2.2.4.59.1 Request
-
SMB_Parameters { UCHAR WordCount; Words { USHORT MaxCount; SMB_FILE_ATTRIBUTES SearchAttributes; } } SMB_Data { USHORT ByteCount; Bytes { UCHAR BufferFormat1; SMB_STRING FileName; UCHAR BufferFormat2; USHORT ResumeKeyLength; SMB_Resume_Key ResumeKey[ResumeKeyLength]; } }
SMB_Header:
-
-
TID (2 bytes): A valid TID MUST be provided. The TID MUST refer to a file system subtree.
-
UID (2 bytes): A valid UID MUST be provided and MUST have, at a minimum, read permission on all directories in the FileName path.
-
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
SMB_Parameters |
|||||||||||||||||||||||||||||||
|
... |
SMB_Data (variable) |
||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
SMB_Parameters (5 bytes):
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
1WordCount
Words
...
-
WordCount (1 byte): This field MUST be 0x02.
-
Words (4 bytes):
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
1MaxCount
SearchAttributes
-
MaxCount (2 bytes): The maximum number of directory entries to return. This value represents the maximum number of entries across the entirety of the search, not just the initial response.
-
SearchAttributes (2 bytes): An attribute mask used to specify the standard attributes that a file MUST have to match the search. If the value of this field is 0x0000, then only normal files MUST be returned. If the Volume Label attribute is set, the server MUST return only the volume label (the Volume Label attribute is exclusive). If the Directory, System, or Hidden attributes are specified, then those entries MUST be returned in addition to the normal files. Exclusive search attributes (see section 2.2.1.2.4) can also be set.
-
SMB_Data (variable):
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
1ByteCount
Bytes (variable)
...
-
ByteCount (2 bytes): This field MUST be 0x0005 or greater.
-
Bytes (variable):
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
1BufferFormat1
FileName (variable)
...
BufferFormat2
ResumeKeyLength
ResumeKey (variable)
...
-
BufferFormat1 (1 byte): This field MUST be 0x04, which indicates that a null-terminated ASCII string is to follow.
-
FileName (variable): A null-terminated character string. This is the full directory path (relative to the TID) of the file(s) being sought. Only the final component of the path MAY contain wildcards. This string MAY be the empty string.
-
BufferFormat2 (1 byte): This field MUST be 0x05, which indicates that a variable block is to follow.
-
ResumeKeyLength (2 bytes): This field MUST be either 0x0000 or 21 (0x0015). If the value of this field is 0x0000, then this is an initial search request. The server MUST allocate resources to maintain search state so that subsequent requests can be processed. If the value of this field is 21 (0x0015) then this request MUST be the continuation of a previous search, and the next field MUST contain a ResumeKey previously returned by the server.
-
ResumeKey (variable): If the value of the ResumeKeyLength field is 21 (0x0015), this field MUST contain a ResumeKey returned by the server in response to a previous SMB_COM_SEARCH request. The ResumeKey contains data used by both the client and the server to maintain the state of the search. The structure of the ResumeKey follows.
-
-
SMB_Resume_Key { UCHAR Reserved; UCHAR ServerState[16]; UCHAR ClientState[4]; }
-
-
-
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Reserved |
ServerState (16 bytes) |
||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
... |
ClientState |
||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
Reserved (1 byte): This field is reserved and MUST NOT be modified by the client. Older documentation is contradictory as to whether this field is reserved for client-side or server-side use. New server implementations SHOULD avoid using or modifying the content of this field.
ServerState (16 bytes): This field is maintained by the server and MUST NOT be modified by the client. The contents of this field are server-specific.
ClientState (4 bytes): Array of UCHAR This field MAY be used by the client to maintain state across a series of SMB_COM_SEARCH calls. The value provided by the client MUST be returned in each ResumeKey provided in the response. The contents of this field are client-specific.