2.2.4.42.1 Request

 SMB_Parameters
   {
   UCHAR  WordCount;
   Words
     {
     UCHAR  AndXCommand;
     UCHAR  AndXReserved;
     USHORT AndXOffset;
     USHORT FID;
     ULONG  Offset;
            
     USHORT MaxCountOfBytesToReturn;
     USHORT MinCountOfBytesToReturn;
     ULONG  Timeout;
     USHORT Remaining;
     ULONG OffsetHigh (optional);
     }
   }
 SMB_Data
   {
   USHORT ByteCount;
   }
            


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

SMB_Parameters (25 bytes)

...

...

...

SMB_Data

SMB_Parameters (25 bytes):


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

WordCount

Words (24 bytes)

...

...

...

WordCount (1 byte): This field MUST be either 0x0A or 0x0C.

Words (24 bytes):


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

AndXCommand

AndXReserved

AndXOffset

FID

Offset

...

MaxCountOfBytesToReturn

MinCountOfBytesToReturn

Timeout

...

Remaining

OffsetHigh

AndXCommand (1 byte): The command code for the next SMB command in the packet. This value MUST be set to 0xFF if there are no additional SMB commands in the client request packet.

AndXReserved (1 byte): A reserved field. This MUST be set to 0x00 when this request is sent, and the server MUST ignore this value when the message is received.

AndXOffset (2 bytes): This field MUST be set to the offset in bytes from the start of the SMB Header (section 2.2.3.1) to the start of the WordCount field in the next SMB command in this packet. This field is valid only if the AndXCommand field is not set to 0xFF. If AndXCommand is 0xFF, this field MUST be ignored by the server.

FID (2 bytes): This field MUST be a valid FID indicating the file from which the data MUST be read.

Offset (4 bytes): If WordCount is 0x0A, this field represents a 32-bit offset, measured in bytes, of where the read MUST start relative to the beginning of the file. If WordCount is 0x0C, this field represents the lower 32 bits of a 64-bit offset.

MaxCountOfBytesToReturn (2 bytes): The maximum number of bytes to read. A single request MUST NOT return more data than permitted by the maximum negotiated buffer size (MaxBufferSize) for the session unless CAP_LARGE_READX has been negotiated as specified in sections 2.2.4.53.1 and 3.3.5.43. If MaxCountOfBytesToReturn would cause the total size of the response message to exceed the maximum negotiated buffer size, the server MUST return only the number of bytes that fit within the maximum negotiated buffer size.

MinCountOfBytesToReturn (2 bytes): The requested minimum number of bytes to return. This field is used only when reading from a named pipe or a device. It is ignored when reading from a standard file.

Timeout (4 bytes): This field represents the amount of time, in milliseconds, that a server MUST wait before sending a response. It is used only when reading from a named pipe or I/O device and does not apply when reading from a regular file.

Remaining (2 bytes): Count of bytes remaining to satisfy client's read request. This field is not used in the NT LAN Manager dialect. Clients MUST set this field to 0x0000, and servers MUST ignore it.

OffsetHigh (4 bytes): This field is optional. If WordCount is 0x0A this field is not included in the request. If WordCount is 0x0C this field represents the upper 32 bits of a 64-bit offset, measured in bytes, of where the read SHOULD start relative to the beginning of the file.

SMB_Data (2 bytes):


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

ByteCount

ByteCount (2 bytes): This field MUST be 0x0000. No data is sent by this message.