Differences between revisions 3 and 4
Revision 3 as of 2005-12-01 12:22:01
Size: 553
Comment: swap in/out to be consistent with normal naming convention
Revision 4 as of 2008-04-12 17:50:00
Size: 553
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 4: Line 4:
This ["SMB2/Ioctl"] function transports ["DCE/RPC"] request/responses atop ioctl calls to a named pipe. This [[SMB2/Ioctl]] function transports [[DCE/RPC]] request/responses atop ioctl calls to a named pipe.
Line 7: Line 7:
["SMB2/Ioctl/Function"] Device == FILE_DEVICE_NAMED_PIPE [[SMB2/Ioctl/Function]] Device == FILE_DEVICE_NAMED_PIPE
Line 10: Line 10:
["SMB2/Ioctl/Function"] Device == FILE_READ_WRITE_ACCESS [[SMB2/Ioctl/Function]] Device == FILE_READ_WRITE_ACCESS
Line 13: Line 13:
["SMB2/Ioctl/Function"] Function == 0x0005 [[SMB2/Ioctl/Function]] Function == 0x0005
Line 16: Line 16:
["SMB2/Ioctl/Function"] Method == METHOD_NEITHER [[SMB2/Ioctl/Function]] Method == METHOD_NEITHER
Line 20: Line 20:
A connection oriented ["DCE/RPC"] request PDU. A connection oriented [[DCE/RPC]] request PDU.
Line 23: Line 23:
A connection oriented ["DCE/RPC"] response PDU. A connection oriented [[DCE/RPC]] response PDU.

IOCTL_REQUEST_DCERPC

0x0011c017

This SMB2/Ioctl function transports DCE/RPC request/responses atop ioctl calls to a named pipe.

Device

SMB2/Ioctl/Function Device == FILE_DEVICE_NAMED_PIPE

Access

SMB2/Ioctl/Function Device == FILE_READ_WRITE_ACCESS

Function

SMB2/Ioctl/Function Function == 0x0005

Method

SMB2/Ioctl/Function Method == METHOD_NEITHER

In Data

A connection oriented DCE/RPC request PDU.

Out Data

A connection oriented DCE/RPC response PDU.

SMB2/Ioctl/Function/FILE_DEVICE_NAMED_PIPE/IOCTL_REQUEST_DCERPC (last edited 2008-04-12 17:50:00 by localhost)