4.6 FSCTL SRV COPYCHUNK
The following example refers to the sequence of operations for a file copy in which the source and the destination are on the same server. The FSCTL_SRV_COPYCHUNK (section 2.2.7.2) is used. The following sequence assumes that the SMB connection to the server, SMB session establishment, and other operations have been completed.
Figure 8: Copy file (from/to same remote server) sequence
The initial step in the preceding sequence is to open the source and the destination file using NT_CREATE_ANDX command. This step is followed by the FSCTL_SRV_REQUEST_RESUME_KEY request. This is sent as an NT_TRANSACT_IOCTL with the file ID of the source file. The server responds with the FSCTL_SRV_REQUEST_RESUME_KEY response (section 2.2.7.2.2.2). A 24-byte server copychunk resume key is returned.
NT_CREATE_ANDX Request (Source)
-
Client -> Server: SMB: C NT Create Andx, Dialect = NTLM 0.12 SMB: Tree ID (Tid) = 2049 (0x801) SMB: Process ID (Pid) = 3592 (0xE08) SMB: User ID (Uid) = 2048 (0x800) SMB: Multiplex ID (Mid) = 384 (0x180) SMB: Command = C NT create & X SMB: Desired Access = 0x00020089 SMB: ...............................1 = Read Data Allowed SMB: ..............................0. = Write Data Denied SMB: .............................0.. = Append Data Denied SMB: ............................1... = Read EA Allowed SMB: ...........................0.... = Write EA Denied SMB: ..........................0..... = File Execute Denied SMB: .........................0...... = File Delete Denied SMB: ........................1....... = File Read Attributes Allowed SMB: .......................0........ = File Write Attributes Denied SMB: NT File Attributes = 0x00000000 SMB: ...............................0 = Not Read Only SMB: ..............................0. = Not Hidden SMB: .............................0.. = Not System SMB: ...........................0.... = Not Directory SMB: ..........................0..... = Not Archive SMB: .........................0...... = Not Device SMB: ........................0....... = Not Normal SMB: .......................0........ = Not Temporary SMB: ......................0......... = Not Sparse File SMB: .....................0.......... = Not Reparse Point SMB: ....................0........... = Not Compressed SMB: ...................0............ = Not Offline SMB: ..................0............. = CONTENT_INDEXED SMB: .................0.............. = Not Encrypted SMB: File Share Access = 0x00000005 SMB: ...............................1 = Read allowed SMB: ..............................0. = Write not allowed SMB: .............................1.. = Delete allowed SMB: Create Disposition = Open: If exist, Open, else fail SMB: Create Options = 2097220 (0x200044) SMB: ...............................0 = non-directory SMB: ..............................0. = non-write through SMB: .............................1.. = Data is written to the file sequentially SMB: ............................0... = intermediate buffering allowed SMB: ...........................0.... = IO alerts bits not set SMB: ..........................0..... = IO non-alerts bit not set SMB: .........................1...... = Operation is on a non-directory file SMB: ........................0....... = tree connect bit not set SMB: .......................0........ = complete if oplocked bit is not set SMB: ......................0......... = no EA knowledge bit is not set SMB: .....................0.......... = 8.3 filenames bit is not set SMB: ....................0........... = random access bit is not set SMB: ...................0............ = delete on close bit is not set SMB: ..................0............. = open by filename SMB: .................0.............. = open for backup bit not set SMB: File name = sourcefile.txt
NT_CREATE_ANDX Response
-
Server -> Client: SMB: R NT Create Andx, Dialect = NTLM 0.12 SMB: Tree ID (Tid) = 2049 (0x801) SMB: Process ID (Pid) = 3592 (0xE08) SMB: User ID (Uid) = 2048 (0x800) SMB: Multiplex ID (Mid) = 384 (0x180) SMB: Command = R NT create & X SMB: Oplock Level = II SMB: File ID (Fid) = 16386 (0x4002) SMB: NT File Attributes = 0x00000020 SMB: ...............................0 = Not Read Only SMB: ..............................0. = Not Hidden SMB: .............................0.. = Not System SMB: ...........................0.... = Not Directory SMB: ..........................1..... = Archive SMB: .........................0...... = Not Device SMB: ........................0....... = Not Normal SMB: .......................0........ = Not Temporary SMB: ......................0......... = Not Sparse File SMB: .....................0.......... = Not Reparse Point SMB: ....................0........... = Not Compressed SMB: ...................0............ = Not Offline SMB: ..................0............. = CONTENT_INDEXED SMB: .................0.............. = Not Encrypted SMB: File type = Disk file or directory
NT_CREATE_ANDX Request (Destination)
-
Client -> Server: SMB: C NT Create Andx, Dialect = NTLM 0.12 SMB: Tree ID (Tid) = 2049 (0x801) SMB: Process ID (Pid) = 3592 (0xE08) SMB: User ID (Uid) = 2048 (0x800) SMB: Multiplex ID (Mid) = 480 (0x1E0) SMB: Command = C NT create & X SMB: Desired Access = 0x00030197 SMB: ...............................1 = Read Data Allowed SMB: ..............................1. = Write Data Allowed SMB: .............................1.. = Append Data Allowed SMB: ............................0... = Read EA Denied SMB: ...........................1.... = Write EA Allowed SMB: ..........................0..... = File Execute Denied SMB: .........................0...... = File Delete Denied SMB: ........................1....... = File Read Attributes Allowed SMB: .......................1........ = File Write Attributes Allowed SMB: NT File Attributes = 0x00000020 SMB: ...............................0 = Not Read Only SMB: ..............................0. = Not Hidden SMB: .............................0.. = Not System SMB: ...........................0.... = Not Directory SMB: ..........................1..... = Archive SMB: .........................0...... = Not Device SMB: ........................0....... = Not Normal SMB: .......................0........ = Not Temporary SMB: ......................0......... = Not Sparse File SMB: .....................0.......... = Not Reparse Point SMB: ....................0........... = Not Compressed SMB: ...................0............ = Not Offline SMB: ..................0............. = CONTENT_INDEXED SMB: .................0.............. = Not Encrypted SMB: File Share Access = 0x00000000 SMB: ...............................0 = Read not allowed SMB: ..............................0. = Write not allowed SMB: .............................0.. = Delete not allowed SMB: Create Disposition = Overwrite_If: If exist, open and overwrite, else create it SMB: Create Options = 68 (0x44) SMB: ...............................0 = non-directory SMB: ..............................0. = non-write through SMB: .............................1.. = Data is written to the file sequentially SMB: ............................0... = intermediate buffering allowed SMB: ...........................0.... = IO alerts bits not set SMB: ..........................0..... = IO non-alerts bit not set SMB: .........................1...... = Operation is on a non-directory file SMB: ........................0....... = tree connect bit not set SMB: .......................0........ = complete if oplocked bit is not set SMB: ......................0......... = no EA knowledge bit is not set SMB: .....................0.......... = 8.3 filenames bit is not set SMB: ....................0........... = random access bit is not set SMB: ...................0............ = delete on close bit is not set SMB: ..................0............. = open by filename SMB: .................0.............. = open for backup bit not set SMB: File name = destinationfile.txt
NT_CREATE_ANDX Response
-
Server -> Client: SMB: R NT Create Andx, Dialect = NTLM 0.12 SMB: Tree ID (Tid) = 2049 (0x801) SMB: Process ID (Pid) = 3592 (0xE08) SMB: User ID (Uid) = 2048 (0x800) SMB: Multiplex ID (Mid) = 480 (0x1E0) SMB: Command = R NT create & X SMB: Oplock Level = Batch SMB: File ID (Fid) = 16387 (0x4003) SMB: NT File Attributes = 0x00000020 SMB: ...............................0 = Not Read Only SMB: ..............................0. = Not Hidden SMB: .............................0.. = Not System SMB: ...........................0.... = Not Directory SMB: ..........................1..... = Archive SMB: .........................0...... = Not Device SMB: ........................0....... = Not Normal SMB: .......................0........ = Not Temporary SMB: ......................0......... = Not Sparse File SMB: .....................0.......... = Not Reparse Point SMB: ....................0........... = Not Compressed SMB: ...................0............ = Not Offline SMB: ..................0............. = CONTENT_INDEXED SMB: .................0.............. = Not Encrypted SMB: File type = Disk file or directory
FSCTL_SRV_REQUEST_RESUME_KEY Request
-
Client -> Server: SMB: C NT Transact, Dialect = NTLM 0.12 NT IOCTL Function Code 0x00140078 FSCTL_SRV_REQUEST_RESUME_KEY File ID (Fid) = 16386 (0x4002)
FSCTL_SRV_REQUEST_RESUME_KEY Response
-
Server -> Client: SMB: R NT Transact, Dialect = NTLM 0.12 NT IOCTL Function Code 0x00140078 FSCTL_SRV_REQUEST_RESUME_KEY File ID (Fid) = 16386 (0x4002) Key = 2D 0B 00 00 01 00 00 00 59 84 0C 62 1B 84 C6 01 08 0E 00 00 00 00 00 00 ContextLength = 0
This is followed by an FSCTL_SRV_COPYCHUNK request. The request uses the resume key generated earlier.
FSCTL_SRV_COPYCHUNK Request
-
Client -> Server: SMB: C NT Transact, Dialect = NTLM 0.12 NT IOCTL Function Code 0x001440F2 FSCTL_SRV_COPYCHUNK File ID (Fid) = 16387 (0x4003) Key = 2D 0B 00 00 01 00 00 00 59 84 0C 62 1B 84 C6 01 08 0E 00 00 00 00 00 00 ChunkCount = 1 (01 00 00 00) Reserved = 0 (00 00 00 00) List: SourceOffset = 0 _(00 00 00 00 00 00 00 00) DestinationOffset = 0 (00 00 00 00 00 00 00 00) Length = 1731 (3C 06 00 00)
FSCTL_SRV_COPYCHUNK Response
-
Server -> Client: SMB: R NT Transact, Dialect = NTLM 0.12 NT IOCTL Function Code 0x001440F2 FSCTL_SRV_COPYCHUNK File ID (Fid) = 16387 (0x4003) ChunksWritten = 1 (01 00 00 00) ChunkBytesWritten = 0 (00 00 00 00) TotalBytesWritten = 1731 (3C 06 00 00)
The final step is to close the source and the destination file with SMB_COM_CLOSE commands.
SMB_COM_CLOSE Request (Source)
-
Client -> Server: SMB: C Close, Dialect = NTLM 0.12 SMB: Tree ID (Tid) = 2049 (0x801) SMB: Process ID (Pid) = 65279 (0xFEFF) SMB: User ID (Uid) = 2048 (0x800) SMB: Multiplex ID (Mid) = 640 (0x280) SMB: Command = C Close SMB: File ID (Fid) = 16386 (0x4002)
SMB_COM_CLOSE Response
-
Server -> Client: SMB: R Close, Dialect = NTLM 0.12 SMB: Tree ID (Tid) = 2049 (0x801) SMB: Process ID (Pid) = 65279 (0xFEFF) SMB: User ID (Uid) = 2048 (0x800) SMB: Multiplex ID (Mid) = 640 (0x280)
SMB_COM_CLOSE Request (Destination)
-
Client -> Server: SMB: C Close, Dialect = NTLM 0.12 SMB: Tree ID (Tid) = 2049 (0x801) SMB: Process ID (Pid) = 65279 (0xFEFF) SMB: User ID (Uid) = 2048 (0x800) SMB: Multiplex ID (Mid) = 656 (0x290) SMB: Command = C Close SMB: File ID (Fid) = 16387 (0x4003)
SMB_COM_CLOSE Response
-
Server -> Client: SMB: R Close, Dialect = NTLM 0.12 SMB: Tree ID (Tid) = 2049 (0x801) SMB: Process ID (Pid) = 65279 (0xFEFF) SMB: User ID (Uid) = 2048 (0x800) SMB: Multiplex ID (Mid) = 656 (0x290)