public void DeviceIOControl(NtHandle handle, uint ctlCode, byte[] input, out byte[]?output, int maxOutputLength) { output = null; IOCtlRequest request = new IOCtlRequest { Header = { CreditCharge = (ushort)Math.Ceiling((double)maxOutputLength / BytesPerCredit) }, CtlCode = ctlCode, IsFSCtl = true, FileId = (FileID)handle, Input = input, MaxOutputResponse = (uint)maxOutputLength }; SendCommand(request); SMB2Command response = WaitForCommand(request.MessageID); response.IsSuccessOrBufferOverflowElseThrow(); if (response is IOCtlResponse ioCtlResponse) { output = ioCtlResponse.Output; } }
public NTStatus DeviceIOControl(object handle, uint ctlCode, byte[] input, out byte[] output, int maxOutputLength) { output = null; IOCtlRequest request = new IOCtlRequest(); request.CtlCode = ctlCode; request.IsFSCtl = true; request.FileId = (FileID)handle; request.Input = input; request.MaxOutputResponse = (uint)maxOutputLength; ulong messageId = TrySendCommand(request); SMB2Command response = m_client.WaitForCommand(SMB2CommandName.IOCtl, messageId); if (response != null) { if ((response.Header.Status == NTStatus.STATUS_SUCCESS || response.Header.Status == NTStatus.STATUS_BUFFER_OVERFLOW) && response is IOCtlResponse) { output = ((IOCtlResponse)response).Output; } return(response.Header.Status); } return(NTStatus.STATUS_INVALID_SMB); }
internal static SMB2Command GetIOCtlResponse(IOCtlRequest request, ISMBShare share, SMB2ConnectionState state) { SMB2Session session = state.GetSession(request.Header.SessionID); string ctlCode = Enum.IsDefined(typeof(IoControlCode), request.CtlCode) ? ((IoControlCode)request.CtlCode).ToString() : ("0x" + request.CtlCode.ToString("X8")); if (!request.IsFSCtl) { // [MS-SMB2] If the Flags field of the request is not SMB2_0_IOCTL_IS_FSCTL the server MUST fail the request with STATUS_NOT_SUPPORTED. state.LogToServer(Severity.Verbose, "IOCTL: Non-FSCTL requests are not supported. CTL Code: {0}", ctlCode); return(new ErrorResponse(request.CommandName, NTStatus.STATUS_NOT_SUPPORTED)); } if (request.CtlCode == (uint)IoControlCode.FSCTL_DFS_GET_REFERRALS || request.CtlCode == (uint)IoControlCode.FSCTL_DFS_GET_REFERRALS_EX) { // [MS-SMB2] 3.3.5.15.2 Handling a DFS Referral Information Request state.LogToServer(Severity.Verbose, "IOCTL failed. CTL Code: {0}. NTStatus: STATUS_FS_DRIVER_REQUIRED.", ctlCode); return(new ErrorResponse(request.CommandName, NTStatus.STATUS_FS_DRIVER_REQUIRED)); } object handle; if (request.CtlCode == (uint)IoControlCode.FSCTL_PIPE_WAIT || request.CtlCode == (uint)IoControlCode.FSCTL_VALIDATE_NEGOTIATE_INFO || request.CtlCode == (uint)IoControlCode.FSCTL_QUERY_NETWORK_INTERFACE_INFO) { // [MS-SMB2] 3.3.5.15 - FSCTL_PIPE_WAIT / FSCTL_QUERY_NETWORK_INTERFACE_INFO / // FSCTL_VALIDATE_NEGOTIATE_INFO requests MUST have FileId set to 0xFFFFFFFFFFFFFFFF. if (request.FileId.Persistent != 0xFFFFFFFFFFFFFFFF || request.FileId.Volatile != 0xFFFFFFFFFFFFFFFF) { state.LogToServer(Severity.Verbose, "IOCTL failed. CTL Code: {0}. FileId MUST be 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", ctlCode); return(new ErrorResponse(request.CommandName, NTStatus.STATUS_INVALID_PARAMETER)); } handle = null; } else { OpenFileObject openFile = session.GetOpenFileObject(request.FileId); if (openFile == null) { state.LogToServer(Severity.Verbose, "IOCTL failed. CTL Code: {0}. Invalid FileId. (SessionID: {1}, TreeID: {2}, FileId: {3})", ctlCode, request.Header.SessionID, request.Header.TreeID, request.FileId.Volatile); return(new ErrorResponse(request.CommandName, NTStatus.STATUS_FILE_CLOSED)); } handle = openFile.Handle; } int maxOutputLength = (int)request.MaxOutputResponse; byte[] output; NTStatus status = share.FileStore.DeviceIOControl(handle, request.CtlCode, request.Input, out output, maxOutputLength); if (status != NTStatus.STATUS_SUCCESS && status != NTStatus.STATUS_BUFFER_OVERFLOW) { state.LogToServer(Severity.Verbose, "IOCTL failed. CTL Code: {0}. NTStatus: {1}.", ctlCode, status); return(new ErrorResponse(request.CommandName, status)); } state.LogToServer(Severity.Verbose, "IOCTL succeeded. CTL Code: {0}.", ctlCode); IOCtlResponse response = new IOCtlResponse(); response.Header.Status = status; response.CtlCode = request.CtlCode; response.FileId = request.FileId; response.Output = output; return(response); }