public TransactionResponse(byte[] buffer, int offset) : base(buffer, offset) { TotalParameterCount = LittleEndianConverter.ToUInt16(SMBParameters, 0); TotalDataCount = LittleEndianConverter.ToUInt16(SMBParameters, 2); Reserved1 = LittleEndianConverter.ToUInt16(SMBParameters, 4); ushort parameterCount = LittleEndianConverter.ToUInt16(SMBParameters, 6); ushort parameterOffset = LittleEndianConverter.ToUInt16(SMBParameters, 8); ParameterDisplacement = LittleEndianConverter.ToUInt16(SMBParameters, 10); ushort dataCount = LittleEndianConverter.ToUInt16(SMBParameters, 12); ushort dataOffset = LittleEndianConverter.ToUInt16(SMBParameters, 14); DataDisplacement = LittleEndianConverter.ToUInt16(SMBParameters, 16); byte setupCount = ByteReader.ReadByte(SMBParameters, 18); Reserved2 = ByteReader.ReadByte(SMBParameters, 19); Setup = ByteReader.ReadBytes(SMBParameters, 20, setupCount * 2); TransParameters = ByteReader.ReadBytes(buffer, parameterOffset, parameterCount); TransData = ByteReader.ReadBytes(buffer, dataOffset, dataCount); }
public SessionSetupAndXResponse(byte[] buffer, int offset, bool isUnicode) : base(buffer, offset) { Action = (SessionSetupAction)LittleEndianConverter.ToUInt16(SMBParameters, 4); int dataOffset = 0; if (isUnicode) { // A Unicode string MUST be aligned to a 16-bit boundary with respect to the beginning of the SMB Header. // Note: SMBData starts at an odd offset. dataOffset++; } NativeOS = SMB1Helper.ReadSMBString(SMBData, ref dataOffset, isUnicode); NativeLanMan = SMB1Helper.ReadSMBString(SMBData, ref dataOffset, isUnicode); if ((SMBData.Length - dataOffset) % 2 == 1) { // Workaround for a single terminating null byte SMBData = ByteUtils.Concatenate(SMBData, new byte[1]); } PrimaryDomain = SMB1Helper.ReadSMBString(SMBData, ref dataOffset, isUnicode); }
public static PSTHeader ReadFromStream(Stream stream, WriterCompatibilityMode writerCompatibilityMode) { byte[] buffer = new byte[HeaderLength]; stream.Read(buffer, 0, HeaderLength); string dwMagic = ByteReader.ReadAnsiString(buffer, 0, 4); string wMagicClient = ByteReader.ReadAnsiString(buffer, 8, 2); ushort wVer = LittleEndianConverter.ToUInt16(buffer, 10); ushort wVerClient = LittleEndianConverter.ToUInt16(buffer, 12); if (dwMagic == "!BDN" && wVer == (int)PSTVersion.Unicode && ((wMagicClient == "SO" && wVerClient == (int)ClientVersion.OfflineFolders) || (wMagicClient == "SM" && wVerClient == (int)ClientVersion.PersonalFolders))) { return(new PSTHeader(buffer)); } else { return(null); } }
public WriteAndXRequest(byte[] buffer, int offset, bool isUnicode) : base(buffer, offset, isUnicode) { FID = LittleEndianConverter.ToUInt16(this.SMBParameters, 4); Offset = LittleEndianConverter.ToUInt32(this.SMBParameters, 6); Timeout = LittleEndianConverter.ToUInt32(this.SMBParameters, 10); WriteMode = (WriteMode)LittleEndianConverter.ToUInt16(this.SMBParameters, 14); Remaining = LittleEndianConverter.ToUInt16(this.SMBParameters, 16); ushort dataLengthHigh = LittleEndianConverter.ToUInt16(this.SMBParameters, 18); uint DataLength = LittleEndianConverter.ToUInt16(this.SMBParameters, 20); ushort DataOffset = LittleEndianConverter.ToUInt16(this.SMBParameters, 22); if (SMBParameters.Length == ParametersFixedLength + 4) { uint offsetHigh = LittleEndianConverter.ToUInt32(this.SMBParameters, 24); Offset |= ((ulong)offsetHigh << 32); } DataLength |= (uint)(dataLengthHigh << 16); Data = ByteReader.ReadBytes(buffer, (int)DataOffset, (int)DataLength); }
public FileRecordSegment(byte[] buffer, int offset, long segmentNumber) { MultiSectorHeader multiSectorHeader = new MultiSectorHeader(buffer, offset + 0x00); if (multiSectorHeader.Signature != ValidSignature) { throw new InvalidDataException("Invalid FILE record signature"); } LogFileSequenceNumber = LittleEndianConverter.ToUInt64(buffer, offset + 0x08); m_sequenceNumber = LittleEndianConverter.ToUInt16(buffer, offset + 0x10); ReferenceCount = LittleEndianConverter.ToUInt16(buffer, offset + 0x12); ushort firstAttributeOffset = LittleEndianConverter.ToUInt16(buffer, offset + 0x14); m_flags = (FileRecordFlags)LittleEndianConverter.ToUInt16(buffer, offset + 0x16); uint segmentLength = LittleEndianConverter.ToUInt32(buffer, offset + 0x18); uint segmentAllocatedLength = LittleEndianConverter.ToUInt32(buffer, offset + 0x1C); m_baseFileRecordSegment = new MftSegmentReference(buffer, offset + 0x20); NextAttributeInstance = LittleEndianConverter.ToUInt16(buffer, offset + 0x28); // 2 bytes padding m_segmentNumberOnDisk = LittleEndianConverter.ToUInt32(buffer, offset + 0x2C); UpdateSequenceNumber = LittleEndianConverter.ToUInt16(buffer, offset + multiSectorHeader.UpdateSequenceArrayOffset); // Read attributes int position = offset + firstAttributeOffset; while (!IsEndMarker(buffer, position)) { AttributeRecord attribute = AttributeRecord.FromBytes(buffer, position); m_immediateAttributes.Add(attribute); position += (int)attribute.RecordLengthOnDisk; if (position > buffer.Length) { throw new InvalidDataException("Invalid attribute length"); } } m_segmentNumber = segmentNumber; }
public TransactionRequest(byte[] buffer, int offset, bool isUnicode) : base(buffer, offset) { TotalParameterCount = LittleEndianConverter.ToUInt16(SMBParameters, 0); TotalDataCount = LittleEndianConverter.ToUInt16(SMBParameters, 2); MaxParameterCount = LittleEndianConverter.ToUInt16(SMBParameters, 4); MaxDataCount = LittleEndianConverter.ToUInt16(SMBParameters, 6); MaxSetupCount = ByteReader.ReadByte(SMBParameters, 8); Reserved1 = ByteReader.ReadByte(SMBParameters, 9); Flags = (TransactionFlags)LittleEndianConverter.ToUInt16(SMBParameters, 10); Timeout = LittleEndianConverter.ToUInt32(SMBParameters, 12); Reserved2 = LittleEndianConverter.ToUInt16(SMBParameters, 16); ushort transParameterCount = LittleEndianConverter.ToUInt16(SMBParameters, 18); ushort transParameterOffset = LittleEndianConverter.ToUInt16(SMBParameters, 20); ushort transDataCount = LittleEndianConverter.ToUInt16(SMBParameters, 22); ushort transDataOffset = LittleEndianConverter.ToUInt16(SMBParameters, 24); byte setupCount = ByteReader.ReadByte(SMBParameters, 26); Reserved3 = ByteReader.ReadByte(SMBParameters, 27); Setup = ByteReader.ReadBytes(SMBParameters, 28, setupCount * 2); if (SMBData.Length > 0) // Workaround, Some SAMBA clients will set ByteCount to 0 (Popcorn Hour A-400) { int dataOffset = 0; if (this is Transaction2Request) { Name = string.Empty; } else { if (isUnicode) { int namePadding = 1; dataOffset += namePadding; } Name = SMB1Helper.ReadSMBString(SMBData, ref dataOffset, isUnicode); } } TransParameters = ByteReader.ReadBytes(buffer, transParameterOffset, transParameterCount); TransData = ByteReader.ReadBytes(buffer, transDataOffset, transDataCount); }
public LockingAndXRequest(byte[] buffer, int offset) : base(buffer, offset, false) { FID = LittleEndianConverter.ToUInt16(this.SMBParameters, 4); TypeOfLock = (LockType)ByteReader.ReadByte(this.SMBParameters, 6); NewOpLockLevel = ByteReader.ReadByte(this.SMBParameters, 7); Timeout = LittleEndianConverter.ToUInt32(this.SMBParameters, 8); ushort numberOfRequestedUnlocks = LittleEndianConverter.ToUInt16(this.SMBParameters, 12); ushort numberOfRequestedLocks = LittleEndianConverter.ToUInt16(this.SMBParameters, 14); int dataOffset = 0; if ((TypeOfLock & LockType.LARGE_FILES) > 0) { for (int index = 0; index < numberOfRequestedUnlocks; index++) { LockingRange entry = LockingRange.Read64(this.SMBData, ref dataOffset); Unlocks.Add(entry); } for (int index = 0; index < numberOfRequestedLocks; index++) { LockingRange entry = LockingRange.Read64(this.SMBData, ref dataOffset); Locks.Add(entry); } } else { for (int index = 0; index < numberOfRequestedUnlocks; index++) { LockingRange entry = LockingRange.Read32(this.SMBData, ref dataOffset); Unlocks.Add(entry); } for (int index = 0; index < numberOfRequestedLocks; index++) { LockingRange entry = LockingRange.Read32(this.SMBData, ref dataOffset); Locks.Add(entry); } } }
public NTFSLogRecord(byte[] recordBytes) { RedoOperation = (NTFSLogOperation)LittleEndianConverter.ToUInt16(recordBytes, 0x00); UndoOperation = (NTFSLogOperation)LittleEndianConverter.ToUInt16(recordBytes, 0x02); ushort redoOffset = LittleEndianConverter.ToUInt16(recordBytes, 0x04); ushort redoLength = LittleEndianConverter.ToUInt16(recordBytes, 0x06); ushort undoOffset = LittleEndianConverter.ToUInt16(recordBytes, 0x08); ushort undoLength = LittleEndianConverter.ToUInt16(recordBytes, 0x0A); TargetAttributeIndex = LittleEndianConverter.ToUInt16(recordBytes, 0x0C); ushort lcnsToFollow = LittleEndianConverter.ToUInt16(recordBytes, 0x0E); RecordOffset = LittleEndianConverter.ToUInt16(recordBytes, 0x10); AttributeOffset = LittleEndianConverter.ToUInt16(recordBytes, 0x12); ClusterBlockOffset = LittleEndianConverter.ToUInt16(recordBytes, 0x14); Reserved = LittleEndianConverter.ToUInt16(recordBytes, 0x16); TargetVCN = (long)LittleEndianConverter.ToUInt64(recordBytes, 0x18); for (int index = 0; index < lcnsToFollow; index++) { long lcn = (long)LittleEndianConverter.ToUInt64(recordBytes, 0x20 + index * 8); LCNsForPage.Add(lcn); } /*int dataOffset = 0x20 + lcnsToFollow * 8; * int dataLength = recordBytes.Length - dataOffset;*/ RedoData = ByteReader.ReadBytes(recordBytes, redoOffset, redoLength); if (undoOffset == redoOffset && undoLength == redoLength) { UndoData = RedoData; } else if (UndoOperation != NTFSLogOperation.CompensationLogRecord) { UndoData = ByteReader.ReadBytes(recordBytes, undoOffset, undoLength); } else { // This record is logging the undo of a previous operation (e.g. when aborting a transaction) UndoData = new byte[0]; } }
public TimeZoneStructure(byte[] buffer) { lBias = LittleEndianConverter.ToInt32(buffer, 0); lStandardBias = LittleEndianConverter.ToInt32(buffer, 4); lDaylightBias = LittleEndianConverter.ToInt32(buffer, 8); ushort wStandardYear = LittleEndianConverter.ToUInt16(buffer, 12); stStandardDate = new SystemTime(buffer, 14); ushort wDaylightYear = LittleEndianConverter.ToUInt16(buffer, 30); stDaylightDate = new SystemTime(buffer, 32); if (stStandardDate.wYear != wStandardYear) { throw new InvalidPropertyException("Invalid TimeZoneStructure"); } if (stDaylightDate.wYear != wDaylightYear) { throw new InvalidPropertyException("Invalid TimeZoneStructure"); } }
public TableContextInfo(byte[] buffer) { bType = (OnHeapTypeName)ByteReader.ReadByte(buffer, 0); byte cCols = ByteReader.ReadByte(buffer, 1); int position = 2; for (int index = 0; index < 4; index++) { rgib[index] = LittleEndianConverter.ToUInt16(buffer, position); position += 2; } hidRowIndex = new HeapID(buffer, 10); hnidRows = new HeapOrNodeID(buffer, 14); // hidIndex - deprecated position = 22; for (int index = 0; index < cCols; index++) { TableColumnDescriptor descriptor = new TableColumnDescriptor(buffer, position); rgTCOLDESC.Add(descriptor); position += TableColumnDescriptor.Length; } }
public NonResidentAttributeRecord(byte[] buffer, int offset) : base(buffer, offset) { LowestVCN = (long)LittleEndianConverter.ToUInt64(buffer, offset + 0x10); HighestVCN = (long)LittleEndianConverter.ToUInt64(buffer, offset + 0x18); ushort mappingPairsOffset = LittleEndianConverter.ToUInt16(buffer, offset + 0x20); CompressionUnit = ByteReader.ReadByte(buffer, offset + 0x22); AllocatedLength = LittleEndianConverter.ToUInt64(buffer, offset + 0x28); FileSize = LittleEndianConverter.ToUInt64(buffer, offset + 0x30); ValidDataLength = LittleEndianConverter.ToUInt64(buffer, offset + 0x38); m_dataRunSequence = new DataRunSequence(buffer, offset + mappingPairsOffset, (int)this.RecordLengthOnDisk - mappingPairsOffset); if (CompressionUnit != 0) { throw new NotSupportedException("NTFS compression is not supported"); } if ((HighestVCN - LowestVCN + 1) != m_dataRunSequence.DataClusterCount) { throw new InvalidDataException("Invalid non-resident attribute record"); } }
public CreateResponse(byte[] buffer, int offset) : base(buffer, offset) { StructureSize = LittleEndianConverter.ToUInt16(buffer, offset + SMB2Header.Length + 0); OplockLevel = (OplockLevel)ByteReader.ReadByte(buffer, offset + SMB2Header.Length + 2); Flags = (CreateResponseFlags)ByteReader.ReadByte(buffer, offset + SMB2Header.Length + 3); CreateAction = (CreateAction)LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 4); CreationTime = FileTimeHelper.ReadNullableFileTime(buffer, offset + SMB2Header.Length + 8); LastAccessTime = FileTimeHelper.ReadNullableFileTime(buffer, offset + SMB2Header.Length + 16); LastWriteTime = FileTimeHelper.ReadNullableFileTime(buffer, offset + SMB2Header.Length + 24); ChangeTime = FileTimeHelper.ReadNullableFileTime(buffer, offset + SMB2Header.Length + 32); AllocationSize = LittleEndianConverter.ToInt64(buffer, offset + SMB2Header.Length + 40); EndofFile = LittleEndianConverter.ToInt64(buffer, offset + SMB2Header.Length + 48); FileAttributes = (FileAttributes)LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 56); Reserved2 = LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 60); FileId = new FileID(buffer, offset + SMB2Header.Length + 64); CreateContextsOffsets = LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 80); CreateContextsLength = LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 84); if (CreateContextsLength > 0) { CreateContexts = CreateContext.ReadCreateContextList(buffer, offset + (int)CreateContextsOffsets); } }
public NegotiateResponse(byte[] buffer, int offset) : base(buffer, offset) { DialectIndex = LittleEndianConverter.ToUInt16(SMBParameters, 0); SecurityMode = (SecurityMode)ByteReader.ReadByte(SMBParameters, 2); MaxMpxCount = LittleEndianConverter.ToUInt16(SMBParameters, 3); MaxNumberVcs = LittleEndianConverter.ToUInt16(SMBParameters, 5); MaxBufferSize = LittleEndianConverter.ToUInt32(SMBParameters, 7); MaxRawSize = LittleEndianConverter.ToUInt32(SMBParameters, 11); SessionKey = LittleEndianConverter.ToUInt32(SMBParameters, 15); Capabilities = (Capabilities)LittleEndianConverter.ToUInt32(SMBParameters, 19); SystemTime = FileTimeHelper.ReadFileTime(SMBParameters, 23); ServerTimeZone = LittleEndianConverter.ToInt16(SMBParameters, 31); ChallengeLength = ByteReader.ReadByte(SMBParameters, 33); int dataOffset = 0; Challenge = ByteReader.ReadBytes(SMBData, ref dataOffset, ChallengeLength); // [MS-CIFS] <90> Padding is not added before DomainName // DomainName and ServerName are always in Unicode DomainName = SMB1Helper.ReadSMBString(SMBData, ref dataOffset, true); ServerName = SMB1Helper.ReadSMBString(SMBData, ref dataOffset, true); }
public AttributeListEntry(byte[] buffer, int offset) { AttributeType = (AttributeType)LittleEndianConverter.ToUInt32(buffer, offset + 0x00); m_lengthOnDisk = LittleEndianConverter.ToUInt16(buffer, offset + 0x04); if (m_lengthOnDisk < AttributeListEntry.HeaderLength) { throw new InvalidDataException("Invalid attribute list entry, data length is less than the valid minimum"); } else if (m_lengthOnDisk > buffer.Length - offset) { throw new InvalidDataException("Invalid attribute list entry, data length exceed list length"); } byte nameLength = ByteReader.ReadByte(buffer, offset + 0x06); byte nameOffset = ByteReader.ReadByte(buffer, offset + 0x07); LowestVCN = (long)LittleEndianConverter.ToUInt64(buffer, offset + 0x08); SegmentReference = new MftSegmentReference(buffer, offset + 0x10); Instance = LittleEndianConverter.ToUInt16(buffer, offset + 0x18); if (nameLength > 0) { AttributeName = ByteReader.ReadUTF16String(buffer, offset + nameOffset, nameLength); } }
public string NativeLanMan; // SMB_STRING (this field WILL be aligned to start on a 2-byte boundary from the start of the SMB header) public SessionSetupAndXRequestExtended(byte[] buffer, int offset, bool isUnicode) : base(buffer, offset, isUnicode) { MaxBufferSize = LittleEndianConverter.ToUInt16(this.SMBParameters, 4); MaxMpxCount = LittleEndianConverter.ToUInt16(this.SMBParameters, 6); VcNumber = LittleEndianConverter.ToUInt16(this.SMBParameters, 8); SessionKey = LittleEndianConverter.ToUInt32(this.SMBParameters, 10); ushort securityBlobLength = LittleEndianConverter.ToUInt16(this.SMBParameters, 14); Reserved = LittleEndianConverter.ToUInt32(this.SMBParameters, 16); Capabilities = (ServerCapabilities)LittleEndianConverter.ToUInt32(this.SMBParameters, 20); SecurityBlob = ByteReader.ReadBytes(this.SMBData, 0, securityBlobLength); int dataOffset = SecurityBlob.Length; if (isUnicode) { int padding = securityBlobLength % 2; dataOffset += padding; } NativeOS = SMBHelper.ReadSMBString(this.SMBData, ref dataOffset, isUnicode); NativeLanMan = SMBHelper.ReadSMBString(this.SMBData, ref dataOffset, isUnicode); }
public CreateRequest(byte[] buffer, int offset) : base(buffer, offset) { StructureSize = LittleEndianConverter.ToUInt16(buffer, offset + SMB2Header.Length + 0); SecurityFlags = ByteReader.ReadByte(buffer, offset + SMB2Header.Length + 2); RequestedOplockLevel = (OplockLevel)ByteReader.ReadByte(buffer, offset + SMB2Header.Length + 3); ImpersonationLevel = (ImpersonationLevel)LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 4); SmbCreateFlags = LittleEndianConverter.ToUInt64(buffer, offset + SMB2Header.Length + 8); Reserved = LittleEndianConverter.ToUInt64(buffer, offset + SMB2Header.Length + 16); DesiredAccess = new AccessMask(buffer, offset + SMB2Header.Length + 24); FileAttributes = (FileAttributes)LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 28); ShareAccess = (ShareAccess)LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 32); CreateDisposition = (CreateDisposition)LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 36); CreateOptions = (CreateOptions)LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 40); NameOffset = LittleEndianConverter.ToUInt16(buffer, offset + SMB2Header.Length + 44); NameLength = LittleEndianConverter.ToUInt16(buffer, offset + SMB2Header.Length + 46); CreateContextsOffsets = LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 48); CreateContextsLength = LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 52); Name = ByteReader.ReadUTF16String(buffer, offset + NameOffset, NameLength / 2); if (CreateContextsLength > 0) { CreateContexts = CreateContext.ReadCreateContextList(buffer, (int)CreateContextsOffsets); } }
public RenameRequest(byte[] buffer, int offset, bool isUnicode) : base(buffer, offset, isUnicode) { SearchAttributes = (FileAttributes)LittleEndianConverter.ToUInt16(this.SMBParameters, 0); int dataOffset = 0; BufferFormat1 = ByteReader.ReadByte(this.SMBData, ref dataOffset); if (BufferFormat1 != SupportedBufferFormat) { throw new InvalidRequestException("Unsupported Buffer Format"); } OldFileName = SMBHelper.ReadSMBString(this.SMBData, ref dataOffset, isUnicode); BufferFormat2 = ByteReader.ReadByte(this.SMBData, ref dataOffset); if (BufferFormat2 != SupportedBufferFormat) { throw new InvalidRequestException("Unsupported Buffer Format"); } if (isUnicode) { dataOffset++; } NewFileName = SMBHelper.ReadSMBString(this.SMBData, ref dataOffset, isUnicode); }
public NTCreateAndXRequest(byte[] buffer, int offset, bool isUnicode) : base(buffer, offset, isUnicode) { Reserved = ByteReader.ReadByte(this.SMBParameters, 4); ushort nameLength = LittleEndianConverter.ToUInt16(this.SMBParameters, 5); Flags = (NTCreateFlags)LittleEndianConverter.ToUInt32(this.SMBParameters, 7); RootDirectoryFID = LittleEndianConverter.ToUInt32(this.SMBParameters, 11); DesiredAccess = (DesiredAccess)LittleEndianConverter.ToUInt32(this.SMBParameters, 15); AllocationSize = LittleEndianConverter.ToUInt64(this.SMBParameters, 19); ExtFileAttributes = (ExtendedFileAttributes)LittleEndianConverter.ToUInt32(this.SMBParameters, 27); ShareAccess = (ShareAccess)LittleEndianConverter.ToUInt32(this.SMBParameters, 31); CreateDisposition = (CreateDisposition)LittleEndianConverter.ToUInt32(this.SMBParameters, 35); CreateOptions = (CreateOptions)LittleEndianConverter.ToUInt32(this.SMBParameters, 39); ImpersonationLevel = (ImpersonationLevel)LittleEndianConverter.ToUInt32(this.SMBParameters, 43); SecurityFlags = (SecurityFlags)ByteReader.ReadByte(this.SMBParameters, 47); int dataOffset = 0; if (isUnicode) { dataOffset = 1; // 1 byte padding for 2 byte alignment } FileName = SMBHelper.ReadSMBString(this.SMBData, dataOffset, isUnicode); }
public SessionSetupAndXRequestExtended(byte[] buffer, int offset, bool isUnicode) : base(buffer, offset) { MaxBufferSize = LittleEndianConverter.ToUInt16(SMBParameters, 4); MaxMpxCount = LittleEndianConverter.ToUInt16(SMBParameters, 6); VcNumber = LittleEndianConverter.ToUInt16(SMBParameters, 8); SessionKey = LittleEndianConverter.ToUInt32(SMBParameters, 10); SecurityBlobLength = LittleEndianConverter.ToUInt16(SMBParameters, 14); Reserved = LittleEndianConverter.ToUInt32(SMBParameters, 16); Capabilities = (Capabilities)LittleEndianConverter.ToUInt32(SMBParameters, 20); SecurityBlob = ByteReader.ReadBytes(SMBData, 0, SecurityBlobLength); int dataOffset = SecurityBlob.Length; if (isUnicode) { // A Unicode string MUST be aligned to a 16-bit boundary with respect to the beginning of the SMB Header. // Note: SMBData starts at an odd offset. int padding = (1 + SecurityBlobLength) % 2; dataOffset += padding; } NativeOS = SMB1Helper.ReadSMBString(SMBData, ref dataOffset, isUnicode); NativeLanMan = SMB1Helper.ReadSMBString(SMBData, ref dataOffset, isUnicode); }
public Transaction2FindNext2Request(byte[] parameters, byte[] data, bool isUnicode) : base() { SID = LittleEndianConverter.ToUInt16(parameters, 0); SearchCount = LittleEndianConverter.ToUInt16(parameters, 2); InformationLevel = (FindInformationLevel)LittleEndianConverter.ToUInt16(parameters, 4); ResumeKey = LittleEndianConverter.ToUInt32(parameters, 6); Flags = (FindFlags)LittleEndianConverter.ToUInt16(parameters, 10); if (isUnicode && parameters.Length == 13 && parameters[12] == 0x00) { // Workaround for PlayStation2 Slim FileName = String.Empty; } else { FileName = SMB1Helper.ReadSMBString(parameters, 12, isUnicode); } if (InformationLevel == FindInformationLevel.SMB_INFO_QUERY_EAS_FROM_LIST) { GetExtendedAttributeList = new ExtendedAttributeNameList(data, 0); } }
public SessionSetupAndXResponseExtended(byte[] buffer, int offset, bool isUnicode) : base(buffer, offset) { Action = (SessionSetupAction)LittleEndianConverter.ToUInt16(SMBParameters, 4); SecurityBlobLength = LittleEndianConverter.ToUInt16(SMBParameters, 6); SecurityBlob = ByteReader.ReadBytes(SMBData, 0, SecurityBlobLength); int dataOffset = SecurityBlob.Length; if (isUnicode) { // A Unicode string MUST be aligned to a 16-bit boundary with respect to the beginning of the SMB Header. // Note: SMBData starts at an odd offset. int padding = (1 + SecurityBlobLength) % 2; dataOffset += padding; } NativeOS = SMB1Helper.ReadSMBString(SMBData, ref dataOffset, isUnicode); if ((SMBData.Length - dataOffset) % 2 == 1) { // Workaround for a single terminating null byte SMBData = ByteUtils.Concatenate(SMBData, new byte[1]); } NativeLanMan = SMB1Helper.ReadSMBString(SMBData, ref dataOffset, isUnicode); }
/// <summary> /// boot record is the first sector of the partition (not to be confused with the master boot record which is the first sector of the disk) /// </summary> public NTFSBootRecord(byte[] buffer) { Jump = ByteReader.ReadBytes(buffer, 0x00, JumpLength); OEMID = ByteReader.ReadAnsiString(buffer, 0x03, SignatureLength); BytesPerSector = LittleEndianConverter.ToUInt16(buffer, 0x0B); SectorsPerCluster = ByteReader.ReadByte(buffer, 0x0D); MediaDescriptor = ByteReader.ReadByte(buffer, 0x15); SectorsPerTrack = LittleEndianConverter.ToUInt16(buffer, 0x18); NumberOfHeads = LittleEndianConverter.ToUInt16(buffer, 0x1A); NumberOfHiddenSectors = LittleEndianConverter.ToUInt32(buffer, 0x1C); PhysicalDriveNumber = ByteReader.ReadByte(buffer, 0x24); ExtendedBootSignature = ByteReader.ReadByte(buffer, 0x26); TotalSectors = LittleEndianConverter.ToUInt64(buffer, 0x28); MftStartLCN = LittleEndianConverter.ToUInt64(buffer, 0x30); MftMirrorStartLCN = LittleEndianConverter.ToUInt64(buffer, 0x38); RawClustersPerFileRecordSegment = (sbyte)ByteReader.ReadByte(buffer, 0x40); RawClustersPerIndexRecord = (sbyte)ByteReader.ReadByte(buffer, 0x44); VolumeSerialNumber = LittleEndianConverter.ToUInt64(buffer, 0x48); Checksum = LittleEndianConverter.ToUInt32(buffer, 0x50); Code = ByteReader.ReadBytes(buffer, 0x54, CodeLength); BootRecordSignature = LittleEndianConverter.ToUInt16(buffer, 0x1FE); }
public SparseExtentHeader(byte[] buffer) { Signature = ByteReader.ReadAnsiString(buffer, 0x00, 4); if (!String.Equals(Signature, ValidSignature)) { throw new InvalidDataException("Sparse extent header signature is invalid"); } Version = LittleEndianConverter.ToUInt32(buffer, 0x04); Flags = LittleEndianConverter.ToUInt32(buffer, 0x08); Capacity = LittleEndianConverter.ToUInt64(buffer, 0x0C); GrainSize = LittleEndianConverter.ToUInt64(buffer, 0x14); DescriptorOffset = LittleEndianConverter.ToUInt64(buffer, 0x1C); DescriptorSize = LittleEndianConverter.ToUInt64(buffer, 0x24); NumGTEsPerGT = LittleEndianConverter.ToUInt32(buffer, 0x2C); RGDOffset = LittleEndianConverter.ToUInt64(buffer, 0x30); GDOffset = LittleEndianConverter.ToUInt64(buffer, 0x38); OverHead = LittleEndianConverter.ToUInt64(buffer, 0x40); UncleanShutdown = ByteReader.ReadByte(buffer, 0x48) == 1; SingleEndLineChar = (char)ByteReader.ReadByte(buffer, 0x49); NonEndLineChar = (char)ByteReader.ReadByte(buffer, 0x4A); DoubleEndLineChar1 = (char)ByteReader.ReadByte(buffer, 0x4B); DoubleEndLineChar2 = (char)ByteReader.ReadByte(buffer, 0x4C); CompressionAlgirithm = (SparseExtentCompression)LittleEndianConverter.ToUInt16(buffer, 0x4D); }
public byte[] Code = new byte[428]; // 512 - 0x54 /// <summary> /// boot record is the first sector of the partition (not to be confused with the master boot record which is the first sector of the disk) /// </summary> public NTFSBootRecord(byte[] buffer) { Array.Copy(buffer, 0x00, Jump, 0, 3); OEMID = ASCIIEncoding.ASCII.GetString(buffer, 0x03, 8); BytesPerSector = LittleEndianConverter.ToUInt16(buffer, 0x0B); SectorsPerCluster = buffer[0x0D]; MediaDescriptor = buffer[0x15]; SectorsPerTrack = LittleEndianConverter.ToUInt16(buffer, 0x18); NumberOfHeads = LittleEndianConverter.ToUInt16(buffer, 0x1A); NumberOfHiddenSectors = LittleEndianConverter.ToUInt32(buffer, 0x1C); PhysicalDriveNumber = buffer[0x24]; ExtendedBootSignature = buffer[0x26]; TotalSectors = LittleEndianConverter.ToUInt64(buffer, 0x28); MftStartLCN = LittleEndianConverter.ToUInt64(buffer, 0x30); MftMirrorStartLCN = LittleEndianConverter.ToUInt64(buffer, 0x38); RawClustersPerFileRecordSegment = (sbyte)buffer[0x40]; RawClustersPerIndexBlock = (sbyte)buffer[0x44]; VolumeSerialNumber = LittleEndianConverter.ToUInt64(buffer, 0x48); Checksum = LittleEndianConverter.ToUInt32(buffer, 0x50); Array.Copy(buffer, 0x54, Code, 0, Code.Length); }
public FlushRequest(byte[] buffer, int offset) : base(buffer, offset) { FID = LittleEndianConverter.ToUInt16(SMBParameters, 0); }
public LogoffRequest(byte[] buffer, int offset) : base(buffer, offset) { StructureSize = LittleEndianConverter.ToUInt16(buffer, offset + SMB2Header.Length + 0); Reserved = LittleEndianConverter.ToUInt16(buffer, offset + SMB2Header.Length + 2); }
public HeapOnNodeBitmapHeader(byte[] buffer, int offset) { ibHnpm = LittleEndianConverter.ToUInt16(buffer, offset + 0); rgbFillLevel = HeapOnNodeHelper.ReadFillLevelMap(buffer, offset + 2, 128); }
public TransactionRawReadNamedPipeRequest(byte[] setup) { FID = LittleEndianConverter.ToUInt16(setup, 2); }
public HeapOnNodePageHeader(byte[] buffer, int offset) { ibHnpm = LittleEndianConverter.ToUInt16(buffer, offset + 0); }
public TransactionSetNamedPipeStateRequest(byte[] setup, byte[] parameters) : base() { FID = LittleEndianConverter.ToUInt16(setup, 2); PipeState = (PipeState)LittleEndianConverter.ToUInt16(parameters, 0); }