📄 dce2_smb.c
字号:
break; case SMB_COM_TREE_DIS: switch (wct) { case 0: break; default: alert = 1; break; } break; case SMB_COM_OPEN: switch (wct) { case 2: break; default: alert = 1; break; } break; case SMB_COM_OPEN_ANDX: switch (wct) { case 15: break; default: alert = 1; break; } break; case SMB_COM_NT_CREATE_ANDX: switch (wct) { case 24: break; default: alert = 1; break; } break; case SMB_COM_CLOSE: switch (wct) { case 3: break; default: alert = 1; break; } break; case SMB_COM_WRITE: switch (wct) { case 5: break; default: alert = 1; break; } break; case SMB_COM_TRANS: /* This is for a Transaction with Named Pipe function */ switch (wct) { case 16: break; default: alert = 1; break; } break; case SMB_COM_TRANS_SEC: switch (wct) { case 8: break; default: alert = 1; break; } break; case SMB_COM_WRITE_AND_CLOSE: switch (wct) { case 6: case 12: break; default: alert = 1; break; } break; case SMB_COM_WRITE_BLOCK_RAW: switch (wct) { case 12: case 14: break; default: alert = 1; break; } break; case SMB_COM_WRITE_ANDX: switch (wct) { case 12: case 14: break; default: alert = 1; break; } break; case SMB_COM_READ: switch (wct) { case 5: break; default: alert = 1; break; } break; case SMB_COM_READ_BLOCK_RAW: switch (wct) { case 8: case 10: break; default: alert = 1; break; } break; case SMB_COM_READ_ANDX: switch (wct) { case 10: case 12: break; default: alert = 1; break; } break; case SMB_COM_RENAME: switch (wct) { case 1: break; default: alert = 1; break; } break; default: DCE2_Log("%s(%d) => Word count check for unused command: 0x%02x\n", __FILE__, __LINE__, com); break; } } else /* it's a response */ { switch (com) { case SMB_COM_NEGPROT: switch (wct) { case 1: case 13: case 17: break; default: alert = 1; break; } break; case SMB_COM_SESS_SETUP_ANDX: switch (wct) { case 3: case 4: break; default: alert = 1; break; } break; case SMB_COM_LOGOFF_ANDX: switch (wct) { case 3: /* Windows responds to a LogoffAndX => SessionSetupAndX with just a * LogoffAndX and with the word count field containing 3, but is only * a word count of 2 */ wct = 2; case 2: break; default: alert = 1; break; } break; case SMB_COM_TREE_CON: switch (wct) { case 2: break; default: alert = 1; break; } break; case SMB_COM_TREE_CON_ANDX: switch (wct) { case 2: case 3: case 7: break; default: alert = 1; break; } break; case SMB_COM_TREE_DIS: switch (wct) { case 0: break; default: alert = 1; break; } break; case SMB_COM_OPEN: switch (wct) { case 7: break; default: alert = 1; break; } break; case SMB_COM_OPEN_ANDX: switch (wct) { case 15: break; default: alert = 1; break; } break; case SMB_COM_NT_CREATE_ANDX: switch (wct) { case 42: /* Specification says word count is 34, but servers (Windows and * Samba) respond with word count of 42. Wireshark decodes as word * count 34, but there is extra data at end of packet. The byte * count however is located as if it was a 34 word count */ wct = 34; case 34: break; default: alert = 1; break; } break; case SMB_COM_CLOSE: switch (wct) { case 0: break; default: alert = 1; break; } break; case SMB_COM_WRITE: switch (wct) { case 1: break; default: alert = 1; break; } break; case SMB_COM_TRANS: switch (wct) { case 0: /* Interim Transact response - no data */ case 10: break; default: alert = 1; break; } break; case SMB_COM_WRITE_AND_CLOSE: switch (wct) { case 1: break; default: alert = 1; break; } break; case SMB_COM_WRITE_BLOCK_RAW: switch (wct) { case 1: break; default: alert = 1; break; } break; case SMB_COM_WRITE_COMPLETE: switch (wct) { case 1: break; default: alert = 1; break; } break; case SMB_COM_WRITE_ANDX: switch (wct) { case 6: break; default: alert = 1; break; } break; case SMB_COM_READ: switch (wct) { case 5: break; default: alert = 1; break; } break; case SMB_COM_READ_ANDX:⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -