SMB1Header.cs 4.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140
  1. /* Copyright (C) 2014-2017 Tal Aloni <tal.aloni.il@gmail.com>. All rights reserved.
  2. *
  3. * You can redistribute this program and/or modify it under the terms of
  4. * the GNU Lesser Public License as published by the Free Software Foundation,
  5. * either version 3 of the License, or (at your option) any later version.
  6. */
  7. using System;
  8. using System.Collections.Generic;
  9. using System.Text;
  10. using Utilities;
  11. namespace SMBLibrary.SMB1
  12. {
  13. public class SMB1Header
  14. {
  15. public const int Length = 32;
  16. public static readonly byte[] ProtocolSignature = new byte[] { 0xFF, 0x53, 0x4D, 0x42 };
  17. private byte[] Protocol; // byte[4], 0xFF followed by "SMB"
  18. public CommandName Command;
  19. public NTStatus Status;
  20. public HeaderFlags Flags;
  21. public HeaderFlags2 Flags2;
  22. //ushort PIDHigh
  23. public ulong SecurityFeatures;
  24. // public ushort Reserved;
  25. public ushort TID; // Tree ID
  26. //ushort PIDLow;
  27. public ushort UID; // User ID
  28. public ushort MID; // Multiplex ID
  29. public uint PID; // Process ID
  30. public SMB1Header()
  31. {
  32. Protocol = ProtocolSignature;
  33. }
  34. public SMB1Header(byte[] buffer)
  35. {
  36. Protocol = ByteReader.ReadBytes(buffer, 0, 4);
  37. Command = (CommandName)ByteReader.ReadByte(buffer, 4);
  38. Status = (NTStatus)LittleEndianConverter.ToUInt32(buffer, 5);
  39. Flags = (HeaderFlags)ByteReader.ReadByte(buffer, 9);
  40. Flags2 = (HeaderFlags2)LittleEndianConverter.ToUInt16(buffer, 10);
  41. ushort PIDHigh = LittleEndianConverter.ToUInt16(buffer, 12);
  42. SecurityFeatures = LittleEndianConverter.ToUInt64(buffer, 14);
  43. TID = LittleEndianConverter.ToUInt16(buffer, 24);
  44. ushort PIDLow = LittleEndianConverter.ToUInt16(buffer, 26);
  45. UID = LittleEndianConverter.ToUInt16(buffer, 28);
  46. MID = LittleEndianConverter.ToUInt16(buffer, 30);
  47. PID = (uint)((PIDHigh << 16) | PIDLow);
  48. }
  49. public void WriteBytes(byte[] buffer, int offset)
  50. {
  51. ushort PIDHigh = (ushort)(PID >> 16);
  52. ushort PIDLow = (ushort)(PID & 0xFFFF);
  53. ByteWriter.WriteBytes(buffer, offset + 0, Protocol);
  54. ByteWriter.WriteByte(buffer, offset + 4, (byte)Command);
  55. LittleEndianWriter.WriteUInt32(buffer, offset + 5, (uint)Status);
  56. ByteWriter.WriteByte(buffer, offset + 9, (byte)Flags);
  57. LittleEndianWriter.WriteUInt16(buffer, offset + 10, (ushort)Flags2);
  58. LittleEndianWriter.WriteUInt16(buffer, offset + 12, PIDHigh);
  59. LittleEndianWriter.WriteUInt64(buffer, offset + 14, SecurityFeatures);
  60. LittleEndianWriter.WriteUInt16(buffer, offset + 24, TID);
  61. LittleEndianWriter.WriteUInt16(buffer, offset + 26, PIDLow);
  62. LittleEndianWriter.WriteUInt16(buffer, offset + 28, UID);
  63. LittleEndianWriter.WriteUInt16(buffer, offset + 30, MID);
  64. }
  65. public byte[] GetBytes()
  66. {
  67. byte[] buffer = new byte[Length];
  68. WriteBytes(buffer, 0);
  69. return buffer;
  70. }
  71. public bool ReplyFlag
  72. {
  73. get
  74. {
  75. return (Flags & HeaderFlags.Reply) > 0;
  76. }
  77. }
  78. /// <summary>
  79. /// SMB_FLAGS2_EXTENDED_SECURITY
  80. /// </summary>
  81. public bool ExtendedSecurityFlag
  82. {
  83. get
  84. {
  85. return (this.Flags2 & HeaderFlags2.ExtendedSecurity) > 0;
  86. }
  87. set
  88. {
  89. if (value)
  90. {
  91. this.Flags2 |= HeaderFlags2.ExtendedSecurity;
  92. }
  93. else
  94. {
  95. this.Flags2 &= ~HeaderFlags2.ExtendedSecurity;
  96. }
  97. }
  98. }
  99. public bool UnicodeFlag
  100. {
  101. get
  102. {
  103. return (Flags2 & HeaderFlags2.Unicode) > 0;
  104. }
  105. set
  106. {
  107. if (value)
  108. {
  109. this.Flags2 |= HeaderFlags2.Unicode;
  110. }
  111. else
  112. {
  113. this.Flags2 &= ~HeaderFlags2.Unicode;
  114. }
  115. }
  116. }
  117. public static bool IsValidSMB1Header(byte[] buffer)
  118. {
  119. if (buffer.Length >= 4)
  120. {
  121. byte[] protocol = ByteReader.ReadBytes(buffer, 0, 4);
  122. return ByteUtils.AreByteArraysEqual(protocol, ProtocolSignature);
  123. }
  124. return false;
  125. }
  126. }
  127. }