mirror of
https://github.com/wader/fq.git
synced 2024-08-18 00:10:29 +03:00
pyrdp: Decode client info flags correctly
Flags bits are in LE byte order Removed unsued info consts
This commit is contained in:
parent
92ad156496
commit
69ec44a934
@ -18,11 +18,36 @@ func parseClientInfo(d *decode.D, length int64) {
|
|||||||
unicodeN uint64 = 0
|
unicodeN uint64 = 0
|
||||||
)
|
)
|
||||||
codePage := d.FieldU32("code_page")
|
codePage := d.FieldU32("code_page")
|
||||||
flags := d.U32()
|
d.FieldStruct("flags", func(d *decode.D) {
|
||||||
d.SeekRel(-4 * 8)
|
d.FieldBool("compression")
|
||||||
d.FieldStruct("flags", decodeFlagsFn)
|
d.FieldBool("logonnotify")
|
||||||
|
d.FieldBool("maximizeshell")
|
||||||
|
isUnicode = d.FieldBool("unicode")
|
||||||
|
d.FieldBool("autologon")
|
||||||
|
d.FieldRawLen("unused0", 1)
|
||||||
|
d.FieldBool("disabledctrlaltdel")
|
||||||
|
d.FieldBool("mouse")
|
||||||
|
|
||||||
|
d.FieldBool("rail")
|
||||||
|
d.FieldBool("force_encrypted_cs_pdu")
|
||||||
|
d.FieldBool("remoteconsoleaudio")
|
||||||
|
d.FieldRawLen("unused1", 4)
|
||||||
|
d.FieldBool("enablewindowskey")
|
||||||
|
|
||||||
|
d.FieldBool("reserved1")
|
||||||
|
d.FieldBool("video_disable")
|
||||||
|
d.FieldBool("audiocapture")
|
||||||
|
d.FieldBool("using_saved_creds")
|
||||||
|
d.FieldBool("noaudioplayback")
|
||||||
|
d.FieldBool("password_is_sc_pin")
|
||||||
|
d.FieldBool("mouse_has_wheel")
|
||||||
|
d.FieldBool("logonerrors")
|
||||||
|
|
||||||
|
d.FieldRawLen("unused2", 6)
|
||||||
|
d.FieldBool("hidef_rail_supported")
|
||||||
|
d.FieldBool("reserved2")
|
||||||
|
})
|
||||||
|
|
||||||
isUnicode = ((flags & INFO_UNICODE) != 0)
|
|
||||||
hasNull = (codePage == 1252 || isUnicode)
|
hasNull = (codePage == 1252 || isUnicode)
|
||||||
|
|
||||||
if hasNull {
|
if hasNull {
|
||||||
@ -63,55 +88,3 @@ func parseClientInfo(d *decode.D, length int64) {
|
|||||||
}
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
const (
|
|
||||||
// flags
|
|
||||||
INFO_MOUSE = 0x00000001
|
|
||||||
INFO_DISABLECTRLALTDEL = 0x00000002
|
|
||||||
INFO_AUTOLOGON = 0x00000008
|
|
||||||
INFO_UNICODE = 0x00000010
|
|
||||||
INFO_MAXIMIZESHELL = 0x00000020
|
|
||||||
INFO_LOGONNOTIFY = 0x00000040
|
|
||||||
INFO_COMPRESSION = 0x00000080
|
|
||||||
INFO_ENABLEWINDOWSKEY = 0x00000100
|
|
||||||
INFO_REMOTECONSOLEAUDIO = 0x00002000
|
|
||||||
INFO_FORCE_ENCRYPTED_CS_PDU = 0x00004000
|
|
||||||
INFO_RAIL = 0x00008000
|
|
||||||
INFO_LOGONERRORS = 0x00010000
|
|
||||||
INFO_MOUSE_HAS_WHEEL = 0x00020000
|
|
||||||
INFO_PASSWORD_IS_SC_PIN = 0x00040000
|
|
||||||
INFO_NOAUDIOPLAYBACK = 0x00080000
|
|
||||||
INFO_USING_SAVED_CREDS = 0x00100000
|
|
||||||
INFO_AUDIOCAPTURE = 0x00200000
|
|
||||||
INFO_VIDEO_DISABLE = 0x00400000
|
|
||||||
INFO_RESERVED1 = 0x00800000
|
|
||||||
INFO_RESERVED2 = 0x01000000
|
|
||||||
INFO_HIDEF_RAIL_SUPPORTED = 0x02000000
|
|
||||||
)
|
|
||||||
|
|
||||||
func decodeFlagsFn(d *decode.D) {
|
|
||||||
d.FieldBool("mouse")
|
|
||||||
d.FieldBool("disabledctrlaltdel")
|
|
||||||
d.FieldRawLen("unused0", 1)
|
|
||||||
d.FieldBool("autologon")
|
|
||||||
d.FieldBool("unicode")
|
|
||||||
d.FieldBool("maximizeshell")
|
|
||||||
d.FieldBool("logonnotify")
|
|
||||||
d.FieldBool("compression")
|
|
||||||
d.FieldBool("enablewindowskey")
|
|
||||||
d.FieldRawLen("unused1", 4)
|
|
||||||
d.FieldBool("remoteconsoleaudio")
|
|
||||||
d.FieldBool("force_encrypted_cs_pdu")
|
|
||||||
d.FieldBool("rail")
|
|
||||||
d.FieldBool("logonerrors")
|
|
||||||
d.FieldBool("mouse_has_wheel")
|
|
||||||
d.FieldBool("password_is_sc_pin")
|
|
||||||
d.FieldBool("noaudioplayback")
|
|
||||||
d.FieldBool("using_saved_creds")
|
|
||||||
d.FieldBool("audiocapture")
|
|
||||||
d.FieldBool("video_disable")
|
|
||||||
d.FieldBool("reserved1")
|
|
||||||
d.FieldBool("reserved2")
|
|
||||||
d.FieldBool("hidef_rail_supported")
|
|
||||||
d.FieldRawLen("unused2", 6)
|
|
||||||
}
|
|
||||||
|
48
format/pyrdp/testdata/test.fqtest
vendored
48
format/pyrdp/testdata/test.fqtest
vendored
@ -41,30 +41,30 @@ $ ./fq -d pyrdp dv /test.pyrdp
|
|||||||
0x000150| 04 08| ..| code_page: 134481924 0x15e-0x162 (4)
|
0x000150| 04 08| ..| code_page: 134481924 0x15e-0x162 (4)
|
||||||
0x000160|04 08 |.. |
|
0x000160|04 08 |.. |
|
||||||
| | | flags{}: 0x162-0x166 (4)
|
| | | flags{}: 0x162-0x166 (4)
|
||||||
0x000160| b3 | . | mouse: true 0x162-0x162.1 (0.1)
|
0x000160| b3 | . | compression: true 0x162-0x162.1 (0.1)
|
||||||
0x000160| b3 | . | disabledctrlaltdel: false 0x162.1-0x162.2 (0.1)
|
0x000160| b3 | . | logonnotify: false 0x162.1-0x162.2 (0.1)
|
||||||
0x000160| b3 | . | unused0: raw bits 0x162.2-0x162.3 (0.1)
|
0x000160| b3 | . | maximizeshell: true 0x162.2-0x162.3 (0.1)
|
||||||
0x000160| b3 | . | autologon: true 0x162.3-0x162.4 (0.1)
|
0x000160| b3 | . | unicode: true 0x162.3-0x162.4 (0.1)
|
||||||
0x000160| b3 | . | unicode: false 0x162.4-0x162.5 (0.1)
|
0x000160| b3 | . | autologon: false 0x162.4-0x162.5 (0.1)
|
||||||
0x000160| b3 | . | maximizeshell: false 0x162.5-0x162.6 (0.1)
|
0x000160| b3 | . | unused0: raw bits 0x162.5-0x162.6 (0.1)
|
||||||
0x000160| b3 | . | logonnotify: true 0x162.6-0x162.7 (0.1)
|
0x000160| b3 | . | disabledctrlaltdel: true 0x162.6-0x162.7 (0.1)
|
||||||
0x000160| b3 | . | compression: true 0x162.7-0x163 (0.1)
|
0x000160| b3 | . | mouse: true 0x162.7-0x163 (0.1)
|
||||||
0x000160| 47 | G | enablewindowskey: false 0x163-0x163.1 (0.1)
|
0x000160| 47 | G | rail: false 0x163-0x163.1 (0.1)
|
||||||
0x000160| 47 | G | unused1: raw bits 0x163.1-0x163.5 (0.4)
|
0x000160| 47 | G | force_encrypted_cs_pdu: true 0x163.1-0x163.2 (0.1)
|
||||||
0x000160| 47 | G | remoteconsoleaudio: true 0x163.5-0x163.6 (0.1)
|
0x000160| 47 | G | remoteconsoleaudio: false 0x163.2-0x163.3 (0.1)
|
||||||
0x000160| 47 | G | force_encrypted_cs_pdu: true 0x163.6-0x163.7 (0.1)
|
0x000160| 47 | G | unused1: raw bits 0x163.3-0x163.7 (0.4)
|
||||||
0x000160| 47 | G | rail: true 0x163.7-0x164 (0.1)
|
0x000160| 47 | G | enablewindowskey: true 0x163.7-0x164 (0.1)
|
||||||
0x000160| 01 | . | logonerrors: false 0x164-0x164.1 (0.1)
|
0x000160| 01 | . | reserved1: false 0x164-0x164.1 (0.1)
|
||||||
0x000160| 01 | . | mouse_has_wheel: false 0x164.1-0x164.2 (0.1)
|
0x000160| 01 | . | video_disable: false 0x164.1-0x164.2 (0.1)
|
||||||
0x000160| 01 | . | password_is_sc_pin: false 0x164.2-0x164.3 (0.1)
|
0x000160| 01 | . | audiocapture: false 0x164.2-0x164.3 (0.1)
|
||||||
0x000160| 01 | . | noaudioplayback: false 0x164.3-0x164.4 (0.1)
|
0x000160| 01 | . | using_saved_creds: false 0x164.3-0x164.4 (0.1)
|
||||||
0x000160| 01 | . | using_saved_creds: false 0x164.4-0x164.5 (0.1)
|
0x000160| 01 | . | noaudioplayback: false 0x164.4-0x164.5 (0.1)
|
||||||
0x000160| 01 | . | audiocapture: false 0x164.5-0x164.6 (0.1)
|
0x000160| 01 | . | password_is_sc_pin: false 0x164.5-0x164.6 (0.1)
|
||||||
0x000160| 01 | . | video_disable: false 0x164.6-0x164.7 (0.1)
|
0x000160| 01 | . | mouse_has_wheel: false 0x164.6-0x164.7 (0.1)
|
||||||
0x000160| 01 | . | reserved1: true 0x164.7-0x165 (0.1)
|
0x000160| 01 | . | logonerrors: true 0x164.7-0x165 (0.1)
|
||||||
0x000160| 00 | . | reserved2: false 0x165-0x165.1 (0.1)
|
0x000160| 00 | . | unused2: raw bits 0x165-0x165.6 (0.6)
|
||||||
0x000160| 00 | . | hidef_rail_supported: false 0x165.1-0x165.2 (0.1)
|
0x000160| 00 | . | hidef_rail_supported: false 0x165.6-0x165.7 (0.1)
|
||||||
0x000160| 00 | . | unused2: raw bits 0x165.2-0x166 (0.6)
|
0x000160| 00 | . | reserved2: false 0x165.7-0x166 (0.1)
|
||||||
0x000160| 02 00 | .. | domain_length: 2 0x166-0x168 (2)
|
0x000160| 02 00 | .. | domain_length: 2 0x166-0x168 (2)
|
||||||
0x000160| 04 00 | .. | username_length: 4 0x168-0x16a (2)
|
0x000160| 04 00 | .. | username_length: 4 0x168-0x16a (2)
|
||||||
0x000160| 02 00 | .. | password_length: 2 0x16a-0x16c (2)
|
0x000160| 02 00 | .. | password_length: 2 0x16a-0x16c (2)
|
||||||
|
Loading…
Reference in New Issue
Block a user