Sending Any Message

Unless otherwise stated, all SMB messages sent by the client and the server MUST comply with the following rules:

  • SMB messages MUST be composed of three parts:

    • An SMB_Header, as specified in section

    • An SMB_Parameters block, as specified in section

    • An SMB_Data block, as specified in section

  • The SMB_Header MUST be included in full.

  • At minimum, the WordCount field of the SMB Parameters block MUST be included. The remainder of the SMB_Parameters block MUST be two times WordCount bytes in length. If WordCount is 0x00, then zero parameter bytes MUST be included in the SMB_Parameters block.

  • At minimum, the ByteCount field of the SMB_Data block MUST be included. The remainder of the SMB_Data block MUST be ByteCount bytes in length. If ByteCount is 0x0000, then zero data bytes MUST be included in the SMB_Data block. Unless otherwise noted, when a Unicode string is passed in the SMB_Data block, the string MUST be aligned to a 16-bit boundary with respect to the beginning of the SMB Header (section In the case where the string does not naturally fall on a 16-bit boundary, a null padding byte MUST be inserted before the SMB_Data.Bytes field. For Core Protocol messages in which a buffer format byte precedes a Unicode string, the padding byte is found after the BufferFormat byte.

Thus, the minimum size of an SMB message is 35 bytes. Section lists required values for some SMB Header fields. See the individual command descriptions for specific per-message requirements.

If a message is sent and IsSigningActive is TRUE, the message MUST be signed.

This logic MUST be applied for messages sent in response to any of the higher-layer actions and in compliance with the message sequencing rules.

  • The client or server that sends the message MUST provide the 32-bit sequence number for this message, as specified in sections and

  • The SMB_FLAGS2_SMB_SECURITY_SIGNATURE flag in the header MUST be set.

  • To generate the signature, a 32-bit sequence number is copied into the least significant 32 bits of the SecuritySignature field and the remaining 4 bytes are set to 0x00.

  • The MD5 algorithm, as specified in [RFC1321], MUST be used to generate a hash of the SMB message from the start of the SMB Header, which is defined as follows.

     CALL MD5Init( md5context )
     CALL MD5Update( md5context, Connection.SigningSessionKey )
     CALL MD5Update( md5context, Connection.SigningChallengeResponse )
     CALL MD5Update( md5context, SMB message )
     CALL MD5Final( digest, md5context )
     SET signature TO the first 8 bytes of the digest

The resulting 8-byte signature MUST be copied into the SecuritySignature field of the SMB Header, after which the message can be transmitted.