2.2.4.58.1 Request

  • Article 

 SMB_Parameters
   {
   UCHAR  WordCount;
   Words
     {
     USHORT MaxCount;
     SMB_FILE_ATTRIBUTES SearchAttributes;
     }
   }
 SMB_Data
   {
   USHORT ByteCount;
   Bytes
     {
     UCHAR          BufferFormat1;
     SMB_STRING     FileName;
     UCHAR          BufferFormat2;
     USHORT         ResumeKeyLength;
     SMB_Resume_Key ResumeKey[ResumeKeyLength];
     }
   }

SMB_Header

TID (2 bytes): A valid TID MUST be provided. The TID MUST refer to a file system subtree.

UID (2 bytes): A valid UID MUST be provided and MUST have, at a minimum, read permission on all directories in the FileName path.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

SMB_Parameters

...

SMB_Data (variable)

...

SMB_Parameters (5 bytes):


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

WordCount

Words

...

WordCount (1 byte): This field MUST be 0x02.

Words (4 bytes):


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

MaxCount

SearchAttributes

MaxCount (2 bytes): The maximum number of directory entries to return. This value represents the maximum number of entries across the entirety of the search, not just the initial response.

SearchAttributes (2 bytes): An attribute mask used to specify the standard attributes a file MUST have in order to match the search. If the value of this field is 0x0000, then only normal files are returned. If the Volume Label attribute is set, the server MUST return only the volume label (the Volume Label attribute is exclusive). If the Directory, System, or Hidden attributes are specified, then those entries are returned in addition to the normal files. Exclusive search attributes (see section 2.2.1.2.4) can also be set.

SMB_Data (variable):


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

ByteCount

Bytes (variable)

...

ByteCount (2 bytes): This field MUST be 0x0005 or greater.

Bytes (variable):


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

BufferFormat1

FileName (variable)

...

BufferFormat2

ResumeKeyLength

ResumeKey (variable)

...

BufferFormat1 (1 byte): This field MUST be 0x04, which indicates that a null-terminated SMB_STRING is to follow.

FileName (variable): A null-terminated SMB_STRING. This is the full directory path (relative to the TID) of the file(s) being sought. Only the final component of the path MAY contain wildcards. This string MAY be the empty string.

BufferFormat2 (1 byte): This field MUST be 0x05, which indicates a variable block is to follow.

ResumeKeyLength (2 bytes): This field MUST be either 0x0000 or 21 (0x0015). If the value of this field is 0x0000, this is an initial search request. The server MUST allocate resources to maintain search state so that subsequent requests MAY be processed. If the value of this field is 21 (0x0015), this request MUST be the continuation of a previous search, and the next field MUST contain a ResumeKey previously returned by the server.

ResumeKey (variable): SMB_Resume_Key If the value of ResumeKeyLength is 21 (0x0015), this field MUST contain a ResumeKey returned by the server in response to a previous SMB_COM_SEARCH request. The ResumeKey contains data used by both the client and the server to maintain the state of the search. The structure of the ResumeKey follows:

 SMB_Resume_Key
   {
   UCHAR Reserved;
   UCHAR ServerState[16];
   UCHAR ClientState[4];
   }


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

Reserved

ServerState (16 bytes)

...

...

...

ClientState

...

Reserved (1 byte): This field is reserved and MUST NOT be modified by the client. Older documentation is contradictory as to whether this field is reserved for client side or server side use. New server implementations SHOULD avoid using or modifying the content of this field.<109>

ServerState (16 bytes): This field is maintained by the server and MUST NOT be modified by the client. The contents of this field are server-specific.<110>

ClientState (4 bytes): This field MAY be used by the client to maintain state across a series of SMB_COM_SEARCH calls. The value provided by the client MUST be returned in each ResumeKey provided in the response. The contents of this field are client-specific.