From 30929cde85d0f87b60e77d99e47419970336b98a Mon Sep 17 00:00:00 2001 From: Olivier Bilodeau Date: Thu, 13 Jun 2024 14:10:55 -0400 Subject: [PATCH] refactor: Changed all FieldStrFn callers to FieldUTF16LE One fieldname change clientDir to client_dir to align with everything else --- format/pyrdp/pdu/client_data.go | 2 +- format/pyrdp/pdu/client_info.go | 16 ++++++++-------- format/pyrdp/testdata/test.fqtest | 2 +- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/format/pyrdp/pdu/client_data.go b/format/pyrdp/pdu/client_data.go index 1ec88714..68e2f519 100644 --- a/format/pyrdp/pdu/client_data.go +++ b/format/pyrdp/pdu/client_data.go @@ -84,7 +84,7 @@ func ParseClientDataCore(d *decode.D, length int64) { d.FieldU16("sas_sequence") d.FieldU32("keyboard_layout") d.FieldU32("client_build") - d.FieldStrFn("client_name", toTextUTF16Fn(32)) + d.FieldUTF16LE("client_name", 32, scalar.StrActualTrim("\x00")) d.FieldU32("keyboard_type") d.FieldU32("keyboard_sub_type") d.FieldU32("keyboard_function_key") diff --git a/format/pyrdp/pdu/client_info.go b/format/pyrdp/pdu/client_info.go index fac0b4db..b53fe254 100644 --- a/format/pyrdp/pdu/client_info.go +++ b/format/pyrdp/pdu/client_info.go @@ -38,24 +38,24 @@ func ParseClientInfo(d *decode.D, length int64) { alternate_shell_length := int(d.FieldU16("alternate_shell_length") + null_n*unicode_n) working_dir_length := int(d.FieldU16("working_dir_length") + null_n*unicode_n) - d.FieldStrFn("domain", toTextUTF16Fn(domain_length)) - d.FieldStrFn("username", toTextUTF16Fn(username_length)) - d.FieldStrFn("password", toTextUTF16Fn(password_length)) - d.FieldStrFn("alternate_shell", toTextUTF16Fn(alternate_shell_length)) - d.FieldStrFn("working_dir", toTextUTF16Fn(working_dir_length)) + d.FieldUTF16LE("domain", domain_length, scalar.StrActualTrim("\x00")) + d.FieldUTF16LE("username", username_length, scalar.StrActualTrim("\x00")) + d.FieldUTF16LE("password", password_length, scalar.StrActualTrim("\x00")) + d.FieldUTF16LE("alternate_shell", alternate_shell_length, scalar.StrActualTrim("\x00")) + d.FieldUTF16LE("working_dir", working_dir_length, scalar.StrActualTrim("\x00")) extra_length := length - ((d.Pos() - pos) / 8) if extra_length > 0 { d.FieldStruct("extra_info", func(d *decode.D) { d.FieldU16("address_family", scalar.UintHex) address_length := int(d.FieldU16("address_length")) - d.FieldStrFn("address", toTextUTF16Fn(address_length)) + d.FieldUTF16LE("address", address_length, scalar.StrActualTrim("\x00")) client_dir_length := int(d.FieldU16("client_dir_length")) - d.FieldStrFn("clientDir", toTextUTF16Fn(client_dir_length)) + d.FieldUTF16LE("client_dir", client_dir_length, scalar.StrActualTrim("\x00")) // TS_TIME_ZONE_INFORMATION structure // https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/526ed635-d7a9-4d3c-bbe1-4e3fb17585f4 d.FieldU32("timezone_bias") - d.FieldStrFn("timezone_standardname", toTextUTF16Fn(64)) + d.FieldUTF16LE("timezone_standardname", 64, scalar.StrActualTrim("\x00")) }) // XXX: there's more extra info but here's everything we need from the diff --git a/format/pyrdp/testdata/test.fqtest b/format/pyrdp/testdata/test.fqtest index edebf7ca..6a96165c 100644 --- a/format/pyrdp/testdata/test.fqtest +++ b/format/pyrdp/testdata/test.fqtest @@ -79,7 +79,7 @@ $ ./fq -d pyrdp dv /test.pyrdp 0x000180| 31 00 30 00 2e 00| 1.0...| address: "10.0.89.70" 0x18a-0x1a0 (22) 0x000190|30 00 2e 00 38 00 39 00 2e 00 37 00 30 00 00 00|0...8.9...7.0...| 0x0001a0|40 00 |@. | client_dir_length: 64 0x1a0-0x1a2 (2) -0x0001a0| 43 00 3a 00 5c 00 57 00 69 00 6e 00 64 00| C.:.\.W.i.n.d.| clientDir: "C:\\Windows\\system32\\mstscax.dll" 0x1a2-0x1e2 (64) +0x0001a0| 43 00 3a 00 5c 00 57 00 69 00 6e 00 64 00| C.:.\.W.i.n.d.| client_dir: "C:\\Windows\\system32\\mstscax.dll" 0x1a2-0x1e2 (64) 0x0001b0|6f 00 77 00 73 00 5c 00 73 00 79 00 73 00 74 00|o.w.s.\.s.y.s.t.| * |until 0x1e1.7 (64) | | 0x0001e0| 20 fe ff ff | ... | timezone_bias: 4294966816 0x1e2-0x1e6 (4)