Export (0) Print
Expand All

4.6 FSCTL SRV COPYCHUNK

The following example refers to the sequence of operations for a file copy in which the source and the destination are on the same server. The FSCTL_SRV_COPYCHUNK (section 2.2.7.2) is used. The following sequence assumes that the SMB connection to the server, SMB session establishment, and other operations have been completed.

4489c34b-ffd2-43a6-82a4-506265eb2280

Figure 8: Copy file (from/to same remote server) sequence

The initial step in the preceding sequence is to open the source and the destination file using NT_CREATE_ANDX command. This step is followed by the FSCTL_SRV_REQUEST_RESUME_KEY request. This is sent as an NT_TRANSACT_IOCTL with the file ID of the source file. The server responds with the FSCTL_SRV_REQUEST_RESUME_KEY response (section 2.2.7.2.2.2). A 24-byte server copychunk resume key is returned.

NT_CREATE_ANDX Request (Source)

Client -> Server: SMB: C NT Create Andx, Dialect = NTLM 0.12
        SMB: Tree ID      (Tid) = 2049 (0x801)
        SMB: Process ID   (Pid) = 3592 (0xE08)
        SMB: User ID      (Uid) = 2048 (0x800)
        SMB: Multiplex ID (Mid) = 384 (0x180)
SMB: Command = C NT create & X
        SMB: Desired Access = 0x00020089
            SMB: ...............................1 = Read Data Allowed
            SMB: ..............................0. = Write Data Denied
            SMB: .............................0.. = Append Data Denied
            SMB: ............................1... = Read EA Allowed
            SMB: ...........................0.... = Write EA Denied
            SMB: ..........................0..... = File Execute Denied
            SMB: .........................0...... = File Delete Denied
            SMB: ........................1....... = File Read Attributes Allowed
            SMB: .......................0........ = File Write Attributes Denied
        SMB: NT File Attributes = 0x00000000
            SMB: ...............................0 = Not Read Only
            SMB: ..............................0. = Not Hidden
            SMB: .............................0.. = Not System
            SMB: ...........................0.... = Not Directory
            SMB: ..........................0..... = Not Archive
            SMB: .........................0...... = Not Device
            SMB: ........................0....... = Not Normal
            SMB: .......................0........ = Not Temporary
            SMB: ......................0......... = Not Sparse File
            SMB: .....................0.......... = Not Reparse Point
            SMB: ....................0........... = Not Compressed
            SMB: ...................0............ = Not Offline
            SMB: ..................0............. = 
CONTENT_INDEXED
            SMB: .................0.............. = Not Encrypted
        SMB: File Share Access = 0x00000005
            SMB: ...............................1 = Read allowed
            SMB: ..............................0. = Write not allowed
            SMB: .............................1.. = Delete allowed
        SMB: Create Disposition = Open:  If exist, Open, else fail
        SMB: Create Options = 2097220 (0x200044)
            SMB: ...............................0 = non-directory
            SMB: ..............................0. = non-write through
            SMB: .............................1.. = Data must be written to the
                                                    file sequentially
            SMB: ............................0... = intermediate buffering allowed
            SMB: ...........................0.... = IO alerts bits not set
            SMB: ..........................0..... = IO non-alerts bit not set
            SMB: .........................1...... = Operation is on a non-directory file
            SMB: ........................0....... = tree connect bit not set
            SMB: .......................0........ = complete if oplocked bit is not set
            SMB: ......................0......... = no EA knowledge bit is not set
            SMB: .....................0.......... = 8.3 filenames bit is not set
            SMB: ....................0........... = random access bit is not set
            SMB: ...................0............ = delete on close bit is not set
            SMB: ..................0............. = open by filename
            SMB: .................0.............. = open for backup bit not set
        SMB: File name = sourcefile.txt

NT_CREATE_ANDX Response

Server -> Client: SMB: R NT Create Andx, Dialect = NTLM 0.12
        SMB: Tree ID      (Tid) = 2049 (0x801)
        SMB: Process ID   (Pid) = 3592 (0xE08)
        SMB: User ID      (Uid) = 2048 (0x800)
        SMB: Multiplex ID (Mid) = 384 (0x180)
SMB: Command = R NT create & X
        SMB: Oplock Level = II
        SMB: File ID (Fid) = 16386 (0x4002)
        
        SMB: NT File Attributes = 0x00000020
            SMB: ...............................0 = Not Read Only
            SMB: ..............................0. = Not Hidden
            SMB: .............................0.. = Not System
            SMB: ...........................0.... = Not Directory
            SMB: ..........................1..... = Archive
            SMB: .........................0...... = Not Device
            SMB: ........................0....... = Not Normal
            SMB: .......................0........ = Not Temporary
            SMB: ......................0......... = Not Sparse File
            SMB: .....................0.......... = Not Reparse Point
            SMB: ....................0........... = Not Compressed
            SMB: ...................0............ = Not Offline
            SMB: ..................0............. = 
CONTENT_INDEXED
            SMB: .................0.............. = Not Encrypted
        SMB: File type = Disk file or directory

NT_CREATE_ANDX Request (Destination)

Client -> Server: SMB: C NT Create Andx, Dialect = NTLM 0.12
        SMB: Tree ID      (Tid) = 2049 (0x801)
        SMB: Process ID   (Pid) = 3592 (0xE08)
        SMB: User ID      (Uid) = 2048 (0x800)
        SMB: Multiplex ID (Mid) = 480 (0x1E0)
SMB: Command = C NT create & X
        SMB: Desired Access = 0x00030197
            SMB: ...............................1 = Read Data Allowed
            SMB: ..............................1. = Write Data Allowed
            SMB: .............................1.. = Append Data Allowed
            SMB: ............................0... = Read EA Denied
            SMB: ...........................1.... = Write EA Allowed
            SMB: ..........................0..... = File Execute Denied
            SMB: .........................0...... = File Delete Denied
            SMB: ........................1....... = File Read Attributes Allowed
            SMB: .......................1........ = File Write Attributes Allowed
        SMB: NT File Attributes = 0x00000020
            SMB: ...............................0 = Not Read Only
            SMB: ..............................0. = Not Hidden
            SMB: .............................0.. = Not System
            SMB: ...........................0.... = Not Directory
            SMB: ..........................1..... = Archive
            SMB: .........................0...... = Not Device
            SMB: ........................0....... = Not Normal
            SMB: .......................0........ = Not Temporary
            SMB: ......................0......... = Not Sparse File
            SMB: .....................0.......... = Not Reparse Point
            SMB: ....................0........... = Not Compressed
            SMB: ...................0............ = Not Offline
            SMB: ..................0............. = CONTENT_INDEXED
            SMB: .................0.............. = Not Encrypted
        SMB: File Share Access = 0x00000000
            SMB: ...............................0 = Read not allowed
            SMB: ..............................0. = Write not allowed
            SMB: .............................0.. = Delete not allowed
        SMB: Create Disposition = Overwrite_If:  If exist, open and overwrite,
             else create it
        SMB: Create Options = 68 (0x44)
            SMB: ...............................0 = non-directory
            SMB: ..............................0. = non-write through
            SMB: .............................1.. = Data must be written to the file sequentially
            SMB: ............................0... = intermediate buffering allowed
            SMB: ...........................0.... = IO alerts bits not set
            SMB: ..........................0..... = IO non-alerts bit not set
            SMB: .........................1...... = Operation is on a non-directory file
            SMB: ........................0....... = tree connect bit not set
            SMB: .......................0........ = complete if oplocked bit is not set
            SMB: ......................0......... = no EA knowledge bit is not set
            SMB: .....................0.......... = 8.3 filenames bit is not set
            SMB: ....................0........... = random access bit is not set
            SMB: ...................0............ = delete on close bit is not set
            SMB: ..................0............. = open by filename
            SMB: .................0.............. = open for backup bit not set
        SMB: File name = destinationfile.txt

NT_CREATE_ANDX Response

Server -> Client: SMB: R NT Create Andx, Dialect = NTLM 0.12
        SMB: Tree ID      (Tid) = 2049 (0x801)
        SMB: Process ID   (Pid) = 3592 (0xE08)
        SMB: User ID      (Uid) = 2048 (0x800)
        SMB: Multiplex ID (Mid) = 480 (0x1E0)
SMB: Command = R NT create & X
        SMB: Oplock Level = Batch
        SMB: File ID (Fid) = 16387 (0x4003)
        
        SMB: NT File Attributes = 0x00000020
        SMB: ...............................0 = Not Read Only
        SMB: ..............................0. = Not Hidden
        SMB: .............................0.. = Not System
        SMB: ...........................0.... = Not Directory
        SMB: ..........................1..... = Archive
        SMB: .........................0...... = Not Device
        SMB: ........................0....... = Not Normal
        SMB: .......................0........ = Not Temporary
        SMB: ......................0......... = Not Sparse File
        SMB: .....................0.......... = Not Reparse Point
        SMB: ....................0........... = Not Compressed
        SMB: ...................0............ = Not Offline
        SMB: ..................0............. = CONTENT_INDEXED
        SMB: .................0.............. = Not Encrypted
    SMB: File type = Disk file or directory

FSCTL_SRV_REQUEST_RESUME_KEY Request

Client -> Server: SMB: C NT Transact, Dialect = NTLM 0.12
NT IOCTL Function Code 0x00140078 FSCTL_SRV_REQUEST_RESUME_KEY
File ID (Fid) = 16386 (0x4002)

FSCTL_SRV_REQUEST_RESUME_KEY Response

Server -> Client: SMB: R NT Transact, Dialect = NTLM 0.12
NT IOCTL Function Code 0x00140078 FSCTL_SRV_REQUEST_RESUME_KEY
File ID (Fid) = 16386 (0x4002)
Key = 2D 0B 00 00 01 00 00 00 59 84 0C 62 1B 84 C6 01 08 0E 00 00 00 00 00 00
ContextLength = 0

This is followed by an FSCTL_SRV_COPYCHUNK request. The request uses the resume key generated earlier.

FSCTL_SRV_COPYCHUNK Request

Client -> Server: SMB: C NT Transact, Dialect = NTLM 0.12
NT IOCTL Function Code 0x001440F2 FSCTL_SRV_COPYCHUNK
File ID (Fid) = 16387 (0x4003)
Key = 2D 0B 00 00 01 00 00 00 59 84 0C 62 1B 84 C6 01 08 0E 00 00 00 00 00 00
ChunkCount = 1 (01 00 00 00)
Reserved = 0 (00 00 00 00)

List:
    SourceOffset = 0 _(00 00 00 00 00 00 00 00)
    DestinationOffset = 0 (00 00 00 00 00 00 00 00)
    Length = 1731 (3C 06 00 00)

FSCTL_SRV_COPYCHUNK Response

Server -> Client: SMB: R NT Transact, Dialect = NTLM 0.12
NT IOCTL Function Code 0x001440F2 FSCTL_SRV_COPYCHUNK
File ID (Fid) = 16387 (0x4003)
ChunksWritten = 1 (01 00 00 00)
ChunkBytesWritten = 0 (00 00 00 00)
TotalBytesWritten = 1731 (3C 06 00 00)

The final step is to close the source and the destination file with SMB_COM_CLOSE commands.

SMB_COM_CLOSE Request (Source)

Client -> Server: SMB: C Close, Dialect = NTLM 0.12
        SMB: Tree ID      (Tid) = 2049 (0x801)
        SMB: Process ID   (Pid) = 65279 (0xFEFF)
        SMB: User ID      (Uid) = 2048 (0x800)
        SMB: Multiplex ID (Mid) = 640 (0x280)
SMB: Command = C Close
        SMB: File ID (Fid) = 16386 (0x4002)

SMB_COM_CLOSE Response

Server -> Client: SMB: R Close, Dialect = NTLM 0.12
        SMB: Tree ID      (Tid) = 2049 (0x801)
        SMB: Process ID   (Pid) = 65279 (0xFEFF)
        SMB: User ID      (Uid) = 2048 (0x800)
        SMB: Multiplex ID (Mid) = 640 (0x280)

SMB_COM_CLOSE Request (Destination)

Client -> Server: SMB: C Close, Dialect = NTLM 0.12
        SMB: Tree ID      (Tid) = 2049 (0x801)
        SMB: Process ID   (Pid) = 65279 (0xFEFF)
        SMB: User ID      (Uid) = 2048 (0x800)
        SMB: Multiplex ID (Mid) = 656 (0x290)
SMB: Command = C Close
        SMB: File ID (Fid) = 16387 (0x4003)

SMB_COM_CLOSE Response

Server -> Client: SMB: R Close, Dialect = NTLM 0.12
        SMB: Tree ID      (Tid) = 2049 (0x801)
        SMB: Process ID   (Pid) = 65279 (0xFEFF)
        SMB: User ID      (Uid) = 2048 (0x800)
        SMB: Multiplex ID (Mid) = 656 (0x290)
 
Show:
© 2014 Microsoft