Figure 1 SMB Message-Exchange Sequence
| Client Command | Server Response |
| SMB_COM_
NEGOTIATE | Must be the first message sent by client to the server. Includes a list of SMB dialectssupported by the client. Server response indicates which SMB dialect should be used. |
| SMB_COM_SESSION _SETUP_ANDX | Transmits the user's name and credentials to the server for verification. Successful serverresponse has Uid field set in the SMB header used for subsequent SMBs on behalf of this user. |
| SMB_COM_TREE_
CONNECT | Transmits the name of the disk share the client wants to access. Successful serverresponse has Tid field set in the SMB header used for subsequent SMBs referring to this resource. |
| SMB_COM_OPEN | Transmits the name of the file, relative to Tid, the client wants to open. Successful server response includes a file ID (Fid) the client should supply for subsequent operations on this file. |
| SMB_COM_READ | Client supplies Tid, Fid, file offset, and number of bytes to read. Successful server response includes the requested file data. |
| SMB_COM_CLOSE | Client closes the file represented by Tid and Fid. Server responds with a success code. |
| SMB_COM_TREE_
DISCONNECT | Client disconnects from resource represented by Tid. |
Figure 2 Server Message Block
typedef unsigned char UCHAR; // 8 unsigned bits
typedef unsigned short USHORT; // 16 unsigned bits
typedef unsigned long ULONG; // 32 unsigned bits
typedef struct {
ULONG LowPart;
LONG HighPart;
} LARGE_INTEGER; // 64 bits of data
typedef struct {
ULONG LowTime;
LONG HighTime;
} TIME;
typedef struct {
UCHAR Protocol[4]; // Contains 0xFF,'SMB'
UCHAR Command; // Command code
union {
struct {
UCHAR ErrorClass; // Error class
UCHAR Reserved; // Reserved for future use
USHORT Error; // Error code
} DosError;
ULONG NtStatus; // NT-style 32-bit error code
} Status;
UCHAR Flags; // Flags
USHORT Flags2; // More flags
union {
USHORT Pad[6]; // Ensure this section is 12
// bytes long
struct {
USHORT PidHigh; // High part of PID
// (NT Create And X)
USHORT Reserved[5];
} Connectionless; // IPX
};
USHORT Tid; // Tree identifier
USHORT Pid; // Caller's process id
USHORT Uid; // Unauthenticated user id
USHORT Mid; // multiplex id
UCHAR WordCount; // Count of parameter words
USHORT ParameterWords[ WordCount ]; // The parameter words
USHORT ByteCount; // Count of bytes
UCHAR Buffer[ ByteCount ]; // The bytes
} SMB_HEADER;
Figure 6 File Operation Messages
| Message | Description |
|
SMB_COM_CHECK_DIRECTORY |
Verify that a path exists and is a directory |
|
SMB_COM_CLOSE |
Close a server file |
|
SMB_COM_CLOSE_PRINT_FILE |
Close a print-spool file on the server |
|
SMB_COM_CREATE |
Create a server file |
|
SMB_COM_CREATE_DIRECTORY |
Create a directory on the server |
|
SMB_COM_CREATE_NEW |
Create a new server file or truncate an existing one to length zero and open it |
|
SMB_COM_CREATE_TEMPORARY |
Creates a temporary, unique data file on the server |
|
SMB_COM_DELETE |
Delete a server file |
|
SMB_COM_DELETE_DIRECTORY |
Delete a server directory |
|
SMB_COM_FLUSH |
Ensure all data and allocation information for a server file has been written to stable storage |
|
SMB_COM_GET_PRINT_QUEUE |
Obtain a list of the elements currently in the server's print queue |
|
SMB_COM_LOCK_BYTE_RANGE |
Lock a byte range in a file |
|
SMB_COM_NEGOTIATE |
Negotiates a file-sharing dialect to use |
|
SMB_COM_OPEN |
Open a file and retrieve its handle |
|
SMB_COM_OPEN_PRINT_FILE |
Create a print-spool file on the server |
|
SMB_COM_PROCESS_EXIT |
Inform the server that a client process has terminated; the server must close all associated files and release all locks the process held |
|
SMB_COM_QUERY_INFORMATION |
Query for file information |
|
SMB_COM_QUERY_INFORMATION_DISK |
Query for disk information |
|
SMB_COM_READ |
Read a server file |
|
SMB_COM_RENAME |
Rename a server file |
|
SMB_COM_SEARCH |
Search directories for a file name |
|
SMB_COM_SEEK |
Seek to a location in a file |
|
SMB_COM_SET_INFORMATION |
Change information about a server file |
|
SMB_COM_TREE_CONNECT |
Connect to a server resource |
|
SMB_COM_TREE_DISCONNECT |
Disconnect from a server resource |
|
SMB_COM_UNLOCK_BYTE_RANGE |
Unlock a byte range in a file |
|
SMB_COM_WRITE |
Write data to a server file |
|
SMB_COM_WRITE_PRINT_FILE |
Write data to a server print-spool file |
Figure 7 Client Request Block
| Field | Description |
|
UCHAR WordCount |
Count of parameter words = 2 |
|
USHORT MaxCount |
Number of dir. entries to return |
|
USHORT SearchAttributes |
Search flags |
|
USHORT ByteCount |
Count of data bytes; min = 5 |
|
UCHAR BufferFormat1 |
0x04—ASCII |
|
UCHAR FileName[] |
File name, may be null |
|
UCHAR BufferFormat2 |
0x05—Variable block |
|
USHORT ResumeKeyLength |
Length of resume key, may be 0 |
|
UCHAR ResumeKey[] |
Resume key |
Figure 8 Server Response Block
| Field | Description |
|
UCHAR WordCount; |
Count of parameter words = 1 |
|
USHORT Count; |
Number of entries returned |
|
USHORT ByteCount; |
Count of data bytes; min = 3 |
|
UCHAR BufferFormat; |
0x05—Variable block |
|
USHORT DataLength; |
Length of data |
|
UCHAR DirectoryInformationData[]; |
Data |
Figure 9 Resume Key Block
| Field | Description |
|
UCHAR Reserved |
bit 7—consumer use bits 5,6—system use (must preserve) bits 0 to 4—server use (must preserve) |
|
UCHAR FileName[11] |
Name of the returned file |
|
UCHAR ReservedForServer[5] |
(Client must not modify) |
|
UCHAR ReservedForConsumer[4] |
(Server must not modify) |
Figure 10 Directory Information Block
| Field | Description |
|
SMB_RESUME_KEY ResumeKey |
Described in Figure 7 |
|
UCHAR FileAttributes |
Attributes of the file, if found |
|
SMB_TIME LastWriteTime |
Time file was last written |
|
SMB_DATE LastWriteDate |
Date file was last written |
|
ULONG FileSize |
Size of the file |
|
UCHAR FileName[13] |
ASCII, space-filled, null- terminated |