SMB_COM_NT_CREATE_ANDX response and extended response bugfixes

SMBLibrary/SMB1/Commands/NTCreateAndXResponse.cs

@@ -45,13 +45,13 @@ namespace SMBLibrary.SMB1
             OpLockLevel = (OpLockLevel)ByteReader.ReadByte(this.SMBParameters, ref parametersOffset);
             FID = LittleEndianReader.ReadUInt16(this.SMBParameters, ref parametersOffset);
             CreateDisposition = (CreateDisposition)LittleEndianReader.ReadUInt32(this.SMBParameters, ref parametersOffset);
-            CreateTime = SMB1Helper.ReadNullableFileTime(buffer, ref parametersOffset);
+            CreateTime = SMB1Helper.ReadNullableFileTime(this.SMBParameters, ref parametersOffset);
-            LastAccessTime = SMB1Helper.ReadNullableFileTime(buffer, ref parametersOffset);
+            LastAccessTime = SMB1Helper.ReadNullableFileTime(this.SMBParameters, ref parametersOffset);
-            LastWriteTime = SMB1Helper.ReadNullableFileTime(buffer, ref parametersOffset);
+            LastWriteTime = SMB1Helper.ReadNullableFileTime(this.SMBParameters, ref parametersOffset);
-            LastChangeTime = SMB1Helper.ReadNullableFileTime(buffer, ref parametersOffset);
+            LastChangeTime = SMB1Helper.ReadNullableFileTime(this.SMBParameters, ref parametersOffset);
             ExtFileAttributes = (ExtendedFileAttributes)LittleEndianReader.ReadUInt32(this.SMBParameters, ref parametersOffset);
-            AllocationSize = LittleEndianReader.ReadInt64(buffer, ref parametersOffset);
+            AllocationSize = LittleEndianReader.ReadInt64(this.SMBParameters, ref parametersOffset);
-            EndOfFile = LittleEndianReader.ReadInt64(buffer, ref parametersOffset);
+            EndOfFile = LittleEndianReader.ReadInt64(this.SMBParameters, ref parametersOffset);
             ResourceType = (ResourceType)LittleEndianReader.ReadUInt16(this.SMBParameters, ref parametersOffset);
             NMPipeStatus = NamedPipeStatus.Read(this.SMBParameters, ref parametersOffset);
             Directory = (ByteReader.ReadByte(this.SMBParameters, ref parametersOffset) > 0);

SMBLibrary/SMB1/Commands/NTCreateAndXResponseExtended.cs

@@ -17,6 +17,9 @@ namespace SMBLibrary.SMB1
     public class NTCreateAndXResponseExtended : SMBAndXCommand
     {
         public const int ParametersLength = 100;
+        // [MS-SMB] Section 2.2.4.9.2 and Note <49>:
+        // Windows-based SMB servers send 50 (0x32) words in the extended response although they set the WordCount field to 0x2A.
+        public const int DeclaredParametersLength = 84;
         // Parameters:
         // CommandName AndXCommand;
         // byte AndXReserved;
@@ -49,13 +52,13 @@ namespace SMBLibrary.SMB1
             OpLockLevel = (OpLockLevel)ByteReader.ReadByte(this.SMBParameters, ref parametersOffset);
             FID = LittleEndianReader.ReadUInt16(this.SMBParameters, ref parametersOffset);
             CreateDisposition = (CreateDisposition)LittleEndianReader.ReadUInt32(this.SMBParameters, ref parametersOffset);
-            CreateTime = FileTimeHelper.ReadNullableFileTime(buffer, ref parametersOffset);
+            CreateTime = FileTimeHelper.ReadNullableFileTime(this.SMBParameters, ref parametersOffset);
-            LastAccessTime = FileTimeHelper.ReadNullableFileTime(buffer, ref parametersOffset);
+            LastAccessTime = FileTimeHelper.ReadNullableFileTime(this.SMBParameters, ref parametersOffset);
-            LastWriteTime = FileTimeHelper.ReadNullableFileTime(buffer, ref parametersOffset);
+            LastWriteTime = FileTimeHelper.ReadNullableFileTime(this.SMBParameters, ref parametersOffset);
-            LastChangeTime = FileTimeHelper.ReadNullableFileTime(buffer, ref parametersOffset);
+            LastChangeTime = FileTimeHelper.ReadNullableFileTime(this.SMBParameters, ref parametersOffset);
             ExtFileAttributes = (ExtendedFileAttributes)LittleEndianReader.ReadUInt32(this.SMBParameters, ref parametersOffset);
-            AllocationSize = LittleEndianReader.ReadInt64(buffer, ref parametersOffset);
+            AllocationSize = LittleEndianReader.ReadInt64(this.SMBParameters, ref parametersOffset);
-            EndOfFile = LittleEndianReader.ReadInt64(buffer, ref parametersOffset);
+            EndOfFile = LittleEndianReader.ReadInt64(this.SMBParameters, ref parametersOffset);
             ResourceType = (ResourceType)LittleEndianReader.ReadUInt16(this.SMBParameters, ref parametersOffset);
             NMPipeStatus_or_FileStatusFlags = LittleEndianReader.ReadUInt16(this.SMBParameters, ref parametersOffset);
             Directory = (ByteReader.ReadByte(this.SMBParameters, ref parametersOffset) > 0);

SMBLibrary/SMB1/Commands/SMB1Command.cs

@@ -25,6 +25,12 @@ namespace SMBLibrary.SMB1
         public SMB1Command(byte[] buffer, int offset, bool isUnicode)
         {
             byte wordCount = ByteReader.ReadByte(buffer, ref offset);
+            if (CommandName == CommandName.SMB_COM_NT_CREATE_ANDX && wordCount == NTCreateAndXResponseExtended.DeclaredParametersLength / 2)
+            {
+                // [MS-SMB] Section 2.2.4.9.2 and Note <49>:
+                // Windows-based SMB servers send 50 (0x32) words in the extended response although they set the WordCount field to 0x2A.
+                wordCount = NTCreateAndXResponseExtended.ParametersLength / 2;
+            }
             SMBParameters = ByteReader.ReadBytes(buffer, ref offset, wordCount * 2);
             ushort byteCount = LittleEndianReader.ReadUInt16(buffer, ref offset);
             SMBData = ByteReader.ReadBytes(buffer, ref offset, byteCount);
@@ -46,11 +52,10 @@ namespace SMBLibrary.SMB1
             byte wordCount = (byte)(SMBParameters.Length / 2);
             if (this is NTCreateAndXResponseExtended)
             {
-                // [MS-SMB] Section 2.2.4.9.2 and Note <51>:
+                // [MS-SMB] Section 2.2.4.9.2 and Note <49>:
-                // Windows-based SMB servers send 50 (0x32) words in the extended response
+                // Windows-based SMB servers send 50 (0x32) words in the extended response although they set the WordCount field to 0x2A.
-                // although they set the WordCount field to 0x2A
+                // WordCount SHOULD be set to 0x2A.
-                // wordCount SHOULD be 0x2A
+                wordCount = NTCreateAndXResponseExtended.DeclaredParametersLength / 2;
-                wordCount = 0x2A;
             }
             ushort byteCount = (ushort)SMBData.Length;
 
@@ -455,6 +460,11 @@ namespace SMBLibrary.SMB1
                         {
                             return new NTCreateAndXResponse(buffer, offset);
                         }
+                        else if (wordCount * 2 == NTCreateAndXResponseExtended.ParametersLength ||
+                                 wordCount * 2 == NTCreateAndXResponseExtended.DeclaredParametersLength)
+                        {
+                            return new NTCreateAndXResponseExtended(buffer, offset);
+                        }
                         else if (wordCount == 0)
                         {
                             return new ErrorResponse(commandName);