SMB NT IOCTL Codes / API / Reference ?

Stefan (metze) Metzmacher metze at
Fri Jun 4 07:39:43 GMT 2004

Tim Potter schrieb:

> On Thu, Jun 03, 2004 at 08:42:26PM -0400, William R. Lorenz wrote:
>>I will indeed try to do some NT IOCTL call sniffing and see what two Win2k
>>boxen do when talking to each other.  I have a feeling that this call is
>>something ordinary that can just be given a static SMB response of sorts.  
> Perhaps.
>>The tricky part is going to be figuring out which part of packet signifies
>>the NT IOCTL hexidecimal code so that I can blaze up the packet sniffer.  
>>I know that poking around in the code will probably take hours of time,
>>but maybe there's some kind of SMB spec that has the packet structures?

maybe it's a good idea to also run filemon
( on the server 
and client...
then you maybe know how th e ioctl call is named, and then you can 
google for it or seach msdn for it...


Stefan Metzmacher <metze at>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 194 bytes
Desc: OpenPGP digital signature
Url :

More information about the samba-technical mailing list