2.2.4.62.1 Request

The SMB_COM_NT_TRANSACT request differs in structure from the other two transaction request types. Although there are several common fields, the SMB_COM_NT_TRANSACT message rearranges fields to provide better byte alignment. The other transaction types use 16-bit fields to provide the size and offset of parameters and data; SMB_COM_NT_TRANSACT uses 32-bit fields, allowing for much larger data transfers. Finally, SMB_COM_NT_TRANSACT includes a Function field, which carries the subcommand code.

 SMB_Parameters
   {
   UCHAR  WordCount;
   Words
     {
     UCHAR  MaxSetupCount;
     USHORT Reserved1;
     ULONG  TotalParameterCount;
     ULONG  TotalDataCount;
     ULONG  MaxParameterCount;
     ULONG  MaxDataCount;
     ULONG  ParameterCount;
     ULONG  ParameterOffset;
     ULONG  DataCount;
     ULONG  DataOffset;
     UCHAR  SetupCount;
     USHORT Function;
     USHORT Setup[SetupCount];
     }
   }
 SMB_Data
   {
   USHORT ByteCount;
   Bytes
     {
     UCHAR  Pad1[];
     UCHAR  NT_Trans_Parameters[ParameterCount];
     UCHAR  Pad2[];
     UCHAR  NT_Trans_Data[DataCount];
     }
   }
            

SMB_Header:

The Command for the initial request and for all responses MUST be SMB_COM_NT_TRANSACT (0xA0). The Command for secondary request messages that are part of the same transaction MUST be SMB_COM_NT_TRANSACT_SECONDARY (0xA1). The PID, MID, TID, and UID MUST be the same for all requests and responses that are part of the same transaction.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

SMB_Parameters (variable)

...

SMB_Data (variable)

...

SMB_Parameters (variable):

The SMB_Parameters section of the SMB_COM_NT_TRANSACT request contains the information used to manage the transaction itself. It also contains flags and setup information that provide context for the execution of the operation on the server side.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

WordCount

Words (variable)

...

WordCount (1 byte): This field MUST be greater than or equal to 0x13.

Words (variable):


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

MaxSetupCount

Reserved1

TotalParameterCount

...

TotalDataCount

...

MaxParameterCount

...

MaxDataCount

...

ParameterCount

...

ParameterOffset

...

DataCount

...

DataOffset

...

SetupCount

Function

Setup (variable)

...

MaxSetupCount (1 byte): Maximum number of setup bytes that the client will accept in the transaction reply. This field MUST be set as specified in the subsections of Transaction Subcommands (section 2.2.5). The server MUST NOT return more than this number of setup bytes.

Reserved1 (2 bytes): Two padding bytes. This field MUST be 0x0000. This field is used to align the next field to a 32-bit boundary.

TotalParameterCount (4 bytes): The total number of SMB_COM_NT_TRANSACT parameter bytes to be sent in this transaction request. This value MAY be reduced in any or all subsequent SMB_COM_NT_TRANSACT_SECONDARY requests that are part of the same transaction. This value represents transaction parameter bytes, not SMB parameter words. Transaction parameter bytes are carried in the SMB_Data block of the SMB_COM_NT_TRANSACT request or in subsequent SMB_COM_NT_TRANSACT_SECONDARY requests.

TotalDataCount (4 bytes): The total number of SMB_COM_NT_TRANSACT data bytes to be sent in this transaction request. This value MAY be reduced in any or all subsequent SMB_COM_NT_TRANSACT_SECONDARY requests that are part of the same transaction. This value represents transaction data bytes, not SMB data bytes.

MaxParameterCount (4 bytes): The maximum number of parameter bytes that the client will accept in the transaction reply. This field MUST be set as specified in the subsections of Transaction Subcommands. The server MUST NOT return more than this number of parameter bytes.

MaxDataCount (4 bytes): The maximum number of data bytes that the client will accept in the transaction reply. This field MUST be set as specified in the subsections of Transaction Subcommands. The server MUST NOT return more than this number of data bytes.

ParameterCount (4 bytes): The number of transaction parameter bytes being sent in this SMB message. If the transaction fits within a single SMB_COM_NT_TRANSACT request, this value MUST be equal to TotalParameterCount. Otherwise, the sum of the ParameterCount values in the primary and secondary transaction request messages MUST be equal to the smallest TotalParameterCount value reported to the server. If the value of this field is less than the value of TotalParameterCount, then at least one SMB_COM_NT_TRANSACT_SECONDARY message MUST be used to transfer the remaining parameter bytes.

ParameterOffset (4 bytes): The offset, in bytes, from the start of the SMB_Header to the transaction parameter bytes. This MUST be the number of bytes from the start of the SMB message to the start of the SMB_Data.Bytes.Parameters field. Server implementations MUST use this value to locate the transaction parameter block within the SMB message. If ParameterCount is zero, the client/server MAY set this field to zero.<113>

DataCount (4 bytes): The number of transaction data bytes being sent in this SMB message. If the transaction fits within a single SMB_COM_NT_TRANSACT request, then this value MUST be equal to TotalDataCount. Otherwise, the sum of the DataCount values in the primary and secondary transaction request messages MUST be equal to the smallest TotalDataCount value reported to the server. If the value of this field is less than the value of TotalDataCount, then at least one SMB_COM_NT_TRANSACT_SECONDARY message MUST be used to transfer the remaining data bytes.

DataOffset (4 bytes): The offset, in bytes, from the start of the SMB Header (section 2.2.3.1) to the transaction data bytes. This MUST be the number of bytes from the start of the SMB message to the start of the SMB_Data.Bytes.Data field. Server implementations MUST use this value to locate the transaction data block within the SMB message. If DataCount is zero, the client/server MAY set this field to zero.<114>

SetupCount (1 byte): The number of setup words that are included in the transaction request.

Function (2 bytes): The transaction subcommand code, which is used to identify the operation to be performed by the server.

Setup (variable): An array of two-byte words that provides transaction context to the server. The size and content of the array are specific to the individual subcommands.

SMB_Data (variable):

The SMB_Data section of the SMB_COM_NT_TRANSACT request contains the parameters and data that are the input to the transaction operation on the server.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

ByteCount

Bytes (variable)

...

ByteCount (2 bytes): The number of bytes in the SMB_Data.Bytes array, which follows.

Bytes (variable):


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

Pad1 (variable)

...

NT_Trans_Parameters (variable)

...

Pad2 (variable)

...

NT_Trans_Data (variable)

...

Pad1 (variable): This field SHOULD be used as an array of padding bytes to align the following field to a 4-byte boundary relative to the start of the SMB Header. This constraint can cause this field to be a zero-length field. This field SHOULD be set to zero by the client/server and MUST be ignored by the server/client.

NT_Trans_Parameters (variable): Transaction parameter bytes. See the individual SMB_COM_NT_TRANSACT subcommand descriptions for information on parameters sent for each subcommand.

Pad2 (variable): This field SHOULD be used as an array of padding bytes to align the following field to a 4-byte boundary relative to the start of the SMB Header. This constraint can cause this field to be a zero-length field. This field SHOULD be set to zero by the client/server, and MUST be ignored by the server/client.

NT_Trans_Data (variable): Transaction data bytes. See the individual SMB_COM_NT_TRANSACT subcommand descriptions for information on data sent for each subcommand.