2.2.2.5 Data Buffer Format Codes
Data buffer format codes are used to identify the type and format of the fields that immediately follow them in the data block of SMB messages. See section 2.2.3.3 for a description of the data block.
In Core Protocol commands, every field in the data block (following the ByteCount field) is preceded by a one-byte buffer format field. Commands introduced in dialects subsequent to the Core Protocol typically do not include buffer format fields unless they are intended as an extension to an existing command. For example, SMB_COM_FIND (section 2.2.4.59) was introduced in the LAN Manager 1.0 dialect in order to improve the semantics of the SMB_COM_SEARCH (section 2.2.4.58) Core Protocol command. Both commands share the same request and response message structures, including the buffer format fields.
Data block fields that are preceded by buffer format codes take one of two basic forms:
A null-terminated string or
A structure consisting of a two-byte length field followed by an array of bytes:
struct { USHORT Length; UCHAR Data[Length]; }
Buffer format code
Name
Format of the field that follows
0x01
Data Buffer
A two-byte USHORT value indicating the length of the data buffer. The data buffer follows immediately after the length field.
0x02
Dialect String
A null-terminated OEM_STRING.
This format code is used only in the SMB_COM_NEGOTIATE (section 2.2.4.52) command to identify SMB dialect strings.
0x03
Pathname
A null-terminated string representing a file system path.
In the NT LAN Manager dialect, the string is of type SMB_STRING unless otherwise specified.
0x04
SMB String
A null-terminated string.
In the NT LAN Manager dialect, the string is of type SMB_STRING unless otherwise specified.
0x05
Variable Block
A two-byte USHORT value indicating the length of the variable block. The variable block follows immediately after the length field.