public WriteAndXRequest(byte[] buffer, int offset, bool isUnicode) : base(buffer, offset, isUnicode)
{
FID = LittleEndianConverter.ToUInt16(this.SMBParameters, 4);
Offset = LittleEndianConverter.ToUInt32(this.SMBParameters, 6);
Timeout = LittleEndianConverter.ToUInt32(this.SMBParameters, 10);
WriteMode = (WriteMode)LittleEndianConverter.ToUInt16(this.SMBParameters, 14);
Remaining = LittleEndianConverter.ToUInt16(this.SMBParameters, 16);
ushort dataLengthHigh = LittleEndianConverter.ToUInt16(this.SMBParameters, 18);
uint DataLength = LittleEndianConverter.ToUInt16(this.SMBParameters, 20);
ushort DataOffset = LittleEndianConverter.ToUInt16(this.SMBParameters, 22);
if (SMBParameters.Length == ParametersFixedLength + 4)
{
uint offsetHigh = LittleEndianConverter.ToUInt32(this.SMBParameters, 24);
Offset |= ((ulong)offsetHigh << 32);
}
DataLength |= (uint)(dataLengthHigh << 16);
Data = ByteReader.ReadBytes(buffer, (int)DataOffset, (int)DataLength);
}
public LogRestartPage(byte[] buffer, int offset)
{
MultiSectorHeader multiSectorHeader = new MultiSectorHeader(buffer, offset + 0x00);
if (multiSectorHeader.Signature != ValidSignature)
{
throw new InvalidDataException("Invalid RSTR record signature");
}
ChkDskLsn = LittleEndianConverter.ToUInt64(buffer, offset + 0x08);
m_systemPageSize = LittleEndianConverter.ToUInt32(buffer, offset + 0x10);
LogPageSize = LittleEndianConverter.ToUInt32(buffer, offset + 0x14);
ushort restartOffset = LittleEndianConverter.ToUInt16(buffer, offset + 0x18);
MinorVersion = LittleEndianConverter.ToInt16(buffer, offset + 0x1A);
MajorVersion = LittleEndianConverter.ToInt16(buffer, offset + 0x1C);
int position = offset + multiSectorHeader.UpdateSequenceArrayOffset;
List <byte[]> updateSequenceReplacementData = MultiSectorHelper.ReadUpdateSequenceArray(buffer, position, multiSectorHeader.UpdateSequenceArraySize, out UpdateSequenceNumber);
MultiSectorHelper.DecodeSegmentBuffer(buffer, offset, UpdateSequenceNumber, updateSequenceReplacementData);
LogRestartArea = new LogRestartArea(buffer, offset + restartOffset);
}
public LogRecordPage(byte[] buffer, int offset, int dataOffset)
{
MultiSectorHeader multiSectorHeader = new MultiSectorHeader(buffer, offset + 0x00);
if (multiSectorHeader.Signature != ValidSignature)
{
throw new InvalidDataException("Invalid RCRD record signature");
}
LastLsnOrFileOffset = LittleEndianConverter.ToUInt64(buffer, offset + 0x08);
Flags = (LogRecordPageFlags)LittleEndianConverter.ToUInt32(buffer, offset + 0x10);
PageCount = LittleEndianConverter.ToUInt16(buffer, offset + 0x14);
PagePosition = LittleEndianConverter.ToUInt16(buffer, offset + 0x16);
ushort nextRecordOffset = LittleEndianConverter.ToUInt16(buffer, offset + 0x18);
LastEndLsn = LittleEndianConverter.ToUInt64(buffer, offset + 0x20);
int position = offset + multiSectorHeader.UpdateSequenceArrayOffset;
List <byte[]> updateSequenceReplacementData = MultiSectorHelper.ReadUpdateSequenceArray(buffer, position, multiSectorHeader.UpdateSequenceArraySize, out UpdateSequenceNumber);
MultiSectorHelper.DecodeSegmentBuffer(buffer, offset, UpdateSequenceNumber, updateSequenceReplacementData);
Data = ByteReader.ReadBytes(buffer, offset + dataOffset, (int)(nextRecordOffset - dataOffset));
}
public FileRecordSegment(byte[] buffer, int offset, long segmentNumber)
{
MultiSectorHeader multiSectorHeader = new MultiSectorHeader(buffer, offset + 0x00);
if (multiSectorHeader.Signature != ValidSignature)
{
throw new InvalidDataException("Invalid FILE record signature");
}
LogFileSequenceNumber = LittleEndianConverter.ToUInt64(buffer, offset + 0x08);
m_sequenceNumber = LittleEndianConverter.ToUInt16(buffer, offset + 0x10);
ReferenceCount = LittleEndianConverter.ToUInt16(buffer, offset + 0x12);
ushort firstAttributeOffset = LittleEndianConverter.ToUInt16(buffer, offset + 0x14);
m_flags = (FileRecordFlags)LittleEndianConverter.ToUInt16(buffer, offset + 0x16);
uint segmentLength = LittleEndianConverter.ToUInt32(buffer, offset + 0x18);
uint segmentAllocatedLength = LittleEndianConverter.ToUInt32(buffer, offset + 0x1C);
m_baseFileRecordSegment = new MftSegmentReference(buffer, offset + 0x20);
NextAttributeInstance = LittleEndianConverter.ToUInt16(buffer, offset + 0x28);
// 2 bytes padding
m_segmentNumberOnDisk = LittleEndianConverter.ToUInt32(buffer, offset + 0x2C);
UpdateSequenceNumber = LittleEndianConverter.ToUInt16(buffer, offset + multiSectorHeader.UpdateSequenceArrayOffset);
// Read attributes
int position = offset + firstAttributeOffset;
while (!IsEndMarker(buffer, position))
{
AttributeRecord attribute = AttributeRecord.FromBytes(buffer, position);
m_immediateAttributes.Add(attribute);
position += (int)attribute.RecordLengthOnDisk;
if (position > buffer.Length)
{
throw new InvalidDataException("Invalid attribute length");
}
}
m_segmentNumber = segmentNumber;
}
public TransactionRequest(byte[] buffer, int offset, bool isUnicode) : base(buffer, offset)
{
TotalParameterCount = LittleEndianConverter.ToUInt16(SMBParameters, 0);
TotalDataCount = LittleEndianConverter.ToUInt16(SMBParameters, 2);
MaxParameterCount = LittleEndianConverter.ToUInt16(SMBParameters, 4);
MaxDataCount = LittleEndianConverter.ToUInt16(SMBParameters, 6);
MaxSetupCount = ByteReader.ReadByte(SMBParameters, 8);
Reserved1 = ByteReader.ReadByte(SMBParameters, 9);
Flags = (TransactionFlags)LittleEndianConverter.ToUInt16(SMBParameters, 10);
Timeout = LittleEndianConverter.ToUInt32(SMBParameters, 12);
Reserved2 = LittleEndianConverter.ToUInt16(SMBParameters, 16);
ushort transParameterCount = LittleEndianConverter.ToUInt16(SMBParameters, 18);
ushort transParameterOffset = LittleEndianConverter.ToUInt16(SMBParameters, 20);
ushort transDataCount = LittleEndianConverter.ToUInt16(SMBParameters, 22);
ushort transDataOffset = LittleEndianConverter.ToUInt16(SMBParameters, 24);
byte setupCount = ByteReader.ReadByte(SMBParameters, 26);
Reserved3 = ByteReader.ReadByte(SMBParameters, 27);
Setup = ByteReader.ReadBytes(SMBParameters, 28, setupCount * 2);
if (SMBData.Length > 0) // Workaround, Some SAMBA clients will set ByteCount to 0 (Popcorn Hour A-400)
{
int dataOffset = 0;
if (this is Transaction2Request)
{
Name = string.Empty;
}
else
{
if (isUnicode)
{
int namePadding = 1;
dataOffset += namePadding;
}
Name = SMB1Helper.ReadSMBString(SMBData, ref dataOffset, isUnicode);
}
}
TransParameters = ByteReader.ReadBytes(buffer, transParameterOffset, transParameterCount);
TransData = ByteReader.ReadBytes(buffer, transDataOffset, transDataCount);
}
public LockingAndXRequest(byte[] buffer, int offset) : base(buffer, offset, false)
{
FID = LittleEndianConverter.ToUInt16(this.SMBParameters, 4);
TypeOfLock = (LockType)ByteReader.ReadByte(this.SMBParameters, 6);
NewOpLockLevel = ByteReader.ReadByte(this.SMBParameters, 7);
Timeout = LittleEndianConverter.ToUInt32(this.SMBParameters, 8);
ushort numberOfRequestedUnlocks = LittleEndianConverter.ToUInt16(this.SMBParameters, 12);
ushort numberOfRequestedLocks = LittleEndianConverter.ToUInt16(this.SMBParameters, 14);
int dataOffset = 0;
if ((TypeOfLock & LockType.LARGE_FILES) > 0)
{
for (int index = 0; index < numberOfRequestedUnlocks; index++)
{
LockingRange entry = LockingRange.Read64(this.SMBData, ref dataOffset);
Unlocks.Add(entry);
}
for (int index = 0; index < numberOfRequestedLocks; index++)
{
LockingRange entry = LockingRange.Read64(this.SMBData, ref dataOffset);
Locks.Add(entry);
}
}
else
{
for (int index = 0; index < numberOfRequestedUnlocks; index++)
{
LockingRange entry = LockingRange.Read32(this.SMBData, ref dataOffset);
Unlocks.Add(entry);
}
for (int index = 0; index < numberOfRequestedLocks; index++)
{
LockingRange entry = LockingRange.Read32(this.SMBData, ref dataOffset);
Locks.Add(entry);
}
}
}
public static AttributeRecord FromBytes(byte[] buffer, int offset)
{
byte nonResidentFlag = buffer[offset + 0x08];
AttributeType attributeType = (AttributeType)LittleEndianConverter.ToUInt32(buffer, offset + 0x00);
if (nonResidentFlag == 0x00) // resident
{
if (attributeType == AttributeType.StandardInformation)
{
return(new StandardInformationRecord(buffer, offset));
}
else if (attributeType == AttributeType.FileName)
{
return(new FileNameAttributeRecord(buffer, offset));
}
else if (attributeType == AttributeType.VolumeInformation)
{
return(new VolumeInformationRecord(buffer, offset));
}
else if (attributeType == AttributeType.IndexRoot)
{
return(new IndexRootRecord(buffer, offset));
}
else
{
return(new ResidentAttributeRecord(buffer, offset));
}
}
else // non-resident
{
if (attributeType == AttributeType.IndexAllocation)
{
return(new IndexAllocationRecord(buffer, offset));
}
else
{
return(new NonResidentAttributeRecord(buffer, offset));
}
}
}
public static List <T> ReadTable <T>(byte[] tableBytes, uint majorVersion) where T : RestartTableEntry
{
List <T> result = new List <T>();
RestartTableHeader header = new RestartTableHeader(tableBytes, 0);
int offset = RestartTableHeader.Length;
while (offset < tableBytes.Length)
{
uint allocatedOrNextFree = LittleEndianConverter.ToUInt32(tableBytes, offset + 0x00);
if (allocatedOrNextFree == RestartTableEntry.RestartEntryAllocated)
{
T entry = RestartTableEntry.ReadEntry <T>(tableBytes, offset, majorVersion);
result.Add(entry);
}
else if (!IsPointerValid(allocatedOrNextFree, header.EntrySize, tableBytes.Length))
{
throw new InvalidDataException("Invalid restart table entry, AllocatedOrNextFree points to invalid location");
}
offset += header.EntrySize;
}
return(result);
}
public CreateResponse(byte[] buffer, int offset) : base(buffer, offset)
{
StructureSize = LittleEndianConverter.ToUInt16(buffer, offset + SMB2Header.Length + 0);
OplockLevel = (OplockLevel)ByteReader.ReadByte(buffer, offset + SMB2Header.Length + 2);
Flags = (CreateResponseFlags)ByteReader.ReadByte(buffer, offset + SMB2Header.Length + 3);
CreateAction = (CreateAction)LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 4);
CreationTime = FileTimeHelper.ReadNullableFileTime(buffer, offset + SMB2Header.Length + 8);
LastAccessTime = FileTimeHelper.ReadNullableFileTime(buffer, offset + SMB2Header.Length + 16);
LastWriteTime = FileTimeHelper.ReadNullableFileTime(buffer, offset + SMB2Header.Length + 24);
ChangeTime = FileTimeHelper.ReadNullableFileTime(buffer, offset + SMB2Header.Length + 32);
AllocationSize = LittleEndianConverter.ToInt64(buffer, offset + SMB2Header.Length + 40);
EndofFile = LittleEndianConverter.ToInt64(buffer, offset + SMB2Header.Length + 48);
FileAttributes = (FileAttributes)LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 56);
Reserved2 = LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 60);
FileId = new FileID(buffer, offset + SMB2Header.Length + 64);
CreateContextsOffsets = LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 80);
CreateContextsLength = LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 84);
if (CreateContextsLength > 0)
{
CreateContexts = CreateContext.ReadCreateContextList(buffer, offset + (int)CreateContextsOffsets);
}
}
public NegotiateResponse(byte[] buffer, int offset) : base(buffer, offset)
{
DialectIndex = LittleEndianConverter.ToUInt16(SMBParameters, 0);
SecurityMode = (SecurityMode)ByteReader.ReadByte(SMBParameters, 2);
MaxMpxCount = LittleEndianConverter.ToUInt16(SMBParameters, 3);
MaxNumberVcs = LittleEndianConverter.ToUInt16(SMBParameters, 5);
MaxBufferSize = LittleEndianConverter.ToUInt32(SMBParameters, 7);
MaxRawSize = LittleEndianConverter.ToUInt32(SMBParameters, 11);
SessionKey = LittleEndianConverter.ToUInt32(SMBParameters, 15);
Capabilities = (Capabilities)LittleEndianConverter.ToUInt32(SMBParameters, 19);
SystemTime = FileTimeHelper.ReadFileTime(SMBParameters, 23);
ServerTimeZone = LittleEndianConverter.ToInt16(SMBParameters, 31);
ChallengeLength = ByteReader.ReadByte(SMBParameters, 33);
int dataOffset = 0;
Challenge = ByteReader.ReadBytes(SMBData, ref dataOffset, ChallengeLength);
// [MS-CIFS] <90> Padding is not added before DomainName
// DomainName and ServerName are always in Unicode
DomainName = SMB1Helper.ReadSMBString(SMBData, ref dataOffset, true);
ServerName = SMB1Helper.ReadSMBString(SMBData, ref dataOffset, true);
}
public AttributeListEntry(byte[] buffer, int offset)
{
AttributeType = (AttributeType)LittleEndianConverter.ToUInt32(buffer, offset + 0x00);
m_lengthOnDisk = LittleEndianConverter.ToUInt16(buffer, offset + 0x04);
if (m_lengthOnDisk < AttributeListEntry.HeaderLength)
{
throw new InvalidDataException("Invalid attribute list entry, data length is less than the valid minimum");
}
else if (m_lengthOnDisk > buffer.Length - offset)
{
throw new InvalidDataException("Invalid attribute list entry, data length exceed list length");
}
byte nameLength = ByteReader.ReadByte(buffer, offset + 0x06);
byte nameOffset = ByteReader.ReadByte(buffer, offset + 0x07);
LowestVCN = (long)LittleEndianConverter.ToUInt64(buffer, offset + 0x08);
SegmentReference = new MftSegmentReference(buffer, offset + 0x10);
Instance = LittleEndianConverter.ToUInt16(buffer, offset + 0x18);
if (nameLength > 0)
{
AttributeName = ByteReader.ReadUTF16String(buffer, offset + nameOffset, nameLength);
}
}
public CreateRequest(byte[] buffer, int offset) : base(buffer, offset)
{
StructureSize = LittleEndianConverter.ToUInt16(buffer, offset + SMB2Header.Length + 0);
SecurityFlags = ByteReader.ReadByte(buffer, offset + SMB2Header.Length + 2);
RequestedOplockLevel = (OplockLevel)ByteReader.ReadByte(buffer, offset + SMB2Header.Length + 3);
ImpersonationLevel = (ImpersonationLevel)LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 4);
SmbCreateFlags = LittleEndianConverter.ToUInt64(buffer, offset + SMB2Header.Length + 8);
Reserved = LittleEndianConverter.ToUInt64(buffer, offset + SMB2Header.Length + 16);
DesiredAccess = new AccessMask(buffer, offset + SMB2Header.Length + 24);
FileAttributes = (FileAttributes)LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 28);
ShareAccess = (ShareAccess)LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 32);
CreateDisposition = (CreateDisposition)LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 36);
CreateOptions = (CreateOptions)LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 40);
NameOffset = LittleEndianConverter.ToUInt16(buffer, offset + SMB2Header.Length + 44);
NameLength = LittleEndianConverter.ToUInt16(buffer, offset + SMB2Header.Length + 46);
CreateContextsOffsets = LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 48);
CreateContextsLength = LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 52);
Name = ByteReader.ReadUTF16String(buffer, offset + NameOffset, NameLength / 2);
if (CreateContextsLength > 0)
{
CreateContexts = CreateContext.ReadCreateContextList(buffer, (int)CreateContextsOffsets);
}
}
public string NativeLanMan; // SMB_STRING (this field WILL be aligned to start on a 2-byte boundary from the start of the SMB header)
public SessionSetupAndXRequestExtended(byte[] buffer, int offset, bool isUnicode) : base(buffer, offset, isUnicode)
{
MaxBufferSize = LittleEndianConverter.ToUInt16(this.SMBParameters, 4);
MaxMpxCount = LittleEndianConverter.ToUInt16(this.SMBParameters, 6);
VcNumber = LittleEndianConverter.ToUInt16(this.SMBParameters, 8);
SessionKey = LittleEndianConverter.ToUInt32(this.SMBParameters, 10);
ushort securityBlobLength = LittleEndianConverter.ToUInt16(this.SMBParameters, 14);
Reserved = LittleEndianConverter.ToUInt32(this.SMBParameters, 16);
Capabilities = (ServerCapabilities)LittleEndianConverter.ToUInt32(this.SMBParameters, 20);
SecurityBlob = ByteReader.ReadBytes(this.SMBData, 0, securityBlobLength);
int dataOffset = SecurityBlob.Length;
if (isUnicode)
{
int padding = securityBlobLength % 2;
dataOffset += padding;
}
NativeOS = SMBHelper.ReadSMBString(this.SMBData, ref dataOffset, isUnicode);
NativeLanMan = SMBHelper.ReadSMBString(this.SMBData, ref dataOffset, isUnicode);
}
public AuthenticateMessage(byte[] buffer)
{
Signature = ByteReader.ReadAnsiString(buffer, 0, 8);
MessageType = (MessageTypeName)LittleEndianConverter.ToUInt32(buffer, 8);
LmChallengeResponse = AuthenticationMessageUtils.ReadBufferPointer(buffer, 12);
NtChallengeResponse = AuthenticationMessageUtils.ReadBufferPointer(buffer, 20);
DomainName = AuthenticationMessageUtils.ReadUnicodeStringBufferPointer(buffer, 28);
UserName = AuthenticationMessageUtils.ReadUnicodeStringBufferPointer(buffer, 36);
WorkStation = AuthenticationMessageUtils.ReadUnicodeStringBufferPointer(buffer, 44);
EncryptedRandomSessionKey = AuthenticationMessageUtils.ReadBufferPointer(buffer, 52);
NegotiateFlags = (NegotiateFlags)LittleEndianConverter.ToUInt32(buffer, 60);
int offset = 64;
if ((NegotiateFlags & NegotiateFlags.Version) > 0)
{
Version = new NtlmVersion(buffer, offset);
offset += NtlmVersion.Length;
}
if (HasMicField())
{
MIC = ByteReader.ReadBytes(buffer, offset, 16);
}
}
public Transaction2FindNext2Request(byte[] parameters, byte[] data, bool isUnicode) : base()
{
SID = LittleEndianConverter.ToUInt16(parameters, 0);
SearchCount = LittleEndianConverter.ToUInt16(parameters, 2);
InformationLevel = (FindInformationLevel)LittleEndianConverter.ToUInt16(parameters, 4);
ResumeKey = LittleEndianConverter.ToUInt32(parameters, 6);
Flags = (FindFlags)LittleEndianConverter.ToUInt16(parameters, 10);
if (isUnicode && parameters.Length == 13 && parameters[12] == 0x00)
{
// Workaround for PlayStation2 Slim
FileName = String.Empty;
}
else
{
FileName = SMB1Helper.ReadSMBString(parameters, 12, isUnicode);
}
if (InformationLevel == FindInformationLevel.SMB_INFO_QUERY_EAS_FROM_LIST)
{
GetExtendedAttributeList = new ExtendedAttributeNameList(data, 0);
}
}
public byte[] Code = new byte[428]; // 512 - 0x54
/// <summary>
/// boot record is the first sector of the partition (not to be confused with the master boot record which is the first sector of the disk)
/// </summary>
public NTFSBootRecord(byte[] buffer)
{
Array.Copy(buffer, 0x00, Jump, 0, 3);
OEMID = ASCIIEncoding.ASCII.GetString(buffer, 0x03, 8);
BytesPerSector = LittleEndianConverter.ToUInt16(buffer, 0x0B);
SectorsPerCluster = buffer[0x0D];
MediaDescriptor = buffer[0x15];
SectorsPerTrack = LittleEndianConverter.ToUInt16(buffer, 0x18);
NumberOfHeads = LittleEndianConverter.ToUInt16(buffer, 0x1A);
NumberOfHiddenSectors = LittleEndianConverter.ToUInt32(buffer, 0x1C);
PhysicalDriveNumber = buffer[0x24];
ExtendedBootSignature = buffer[0x26];
TotalSectors = LittleEndianConverter.ToUInt64(buffer, 0x28);
MftStartLCN = LittleEndianConverter.ToUInt64(buffer, 0x30);
MftMirrorStartLCN = LittleEndianConverter.ToUInt64(buffer, 0x38);
RawClustersPerFileRecordSegment = (sbyte)buffer[0x40];
RawClustersPerIndexBlock = (sbyte)buffer[0x44];
VolumeSerialNumber = LittleEndianConverter.ToUInt64(buffer, 0x48);
Checksum = LittleEndianConverter.ToUInt32(buffer, 0x50);
Array.Copy(buffer, 0x54, Code, 0, Code.Length);
}
public SparseExtentHeader(byte[] buffer)
{
Signature = ByteReader.ReadAnsiString(buffer, 0x00, 4);
if (!String.Equals(Signature, ValidSignature))
{
throw new InvalidDataException("Sparse extent header signature is invalid");
}
Version = LittleEndianConverter.ToUInt32(buffer, 0x04);
Flags = LittleEndianConverter.ToUInt32(buffer, 0x08);
Capacity = LittleEndianConverter.ToUInt64(buffer, 0x0C);
GrainSize = LittleEndianConverter.ToUInt64(buffer, 0x14);
DescriptorOffset = LittleEndianConverter.ToUInt64(buffer, 0x1C);
DescriptorSize = LittleEndianConverter.ToUInt64(buffer, 0x24);
NumGTEsPerGT = LittleEndianConverter.ToUInt32(buffer, 0x2C);
RGDOffset = LittleEndianConverter.ToUInt64(buffer, 0x30);
GDOffset = LittleEndianConverter.ToUInt64(buffer, 0x38);
OverHead = LittleEndianConverter.ToUInt64(buffer, 0x40);
UncleanShutdown = ByteReader.ReadByte(buffer, 0x48) == 1;
SingleEndLineChar = (char)ByteReader.ReadByte(buffer, 0x49);
NonEndLineChar = (char)ByteReader.ReadByte(buffer, 0x4A);
DoubleEndLineChar1 = (char)ByteReader.ReadByte(buffer, 0x4B);
DoubleEndLineChar2 = (char)ByteReader.ReadByte(buffer, 0x4C);
CompressionAlgirithm = (SparseExtentCompression)LittleEndianConverter.ToUInt16(buffer, 0x4D);
}
public NTCreateAndXRequest(byte[] buffer, int offset, bool isUnicode) : base(buffer, offset, isUnicode)
{
Reserved = ByteReader.ReadByte(this.SMBParameters, 4);
ushort nameLength = LittleEndianConverter.ToUInt16(this.SMBParameters, 5);
Flags = (NTCreateFlags)LittleEndianConverter.ToUInt32(this.SMBParameters, 7);
RootDirectoryFID = LittleEndianConverter.ToUInt32(this.SMBParameters, 11);
DesiredAccess = (DesiredAccess)LittleEndianConverter.ToUInt32(this.SMBParameters, 15);
AllocationSize = LittleEndianConverter.ToUInt64(this.SMBParameters, 19);
ExtFileAttributes = (ExtendedFileAttributes)LittleEndianConverter.ToUInt32(this.SMBParameters, 27);
ShareAccess = (ShareAccess)LittleEndianConverter.ToUInt32(this.SMBParameters, 31);
CreateDisposition = (CreateDisposition)LittleEndianConverter.ToUInt32(this.SMBParameters, 35);
CreateOptions = (CreateOptions)LittleEndianConverter.ToUInt32(this.SMBParameters, 39);
ImpersonationLevel = (ImpersonationLevel)LittleEndianConverter.ToUInt32(this.SMBParameters, 43);
SecurityFlags = (SecurityFlags)ByteReader.ReadByte(this.SMBParameters, 47);
int dataOffset = 0;
if (isUnicode)
{
dataOffset = 1; // 1 byte padding for 2 byte alignment
}
FileName = SMBHelper.ReadSMBString(this.SMBData, dataOffset, isUnicode);
}
/// <summary>
/// boot record is the first sector of the partition (not to be confused with the master boot record which is the first sector of the disk)
/// </summary>
public NTFSBootRecord(byte[] buffer)
{
Jump = ByteReader.ReadBytes(buffer, 0x00, JumpLength);
OEMID = ByteReader.ReadAnsiString(buffer, 0x03, SignatureLength);
BytesPerSector = LittleEndianConverter.ToUInt16(buffer, 0x0B);
SectorsPerCluster = ByteReader.ReadByte(buffer, 0x0D);
MediaDescriptor = ByteReader.ReadByte(buffer, 0x15);
SectorsPerTrack = LittleEndianConverter.ToUInt16(buffer, 0x18);
NumberOfHeads = LittleEndianConverter.ToUInt16(buffer, 0x1A);
NumberOfHiddenSectors = LittleEndianConverter.ToUInt32(buffer, 0x1C);
PhysicalDriveNumber = ByteReader.ReadByte(buffer, 0x24);
ExtendedBootSignature = ByteReader.ReadByte(buffer, 0x26);
TotalSectors = LittleEndianConverter.ToUInt64(buffer, 0x28);
MftStartLCN = LittleEndianConverter.ToUInt64(buffer, 0x30);
MftMirrorStartLCN = LittleEndianConverter.ToUInt64(buffer, 0x38);
RawClustersPerFileRecordSegment = (sbyte)ByteReader.ReadByte(buffer, 0x40);
RawClustersPerIndexRecord = (sbyte)ByteReader.ReadByte(buffer, 0x44);
VolumeSerialNumber = LittleEndianConverter.ToUInt64(buffer, 0x48);
Checksum = LittleEndianConverter.ToUInt32(buffer, 0x50);
Code = ByteReader.ReadBytes(buffer, 0x54, CodeLength);
BootRecordSignature = LittleEndianConverter.ToUInt16(buffer, 0x1FE);
}
public SessionSetupAndXRequestExtended(byte[] buffer, int offset, bool isUnicode) : base(buffer, offset)
{
MaxBufferSize = LittleEndianConverter.ToUInt16(SMBParameters, 4);
MaxMpxCount = LittleEndianConverter.ToUInt16(SMBParameters, 6);
VcNumber = LittleEndianConverter.ToUInt16(SMBParameters, 8);
SessionKey = LittleEndianConverter.ToUInt32(SMBParameters, 10);
SecurityBlobLength = LittleEndianConverter.ToUInt16(SMBParameters, 14);
Reserved = LittleEndianConverter.ToUInt32(SMBParameters, 16);
Capabilities = (Capabilities)LittleEndianConverter.ToUInt32(SMBParameters, 20);
SecurityBlob = ByteReader.ReadBytes(SMBData, 0, SecurityBlobLength);
int dataOffset = SecurityBlob.Length;
if (isUnicode)
{
// A Unicode string MUST be aligned to a 16-bit boundary with respect to the beginning of the SMB Header.
// Note: SMBData starts at an odd offset.
int padding = (1 + SecurityBlobLength) % 2;
dataOffset += padding;
}
NativeOS = SMB1Helper.ReadSMBString(SMBData, ref dataOffset, isUnicode);
NativeLanMan = SMB1Helper.ReadSMBString(SMBData, ref dataOffset, isUnicode);
}
public FileNameInformation(byte[] buffer, int offset)
{
FileNameLength = LittleEndianConverter.ToUInt32(buffer, offset + 0);
FileName = ByteReader.ReadUTF16String(buffer, offset + 4, (int)FileNameLength / 2);
}
public static bool IsEndMarker(byte[] buffer, int offset)
{
uint type = LittleEndianConverter.ToUInt32(buffer, offset + 0x00);
return(type == 0xFFFFFFFF);
}
public QueryFileNameInfo(byte[] buffer, int offset)
{
uint fileNameLength = LittleEndianConverter.ToUInt32(buffer, 0);
FileName = ByteReader.ReadUTF16String(buffer, 4, (int)(fileNameLength / 2));
}
public FileFsDeviceInformation(byte[] buffer, int offset)
{
DeviceType = (DeviceType)LittleEndianConverter.ToUInt32(buffer, offset + 0);
Characteristics = (DeviceCharacteristics)LittleEndianConverter.ToUInt32(buffer, offset + 4);
}
public FileEaInformation(byte[] buffer, int offset)
{
EaSize = LittleEndianConverter.ToUInt32(buffer, offset + 0);
}
public static uint GetSystemPageSize(byte[] buffer, int offset)
{
return(LittleEndianConverter.ToUInt32(buffer, offset + 0x10));
}
public QueryFSDeviceInfo(byte[] buffer, int offset)
{
DeviceType = (DeviceType)LittleEndianConverter.ToUInt32(buffer, offset + 0);
DeviceCharacteristics = (DeviceCharacteristics)LittleEndianConverter.ToUInt32(buffer, offset + 4);
}
public QueryDirectoryFileInformation(byte[] buffer, int offset)
{
NextEntryOffset = LittleEndianConverter.ToUInt32(buffer, offset + 0);
FileIndex = LittleEndianConverter.ToUInt32(buffer, offset + 4);
}
public static SMB1Command ReadCommandResponse(byte[] buffer, int offset, CommandName commandName, bool isUnicode)
{
byte wordCount = ByteReader.ReadByte(buffer, offset);
switch (commandName)
{
case CommandName.SMB_COM_CREATE_DIRECTORY:
return(new CreateDirectoryResponse(buffer, offset));
case CommandName.SMB_COM_DELETE_DIRECTORY:
return(new DeleteDirectoryResponse(buffer, offset));
case CommandName.SMB_COM_CLOSE:
return(new CloseResponse(buffer, offset));
case CommandName.SMB_COM_FLUSH:
return(new FlushResponse(buffer, offset));
case CommandName.SMB_COM_DELETE:
return(new DeleteResponse(buffer, offset));
case CommandName.SMB_COM_RENAME:
return(new RenameResponse(buffer, offset));
case CommandName.SMB_COM_QUERY_INFORMATION:
{
if (wordCount * 2 == QueryInformationResponse.ParameterLength)
{
return(new QueryInformationResponse(buffer, offset));
}
if (wordCount == 0)
{
return(new ErrorResponse(commandName));
}
throw new InvalidDataException();
}
case CommandName.SMB_COM_SET_INFORMATION:
return(new SetInformationResponse(buffer, offset));
case CommandName.SMB_COM_READ:
{
if (wordCount * 2 == ReadResponse.ParametersLength)
{
return(new ReadResponse(buffer, offset));
}
if (wordCount == 0)
{
return(new ErrorResponse(commandName));
}
throw new InvalidDataException();
}
case CommandName.SMB_COM_WRITE:
{
if (wordCount * 2 == WriteResponse.ParametersLength)
{
return(new WriteResponse(buffer, offset));
}
if (wordCount == 0)
{
return(new ErrorResponse(commandName));
}
throw new InvalidDataException();
}
case CommandName.SMB_COM_CHECK_DIRECTORY:
return(new CheckDirectoryResponse(buffer, offset));
case CommandName.SMB_COM_WRITE_RAW:
{
if (wordCount * 2 == WriteRawInterimResponse.ParametersLength)
{
return(new WriteRawInterimResponse(buffer, offset));
}
if (wordCount == 0)
{
return(new ErrorResponse(commandName));
}
throw new InvalidDataException();
}
case CommandName.SMB_COM_WRITE_COMPLETE:
{
if (wordCount * 2 == WriteRawFinalResponse.ParametersLength)
{
return(new WriteRawFinalResponse(buffer, offset));
}
if (wordCount == 0)
{
return(new ErrorResponse(commandName));
}
throw new InvalidDataException();
}
case CommandName.SMB_COM_SET_INFORMATION2:
return(new SetInformation2Response(buffer, offset));
case CommandName.SMB_COM_LOCKING_ANDX:
{
if (wordCount * 2 == LockingAndXResponse.ParametersLength)
{
return(new LockingAndXResponse(buffer, offset));
}
if (wordCount == 0)
{
return(new ErrorResponse(commandName));
}
throw new InvalidDataException();
}
case CommandName.SMB_COM_TRANSACTION:
{
if (wordCount * 2 == TransactionInterimResponse.ParametersLength)
{
return(new TransactionInterimResponse(buffer, offset));
}
return(new TransactionResponse(buffer, offset));
}
case CommandName.SMB_COM_ECHO:
{
if (wordCount * 2 == EchoResponse.ParametersLength)
{
return(new EchoResponse(buffer, offset));
}
if (wordCount == 0)
{
return(new ErrorResponse(commandName));
}
throw new InvalidDataException();
}
case CommandName.SMB_COM_OPEN_ANDX:
{
if (wordCount * 2 == OpenAndXResponse.ParametersLength)
{
return(new OpenAndXResponse(buffer, offset));
}
if (wordCount * 2 == OpenAndXResponseExtended.ParametersLength)
{
return(new OpenAndXResponseExtended(buffer, offset));
}
if (wordCount == 0)
{
return(new ErrorResponse(commandName));
}
throw new InvalidDataException();
}
case CommandName.SMB_COM_READ_ANDX:
{
if (wordCount * 2 == ReadAndXResponse.ParametersLength)
{
return(new ReadAndXResponse(buffer, offset));
}
if (wordCount == 0)
{
return(new ErrorResponse(commandName));
}
throw new InvalidDataException();
}
case CommandName.SMB_COM_WRITE_ANDX:
{
if (wordCount * 2 == WriteAndXResponse.ParametersLength)
{
return(new WriteAndXResponse(buffer, offset));
}
if (wordCount == 0)
{
return(new ErrorResponse(commandName));
}
throw new InvalidDataException();
}
case CommandName.SMB_COM_TRANSACTION2:
{
if (wordCount * 2 == TransactionInterimResponse.ParametersLength)
{
return(new Transaction2InterimResponse(buffer, offset));
}
return(new Transaction2Response(buffer, offset));
}
case CommandName.SMB_COM_FIND_CLOSE2:
return(new FindClose2Response(buffer, offset));
case CommandName.SMB_COM_TREE_DISCONNECT:
return(new TreeDisconnectResponse(buffer, offset));
case CommandName.SMB_COM_NEGOTIATE:
{
// Both NegotiateResponse and NegotiateResponseExtended have WordCount set to 17
if (wordCount * 2 == NegotiateResponse.ParametersLength)
{
Capabilities capabilities = (Capabilities)LittleEndianConverter.ToUInt32(buffer, offset + 20);
if ((capabilities & Capabilities.ExtendedSecurity) > 0)
{
return(new NegotiateResponseExtended(buffer, offset));
}
return(new NegotiateResponse(buffer, offset));
}
if (wordCount == 0)
{
return(new ErrorResponse(commandName));
}
throw new InvalidDataException();
}
case CommandName.SMB_COM_SESSION_SETUP_ANDX:
{
if (wordCount * 2 == SessionSetupAndXResponse.ParametersLength)
{
return(new SessionSetupAndXResponse(buffer, offset, isUnicode));
}
if (wordCount * 2 == SessionSetupAndXResponseExtended.ParametersLength)
{
return(new SessionSetupAndXResponseExtended(buffer, offset, isUnicode));
}
if (wordCount == 0)
{
return(new ErrorResponse(commandName));
}
throw new InvalidDataException();
}
case CommandName.SMB_COM_LOGOFF_ANDX:
{
if (wordCount * 2 == LogoffAndXResponse.ParametersLength)
{
return(new LogoffAndXResponse(buffer, offset));
}
if (wordCount == 0)
{
return(new ErrorResponse(commandName));
}
throw new InvalidDataException();
}
case CommandName.SMB_COM_TREE_CONNECT_ANDX:
{
if (wordCount * 2 == TreeConnectAndXResponse.ParametersLength)
{
return(new TreeConnectAndXResponse(buffer, offset, isUnicode));
}
if (wordCount == 0)
{
return(new ErrorResponse(commandName));
}
throw new InvalidDataException();
}
case CommandName.SMB_COM_NT_TRANSACT:
{
if (wordCount * 2 == NTTransactInterimResponse.ParametersLength)
{
return(new NTTransactInterimResponse(buffer, offset));
}
return(new NTTransactResponse(buffer, offset));
}
case CommandName.SMB_COM_NT_CREATE_ANDX:
{
if (wordCount * 2 == NTCreateAndXResponse.ParametersLength)
{
return(new NTCreateAndXResponse(buffer, offset));
}
if (wordCount * 2 == NTCreateAndXResponseExtended.ParametersLength ||
wordCount * 2 == NTCreateAndXResponseExtended.DeclaredParametersLength)
{
return(new NTCreateAndXResponseExtended(buffer, offset));
}
if (wordCount == 0)
{
return(new ErrorResponse(commandName));
}
throw new InvalidDataException();
}
default:
throw new InvalidDataException("Invalid SMB command 0x" + ((byte)commandName).ToString("X2"));
}
}
public Transaction2CreateDirectoryRequest(byte[] parameters, byte[] data, bool isUnicode) : base()
{
Reserved = LittleEndianConverter.ToUInt32(parameters, 0);
DirectoryName = SMB1Helper.ReadSMBString(parameters, 4, isUnicode);
ExtendedAttributeList = new FullExtendedAttributeList(data);
}
