Smb2-protocol: [Smb2-protocol] Re: smb qfi level 1018
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: ronnie sahlberg <ronniesahlberg@xxxxxxxxx>
Date: Fri, 18 Nov 2005 21:59:33 +0000
thanks. i have updated the wiki and ethereal On 11/18/05, tridge@xxxxxxxxx <tridge@xxxxxxxxx> wrote: > Ronnie, > > > would anyone have a link to where i can find a current description of > > qfi level 1018 SMB_FILE_ALL_INFO. > > The parse code is as follows: > > case RAW_FILEINFO_ALL_INFORMATION: > FINFO_CHECK_MIN_SIZE(72); > parms->all_info.out.create_time = smbcli_pull_nttime(blob->data, > 0); > parms->all_info.out.access_time = smbcli_pull_nttime(blob->data, > 8); > parms->all_info.out.write_time = smbcli_pull_nttime(blob->data, > 16); > parms->all_info.out.change_time = smbcli_pull_nttime(blob->data, > 24); > parms->all_info.out.attrib = IVAL(blob->data, 32); > parms->all_info.out.alloc_size = BVAL(blob->data, 40); > parms->all_info.out.size = BVAL(blob->data, 48); > parms->all_info.out.nlink = IVAL(blob->data, 56); > parms->all_info.out.delete_pending = CVAL(blob->data, 60); > parms->all_info.out.directory = CVAL(blob->data, 61); > #if 1 > parms->all_info.out.ea_size = IVAL(blob->data, 64); > smbcli_blob_pull_string(NULL, mem_ctx, blob, > &parms->all_info.out.fname, 68, 72, STR_UNICODE); > > there 68 is the offset of the string length, and 72 is the offset of > the string. > > > It appears the ethereal implementation of this infolevel is completely > broken > > yep, the leach spec is wrong for this level. > > Also note that I was wrong about this level being the same in SMB and > SMB2. My test code had a bug. The SMB2 ALL_INFORMATION level looks > like this: > > FINFO_CHECK_MIN_SIZE(0x64); > parms->all_info2.out.create_time = smbcli_pull_nttime(blob->data, > 0x00); > parms->all_info2.out.access_time = smbcli_pull_nttime(blob->data, > 0x08); > parms->all_info2.out.write_time = smbcli_pull_nttime(blob->data, > 0x10); > parms->all_info2.out.change_time = smbcli_pull_nttime(blob->data, > 0x18); > parms->all_info2.out.attrib = IVAL(blob->data, 0x20); > parms->all_info2.out.unknown1 = IVAL(blob->data, 0x24); > parms->all_info2.out.alloc_size = BVAL(blob->data, 0x28); > parms->all_info2.out.size = BVAL(blob->data, 0x30); > parms->all_info2.out.nlink = IVAL(blob->data, 0x38); > parms->all_info2.out.delete_pending = CVAL(blob->data, 0x3C); > parms->all_info2.out.directory = CVAL(blob->data, 0x3D); > parms->all_info2.out.file_id = BVAL(blob->data, 0x40); > parms->all_info2.out.ea_size = IVAL(blob->data, 0x48); > parms->all_info2.out.access_mask = IVAL(blob->data, 0x4C); > parms->all_info2.out.unknown2 = BVAL(blob->data, 0x50); > parms->all_info2.out.unknown3 = BVAL(blob->data, 0x58); > smbcli_blob_pull_string(NULL, mem_ctx, blob, > &parms->all_info2.out.fname, 0x60, 0x64, STR_UNICODE); > > > It seems that this is the only level where the SMB and SMB2 structures > don't match? > > _______________________________________________ > Smb2-protocol mailing list > Smb2-protocol@xxxxxxxxxxxx > http://www.ethereal.com/mailman/listinfo/smb2-protocol >
- References:
- [Smb2-protocol] smb qfi level 1018
- From: ronnie sahlberg
- Re: [Smb2-protocol] smb qfi level 1018
- From: tridge
- [Smb2-protocol] smb qfi level 1018
- Prev by Date: [Smb2-protocol] getinfo/setinfo/create capture
- Next by Date: [Smb2-protocol] Re: create blob
- Previous by thread: Re: [Smb2-protocol] smb qfi level 1018
- Next by thread: [Smb2-protocol] Find command and flags
- Index(es):
- Get Wireshark
- Download
- Code of Conduct