public WriteAndXRequest(byte[] buffer, int offset, bool isUnicode) : base(buffer, offset, isUnicode) { FID = LittleEndianConverter.ToUInt16(this.SMBParameters, 4); Offset = LittleEndianConverter.ToUInt32(this.SMBParameters, 6); Timeout = LittleEndianConverter.ToUInt32(this.SMBParameters, 10); WriteMode = (WriteMode)LittleEndianConverter.ToUInt16(this.SMBParameters, 14); Remaining = LittleEndianConverter.ToUInt16(this.SMBParameters, 16); ushort dataLengthHigh = LittleEndianConverter.ToUInt16(this.SMBParameters, 18); uint DataLength = LittleEndianConverter.ToUInt16(this.SMBParameters, 20); ushort DataOffset = LittleEndianConverter.ToUInt16(this.SMBParameters, 22); if (SMBParameters.Length == ParametersFixedLength + 4) { uint offsetHigh = LittleEndianConverter.ToUInt32(this.SMBParameters, 24); Offset |= ((ulong)offsetHigh << 32); } DataLength |= (uint)(dataLengthHigh << 16); Data = ByteReader.ReadBytes(buffer, (int)DataOffset, (int)DataLength); }
public LogRestartPage(byte[] buffer, int offset) { MultiSectorHeader multiSectorHeader = new MultiSectorHeader(buffer, offset + 0x00); if (multiSectorHeader.Signature != ValidSignature) { throw new InvalidDataException("Invalid RSTR record signature"); } ChkDskLsn = LittleEndianConverter.ToUInt64(buffer, offset + 0x08); m_systemPageSize = LittleEndianConverter.ToUInt32(buffer, offset + 0x10); LogPageSize = LittleEndianConverter.ToUInt32(buffer, offset + 0x14); ushort restartOffset = LittleEndianConverter.ToUInt16(buffer, offset + 0x18); MinorVersion = LittleEndianConverter.ToInt16(buffer, offset + 0x1A); MajorVersion = LittleEndianConverter.ToInt16(buffer, offset + 0x1C); int position = offset + multiSectorHeader.UpdateSequenceArrayOffset; List <byte[]> updateSequenceReplacementData = MultiSectorHelper.ReadUpdateSequenceArray(buffer, position, multiSectorHeader.UpdateSequenceArraySize, out UpdateSequenceNumber); MultiSectorHelper.DecodeSegmentBuffer(buffer, offset, UpdateSequenceNumber, updateSequenceReplacementData); LogRestartArea = new LogRestartArea(buffer, offset + restartOffset); }
public LogRecordPage(byte[] buffer, int offset, int dataOffset) { MultiSectorHeader multiSectorHeader = new MultiSectorHeader(buffer, offset + 0x00); if (multiSectorHeader.Signature != ValidSignature) { throw new InvalidDataException("Invalid RCRD record signature"); } LastLsnOrFileOffset = LittleEndianConverter.ToUInt64(buffer, offset + 0x08); Flags = (LogRecordPageFlags)LittleEndianConverter.ToUInt32(buffer, offset + 0x10); PageCount = LittleEndianConverter.ToUInt16(buffer, offset + 0x14); PagePosition = LittleEndianConverter.ToUInt16(buffer, offset + 0x16); ushort nextRecordOffset = LittleEndianConverter.ToUInt16(buffer, offset + 0x18); LastEndLsn = LittleEndianConverter.ToUInt64(buffer, offset + 0x20); int position = offset + multiSectorHeader.UpdateSequenceArrayOffset; List <byte[]> updateSequenceReplacementData = MultiSectorHelper.ReadUpdateSequenceArray(buffer, position, multiSectorHeader.UpdateSequenceArraySize, out UpdateSequenceNumber); MultiSectorHelper.DecodeSegmentBuffer(buffer, offset, UpdateSequenceNumber, updateSequenceReplacementData); Data = ByteReader.ReadBytes(buffer, offset + dataOffset, (int)(nextRecordOffset - dataOffset)); }
public FileRecordSegment(byte[] buffer, int offset, long segmentNumber) { MultiSectorHeader multiSectorHeader = new MultiSectorHeader(buffer, offset + 0x00); if (multiSectorHeader.Signature != ValidSignature) { throw new InvalidDataException("Invalid FILE record signature"); } LogFileSequenceNumber = LittleEndianConverter.ToUInt64(buffer, offset + 0x08); m_sequenceNumber = LittleEndianConverter.ToUInt16(buffer, offset + 0x10); ReferenceCount = LittleEndianConverter.ToUInt16(buffer, offset + 0x12); ushort firstAttributeOffset = LittleEndianConverter.ToUInt16(buffer, offset + 0x14); m_flags = (FileRecordFlags)LittleEndianConverter.ToUInt16(buffer, offset + 0x16); uint segmentLength = LittleEndianConverter.ToUInt32(buffer, offset + 0x18); uint segmentAllocatedLength = LittleEndianConverter.ToUInt32(buffer, offset + 0x1C); m_baseFileRecordSegment = new MftSegmentReference(buffer, offset + 0x20); NextAttributeInstance = LittleEndianConverter.ToUInt16(buffer, offset + 0x28); // 2 bytes padding m_segmentNumberOnDisk = LittleEndianConverter.ToUInt32(buffer, offset + 0x2C); UpdateSequenceNumber = LittleEndianConverter.ToUInt16(buffer, offset + multiSectorHeader.UpdateSequenceArrayOffset); // Read attributes int position = offset + firstAttributeOffset; while (!IsEndMarker(buffer, position)) { AttributeRecord attribute = AttributeRecord.FromBytes(buffer, position); m_immediateAttributes.Add(attribute); position += (int)attribute.RecordLengthOnDisk; if (position > buffer.Length) { throw new InvalidDataException("Invalid attribute length"); } } m_segmentNumber = segmentNumber; }
public TransactionRequest(byte[] buffer, int offset, bool isUnicode) : base(buffer, offset) { TotalParameterCount = LittleEndianConverter.ToUInt16(SMBParameters, 0); TotalDataCount = LittleEndianConverter.ToUInt16(SMBParameters, 2); MaxParameterCount = LittleEndianConverter.ToUInt16(SMBParameters, 4); MaxDataCount = LittleEndianConverter.ToUInt16(SMBParameters, 6); MaxSetupCount = ByteReader.ReadByte(SMBParameters, 8); Reserved1 = ByteReader.ReadByte(SMBParameters, 9); Flags = (TransactionFlags)LittleEndianConverter.ToUInt16(SMBParameters, 10); Timeout = LittleEndianConverter.ToUInt32(SMBParameters, 12); Reserved2 = LittleEndianConverter.ToUInt16(SMBParameters, 16); ushort transParameterCount = LittleEndianConverter.ToUInt16(SMBParameters, 18); ushort transParameterOffset = LittleEndianConverter.ToUInt16(SMBParameters, 20); ushort transDataCount = LittleEndianConverter.ToUInt16(SMBParameters, 22); ushort transDataOffset = LittleEndianConverter.ToUInt16(SMBParameters, 24); byte setupCount = ByteReader.ReadByte(SMBParameters, 26); Reserved3 = ByteReader.ReadByte(SMBParameters, 27); Setup = ByteReader.ReadBytes(SMBParameters, 28, setupCount * 2); if (SMBData.Length > 0) // Workaround, Some SAMBA clients will set ByteCount to 0 (Popcorn Hour A-400) { int dataOffset = 0; if (this is Transaction2Request) { Name = string.Empty; } else { if (isUnicode) { int namePadding = 1; dataOffset += namePadding; } Name = SMB1Helper.ReadSMBString(SMBData, ref dataOffset, isUnicode); } } TransParameters = ByteReader.ReadBytes(buffer, transParameterOffset, transParameterCount); TransData = ByteReader.ReadBytes(buffer, transDataOffset, transDataCount); }
public LockingAndXRequest(byte[] buffer, int offset) : base(buffer, offset, false) { FID = LittleEndianConverter.ToUInt16(this.SMBParameters, 4); TypeOfLock = (LockType)ByteReader.ReadByte(this.SMBParameters, 6); NewOpLockLevel = ByteReader.ReadByte(this.SMBParameters, 7); Timeout = LittleEndianConverter.ToUInt32(this.SMBParameters, 8); ushort numberOfRequestedUnlocks = LittleEndianConverter.ToUInt16(this.SMBParameters, 12); ushort numberOfRequestedLocks = LittleEndianConverter.ToUInt16(this.SMBParameters, 14); int dataOffset = 0; if ((TypeOfLock & LockType.LARGE_FILES) > 0) { for (int index = 0; index < numberOfRequestedUnlocks; index++) { LockingRange entry = LockingRange.Read64(this.SMBData, ref dataOffset); Unlocks.Add(entry); } for (int index = 0; index < numberOfRequestedLocks; index++) { LockingRange entry = LockingRange.Read64(this.SMBData, ref dataOffset); Locks.Add(entry); } } else { for (int index = 0; index < numberOfRequestedUnlocks; index++) { LockingRange entry = LockingRange.Read32(this.SMBData, ref dataOffset); Unlocks.Add(entry); } for (int index = 0; index < numberOfRequestedLocks; index++) { LockingRange entry = LockingRange.Read32(this.SMBData, ref dataOffset); Locks.Add(entry); } } }
public static AttributeRecord FromBytes(byte[] buffer, int offset) { byte nonResidentFlag = buffer[offset + 0x08]; AttributeType attributeType = (AttributeType)LittleEndianConverter.ToUInt32(buffer, offset + 0x00); if (nonResidentFlag == 0x00) // resident { if (attributeType == AttributeType.StandardInformation) { return(new StandardInformationRecord(buffer, offset)); } else if (attributeType == AttributeType.FileName) { return(new FileNameAttributeRecord(buffer, offset)); } else if (attributeType == AttributeType.VolumeInformation) { return(new VolumeInformationRecord(buffer, offset)); } else if (attributeType == AttributeType.IndexRoot) { return(new IndexRootRecord(buffer, offset)); } else { return(new ResidentAttributeRecord(buffer, offset)); } } else // non-resident { if (attributeType == AttributeType.IndexAllocation) { return(new IndexAllocationRecord(buffer, offset)); } else { return(new NonResidentAttributeRecord(buffer, offset)); } } }
public static List <T> ReadTable <T>(byte[] tableBytes, uint majorVersion) where T : RestartTableEntry { List <T> result = new List <T>(); RestartTableHeader header = new RestartTableHeader(tableBytes, 0); int offset = RestartTableHeader.Length; while (offset < tableBytes.Length) { uint allocatedOrNextFree = LittleEndianConverter.ToUInt32(tableBytes, offset + 0x00); if (allocatedOrNextFree == RestartTableEntry.RestartEntryAllocated) { T entry = RestartTableEntry.ReadEntry <T>(tableBytes, offset, majorVersion); result.Add(entry); } else if (!IsPointerValid(allocatedOrNextFree, header.EntrySize, tableBytes.Length)) { throw new InvalidDataException("Invalid restart table entry, AllocatedOrNextFree points to invalid location"); } offset += header.EntrySize; } return(result); }
public CreateResponse(byte[] buffer, int offset) : base(buffer, offset) { StructureSize = LittleEndianConverter.ToUInt16(buffer, offset + SMB2Header.Length + 0); OplockLevel = (OplockLevel)ByteReader.ReadByte(buffer, offset + SMB2Header.Length + 2); Flags = (CreateResponseFlags)ByteReader.ReadByte(buffer, offset + SMB2Header.Length + 3); CreateAction = (CreateAction)LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 4); CreationTime = FileTimeHelper.ReadNullableFileTime(buffer, offset + SMB2Header.Length + 8); LastAccessTime = FileTimeHelper.ReadNullableFileTime(buffer, offset + SMB2Header.Length + 16); LastWriteTime = FileTimeHelper.ReadNullableFileTime(buffer, offset + SMB2Header.Length + 24); ChangeTime = FileTimeHelper.ReadNullableFileTime(buffer, offset + SMB2Header.Length + 32); AllocationSize = LittleEndianConverter.ToInt64(buffer, offset + SMB2Header.Length + 40); EndofFile = LittleEndianConverter.ToInt64(buffer, offset + SMB2Header.Length + 48); FileAttributes = (FileAttributes)LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 56); Reserved2 = LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 60); FileId = new FileID(buffer, offset + SMB2Header.Length + 64); CreateContextsOffsets = LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 80); CreateContextsLength = LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 84); if (CreateContextsLength > 0) { CreateContexts = CreateContext.ReadCreateContextList(buffer, offset + (int)CreateContextsOffsets); } }
public NegotiateResponse(byte[] buffer, int offset) : base(buffer, offset) { DialectIndex = LittleEndianConverter.ToUInt16(SMBParameters, 0); SecurityMode = (SecurityMode)ByteReader.ReadByte(SMBParameters, 2); MaxMpxCount = LittleEndianConverter.ToUInt16(SMBParameters, 3); MaxNumberVcs = LittleEndianConverter.ToUInt16(SMBParameters, 5); MaxBufferSize = LittleEndianConverter.ToUInt32(SMBParameters, 7); MaxRawSize = LittleEndianConverter.ToUInt32(SMBParameters, 11); SessionKey = LittleEndianConverter.ToUInt32(SMBParameters, 15); Capabilities = (Capabilities)LittleEndianConverter.ToUInt32(SMBParameters, 19); SystemTime = FileTimeHelper.ReadFileTime(SMBParameters, 23); ServerTimeZone = LittleEndianConverter.ToInt16(SMBParameters, 31); ChallengeLength = ByteReader.ReadByte(SMBParameters, 33); int dataOffset = 0; Challenge = ByteReader.ReadBytes(SMBData, ref dataOffset, ChallengeLength); // [MS-CIFS] <90> Padding is not added before DomainName // DomainName and ServerName are always in Unicode DomainName = SMB1Helper.ReadSMBString(SMBData, ref dataOffset, true); ServerName = SMB1Helper.ReadSMBString(SMBData, ref dataOffset, true); }
public AttributeListEntry(byte[] buffer, int offset) { AttributeType = (AttributeType)LittleEndianConverter.ToUInt32(buffer, offset + 0x00); m_lengthOnDisk = LittleEndianConverter.ToUInt16(buffer, offset + 0x04); if (m_lengthOnDisk < AttributeListEntry.HeaderLength) { throw new InvalidDataException("Invalid attribute list entry, data length is less than the valid minimum"); } else if (m_lengthOnDisk > buffer.Length - offset) { throw new InvalidDataException("Invalid attribute list entry, data length exceed list length"); } byte nameLength = ByteReader.ReadByte(buffer, offset + 0x06); byte nameOffset = ByteReader.ReadByte(buffer, offset + 0x07); LowestVCN = (long)LittleEndianConverter.ToUInt64(buffer, offset + 0x08); SegmentReference = new MftSegmentReference(buffer, offset + 0x10); Instance = LittleEndianConverter.ToUInt16(buffer, offset + 0x18); if (nameLength > 0) { AttributeName = ByteReader.ReadUTF16String(buffer, offset + nameOffset, nameLength); } }
public CreateRequest(byte[] buffer, int offset) : base(buffer, offset) { StructureSize = LittleEndianConverter.ToUInt16(buffer, offset + SMB2Header.Length + 0); SecurityFlags = ByteReader.ReadByte(buffer, offset + SMB2Header.Length + 2); RequestedOplockLevel = (OplockLevel)ByteReader.ReadByte(buffer, offset + SMB2Header.Length + 3); ImpersonationLevel = (ImpersonationLevel)LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 4); SmbCreateFlags = LittleEndianConverter.ToUInt64(buffer, offset + SMB2Header.Length + 8); Reserved = LittleEndianConverter.ToUInt64(buffer, offset + SMB2Header.Length + 16); DesiredAccess = new AccessMask(buffer, offset + SMB2Header.Length + 24); FileAttributes = (FileAttributes)LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 28); ShareAccess = (ShareAccess)LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 32); CreateDisposition = (CreateDisposition)LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 36); CreateOptions = (CreateOptions)LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 40); NameOffset = LittleEndianConverter.ToUInt16(buffer, offset + SMB2Header.Length + 44); NameLength = LittleEndianConverter.ToUInt16(buffer, offset + SMB2Header.Length + 46); CreateContextsOffsets = LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 48); CreateContextsLength = LittleEndianConverter.ToUInt32(buffer, offset + SMB2Header.Length + 52); Name = ByteReader.ReadUTF16String(buffer, offset + NameOffset, NameLength / 2); if (CreateContextsLength > 0) { CreateContexts = CreateContext.ReadCreateContextList(buffer, (int)CreateContextsOffsets); } }
public string NativeLanMan; // SMB_STRING (this field WILL be aligned to start on a 2-byte boundary from the start of the SMB header) public SessionSetupAndXRequestExtended(byte[] buffer, int offset, bool isUnicode) : base(buffer, offset, isUnicode) { MaxBufferSize = LittleEndianConverter.ToUInt16(this.SMBParameters, 4); MaxMpxCount = LittleEndianConverter.ToUInt16(this.SMBParameters, 6); VcNumber = LittleEndianConverter.ToUInt16(this.SMBParameters, 8); SessionKey = LittleEndianConverter.ToUInt32(this.SMBParameters, 10); ushort securityBlobLength = LittleEndianConverter.ToUInt16(this.SMBParameters, 14); Reserved = LittleEndianConverter.ToUInt32(this.SMBParameters, 16); Capabilities = (ServerCapabilities)LittleEndianConverter.ToUInt32(this.SMBParameters, 20); SecurityBlob = ByteReader.ReadBytes(this.SMBData, 0, securityBlobLength); int dataOffset = SecurityBlob.Length; if (isUnicode) { int padding = securityBlobLength % 2; dataOffset += padding; } NativeOS = SMBHelper.ReadSMBString(this.SMBData, ref dataOffset, isUnicode); NativeLanMan = SMBHelper.ReadSMBString(this.SMBData, ref dataOffset, isUnicode); }
public AuthenticateMessage(byte[] buffer) { Signature = ByteReader.ReadAnsiString(buffer, 0, 8); MessageType = (MessageTypeName)LittleEndianConverter.ToUInt32(buffer, 8); LmChallengeResponse = AuthenticationMessageUtils.ReadBufferPointer(buffer, 12); NtChallengeResponse = AuthenticationMessageUtils.ReadBufferPointer(buffer, 20); DomainName = AuthenticationMessageUtils.ReadUnicodeStringBufferPointer(buffer, 28); UserName = AuthenticationMessageUtils.ReadUnicodeStringBufferPointer(buffer, 36); WorkStation = AuthenticationMessageUtils.ReadUnicodeStringBufferPointer(buffer, 44); EncryptedRandomSessionKey = AuthenticationMessageUtils.ReadBufferPointer(buffer, 52); NegotiateFlags = (NegotiateFlags)LittleEndianConverter.ToUInt32(buffer, 60); int offset = 64; if ((NegotiateFlags & NegotiateFlags.Version) > 0) { Version = new NtlmVersion(buffer, offset); offset += NtlmVersion.Length; } if (HasMicField()) { MIC = ByteReader.ReadBytes(buffer, offset, 16); } }
public Transaction2FindNext2Request(byte[] parameters, byte[] data, bool isUnicode) : base() { SID = LittleEndianConverter.ToUInt16(parameters, 0); SearchCount = LittleEndianConverter.ToUInt16(parameters, 2); InformationLevel = (FindInformationLevel)LittleEndianConverter.ToUInt16(parameters, 4); ResumeKey = LittleEndianConverter.ToUInt32(parameters, 6); Flags = (FindFlags)LittleEndianConverter.ToUInt16(parameters, 10); if (isUnicode && parameters.Length == 13 && parameters[12] == 0x00) { // Workaround for PlayStation2 Slim FileName = String.Empty; } else { FileName = SMB1Helper.ReadSMBString(parameters, 12, isUnicode); } if (InformationLevel == FindInformationLevel.SMB_INFO_QUERY_EAS_FROM_LIST) { GetExtendedAttributeList = new ExtendedAttributeNameList(data, 0); } }
public byte[] Code = new byte[428]; // 512 - 0x54 /// <summary> /// boot record is the first sector of the partition (not to be confused with the master boot record which is the first sector of the disk) /// </summary> public NTFSBootRecord(byte[] buffer) { Array.Copy(buffer, 0x00, Jump, 0, 3); OEMID = ASCIIEncoding.ASCII.GetString(buffer, 0x03, 8); BytesPerSector = LittleEndianConverter.ToUInt16(buffer, 0x0B); SectorsPerCluster = buffer[0x0D]; MediaDescriptor = buffer[0x15]; SectorsPerTrack = LittleEndianConverter.ToUInt16(buffer, 0x18); NumberOfHeads = LittleEndianConverter.ToUInt16(buffer, 0x1A); NumberOfHiddenSectors = LittleEndianConverter.ToUInt32(buffer, 0x1C); PhysicalDriveNumber = buffer[0x24]; ExtendedBootSignature = buffer[0x26]; TotalSectors = LittleEndianConverter.ToUInt64(buffer, 0x28); MftStartLCN = LittleEndianConverter.ToUInt64(buffer, 0x30); MftMirrorStartLCN = LittleEndianConverter.ToUInt64(buffer, 0x38); RawClustersPerFileRecordSegment = (sbyte)buffer[0x40]; RawClustersPerIndexBlock = (sbyte)buffer[0x44]; VolumeSerialNumber = LittleEndianConverter.ToUInt64(buffer, 0x48); Checksum = LittleEndianConverter.ToUInt32(buffer, 0x50); Array.Copy(buffer, 0x54, Code, 0, Code.Length); }
public SparseExtentHeader(byte[] buffer) { Signature = ByteReader.ReadAnsiString(buffer, 0x00, 4); if (!String.Equals(Signature, ValidSignature)) { throw new InvalidDataException("Sparse extent header signature is invalid"); } Version = LittleEndianConverter.ToUInt32(buffer, 0x04); Flags = LittleEndianConverter.ToUInt32(buffer, 0x08); Capacity = LittleEndianConverter.ToUInt64(buffer, 0x0C); GrainSize = LittleEndianConverter.ToUInt64(buffer, 0x14); DescriptorOffset = LittleEndianConverter.ToUInt64(buffer, 0x1C); DescriptorSize = LittleEndianConverter.ToUInt64(buffer, 0x24); NumGTEsPerGT = LittleEndianConverter.ToUInt32(buffer, 0x2C); RGDOffset = LittleEndianConverter.ToUInt64(buffer, 0x30); GDOffset = LittleEndianConverter.ToUInt64(buffer, 0x38); OverHead = LittleEndianConverter.ToUInt64(buffer, 0x40); UncleanShutdown = ByteReader.ReadByte(buffer, 0x48) == 1; SingleEndLineChar = (char)ByteReader.ReadByte(buffer, 0x49); NonEndLineChar = (char)ByteReader.ReadByte(buffer, 0x4A); DoubleEndLineChar1 = (char)ByteReader.ReadByte(buffer, 0x4B); DoubleEndLineChar2 = (char)ByteReader.ReadByte(buffer, 0x4C); CompressionAlgirithm = (SparseExtentCompression)LittleEndianConverter.ToUInt16(buffer, 0x4D); }
public NTCreateAndXRequest(byte[] buffer, int offset, bool isUnicode) : base(buffer, offset, isUnicode) { Reserved = ByteReader.ReadByte(this.SMBParameters, 4); ushort nameLength = LittleEndianConverter.ToUInt16(this.SMBParameters, 5); Flags = (NTCreateFlags)LittleEndianConverter.ToUInt32(this.SMBParameters, 7); RootDirectoryFID = LittleEndianConverter.ToUInt32(this.SMBParameters, 11); DesiredAccess = (DesiredAccess)LittleEndianConverter.ToUInt32(this.SMBParameters, 15); AllocationSize = LittleEndianConverter.ToUInt64(this.SMBParameters, 19); ExtFileAttributes = (ExtendedFileAttributes)LittleEndianConverter.ToUInt32(this.SMBParameters, 27); ShareAccess = (ShareAccess)LittleEndianConverter.ToUInt32(this.SMBParameters, 31); CreateDisposition = (CreateDisposition)LittleEndianConverter.ToUInt32(this.SMBParameters, 35); CreateOptions = (CreateOptions)LittleEndianConverter.ToUInt32(this.SMBParameters, 39); ImpersonationLevel = (ImpersonationLevel)LittleEndianConverter.ToUInt32(this.SMBParameters, 43); SecurityFlags = (SecurityFlags)ByteReader.ReadByte(this.SMBParameters, 47); int dataOffset = 0; if (isUnicode) { dataOffset = 1; // 1 byte padding for 2 byte alignment } FileName = SMBHelper.ReadSMBString(this.SMBData, dataOffset, isUnicode); }
/// <summary> /// boot record is the first sector of the partition (not to be confused with the master boot record which is the first sector of the disk) /// </summary> public NTFSBootRecord(byte[] buffer) { Jump = ByteReader.ReadBytes(buffer, 0x00, JumpLength); OEMID = ByteReader.ReadAnsiString(buffer, 0x03, SignatureLength); BytesPerSector = LittleEndianConverter.ToUInt16(buffer, 0x0B); SectorsPerCluster = ByteReader.ReadByte(buffer, 0x0D); MediaDescriptor = ByteReader.ReadByte(buffer, 0x15); SectorsPerTrack = LittleEndianConverter.ToUInt16(buffer, 0x18); NumberOfHeads = LittleEndianConverter.ToUInt16(buffer, 0x1A); NumberOfHiddenSectors = LittleEndianConverter.ToUInt32(buffer, 0x1C); PhysicalDriveNumber = ByteReader.ReadByte(buffer, 0x24); ExtendedBootSignature = ByteReader.ReadByte(buffer, 0x26); TotalSectors = LittleEndianConverter.ToUInt64(buffer, 0x28); MftStartLCN = LittleEndianConverter.ToUInt64(buffer, 0x30); MftMirrorStartLCN = LittleEndianConverter.ToUInt64(buffer, 0x38); RawClustersPerFileRecordSegment = (sbyte)ByteReader.ReadByte(buffer, 0x40); RawClustersPerIndexRecord = (sbyte)ByteReader.ReadByte(buffer, 0x44); VolumeSerialNumber = LittleEndianConverter.ToUInt64(buffer, 0x48); Checksum = LittleEndianConverter.ToUInt32(buffer, 0x50); Code = ByteReader.ReadBytes(buffer, 0x54, CodeLength); BootRecordSignature = LittleEndianConverter.ToUInt16(buffer, 0x1FE); }
public SessionSetupAndXRequestExtended(byte[] buffer, int offset, bool isUnicode) : base(buffer, offset) { MaxBufferSize = LittleEndianConverter.ToUInt16(SMBParameters, 4); MaxMpxCount = LittleEndianConverter.ToUInt16(SMBParameters, 6); VcNumber = LittleEndianConverter.ToUInt16(SMBParameters, 8); SessionKey = LittleEndianConverter.ToUInt32(SMBParameters, 10); SecurityBlobLength = LittleEndianConverter.ToUInt16(SMBParameters, 14); Reserved = LittleEndianConverter.ToUInt32(SMBParameters, 16); Capabilities = (Capabilities)LittleEndianConverter.ToUInt32(SMBParameters, 20); SecurityBlob = ByteReader.ReadBytes(SMBData, 0, SecurityBlobLength); int dataOffset = SecurityBlob.Length; if (isUnicode) { // A Unicode string MUST be aligned to a 16-bit boundary with respect to the beginning of the SMB Header. // Note: SMBData starts at an odd offset. int padding = (1 + SecurityBlobLength) % 2; dataOffset += padding; } NativeOS = SMB1Helper.ReadSMBString(SMBData, ref dataOffset, isUnicode); NativeLanMan = SMB1Helper.ReadSMBString(SMBData, ref dataOffset, isUnicode); }
public FileNameInformation(byte[] buffer, int offset) { FileNameLength = LittleEndianConverter.ToUInt32(buffer, offset + 0); FileName = ByteReader.ReadUTF16String(buffer, offset + 4, (int)FileNameLength / 2); }
public static bool IsEndMarker(byte[] buffer, int offset) { uint type = LittleEndianConverter.ToUInt32(buffer, offset + 0x00); return(type == 0xFFFFFFFF); }
public QueryFileNameInfo(byte[] buffer, int offset) { uint fileNameLength = LittleEndianConverter.ToUInt32(buffer, 0); FileName = ByteReader.ReadUTF16String(buffer, 4, (int)(fileNameLength / 2)); }
public FileFsDeviceInformation(byte[] buffer, int offset) { DeviceType = (DeviceType)LittleEndianConverter.ToUInt32(buffer, offset + 0); Characteristics = (DeviceCharacteristics)LittleEndianConverter.ToUInt32(buffer, offset + 4); }
public FileEaInformation(byte[] buffer, int offset) { EaSize = LittleEndianConverter.ToUInt32(buffer, offset + 0); }
public static uint GetSystemPageSize(byte[] buffer, int offset) { return(LittleEndianConverter.ToUInt32(buffer, offset + 0x10)); }
public QueryFSDeviceInfo(byte[] buffer, int offset) { DeviceType = (DeviceType)LittleEndianConverter.ToUInt32(buffer, offset + 0); DeviceCharacteristics = (DeviceCharacteristics)LittleEndianConverter.ToUInt32(buffer, offset + 4); }
public QueryDirectoryFileInformation(byte[] buffer, int offset) { NextEntryOffset = LittleEndianConverter.ToUInt32(buffer, offset + 0); FileIndex = LittleEndianConverter.ToUInt32(buffer, offset + 4); }
public static SMB1Command ReadCommandResponse(byte[] buffer, int offset, CommandName commandName, bool isUnicode) { byte wordCount = ByteReader.ReadByte(buffer, offset); switch (commandName) { case CommandName.SMB_COM_CREATE_DIRECTORY: return(new CreateDirectoryResponse(buffer, offset)); case CommandName.SMB_COM_DELETE_DIRECTORY: return(new DeleteDirectoryResponse(buffer, offset)); case CommandName.SMB_COM_CLOSE: return(new CloseResponse(buffer, offset)); case CommandName.SMB_COM_FLUSH: return(new FlushResponse(buffer, offset)); case CommandName.SMB_COM_DELETE: return(new DeleteResponse(buffer, offset)); case CommandName.SMB_COM_RENAME: return(new RenameResponse(buffer, offset)); case CommandName.SMB_COM_QUERY_INFORMATION: { if (wordCount * 2 == QueryInformationResponse.ParameterLength) { return(new QueryInformationResponse(buffer, offset)); } if (wordCount == 0) { return(new ErrorResponse(commandName)); } throw new InvalidDataException(); } case CommandName.SMB_COM_SET_INFORMATION: return(new SetInformationResponse(buffer, offset)); case CommandName.SMB_COM_READ: { if (wordCount * 2 == ReadResponse.ParametersLength) { return(new ReadResponse(buffer, offset)); } if (wordCount == 0) { return(new ErrorResponse(commandName)); } throw new InvalidDataException(); } case CommandName.SMB_COM_WRITE: { if (wordCount * 2 == WriteResponse.ParametersLength) { return(new WriteResponse(buffer, offset)); } if (wordCount == 0) { return(new ErrorResponse(commandName)); } throw new InvalidDataException(); } case CommandName.SMB_COM_CHECK_DIRECTORY: return(new CheckDirectoryResponse(buffer, offset)); case CommandName.SMB_COM_WRITE_RAW: { if (wordCount * 2 == WriteRawInterimResponse.ParametersLength) { return(new WriteRawInterimResponse(buffer, offset)); } if (wordCount == 0) { return(new ErrorResponse(commandName)); } throw new InvalidDataException(); } case CommandName.SMB_COM_WRITE_COMPLETE: { if (wordCount * 2 == WriteRawFinalResponse.ParametersLength) { return(new WriteRawFinalResponse(buffer, offset)); } if (wordCount == 0) { return(new ErrorResponse(commandName)); } throw new InvalidDataException(); } case CommandName.SMB_COM_SET_INFORMATION2: return(new SetInformation2Response(buffer, offset)); case CommandName.SMB_COM_LOCKING_ANDX: { if (wordCount * 2 == LockingAndXResponse.ParametersLength) { return(new LockingAndXResponse(buffer, offset)); } if (wordCount == 0) { return(new ErrorResponse(commandName)); } throw new InvalidDataException(); } case CommandName.SMB_COM_TRANSACTION: { if (wordCount * 2 == TransactionInterimResponse.ParametersLength) { return(new TransactionInterimResponse(buffer, offset)); } return(new TransactionResponse(buffer, offset)); } case CommandName.SMB_COM_ECHO: { if (wordCount * 2 == EchoResponse.ParametersLength) { return(new EchoResponse(buffer, offset)); } if (wordCount == 0) { return(new ErrorResponse(commandName)); } throw new InvalidDataException(); } case CommandName.SMB_COM_OPEN_ANDX: { if (wordCount * 2 == OpenAndXResponse.ParametersLength) { return(new OpenAndXResponse(buffer, offset)); } if (wordCount * 2 == OpenAndXResponseExtended.ParametersLength) { return(new OpenAndXResponseExtended(buffer, offset)); } if (wordCount == 0) { return(new ErrorResponse(commandName)); } throw new InvalidDataException(); } case CommandName.SMB_COM_READ_ANDX: { if (wordCount * 2 == ReadAndXResponse.ParametersLength) { return(new ReadAndXResponse(buffer, offset)); } if (wordCount == 0) { return(new ErrorResponse(commandName)); } throw new InvalidDataException(); } case CommandName.SMB_COM_WRITE_ANDX: { if (wordCount * 2 == WriteAndXResponse.ParametersLength) { return(new WriteAndXResponse(buffer, offset)); } if (wordCount == 0) { return(new ErrorResponse(commandName)); } throw new InvalidDataException(); } case CommandName.SMB_COM_TRANSACTION2: { if (wordCount * 2 == TransactionInterimResponse.ParametersLength) { return(new Transaction2InterimResponse(buffer, offset)); } return(new Transaction2Response(buffer, offset)); } case CommandName.SMB_COM_FIND_CLOSE2: return(new FindClose2Response(buffer, offset)); case CommandName.SMB_COM_TREE_DISCONNECT: return(new TreeDisconnectResponse(buffer, offset)); case CommandName.SMB_COM_NEGOTIATE: { // Both NegotiateResponse and NegotiateResponseExtended have WordCount set to 17 if (wordCount * 2 == NegotiateResponse.ParametersLength) { Capabilities capabilities = (Capabilities)LittleEndianConverter.ToUInt32(buffer, offset + 20); if ((capabilities & Capabilities.ExtendedSecurity) > 0) { return(new NegotiateResponseExtended(buffer, offset)); } return(new NegotiateResponse(buffer, offset)); } if (wordCount == 0) { return(new ErrorResponse(commandName)); } throw new InvalidDataException(); } case CommandName.SMB_COM_SESSION_SETUP_ANDX: { if (wordCount * 2 == SessionSetupAndXResponse.ParametersLength) { return(new SessionSetupAndXResponse(buffer, offset, isUnicode)); } if (wordCount * 2 == SessionSetupAndXResponseExtended.ParametersLength) { return(new SessionSetupAndXResponseExtended(buffer, offset, isUnicode)); } if (wordCount == 0) { return(new ErrorResponse(commandName)); } throw new InvalidDataException(); } case CommandName.SMB_COM_LOGOFF_ANDX: { if (wordCount * 2 == LogoffAndXResponse.ParametersLength) { return(new LogoffAndXResponse(buffer, offset)); } if (wordCount == 0) { return(new ErrorResponse(commandName)); } throw new InvalidDataException(); } case CommandName.SMB_COM_TREE_CONNECT_ANDX: { if (wordCount * 2 == TreeConnectAndXResponse.ParametersLength) { return(new TreeConnectAndXResponse(buffer, offset, isUnicode)); } if (wordCount == 0) { return(new ErrorResponse(commandName)); } throw new InvalidDataException(); } case CommandName.SMB_COM_NT_TRANSACT: { if (wordCount * 2 == NTTransactInterimResponse.ParametersLength) { return(new NTTransactInterimResponse(buffer, offset)); } return(new NTTransactResponse(buffer, offset)); } case CommandName.SMB_COM_NT_CREATE_ANDX: { if (wordCount * 2 == NTCreateAndXResponse.ParametersLength) { return(new NTCreateAndXResponse(buffer, offset)); } if (wordCount * 2 == NTCreateAndXResponseExtended.ParametersLength || wordCount * 2 == NTCreateAndXResponseExtended.DeclaredParametersLength) { return(new NTCreateAndXResponseExtended(buffer, offset)); } if (wordCount == 0) { return(new ErrorResponse(commandName)); } throw new InvalidDataException(); } default: throw new InvalidDataException("Invalid SMB command 0x" + ((byte)commandName).ToString("X2")); } }
public Transaction2CreateDirectoryRequest(byte[] parameters, byte[] data, bool isUnicode) : base() { Reserved = LittleEndianConverter.ToUInt32(parameters, 0); DirectoryName = SMB1Helper.ReadSMBString(parameters, 4, isUnicode); ExtendedAttributeList = new FullExtendedAttributeList(data); }