;
}
NativeOS = SMBHelper.ReadSMBString(this.SMBData, ref dataOffset, isUnicode);
NativeLanMan = SMBHelper.ReadSMBString(this.SMBData, ref dataOffset, isUnicode);
}
public CreateRequest(byte[] buffer, int offset) : base(buffer, offset)
{
StructureSize = LittleEndianConverter.ToUInt16(buffer, offset + SMB2Header.Length + 0);
SecurityFlags = ByteReader.ReadByte(buffer, offset + SMB2Header.Length + 2);
RequestedOplockLevel = (OplockLevel)ByteReader.ReadByte(buffer, offset + SMB2Header.Length + 3);
ImpersonationLevel = (ImpersonationLevel)LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 4);
SmbCreateFlags = LittleEndianConverter.ToUInt64(buffer, offset + SMB2Header.Length + 8);
Reserved = LittleEndianConverter.ToUInt64(buffer, offset + SMB2Header.Length + 16);
DesiredAccess = new AccessMask(buffer, offset + SMB2Header.Length + 24);
FileAttributes = (FileAttributes)LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 28);
ShareAccess = (ShareAccess)LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 32);
CreateDisposition = (CreateDisposition)LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 36);
CreateOptions = (CreateOptions)LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 40);
NameOffset = LittleEndianConverter.ToUInt16(buffer, offset + SMB2Header.Length + 44);
NameLength = LittleEndianConverter.ToUInt16(buffer, offset + SMB2Header.Length + 46);
CreateContextsOffsets = LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 48);
CreateContextsLength = LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 52);
Name = ByteReader.ReadUTF16String(buffer, offset + NameOffset, NameLength / 2);
if (CreateContextsLength > 0)
{
CreateContexts = CreateContext.ReadCreateContextList(buffer, (int)CreateContextsOffsets);
}
}
public RenameRequest(byte[] buffer, int offset, bool isUnicode) : base(buffer, offset, isUnicode)
{
SearchAttributes = (FileAttributes)LittleEndianConverter.ToUInt16(this.SMBParameters, 0);
int dataOffset = 0;
BufferFormat1 = ByteReader.ReadByte(this.SMBData, ref dataOffset);
if (BufferFormat1 != SupportedBufferFormat)
{
throw new InvalidRequestException("Unsupported Buffer Format");
}
OldFileName = SMBHelper.ReadSMBString(this.SMBData, ref dataOffset, isUnicode);
BufferFormat2 = ByteReader.ReadByte(this.SMBData, ref dataOffset);
if (BufferFormat2 != SupportedBufferFormat)
{
throw new InvalidRequestException("Unsupported Buffer Format");
}
if (isUnicode)
{
dataOffset++;
}
NewFileName = SMBHelper.ReadSMBString(this.SMBData, ref dataOffset, isUnicode);
}
public NTCreateAndXRequest(byte[] buffer, int offset, bool isUnicode) : base(buffer, offset, isUnicode)
{
Reserved = ByteReader.ReadByte(this.SMBParameters, 4);
ushort nameLength = LittleEndianConverter.ToUInt16(this.SMBParameters, 5);
Flags = (NTCreateFlags)LittleEndianConverter.ToUInt32(this.SMBParameters, 7);
RootDirectoryFID = LittleEndianConverter.ToUInt32(this.SMBParameters, 11);
DesiredAccess = (DesiredAccess)LittleEndianConverter.ToUInt32(this.SMBParameters, 15);
AllocationSize = LittleEndianConverter.ToUInt64(this.SMBParameters, 19);
ExtFileAttributes = (ExtendedFileAttributes)LittleEndianConverter.ToUInt32(this.SMBParameters, 27);
ShareAccess = (ShareAccess)LittleEndianConverter.ToUInt32(this.SMBParameters, 31);
CreateDisposition = (CreateDisposition)LittleEndianConverter.ToUInt32(this.SMBParameters, 35);
CreateOptions = (CreateOptions)LittleEndianConverter.ToUInt32(this.SMBParameters, 39);
ImpersonationLevel = (ImpersonationLevel)LittleEndianConverter.ToUInt32(this.SMBParameters, 43);
SecurityFlags = (SecurityFlags)ByteReader.ReadByte(this.SMBParameters, 47);
int dataOffset = 0;
if (isUnicode)
{
dataOffset = 1; // 1 byte padding for 2 byte alignment
}
FileName = SMBHelper.ReadSMBString(this.SMBData, dataOffset, isUnicode);
}
public SessionSetupAndXRequestExtended(byte[] buffer, int offset, bool isUnicode) : base(buffer, offset)
{
MaxBufferSize = LittleEndianConverter.ToUInt16(SMBParameters, 4);
MaxMpxCount = LittleEndianConverter.ToUInt16(SMBParameters, 6);
VcNumber = LittleEndianConverter.ToUInt16(SMBParameters, 8);
SessionKey = LittleEndianConverter.ToUInt32(SMBParameters, 10);
SecurityBlobLength = LittleEndianConverter.ToUInt16(SMBParameters, 14);
Reserved = LittleEndianConverter.ToUInt32(SMBParameters, 16);
Capabilities = (Capabilities)LittleEndianConverter.ToUInt32(SMBParameters, 20);
SecurityBlob = ByteReader.ReadBytes(SMBData, 0, SecurityBlobLength);
int dataOffset = SecurityBlob.Length;
if (isUnicode)
{
// A Unicode string MUST be aligned to a 16-bit boundary with respect to the beginning of the SMB Header.
// Note: SMBData starts at an odd offset.
int padding = (1 + SecurityBlobLength) % 2;
dataOffset += padding;
}
NativeOS = SMB1Helper.ReadSMBString(SMBData, ref dataOffset, isUnicode);
NativeLanMan = SMB1Helper.ReadSMBString(SMBData, ref dataOffset, isUnicode);
}
public Transaction2FindNext2Request(byte[] parameters, byte[] data, bool isUnicode) : base()
{
SID = LittleEndianConverter.ToUInt16(parameters, 0);
SearchCount = LittleEndianConverter.ToUInt16(parameters, 2);
InformationLevel = (FindInformationLevel)LittleEndianConverter.ToUInt16(parameters, 4);
ResumeKey = LittleEndianConverter.ToUInt32(parameters, 6);
Flags = (FindFlags)LittleEndianConverter.ToUInt16(parameters, 10);
if (isUnicode && parameters.Length == 13 && parameters[12] == 0x00)
{
// Workaround for PlayStation2 Slim
FileName = String.Empty;
}
else
{
FileName = SMB1Helper.ReadSMBString(parameters, 12, isUnicode);
}
if (InformationLevel == FindInformationLevel.SMB_INFO_QUERY_EAS_FROM_LIST)
{
GetExtendedAttributeList = new ExtendedAttributeNameList(data, 0);
}
}
public SessionSetupAndXResponseExtended(byte[] buffer, int offset, bool isUnicode) : base(buffer, offset)
{
Action = (SessionSetupAction)LittleEndianConverter.ToUInt16(SMBParameters, 4);
SecurityBlobLength = LittleEndianConverter.ToUInt16(SMBParameters, 6);
SecurityBlob = ByteReader.ReadBytes(SMBData, 0, SecurityBlobLength);
int dataOffset = SecurityBlob.Length;
if (isUnicode)
{
// A Unicode string MUST be aligned to a 16-bit boundary with respect to the beginning of the SMB Header.
// Note: SMBData starts at an odd offset.
int padding = (1 + SecurityBlobLength) % 2;
dataOffset += padding;
}
NativeOS = SMB1Helper.ReadSMBString(SMBData, ref dataOffset, isUnicode);
if ((SMBData.Length - dataOffset) % 2 == 1)
{
// Workaround for a single terminating null byte
SMBData = ByteUtils.Concatenate(SMBData, new byte[1]);
}
NativeLanMan = SMB1Helper.ReadSMBString(SMBData, ref dataOffset, isUnicode);
}
/// <summary>
/// boot record is the first sector of the partition (not to be confused with the master boot record which is the first sector of the disk)
/// </summary>
public NTFSBootRecord(byte[] buffer)
{
Jump = ByteReader.ReadBytes(buffer, 0x00, JumpLength);
OEMID = ByteReader.ReadAnsiString(buffer, 0x03, SignatureLength);
BytesPerSector = LittleEndianConverter.ToUInt16(buffer, 0x0B);
SectorsPerCluster = ByteReader.ReadByte(buffer, 0x0D);
MediaDescriptor = ByteReader.ReadByte(buffer, 0x15);
SectorsPerTrack = LittleEndianConverter.ToUInt16(buffer, 0x18);
NumberOfHeads = LittleEndianConverter.ToUInt16(buffer, 0x1A);
NumberOfHiddenSectors = LittleEndianConverter.ToUInt32(buffer, 0x1C);
PhysicalDriveNumber = ByteReader.ReadByte(buffer, 0x24);
ExtendedBootSignature = ByteReader.ReadByte(buffer, 0x26);
TotalSectors = LittleEndianConverter.ToUInt64(buffer, 0x28);
MftStartLCN = LittleEndianConverter.ToUInt64(buffer, 0x30);
MftMirrorStartLCN = LittleEndianConverter.ToUInt64(buffer, 0x38);
RawClustersPerFileRecordSegment = (sbyte)ByteReader.ReadByte(buffer, 0x40);
RawClustersPerIndexRecord = (sbyte)ByteReader.ReadByte(buffer, 0x44);
VolumeSerialNumber = LittleEndianConverter.ToUInt64(buffer, 0x48);
Checksum = LittleEndianConverter.ToUInt32(buffer, 0x50);
Code = ByteReader.ReadBytes(buffer, 0x54, CodeLength);
BootRecordSignature = LittleEndianConverter.ToUInt16(buffer, 0x1FE);
}
public SparseExtentHeader(byte[] buffer)
{
Signature = ByteReader.ReadAnsiString(buffer, 0x00, 4);
if (!String.Equals(Signature, ValidSignature))
{
throw new InvalidDataException("Sparse extent header signature is invalid");
}
Version = LittleEndianConverter.ToUInt32(buffer, 0x04);
Flags = LittleEndianConverter.ToUInt32(buffer, 0x08);
Capacity = LittleEndianConverter.ToUInt64(buffer, 0x0C);
GrainSize = LittleEndianConverter.ToUInt64(buffer, 0x14);
DescriptorOffset = LittleEndianConverter.ToUInt64(buffer, 0x1C);
DescriptorSize = LittleEndianConverter.ToUInt64(buffer, 0x24);
NumGTEsPerGT = LittleEndianConverter.ToUInt32(buffer, 0x2C);
RGDOffset = LittleEndianConverter.ToUInt64(buffer, 0x30);
GDOffset = LittleEndianConverter.ToUInt64(buffer, 0x38);
OverHead = LittleEndianConverter.ToUInt64(buffer, 0x40);
UncleanShutdown = ByteReader.ReadByte(buffer, 0x48) == 1;
SingleEndLineChar = (char)ByteReader.ReadByte(buffer, 0x49);
NonEndLineChar = (char)ByteReader.ReadByte(buffer, 0x4A);
DoubleEndLineChar1 = (char)ByteReader.ReadByte(buffer, 0x4B);
DoubleEndLineChar2 = (char)ByteReader.ReadByte(buffer, 0x4C);
CompressionAlgirithm = (SparseExtentCompression)LittleEndianConverter.ToUInt16(buffer, 0x4D);
}
public byte[] Code = new byte[428]; // 512 - 0x54
/// <summary>
/// boot record is the first sector of the partition (not to be confused with the master boot record which is the first sector of the disk)
/// </summary>
public NTFSBootRecord(byte[] buffer)
{
Array.Copy(buffer, 0x00, Jump, 0, 3);
OEMID = ASCIIEncoding.ASCII.GetString(buffer, 0x03, 8);
BytesPerSector = LittleEndianConverter.ToUInt16(buffer, 0x0B);
SectorsPerCluster = buffer[0x0D];
MediaDescriptor = buffer[0x15];
SectorsPerTrack = LittleEndianConverter.ToUInt16(buffer, 0x18);
NumberOfHeads = LittleEndianConverter.ToUInt16(buffer, 0x1A);
NumberOfHiddenSectors = LittleEndianConverter.ToUInt32(buffer, 0x1C);
PhysicalDriveNumber = buffer[0x24];
ExtendedBootSignature = buffer[0x26];
TotalSectors = LittleEndianConverter.ToUInt64(buffer, 0x28);
MftStartLCN = LittleEndianConverter.ToUInt64(buffer, 0x30);
MftMirrorStartLCN = LittleEndianConverter.ToUInt64(buffer, 0x38);
RawClustersPerFileRecordSegment = (sbyte)buffer[0x40];
RawClustersPerIndexBlock = (sbyte)buffer[0x44];
VolumeSerialNumber = LittleEndianConverter.ToUInt64(buffer, 0x48);
Checksum = LittleEndianConverter.ToUInt32(buffer, 0x50);
Array.Copy(buffer, 0x54, Code, 0, Code.Length);
}
public FlushRequest(byte[] buffer, int offset) : base(buffer, offset)
{
FID = LittleEndianConverter.ToUInt16(SMBParameters, 0);
}
public LogoffRequest(byte[] buffer, int offset) : base(buffer, offset)
{
StructureSize = LittleEndianConverter.ToUInt16(buffer, offset + SMB2Header.Length + 0);
Reserved = LittleEndianConverter.ToUInt16(buffer, offset + SMB2Header.Length + 2);
}
public HeapOnNodeBitmapHeader(byte[] buffer, int offset)
{
ibHnpm = LittleEndianConverter.ToUInt16(buffer, offset + 0);
rgbFillLevel = HeapOnNodeHelper.ReadFillLevelMap(buffer, offset + 2, 128);
}
public TransactionRawReadNamedPipeRequest(byte[] setup)
{
FID = LittleEndianConverter.ToUInt16(setup, 2);
}
public HeapOnNodePageHeader(byte[] buffer, int offset)
{
ibHnpm = LittleEndianConverter.ToUInt16(buffer, offset + 0);
}
public TransactionSetNamedPipeStateRequest(byte[] setup, byte[] parameters) : base()
{
FID = LittleEndianConverter.ToUInt16(setup, 2);
PipeState = (PipeState)LittleEndianConverter.ToUInt16(parameters, 0);
}
