NetBIOS Specification

2. Network Control Block


The Network Control Block (NCB) has been mentioned alot already. It is extremely important, as one is required for every single command. A command is executed by preparing a suitable NCB, and calling interrupt 5Ch, with ES:BX pointing to this NCB. As already mentioned, the NCB cannot be reused, or changed, until the command has been completed.


A NCB is always 64-bytes in length, and has the following structure:

Byte 0 - command

This is a command code listing the command you require. See the list of commands below.

Byte 1 - return code

This returns the competion code for a synchronous command, or the initiation code for an asynchronous command.

Byte 2 - local session

This specifies the session number for a command. A session number is returned every time a session is opened.

Byte 3 - name number

This specifies the unique number for the name being used. Every time a name is added, a unique number is returned. This field must be set to the number of the name you want to use. I find the easiest way to do this is have a separate NCB for every name you use, and once you have added the name, this field is set, so it can be left untouched for every other command on that particular name

Bytes 4-7 - buffer address

This specifies the address of the buffer for transmit/receive commands. It is in segment:offset form, with byte 4 being the least significant byte of the offset, and byte 7 the most significant byte of the segment.

Bytes 8-9 - buffer length

This specifies the length of the buffer, with byte 8 being the least significant byte.

Bytes 10-25 - call name

The call name is the name on a local or remote station that you wish to contact in send commands, or the name from which received data has come.

Bytes 26-41 - local name

The local name is a name on the local station - it is only required when adding, or deleting a name, since once a name has been added, a unique number is assigned, which is used for all subsequent commands - see byte 3

Byte 42 - receive timeout

This is the timeout for receive commands, measured in 500ms.

Byte 43 - send timeout

This is the timeout for send commands, measured in 500ms.

Bytes 44-47 - POST address

This is the address of the POST routine, for asynchronous commands, which is called once the command has completed. If it is set to 0000:0000, no routine is called once an asynchronous command has completed. Further information on the format of the POST routine can be found under the heading Asynchronous commands above. This field is ignored for synchronous commands. It has the same byte order, as the buffer address field (bytes 4-7) - see above.

Byte 48 - network number

If there is more than one network adapter in a station, this specifies which one to use. I advise that you play safe, also set this field to 00h, or you may get error 23h - invalid network number.

Byte 49 - command complete

This is the competion code for asynchronous commands. If is set to FFh whilst the command is still being executed, and changed once it has completed. It has no function for synchronous commands, since control is only returned once they have been completed, and the completion code is returned in the return_code field (byte 1).

Bytes 50-63 - reserved

This bytes must be present, and not be unchanged. The network software uses these for workspace.

Command Field

This contains the value of the command you require. For synchronous commands, bit 7 is 0; for asynchronous commands, bit 7 = 1.

Connection-Orientated Commands

10h - Call (opens a session with another name)

11h - Listen (waits for a call)

12h - Hangup (ends a session)

14h - Send data of a session

15h - Receive data on a session

16h - Receive data on any session

17h - Chain send (sends two buffers of data, in one command)

Connectionless Commands

20h - Send a specific datagram

21h - Receive a specific datagram

22h - Send a broadcast datagram

23h - Receive a broadcast datagram

Name Commands

30h - Add unique name to local table

31h - Delete name from local table (used for both unique and group names)

36h - Add group name to local table

Miscellaneous Commands

32h - Reset local adapter (resets adapter, and clears name tables - not a good idea, because it crashes the network software)

33h - Get status of local adapter

34h - Get status of all active sessions

35h - Cancel a pending command

70h - Unlink remote booting code (should be used by the networking software only, when a station boots remotely from a server)

Other Commands

37h - Enumerate LAN adapter numbers

71h - Same as command 14h, but does not wait for acknowledgement

72h - Same as command 17h, but does not wait for acknowledgement

73h - Notify user of LAN failures, greater than a minute in length

77h - Enables extensions to transport interface (?)

78h - Find name (searches for a name on the network)

79h - Activate/deactivate NCB tracing (may not be supported)

Note that the Other commands contains commands which may not be supported by all versions of NetBIOS. At present, I do not know how these commands work. If you have any information about these, please contact me.

Each of the commands is described below.

Return Code Field

This lists all known initation and completion codes. The competion code for an asynchronous command is returned in the command_complete field.

00h - success

01h - illegal buffer length (the maximum size for a datagram buffer is 512 bytes)

03h - illegal command (check the command field)

05h - command timed out

06h - message incomplete (this occurs in receive commands when the buffer supplied is shorter than the message received; the rest of the message is lost)

08h - illegal session number (check the local_session field)

09h - no resource available

0Ah - session closed (occurs when an application tries to send/receive data on a session, in which the other end has hung up)

0Bh - command cancelled

0Dh - duplicate name in local table (occurs when an application tries to add a name, which is already present in the local name table)

0Eh - name table full (the networking software cannot add the name, as the maximum number, usually 16, has been reached)

0Fh - name has active sessions and has been de-registered (occurs when a name is removed, which still has session active - all commands on the session using that name are terminated with this error)

11h - local session table full (check the maximum number of sessions required - most networking software can be reconfigured to increase this number, but more memory is required)

12h - remote session table full (unable to open a session, due to a problem at the other end, or no station waiting for an open request)

13h - illegal name number specified (check the name_number field)

14h - cannot find name called, or no answer (occurs when command 10h is unable to find the requested name)

15h - invalid name (the name cannot be found, or contains wild cards)

16h - name in use (this occurs when trying to add a name, which already exists as a unique name on the network)

17h - name deleted

18h - session ended abnormally (some undefined error occurred, which resulted in the session being terminated)

19h - name conflict

1Ah - incompatible remote device

21h - interface busy

22h - too many commands outstanding (allow some asynchronous commands to complete, or increase the maximum number of concurrent commands allowed in your networking software)

23h - invalid network number

24h - command completed whilst cancelled operation was occuring

25h - reserved name specified (some names may be reserved for the networking software, so cannot be used by other applications)

26h - cancel command invalid (the cancel command has therefore not occurred, since the command is not suitable for cancellation)

40h-4Fh - unusual network condition

50h-FEh - adapter malfunction

FFh - command incomplete (for asynchronous commands)

Not all these errors may be supported by the networking software.

All text © 1998-2012 Gavin Winston