From 3986f2029e29fa064531eb754a5e07655c61d41c Mon Sep 17 00:00:00 2001 From: Mattias Wadman Date: Fri, 14 Jun 2024 23:46:23 +0200 Subject: [PATCH] pyrdp: Add unused fields to replace gap fields --- format/pyrdp/pdu/client_info.go | 7 +++---- format/pyrdp/testdata/test.fqtest | 7 ++++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/format/pyrdp/pdu/client_info.go b/format/pyrdp/pdu/client_info.go index 2635c3bd..0bdd8e09 100644 --- a/format/pyrdp/pdu/client_info.go +++ b/format/pyrdp/pdu/client_info.go @@ -92,14 +92,14 @@ const ( func decodeFlagsFn(d *decode.D) { d.FieldBool("mouse") d.FieldBool("disabledctrlaltdel") - d.SeekRel(1) + d.FieldRawLen("unused0", 1) d.FieldBool("autologon") d.FieldBool("unicode") d.FieldBool("maximizeshell") d.FieldBool("logonnotify") d.FieldBool("compression") d.FieldBool("enablewindowskey") - d.SeekRel(4) + d.FieldRawLen("unused1", 4) d.FieldBool("remoteconsoleaudio") d.FieldBool("force_encrypted_cs_pdu") d.FieldBool("rail") @@ -113,6 +113,5 @@ func decodeFlagsFn(d *decode.D) { d.FieldBool("reserved1") d.FieldBool("reserved2") d.FieldBool("hidef_rail_supported") - - d.SeekRel(d.Pos() % 31) + d.FieldRawLen("unused2", 6) } diff --git a/format/pyrdp/testdata/test.fqtest b/format/pyrdp/testdata/test.fqtest index e243d890..2ab51a89 100644 --- a/format/pyrdp/testdata/test.fqtest +++ b/format/pyrdp/testdata/test.fqtest @@ -40,15 +40,17 @@ $ ./fq -d pyrdp dv /test.pyrdp | | | client_info{}: 0x15e-0x226 (200) 0x000150| 04 08| ..| code_page: 134481924 0x15e-0x162 (4) 0x000160|04 08 |.. | - | | | flags{}: 0x162-0x165.2 (3.2) + | | | flags{}: 0x162-0x166 (4) 0x000160| b3 | . | mouse: true 0x162-0x162.1 (0.1) 0x000160| b3 | . | disabledctrlaltdel: false 0x162.1-0x162.2 (0.1) +0x000160| b3 | . | unused0: raw bits 0x162.2-0x162.3 (0.1) 0x000160| b3 | . | autologon: true 0x162.3-0x162.4 (0.1) 0x000160| b3 | . | unicode: false 0x162.4-0x162.5 (0.1) 0x000160| b3 | . | maximizeshell: false 0x162.5-0x162.6 (0.1) 0x000160| b3 | . | logonnotify: true 0x162.6-0x162.7 (0.1) 0x000160| b3 | . | compression: true 0x162.7-0x163 (0.1) 0x000160| 47 | G | enablewindowskey: false 0x163-0x163.1 (0.1) +0x000160| 47 | G | unused1: raw bits 0x163.1-0x163.5 (0.4) 0x000160| 47 | G | remoteconsoleaudio: true 0x163.5-0x163.6 (0.1) 0x000160| 47 | G | force_encrypted_cs_pdu: true 0x163.6-0x163.7 (0.1) 0x000160| 47 | G | rail: true 0x163.7-0x164 (0.1) @@ -62,6 +64,7 @@ $ ./fq -d pyrdp dv /test.pyrdp 0x000160| 01 | . | reserved1: true 0x164.7-0x165 (0.1) 0x000160| 00 | . | reserved2: false 0x165-0x165.1 (0.1) 0x000160| 00 | . | hidef_rail_supported: false 0x165.1-0x165.2 (0.1) +0x000160| 00 | . | unused2: raw bits 0x165.2-0x166 (0.6) 0x000160| 02 00 | .. | domain_length: 2 0x166-0x168 (2) 0x000160| 04 00 | .. | username_length: 4 0x168-0x16a (2) 0x000160| 02 00 | .. | password_length: 2 0x16a-0x16c (2) @@ -3564,5 +3567,3 @@ $ ./fq -d pyrdp dv /test.pyrdp 0x2d2c10| 9c fc cb 14 85 01| ......| timestamp: 1671091190940 (2022-12-15T07:59:50.94Z) 0x2d2c1a-0x2d2c22 (8) 0x2d2c20|00 00| |..| | | | | extra: raw bits 0x2d2c22-0x2d2c22 (0) -0x000160| 47 | G | gap0: raw bits 0x163.1-0x163.5 (0.4) -0x000160| 00 | . | gap1: raw bits 0x165.2-0x166 (0.6)