RubyGems - ruby_smb - Versions diffs - 0.0.21 → 0.0.22 - Mend

ruby_smb 0.0.21 → 0.0.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (62) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/examples/net_share_enum_all.rb +5 -2
data/lib/ruby_smb.rb +1 -1
data/lib/ruby_smb/client.rb +4 -35
data/lib/ruby_smb/dcerpc.rb +7 -22
data/lib/ruby_smb/dcerpc/bind.rb +30 -36
data/lib/ruby_smb/dcerpc/bind_ack.rb +72 -0
data/lib/ruby_smb/dcerpc/error.rb +15 -0
data/lib/ruby_smb/dcerpc/ndr.rb +31 -30
data/lib/ruby_smb/dcerpc/p_syntax_id_t.rb +11 -0
data/lib/ruby_smb/dcerpc/pdu_header.rb +29 -0
data/lib/ruby_smb/dcerpc/ptypes.rb +26 -0
data/lib/ruby_smb/dcerpc/request.rb +17 -30
data/lib/ruby_smb/dcerpc/response.rb +15 -34
data/lib/ruby_smb/dcerpc/srvsvc.rb +5 -7
data/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all.rb +8 -4
data/lib/ruby_smb/dcerpc/uuid.rb +31 -13
data/lib/ruby_smb/smb1/bit_field.rb +0 -1
data/lib/ruby_smb/smb1/bit_field/trans_flags.rb +3 -2
data/lib/ruby_smb/smb1/data_block.rb +5 -0
data/lib/ruby_smb/smb1/dcerpc.rb +67 -0
data/lib/ruby_smb/smb1/packet.rb +1 -0
data/lib/ruby_smb/smb1/packet/trans.rb +7 -1
data/lib/ruby_smb/smb1/packet/trans/data_block.rb +19 -7
data/lib/ruby_smb/smb1/packet/trans/request.rb +36 -25
data/lib/ruby_smb/smb1/packet/trans/response.rb +22 -21
data/lib/ruby_smb/smb1/packet/trans/subcommands.rb +1 -0
data/lib/ruby_smb/smb1/packet/trans/transact_nmpipe_request.rb +61 -0
data/lib/ruby_smb/smb1/packet/trans/transact_nmpipe_response.rb +44 -0
data/lib/ruby_smb/smb1/packet/trans2/request.rb +1 -1
data/lib/ruby_smb/smb1/pipe.rb +3 -0
data/lib/ruby_smb/smb2/dcerpc.rb +68 -0
data/lib/ruby_smb/smb2/pipe.rb +3 -0
data/lib/ruby_smb/version.rb +1 -1
data/spec/lib/ruby_smb/client_spec.rb +53 -6
data/spec/lib/ruby_smb/dcerpc/bind_ack_spec.rb +224 -0
data/spec/lib/ruby_smb/dcerpc/bind_spec.rb +255 -7
data/spec/lib/ruby_smb/dcerpc/p_syntax_id_t_spec.rb +31 -0
data/spec/lib/ruby_smb/dcerpc/pdu_header_spec.rb +84 -0
data/spec/lib/ruby_smb/dcerpc/request_spec.rb +106 -13
data/spec/lib/ruby_smb/dcerpc/response_spec.rb +89 -8
data/spec/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all_spec.rb +176 -0
data/spec/lib/ruby_smb/dcerpc/uuid_spec.rb +97 -1
data/spec/lib/ruby_smb/smb1/data_block_spec.rb +43 -3
data/spec/lib/ruby_smb/smb1/packet/trans/data_block_spec.rb +137 -0
data/spec/lib/ruby_smb/smb1/packet/trans/request_spec.rb +239 -13
data/spec/lib/ruby_smb/smb1/packet/trans/response_spec.rb +122 -13
data/spec/lib/ruby_smb/smb1/packet/trans/transact_nmpipe_request_spec.rb +254 -0
data/spec/lib/ruby_smb/smb1/packet/trans/transact_nmpipe_response_spec.rb +122 -0
data/spec/lib/ruby_smb/smb1/packet/trans2/request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/pipe_spec.rb +199 -1
data/spec/lib/ruby_smb/smb2/file_spec.rb +2 -1
data/spec/lib/ruby_smb/smb2/pipe_spec.rb +196 -1
metadata +25 -10
metadata.gz.sig +0 -0
data/lib/ruby_smb/dcerpc/handle.rb +0 -60
data/lib/ruby_smb/smb1/bit_field/trans2_flags.rb +0 -15
data/spec/lib/ruby_smb/dcerpc/handle_spec.rb +0 -31
data/spec/lib/ruby_smb/dcerpc/srvsvc_spec.rb +0 -13
data/spec/lib/ruby_smb/smb1/bit_field/trans2_flags_spec.rb +0 -26

data/lib/ruby_smb/dcerpc/request.rb CHANGED

@@ -1,43 +1,30 @@
 module RubySMB
   module Dcerpc
-    #http://pubs.opengroup.org/onlinepubs/9629399/chap12.htm
+    # The Request PDU as defined in
+    # [The request PDU](http://pubs.opengroup.org/onlinepubs/9629399/chap12.htm#tagcjh_17_06_04_09)
     class Request < BinData::Record
       endian :little
-      #common fields
-      uint8 :rpc_vers, initial_value: 5 # 00:01 RPC version
-      uint8 :rpc_vers_minor # 01:01 minor version
-      uint8 :ptype # 02:01 request PDU
-      struct :pfc_flags do
-        bit1  :object
-        bit1  :maybe
-        bit1  :did_not_execute
-        bit1  :multiplex
-        bit1  :reserved
-        bit1  :cancel
-        bit1  :last_frag,  initial_value: 1
-        bit1  :first_frag, initial_value: 1
-      end
-      uint32 :packed_drep, initial_value: 0x00000010 # 04:04 NDR data rep format label
-      uint16 :frag_length, initial_value: -> { self.do_num_bytes } # 08:02 total length of fragment
-      uint16 :auth_length # 10:02 length of auth_value
-      uint32 :call_id # 12:04 call identifier
+      pdu_header :pdu_header, label: 'PDU header'
-      #needed on request, response, fault
+      uint32 :alloc_hint,     label: 'Allocation hint',  initial_value: -> { stub.do_num_bytes }
+      uint16 :p_cont_id,      label: 'Presentation context identification'
+      uint16 :opnum,          label: 'Operation Number'
-      uint32 :alloc_hint, initial_value: -> {stub.do_num_bytes} # 16:04 allocation hint
-      uint16 :p_cont_id # 20:02 pres context, i.e. data rep
-      uint16 :opnum # 22:02 operation #within the interface
+      uuid   :object,         label: 'Object UID',      onlyif: -> { pdu_header.pfc_flags.object_uuid == 1 }
-      # optional field for request, only present if the PFC_OBJECT_UUID field is non-zero
+      choice :stub, label: 'Stub', selection: -> { opnum } do
+        net_share_enum_all RubySMB::Dcerpc::Srvsvc::NET_SHARE_ENUM_ALL, host: -> { host }
+      end
-      string :stub, read_length: -> {alloc_hint} # stub data, 8-octet aligned
-      string :auth_verifier_co_t # optional authentication verifier
-      # following fields present iff auth_length != 0 */
+      string :auth_verifier, label: 'Authentication verifier',
+        onlyif: -> { pdu_header.auth_length > 0 },
+        read_length: -> { pdu_header.auth_length }
-      #auth_verifier_co_t   auth_verifier # xx:yy
+      def initialize_instance
+        super
+        pdu_header.ptype = RubySMB::Dcerpc::PTypes::REQUEST
+      end
     end
   end
 end

data/lib/ruby_smb/dcerpc/response.rb CHANGED

@@ -1,46 +1,27 @@
 module RubySMB
   module Dcerpc
-    #http://pubs.opengroup.org/onlinepubs/9629399/chap12.htm
+    # The Response PDU as defined in
+    # [The response PDU](http://pubs.opengroup.org/onlinepubs/9629399/chap12.htm#tagcjh_17_06_04_10)
     class Response < BinData::Record
       endian :little
-      #common fields
-      uint8 :rpc_vers # 00:01 RPC version
-      uint8 :rpc_vers_minor # 01:01 minor version
-      uint8 :ptype # 02:01 request PDU
-      struct :pfc_flags do
-        bit1  :object
-        bit1  :maybe
-        bit1  :did_not_execute
-        bit1  :multiplex
-        bit1  :reserved
-        bit1  :cancel
-        bit1  :last_frag,  initial_value: 1
-        bit1  :first_frag, initial_value: 1
-      end
-      uint32 :packed_drep # 04:04 NDR data rep format label
-      uint16 :frag_length # 08:02 total length of fragment
-      uint16 :auth_length # 10:02 length of auth_value
-      uint32 :call_id # 12:04 call identifier
-      #needed on request, response, fault
+      pdu_header :pdu_header, label: 'PDU header'
-      uint32 :alloc_hint # 16:04 allocation hint
-      uint16 :p_cont_id # 20:02 pres context, i.e. data rep
-      uint16 :cancel_count # 22:02 operation #within the interface
+      uint32 :alloc_hint,    label: 'Allocation hint',  initial_value: -> { stub.do_num_bytes }
+      uint16 :p_cont_id,     label: 'Presentation context identification'
+      uint8  :cancel_count,  label: 'Cancel count'
+      uint8  :reserved
-      # optional field for request, only present if the PFC_OBJECT_UUID field is non-zero
+      string :stub,          label: 'Stub', read_length: -> { pdu_header.frag_length - stub.abs_offset - pdu_header.auth_length }
-      string :stub, length: -> {alloc_hint}
+      string :auth_verifier, label: 'Authentication verifier',
+        onlyif: -> { pdu_header.auth_length > 0 },
+        read_length: -> { pdu_header.auth_length }
-      # stub data, 8-octet aligned
-      # optional authentication verifier
-      # following fields present iff auth_length != 0 */
-      #auth_verifier_co_t   auth_verifier # xx:yy
+      def initialize_instance
+        super
+        pdu_header.ptype = RubySMB::Dcerpc::PTypes::RESPONSE
+      end
     end
   end
 end

data/lib/ruby_smb/dcerpc/srvsvc.rb CHANGED

@@ -2,14 +2,12 @@ module RubySMB
   module Dcerpc
     module Srvsvc
-      class SrvSvcHandle < Dcerpc::NdrLpStr; end
+      UUID = '4b324fc8-1670-01d3-1278-5a47bf6ee188'
+      VER_MAJOR = 3
+      VER_MINOR = 0
-      class SrvSvcSyntax < BinData::Record
-        endian :little
-        uuid   :if_uuid, initial_value: '4b324fc8-1670-01d3-1278-5a47bf6ee188'
-        uint16 :if_ver, initial_value: 3
-        uint16 :if_ver_minor, initial_value: 0
-      end
+      # Operation numbers
+      NET_SHARE_ENUM_ALL = 0xF
       require 'ruby_smb/dcerpc/srvsvc/net_share_enum_all'
     end

data/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all.rb CHANGED

@@ -5,17 +5,16 @@ module RubySMB
       #https://msdn.microsoft.com/en-us/library/cc247293.aspx
       class NetShareEnumAll < BinData::Record
-        Opnum = 0xF
         endian :little
         uint32    :referent_id,  initial_value: 0x00000001
         uint32    :max_count,    initial_value: -> { server_unc.do_num_bytes / 2 }
         uint32    :offset,       initial_value: 0
         uint32    :actual_count, initial_value: -> {max_count}
-        stringz16 :server_unc,       pad_front: false, read_length: -> { actual_count * 2 },
-                                 initial_value: -> {host.encode('utf-16le')}
+        stringz16 :server_unc,   pad_front: false, read_length: -> { actual_count * 2 },
+                                 initial_value: -> {"\\\\#{host.encode('utf-8')}".encode('utf-16le')}
+        string :pad,             length: lambda { pad_length }
         uint32 :level,           initial_value: 1
         uint32 :ctr,             initial_value: 1
@@ -28,6 +27,11 @@ module RubySMB
         uint32 :resume_referent_id, initial_value: 0x00000001
         uint32 :resume_handle,    initial_value: 0
+        def pad_length
+          offset = (server_unc.abs_offset + server_unc.to_binary_s.length) % 4
+          (4 - offset) % 4
+        end
         def self.parse_response(response)
           shares = []

data/lib/ruby_smb/dcerpc/uuid.rb CHANGED

@@ -1,28 +1,46 @@
 module RubySMB
   module Dcerpc
-    #https://msdn.microsoft.com/en-us/library/windows/desktop/aa379358(v=vs.85).aspx
+    # [Universal Unique Identifier](http://pubs.opengroup.org/onlinepubs/9629399/apdxa.htm)
     class Uuid < BinData::Primitive
-      uint32le :time_low
-      uint16le :time_mid
-      uint16le :time_hi_and_version
+      endian :little
+      uint32 :time_low,                  label: 'Low field of the timestamp'
+      uint16 :time_mid,                  label: 'Middle field of the timestamp'
+      uint16 :time_hi_and_version,       label: 'High field of the timestamp multiplexed with the version number'
-      uint16be :clock_seq_hi_and_res
-      uint48be :node
+      uint8  :clock_seq_hi_and_reserved, label: 'High field of the clock sequence multiplexed with the variant'
+      uint8  :clock_seq_low,             label: 'Low field of the clock sequence'
+      array  :node,                      label: 'Spatially unique node identifier', :type => :uint8, initial_length: 6
       def get
-        self.to_binary_s
+        "#{to_string_le(time_low.to_binary_s)}"\
+        "-#{to_string_le(time_mid.to_binary_s)}"\
+        "-#{to_string_le(time_hi_and_version.to_binary_s)}"\
+        "-#{clock_seq_hi_and_reserved.to_hex}#{clock_seq_low.to_hex}"\
+        "-#{node.to_hex}"
       end
       def set(uuid_string)
         components = uuid_string.split('-')
-        self.time_low = components[0].hex
-        self.time_mid = components[1].hex
-        self.time_hi_and_version = components[2].hex
-        self.clock_seq_hi_and_res = components[3].hex
-        self.node = components[4].hex
+        self.time_low.read(to_binary_le(components[0]))
+        self.time_mid.read(to_binary_le(components[1]))
+        self.time_hi_and_version.read(to_binary_le(components[2]))
+        self.clock_seq_hi_and_reserved.read(components[3][0,2].hex.chr)
+        self.clock_seq_low.read(components[3][2,2].hex.chr)
+        self.node.read(components[4].gsub(/../) {|e| e.hex.chr})
+      end
+      private
+      def to_binary_le(str)
+        str.scan(/../).map {|char| char.hex.chr}.reverse.join
+      end
+      def to_string_le(bin)
+        bin.each_byte.map {|byte| byte.to_s(16).rjust(2, '0')}.reverse.join
       end
     end
   end
-end
+end

data/lib/ruby_smb/smb1/bit_field.rb CHANGED

@@ -11,7 +11,6 @@ module RubySMB
       require 'ruby_smb/smb1/bit_field/directory_access_mask'
       require 'ruby_smb/smb1/bit_field/file_access_mask'
       require 'ruby_smb/smb1/bit_field/trans_flags'
-      require 'ruby_smb/smb1/bit_field/trans2_flags'
       require 'ruby_smb/smb1/bit_field/open2_flags'
       require 'ruby_smb/smb1/bit_field/open2_access_mode'
       require 'ruby_smb/smb1/bit_field/open2_open_mode'

data/lib/ruby_smb/smb1/bit_field/trans_flags.rb CHANGED

@@ -1,8 +1,9 @@
 module RubySMB
   module SMB1
     module BitField
-      # The Flags bit-field for a Trans Request Packet
-      # [2.2.4.33.1 Request](https://msdn.microsoft.com/en-us/library/ee441730.aspx)
+      # The Flags bit-field for Trans and Trans2 Request Packets as defined in
+      # [2.2.4.33.1 Request](https://msdn.microsoft.com/en-us/library/ee441730.aspx) and
+      # [2.2.4.46.1 Request](https://msdn.microsoft.com/en-us/library/ee442192.aspx)
       class TransFlags < BinData::Record
         endian  :little
         bit6    :reserved,              label: 'Reserved Space',             initial_value: 0

data/lib/ruby_smb/smb1/data_block.rb CHANGED

@@ -32,11 +32,16 @@ module RubySMB
       def calculate_byte_count
         total_count = 0
         self.class.data_fields.each do |field_name|
+          next unless field_enabled?(field_name)
           field_value = send(field_name)
           total_count += field_value.do_num_bytes
         end
         total_count
       end
+      def field_enabled?(field_name)
+        send("#{field_name}?".to_sym)
+      end
     end
   end
 end

data/lib/ruby_smb/smb1/dcerpc.rb ADDED

@@ -0,0 +1,67 @@
+module RubySMB
+  module SMB1
+    module Dcerpc
+      def net_share_enum_all(host)
+        bind(endpoint: RubySMB::Dcerpc::Srvsvc)
+        response = request(RubySMB::Dcerpc::Srvsvc::NET_SHARE_ENUM_ALL, host: host)
+        shares = RubySMB::Dcerpc::Srvsvc::NetShareEnumAll.parse_response(response.stub.to_binary_s)
+        shares.map{|s|{name: s[0], type: s[1], comment: s[2]}}
+      end
+      def bind(options={})
+        bind_req = RubySMB::Dcerpc::Bind.new(options)
+        write(data: bind_req.to_binary_s)
+        @size = 1024
+        dcerpc_raw_response = read()
+        begin
+          dcerpc_response = RubySMB::Dcerpc::BindAck.read(dcerpc_raw_response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the DCERPC response"
+        end
+        unless dcerpc_response.pdu_header.ptype == RubySMB::Dcerpc::PTypes::BIND_ACK
+          raise RubySMB::Dcerpc::Error::BindError, "Not a BindAck packet"
+        end
+        res_list = dcerpc_response.p_result_list
+        if res_list.n_results == 0 ||
+           res_list.p_results[0].result != RubySMB::Dcerpc::BindAck::ACCEPTANCE
+          raise RubySMB::Dcerpc::Error::BindError,
+            "Bind Failed (Result: #{res_list.p_results[0].result}, Reason: #{res_list.p_results[0].reason})"
+        end
+        dcerpc_response
+      end
+      def request(opnum, options={})
+        dcerpc_request = RubySMB::Dcerpc::Request.new({ :opnum => opnum }, options)
+        request = RubySMB::SMB1::Packet::Trans::TransactNmpipeRequest.new(options)
+        @tree.set_header_fields(request)
+        request.set_fid(@fid)
+        request.data_block.trans_data.write_data = dcerpc_request.to_binary_s
+        trans_nmpipe_raw_response = @tree.client.send_recv(request)
+        trans_nmpipe_response = RubySMB::SMB1::Packet::Trans::TransactNmpipeResponse.read(trans_nmpipe_raw_response)
+        unless trans_nmpipe_response.smb_header.command == RubySMB::SMB1::Commands::SMB_COM_TRANSACTION
+          raise RubySMB::Error::InvalidPacket, 'Not a Trans packet'
+        end
+        unless trans_nmpipe_response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
+          raise RubySMB::Error::UnexpectedStatusCode, trans_nmpipe_response.status_code.name
+        end
+        begin
+          dcerpc_response = RubySMB::Dcerpc::Response.read(trans_nmpipe_response.data_block.trans_data.read_data)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the DCERPC response"
+        end
+        unless dcerpc_response.pdu_header.ptype == RubySMB::Dcerpc::PTypes::RESPONSE
+          raise RubySMB::Dcerpc::Error::InvalidPacket, "Not a Response packet"
+        end
+        dcerpc_response
+      end
+    end
+  end
+end

data/lib/ruby_smb/smb1/packet.rb CHANGED

@@ -30,6 +30,7 @@ module RubySMB
       require 'ruby_smb/smb1/packet/write_andx_response'
       require 'ruby_smb/smb1/packet/close_request'
       require 'ruby_smb/smb1/packet/close_response'
+      require 'ruby_smb/smb1/packet/trans'
     end
   end
 end

data/lib/ruby_smb/smb1/packet/trans.rb CHANGED

@@ -4,10 +4,16 @@ module RubySMB
       # Namespace for the Transaction sub-protocol documented in
       # [2.2.4.33 SMB_COM_TRANSACTION (0x25)](https://msdn.microsoft.com/en-us/library/ee441489.aspx)
       module Trans
-        require 'ruby_smb/smb1/packet/trans/subcommands'
+        MAX_PARAMETER_COUNT = 1024
+        MAX_DATA_COUNT      = 1024
+        MAX_SETUP_COUNT     = 255
         require 'ruby_smb/smb1/packet/trans/data_block'
+        require 'ruby_smb/smb1/packet/trans/subcommands'
         require 'ruby_smb/smb1/packet/trans/request'
         require 'ruby_smb/smb1/packet/trans/response'
+        require 'ruby_smb/smb1/packet/trans/transact_nmpipe_request'
+        require 'ruby_smb/smb1/packet/trans/transact_nmpipe_response'
         require 'ruby_smb/smb1/packet/trans/peek_nmpipe_request'
         require 'ruby_smb/smb1/packet/trans/peek_nmpipe_response'
       end

data/lib/ruby_smb/smb1/packet/trans/data_block.rb CHANGED

@@ -2,6 +2,7 @@ module RubySMB
   module SMB1
     module Packet
       module Trans
         # Extends the {RubySMB::SMB1::DataBlock} to include padding methods
         # that all Trans DataBlocks will need to handle proper byte alignment.
         class DataBlock < RubySMB::SMB1::DataBlock
@@ -18,14 +19,14 @@ module RubySMB
           private
           # Determines the correct length for the padding in front of
-          # trans_parameters. It should always force a 4-byte alignment.
+          # #trans_parameters. It should always force a 4-byte alignment.
           def pad1_length
             if enable_padding
-              offset = if respond_to?(:name)
-                         (name.abs_offset + 1) % 4
-                       else
-                         (byte_count.abs_offset + 2) % 4
-                       end
+              if self.respond_to?(:name)
+                offset = (name.abs_offset + name.to_binary_s.length) % 4
+              else
+                offset = (byte_count.abs_offset + 2) % 4
+              end
               (4 - offset) % 4
             else
               0
@@ -33,7 +34,7 @@ module RubySMB
           end
           # Determines the correct length for the padding in front of
-          # trans_data. It should always force a 4-byte alignment.
+          # #trans_data. It should always force a 4-byte alignment.
           def pad2_length
             if enable_padding
               offset = (trans_parameters.abs_offset + trans_parameters.length) % 4
@@ -42,6 +43,17 @@ module RubySMB
               0
             end
           end
+          # Determines the correct length for the padding in front of
+          # #name. It should always force a 2-byte alignment.
+          def pad_name_length
+            if enable_padding
+              offset = (byte_count.abs_offset + 2) % 2
+              (2 - offset) % 2
+            else
+              0
+            end
+          end
         end
       end
     end

data/lib/ruby_smb/smb1/packet/trans/request.rb CHANGED

@@ -2,37 +2,46 @@ module RubySMB
   module SMB1
     module Packet
       module Trans
-      # A SMB1 SMB_COM_TRANSACTION Request Packet as defined in
-      # [2.2.4.33.1 Request](https://msdn.microsoft.com/en-us/library/ee441730.aspx)
+        # This class represents a generic SMB1 Trans Request Packet as defined in
+        # [2.2.4.33.1 Request](https://msdn.microsoft.com/en-us/library/ee441730.aspx)
         class Request < RubySMB::GenericPacket
           # A SMB1 Parameter Block
           class ParameterBlock < RubySMB::SMB1::ParameterBlock
-            uint16        :total_parameter_count, label: 'Total Parameter Count(bytes)'
-            uint16        :total_data_count,      label: 'Total Data Count(bytes)'
-            uint16        :max_parameter_count,   label: 'Max Parameter Count(bytes)'
-            uint16        :max_data_count,        label: 'Max Data Count(bytes)'
-            uint8         :max_setup_count,       label: 'Max Setup Count'
-            uint8         :reserved,              label: 'Reserved Space',         initial_value: 0x00
-            trans_flags   :flags
-            uint32        :timeout,               label: 'Timeout',                initial_value: 0x00000000
-            uint16        :reserved2,             label: 'Reserved Space',         initial_value: 0x00
-            uint16        :parameter_count,       label: 'Parameter Count(bytes)', initial_value: -> { parent.data_block.trans_parameters.length }
-            uint16        :parameter_offset,      label: 'Parameter Offset',       initial_value: -> { parent.data_block.trans_parameters.abs_offset }
-            uint16        :data_count,            label: 'Data Count(bytes)',      initial_value: -> { parent.data_block.trans_data.length }
-            uint16        :data_offset,           label: 'Data Offset',            initial_value: -> { parent.data_block.trans_data.abs_offset }
-            uint8         :setup_count,           label: 'Setup Count',            initial_value: -> { setup.length }
-            uint8         :reserved3,             label: 'Reserved Space',         initial_value: 0x00
-            array :setup, type: :uint16, initial_length: 0
+            uint16      :total_parameter_count, label: 'Total Parameter Count(bytes)', initial_value: -> { parameter_count }
+            uint16      :total_data_count,      label: 'Total Data Count(bytes)',      initial_value: -> { data_count }
+            uint16      :max_parameter_count,   label: 'Max Parameter Count(bytes)',   initial_value: Trans::MAX_PARAMETER_COUNT
+            uint16      :max_data_count,        label: 'Max Data Count(bytes)',        initial_value: Trans::MAX_DATA_COUNT
+            uint8       :max_setup_count,       label: 'Max Setup Count',              initial_value: Trans::MAX_SETUP_COUNT
+            uint8       :reserved,              label: 'Reserved Space',         value: 0x00
+            trans_flags :flags
+            uint32      :timeout,               label: 'Timeout',                initial_value: 0x00000000
+            uint16      :reserved2,             label: 'Reserved Space',         value: 0x0000
+            uint16      :parameter_count,       label: 'Parameter Count(bytes)', initial_value: -> { parent.data_block.trans_parameters.length }
+            uint16      :parameter_offset,      label: 'Parameter Offset',       initial_value: -> { parent.data_block.trans_parameters.abs_offset }
+            uint16      :data_count,            label: 'Data Count(bytes)',      initial_value: -> { parent.data_block.trans_data.length }
+            uint16      :data_offset,           label: 'Data Offset',            initial_value: -> { parent.data_block.trans_data.abs_offset }
+            uint8       :setup_count,           label: 'Setup Count',            initial_value: -> { setup.length }
+            uint8       :reserved3,             label: 'Reserved Space',         value: 0x00
+            array       :setup,                 type:  :uint16,                  initial_length: :setup_count
           end
           # The {RubySMB::SMB1::DataBlock} specific to this packet type.
           class DataBlock < RubySMB::SMB1::Packet::Trans::DataBlock
-            stringz :name,              label: 'Name', initial_value: ""
-            string :pad1,               length: -> { pad1_length }
-            string :trans_parameters,   label: 'Trans Parameters'
-            string :pad2,               length: -> { pad2_length }
-            string :trans_data,         label: 'Trans Data'
+            # If unicode is set, the name field must be aligned to start on a 2-byte
+            # boundary from the start of the SMB header:
+            string :pad_name, length: -> { pad_name_length },
+                              onlyif: -> { parent.smb_header.flags2.unicode.to_i == 1 }
+            choice :name, :selection      => lambda { parent.smb_header.flags2.unicode.to_i },
+                          :copy_on_change => true do
+              stringz   0, label: 'Name', initial_value: "\\PIPE\\"
+              stringz16 1, label: 'Name', initial_value: "\\PIPE\\".encode('utf-16le')
+            end
+            string :pad1,             length: lambda { pad1_length }
+            string :trans_parameters, label: 'Trans Parameters', read_length: -> { parent.parameter_block.parameter_count }
+            string :pad2,             length: lambda { pad2_length }
+            string :trans_data,       label: 'Trans Data',       read_length: -> { parent.parameter_block.data_count }
           end
           smb_header        :smb_header
@@ -43,8 +52,10 @@ module RubySMB
             super
             smb_header.command = RubySMB::SMB1::Commands::SMB_COM_TRANSACTION
           end
         end
       end
     end
   end
-end
+end