Wireshark · Smb2-protocol: Re: [Smb2-protocol] smb qfi level 1018

Smb2-protocol: Re: [Smb2-protocol] smb qfi level 1018

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date: Fri, 18 Nov 2005 22:59:12 +1100

Ronnie,

 > would anyone have a link to where i can find a current description of
 > qfi level 1018  SMB_FILE_ALL_INFO.

The parse code is as follows:

	case RAW_FILEINFO_ALL_INFORMATION:
		FINFO_CHECK_MIN_SIZE(72);
		parms->all_info.out.create_time =           smbcli_pull_nttime(blob->data, 0);
		parms->all_info.out.access_time =           smbcli_pull_nttime(blob->data, 8);
		parms->all_info.out.write_time =            smbcli_pull_nttime(blob->data, 16);
		parms->all_info.out.change_time =           smbcli_pull_nttime(blob->data, 24);
		parms->all_info.out.attrib =                IVAL(blob->data, 32);
		parms->all_info.out.alloc_size =            BVAL(blob->data, 40);
		parms->all_info.out.size =                  BVAL(blob->data, 48);
		parms->all_info.out.nlink =                 IVAL(blob->data, 56);
		parms->all_info.out.delete_pending =        CVAL(blob->data, 60);
		parms->all_info.out.directory =             CVAL(blob->data, 61);
#if 1
		parms->all_info.out.ea_size =               IVAL(blob->data, 64);
		smbcli_blob_pull_string(NULL, mem_ctx, blob,
					&parms->all_info.out.fname, 68, 72, STR_UNICODE);

there 68 is the offset of the string length, and 72 is the offset of
the string.

 > It appears the ethereal implementation of this infolevel is completely broken

yep, the leach spec is wrong for this level. 

Also note that I was wrong about this level being the same in SMB and
SMB2. My test code had a bug. The SMB2 ALL_INFORMATION level looks
like this:

		FINFO_CHECK_MIN_SIZE(0x64);
		parms->all_info2.out.create_time    = smbcli_pull_nttime(blob->data, 0x00);
		parms->all_info2.out.access_time    = smbcli_pull_nttime(blob->data, 0x08);
		parms->all_info2.out.write_time     = smbcli_pull_nttime(blob->data, 0x10);
		parms->all_info2.out.change_time    = smbcli_pull_nttime(blob->data, 0x18);
		parms->all_info2.out.attrib         = IVAL(blob->data, 0x20);
		parms->all_info2.out.unknown1       = IVAL(blob->data, 0x24);
		parms->all_info2.out.alloc_size     = BVAL(blob->data, 0x28);
		parms->all_info2.out.size           = BVAL(blob->data, 0x30);
		parms->all_info2.out.nlink          = IVAL(blob->data, 0x38);
		parms->all_info2.out.delete_pending = CVAL(blob->data, 0x3C);
		parms->all_info2.out.directory      = CVAL(blob->data, 0x3D);
		parms->all_info2.out.file_id        = BVAL(blob->data, 0x40);
		parms->all_info2.out.ea_size        = IVAL(blob->data, 0x48);
		parms->all_info2.out.access_mask    = IVAL(blob->data, 0x4C);
		parms->all_info2.out.unknown2       = BVAL(blob->data, 0x50);
		parms->all_info2.out.unknown3       = BVAL(blob->data, 0x58);
		smbcli_blob_pull_string(NULL, mem_ctx, blob,
					&parms->all_info2.out.fname, 0x60, 0x64, STR_UNICODE);


It seems that this is the only level where the SMB and SMB2 structures
don't match?

Follow-Ups:
- [Smb2-protocol] Re: smb qfi level 1018
  - From: ronnie sahlberg

References:
- [Smb2-protocol] smb qfi level 1018
  - From: ronnie sahlberg

Prev by Date: [Smb2-protocol] create blob
Next by Date: [Smb2-protocol] getinfo/setinfo/create capture
Previous by thread: [Smb2-protocol] smb qfi level 1018
Next by thread: [Smb2-protocol] Re: smb qfi level 1018
Index(es):
- Date
- Thread