共用方式為


2.2.5.11.1 Request

 Trans_Data
   {
   UCHAR WriteData[TotalDataCount];
   }
            

SMB_Parameters: The SMB_Parameters section contains the relevant fields for the TRANS_CALL_NMPIPE subcommand of the SMB_COM_TRANSACTION Request (section 2.2.4.33.1).

WordCount (1 byte): This field MUST be set to 0x10.

Words (32 bytes):

TotalParameterCount (2 bytes): This field MUST be set to 0x0000.

TotalDataCount (2 bytes): This field MUST be set to the total number of bytes that the client attempts to write to the named pipe.

MaxParameterCount (2 bytes): This field MUST be set to 0x0000.

MaxDataCount (2 bytes): This field MUST be set to the number of bytes that the client attempts to read from the named pipe.

MaxSetupCount (1 byte): This field MUST be 0x00.

Flags (2 bytes): This field SHOULD be set to 0x0000 for this request.

Timeout (4 bytes): This field SHOULD be set to 0x00000000 for this request.

ParameterCount (2 bytes): This field MUST be set to 0x0000.

DataCount (2 bytes): This field MUST be set to the count of bytes in the Trans_Data.WriteData buffer field. If this field is less than the value of TotalDataCount then the client MUST send at least one more request to send the remaining (TotalDataCount - DataCount) bytes to write to the named pipe.

SetupCount (1 byte): This field MUST be set to 0x02.

Setup (4 bytes):

Subcommand (2 bytes): This field MUST be set to the transaction subcommand TRANS_CALL_NMPIPE 0x0054.

Priority (2 bytes): This field MUST be in the range of 0x0000 to 0x0009. The larger value is the higher priority.

SMB_Data: The SMB_Data section contains the relevant fields for the TRANS_READ_NMPIPE subcommand of the SMB_COM_TRANSACTION request.

ByteCount (2 bytes): The value of this field MUST be the count of bytes that follows the ByteCount field.

Name (variable): The name field MUST be set to the name of the pipe, in the format \PIPE\<pipename> where <pipename> is the name of the pipe to open. To open the pipe PipeA, the name field is set to \PIPE\PipeA. If SMB_FLAGS2_UNICODE is set in the Flags2 field of the SMB Header (section 2.2.3.1) of the request, the name string MUST be a null-terminated array of 16-bit Unicode characters. Otherwise, the name string MUST be a null-terminated array of OEM characters. If the name string consists of Unicode characters, this field MUST be aligned to start on a 2-byte boundary from the start of the SMB Header.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

Trans_Data (variable)

...

Trans_Data (variable):


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

WriteData (variable)

...

WriteData (variable): This field MUST contain the bytes to write to the named pipe. The size of the buffer MUST be equal to the value in TotalDataCount.