Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The following example refers to the sequence of operations for a file copy in which the source and the destination are on the same server. The FSCTL_SRV_COPYCHUNK (section 2.2.7.2) is used. The following sequence assumes that the SMB connection to the server, SMB session establishment, and other operations have been completed.
Figure 8: Copy file (from/to same remote server) sequence
The initial step in the preceding sequence is to open the source and the destination file using NT_CREATE_ANDX command. This step is followed by the FSCTL_SRV_REQUEST_RESUME_KEY request. This is sent as an NT_TRANSACT_IOCTL with the file ID of the source file. The server responds with the FSCTL_SRV_REQUEST_RESUME_KEY response (section 2.2.7.2.2.2). A 24-byte server copychunk resume key is returned.
NT_CREATE_ANDX Request (Source)
-
Client -> Server: SMB: C NT Create Andx, Dialect = NTLM 0.12 SMB: Tree ID (Tid) = 2049 (0x801) SMB: Process ID (Pid) = 3592 (0xE08) SMB: User ID (Uid) = 2048 (0x800) SMB: Multiplex ID (Mid) = 384 (0x180) SMB: Command = C NT create & X SMB: Desired Access = 0x00020089 SMB: ...............................1 = Read Data Allowed SMB: ..............................0. = Write Data Denied SMB: .............................0.. = Append Data Denied SMB: ............................1... = Read EA Allowed SMB: ...........................0.... = Write EA Denied SMB: ..........................0..... = File Execute Denied SMB: .........................0...... = File Delete Denied SMB: ........................1....... = File Read Attributes Allowed SMB: .......................0........ = File Write Attributes Denied SMB: NT File Attributes = 0x00000000 SMB: ...............................0 = Not Read Only SMB: ..............................0. = Not Hidden SMB: .............................0.. = Not System SMB: ...........................0.... = Not Directory SMB: ..........................0..... = Not Archive SMB: .........................0...... = Not Device SMB: ........................0....... = Not Normal SMB: .......................0........ = Not Temporary SMB: ......................0......... = Not Sparse File SMB: .....................0.......... = Not Reparse Point SMB: ....................0........... = Not Compressed SMB: ...................0............ = Not Offline SMB: ..................0............. = CONTENT_INDEXED SMB: .................0.............. = Not Encrypted SMB: File Share Access = 0x00000005 SMB: ...............................1 = Read allowed SMB: ..............................0. = Write not allowed SMB: .............................1.. = Delete allowed SMB: Create Disposition = Open: If exist, Open, else fail SMB: Create Options = 2097220 (0x200044) SMB: ...............................0 = non-directory SMB: ..............................0. = non-write through SMB: .............................1.. = Data is written to the file sequentially SMB: ............................0... = intermediate buffering allowed SMB: ...........................0.... = IO alerts bits not set SMB: ..........................0..... = IO non-alerts bit not set SMB: .........................1...... = Operation is on a non-directory file SMB: ........................0....... = tree connect bit not set SMB: .......................0........ = complete if oplocked bit is not set SMB: ......................0......... = no EA knowledge bit is not set SMB: .....................0.......... = 8.3 filenames bit is not set SMB: ....................0........... = random access bit is not set SMB: ...................0............ = delete on close bit is not set SMB: ..................0............. = open by filename SMB: .................0.............. = open for backup bit not set SMB: File name = sourcefile.txt
NT_CREATE_ANDX Response
-
Server -> Client: SMB: R NT Create Andx, Dialect = NTLM 0.12 SMB: Tree ID (Tid) = 2049 (0x801) SMB: Process ID (Pid) = 3592 (0xE08) SMB: User ID (Uid) = 2048 (0x800) SMB: Multiplex ID (Mid) = 384 (0x180) SMB: Command = R NT create & X SMB: Oplock Level = II SMB: File ID (Fid) = 16386 (0x4002) SMB: NT File Attributes = 0x00000020 SMB: ...............................0 = Not Read Only SMB: ..............................0. = Not Hidden SMB: .............................0.. = Not System SMB: ...........................0.... = Not Directory SMB: ..........................1..... = Archive SMB: .........................0...... = Not Device SMB: ........................0....... = Not Normal SMB: .......................0........ = Not Temporary SMB: ......................0......... = Not Sparse File SMB: .....................0.......... = Not Reparse Point SMB: ....................0........... = Not Compressed SMB: ...................0............ = Not Offline SMB: ..................0............. = CONTENT_INDEXED SMB: .................0.............. = Not Encrypted SMB: File type = Disk file or directory
NT_CREATE_ANDX Request (Destination)
-
Client -> Server: SMB: C NT Create Andx, Dialect = NTLM 0.12 SMB: Tree ID (Tid) = 2049 (0x801) SMB: Process ID (Pid) = 3592 (0xE08) SMB: User ID (Uid) = 2048 (0x800) SMB: Multiplex ID (Mid) = 480 (0x1E0) SMB: Command = C NT create & X SMB: Desired Access = 0x00030197 SMB: ...............................1 = Read Data Allowed SMB: ..............................1. = Write Data Allowed SMB: .............................1.. = Append Data Allowed SMB: ............................0... = Read EA Denied SMB: ...........................1.... = Write EA Allowed SMB: ..........................0..... = File Execute Denied SMB: .........................0...... = File Delete Denied SMB: ........................1....... = File Read Attributes Allowed SMB: .......................1........ = File Write Attributes Allowed SMB: NT File Attributes = 0x00000020 SMB: ...............................0 = Not Read Only SMB: ..............................0. = Not Hidden SMB: .............................0.. = Not System SMB: ...........................0.... = Not Directory SMB: ..........................1..... = Archive SMB: .........................0...... = Not Device SMB: ........................0....... = Not Normal SMB: .......................0........ = Not Temporary SMB: ......................0......... = Not Sparse File SMB: .....................0.......... = Not Reparse Point SMB: ....................0........... = Not Compressed SMB: ...................0............ = Not Offline SMB: ..................0............. = CONTENT_INDEXED SMB: .................0.............. = Not Encrypted SMB: File Share Access = 0x00000000 SMB: ...............................0 = Read not allowed SMB: ..............................0. = Write not allowed SMB: .............................0.. = Delete not allowed SMB: Create Disposition = Overwrite_If: If exist, open and overwrite, else create it SMB: Create Options = 68 (0x44) SMB: ...............................0 = non-directory SMB: ..............................0. = non-write through SMB: .............................1.. = Data is written to the file sequentially SMB: ............................0... = intermediate buffering allowed SMB: ...........................0.... = IO alerts bits not set SMB: ..........................0..... = IO non-alerts bit not set SMB: .........................1...... = Operation is on a non-directory file SMB: ........................0....... = tree connect bit not set SMB: .......................0........ = complete if oplocked bit is not set SMB: ......................0......... = no EA knowledge bit is not set SMB: .....................0.......... = 8.3 filenames bit is not set SMB: ....................0........... = random access bit is not set SMB: ...................0............ = delete on close bit is not set SMB: ..................0............. = open by filename SMB: .................0.............. = open for backup bit not set SMB: File name = destinationfile.txt
NT_CREATE_ANDX Response
-
Server -> Client: SMB: R NT Create Andx, Dialect = NTLM 0.12 SMB: Tree ID (Tid) = 2049 (0x801) SMB: Process ID (Pid) = 3592 (0xE08) SMB: User ID (Uid) = 2048 (0x800) SMB: Multiplex ID (Mid) = 480 (0x1E0) SMB: Command = R NT create & X SMB: Oplock Level = Batch SMB: File ID (Fid) = 16387 (0x4003) SMB: NT File Attributes = 0x00000020 SMB: ...............................0 = Not Read Only SMB: ..............................0. = Not Hidden SMB: .............................0.. = Not System SMB: ...........................0.... = Not Directory SMB: ..........................1..... = Archive SMB: .........................0...... = Not Device SMB: ........................0....... = Not Normal SMB: .......................0........ = Not Temporary SMB: ......................0......... = Not Sparse File SMB: .....................0.......... = Not Reparse Point SMB: ....................0........... = Not Compressed SMB: ...................0............ = Not Offline SMB: ..................0............. = CONTENT_INDEXED SMB: .................0.............. = Not Encrypted SMB: File type = Disk file or directory
FSCTL_SRV_REQUEST_RESUME_KEY Request
-
Client -> Server: SMB: C NT Transact, Dialect = NTLM 0.12 NT IOCTL Function Code 0x00140078 FSCTL_SRV_REQUEST_RESUME_KEY File ID (Fid) = 16386 (0x4002)
FSCTL_SRV_REQUEST_RESUME_KEY Response
-
Server -> Client: SMB: R NT Transact, Dialect = NTLM 0.12 NT IOCTL Function Code 0x00140078 FSCTL_SRV_REQUEST_RESUME_KEY File ID (Fid) = 16386 (0x4002) Key = 2D 0B 00 00 01 00 00 00 59 84 0C 62 1B 84 C6 01 08 0E 00 00 00 00 00 00 ContextLength = 0
This is followed by an FSCTL_SRV_COPYCHUNK request. The request uses the resume key generated earlier.
FSCTL_SRV_COPYCHUNK Request
-
Client -> Server: SMB: C NT Transact, Dialect = NTLM 0.12 NT IOCTL Function Code 0x001440F2 FSCTL_SRV_COPYCHUNK File ID (Fid) = 16387 (0x4003) Key = 2D 0B 00 00 01 00 00 00 59 84 0C 62 1B 84 C6 01 08 0E 00 00 00 00 00 00 ChunkCount = 1 (01 00 00 00) Reserved = 0 (00 00 00 00) List: SourceOffset = 0 _(00 00 00 00 00 00 00 00) DestinationOffset = 0 (00 00 00 00 00 00 00 00) Length = 1731 (3C 06 00 00)
FSCTL_SRV_COPYCHUNK Response
-
Server -> Client: SMB: R NT Transact, Dialect = NTLM 0.12 NT IOCTL Function Code 0x001440F2 FSCTL_SRV_COPYCHUNK File ID (Fid) = 16387 (0x4003) ChunksWritten = 1 (01 00 00 00) ChunkBytesWritten = 0 (00 00 00 00) TotalBytesWritten = 1731 (3C 06 00 00)
The final step is to close the source and the destination file with SMB_COM_CLOSE commands.
SMB_COM_CLOSE Request (Source)
-
Client -> Server: SMB: C Close, Dialect = NTLM 0.12 SMB: Tree ID (Tid) = 2049 (0x801) SMB: Process ID (Pid) = 65279 (0xFEFF) SMB: User ID (Uid) = 2048 (0x800) SMB: Multiplex ID (Mid) = 640 (0x280) SMB: Command = C Close SMB: File ID (Fid) = 16386 (0x4002)
SMB_COM_CLOSE Response
-
Server -> Client: SMB: R Close, Dialect = NTLM 0.12 SMB: Tree ID (Tid) = 2049 (0x801) SMB: Process ID (Pid) = 65279 (0xFEFF) SMB: User ID (Uid) = 2048 (0x800) SMB: Multiplex ID (Mid) = 640 (0x280)
SMB_COM_CLOSE Request (Destination)
-
Client -> Server: SMB: C Close, Dialect = NTLM 0.12 SMB: Tree ID (Tid) = 2049 (0x801) SMB: Process ID (Pid) = 65279 (0xFEFF) SMB: User ID (Uid) = 2048 (0x800) SMB: Multiplex ID (Mid) = 656 (0x290) SMB: Command = C Close SMB: File ID (Fid) = 16387 (0x4003)
SMB_COM_CLOSE Response
-
Server -> Client: SMB: R Close, Dialect = NTLM 0.12 SMB: Tree ID (Tid) = 2049 (0x801) SMB: Process ID (Pid) = 65279 (0xFEFF) SMB: User ID (Uid) = 2048 (0x800) SMB: Multiplex ID (Mid) = 656 (0x290)