public NTStatus FsCtlPipeTranscieve(object handle, byte[] input, out byte[] output, int maxOutputLength)
{
output = null;
TransactionTransactNamedPipeRequest subcommand = new TransactionTransactNamedPipeRequest();
subcommand.FID = (ushort)handle;
subcommand.WriteData = input;
TransactionRequest request = new TransactionRequest();
request.Setup = subcommand.GetSetup();
request.TransParameters = subcommand.GetParameters();
request.TransData = subcommand.GetData(m_client.Unicode);
request.TotalDataCount = (ushort)request.TransData.Length;
request.TotalParameterCount = (ushort)request.TransParameters.Length;
request.MaxParameterCount = TransactionTransactNamedPipeResponse.ParametersLength;
request.MaxDataCount = (ushort)maxOutputLength;
request.Name = @"\PIPE\";
TrySendMessage(request);
SMB1Message reply = m_client.WaitForMessage(CommandName.SMB_COM_TRANSACTION);
if (reply != null)
{
if (reply.Header.Status == NTStatus.STATUS_SUCCESS && reply.Commands[0] is TransactionResponse)
{
TransactionResponse response = (TransactionResponse)reply.Commands[0];
TransactionTransactNamedPipeResponse subcommandResponse = new TransactionTransactNamedPipeResponse(response.TransData);
output = subcommandResponse.ReadData;
}
return(reply.Header.Status);
}
return(NTStatus.STATUS_INVALID_SMB);
}
public void FsCtlPipeTranscieve(NtHandle handle, byte[] input, out byte[]?output, int maxOutputLength)
{
TransactionTransactNamedPipeRequest subcommand = new TransactionTransactNamedPipeRequest
{
FID = ((Smb1Handle)handle).FID,
WriteData = input
};
TransactionRequest request = new TransactionRequest
{
Setup = subcommand.GetSetup(),
TransParameters = subcommand.GetParameters(),
TransData = subcommand.GetData(m_client.Unicode)
};
request.TotalDataCount = (ushort)request.TransData.Length;
request.TotalParameterCount = (ushort)request.TransParameters.Length;
request.MaxParameterCount = TransactionTransactNamedPipeResponse.ParametersLength;
request.MaxDataCount = (ushort)maxOutputLength;
request.Name = @"\PIPE\";
TrySendMessage(request);
SMB1Message reply = m_client.WaitForMessage(CommandName.SMB_COM_TRANSACTION);
if (reply.Header.Status != NTStatus.STATUS_SUCCESS || !(reply.Commands[0] is TransactionResponse transactionResponse))
{
throw new NtStatusException(reply.Header.Status);
}
TransactionTransactNamedPipeResponse subcommandResponse = new TransactionTransactNamedPipeResponse(transactionResponse.TransData);
output = subcommandResponse.ReadData;
}
internal static TransactionTransactNamedPipeResponse GetSubcommandResponse(SMB1Header header, TransactionTransactNamedPipeRequest subcommand, ISMBShare share, SMB1ConnectionState state)
{
SMB1Session session = state.GetSession(header.UID);
OpenFileObject openFile = session.GetOpenFileObject(subcommand.FID);
if (openFile == null)
{
header.Status = NTStatus.STATUS_INVALID_HANDLE;
return(null);
}
int maxOutputLength = UInt16.MaxValue;
byte[] output;
header.Status = share.FileStore.DeviceIOControl(openFile.Handle, (uint)IoControlCode.FSCTL_PIPE_TRANSCEIVE, subcommand.WriteData, out output, maxOutputLength);
if (header.Status != NTStatus.STATUS_SUCCESS)
{
return(null);
}
TransactionTransactNamedPipeResponse response = new TransactionTransactNamedPipeResponse();
response.ReadData = output;
return(response);
}
internal static TransactionTransactNamedPipeResponse GetSubcommandResponse(SMB1Header header, uint maxDataCount, TransactionTransactNamedPipeRequest subcommand, ISMBShare share, SMB1ConnectionState state)
{
SMB1Session session = state.GetSession(header.UID);
OpenFileObject openFile = session.GetOpenFileObject(subcommand.FID);
if (openFile == null)
{
state.LogToServer(Severity.Verbose, "TransactNamedPipe failed. Invalid FID. (UID: {0}, TID: {1}, FID: {2})", header.UID, header.TID, subcommand.FID);
header.Status = NTStatus.STATUS_INVALID_HANDLE;
return(null);
}
int maxOutputLength = (int)maxDataCount;
byte[] output;
header.Status = share.FileStore.DeviceIOControl(openFile.Handle, (uint)IoControlCode.FSCTL_PIPE_TRANSCEIVE, subcommand.WriteData, out output, maxOutputLength);
if (header.Status != NTStatus.STATUS_SUCCESS && header.Status != NTStatus.STATUS_BUFFER_OVERFLOW)
{
state.LogToServer(Severity.Verbose, "TransactNamedPipe failed. NTStatus: {0}.", header.Status);
return(null);
}
TransactionTransactNamedPipeResponse response = new TransactionTransactNamedPipeResponse();
response.ReadData = output;
return(response);
}
internal static TransactionTransactNamedPipeResponse GetSubcommandResponse(SMBHeader header, TransactionTransactNamedPipeRequest subcommand, NamedPipeShare share, StateObject state)
{
string openedFilePath = state.GetOpenedFilePath(subcommand.FID);
if (openedFilePath == null)
{
header.Status = NTStatus.STATUS_INVALID_HANDLE;
return(null);
}
TransactionTransactNamedPipeResponse response = new TransactionTransactNamedPipeResponse();
RemoteService service = share.GetService(openedFilePath);
if (service != null)
{
RPCPDU rpcRequest = RPCPDU.GetPDU(subcommand.WriteData);
RPCPDU rpcReply = RemoteServiceHelper.GetRPCReply(rpcRequest, service);
response.ReadData = rpcReply.GetBytes();
return(response);
}
// This code should not execute unless the request sequence is invalid
header.Status = NTStatus.STATUS_INVALID_SMB;
return(null);
}
