diff --git a/format/pyrdp/pdu/client_data.go b/format/pyrdp/pdu/client_data.go index 68e2f519..a5d2a7c4 100644 --- a/format/pyrdp/pdu/client_data.go +++ b/format/pyrdp/pdu/client_data.go @@ -1,4 +1,5 @@ // Copyright (c) 2022-2023 GoSecure Inc. +// Copyright (c) 2024 Flare Systems // Licensed under the MIT License package pyrdp @@ -23,20 +24,20 @@ const ( RDP10_10 = 0x8000f ) -var RDPVersionMap = scalar.UintMap{ - RDP4: {Sym: "rdp4", Description: "RDP 4"}, - RDP5: {Sym: "rdp5", Description: "RDP 5"}, - RDP10: {Sym: "rdp10", Description: "RDP 10"}, - RDP10_1: {Sym: "rdp10_1", Description: "RDP 10.1"}, - RDP10_2: {Sym: "rdp10_2", Description: "RDP 10.2"}, - RDP10_3: {Sym: "rdp10_3", Description: "RDP 10.3"}, - RDP10_4: {Sym: "rdp10_4", Description: "RDP 10.4"}, - RDP10_5: {Sym: "rdp10_5", Description: "RDP 10.5"}, - RDP10_6: {Sym: "rdp10_6", Description: "RDP 10.6"}, - RDP10_7: {Sym: "rdp10_7", Description: "RDP 10.7"}, - RDP10_8: {Sym: "rdp10_8", Description: "RDP 10.8"}, - RDP10_9: {Sym: "rdp10_9", Description: "RDP 10.9"}, - RDP10_10: {Sym: "rdp10_10", Description: "RDP 10.10"}, +var RDPVersionMap = scalar.UintMapSymStr{ + RDP4: "rdp4", + RDP5: "rdp5", + RDP10: "rdp10", + RDP10_1: "rdp10_1", + RDP10_2: "rdp10_2", + RDP10_3: "rdp10_3", + RDP10_4: "rdp10_4", + RDP10_5: "rdp10_5", + RDP10_6: "rdp10_6", + RDP10_7: "rdp10_7", + RDP10_8: "rdp10_8", + RDP10_9: "rdp10_9", + RDP10_10: "rdp10_10", } const ( @@ -46,12 +47,11 @@ const ( CLIENT_CLUSTER = 0xC004 ) -// TODO: Fill descriptions. -var clientDataMap = scalar.UintMap{ - CLIENT_CORE: {Sym: "client_core", Description: ""}, - CLIENT_SECURITY: {Sym: "client_security", Description: ""}, - CLIENT_NETWORK: {Sym: "client_network", Description: ""}, - CLIENT_CLUSTER: {Sym: "client_cluster", Description: ""}, +var clientDataMap = scalar.UintMapSymStr{ + CLIENT_CORE: "client_core", + CLIENT_SECURITY: "client_security", + CLIENT_NETWORK: "client_network", + CLIENT_CLUSTER: "client_cluster", } func ParseClientData(d *decode.D, length int64) { diff --git a/format/pyrdp/pdu/clipboard_data.go b/format/pyrdp/pdu/clipboard_data.go index 3bfd0028..088568f1 100644 --- a/format/pyrdp/pdu/clipboard_data.go +++ b/format/pyrdp/pdu/clipboard_data.go @@ -1,4 +1,5 @@ // Copyright (c) 2022-2023 GoSecure Inc. +// Copyright (c) 2024 Flare Systems // Licensed under the MIT License package pyrdp @@ -28,26 +29,25 @@ const ( CB_ASCII_NAMES = 0x0004 ) -// TODO: Fill the descriptions. -var cbTypesMap = scalar.UintMap{ - CB_MONITOR_READY: {Sym: "cb_monitor_ready", Description: ""}, - CB_FORMAT_LIST: {Sym: "cb_format_list", Description: ""}, - CB_FORMAT_LIST_RESPONSE: {Sym: "cb_format_list_response", Description: ""}, - CB_FORMAT_DATA_REQUEST: {Sym: "cb_format_data_request", Description: ""}, - CB_FORMAT_DATA_RESPONSE: {Sym: "cb_format_data_response", Description: ""}, - CB_TEMP_DIRECTORY: {Sym: "cb_temp_directory", Description: ""}, - CB_CLIP_CAPS: {Sym: "cb_clip_caps", Description: ""}, - CB_FILECONTENTS_REQUEST: {Sym: "cb_filecontents_request", Description: ""}, - CB_FILECONTENTS_RESPONSE: {Sym: "cb_filecontents_response", Description: ""}, - CB_LOCK_CLIPDATA: {Sym: "cb_lock_clipdata", Description: ""}, - CB_UNLOCK_CLIPDATA: {Sym: "cb_unlock_clipdata", Description: ""}, +var cbTypesMap = scalar.UintMapSymStr{ + CB_MONITOR_READY: "cb_monitor_ready", + CB_FORMAT_LIST: "cb_format_list", + CB_FORMAT_LIST_RESPONSE: "cb_format_list_response", + CB_FORMAT_DATA_REQUEST: "cb_format_data_request", + CB_FORMAT_DATA_RESPONSE: "cb_format_data_response", + CB_TEMP_DIRECTORY: "cb_temp_directory", + CB_CLIP_CAPS: "cb_clip_caps", + CB_FILECONTENTS_REQUEST: "cb_filecontents_request", + CB_FILECONTENTS_RESPONSE: "cb_filecontents_response", + CB_LOCK_CLIPDATA: "cb_lock_clipdata", + CB_UNLOCK_CLIPDATA: "cb_unlock_clipdata", } -var cbFlagsMap = scalar.UintMap{ - NONE: {Sym: "none", Description: ""}, - CB_RESPONSE_OK: {Sym: "cb_response_ok", Description: ""}, - CB_RESPONSE_FAIL: {Sym: "cb_response_fail", Description: ""}, - CB_ASCII_NAMES: {Sym: "cb_ascii_names", Description: ""}, +var cbFlagsMap = scalar.UintMapSymStr{ + NONE: "none", + CB_RESPONSE_OK: "cb_response_ok", + CB_RESPONSE_FAIL: "cb_response_fail", + CB_ASCII_NAMES: "cb_ascii_names", } var cbParseFnMap = map[uint16]interface{}{ diff --git a/format/pyrdp/pdu/fastpath_input.go b/format/pyrdp/pdu/fastpath_input.go index 625a9de8..3e50f36f 100644 --- a/format/pyrdp/pdu/fastpath_input.go +++ b/format/pyrdp/pdu/fastpath_input.go @@ -1,4 +1,5 @@ // Copyright (c) 2022-2023 GoSecure Inc. +// Copyright (c) 2024 Flare Systems // Licensed under the MIT License package pyrdp @@ -21,13 +22,13 @@ const ( FASTPATH_INPUT_EVENT_QOE_TIMESTAMP = 6 ) -var eventCodesMap = scalar.UintMap{ - FASTPATH_INPUT_EVENT_SCANCODE: {Sym: "fastpath_input_event_scancode", Description: ""}, - FASTPATH_INPUT_EVENT_MOUSE: {Sym: "fastpath_input_event_mouse", Description: ""}, - FASTPATH_INPUT_EVENT_MOUSEX: {Sym: "fastpath_input_event_mousex", Description: ""}, - FASTPATH_INPUT_EVENT_SYNC: {Sym: "fastpath_input_event_sync", Description: ""}, - FASTPATH_INPUT_EVENT_UNICODE: {Sym: "fastpath_input_event_unicode", Description: ""}, - FASTPATH_INPUT_EVENT_QOE_TIMESTAMP: {Sym: "fastpath_input_event_qoe_timestamp", Description: ""}, +var eventCodesMap = scalar.UintMapSymStr{ + FASTPATH_INPUT_EVENT_SCANCODE: "fastpath_input_event_scancode", + FASTPATH_INPUT_EVENT_MOUSE: "fastpath_input_event_mouse", + FASTPATH_INPUT_EVENT_MOUSEX: "fastpath_input_event_mousex", + FASTPATH_INPUT_EVENT_SYNC: "fastpath_input_event_sync", + FASTPATH_INPUT_EVENT_UNICODE: "fastpath_input_event_unicode", + FASTPATH_INPUT_EVENT_QOE_TIMESTAMP: "fastpath_input_event_qoe_timestamp", } var eventFnMap = map[int]interface{}{ diff --git a/format/pyrdp/pyrdp.go b/format/pyrdp/pyrdp.go index 5e35113d..da5c115e 100644 --- a/format/pyrdp/pyrdp.go +++ b/format/pyrdp/pyrdp.go @@ -45,28 +45,27 @@ const ( PDU_FILE_DOWNLOAD_COMPLETE = 20 // File download completion notification to the player ) -// TODO: Fill all descriptions. -var pduTypesMap = scalar.UintMap{ - PDU_FAST_PATH_INPUT: {Sym: "pdu_fastpath_input", Description: ""}, - PDU_FAST_PATH_OUTPUT: {Sym: "pdu_fastpath_output", Description: ""}, - PDU_CLIENT_INFO: {Sym: "pdu_client_info", Description: ""}, - PDU_SLOW_PATH_PDU: {Sym: "pdu_slow_path_pdu", Description: ""}, - PDU_CONNECTION_CLOSE: {Sym: "pdu_connection_close", Description: ""}, - PDU_CLIPBOARD_DATA: {Sym: "pdu_clipboard_data", Description: ""}, - PDU_CLIENT_DATA: {Sym: "pdu_client_data", Description: ""}, - PDU_MOUSE_MOVE: {Sym: "pdu_mouse_move", Description: ""}, - PDU_MOUSE_BUTTON: {Sym: "pdu_mouse_button", Description: ""}, - PDU_MOUSE_WHEEL: {Sym: "pdu_mouse_wheel", Description: ""}, - PDU_KEYBOARD: {Sym: "pdu_keyboard", Description: ""}, - PDU_TEXT: {Sym: "pdu_text", Description: ""}, - PDU_FORWARDING_STATE: {Sym: "pdu_forwarding_state", Description: ""}, - PDU_BITMAP: {Sym: "pdu_bitmap", Description: ""}, - PDU_DEVICE_MAPPING: {Sym: "pdu_device_mapping", Description: ""}, - PDU_DIRECTORY_LISTING_REQUEST: {Sym: "pdu_directory_listing_request", Description: ""}, - PDU_DIRECTORY_LISTING_RESPONSE: {Sym: "pdu_directory_listing_response", Description: ""}, - PDU_FILE_DOWNLOAD_REQUEST: {Sym: "pdu_file_download_request", Description: ""}, - PDU_FILE_DOWNLOAD_RESPONSE: {Sym: "pdu_file_download_response", Description: ""}, - PDU_FILE_DOWNLOAD_COMPLETE: {Sym: "pdu_file_download_complete", Description: ""}, +var pduTypesMap = scalar.UintMapSymStr{ + PDU_FAST_PATH_INPUT: "pdu_fastpath_input", + PDU_FAST_PATH_OUTPUT: "pdu_fastpath_output", + PDU_CLIENT_INFO: "pdu_client_info", + PDU_SLOW_PATH_PDU: "pdu_slow_path_pdu", + PDU_CONNECTION_CLOSE: "pdu_connection_close", + PDU_CLIPBOARD_DATA: "pdu_clipboard_data", + PDU_CLIENT_DATA: "pdu_client_data", + PDU_MOUSE_MOVE: "pdu_mouse_move", + PDU_MOUSE_BUTTON: "pdu_mouse_button", + PDU_MOUSE_WHEEL: "pdu_mouse_wheel", + PDU_KEYBOARD: "pdu_keyboard", + PDU_TEXT: "pdu_text", + PDU_FORWARDING_STATE: "pdu_forwarding_state", + PDU_BITMAP: "pdu_bitmap", + PDU_DEVICE_MAPPING: "pdu_device_mapping", + PDU_DIRECTORY_LISTING_REQUEST: "pdu_directory_listing_request", + PDU_DIRECTORY_LISTING_RESPONSE: "pdu_directory_listing_response", + PDU_FILE_DOWNLOAD_REQUEST: "pdu_file_download_request", + PDU_FILE_DOWNLOAD_RESPONSE: "pdu_file_download_response", + PDU_FILE_DOWNLOAD_COMPLETE: "pdu_file_download_complete", } var pduParsersMap = map[uint16]interface{}{ diff --git a/format/pyrdp/testdata/test.fqtest b/format/pyrdp/testdata/test.fqtest index 6a96165c..91e8774a 100644 --- a/format/pyrdp/testdata/test.fqtest +++ b/format/pyrdp/testdata/test.fqtest @@ -9,7 +9,7 @@ $ ./fq -d pyrdp dv /test.pyrdp | | | client_data{}: 0x12-0xf8 (230) 0x000010| 01 c0 | .. | header: "client_core" (49153) 0x12-0x14 (2) 0x000010| ea 00 | .. | length: 234 0x14-0x16 (2) -0x000010| 0d 00 08 00 | .... | version: "rdp10_8" (524301) (RDP 10.8) 0x16-0x1a (4) +0x000010| 0d 00 08 00 | .... | version: "rdp10_8" (524301) 0x16-0x1a (4) 0x000010| a0 05 | .. | desktop_width: 1440 0x1a-0x1c (2) 0x000010| 84 03 | .. | desktop_height: 900 0x1c-0x1e (2) 0x000010| 01 ca| ..| color_depth: 51713 0x1e-0x20 (2)