2.2.4.61.1 Request

 SMB_Parameters
   {
   UCHAR  WordCount;
   Words
     {
     USHORT MaxCount;
     USHORT SearchAttributes;
     }
   }
 SMB_Data
   {
   USHORT ByteCount;
   Bytes
     {
     UCHAR          BufferFormat1;
     SMB_STRING     FileName;
     UCHAR          BufferFormat2;
     USHORT         ResumeKeyLength;
     SMB_Resume_Key ResumeKey;
     }
   }
            

SMB_Header:

TID (2 bytes): A valid TID MUST be provided. The TID MUST refer to a connected server share and MUST match the TID in the corresponding SMB_COM_FIND commands.

UID (2 bytes): A valid UID MUST be provided and MUST match the UID specified in the corresponding SMB_COM_FIND commands.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

SMB_Parameters

...

SMB_Data (28 bytes)

...

...

...

SMB_Parameters (5 bytes):


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

WordCount

Words

...

WordCount (1 byte): This field MUST be 0x02.

Words (4 bytes):


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

MaxCount

SearchAttributes

MaxCount (2 bytes): This field has no meaning in this context. It SHOULD<111> be set to 0x0000 by the client and MUST be ignored by the server.

SearchAttributes (2 bytes): This field has no meaning in this context. It SHOULD be set to 0x0000 by the client and MUST be ignored by the server.

SMB_Data (28 bytes):


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

ByteCount

Bytes (26 bytes)

...

...

ByteCount (2 bytes): This field MUST be 26 (0x001A).

Bytes (26 bytes):


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

BufferFormat1

FileName

BufferFormat2

ResumeKeyLength

...

ResumeKey (21 bytes)

...

...

...

BufferFormat1 (1 byte): This field MUST be 0x04, which indicates that a null-terminated ASCII string follows.

FileName (1 byte): SMB_STRING A null-terminated SMB_STRING. This MUST be the empty string.

BufferFormat2 (1 byte): This field MUST be 0x05, which indicates that a variable block follows.

ResumeKeyLength (2 bytes): This field MUST be 21 (0x0015).

ResumeKey (21 bytes): SMB_Resume_Key This MUST be the last ResumeKey returned by the server in the search being closed. See SMB_COM_FIND for a description of the SMB_Resume_Key data structure.

Show: