ruby_smb 3.0.0 → 3.0.4

data/lib/ruby_smb/signing.rb

@@ -8,24 +8,35 @@ module RubySMB
 
     # Take an SMB1 packet and sign it.
     #
-    # @param packet [RubySMB::GenericPacket] the packet to sign
+    # @param [RubySMB::GenericPacket] packet The packet to sign.
     # @return [RubySMB::GenericPacket] the signed packet
     def smb1_sign(packet)
       # Pack the Sequence counter into a int64le
-      packed_sequence_counter = [sequence_counter].pack('Q<')
+      packed_sequence_counter = [@sequence_counter].pack('Q<')
       packet.smb_header.security_features = packed_sequence_counter
-      signature = OpenSSL::Digest::MD5.digest(session_key + packet.to_binary_s)[0, 8]
+      signature = OpenSSL::Digest::MD5.digest(@session_key + packet.to_binary_s)[0, 8]
       packet.smb_header.security_features = signature
       @sequence_counter += 1
 
       packet
     end
 
-    # Take an SMB2 packet and sign it.
+    # Take an SMB2 packet and sign it. This version is an instance method that
+    # accesses the necessary values from the object instance.
     #
-    # @param packet [RubySMB::GenericPacket] the packet to sign
+    # @param [RubySMB::GenericPacket] packet The packet to sign.
     # @return [RubySMB::GenericPacket] the signed packet
     def smb2_sign(packet)
+      Signing::smb2_sign(packet, @session_key)
+    end
+
+    # Take an SMB2 packet and sign it. This version is a module function that
+    # requires the necessary values to be explicitly passed to it.
+    #
+    # @param [RubySMB::GenericPacket] packet The packet to sign.
+    # @param [String] session_key The key to use for signing.
+    # @return [RubySMB::GenericPacket] the signed packet
+    def self.smb2_sign(packet, session_key)
       packet.smb2_header.flags.signed = 1
       packet.smb2_header.signature = "\x00" * 16
       hmac = OpenSSL::HMAC.digest(OpenSSL::Digest.new('SHA256'), session_key, packet.to_binary_s)
@@ -34,18 +45,33 @@ module RubySMB
       packet
     end
 
-    # Take an SMB3 packet and sign it.
+    # Take an SMB3 packet and sign it. This version is an instance method that
+    # accesses the necessary values from the object instance.
     #
-    # @param packet [RubySMB::GenericPacket] the packet to sign
+    # @param [RubySMB::GenericPacket] packet The packet to sign.
     # @return [RubySMB::GenericPacket] the signed packet
     def smb3_sign(packet)
-      case @dialect
+      Signing::smb3_sign(packet, @session_key, @dialect, @preauth_integrity_hash_value)
+    end
+
+    # Take an SMB3 packet and sign it. This version is a module function that
+    # requires the necessary values to be explicitly passed to it.
+    #
+    # @param [RubySMB::GenericPacket] packet The packet to sign.
+    # @param [String] session_key The key to use for signing.
+    # @param [String] dialect The SMB3 dialect to sign for.
+    # @param [String] preauth_integrity_hash The preauth integrity hash as
+    #   required by the 3.1.1 dialect.
+    # @return [RubySMB::GenericPacket] the signed packet
+    def self.smb3_sign(packet, session_key, dialect, preauth_integrity_hash=nil)
+      case dialect
       when '0x0300', '0x0302'
-        signing_key = Crypto::KDF.counter_mode(@session_key, "SMB2AESCMAC\x00", "SmbSign\x00")
+        signing_key = Crypto::KDF.counter_mode(session_key, "SMB2AESCMAC\x00", "SmbSign\x00")
       when '0x0311'
-        signing_key = Crypto::KDF.counter_mode(@session_key, "SMBSigningKey\x00", @preauth_integrity_hash_value)
+        raise ArgumentError.new('the preauth integrity hash is required for the specified dialect') if preauth_integrity_hash.nil?
+        signing_key = Crypto::KDF.counter_mode(session_key, "SMBSigningKey\x00", preauth_integrity_hash)
       else
-        raise Error::SigningError.new("Dialect #{@dialect.inspect} is incompatible with SMBv3 signing")
+        raise Error::SigningError.new("Dialect #{dialect.inspect} is incompatible with SMBv3 signing")
       end
 
       packet.smb2_header.flags.signed = 1

data/lib/ruby_smb/smb1/commands.rb

@@ -17,6 +17,10 @@ module RubySMB
       SMB_COM_NT_TRANSACT_SECONDARY   = 0xA1
       SMB_COM_NT_CREATE_ANDX          = 0xA2
       SMB_COM_NO_ANDX_COMMAND         = 0xFF
+
+      def self.name(value)
+        constants.select { |c| c.upcase == c }.find { |c| const_get(c) == value }
+      end
     end
   end
 end

data/lib/ruby_smb/smb1/tree.rb

@@ -59,8 +59,8 @@ module RubySMB
         # Make sure we don't modify the caller's hash options
         opts = opts.dup
         opts[:filename] = opts[:filename].dup
-        opts[:filename].prepend('\\') unless opts[:filename].start_with?('\\')
-        open_file(**opts)
+        opts[:filename].prepend('\\') unless opts[:filename].start_with?('\\'.encode(opts[:filename].encoding))
+        _open(**opts)
       end
 
       # Open a file on the remote share.
@@ -80,83 +80,12 @@ module RubySMB
       # @return [RubySMB::SMB1::File] handle to the created file
       # @raise [RubySMB::Error::InvalidPacket] if the response command is not SMB_COM_NT_CREATE_ANDX
       # @raise [RubySMB::Error::UnexpectedStatusCode] if the response NTStatus is not STATUS_SUCCESS
-      def open_file(filename:, flags: nil, options: nil, disposition: RubySMB::Dispositions::FILE_OPEN,
-                    impersonation: RubySMB::ImpersonationLevels::SEC_IMPERSONATE, read: true, write: false, delete: false)
-        nt_create_andx_request = RubySMB::SMB1::Packet::NtCreateAndxRequest.new
-        nt_create_andx_request = set_header_fields(nt_create_andx_request)
-
-        nt_create_andx_request.parameter_block.ext_file_attributes.normal = 1
-
-        if flags
-          nt_create_andx_request.parameter_block.flags = flags
-        else
-          nt_create_andx_request.parameter_block.flags.request_extended_response = 1
-        end
-
-        if options
-          nt_create_andx_request.parameter_block.create_options = options
-        else
-          nt_create_andx_request.parameter_block.create_options.directory_file     = 0
-          nt_create_andx_request.parameter_block.create_options.non_directory_file = 1
-        end
-
-        if read
-          nt_create_andx_request.parameter_block.share_access.share_read     = 1
-          nt_create_andx_request.parameter_block.desired_access.read_data    = 1
-          nt_create_andx_request.parameter_block.desired_access.read_ea      = 1
-          nt_create_andx_request.parameter_block.desired_access.read_attr    = 1
-          nt_create_andx_request.parameter_block.desired_access.read_control = 1
-        end
-
-        if write
-          nt_create_andx_request.parameter_block.share_access.share_write   = 1
-          nt_create_andx_request.parameter_block.desired_access.write_data  = 1
-          nt_create_andx_request.parameter_block.desired_access.append_data = 1
-          nt_create_andx_request.parameter_block.desired_access.write_ea    = 1
-          nt_create_andx_request.parameter_block.desired_access.write_attr  = 1
-        end
-
-        if delete
-          nt_create_andx_request.parameter_block.share_access.share_delete    = 1
-          nt_create_andx_request.parameter_block.desired_access.delete_access = 1
-        end
-
-        nt_create_andx_request.parameter_block.impersonation_level = impersonation
-        nt_create_andx_request.parameter_block.create_disposition  = disposition
-
-        unicode_enabled = nt_create_andx_request.smb_header.flags2.unicode == 1
-        nt_create_andx_request.data_block.file_name = add_null_termination(str: filename, unicode: unicode_enabled)
-
-        raw_response = @client.send_recv(nt_create_andx_request)
-        response = RubySMB::SMB1::Packet::NtCreateAndxResponse.read(raw_response)
-        unless response.valid?
-          if response.is_a?(RubySMB::SMB1::Packet::EmptyPacket) &&
-               response.smb_header.protocol == RubySMB::SMB1::SMB_PROTOCOL_ID &&
-               response.smb_header.command == response.original_command
-            raise RubySMB::Error::InvalidPacket.new(
-              'The response seems to be an SMB1 NtCreateAndxResponse but an '\
-              'error occurs while parsing it. It is probably missing the '\
-              'required extended information.'
-            )
-          end
-          raise RubySMB::Error::InvalidPacket.new(
-            expected_proto: RubySMB::SMB1::SMB_PROTOCOL_ID,
-            expected_cmd:   RubySMB::SMB1::Packet::NtCreateAndxResponse::COMMAND,
-            packet:         response
-          )
-        end
-        unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
-          raise RubySMB::Error::UnexpectedStatusCode, response.status_code
-        end
-
-        case response.parameter_block.resource_type
-        when RubySMB::SMB1::ResourceType::BYTE_MODE_PIPE, RubySMB::SMB1::ResourceType::MESSAGE_MODE_PIPE
-          RubySMB::SMB1::Pipe.new(name: filename, tree: self, response: response)
-        when RubySMB::SMB1::ResourceType::DISK
-          RubySMB::SMB1::File.new(name: filename, tree: self, response: response)
-        else
-          raise RubySMB::Error::RubySMBError
-        end
+      def open_file(opts)
+        # Make sure we don't modify the caller's hash options
+        opts = opts.dup
+        opts[:filename] = opts[:filename].dup
+        opts[:filename] = opts[:filename][1..-1] if opts[:filename].start_with?('\\'.encode(opts[:filename].encoding))
+        _open(**opts)
       end
 
       # List `directory` on the remote share.
@@ -264,6 +193,85 @@ module RubySMB
 
       private
 
+      def _open(filename:, flags: nil, options: nil, disposition: RubySMB::Dispositions::FILE_OPEN,
+                impersonation: RubySMB::ImpersonationLevels::SEC_IMPERSONATE, read: true, write: false, delete: false)
+        nt_create_andx_request = RubySMB::SMB1::Packet::NtCreateAndxRequest.new
+        nt_create_andx_request = set_header_fields(nt_create_andx_request)
+
+        nt_create_andx_request.parameter_block.ext_file_attributes.normal = 1
+
+        if flags
+          nt_create_andx_request.parameter_block.flags = flags
+        else
+          nt_create_andx_request.parameter_block.flags.request_extended_response = 1
+        end
+
+        if options
+          nt_create_andx_request.parameter_block.create_options = options
+        else
+          nt_create_andx_request.parameter_block.create_options.directory_file     = 0
+          nt_create_andx_request.parameter_block.create_options.non_directory_file = 1
+        end
+
+        if read
+          nt_create_andx_request.parameter_block.share_access.share_read     = 1
+          nt_create_andx_request.parameter_block.desired_access.read_data    = 1
+          nt_create_andx_request.parameter_block.desired_access.read_ea      = 1
+          nt_create_andx_request.parameter_block.desired_access.read_attr    = 1
+          nt_create_andx_request.parameter_block.desired_access.read_control = 1
+        end
+
+        if write
+          nt_create_andx_request.parameter_block.share_access.share_write   = 1
+          nt_create_andx_request.parameter_block.desired_access.write_data  = 1
+          nt_create_andx_request.parameter_block.desired_access.append_data = 1
+          nt_create_andx_request.parameter_block.desired_access.write_ea    = 1
+          nt_create_andx_request.parameter_block.desired_access.write_attr  = 1
+        end
+
+        if delete
+          nt_create_andx_request.parameter_block.share_access.share_delete    = 1
+          nt_create_andx_request.parameter_block.desired_access.delete_access = 1
+        end
+
+        nt_create_andx_request.parameter_block.impersonation_level = impersonation
+        nt_create_andx_request.parameter_block.create_disposition  = disposition
+
+        unicode_enabled = nt_create_andx_request.smb_header.flags2.unicode == 1
+        nt_create_andx_request.data_block.file_name = add_null_termination(str: filename, unicode: unicode_enabled)
+
+        raw_response = @client.send_recv(nt_create_andx_request)
+        response = RubySMB::SMB1::Packet::NtCreateAndxResponse.read(raw_response)
+        unless response.valid?
+          if response.is_a?(RubySMB::SMB1::Packet::EmptyPacket) &&
+               response.smb_header.protocol == RubySMB::SMB1::SMB_PROTOCOL_ID &&
+               response.smb_header.command == response.original_command
+            raise RubySMB::Error::InvalidPacket.new(
+              'The response seems to be an SMB1 NtCreateAndxResponse but an '\
+              'error occurs while parsing it. It is probably missing the '\
+              'required extended information.'
+            )
+          end
+          raise RubySMB::Error::InvalidPacket.new(
+            expected_proto: RubySMB::SMB1::SMB_PROTOCOL_ID,
+            expected_cmd:   RubySMB::SMB1::Packet::NtCreateAndxResponse::COMMAND,
+            packet:         response
+          )
+        end
+        unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
+          raise RubySMB::Error::UnexpectedStatusCode, response.status_code
+        end
+
+        case response.parameter_block.resource_type
+        when RubySMB::SMB1::ResourceType::BYTE_MODE_PIPE, RubySMB::SMB1::ResourceType::MESSAGE_MODE_PIPE
+          RubySMB::SMB1::Pipe.new(name: filename, tree: self, response: response)
+        when RubySMB::SMB1::ResourceType::DISK
+          RubySMB::SMB1::File.new(name: filename, tree: self, response: response)
+        else
+          raise RubySMB::Error::RubySMBError
+        end
+      end
+
       # Sets ParameterBlock options for FIND_FIRST2 and
       # FIND_NEXT2 requests. In particular we need to do this
       # to tell the server to ignore the Trans2DataBlock as we are

data/lib/ruby_smb/smb1.rb

@@ -5,7 +5,6 @@ module RubySMB
     # Protocol ID value. Translates to \xFFSMB
     SMB_PROTOCOL_ID = 0xFF534D42
 
-    require 'ruby_smb/smb1/create_actions'
     require 'ruby_smb/smb1/oplock_levels'
     require 'ruby_smb/smb1/resource_type'
     require 'ruby_smb/smb1/commands'

data/lib/ruby_smb/smb2/bit_field/smb2_header_flags.rb

@@ -5,7 +5,8 @@ module RubySMB
       # [2.2.1.2 SMB2 Packet Header - SYNC](https://msdn.microsoft.com/en-us/library/cc246529.aspx)
       class Smb2HeaderFlags < BinData::Record
         endian  :little
-        bit4    :reserved3,           label: 'Reserved', initial_value: 0
+        bit1    :reserved3,           label: 'Reserved', initial_value: 0
+        bit3    :priority,            label: 'Priority'
         bit1    :signed,              label: 'Packet Signed'
         bit1    :related_operations,  label: 'Chained Request'
         bit1    :async_command,       label: 'ASYNC Command', initial_value: 0

data/lib/ruby_smb/smb2/commands.rb

@@ -20,6 +20,10 @@ module RubySMB
       CHANGE_NOTIFY   = 0x0f
       QUERY_INFO      = 0x10
       SET_INFO        = 0x11
+
+      def self.name(value)
+        constants.select { |c| c.upcase == c }.find { |c| const_get(c) == value }
+      end
     end
   end
 end

data/lib/ruby_smb/smb2/create_context/request.rb

@@ -0,0 +1,64 @@
+require 'ruby_smb/dcerpc/uuid'
+
+module RubySMB
+  module SMB2
+    module CreateContext
+      # [2.2.13.2.3 SMB2_CREATE_DURABLE_HANDLE_REQUEST](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/9999d870-b664-4e51-a187-1c3c16a1ae1c)
+      class CreateDurableHandleRequest < BinData::Record
+        NAME = CREATE_DURABLE_HANDLE
+
+        endian :little
+        string :reserved, label: 'Reserved', length: 16
+      end
+
+      # [2.2.13.2.11 SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/5e361a29-81a7-4774-861d-f290ea53a00e)
+      class CreateDurableHandleV2Request < BinData::Record
+        NAME = CREATE_DURABLE_HANDLE_V2
+
+        endian :little
+        uint32 :timeout,    label: 'Timeout'
+        struct :flags,      label: 'Flags' do
+          bit6 :reserved
+          bit1 :persistent, label: 'Persistent Handle'
+          bit1 :reserved1
+          skip length: 3
+        end
+        string :reserved,    length: 8
+        uuid   :create_guid, label: 'Create GUID'
+      end
+
+      # [2.2.13.2.5 SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQUEST](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/5ea40835-5d40-4e85-977d-13cd745d3af8)
+      class CreateQueryMaximalAccessRequest < BinData::Record
+        NAME = CREATE_QUERY_MAXIMAL_ACCESS
+
+        default_parameter length: 0
+
+        endian :little
+        file_time  :timestamp, label: 'Timestamp', onlyif: -> { length != 0 }
+      end
+
+      # [2.2.13.2.9 SMB2_CREATE_QUERY_ON_DISK_ID](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/6eb9162a-3278-4513-988a-6b52bed30fc3)
+      class CreateQueryOnDiskIdRequest < BinData::Record
+        NAME = CREATE_QUERY_ON_DISK_ID
+
+        endian :little
+      end
+
+      class CreateContextRequest < CreateContext
+        delayed_io :data, read_abs_offset: -> { abs_offset + data_offset } do
+          choice  :data, selection: -> { name.snapshot } do
+            create_durable_handle_request       CREATE_DURABLE_HANDLE,       length: :data_length
+            create_durable_handle_v2_request    CREATE_DURABLE_HANDLE_V2,    length: :data_length
+            create_query_maximal_access_request CREATE_QUERY_MAXIMAL_ACCESS, length: :data_length
+            create_query_on_disk_id_request     CREATE_QUERY_ON_DISK_ID,     length: :data_length
+            string                              :default,                    read_length: :data_length
+          end
+        end
+      end
+
+      class CreateContextArrayRequest < CreateContextArray
+        default_parameters type: :create_context_request
+      end
+    end
+  end
+end

data/lib/ruby_smb/smb2/create_context/response.rb

@@ -0,0 +1,62 @@
+module RubySMB
+  module SMB2
+    module CreateContext
+      # [2.2.14.2.3 SMB2_CREATE_DURABLE_HANDLE_RESPONSE](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/a3a11598-f228-47da-82bb-9418b9397041)
+      class CreateDurableHandleResponse < BinData::Record
+        NAME = CREATE_DURABLE_HANDLE
+
+        endian :little
+        string :reserved, label: 'Reserved', length: 8
+      end
+
+      # [2.2.14.2.12 SMB2_CREATE_DURABLE_HANDLE_RESPONSE_V2](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/48c1049f-25a4-4f23-9a57-11ddd72ce985)
+      class CreateDurableHandleV2Response < BinData::Record
+        NAME = CREATE_DURABLE_HANDLE_V2
+
+        endian :little
+        uint32 :timeout,    label: 'Timeout'
+        struct :flags,      label: 'Flags' do
+          bit6 :reserved
+          bit1 :persistent, label: 'Persistent Handle'
+          bit1 :reserved1
+          skip length: 3
+        end
+      end
+
+      # [2.2.14.2.5 SMB2_CREATE_QUERY_MAXIMAL_ACCESS_RESPONSE](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/0fe6be15-3a76-4032-9a44-56f846ac6244)
+      class CreateQueryMaximalAccessResponse < BinData::Record
+        NAME = CREATE_QUERY_MAXIMAL_ACCESS
+
+        endian :little
+        nt_status         :query_status,   label: 'Query Status'
+        file_access_mask  :maximal_access, label: 'Maximal Access'
+      end
+
+      # [2.2.14.2.9 SMB2_CREATE_QUERY_ON_DISK_ID](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/5c977939-1d8f-4774-9111-21e9195f3aca)
+      class CreateQueryOnDiskIdResponse < BinData::Record
+        NAME = CREATE_QUERY_ON_DISK_ID
+
+        endian :little
+        uint64   :disk_file_id, label: 'Disk File Id', initial_value: 0xffffffffffffffff
+        uint64   :volume_id,    label: 'Volume Id'
+        string   :reserved,     label: 'Reserved', length: 16
+      end
+
+      class CreateContextResponse < CreateContext
+        delayed_io :data, read_abs_offset: -> { abs_offset + data_offset } do
+          choice  :data, selection: -> { name.snapshot } do
+            create_durable_handle_response       CREATE_DURABLE_HANDLE,       length: :data_length
+            create_durable_handle_v2_response    CREATE_DURABLE_HANDLE_V2,    length: :data_length
+            create_query_maximal_access_response CREATE_QUERY_MAXIMAL_ACCESS, length: :data_length
+            create_query_on_disk_id_response     CREATE_QUERY_ON_DISK_ID,     length: :data_length
+            string                               :default,                    read_length: :data_length
+          end
+        end
+      end
+
+      class CreateContextArrayResponse < CreateContextArray
+        default_parameters type: :create_context_response
+      end
+    end
+  end
+end

data/lib/ruby_smb/smb2/create_context.rb

@@ -1,29 +1,81 @@
 module RubySMB
   module SMB2
-    # An SMB2_CREATE_CONTEXT struct as defined in
-    # [2.2.13.2 SMB2_CREATE_CONTEXT Request Values](https://msdn.microsoft.com/en-us/library/cc246504.aspx)
-    class CreateContext < BinData::Record
-      endian  :little
-
-      uint32  :next_offset, label: 'Offset to next Context'
-      uint16  :name_offset, label: 'Offset to Name/Tag',      initial_value:  -> { name.rel_offset }
-      uint16  :name_length, label: 'Length of Name/Tag',      initial_value:  -> { name.length }
-      uint16  :reserved,    label: 'Reserved Space'
-      uint16  :data_offset, label: 'Offset to data',          initial_value:  -> { calc_data_offset }
-      uint32  :data_length, label: 'Length of data',          initial_value:  -> { data.length }
-      string  :name,        label: 'Name'
-      uint32  :reserved2,   label: 'Reserved Space'
-      string  :data,        label: 'Data'
-
-      private
-
-      def calc_data_offset
-        if data.empty?
-          0
-        else
-          data.rel_offset
+    module CreateContext
+      # Create name constants. Requests and responses have a shared name but some have different structures. Names are
+      # normalized to remove the request/response portion.
+      # [2.2.13.2 SMB2_CREATE_CONTEXT Request Values](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/75364667-3a93-4e2c-b771-592d8d5e876d)
+      CREATE_EA_BUFFER = 'ExtA'.freeze
+      CREATE_SD_BUFFER = 'SecD'.freeze
+      CREATE_DURABLE_HANDLE = 'DHnQ'.freeze
+      CREATE_DURABLE_HANDLE_RECONNECT = 'DHnC'.freeze
+      CREATE_ALLOCATION_SIZE = 'AISi'.freeze
+      CREATE_QUERY_MAXIMAL_ACCESS = 'MxAc'.freeze
+      CREATE_TIMEWARP_TOKEN = 'TWrp'.freeze
+      CREATE_QUERY_ON_DISK_ID = 'QFid'.freeze
+      CREATE_LEASE = 'RqLs'.freeze
+      CREATE_LEASE_V2 = 'RqLs'.freeze
+      CREATE_DURABLE_HANDLE_V2 = 'DH2Q'.freeze
+      CREATE_DURABLE_HANDLE_RECONNECT_v2 = 'DH2C'.freeze
+      CREATE_APP_INSTANCE_ID = "\x45\xBC\xA6\x6A\xEF\xA7\xF7\x4A\x90\x08\xFA\x46\x2E\x14\x4D\x74".b.freeze
+      CREATE_APP_INSTANCE_VERSION = "\xB9\x82\xD0\xB7\x3B\x56\x07\x4F\xA0\x7B\x52\x4A\x81\x16\xA0\x10".b.freeze
+      SVHDX_OPEN_DEVICE_CONTEXT = "\x9C\xCB\xCF\x9E\x04\xC1\xE6\x43\x98\x0E\x15\x8D\xA1\xF6\xEC\x83".b.freeze
+
+      # An SMB2_CREATE_CONTEXT struct as defined in
+      # [2.2.13.2 SMB2_CREATE_CONTEXT Request Values](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/75364667-3a93-4e2c-b771-592d8d5e876d?redirectedfrom=MSDN)
+      class CreateContext < BinData::Record
+        unregister_self
+
+        endian  :little
+        uint32  :next_offset, label: 'Offset to next Context'
+        uint16  :name_offset, label: 'Offset to Name/Tag',      initial_value: -> { buffer.rel_offset }
+        uint16  :name_length, label: 'Length of Name/Tag',      initial_value: -> { name.num_bytes }
+        uint16  :reserved,    label: 'Reserved Space'
+        uint16  :data_offset, label: 'Offset to data',          initial_value: -> { calc_data_offset }
+        uint32  :data_length, label: 'Length of data',          initial_value: -> { data.num_bytes }
+        string  :buffer,      label: 'Buffer',                  initial_value: -> { build_buffer }, read_length: -> { calc_buffer_size }
+
+        delayed_io :name, read_abs_offset: -> { abs_offset + name_offset } do
+          string   :name, label: 'Name', read_length: :name_length
+        end
+
+        private
+
+        def build_buffer
+          align = 8
+          buf = name.dup.tap { |obj| obj.abs_offset = 0 }.to_binary_s { |obj| obj.write_now! }
+          buf << "\x00".b * ((align - buf.length % align) % align)
+          buf << data.dup.tap { |obj| obj.abs_offset = 0 }.to_binary_s { |obj| obj.write_now! }
+          buf << "\x00".b * ((align - buf.length % align) % align)
+        end
+
+        def calc_buffer_size
+          align = 8
+          size = 0
+          size += name_length + ((align - name_length % align) % align)
+          size += data_length + ((align - data_length % align) % align)
+          size
+        end
+
+        def calc_data_offset
+          if data.num_bytes == 0
+            0
+          else
+            align = 8
+            buffer.rel_offset + name_length + ((align - name_length % align) % align)
+          end
         end
       end
+
+      class CreateContextArray < BinData::Array
+        unregister_self
+
+        default_parameters read_until: -> { element&.next_offset == 0 }
+        endian :little
+      end
     end
   end
 end
+
+require 'ruby_smb/smb2/bit_field'
+require 'ruby_smb/smb2/create_context/request'
+require 'ruby_smb/smb2/create_context/response'

data/lib/ruby_smb/smb2/packet/create_request.rb

@@ -4,9 +4,8 @@ module RubySMB
       # An SMB2 Create Request Packet as defined in
       # [2.2.13 SMB2 CREATE Request](https://msdn.microsoft.com/en-us/library/cc246502.aspx)
       class CreateRequest < RubySMB::GenericPacket
-        COMMAND = RubySMB::SMB2::Commands::CREATE
-
         require 'ruby_smb/smb1/bit_field/create_options'
+        COMMAND = RubySMB::SMB2::Commands::CREATE
 
         endian :little
         smb2_header           :smb2_header
@@ -35,17 +34,51 @@ module RubySMB
           bit8  :reserved4, label: 'Reserved Space'
         end
 
-        uint32          :create_disposition, label: 'Create Disposition'
-        create_options  :create_options
-        uint16          :name_offset,         label: 'Name Offset',            initial_value: -> { name.abs_offset }
-        uint16          :name_length,         label: 'Name Length',            initial_value: -> { name.do_num_bytes }
-        uint32          :context_offset,      label: 'Create Context Offset',  initial_value: -> { context.abs_offset }
-        uint32          :context_length,      label: 'Create Context Length',  initial_value: -> { context.do_num_bytes }
-        string16        :name,                label: 'File Name'
-        uint32          :reserved5,           label: 'Reserved Space'
+        uint32                :create_disposition, label: 'Create Disposition'
+        create_options        :create_options
+        uint16                :name_offset,         label: 'Name Offset',            initial_value: -> { calc_name_offset }
+        uint16                :name_length,         label: 'Name Length',            initial_value: -> { name.num_bytes }
+        uint32                :contexts_offset,     label: 'Create Contexts Offset', initial_value: -> { calc_contexts_offset }
+        uint32                :contexts_length,     label: 'Create Contexts Length'
+        count_bytes_remaining :bytes_remaining
+        string                :buffer,              label: 'Buffer', initial_value: -> { build_buffer }, read_length: :bytes_remaining
+
+        delayed_io :name, label: 'File Name', read_abs_offset: :name_offset do
+          string16 read_length: :name_length
+        end
+
+        delayed_io :contexts, label: 'Context Array', read_abs_offset: :contexts_offset, onlyif: -> { contexts_offset != 0 } do
+          buffer length: :contexts_length do
+            create_context_array_request :contexts
+          end
+        end
+
+        private
+
+        def build_buffer
+          align = 8
+          buf = name.dup.tap { |obj| obj.abs_offset = 0 }.to_binary_s { |obj| obj.write_now! }
+          buf << "\x00".b * ((align - buf.length % align) % align)
+          buf << contexts.map(&:to_binary_s).join
+          buf << "\x00".b * ((align - buf.length % align) % align)
+        end
 
-        array :context, label: 'Contexts', type: :create_context, read_until: :eof
+        def calc_contexts_offset
+          if contexts.num_bytes == 0
+            0
+          else
+            align = 8
+            buffer.rel_offset + name_length + ((align - name_length % align) % align)
+          end
+        end
 
+        def calc_name_offset
+          if name.num_bytes == 0
+            0
+          else
+            buffer.rel_offset
+          end
+        end
       end
     end
   end

data/lib/ruby_smb/smb2/packet/create_response.rb

@@ -21,15 +21,29 @@ module RubySMB
         file_attributes       :file_attributes,      label: 'File Attributes'
         uint32                :reserved,             label: 'Reserved Space'
         smb2_fileid           :file_id,              label: 'File ID'
-        uint32                :context_offset,       label: 'Create Context Offset',  initial_value: -> { context.abs_offset }
-        uint32                :context_length,       label: 'Create Context Length',  initial_value: -> { context.do_num_bytes }
+        uint32                :contexts_offset,      label: 'Create Contexts Offset'
+        uint32                :contexts_length,      label: 'Create Contexts Length'
+        count_bytes_remaining :bytes_remaining
+        string                :buffer,               label: 'Buffer', initial_value: -> { build_buffer }, read_length: :bytes_remaining
 
-        array :context, label: 'Contexts', type: :create_context, read_until: :eof
+        delayed_io :contexts, label: 'Context Array', read_abs_offset: -> { contexts_offset }, onlyif: -> { contexts_offset != 0 } do
+          buffer length: :contexts_length do
+            create_context_array_response :contexts
+          end
+        end
 
         def initialize_instance
           super
           smb2_header.flags.reply = 1
         end
+
+        private
+
+        def build_buffer
+          align = 8
+          buf = contexts.map(&:to_binary_s).join
+          buf << "\x00".b * ((align - buf.length % align) % align)
+        end
       end
     end
   end

data/lib/ruby_smb/smb2/packet/query_directory_request.rb

@@ -25,7 +25,7 @@ module RubySMB
         uint16        :name_offset,   label: 'File Name Offset',      initial_value: -> { name.abs_offset }
         uint16        :name_length,   label: 'File Name Length',      initial_value: -> { name.do_num_bytes }
         uint32        :output_length, label: 'Output Buffer Length'
-        string16      :name,          label: 'Name/Search Pattern'
+        string16      :name,          label: 'Name/Search Pattern',   read_length: :name_length
 
       end
     end