in src/analysis/print_analyzer.cpp [529:588]
void PrintAnalyzer::createSMBv2(const SMBv2::CreateCommand* cmd,
const SMBv2::CreateRequest*,
const SMBv2::CreateResponse* res)
{
SMBv2Commands cmdEnum = SMBv2Commands::CREATE;
print_session(out, cmd) << "\n";
print_smbv2_header(out, cmd->req_header) << "\n";
print_smbv2_common_info_req(out, cmdEnum, cmd) << "\n";
print_enum(out, "Oplock", cmd->parg->RequestedOplockLevel) << "\n";
print_enum(out, "Impersonation", cmd->parg->ImpersonationLevel) << "\n";
out << " Create Flags = ";
print_hex64(out, cmd->parg->SmbCreateFlags);
out << "\n";
print_enum(out, "Access Mask", cmd->parg->desiredAccess) << "\n";
print_enum(out, "File Attributes", cmd->parg->attributes) << "\n";
print_enum(out, "Share Access", cmd->parg->shareAccess) << "\n";
print_enum(out, "Disposition", cmd->parg->createDisposition) << "\n";
print_enum(out, "Create Options", cmd->parg->createOptions) << "\n";
const auto len = NST::API::SMBv2::pc_to_net(cmd->parg->NameLength);
if(len > 0)
{
out << " File name = ";
print_buffer(out, cmd->parg->Buffer, len) << "\n";
out << " File length = " << len << "\n";
}
print_smbv2_header(out, cmd->res_header) << "\n";
print_smbv2_common_info_resp(out, cmdEnum, cmd) << "\n";
print_enum(out, "Oplock", res->oplockLevel) << "\n";
out << " Response Flags = ";
print_hex8(out, res->flag);
out << "\n";
print_enum(out, "Create Action", res->CreateAction) << "\n";
if(cmd->res_header && cmd->res_header->status == to_integral(SMBv2::NTStatus::STATUS_SUCCESS))
{
out << " Create = ";
print_time(out, res->CreationTime);
out << "\n Last Access = ";
print_time(out, res->LastAccessTime);
out << "\n Last Write = ";
print_time(out, res->LastWriteTime);
out << "\n Last Change = ";
print_time(out, res->ChangeTime);
out << "\n Allocation Size = ";
out << res->AllocationSize;
out << "\n End Of File = ";
out << res->EndofFile << "\n";
print_enum(out, "File Attributes", res->attributes);
}
}