This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 1 and 10 (spanning 9 versions)
Revision 1 as of 2005-11-08 06:56:29
Size: 2829
Comment: initial GetInfo page
Revision 10 as of 2005-11-11 09:35:46
Size: 4149
Comment:
Deletions are marked like this. Additions are marked like this.
Line 22: Line 22:
| | | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | | |
| |
+-+-+-+-+ +-+-+-+-+
| |
+-+-+-+-+ FID +-+-+-+-+
| |
+-+-+-+-+ +-+-+-+-+
| |
+-+-+-+-+ +-+-+-+-+
| |
Line 36: Line 36:
0x01 FILE_INFO
0x02 FS_INFO
0x01 SMB2_CLASS_FILE_INFO
0x02 SMB2_CLASS_FS_INFO
0x03 SMB2_CLASS_SEC_INFO
Line 42: Line 43:
=== Infolevels for FILE_INFO === === Infolevels for SMB2_CLASS_FILE_INFO ===
Line 44: Line 45:
 * 0x12
 * 0x22
 * 0x0a ["SMB2/SMB2_FILE_INFO_0a"] (Set Filename used to rename files)
 * 0x0d ["SMB2/SMB2_FILE_INFO_0d"]
 * 0x12 ["SMB2/SMB2_FILE_INFO_12"]
 * 0x22 ["SMB2/SMB2_FILE_INFO_22"]
Line 47: Line 50:
=== Infolevels for FS_INFO === === Infolevels for SMB2_CLASS_FS_INFO ===
Line 49: Line 52:
 * 0x01
 * 0x03
 * 0x05
 * 0x07
 * 0x01 ["SMB2/SMB2_FS_INFO_1"]
 * 0x03 ["SMB2/SMB2_FS_INFO_3"]
 * 0x05 ["SMB2/SMB2_FS_INFO_5"]
 * 0x07 ["SMB2/SMB2_FS_INFO_7"]

=== Infolevels for SMB2_CLASS_SEC_INFO ===

 * 0x00 ["SMB2/SMB2_SEC_INFO_00"]
Line 68: Line 75:

or
if STATUS_BUFFER_TOO_SMALL
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Response Buffer Size == 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Required Buffer Size |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Line 74: Line 91:
 * 0xc0000023 STATUS_BUTTER_TOO_SMALL This indicates that the buffer was too small to hold the returned data. The response packet will only contain 4 bytes which represents the required size of the buffer.
 * 0x80000005 STATUS_BUFFER_OVERFLOW This indicates that the buffer was too small and that the response data is truncated. There is no indication of how big the buffer needs to be.

SMB2/GetInfo

Opcode 0x10

This command can be used to get information about files and other types of objects from the server.

SMB2/GetInfo Request

SMB2/GetInfo Request Packet Format

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|               |               |     Class     |   InfoLevel   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                   Max Response Buffer Size                    |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|               |               |               |               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|               |               |               |               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|               |               |               |               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                                                               |
+-+-+-+-+                                               +-+-+-+-+
|                                                               |
+-+-+-+-+                      FID                      +-+-+-+-+
|                                                               |
+-+-+-+-+                                               +-+-+-+-+
|                                                               |
+-+-+-+-+                                               +-+-+-+-+
|                                                               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Class

Class specifies what type of object we want information about.

0x01     SMB2_CLASS_FILE_INFO
0x02     SMB2_CLASS_FS_INFO
0x03     SMB2_CLASS_SEC_INFO

InfoLevel

Infolevel together with Class specific a specific type of information to be returned.

Infolevels for SMB2_CLASS_FILE_INFO

  • 0x0a ["SMB2/SMB2_FILE_INFO_0a"] (Set Filename used to rename files)
  • 0x0d ["SMB2/SMB2_FILE_INFO_0d"]
  • 0x12 ["SMB2/SMB2_FILE_INFO_12"]
  • 0x22 ["SMB2/SMB2_FILE_INFO_22"]

Infolevels for SMB2_CLASS_FS_INFO

  • 0x01 ["SMB2/SMB2_FS_INFO_1"]
  • 0x03 ["SMB2/SMB2_FS_INFO_3"]
  • 0x05 ["SMB2/SMB2_FS_INFO_5"]
  • 0x07 ["SMB2/SMB2_FS_INFO_7"]

Infolevels for SMB2_CLASS_SEC_INFO

  • 0x00 ["SMB2/SMB2_SEC_INFO_00"]

Max Response Buffer Size

This field specifies the maximum amount of data that the server can send back in the response. If the response is truncated the server will set the NT Status Code STATUS_BUFFER_OVERFLOW

SMB2/GetInfo Response

SMB2/GetInfo Response Packet Format

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|               |               |               |               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                      Response Buffer Size                     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|    Data depending of Class/Infolevel in the request
+-+-+-+-+...

or 
if STATUS_BUFFER_TOO_SMALL
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|               |               |               |               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                   Response Buffer Size == 4                   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                       Required Buffer Size                    |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Response Buffer Size

The number of bytes of returned data that follows.

NT Status Codes

  • 0xc0000023 STATUS_BUTTER_TOO_SMALL This indicates that the buffer was too small to hold the returned data. The response packet will only contain 4 bytes which represents the required size of the buffer.
  • 0x80000005 STATUS_BUFFER_OVERFLOW This indicates that the buffer was too small and that the response data is truncated. There is no indication of how big the buffer needs to be.

Discussion

SMB2/GetInfo (last edited 2008-05-05 07:15:50 by GuyHarris)