Partager via


2.2.2.5 Data Buffer Format Codes

Data buffer format codes are used to identify the type and format of the fields that immediately follow them in the data block of SMB messages. See section 2.2.3.3 for a description of the data block.

In Core Protocol commands, every field in the data block (following the ByteCount field) is preceded by a one-byte buffer format field. Commands introduced in dialects subsequent to the Core Protocol typically do not include buffer format fields unless they are intended as an extension to an existing command. For example, SMB_COM_FIND (section 2.2.4.59) was introduced in the LAN Manager 1.0 dialect in order to improve the semantics of the SMB_COM_SEARCH (section 2.2.4.58) Core Protocol command. Both commands share the same request and response message structures, including the buffer format fields.

Data block fields that are preceded by buffer format codes take one of two basic forms:

  • A null-terminated string or

  • A structure consisting of a two-byte length field followed by an array of bytes:

     struct
       {
       USHORT Length;
       UCHAR  Data[Length];
       }
    

    Buffer format code

    Name

    Format of the field that follows

    0x01

    Data Buffer

    A two-byte USHORT value indicating the length of the data buffer. The data buffer follows immediately after the length field.

    0x02

    Dialect String

    A null-terminated OEM_STRING.

    This format code is used only in the SMB_COM_NEGOTIATE (section 2.2.4.52) command to identify SMB dialect strings.

    0x03

    Pathname

    A null-terminated string representing a file system path.

    In the NT LAN Manager dialect, the string is of type SMB_STRING unless otherwise specified.

    0x04

    SMB String

    A null-terminated string.

    In the NT LAN Manager dialect, the string is of type SMB_STRING unless otherwise specified.

    0x05

    Variable Block

    A two-byte USHORT value indicating the length of the variable block. The variable block follows immediately after the length field.