4.4 Executing an Operation on a Named Pipe
The following diagram demonstrates the steps taken to execute transactions over a named pipe using both individual reads and writes, and the transact named pipe operation. Assume that this sequence starts on a connection where the session and tree connect have been established as described in previous sections with SessionId = 0x4000000000D and TreeId 0x1, and messages have been exchanged such that the current MessageId is 9.
Figure 9: Executing an operation on a named pipe
The client sends an SMB2 CREATE Request to open the named pipe "srvsvc".
Smb2: C CREATE srvsvc SMB2Header: Size: 64 (0x40) CreditCharge: 0 (0x0) Status: STATUS_SUCCESS Command: CREATE Credits: 111 (0x6F) Flags: 0 (0x0) ServerToRedir: ...............................0 Client to Server AsyncCommand: ..............................0. Command is not asynchronous Related: .............................0.. Packet is single message Signed: ............................0... Packet is not signed Reserved: 0 (0x0) DFS: 0............................... Command is not a DFS Operation NextCommand: 0 (0x0) MessageId: 9 (0x9) Reserved: 0 (0x0) TreeId: 1 (0x1) SessionId: 4398046511117 (0x4000000000D) CCreate: Size: 57 (0x39) SecurityFlags: 0 (0x0) RequestedOplockLevel: 9 (0x9) ImpersonationLevel: 2 (0x2) SmbCreateFlags: 0 (0x0) Reserved: 0(0x0) DesiredAccess: 0x0012019f read: (...............................1) Read Data write: (..............................1.) Write Data append: (.............................1..) Append Data readEA: (............................1...) Read EA writeEA: (...........................1....) Write EA FileExecute: (..........................0.....) No File Execute FileDeleted: (.........................0......) No File Delete FileRead: (........................1.......) File Read Attributes FileWrite: (.......................1........) File Write Attributes FileAttributes: 0x00000000 ReadOnly: (...............................0) Read/Write Hidden: (..............................0.) Not Hidden System: (.............................0..) Not System Reserverd3: 0 (0x0) Directory: (...........................0....) File Archive: (..........................0.....) Not Archive Device: (.........................0......) Not Device Normal: (........................0.......) Not Normal Temporary: (.......................0........) Permanent Sparse: (......................0.........) Not Sparse Reparse: (.....................0..........) Not Reparse Point Compressed: (....................0...........) Uncompressed Offline: (...................0............) Content indexed NotIndexed: (..................0.............) Permanent Encrypted: (.................0..............) Unencrypted ShareAccess: Shared for Read/Write CreateDisposition: Open CreateOptions: 0x00400040 dir: (...............................0) non-directory write: (..............................0.) non-write through sq: (.............................0..) non-sequentially writing allowed buffer: (............................0...) intermediate buffering allowed alert: (...........................0....) IO alerts bits not set nonalert: (..........................0.....) IO non-alerts bit not set nondir: (.........................1......) Operation is on non-directory file connect: (........................0.......) tree connect bit not set oplock: (.......................0........) complete if oplocked bit not set EA: (......................0.........) no EA knowledge bit is not set filename: (.....................0..........) 8.3 filenames bit is not set random: (....................0...........) random access bit is not set delete: (...................0............) delete on close bit is not set open: (..................0.............) open by filename backup: (.................0..............) open for backup bit not set NameOffset: 120 (0x78) NameLength: 12 (0xC) CreateContextsOffset: 0 (0x0) CreateContextsLength: 0 (0x0) Name: srvsvc
The server responds with an SMB2 CREATE Response with the FileId for the pipe open.
Smb2: R CREATE FID= SMB2Header: Size: 64 (0x40) CreditCharge: 0 (0x0) Status: STATUS_SUCCESS Command: CREATE Credits: 1 (0x1) Flags: 1 (0x1) ServerToRedir: ...............................1 Server to Client AsyncCommand: ..............................0. Command is not asynchronous Related: .............................0.. Packet is single message Signed: ............................0... Packet is not signed Reserved: 0 (0x0) DFS: 0............................... Command is not a DFS Operation NextCommand: 0 (0x0) MessageId: 9 (0x9) Reserved: 0 (0x0) TreeId: 1 (0x1) SessionId: 4398046511117 (0x4000000000D) RCreate: Size: 89 (0x59) OplockLevel: 0 (0x0) Reserved1: 9 (0x9) CreateAction: 1 (0x1) CreationTime: 0 (0x0) LastAccessTime: 0 (0x0) LastWriteTime: 0 (0x0) ChangeTime: 0 (0x0) AllocationSize: 4096 (0x1000) EndOfFile: 0 (0x0) FileAttributes: 0x00000080 ReadOnly: (...............................0) Read/Write Hidden: (..............................0.) Not Hidden System: (.............................0..) Not System Reserverd3: 0 (0x0) Directory: (...........................0....) File Archive: (..........................0.....) Not Archive Device: (.........................0......) Not Device Normal: (........................1.......) Normal Temporary: (.......................0........) Permanent Sparse: (......................0.........) Not Sparse Reparse: (.....................0..........) Not Reparse Point Compressed: (....................0...........) Uncompressed Offline: (...................0............) Content indexed NotIndexed: (..................0.............) Permanent Encrypted: (.................0..............) Unencrypted Reserved2: 7536758 (0x730076) Fid: Persistent: 5 (0x5) Volatile: -4294967291 (0xFFFFFFFF00000005) CreateContextsOffset: 0 (0x0) CreateContextsLength: 0 (0x0)
The client sends an SMB2 WRITE Request to write data into the pipe.
Smb2: C WRITE 0x74 bytes at offset 0 (0x0) SMB2Header: Size: 64 (0x40) CreditCharge: 0 (0x0) Status: STATUS_SUCCESS Command: WRITE Credits: 111 (0x6F) Flags: 0 (0x0) ServerToRedir: ...............................0 Client to Server AsyncCommand: ..............................0. Command is not asynchronous Related: .............................0.. Packet is single message Signed: ............................0... Packet is not signed Reserved: 0 (0x0) DFS: 0............................... Command is not a DFS Operation NextCommand: 0 (0x0) MessageId: 10 (0xA) Reserved: 0 (0x0) TreeId: 1 (0x1) SessionId: 4398046511117 (0x4000000000D) CWrite: Size: 49 (0x31) DataOffset: 112 (0x70) DataLength: 116 (0x74) Offset: 0 (0x0) Fid: Persistent: 5 (0x5) Volatile: -4294967291 (0xFFFFFFFF00000005) Channel: 0 (0x0) RemainingBytes: 0 (0x0) WriteChannelInfoOffset: 0 (0x0) WriteChannelInfoLength: 0 (0x0) Flags: 0 (0x0) Data: (116 bytes)
The server responds with an SMB2 WRITE Response indicating the data was written successfully.
Smb2: R WRITE 0x74 bytes written SMB2Header: Size: 64 (0x40) CreditCharge: 0 (0x0) Status: STATUS_SUCCESS Command: WRITE Credits: 1 (0x1) Flags: 1 (0x1) ServerToRedir: ...............................1 Server to Client AsyncCommand: ..............................0. Command is not asynchronous Related: .............................0.. Packet is single message Signed: ............................0... Packet is not signed Reserved: 0 (0x0) DFS: 0............................... Command is not a DFS Operation NextCommand: 0 (0x0) MessageId: 10 (0xA) Reserved: 0 (0x0) TreeId: 1 (0x1) SessionId: 4398046511117 (0x4000000000D) RWrite: Size: 17 (0x11) Reserved: 0 (0x0) DataLength: 116 (0x74) Remaining: 0 (0x0) WriteChannelInfoOffset: 0 (0x0) WriteChannelInfoLength: 0 (0x0)
The client sends an SMB2 READ Request to read data from the pipe.
Smb2: C READ 0x400 bytes from offset 0 (0x0) SMB2Header: Size: 64 (0x40) CreditCharge: 0 (0x0) Status: STATUS_SUCCESS Command: READ Credits: 111 (0x6F) Flags: 0 (0x0) ServerToRedir: ...............................0 Client to Server AsyncCommand: ..............................0. Command is not asynchronous Related: .............................0.. Packet is single message Signed: ............................0... Packet is not signed Reserved: 0 (0x0) DFS: 0............................... Command is not a DFS Operation NextCommand: 0 (0x0) MessageId: 11 (0xB) Reserved: 0 (0x0) TreeId: 1 (0x1) SessionId: 4398046511117 (0x4000000000D) CRead: Size: 49 (0x31) Padding: 80 (0x50) Reserved: 0 (0x0) DataLength: 1024 (0x400) Offset: 0 (0x0) Fid: Persistent: 5 (0x5) Volatile: -4294967291 (0xFFFFFFFF00000005) MinimumCount: 0 (0x0) Channel: 0 (0x0) RemainingBytes: 0 (0x0) ReadChannelInfoOffset: 0 (0x0) ReadChannelInfoLength: 0 (0x0)
The server responds with an SMB2 READ Response with the data that was read.
Smb2: R READ 0x5c bytes read SMB2Header: Size: 64 (0x40) CreditCharge: 0 (0x0) Status: STATUS_SUCCESS Command: READ Credits: 1 (0x1) Flags: 1 (0x1) ServerToRedir: ...............................1 Server to Client AsyncCommand: ..............................0. Command is not asynchronous Related: .............................0.. Packet is single message Signed: ............................0... Packet is not signed Reserved: 0 (0x0) DFS: 0............................... Command is not a DFS Operation NextCommand: 0 (0x0) MessageId: 11 (0xB) Reserved: 0 (0x0) TreeId: 1 (0x1) SessionId: 4398046511117 (0x4000000000D) RRead: Size: 17 (0x11) DataOffset: 80 (0x50) Reserved: 0 (0x0) DataLength: 92 (0x5C) DataRemaining: 0 (0x0) Reserved2: 0 (0x0) Data: (92 bytes)
The client sends an SMB2 IOCTL Request to perform a pipe transaction, writing data into the buffer and then reading the response in a single operation.
Smb2: C IOCTL SMB2Header: Size: 64 (0x40) CreditCharge: 0 (0x0) Status: STATUS_SUCCESS Command: IOCTL Credits: 111 (0x6F) Flags: 0 (0x0) ServerToRedir: ...............................0 Client to Server AsyncCommand: ..............................0. Command is not asynchronous Related: .............................0.. Packet is single message Signed: ............................0... Packet is not signed Reserved: 0 (0x0) DFS: 0............................... Command is not a DFS Operation NextCommand: 0 (0x0) MessageId: 12 (0xC) Reserved: 0 (0x0) TreeId: 1 (0x1) SessionId: 4398046511117 (0x4000000000D) CIoCtl: Size: 57 (0x39) Reserved: 0 (0x0) Code: 0x0011c017 Fid: Persistent: 5 (0x5) Volatile: -4294967291 (0xFFFFFFFF00000005) InputOffset: 120 (0x78) InputCount: 68 (0x44) MaxInputResponse: 0 (0x0) OutputOffset: 120 (0x78) OutputCount: 0 (0x0) MaxOutputResponse: 1024 (0x400) Flags: 1 (0x1) Reserved2: 0 (0x0) Input: (68 bytes)
The server sends an SMB2 IOCTL Response with the data that was read.
Smb2: R IOCTL SMB2Header: Size: 64 (0x40) CreditCharge: 0 (0x0) Status: STATUS_SUCCESS Command: IOCTL Credits: 1 (0x1) Flags: 1 (0x1) ServerToRedir: ...............................1 Server to Client AsyncCommand: ..............................0. Command is not asynchronous Related: .............................0.. Packet is single message Signed: ............................0... Packet is not signed Reserved: 0 (0x0) DFS: 0............................... Command is not a DFS Operation NextCommand: 0 (0x0) MessageId: 12 (0xC) Reserved: 0 (0x0) TreeId: 1 (0x1) SessionId: 4398046511117 (0x4000000000D) RIoCtl: Size: 49 (0x31) Reserved: 0 (0x0) Code: 0x0011c017 Method: ..............................11 Method neither Function: 0x005 Access: ................11.............. Read/Write Device: 0x0011 Fid: Persistent: 5 (0x5) Volatile: -4294967291 (0xFFFFFFFF00000005) InputOffset: 112 (0x70) InputCount: 68 (0x44) OutputOffset: 184 (0xB8) OutputCount: 112 (0x70) Flags: 0 (0x0) Reserved2: 0 (0x0) Input: (68 bytes) Output: (112 bytes)
The client sends an SMB2 CLOSE Request to close the named pipe.
Smb2: C CLOSE FID= SMB2Header: Size: 64 (0x40) CreditCharge: 0 (0x0) Status: STATUS_SUCCESS Command: CLOSE Credits: 111 (0x6F) Flags: 0 (0x0) ServerToRedir: ...............................0 Client to Server AsyncCommand: ..............................0. Command is not asynchronous Related: .............................0.. Packet is single message Signed: ............................0... Packet is not signed Reserved: 0 (0x0) DFS: 0............................... Command is not a DFS Operation NextCommand: 0 (0x0) MessageId: 13 (0xD) Reserved: 0 (0x0) TreeId: 1 (0x1) SessionId: 4398046511117 (0x4000000000D) CClose: Size: 24 (0x18) Flags: 1 (0x1) Reserved: 0 (0x0) Fid: Persistent: 5 (0x5) Volatile: -4294967291 (0xFFFFFFFF00000005)
The server sends an SMB2 CLOSE Response to indicate the close was successful.
Smb2: R CLOSE SMB2Header: Size: 64 (0x40) CreditCharge: 0 (0x0) Status: STATUS_SUCCESS Command: CLOSE Credits: 1 (0x1) Flags: 1 (0x1) ServerToRedir: ...............................1 Server to Client AsyncCommand: ..............................0. Command is not asynchronous Related: .............................0.. Packet is single message Signed: ............................0... Packet is not signed Reserved: 0 (0x0) DFS: 0............................... Command is not a DFS Operation NextCommand: 0 (0x0) MessageId: 13 (0xD) Reserved: 0 (0x0) TreeId: 1 (0x1) SessionId: 4398046511117 (0x4000000000D) RClose: Size: 60 (0x3C) Flags: 0 (0x0) Reserved: 0 (0x0) CreationTime: 0 (0x0) LastAccessTime: 0 (0x0) LastWriteTime: 0 (0x0) ChangeTime: 0 (0x0) AllocationSize: 0 (0x0) EndOfFile: 0 (0x0) FileAttributes: 0x00000000 ReadOnly: (...............................0) Read/Write Hidden: (..............................0.) Not Hidden System: (.............................0..) Not System Reserverd3: 0 (0x0) Directory: (...........................0....) File Archive: (..........................0.....) Not Archive Device: (.........................0......) Not Device Normal: (........................0.......) Not Normal Temporary: (.......................0........) Permanent Sparse: (......................0.........) Not Sparse Reparse: (.....................0..........) Not Reparse Point Compressed: (....................0...........) Uncompressed Offline: (...................0............) Content indexed NotIndexed: (..................0.............) Permanent Encrypted: (.................0..............)