RubyGems - rex - Versions diffs - 2.0.7 → 2.0.8 - Mend

rex 2.0.7 → 2.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

checksums.yaml +4 -4
data/lib/rex/elfparsey/exceptions.rb +1 -1
data/lib/rex/elfscan/scanner.rb +2 -2
data/lib/rex/machparsey/exceptions.rb +0 -3
data/lib/rex/machscan/scanner.rb +1 -1
data/lib/rex/peparsey/exceptions.rb +1 -1
data/lib/rex/peparsey/pebase.rb +4 -4
data/lib/rex/pescan/search.rb +1 -1
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +83 -3
data/lib/rex/proto/http/server.rb +0 -1
data/lib/rex/proto/pjl.rb +4 -0
data/lib/rex/proto/pjl/client.rb +67 -13
data/lib/rex/proto/smb/constants.rb +1388 -1047
data/lib/rex/proto/smb/exceptions.rb +2 -2
data/lib/rex/socket/comm/local.rb +1 -1
data/lib/rex/text.rb +0 -1
data/rex.gemspec +2 -2
metadata +3 -3

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5cc2f7d9e9457482ffe5b8935f8b93c4e57560cc
-  data.tar.gz: b6e6ee56e59286b54a62d28540e92fa6363dd6ae
+  metadata.gz: 22c520a8b58476a0eec77db5441cfded29f8b2f3
+  data.tar.gz: 51e9bbbaf02d8bd0fb56dcf478afd3e309e149e8
 SHA512:
-  metadata.gz: 17d81b1cda43811ec7acc076f4c903da5cb48316c399dd08abf2839df6e979b9de977f321e004ec1391fe86d472b450af2262f9be6a30aad8ddc30c2358a107e
-  data.tar.gz: f921d0e028d10c3b96eaaa65eff57a39d085dae29067d7e5b64addef567aff2043fc4079801a0cf11053abea603055a3d1ffcaeb9c3bf7788644bf44c0011d1c
+  metadata.gz: afa5bb9719866c18f8372147f7e50c6156453a8b5b882eadd083f5bfa6d7ca7bced4ca7a6c6381bb48ca90d71ff89fc579c1a12751f319ae9de25f3b8593803e
+  data.tar.gz: d0c9d1a506cad9ce76cd82770939d15d6652a03a8a4714284fa20f50e0b4ab534134e52ca0bd68f318b9b85763603342199d54ed169abe93a2913eb0d6c7b15b

data/lib/rex/elfparsey/exceptions.rb CHANGED

@@ -18,7 +18,7 @@ end
 class BoundsError < ElfError
 end
-class WtfError < ElfError
+class ElfParseyError < ElfError
 end
 end

data/lib/rex/elfscan/scanner.rb CHANGED

@@ -94,7 +94,7 @@ class JmpRegScanner < Generic
         return 3
     end
-    raise "wtf"
+    raise "Cannot read at offset: #{offset}"
   end
   def _parse_ret(data)
@@ -136,7 +136,7 @@ class JmpRegScanner < Generic
           message = "push #{regname}; " + _parse_ret(elf.read(offset+2, retsize))
           offset += 2 + retsize
         else
-          raise "wtf"
+          raise "Unexpected value at #{offset}"
         end
       else
         regname = Rex::Arch::X86.reg_name32(byte1 & 0x7)

data/lib/rex/machparsey/exceptions.rb CHANGED

@@ -18,9 +18,6 @@ end
 class BoundsError < MachError
 end
-#class WtfError < MachError
-#end
 class FatError < ::RuntimeError
 end

data/lib/rex/machscan/scanner.rb CHANGED

@@ -125,7 +125,7 @@ class JmpRegScanner < Generic
             message = "push #{regname}; " + _parse_ret(mach.read(offset+2, retsize))
             offset += 2 + retsize
         else
-            raise "wtf"
+            raise "Unexpected value at offset: #{offset}"
         end
       else
         regname = Rex::Arch::X86.reg_name32(byte1 & 0x7)

data/lib/rex/peparsey/exceptions.rb CHANGED

@@ -21,7 +21,7 @@ end
 class BoundsError < PeError
 end
-class WtfError < PeError
+class PeParseyError < PeError
 end
 class SkipError < PeError

data/lib/rex/peparsey/pebase.rb CHANGED

@@ -1196,7 +1196,7 @@ class PeBase
         return section.rva_to_file_offset(rva)
       end
     end
-    raise WtfError, "wtf!", caller
+    raise PeParseyError, "No section contains RVA", caller
   end
   def vma_to_file_offset(vma)
@@ -1205,7 +1205,7 @@ class PeBase
   def file_offset_to_rva(foffset)
     if foffset < 0
-      raise WtfError, "lame", caller
+      raise PeParseyError, "Offset should not be less than 0. The value is: #{foffset}", caller
     end
     all_sections.each do |section|
@@ -1214,7 +1214,7 @@ class PeBase
       end
     end
-    raise WtfError, "wtf! #{foffset}", caller
+    raise PeParseyError, "No section contains file offset #{foffset}", caller
   end
   def file_offset_to_vma(foffset)
@@ -1245,7 +1245,7 @@ class PeBase
     section = _find_section_by_rva(rva)
     if !section
-      raise WtfError, "Cannot find rva! #{rva}", caller
+      raise PeParseyError, "Cannot find rva! #{rva}", caller
     end
     return section

data/lib/rex/pescan/search.rb CHANGED

@@ -30,7 +30,7 @@ module Search
       begin
         buf = pe.read_rva(@address, suf)
-      rescue ::Rex::PeParsey::WtfError
+      rescue ::Rex::PeParsey::PeParseyError
         return
       end

data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb CHANGED

@@ -89,7 +89,6 @@ class Registry
     request.add_tlv(TLV_TYPE_TARGET_HOST, target_host)
     request.add_tlv(TLV_TYPE_ROOT_KEY, root_key)
     response = client.send_request(request)
     return Rex::Post::Meterpreter::Extensions::Stdapi::Sys::RegistrySubsystem::RemoteRegistryKey.new(
@@ -166,6 +165,24 @@ class Registry
     return keys
   end
+  def Registry.enum_key_direct(root_key, base_key, perm = KEY_READ)
+    request = Packet.create_request('stdapi_registry_enum_key_direct')
+    keys    = []
+    request.add_tlv(TLV_TYPE_ROOT_KEY, root_key)
+    request.add_tlv(TLV_TYPE_BASE_KEY, base_key)
+    request.add_tlv(TLV_TYPE_PERMISSION, perm)
+    response = client.send_request(request)
+    # Enumerate through all of the registry keys
+    response.each(TLV_TYPE_KEY_NAME) do |key_name|
+      keys << key_name.value
+    end
+    keys
+  end
   ##
   #
   # Registry value interaction
@@ -195,10 +212,55 @@ class Registry
     return true
   end
+  def Registry.set_value_direct(root_key, base_key, name, type, data, perm = KEY_WRITE)
+    request = Packet.create_request('stdapi_registry_set_value_direct')
+    request.add_tlv(TLV_TYPE_ROOT_KEY, root_key)
+    request.add_tlv(TLV_TYPE_BASE_KEY, base_key)
+    request.add_tlv(TLV_TYPE_PERMISSION, perm)
+    request.add_tlv(TLV_TYPE_VALUE_NAME, name)
+    request.add_tlv(TLV_TYPE_VALUE_TYPE, type)
+    if type == REG_SZ
+      data += "\x00"
+    elsif type == REG_DWORD
+      data = [data.to_i].pack('V')
+    end
+    request.add_tlv(TLV_TYPE_VALUE_DATA, data)
+    response = client.send_request(request)
+    true
+  end
   #
   # Queries the registry value supplied in name and returns an
   # initialized RegistryValue instance if a match is found.
   #
+  def Registry.query_value_direct(root_key, base_key, name, perm = KEY_READ)
+    request = Packet.create_request('stdapi_registry_query_value_direct')
+    request.add_tlv(TLV_TYPE_ROOT_KEY, root_key)
+    request.add_tlv(TLV_TYPE_BASE_KEY, base_key)
+    request.add_tlv(TLV_TYPE_PERMISSION, perm)
+    request.add_tlv(TLV_TYPE_VALUE_NAME, name)
+    response = client.send_request(request)
+    type = response.get_tlv(TLV_TYPE_VALUE_TYPE).value
+    data = response.get_tlv(TLV_TYPE_VALUE_DATA).value
+    if type == REG_SZ
+      data = data[0..-2]
+    elsif type == REG_DWORD
+      data = data.unpack('N')[0]
+    end
+    Rex::Post::Meterpreter::Extensions::Stdapi::Sys::RegistrySubsystem::RegistryValue.new(
+        client, 0, name, type, data)
+  end
   def Registry.query_value(hkey, name)
     request = Packet.create_request('stdapi_registry_query_value')
@@ -207,8 +269,8 @@ class Registry
     response = client.send_request(request)
-    data = response.get_tlv(TLV_TYPE_VALUE_DATA).value;
-    type = response.get_tlv(TLV_TYPE_VALUE_TYPE).value;
+    data = response.get_tlv(TLV_TYPE_VALUE_DATA).value
+    type = response.get_tlv(TLV_TYPE_VALUE_TYPE).value
     if (type == REG_SZ)
       data = data[0..-2]
@@ -272,6 +334,24 @@ class Registry
     return values
   end
+  def Registry.enum_value_direct(root_key, base_key, perm = KEY_READ)
+    request = Packet.create_request('stdapi_registry_enum_value_direct')
+    values  = []
+    request.add_tlv(TLV_TYPE_ROOT_KEY, root_key)
+    request.add_tlv(TLV_TYPE_BASE_KEY, base_key)
+    request.add_tlv(TLV_TYPE_PERMISSION, perm)
+    response = client.send_request(request)
+    response.each(TLV_TYPE_VALUE_NAME) do |value_name|
+      values << Rex::Post::Meterpreter::Extensions::Stdapi::Sys::RegistrySubsystem::RegistryValue.new(
+          client, 0, value_name.value)
+    end
+    values
+  end
   #
   # Return the key value associated with the supplied string.  This is useful
   # for converting HKLM as a string into its actual integer representation.

data/lib/rex/proto/http/server.rb CHANGED

@@ -81,7 +81,6 @@ class Server
       "htm"   => "text/htm",
       "jpg"   => "image/jpeg",
       "jpeg"  => "image/jpeg",
-      "jpeg"  => "image/jpeg",
       "gif"   => "image/gif",
       "png"   => "image/png",
       "bmp"   => "image/bmp",

data/lib/rex/proto/pjl.rb CHANGED

@@ -1,4 +1,5 @@
 # -*- coding: binary -*-
 # https://en.wikipedia.org/wiki/Printer_Job_Language
 # See external links for PJL spec
@@ -25,7 +26,10 @@ module Rex::Proto::PJL
   RDYMSG = "#{PREFIX} RDYMSG"
   FSINIT = "#{PREFIX} FSINIT"
+  FSQUERY = "#{PREFIX} FSQUERY"
   FSDIRLIST = "#{PREFIX} FSDIRLIST"
   FSUPLOAD = "#{PREFIX} FSUPLOAD"
+  FSDOWNLOAD = "#{PREFIX} FSDOWNLOAD"
+  FSDELETE = "#{PREFIX} FSDELETE"
 end

data/lib/rex/proto/pjl/client.rb CHANGED

@@ -1,12 +1,11 @@
 # -*- coding: binary -*-
 # https://en.wikipedia.org/wiki/Printer_Job_Language
 # See external links for PJL spec
 module Rex::Proto::PJL
 class Client
-  attr_reader :sock
   def initialize(sock)
     @sock = sock
   end
@@ -117,19 +116,39 @@ class Client
     @sock.put(%Q{#{FSINIT} VOLUME = "#{volume}"\n})
   end
+  # Query a file
+  #
+  # @param path [String] Remote path
+  # @return [Boolean] True if file exists
+  def fsquery(path)
+    if path !~ /^[0-2]:/
+      raise ArgumentError, "Path must begin with 0:, 1:, or 2:"
+    end
+    file = false
+    @sock.put(%Q{#{FSQUERY} NAME = "#{path}"\n})
+    if @sock.get(DEFAULT_TIMEOUT) =~ /TYPE=(FILE|DIR)/m
+      file = true
+    end
+    file
+  end
   # List a directory
   #
-  # @param pathname [String] Pathname
+  # @param path [String] Remote path
   # @param count [Fixnum] Number of entries to list
   # @return [String] Directory listing
-  def fsdirlist(pathname, count = COUNT_MAX)
-    if pathname !~ /^[0-2]:/
-      raise ArgumentError, "Pathname must begin with 0:, 1:, or 2:"
+  def fsdirlist(path, count = COUNT_MAX)
+    if path !~ /^[0-2]:/
+      raise ArgumentError, "Path must begin with 0:, 1:, or 2:"
     end
     listing = nil
-    @sock.put(%Q{#{FSDIRLIST} NAME = "#{pathname}" ENTRY=1 COUNT=#{count}\n})
+    @sock.put(%Q{#{FSDIRLIST} NAME = "#{path}" ENTRY=1 COUNT=#{count}\n})
     if @sock.get(DEFAULT_TIMEOUT) =~ /ENTRY=1\r?\n(.*?)\f/m
       listing = $1
@@ -140,17 +159,16 @@ class Client
   # Download a file
   #
-  # @param pathname [String] Pathname
-  # @param size [Fixnum] Size of file
+  # @param path [String] Remote path
   # @return [String] File as a string
-  def fsupload(pathname, size = SIZE_MAX)
-    if pathname !~ /^[0-2]:/
-      raise ArgumentError, "Pathname must begin with 0:, 1:, or 2:"
+  def fsupload(path)
+    if path !~ /^[0-2]:/
+      raise ArgumentError, "Path must begin with 0:, 1:, or 2:"
     end
     file = nil
-    @sock.put(%Q{#{FSUPLOAD} NAME = "#{pathname}" OFFSET=0 SIZE=#{size}\n})
+    @sock.put(%Q{#{FSUPLOAD} NAME = "#{path}" OFFSET=0 SIZE=#{SIZE_MAX}\n})
     if @sock.get(DEFAULT_TIMEOUT) =~ /SIZE=\d+\r?\n(.*)\f/m
       file = $1
@@ -159,5 +177,41 @@ class Client
     file
   end
+  # Upload a file
+  #
+  # @param lpath [String] Local path
+  # @param rpath [String] Remote path
+  # @return [Boolean] True if the file was uploaded
+  def fsdownload(lpath, rpath)
+    if rpath !~ /^[0-2]:/
+      raise ArgumentError, "Path must begin with 0:, 1:, or 2:"
+    end
+    file = File.read(lpath)
+    @sock.put(
+      %Q{#{FSDOWNLOAD} FORMAT:BINARY SIZE=#{file.length} NAME = "#{rpath}"\n}
+    )
+    @sock.put(file)
+    @sock.put(UEL)
+    fsquery(rpath)
+  end
+  # Delete a file
+  #
+  # @param path [String] Remote path
+  # @return [Boolean] True if the file was deleted
+  def fsdelete(path)
+    if path !~ /^[0-2]:/
+      raise ArgumentError, "Path must begin with 0:, 1:, or 2:"
+    end
+    @sock.put(%Q{#{FSDELETE} NAME = "#{path}"\n})
+    !fsquery(path)
+  end
 end
 end

data/lib/rex/proto/smb/constants.rb CHANGED

@@ -4,1058 +4,1399 @@ module Proto
 module SMB
 class Constants
-require 'rex/struct2'
-# SMB Commands
-SMB_COM_CREATE_DIRECTORY           = 0x00
-SMB_COM_DELETE_DIRECTORY           = 0x01
-SMB_COM_OPEN                       = 0x02
-SMB_COM_CREATE                     = 0x03
-SMB_COM_CLOSE                      = 0x04
-SMB_COM_FLUSH                      = 0x05
-SMB_COM_DELETE                     = 0x06
-SMB_COM_RENAME                     = 0x07
-SMB_COM_QUERY_INFORMATION          = 0x08
-SMB_COM_SET_INFORMATION            = 0x09
-SMB_COM_READ                       = 0x0a
-SMB_COM_WRITE                      = 0x0b
-SMB_COM_LOCK_BYTE_RANGE            = 0x0c
-SMB_COM_UNLOCK_BYTE_RANGE          = 0x0d
-SMB_COM_CREATE_TEMPORARY           = 0x0e
-SMB_COM_CREATE_NEW                 = 0x0f
-SMB_COM_CHECK_DIRECTORY            = 0x10
-SMB_COM_PROCESS_EXIT               = 0x11
-SMB_COM_SEEK                       = 0x12
-SMB_COM_LOCK_AND_READ              = 0x13
-SMB_COM_WRITE_AND_UNLOCK           = 0x14
-SMB_COM_READ_RAW                   = 0x1a
-SMB_COM_READ_MPX                   = 0x1b
-SMB_COM_READ_MPX_SECONDARY         = 0x1c
-SMB_COM_WRITE_RAW                  = 0x1d
-SMB_COM_WRITE_MPX                  = 0x1e
-SMB_COM_WRITE_MPX_SECONDARY        = 0x1f
-SMB_COM_WRITE_COMPLETE             = 0x20
-SMB_COM_QUERY_SERVER               = 0x21
-SMB_COM_SET_INFORMATION2           = 0x22
-SMB_COM_QUERY_INFORMATION2         = 0x23
-SMB_COM_LOCKING_ANDX               = 0x24
-SMB_COM_TRANSACTION                = 0x25
-SMB_COM_TRANSACTION_SECONDARY      = 0x26
-SMB_COM_IOCTL                      = 0x27
-SMB_COM_IOCTL_SECONDARY            = 0x28
-SMB_COM_COPY                       = 0x29
-SMB_COM_MOVE                       = 0x2a
-SMB_COM_ECHO                       = 0x2b
-SMB_COM_WRITE_AND_CLOSE            = 0x2c
-SMB_COM_OPEN_ANDX                  = 0x2d
-SMB_COM_READ_ANDX                  = 0x2e
-SMB_COM_WRITE_ANDX                 = 0x2f
-SMB_COM_NEW_FILE_SIZE              = 0x30
-SMB_COM_CLOSE_AND_TREE_DISC        = 0x31
-SMB_COM_TRANSACTION2               = 0x32
-SMB_COM_TRANSACTION2_SECONDARY     = 0x33
-SMB_COM_FIND_CLOSE2                = 0x34
-SMB_COM_FIND_NOTIFY_CLOSE          = 0x35
-SMB_COM_TREE_CONNECT               = 0x70
-SMB_COM_TREE_DISCONNECT            = 0x71
-SMB_COM_NEGOTIATE                  = 0x72
-SMB_COM_SESSION_SETUP_ANDX         = 0x73
-SMB_COM_LOGOFF_ANDX                = 0x74
-SMB_COM_TREE_CONNECT_ANDX          = 0x75
-SMB_COM_QUERY_INFORMATION_DISK     = 0x80
-SMB_COM_SEARCH                     = 0x81
-SMB_COM_FIND                       = 0x82
-SMB_COM_FIND_UNIQUE                = 0x83
-SMB_COM_FIND_CLOSE                 = 0x84
-SMB_COM_NT_TRANSACT                = 0xa0
-SMB_COM_NT_TRANSACT_SECONDARY      = 0xa1
-SMB_COM_NT_CREATE_ANDX             = 0xa2
-SMB_COM_NT_CANCEL                  = 0xa4
-SMB_COM_NT_RENAME                  = 0xa5
-SMB_COM_OPEN_PRINT_FILE            = 0xc0
-SMB_COM_WRITE_PRINT_FILE           = 0xc1
-SMB_COM_CLOSE_PRINT_FILE           = 0xc2
-SMB_COM_GET_PRINT_QUEUE            = 0xc3
-SMB_COM_READ_BULK                  = 0xd8
-SMB_COM_WRITE_BULK                 = 0xd9
-SMB_COM_NO_ANDX_COMMAND            = 0xff
-# SMB Version 2 Commands
-SMB2_OP_NEGPROT   = 0x00
-SMB2_OP_SESSSETUP = 0x01
-SMB2_OP_LOGOFF    = 0x02
-SMB2_OP_TCON      = 0x03
-SMB2_OP_TDIS      = 0x04
-SMB2_OP_CREATE    = 0x05
-SMB2_OP_CLOSE     = 0x06
-SMB2_OP_FLUSH     = 0x07
-SMB2_OP_READ      = 0x08
-SMB2_OP_WRITE     = 0x09
-SMB2_OP_LOCK      = 0x0a
-SMB2_OP_IOCTL     = 0x0b
-SMB2_OP_CANCEL    = 0x0c
-SMB2_OP_KEEPALIVE = 0x0d
-SMB2_OP_FIND      = 0x0e
-SMB2_OP_NOTIFY    = 0x0f
-SMB2_OP_GETINFO   = 0x10
-SMB2_OP_SETINFO   = 0x11
-SMB2_OP_BREAK     = 0x12
-# SMB_COM_NT_TRANSACT Subcommands
-NT_TRANSACT_CREATE                   = 1 # File open/create
-NT_TRANSACT_IOCTL                    = 2 # Device IOCTL
-NT_TRANSACT_SET_SECURITY_DESC        = 3 # Set security descriptor
-NT_TRANSACT_NOTIFY_CHANGE            = 4 # Start directory watch
-NT_TRANSACT_RENAME                   = 5 # Reserved (Handle-based)
-NT_TRANSACT_QUERY_SECURITY_DESC      = 6 # Retrieve security
-NT_TRANSACT_GET_USER_QUOTA           = 7 # Get quota
-NT_TRANSACT_SET_USER_QUOTA           = 8 # Set quota
-# Open Modes
-OPEN_MODE_CREAT = 0x10   # Create the file if file does not exists. Otherwise, operation fails.
-OPEN_MODE_EXCL  = 0x00   # When used with SMB_O_CREAT, operation fails if file exists. Cannot be used with SMB_O_OPEN.
-OPEN_MODE_OPEN  = 0x01   # Open the file if the file exists
-OPEN_MODE_TRUNC = 0x02   # Truncate the file if the file exists
-# Shared Access
-OPEN_SHARE_COMPAT            = 0x00
-OPEN_SHARE_DENY_EXCL         = 0x10
-OPEN_SHARE_DENY_WRITE        = 0x20
-OPEN_SHARE_DENY_READEXEC     = 0x30
-OPEN_SHARE_DENY_NONE         = 0x40
-# File Access
-OPEN_ACCESS_READ          = 0x00
-OPEN_ACCESS_WRITE         = 0x01
-OPEN_ACCESS_READWRITE     = 0x02
-OPEN_ACCESS_EXEC          = 0x03
-# Create Disposition
-CREATE_ACCESS_SUPERSEDE  = 0x00	# Replace any previously existing file
-CREATE_ACCESS_EXIST      = 0x01 # Open existing file and fail if it does not exist
-CREATE_ACCESS_CREATE     = 0x02 # Create the file, fail if it already exists
-CREATE_ACCESS_OPENCREATE = 0x03 # Open existing file or create it if it does not exist
-CREATE_ACCESS_OVEREXIST  = 0x04 # Overwrite existing file and fail if it does not exist
-CREATE_ACCESS_OVERCREATE = 0x05 # Overwrite existing file or create it if it does not exist
-# Wildcard NetBIOS name
-NETBIOS_REDIR = 'CACACACACACACACACACACACACACACAAA'
-  # 0 = open2
-  # 1 = find_first
-  # 2 = find_next
-  # 3 = query_fs_info
-  # 4 = set_fs_quota
-  # 5 = query_path_info
-  # 6 = set_path_info
-  # 7 = query_file_info
-  # 8 = set_file_info
-  # 9 = fsctl
-  # 10 = ioctl2
-  # 11 = find_notify_first
-  # 12 = find_notify_next
-  # 13 = create_directory
-  # 14 = session_setup
-# SMB_COM_TRANSACTION2 Commands
-TRANS2_OPEN2 = 0
-TRANS2_FIND_FIRST2 = 1
-TRANS2_FIND_NEXT2 = 2
-TRANS2_QUERY_FS_INFO = 3
-TRANS2_SET_PATH_INFO = 6
-TRANS2_CREATE_DIRECTORY = 13
-# SMB_COM_TRANSACTION2 QUERY_FS_INFO information levels
-SMB_INFO_ALLOCATION = 1
-SMB_INFO_VOLUME = 2
-SMB_QUERY_FS_VOLUME_INFO = 0x102
-SMB_QUERY_FS_SIZE_INFO = 0x103
-SMB_QUERY_FS_DEVICE_INFO = 0x104
-SMB_QUERY_FS_ATTRIBUTE_INFO = 0x105
-# SMB_COM_TRANSACTION2 QUERY_PATH_INFO information levels
-SMB_INFO_STANDARD = 1
-SMB_INFO_QUERY_EA_SIZE = 2
-SMB_INFO_QUERY_EAS_FROM_LIST = 3
-SMB_INFO_QUERY_ALL_EAS = 4
-SMB_INFO_IS_NAME_VALID = 6
-SMB_QUERY_FILE_BASIC_INFO = 0x101
-SMB_QUERY_FILE_STANDARD_INFO = 0x102
-SMB_QUERY_FILE_EA_INFO = 0x103
-SMB_QUERY_FILE_NAME_INFO = 0x104
-SMB_QUERY_FILE_ALL_INFO = 0x107
-SMB_QUERY_FILE_ALT_NAME_INFO = 0x108
-SMB_QUERY_FILE_STREAM_INFO = 0x109
-SMB_QUERY_FILE_COMPRESSION_INFO = 0x10B
-SMB_QUERY_FILE_UNIX_BASIC = 0x200
-SMB_QUERY_FILE_UNIX_LINK = 0x201
-SMB_INFO_PASSTHROUGH = 0x1000
-# Device Types
-FILE_DEVICE_BEEP = 0x00000001
-FILE_DEVICE_CD_ROM = 0x00000002
-FILE_DEVICE_CD_ROM_FILE_SYSTEM = 0x00000003
-FILE_DEVICE_CONTROLLER = 0x00000004
-FILE_DEVICE_DATALINK = 0x00000005
-FILE_DEVICE_DFS = 0x00000006
-FILE_DEVICE_DISK = 0x00000007
-FILE_DEVICE_DISK_FILE_SYSTEM = 0x00000008
-FILE_DEVICE_FILE_SYSTEM = 0x00000009
-FILE_DEVICE_INPORT_PORT = 0x0000000A
-FILE_DEVICE_KEYBOARD = 0x0000000B
-FILE_DEVICE_MAILSLOT = 0x0000000C
-FILE_DEVICE_MIDI_IN = 0x0000000D
-FILE_DEVICE_MIDI_OUT = 0x0000000E
-FILE_DEVICE_MOUSE = 0x0000000F
-FILE_DEVICE_MULTI_UNC_PROVIDER = 0x00000010
-FILE_DEVICE_NAMED_PIPE = 0x00000011
-FILE_DEVICE_NETWORK = 0x00000012
-FILE_DEVICE_NETWORK_BROWSER = 0x00000013
-FILE_DEVICE_NETWORK_FILE_SYSTEM = 0x00000014
-FILE_DEVICE_NULL = 0x00000015
-FILE_DEVICE_PARALLEL_PORT = 0x00000016
-FILE_DEVICE_PHYSICAL_NETCARD = 0x00000017
-FILE_DEVICE_PRINTER = 0x00000018
-FILE_DEVICE_SCANNER = 0x00000019
-FILE_DEVICE_SERIAL_MOUSE_PORT = 0x0000001A
-FILE_DEVICE_SERIAL_PORT = 0x0000001B
-FILE_DEVICE_SCREEN = 0x0000001C
-FILE_DEVICE_SOUND = 0x0000001D
-FILE_DEVICE_STREAMS = 0x0000001E
-FILE_DEVICE_TAPE = 0x0000001F
-FILE_DEVICE_TAPE_FILE_SYSTEM = 0x00000020
-FILE_DEVICE_TRANSPORT = 0x00000021
-FILE_DEVICE_UNKNOWN = 0x00000022
-FILE_DEVICE_VIDEO = 0x00000023
-FILE_DEVICE_VIRTUAL_DISK = 0x00000024
-FILE_DEVICE_WAVE_IN = 0x00000025
-FILE_DEVICE_WAVE_OUT = 0x00000026
-FILE_DEVICE_8042_PORT = 0x00000027
-FILE_DEVICE_NETWORK_REDIRECTOR = 0x00000028
-FILE_DEVICE_BATTERY = 0x00000029
-FILE_DEVICE_BUS_EXTENDER = 0x0000002A
-FILE_DEVICE_MODEM = 0x0000002B
-FILE_DEVICE_VDM = 0x0000002C
-# File and Device Attributes
-FILE_REMOVABLE_MEDIA = 0x00000001
-FILE_READ_ONLY_DEVICE = 0x00000002
-FILE_FLOPPY_DISKETTE = 0x00000004
-FILE_WRITE_ONE_MEDIA = 0x00000008
-FILE_REMOTE_DEVICE = 0x00000010
-FILE_DEVICE_IS_MOUNTED = 0x00000020
-FILE_VIRTUAL_VOLUME = 0x00000040
-FILE_CASE_SENSITIVE_SEARCH = 0x00000001
-FILE_CASE_PRESERVED_NAMES = 0x00000002
-FILE_PERSISTENT_ACLS = 0x00000004
-FILE_FILE_COMPRESSION = 0x00000008
-FILE_VOLUME_QUOTAS = 0x00000010
-FILE_VOLUME_IS_COMPRESSED = 0x00008000
-# SMB_EXT_FILE_ATTR
-# http://msdn.microsoft.com/en-us/library/ee878573(prot.20).aspx
-SMB_EXT_FILE_ATTR_READONLY = 0x00000001
-SMB_EXT_FILE_ATTR_HIDDEN = 0x00000002
-SMB_EXT_FILE_ATTR_SYSTEM = 0x00000004
-SMB_EXT_FILE_ATTR_DIRECTORY = 0x00000010
-SMB_EXT_FILE_ATTR_ARCHIVE = 0x00000020
-SMB_EXT_FILE_ATTR_NORMAL = 0x00000080
-SMB_EXT_FILE_ATTR_TEMPORARY = 0x00000100
-SMB_EXT_FILE_ATTR_COMPRESSED = 0x00000800
-SMB_EXT_FILE_POSIX_SEMANTICS = 0x01000000
-SMB_EXT_FILE_BACKUP_SEMANTICS = 0x02000000
-SMB_EXT_FILE_DELETE_ON_CLOSE = 0x04000000
-SMB_EXT_FILE_SEQUENTIAL_SCAN = 0x08000000
-SMB_EXT_FILE_RANDOM_ACCESS = 0x10000000
-SMB_EXT_FILE_NO_BUFFERING = 0x20000000
-SMB_EXT_FILE_WRITE_THROUGH = 0x80000000
-# SMB Error Codes
-SMB_STATUS_SUCCESS =			0x00000000
-SMB_ERROR_BUFFER_OVERFLOW =		0x80000005
-SMB_STATUS_MORE_PROCESSING_REQUIRED =	0xC0000016
-SMB_STATUS_ACCESS_DENIED =		0xC0000022
-SMB_STATUS_LOGON_FAILURE =		0xC000006D
-# SMB Dialect Compatibility
-DIALECT = {}
-DIALECT['PC NETWORK PROGRAM 1.0'] = [
-  SMB_COM_CHECK_DIRECTORY,
-  SMB_COM_CLOSE,
-  SMB_COM_CLOSE_PRINT_FILE,
-  SMB_COM_CREATE,
-  SMB_COM_CREATE_DIRECTORY,
-  SMB_COM_CREATE_NEW,
-  SMB_COM_CREATE_TEMPORARY,
-  SMB_COM_DELETE,
-  SMB_COM_DELETE_DIRECTORY,
-  SMB_COM_FLUSH,
-  SMB_COM_GET_PRINT_QUEUE,
-  SMB_COM_LOCK_BYTE_RANGE,
-  SMB_COM_NEGOTIATE,
-  SMB_COM_OPEN,
-  SMB_COM_OPEN_PRINT_FILE,
-  SMB_COM_PROCESS_EXIT,
-  SMB_COM_QUERY_INFORMATION,
-  SMB_COM_QUERY_INFORMATION_DISK,
-  SMB_COM_READ,
-  SMB_COM_RENAME,
-  SMB_COM_SEARCH,
-  SMB_COM_SEEK,
-  SMB_COM_SET_INFORMATION,
-  SMB_COM_TREE_CONNECT,
-  SMB_COM_TREE_DISCONNECT,
-  SMB_COM_UNLOCK_BYTE_RANGE,
-  SMB_COM_WRITE,
-  SMB_COM_WRITE_PRINT_FILE
-]
-DIALECT['LANMAN 1.0'] = DIALECT['PC NETWORK PROGRAM 1.0'] + [
-  SMB_COM_COPY,
-  SMB_COM_ECHO,
-  SMB_COM_FIND,
-  SMB_COM_FIND_CLOSE,
-  SMB_COM_FIND_UNIQUE,
-  SMB_COM_IOCTL,
-  SMB_COM_IOCTL_SECONDARY,
-  SMB_COM_LOCK_AND_READ,
-  SMB_COM_LOCKING_ANDX,
-  SMB_COM_MOVE,
-  SMB_COM_OPEN_ANDX,
-  SMB_COM_QUERY_INFORMATION2,
-  SMB_COM_READ_ANDX,
-  SMB_COM_READ_MPX,
-  SMB_COM_READ_RAW,
-  SMB_COM_SESSION_SETUP_ANDX,
-  SMB_COM_SET_INFORMATION2,
-  SMB_COM_TRANSACTION,
-  SMB_COM_TRANSACTION_SECONDARY,
-  SMB_COM_TREE_CONNECT_ANDX,
-  SMB_COM_WRITE_AND_CLOSE,
-  SMB_COM_WRITE_AND_UNLOCK,
-  SMB_COM_WRITE_ANDX,
-  SMB_COM_WRITE_COMPLETE,
-  SMB_COM_WRITE_MPX,
-  SMB_COM_WRITE_MPX_SECONDARY,
-  SMB_COM_WRITE_RAW
-]
-DIALECT['LM1.2X002'] = DIALECT['LANMAN 1.0'] + [
-  SMB_COM_FIND_CLOSE2,
-  SMB_COM_LOGOFF_ANDX,
-  SMB_COM_TRANSACTION2,
-  SMB_COM_TRANSACTION2_SECONDARY
-]
-DIALECT['NTLM 0.12'] = DIALECT['LM1.2X002'] + [
-  SMB_COM_NT_CANCEL,
-  SMB_COM_NT_CREATE_ANDX,
-  SMB_COM_NT_RENAME,
-  SMB_COM_NT_TRANSACT,
-  SMB_COM_NT_TRANSACT_SECONDARY
-]
-# Create a NetBIOS session packet template
-def self.make_nbs (template)
-  Rex::Struct2::CStructTemplate.new(
-    [ 'uint8',    'Type',             0 ],
-    [ 'uint8',    'Flags',            0 ],
-    [ 'uint16n',  'PayloadLen',       0 ],
-    [ 'template', 'Payload',          template ]
+  require 'rex/struct2'
+  # SMB Commands
+  SMB_COM_CREATE_DIRECTORY           = 0x00
+  SMB_COM_DELETE_DIRECTORY           = 0x01
+  SMB_COM_OPEN                       = 0x02
+  SMB_COM_CREATE                     = 0x03
+  SMB_COM_CLOSE                      = 0x04
+  SMB_COM_FLUSH                      = 0x05
+  SMB_COM_DELETE                     = 0x06
+  SMB_COM_RENAME                     = 0x07
+  SMB_COM_QUERY_INFORMATION          = 0x08
+  SMB_COM_SET_INFORMATION            = 0x09
+  SMB_COM_READ                       = 0x0a
+  SMB_COM_WRITE                      = 0x0b
+  SMB_COM_LOCK_BYTE_RANGE            = 0x0c
+  SMB_COM_UNLOCK_BYTE_RANGE          = 0x0d
+  SMB_COM_CREATE_TEMPORARY           = 0x0e
+  SMB_COM_CREATE_NEW                 = 0x0f
+  SMB_COM_CHECK_DIRECTORY            = 0x10
+  SMB_COM_PROCESS_EXIT               = 0x11
+  SMB_COM_SEEK                       = 0x12
+  SMB_COM_LOCK_AND_READ              = 0x13
+  SMB_COM_WRITE_AND_UNLOCK           = 0x14
+  SMB_COM_READ_RAW                   = 0x1a
+  SMB_COM_READ_MPX                   = 0x1b
+  SMB_COM_READ_MPX_SECONDARY         = 0x1c
+  SMB_COM_WRITE_RAW                  = 0x1d
+  SMB_COM_WRITE_MPX                  = 0x1e
+  SMB_COM_WRITE_MPX_SECONDARY        = 0x1f
+  SMB_COM_WRITE_COMPLETE             = 0x20
+  SMB_COM_QUERY_SERVER               = 0x21
+  SMB_COM_SET_INFORMATION2           = 0x22
+  SMB_COM_QUERY_INFORMATION2         = 0x23
+  SMB_COM_LOCKING_ANDX               = 0x24
+  SMB_COM_TRANSACTION                = 0x25
+  SMB_COM_TRANSACTION_SECONDARY      = 0x26
+  SMB_COM_IOCTL                      = 0x27
+  SMB_COM_IOCTL_SECONDARY            = 0x28
+  SMB_COM_COPY                       = 0x29
+  SMB_COM_MOVE                       = 0x2a
+  SMB_COM_ECHO                       = 0x2b
+  SMB_COM_WRITE_AND_CLOSE            = 0x2c
+  SMB_COM_OPEN_ANDX                  = 0x2d
+  SMB_COM_READ_ANDX                  = 0x2e
+  SMB_COM_WRITE_ANDX                 = 0x2f
+  SMB_COM_NEW_FILE_SIZE              = 0x30
+  SMB_COM_CLOSE_AND_TREE_DISC        = 0x31
+  SMB_COM_TRANSACTION2               = 0x32
+  SMB_COM_TRANSACTION2_SECONDARY     = 0x33
+  SMB_COM_FIND_CLOSE2                = 0x34
+  SMB_COM_FIND_NOTIFY_CLOSE          = 0x35
+  SMB_COM_TREE_CONNECT               = 0x70
+  SMB_COM_TREE_DISCONNECT            = 0x71
+  SMB_COM_NEGOTIATE                  = 0x72
+  SMB_COM_SESSION_SETUP_ANDX         = 0x73
+  SMB_COM_LOGOFF_ANDX                = 0x74
+  SMB_COM_TREE_CONNECT_ANDX          = 0x75
+  SMB_COM_QUERY_INFORMATION_DISK     = 0x80
+  SMB_COM_SEARCH                     = 0x81
+  SMB_COM_FIND                       = 0x82
+  SMB_COM_FIND_UNIQUE                = 0x83
+  SMB_COM_FIND_CLOSE                 = 0x84
+  SMB_COM_NT_TRANSACT                = 0xa0
+  SMB_COM_NT_TRANSACT_SECONDARY      = 0xa1
+  SMB_COM_NT_CREATE_ANDX             = 0xa2
+  SMB_COM_NT_CANCEL                  = 0xa4
+  SMB_COM_NT_RENAME                  = 0xa5
+  SMB_COM_OPEN_PRINT_FILE            = 0xc0
+  SMB_COM_WRITE_PRINT_FILE           = 0xc1
+  SMB_COM_CLOSE_PRINT_FILE           = 0xc2
+  SMB_COM_GET_PRINT_QUEUE            = 0xc3
+  SMB_COM_READ_BULK                  = 0xd8
+  SMB_COM_WRITE_BULK                 = 0xd9
+  SMB_COM_NO_ANDX_COMMAND            = 0xff
+  # SMB Version 2 Commands
+  SMB2_OP_NEGPROT   = 0x00
+  SMB2_OP_SESSSETUP = 0x01
+  SMB2_OP_LOGOFF    = 0x02
+  SMB2_OP_TCON      = 0x03
+  SMB2_OP_TDIS      = 0x04
+  SMB2_OP_CREATE    = 0x05
+  SMB2_OP_CLOSE     = 0x06
+  SMB2_OP_FLUSH     = 0x07
+  SMB2_OP_READ      = 0x08
+  SMB2_OP_WRITE     = 0x09
+  SMB2_OP_LOCK      = 0x0a
+  SMB2_OP_IOCTL     = 0x0b
+  SMB2_OP_CANCEL    = 0x0c
+  SMB2_OP_KEEPALIVE = 0x0d
+  SMB2_OP_FIND      = 0x0e
+  SMB2_OP_NOTIFY    = 0x0f
+  SMB2_OP_GETINFO   = 0x10
+  SMB2_OP_SETINFO   = 0x11
+  SMB2_OP_BREAK     = 0x12
+  # SMB_COM_NT_TRANSACT Subcommands
+  NT_TRANSACT_CREATE                   = 1 # File open/create
+  NT_TRANSACT_IOCTL                    = 2 # Device IOCTL
+  NT_TRANSACT_SET_SECURITY_DESC        = 3 # Set security descriptor
+  NT_TRANSACT_NOTIFY_CHANGE            = 4 # Start directory watch
+  NT_TRANSACT_RENAME                   = 5 # Reserved (Handle-based)
+  NT_TRANSACT_QUERY_SECURITY_DESC      = 6 # Retrieve security
+  NT_TRANSACT_GET_USER_QUOTA           = 7 # Get quota
+  NT_TRANSACT_SET_USER_QUOTA           = 8 # Set quota
+  # NT Flags bits - cifs6.txt section 3.1.1
+  FLAGS_REQ_RES = 0x80
+  FLAGS_NOTIFY = 0x40
+  FLAGS_OP_LOCKS = 0x20
+  FLAGS_PATH_NORMALIZED = 0x10
+  FLAGS_CASE_SENSITIVE = 0x8
+  FLAGS_RESERVED = 0x4
+  FLAGS_POSTED = 0x2
+  FLAGS_LOCK_SUPPORT = 0x1
+  # NT Flags2 bits - cifs6.txt section 3.1.2
+  FLAGS2_LONG_PATH_COMPONENTS             = 0x0001
+  FLAGS2_EXTENDED_ATTRIBUTES              = 0x0002
+  FLAGS2_SMB_SECURITY_SIGNATURES          = 0x0004
+  FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED = 0x0010
+  FLAGS2_IS_LONG_NAME                     = 0x0040
+  FLAGS2_EXTENDED_SECURITY                = 0x0800
+  FLAGS2_DFS_PATHNAMES                    = 0x1000
+  FLAGS2_READ_PERMIT_EXECUTE              = 0x2000
+  FLAGS2_32_BIT_ERROR_CODES               = 0x4000
+  FLAGS2_UNICODE_STRINGS                  = 0x8000
+  FLAGS2_WIN2K_SIGNATURE                  = 0xC852
+  # SMB Negotiate Security Modes
+  NEG_SECURITY_SHARE = 1
+  NEG_SECURITY_PASSWORD = 2
+  # SMB Setup Actions
+  SMB_SETUP_GUEST = 1
+  SMB_SETUP_USE_LANMAN_KEY = 2
+  # SMB Negotiate Capabilities
+  # The server supports SMB_COM_READ_RAW and SMB_COM_WRITE_RAW
+  CAP_RAW_MODE         = 0x0001
+  # The server supports SMB_COM_READ_MPX and SMB_COM_WRITE_MPX
+  CAP_MPX_MODE         = 0x0002
+  # The server supports Unicode strings
+  CAP_UNICODE          = 0x0004
+  # The server supports large files with 64 bit offsets
+  CAP_LARGE_FILES      = 0x0008
+  # The server supports the SMBs particular to the NT LM 0.12 dialect
+  CAP_NT_SMBS          = 0x0010
+  # The sever supports remote API requests via RPC
+  CAP_RPC_REMOTE_APIS  = 0x0020
+  # The server can respond with 32 bit status codes in Status.Status
+  CAP_STATUS32         = 0x0040
+  # The server supports level 2 oplocks
+  CAP_LEVEL_II_OPLOCKS = 0x0080
+  # The server supports the SMB_COM_LOCK_AND_READ SMB
+  CAP_LOCK_AND_READ    = 0x0100
+  CAP_NT_FIND          = 0x0200
+  # This server is DFS aware
+  CAP_DFS              = 0x1000
+  CAP_PASSTHRU         = 0x2000
+  CAP_LARGE_READX      = 0x4000
+  CAP_LARGE_WRITEX     = 0x8000
+  CAP_UNIX_EXTENSIONS  = 0x800000
+  # Open Modes
+  OPEN_MODE_CREAT = 0x10   # Create the file if file does not exists. Otherwise, operation fails.
+  OPEN_MODE_EXCL  = 0x00   # When used with SMB_O_CREAT, operation fails if file exists. Cannot be used with SMB_O_OPEN.
+  OPEN_MODE_OPEN  = 0x01   # Open the file if the file exists
+  OPEN_MODE_TRUNC = 0x02   # Truncate the file if the file exists
+  # Shared Access
+  OPEN_SHARE_COMPAT            = 0x00
+  OPEN_SHARE_DENY_EXCL         = 0x10
+  OPEN_SHARE_DENY_WRITE        = 0x20
+  OPEN_SHARE_DENY_READEXEC     = 0x30
+  OPEN_SHARE_DENY_NONE         = 0x40
+  # OpLock Levels
+  NO_OPLOCK = 0x00
+  EXCLUSIVE_OPLOCK = 0x01
+  BATCH_OPLOCK = 0x02
+  LEVEL_II_OPLOCK = 0x03
+  # Dispositions, action to take if the file already exists or if the file is a new file and does not already exist
+  FILE_SUPERSEDE = 0x00000000
+  FILE_OPEN = 0x00000001
+  FILE_CREATE = 0x00000002
+  FILE_OPEN_IF = 0x00000003
+  FILE_OVERWRITE = 0x00000004
+  FILE_OVERWRITE_IF = 0x00000005
+  # File Access
+  OPEN_ACCESS_READ          = 0x00
+  OPEN_ACCESS_WRITE         = 0x01
+  OPEN_ACCESS_READWRITE     = 0x02
+  OPEN_ACCESS_EXEC          = 0x03
+  # Create Disposition
+  CREATE_ACCESS_SUPERSEDE  = 0x00	# Replace any previously existing file
+  CREATE_ACCESS_EXIST      = 0x01 # Open existing file and fail if it does not exist
+  CREATE_ACCESS_CREATE     = 0x02 # Create the file, fail if it already exists
+  CREATE_ACCESS_OPENCREATE = 0x03 # Open existing file or create it if it does not exist
+  CREATE_ACCESS_OVEREXIST  = 0x04 # Overwrite existing file and fail if it does not exist
+  CREATE_ACCESS_OVERCREATE = 0x05 # Overwrite existing file or create it if it does not exist
+  # Access Rights
+  SMB_READ_ACCESS = 1
+  SMB_WRITE_ACCESS = 2
+  SMB_APPEND_ACCESS = 4
+  SMB_READ_EA_ACCESS = 8
+  SMB_WRITE_EA_ACCESS = 0x10
+  SMB_EXECUTE_ACCESS = 0x20
+  SMB_DELETE_CHILD_ACCESS = 0x40
+  SMB_READ_ATTRIBUTES_ACCESS = 0x80
+  SMB_WRITE_ATTRIBUTES_ACCESS = 0x100
+  SMB_DELETE_ACCESS = 0x10000
+  SMB_READ_CONTROL_ACCESS = 0x20000
+  SMB_WRITE_DAC_ACCESS = 0x40000
+  SMB_WRITE_OWNER_ACCESS = 0x80000
+  SMB_SYNC_ACCESS = 0x100000
+  # Wildcard NetBIOS name
+  NETBIOS_REDIR = 'CACACACACACACACACACACACACACACAAA'
+    # 0 = open2
+    # 1 = find_first
+    # 2 = find_next
+    # 3 = query_fs_info
+    # 4 = set_fs_quota
+    # 5 = query_path_info
+    # 6 = set_path_info
+    # 7 = query_file_info
+    # 8 = set_file_info
+    # 9 = fsctl
+    # 10 = ioctl2
+    # 11 = find_notify_first
+    # 12 = find_notify_next
+    # 13 = create_directory
+    # 14 = session_setup
+  # SMB_COM_TRANSACTION2 SubCommands
+  TRANS2_OPEN2 = 0
+  TRANS2_FIND_FIRST2 = 1
+  TRANS2_FIND_NEXT2 = 2
+  TRANS2_QUERY_FS_INFO = 3
+  TRANS2_SET_FS_INFO = 4
+  TRANS2_QUERY_PATH_INFO = 5
+  TRANS2_SET_PATH_INFO = 6
+  TRANS2_QUERY_FILE_INFO = 7
+  TRANS2_SET_FILE_INFO = 8
+  TRANS2_FSCTL = 9
+  TRANS2_IOCTL2 = 10
+  TRANS2_FIND_NOTIFY_FIRST = 11
+  TRANS2_FIND_NOTIFY_NEXT = 12
+  TRANS2_CREATE_DIRECTORY = 13
+  TRANS2_SESSION_SETUP = 14
+  TRANS2_GET_DFS_REFERRAL = 16
+  TRANS2_REPORT_DFS_INCONSISTENCY = 17
+  # SMB_COM_TRANSACTION2 QUERY_FS_INFO information levels
+  SMB_INFO_ALLOCATION = 1
+  SMB_INFO_VOLUME = 2
+  SMB_QUERY_FS_VOLUME_INFO = 0x102
+  SMB_QUERY_FS_SIZE_INFO = 0x103
+  SMB_QUERY_FS_DEVICE_INFO = 0x104
+  SMB_QUERY_FS_ATTRIBUTE_INFO = 0x105
+  # SMB_COM_TRANSACTION2 QUERY_PATH_INFO information levels
+  SMB_INFO_STANDARD = 1
+  SMB_INFO_QUERY_EA_SIZE = 2
+  SMB_INFO_QUERY_EAS_FROM_LIST = 3
+  SMB_INFO_QUERY_ALL_EAS = 4
+  SMB_INFO_IS_NAME_VALID = 6
+  SMB_QUERY_FILE_BASIC_INFO = 0x101
+  SMB_QUERY_FILE_STANDARD_INFO = 0x102
+  SMB_QUERY_FILE_EA_INFO = 0x103
+  SMB_QUERY_FILE_NAME_INFO = 0x104
+  SMB_QUERY_FILE_ALL_INFO = 0x107
+  SMB_QUERY_FILE_ALT_NAME_INFO = 0x108
+  SMB_QUERY_FILE_STREAM_INFO = 0x109
+  SMB_QUERY_FILE_COMPRESSION_INFO = 0x10B
+  SMB_QUERY_FILE_UNIX_BASIC = 0x200
+  SMB_QUERY_FILE_UNIX_LINK = 0x201
+  SMB_QUERY_FILE_BASIC_INFO_ALIAS = 0x3EC # alias for 0x101
+  SMB_SET_FILE_BASIC_INFO_ALIAS = 0x3EC # alias for 0x101
+  SMB_QUERY_FILE_STANDARD_INFO_ALIAS = 0x3ED # alias for 0x102
+  SMB_QUERY_FILE_INTERNAL_INFO_ALIAS = 0x3EE # alias for 0x103
+  SMB_QUERY_FILE_EA_INFO_ALIAS = 0x3EF # alias for 0x103
+  SMB_QUERY_FILE_NAME_INFO_ALIAS = 0x3F1 # alias for 0x104
+  SMB_QUERY_FILE_NETWORK_OPEN_INFO = 0x40A
+  SMB_INFO_PASSTHROUGH = 0x1000
+  # SMB_COM_TRANSACTION2 MAX DATA COUNT information levels
+  SMB_QUERY_BASIC_MDC = 0x0028
+  SMB_QUERY_STANDARD_MDC1 = 0x0018
+  SMB_QUERY_STANDARD_MDC2 = 0x0102
+  SMB_QUERY_FILE_INTERNAL_INFO_MDC = 0x0008
+  SMB_QUERY_FILE_NETWORK_INFO_MDC = 0x0038
+  # SMB_COM_TRANS2 FIND_FIRST information levels
+  SMB_FIND_FILE_DIRECTORY_INFO = 0x101
+  SMB_FIND_FILE_FULL_DIRECTORY_INFO = 0x102
+  SMB_FIND_FILE_NAMES_INFO = 0x103
+  SMB_FIND_FILE_BOTH_DIRECTORY_INFO = 0x104
+  SMB_FIND_ID_FULL_DIRECTORY_INFO = 0x105
+  SMB_FIND_ID_BOTH_DIRECTORY_INFO = 0x106
+  # Device Types
+  FILE_DEVICE_BEEP = 0x00000001
+  FILE_DEVICE_CD_ROM = 0x00000002
+  FILE_DEVICE_CD_ROM_FILE_SYSTEM = 0x00000003
+  FILE_DEVICE_CONTROLLER = 0x00000004
+  FILE_DEVICE_DATALINK = 0x00000005
+  FILE_DEVICE_DFS = 0x00000006
+  FILE_DEVICE_DISK = 0x00000007
+  FILE_DEVICE_DISK_FILE_SYSTEM = 0x00000008
+  FILE_DEVICE_FILE_SYSTEM = 0x00000009
+  FILE_DEVICE_INPORT_PORT = 0x0000000A
+  FILE_DEVICE_KEYBOARD = 0x0000000B
+  FILE_DEVICE_MAILSLOT = 0x0000000C
+  FILE_DEVICE_MIDI_IN = 0x0000000D
+  FILE_DEVICE_MIDI_OUT = 0x0000000E
+  FILE_DEVICE_MOUSE = 0x0000000F
+  FILE_DEVICE_MULTI_UNC_PROVIDER = 0x00000010
+  FILE_DEVICE_NAMED_PIPE = 0x00000011
+  FILE_DEVICE_NETWORK = 0x00000012
+  FILE_DEVICE_NETWORK_BROWSER = 0x00000013
+  FILE_DEVICE_NETWORK_FILE_SYSTEM = 0x00000014
+  FILE_DEVICE_NULL = 0x00000015
+  FILE_DEVICE_PARALLEL_PORT = 0x00000016
+  FILE_DEVICE_PHYSICAL_NETCARD = 0x00000017
+  FILE_DEVICE_PRINTER = 0x00000018
+  FILE_DEVICE_SCANNER = 0x00000019
+  FILE_DEVICE_SERIAL_MOUSE_PORT = 0x0000001A
+  FILE_DEVICE_SERIAL_PORT = 0x0000001B
+  FILE_DEVICE_SCREEN = 0x0000001C
+  FILE_DEVICE_SOUND = 0x0000001D
+  FILE_DEVICE_STREAMS = 0x0000001E
+  FILE_DEVICE_TAPE = 0x0000001F
+  FILE_DEVICE_TAPE_FILE_SYSTEM = 0x00000020
+  FILE_DEVICE_TRANSPORT = 0x00000021
+  FILE_DEVICE_UNKNOWN = 0x00000022
+  FILE_DEVICE_VIDEO = 0x00000023
+  FILE_DEVICE_VIRTUAL_DISK = 0x00000024
+  FILE_DEVICE_WAVE_IN = 0x00000025
+  FILE_DEVICE_WAVE_OUT = 0x00000026
+  FILE_DEVICE_8042_PORT = 0x00000027
+  FILE_DEVICE_NETWORK_REDIRECTOR = 0x00000028
+  FILE_DEVICE_BATTERY = 0x00000029
+  FILE_DEVICE_BUS_EXTENDER = 0x0000002A
+  FILE_DEVICE_MODEM = 0x0000002B
+  FILE_DEVICE_VDM = 0x0000002C
+  # File and Device Attributes
+  FILE_REMOVABLE_MEDIA = 0x00000001
+  FILE_READ_ONLY_DEVICE = 0x00000002
+  FILE_FLOPPY_DISKETTE = 0x00000004
+  FILE_WRITE_ONE_MEDIA = 0x00000008
+  FILE_REMOTE_DEVICE = 0x00000010
+  FILE_DEVICE_IS_MOUNTED = 0x00000020
+  FILE_VIRTUAL_VOLUME = 0x00000040
+  FILE_CASE_SENSITIVE_SEARCH = 0x00000001
+  FILE_CASE_PRESERVED_NAMES = 0x00000002
+  FILE_PERSISTENT_ACLS = 0x00000004
+  FILE_FILE_COMPRESSION = 0x00000008
+  FILE_VOLUME_QUOTAS = 0x00000010
+  FILE_VOLUME_IS_COMPRESSED = 0x00008000
+  # SMB_EXT_FILE_ATTR
+  # http://msdn.microsoft.com/en-us/library/ee878573(prot.20).aspx
+  SMB_EXT_FILE_ATTR_READONLY = 0x00000001
+  SMB_EXT_FILE_ATTR_HIDDEN = 0x00000002
+  SMB_EXT_FILE_ATTR_SYSTEM = 0x00000004
+  SMB_EXT_FILE_ATTR_DIRECTORY = 0x00000010
+  SMB_EXT_FILE_ATTR_ARCHIVE = 0x00000020
+  SMB_EXT_FILE_ATTR_NORMAL = 0x00000080
+  SMB_EXT_FILE_ATTR_TEMPORARY = 0x00000100
+  SMB_EXT_FILE_ATTR_COMPRESSED = 0x00000800
+  SMB_EXT_FILE_POSIX_SEMANTICS = 0x01000000
+  SMB_EXT_FILE_BACKUP_SEMANTICS = 0x02000000
+  SMB_EXT_FILE_DELETE_ON_CLOSE = 0x04000000
+  SMB_EXT_FILE_SEQUENTIAL_SCAN = 0x08000000
+  SMB_EXT_FILE_RANDOM_ACCESS = 0x10000000
+  SMB_EXT_FILE_NO_BUFFERING = 0x20000000
+  SMB_EXT_FILE_WRITE_THROUGH = 0x80000000
+  # SMB Error Codes
+  SMB_STATUS_SUCCESS =			0x00000000
+  SMB_ERROR_BUFFER_OVERFLOW =		0x80000005
+  SMB_STATUS_MORE_PROCESSING_REQUIRED =	0xC0000016
+  SMB_STATUS_ACCESS_DENIED =		0xC0000022
+  SMB_STATUS_LOGON_FAILURE =		0xC000006D
+  SMB_STATUS_NO_SUCH_FILE = 0xC000000F
+  SMB_STATUS_OBJECT_NAME_NOT_FOUND = 0xc0000034
+  SMB_NT_STATUS_NOT_FOUND = 0xc0000225
+  # SMB Resource types
+  SMB_RESOURCE_FILE_TYPE_DISK = 0x0000
+  SMB_RESOURCE_FILE_TYPE_BYTE_MODE_PIPE = 0x0001
+  SMB_RESOURCE_FILE_TYPE_MESSAGE_MODE_PIPE = 0x0002
+  SMB_RESOURCE_FILE_TYPE_PRINTER = 0x0003
+  SMB_RESOURCE_FILE_TYPE_COMM_DEVICE = 0x0004
+  # Word count values
+  SMB_NEGOTIATE_RES_WORD_COUNT = 0x11
+  SMB_CLOSE_RES_WORD_COUNT = 0x00
+  SMB_NT_CREATE_ANDX_RES_WORD_COUNT = 0x22
+  SMB_READ_ANDX_RES_WORD_COUNT = 0x0c
+  SMB_TREE_CONN_ANDX_WORD_COUNT = 0x07
+  SMB_SESSION_SETUP_ANDX_RES_WORD_COUNT = 0x03
+  SMB_TRANS2_RES_WORD_COUNT = 0x0a
+  # SMB Dialect Compatibility
+  DIALECT = {}
+  DIALECT['PC NETWORK PROGRAM 1.0'] = [
+    SMB_COM_CHECK_DIRECTORY,
+    SMB_COM_CLOSE,
+    SMB_COM_CLOSE_PRINT_FILE,
+    SMB_COM_CREATE,
+    SMB_COM_CREATE_DIRECTORY,
+    SMB_COM_CREATE_NEW,
+    SMB_COM_CREATE_TEMPORARY,
+    SMB_COM_DELETE,
+    SMB_COM_DELETE_DIRECTORY,
+    SMB_COM_FLUSH,
+    SMB_COM_GET_PRINT_QUEUE,
+    SMB_COM_LOCK_BYTE_RANGE,
+    SMB_COM_NEGOTIATE,
+    SMB_COM_OPEN,
+    SMB_COM_OPEN_PRINT_FILE,
+    SMB_COM_PROCESS_EXIT,
+    SMB_COM_QUERY_INFORMATION,
+    SMB_COM_QUERY_INFORMATION_DISK,
+    SMB_COM_READ,
+    SMB_COM_RENAME,
+    SMB_COM_SEARCH,
+    SMB_COM_SEEK,
+    SMB_COM_SET_INFORMATION,
+    SMB_COM_TREE_CONNECT,
+    SMB_COM_TREE_DISCONNECT,
+    SMB_COM_UNLOCK_BYTE_RANGE,
+    SMB_COM_WRITE,
+    SMB_COM_WRITE_PRINT_FILE
+  ]
+  DIALECT['LANMAN 1.0'] = DIALECT['PC NETWORK PROGRAM 1.0'] + [
+    SMB_COM_COPY,
+    SMB_COM_ECHO,
+    SMB_COM_FIND,
+    SMB_COM_FIND_CLOSE,
+    SMB_COM_FIND_UNIQUE,
+    SMB_COM_IOCTL,
+    SMB_COM_IOCTL_SECONDARY,
+    SMB_COM_LOCK_AND_READ,
+    SMB_COM_LOCKING_ANDX,
+    SMB_COM_MOVE,
+    SMB_COM_OPEN_ANDX,
+    SMB_COM_QUERY_INFORMATION2,
+    SMB_COM_READ_ANDX,
+    SMB_COM_READ_MPX,
+    SMB_COM_READ_RAW,
+    SMB_COM_SESSION_SETUP_ANDX,
+    SMB_COM_SET_INFORMATION2,
+    SMB_COM_TRANSACTION,
+    SMB_COM_TRANSACTION_SECONDARY,
+    SMB_COM_TREE_CONNECT_ANDX,
+    SMB_COM_WRITE_AND_CLOSE,
+    SMB_COM_WRITE_AND_UNLOCK,
+    SMB_COM_WRITE_ANDX,
+    SMB_COM_WRITE_COMPLETE,
+    SMB_COM_WRITE_MPX,
+    SMB_COM_WRITE_MPX_SECONDARY,
+    SMB_COM_WRITE_RAW
+  ]
+  DIALECT['LM1.2X002'] = DIALECT['LANMAN 1.0'] + [
+    SMB_COM_FIND_CLOSE2,
+    SMB_COM_LOGOFF_ANDX,
+    SMB_COM_TRANSACTION2,
+    SMB_COM_TRANSACTION2_SECONDARY
+  ]
+  DIALECT['NTLM 0.12'] = DIALECT['LM1.2X002'] + [
+    SMB_COM_NT_CANCEL,
+    SMB_COM_NT_CREATE_ANDX,
+    SMB_COM_NT_RENAME,
+    SMB_COM_NT_TRANSACT,
+    SMB_COM_NT_TRANSACT_SECONDARY
+  ]
+  # Create a NetBIOS session packet template
+  def self.make_nbs (template)
+    Rex::Struct2::CStructTemplate.new(
+      [ 'uint8',    'Type',             0 ],
+      [ 'uint8',    'Flags',            0 ],
+      [ 'uint16n',  'PayloadLen',       0 ],
+      [ 'template', 'Payload',          template ]
+    ).create_restraints(
+      [ 'Payload', 'PayloadLen',  nil, true ]
+    )
+  end
+  # A raw NetBIOS session template
+  NBRAW_HDR_PKT =  Rex::Struct2::CStructTemplate.new(
+    [ 'string', 'Payload', nil, '']
+  )
+  NBRAW_PKT = self.make_nbs(NBRAW_HDR_PKT)
+  # The SMB header template
+  SMB_HDR = Rex::Struct2::CStructTemplate.new(
+    [ 'uint32n', 'Magic',             0xff534d42 ],
+    [ 'uint8',   'Command',           0 ],
+    [ 'uint32v', 'ErrorClass',        0 ],
+    [ 'uint8',   'Flags1',            0 ],
+    [ 'uint16v', 'Flags2',            0 ],
+    [ 'uint16v', 'ProcessIDHigh',     0 ],
+    [ 'uint32v', 'Signature1',        0 ],
+    [ 'uint32v', 'Signature2',        0 ],
+    [ 'uint16v', 'Reserved1',         0 ],
+    [ 'uint16v', 'TreeID',            0 ],
+    [ 'uint16v', 'ProcessID',         0 ],
+    [ 'uint16v', 'UserID',            0 ],
+    [ 'uint16v', 'MultiplexID',       0 ],
+    [ 'uint8',   'WordCount',         0 ]
+  )
+  SMB_HDR_LENGTH = 33
+  # The SMB2 header template
+  SMB2_HDR = Rex::Struct2::CStructTemplate.new(
+    [ 'uint32n', 'Magic',             0xfe534d42 ],
+    [ 'uint16v', 'HeaderLen',         64 ],
+    [ 'uint16v', 'Reserved0',         0 ],
+    [ 'uint32v', 'NTStatus',          0 ],
+    [ 'uint16v', 'Opcode',            0 ],
+    [ 'uint16v', 'Reserved1',         0 ],
+    [ 'uint16v', 'Flags1',            0 ],
+    [ 'uint16v', 'Flags2',            0 ],
+    [ 'uint32v', 'ChainOffset',       0 ],
+    [ 'uint32v', 'SequenceHigh',      0 ],
+    [ 'uint32v', 'SequenceLow',       0 ],
+    [ 'uint32v', 'ProcessID',         0 ],
+    [ 'uint32v', 'TreeID',            0 ],
+    [ 'uint32v', 'UserIDHigh',        0 ],
+    [ 'uint32v', 'UserIDLow',         0 ],
+    [ 'uint32v', 'SignatureA',        0 ],
+    [ 'uint32v', 'SignatureB',        0 ],
+    [ 'uint32v', 'SignatureC',        0 ],
+    [ 'uint32v', 'SignatureD',        0 ],
+    [ 'string',  'Payload', nil,      '']
+  )
+  # A basic SMB template to read all responses
+  SMB_BASE_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint16v', 'ByteCount',            0 ],
+    [ 'string',  'Payload', nil,        '' ]
   ).create_restraints(
-    [ 'Payload', 'PayloadLen',  nil, true ]
+    [ 'Payload', 'ByteCount',  nil, true ]
+  )
+  SMB_BASE_PKT = self.make_nbs(SMB_BASE_HDR_PKT)
+  # A SMB template for SMB Dialect negotiation
+  SMB_NEG_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint16v', 'ByteCount',            0 ],
+    [ 'string',  'Payload', nil,        '' ]
+  ).create_restraints(
+    [ 'Payload', 'ByteCount',  nil, true ]
+  )
+  SMB_NEG_PKT = self.make_nbs(SMB_NEG_HDR_PKT)
+  # A SMB template for SMB Dialect negotiation responses (LANMAN)
+  SMB_NEG_RES_LM_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint16v', 'Dialect',              0 ],
+    [ 'uint16v', 'SecurityMode',         0 ],
+    [ 'uint16v', 'MaxBuff',              0 ],
+    [ 'uint16v', 'MaxMPX',               0 ],
+    [ 'uint16v', 'MaxVCS',               0 ],
+    [ 'uint16v', 'RawMode',              0 ],
+    [ 'uint32v', 'SessionKey',           0 ],
+    [ 'uint16v', 'DosTime',              0 ],
+    [ 'uint16v', 'DosDate',              0 ],
+    [ 'uint16v', 'Timezone',             0 ],
+    [ 'uint16v', 'KeyLength',            0 ],
+    [ 'uint16v', 'Reserved1',            0 ],
+    [ 'uint16v', 'ByteCount',            0 ],
+    [ 'string',  'EncryptionKey', nil,  '' ]
+  ).create_restraints(
+    [ 'EncryptionKey', 'ByteCount',  nil, true ]
+  )
+  SMB_NEG_RES_LM_PKT = self.make_nbs(SMB_NEG_RES_LM_HDR_PKT)
+  # A SMB template for SMB Dialect negotiation responses (NTLM)
+  SMB_NEG_RES_NT_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint16v', 'Dialect',              0 ],
+    [ 'uint8',   'SecurityMode',         0 ],
+    [ 'uint16v', 'MaxMPX',               0 ],
+    [ 'uint16v', 'MaxVCS',               0 ],
+    [ 'uint32v', 'MaxBuff',              0 ],
+    [ 'uint32v', 'MaxRaw',               0 ],
+    [ 'uint32v', 'SessionKey',           0 ],
+    [ 'uint32v', 'Capabilities',         0 ],
+    [ 'uint32v', 'SystemTimeLow',        0 ],
+    [ 'uint32v', 'SystemTimeHigh',       0 ],
+    [ 'uint16v', 'ServerTimeZone',       0 ],
+    [ 'uint8',   'KeyLength',            0 ],
+    [ 'uint16v', 'ByteCount',            0 ],
+    [ 'string',  'Payload', nil,        '' ]
+  ).create_restraints(
+    [ 'Payload', 'ByteCount',  nil, true ]
+  )
+  SMB_NEG_RES_NT_PKT = self.make_nbs(SMB_NEG_RES_NT_HDR_PKT)
+  # A SMB template for SMB Dialect negotiation responses (ERROR)
+  SMB_NEG_RES_ERR_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint16v', 'Dialect',              0 ],
+    [ 'uint16v', 'ByteCount',            0 ]
+  )
+  SMB_NEG_RES_ERR_PKT = self.make_nbs(SMB_NEG_RES_ERR_HDR_PKT)
+  # A SMB template for SMB Session Setup responses (LANMAN/NTLMV1)
+  SMB_SETUP_RES_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint8',   'AndX',                 0 ],
+    [ 'uint8',   'Reserved1',            0 ],
+    [ 'uint16v', 'AndXOffset',           0 ],
+    [ 'uint16v', 'Action',               0 ],
+    [ 'uint16v', 'ByteCount',            0 ],
+    [ 'string',  'Payload', nil,        '' ]
+  ).create_restraints(
+    [ 'Payload', 'ByteCount',  nil, true ]
+  )
+  SMB_SETUP_RES_PKT = self.make_nbs(SMB_SETUP_RES_HDR_PKT)
+  # A SMB template for SMB Session Setup requests (LANMAN)
+  SMB_SETUP_LANMAN_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint8',   'AndX',                 0 ],
+    [ 'uint8',   'Reserved1',            0 ],
+    [ 'uint16v', 'AndXOffset',           0 ],
+    [ 'uint16v', 'MaxBuff',              0 ],
+    [ 'uint16v', 'MaxMPX',               0 ],
+    [ 'uint16v', 'VCNum',                0 ],
+    [ 'uint32v', 'SessionKey',           0 ],
+    [ 'uint16v', 'PasswordLen',          0 ],
+    [ 'uint32v', 'Reserved2',            0 ],
+    [ 'uint16v', 'ByteCount',            0 ],
+    [ 'string',  'Payload', nil,        '' ]
+  ).create_restraints(
+    [ 'Payload', 'ByteCount',  nil, true ]
+  )
+  SMB_SETUP_LANMAN_PKT = self.make_nbs(SMB_SETUP_LANMAN_HDR_PKT)
+  # A SMB template for SMB Session Setup requests (NTLMV1)
+  SMB_SETUP_NTLMV1_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint8',   'AndX',                 0 ],
+    [ 'uint8',   'Reserved1',            0 ],
+    [ 'uint16v', 'AndXOffset',           0 ],
+    [ 'uint16v', 'MaxBuff',              0 ],
+    [ 'uint16v', 'MaxMPX',               0 ],
+    [ 'uint16v', 'VCNum',                0 ],
+    [ 'uint32v', 'SessionKey',           0 ],
+    [ 'uint16v', 'PasswordLenLM',        0 ],
+    [ 'uint16v', 'PasswordLenNT',        0 ],
+    [ 'uint32v', 'Reserved2',            0 ],
+    [ 'uint32v', 'Capabilities',         0 ],
+    [ 'uint16v', 'ByteCount',            0 ],
+    [ 'string',  'Payload', nil,        '' ]
+  ).create_restraints(
+    [ 'Payload', 'ByteCount',  nil, true ]
+  )
+  SMB_SETUP_NTLMV1_PKT = self.make_nbs(SMB_SETUP_NTLMV1_HDR_PKT)
+  # A SMB template for SMB Session Setup requests (When extended security is being used)
+  SMB_SETUP_NTLMV2_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint8',   'AndX',                 0 ],
+    [ 'uint8',   'Reserved1',            0 ],
+    [ 'uint16v', 'AndXOffset',           0 ],
+    [ 'uint16v', 'MaxBuff',              0 ],
+    [ 'uint16v', 'MaxMPX',               0 ],
+    [ 'uint16v', 'VCNum',                0 ],
+    [ 'uint32v', 'SessionKey',           0 ],
+    [ 'uint16v', 'SecurityBlobLen',      0 ],
+    [ 'uint32v', 'Reserved2',            0 ],
+    [ 'uint32v', 'Capabilities',         0 ],
+    [ 'uint16v', 'ByteCount',            0 ],
+    [ 'string',  'Payload', nil,        '' ]
+  ).create_restraints(
+    [ 'Payload', 'ByteCount',  nil, true ]
+  )
+  SMB_SETUP_NTLMV2_PKT = self.make_nbs(SMB_SETUP_NTLMV2_HDR_PKT)
+  # A SMB template for SMB Session Setup responses (When extended security is being used)
+  SMB_SETUP_NTLMV2_RES_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint8',   'AndX',                 0 ],
+    [ 'uint8',   'Reserved1',            0 ],
+    [ 'uint16v', 'AndXOffset',           0 ],
+    [ 'uint16v', 'Action',               0 ],
+    [ 'uint16v', 'SecurityBlobLen',      0 ],
+    [ 'uint16v', 'ByteCount',            0 ],
+    [ 'string',  'Payload', nil,        '' ]
+  ).create_restraints(
+    [ 'Payload', 'ByteCount',  nil, true ]
+  )
+  SMB_SETUP_NTLMV2_RES_PKT = self.make_nbs(SMB_SETUP_NTLMV2_RES_HDR_PKT)
+  # A SMB template for SMB Tree Connect requests
+  SMB_TREE_CONN_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint8',   'AndX',                 0 ],
+    [ 'uint8',   'Reserved1',            0 ],
+    [ 'uint16v', 'AndXOffset',           0 ],
+    [ 'uint16v', 'Flags',                0 ],
+    [ 'uint16v', 'PasswordLen',          0 ],
+    [ 'uint16v', 'ByteCount',            0 ],
+    [ 'string',  'Payload', nil,        '' ]
+  ).create_restraints(
+    [ 'Payload', 'ByteCount',  nil, true ]
+  )
+  SMB_TREE_CONN_PKT = self.make_nbs(SMB_TREE_CONN_HDR_PKT)
+  # A SMB template for SMB Tree Connect requests
+  SMB_TREE_CONN_RES_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint8',   'AndX',                 0 ],
+    [ 'uint8',   'Reserved1',            0 ],
+    [ 'uint16v', 'AndXOffset',           0 ],
+    [ 'uint16v', 'OptionalSupport',      0 ],
+    [ 'string',  'SupportWords', nil,   '' ],
+    [ 'uint16v', 'ByteCount',            0 ],
+    [ 'string',  'Payload', nil,        '' ]
+  ).create_restraints(
+    [ 'Payload', 'ByteCount',  nil, true ]
+  )
+  SMB_TREE_CONN_RES_PKT = self.make_nbs(SMB_TREE_CONN_RES_HDR_PKT)
+  # A SMB template for SMB Tree Disconnect requests
+  SMB_TREE_DISCONN_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint16v', 'ByteCount',            0 ],
+    [ 'string',  'Payload', nil,        '' ]
+  ).create_restraints(
+    [ 'Payload', 'ByteCount',  nil, true ]
+  )
+  SMB_TREE_DISCONN_PKT = self.make_nbs(SMB_TREE_DISCONN_HDR_PKT)
+  # A SMB template for SMB Tree Disconnect requests
+  SMB_TREE_DISCONN_RES_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint16v', 'ByteCount',            0 ],
+    [ 'string',  'Payload', nil,        '' ]
+  ).create_restraints(
+    [ 'Payload', 'ByteCount',  nil, true ]
+  )
+  SMB_TREE_DISCONN_RES_PKT = self.make_nbs(SMB_TREE_DISCONN_RES_HDR_PKT)
+  # A SMB template for SMB Transaction requests
+  SMB_TRANS_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint16v',  'ParamCountTotal',     0 ],
+    [ 'uint16v',  'DataCountTotal',      0 ],
+    [ 'uint16v',  'ParamCountMax',       0 ],
+    [ 'uint16v',  'DataCountMax',        0 ],
+    [ 'uint8',    'SetupCountMax',       0 ],
+    [ 'uint8',    'Reserved1',           0 ],
+    [ 'uint16v',  'Flags',               0 ],
+    [ 'uint32v',  'Timeout',             0 ],
+    [ 'uint16v',  'Reserved2',           0 ],
+    [ 'uint16v',  'ParamCount',          0 ],
+    [ 'uint16v',  'ParamOffset',         0 ],
+    [ 'uint16v',  'DataCount',           0 ],
+    [ 'uint16v',  'DataOffset',          0 ],
+    [ 'uint8',    'SetupCount',          0 ],
+    [ 'uint8',    'Reserved3',           0 ],
+    [ 'string',   'SetupData', nil,     '' ],
+    [ 'uint16v',  'ByteCount',           0 ],
+    [ 'string',   'Payload', nil,       '' ]
+  ).create_restraints(
+    [ 'Payload',   'ByteCount',  nil, true ]
+  )
+  SMB_TRANS_PKT = self.make_nbs(SMB_TRANS_HDR_PKT)
+  # A SMB template for SMB Transaction responses
+  SMB_TRANS_RES_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint16v',  'ParamCountTotal',     0 ],
+    [ 'uint16v',  'DataCountTotal',      0 ],
+    [ 'uint16v',  'Reserved1',           0 ],
+    [ 'uint16v',  'ParamCount',          0 ],
+    [ 'uint16v',  'ParamOffset',         0 ],
+    [ 'uint16v',  'ParamDisplace',       0 ],
+    [ 'uint16v',  'DataCount',           0 ],
+    [ 'uint16v',  'DataOffset',          0 ],
+    [ 'uint16v',  'DataDisplace',        0 ],
+    [ 'uint8',    'SetupCount',          0 ],
+    [ 'uint8',    'Reserved2',           0 ],
+    [ 'string',   'SetupData', nil,     '' ],
+    [ 'uint16v',  'ByteCount',           0 ],
+    [ 'string',   'Payload', nil,       '' ]
+  ).create_restraints(
+    [ 'Payload',   'ByteCount',  nil, true ]
+  )
+  SMB_TRANS_RES_PKT = self.make_nbs(SMB_TRANS_RES_HDR_PKT)
+  SMB_TRANS_RES_PKT_LENGTH = SMB_HDR_LENGTH + 22
+  # A SMB template for SMB Transaction2 requests
+  SMB_TRANS2_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint16v',  'ParamCountTotal',     0 ],
+    [ 'uint16v',  'DataCountTotal',      0 ],
+    [ 'uint16v',  'ParamCountMax',       0 ],
+    [ 'uint16v',  'DataCountMax',        0 ],
+    [ 'uint8',    'SetupCountMax',       0 ],
+    [ 'uint8',    'Reserved1',           0 ],
+    [ 'uint16v',  'Flags',               0 ],
+    [ 'uint32v',  'Timeout',             0 ],
+    [ 'uint16v',  'Reserved2',           0 ],
+    [ 'uint16v',  'ParamCount',          0 ],
+    [ 'uint16v',  'ParamOffset',         0 ],
+    [ 'uint16v',  'DataCount',           0 ],
+    [ 'uint16v',  'DataOffset',          0 ],
+    [ 'uint8',    'SetupCount',          0 ],
+    [ 'uint8',    'Reserved3',           0 ],
+    [ 'string',   'SetupData', nil,     '' ],
+    [ 'uint16v',  'ByteCount',           0 ],
+    [ 'string',   'Payload', nil,       '' ]
+  ).create_restraints(
+    [ 'Payload',   'ByteCount',  nil, true ]
+  )
+  SMB_TRANS2_PKT = self.make_nbs(SMB_TRANS2_HDR_PKT)
+  # A SMB template for SMB NTTransaction requests
+  SMB_NTTRANS_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint8',    'SetupCountMax',       0 ],
+    [ 'uint16v',  'Reserved1',           0 ],
+    [ 'uint32v',  'ParamCountTotal',     0 ],
+    [ 'uint32v',  'DataCountTotal',      0 ],
+    [ 'uint32v',  'ParamCountMax',       0 ],
+    [ 'uint32v',  'DataCountMax',        0 ],
+    [ 'uint32v',  'ParamCount',          0 ],
+    [ 'uint32v',  'ParamOffset',         0 ],
+    [ 'uint32v',  'DataCount',           0 ],
+    [ 'uint32v',  'DataOffset',          0 ],
+    [ 'uint8',    'SetupCount',          0 ],
+    [ 'uint16v',  'Subcommand',          0 ],
+    [ 'string',   'SetupData', nil,     '' ],
+    [ 'uint16v',  'ByteCount',           0 ],
+    [ 'string',   'Payload', nil,       '' ]
+  ).create_restraints(
+    [ 'Payload',   'ByteCount',  nil, true ]
+  )
+  SMB_NTTRANS_PKT = self.make_nbs(SMB_NTTRANS_HDR_PKT)
+  # A SMB template for SMB NTTransaction responses
+  SMB_NTTRANS_RES_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint8',    'Reserved1',           0 ],
+    [ 'uint16v',  'Reserved2',           0 ],
+    [ 'uint32v',  'ParamCountTotal',     0 ],
+    [ 'uint32v',  'DataCountTotal',      0 ],
+    [ 'uint32v',  'ParamCount',          0 ],
+    [ 'uint32v',  'ParamOffset',         0 ],
+    [ 'uint32v',  'ParamDisplace',       0 ],
+    [ 'uint32v',  'DataCount',           0 ],
+    [ 'uint32v',  'DataOffset',          0 ],
+    [ 'uint32v',  'DataDisplace',        0 ],
+    [ 'uint8',    'Reserved3',           0 ],
+    [ 'uint16v',  'ByteCount',           0 ],
+    [ 'string',   'Payload', nil,       '' ]
+  ).create_restraints(
+    [ 'Payload',   'ByteCount',  nil, true ]
+  )
+  SMB_NTTRANS_RES_PKT = self.make_nbs(SMB_NTTRANS_RES_HDR_PKT)
+  # A SMB template for SMB NTTransaction_Secondary requests
+  SMB_NTTRANS_SECONDARY_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint8',    'Reserved1',           0 ],
+    [ 'uint16v',  'Reserved2',           0 ],
+    [ 'uint32v',  'ParamCountTotal',     0 ],
+    [ 'uint32v',  'DataCountTotal',      0 ],
+    [ 'uint32v',  'ParamCount',          0 ],
+    [ 'uint32v',  'ParamOffset',         0 ],
+    [ 'uint32v',  'ParamDisplace',       0 ],
+    [ 'uint32v',  'DataCount',           0 ],
+    [ 'uint32v',  'DataOffset',          0 ],
+    [ 'uint32v',  'DataDisplace',        0 ],
+    [ 'uint8',    'SetupCount',          0 ],
+    [ 'string',   'SetupData', nil,     '' ],
+    [ 'uint16v',  'ByteCount',           0 ],
+    [ 'string',   'Payload', nil,       '' ]
+  ).create_restraints(
+    [ 'Payload',   'ByteCount',  nil, true ]
+  )
+  SMB_NTTRANS_SECONDARY_PKT = self.make_nbs(SMB_NTTRANS_SECONDARY_HDR_PKT)
+  # A SMB template for SMB Create requests
+  SMB_CREATE_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint8',    'AndX',                0 ],
+    [ 'uint8',    'Reserved1',           0 ],
+    [ 'uint16v',  'AndXOffset',          0 ],
+    [ 'uint8',    'Reserved2',           0 ],
+    [ 'uint16v',  'FileNameLen',         0 ],
+    [ 'uint32v',  'CreateFlags',         0 ],
+    [ 'uint32v',  'RootFileID',          0 ],
+    [ 'uint32v',  'AccessMask',          0 ],
+    [ 'uint32v',  'AllocLow',            0 ],
+    [ 'uint32v',  'AllocHigh',           0 ],
+    [ 'uint32v',  'Attributes',          0 ],
+    [ 'uint32v',  'ShareAccess',         0 ],
+    [ 'uint32v',  'Disposition',         0 ],
+    [ 'uint32v',  'CreateOptions',       0 ],
+    [ 'uint32v',  'Impersonation',       0 ],
+    [ 'uint8',    'SecurityFlags',       0 ],
+    [ 'uint16v',  'ByteCount',           0 ],
+    [ 'string',   'Payload', nil,        '' ]
+  ).create_restraints(
+    [ 'Payload', 'ByteCount',  nil, true ]
+  )
+  SMB_CREATE_PKT = self.make_nbs(SMB_CREATE_HDR_PKT)
+  # A SMB template for SMB Create responses
+  SMB_CREATE_RES_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint8',    'AndX',                0 ],
+    [ 'uint8',    'Reserved1',           0 ],
+    [ 'uint16v',  'AndXOffset',          0 ],
+    [ 'uint8',    'OpLock',              0 ],
+    [ 'uint16v',  'FileID',              0 ],
+    [ 'uint32v',  'Action',              0 ],
+    [ 'uint32v',  'CreateTimeLow',       0 ],
+    [ 'uint32v',  'CreateTimeHigh',      0 ],
+    [ 'uint32v',  'AccessTimeLow',       0 ],
+    [ 'uint32v',  'AccessTimeHigh',      0 ],
+    [ 'uint32v',  'WriteTimeLow',        0 ],
+    [ 'uint32v',  'WriteTimeHigh',       0 ],
+    [ 'uint32v',  'ChangeTimeLow',       0 ],
+    [ 'uint32v',  'ChangeTimeHigh',      0 ],
+    [ 'uint32v',  'Attributes',          0 ],
+    [ 'uint32v',  'AllocLow',            0 ],
+    [ 'uint32v',  'AllocHigh',           0 ],
+    [ 'uint32v',  'EOFLow',              0 ],
+    [ 'uint32v',  'EOFHigh',             0 ],
+    [ 'uint16v',  'FileType',            0 ],
+    [ 'uint16v',  'IPCState',            0 ],
+    [ 'uint8',    'IsDirectory',         0 ],
+    [ 'uint16v',  'ByteCount',           0 ],
+    [ 'string',   'Payload', nil,       '' ]
+  ).create_restraints(
+    [ 'Payload', 'ByteCount',  nil, true ]
+  )
+  SMB_CREATE_RES_PKT = self.make_nbs(SMB_CREATE_RES_HDR_PKT)
+  # A SMB template for SMB Create ANDX responses
+  SMB_CREATE_ANDX_RES_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+      [ 'template', 'SMB',                 SMB_HDR ],
+      [ 'uint8',    'AndX',                0 ],
+      [ 'uint8',    'Reserved1',           0 ],
+      [ 'uint16v',  'AndXOffset',          0 ],
+      [ 'uint8',    'OpLock',              0 ],
+      [ 'uint16v',  'FileID',              0 ],
+      [ 'uint32v',  'Action',              0 ],
+      [ 'uint32v',  'CreateTimeLow',       0 ],
+      [ 'uint32v',  'CreateTimeHigh',      0 ],
+      [ 'uint32v',  'AccessTimeLow',       0 ],
+      [ 'uint32v',  'AccessTimeHigh',      0 ],
+      [ 'uint32v',  'WriteTimeLow',        0 ],
+      [ 'uint32v',  'WriteTimeHigh',       0 ],
+      [ 'uint32v',  'ChangeTimeLow',       0 ],
+      [ 'uint32v',  'ChangeTimeHigh',      0 ],
+      [ 'uint32v',  'Attributes',          0 ],
+      [ 'uint32v',  'AllocLow',            0 ],
+      [ 'uint32v',  'AllocHigh',           0 ],
+      [ 'uint32v',  'EOFLow',              0 ],
+      [ 'uint32v',  'EOFHigh',             0 ],
+      [ 'uint16v',  'FileType',            0 ],
+      [ 'uint16v',  'IPCState',            0 ],
+      [ 'uint8',    'IsDirectory',         0 ],
+      [ 'string',   'VolumeGUID', 16,      '', "\x00"],
+      [ 'uint64v',  '64bitFID',            0 ],
+      [ 'uint32v',  'MaxAccess',           0 ],
+      [ 'uint32v',  'GuestAccess',         0 ],
+      [ 'uint16v',  'ByteCount',           0 ],
+      [ 'string',   'Payload', nil,       '' ]
+  ).create_restraints(
+      [ 'Payload', 'ByteCount',  nil, true ]
+  )
+  SMB_CREATE_ANDX_RES_PKT = self.make_nbs(SMB_CREATE_ANDX_RES_HDR_PKT)
+  # A SMB template for SMB Write requests
+  SMB_WRITE_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint8',    'AndX',                0 ],
+    [ 'uint8',    'Reserved1',           0 ],
+    [ 'uint16v',  'AndXOffset',          0 ],
+    [ 'uint16v',  'FileID',              0 ],
+    [ 'uint32v',  'Offset',              0 ],
+    [ 'uint32v',  'Reserved2',           0 ],
+    [ 'uint16v',  'WriteMode',           0 ],
+    [ 'uint16v',  'Remaining',           0 ],
+    [ 'uint16v',  'DataLenHigh',         0 ],
+    [ 'uint16v',  'DataLenLow',          0 ],
+    [ 'uint16v',  'DataOffset',          0 ],
+    [ 'uint32v',  'DataOffsetHigh',      0 ],
+    [ 'uint16v',  'ByteCount',           0 ],
+    [ 'string',   'Payload', nil,       '' ]
+  ).create_restraints(
+    [ 'Payload',   'ByteCount',  nil, true ]
+  )
+  SMB_WRITE_PKT = self.make_nbs(SMB_WRITE_HDR_PKT)
+  # A SMB template for SMB Write responses
+  SMB_WRITE_RES_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint8',    'AndX',                0 ],
+    [ 'uint8',    'Reserved1',           0 ],
+    [ 'uint16v',  'AndXOffset',          0 ],
+    [ 'uint16v',  'CountLow',            0 ],
+    [ 'uint16v',  'Remaining',           0 ],
+    [ 'uint16v',  'CountHigh',           0 ],
+    [ 'uint16v',  'Reserved2',           0 ],
+    [ 'uint16v',  'ByteCount',           0 ],
+    [ 'string',   'Payload', nil,       '' ]
+  ).create_restraints(
+    [ 'Payload',   'ByteCount',  nil, true ]
+  )
+  SMB_WRITE_RES_PKT = self.make_nbs(SMB_WRITE_RES_HDR_PKT)
+  # A SMB template for SMB OPEN requests
+  SMB_OPEN_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint8',    'AndX',                0 ],
+    [ 'uint8',    'Reserved1',           0 ],
+    [ 'uint16v',  'AndXOffset',          0 ],
+    [ 'uint16v',  'Flags',               0 ],
+    [ 'uint16v',  'Access',              0 ],
+    [ 'uint16v',  'SearchAttributes',    0 ],
+    [ 'uint16v',  'FileAttributes',      0 ],
+    [ 'uint32v',  'CreateTime',          0 ],
+    [ 'uint16v',  'OpenFunction',        0 ],
+    [ 'uint32v',  'AllocSize',           0 ],
+    [ 'uint32v',  'Reserved2',           0 ],
+    [ 'uint32v',  'Reserved3',           0 ],
+    [ 'uint16v',  'ByteCount',           0 ],
+    [ 'string',   'Payload', nil,       '' ]
+  ).create_restraints(
+    [ 'Payload',   'ByteCount',  nil, true ]
+  )
+  SMB_OPEN_PKT = self.make_nbs(SMB_OPEN_HDR_PKT)
+  # A SMB template for SMB OPEN responses
+  SMB_OPEN_RES_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint8',    'AndX',                0 ],
+    [ 'uint8',    'Reserved1',           0 ],
+    [ 'uint16v',  'AndXOffset',          0 ],
+    [ 'uint16v',  'FileID',              0 ],
+    [ 'uint16v',  'FileAttributes',      0 ],
+    [ 'uint32v',  'WriteTime',           0 ],
+    [ 'uint32v',  'FileSize',            0 ],
+    [ 'uint16v',  'FileAccess',          0 ],
+    [ 'uint16v',  'FileType',            0 ],
+    [ 'uint16v',  'IPCState',            0 ],
+    [ 'uint16v',  'Action',              0 ],
+    [ 'uint32v',  'ServerFileID',        0 ],
+    [ 'uint16v',  'Reserved2',           0 ],
+    [ 'uint16v',  'ByteCount',           0 ],
+    [ 'string',   'Payload', nil,       '' ]
+  ).create_restraints(
+    [ 'Payload',   'ByteCount',  nil, true ]
+  )
+  SMB_OPEN_RES_PKT = self.make_nbs(SMB_OPEN_RES_HDR_PKT)
+  # A SMB template for SMB Close requests
+  SMB_CLOSE_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint16v',  'FileID',              0 ],
+    [ 'uint32v',  'LastWrite',           0 ],
+    [ 'uint16v',  'ByteCount',           0 ],
+    [ 'string',   'Payload', nil,       '' ]
+  ).create_restraints(
+    [ 'Payload',   'ByteCount',  nil, true ]
+  )
+  SMB_CLOSE_PKT = self.make_nbs(SMB_CLOSE_HDR_PKT)
+  # A SMB template for SMB Close responses
+  SMB_CLOSE_RES_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint16v',  'ByteCount',           0 ],
+    [ 'string',   'Payload', nil,       '' ]
+  ).create_restraints(
+    [ 'Payload',   'ByteCount',  nil, true ]
+  )
+  SMB_CLOSE_RES_PKT = self.make_nbs(SMB_CLOSE_RES_HDR_PKT)
+  # A SMB template for SMB Delete requests
+  SMB_DELETE_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint16v',  'SearchAttribute',     0 ],
+    [ 'uint16v',  'ByteCount',           0 ],
+    [ 'uint8',    'BufferFormat',        0 ],
+    [ 'string',   'Payload', nil,       '' ]
+  ).create_restraints(
+    [ 'Payload',   'ByteCount',  nil, true ]
+  )
+  SMB_DELETE_PKT = self.make_nbs(SMB_DELETE_HDR_PKT)
+  # A SMB template for SMB Delete responses
+  SMB_DELETE_RES_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint16v',  'ByteCount',           0 ],
+    [ 'string',   'Payload', nil,       '' ]
+  ).create_restraints(
+    [ 'Payload',   'ByteCount',  nil, true ]
+  )
+  SMB_DELETE_RES_PKT = self.make_nbs(SMB_DELETE_RES_HDR_PKT)
+  # A SMB template for SMB Read requests
+  SMB_READ_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint8',    'AndX',                0 ],
+    [ 'uint8',    'Reserved1',           0 ],
+    [ 'uint16v',  'AndXOffset',          0 ],
+    [ 'uint16v',  'FileID',              0 ],
+    [ 'uint32v',  'Offset',              0 ],
+    [ 'uint16v',  'MaxCountLow',         0 ],
+    [ 'uint16v',  'MinCount',            0 ],
+    [ 'uint32v',  'Reserved2',           0 ],
+    [ 'uint16v',  'Remaining',           0 ],
+    [ 'uint32v',  'MaxCountHigh',        0 ],
+    [ 'uint16v',  'ByteCount',           0 ],
+    [ 'string',   'Payload', nil,       '' ]
+  ).create_restraints(
+    [ 'Payload',   'ByteCount',  nil, true ]
+  )
+  SMB_READ_PKT = self.make_nbs(SMB_READ_HDR_PKT)
+  # A SMB template for SMB Read responses
+  SMB_READ_RES_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint8',    'AndX',                0 ],
+    [ 'uint8',    'Reserved1',           0 ],
+    [ 'uint16v',  'AndXOffset',          0 ],
+    [ 'uint16v',  'Remaining',           0 ],
+    [ 'uint16v',  'DataCompaction',      0 ],
+    [ 'uint16v',  'Reserved2',           0 ],
+    [ 'uint16v',  'DataLenLow',          0 ],
+    [ 'uint16v',  'DataOffset',          0 ],
+    [ 'uint32v',  'DataLenHigh',         0 ],
+    [ 'uint32v',  'Reserved3',           0 ],
+    [ 'uint16v',  'Reserved4',           0 ],
+    [ 'uint16v',  'ByteCount',           0 ],
+    [ 'string',   'Payload', nil,       '' ]
+  ).create_restraints(
+    [ 'Payload',   'ByteCount',  nil, true ]
+  )
+  SMB_READ_RES_PKT = self.make_nbs(SMB_READ_RES_HDR_PKT)
+  SMB_READ_RES_HDR_PKT_LENGTH = SMB_HDR_LENGTH + 26
+  # A SMB template for SMB Search requests
+  SMB_SEARCH_HDR_PKT = Rex::Struct2::CStructTemplate.new(
+    [ 'template', 'SMB',                 SMB_HDR ],
+    [ 'uint16v',  'MaxCount',            0 ],
+    [ 'uint16v',  'Attributes',          0 ],
+    [ 'uint16v',  'ByteCount',           0 ],
+    [ 'string',   'Payload', nil,       '' ]
+  ).create_restraints(
+    [ 'Payload',   'ByteCount',  nil, true ]
+  )
+  SMB_SEARCH_PKT = self.make_nbs(SMB_SEARCH_HDR_PKT)
+  # A template for SMB TRANS2_FIND_FIRST response parameters
+  SMB_TRANS2_FIND_FIRST2_RES_PARAMETERS = Rex::Struct2::CStructTemplate.new(
+    ['uint16v', 'SID',            0],
+    ['uint16v', 'SearchCount',    0],
+    ['uint16v', 'EndOfSearch',    0],
+    ['uint16v', 'EaErrorOffset',  0],
+    ['uint16v', 'LastNameOffset', 0]
+  )
+  # A template for SMB_FIND_FILE_BOTH_DIRECTORY_INFO Find information level
+  SMB_FIND_FILE_BOTH_DIRECTORY_INFO_HDR = Rex::Struct2::CStructTemplate.new(
+    ['uint32v', 'NextEntryOffset',   0],
+    ['uint32v', 'FileIndex',         0],
+    ['uint32v', 'loCreationTime',    0],
+    ['uint32v', 'hiCreationTime',    0],
+    ['uint32v', 'loLastAccessTime',  0],
+    ['uint32v', 'hiLastAccessTime',  0],
+    ['uint32v', 'loLastWriteTime',   0],
+    ['uint32v', 'hiLastWriteTime',   0],
+    ['uint32v', 'loLastChangeTime',  0],
+    ['uint32v', 'hiLastChangeTime',  0],
+    ['uint64v', 'EndOfFile',         0],
+    ['uint64v', 'AllocationSize',    0],
+    ['uint32v', 'ExtFileAttributes', 0],
+    ['uint32v', 'FileNameLength',    0],
+    ['uint32v', 'EaSize',            0],
+    ['uint8',   'ShortNameLength',   0],
+    ['uint8',   'Reserved',          0],
+    ['string',  'ShortName', 24, '', "\x00"],
+    ['string',  'FileName', nil, '' ]
+  ).create_restraints(
+    ['FileName', 'FileNameLength',  nil, true]
+  )
+  SMB_FIND_FILE_BOTH_DIRECTORY_INFO_HDR_LENGTH = 94
+  # A template for SMB_FIND_FILE_BOTH_DIRECTORY_INFO Find information level
+  SMB_FIND_FILE_NAMES_INFO_HDR = Rex::Struct2::CStructTemplate.new(
+    ['uint32v', 'NextEntryOffset',   0],
+    ['uint32v', 'FileIndex',         0],
+    ['uint32v', 'FileNameLength',    0],
+    ['string',  'FileName', nil, '' ]
+  ).create_restraints(
+    ['FileName', 'FileNameLength',  nil, true]
+  )
+  SMB_FIND_FILE_NAMES_INFO_HDR_LENGTH = 12
+  # A template for SMB_FIND_FILE_FULL_DIRECTORY_INFO Find information level
+  SMB_FIND_FILE_FULL_DIRECTORY_INFO_HDR = Rex::Struct2::CStructTemplate.new(
+    ['uint32v', 'NextEntryOffset',   0],
+    ['uint32v', 'FileIndex',         0],
+    ['uint32v', 'loCreationTime',    0],
+    ['uint32v', 'hiCreationTime',    0],
+    ['uint32v', 'loLastAccessTime',  0],
+    ['uint32v', 'hiLastAccessTime',  0],
+    ['uint32v', 'loLastWriteTime',   0],
+    ['uint32v', 'hiLastWriteTime',   0],
+    ['uint32v', 'loLastChangeTime',  0],
+    ['uint32v', 'hiLastChangeTime',  0],
+    ['uint64v', 'EndOfFile',         0],
+    ['uint64v', 'AllocationSize',    0],
+    ['uint32v', 'ExtFileAttributes', 0],
+    ['uint32v', 'FileNameLength',    0],
+    ['uint32v', 'EaSize',            0],
+    ['string',  'FileName', nil, '' ]
+  ).create_restraints(
+    ['FileName', 'FileNameLength',  nil, true]
+  )
+  SMB_FIND_FILE_FULL_DIRECTORY_INFO_HDR_LENGTH = 68
+  # A template for SMB FIND_FIRST2 TRANS2 response parameters
+  SMB_TRANS2_QUERY_PATH_INFORMATION_RES_PARAMETERS = Rex::Struct2::CStructTemplate.new(
+    ['uint16v', 'EaErrorOffset',  0]
+  )
+  # A template for SMB_QUERY_FILE_NETWORK_INFO query path information level
+  SMB_QUERY_FILE_NETWORK_INFO_HDR = Rex::Struct2::CStructTemplate.new(
+    ['uint32v', 'loCreationTime',    0],
+    ['uint32v', 'hiCreationTime',    0],
+    ['uint32v', 'loLastAccessTime',  0],
+    ['uint32v', 'hiLastAccessTime',  0],
+    ['uint32v', 'loLastWriteTime',   0],
+    ['uint32v', 'hiLastWriteTime',   0],
+    ['uint32v', 'loLastChangeTime',  0],
+    ['uint32v', 'hiLastChangeTime',  0],
+    ['uint64v', 'AllocationSize', 0],
+    ['uint64v', 'EndOfFile',      0],
+    ['uint32v', 'ExtFileAttributes', 0],
+    ['uint32v', 'Reserved', 0]
+  )
+  SMB_QUERY_FILE_NETWORK_INFO_HDR_LENGTH = 56
+  # A template for SMB_QUERY_FILE_BASIC_INFO query path information level
+  SMB_QUERY_FILE_BASIC_INFO_HDR = Rex::Struct2::CStructTemplate.new(
+    ['uint32v', 'loCreationTime',    0],
+    ['uint32v', 'hiCreationTime',    0],
+    ['uint32v', 'loLastAccessTime',  0],
+    ['uint32v', 'hiLastAccessTime',  0],
+    ['uint32v', 'loLastWriteTime',   0],
+    ['uint32v', 'hiLastWriteTime',   0],
+    ['uint32v', 'loLastChangeTime',  0],
+    ['uint32v', 'hiLastChangeTime',  0],
+    ['uint32v', 'ExtFileAttributes', 0],
+    ['uint32v', 'Reserved', 0]
+  )
+  SMB_QUERY_FILE_BASIC_INFO_HDR_LENGTH = 40
+  # A template for SMB_QUERY_FILE_STANDARD_INFO query path information level
+  SMB_QUERY_FILE_STANDARD_INFO_HDR = Rex::Struct2::CStructTemplate.new(
+    ['uint64v', 'AllocationSize', 0],
+    ['uint64v', 'EndOfFile',      0],
+    ['uint32v', 'NumberOfLinks',  0],
+    ['uint8',   'DeletePending',  0],
+    ['uint8',   'Directory',      0]
+  )
+  SMB_QUERY_FILE_STANDARD_INFO_HDR_LENGTH = 22
+  # A template for SMB_Data blocks of the SMB_COM_TRANSACTION2 requests
+  SMB_DATA_TRANS2 = Rex::Struct2::CStructTemplate.new(
+    ['uint16v', 'SubCommand',          0],
+    ['uint16v', 'ByteCount',           0],
+    ['string',  'Parameters', nil,    '']
+  ).create_restraints(
+    ['Parameters', 'ByteCount',  nil, true]
+  )
+  # A template for SMB_Parameters blocks of the SMB_COM_TRANSACTION2 QUERY_PATH_INFO responses
+  SMB_TRANS2_QUERY_PATH_PARAMETERS = Rex::Struct2::CStructTemplate.new(
+    ['uint16v', 'InformationLevel', 0],
+    ['uint32v', 'Reserved',         0],
+    ['string',  'FileName', nil,   '']
   )
-end
+  # A template for SMB_Parameters blocks of the SMB_COM_TRANSACTION2 QUERY_FILE_INFO responses
+  SMB_TRANS2_QUERY_FILE_PARAMETERS = Rex::Struct2::CStructTemplate.new(
+    ['uint16v', 'FID',              0],
+    ['uint16v', 'InformationLevel', 0]
+  )
-# A raw NetBIOS session template
-NBRAW_HDR_PKT =  Rex::Struct2::CStructTemplate.new(
-  [ 'string', 'Payload', nil, '']
-)
-NBRAW_PKT = self.make_nbs(NBRAW_HDR_PKT)
-# The SMB header template
-SMB_HDR = Rex::Struct2::CStructTemplate.new(
-  [ 'uint32n', 'Magic',             0xff534d42 ],
-  [ 'uint8',   'Command',           0 ],
-  [ 'uint32v', 'ErrorClass',        0 ],
-  [ 'uint8',   'Flags1',            0 ],
-  [ 'uint16v', 'Flags2',            0 ],
-  [ 'uint16v', 'ProcessIDHigh',     0 ],
-  [ 'uint32v', 'Signature1',        0 ],
-  [ 'uint32v', 'Signature2',        0 ],
-  [ 'uint16v', 'Reserved1',         0 ],
-  [ 'uint16v', 'TreeID',            0 ],
-  [ 'uint16v', 'ProcessID',         0 ],
-  [ 'uint16v', 'UserID',            0 ],
-  [ 'uint16v', 'MultiplexID',       0 ],
-  [ 'uint8',   'WordCount',         0 ]
-)
-# The SMB2 header template
-SMB2_HDR = Rex::Struct2::CStructTemplate.new(
-  [ 'uint32n', 'Magic',             0xfe534d42 ],
-  [ 'uint16v', 'HeaderLen',         64 ],
-  [ 'uint16v', 'Reserved0',         0 ],
-  [ 'uint32v', 'NTStatus',          0 ],
-  [ 'uint16v', 'Opcode',            0 ],
-  [ 'uint16v', 'Reserved1',         0 ],
-  [ 'uint16v', 'Flags1',            0 ],
-  [ 'uint16v', 'Flags2',            0 ],
-  [ 'uint32v', 'ChainOffset',       0 ],
-  [ 'uint32v', 'SequenceHigh',      0 ],
-  [ 'uint32v', 'SequenceLow',       0 ],
-  [ 'uint32v', 'ProcessID',         0 ],
-  [ 'uint32v', 'TreeID',            0 ],
-  [ 'uint32v', 'UserIDHigh',        0 ],
-  [ 'uint32v', 'UserIDLow',         0 ],
-  [ 'uint32v', 'SignatureA',        0 ],
-  [ 'uint32v', 'SignatureB',        0 ],
-  [ 'uint32v', 'SignatureC',        0 ],
-  [ 'uint32v', 'SignatureD',        0 ],
-  [ 'string',  'Payload', nil,      '']
-)
-# A basic SMB template to read all responses
-SMB_BASE_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint16v', 'ByteCount',            0 ],
-  [ 'string',  'Payload', nil,        '' ]
-).create_restraints(
-  [ 'Payload', 'ByteCount',  nil, true ]
-)
-SMB_BASE_PKT = self.make_nbs(SMB_BASE_HDR_PKT)
-# A SMB template for SMB Dialect negotiation
-SMB_NEG_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint16v', 'ByteCount',            0 ],
-  [ 'string',  'Payload', nil,        '' ]
-).create_restraints(
-  [ 'Payload', 'ByteCount',  nil, true ]
-)
-SMB_NEG_PKT = self.make_nbs(SMB_NEG_HDR_PKT)
-# A SMB template for SMB Dialect negotiation responses (LANMAN)
-SMB_NEG_RES_LM_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint16v', 'Dialect',              0 ],
-  [ 'uint16v', 'SecurityMode',         0 ],
-  [ 'uint16v', 'MaxBuff',              0 ],
-  [ 'uint16v', 'MaxMPX',               0 ],
-  [ 'uint16v', 'MaxVCS',               0 ],
-  [ 'uint16v', 'RawMode',              0 ],
-  [ 'uint32v', 'SessionKey',           0 ],
-  [ 'uint16v', 'DosTime',              0 ],
-  [ 'uint16v', 'DosDate',              0 ],
-  [ 'uint16v', 'Timezone',             0 ],
-  [ 'uint16v', 'KeyLength',            0 ],
-  [ 'uint16v', 'Reserved1',            0 ],
-  [ 'uint16v', 'ByteCount',            0 ],
-  [ 'string',  'EncryptionKey', nil,  '' ]
-).create_restraints(
-  [ 'EncryptionKey', 'ByteCount',  nil, true ]
-)
-SMB_NEG_RES_LM_PKT = self.make_nbs(SMB_NEG_RES_LM_HDR_PKT)
-# A SMB template for SMB Dialect negotiation responses (NTLM)
-SMB_NEG_RES_NT_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint16v', 'Dialect',              0 ],
-  [ 'uint8',   'SecurityMode',         0 ],
-  [ 'uint16v', 'MaxMPX',               0 ],
-  [ 'uint16v', 'MaxVCS',               0 ],
-  [ 'uint32v', 'MaxBuff',              0 ],
-  [ 'uint32v', 'MaxRaw',               0 ],
-  [ 'uint32v', 'SessionKey',           0 ],
-  [ 'uint32v', 'Capabilities',         0 ],
-  [ 'uint32v', 'SystemTimeLow',        0 ],
-  [ 'uint32v', 'SystemTimeHigh',       0 ],
-  [ 'uint16v', 'ServerTimeZone',       0 ],
-  [ 'uint8',   'KeyLength',            0 ],
-  [ 'uint16v', 'ByteCount',            0 ],
-  [ 'string',  'Payload', nil,        '' ]
-).create_restraints(
-  [ 'Payload', 'ByteCount',  nil, true ]
-)
-SMB_NEG_RES_NT_PKT = self.make_nbs(SMB_NEG_RES_NT_HDR_PKT)
-# A SMB template for SMB Dialect negotiation responses (ERROR)
-SMB_NEG_RES_ERR_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint16v', 'Dialect',              0 ],
-  [ 'uint16v', 'ByteCount',            0 ]
-)
-SMB_NEG_RES_ERR_PKT = self.make_nbs(SMB_NEG_RES_ERR_HDR_PKT)
-# A SMB template for SMB Session Setup responses (LANMAN/NTLMV1)
-SMB_SETUP_RES_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint8',   'AndX',                 0 ],
-  [ 'uint8',   'Reserved1',            0 ],
-  [ 'uint16v', 'AndXOffset',           0 ],
-  [ 'uint16v', 'Action',               0 ],
-  [ 'uint16v', 'ByteCount',            0 ],
-  [ 'string',  'Payload', nil,        '' ]
-).create_restraints(
-  [ 'Payload', 'ByteCount',  nil, true ]
-)
-SMB_SETUP_RES_PKT = self.make_nbs(SMB_SETUP_RES_HDR_PKT)
-# A SMB template for SMB Session Setup requests (LANMAN)
-SMB_SETUP_LANMAN_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint8',   'AndX',                 0 ],
-  [ 'uint8',   'Reserved1',            0 ],
-  [ 'uint16v', 'AndXOffset',           0 ],
-  [ 'uint16v', 'MaxBuff',              0 ],
-  [ 'uint16v', 'MaxMPX',               0 ],
-  [ 'uint16v', 'VCNum',                0 ],
-  [ 'uint32v', 'SessionKey',           0 ],
-  [ 'uint16v', 'PasswordLen',          0 ],
-  [ 'uint32v', 'Reserved2',            0 ],
-  [ 'uint16v', 'ByteCount',            0 ],
-  [ 'string',  'Payload', nil,        '' ]
-).create_restraints(
-  [ 'Payload', 'ByteCount',  nil, true ]
-)
-SMB_SETUP_LANMAN_PKT = self.make_nbs(SMB_SETUP_LANMAN_HDR_PKT)
-# A SMB template for SMB Session Setup requests (NTLMV1)
-SMB_SETUP_NTLMV1_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint8',   'AndX',                 0 ],
-  [ 'uint8',   'Reserved1',            0 ],
-  [ 'uint16v', 'AndXOffset',           0 ],
-  [ 'uint16v', 'MaxBuff',              0 ],
-  [ 'uint16v', 'MaxMPX',               0 ],
-  [ 'uint16v', 'VCNum',                0 ],
-  [ 'uint32v', 'SessionKey',           0 ],
-  [ 'uint16v', 'PasswordLenLM',        0 ],
-  [ 'uint16v', 'PasswordLenNT',        0 ],
-  [ 'uint32v', 'Reserved2',            0 ],
-  [ 'uint32v', 'Capabilities',         0 ],
-  [ 'uint16v', 'ByteCount',            0 ],
-  [ 'string',  'Payload', nil,        '' ]
-).create_restraints(
-  [ 'Payload', 'ByteCount',  nil, true ]
-)
-SMB_SETUP_NTLMV1_PKT = self.make_nbs(SMB_SETUP_NTLMV1_HDR_PKT)
-# A SMB template for SMB Session Setup requests (When extended security is being used)
-SMB_SETUP_NTLMV2_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint8',   'AndX',                 0 ],
-  [ 'uint8',   'Reserved1',            0 ],
-  [ 'uint16v', 'AndXOffset',           0 ],
-  [ 'uint16v', 'MaxBuff',              0 ],
-  [ 'uint16v', 'MaxMPX',               0 ],
-  [ 'uint16v', 'VCNum',                0 ],
-  [ 'uint32v', 'SessionKey',           0 ],
-  [ 'uint16v', 'SecurityBlobLen',      0 ],
-  [ 'uint32v', 'Reserved2',            0 ],
-  [ 'uint32v', 'Capabilities',         0 ],
-  [ 'uint16v', 'ByteCount',            0 ],
-  [ 'string',  'Payload', nil,        '' ]
-).create_restraints(
-  [ 'Payload', 'ByteCount',  nil, true ]
-)
-SMB_SETUP_NTLMV2_PKT = self.make_nbs(SMB_SETUP_NTLMV2_HDR_PKT)
-# A SMB template for SMB Session Setup responses (When extended security is being used)
-SMB_SETUP_NTLMV2_RES_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint8',   'AndX',                 0 ],
-  [ 'uint8',   'Reserved1',            0 ],
-  [ 'uint16v', 'AndXOffset',           0 ],
-  [ 'uint16v', 'Action',               0 ],
-  [ 'uint16v', 'SecurityBlobLen',      0 ],
-  [ 'uint16v', 'ByteCount',            0 ],
-  [ 'string',  'Payload', nil,        '' ]
-).create_restraints(
-  [ 'Payload', 'ByteCount',  nil, true ]
-)
-SMB_SETUP_NTLMV2_RES_PKT = self.make_nbs(SMB_SETUP_NTLMV2_RES_HDR_PKT)
-# A SMB template for SMB Tree Connect requests
-SMB_TREE_CONN_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint8',   'AndX',                 0 ],
-  [ 'uint8',   'Reserved1',            0 ],
-  [ 'uint16v', 'AndXOffset',           0 ],
-  [ 'uint16v', 'Flags',                0 ],
-  [ 'uint16v', 'PasswordLen',          0 ],
-  [ 'uint16v', 'ByteCount',            0 ],
-  [ 'string',  'Payload', nil,        '' ]
-).create_restraints(
-  [ 'Payload', 'ByteCount',  nil, true ]
-)
-SMB_TREE_CONN_PKT = self.make_nbs(SMB_TREE_CONN_HDR_PKT)
-# A SMB template for SMB Tree Connect requests
-SMB_TREE_CONN_RES_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint8',   'AndX',                 0 ],
-  [ 'uint8',   'Reserved1',            0 ],
-  [ 'uint16v', 'AndXOffset',           0 ],
-  [ 'uint16v', 'OptionalSupport',      0 ],
-  [ 'string',  'SupportWords', nil,   '' ],
-  [ 'uint16v', 'ByteCount',            0 ],
-  [ 'string',  'Payload', nil,        '' ]
-).create_restraints(
-  [ 'Payload', 'ByteCount',  nil, true ]
-)
-SMB_TREE_CONN_RES_PKT = self.make_nbs(SMB_TREE_CONN_RES_HDR_PKT)
-# A SMB template for SMB Tree Disconnect requests
-SMB_TREE_DISCONN_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint16v', 'ByteCount',            0 ],
-  [ 'string',  'Payload', nil,        '' ]
-).create_restraints(
-  [ 'Payload', 'ByteCount',  nil, true ]
-)
-SMB_TREE_DISCONN_PKT = self.make_nbs(SMB_TREE_DISCONN_HDR_PKT)
-# A SMB template for SMB Tree Disconnect requests
-SMB_TREE_DISCONN_RES_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint16v', 'ByteCount',            0 ],
-  [ 'string',  'Payload', nil,        '' ]
-).create_restraints(
-  [ 'Payload', 'ByteCount',  nil, true ]
-)
-SMB_TREE_DISCONN_RES_PKT = self.make_nbs(SMB_TREE_DISCONN_RES_HDR_PKT)
-# A SMB template for SMB Transaction requests
-SMB_TRANS_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint16v',  'ParamCountTotal',     0 ],
-  [ 'uint16v',  'DataCountTotal',      0 ],
-  [ 'uint16v',  'ParamCountMax',       0 ],
-  [ 'uint16v',  'DataCountMax',        0 ],
-  [ 'uint8',    'SetupCountMax',       0 ],
-  [ 'uint8',    'Reserved1',           0 ],
-  [ 'uint16v',  'Flags',               0 ],
-  [ 'uint32v',  'Timeout',             0 ],
-  [ 'uint16v',  'Reserved2',           0 ],
-  [ 'uint16v',  'ParamCount',          0 ],
-  [ 'uint16v',  'ParamOffset',         0 ],
-  [ 'uint16v',  'DataCount',           0 ],
-  [ 'uint16v',  'DataOffset',          0 ],
-  [ 'uint8',    'SetupCount',          0 ],
-  [ 'uint8',    'Reserved3',           0 ],
-  [ 'string',   'SetupData', nil,     '' ],
-  [ 'uint16v',  'ByteCount',           0 ],
-  [ 'string',   'Payload', nil,       '' ]
-).create_restraints(
-  [ 'Payload',   'ByteCount',  nil, true ]
-)
-SMB_TRANS_PKT = self.make_nbs(SMB_TRANS_HDR_PKT)
-# A SMB template for SMB Transaction responses
-SMB_TRANS_RES_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint16v',  'ParamCountTotal',     0 ],
-  [ 'uint16v',  'DataCountTotal',      0 ],
-  [ 'uint16v',  'Reserved1',           0 ],
-  [ 'uint16v',  'ParamCount',          0 ],
-  [ 'uint16v',  'ParamOffset',         0 ],
-  [ 'uint16v',  'ParamDisplace',       0 ],
-  [ 'uint16v',  'DataCount',           0 ],
-  [ 'uint16v',  'DataOffset',          0 ],
-  [ 'uint16v',  'DataDisplace',        0 ],
-  [ 'uint8',    'SetupCount',          0 ],
-  [ 'uint8',    'Reserved2',           0 ],
-  [ 'string',   'SetupData', nil,     '' ],
-  [ 'uint16v',  'ByteCount',           0 ],
-  [ 'string',   'Payload', nil,       '' ]
-).create_restraints(
-  [ 'Payload',   'ByteCount',  nil, true ]
-)
-SMB_TRANS_RES_PKT = self.make_nbs(SMB_TRANS_RES_HDR_PKT)
-# A SMB template for SMB Transaction2 requests
-SMB_TRANS2_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint16v',  'ParamCountTotal',     0 ],
-  [ 'uint16v',  'DataCountTotal',      0 ],
-  [ 'uint16v',  'ParamCountMax',       0 ],
-  [ 'uint16v',  'DataCountMax',        0 ],
-  [ 'uint8',    'SetupCountMax',       0 ],
-  [ 'uint8',    'Reserved1',           0 ],
-  [ 'uint16v',  'Flags',               0 ],
-  [ 'uint32v',  'Timeout',             0 ],
-  [ 'uint16v',  'Reserved2',           0 ],
-  [ 'uint16v',  'ParamCount',          0 ],
-  [ 'uint16v',  'ParamOffset',         0 ],
-  [ 'uint16v',  'DataCount',           0 ],
-  [ 'uint16v',  'DataOffset',          0 ],
-  [ 'uint8',    'SetupCount',          0 ],
-  [ 'uint8',    'Reserved3',           0 ],
-  [ 'string',   'SetupData', nil,     '' ],
-  [ 'uint16v',  'ByteCount',           0 ],
-  [ 'string',   'Payload', nil,       '' ]
-).create_restraints(
-  [ 'Payload',   'ByteCount',  nil, true ]
-)
-SMB_TRANS2_PKT = self.make_nbs(SMB_TRANS2_HDR_PKT)
-# A SMB template for SMB NTTransaction requests
-SMB_NTTRANS_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint8',    'SetupCountMax',       0 ],
-  [ 'uint16v',  'Reserved1',           0 ],
-  [ 'uint32v',  'ParamCountTotal',     0 ],
-  [ 'uint32v',  'DataCountTotal',      0 ],
-  [ 'uint32v',  'ParamCountMax',       0 ],
-  [ 'uint32v',  'DataCountMax',        0 ],
-  [ 'uint32v',  'ParamCount',          0 ],
-  [ 'uint32v',  'ParamOffset',         0 ],
-  [ 'uint32v',  'DataCount',           0 ],
-  [ 'uint32v',  'DataOffset',          0 ],
-  [ 'uint8',    'SetupCount',          0 ],
-  [ 'uint16v',  'Subcommand',          0 ],
-  [ 'string',   'SetupData', nil,     '' ],
-  [ 'uint16v',  'ByteCount',           0 ],
-  [ 'string',   'Payload', nil,       '' ]
-).create_restraints(
-  [ 'Payload',   'ByteCount',  nil, true ]
-)
-SMB_NTTRANS_PKT = self.make_nbs(SMB_NTTRANS_HDR_PKT)
-# A SMB template for SMB NTTransaction responses
-SMB_NTTRANS_RES_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint8',    'Reserved1',           0 ],
-  [ 'uint16v',  'Reserved2',           0 ],
-  [ 'uint32v',  'ParamCountTotal',     0 ],
-  [ 'uint32v',  'DataCountTotal',      0 ],
-  [ 'uint32v',  'ParamCount',          0 ],
-  [ 'uint32v',  'ParamOffset',         0 ],
-  [ 'uint32v',  'ParamDisplace',       0 ],
-  [ 'uint32v',  'DataCount',           0 ],
-  [ 'uint32v',  'DataOffset',          0 ],
-  [ 'uint32v',  'DataDisplace',        0 ],
-  [ 'uint8',    'Reserved3',           0 ],
-  [ 'uint16v',  'ByteCount',           0 ],
-  [ 'string',   'Payload', nil,       '' ]
-).create_restraints(
-  [ 'Payload',   'ByteCount',  nil, true ]
-)
-SMB_NTTRANS_RES_PKT = self.make_nbs(SMB_NTTRANS_RES_HDR_PKT)
-# A SMB template for SMB NTTransaction_Secondary requests
-SMB_NTTRANS_SECONDARY_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint8',    'Reserved1',           0 ],
-  [ 'uint16v',  'Reserved2',           0 ],
-  [ 'uint32v',  'ParamCountTotal',     0 ],
-  [ 'uint32v',  'DataCountTotal',      0 ],
-  [ 'uint32v',  'ParamCount',          0 ],
-  [ 'uint32v',  'ParamOffset',         0 ],
-  [ 'uint32v',  'ParamDisplace',       0 ],
-  [ 'uint32v',  'DataCount',           0 ],
-  [ 'uint32v',  'DataOffset',          0 ],
-  [ 'uint32v',  'DataDisplace',        0 ],
-  [ 'uint8',    'SetupCount',          0 ],
-  [ 'string',   'SetupData', nil,     '' ],
-  [ 'uint16v',  'ByteCount',           0 ],
-  [ 'string',   'Payload', nil,       '' ]
-).create_restraints(
-  [ 'Payload',   'ByteCount',  nil, true ]
-)
-SMB_NTTRANS_SECONDARY_PKT = self.make_nbs(SMB_NTTRANS_SECONDARY_HDR_PKT)
-# A SMB template for SMB Create requests
-SMB_CREATE_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint8',    'AndX',                0 ],
-  [ 'uint8',    'Reserved1',           0 ],
-  [ 'uint16v',  'AndXOffset',          0 ],
-  [ 'uint8',    'Reserved2',           0 ],
-  [ 'uint16v',  'FileNameLen',         0 ],
-  [ 'uint32v',  'CreateFlags',         0 ],
-  [ 'uint32v',  'RootFileID',          0 ],
-  [ 'uint32v',  'AccessMask',          0 ],
-  [ 'uint32v',  'AllocLow',            0 ],
-  [ 'uint32v',  'AllocHigh',           0 ],
-  [ 'uint32v',  'Attributes',          0 ],
-  [ 'uint32v',  'ShareAccess',         0 ],
-  [ 'uint32v',  'Disposition',         0 ],
-  [ 'uint32v',  'CreateOptions',       0 ],
-  [ 'uint32v',  'Impersonation',       0 ],
-  [ 'uint8',    'SecurityFlags',       0 ],
-  [ 'uint16v',  'ByteCount',           0 ],
-  [ 'string',   'Payload', nil,        '' ]
-).create_restraints(
-  [ 'Payload', 'ByteCount',  nil, true ]
-)
-SMB_CREATE_PKT = self.make_nbs(SMB_CREATE_HDR_PKT)
-# A SMB template for SMB Create responses
-SMB_CREATE_RES_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint8',    'AndX',                0 ],
-  [ 'uint8',    'Reserved1',           0 ],
-  [ 'uint16v',  'AndXOffset',          0 ],
-  [ 'uint8',    'OpLock',              0 ],
-  [ 'uint16v',  'FileID',              0 ],
-  [ 'uint32v',  'Action',              0 ],
-  [ 'uint32v',  'CreateTimeLow',       0 ],
-  [ 'uint32v',  'CreateTimeHigh',      0 ],
-  [ 'uint32v',  'AccessTimeLow',       0 ],
-  [ 'uint32v',  'AccessTimeHigh',      0 ],
-  [ 'uint32v',  'WriteTimeLow',        0 ],
-  [ 'uint32v',  'WriteTimeHigh',       0 ],
-  [ 'uint32v',  'ChangeTimeLow',       0 ],
-  [ 'uint32v',  'ChangeTimeHigh',      0 ],
-  [ 'uint32v',  'Attributes',          0 ],
-  [ 'uint32v',  'AllocLow',            0 ],
-  [ 'uint32v',  'AllocHigh',           0 ],
-  [ 'uint32v',  'EOFLow',              0 ],
-  [ 'uint32v',  'EOFHigh',             0 ],
-  [ 'uint16v',  'FileType',            0 ],
-  [ 'uint16v',  'IPCState',            0 ],
-  [ 'uint8',    'IsDirectory',         0 ],
-  [ 'uint16v',  'ByteCount',           0 ],
-  [ 'string',   'Payload', nil,       '' ]
-).create_restraints(
-  [ 'Payload', 'ByteCount',  nil, true ]
-)
-SMB_CREATE_RES_PKT = self.make_nbs(SMB_CREATE_RES_HDR_PKT)
-# A SMB template for SMB Write requests
-SMB_WRITE_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint8',    'AndX',                0 ],
-  [ 'uint8',    'Reserved1',           0 ],
-  [ 'uint16v',  'AndXOffset',          0 ],
-  [ 'uint16v',  'FileID',              0 ],
-  [ 'uint32v',  'Offset',              0 ],
-  [ 'uint32v',  'Reserved2',           0 ],
-  [ 'uint16v',  'WriteMode',           0 ],
-  [ 'uint16v',  'Remaining',           0 ],
-  [ 'uint16v',  'DataLenHigh',         0 ],
-  [ 'uint16v',  'DataLenLow',          0 ],
-  [ 'uint16v',  'DataOffset',          0 ],
-  [ 'uint32v',  'DataOffsetHigh',      0 ],
-  [ 'uint16v',  'ByteCount',           0 ],
-  [ 'string',   'Payload', nil,       '' ]
-).create_restraints(
-  [ 'Payload',   'ByteCount',  nil, true ]
-)
-SMB_WRITE_PKT = self.make_nbs(SMB_WRITE_HDR_PKT)
-# A SMB template for SMB Write responses
-SMB_WRITE_RES_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint8',    'AndX',                0 ],
-  [ 'uint8',    'Reserved1',           0 ],
-  [ 'uint16v',  'AndXOffset',          0 ],
-  [ 'uint16v',  'CountLow',            0 ],
-  [ 'uint16v',  'Remaining',           0 ],
-  [ 'uint16v',  'CountHigh',           0 ],
-  [ 'uint16v',  'Reserved2',           0 ],
-  [ 'uint16v',  'ByteCount',           0 ],
-  [ 'string',   'Payload', nil,       '' ]
-).create_restraints(
-  [ 'Payload',   'ByteCount',  nil, true ]
-)
-SMB_WRITE_RES_PKT = self.make_nbs(SMB_WRITE_RES_HDR_PKT)
-# A SMB template for SMB OPEN requests
-SMB_OPEN_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint8',    'AndX',                0 ],
-  [ 'uint8',    'Reserved1',           0 ],
-  [ 'uint16v',  'AndXOffset',          0 ],
-  [ 'uint16v',  'Flags',               0 ],
-  [ 'uint16v',  'Access',              0 ],
-  [ 'uint16v',  'SearchAttributes',    0 ],
-  [ 'uint16v',  'FileAttributes',      0 ],
-  [ 'uint32v',  'CreateTime',          0 ],
-  [ 'uint16v',  'OpenFunction',        0 ],
-  [ 'uint32v',  'AllocSize',           0 ],
-  [ 'uint32v',  'Reserved2',           0 ],
-  [ 'uint32v',  'Reserved3',           0 ],
-  [ 'uint16v',  'ByteCount',           0 ],
-  [ 'string',   'Payload', nil,       '' ]
-).create_restraints(
-  [ 'Payload',   'ByteCount',  nil, true ]
-)
-SMB_OPEN_PKT = self.make_nbs(SMB_OPEN_HDR_PKT)
-# A SMB template for SMB OPEN responses
-SMB_OPEN_RES_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint8',    'AndX',                0 ],
-  [ 'uint8',    'Reserved1',           0 ],
-  [ 'uint16v',  'AndXOffset',          0 ],
-  [ 'uint16v',  'FileID',              0 ],
-  [ 'uint16v',  'FileAttributes',      0 ],
-  [ 'uint32v',  'WriteTime',           0 ],
-  [ 'uint32v',  'FileSize',            0 ],
-  [ 'uint16v',  'FileAccess',          0 ],
-  [ 'uint16v',  'FileType',            0 ],
-  [ 'uint16v',  'IPCState',            0 ],
-  [ 'uint16v',  'Action',              0 ],
-  [ 'uint32v',  'ServerFileID',        0 ],
-  [ 'uint16v',  'Reserved2',           0 ],
-  [ 'uint16v',  'ByteCount',           0 ],
-  [ 'string',   'Payload', nil,       '' ]
-).create_restraints(
-  [ 'Payload',   'ByteCount',  nil, true ]
-)
-SMB_OPEN_RES_PKT = self.make_nbs(SMB_OPEN_RES_HDR_PKT)
-# A SMB template for SMB Close requests
-SMB_CLOSE_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint16v',  'FileID',              0 ],
-  [ 'uint32v',  'LastWrite',           0 ],
-  [ 'uint16v',  'ByteCount',           0 ],
-  [ 'string',   'Payload', nil,       '' ]
-).create_restraints(
-  [ 'Payload',   'ByteCount',  nil, true ]
-)
-SMB_CLOSE_PKT = self.make_nbs(SMB_CLOSE_HDR_PKT)
-# A SMB template for SMB Close responses
-SMB_CLOSE_RES_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint16v',  'ByteCount',           0 ],
-  [ 'string',   'Payload', nil,       '' ]
-).create_restraints(
-  [ 'Payload',   'ByteCount',  nil, true ]
-)
-SMB_CLOSE_RES_PKT = self.make_nbs(SMB_CLOSE_RES_HDR_PKT)
-# A SMB template for SMB Delete requests
-SMB_DELETE_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint16v',  'SearchAttribute',     0 ],
-  [ 'uint16v',  'ByteCount',           0 ],
-  [ 'uint8',    'BufferFormat',        0 ],
-  [ 'string',   'Payload', nil,       '' ]
-).create_restraints(
-  [ 'Payload',   'ByteCount',  nil, true ]
-)
-SMB_DELETE_PKT = self.make_nbs(SMB_DELETE_HDR_PKT)
-# A SMB template for SMB Delete responses
-SMB_DELETE_RES_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint16v',  'ByteCount',           0 ],
-  [ 'string',   'Payload', nil,       '' ]
-).create_restraints(
-  [ 'Payload',   'ByteCount',  nil, true ]
-)
-SMB_DELETE_RES_PKT = self.make_nbs(SMB_DELETE_RES_HDR_PKT)
-# A SMB template for SMB Read requests
-SMB_READ_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint8',    'AndX',                0 ],
-  [ 'uint8',    'Reserved1',           0 ],
-  [ 'uint16v',  'AndXOffset',          0 ],
-  [ 'uint16v',  'FileID',              0 ],
-  [ 'uint32v',  'Offset',              0 ],
-  [ 'uint16v',  'MaxCountLow',         0 ],
-  [ 'uint16v',  'MinCount',            0 ],
-  [ 'uint32v',  'Reserved2',           0 ],
-  [ 'uint16v',  'Remaining',           0 ],
-  [ 'uint32v',  'MaxCountHigh',        0 ],
-  [ 'uint16v',  'ByteCount',           0 ],
-  [ 'string',   'Payload', nil,       '' ]
-).create_restraints(
-  [ 'Payload',   'ByteCount',  nil, true ]
-)
-SMB_READ_PKT = self.make_nbs(SMB_READ_HDR_PKT)
-# A SMB template for SMB Read responses
-SMB_READ_RES_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint8',    'AndX',                0 ],
-  [ 'uint8',    'Reserved1',           0 ],
-  [ 'uint16v',  'AndXOffset',          0 ],
-  [ 'uint16v',  'Remaining',           0 ],
-  [ 'uint16v',  'DataCompaction',      0 ],
-  [ 'uint16v',  'Reserved2',           0 ],
-  [ 'uint16v',  'DataLenLow',          0 ],
-  [ 'uint16v',  'DataOffset',          0 ],
-  [ 'uint32v',  'DataLenHigh',         0 ],
-  [ 'uint32v',  'Reserved3',           0 ],
-  [ 'uint16v',  'Reserved4',           0 ],
-  [ 'uint16v',  'ByteCount',           0 ],
-  [ 'string',   'Payload', nil,       '' ]
-).create_restraints(
-  [ 'Payload',   'ByteCount',  nil, true ]
-)
-SMB_READ_RES_PKT = self.make_nbs(SMB_READ_RES_HDR_PKT)
-# A SMB template for SMB Search requests
-SMB_SEARCH_HDR_PKT = Rex::Struct2::CStructTemplate.new(
-  [ 'template', 'SMB',                 SMB_HDR ],
-  [ 'uint16v',  'MaxCount',            0 ],
-  [ 'uint16v',  'Attributes',          0 ],
-  [ 'uint16v',  'ByteCount',           0 ],
-  [ 'string',   'Payload', nil,       '' ]
-).create_restraints(
-  [ 'Payload',   'ByteCount',  nil, true ]
-)
-SMB_SEARCH_PKT = self.make_nbs(SMB_SEARCH_HDR_PKT)
+  # A template for SMB_Parameters blocks of the SMB_COM_TRANSACTION2 FIND_FIRST2 responses
+  SMB_TRANS2_FIND_FIRST2_PARAMETERS = Rex::Struct2::CStructTemplate.new(
+    ['uint16v', 'SearchAttributes',  0],
+    ['uint16v', 'SearchCount',       0],
+    ['uint16v', 'Flags',             0],
+    ['uint16v', 'InformationLevel',  0],
+    ['uint32v', 'SearchStorageType', 0],
+    ['string',  'FileName', nil,   '']
+  )
+  # A template for SMB Tree Connect commands in responses
+  SMB_TREE_CONN_ANDX_RES_PKT = Rex::Struct2::CStructTemplate.new(
+    ['uint8',   'WordCount',         0],
+    ['uint8',   'AndXCommand',       0],
+    ['uint8',   'AndXReserved',      0],
+    ['uint16v', 'AndXOffset',        0],
+    ['uint16v', 'OptionalSupport',   0],
+    ['uint32v', 'AccessRights',      0],
+    ['uint32v', 'GuestAccessRights', 0],
+    ['uint16v', 'ByteCount',         0],
+    ['string',  'Payload', nil,     '']
+  ).create_restraints(
+    [ 'Payload', 'ByteCount',  nil, true ]
+  )
 end
 end