📄 packetsmb.cs
字号:
public TreeNode GetSMBNode( PACKET_SMB PSmb )
{
TreeNode mNode;
TreeNode mNode1;
TreeNode mNode2;
string TypeStr = "";
string Tmp = "";
int i = 0;
mNode = new TreeNode();
mNode.Text = "SMB";
mNode1 = new TreeNode();
mNode1.Text = "SMB Header";
Tmp = "Server Component :" + PSmb.SmbHeader.ServerComponent;
mNode1.Nodes.Add( Tmp );
Tmp = "SMB Command : " + Function.ReFormatString( PSmb.SmbHeader.Command , PSmb.SmbHeader.CommandStr );
mNode1.Nodes.Add( Tmp );
Tmp = "Error Class : " + Function.ReFormatString( PSmb.SmbHeader.ErrorClass , null );
mNode1.Nodes.Add( Tmp );
Tmp = "Reserved : " + Function.ReFormatString( PSmb.SmbHeader.Reserved1 , null );
mNode1.Nodes.Add( Tmp );
Tmp = "Error Code : " + Function.ReFormatString( PSmb.SmbHeader.ErrorCode , null );
mNode1.Nodes.Add( Tmp );
mNode2 = new TreeNode();
Tmp = "Flags : " + Function.ReFormatString( PSmb.SmbHeader.Flags , null );
mNode2.Text = Tmp;
GetFlagsString( PSmb.SmbHeader.Flags );
for( i = 0; i < 7; i ++ )
mNode2.Nodes.Add( Flags_1_Str[i] );
mNode1.Nodes.Add( mNode2 );
mNode2 = new TreeNode();
Tmp = "Flags2 : " + Function.ReFormatString( PSmb.SmbHeader.Flags2 , null );
mNode2.Text = Tmp;
GetFlags2String( PSmb.SmbHeader.Flags2 );
for( i = 0; i < 9; i ++ )
mNode2.Nodes.Add( Flags_2_Str[i] );
mNode1.Nodes.Add( mNode2 );
Tmp = "Reserved : " + Function.ReFormatString( PSmb.SmbHeader.Reserved2 , null );
mNode1.Nodes.Add( Tmp );
Tmp = "Tree Id : " + Function.ReFormatString( PSmb.SmbHeader.TreeId , null );
mNode1.Nodes.Add( Tmp );
Tmp = "Process Id : " + Function.ReFormatString( PSmb.SmbHeader.ProcessId , null );
mNode1.Nodes.Add( Tmp );
Tmp = "User Id : " + Function.ReFormatString( PSmb.SmbHeader.UserId , null );
mNode1.Nodes.Add( Tmp );
Tmp = "Multiplex Id : " + Function.ReFormatString( PSmb.SmbHeader.MultiplexId , null );
mNode1.Nodes.Add( Tmp );
mNode.Nodes.Add( mNode1 );
if( PSmb.NextPacket != null )
{
TypeStr = Function.GetObjectType( PSmb.NextPacket );
if( TypeStr == "PACKET_SMB_SSMB_REQUEST" )
{
PSsmbRequest = ( PACKET_SMB_SSMB_REQUEST ) PSmb.NextPacket;
mNode1 = new TreeNode();
mNode1.Text = "SINGLE MESSAGE BLOCK PROTOCOL";
Tmp = "Word Count ( WCT ) : " + Function.ReFormatString( PSsmbRequest.WordCount , null );
mNode1.Nodes.Add( Tmp );
Tmp = "Byte Count ( BCC ) : " + Function.ReFormatString( PSsmbRequest.ByteCount , null );
mNode1.Nodes.Add( Tmp );
Tmp = "Buffer Format : " + Function.ReFormatString( PSsmbRequest.OriginatorBufferFormat , GetFormatString( PSsmbRequest.OriginatorBufferFormat ) );
mNode1.Nodes.Add( Tmp );
Tmp = "Originator Name : " + Function.ReFormatString( PSsmbRequest.OriginatorName , null );
mNode1.Nodes.Add( Tmp );
Tmp = "Buffer Format : " + Function.ReFormatString( PSsmbRequest.DestinationBufferFormat , GetFormatString( PSsmbRequest.DestinationBufferFormat ) );
mNode1.Nodes.Add( Tmp );
Tmp = "Destination Name : " + Function.ReFormatString( PSsmbRequest.DestinationName , null );
mNode1.Nodes.Add( Tmp );
Tmp = "Buffer Format : " + Function.ReFormatString( PSsmbRequest.MessageBufferFormat , GetFormatString( PSsmbRequest.MessageBufferFormat ) );
mNode1.Nodes.Add( Tmp );
Tmp = "Message Length : " + Function.ReFormatString( PSsmbRequest.MessageLen , null );
mNode1.Nodes.Add( Tmp );
Tmp = "Message : " + PSsmbRequest.Message;
mNode1.Nodes.Add( Tmp );
mNode.Nodes.Add( mNode1 );
}
else if( TypeStr == "PACKET_SMB_TRANSACTION_REQUEST" )
{
PSmbTransactionRequest = ( PACKET_SMB_TRANSACTION_REQUEST ) PSmb.NextPacket;
mNode1 = new TreeNode();
mNode1.Text = "SMB TRANSACTION PROTOCOL";
Tmp = "Word Count ( WCT ) : " + Function.ReFormatString( PSmbTransactionRequest.WordCount , null );
mNode1.Nodes.Add( Tmp );
Tmp = "Total Parameter Count : " + Function.ReFormatString( PSmbTransactionRequest.TotalParamaterCount , null );
mNode1.Nodes.Add( Tmp );
Tmp = "Total Data Count : " + Function.ReFormatString( PSmbTransactionRequest.TotalDataCount , null );
mNode1.Nodes.Add( Tmp );
Tmp = "Max Parameter Count : " + Function.ReFormatString( PSmbTransactionRequest.MaxParameterCount , null );
mNode1.Nodes.Add( Tmp );
Tmp = "Max Data Count : " + Function.ReFormatString( PSmbTransactionRequest.MaxDataCount , null );
mNode1.Nodes.Add( Tmp );
Tmp = "Max Setup Count : " + Function.ReFormatString( PSmbTransactionRequest.MaxSetupCount , null );
mNode1.Nodes.Add( Tmp );
Tmp = "Reserved : " + Function.ReFormatString( PSmbTransactionRequest.Reserved1 , null );
mNode1.Nodes.Add( Tmp );
GetTransactionFlagsString( PSmbTransactionRequest.Flags );
mNode2 = new TreeNode();
mNode2.Text = "Flags : " + Function.ReFormatString( PSmbTransactionRequest.Flags , null );
for( i = 0; i < 2; i ++ )
mNode2.Nodes.Add( FlagsStr[ i ] );
mNode1.Nodes.Add( mNode2 );
Tmp = "Time Out : " + Function.ReFormatString( PSmbTransactionRequest.TimeOut , null );
mNode1.Nodes.Add( Tmp );
Tmp = "Reserved : " + Function.ReFormatString( PSmbTransactionRequest.Reserved2 , null );
mNode1.Nodes.Add( Tmp );
Tmp = "Parameter Count : " + Function.ReFormatString( PSmbTransactionRequest.ParameterCount , null );
mNode1.Nodes.Add( Tmp );
Tmp = "Parameter Offset : " + Function.ReFormatString( PSmbTransactionRequest.ParameterOffset , null );
mNode1.Nodes.Add( Tmp );
Tmp = "Data Count : " + Function.ReFormatString( PSmbTransactionRequest.DataCount , null );
mNode1.Nodes.Add( Tmp );
Tmp = "Data Offset : " + Function.ReFormatString( PSmbTransactionRequest.DataOffset , null );
mNode1.Nodes.Add( Tmp );
Tmp = "Setup Count : " + Function.ReFormatString( PSmbTransactionRequest.SetupCount , null );
mNode1.Nodes.Add( Tmp );
Tmp = "Reserved : " + Function.ReFormatString( PSmbTransactionRequest.Reserved3 , null );
mNode1.Nodes.Add( Tmp );
Tmp = "Byte Count : " + Function.ReFormatString( PSmbTransactionRequest.ByteCount , null );
mNode1.Nodes.Add( Tmp );
Tmp = "Transaction Name : " + PSmbTransactionRequest.TransactionName;
mNode1.Nodes.Add( Tmp );
Tmp = "Padding : " + Function.ReFormatString( PSmbTransactionRequest.Padding , null );
mNode1.Nodes.Add( Tmp );
mNode.Nodes.Add( mNode1 );
}
}
if( PSmb.NextPacketEx != null )
{
TypeStr = Function.GetObjectType( PSmb.NextPacketEx );
if( TypeStr == "PACKET_SMB_MAIL_SLOT" )
{
PSmbMailSlot = ( PacketSMBMAILSLOT.PACKET_SMB_MAIL_SLOT ) PSmb.NextPacketEx;
mNode1 = new TreeNode();
mNode1.Text = "SMB MAIL SLOT PROTOCOL";
Tmp = "Op Code : " + Function.ReFormatString( PSmbMailSlot.OpCode , null );
mNode1.Nodes.Add( Tmp );
Tmp = "Priority : " + Function.ReFormatString( PSmbMailSlot.Priority , null );
mNode1.Nodes.Add( Tmp );
Tmp = "Class : " + Function.ReFormatString( PSmbMailSlot.Class , PSmbMailSlot.ClassStr );
mNode1.Nodes.Add( Tmp );
Tmp = "Size : " + Function.ReFormatString( PSmbMailSlot.Size , null );
mNode1.Nodes.Add( Tmp );
Tmp = "Mail Slot Name : " + PSmbMailSlot.MailSlotName;
mNode1.Nodes.Add( Tmp );
mNode.Nodes.Add( mNode1 );
}
}
return mNode;
}
public PACKET_SMB GetSMBPart( byte [] PacketData , ref int Index )
{
byte b = 0;
ushort u = 0;
int i = 0;
int ThisIndex = 0;
uint ui = 0;
InitStruct();
if( ( Index + 31 ) >= PacketData.Length ) return PSmb;
try
{
PSmbHeader.ServerComponent = ""; Index++;
PSmbHeader.ServerComponent += (char) PacketData[ Index++ ];
PSmbHeader.ServerComponent += (char) PacketData[ Index++ ];
PSmbHeader.ServerComponent += (char) PacketData[ Index++ ];
b = PacketData[ Index++ ];
PSmbHeader.Command = b;
PSmbHeader.CommandStr = GetCommandString( b );
b = PacketData[ Index++ ];
PSmbHeader.ErrorClass = b;
b = PacketData[ Index++ ];
PSmbHeader.Reserved1 = b;
u = Function.Get2Bytes( PacketData , ref Index , NORMAL );
PSmbHeader.ErrorCode = u;
b = PacketData[ Index++ ];
PSmbHeader.Flags = b;
PSmbHeader.FlagsStr = GetFlagsString ( b );
u = Function.Get2Bytes( PacketData , ref Index , NORMAL );
PSmbHeader.Flags2 = u;
PSmbHeader.Flags2Str = GetFlags2String ( u );
PSmbHeader.Reserved2 = new byte[12];
for( i = 0; i < 12; i ++ )
PSmbHeader.Reserved2[i] = PacketData[ Index++ ];
u = Function.Get2Bytes( PacketData , ref Index , NORMAL );
PSmbHeader.TreeId = u;
u = Function.Get2Bytes( PacketData , ref Index , NORMAL );
PSmbHeader.ProcessId = u;
u = Function.Get2Bytes( PacketData , ref Index , NORMAL );
PSmbHeader.UserId = u;
u = Function.Get2Bytes( PacketData , ref Index , NORMAL );
PSmbHeader.MultiplexId = u;
PSsmbRequest.ByteCount = 0;
PSsmbRequest.WordCount = 0;
PSsmbRequest.DestinationBufferFormat = 0;
PSsmbRequest.DestinationName = "";
PSsmbRequest.Message = "";
PSsmbRequest.MessageBufferFormat = 0;
PSsmbRequest.MessageLen = 0;
PSsmbRequest.OriginatorBufferFormat = 0;
PSsmbRequest.OriginatorName = "";
PSmb.NextPacket = null;
if( PSmbHeader.Command == SMB_COMMAND_SEND_SINGLE_BLOCK_MESSAGE )
{
PSsmbRequest.WordCount = PacketData[ Index++ ];
PSsmbRequest.ByteCount = Function.Get2Bytes( PacketData , ref Index , VALUE );
if( PSsmbRequest.ByteCount > 0 )
{
PSsmbRequest.OriginatorBufferFormat = PacketData[ Index++ ];
i = 0;
PSsmbRequest.OriginatorName = "";
while( PacketData[ Index ] != 0 )
PSsmbRequest.OriginatorName += (char) PacketData[ Index ++ ];
Index++;
PSsmbRequest.DestinationBufferFormat = PacketData[ Index++ ];
PSsmbRequest.DestinationName = "";
while( PacketData[ Index ] != 0 )
PSsmbRequest.DestinationName += (char) PacketData[ Index++ ];
Index++;
PSsmbRequest.MessageBufferFormat = PacketData[ Index++ ];
PSsmbRequest.MessageLen = Function.Get2Bytes( PacketData , ref Index , VALUE );
PSsmbRequest.Message = "";
for( i = 0; i < PSsmbRequest.MessageLen; i ++ )
PSsmbRequest.Message += (char) PacketData[ Index++ ];
PSmb.NextPacket = PSsmbRequest;
}
}
else if( PSmbHeader.Command == SMB_COMMAND_TRANSACTION_REQUEST )
{
b = PacketData[ Index ++ ];
PSmbTransactionRequest.WordCount = b;
u = Function.Get2Bytes( PacketData , ref Index , VALUE );
PSmbTransactionRequest.TotalParamaterCount = u;
u = Function.Get2Bytes( PacketData , ref Index , VALUE );
PSmbTransactionRequest.TotalDataCount = u;
u = Function.Get2Bytes( PacketData , ref Index , VALUE );
PSmbTransactionRequest.MaxParameterCount = u;
u = Function.Get2Bytes( PacketData , ref Index , VALUE );
PSmbTransactionRequest.MaxDataCount = u;
b = PacketData[ Index ++ ];
PSmbTransactionRequest.MaxSetupCount = b;
b = PacketData[ Index ++ ];
PSmbTransactionRequest.Reserved1 = b;
u = Function.Get2Bytes( PacketData , ref Index , VALUE );
PSmbTransactionRequest.Flags = u;
ui = Function.Get4Bytes( PacketData , ref Index , VALUE );
PSmbTransactionRequest.TimeOut = ui;
u = Function.Get2Bytes( PacketData , ref Index , VALUE );
PSmbTransactionRequest.Reserved2 = u;
u = Function.Get2Bytes( PacketData , ref Index , VALUE );
PSmbTransactionRequest.ParameterCount = u;
u = Function.Get2Bytes( PacketData , ref Index , VALUE );
PSmbTransactionRequest.ParameterOffset = u;
u = Function.Get2Bytes( PacketData , ref Index , VALUE );
PSmbTransactionRequest.DataCount = u;
u = Function.Get2Bytes( PacketData , ref Index , VALUE );
PSmbTransactionRequest.DataOffset = u;
b = PacketData[ Index ++ ];
PSmbTransactionRequest.SetupCount = b;
b = PacketData[ Index ++ ];
PSmbTransactionRequest.Reserved3 = b; //// ?????
ThisIndex = Index;
PSmb.NextPacketEx = clsSMBMAILSLOT.GetSMBMAILSLOTPart( PacketData , ref ThisIndex );
Index += 6;
u = Function.Get2Bytes( PacketData , ref Index , VALUE );
PSmbTransactionRequest.ByteCount = u;
PSmbTransactionRequest.TransactionName = "";
while( PacketData[ Index ] != 0 )
PSmbTransactionRequest.TransactionName += (char) PacketData[ Index ++ ];
Index ++;
b = PacketData[ Index ++ ];
PSmbTransactionRequest.Padding = b;
PSmb.NextPacket = PSmbTransactionRequest;
}
PSmb.SmbHeader = PSmbHeader;
}
catch( Exception Ex )
{
MessageBox.Show( Function.ReturnErrorMessage( Ex ) );
}
return PSmb;
}
public bool Parser( ref TreeNodeCollection mNode,
byte [] PacketData ,
ref int Index ,
ref ListViewItem LItem )
{
TreeNode mNodex;
string Tmp = "";
//int k = 0;
mNodex = new TreeNode();
mNodex.Text = "SMB ( Server Message Block Protocol )";
//Function.SetPosition( ref mNodex , Index - 2 , 2 , false );
/*if( ( Index + Const.LENGTH_OF_ARP ) >= PacketData.Length )
{
mNode.Add( mNodex );
Tmp = "[ Malformed ARP packet. Remaining bytes don't fit an ARP packet. Possibly due to bad decoding ]";
mNode.Add( Tmp );
LItem.SubItems[ Const.LIST_VIEW_INFO_INDEX ].Text = Tmp;
return false;
}*/
try
{
//Function.SetPosition( ref mNodex , Index - 2 , 2 , false );
LItem.SubItems[ Const.LIST_VIEW_PROTOCOL_INDEX ].Text = "SMB";
LItem.SubItems[ Const.LIST_VIEW_INFO_INDEX ].Text = "SMB protocol";
mNode.Add( mNodex );
}
catch( Exception Ex )
{
mNode.Add( mNodex );
Tmp = "[ Malformed SMB packet. Remaining bytes don't fit an SMB packet. Possibly due to bad decoding ]";
mNode.Add( Tmp );
Tmp = "[ Exception raised is <" + Ex.GetType().ToString() + "> at packet index <" + Index.ToString() + "> ]";
mNode.Add( Tmp );
LItem.SubItems[ Const.LIST_VIEW_INFO_INDEX ].Text = "[ Malformed SMB packet. Remaining bytes don't fit an SMB packet. Possibly due to bad decoding ]";
return false;
}
return true;
}
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -