packetsmb.cs

一个抓包工具

using System;
using System.Windows.Forms;

namespace MyClasses
{

	public class PacketSMB
	{
		public const int NORMAL = 0;
		public const int VALUE = 1;

		// SMB Core Commands

		public const byte SMB_CMD_CREATE_DIR = 0x00; // Create directory 
		public const byte SMB_CMD_DELETE_DIR =  0x01; //  Delete directory 
		public const byte SMB_CMD_OPEN_FILE = 0x02; //  Open file 
		public const byte SMB_CMD_CREATE_FILE = 0x03; //  Create file 
		public const byte SMB_CMD_CLOSE_FILE = 0x04; //  Close file 
		public const byte SMB_CMD_COMMIT_ALL_FILES = 0x05; //  Commit all files 
		public const byte SMB_CMD_DELETE_FILE = 0x06; //  Delete file 
		public const byte SMB_CMD_RENAME_FILE = 0x07; //  Rename file 
		public const byte SMB_CMD_GET_FILE_ATTRIBUTE = 0x08; //  Get file attribute 
		public const byte SMB_CMD_SET_FILE_ATTRIBUTE = 0x09; //  Set file attribute 
		public const byte SMB_CMD_READ_BYTE_BLOCK = 0x0a; //  Read byte block 
		public const byte SMB_CMD_WRITE_BYTE_BLOCK = 0x0b; //  Write byte block 
		public const byte SMB_CMD_LOCK_BYTE_BLOCK = 0x0c; //  Lock byte block 
		public const byte SMB_CMD_UNLOCK_BYTE_BLOCK = 0x0d; //  Unlock byte block 
		public const byte SMB_CMD_CREATE_NEW_FILE = 0x0f; //  Create new file 
		public const byte SMB_CMD_CHECK_DIR = 0x10; //  Check directory 
		public const byte SMB_CMD_END_OF_PROCESS = 0x11; //  End of process 
		public const byte SMB_CMD_LSEEK = 0x12; //  LSEEK 
		public const byte SMB_CMD_START_CONNECTION = 0x70; //  Start connection 
		public const byte SMB_CMD_END_CONNECTION = 0x71; //  End connection 
		public const byte SMB_CMD_VERIFY_DIALECT = 0x72; //  Verify dialect 
		public const byte SMB_CMD_GET_DISK_ATTRIBUTES = 0x80; //  Get disk attributes 
		public const byte SMB_CMD_SEARCH_MULTIPLE_FILES = 0x81; //  Search multiple files 
		public const byte SMB_CMD_CREATE_SPOOL_FILE = 0xc0; //  Create spool file 
		public const byte SMB_CMD_SPOOL_BYTE_BLOCK = 0xc1; //  Spool byte block 
		public const byte SMB_CMD_CLOSE_SPOOL_FILE = 0xc2; //  Close spool file 
		public const byte SMB_CMD_RETURN_PRINT_QUEUE = 0xc3; //  Return print queue 
		public const byte SMB_CMD_SEND_MESSAGE = 0xd0; //  Send message 
		public const byte SMB_CMD_SEND_BROADCAST = 0xd1; //  Send broadcast 
		public const byte SMB_CMD_FORWARD_USER_NAME = 0xd2; //  Forward user name 
		public const byte SMB_CMD_CANCEL_FORWARD = 0xd3; //  Cancel forward 
		public const byte SMB_CMD_GET_MACHINE_NAME = 0xd4; //  Get machine name 
		public const byte SMB_CMD_START_MULTI_BLOCK_MESSAGE = 0xd5; //  Start multi-block message 
		public const byte SMB_CMD_END_MULTI_BLOCK_MESSAGE = 0xd6; //  End multi-block message 
		public const byte SMB_CMD_MULTI_BLOCK_MESSAGE_TEXT = 0xd7; //  Multi-block message text 
		public const byte SMB_CMD_INVALID = 0xfe; //  Invalid 
		public const byte SMB_CMD_IMPLEMENTATION_DEPENDENT = 0xff; //  Implementation-dependant 

		// SMB Core Plus Commands

		public const byte SMB_CMD_LOCAK_THEN_READ_DATA = 0x13; // Lock then read data 
		public const byte SMB_CMD_WRITE_THEN_UNLOCK_DATA = 0x14; // Write then unlock data 
		public const byte SMB_CMD_READ_BLOCK_RAW = 0x1a; // Read block raw 
		public const byte SMB_CMD_WRITE_BLOCK_RAW = 0x1d; // Write block raw 

		//

		//LANMAN 1.0 SMB Commands
		public const byte SMB_CMD_READ_BLOCK_MULTIPLEXED = 0x1b; // Read block multiplexed 
		public const byte SMB_CMD_READ_BLOCK_SR = 0x1c; // Read block (secondary response) 
		public const byte SMB_CMD_WRITE_BLOCK_MULTIPLEXED = 0x1e; // Write block multiplexed 
		public const byte SMB_CMD_WRITE_BLOCK_SR = 0x1f; // Write block (secondary response) 
		public const byte SMB_CMD_WRITE_COMPLETE_RESPONSE = 0x20; // Write complete response 
		public const byte SMB_CMD_SET_FILE_ATTRIBUTES_EXPANDED = 0x22; // Set file attributes expanded 
		public const byte SMB_CMD_GET_FILE_ATTRIBUTES_EXPANDED = 0x23; // Get file attributes expanded 
		public const byte SMB_CMD_LOCK_UNLOCK_BYTE_RANGES_AND_X = 0x24; // Lock/unlock byte ranges and X 
		public const byte SMB_CMD_TRANSACTION = 0x25; // Transaction (name, bytes in/out) 
		public const byte SMB_CMD_TRANSACTION_SECONDARY = 0x26; // Transaction (secondary request/response) 
		public const byte SMB_CMD_PASS_IOCTL_TO_SERVER = 0x27; // Passes the IOCTL to the server 
		public const byte SMB_CMD_IOCTL = 0x28; // IOCTL (secondary request/response) 
		public const byte SMB_CMD_COPY = 0x29; // Copy 
		public const byte SMB_CMD_MOVE = 0x2a; // Move 
		public const byte SMB_CMD_ECHO = 0x2b; // Echo 
		public const byte SMB_CMD_WRITE_AND_CLOSE = 0x2c; // Write and Close 
		public const byte SMB_CMD_OPEN_AND_X = 0x2d; // Open and X 
		public const byte SMB_CMD_READ_AND_X = 0x2e; // Read and X 
		public const byte SMB_CMD_WRITE_AND_X = 0x2f; // Write and X 
		public const byte SMB_CMD_SESSION_SETUP_AND_X = 0x73; // Session Set Up and X (including User Logon) 
		public const byte SMB_CMD_TREE_CONNECT_AND_X = 0x75; // Tree connect and X 
		public const byte SMB_CMD_FIND_FIRST = 0x82; // Find first 
		public const byte SMB_CMD_FIND_UNIQUE = 0x83; // Find unique 
		public const byte SMB_CMD_FIND_CLOSE = 0x84; // Find close 
		//public const byte SMB_CMD_INVALID = 0xfe; // Invalid command 

		// SMB Error Class Codes
		public const byte SMB_ERROR_CLASS_SUCCESS  = 0x00; // The request was successful 
		public const byte SMB_ERROR_CLASS_ERRSRV =  0x02; // Error generated by the LMX server 

		// SMB Return Codes for Error class 0x00 
		public const byte SMB_ERROR_CLASS_SUCCESS_BUFFERED = 0x54; // The Message was buffered 
		public const byte SMB_ERROR_CLASS_SUCCESS_LOGGED = 0x55; // The Message was logged 
		public const byte SMB_ERROR_CLASS_SUCCESS_DISPLAYED = 0x56; // The Message was displayed 


		// SMB Return Codes for Error class 0x02 
		public const byte SMB_ERROR_CLASS_ERRSRV_ERRerror = 0x01; // Non-specific error code 
		public const byte SMB_ERROR_CLASS_ERRSRV_ERRbadpw = 0x02; // Bad password 
		public const byte SMB_ERROR_CLASS_ERRSRV_ERRbadtype = 0x03; // Reserved 



		public const byte SMB_COMMAND_SEND_SINGLE_BLOCK_MESSAGE = 0xd0;
		public const byte SMB_COMMAND_TRANSACTION_REQUEST = 0x25;

		public const ushort  FLAGS_TRANSACTION_ONEWAY = 0x0002;
		public const ushort  FLAGS_TRANSACTION_DISCONNECT = 0x0001;

		public const byte FLAGS_REQUEST_RESPONSE = 0x80;
		public const byte FLAGS_NOTIFY = 0x40;
		public const byte FLAGS_OPLOCKS = 0x20;
		public const byte FLAGS_CANONICALIZED_PATH_NAMES = 0x10;
		public const byte FLAGS_CASE_SENSITIVITY = 0x08;
		public const byte FLAGS_RECEIVE_BUFFER_POSTED = 0x02;
		public const byte FLAGS_LOCK_AND_READ = 0x01;

		public const ushort FLAGS2_UNICODE_STRINGS = 0x8000;
		public const ushort FLAGS2_ERROR_CODE_TYPE = 0x4000;
		public const ushort FLAGS2_EXECUTE_ONLY_READS = 0x2000;
		public const ushort FLAGS2_DFS = 0x1000;
		public const ushort FLAGS2_EXTENDED_SECURITY_NEGOTIATION = 0x0800;
		public const ushort FLAGS2_LONG_NAMES_USED = 0x0040;
		public const ushort FLAGS2_SECUTIRY_SIGNATURES = 0x0004;
		public const ushort FLAGS2_EXTENDED_ATTRIBUTES = 0x0002;
		public const ushort FLAGS2_LONG_NAMES_ALLOWED = 0x0001;

		public const byte FORMAT_TYPE_ASCII = 0x04;
		public const byte FORMAT_TYPE_DATA_BLOCK = 0x01;


		public struct PACKET_SMB_HEADER
		{
			public string ServerComponent;
			public byte Command;
			public string CommandStr;
			public byte ErrorClass;
			public byte Reserved1;
			public ushort ErrorCode;
			public byte Flags;
			public string FlagsStr;
			public ushort Flags2;
			public string Flags2Str;
			public byte[] Reserved2;
			public ushort TreeId;
			public ushort ProcessId;
			public ushort UserId;
			public ushort MultiplexId;
		}

		public struct PACKET_SMB_BODY
		{
			public byte WordCount;
			public ushort ByteCount;
		}

		// Send Single Message Block Request
		public struct PACKET_SMB_SSMB_REQUEST
		{
			public byte WordCount;
			public ushort ByteCount;
			public byte OriginatorBufferFormat;
			public string OriginatorName; // Input name
			public byte DestinationBufferFormat;
			public string DestinationName;
			public byte MessageBufferFormat;
			public ushort MessageLen;
			public string Message;
		}

		public struct PACKET_SMB_TRANSACTION_REQUEST
		{
			public byte WordCount;
			public ushort TotalParamaterCount;
			public ushort TotalDataCount;
			public ushort MaxParameterCount;
			public ushort MaxDataCount;
			public byte MaxSetupCount;
			public byte Reserved1;
			public ushort Flags;
			public uint TimeOut;
			public ushort Reserved2;
			public ushort ParameterCount;
			public ushort ParameterOffset;
			public ushort DataCount;
			public ushort DataOffset;
			public byte SetupCount;
			public byte Reserved3;
			public ushort ByteCount;
			public string TransactionName;
			public byte Padding;
		}


		public struct PACKET_SMB
		{
			public PACKET_SMB_HEADER SmbHeader;
			public PACKET_SMB_BODY SmbBody;
			public object NextPacket;
			public object NextPacketEx;
		}


		private void InitStruct()
		{
			PSmbHeader.Command = 0;
			PSmbHeader.CommandStr = "";
			PSmbHeader.ErrorClass = 0;
			PSmbHeader.ErrorCode = 0;
			PSmbHeader.Flags = 0;
			PSmbHeader.Flags2 = 0;
			PSmbHeader.Flags2Str = "";
			PSmbHeader.FlagsStr = "";
			PSmbHeader.MultiplexId = 0;
			PSmbHeader.ProcessId = 0;
			PSmbHeader.Reserved1 = 0;
			PSmbHeader.Reserved2 = new byte[1];
			PSmbHeader.ServerComponent = "";
			PSmbHeader.TreeId = 0;
			PSmbHeader.UserId = 0;

			PSmb.NextPacket = null;
			PSmb.SmbHeader = PSmbHeader;
		}

		public string GetCommandString( byte b )
		{
			string Tmp;

			switch( b )
			{
				case Const.SMB_COMMAND_SEND_SINGLE_BLOCK_MESSAGE	: Tmp = "Send single block message"; break;
				default : Tmp = ""; break;
			}

			return Tmp;
		}

		public string GetFormatString( byte b )
		{
			string Tmp;

			switch( b )
			{
				case Const.FORMAT_TYPE_ASCII	: Tmp = "ASCII"; break;
				case Const.FORMAT_TYPE_DATA_BLOCK	: Tmp = "Data Block"; break;
				default : Tmp = ""; break;
			}

			return Tmp;
		}

		public string GetTransactionFlagsString( ushort b )
		{
			string Tmp = "";

			if( ( b & FLAGS_TRANSACTION_ONEWAY ) == FLAGS_TRANSACTION_ONEWAY )
				Tmp = ".... .... .... ..1. = One Way Transaction : One way transaction ( NO RESPONSE )";
			else
				Tmp = ".... .... .... ..0. = One Way Transaction : not one way transaction ( RESPONSE )";

			FlagsStr[0] = Tmp;

			if( ( b & FLAGS_TRANSACTION_DISCONNECT ) == FLAGS_TRANSACTION_DISCONNECT )
				Tmp = ".... .... .... ...1 = Disconnect TID : Disconnect TID";
			else
				Tmp = ".... .... .... ...0 = Disconnect TID : Do NOT disconnect TID";

			FlagsStr[1] = Tmp;


			return Tmp;
		}


		private string GetFlagsString( byte b )
		{
			string Tmp = "";

			if( ( b & FLAGS_REQUEST_RESPONSE ) == FLAGS_REQUEST_RESPONSE )
				Tmp = "1... .... = Request/Response : Message is a response to the user";
			else
				Tmp = "0... .... = Request/Response : Message is a request to the user";

			Flags_1_Str[0] = Tmp;

			if( ( b & FLAGS_NOTIFY ) == FLAGS_NOTIFY )
				Tmp = ".1.. .... = Notify : Notify client";
			else
				Tmp = ".0.. .... = Notify : Notify client only on open";

			Flags_1_Str[1] = Tmp;

			if( ( b & FLAGS_OPLOCKS ) == FLAGS_OPLOCKS )
				Tmp = "..1. .... = Oplocaks : Oplock requested/granted";
			else
				Tmp = "..0. .... = Oplocaks : Oplock not requested/granted";

			Flags_1_Str[2] = Tmp;

			if( ( b & FLAGS_CANONICALIZED_PATH_NAMES ) == FLAGS_CANONICALIZED_PATH_NAMES )
				Tmp = "...1 .... = Canonicalized Path Names : Path names are canonicalized";
			else
				Tmp = "...0 .... = Canonicalized Path Names : Path names are not canonicalized";

			Flags_1_Str[3] = Tmp;

			if( ( b & FLAGS_CASE_SENSITIVITY ) == FLAGS_CASE_SENSITIVITY )
				Tmp = ".... 1... = Case Sensitivity : Path names are not case sensitive";
			else
				Tmp = ".... 0... = Case Sensitivity : Path names not case sensitive";

			Flags_1_Str[4] = Tmp;

			if( ( b & FLAGS_RECEIVE_BUFFER_POSTED ) == FLAGS_RECEIVE_BUFFER_POSTED )
				Tmp = ".... ..1. = Receive Buffer Posted : Receive buffer has been posted";
			else
				Tmp = ".... ..0. = Receive Buffer Posted : Receive buffer has not been posted";

			Flags_1_Str[5] = Tmp;

			if( ( b & FLAGS_LOCK_AND_READ ) == FLAGS_LOCK_AND_READ )
				Tmp = ".... ...1 = Locak And Read : Lock&Read, Write&Lock are supported";
			else
				Tmp = ".... ...0 = Locak And Read : Lock&Read, Write&Lock are not supported";

			Flags_1_Str[6] = Tmp;

			return Tmp;
		}


		private string GetFlags2String( ushort b )
		{
			string Tmp = "";

			if( ( b & FLAGS2_UNICODE_STRINGS ) == FLAGS2_UNICODE_STRINGS )
				Tmp = "1... .... .... .... = Unicode Strings : Strings are UNICODE";
			else
				Tmp = "0... .... .... .... = Unicode Strings : Strings are ASCII";

			Flags_2_Str[0] = Tmp;

			if( ( b & FLAGS2_ERROR_CODE_TYPE ) == FLAGS2_ERROR_CODE_TYPE )
				Tmp = ".1.. .... .... .... = Error Code Type : Error codes are not DOS error codes";
			else
				Tmp = ".0.. .... .... .... = Error Code Type : Error codes are DOS error codes";

			Flags_2_Str[1] = Tmp;

			if( ( b & FLAGS2_EXECUTE_ONLY_READS ) == FLAGS2_EXECUTE_ONLY_READS )
				Tmp = "..1. .... .... .... = Execute-only Reads : Permit reads";
			else
				Tmp = "..0. .... .... .... = Execute-only Reads : Don't permit reads if execute only";

			Flags_2_Str[2] = Tmp;

			if( ( b & FLAGS2_DFS ) == FLAGS2_DFS )
				Tmp = "...1 .... .... .... = Dfs : Resolve pathnames with Dfs";
			else
				Tmp = "...0 .... .... .... = Dfs : Don't resolve pathnames with Dfs";

			Flags_2_Str[3] = Tmp;

			if( ( b & FLAGS2_EXTENDED_SECURITY_NEGOTIATION ) == FLAGS2_EXTENDED_SECURITY_NEGOTIATION )
				Tmp = ".... 1... .... .... = Extended Security Negotiation : Extended security negotiation is supported";
			else
				Tmp = ".... 0... .... .... = Extended Security Negotiation : Extended security negotiation is not supported";

			Flags_2_Str[4] = Tmp;

			if( ( b & FLAGS2_LONG_NAMES_USED ) == FLAGS2_LONG_NAMES_USED )
				Tmp = ".... .... .1.. .... = Long Names Used : Path names in request are long file names";
			else
				Tmp = ".... .... .0.. .... = Long Names Used : Path names in request are not long file names";

			Flags_2_Str[5] = Tmp;

			if( ( b & FLAGS2_SECUTIRY_SIGNATURES ) == FLAGS2_SECUTIRY_SIGNATURES )
				Tmp = ".... .... .... .1.. = Sequrity Signatures : Sequrity signatures are supported";
			else
				Tmp = ".... .... .... .0.. = Sequrity Signatures : Sequrity signatures are not supported";

			Flags_2_Str[6] = Tmp;

			if( ( b & FLAGS2_EXTENDED_ATTRIBUTES ) == FLAGS2_SECUTIRY_SIGNATURES )
				Tmp = ".... .... .... ..1. = Extended Attributes : Extended attributes are supported";
			else
				Tmp = ".... .... .... ..0. = Extended Attributes : Extended attributes are not supported";

			Flags_2_Str[7] = Tmp;

			if( ( b & FLAGS2_LONG_NAMES_ALLOWED ) == FLAGS2_LONG_NAMES_ALLOWED )
				Tmp = ".... .... .... ...1 = Long Names Allowed : Long file names are allowed in response";
			else
				Tmp = ".... .... .... ...0 = Long Names Allowed : Long file names are not allowed in response";

			Flags_2_Str[8] = Tmp;

			return Tmp;

		}


		private PACKET_SMB PSmb;
		private PACKET_SMB_HEADER PSmbHeader;
		private PACKET_SMB_SSMB_REQUEST PSsmbRequest;
		private PACKET_SMB_TRANSACTION_REQUEST PSmbTransactionRequest;
		private PacketSMBMAILSLOT.PACKET_SMB_MAIL_SLOT PSmbMailSlot;
		private PacketSMBMAILSLOT clsSMBMAILSLOT = new PacketSMBMAILSLOT();
		private string [] Flags_1_Str = new string[7];
		private string [] Flags_2_Str = new string[9];
		private string [] FlagsStr = new string[2];

		public PacketSMB()
		{

		}