SMB NT IOCTL Codes / API / Reference ?

William R. Lorenz wrl at
Fri Jun 4 00:42:26 GMT 2004

Hi Tim,

First of all, thanks so much for your response! :)

I will indeed try to do some NT IOCTL call sniffing and see what two Win2k
boxen do when talking to each other.  I have a feeling that this call is
something ordinary that can just be given a static SMB response of sorts.  
The tricky part is going to be figuring out which part of packet signifies
the NT IOCTL hexidecimal code so that I can blaze up the packet sniffer.  
I know that poking around in the code will probably take hours of time,
but maybe there's some kind of SMB spec that has the packet structures?

Do you know whether this NT IOCTL call is in fact being made by the SQL
Server specifically, or is it something embedded in the SMB functionality?  
I did quite a bit of poking around into NT IOCTL references today and the
associated Microsoft Windows DDK (Driver Development Kit), but I'm still
left with a few questions with regards to NT IOCTL implementation and
whether it's the applications or Win2k itself generating these IOCTL
calls.  Do unimplemented NT IOCTL calls come up often as a result of them
not having been found in action before, or is this an unordinary thing?

If nothing else, thank you so much for the suggestion, Tim! :)

On Fri, 4 Jun 2004, Tim Potter wrote:

> On Thu, Jun 03, 2004 at 12:37:07PM -0400, William R. Lorenz wrote:

> > I'll share this with the list also, in case anyone might be able to
> > help me find this NT IOCTL code so that I can get started on a 3.0.4

> As a rough guess I would try doing a network sniff of traffic between
> SQL server and a Windows machine and seeing what NT ioctl calls are
> made.

> I don't know of any lists of NT ioctl numbers and what they mean.

--          _ 
__ __ ___ _| | William R. Lorenz <wrl at> 
\ V  V / '_| | ; "Every revolution was 
 \./\./|_| |_| first a thought in one man's mind." - Ralph Waldo Emerson 

More information about the samba-technical mailing list