mirror of
https://github.com/wader/fq.git
synced 2024-10-26 20:06:29 +03:00
refactor: Changed all FieldStrFn callers to FieldUTF16LE
One fieldname change clientDir to client_dir to align with everything else
This commit is contained in:
parent
41988023bc
commit
30929cde85
@ -84,7 +84,7 @@ func ParseClientDataCore(d *decode.D, length int64) {
|
|||||||
d.FieldU16("sas_sequence")
|
d.FieldU16("sas_sequence")
|
||||||
d.FieldU32("keyboard_layout")
|
d.FieldU32("keyboard_layout")
|
||||||
d.FieldU32("client_build")
|
d.FieldU32("client_build")
|
||||||
d.FieldStrFn("client_name", toTextUTF16Fn(32))
|
d.FieldUTF16LE("client_name", 32, scalar.StrActualTrim("\x00"))
|
||||||
d.FieldU32("keyboard_type")
|
d.FieldU32("keyboard_type")
|
||||||
d.FieldU32("keyboard_sub_type")
|
d.FieldU32("keyboard_sub_type")
|
||||||
d.FieldU32("keyboard_function_key")
|
d.FieldU32("keyboard_function_key")
|
||||||
|
@ -38,24 +38,24 @@ func ParseClientInfo(d *decode.D, length int64) {
|
|||||||
alternate_shell_length := int(d.FieldU16("alternate_shell_length") + null_n*unicode_n)
|
alternate_shell_length := int(d.FieldU16("alternate_shell_length") + null_n*unicode_n)
|
||||||
working_dir_length := int(d.FieldU16("working_dir_length") + null_n*unicode_n)
|
working_dir_length := int(d.FieldU16("working_dir_length") + null_n*unicode_n)
|
||||||
|
|
||||||
d.FieldStrFn("domain", toTextUTF16Fn(domain_length))
|
d.FieldUTF16LE("domain", domain_length, scalar.StrActualTrim("\x00"))
|
||||||
d.FieldStrFn("username", toTextUTF16Fn(username_length))
|
d.FieldUTF16LE("username", username_length, scalar.StrActualTrim("\x00"))
|
||||||
d.FieldStrFn("password", toTextUTF16Fn(password_length))
|
d.FieldUTF16LE("password", password_length, scalar.StrActualTrim("\x00"))
|
||||||
d.FieldStrFn("alternate_shell", toTextUTF16Fn(alternate_shell_length))
|
d.FieldUTF16LE("alternate_shell", alternate_shell_length, scalar.StrActualTrim("\x00"))
|
||||||
d.FieldStrFn("working_dir", toTextUTF16Fn(working_dir_length))
|
d.FieldUTF16LE("working_dir", working_dir_length, scalar.StrActualTrim("\x00"))
|
||||||
|
|
||||||
extra_length := length - ((d.Pos() - pos) / 8)
|
extra_length := length - ((d.Pos() - pos) / 8)
|
||||||
if extra_length > 0 {
|
if extra_length > 0 {
|
||||||
d.FieldStruct("extra_info", func(d *decode.D) {
|
d.FieldStruct("extra_info", func(d *decode.D) {
|
||||||
d.FieldU16("address_family", scalar.UintHex)
|
d.FieldU16("address_family", scalar.UintHex)
|
||||||
address_length := int(d.FieldU16("address_length"))
|
address_length := int(d.FieldU16("address_length"))
|
||||||
d.FieldStrFn("address", toTextUTF16Fn(address_length))
|
d.FieldUTF16LE("address", address_length, scalar.StrActualTrim("\x00"))
|
||||||
client_dir_length := int(d.FieldU16("client_dir_length"))
|
client_dir_length := int(d.FieldU16("client_dir_length"))
|
||||||
d.FieldStrFn("clientDir", toTextUTF16Fn(client_dir_length))
|
d.FieldUTF16LE("client_dir", client_dir_length, scalar.StrActualTrim("\x00"))
|
||||||
// TS_TIME_ZONE_INFORMATION structure
|
// TS_TIME_ZONE_INFORMATION structure
|
||||||
// https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/526ed635-d7a9-4d3c-bbe1-4e3fb17585f4
|
// https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/526ed635-d7a9-4d3c-bbe1-4e3fb17585f4
|
||||||
d.FieldU32("timezone_bias")
|
d.FieldU32("timezone_bias")
|
||||||
d.FieldStrFn("timezone_standardname", toTextUTF16Fn(64))
|
d.FieldUTF16LE("timezone_standardname", 64, scalar.StrActualTrim("\x00"))
|
||||||
})
|
})
|
||||||
|
|
||||||
// XXX: there's more extra info but here's everything we need from the
|
// XXX: there's more extra info but here's everything we need from the
|
||||||
|
2
format/pyrdp/testdata/test.fqtest
vendored
2
format/pyrdp/testdata/test.fqtest
vendored
@ -79,7 +79,7 @@ $ ./fq -d pyrdp dv /test.pyrdp
|
|||||||
0x000180| 31 00 30 00 2e 00| 1.0...| address: "10.0.89.70" 0x18a-0x1a0 (22)
|
0x000180| 31 00 30 00 2e 00| 1.0...| address: "10.0.89.70" 0x18a-0x1a0 (22)
|
||||||
0x000190|30 00 2e 00 38 00 39 00 2e 00 37 00 30 00 00 00|0...8.9...7.0...|
|
0x000190|30 00 2e 00 38 00 39 00 2e 00 37 00 30 00 00 00|0...8.9...7.0...|
|
||||||
0x0001a0|40 00 |@. | client_dir_length: 64 0x1a0-0x1a2 (2)
|
0x0001a0|40 00 |@. | client_dir_length: 64 0x1a0-0x1a2 (2)
|
||||||
0x0001a0| 43 00 3a 00 5c 00 57 00 69 00 6e 00 64 00| C.:.\.W.i.n.d.| clientDir: "C:\\Windows\\system32\\mstscax.dll" 0x1a2-0x1e2 (64)
|
0x0001a0| 43 00 3a 00 5c 00 57 00 69 00 6e 00 64 00| C.:.\.W.i.n.d.| client_dir: "C:\\Windows\\system32\\mstscax.dll" 0x1a2-0x1e2 (64)
|
||||||
0x0001b0|6f 00 77 00 73 00 5c 00 73 00 79 00 73 00 74 00|o.w.s.\.s.y.s.t.|
|
0x0001b0|6f 00 77 00 73 00 5c 00 73 00 79 00 73 00 74 00|o.w.s.\.s.y.s.t.|
|
||||||
* |until 0x1e1.7 (64) | |
|
* |until 0x1e1.7 (64) | |
|
||||||
0x0001e0| 20 fe ff ff | ... | timezone_bias: 4294966816 0x1e2-0x1e6 (4)
|
0x0001e0| 20 fe ff ff | ... | timezone_bias: 4294966816 0x1e2-0x1e6 (4)
|
||||||
|
Loading…
Reference in New Issue
Block a user